From db54a8c04159fbce4d3d6427725634025ebb9286 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 20 Dec 2001 07:46:24 +0000 Subject: forgot to commit this file from remus (This used to be commit 7984ae0121ba327309ca5c52674e03fc1ad7e923) --- source3/libads/util.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 source3/libads/util.c (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c new file mode 100644 index 0000000000..8f22adb7af --- /dev/null +++ b/source3/libads/util.c @@ -0,0 +1,59 @@ +/* + Unix SMB/Netbios implementation. + Version 3.0 + krb5 set password implementation + Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#ifdef HAVE_KRB5 + +ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal) +{ + char *tmp_password; + char *password; + char *new_password; + char *service_principal; + ADS_STATUS ret; + + if ((password = secrets_fetch_machine_password()) == NULL) { + DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal)); + return ADS_ERROR_SYSTEM(ENOENT); + } + + tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); + new_password = strdup(tmp_password); + asprintf(&service_principal, "HOST/%s", host_principal); + + ret = kerberos_set_password(ads->kdc_server, host_principal, password, + service_principal, new_password); + + if (!secrets_store_machine_password(new_password)) { + DEBUG(1,("Failed to save machine password\n")); + return ADS_ERROR_SYSTEM(EACCES); + } + + SAFE_FREE(service_principal); + SAFE_FREE(new_password); + + return ret; +} + + + +#endif -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/libads/util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 8f22adb7af..d48eb10b71 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 3.0 + Unix SMB/CIFS implementation. krb5 set password implementation Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com) -- cgit From b2edf254eda92f775e7d3d9b6793b4d77f9000b6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 17 Aug 2002 17:00:51 +0000 Subject: sync 3.0 branch with head (This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290) --- source3/libads/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index d48eb10b71..b10b130a31 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -39,7 +39,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip new_password = strdup(tmp_password); asprintf(&service_principal, "HOST/%s", host_principal); - ret = kerberos_set_password(ads->kdc_server, host_principal, password, + ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, service_principal, new_password); if (!secrets_store_machine_password(new_password)) { -- cgit From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Sep 2002 15:19:00 +0000 Subject: sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139) --- source3/libads/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index b10b130a31..021f2d93e4 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -40,7 +40,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip asprintf(&service_principal, "HOST/%s", host_principal); ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, - service_principal, new_password); + service_principal, new_password, ads->auth.time_offset); if (!secrets_store_machine_password(new_password)) { DEBUG(1,("Failed to save machine password\n")); -- cgit From d1221c9b6c369113a531063737890b58d89bf6fe Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Feb 2003 02:55:00 +0000 Subject: Merge from HEAD client-side authentication changes: - new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae) --- source3/libads/util.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 021f2d93e4..335cabc952 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -29,7 +29,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip char *new_password; char *service_principal; ADS_STATUS ret; - + if ((password = secrets_fetch_machine_password()) == NULL) { DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal)); return ADS_ERROR_SYSTEM(ENOENT); @@ -38,15 +38,17 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); new_password = strdup(tmp_password); asprintf(&service_principal, "HOST/%s", host_principal); - - ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, - service_principal, new_password, ads->auth.time_offset); + + ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset); + + if (!ADS_ERR_OK(ret)) goto failed; if (!secrets_store_machine_password(new_password)) { DEBUG(1,("Failed to save machine password\n")); return ADS_ERROR_SYSTEM(EACCES); } +failed: SAFE_FREE(service_principal); SAFE_FREE(new_password); -- cgit From f071020f5e49837154581c97c5af5f84d0e2de89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 Apr 2003 14:09:03 +0000 Subject: Merge from HEAD - save the type of channel used to contact the DC. This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a) --- source3/libads/util.