summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-03-20 19:05:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:15:38 -0500
commit485a286a65d3b37f424f5701179f73c99eb9b5b9 (patch)
tree3447057a50073442149f12b4562396091406f0b6
parent4b000b2c95ec064db18d59bff9bf9957717632c4 (diff)
downloadsamba-485a286a65d3b37f424f5701179f73c99eb9b5b9.tar.gz
samba-485a286a65d3b37f424f5701179f73c99eb9b5b9.tar.bz2
samba-485a286a65d3b37f424f5701179f73c99eb9b5b9.zip
r14585: Tighten argument list of kerberos_kinit_password again,
kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
-rw-r--r--source3/libads/kerberos.c24
-rw-r--r--source3/libads/krb5_setpw.c2
-rw-r--r--source3/libsmb/cliconnect.c2
-rw-r--r--source3/nsswitch/winbindd_cred_cache.c16
-rw-r--r--source3/nsswitch/winbindd_pam.c16
-rw-r--r--source3/rpc_client/cli_pipe.c2
-rw-r--r--source3/utils/ntlm_auth.c3
7 files changed, 40 insertions, 25 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 17e350d754..029e42c0c2 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -58,7 +58,7 @@ kerb_prompter(krb5_context ctx, void *data,
place in default cache location.
remus@snapserver.com
*/
-int kerberos_kinit_password(const char *principal,
+int kerberos_kinit_password_ext(const char *principal,
const char *password,
int time_offset,
time_t *expire_time,
@@ -187,7 +187,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
return KRB5_LIBOS_CANTREADPWD;
}
- ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset,
+ ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
&ads->auth.expire, NULL, NULL, False, ads->auth.renewable);
if (ret) {
@@ -380,8 +380,8 @@ static krb5_error_code get_service_ticket(krb5_context ctx,
if (password == NULL) {
goto out;
}
- if ((err = kerberos_kinit_password(machine_account, password, 0, NULL, NULL,
- LIBADS_CCACHE_NAME, False, 0)) != 0) {
+ if ((err = kerberos_kinit_password(machine_account, password,
+ 0, LIBADS_CCACHE_NAME)) != 0) {
DEBUG(0,("get_service_ticket: kerberos_kinit_password %s failed: %s\n",
machine_account,
error_message(err)));
@@ -811,4 +811,20 @@ BOOL kerberos_derive_cifs_salting_principals(void)
}
return retval;
}
+
+int kerberos_kinit_password(const char *principal,
+ const char *password,
+ int time_offset,
+ const char *cache_name)
+{
+ return kerberos_kinit_password_ext(principal,
+ password,
+ time_offset,
+ 0,
+ 0,
+ cache_name,
+ False,
+ 0);
+}
+
#endif
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 42ca36f344..415c1e9229 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -685,7 +685,7 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
{
int ret;
- if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL, NULL, NULL, False, 0))) {
+ if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) {
DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 4c6b890db0..48885f19d8 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -756,7 +756,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
int ret;
use_in_memory_ccache();
- ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL, NULL, NULL, False, 0);
+ ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
if (ret){
SAFE_FREE(principal);
diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c
index 6835840a1d..4c539b9b23 100644
--- a/source3/nsswitch/winbindd_cred_cache.c
+++ b/source3/nsswitch/winbindd_cred_cache.c
@@ -106,14 +106,14 @@ static void krb5_ticket_refresh_handler(struct timed_event *te,
seteuid(entry->uid);
- ret = kerberos_kinit_password(entry->principal_name,
- entry->pass,
- 0, /* hm, can we do time correction here ? */
- &entry->refresh_time,
- &entry->renew_until,
- entry->ccname,
- False, /* no PAC required anymore */
- WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
+ ret = kerberos_kinit_password_ext(entry->principal_name,
+ entry->pass,
+ 0, /* hm, can we do time correction here ? */
+ &entry->refresh_time,
+ &entry->renew_until,
+ entry->ccname,
+ False, /* no PAC required anymore */
+ WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
seteuid(0);
if (ret) {
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index a010d51caf..922a24adf0 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -482,14 +482,14 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
}
- krb5_ret = kerberos_kinit_password(principal_s,
- state->request.data.auth.pass,
- time_offset,
- &ticket_lifetime,
- &renewal_until,
- cc,
- True,
- WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
+ krb5_ret = kerberos_kinit_password_ext(principal_s,
+ state->request.data.auth.pass,
+ time_offset,
+ &ticket_lifetime,
+ &renewal_until,
+ cc,
+ True,
+ WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
if (krb5_ret) {
DEBUG(1,("winbindd_raw_kerberos_login: kinit failed for '%s' with: %s (%d)\n",
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index c809ac1ac7..afdf6f3d67 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2710,7 +2710,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli,
/* Only get a new TGT if username/password are given. */
if (username && password) {
- int ret = kerberos_kinit_password(username, password, 0, NULL, NULL, NULL, False, 0);
+ int ret = kerberos_kinit_password(username, password, 0, NULL);
if (ret) {
cli_rpc_pipe_close(result);
return NULL;
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index ac53235044..f7e3263fe0 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1191,8 +1191,7 @@ static BOOL manage_client_krb5_init(SPNEGO_DATA spnego)
pstr_sprintf(user, "%s@%s", opt_username, opt_domain);
- if ((retval = kerberos_kinit_password(user, opt_password,
- 0, NULL, NULL, NULL, False, 0))) {
+ if ((retval = kerberos_kinit_password(user, opt_password, 0, NULL))) {
DEBUG(10, ("Requesting TGT failed: %s\n", error_message(retval)));
return False;
}