diff options
author | Günther Deschner <gd@samba.org> | 2006-06-09 10:50:28 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:21 -0500 |
commit | bf7a5433b4da564c5298e856cdd46383b8998bb2 (patch) | |
tree | 9eb69b007167d67c0e386467c7f8185b8a5e534f /source3 | |
parent | 33c918b11a6f143d4202df64ad76dde29a807f44 (diff) | |
download | samba-bf7a5433b4da564c5298e856cdd46383b8998bb2.tar.gz samba-bf7a5433b4da564c5298e856cdd46383b8998bb2.tar.bz2 samba-bf7a5433b4da564c5298e856cdd46383b8998bb2.zip |
r16115: Make "net ads changetrustpw" work again.
(adapt to the new UPN/SPN scheme).
Guenther
(This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libads/util.c | 10 | ||||
-rw-r--r-- | source3/utils/net_ads.c | 8 |
2 files changed, 7 insertions, 11 deletions
diff --git a/source3/libads/util.c b/source3/libads/util.c index 4a4d90d7fb..8e3001ccb0 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -26,7 +26,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip { char *password; char *new_password; - char *service_principal; ADS_STATUS ret; uint32 sec_channel_type; @@ -37,9 +36,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - asprintf(&service_principal, "HOST/%s", host_principal); - - ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset); + ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { goto failed; @@ -53,14 +50,13 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip /* Determine if the KDC is salting keys for this principal in a * non-obvious way. */ - if (!kerberos_derive_salting_principal(service_principal)) { - DEBUG(1,("Failed to determine correct salting principal for %s\n", service_principal)); + if (!kerberos_derive_salting_principal(host_principal)) { + DEBUG(1,("Failed to determine correct salting principal for %s\n", host_principal)); ret = ADS_ERROR_SYSTEM(EACCES); goto failed; } failed: - SAFE_FREE(service_principal); SAFE_FREE(password); return ret; } diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e701803d17..e82eece0f9 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1529,19 +1529,19 @@ int net_ads_changetrustpw(int argc, const char **argv) fstrcpy(my_name, global_myname()); strlower_m(my_name); - asprintf(&host_principal, "%s@%s", my_name, ads->config.realm); - d_printf("Changing password for principal: HOST/%s\n", host_principal); + asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm); + d_printf("Changing password for principal: %s\n", host_principal); ret = ads_change_trust_account_password(ads, host_principal); if (!ADS_ERR_OK(ret)) { - d_fprintf(stderr, "Password change failed :-( ...\n"); + d_fprintf(stderr, "Password change failed: %s\n", ads_errstr(ret)); ads_destroy(&ads); SAFE_FREE(host_principal); return -1; } - d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); + d_printf("Password change for principal %s succeeded.\n", host_principal); if (lp_use_kerberos_keytab()) { d_printf("Attempting to update system keytab with new password.\n"); |