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 335cabc952..9912a7ba83 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -29,21 +29,23 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip char *new_password; char *service_principal; ADS_STATUS ret; - - if ((password = secrets_fetch_machine_password()) == NULL) { + uint32 sec_channel_type; + + if ((password = secrets_fetch_machine_password(lp_workgroup(), NULL, &sec_channel_type)) == NULL) { DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal)); return ADS_ERROR_SYSTEM(ENOENT); } tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); new_password = strdup(tmp_password); + asprintf(&service_principal, "HOST/%s", host_principal); ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) goto failed; - if (!secrets_store_machine_password(new_password)) { + if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); return ADS_ERROR_SYSTEM(EACCES); } -- cgit From 37117a10142e6ad320f994cab4442b12529685ee Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 2 Nov 2004 02:21:26 +0000 Subject: r3451: Finish off kerberos salting patch. Needs testing ! Jeremy. (This used to be commit ff4cb6b5e80731856d6f3f7eebd8fc23902e3580) --- source3/libads/util.c | 58 ++++++++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 26 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 9912a7ba83..f5b8873538 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -24,39 +24,45 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal) { - char *tmp_password; - char *password; - char *new_password; - char *service_principal; - ADS_STATUS ret; - uint32 sec_channel_type; + char *password; + char *new_password; + char *service_principal; + ADS_STATUS ret; + uint32 sec_channel_type; - if ((password = secrets_fetch_machine_password(lp_workgroup(), NULL, &sec_channel_type)) == NULL) { - DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal)); - return ADS_ERROR_SYSTEM(ENOENT); - } + if ((password = secrets_fetch_machine_password(lp_workgroup(), NULL, &sec_channel_type)) == NULL) { + DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal)); + return ADS_ERROR_SYSTEM(ENOENT); + } - tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - new_password = strdup(tmp_password); + new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - asprintf(&service_principal, "HOST/%s", host_principal); + asprintf(&service_principal, "HOST/%s", host_principal); - ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset); + ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset); - if (!ADS_ERR_OK(ret)) goto failed; + if (!ADS_ERR_OK(ret)) { + goto failed; + } - if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) { - DEBUG(1,("Failed to save machine password\n")); - return ADS_ERROR_SYSTEM(EACCES); - } + if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) { + DEBUG(1,("Failed to save machine password\n")); + ret = ADS_ERROR_SYSTEM(EACCES); + goto failed; + } -failed: - SAFE_FREE(service_principal); - SAFE_FREE(new_password); + /* Determine if the KDC is salting keys for this principal in a + * non-obvious way. */ + if (!kerberos_derive_salting_principal(service_principal)) { + DEBUG(1,("Failed to determine correct salting principal for %s\n", service_principal)); + ret = ADS_ERROR_SYSTEM(EACCES); + goto failed; + } - return ret; +failed: + SAFE_FREE(service_principal); + SAFE_FREE(password); + SAFE_FREE(new_password); + return ret; } - - - #endif -- cgit From 6ab46e3fd2cb2394bb00b45ded0e372d0992284a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 17 Nov 2004 01:43:36 +0000 Subject: r3796: Patch from Jay Fenlason . Don't free static buffers. Jeremy. (This used to be commit 53acf222a86a1420abbba08a2cde27a86debe403) --- source3/libads/util.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index f5b8873538..4a4d90d7fb 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -62,7 +62,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip failed: SAFE_FREE(service_principal); SAFE_FREE(password); - SAFE_FREE(new_password); return ret; } #endif -- cgit From bf7a5433b4da564c5298e856cdd46383b8998bb2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 9 Jun 2006 10:50:28 +0000 Subject: r16115: Make "net ads changetrustpw" work again. (adapt to the new UPN/SPN scheme). Guenther (This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d) --- source3/libads/util.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 4a4d90d7fb..8e3001ccb0 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -26,7 +26,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip { char *password; char *new_password; - char *service_principal; ADS_STATUS ret; uint32 sec_channel_type; @@ -37,9 +36,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - asprintf(&service_principal, "HOST/%s", host_principal); - - ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset); + ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { goto failed; @@ -53,14 +50,13 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip /* Determine if the KDC is salting keys for this principal in a * non-obvious way. */ - if (!kerberos_derive_salting_principal(service_principal)) { - DEBUG(1,("Failed to determine correct salting principal for %s\n", service_principal)); + if (!kerberos_derive_salting_principal(host_principal)) { + DEBUG(1,("Failed to determine correct salting principal for %s\n", host_principal)); ret = ADS_ERROR_SYSTEM(EACCES); goto failed; } failed: - SAFE_FREE(service_principal); SAFE_FREE(password); return ret; } -- cgit From 060b155cd2f77e37086f97461f93e9ef1ff8dce2 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 11 Jul 2006 18:45:22 +0000 Subject: r16952: New derive DES salt code and Krb5 keytab generation Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4) --- source3/libads/util.