s3-libads: adapt to coding standards, no code changes
authorGünther Deschner <gd@samba.org>
Mon, 16 Sep 2019 23:50:33 +0000 (01:50 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 19 Sep 2019 20:48:45 +0000 (20:48 +0000)
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 19 20:48:45 UTC 2019 on sn-devel-184

source3/libads/krb5_setpw.c

index c3c9477c4cf12cf78e417f72cb8aa62146a4dc6b..4ed3623f7c5bebebdf7a9fd4bfc38d566a5ebd59 100644 (file)
 
 static krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code)
 {
-       switch(res_code) {
-               case KRB5_KPASSWD_ACCESSDENIED:
-                       return KRB5KDC_ERR_BADOPTION;
-               case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
-                       return KRB5KDC_ERR_BADOPTION;
-                       /* return KV5M_ALT_METHOD; MIT-only define */
-               case KRB5_KPASSWD_ETYPE_NOSUPP:
-                       return KRB5KDC_ERR_ETYPE_NOSUPP;
-               case KRB5_KPASSWD_BAD_PRINCIPAL:
-                       return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-               case KRB5_KPASSWD_POLICY_REJECT:
-               case KRB5_KPASSWD_SOFTERROR:
-                       return KRB5KDC_ERR_POLICY;
-               default:
-                       return KRB5KRB_ERR_GENERIC;
+       switch (res_code) {
+       case KRB5_KPASSWD_ACCESSDENIED:
+               return KRB5KDC_ERR_BADOPTION;
+       case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
+               return KRB5KDC_ERR_BADOPTION;
+               /* return KV5M_ALT_METHOD; MIT-only define */
+       case KRB5_KPASSWD_ETYPE_NOSUPP:
+               return KRB5KDC_ERR_ETYPE_NOSUPP;
+       case KRB5_KPASSWD_BAD_PRINCIPAL:
+               return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+       case KRB5_KPASSWD_POLICY_REJECT:
+       case KRB5_KPASSWD_SOFTERROR:
+               return KRB5KDC_ERR_POLICY;
+       default:
+               return KRB5KRB_ERR_GENERIC;
        }
 }
 
@@ -93,7 +93,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal,
        ret = krb5_cc_default(context, &ccache);
        if (ret) {
                krb5_free_principal(context, princ);
-               krb5_free_context(context);
+               krb5_free_context(context);
                DEBUG(1,("Failed to get default creds (%s)\n", error_message(ret)));
                return ADS_ERROR_KRB5(ret);
        }
@@ -120,7 +120,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal,
 
        aret = ADS_SUCCESS;
 
-done:
+ done:
        smb_krb5_free_data_contents(context, &result_code_string);
        smb_krb5_free_data_contents(context, &result_string);
        krb5_free_principal(context, princ);
@@ -160,36 +160,35 @@ kerb_prompter(krb5_context ctx, void *data,
 
