krb5_passwd.c revision 1.5
1 1.5 lukem /* $NetBSD: krb5_passwd.c,v 1.5 1997/10/19 12:29:44 lukem Exp $ */ 2 1.2 thorpej 3 1.1 brezak /*- 4 1.1 brezak * Copyright (c) 1990 The Regents of the University of California. 5 1.1 brezak * All rights reserved. 6 1.1 brezak * 7 1.1 brezak * Redistribution and use in source and binary forms, with or without 8 1.1 brezak * modification, are permitted provided that the following conditions 9 1.1 brezak * are met: 10 1.1 brezak * 1. Redistributions of source code must retain the above copyright 11 1.1 brezak * notice, this list of conditions and the following disclaimer. 12 1.1 brezak * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 brezak * notice, this list of conditions and the following disclaimer in the 14 1.1 brezak * documentation and/or other materials provided with the distribution. 15 1.1 brezak * 3. All advertising materials mentioning features or use of this software 16 1.1 brezak * must display the following acknowledgement: 17 1.1 brezak * This product includes software developed by the University of 18 1.1 brezak * California, Berkeley and its contributors. 19 1.1 brezak * 4. Neither the name of the University nor the names of its contributors 20 1.1 brezak * may be used to endorse or promote products derived from this software 21 1.1 brezak * without specific prior written permission. 22 1.1 brezak * 23 1.1 brezak * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 1.1 brezak * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.1 brezak * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.1 brezak * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 1.1 brezak * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.1 brezak * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.1 brezak * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.1 brezak * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.1 brezak * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.1 brezak * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.1 brezak * SUCH DAMAGE. 34 1.1 brezak */ 35 1.1 brezak 36 1.1 brezak #ifndef lint 37 1.2 thorpej #if 0 38 1.2 thorpej static char sccsid[] = "from: @(#)krb_passwd.c 5.4 (Berkeley) 3/1/91"; 39 1.2 thorpej #else 40 1.5 lukem __RCSID("$NetBSD: krb5_passwd.c,v 1.5 1997/10/19 12:29:44 lukem Exp $"); 41 1.2 thorpej #endif 42 1.1 brezak #endif /* not lint */ 43 1.1 brezak 44 1.1 brezak #ifdef KERBEROS5 45 1.1 brezak 46 1.1 brezak #include <sys/types.h> 47 1.1 brezak #include <sys/socket.h> 48 1.1 brezak #include <sys/time.h> 49 1.1 brezak #include <sys/resource.h> 50 1.1 brezak #include <netinet/in.h> 51 1.5 lukem #include <err.h> 52 1.5 lukem #include <errno.h> 53 1.1 brezak #include <netdb.h> 54 1.5 lukem #include <pwd.h> 55 1.1 brezak #include <signal.h> 56 1.1 brezak #include <stdio.h> 57 1.5 lukem #include <stdlib.h> 58 1.1 brezak #include <string.h> 59 1.1 brezak #include <krb5/adm_defs.h> 60 1.1 brezak #include <krb5/krb5.h> 61 1.1 brezak #include <krb5/kdb.h> 62 1.1 brezak #include <krb5/kdb_dbm.h> 63 1.1 brezak #include <krb5/ext-proto.h> 64 1.1 brezak #include <krb5/los-proto.h> 65 1.1 brezak #include <krb5/asn1.h> 66 1.1 brezak #include <krb5/config.h> 67 1.1 brezak #include <krb5/base-defs.h> 68 1.1 brezak #include <krb5/asn.1/encode.h> 69 1.1 brezak 70 1.1 brezak #include <krb5/widen.h> 71 1.1 brezak 72 1.1 brezak #include <krb5/adm_err.h> 73 1.1 brezak #include <krb5/errors.h> 74 1.1 brezak #include <krb5/kdb5_err.h> 75 1.1 brezak #include <krb5/krb5_err.h> 76 1.1 brezak 77 1.1 brezak static krb5_error_code get_first_ticket __P((krb5_ccache, krb5_principal)); 78 1.1 brezak static krb5_error_code print_and_choose_password __P((char *, krb5_data *)); 79 1.1 brezak static krb5_error_code adm5_init_link __P((krb5_data *, int *)); 80 1.1 brezak 81 1.1 brezak struct sockaddr_in local_sin, remote_sin; 82 1.1 brezak 83 1.1 brezak krb5_creds my_creds; 84 1.1 brezak 85 1.1 brezak extern char *krb5_default_pwd_prompt1; 86 1.1 brezak 87 1.1 brezak /* 88 1.1 brezak * Try no preauthentication first; then try the encrypted timestamp 89 1.1 brezak */ 90 1.1 brezak int preauth_search_list[] = { 91 1.1 brezak 0, 92 1.1 brezak KRB5_PADATA_ENC_TIMESTAMP, 93 1.1 brezak -1 94 1.1 brezak }; 95 1.1 brezak 96 1.3 tls int 97 1.1 brezak krb_passwd() 98 1.1 brezak { 99 1.1 brezak static void finish(); 100 1.1 brezak krb5_ccache cache = NULL; 101 1.1 brezak char cache_name[255]; 102 1.1 brezak krb5_flags cc_flags; 103 1.1 brezak krb5_address local_addr, foreign_addr; 104 1.1 brezak struct passwd *pw; 105 1.1 brezak krb5_principal client, server; 106 1.1 brezak char default_name[256]; 107 1.1 brezak char *client_name; /* Single string representation of client id */ 108 1.1 brezak krb5_data requested_realm; 109 1.1 brezak char *local_realm; 110 1.1 brezak char input_string[768]; 111 1.1 brezak krb5_error_code retval; /* return code */ 112 1.1 brezak int local_socket; 113 1.1 brezak int c, count; 114 1.1 brezak krb5_error *err_ret; 115 1.1 brezak krb5_ap_rep_enc_part *rep_ret; 116 1.1 brezak kadmin_requests rd_priv_resp; 117 1.1 brezak krb5_checksum send_cksum; 118 1.1 brezak int cksum_alloc = 0; 119 1.1 brezak krb5_data msg_data, inbuf; 120 1.1 brezak krb5_int32 seqno; 121 1.1 brezak char *new_password; 122 1.1 brezak int new_pwsize; 123 1.1 brezak krb5_data *decodable_pwd_string; 124 1.1 brezak int i, j; 125 1.1 brezak static struct rlimit rl = { 0, 0 }; 126 1.1 brezak 127 1.1 brezak #ifdef KRB_NONETWORK 128 1.1 brezak extern int networked(); 129 1.1 brezak int krb_secure; 130 1.1 brezak struct stat statbuf; 131 1.1 brezak #endif 132 1.1 brezak 133 1.1 brezak #ifdef KRB_NONETWORK /* Allow or Disallow Remote Clients to Modify Passwords */ 134 1.1 brezak /* 135 1.1 brezak * If a Client Modifies a Password using kpasswd on this host 136 1.1 brezak * from a remote host or network terminal, the Password selected 137 1.1 brezak * is transmitted across the network in Cleartext. 138 1.1 brezak * 139 1.1 brezak * The systems administrator can disallow "remote" kpasswd usage by 140 1.1 brezak * creating the file "/etc/krb.secure" 141 1.1 brezak */ 142 1.1 brezak krb_secure = 0; 143 1.1 brezak /* 144 1.1 brezak * First check to see if the file /etc/krb.secure exists. 