LCOV - code coverage report
Current view: top level - source3/libads - kerberos_util.c (source / functions) Hit Total Coverage
Test: coverage report for master 2b515b7d Lines: 15 24 62.5 %
Date: 2024-02-28 12:06:22 Functions: 1 1 100.0 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    krb5 set password implementation
       4             :    Copyright (C) Andrew Tridgell 2001
       5             :    Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
       6             : 
       7             :    This program is free software; you can redistribute it and/or modify
       8             :    it under the terms of the GNU General Public License as published by
       9             :    the Free Software Foundation; either version 3 of the License, or
      10             :    (at your option) any later version.
      11             : 
      12             :    This program is distributed in the hope that it will be useful,
      13             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :    GNU General Public License for more details.
      16             : 
      17             :    You should have received a copy of the GNU General Public License
      18             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      19             : */
      20             : 
      21             : #include "includes.h"
      22             : #include "smb_krb5.h"
      23             : #include "ads.h"
      24             : #include "lib/param/loadparm.h"
      25             : 
      26             : #ifdef HAVE_KRB5
      27             : 
      28             : /* run kinit to setup our ccache */
      29         358 : int ads_kinit_password(ADS_STRUCT *ads)
      30             : {
      31           0 :         char *s;
      32           0 :         int ret;
      33           0 :         const char *account_name;
      34           0 :         fstring acct_name;
      35             : 
      36         358 :         if (ads->auth.password == NULL || ads->auth.password[0] == '\0') {
      37           4 :                 return KRB5_LIBOS_CANTREADPWD;
      38             :         }
      39             : 
      40         354 :         if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
      41         148 :                 account_name = ads->auth.user_name;
      42         148 :                 goto got_accountname;
      43             :         }
      44             : 
      45         206 :         if ( IS_DC ) {
      46             :                 /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
      47           0 :                 account_name = lp_workgroup();
      48             :         } else {
      49             :                 /* always use the sAMAccountName for security = domain */
      50             :                 /* lp_netbios_name()$@REA.LM */
      51         206 :                 if ( lp_security() == SEC_DOMAIN ) {
      52           0 :                         fstr_sprintf( acct_name, "%s$", lp_netbios_name() );
      53           0 :                         account_name = acct_name;
      54             :                 }
      55             :                 else
      56             :                         /* This looks like host/lp_netbios_name()@REA.LM */
      57         206 :                         account_name = ads->auth.user_name;
      58             :         }
      59             : 
      60         354 :  got_accountname:
      61         354 :         if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
      62           0 :                 return KRB5_CC_NOMEM;
      63             :         }
      64             : 
      65         354 :         ret = kerberos_kinit_password_ext(s, ads->auth.password,
      66             :                                           ads->auth.time_offset,
      67             :                                           &ads->auth.tgt_expire, NULL,
      68             :                                           ads->auth.ccache_name, false, false,
      69             :                                           ads->auth.renewable,
      70             :                                           NULL, NULL, NULL, NULL);
      71             : 
      72         354 :         if (ret) {
      73           0 :                 DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
      74             :                          s, error_message(ret)));
      75             :         }
      76         354 :         SAFE_FREE(s);
      77         354 :         return ret;
      78             : }
      79             : 
      80             : #endif

Generated by: LCOV version 1.14