 static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
                                        const char *principal,
-                                       const char *oldpw, 
-                                       const char *newpw, 
+                                       const char *oldpw,
+                                       const char *newpw,
                                        int time_offset)
 {
-    ADS_STATUS aret;
-    krb5_error_code ret;
-    krb5_context context = NULL;
-    krb5_principal princ;
-    krb5_get_init_creds_opt *opts = NULL;
-    krb5_creds creds;
-    char *chpw_princ = NULL, *password;
-    char *realm = NULL;
-    int result_code;
-    krb5_data result_code_string = { 0 };
-    krb5_data result_string = { 0 };
-    smb_krb5_addresses *addr = NULL;
-
-    ret = smb_krb5_init_context_common(&context);
-    if (ret) {
-       DBG_ERR("kerberos init context failed (%s)\n",
-               error_message(ret));
-       return ADS_ERROR_KRB5(ret);
-    }
-
-    if ((ret = smb_krb5_parse_name(context, principal,
-                                    &princ))) {
-       krb5_free_context(context);
-       DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret)));
-       return ADS_ERROR_KRB5(ret);
-    }
+       ADS_STATUS aret;
+       krb5_error_code ret;
+       krb5_context context = NULL;
+       krb5_principal princ;
+       krb5_get_init_creds_opt *opts = NULL;
+       krb5_creds creds;
+       char *chpw_princ = NULL, *password;
+       char *realm = NULL;
+       int result_code;
+       krb5_data result_code_string = { 0 };
+       krb5_data result_string = { 0 };
+       smb_krb5_addresses *addr = NULL;
+
+       ret = smb_krb5_init_context_common(&context);
+       if (ret) {
+               DBG_ERR("kerberos init context failed (%s)\n",
+                       error_message(ret));
+               return ADS_ERROR_KRB5(ret);
+       }
+
+       if ((ret = smb_krb5_parse_name(context, principal, &princ))) {
+               krb5_free_context(context);
+               DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret)));
+               return ADS_ERROR_KRB5(ret);
+       }
 
        ret = krb5_get_init_creds_opt_alloc(context, &opts);
        if (ret != 0) {
@@ -199,57 +198,57 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
                return ADS_ERROR_KRB5(ret);
        }
 
-       krb5_get_init_creds_opt_set_tkt_life(opts, 5*60);
+       krb5_get_init_creds_opt_set_tkt_life(opts, 5 * 60);
        krb5_get_init_creds_opt_set_renew_life(opts, 0);
        krb5_get_init_creds_opt_set_forwardable(opts, 0);
        krb5_get_init_creds_opt_set_proxiable(opts, 0);
 
-    /* note that heimdal will fill in the local addresses if the addresses
-     * in the creds_init_opt are all empty and then later fail with invalid
-     * address, sending our local netbios krb5 address - just like windows
-     * - avoids this - gd */
-    ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name());
-    if (ret) {
-        krb5_free_principal(context, princ);
-       krb5_get_init_creds_opt_free(context, opts);
-        krb5_free_context(context);
-        return ADS_ERROR_KRB5(ret);
-    }
+       /* note that heimdal will fill in the local addresses if the addresses
+        * in the creds_init_opt are all empty and then later fail with invalid
+        * address, sending our local netbios krb5 address - just like windows
+        * - avoids this - gd */
+       ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name());
+       if (ret) {
+               krb5_free_principal(context, princ);
+               krb5_get_init_creds_opt_free(context, opts);
+               krb5_free_context(context);
+               return ADS_ERROR_KRB5(ret);
+       }
        krb5_get_init_creds_opt_set_address_list(opts, addr->addrs);
 
-    realm = smb_krb5_principal_get_realm(NULL, context, princ);
+       realm = smb_krb5_principal_get_realm(NULL, context, princ);
+
+       /* We have to obtain an INITIAL changepw ticket for changing password */
+       if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
+               krb5_free_principal(context, princ);
+               krb5_get_init_creds_opt_free(context, opts);
+               smb_krb5_free_addresses(context, addr);
+               krb5_free_context(context);
+               TALLOC_FREE(realm);
+               DEBUG(1, ("ads_krb5_chg_password: asprintf fail\n"));
+               return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+       }
 
-    /* We have to obtain an INITIAL changepw ticket for changing password */
-    if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
-       krb5_free_principal(context, princ);
-       krb5_get_init_creds_opt_free(context, opts);
-       smb_krb5_free_addresses(context, addr);
-       krb5_free_context(context);
        TALLOC_FREE(realm);
-       DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
-       return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
-    }
-
-    TALLOC_FREE(realm);
-    password = SMB_STRDUP(oldpw);
-    ret = krb5_get_init_creds_password(context, &creds, princ, password,
-                                          kerb_prompter, NULL, 
+       password = SMB_STRDUP(oldpw);
+       ret = krb5_get_init_creds_password(context, &creds, princ, password,
+                                          kerb_prompter, NULL,
                                           0, chpw_princ, opts);
        krb5_get_init_creds_opt_free(context, opts);
        smb_krb5_free_addresses(context, addr);
-    SAFE_FREE(chpw_princ);
-    SAFE_FREE(password);
+       SAFE_FREE(chpw_princ);
+       SAFE_FREE(password);
 
