00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #include "includes.h"
00022
00023 #ifdef HAVE_KRB5
00024
00025 ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal)
00026 {
00027 char *password;
00028 char *new_password;
00029 ADS_STATUS ret;
00030 uint32 sec_channel_type;
00031
00032 if ((password = secrets_fetch_machine_password(lp_workgroup(), NULL, &sec_channel_type)) == NULL) {
00033 DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal));
00034 return ADS_ERROR_SYSTEM(ENOENT);
00035 }
00036
00037 new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
00038
00039 ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset);
00040
00041 if (!ADS_ERR_OK(ret)) {
00042 goto failed;
00043 }
00044
00045 if (!secrets_store_machine_password(new_password, lp_workgroup(), sec_channel_type)) {
00046 DEBUG(1,("Failed to save machine password\n"));
00047 ret = ADS_ERROR_SYSTEM(EACCES);
00048 goto failed;
00049 }
00050
00051 failed:
00052 SAFE_FREE(password);
00053 return ret;
00054 }
00055
00056 ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
00057 char **returned_principal)
00058 {
00059 char *princ = NULL;
00060
00061 if (ads->server.realm && ads->server.ldap_server) {
00062 char *server, *server_realm;
00063
00064 server = SMB_STRDUP(ads->server.ldap_server);
00065 server_realm = SMB_STRDUP(ads->server.realm);
00066
00067 if (!server || !server_realm) {
00068 return ADS_ERROR(LDAP_NO_MEMORY);
00069 }
00070
00071 strlower_m(server);
00072 strupper_m(server_realm);
00073 asprintf(&princ, "ldap/%s@%s", server, server_realm);
00074
00075 SAFE_FREE(server);
00076 SAFE_FREE(server_realm);
00077
00078 if (!princ) {
00079 return ADS_ERROR(LDAP_NO_MEMORY);
00080 }
00081 } else if (ads->config.realm && ads->config.ldap_server_name) {
00082 char *server, *server_realm;
00083
00084 server = SMB_STRDUP(ads->config.ldap_server_name);
00085 server_realm = SMB_STRDUP(ads->config.realm);
00086
00087 if (!server || !server_realm) {
00088 return ADS_ERROR(LDAP_NO_MEMORY);
00089 }
00090
00091 strlower_m(server);
00092 strupper_m(server_realm);
00093 asprintf(&princ, "ldap/%s@%s", server, server_realm);
00094
00095 SAFE_FREE(server);
00096 SAFE_FREE(server_realm);
00097
00098 if (!princ) {
00099 return ADS_ERROR(LDAP_NO_MEMORY);
00100 }
00101 }
00102
00103 if (!princ) {
00104 return ADS_ERROR(LDAP_PARAM_ERROR);
00105 }
00106
00107 *returned_principal = princ;
00108
00109 return ADS_SUCCESS;
00110 }
00111
00112 #endif