1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3:net: Refactor net_ads_password(), allocate a talloc context

ADS_STRUCT will be allocated in the talloc context.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Samuel Cabrero 2022-05-26 13:08:01 +02:00 committed by Jeremy Allison
parent bb1a344844
commit 4e2f7cf565

View File

@ -2497,15 +2497,18 @@ static int net_ads_printer(struct net_context *c, int argc, const char **argv)
static int net_ads_password(struct net_context *c, int argc, const char **argv)
{
ADS_STRUCT *ads;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
ADS_STRUCT *ads = NULL;
const char *auth_principal = cli_credentials_get_username(c->creds);
const char *auth_password = cli_credentials_get_password(c->creds);
const char *realm = NULL;
const char *new_password = NULL;
char *chr, *prompt;
const char *user;
char *new_password = NULL;
char *chr = NULL;
char *prompt = NULL;
const char *user = NULL;
char pwd[256] = {0};
ADS_STATUS ret;
ADS_STATUS status;
int ret = 0;
if (c->display_usage) {
d_printf("%s\n%s",
@ -2513,27 +2516,32 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv)
_("net ads password <username>\n"
" Change password for user\n"
" username\tName of user to change password for\n"));
TALLOC_FREE(tmp_ctx);
return 0;
}
if (auth_principal == NULL || auth_password == NULL) {
d_fprintf(stderr, _("You must supply an administrator "
"username/password\n"));
TALLOC_FREE(tmp_ctx);
return -1;
}
if (argc < 1) {
d_fprintf(stderr, _("ERROR: You must say which username to "
"change password for\n"));
TALLOC_FREE(tmp_ctx);
return -1;
}
user = argv[0];
if (!strchr_m(user, '@')) {
if (asprintf(&chr, "%s@%s", argv[0], lp_realm()) == -1) {
return -1;
}
user = chr;
if (strchr_m(argv[0], '@')) {
user = talloc_strdup(tmp_ctx, argv[0]);
} else {
user = talloc_asprintf(tmp_ctx, "%s@%s", argv[0], lp_realm());
}
if (user == NULL) {
d_fprintf(stderr, _("Out of memory\n"));
goto out;
}
use_in_memory_ccache();
@ -2548,7 +2556,7 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv)
in realms other than default */
ads = ads_init(realm, c->opt_workgroup, c->opt_host, ADS_SASL_PLAIN);
if (ads == NULL) {
return -1;
goto out;
}
/* we don't actually need a full connect, but it's the easy way to
@ -2557,39 +2565,53 @@ static int net_ads_password(struct net_context *c, int argc, const char **argv)
if (!ads->config.realm) {
d_fprintf(stderr, _("Didn't find the kerberos server!\n"));
ads_destroy(&ads);
return -1;
goto out;
}
if (argv[1]) {
new_password = (const char *)argv[1];
if (argv[1] != NULL) {
new_password = talloc_strdup(tmp_ctx, argv[1]);
} else {
int rc;
if (asprintf(&prompt, _("Enter new password for %s:"), user) == -1) {
return -1;
prompt = talloc_asprintf(tmp_ctx, _("Enter new password for %s:"), user);
if (prompt == NULL) {
d_fprintf(stderr, _("Out of memory\n"));
goto out;
}
rc = samba_getpass(prompt, pwd, sizeof(pwd), false, true);
if (rc < 0) {
return -1;
goto out;
}
new_password = pwd;
free(prompt);
new_password = talloc_strdup(tmp_ctx, pwd);
memset(pwd, '\0', sizeof(pwd));
}
ret = kerberos_set_password(ads->auth.kdc_server, auth_principal,
auth_password, user, new_password, ads->auth.time_offset);
memset(pwd, '\0', sizeof(pwd));
if (!ADS_ERR_OK(ret)) {
d_fprintf(stderr, _("Password change failed: %s\n"), ads_errstr(ret));
ads_destroy(&ads);
return -1;
if (new_password == NULL) {
d_fprintf(stderr, _("Out of memory\n"));
goto out;
}
status = kerberos_set_password(ads->auth.kdc_server,
auth_principal,
auth_password,
user,
new_password,
ads->auth.time_offset);
memset(new_password, '\0', strlen(new_password));
if (!ADS_ERR_OK(status)) {
d_fprintf(stderr, _("Password change failed: %s\n"),
ads_errstr(status));
goto out;
}
d_printf(_("Password change for %s completed.\n"), user);
ads_destroy(&ads);
return 0;
ret = 0;
out:
ads_destroy(&ads);
TALLOC_FREE(tmp_ctx);
return ret;
}
int net_ads_changetrustpw(struct net_context *c, int argc, const char **argv)