-    if (ret) {
-      if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-       DEBUG(1,("Password incorrect while getting initial ticket"));
-      else
-       DEBUG(1,("krb5_get_init_creds_password failed (%s)\n", error_message(ret)));
-
-       krb5_free_principal(context, princ);
-       krb5_free_context(context);
-       return ADS_ERROR_KRB5(ret);
-    }
+       if (ret) {
+               if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+                       DEBUG(1,("Password incorrect while getting initial ticket"));
+               } else {
+                       DEBUG(1,("krb5_get_init_creds_password failed (%s)\n", error_message(ret)));
+               }
+               krb5_free_principal(context, princ);
+               krb5_free_context(context);
+               return ADS_ERROR_KRB5(ret);
+       }
 
        ret = krb5_set_password(context,
                                &creds,
@@ -259,49 +258,51 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
                                &result_code_string,
                                &result_string);
 
-    if (ret) {
-       DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
-       aret = ADS_ERROR_KRB5(ret);
-       goto done;
-    }
+       if (ret) {
+               DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
+               aret = ADS_ERROR_KRB5(ret);
+               goto done;
+       }
 
-    if (result_code != KRB5_KPASSWD_SUCCESS) {
-       ret = kpasswd_err_to_krb5_err(result_code);
-       DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
-       aret = ADS_ERROR_KRB5(ret);
-       goto done;
-    }
+       if (result_code != KRB5_KPASSWD_SUCCESS) {
+               ret = kpasswd_err_to_krb5_err(result_code);
+               DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
+               aret = ADS_ERROR_KRB5(ret);
+               goto done;
+       }
 
-    aret = ADS_SUCCESS;
+       aret = ADS_SUCCESS;
 
-done:
-    smb_krb5_free_data_contents(context, &result_code_string);
-    smb_krb5_free_data_contents(context, &result_string);
-    krb5_free_principal(context, princ);
-    krb5_free_context(context);
+ done:
+       smb_krb5_free_data_contents(context, &result_code_string);
+       smb_krb5_free_data_contents(context, &result_string);
+       krb5_free_principal(context, princ);
+       krb5_free_context(context);
 
-    return aret;
+       return aret;
 }
 
-
-ADS_STATUS kerberos_set_password(const char *kpasswd_server, 
-                                const char *auth_principal, const char *auth_password,
-                                const char *target_principal, const char *new_password,
-                                int time_offset)
+ADS_STATUS kerberos_set_password(const char *kpasswd_server,
+                                const char *auth_principal,
+                                const char *auth_password,
+                                const char *target_principal,
+                                const char *new_password, int time_offset)
 {
-    int ret;
-
-    if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) {
-       DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
-       return ADS_ERROR_KRB5(ret);
-    }
-
-    if (!strcmp(auth_principal, target_principal))
-       return ads_krb5_chg_password(kpasswd_server, target_principal,
-                                    auth_password, new_password, time_offset);
-    else
-       return ads_krb5_set_password(kpasswd_server, target_principal,
-                                    new_password, time_offset);
+       int ret;
+
+       if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) {
+               DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
+               return ADS_ERROR_KRB5(ret);
+       }
+
+       if (!strcmp(auth_principal, target_principal)) {
+               return ads_krb5_chg_password(kpasswd_server, target_principal,
+                                            auth_password, new_password,
+                                            time_offset);
+       } else {
+               return ads_krb5_set_password(kpasswd_server, target_principal,
+                                            new_password, time_offset);
+       }
 }
 
 #endif