server,
NULL, 0,
service, "A:",
- ads->auth.user_name, NULL,
- ads->auth.password,
+ ads->auth._user_name, NULL,
+ ads->auth._password,
CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
SMB_SIGNING_REQUIRED);
/* info needed to authenticate */
struct {
- char *realm;
- char *password;
- char *user_name;
+ char *_realm;
+ char *_password;
+ char *_user_name;
char *kdc_server;
unsigned flags;
int time_offset;
- char *ccache_name;
+ char *_ccache_name;
time_t tgt_expire;
time_t tgs_expire;
- time_t renewable;
+ time_t _renewable;
} auth;
/* info derived from the servers config */
return WERR_GEN_FAILURE;
}
- SAFE_FREE(ads->auth.user_name);
+ SAFE_FREE(ads->auth._user_name);
if (r->in.account) {
- ads->auth.user_name = SMB_STRDUP(r->in.account);
+ ads->auth._user_name = SMB_STRDUP(r->in.account);
} else if (ctx->username) {
- ads->auth.user_name = SMB_STRDUP(ctx->username);
+ ads->auth._user_name = SMB_STRDUP(ctx->username);
}
- SAFE_FREE(ads->auth.password);
+ SAFE_FREE(ads->auth._password);
if (r->in.password) {
- ads->auth.password = SMB_STRDUP(r->in.password);
+ ads->auth._password = SMB_STRDUP(r->in.password);
} else if (ctx->password) {
- ads->auth.password = SMB_STRDUP(ctx->password);
+ ads->auth._password = SMB_STRDUP(ctx->password);
}
ads_status = ads_connect_user_creds(ads);
SAFE_FREE((*ads)->server.workgroup);
SAFE_FREE((*ads)->server.ldap_server);
- SAFE_FREE((*ads)->auth.realm);
- SAFE_FREE((*ads)->auth.password);
- SAFE_FREE((*ads)->auth.user_name);
+ SAFE_FREE((*ads)->auth._realm);
+ SAFE_FREE((*ads)->auth._password);
+ SAFE_FREE((*ads)->auth._user_name);
SAFE_FREE((*ads)->auth.kdc_server);
- SAFE_FREE((*ads)->auth.ccache_name);
+ SAFE_FREE((*ads)->auth._ccache_name);
SAFE_FREE((*ads)->config.realm);
SAFE_FREE((*ads)->config.bind_path);
const char *account_name;
fstring acct_name;
- if (ads->auth.password == NULL || ads->auth.password[0] == '\0') {
+ if (ads->auth._password == NULL || ads->auth._password[0] == '\0') {
return KRB5_LIBOS_CANTREADPWD;
}
if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
- account_name = ads->auth.user_name;
+ account_name = ads->auth._user_name;
goto got_accountname;
}
}
else
/* This looks like host/lp_netbios_name()@REA.LM */
- account_name = ads->auth.user_name;
+ account_name = ads->auth._user_name;
}
got_accountname:
- if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
+ if (asprintf(&s, "%s@%s", account_name, ads->auth._realm) == -1) {
return KRB5_CC_NOMEM;
}
- ret = kerberos_kinit_password_ext(s, ads->auth.password,
+ ret = kerberos_kinit_password_ext(s, ads->auth._password,
ads->auth.time_offset,
&ads->auth.tgt_expire, NULL,
- ads->auth.ccache_name, false, false,
- ads->auth.renewable, NULL);
+ ads->auth._ccache_name, false, false,
+ ads->auth._renewable, NULL);
if (ret) {
DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
DEBUG(3,("Successfully contacted LDAP server %s\n", addr));
- if (!ads->auth.user_name) {
+ if (!ads->auth._user_name) {
/* Must use the userPrincipalName value here or sAMAccountName
and not servicePrincipalName; found by Guenther Deschner */
- if (asprintf(&ads->auth.user_name, "%s$", lp_netbios_name() ) == -1) {
+ if (asprintf(&ads->auth._user_name, "%s$", lp_netbios_name() ) == -1) {
DEBUG(0,("ads_connect: asprintf fail.\n"));
- ads->auth.user_name = NULL;
+ ads->auth._user_name = NULL;
}
}
- if (!ads->auth.realm) {
- ads->auth.realm = SMB_STRDUP(ads->config.realm);
+ if (!ads->auth._realm) {
+ ads->auth._realm = SMB_STRDUP(ads->config.realm);
