summaryrefslogtreecommitdiffstats
path: root/source4/libads/krb5_setpw.c
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2004-02-01 11:26:25 +0000
committerStefan Metzmacher <metze@samba.org>2004-02-01 11:26:25 +0000
commit670ccc7d643b8e04743542b4336f6830ac065463 (patch)
tree0b39213b540cc5b6165881bf5c8ef4fd06d5da94 /source4/libads/krb5_setpw.c
parent0d90f4b47b463b2e68dd63ab30a2f022ddece14b (diff)
downloadsamba-670ccc7d643b8e04743542b4336f6830ac065463.tar.gz
samba-670ccc7d643b8e04743542b4336f6830ac065463.tar.xz
samba-670ccc7d643b8e04743542b4336f6830ac065463.zip
merge:
ldap and krb5 configure tests libads/*.c and libcli/raw/clikrb5.c from 3.0 metze (This used to be commit 64b5bfcd73d7626d6f687a641b11e64821144df7)
Diffstat (limited to 'source4/libads/krb5_setpw.c')
-rw-r--r--source4/libads/krb5_setpw.c119
1 files changed, 54 insertions, 65 deletions
diff --git a/source4/libads/krb5_setpw.c b/source4/libads/krb5_setpw.c
index 9d8fb8d24cb..9cf15221a8d 100644
--- a/source4/libads/krb5_setpw.c
+++ b/source4/libads/krb5_setpw.c
@@ -143,7 +143,7 @@ static krb5_error_code build_kpasswd_request(uint16 pversion,
else
return EINVAL;
- encoded_setpw.data = setpw.data;
+ encoded_setpw.data = (char *)setpw.data;
encoded_setpw.length = setpw.length;
ret = krb5_mk_priv(context, auth_context,
@@ -178,47 +178,39 @@ static krb5_error_code build_kpasswd_request(uint16 pversion,
return 0;
}
-static krb5_error_code krb5_setpw_result_code_string(krb5_context context,
- int result_code,
- char **code_string)
+static const struct kpasswd_errors {
+ int result_code;
+ const char *error_string;
+} kpasswd_errors[] = {
+ {KRB5_KPASSWD_MALFORMED, "Malformed request error"},
+ {KRB5_KPASSWD_HARDERROR, "Server error"},
+ {KRB5_KPASSWD_AUTHERROR, "Authentication error"},
+ {KRB5_KPASSWD_SOFTERROR, "Password change rejected"},
+ {KRB5_KPASSWD_ACCESSDENIED, "Client does not have proper authorization"},
+ {KRB5_KPASSWD_BAD_VERSION, "Protocol version not supported"},
+ {KRB5_KPASSWD_INITIAL_FLAG_NEEDED, "Authorization ticket must have initial flag set"},
+ {KRB5_KPASSWD_POLICY_REJECT, "Password rejected due to policy requirements"},
+ {KRB5_KPASSWD_BAD_PRINCIPAL, "Target principal does not exist"},
+ {KRB5_KPASSWD_ETYPE_NOSUPP, "Unsupported encryption type"},
+ {0, NULL}
+};
+
+static krb5_error_code setpw_result_code_string(krb5_context context,
+ int result_code,
+ const char **code_string)
{
- switch (result_code) {
- case KRB5_KPASSWD_MALFORMED:
- *code_string = "Malformed request error";
- break;
- case KRB5_KPASSWD_HARDERROR:
- *code_string = "Server error";
- break;
- case KRB5_KPASSWD_AUTHERROR:
- *code_string = "Authentication error";
- break;
- case KRB5_KPASSWD_SOFTERROR:
- *code_string = "Password change rejected";
- break;
- case KRB5_KPASSWD_ACCESSDENIED:
- *code_string = "Client does not have proper authorization";
- break;
- case KRB5_KPASSWD_BAD_VERSION:
- *code_string = "Protocol version not supported";
- break;
- case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
- *code_string = "Authorization ticket must have initial flag set";
- break;
- case KRB5_KPASSWD_POLICY_REJECT:
- *code_string = "Password rejected due to policy requirements";
- break;
- case KRB5_KPASSWD_BAD_PRINCIPAL:
- *code_string = "Target principal does not exist";
- break;
- case KRB5_KPASSWD_ETYPE_NOSUPP:
- *code_string = "Unsupported encryption type";
- break;
- default:
- *code_string = "Password change failed";
- break;
- }
-
- return(0);
+ unsigned int idx = 0;
+
+ while (kpasswd_errors[idx].error_string != NULL) {
+ if (kpasswd_errors[idx].result_code ==
+ result_code) {
+ *code_string = kpasswd_errors[idx].error_string;
+ return 0;
+ }
+ idx++;
+ }
+ *code_string = "Password change failed";
+ return (0);
}
static krb5_error_code parse_setpw_reply(krb5_context context,
@@ -318,8 +310,8 @@ static krb5_error_code parse_setpw_reply(krb5_context context,
if(res_code == KRB5_KPASSWD_SUCCESS)
return 0;
else {
- char *errstr;
- krb5_setpw_result_code_string(context, res_code, &errstr);
+ const char *errstr;
+ setpw_result_code_string(context, res_code, &errstr);
DEBUG(1, ("Error changing password: %s\n", errstr));
switch(res_code) {
@@ -465,8 +457,8 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
return ADS_SUCCESS;
}
-ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char *newpw,
- int time_offset)
+ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
+ const char *newpw, int time_offset)
{
ADS_STATUS aret;
@@ -546,7 +538,6 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char
krb5_free_creds(context, credsp);
krb5_free_principal(context, creds.client);
- krb5_free_principal(context, creds.server);
krb5_free_principal(context, principal);
krb5_free_context(context);
@@ -579,11 +570,11 @@ kerb_prompter(krb5_context ctx, void *data,
return 0;
}
-ADS_STATUS krb5_chg_password(const char *kdc_host,
- const char *principal,
- const char *oldpw,
- const char *newpw,
- int time_offset)
+static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
+ const char *principal,
+ const char *oldpw,
+ const char *newpw,
+ int time_offset)
{
ADS_STATUS aret;
krb5_error_code ret;
@@ -657,11 +648,11 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
}
if (!strcmp(auth_principal, target_principal))
- return krb5_chg_password(kpasswd_server, target_principal,
- auth_password, new_password, time_offset);
+ return ads_krb5_chg_password(kpasswd_server, target_principal,
+ auth_password, new_password, time_offset);
else
- return krb5_set_password(kpasswd_server, target_principal,
- new_password, time_offset);
+ return ads_krb5_set_password(kpasswd_server, target_principal,
+ new_password, time_offset);
}
@@ -673,24 +664,22 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
* @return status of password change
**/
ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *hostname,
+ const char *machine_account,
const char *password)
{
ADS_STATUS status;
- char *host = strdup(hostname);
- char *principal;
-
- strlower(host);
+ char *principal = NULL;
/*
- we need to use the '$' form of the name here, as otherwise the
- server might end up setting the password for a user instead
+ we need to use the '$' form of the name here (the machine account name),
+ as otherwise the server might end up setting the password for a user
+ instead
*/
- asprintf(&principal, "%s$@%s", host, ads->auth.realm);
+ asprintf(&principal, "%s@%s", machine_account, ads->config.realm);
- status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
+ status = ads_krb5_set_password(ads->auth.kdc_server, principal,
+ password, ads->auth.time_offset);
- free(host);
free(principal);
return status;