git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB
[samba.git] / source4 / kdc / kpasswdd.c
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 39817d922ba328ab342bfee394821b3f8f73bba5..3a39348578594461820adba0cb5d2ced1ee1321c 100644 (file)
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -61,12 +61,11 @@ static bool kpasswdd_make_error_reply(struct kdc_server *kdc,
                                     DATA_BLOB *error_blob) 
 {
        char *error_string_utf8;
-       ssize_t len;
+       size_t len;
        
        DEBUG(result_code ? 3 : 10, ("kpasswdd: %s\n", error_string));
 
-       len = push_utf8_talloc(mem_ctx, &error_string_utf8, error_string);
-       if (len == -1) {
+       if (!push_utf8_talloc(mem_ctx, &error_string_utf8, error_string, &len)) {
                return false;
        }
 
@@ -219,7 +218,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
                                    DATA_BLOB *reply)
 {
        struct auth_session_info *session_info;
-       ssize_t pw_len;
+       size_t pw_len;
 
        if (!NT_STATUS_IS_OK(gensec_session_info(gensec_security, 
                                                 &session_info))) {
@@ -233,13 +232,11 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
        case KRB5_KPASSWD_VERS_CHANGEPW:
        {
                DATA_BLOB password;
-               pw_len = convert_string_talloc_convenience(mem_ctx, lp_iconv_convenience(kdc->task->lp_ctx), 
+               if (!convert_string_talloc_convenience(mem_ctx, lp_iconv_convenience(kdc->task->lp_ctx), 
                                               CH_UTF8, CH_UTF16, 
                                               (const char *)input->data, 
                                               input->length,
-                                              (void **)&password.data);
-
-               if (pw_len == -1) {
+                                              (void **)&password.data, &pw_len, false)) {
                        return false;
                }
                password.length = pw_len;
@@ -281,12 +278,11 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
                                                        reply);
                }
                
-               pw_len = convert_string_talloc_convenience(mem_ctx, lp_iconv_convenience(kdc->task->lp_ctx), 
+               if (!convert_string_talloc_convenience(mem_ctx, lp_iconv_convenience(kdc->task->lp_ctx), 
                                               CH_UTF8, CH_UTF16, 
                                               (const char *)chpw.newpasswd.data, 
                                               chpw.newpasswd.length,
-                                              (void **)&password.data);
-               if (pw_len == -1) {
+                                              (void **)&password.data, &pw_len, false)) {
                        free_ChangePasswdDataMS(&chpw);
                        return false;
                }
@@ -451,7 +447,9 @@ bool kpasswdd_process(struct kdc_server *kdc,
        struct cli_credentials *server_credentials;
        struct gensec_security *gensec_security;
        TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-       
+
+       char *keytab_name;
+
        if (!tmp_ctx) {
                return false;
        }
@@ -493,8 +491,12 @@ bool kpasswdd_process(struct kdc_server *kdc,
         * we already have, rather than a new context */        
        cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context);
        cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx);
-       nt_status = cli_credentials_set_stored_principal(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, "kadmin/changepw");
-       if (!NT_STATUS_IS_OK(nt_status)) {
+
+       keytab_name = talloc_asprintf(server_credentials, "HDB:samba4&%p", kdc->hdb_samba4_context);
+
+       cli_credentials_set_username(server_credentials, "kadmin/changepw", CRED_SPECIFIED);
+       ret = cli_credentials_set_keytab_name(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, keytab_name, CRED_SPECIFIED);
+       if (ret != 0) {
                ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx, 
                                                       KRB5_KPASSWD_HARDERROR,
                                                       talloc_asprintf(mem_ctx, 
Samba Shared Repository