summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libads/krb5_setpw.c74
-rw-r--r--source3/wscript11
2 files changed, 30 insertions, 55 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 1c04d896de..c919a257a4 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -574,15 +574,9 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
ADS_STATUS aret;
krb5_error_code ret = 0;
krb5_context context = NULL;
- krb5_principal principal = NULL;
- char *princ_name = NULL;
- char *realm = NULL;
+ const char *realm = NULL;
+ unsigned int realm_len = 0;
krb5_creds creds, *credsp = NULL;
-#if KRB5_PRINC_REALM_RETURNS_REALM
- krb5_realm orig_realm;
-#else
- krb5_data orig_realm;
-#endif
krb5_ccache ccache = NULL;
ZERO_STRUCT(creds);
@@ -605,57 +599,29 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
return ADS_ERROR_KRB5(ret);
}
- realm = strchr_m(princ, '@');
- if (!realm) {
- krb5_cc_close(context, ccache);
- krb5_free_context(context);
- DEBUG(1,("Failed to get realm\n"));
- return ADS_ERROR_KRB5(-1);
- }
- realm++;
-
- if (asprintf(&princ_name, "kadmin/changepw@%s", realm) == -1) {
- krb5_cc_close(context, ccache);
- krb5_free_context(context);
- DEBUG(1,("asprintf failed\n"));
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- ret = smb_krb5_parse_name(context, princ_name, &creds.server);
- if (ret) {
- krb5_cc_close(context, ccache);
- krb5_free_context(context);
- DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret)));
- return ADS_ERROR_KRB5(ret);
- }
-
- /* parse the principal we got as a function argument */
- ret = smb_krb5_parse_name(context, princ, &principal);
+ ret = krb5_cc_get_principal(context, ccache, &creds.client);
if (ret) {
krb5_cc_close(context, ccache);
- krb5_free_principal(context, creds.server);
krb5_free_context(context);
- DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret)));
- free(princ_name);
+ DEBUG(1,("Failed to get principal from ccache (%s)\n",
+ error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
- free(princ_name);
+ realm = smb_krb5_principal_get_realm(context, creds.client);
+ realm_len = strlen(realm);
+ ret = krb5_build_principal(context,
+ &creds.server,
+ realm_len,
+ realm, "kadmin", "changepw", NULL);
- /* The creds.server principal takes ownership of this memory.
- Remember to set back to original value before freeing. */
- orig_realm = *krb5_princ_realm(context, creds.server);
- krb5_princ_set_realm(context, creds.server, krb5_princ_realm(context, principal));
-
- ret = krb5_cc_get_principal(context, ccache, &creds.client);
+ ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
if (ret) {
krb5_cc_close(context, ccache);
- krb5_princ_set_realm(context, creds.server, &orig_realm);
+ krb5_free_principal(context, creds.client);
krb5_free_principal(context, creds.server);
- krb5_free_principal(context, principal);
- krb5_free_context(context);
- DEBUG(1,("Failed to get principal from ccache (%s)\n",
- error_message(ret)));
+ krb5_free_context(context);
+ DEBUG(1,("krb5_build_prinipal_ext (%s)\n", error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
@@ -663,9 +629,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
if (ret) {
krb5_cc_close(context, ccache);
krb5_free_principal(context, creds.client);
- krb5_princ_set_realm(context, creds.server, &orig_realm);
krb5_free_principal(context, creds.server);
- krb5_free_principal(context, principal);
krb5_free_context(context);
DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret)));
return ADS_ERROR_KRB5(ret);
@@ -679,9 +643,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
krb5_free_creds(context, credsp);
krb5_free_principal(context, creds.client);
- krb5_princ_set_realm(context, creds.server, &orig_realm);
krb5_free_principal(context, creds.server);
- krb5_free_principal(context, principal);
krb5_cc_close(context, ccache);
krb5_free_context(context);
@@ -729,6 +691,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
krb5_get_init_creds_opt opts;
krb5_creds creds;
char *chpw_princ = NULL, *password;
+ const char *realm = NULL;
initialize_krb5_error_table();
ret = krb5_init_context(&context);
@@ -750,9 +713,10 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
krb5_get_init_creds_opt_set_forwardable(&opts, 0);
krb5_get_init_creds_opt_set_proxiable(&opts, 0);
+ realm = smb_krb5_principal_get_realm(context, princ);
+
/* We have to obtain an INITIAL changepw ticket for changing password */
- if (asprintf(&chpw_princ, "kadmin/changepw@%s",
- (char *) krb5_princ_realm(context, princ)) == -1) {
+ if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
krb5_free_context(context);
DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
diff --git a/source3/wscript b/source3/wscript
index fc4cb2dfca..7c01e8fcce 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -720,6 +720,17 @@ return 0;
headers='krb5.h', lib='krb5',
addmain=False,
msg="Checking whether the macro krb5_princ_realm is defined")
+ conf.CHECK_CODE('''
+int main(void) {
+ krb5_context context;
+ krb5_principal principal;
+ const char *realm; realm = krb5_principal_get_realm(context, principal);
+ return 0;
+}''',
+ 'HAVE_KRB5_PRINCIPAL_GET_REALM',
+ headers='krb5.h', lib='krb5',
+ addmain=False,
+ msg="Checking whether krb5_principal_get_realm is defined")
if conf.CHECK_CODE('''krb5_verify_checksum(0, 0, 0, 0, 0, 0, 0);''',
'KRB5_VERIFY_CHECKSUM_ARGS',
headers='krb5.h', lib='krb5',