145 1.1 brezak * If it does then krb_secure to 1. 146 1.1 brezak */ 147 1.1 brezak 148 1.1 brezak if (stat("/etc/krb.secure", &statbuf) == 0) krb_secure = 1; 149 1.1 brezak 150 1.1 brezak /* 151 1.1 brezak * Check to see if this process is tied to a physical terminal. 152 1.1 brezak * Network() verifies the terminal device is not a pseudo tty 153 1.1 brezak */ 154 1.1 brezak if (networked() && krb_secure) { 155 1.5 lukem warnx("Sorry but you cannot %s from a pseudo tty terminal", argv[0]); 156 1.1 brezak retval = 1; 157 1.1 brezak goto finish; 158 1.1 brezak } 159 1.1 brezak #endif 160 1.1 brezak 161 1.1 brezak /* (3 * 255) + 1 (/) + 1 (@) + 1 (NULL) */ 162 1.1 brezak if ((client_name = (char *) calloc (1, (3 * 256))) == NULL) { 163 1.5 lukem warnx("No Memory for Client_name"); 164 1.1 brezak retval = 1; 165 1.1 brezak goto finish; 166 1.1 brezak } 167 1.1 brezak 168 1.1 brezak if ((requested_realm.data = (char *) calloc (1, 256)) == NULL) { 169 1.5 lukem warnx("No Memory for realm_name"); 170 1.1 brezak retval = 1; 171 1.1 brezak free(client_name); 172 1.1 brezak goto finish; 173 1.1 brezak } 174 1.1 brezak 175 1.1 brezak (void)signal(SIGHUP, SIG_IGN); 176 1.1 brezak (void)signal(SIGINT, SIG_IGN); 177 1.1 brezak (void)signal(SIGTSTP, SIG_IGN); 178 1.1 brezak 179 1.1 brezak if (setrlimit(RLIMIT_CORE, &rl) < 0) { 180 1.5 lukem warn("setrlimit"); 181 1.1 brezak return(1); 182 1.1 brezak } 183 1.1 brezak 184 1.1 brezak krb5_init_ets(); 185 1.1 brezak memset((char *) default_name, 0, sizeof(default_name)); 186 1.1 brezak 187 1.1 brezak /* Identify Default Credentials Cache */ 188 1.1 brezak if ((retval = krb5_cc_default(&cache))) { 189 1.5 lukem warnx("Error while getting default ccache."); 190 1.1 brezak goto finish; 191 1.1 brezak } 192 1.1 brezak 193 1.1 brezak /* 194 1.1 brezak * Attempt to Modify Credentials Cache 195 1.1 brezak * retval == 0 ==> ccache Exists - Use It 196 1.1 brezak * retval == ENOENT ==> No Entries, but ccache Exists 197 1.1 brezak * retval != 0 ==> Assume ccache does NOT Exist 198 1.1 brezak */ 199 1.1 brezak cc_flags = 0; 200 1.1 brezak if ((retval = krb5_cc_set_flags(cache, cc_flags))) { 201 1.1 brezak /* Search passwd file for client */ 202 1.1 brezak pw = getpwuid((int) getuid()); 203 1.1 brezak if (pw) { 204 1.4 mrg (void)strncpy(default_name, pw->pw_name, sizeof(default_name) - 1); 205 1.1 brezak } 206 1.1 brezak else { 207 1.5 lukem warnx("Unable to Identify Customer from Password File"); 208 1.1 brezak retval = 1; 209 1.1 brezak goto finish; 210 1.1 brezak } 211 1.1 brezak 212 1.1 brezak /* Use this to get default_realm and format client_name */ 213 1.1 brezak if ((retval = krb5_parse_name(default_name, &client))) { 214 1.5 lukem warnx("Unable to Parse Client Name"); 215 1.1 brezak goto finish; 216 1.1 brezak } 217 1.1 brezak 218 1.1 brezak if ((retval = krb5_unparse_name(client, &client_name))) { 219 1.5 lukem warnx("Unable to Parse Client Name"); 220 1.1 brezak goto finish; 221 1.1 brezak } 222 1.1 brezak 223 1.1 brezak requested_realm.length = client->realm.length; 224 1.1 brezak memcpy((char *) requested_realm.data, 225 1.1 brezak (char *) client->realm.data, 226 1.1 brezak requested_realm.length); 227 1.1 brezak } 228 1.1 brezak else { 229 1.1 brezak /* Read Client from Cache */ 230 1.1 brezak if ((retval = krb5_cc_get_principal(cache, (krb5_principal *) &client))) { 231 1.5 lukem warnx("Unable to Read Customer Credentials File"); 232 1.1 brezak goto finish; 233 1.1 brezak } 234 1.1 brezak 235 1.1 brezak if ((retval = krb5_unparse_name(client, &client_name))) { 236 1.5 lukem warnx("Unable to Parse Client Name"); 237 1.1 brezak goto finish; 238 1.1 brezak } 239 1.1 brezak 240 1.1 brezak requested_realm.length = client->realm.length; 241 1.1 brezak memcpy((char *) requested_realm.data, 242 1.1 brezak (char *) client->realm.data, 243 1.1 brezak requested_realm.length); 244 1.1 brezak 245 1.1 brezak (void) krb5_cc_close(cache); 246 1.1 brezak } 247 1.1 brezak 248 1.1 brezak /* Create credential cache for changepw */ 249 1.4 mrg (void)snprintf(cache_name, sizeof cache_name, "FILE:/tmp/tkt_cpw_%d", 250 1.4 mrg getpid()); 251 1.1 brezak 252 1.1 brezak if ((retval = krb5_cc_resolve(cache_name, &cache))) { 253 1.5 lukem warnx("Unable to Resolve Cache: %s", cache_name); 254 1.1 brezak } 255 1.1 brezak 256 1.1 brezak if ((retval = krb5_cc_initialize(cache, client))) { 257 1.5 lukem warnx("Error initializing cache: %s", cache_name); 258 1.1 brezak goto finish; 259 1.1 brezak } 260 1.1 brezak 261 1.1 brezak /* 262 1.1 brezak * Verify User by Obtaining Initial Credentials prior to Initial Link 263 1.1 brezak */ 264 1.1 brezak if ((retval = get_first_ticket(cache, client))) { 265 1.1 brezak goto finish; 266 1.1 brezak } 267 1.1 brezak 268 1.1 brezak /* Initiate Link to Server */ 269 1.1 brezak if ((retval = adm5_init_link(&requested_realm, &local_socket))) { 270 1.1 brezak goto finish; 271 1.1 brezak } 272 1.1 brezak 273 1.1 brezak #define SIZEOF_INADDR sizeof(struct in_addr) 274 1.1 brezak 275 1.1 brezak /* V4 kpasswd Protocol Hack */ 276 1.1 brezak { 277 1.1 brezak int msg_length = 0; 278 1.1 brezak 279 1.1 brezak retval = krb5_net_write(local_socket, (char *) &msg_length + 2, 2); 280 1.1 brezak if (retval < 0) { 281 1.5 lukem warnx("krb5_net_write failure"); 282 1.1 brezak goto finish; 283 1.1 brezak } 284 1.1 brezak } 285 1.1 brezak 286 1.1 brezak local_addr.addrtype = ADDRTYPE_INET; 287 1.1 brezak local_addr.length = SIZEOF_INADDR ; 288 1.1 brezak local_addr.contents = (krb5_octet *)&local_sin.sin_addr; 289 1.1 brezak 290 1.1 brezak foreign_addr.addrtype = ADDRTYPE_INET; 291 1.1 brezak foreign_addr.length = SIZEOF_INADDR ; 292 1.1 brezak foreign_addr.contents = (krb5_octet *)&remote_sin.sin_addr; 293 1.1 brezak 294 1.1 brezak /* compute checksum, using CRC-32 */ 295 1.1 brezak if (!