Merge from HEAD client-side authentication changes:

 - new kerberos code, allowing the account to change it's own password
   without special SD settings required
 - NTLMSSP client code, now seperated from cliconnect.c
 - NTLMv2 client code
 - SMB signing fixes

Andrew Bartlett
(This used to be commit 837680ca517982f2e5944730581a83012d4181ae)

1 files changed, 6 insertions, 4 deletions

diff --git a/source3/libads/util.c b/source3/libads/util.c
index 021f2d93e4..335cabc952 100644
--- a/source3/libads/util.c
+++ b/source3/libads/util.c
@@ -29,7 +29,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
     char *new_password;
     char *service_principal;
     ADS_STATUS ret;
-     
+
     if ((password = secrets_fetch_machine_password()) == NULL) {
 	DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal));
 	return ADS_ERROR_SYSTEM(ENOENT);
@@ -38,15 +38,17 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
     tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
     new_password = strdup(tmp_password);
     asprintf(&service_principal, "HOST/%s", host_principal);
-    
-    ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, 
-				service_principal, new_password, ads->auth.time_offset);
+
+    ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset);
+
+    if (!ADS_ERR_OK(ret)) goto failed;
 
     if (!secrets_store_machine_password(new_password)) {
 	    DEBUG(1,("Failed to save machine password\n"));
 	    return ADS_ERROR_SYSTEM(EACCES);
     }
 
+failed:
     SAFE_FREE(service_principal);
     SAFE_FREE(new_password);