summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-03-16 02:14:05 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-03-16 02:14:05 +0000
commit2f62a72d9aebf3cfe9aa60a0bdc73f1ae477d5b2 (patch)
tree0f8d04a13c953e82dd174ac161bf6fe838cc672a
parent3a9bdacca98560706eeb4e625ef1ce7c92d4dfab (diff)
downloadsamba-2f62a72d9aebf3cfe9aa60a0bdc73f1ae477d5b2.tar.gz
samba-2f62a72d9aebf3cfe9aa60a0bdc73f1ae477d5b2.tar.bz2
samba-2f62a72d9aebf3cfe9aa60a0bdc73f1ae477d5b2.zip
Changes to help the kerberos change password code work on systems that
have some of the labels 'duplicated' (ie, the defines double-up). Also, to an ads_connect() to try and find our KDC. (So we don't segfualt *every* time) Andrew Bartlett (This used to be commit 56dce7ddad118051c93c62507234efca3920bc9b)
-rw-r--r--source3/libads/krb5_setpw.c66
-rw-r--r--source3/utils/net_ads.c9
2 files changed, 38 insertions, 37 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 29bf1a427c..214871b3fb 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -178,47 +178,39 @@ static krb5_error_code build_kpasswd_request(uint16 pversion,
return 0;
}
+static const struct kpasswd_errors {
+ int result_code;
+ const char *error_string;
+} kpasswd_errors[] = {
+ {KRB5_KPASSWD_MALFORMED, "Malformed request error"},
+ {KRB5_KPASSWD_HARDERROR, "Server error"},
+ {KRB5_KPASSWD_AUTHERROR, "Authentication error"},
+ {KRB5_KPASSWD_SOFTERROR, "Password change rejected"},
+ {KRB5_KPASSWD_ACCESSDENIED, "Client does not have proper authorization"},
+ {KRB5_KPASSWD_BAD_VERSION, "Protocol version not supported"},
+ {KRB5_KPASSWD_INITIAL_FLAG_NEEDED, "Authorization ticket must have initial flag set"},
+ {KRB5_KPASSWD_POLICY_REJECT, "Password rejected due to policy requirements"},
+ {KRB5_KPASSWD_BAD_PRINCIPAL, "Target principal does not exist"},
+ {KRB5_KPASSWD_ETYPE_NOSUPP, "Unsupported encryption type"},
+ {0, NULL}
+};
+
static krb5_error_code krb5_setpw_result_code_string(krb5_context context,
int result_code,
const char **code_string)
{
- switch (result_code) {
- case KRB5_KPASSWD_MALFORMED:
- *code_string = "Malformed request error";
- break;
- case KRB5_KPASSWD_HARDERROR:
- *code_string = "Server error";
- break;
- case KRB5_KPASSWD_AUTHERROR:
- *code_string = "Authentication error";
- break;
- case KRB5_KPASSWD_SOFTERROR:
- *code_string = "Password change rejected";
- break;
- case KRB5_KPASSWD_ACCESSDENIED:
- *code_string = "Client does not have proper authorization";
- break;
- case KRB5_KPASSWD_BAD_VERSION:
- *code_string = "Protocol version not supported";
- break;
- case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
- *code_string = "Authorization ticket must have initial flag set";
- break;
- case KRB5_KPASSWD_POLICY_REJECT:
- *code_string = "Password rejected due to policy requirements";
- break;
- case KRB5_KPASSWD_BAD_PRINCIPAL:
- *code_string = "Target principal does not exist";
- break;
- case KRB5_KPASSWD_ETYPE_NOSUPP:
- *code_string = "Unsupported encryption type";
- break;
- default:
- *code_string = "Password change failed";
- break;
- }
-
- return(0);
+ unsigned int idx = 0;
+
+ while (kpasswd_errors[idx].error_string != NULL) {
+ if (kpasswd_errors[idx].result_code ==
+ result_code) {
+ *code_string = kpasswd_errors[idx].error_string;
+ return 0;
+ }
+ idx++;
+ }
+ *code_string = "Password change failed";
+ return (0);
}
static krb5_error_code parse_setpw_reply(krb5_context context,
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 22b9d50ea1..0f2d673b4b 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -910,6 +910,15 @@ static int net_ads_password(int argc, const char **argv)
in realms other than default */
if (!(ads = ads_init(realm, NULL, NULL))) return -1;
+ /* we don't actually need a full connect, but it's the easy way to
+ fill in the KDC's addresss */
+ ads_connect(ads);
+
+ if (!ads || !ads->config.realm) {
+ d_printf("Didn't find the kerberos server!\n");
+ return -1;
+ }
+
asprintf(&prompt, "Enter new password for %s:", argv[0]);
new_password = getpass(prompt);