s3-libads Remove MIT-specific krb5_princ_realm macro calls.

When compiled against heimdal, we need to use a more elegant API.

Andrew Bartlett

1 files changed, 19 insertions, 55 deletions

diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 1c04d896de..c919a257a4 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -574,15 +574,9 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 	ADS_STATUS aret;
 	krb5_error_code ret = 0;
 	krb5_context context = NULL;
-	krb5_principal principal = NULL;
-	char *princ_name = NULL;
-	char *realm = NULL;
+	const char *realm = NULL;
+	unsigned int realm_len = 0;
 	krb5_creds creds, *credsp = NULL;
-#if KRB5_PRINC_REALM_RETURNS_REALM
-	krb5_realm orig_realm;
-#else
-	krb5_data orig_realm;
-#endif
 	krb5_ccache ccache = NULL;
 
 	ZERO_STRUCT(creds);
@@ -605,57 +599,29 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 		return ADS_ERROR_KRB5(ret);
 	}
 
-	realm = strchr_m(princ, '@');
-	if (!realm) {
-		krb5_cc_close(context, ccache);
-	        krb5_free_context(context);
-		DEBUG(1,("Failed to get realm\n"));
-		return ADS_ERROR_KRB5(-1);
-	}
-	realm++;
-
-	if (asprintf(&princ_name, "kadmin/changepw@%s", realm) == -1) {
-		krb5_cc_close(context, ccache);
-                krb5_free_context(context);
-		DEBUG(1,("asprintf failed\n"));
-		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
-	}
-
-	ret = smb_krb5_parse_name(context, princ_name, &creds.server);
-	if (ret) {
-		krb5_cc_close(context, ccache);
-                krb5_free_context(context);
-		DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret)));
-		return ADS_ERROR_KRB5(ret);
-	}
-
-	/* parse the principal we got as a function argument */
-	ret = smb_krb5_parse_name(context, princ, &principal);
+	ret = krb5_cc_get_principal(context, ccache, &creds.client);
 	if (ret) {
 		krb5_cc_close(context, ccache);
-	        krb5_free_principal(context, creds.server);
                 krb5_free_context(context);
-		DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret)));
-		free(princ_name);
+		DEBUG(1,("Failed to get principal from ccache (%s)\n",
+			 error_message(ret)));
 		return ADS_ERROR_KRB5(ret);
 	}
 
-	free(princ_name);
+	realm = smb_krb5_principal_get_realm(context, creds.client);
+	realm_len = strlen(realm);
+	ret = krb5_build_principal(context,
+				   &creds.server,
+				   realm_len,
+				   realm, "kadmin", "changepw", NULL);
 
-	/* The creds.server principal takes ownership of this memory.
-		Remember to set back to original value before freeing. */
-	orig_realm = *krb5_princ_realm(context, creds.server);
-	krb5_princ_set_realm(context, creds.server, krb5_princ_realm(context, principal));
-	
-	ret = krb5_cc_get_principal(context, ccache, &creds.client);
+	ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
 	if (ret) {
 		krb5_cc_close(context, ccache);
-		krb5_princ_set_realm(context, creds.server, &orig_realm);
+	        krb5_free_principal(context, creds.client);
 	        krb5_free_principal(context, creds.server);
-	        krb5_free_principal(context, principal);
-                krb5_free_context(context);
-		DEBUG(1,("Failed to get principal from ccache (%s)\n", 
-			 error_message(ret)));
+	        krb5_free_context(context);
+		DEBUG(1,("krb5_build_prinipal_ext (%s)\n", error_message(ret)));
 		return ADS_ERROR_KRB5(ret);
 	}
 	
@@ -663,9 +629,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 	if (ret) {
 		krb5_cc_close(context, ccache);
 	        krb5_free_principal(context, creds.client);
-		krb5_princ_set_realm(context, creds.server, &orig_realm);
 	        krb5_free_principal(context, creds.server);
-	        krb5_free_principal(context, principal);
 	        krb5_free_context(context);
 		DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret)));
 		return ADS_ERROR_KRB5(ret);
@@ -679,9 +643,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 
 	krb5_free_creds(context, credsp);
 	krb5_free_principal(context, creds.client);
-	krb5_princ_set_realm(context, creds.server, &orig_realm);
         krb5_free_principal(context, creds.server);
-	krb5_free_principal(context, principal);
 	krb5_cc_close(context, ccache);
 	krb5_free_context(context);
 
@@ -729,6 +691,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
     krb5_get_init_creds_opt opts;
     krb5_creds creds;
     char *chpw_princ = NULL, *password;
+    const char *realm = NULL;
 
     initialize_krb5_error_table();
     ret = krb5_init_context(&context);
@@ -750,9 +713,10 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
     krb5_get_init_creds_opt_set_forwardable(&opts, 0);
     krb5_get_init_creds_opt_set_proxiable(&opts, 0);
 
+    realm = smb_krb5_principal_get_realm(context, princ);
+
     /* We have to obtain an INITIAL changepw ticket for changing password */
-    if (asprintf(&chpw_princ, "kadmin/changepw@%s",
-				(char *) krb5_princ_realm(context, princ)) == -1) {
+    if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
 	krb5_free_context(context);
 	DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
 	return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);