#ifdef HAVE_KRB5
-#define LIBADS_CCACHE_NAME "MEMORY:libads"
-
/*
we use a prompter to avoid a crash bug in the kerberos libs when
dealing with empty passwords
prompts[1].type == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN) {
/*
* We don't want to change passwords here. We're
- * called from heimal when the KDC returns
+ * called from heimdal when the KDC returns
* KRB5KDC_ERR_KEY_EXPIRED, but at this point we don't
* have the chance to ask the user for a new
* password. If we return 0 (i.e. success), we will be
* spinning in the endless for-loop in
* change_password() in
- * source4/heimdal/lib/krb5/init_creds_pw.c:526ff
+ * third_party/heimdal/lib/krb5/init_creds_pw.c
*/
return KRB5KDC_ERR_KEY_EXPIRED;
}
ZERO_STRUCT(my_creds);
+ if (cache_name == NULL) {
+ DBG_DEBUG("Missing ccache for [%s] and config [%s]\n",
+ given_principal,
+ getenv("KRB5_CONFIG"));
+ TALLOC_FREE(frame);
+ return EINVAL;
+ }
+
code = smb_krb5_init_context_common(&ctx);
if (code != 0) {
DBG_ERR("kerberos init context failed (%s)\n",
DBG_DEBUG("as %s using [%s] as ccache and config [%s]\n",
given_principal,
- cache_name ? cache_name: krb5_cc_default_name(ctx),
+ cache_name,
getenv("KRB5_CONFIG"));
- if ((code = krb5_cc_resolve(ctx, cache_name ? cache_name : krb5_cc_default_name(ctx), &cc))) {
+ if ((code = krb5_cc_resolve(ctx, cache_name, &cc))) {
goto out;
}
return code;
}
- if (!cc_name) {
- if ((code = krb5_cc_default(ctx, &cc))) {
- krb5_free_context(ctx);
- return code;
- }
- } else {
- if ((code = krb5_cc_resolve(ctx, cc_name, &cc))) {
- DEBUG(3, ("ads_kdestroy: krb5_cc_resolve failed: %s\n",
- error_message(code)));
- krb5_free_context(ctx);
- return code;
- }
+ /*
+ * This should not happen, if
+ * we need that behaviour we
+ * should add an ads_kdestroy_default()
+ */
+ SMB_ASSERT(cc_name != NULL);
+
+ code = krb5_cc_resolve(ctx, cc_name, &cc);
+ if (code != 0) {
+ DBG_NOTICE("krb5_cc_resolve(%s) failed: %s\n",
+ cc_name, error_message(code));
+ krb5_free_context(ctx);
+ return code;
}
- if ((code = krb5_cc_destroy (ctx, cc))) {
- DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n",
- error_message(code)));
+ code = krb5_cc_destroy(ctx, cc);
+ if (code != 0) {
+ DBG_ERR("krb5_cc_destroy(%s) failed: %s\n",
+ cc_name, error_message(code));
}
krb5_free_context (ctx);
char *kdc_str = NULL;
char *canon_sockaddr = NULL;
- SMB_ASSERT(pss != NULL);
-
- canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
- if (canon_sockaddr == NULL) {
- goto out;
- }
+ if (pss != NULL) {
+ canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
+ if (canon_sockaddr == NULL) {
+ goto out;
+ }
- kdc_str = talloc_asprintf(frame,
- "\t\tkdc = %s\n",
- canon_sockaddr);
- if (kdc_str == NULL) {
- goto out;
- }
+ kdc_str = talloc_asprintf(frame,
+ "\t\tkdc = %s\n",
+ canon_sockaddr);
+ if (kdc_str == NULL) {
+ goto out;
+ }
- ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
- if (!ok) {
- goto out;
+ ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
+ if (!ok) {
+ goto out;
+ }
}
/*
return false;
}
- if (domain == NULL || pss == NULL) {
+ if (domain == NULL) {
return false;
}
goto done; /* Not a fatal error. */
}
- /* Yes, this is a race conditon... too bad. */
+ /* Yes, this is a race condition... too bad. */
if (rename(SYSTEM_KRB5_CONF_PATH, newpath) == -1) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: rename "
"of %s to %s failed. Errno %s\n",