From 485a286a65d3b37f424f5701179f73c99eb9b5b9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 20 Mar 2006 19:05:44 +0000 Subject: r14585: Tighten argument list of kerberos_kinit_password again, kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f) --- source3/libads/kerberos.c | 24 ++++++++++++++++++++---- source3/libads/krb5_setpw.c | 2 +- source3/libsmb/cliconnect.c | 2 +- source3/nsswitch/winbindd_cred_cache.c | 16 ++++++++-------- source3/nsswitch/winbindd_pam.c | 16 ++++++++-------- source3/rpc_client/cli_pipe.c | 2 +- source3/utils/ntlm_auth.c | 3 +-- 7 files changed, 40 insertions(+), 25 deletions(-) diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 17e350d754..029e42c0c2 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -58,7 +58,7 @@ kerb_prompter(krb5_context ctx, void *data, place in default cache location. remus@snapserver.com */ -int kerberos_kinit_password(const char *principal, +int kerberos_kinit_password_ext(const char *principal, const char *password, int time_offset, time_t *expire_time, @@ -187,7 +187,7 @@ int ads_kinit_password(ADS_STRUCT *ads) return KRB5_LIBOS_CANTREADPWD; } - ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, + ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire, NULL, NULL, False, ads->auth.renewable); if (ret) { @@ -380,8 +380,8 @@ static krb5_error_code get_service_ticket(krb5_context ctx, if (password == NULL) { goto out; } - if ((err = kerberos_kinit_password(machine_account, password, 0, NULL, NULL, - LIBADS_CCACHE_NAME, False, 0)) != 0) { + if ((err = kerberos_kinit_password(machine_account, password, + 0, LIBADS_CCACHE_NAME)) != 0) { DEBUG(0,("get_service_ticket: kerberos_kinit_password %s failed: %s\n", machine_account, error_message(err))); @@ -811,4 +811,20 @@ BOOL kerberos_derive_cifs_salting_principals(void) } return retval; } + +int kerberos_kinit_password(const char *principal, + const char *password, + int time_offset, + const char *cache_name) +{ + return kerberos_kinit_password_ext(principal, + password, + time_offset, + 0, + 0, + cache_name, + False, + 0); +} + #endif diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 42ca36f344..415c1e9229 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -685,7 +685,7 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server, { int ret; - if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL, NULL, NULL, False, 0))) { + if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); return ADS_ERROR_KRB5(ret); } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 4c6b890db0..48885f19d8 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -756,7 +756,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, int ret; use_in_memory_ccache(); - ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL, NULL, NULL, False, 0); + ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL); if (ret){ SAFE_FREE(principal); diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c index 6835840a1d..4c539b9b23 100644 --- a/source3/nsswitch/winbindd_cred_cache.c +++ b/source3/nsswitch/winbindd_cred_cache.c @@ -106,14 +106,14 @@ static void krb5_ticket_refresh_handler(struct timed_event *te, seteuid(entry->uid); - ret = kerberos_kinit_password(entry->principal_name, - entry->pass, - 0, /* hm, can we do time correction here ? */ - &entry->refresh_time, - &entry->renew_until, - entry->ccname, - False, /* no PAC required anymore */ - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); + ret = kerberos_kinit_password_ext(entry->principal_name, + entry->pass, + 0, /* hm, can we do time correction here ? */ + &entry->refresh_time, + &entry->renew_until, + entry->ccname, + False, /* no PAC required anymore */ + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); seteuid(0); if (ret) { diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index a010d51caf..922a24adf0 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -482,14 +482,14 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid)); } - krb5_ret = kerberos_kinit_password(principal_s, - state->request.data.auth.pass, - time_offset, - &ticket_lifetime, - &renewal_until, - cc, - True, - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); + krb5_ret = kerberos_kinit_password_ext(principal_s, + state->request.data.auth.pass, + time_offset, + &ticket_lifetime, + &renewal_until, + cc, + True, + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); if (krb5_ret) { DEBUG(1,("winbindd_raw_kerberos_login: kinit failed for '%s' with: %s (%d)\n", diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index c809ac1ac7..afdf6f3d67 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2710,7 +2710,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli, /* Only get a new TGT if username/password are given. */ if (username && password) { - int ret = kerberos_kinit_password(username, password, 0, NULL, NULL, NULL, False, 0); + int ret = kerberos_kinit_password(username, password, 0, NULL); if (ret) { cli_rpc_pipe_close(result); return NULL; diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index ac53235044..f7e3263fe0 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1191,8 +1191,7 @@ static BOOL manage_client_krb5_init(SPNEGO_DATA spnego) pstr_sprintf(user, "%s@%s", opt_username, opt_domain); - if ((retval = kerberos_kinit_password(user, opt_password, - 0, NULL, NULL, NULL, False, 0))) { + if ((retval = kerberos_kinit_password(user, opt_password, 0, NULL))) { DEBUG(10, ("Requesting TGT failed: %s\n", error_message(retval))); return False; } -- cgit