Changeset 745 for trunk/server/source3/libads/krb5_setpw.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/libads/krb5_setpw.c (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/libads/krb5_setpw.c
r414 r745 21 21 #include "includes.h" 22 22 #include "smb_krb5.h" 23 #include "libads/kerberos_proto.h" 24 #include "../lib/util/asn1.h" 23 25 24 26 #ifdef HAVE_KRB5 … … 574 576 krb5_error_code ret = 0; 575 577 krb5_context context = NULL; 576 krb5_principal principal = NULL; 577 char *princ_name = NULL; 578 char *realm = NULL; 578 const char *realm = NULL; 579 unsigned int realm_len = 0; 579 580 krb5_creds creds, *credsp = NULL; 580 #if KRB5_PRINC_REALM_RETURNS_REALM581 krb5_realm orig_realm;582 #else583 krb5_data orig_realm;584 #endif585 581 krb5_ccache ccache = NULL; 586 582 … … 605 601 } 606 602 607 realm = strchr_m(princ, '@'); 608 if (!realm) { 609 krb5_cc_close(context, ccache); 610 krb5_free_context(context); 611 DEBUG(1,("Failed to get realm\n")); 612 return ADS_ERROR_KRB5(-1); 613 } 614 realm++; 615 616 if (asprintf(&princ_name, "kadmin/changepw@%s", realm) == -1) { 603 ret = krb5_cc_get_principal(context, ccache, &creds.client); 604 if (ret) { 617 605 krb5_cc_close(context, ccache); 618 606 krb5_free_context(context); 619 DEBUG(1,("asprintf failed\n")); 620 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); 621 } 622 623 ret = smb_krb5_parse_name(context, princ_name, &creds.server); 624 if (ret) { 625 krb5_cc_close(context, ccache); 626 krb5_free_context(context); 627 DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret))); 628 return ADS_ERROR_KRB5(ret); 629 } 630 631 /* parse the principal we got as a function argument */ 632 ret = smb_krb5_parse_name(context, princ, &principal); 633 if (ret) { 634 krb5_cc_close(context, ccache); 635 krb5_free_principal(context, creds.server); 636 krb5_free_context(context); 637 DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret))); 638 free(princ_name); 639 return ADS_ERROR_KRB5(ret); 640 } 641 642 free(princ_name); 643 644 /* The creds.server principal takes ownership of this memory. 645 Remember to set back to original value before freeing. */ 646 orig_realm = *krb5_princ_realm(context, creds.server); 647 krb5_princ_set_realm(context, creds.server, krb5_princ_realm(context, principal)); 648 649 ret = krb5_cc_get_principal(context, ccache, &creds.client); 650 if (ret) { 651 krb5_cc_close(context, ccache); 652 krb5_princ_set_realm(context, creds.server, &orig_realm); 653 krb5_free_principal(context, creds.server); 654 krb5_free_principal(context, principal); 655 krb5_free_context(context); 656 DEBUG(1,("Failed to get principal from ccache (%s)\n", 607 DEBUG(1,("Failed to get principal from ccache (%s)\n", 657 608 error_message(ret))); 658 609 return ADS_ERROR_KRB5(ret); 659 610 } 660 661 ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp); 611 612 realm = smb_krb5_principal_get_realm(context, creds.client); 613 realm_len = strlen(realm); 614 ret = krb5_build_principal(context, 615 &creds.server, 616 realm_len, 617 realm, "kadmin", "changepw", NULL); 618 619 ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp); 662 620 if (ret) { 663 621 krb5_cc_close(context, ccache); 664 622 krb5_free_principal(context, creds.client); 665 krb5_princ_set_realm(context, creds.server, &orig_realm);666 623 krb5_free_principal(context, creds.server); 667 krb5_free_principal(context, principal); 624 krb5_free_context(context); 625 DEBUG(1,("krb5_build_prinipal_ext (%s)\n", error_message(ret))); 626 return ADS_ERROR_KRB5(ret); 627 } 628 629 ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp); 630 if (ret) { 631 krb5_cc_close(context, ccache); 632 krb5_free_principal(context, creds.client); 633 krb5_free_principal(context, creds.server); 668 634 krb5_free_context(context); 669 635 DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret))); … … 679 645 krb5_free_creds(context, credsp); 680 646 krb5_free_principal(context, creds.client); 681 krb5_princ_set_realm(context, creds.server, &orig_realm);682 647 krb5_free_principal(context, creds.server); 683 krb5_free_principal(context, principal);684 648 krb5_cc_close(context, ccache); 685 649 krb5_free_context(context); … … 729 693 krb5_creds creds; 730 694 char *chpw_princ = NULL, *password; 695 const char *realm = NULL; 731 696 732 697 initialize_krb5_error_table(); … … 750 715 krb5_get_init_creds_opt_set_proxiable(&opts, 0); 751 716 717 realm = smb_krb5_principal_get_realm(context, princ); 718 752 719 /* We have to obtain an INITIAL changepw ticket for changing password */ 753 if (asprintf(&chpw_princ, "kadmin/changepw@%s", 754 (char *) krb5_princ_realm(context, princ)) == -1) { 720 if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) { 755 721 krb5_free_context(context); 756 722 DEBUG(1,("ads_krb5_chg_password: asprintf fail\n")); … … 807 773 } 808 774 809 810 /**811 * Set the machine account password812 * @param ads connection to ads server813 * @param hostname machine whose password is being set814 * @param password new password815 * @return status of password change816 **/817 ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,818 const char *machine_account,819 const char *password)820 {821 ADS_STATUS status;822 char *principal = NULL;823 824 /*825 we need to use the '$' form of the name here (the machine account name),826 as otherwise the server might end up setting the password for a user827 instead828 */829 if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) {830 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);831 }832 833 status = ads_krb5_set_password(ads->auth.kdc_server, principal,834 password, ads->auth.time_offset);835 836 SAFE_FREE(principal);837 return status;838 }839 775 #endif
Note:
See TracChangeset
for help on using the changeset viewer.
