From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Fri, 3 Feb 2006 22:19:41 +0000
Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This
 used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)

---
 source3/libads/krb5_setpw.c | 49 ++++++++++++++++++++++++++++-----------------
 1 file changed, 31 insertions(+), 18 deletions(-)

(limited to 'source3/libads/krb5_setpw.c')

diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 31d0a02cad..6ffd218e96 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -24,9 +24,17 @@
 #ifdef HAVE_KRB5
 
 #define DEFAULT_KPASSWD_PORT	464
+
 #define KRB5_KPASSWD_VERS_CHANGEPW		1
+
 #define KRB5_KPASSWD_VERS_SETPW			0xff80
 #define KRB5_KPASSWD_VERS_SETPW_ALT		2
+
+#define KRB5_KPASSWD_SUCCESS			0
+#define KRB5_KPASSWD_MALFORMED			1
+#define KRB5_KPASSWD_HARDERROR			2
+#define KRB5_KPASSWD_AUTHERROR			3
+#define KRB5_KPASSWD_SOFTERROR			4
 #define KRB5_KPASSWD_ACCESSDENIED		5
 #define KRB5_KPASSWD_BAD_VERSION		6
 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED	7
@@ -213,6 +221,25 @@ static krb5_error_code setpw_result_code_string(krb5_context context,
         return (0);
 }
 
+ krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code) 
+{
+	switch(res_code) {
+		case KRB5_KPASSWD_ACCESSDENIED:
+			return KRB5KDC_ERR_BADOPTION;
+		case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
+			return KRB5KDC_ERR_BADOPTION;
+			/* return KV5M_ALT_METHOD; MIT-only define */
+		case KRB5_KPASSWD_ETYPE_NOSUPP:
+			return KRB5KDC_ERR_ETYPE_NOSUPP;
+		case KRB5_KPASSWD_BAD_PRINCIPAL:
+			return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+		case KRB5_KPASSWD_POLICY_REJECT:
+		case KRB5_KPASSWD_SOFTERROR:
+			return KRB5KDC_ERR_POLICY;
+		default:
+			return KRB5KRB_ERR_GENERIC;
+	}
+}
 static krb5_error_code parse_setpw_reply(krb5_context context, 
 					 krb5_auth_context auth_context,
 					 krb5_data *packet)
@@ -312,23 +339,9 @@ static krb5_error_code parse_setpw_reply(krb5_context context,
 	else {
 		const char *errstr;
 		setpw_result_code_string(context, res_code, &errstr);
-		DEBUG(1, ("Error changing password: %s\n", errstr));
-
-		switch(res_code) {
-			case KRB5_KPASSWD_ACCESSDENIED:
-				return KRB5KDC_ERR_BADOPTION;
-			case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
-				return KRB5KDC_ERR_BADOPTION;
-				/* return KV5M_ALT_METHOD; MIT-only define */
-			case KRB5_KPASSWD_ETYPE_NOSUPP:
-				return KRB5KDC_ERR_ETYPE_NOSUPP;
-			case KRB5_KPASSWD_BAD_PRINCIPAL:
-				return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-			case KRB5_KPASSWD_POLICY_REJECT:
-				return KRB5KDC_ERR_POLICY;
-			default:
-				return KRB5KRB_ERR_GENERIC;
-		}
+		DEBUG(1, ("Error changing password: %s (%d)\n", errstr, res_code));
+
+		return kpasswd_err_to_krb5_err(res_code);
 	}
 }
 
@@ -664,7 +677,7 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
 {
     int ret;
 
-    if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL, NULL))) {
+    if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL, NULL, NULL, False, 0))) {
 	DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
 	return ADS_ERROR_KRB5(ret);
     }
-- 
cgit