const char *account_name;
fstring acct_name;
+ if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
+ account_name = ads->auth.user_name;
+ goto got_accountname;
+ }
+
if ( IS_DC ) {
/* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
account_name = lp_workgroup();
account_name = ads->auth.user_name;
}
+ got_accountname:
if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
return KRB5_CC_NOMEM;
}
char *key = NULL;
char *ret = NULL;
- asprintf(&key, "%s/%s/enctype=%d", SECRETS_SALTING_PRINCIPAL, service, enctype);
- if (!key) {
+ if (asprintf(&key, "%s/%s/enctype=%d",
+ SECRETS_SALTING_PRINCIPAL, service, enctype) == -1) {
return NULL;
}
ret = (char *)secrets_fetch(key, NULL);
{
char *key;
- asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL, lp_realm());
+ if (asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL,
+ lp_realm()) == -1) {
+ return NULL;
+ }
return key;
}
krb5_principal princ = NULL;
char *princ_s = NULL;
char *unparsed_name = NULL;
+ krb5_error_code code;
- krb5_init_context(&context);
- if (!context) {
+ if (((code = krb5_init_context(&context)) != 0) || (context == NULL)) {
+ DEBUG(5, ("kerberos_secrets_store_salting_pricipal: kdb5_init_context failed: %s\n",
+ error_message(code)));
return False;
}
if (strchr_m(service, '@')) {
- asprintf(&princ_s, "%s", service);
+ if (asprintf(&princ_s, "%s", service) == -1) {
+ goto out;
+ }
} else {
- asprintf(&princ_s, "%s@%s", service, lp_realm());
+ if (asprintf(&princ_s, "%s@%s", service, lp_realm()) == -1) {
+ goto out;
+ }
}
if (smb_krb5_parse_name(context, princ_s, &princ) != 0) {
goto out;
}
- asprintf(&key, "%s/%s/enctype=%d", SECRETS_SALTING_PRINCIPAL, unparsed_name, enctype);
- if (!key) {
+ if (asprintf(&key, "%s/%s/enctype=%d",
+ SECRETS_SALTING_PRINCIPAL, unparsed_name, enctype)
+ == -1) {
goto out;
}
SAFE_FREE(princ_s);
SAFE_FREE(unparsed_name);
+ if (princ) {
+ krb5_free_principal(context, princ);
+ }
+
if (context) {
krb5_free_context(context);
}
/************************************************************************
Create a string list of available kdc's, possibly searching by sitename.
Does DNS queries.
+
+ If "sitename" is given, the DC's in that site are listed first.
+
************************************************************************/
static char *get_kdc_ip_string(char *mem_ctx,
return NULL;
}
- /* Get the KDC's only in this site. */
+ /*
+ * First get the KDC's only in this site, the rest will be
+ * appended later
+ */
if (sitename) {
get_kdc_list(realm, sitename, &ip_srv_site, &count_site);
for (i = 0; i < count_site; i++) {
- if (addr_equal(&ip_srv_site[i].ss, pss)) {
+ if (sockaddr_equal((struct sockaddr *)&ip_srv_site[i].ss,
+ (struct sockaddr *)pss)) {
continue;
}
/* Append to the string - inefficient
for (i = 0; i < count_nonsite; i++) {
int j;
- if (addr_equal(&ip_srv_nonsite[i].ss, pss)) {
+ if (sockaddr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, (struct sockaddr *)pss)) {
continue;
}
/* Ensure this isn't an IP already seen (YUK! this is n*n....) */
for (j = 0; j < count_site; j++) {
- if (addr_equal(&ip_srv_nonsite[i].ss,
- &ip_srv_site[j].ss)) {
+ if (sockaddr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss,
+ (struct sockaddr *)&ip_srv_site[j].ss)) {
break;
}
/* As the lists are sorted we can break early if nonsite > site. */
file_contents = talloc_asprintf(fname,
"[libdefaults]\n\tdefault_realm = %s\n"
- "default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
- "default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
- "preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
+ "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "\tdefault_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "\tpreferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
"[realms]\n\t%s = {\n"
"\t%s\t}\n",
realm_upper, realm_upper, kdc_ip_string);
DEBUG(0,("create_local_private_krb5_conf_for_domain: smb_mkstemp failed,"
" for file %s. Errno %s\n",
tmpname, strerror(errno) ));
+ TALLOC_FREE(dname);
+ return false;
}
if (fchmod(fd, 0644)==-1) {