mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases
principal_comp_strcmp() cannot yet indicate a failure case, but it will soon be changed to do so. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
9a0c5ee4ae
commit
865e4f0f8c
@ -955,12 +955,27 @@ static int principal_comp_strcmp(krb5_context context,
|
||||
component, string, false);
|
||||
}
|
||||
|
||||
static bool is_kadmin_changepw(krb5_context context,
|
||||
krb5_const_principal principal)
|
||||
static krb5_error_code is_kadmin_changepw(krb5_context context,
|
||||
krb5_const_principal principal,
|
||||
bool *is_changepw)
|
||||
{
|
||||
return krb5_princ_size(context, principal) == 2 &&
|
||||
(principal_comp_strcmp(context, principal, 0, "kadmin") == 0) &&
|
||||
(principal_comp_strcmp(context, principal, 1, "changepw") == 0);
|
||||
int cmp = 0;
|
||||
|
||||
if (krb5_princ_size(context, principal) != 2) {
|
||||
*is_changepw = false;
|
||||
return 0;
|
||||
}
|
||||
|
||||
cmp = principal_comp_strcmp(context, principal, 0, "kadmin");
|
||||
if (cmp != 0) {
|
||||
*is_changepw = false;
|
||||
return 0;
|
||||
}
|
||||
|
||||
cmp = principal_comp_strcmp(context, principal, 1, "changepw");
|
||||
|
||||
*is_changepw = cmp == 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code samba_kdc_get_entry_principal(
|
||||
@ -1333,10 +1348,17 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
||||
* 'change password', as otherwise we could get into
|
||||
* trouble, and not enforce the password expiry.
|
||||
* Instead, only do it when request is for the kpasswd service */
|
||||
if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER &&
|
||||
is_kadmin_changepw(context, principal) &&
|
||||
lpcfg_is_my_domain_or_realm(lp_ctx, realm)) {
|
||||
entry->flags.change_pw = 1;
|
||||
if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER) {
|
||||
bool is_changepw = false;
|
||||
|
||||
ret = is_kadmin_changepw(context, principal, &is_changepw);
|
||||
if (ret) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (is_changepw && lpcfg_is_my_domain_or_realm(lp_ctx, realm)) {
|
||||
entry->flags.change_pw = 1;
|
||||
}
|
||||
}
|
||||
|
||||
TALLOC_FREE(realm);
|
||||
|
Loading…
Reference in New Issue
Block a user