Fix more asprintf warnings and some error path errors.
[jra/samba/.git] / source3 / libads / util.c
index f5b88735387099e3de6b162a77294e325ca04067..2c7ccfebd6cf53cb826123866dcf4900f9839883 100644 (file)
@@ -5,7 +5,7 @@
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
@@ -14,8 +14,7 @@
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
@@ -26,7 +25,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
 {
        char *password;
        char *new_password;
-       char *service_principal;
        ADS_STATUS ret;
        uint32 sec_channel_type;
     
@@ -35,11 +33,9 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
                return ADS_ERROR_SYSTEM(ENOENT);
        }
 
-       new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+       new_password = generate_random_str(talloc_tos(), DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
     
-       asprintf(&service_principal, "HOST/%s", host_principal);
-
-       ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset);
+       ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset);
 
        if (!ADS_ERR_OK(ret)) {
                goto failed;
@@ -51,18 +47,77 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
                goto failed;
        }
 
-       /* Determine if the KDC is salting keys for this principal in a
-        * non-obvious way. */
-       if (!kerberos_derive_salting_principal(service_principal)) {
-               DEBUG(1,("Failed to determine correct salting principal for %s\n", service_principal));
-               ret = ADS_ERROR_SYSTEM(EACCES);
-               goto failed;
-       }
-
 failed:
-       SAFE_FREE(service_principal);
        SAFE_FREE(password);
-       SAFE_FREE(new_password);
        return ret;
 }
+
+ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
+                                      char **returned_principal)
+{
+       char *princ = NULL;
+
+       if (ads->server.realm && ads->server.ldap_server) {
+               char *server, *server_realm;
+
+               server = SMB_STRDUP(ads->server.ldap_server);
+               server_realm = SMB_STRDUP(ads->server.realm);
+
+               if (!server || !server_realm) {
+                       SAFE_FREE(server);
+                       SAFE_FREE(server_realm);
+                       return ADS_ERROR(LDAP_NO_MEMORY);
+               }
+
+               strlower_m(server);
+               strupper_m(server_realm);
+               if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
+                       SAFE_FREE(server);
+                       SAFE_FREE(server_realm);
+                       return ADS_ERROR(LDAP_NO_MEMORY);
+               }
+
+               SAFE_FREE(server);
+               SAFE_FREE(server_realm);
+
+               if (!princ) {
+                       return ADS_ERROR(LDAP_NO_MEMORY);
+               }
+       } else if (ads->config.realm && ads->config.ldap_server_name) {
+               char *server, *server_realm;
+
+               server = SMB_STRDUP(ads->config.ldap_server_name);
+               server_realm = SMB_STRDUP(ads->config.realm);
+
+               if (!server || !server_realm) {
+                       SAFE_FREE(server);
+                       SAFE_FREE(server_realm);
+                       return ADS_ERROR(LDAP_NO_MEMORY);
+               }
+
+               strlower_m(server);
+               strupper_m(server_realm);
+               if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
+                       SAFE_FREE(server);
+                       SAFE_FREE(server_realm);
+                       return ADS_ERROR(LDAP_NO_MEMORY);
+               }
+
+               SAFE_FREE(server);
+               SAFE_FREE(server_realm);
+
+               if (!princ) {
+                       return ADS_ERROR(LDAP_NO_MEMORY);
+               }
+       }
+
+       if (!princ) {
+               return ADS_ERROR(LDAP_PARAM_ERROR);
+       }
+
+       *returned_principal = princ;
+
+       return ADS_SUCCESS;
+}
+
 #endif