libcli/smb: defer failing for missing NEGOTIATE_SECURITY_SIGNATURES_ENABLED
[Samba.git] / source3 / libads / kerberos_util.c
blob645b0582621d68dfd3454255c4a2350fe79d0e19
1 /*
2 Unix SMB/CIFS implementation.
3 krb5 set password implementation
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "smb_krb5.h"
23 #include "ads.h"
24 #include "lib/param/loadparm.h"
26 #ifdef HAVE_KRB5
28 /* run kinit to setup our ccache */
29 int ads_kinit_password(ADS_STRUCT *ads)
31 char *s;
32 int ret;
33 const char *account_name;
34 fstring acct_name;
36 if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
37 account_name = ads->auth.user_name;
38 goto got_accountname;
41 if ( IS_DC ) {
42 /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
43 account_name = lp_workgroup();
44 } else {
45 /* always use the sAMAccountName for security = domain */
46 /* lp_netbios_name()$@REA.LM */
47 if ( lp_security() == SEC_DOMAIN ) {
48 fstr_sprintf( acct_name, "%s$", lp_netbios_name() );
49 account_name = acct_name;
51 else
52 /* This looks like host/lp_netbios_name()@REA.LM */
53 account_name = ads->auth.user_name;
56 got_accountname:
57 if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
58 return KRB5_CC_NOMEM;
61 if (!ads->auth.password) {
62 SAFE_FREE(s);
63 return KRB5_LIBOS_CANTREADPWD;
66 ret = kerberos_kinit_password_ext(s, ads->auth.password,
67 ads->auth.time_offset,
68 &ads->auth.tgt_expire, NULL,
69 ads->auth.ccache_name, false, false,
70 ads->auth.renewable, NULL);
72 if (ret) {
73 DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
74 s, error_message(ret)));
76 SAFE_FREE(s);
77 return ret;
80 #endif