typedef struct {
void *ld;
char *realm;
+ char *workgroup;
char *ldap_server;
char *ldap_server_name;
char *kdc_server;
}
/* get desperate, find the domain controller IP */
- if (resolve_name(lp_workgroup(), &ip, 0x1B)) {
+ if (resolve_name(ads->workgroup, &ip, 0x1B)) {
+ return strdup(inet_ntoa(ip));
+ }
+
+ /* or a BDC ... */
+ if (resolve_name(ads->workgroup, &ip, 0x1C)) {
return strdup(inet_ntoa(ip));
}
initialise a ADS_STRUCT, ready for some ads_ ops
*/
ADS_STRUCT *ads_init(const char *realm,
+ const char *workgroup,
const char *ldap_server,
const char *bind_path,
const char *password)
ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads));
ZERO_STRUCTP(ads);
+ if (!workgroup) {
+ workgroup = lp_workgroup();
+ }
+
ads->realm = realm? strdup(realm) : NULL;
+ ads->workgroup = strdup(workgroup);
ads->ldap_server = ldap_server? strdup(ldap_server) : NULL;
ads->bind_path = bind_path? strdup(bind_path) : NULL;
ads->ldap_port = LDAP_PORT;
return ads;
}
+/* a simpler ads_init() interface using all defaults */
+ADS_STRUCT *ads_init_simple(void)
+{
+ return ads_init(NULL, NULL, NULL, NULL, NULL);
+}
+
/*
free the memory used by the ADS structure initialized with 'ads_init(...)'
*/
ads->last_attempt = time(NULL);
ads->ld = ldap_open(ads->ldap_server, ads->ldap_port);
+
+ /* if that failed then try each of the BDC's in turn */
+ if (!ads->ld) {
+ struct in_addr *ip_list;
+ int count;
+
+ if (get_dc_list(False, ads->workgroup, &ip_list, &count)) {
+ int i;
+ for (i=0;i<count;i++) {
+ ads->ld = ldap_open(inet_ntoa(ip_list[i]),
+ ads->ldap_port);
+ if (ads->ld) break;
+ }
+ if (ads->ld) {
+ free(ads->ldap_server);
+ ads->ldap_server = strdup(inet_ntoa(ip_list[i]));
+ }
+ free(ip_list);
+ }
+ }
+
if (!ads->ld) {
return ADS_ERROR_SYSTEM(errno);
}
+
+ DEBUG(3,("Connected to LDAP server %s\n", ads->ldap_server));
+
status = ads_server_info(ads);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("Failed to get ldap server info\n"));
if (resolve_name(domain->name, &server_ip, 0x1b)) {
sname = inet_ntoa(server_ip);
+ } else if (resolve_name(domain->name, &server_ip, 0x1c)) {
+ sname = inet_ntoa(server_ip);
} else {
if (strcasecmp(domain->name, lp_workgroup()) != 0) {
DEBUG(1,("can't find domain controller for %s\n", domain->name));
sname = NULL;
}
- ads = ads_init(primary_realm, sname, NULL, NULL);
+ ads = ads_init(primary_realm, domain->name, NULL, NULL, NULL);
if (!ads) {
DEBUG(1,("ads_init for domain %s failed\n", domain->name));
return NULL;
blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
} else {
ADS_STRUCT *ads;
- ads = ads_init(NULL, NULL, NULL, NULL);
+ ads = ads_init_simple();
/* win2000 uses host$@REALM, which we will probably use eventually,
but for now this works */
asprintf(&principal, "HOST/%s@%s", guid, ads->realm);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- ads = ads_init(NULL, NULL, NULL, NULL);
+ ads = ads_init_simple();
ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
if (!NT_STATUS_IS_OK(ret)) {
{
ADS_STRUCT *ads;
- ads = ads_init(NULL, opt_host, NULL, NULL);
+ ads = ads_init(NULL, NULL, opt_host, NULL, NULL);
ads_connect(ads);
if (!ads) {
BOOL need_password = False;
BOOL second_time = False;
- ads = ads_init(NULL, opt_host, NULL, NULL);
+ ads = ads_init(NULL, NULL, opt_host, NULL, NULL);
if (!opt_user_name) {
opt_user_name = "administrator";
/* use the realm so we can eventually change passwords for users
in realms other than default */
- if (!(ads = ads_init(realm, NULL, NULL, NULL))) return -1;
+ if (!(ads = ads_init(realm, NULL, NULL, NULL, NULL))) return -1;
asprintf(&prompt, "Enter new password for %s:", argv[0]);
char *hostname;
ADS_STATUS ret;
-
- if (!(ads = ads_init(NULL, NULL, NULL, NULL))) return -1;
+ if (!(ads = ads_init_simple())) return -1;
hostname = strdup(global_myname);
strlower(hostname);