ADS_STATUS kerberos_set_password(const char *kpasswd_server, const char *auth_principal, const char *auth_password, const char *target_principal, const char *new_password, int time_offset) { int ret; if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); return ADS_ERROR_KRB5(ret); } if (!strcmp(auth_principal, target_principal)) return ads_krb5_chg_password(kpasswd_server, target_principal, auth_password, new_password, time_offset); else return ads_krb5_set_password(kpasswd_server, target_principal, new_password, time_offset); }
/** * Set the machine account password * @param ads connection to ads server * @param hostname machine whose password is being set * @param password new password * @return status of password change **/ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, const char *machine_account, const char *password) { ADS_STATUS status; char *principal = NULL; /* we need to use the '$' form of the name here (the machine account name), as otherwise the server might end up setting the password for a user instead */ asprintf(&principal, "%s@%s", machine_account, ads->config.realm); status = ads_krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset); free(principal); return status; }
static int ads_user_add(int argc, const char **argv) { ADS_STRUCT *ads; ADS_STATUS status; char *upn, *userdn; void *res=NULL; int rc = -1; if (argc < 1) return net_ads_user_usage(argc, argv); if (!(ads = ads_startup())) { return -1; } status = ads_find_user_acct(ads, &res, argv[0]); if (!ADS_ERR_OK(status)) { d_printf("ads_user_add: %s\n", ads_errstr(status)); goto done; } if (ads_count_replies(ads, res)) { d_printf("ads_user_add: User %s already exists\n", argv[0]); goto done; } status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment); if (!ADS_ERR_OK(status)) { d_printf("Could not add user %s: %s\n", argv[0], ads_errstr(status)); goto done; } /* if no password is to be set, we're done */ if (argc == 1) { d_printf("User %s added\n", argv[0]); rc = 0; goto done; } /* try setting the password */ asprintf(&upn, "%s@%s", argv[0], ads->config.realm); status = ads_krb5_set_password(ads->auth.kdc_server, upn, argv[1], ads->auth.time_offset); safe_free(upn); if (ADS_ERR_OK(status)) { d_printf("User %s added\n", argv[0]); rc = 0; goto done; } /* password didn't set, delete account */ d_printf("Could not add user %s. Error setting password %s\n", argv[0], ads_errstr(status)); ads_msgfree(ads, res); status=ads_find_user_acct(ads, &res, argv[0]); if (ADS_ERR_OK(status)) { userdn = ads_get_dn(ads, res); ads_del_dn(ads, userdn); ads_memfree(ads, userdn); } done: if (res) ads_msgfree(ads, res); ads_destroy(&ads); return rc; }