From 485a286a65d3b37f424f5701179f73c99eb9b5b9 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Mon, 20 Mar 2006 19:05:44 +0000
Subject: r14585: Tighten argument list of kerberos_kinit_password again,
 kerberos_kinit_password_ext provides access to more options.

Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
---
 source3/libads/kerberos.c              | 24 ++++++++++++++++++++----
 source3/libads/krb5_setpw.c            |  2 +-
 source3/libsmb/cliconnect.c            |  2 +-
 source3/nsswitch/winbindd_cred_cache.c | 16 ++++++++--------
 source3/nsswitch/winbindd_pam.c        | 16 ++++++++--------
 source3/rpc_client/cli_pipe.c          |  2 +-
 source3/utils/ntlm_auth.c              |  3 +--
 7 files changed, 40 insertions(+), 25 deletions(-)

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 17e350d754..029e42c0c2 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -58,7 +58,7 @@ kerb_prompter(krb5_context ctx, void *data,
   place in default cache location.
   remus@snapserver.com
 */
-int kerberos_kinit_password(const char *principal,
+int kerberos_kinit_password_ext(const char *principal,
 				const char *password,
 				int time_offset,
 				time_t *expire_time,
@@ -187,7 +187,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
 		return KRB5_LIBOS_CANTREADPWD;
 	}
 	
-	ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset,
+	ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
 			&ads->auth.expire, NULL, NULL, False, ads->auth.renewable);
 
 	if (ret) {
@@ -380,8 +380,8 @@ static krb5_error_code get_service_ticket(krb5_context ctx,
 	if (password == NULL) {
 		goto out;
 	}
-	if ((err = kerberos_kinit_password(machine_account, password, 0, NULL, NULL, 
-					   LIBADS_CCACHE_NAME, False, 0)) != 0) {
+	if ((err = kerberos_kinit_password(machine_account, password, 
+					   0, LIBADS_CCACHE_NAME)) != 0) {
 		DEBUG(0,("get_service_ticket: kerberos_kinit_password %s failed: %s\n", 
 			machine_account,
 			error_message(err)));
@@ -811,4 +811,20 @@ BOOL kerberos_derive_cifs_salting_principals(void)
 	}
 	return retval;
 }
+
+int kerberos_kinit_password(const char *principal,
+			    const char *password,
+			    int time_offset,
+			    const char *cache_name)
+{
+	return kerberos_kinit_password_ext(principal, 
+					   password, 
+					   time_offset, 
+					   0, 
+					   0,
+					   cache_name,
+					   False,
+					   0);
+}
+
 #endif
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 42ca36f344..415c1e9229 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -685,7 +685,7 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
 {
     int ret;
 
-    if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL, NULL, NULL, False, 0))) {
+    if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) {
 	DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
 	return ADS_ERROR_KRB5(ret);
     }
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 4c6b890db0..48885f19d8 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -756,7 +756,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
 			int ret;
 			
 			use_in_memory_ccache();
-			ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL, NULL, NULL, False, 0);
+			ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
 			
 			if (ret){
 				SAFE_FREE(principal);
diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c
index 6835840a1d..4c539b9b23 100644
--- a/source3/nsswitch/winbindd_cred_cache.c
+++ b/source3/nsswitch/winbindd_cred_cache.c
@@ -106,14 +106,14 @@ static void krb5_ticket_refresh_handler(struct timed_event *te,
 	     
 		seteuid(entry->uid);
 
-		ret = kerberos_kinit_password(entry->principal_name,
-					      entry->pass,
-					      0, /* hm, can we do time correction here ? */
-					      &entry->refresh_time,
-					      &entry->renew_until,
-					      entry->ccname,
-					      False, /* no PAC required anymore */
-					      WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
+		ret = kerberos_kinit_password_ext(entry->principal_name,
+						  entry->pass,
+						  0, /* hm, can we do time correction here ? */
+						  &entry->refresh_time,
+						  &entry->renew_until,
+						  entry->ccname,
+						  False, /* no PAC required anymore */
+						  WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
 		seteuid(0);
 
 		if (ret) {
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index a010d51caf..922a24adf0 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -482,14 +482,14 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
 		DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
 	}
 
-	krb5_ret = kerberos_kinit_password(principal_s, 
-					   state->request.data.auth.pass, 
-					   time_offset, 
-					   &ticket_lifetime,
-					   &renewal_until,
-					   cc, 
-					   True,
-					   WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
+	krb5_ret = kerberos_kinit_password_ext(principal_s, 
+					       state->request.data.auth.pass, 
+					       time_offset, 
+					       &ticket_lifetime,
+					       &renewal_until,
+					       cc, 
+					       True,
+					       WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
 
 	if (krb5_ret) {
 		DEBUG(1,("winbindd_raw_kerberos_login: kinit failed for '%s' with: %s (%d)\n", 
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index c809ac1ac7..afdf6f3d67 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2710,7 +2710,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli,
 
 	/* Only get a new TGT if username/password are given. */
 	if (username && password) {
-		int ret = kerberos_kinit_password(username, password, 0, NULL, NULL, NULL, False, 0);
+		int ret = kerberos_kinit_password(username, password, 0, NULL);
 		if (ret) {
 			cli_rpc_pipe_close(result);
 			return NULL;
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index ac53235044..f7e3263fe0 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1191,8 +1191,7 @@ static BOOL manage_client_krb5_init(SPNEGO_DATA spnego)
 
 		pstr_sprintf(user, "%s@%s", opt_username, opt_domain);
 
-		if ((retval = kerberos_kinit_password(user, opt_password, 
-						      0, NULL, NULL, NULL, False, 0))) {
+		if ((retval = kerberos_kinit_password(user, opt_password, 0, NULL))) {
 			DEBUG(10, ("Requesting TGT failed: %s\n", error_message(retval)));
 			return False;
 		}
-- 
cgit