From: Stefan Metzmacher Date: Thu, 7 Mar 2024 08:56:00 +0000 (+0100) Subject: s3:libads: add ADS_AUTH_GENERATE_KRB5_CONFIG to generate a custom krb5.conf X-Git-Tag: tdb-1.4.11~778 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9ea1ea16290016a1c390c7e30f6a3a1613dac735;p=thirdparty%2Fsamba.git s3:libads: add ADS_AUTH_GENERATE_KRB5_CONFIG to generate a custom krb5.conf That's better then using !ADS_AUTH_NO_BIND. And it allows callers to be more flexible in future. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 26e3107c042..a330b9dd7c9 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -731,7 +731,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) * In case of LDAP we use get_dc_name() as that * creates the custom krb5.conf file */ - if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) { + if (ads->auth.flags & ADS_AUTH_GENERATE_KRB5_CONFIG) { fstring srv_name; struct sockaddr_storage ip_out; @@ -842,6 +842,10 @@ static ADS_STATUS ads_connect_internal(ADS_STRUCT *ads, SMB_ASSERT(cli_credentials_is_anonymous(creds)); } + if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) { + ads->auth.flags |= ADS_AUTH_GENERATE_KRB5_CONFIG; + } + /* * ads_connect can be passed in a reused ADS_STRUCT * with an existing non-zero ads->ldap.ss IP address diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl index d4e00e2c7bc..0cadea7e5ae 100644 --- a/source3/librpc/idl/ads.idl +++ b/source3/librpc/idl/ads.idl @@ -31,7 +31,8 @@ interface ads ADS_AUTH_SASL_FORCE = 0x0080, ADS_AUTH_USER_CREDS = 0x0100, ADS_AUTH_SASL_STARTTLS = 0x0200, - ADS_AUTH_SASL_LDAPS = 0x0400 + ADS_AUTH_SASL_LDAPS = 0x0400, + ADS_AUTH_GENERATE_KRB5_CONFIG = 0x0800 } ads_auth_flags; const int ADS_SASL_WRAPPING_IN_MAX_WRAPPED = 0x0FFFFFFF;