2024-12-23 17:34:34 +03:00 · 2006-03-20 19:05:44 +00:00 · 2006-03-20 19:05:44 +00:00 · afc519530f
commit afc519530f
parent 1829d22720
7 changed files with 40 additions and 25 deletions
--- a/source/libads/kerberos.c
+++ b/source/libads/kerberos.c
@ -58,7 +58,7 @@ kerb_prompter(krb5_context ctx, void *data,
  place in default cache location.
  remus@snapserver.com
 */
-int kerberos_kinit_password(const char *principal,
+int kerberos_kinit_password_ext(const char *principal,
 				const char *password,
 				int time_offset,
 				time_t *expire_time,
@ -187,7 +187,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
 		return KRB5_LIBOS_CANTREADPWD;
 	}
 	
-	ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset,
+	ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
 			&ads->auth.expire, NULL, NULL, False, ads->auth.renewable);

 	if (ret) {
@ -380,8 +380,8 @@ static krb5_error_code get_service_ticket(krb5_context ctx,
 	if (password == NULL) {
 		goto out;
 	}
-	if ((err = kerberos_kinit_password(machine_account, password, 0, NULL, NULL, 
-					   LIBADS_CCACHE_NAME, False, 0)) != 0) {
+	if ((err = kerberos_kinit_password(machine_account, password, 
+					   0, LIBADS_CCACHE_NAME)) != 0) {
 		DEBUG(0,("get_service_ticket: kerberos_kinit_password %s failed: %s\n", 
 			machine_account,
 			error_message(err)));
@ -811,4 +811,20 @@ BOOL kerberos_derive_cifs_salting_principals(void)
 	}
 	return retval;
 }
+
+int kerberos_kinit_password(const char *principal,
+			    const char *password,
+			    int time_offset,
+			    const char *cache_name)
+{
+	return kerberos_kinit_password_ext(principal, 
+					   password, 
+					   time_offset, 
+					   0, 
+					   0,
+					   cache_name,
+					   False,
+					   0);
+}
+
 #endif
--- a/source/libads/krb5_setpw.c
+++ b/source/libads/krb5_setpw.c
@ -685,7 +685,7 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
 {
    int ret;

-    if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL, NULL, NULL, False, 0))) {
+    if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) {
 	DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
 	return ADS_ERROR_KRB5(ret);
    }
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@ -756,7 +756,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
 			int ret;
 			
 			use_in_memory_ccache();
-			ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL, NULL, NULL, False, 0);
+			ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
 			
 			if (ret){
 				SAFE_FREE(principal);
--- a/source/nsswitch/winbindd_cred_cache.c
+++ b/source/nsswitch/winbindd_cred_cache.c
@ -106,14 +106,14 @@ static void krb5_ticket_refresh_handler(struct timed_event *te,
 	     
 		seteuid(entry->uid);

-		ret = kerberos_kinit_password(entry->principal_name,
-					      entry->pass,
-					      0, /* hm, can we do time correction here ? */
-					      &entry->refresh_time,
-					      &entry->renew_until,
-					      entry->ccname,
-					      False, /* no PAC required anymore */
-					      WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
+		ret = kerberos_kinit_password_ext(entry->principal_name,
+						  entry->pass,
+						  0, /* hm, can we do time correction here ? */
+						  &entry->refresh_time,
+						  &entry->renew_until,
+						  entry->ccname,
+						  False, /* no PAC required anymore */
+						  WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
 		seteuid(0);

 		if (ret) {
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@ -482,14 +482,14 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
 		DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
 	}

-	krb5_ret = kerberos_kinit_password(principal_s, 
-					   state->request.data.auth.pass, 
-					   time_offset, 
-					   &ticket_lifetime,
-					   &renewal_until,
-					   cc, 
-					   True,
-					   WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
+	krb5_ret = kerberos_kinit_password_ext(principal_s, 
+					       state->request.data.auth.pass, 
+					       time_offset, 
+					       &ticket_lifetime,
+					       &renewal_until,
+					       cc, 
+					       True,
+					       WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);

 	if (krb5_ret) {
 		DEBUG(1,("winbindd_raw_kerberos_login: kinit failed for '%s' with: %s (%d)\n", 
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@ -2710,7 +2710,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli,

 	/* Only get a new TGT if username/password are given. */
 	if (username && password) {
-		int ret = kerberos_kinit_password(username, password, 0, NULL, NULL, NULL, False, 0);
+		int ret = kerberos_kinit_password(username, password, 0, NULL);
 		if (ret) {
 			cli_rpc_pipe_close(result);
 			return NULL;
--- a/source/utils/ntlm_auth.c
+++ b/source/utils/ntlm_auth.c
@ -1191,8 +1191,7 @@ static BOOL manage_client_krb5_init(SPNEGO_DATA spnego)

 		pstr_sprintf(user, "%s@%s", opt_username, opt_domain);

-		if ((retval = kerberos_kinit_password(user, opt_password, 
-						      0, NULL, NULL, NULL, False, 0))) {
+		if ((retval = kerberos_kinit_password(user, opt_password, 0, NULL))) {
 			DEBUG(10, ("Requesting TGT failed: %s\n", error_message(retval)));
 			return False;
 		}