diff options
-rw-r--r-- | source3/include/includes.h | 2 | ||||
-rw-r--r-- | source3/libads/kerberos.c | 39 | ||||
-rw-r--r-- | source3/libsmb/clikrb5.c | 26 |
3 files changed, 54 insertions, 13 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h index f7edb68c16..8aaaba9799 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -1176,6 +1176,8 @@ krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); void smb_krb5_free_error(krb5_context context, krb5_error *krberror); krb5_error_code handle_krberror_packet(krb5_context context, krb5_data *packet); +void krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt); +krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt); #endif /* HAVE_KRB5 */ diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index d35b59f4cd..3d4b8cbcf8 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -75,7 +75,7 @@ int kerberos_kinit_password_ext(const char *principal, krb5_ccache cc = NULL; krb5_principal me; krb5_creds my_creds; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt = NULL; smb_krb5_addresses *addr = NULL; initialize_krb5_error_table(); @@ -96,47 +96,60 @@ int kerberos_kinit_password_ext(const char *principal, } if ((code = smb_krb5_parse_name(ctx, principal, &me))) { + krb5_cc_close(ctx, cc); krb5_free_context(ctx); return code; } - krb5_get_init_creds_opt_init(&opt); - krb5_get_init_creds_opt_set_renew_life(&opt, renewable_time); - krb5_get_init_creds_opt_set_forwardable(&opt, 1); - - if (request_pac) { + code = krb5_get_init_creds_opt_alloc(ctx, &opt); + if (code) { + krb5_cc_close(ctx, cc); + krb5_free_context(ctx); + return code; + } + + krb5_get_init_creds_opt_set_renew_life(opt, renewable_time); + krb5_get_init_creds_opt_set_forwardable(opt, True); + #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST - code = krb5_get_init_creds_opt_set_pac_request(ctx, &opt, True); + if (request_pac) { + code = krb5_get_init_creds_opt_set_pac_request(ctx, opt, (krb5_boolean)request_pac); if (code) { + krb5_cc_close(ctx, cc); krb5_free_principal(ctx, me); krb5_free_context(ctx); return code; } -#endif } - +#endif if (add_netbios_addr) { code = smb_krb5_gen_netbios_krb5_address(&addr); if (code) { + krb5_cc_close(ctx, cc); krb5_free_principal(ctx, me); krb5_free_context(ctx); return code; } - krb5_get_init_creds_opt_set_address_list(&opt, addr->addrs); + krb5_get_init_creds_opt_set_address_list(opt, addr->addrs); } if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), - kerb_prompter, NULL, 0, NULL, &opt))) + kerb_prompter, NULL, 0, NULL, opt))) { + krb5_get_init_creds_opt_free(opt); smb_krb5_free_addresses(ctx, addr); + krb5_cc_close(ctx, cc); krb5_free_principal(ctx, me); - krb5_free_context(ctx); + krb5_free_context(ctx); return code; } - + + krb5_get_init_creds_opt_free(opt); + if ((code = krb5_cc_initialize(ctx, cc, me))) { smb_krb5_free_addresses(ctx, addr); krb5_free_cred_contents(ctx, &my_creds); + krb5_cc_close(ctx, cc); krb5_free_principal(ctx, me); krb5_free_context(ctx); return code; diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 4092b4b2b9..305139e1f4 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -1379,6 +1379,32 @@ done: return ret; } +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC + krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt) +{ + krb5_get_init_creds_opt *my_opt; + + *opt = NULL; + + if ((my_opt = SMB_MALLOC(sizeof(krb5_get_init_creds_opt))) == NULL) { + return ENOMEM; + } + + krb5_get_init_creds_opt_init(my_opt); + + *opt = my_opt; + return 0; +} +#endif + +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE + void krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) +{ + SAFE_FREE(opt); + opt = NULL; +} +#endif + #else /* HAVE_KRB5 */ /* this saves a few linking headaches */ int cli_krb5_get_ticket(const char *principal, time_t time_offset, |