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 8e3001ccb0..eb6dccb3af 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -48,14 +48,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip goto failed; } - /* Determine if the KDC is salting keys for this principal in a - * non-obvious way. */ - if (!kerberos_derive_salting_principal(host_principal)) { - DEBUG(1,("Failed to determine correct salting principal for %s\n", host_principal)); - ret = ADS_ERROR_SYSTEM(EACCES); - goto failed; - } - failed: SAFE_FREE(password); return ret; -- cgit From aa6055debd078504f6a7ed861443b02672fc9067 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 13 Mar 2007 16:13:24 +0000 Subject: r21823: Let secrets_store_machine_password() also store the account name. Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93) --- source3/libads/util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index eb6dccb3af..669ed7d141 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -42,7 +42,9 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip goto failed; } - if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) { + if (!secrets_store_machine_password(new_password, global_myname(), + lp_workgroup(), + sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); ret = ADS_ERROR_SYSTEM(EACCES); goto failed; -- cgit From f56da0890f645c4cecac7c60f67573e1f609fd4f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 13 Mar 2007 20:53:38 +0000 Subject: r21831: Back out r21823 for a while, this is going into a bzr tree first. Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b) --- source3/libads/util.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 669ed7d141..eb6dccb3af 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -42,9 +42,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip goto failed; } - if (!secrets_store_machine_password(new_password, global_myname(), - lp_workgroup(), - sec_channel_type)) { + if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) { DEBUG(1,("Failed to save machine password\n")); ret = ADS_ERROR_SYSTEM(EACCES); goto failed; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/libads/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index eb6dccb3af..5f0a33d90f 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/libads/util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 5f0a33d90f..2fb9fa81b4 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 647abf0a7b46a10c25e4d147dca2c4885b3ada7c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 30 Aug 2007 15:39:51 +0000 Subject: r24804: As a temporary workaround, also try to guess the server's principal in the "not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds succeed with windows server 2008. Guenther (This used to be commit f5b3de4d3069eaa750240e3422bac5cb169b6c0a) --- source3/libads/util.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 2fb9fa81b4..a0c9d8f4c4 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -51,4 +51,62 @@ failed: SAFE_FREE(password); return ret; } + +ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, + const char *given_principal, + char **returned_principal) +{ + char *princ = NULL; + + if (ads->server.realm && ads->server.ldap_server) { + char *server, *server_realm; + + server = SMB_STRDUP(ads->server.ldap_server); + server_realm = SMB_STRDUP(ads->server.realm); + + if (!server || !server_realm) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + strlower_m(server); + strupper_m(server_realm); + asprintf(&princ, "ldap/%s@%s", server, server_realm); + + SAFE_FREE(server); + SAFE_FREE(server_realm); + + if (!princ) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + } else if (ads->config.realm && ads->config.ldap_server_name) { + char *server, *server_realm; + + server = SMB_STRDUP(ads->config.ldap_server_name); + server_realm = SMB_STRDUP(ads->config.realm); + + if (!server || !server_realm) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + strlower_m(server); + strupper_m(server_realm); + asprintf(&princ, "ldap/%s@%s", server, server_realm); + + SAFE_FREE(server); + SAFE_FREE(server_realm); + + if (!princ) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + } + + if (!princ) { + return ADS_ERROR(LDAP_PARAM_ERROR); + } + + *returned_principal = princ; + + return ADS_SUCCESS; +} + #endif -- cgit From 1ef2464451ee64023173637fa03e703405dc8c85 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Sep 2007 23:35:17 +0000 Subject: r25109: Remove obsolete argument from ads_guess_service_principal(). Guenther (This used to be commit 2dea9464bba76af4315a8207ccd3e564ec19d146) --- source3/libads/util.