From 0bad0e3ff2063f009557ab6ad7a442ceaed593ee Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Feb 2011 16:34:02 +1100 Subject: [PATCH] s3-libads Remove MIT-specific krb5_princ_realm macro calls. When compiled against heimdal, we need to use a more elegant API. Andrew Bartlett --- source3/libads/krb5_setpw.c | 74 ++++++++++++--------------------------------- source3/wscript | 11 +++++++ 2 files changed, 30 insertions(+), 55 deletions(-) diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 1c04d896de6..c919a257a48 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -574,15 +574,9 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, ADS_STATUS aret; krb5_error_code ret = 0; krb5_context context = NULL; - krb5_principal principal = NULL; - char *princ_name = NULL; - char *realm = NULL; + const char *realm = NULL; + unsigned int realm_len = 0; krb5_creds creds, *credsp = NULL; -#if KRB5_PRINC_REALM_RETURNS_REALM - krb5_realm orig_realm; -#else - krb5_data orig_realm; -#endif krb5_ccache ccache = NULL; ZERO_STRUCT(creds); @@ -605,57 +599,29 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, return ADS_ERROR_KRB5(ret); } - realm = strchr_m(princ, '@'); - if (!realm) { - krb5_cc_close(context, ccache); - krb5_free_context(context); - DEBUG(1,("Failed to get realm\n")); - return ADS_ERROR_KRB5(-1); - } - realm++; - - if (asprintf(&princ_name, "kadmin/changepw@%s", realm) == -1) { - krb5_cc_close(context, ccache); - krb5_free_context(context); - DEBUG(1,("asprintf failed\n")); - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - ret = smb_krb5_parse_name(context, princ_name, &creds.server); - if (ret) { - krb5_cc_close(context, ccache); - krb5_free_context(context); - DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret))); - return ADS_ERROR_KRB5(ret); - } - - /* parse the principal we got as a function argument */ - ret = smb_krb5_parse_name(context, princ, &principal); + ret = krb5_cc_get_principal(context, ccache, &creds.client); if (ret) { krb5_cc_close(context, ccache); - krb5_free_principal(context, creds.server); krb5_free_context(context); - DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret))); - free(princ_name); + DEBUG(1,("Failed to get principal from ccache (%s)\n", + error_message(ret))); return ADS_ERROR_KRB5(ret); } - free(princ_name); + realm = smb_krb5_principal_get_realm(context, creds.client); + realm_len = strlen(realm); + ret = krb5_build_principal(context, + &creds.server, + realm_len, + realm, "kadmin", "changepw", NULL); - /* The creds.server principal takes ownership of this memory. - Remember to set back to original value before freeing. */ - orig_realm = *krb5_princ_realm(context, creds.server); - krb5_princ_set_realm(context, creds.server, krb5_princ_realm(context, principal)); - - ret = krb5_cc_get_principal(context, ccache, &creds.client); + ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp); if (ret) { krb5_cc_close(context, ccache); - krb5_princ_set_realm(context, creds.server, &orig_realm); + krb5_free_principal(context, creds.client); krb5_free_principal(context, creds.server); - krb5_free_principal(context, principal); - krb5_free_context(context); - DEBUG(1,("Failed to get principal from ccache (%s)\n", - error_message(ret))); + krb5_free_context(context); + DEBUG(1,("krb5_build_prinipal_ext (%s)\n", error_message(ret))); return ADS_ERROR_KRB5(ret); } @@ -663,9 +629,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, if (ret) { krb5_cc_close(context, ccache); krb5_free_principal(context, creds.client); - krb5_princ_set_realm(context, creds.server, &orig_realm); krb5_free_principal(context, creds.server); - krb5_free_principal(context, principal); krb5_free_context(context); DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret))); return ADS_ERROR_KRB5(ret); @@ -679,9 +643,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, krb5_free_creds(context, credsp); krb5_free_principal(context, creds.client); - krb5_princ_set_realm(context, creds.server, &orig_realm); krb5_free_principal(context, creds.server); - krb5_free_principal(context, principal); krb5_cc_close(context, ccache); krb5_free_context(context); @@ -729,6 +691,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, krb5_get_init_creds_opt opts; krb5_creds creds; char *chpw_princ = NULL, *password; + const char *realm = NULL; initialize_krb5_error_table(); ret = krb5_init_context(&context); @@ -750,9 +713,10 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, krb5_get_init_creds_opt_set_forwardable(&opts, 0); krb5_get_init_creds_opt_set_proxiable(&opts, 0); + realm = smb_krb5_principal_get_realm(context, princ); + /* We have to obtain an INITIAL changepw ticket for changing password */ - if (asprintf(&chpw_princ, "kadmin/changepw@%s", - (char *) krb5_princ_realm(context, princ)) == -1) { + if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) { krb5_free_context(context); DEBUG(1,("ads_krb5_chg_password: asprintf fail\n")); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); diff --git a/source3/wscript b/source3/wscript index fc4cb2dfca7..7c01e8fcce2 100644 --- a/source3/wscript +++ b/source3/wscript @@ -720,6 +720,17 @@ return 0; headers='krb5.h', lib='krb5', addmain=False, msg="Checking whether the macro krb5_princ_realm is defined") + conf.CHECK_CODE(''' +int main(void) { + krb5_context context; + krb5_principal principal; + const char *realm; realm = krb5_principal_get_realm(context, principal); + return 0; +}''', + 'HAVE_KRB5_PRINCIPAL_GET_REALM', + headers='krb5.h', lib='krb5', + addmain=False, + msg="Checking whether krb5_principal_get_realm is defined") if conf.CHECK_CODE('''krb5_verify_checksum(0, 0, 0, 0, 0, 0, 0);''', 'KRB5_VERIFY_CHECKSUM_ARGS', headers='krb5.h', lib='krb5', -- 2.11.4.GIT