}
if (!ads->auth.kdc_server) {
}
if (ads->auth.flags & ADS_AUTH_SIMPLE_BIND) {
- status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, ads->auth.user_name, ads->auth.password));
+ status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, ads->auth._user_name, ads->auth._password));
goto out;
}
ndr->depth--;
ndr_print_struct(ndr, name, "auth");
ndr->depth++;
- ndr_print_string(ndr, "realm", r->auth.realm);
+ ndr_print_string(ndr, "realm", r->auth._realm);
#ifdef DEBUG_PASSWORD
- ndr_print_string(ndr, "password", r->auth.password);
+ ndr_print_string(ndr, "password", r->auth._password);
#else
ndr_print_string(ndr, "password", "(PASSWORD omitted)");
#endif
- ndr_print_string(ndr, "user_name", r->auth.user_name);
+ ndr_print_string(ndr, "user_name", r->auth._user_name);
ndr_print_string(ndr, "kdc_server", r->auth.kdc_server);
ndr_print_ads_auth_flags(ndr, "flags", r->auth.flags);
ndr_print_uint32(ndr, "time_offset", r->auth.time_offset);
ndr_print_time_t(ndr, "tgt_expire", r->auth.tgt_expire);
ndr_print_time_t(ndr, "tgs_expire", r->auth.tgs_expire);
- ndr_print_time_t(ndr, "renewable", r->auth.renewable);
+ ndr_print_time_t(ndr, "renewable", r->auth._renewable);
ndr->depth--;
ndr_print_struct(ndr, name, "config");
ndr->depth++;
}
creds = ads_sasl_creds_init(frame,
- ads->auth.user_name,
- ads->auth.password,
- ads->auth.realm,
- ads->auth.realm,
+ ads->auth._user_name,
+ ads->auth._password,
+ ads->auth._realm,
+ ads->auth._realm,
krb5_state);
if (creds == NULL) {
status = ADS_ERROR_SYSTEM(ENOMEM);
}
creds = ads_sasl_creds_init(frame,
- ads->auth.user_name,
- ads->auth.password,
- ads->auth.realm,
- ads->auth.realm,
+ ads->auth._user_name,
+ ads->auth._password,
+ ads->auth._realm,
+ ads->auth._realm,
CRED_MUST_USE_KERBEROS);
if (creds == NULL) {
status = ADS_ERROR_SYSTEM(ENOMEM);
}
if (user_name) {
- SAFE_FREE(my_ads->auth.user_name);
- my_ads->auth.user_name = SMB_STRDUP(user_name);
- if ((cp = strchr_m(my_ads->auth.user_name, '@'))!=0) {
+ SAFE_FREE(my_ads->auth._user_name);
+ my_ads->auth._user_name = SMB_STRDUP(user_name);
+ if ((cp = strchr_m(my_ads->auth._user_name, '@'))!=0) {
*cp++ = '\0';
- SAFE_FREE(my_ads->auth.realm);
- my_ads->auth.realm = smb_xstrdup(cp);
- if (!strupper_m(my_ads->auth.realm)) {
+ SAFE_FREE(my_ads->auth._realm);
+ my_ads->auth._realm = smb_xstrdup(cp);
+ if (!strupper_m(my_ads->auth._realm)) {
ads_destroy(&my_ads);
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}
}
if (password) {
- SAFE_FREE(my_ads->auth.password);
- my_ads->auth.password = SMB_STRDUP(password);
+ SAFE_FREE(my_ads->auth._password);
+ my_ads->auth._password = SMB_STRDUP(password);
}
if (ccname != NULL) {
- SAFE_FREE(my_ads->auth.ccache_name);
- my_ads->auth.ccache_name = SMB_STRDUP(ccname);
- setenv(KRB5_ENV_CCNAME, my_ads->auth.ccache_name, 1);
+ SAFE_FREE(my_ads->auth._ccache_name);
+ my_ads->auth._ccache_name = SMB_STRDUP(ccname);
+ setenv(KRB5_ENV_CCNAME, my_ads->auth._ccache_name, 1);
}
status = ads_connect_user_creds(my_ads);
* to update msDS-SupportedEncryptionTypes reliable
*/
- if (r->in.ads->auth.ccache_name != NULL) {
- ads_kdestroy(r->in.ads->auth.ccache_name);
+ if (r->in.ads->auth._ccache_name != NULL) {
+ ads_kdestroy(r->in.ads->auth._ccache_name);
}
ads_destroy(&r->in.ads);
old_krb5ccname = getenv(KRB5_ENV_CCNAME);
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
- SAFE_FREE(ads->auth.password);
- ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
