[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Sep 19 20:49:03 UTC 2019
The branch, master has been updated
via 82512034563 s3-libads: adapt to coding standards, no code changes
from 094862b8a67 s3/vfs_shadow_copy2.c: Fix typo in comment.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 82512034563870d4629d0a42813560e6d69b2b5e
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 17 01:50:33 2019 +0200
s3-libads: adapt to coding standards, no code changes
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 19 20:48:45 UTC 2019 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/libads/krb5_setpw.c | 241 ++++++++++++++++++++++----------------------
1 file changed, 121 insertions(+), 120 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index c3c9477c4cf..4ed3623f7c5 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -38,21 +38,21 @@
static krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code)
{
- switch(res_code) {
- case KRB5_KPASSWD_ACCESSDENIED:
- return KRB5KDC_ERR_BADOPTION;
- case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
- return KRB5KDC_ERR_BADOPTION;
- /* return KV5M_ALT_METHOD; MIT-only define */
- case KRB5_KPASSWD_ETYPE_NOSUPP:
- return KRB5KDC_ERR_ETYPE_NOSUPP;
- case KRB5_KPASSWD_BAD_PRINCIPAL:
- return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
- case KRB5_KPASSWD_POLICY_REJECT:
- case KRB5_KPASSWD_SOFTERROR:
- return KRB5KDC_ERR_POLICY;
- default:
- return KRB5KRB_ERR_GENERIC;
+ switch (res_code) {
+ case KRB5_KPASSWD_ACCESSDENIED:
+ return KRB5KDC_ERR_BADOPTION;
+ case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
+ return KRB5KDC_ERR_BADOPTION;
+ /* return KV5M_ALT_METHOD; MIT-only define */
+ case KRB5_KPASSWD_ETYPE_NOSUPP:
+ return KRB5KDC_ERR_ETYPE_NOSUPP;
+ case KRB5_KPASSWD_BAD_PRINCIPAL:
+ return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+ case KRB5_KPASSWD_POLICY_REJECT:
+ case KRB5_KPASSWD_SOFTERROR:
+ return KRB5KDC_ERR_POLICY;
+ default:
+ return KRB5KRB_ERR_GENERIC;
}
}
@@ -93,7 +93,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal,
ret = krb5_cc_default(context, &ccache);
if (ret) {
krb5_free_principal(context, princ);
- krb5_free_context(context);
+ krb5_free_context(context);
DEBUG(1,("Failed to get default creds (%s)\n", error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
@@ -120,7 +120,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal,
aret = ADS_SUCCESS;
-done:
+ done:
smb_krb5_free_data_contents(context, &result_code_string);
smb_krb5_free_data_contents(context, &result_string);
krb5_free_principal(context, princ);
@@ -160,36 +160,35 @@ kerb_prompter(krb5_context ctx, void *data,
static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
const char *principal,
- const char *oldpw,
- const char *newpw,
+ const char *oldpw,
+ const char *newpw,
int time_offset)
{
- ADS_STATUS aret;
- krb5_error_code ret;
- krb5_context context = NULL;
- krb5_principal princ;
- krb5_get_init_creds_opt *opts = NULL;
- krb5_creds creds;
- char *chpw_princ = NULL, *password;
- char *realm = NULL;
- int result_code;
- krb5_data result_code_string = { 0 };
- krb5_data result_string = { 0 };
- smb_krb5_addresses *addr = NULL;
-
- ret = smb_krb5_init_context_common(&context);
- if (ret) {
- DBG_ERR("kerberos init context failed (%s)\n",
- error_message(ret));
- return ADS_ERROR_KRB5(ret);
- }
-
- if ((ret = smb_krb5_parse_name(context, principal,
- &princ))) {
- krb5_free_context(context);
- DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret)));
- return ADS_ERROR_KRB5(ret);
- }
+ ADS_STATUS aret;
+ krb5_error_code ret;
+ krb5_context context = NULL;
+ krb5_principal princ;
+ krb5_get_init_creds_opt *opts = NULL;
+ krb5_creds creds;
+ char *chpw_princ = NULL, *password;
+ char *realm = NULL;
+ int result_code;
+ krb5_data result_code_string = { 0 };
+ krb5_data result_string = { 0 };
+ smb_krb5_addresses *addr = NULL;
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ if ((ret = smb_krb5_parse_name(context, principal, &princ))) {
+ krb5_free_context(context);
+ DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret)));
+ return ADS_ERROR_KRB5(ret);
+ }
ret = krb5_get_init_creds_opt_alloc(context, &opts);
if (ret != 0) {
@@ -199,57 +198,57 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
return ADS_ERROR_KRB5(ret);
}
- krb5_get_init_creds_opt_set_tkt_life(opts, 5*60);
+ krb5_get_init_creds_opt_set_tkt_life(opts, 5 * 60);
krb5_get_init_creds_opt_set_renew_life(opts, 0);
krb5_get_init_creds_opt_set_forwardable(opts, 0);
krb5_get_init_creds_opt_set_proxiable(opts, 0);
- /* note that heimdal will fill in the local addresses if the addresses
- * in the creds_init_opt are all empty and then later fail with invalid
- * address, sending our local netbios krb5 address - just like windows
- * - avoids this - gd */
- ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name());
- if (ret) {
- krb5_free_principal(context, princ);
- krb5_get_init_creds_opt_free(context, opts);
- krb5_free_context(context);
- return ADS_ERROR_KRB5(ret);
- }
+ /* note that heimdal will fill in the local addresses if the addresses
