diff options
| author | Günther Deschner <gd@samba.org> | 2006-06-09 10:50:28 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:21 -0500 |
| commit | 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d (patch) | |
| tree | 546a3fa0786eaf95d0038c4c9841e2f9eb1e278f | |
| parent | 3a738a855d335e44e167351e6396bf3fe81a03af (diff) | |
| download | samba-8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d.tar.gz samba-8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d.tar.xz samba-8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d.zip | |
r16115: Make "net ads changetrustpw" work again.
(adapt to the new UPN/SPN scheme).
Guenther
| -rw-r--r-- | source/libads/util.c | 10 | ||||
| -rw-r--r-- | source/utils/net_ads.c | 8 |
2 files changed, 7 insertions, 11 deletions
diff --git a/source/libads/util.c b/source/libads/util.c index 4a4d90d7fbc..8e3001ccb04 100644 --- a/source/libads/util.c +++ b/source/libads/util.c @@ -26,7 +26,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip { char *password; char *new_password; - char *service_principal; ADS_STATUS ret; uint32 sec_channel_type; @@ -37,9 +36,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - asprintf(&service_principal, "HOST/%s", host_principal); - - ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset); + ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { goto failed; @@ -53,14 +50,13 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip /* Determine if the KDC is salting keys for this principal in a * non-obvious way. */ - if (!kerberos_derive_salting_principal(service_principal)) { - DEBUG(1,("Failed to determine correct salting principal for %s\n", service_principal)); + if (!kerberos_derive_salting_principal(host_principal)) { + DEBUG(1,("Failed to determine correct salting principal for %s\n", host_principal)); ret = ADS_ERROR_SYSTEM(EACCES); goto failed; } failed: - SAFE_FREE(service_principal); SAFE_FREE(password); return ret; } diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c index e701803d17e..e82eece0f96 100644 --- a/source/utils/net_ads.c +++ b/source/utils/net_ads.c @@ -1529,19 +1529,19 @@ int net_ads_changetrustpw(int argc, const char **argv) fstrcpy(my_name, global_myname()); strlower_m(my_name); - asprintf(&host_principal, "%s@%s", my_name, ads->config.realm); - d_printf("Changing password for principal: HOST/%s\n", host_principal); + asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm); + d_printf("Changing password for principal: %s\n", host_principal); ret = ads_change_trust_account_password(ads, host_principal); if (!ADS_ERR_OK(ret)) { - d_fprintf(stderr, "Password change failed :-( ...\n"); + d_fprintf(stderr, "Password change failed: %s\n", ads_errstr(ret)); ads_destroy(&ads); SAFE_FREE(host_principal); return -1; } - d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); + d_printf("Password change for principal %s succeeded.\n", host_principal); if (lp_use_kerberos_keytab()) { d_printf("Attempting to update system keytab with new password.\n"); |