+ SAFE_FREE(ads->auth._password);
+ ads->auth._password = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
ads_status = ads_connect(ads);
}
old_krb5ccname = getenv(KRB5_ENV_CCNAME);
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
- SAFE_FREE(ads->auth.password);
- ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
+ SAFE_FREE(ads->auth._password);
+ ads->auth._password = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
/* ads_connect() will find the DC for us */
}
old_krb5ccname = getenv(KRB5_ENV_CCNAME);
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
- SAFE_FREE(ads->auth.password);
- ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
+ SAFE_FREE(ads->auth._password);
+ ads->auth._password = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
/* ads_connect() will find the DC for us */
if (c->opt_password) {
use_in_memory_ccache();
- SAFE_FREE(ads->auth.password);
- ads->auth.password = smb_xstrdup(c->opt_password);
+ SAFE_FREE(ads->auth._password);
+ ads->auth._password = smb_xstrdup(c->opt_password);
}
ads->auth.flags |= auth_flags;
- SAFE_FREE(ads->auth.user_name);
- ads->auth.user_name = smb_xstrdup(c->opt_user_name);
+ SAFE_FREE(ads->auth._user_name);
+ ads->auth._user_name = smb_xstrdup(c->opt_user_name);
/*
* If the username is of the form "name@realm",
* extract the realm and convert to upper case.
* This is only used to establish the connection.
*/
- if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) {
+ if ((cp = strchr_m(ads->auth._user_name, '@'))!=0) {
*cp++ = '\0';
- SAFE_FREE(ads->auth.realm);
- ads->auth.realm = smb_xstrdup(cp);
- if (!strupper_m(ads->auth.realm)) {
+ SAFE_FREE(ads->auth._realm);
+ ads->auth._realm = smb_xstrdup(cp);
+ if (!strupper_m(ads->auth._realm)) {
ads_destroy(&ads);
return ADS_ERROR(LDAP_NO_MEMORY);
}
use_in_memory_ccache();
- ret = asprintf(&ads_dns->auth.user_name, "%s$", lp_netbios_name());
+ ret = asprintf(&ads_dns->auth._user_name, "%s$", lp_netbios_name());
if (ret == -1) {
d_fprintf(stderr, _("DNS update failed: out of memory\n"));
goto done;
}
- ads_dns->auth.password = secrets_fetch_machine_password(
+ ads_dns->auth._password = secrets_fetch_machine_password(
r->out.netbios_domain_name, NULL, NULL);
- if (ads_dns->auth.password == NULL) {
+ if (ads_dns->auth._password == NULL) {
d_fprintf(stderr, _("DNS update failed: out of memory\n"));
goto done;
}
- ads_dns->auth.realm = SMB_STRDUP(r->out.dns_domain_name);
- if (ads_dns->auth.realm == NULL) {
+ ads_dns->auth._realm = SMB_STRDUP(r->out.dns_domain_name);
+ if (ads_dns->auth._realm == NULL) {
d_fprintf(stderr, _("DNS update failed: out of memory\n"));
goto done;
}
- if (!strupper_m(ads_dns->auth.realm)) {
- d_fprintf(stderr, _("strupper_m %s failed\n"), ads_dns->auth.realm);
+ if (!strupper_m(ads_dns->auth._realm)) {
+ d_fprintf(stderr, _("strupper_m %s failed\n"), ads_dns->auth._realm);
goto done;
}
return ADS_ERROR(LDAP_NO_MEMORY);
}
- SAFE_FREE(ads->auth.password);
- SAFE_FREE(ads->auth.realm);
+ SAFE_FREE(ads->auth._password);
+ SAFE_FREE(ads->auth._realm);
- ads->auth.renewable = renewable;
- ads->auth.password = password;
+ ads->auth._renewable = renewable;
+ ads->auth._password = password;
ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
- ads->auth.realm = SMB_STRDUP(auth_realm);
- if (!strupper_m(ads->auth.realm)) {
+ ads->auth._realm = SMB_STRDUP(auth_realm);
+ if (!strupper_m(ads->auth._realm)) {
ads_destroy(&ads);
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}