+ * in the creds_init_opt are all empty and then later fail with invalid
+ * address, sending our local netbios krb5 address - just like windows
+ * - avoids this - gd */
+ ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name());
+ if (ret) {
+ krb5_free_principal(context, princ);
+ krb5_get_init_creds_opt_free(context, opts);
+ krb5_free_context(context);
+ return ADS_ERROR_KRB5(ret);
+ }
krb5_get_init_creds_opt_set_address_list(opts, addr->addrs);
- realm = smb_krb5_principal_get_realm(NULL, context, princ);
+ realm = smb_krb5_principal_get_realm(NULL, context, princ);
+
+ /* We have to obtain an INITIAL changepw ticket for changing password */
+ if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
+ krb5_free_principal(context, princ);
+ krb5_get_init_creds_opt_free(context, opts);
+ smb_krb5_free_addresses(context, addr);
+ krb5_free_context(context);
+ TALLOC_FREE(realm);
+ DEBUG(1, ("ads_krb5_chg_password: asprintf fail\n"));
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
- /* We have to obtain an INITIAL changepw ticket for changing password */
- if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
- krb5_free_principal(context, princ);
- krb5_get_init_creds_opt_free(context, opts);
- smb_krb5_free_addresses(context, addr);
- krb5_free_context(context);
TALLOC_FREE(realm);
- DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- TALLOC_FREE(realm);
- password = SMB_STRDUP(oldpw);
- ret = krb5_get_init_creds_password(context, &creds, princ, password,
- kerb_prompter, NULL,
+ password = SMB_STRDUP(oldpw);
+ ret = krb5_get_init_creds_password(context, &creds, princ, password,
+ kerb_prompter, NULL,
0, chpw_princ, opts);
krb5_get_init_creds_opt_free(context, opts);
smb_krb5_free_addresses(context, addr);
- SAFE_FREE(chpw_princ);
- SAFE_FREE(password);
+ SAFE_FREE(chpw_princ);
+ SAFE_FREE(password);
- if (ret) {
- if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
- DEBUG(1,("Password incorrect while getting initial ticket"));
- else
- DEBUG(1,("krb5_get_init_creds_password failed (%s)\n", error_message(ret)));
-
- krb5_free_principal(context, princ);
- krb5_free_context(context);
- return ADS_ERROR_KRB5(ret);
- }
+ if (ret) {
+ if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ DEBUG(1,("Password incorrect while getting initial ticket"));
+ } else {
+ DEBUG(1,("krb5_get_init_creds_password failed (%s)\n", error_message(ret)));
+ }
+ krb5_free_principal(context, princ);
+ krb5_free_context(context);
+ return ADS_ERROR_KRB5(ret);
+ }
ret = krb5_set_password(context,
&creds,
@@ -259,49 +258,51 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
&result_code_string,
&result_string);
- if (ret) {
- DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
- aret = ADS_ERROR_KRB5(ret);
- goto done;
- }
+ if (ret) {
+ DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
+ aret = ADS_ERROR_KRB5(ret);
+ goto done;
+ }
- if (result_code != KRB5_KPASSWD_SUCCESS) {
- ret = kpasswd_err_to_krb5_err(result_code);
- DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
- aret = ADS_ERROR_KRB5(ret);
- goto done;
- }
+ if (result_code != KRB5_KPASSWD_SUCCESS) {
+ ret = kpasswd_err_to_krb5_err(result_code);
+ DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
+ aret = ADS_ERROR_KRB5(ret);
+ goto done;
+ }
- aret = ADS_SUCCESS;
+ aret = ADS_SUCCESS;
-done:
- smb_krb5_free_data_contents(context, &result_code_string);
- smb_krb5_free_data_contents(context, &result_string);
- krb5_free_principal(context, princ);
- krb5_free_context(context);
+ done:
+ smb_krb5_free_data_contents(context, &result_code_string);
+ smb_krb5_free_data_contents(context, &result_string);
+ krb5_free_principal(context, princ);
+ krb5_free_context(context);
- return aret;
+ return aret;
}
-
-ADS_STATUS kerberos_set_password(const char *kpasswd_server,
- const char *auth_principal, const char *auth_password,
- const char *target_principal, const char *new_password,
- int time_offset)
+ADS_STATUS kerberos_set_password(const char *kpasswd_server,
+ const char *auth_principal,
+ const char *auth_password,
+ const char *target_principal,
+ const char *new_password, int time_offset)
{
- int ret;
-
- if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) {
- DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
- return ADS_ERROR_KRB5(ret);
- }
-
- if (!strcmp(auth_principal, target_principal))
- return ads_krb5_chg_password(kpasswd_server, target_principal,
- auth_password, new_password, time_offset);
- else
- return ads_krb5_set_password(kpasswd_server, target_principal,
- new_password, time_offset);
+ int ret;
+
+ if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) {
+ DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ if (!strcmp(auth_principal, target_principal)) {
+ return ads_krb5_chg_password(kpasswd_server, target_principal,
+ auth_password, new_password,
+ time_offset);
+ } else {
+ return ads_krb5_set_password(kpasswd_server, target_principal,
+ new_password, time_offset);
+ }
}
#endif
--
Samba Shared Repository
More information about the samba-cvs
mailing list