diff options
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/krb5_setpw.c | 74 |
1 files changed, 19 insertions, 55 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 1c04d896de..c919a257a4 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -574,15 +574,9 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, ADS_STATUS aret; krb5_error_code ret = 0; krb5_context context = NULL; - krb5_principal principal = NULL; - char *princ_name = NULL; - char *realm = NULL; + const char *realm = NULL; + unsigned int realm_len = 0; krb5_creds creds, *credsp = NULL; -#if KRB5_PRINC_REALM_RETURNS_REALM - krb5_realm orig_realm; -#else - krb5_data orig_realm; -#endif krb5_ccache ccache = NULL; ZERO_STRUCT(creds); @@ -605,57 +599,29 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, return ADS_ERROR_KRB5(ret); } - realm = strchr_m(princ, '@'); - if (!realm) { - krb5_cc_close(context, ccache); - krb5_free_context(context); - DEBUG(1,("Failed to get realm\n")); - return ADS_ERROR_KRB5(-1); - } - realm++; - - if (asprintf(&princ_name, "kadmin/changepw@%s", realm) == -1) { - krb5_cc_close(context, ccache); - krb5_free_context(context); - DEBUG(1,("asprintf failed\n")); - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - ret = smb_krb5_parse_name(context, princ_name, &creds.server); - if (ret) { - krb5_cc_close(context, ccache); - krb5_free_context(context); - DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret))); - return ADS_ERROR_KRB5(ret); - } - - /* parse the principal we got as a function argument */ - ret = smb_krb5_parse_name(context, princ, &principal); + ret = krb5_cc_get_principal(context, ccache, &creds.client); if (ret) { krb5_cc_close(context, ccache); - krb5_free_principal(context, creds.server); krb5_free_context(context); - DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret))); - free(princ_name); + DEBUG(1,("Failed to get principal from ccache (%s)\n", + error_message(ret))); return ADS_ERROR_KRB5(ret); } - free(princ_name); + realm = smb_krb5_principal_get_realm(context, creds.client); + realm_len = strlen(realm); + ret = krb5_build_principal(context, + &creds.server, + realm_len, + realm, "kadmin", "changepw", NULL); - /* The creds.server principal takes ownership of this memory. - Remember to set back to original value before freeing. */ - orig_realm = *krb5_princ_realm(context, creds.server); - krb5_princ_set_realm(context, creds.server, krb5_princ_realm(context, principal)); - - ret = krb5_cc_get_principal(context, ccache, &creds.client); + ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp); if (ret) { krb5_cc_close(context, ccache); - krb5_princ_set_realm(context, creds.server, &orig_realm); + krb5_free_principal(context, creds.client); krb5_free_principal(context, creds.server); - krb5_free_principal(context, principal); - krb5_free_context(context); - DEBUG(1,("Failed to get principal from ccache (%s)\n", - error_message(ret))); + krb5_free_context(context); + DEBUG(1,("krb5_build_prinipal_ext (%s)\n", error_message(ret))); return ADS_ERROR_KRB5(ret); } @@ -663,9 +629,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, if (ret) { krb5_cc_close(context, ccache); krb5_free_principal(context, creds.client); - krb5_princ_set_realm(context, creds.server, &orig_realm); krb5_free_principal(context, creds.server); - krb5_free_principal(context, principal); krb5_free_context(context); DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret))); return ADS_ERROR_KRB5(ret); @@ -679,9 +643,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, krb5_free_creds(context, credsp); krb5_free_principal(context, creds.client); - krb5_princ_set_realm(context, creds.server, &orig_realm); krb5_free_principal(context, creds.server); - krb5_free_principal(context, principal); krb5_cc_close(context, ccache); krb5_free_context(context); @@ -729,6 +691,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, krb5_get_init_creds_opt opts; krb5_creds creds; char *chpw_princ = NULL, *password; + const char *realm = NULL; initialize_krb5_error_table(); ret = krb5_init_context(&context); @@ -750,9 +713,10 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, krb5_get_init_creds_opt_set_forwardable(&opts, 0); krb5_get_init_creds_opt_set_proxiable(&opts, 0); + realm = smb_krb5_principal_get_realm(context, princ); + /* We have to obtain an INITIAL changepw ticket for changing password */ - if (asprintf(&chpw_princ, "kadmin/changepw@%s", - (char *) krb5_princ_realm(context, princ)) == -1) { + if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) { krb5_free_context(context); DEBUG(1,("ads_krb5_chg_password: asprintf fail\n")); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); |