diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c index 17e350d7548..029e42c0c2f 100644 --- a/source/libads/kerberos.c +++ b/source/libads/kerberos.c @@ -58,7 +58,7 @@ kerb_prompter(krb5_context ctx, void *data, place in default cache location. remus@snapserver.com */ -int kerberos_kinit_password(const char *principal, +int kerberos_kinit_password_ext(const char *principal, const char *password, int time_offset, time_t *expire_time, @@ -187,7 +187,7 @@ int ads_kinit_password(ADS_STRUCT *ads) return KRB5_LIBOS_CANTREADPWD; } - ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, + ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire, NULL, NULL, False, ads->auth.renewable); if (ret) { @@ -380,8 +380,8 @@ static krb5_error_code get_service_ticket(krb5_context ctx, if (password == NULL) { goto out; } - if ((err = kerberos_kinit_password(machine_account, password, 0, NULL, NULL, - LIBADS_CCACHE_NAME, False, 0)) != 0) { + if ((err = kerberos_kinit_password(machine_account, password, + 0, LIBADS_CCACHE_NAME)) != 0) { DEBUG(0,("get_service_ticket: kerberos_kinit_password %s failed: %s\n", machine_account, error_message(err))); @@ -811,4 +811,20 @@ BOOL kerberos_derive_cifs_salting_principals(void) } return retval; } + +int kerberos_kinit_password(const char *principal, + const char *password, + int time_offset, + const char *cache_name) +{ + return kerberos_kinit_password_ext(principal, + password, + time_offset, + 0, + 0, + cache_name, + False, + 0); +} + #endif diff --git a/source/libads/krb5_setpw.c b/source/libads/krb5_setpw.c index 42ca36f344e..415c1e92294 100644 --- a/source/libads/krb5_setpw.c +++ b/source/libads/krb5_setpw.c @@ -685,7 +685,7 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server, { int ret; - if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL, NULL, NULL, False, 0))) { + if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); return ADS_ERROR_KRB5(ret); } diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c index 4c6b890db0f..48885f19d84 100644 --- a/source/libsmb/cliconnect.c +++ b/source/libsmb/cliconnect.c @@ -756,7 +756,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, int ret; use_in_memory_ccache(); - ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL, NULL, NULL, False, 0); + ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL); if (ret){ SAFE_FREE(principal); diff --git a/source/nsswitch/winbindd_cred_cache.c b/source/nsswitch/winbindd_cred_cache.c index 6835840a1de..4c539b9b23a 100644 --- a/source/nsswitch/winbindd_cred_cache.c +++ b/source/nsswitch/winbindd_cred_cache.c @@ -106,14 +106,14 @@ static void krb5_ticket_refresh_handler(struct timed_event *te, seteuid(entry->uid); - ret = kerberos_kinit_password(entry->principal_name, - entry->pass, - 0, /* hm, can we do time correction here ? */ - &entry->refresh_time, - &entry->renew_until, - entry->ccname, - False, /* no PAC required anymore */ - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); + ret = kerberos_kinit_password_ext(entry->principal_name, + entry->pass, + 0, /* hm, can we do time correction here ? */ + &entry->refresh_time, + &entry->renew_until, + entry->ccname, + False, /* no PAC required anymore */ + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); seteuid(0); if (ret) { diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c index a010d51cafb..922a24adf0a 100644 --- a/source/nsswitch/winbindd_pam.c +++ b/source/nsswitch/winbindd_pam.c @@ -482,14 +482,14 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid)); } - krb5_ret = kerberos_kinit_password(principal_s, - state->request.data.auth.pass, - time_offset, - &ticket_lifetime, - &renewal_until, - cc, - True, - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); + krb5_ret = kerberos_kinit_password_ext(principal_s, + state->request.data.auth.pass, + time_offset, + &ticket_lifetime, + &renewal_until, + cc, + True, + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); if (krb5_ret) { DEBUG(1,("winbindd_raw_kerberos_login: kinit failed for '%s' with: %s (%d)\n", diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index c809ac1ac79..afdf6f3d67c 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -2710,7 +2710,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli, /* Only get a new TGT if username/password are given. */ if (username && password) { - int ret = kerberos_kinit_password(username, password, 0, NULL, NULL, NULL, False, 0); + int ret = kerberos_kinit_password(username, password, 0, NULL); if (ret) { cli_rpc_pipe_close(result); return NULL; diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c index ac532350446..f7e3263fe0f 100644 --- a/source/utils/ntlm_auth.c +++ b/source/utils/ntlm_auth.c @@ -1191,8 +1191,7 @@ static BOOL manage_client_krb5_init(SPNEGO_DATA spnego) pstr_sprintf(user, "%s@%s", opt_username, opt_domain); - if ((retval = kerberos_kinit_password(user, opt_password, - 0, NULL, NULL, NULL, False, 0))) { + if ((retval = kerberos_kinit_password(user, opt_password, 0, NULL))) { DEBUG(10, ("Requesting TGT failed: %s\n", error_message(retval))); return False; }