diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libads/krb5_setpw.c | 66 | ||||
-rw-r--r-- | source3/utils/net_ads.c | 9 |
2 files changed, 38 insertions, 37 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 29bf1a427c..214871b3fb 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -178,47 +178,39 @@ static krb5_error_code build_kpasswd_request(uint16 pversion, return 0; } +static const struct kpasswd_errors { + int result_code; + const char *error_string; +} kpasswd_errors[] = { + {KRB5_KPASSWD_MALFORMED, "Malformed request error"}, + {KRB5_KPASSWD_HARDERROR, "Server error"}, + {KRB5_KPASSWD_AUTHERROR, "Authentication error"}, + {KRB5_KPASSWD_SOFTERROR, "Password change rejected"}, + {KRB5_KPASSWD_ACCESSDENIED, "Client does not have proper authorization"}, + {KRB5_KPASSWD_BAD_VERSION, "Protocol version not supported"}, + {KRB5_KPASSWD_INITIAL_FLAG_NEEDED, "Authorization ticket must have initial flag set"}, + {KRB5_KPASSWD_POLICY_REJECT, "Password rejected due to policy requirements"}, + {KRB5_KPASSWD_BAD_PRINCIPAL, "Target principal does not exist"}, + {KRB5_KPASSWD_ETYPE_NOSUPP, "Unsupported encryption type"}, + {0, NULL} +}; + static krb5_error_code krb5_setpw_result_code_string(krb5_context context, int result_code, const char **code_string) { - switch (result_code) { - case KRB5_KPASSWD_MALFORMED: - *code_string = "Malformed request error"; - break; - case KRB5_KPASSWD_HARDERROR: - *code_string = "Server error"; - break; - case KRB5_KPASSWD_AUTHERROR: - *code_string = "Authentication error"; - break; - case KRB5_KPASSWD_SOFTERROR: - *code_string = "Password change rejected"; - break; - case KRB5_KPASSWD_ACCESSDENIED: - *code_string = "Client does not have proper authorization"; - break; - case KRB5_KPASSWD_BAD_VERSION: - *code_string = "Protocol version not supported"; - break; - case KRB5_KPASSWD_INITIAL_FLAG_NEEDED: - *code_string = "Authorization ticket must have initial flag set"; - break; - case KRB5_KPASSWD_POLICY_REJECT: - *code_string = "Password rejected due to policy requirements"; - break; - case KRB5_KPASSWD_BAD_PRINCIPAL: - *code_string = "Target principal does not exist"; - break; - case KRB5_KPASSWD_ETYPE_NOSUPP: - *code_string = "Unsupported encryption type"; - break; - default: - *code_string = "Password change failed"; - break; - } - - return(0); + unsigned int idx = 0; + + while (kpasswd_errors[idx].error_string != NULL) { + if (kpasswd_errors[idx].result_code == + result_code) { + *code_string = kpasswd_errors[idx].error_string; + return 0; + } + idx++; + } + *code_string = "Password change failed"; + return (0); } static krb5_error_code parse_setpw_reply(krb5_context context, diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 22b9d50ea1..0f2d673b4b 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -910,6 +910,15 @@ static int net_ads_password(int argc, const char **argv) in realms other than default */ if (!(ads = ads_init(realm, NULL, NULL))) return -1; + /* we don't actually need a full connect, but it's the easy way to + fill in the KDC's addresss */ + ads_connect(ads); + + if (!ads || !ads->config.realm) { + d_printf("Didn't find the kerberos server!\n"); + return -1; + } + asprintf(&prompt, "Enter new password for %s:", argv[0]); new_password = getpass(prompt); |