summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--source3/libads/krb5_setpw.c2
-rw-r--r--source3/utils/net_ads.c20
2 files changed, 19 insertions, 3 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 214871b3fb5..856809decca 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -677,7 +677,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
we need to use the '$' form of the name here, as otherwise the
server might end up setting the password for a user instead
*/
- asprintf(&principal, "%s$@%s", host, ads->auth.realm);
+ asprintf(&principal, "%s$@%s", host, ads->config.realm);
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index d775135e0ae..1a50f9d2707 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -109,6 +109,9 @@ static int net_ads_info(int argc, const char **argv)
d_printf("LDAP port: %d\n", ads->ldap_port);
d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
+ d_printf("KDC server: %s\n", ads->auth.kdc_server );
+ d_printf("Server time offset: %d\n", ads->auth.time_offset );
+
return 0;
}
@@ -124,6 +127,7 @@ static ADS_STRUCT *ads_startup(void)
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
+ char *cp;
ads = ads_init(NULL, NULL, opt_host);
@@ -145,12 +149,24 @@ retry:
if (opt_password) {
use_in_memory_ccache();
- ads->auth.password = strdup(opt_password);
+ ads->auth.password = smb_xstrdup(opt_password);
}
- ads->auth.user_name = strdup(opt_user_name);
+ ads->auth.user_name = smb_xstrdup(opt_user_name);
+
+ /*
+ * If the username is of the form "name@realm",
+ * extract the realm and convert to upper case.
+ * This is only used to establish the connection.
+ */
+ if (cp = strchr(ads->auth.user_name, '@')) {
+ *cp++ = '\0';
+ ads->auth.realm = smb_xstrdup(cp);
+ strupper(ads->auth.realm);
+ }
status = ads_connect(ads);
+
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
need_password = True;