s3:libads: do an early return if we don't have a password for ads_kinit_password()
authorStefan Metzmacher <metze@samba.org>
Fri, 7 Oct 2016 16:18:56 +0000 (18:18 +0200)
committerJeremy Allison <jra@samba.org>
Sun, 23 Dec 2018 17:15:19 +0000 (18:15 +0100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/libads/kerberos_util.c

index 645b058..68c0f30 100644 (file)
@@ -33,6 +33,10 @@ int ads_kinit_password(ADS_STRUCT *ads)
        const char *account_name;
        fstring acct_name;
 
+       if (ads->auth.password == NULL || ads->auth.password[0] == '\0') {
+               return KRB5_LIBOS_CANTREADPWD;
+       }
+
        if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
                account_name = ads->auth.user_name;
                goto got_accountname;
@@ -58,11 +62,6 @@ int ads_kinit_password(ADS_STRUCT *ads)
                return KRB5_CC_NOMEM;
        }
 
-       if (!ads->auth.password) {
-               SAFE_FREE(s);
-               return KRB5_LIBOS_CANTREADPWD;
-       }
-
        ret = kerberos_kinit_password_ext(s, ads->auth.password,
                                          ads->auth.time_offset,
                                          &ads->auth.tgt_expire, NULL,