svn commit: samba r16115 - branches/SAMBA_3_0/source/libads
branches/SAMBA_3_0/source/utils trunk/source/libads
trunk/source/utils
gd at samba.org
gd at samba.org
Fri Jun 9 10:50:29 GMT 2006
Author: gd
Date: 2006-06-09 10:50:28 +0000 (Fri, 09 Jun 2006)
New Revision: 16115
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16115
Log:
Make "net ads changetrustpw" work again.
(adapt to the new UPN/SPN scheme).
Guenther
Modified:
branches/SAMBA_3_0/source/libads/util.c
branches/SAMBA_3_0/source/utils/net_ads.c
trunk/source/libads/util.c
trunk/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0/source/libads/util.c
===================================================================
--- branches/SAMBA_3_0/source/libads/util.c 2006-06-09 10:33:29 UTC (rev 16114)
+++ branches/SAMBA_3_0/source/libads/util.c 2006-06-09 10:50:28 UTC (rev 16115)
@@ -26,7 +26,6 @@
{
char *password;
char *new_password;
- char *service_principal;
ADS_STATUS ret;
uint32 sec_channel_type;
@@ -37,10 +36,8 @@
new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
- asprintf(&service_principal, "HOST/%s", host_principal);
+ ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset);
- ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset);
-
if (!ADS_ERR_OK(ret)) {
goto failed;
}
@@ -53,14 +50,13 @@
/* Determine if the KDC is salting keys for this principal in a
* non-obvious way. */
- if (!kerberos_derive_salting_principal(service_principal)) {
- DEBUG(1,("Failed to determine correct salting principal for %s\n", service_principal));
+ if (!kerberos_derive_salting_principal(host_principal)) {
+ DEBUG(1,("Failed to determine correct salting principal for %s\n", host_principal));
ret = ADS_ERROR_SYSTEM(EACCES);
goto failed;
}
failed:
- SAFE_FREE(service_principal);
SAFE_FREE(password);
return ret;
}
Modified: branches/SAMBA_3_0/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_0/source/utils/net_ads.c 2006-06-09 10:33:29 UTC (rev 16114)
+++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-06-09 10:50:28 UTC (rev 16115)
@@ -1529,19 +1529,19 @@
fstrcpy(my_name, global_myname());
strlower_m(my_name);
- asprintf(&host_principal, "%s@%s", my_name, ads->config.realm);
- d_printf("Changing password for principal: HOST/%s\n", host_principal);
+ asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm);
+ d_printf("Changing password for principal: %s\n", host_principal);
ret = ads_change_trust_account_password(ads, host_principal);
if (!ADS_ERR_OK(ret)) {
- d_fprintf(stderr, "Password change failed :-( ...\n");
+ d_fprintf(stderr, "Password change failed: %s\n", ads_errstr(ret));
ads_destroy(&ads);
SAFE_FREE(host_principal);
return -1;
}
- d_printf("Password change for principal HOST/%s succeeded.\n", host_principal);
+ d_printf("Password change for principal %s succeeded.\n", host_principal);
if (lp_use_kerberos_keytab()) {
d_printf("Attempting to update system keytab with new password.\n");
Modified: trunk/source/libads/util.c
===================================================================
--- trunk/source/libads/util.c 2006-06-09 10:33:29 UTC (rev 16114)
+++ trunk/source/libads/util.c 2006-06-09 10:50:28 UTC (rev 16115)
@@ -26,7 +26,6 @@
{
char *password;
char *new_password;
- char *service_principal;
ADS_STATUS ret;
uint32 sec_channel_type;
@@ -37,10 +36,8 @@
new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
- asprintf(&service_principal, "HOST/%s", host_principal);
+ ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset);
- ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset);
-
if (!ADS_ERR_OK(ret)) {
goto failed;
}
@@ -53,14 +50,13 @@
/* Determine if the KDC is salting keys for this principal in a
* non-obvious way. */
- if (!kerberos_derive_salting_principal(service_principal)) {
- DEBUG(1,("Failed to determine correct salting principal for %s\n", service_principal));
+ if (!kerberos_derive_salting_principal(host_principal)) {
+ DEBUG(1,("Failed to determine correct salting principal for %s\n", host_principal));
ret = ADS_ERROR_SYSTEM(EACCES);
goto failed;
}
failed:
- SAFE_FREE(service_principal);
SAFE_FREE(password);
return ret;
}
Modified: trunk/source/utils/net_ads.c
===================================================================
--- trunk/source/utils/net_ads.c 2006-06-09 10:33:29 UTC (rev 16114)
+++ trunk/source/utils/net_ads.c 2006-06-09 10:50:28 UTC (rev 16115)
@@ -1529,19 +1529,19 @@
fstrcpy(my_name, global_myname());
strlower_m(my_name);
- asprintf(&host_principal, "%s@%s", my_name, ads->config.realm);
- d_printf("Changing password for principal: HOST/%s\n", host_principal);
+ asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm);
+ d_printf("Changing password for principal: %s\n", host_principal);
ret = ads_change_trust_account_password(ads, host_principal);
if (!ADS_ERR_OK(ret)) {
- d_fprintf(stderr, "Password change failed :-( ...\n");
+ d_fprintf(stderr, "Password change failed: %s\n", ads_errstr(ret));
ads_destroy(&ads);
SAFE_FREE(host_principal);
return -1;
}
- d_printf("Password change for principal HOST/%s succeeded.\n", host_principal);
+ d_printf("Password change for principal %s succeeded.\n", host_principal);
if (lp_use_kerberos_keytab()) {
d_printf("Attempting to update system keytab with new password.\n");
More information about the samba-cvs
mailing list