The branch, master has been updated via 82512034563 s3-libads: adapt to coding standards, no code changes from 094862b8a67 s3/vfs_shadow_copy2.c: Fix typo in comment.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 82512034563870d4629d0a42813560e6d69b2b5e Author: Günther Deschner <g...@samba.org> Date: Tue Sep 17 01:50:33 2019 +0200 s3-libads: adapt to coding standards, no code changes Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Thu Sep 19 20:48:45 UTC 2019 on sn-devel-184 ----------------------------------------------------------------------- Summary of changes: source3/libads/krb5_setpw.c | 241 ++++++++++++++++++++++---------------------- 1 file changed, 121 insertions(+), 120 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index c3c9477c4cf..4ed3623f7c5 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -38,21 +38,21 @@ static krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code) { - switch(res_code) { - case KRB5_KPASSWD_ACCESSDENIED: - return KRB5KDC_ERR_BADOPTION; - case KRB5_KPASSWD_INITIAL_FLAG_NEEDED: - return KRB5KDC_ERR_BADOPTION; - /* return KV5M_ALT_METHOD; MIT-only define */ - case KRB5_KPASSWD_ETYPE_NOSUPP: - return KRB5KDC_ERR_ETYPE_NOSUPP; - case KRB5_KPASSWD_BAD_PRINCIPAL: - return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; - case KRB5_KPASSWD_POLICY_REJECT: - case KRB5_KPASSWD_SOFTERROR: - return KRB5KDC_ERR_POLICY; - default: - return KRB5KRB_ERR_GENERIC; + switch (res_code) { + case KRB5_KPASSWD_ACCESSDENIED: + return KRB5KDC_ERR_BADOPTION; + case KRB5_KPASSWD_INITIAL_FLAG_NEEDED: + return KRB5KDC_ERR_BADOPTION; + /* return KV5M_ALT_METHOD; MIT-only define */ + case KRB5_KPASSWD_ETYPE_NOSUPP: + return KRB5KDC_ERR_ETYPE_NOSUPP; + case KRB5_KPASSWD_BAD_PRINCIPAL: + return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + case KRB5_KPASSWD_POLICY_REJECT: + case KRB5_KPASSWD_SOFTERROR: + return KRB5KDC_ERR_POLICY; + default: + return KRB5KRB_ERR_GENERIC; } } @@ -93,7 +93,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal, ret = krb5_cc_default(context, &ccache); if (ret) { krb5_free_principal(context, princ); - krb5_free_context(context); + krb5_free_context(context); DEBUG(1,("Failed to get default creds (%s)\n", error_message(ret))); return ADS_ERROR_KRB5(ret); } @@ -120,7 +120,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal, aret = ADS_SUCCESS; -done: + done: smb_krb5_free_data_contents(context, &result_code_string); smb_krb5_free_data_contents(context, &result_string); krb5_free_principal(context, princ); @@ -160,36 +160,35 @@ kerb_prompter(krb5_context ctx, void *data, static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, const char *principal, - const char *oldpw, - const char *newpw, + const char *oldpw, + const char *newpw, int time_offset) { - ADS_STATUS aret; - krb5_error_code ret; - krb5_context context = NULL; - krb5_principal princ; - krb5_get_init_creds_opt *opts = NULL; - krb5_creds creds; - char *chpw_princ = NULL, *password; - char *realm = NULL; - int result_code; - krb5_data result_code_string = { 0 }; - krb5_data result_string = { 0 }; - smb_krb5_addresses *addr = NULL; - - ret = smb_krb5_init_context_common(&context); - if (ret) { - DBG_ERR("kerberos init context failed (%s)\n", - error_message(ret)); - return ADS_ERROR_KRB5(ret); - } - - if ((ret = smb_krb5_parse_name(context, principal, - &princ))) { - krb5_free_context(context); - DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret))); - return ADS_ERROR_KRB5(ret); - } + ADS_STATUS aret; + krb5_error_code ret; + krb5_context context = NULL; + krb5_principal princ; + krb5_get_init_creds_opt *opts = NULL; + krb5_creds creds; + char *chpw_princ = NULL, *password; + char *realm = NULL; + int result_code; + krb5_data result_code_string = { 0 }; + krb5_data result_string = { 0 }; + smb_krb5_addresses *addr = NULL; + + ret = smb_krb5_init_context_common(&context); + if (ret) { + DBG_ERR("kerberos init context failed (%s)\n", + error_message(ret)); + return ADS_ERROR_KRB5(ret); + } + + if ((ret = smb_krb5_parse_name(context, principal, &princ))) { + krb5_free_context(context); + DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret))); + return ADS_ERROR_KRB5(ret); + } ret = krb5_get_init_creds_opt_alloc(context, &opts); if (ret != 0) { @@ -199,57 +198,57 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, return ADS_ERROR_KRB5(ret); } - krb5_get_init_creds_opt_set_tkt_life(opts, 5*60); + krb5_get_init_creds_opt_set_tkt_life(opts, 5 * 60); krb5_get_init_creds_opt_set_renew_life(opts, 0); krb5_get_init_creds_opt_set_forwardable(opts, 0); krb5_get_init_creds_opt_set_proxiable(opts, 0); - /* note that heimdal will fill in the local addresses if the addresses - * in the creds_init_opt are all empty and then later fail with invalid - * address, sending our local netbios krb5 address - just like windows - * - avoids this - gd */ - ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name()); - if (ret) { - krb5_free_principal(context, princ); - krb5_get_init_creds_opt_free(context, opts); - krb5_free_context(context); - return ADS_ERROR_KRB5(ret); - } + /* note that heimdal will fill in the local addresses