krb5_data result_code_string = { 0 };
krb5_data result_string = { 0 };
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ADS_ERROR_KRB5(ret);
}
return ADS_ERROR_KRB5(ret);
}
- ret = krb5_set_password_using_ccache(context, ccache, newpw, princ,
+ ret = krb5_set_password_using_ccache(context,
+ ccache,
+ discard_const_p(char, newpw),
+ princ,
&result_code,
&result_code_string,
&result_string);
aret = ADS_SUCCESS;
done:
- kerberos_free_data_contents(context, &result_code_string);
- kerberos_free_data_contents(context, &result_string);
+ smb_krb5_free_data_contents(context, &result_code_string);
+ smb_krb5_free_data_contents(context, &result_string);
krb5_free_principal(context, princ);
krb5_cc_close(context, ccache);
krb5_free_context(context);
krb5_error_code ret;
krb5_context context = NULL;
krb5_principal princ;
- krb5_get_init_creds_opt opts;
+ krb5_get_init_creds_opt *opts = NULL;
krb5_creds creds;
char *chpw_princ = NULL, *password;
- const char *realm = NULL;
+ char *realm = NULL;
int result_code;
krb5_data result_code_string = { 0 };
krb5_data result_string = { 0 };
smb_krb5_addresses *addr = NULL;
- initialize_krb5_error_table();
- ret = krb5_init_context(&context);
+ ret = smb_krb5_init_context_common(&context);
if (ret) {
- DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
return ADS_ERROR_KRB5(ret);
}
return ADS_ERROR_KRB5(ret);
}
- krb5_get_init_creds_opt_init(&opts);
+ ret = krb5_get_init_creds_opt_alloc(context, &opts);
+ if (ret != 0) {
+ krb5_free_context(context);
+ DBG_WARNING("krb5_get_init_creds_opt_alloc failed: %s\n",
+ error_message(ret));
+ return ADS_ERROR_KRB5(ret);
+ }
- krb5_get_init_creds_opt_set_tkt_life(&opts, 5*60);
- krb5_get_init_creds_opt_set_renew_life(&opts, 0);
- krb5_get_init_creds_opt_set_forwardable(&opts, 0);
- krb5_get_init_creds_opt_set_proxiable(&opts, 0);
+ krb5_get_init_creds_opt_set_tkt_life(opts, 5*60);
+ krb5_get_init_creds_opt_set_renew_life(opts, 0);
+ krb5_get_init_creds_opt_set_forwardable(opts, 0);
+ krb5_get_init_creds_opt_set_proxiable(opts, 0);
/* note that heimdal will fill in the local addresses if the addresses
* in the creds_init_opt are all empty and then later fail with invalid
ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name());
if (ret) {
krb5_free_principal(context, princ);
+ krb5_get_init_creds_opt_free(context, opts);
krb5_free_context(context);
return ADS_ERROR_KRB5(ret);
}
- krb5_get_init_creds_opt_set_address_list(&opts, addr->addrs);
+ krb5_get_init_creds_opt_set_address_list(opts, addr->addrs);
- realm = smb_krb5_principal_get_realm(context, princ);
+ realm = smb_krb5_principal_get_realm(NULL, context, princ);
/* We have to obtain an INITIAL changepw ticket for changing password */
if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
+ krb5_free_principal(context, princ);
+ krb5_get_init_creds_opt_free(context, opts);
+ smb_krb5_free_addresses(context, addr);
krb5_free_context(context);
- free(realm);
+ TALLOC_FREE(realm);
DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
- free(realm);
+ TALLOC_FREE(realm);
password = SMB_STRDUP(oldpw);
ret = krb5_get_init_creds_password(context, &creds, princ, password,
kerb_prompter, NULL,
- 0, chpw_princ, &opts);
+ 0, chpw_princ, opts);
+ krb5_get_init_creds_opt_free(context, opts);
+ smb_krb5_free_addresses(context, addr);
SAFE_FREE(chpw_princ);
SAFE_FREE(password);
return ADS_ERROR_KRB5(ret);
}
- ret = krb5_change_password(context, &creds, newpw, &result_code,
- &result_code_string, &result_string);
+ ret = krb5_set_password(context,
+ &creds,
+ discard_const_p(char, newpw),
+ NULL,
+ &result_code,
+ &result_code_string,
+ &result_string);
+
if (ret) {
DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
aret = ADS_ERROR_KRB5(ret);
aret = ADS_SUCCESS;
done:
- kerberos_free_data_contents(context, &result_code_string);
- kerberos_free_data_contents(context, &result_string);
+ smb_krb5_free_data_contents(context, &result_code_string);
+ smb_krb5_free_data_contents(context, &result_string);
krb5_free_principal(context, princ);
krb5_free_context(context);