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index a0c9d8f4c4..af96c3e10a 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -53,7 +53,6 @@ failed: } ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, - const char *given_principal, char **returned_principal) { char *princ = NULL; -- cgit From 3529156971e17c7ec13f6a6243f7b613e4666cdd Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 28 Sep 2007 03:54:42 +0000 Subject: r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags, and client fixes. Patch from Todd Stetcher . (This used to be commit 8304ccba7346597425307e260e88647e49081f68) --- source3/libads/util.c | 54 ++++++++++++++++++++------------------------------- 1 file changed, 21 insertions(+), 33 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index af96c3e10a..472fe4a214 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -55,57 +55,45 @@ failed: ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, char **returned_principal) { + ADS_STATUS status; char *princ = NULL; + char *server = NULL; + char *server_realm = NULL; if (ads->server.realm && ads->server.ldap_server) { - char *server, *server_realm; - server = SMB_STRDUP(ads->server.ldap_server); server_realm = SMB_STRDUP(ads->server.realm); - if (!server || !server_realm) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - strlower_m(server); - strupper_m(server_realm); - asprintf(&princ, "ldap/%s@%s", server, server_realm); - - SAFE_FREE(server); - SAFE_FREE(server_realm); - - if (!princ) { - return ADS_ERROR(LDAP_NO_MEMORY); + if (!server || !server_realm) { + status = ADS_ERROR(LDAP_NO_MEMORY); + goto fail; } } else if (ads->config.realm && ads->config.ldap_server_name) { - char *server, *server_realm; - server = SMB_STRDUP(ads->config.ldap_server_name); server_realm = SMB_STRDUP(ads->config.realm); - if (!server || !server_realm) { - return ADS_ERROR(LDAP_NO_MEMORY); - } - - strlower_m(server); - strupper_m(server_realm); - asprintf(&princ, "ldap/%s@%s", server, server_realm); - - SAFE_FREE(server); - SAFE_FREE(server_realm); - - if (!princ) { - return ADS_ERROR(LDAP_NO_MEMORY); - } + if (!server || !server_realm) { + status = ADS_ERROR(LDAP_NO_MEMORY); + goto fail; + } } + strlower_m(server); + strupper_m(server_realm); + asprintf(&princ, "ldap/%s@%s", server, server_realm); + if (!princ) { - return ADS_ERROR(LDAP_PARAM_ERROR); + status = ADS_ERROR(LDAP_PARAM_ERROR); } *returned_principal = princ; + status = ADS_SUCCESS; + +fail: + SAFE_FREE(server); + SAFE_FREE(server_realm); - return ADS_SUCCESS; + return status; } #endif -- cgit From 5221ebb299081da6a806362212c6a8ceb9cc70a8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 28 Sep 2007 18:15:34 +0000 Subject: r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree. The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c) --- source3/libads/util.c | 54 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 21 deletions(-) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index 472fe4a214..af96c3e10a 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -55,45 +55,57 @@ failed: ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, char **returned_principal) { - ADS_STATUS status; char *princ = NULL; - char *server = NULL; - char *server_realm = NULL; if (ads->server.realm && ads->server.ldap_server) { + char *server, *server_realm; + server = SMB_STRDUP(ads->server.ldap_server); server_realm = SMB_STRDUP(ads->server.realm); - if (!server || !server_realm) { - status = ADS_ERROR(LDAP_NO_MEMORY); - goto fail; + if (!server || !server_realm) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + strlower_m(server); + strupper_m(server_realm); + asprintf(&princ, "ldap/%s@%s", server, server_realm); + + SAFE_FREE(server); + SAFE_FREE(server_realm); + + if (!princ) { + return ADS_ERROR(LDAP_NO_MEMORY); } } else if (ads->config.realm && ads->config.ldap_server_name) { + char *server, *server_realm; + server = SMB_STRDUP(ads->config.ldap_server_name); server_realm = SMB_STRDUP(ads->config.realm); - if (!server || !server_realm) { - status = ADS_ERROR(LDAP_NO_MEMORY); - goto fail; - } - } + if (!server || !server_realm) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + strlower_m(server); + strupper_m(server_realm); + asprintf(&princ, "ldap/%s@%s", server, server_realm); - strlower_m(server); - strupper_m(server_realm); - asprintf(&princ, "ldap/%s@%s", server, server_realm); + SAFE_FREE(server); + SAFE_FREE(server_realm); + + if (!princ) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + } if (!princ) { - status = ADS_ERROR(LDAP_PARAM_ERROR); + return ADS_ERROR(LDAP_PARAM_ERROR); } *returned_principal = princ; - status = ADS_SUCCESS; - -fail: - SAFE_FREE(server); - SAFE_FREE(server_realm); - return status; + return ADS_SUCCESS; } #endif -- cgit From ad00ecd3583af02dacdbb9d46881552b58467362 Mon Sep 17 00:00:00 2001 From: Marc VanHeyningen Date: Thu, 29 May 2008 10:00:46 -0700 Subject: Tiny memory leak (This used to be commit e7f76a0c65085dd1e7b50ea3537e11922e7d9ecd) --- source3/libads/util.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libads/util.c') diff --git a/source3/libads/util.c b/source3/libads/util.c index af96c3e10a..72f5dee80c 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -64,6 +64,8 @@ ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, server_realm = SMB_STRDUP(ads->server.realm); if (!server || !server_realm) { + SAFE_FREE(server); + SAFE_FREE(server_realm); return ADS_ERROR(LDAP_NO_MEMORY); } -- cgit