if the addresses + * in the creds_init_opt are all empty and then later fail with invalid + * address, sending our local netbios krb5 address - just like windows + * - avoids this - gd */ + ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name()); + if (ret) { + krb5_free_principal(context, princ); + krb5_get_init_creds_opt_free(context, opts); + krb5_free_context(context); + return ADS_ERROR_KRB5(ret); + } krb5_get_init_creds_opt_set_address_list(opts, addr->addrs); - realm = smb_krb5_principal_get_realm(NULL, context, princ); + realm = smb_krb5_principal_get_realm(NULL, context, princ); + + /* We have to obtain an INITIAL changepw ticket for changing password */ + if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) { + krb5_free_principal(context, princ); + krb5_get_init_creds_opt_free(context, opts); + smb_krb5_free_addresses(context, addr); + krb5_free_context(context); + TALLOC_FREE(realm); + DEBUG(1, ("ads_krb5_chg_password: asprintf fail\n")); + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } - /* We have to obtain an INITIAL changepw ticket for changing password */ - if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) { - krb5_free_principal(context, princ); - krb5_get_init_creds_opt_free(context, opts); - smb_krb5_free_addresses(context, addr); - krb5_free_context(context); TALLOC_FREE(realm); - DEBUG(1,("ads_krb5_chg_password: asprintf fail\n")); - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - TALLOC_FREE(realm); - password = SMB_STRDUP(oldpw); - ret = krb5_get_init_creds_password(context, &creds, princ, password, - kerb_prompter, NULL, + password = SMB_STRDUP(oldpw); + ret = krb5_get_init_creds_password(context, &creds, princ, password, + kerb_prompter, NULL, 0, chpw_princ, opts); krb5_get_init_creds_opt_free(context, opts); smb_krb5_free_addresses(context, addr); - SAFE_FREE(chpw_princ); - SAFE_FREE(password); + SAFE_FREE(chpw_princ); + SAFE_FREE(password); - if (ret) { - if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) - DEBUG(1,("Password incorrect while getting initial ticket")); - else - DEBUG(1,("krb5_get_init_creds_password failed (%s)\n", error_message(ret))); - - krb5_free_principal(context, princ); - krb5_free_context(context); - return ADS_ERROR_KRB5(ret); - } + if (ret) { + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + DEBUG(1,("Password incorrect while getting initial ticket")); + } else { + DEBUG(1,("krb5_get_init_creds_password failed (%s)\n", error_message(ret))); + } + krb5_free_principal(context, princ); + krb5_free_context(context); + return ADS_ERROR_KRB5(ret); + } ret = krb5_set_password(context, &creds, @@ -259,49 +258,51 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, &result_code_string, &result_string); - if (ret) { - DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret))); - aret = ADS_ERROR_KRB5(ret); - goto done; - } + if (ret) { + DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret))); + aret = ADS_ERROR_KRB5(ret); + goto done; + } - if (result_code != KRB5_KPASSWD_SUCCESS) { - ret = kpasswd_err_to_krb5_err(result_code); - DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret))); - aret = ADS_ERROR_KRB5(ret); - goto done; - } + if (result_code != KRB5_KPASSWD_SUCCESS) { + ret = kpasswd_err_to_krb5_err(result_code); + DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret))); + aret = ADS_ERROR_KRB5(ret); + goto done; + } - aret = ADS_SUCCESS; + aret = ADS_SUCCESS; -done: - smb_krb5_free_data_contents(context, &result_code_string); - smb_krb5_free_data_contents(context, &result_string); - krb5_free_principal(context, princ); - krb5_free_context(context); + done: + smb_krb5_free_data_contents(context, &result_code_string); + smb_krb5_free_data_contents(context, &result_string); + krb5_free_principal(context, princ); + krb5_free_context(context); - return aret; + return aret; } - -ADS_STATUS kerberos_set_password(const char *kpasswd_server, - const char *auth_principal, const char *auth_password, - const char *target_principal, const char *new_password, - int time_offset) +ADS_STATUS kerberos_set_password(const char *kpasswd_server, + const char *auth_principal, + const char *auth_password, + const char *target_principal, + const char *new_password, int time_offset) { - int ret; - - if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { - DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); - return ADS_ERROR_KRB5(ret); - } - - if (!strcmp(auth_principal, target_principal)) - return ads_krb5_chg_password(kpasswd_server, target_principal, - auth_password, new_password, time_offset); - else - return ads_krb5_set_password(kpasswd_server, target_principal, - new_password, time_offset); + int ret; + + if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { + DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); + return ADS_ERROR_KRB5(ret); + } + + if (!strcmp(auth_principal, target_principal)) { + return ads_krb5_chg_password(kpasswd_server, target_principal, + auth_password, new_password, + time_offset); + } else { + return ads_krb5_set_password(kpasswd_server, target_principal, + new_password, time_offset); + } } #endif -- Samba Shared Repository