Merge from HEAD:

net ads password

Heimdal compile fixes.

Andrew Bartlett
(This used to be commit 3aa4f923e99f453310bb4a8d43ce43757591909d)

diff --git a/source3/include/ads.h b/source3/include/ads.h
index f90983e4052c61c068dc67d14bdea6fd2a99e9ec..07bf6e4b3b369b4ba603191e67a041f365ca58d1 100644 (file)
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -213,3 +213,10 @@ typedef void **ADS_MODLIST;
 #if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
 #define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
 #endif
+
+/* The older versions of heimdal that don't have this
+   define don't seem to use it anyway.  I'm told they
+   always use a subkey */
+#ifndef AP_OPTS_USE_SUBKEY
+#define AP_OPTS_USE_SUBKEY 0
+#endif

diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index ac7377cd2f6f49c7158e7b34ce9db1031556c444..a5b9eee4ceb4c7f722f086bd03b99c53878e63a7 100644 (file)
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -178,47 +178,39 @@ static krb5_error_code build_kpasswd_request(uint16 pversion,
        return 0;
 }
 
+static const struct kpasswd_errors {
+       int result_code;
+       const char *error_string;
+} kpasswd_errors[] = {
+       {KRB5_KPASSWD_MALFORMED, "Malformed request error"},
+       {KRB5_KPASSWD_HARDERROR, "Server error"},
+       {KRB5_KPASSWD_AUTHERROR, "Authentication error"},
+       {KRB5_KPASSWD_SOFTERROR, "Password change rejected"},
+       {KRB5_KPASSWD_ACCESSDENIED, "Client does not have proper authorization"},
+       {KRB5_KPASSWD_BAD_VERSION, "Protocol version not supported"},
+       {KRB5_KPASSWD_INITIAL_FLAG_NEEDED, "Authorization ticket must have initial flag set"},
+       {KRB5_KPASSWD_POLICY_REJECT, "Password rejected due to policy requirements"},
+       {KRB5_KPASSWD_BAD_PRINCIPAL, "Target principal does not exist"},
+       {KRB5_KPASSWD_ETYPE_NOSUPP, "Unsupported encryption type"},
+       {0, NULL}
+};
+
 static krb5_error_code krb5_setpw_result_code_string(krb5_context context,
                                                     int result_code,
                                                     const char **code_string)
 {
-   switch (result_code) {
-   case KRB5_KPASSWD_MALFORMED:
-      *code_string = "Malformed request error";
-      break;
-   case KRB5_KPASSWD_HARDERROR:
-      *code_string = "Server error";
-      break;
-   case KRB5_KPASSWD_AUTHERROR:
-      *code_string = "Authentication error";
-      break;
-   case KRB5_KPASSWD_SOFTERROR:
-      *code_string = "Password change rejected";
-      break;
-   case KRB5_KPASSWD_ACCESSDENIED:
-      *code_string = "Client does not have proper authorization";
-      break;
-   case KRB5_KPASSWD_BAD_VERSION:
-      *code_string = "Protocol version not supported";
-      break;
-   case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
-      *code_string = "Authorization ticket must have initial flag set";
-      break;
-   case KRB5_KPASSWD_POLICY_REJECT:
-      *code_string = "Password rejected due to policy requirements";
-      break;
-   case KRB5_KPASSWD_BAD_PRINCIPAL:
-      *code_string = "Target principal does not exist";
-      break;
-   case KRB5_KPASSWD_ETYPE_NOSUPP:
-      *code_string = "Unsupported encryption type";
-      break;
-   default:
-      *code_string = "Password change failed";
-      break;
-   }
-
-   return(0);
+        unsigned int idx = 0;
+
+       while (kpasswd_errors[idx].error_string != NULL) {
+               if (kpasswd_errors[idx].result_code == 
+                    result_code) {
+                       *code_string = kpasswd_errors[idx].error_string;
+                       return 0;
+               }
+               idx++;
+       }
+       *code_string = "Password change failed";
+        return (0);
 }
 
 static krb5_error_code parse_setpw_reply(krb5_context context, 

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 8cd3bac8024d8c9d6af2cfe200cd9932e851e786..b4697d73dd7455b91b7dfc4d995388f14f2709ad 100644 (file)
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -899,6 +899,15 @@ static int net_ads_password(int argc, const char **argv)
     in realms other than default */
     if (!(ads = ads_init(realm, NULL, NULL))) return -1;
 
+    /* we don't actually need a full connect, but it's the easy way to
+       fill in the KDC's addresss */
+    ads_connect(ads);
+    
+    if (!ads || !ads->config.realm) {
+           d_printf("Didn't find the kerberos server!\n");
+           return -1;
+    }
+
     asprintf(&prompt, "Enter new password for %s:", argv[0]);
 
     new_password = getpass(prompt);