(send_cksum.contents = (krb5_octet *) 296 1.1 brezak malloc(krb5_checksum_size(CKSUMTYPE_CRC32)))) { 297 1.5 lukem warnx("Insufficient Memory while Allocating Checksum"); 298 1.1 brezak goto finish; 299 1.1 brezak } 300 1.1 brezak cksum_alloc++; 301 1.1 brezak /* choose some random stuff to compute checksum from */ 302 1.1 brezak if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32, 303 1.1 brezak ADM_CPW_VERSION, 304 1.1 brezak strlen(ADM_CPW_VERSION), 305 1.1 brezak 0, 306 1.1 brezak 0, /* if length is 0, crc-32 doesn't 307 1.1 brezak use the seed */ 308 1.1 brezak &send_cksum)) { 309 1.5 lukem warnx("Error while Computing Checksum: %s", error_message(retval)); 310 1.1 brezak goto finish; 311 1.1 brezak } 312 1.1 brezak 313 1.1 brezak /* call Kerberos library routine to obtain an authenticator, 314 1.1 brezak pass it over the socket to the server, and obtain mutual 315 1.1 brezak authentication. */ 316 1.1 brezak 317 1.1 brezak if ((retval = krb5_sendauth((krb5_pointer) &local_socket, 318 1.1 brezak ADM_CPW_VERSION, 319 1.1 brezak my_creds.client, 320 1.1 brezak my_creds.server, 321 1.1 brezak AP_OPTS_MUTUAL_REQUIRED, 322 1.1 brezak &send_cksum, 323 1.1 brezak 0, 324 1.1 brezak cache, 325 1.1 brezak &seqno, 326 1.1 brezak 0, /* don't need a subsession key */ 327 1.1 brezak &err_ret, 328 1.1 brezak &rep_ret))) { 329 1.5 lukem warnx("Error while performing sendauth: %s", error_message(retval)); 330 1.1 brezak goto finish; 331 1.1 brezak } 332 1.1 brezak 333 1.1 brezak /* Get credentials : to use for safe and private messages */ 334 1.1 brezak if (retval = krb5_get_credentials(0, cache, &my_creds)){ 335 1.5 lukem warnx("Error Obtaining Credentials: %s", error_message(retval)); 336 1.1 brezak goto finish; 337 1.1 brezak } 338 1.1 brezak 339 1.1 brezak /* Read back what the server has to say... */ 340 1.1 brezak if (retval = krb5_read_message(&local_socket, &inbuf)){ 341 1.5 lukem warnx("Read Message Error: %s", error_message(retval)); 342 1.1 brezak goto finish; 343 1.1 brezak } 344 1.1 brezak if ((inbuf.length != 2) || (inbuf.data[0] != KADMIND) || 345 1.1 brezak (inbuf.data[1] != KADMSAG)){ 346 1.5 lukem warnx("Invalid ack from admin server."); 347 1.1 brezak goto finish; 348 1.1 brezak } 349 1.1 brezak 350 1.1 brezak inbuf.data[0] = KPASSWD; 351 1.1 brezak inbuf.data[1] = CHGOPER; 352 1.1 brezak inbuf.length = 2; 353 1.1 brezak 354 1.1 brezak if ((retval = krb5_mk_priv(&inbuf, 355 1.1 brezak ETYPE_DES_CBC_CRC, 356 1.1 brezak &my_creds.keyblock, 357 1.1 brezak &local_addr, 358 1.1 brezak &foreign_addr, 359 1.1 brezak seqno, 360 1.1 brezak KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, 361 1.1 brezak 0, 362 1.1 brezak 0, 363 1.1 brezak &msg_data))) { 364 1.5 lukem warnx("Error during First Message Encoding: %s", error_message(retval)); 365 1.1 brezak goto finish; 366 1.1 brezak } 367 1.1 brezak free(inbuf.data); 368 1.1 brezak 369 1.1 brezak /* write private message to server */ 370 1.1 brezak if (krb5_write_message(&local_socket, &msg_data)){ 371 1.5 lukem warnx("Write Error During First Message Transmission"); 372 1.1 brezak retval = 1; 373 1.1 brezak goto finish; 374 1.1 brezak } 375 1.1 brezak free(msg_data.data); 376 1.1 brezak 377 1.1 brezak (void)signal(SIGHUP, finish); 378 1.1 brezak (void)signal(SIGINT, finish); 379 1.1 brezak 380 1.1 brezak #ifdef MACH_PASS /* Machine-generated Passwords */ 381 1.1 brezak /* Ok Now let's get the private message */ 382 1.1 brezak if (retval = krb5_read_message(&local_socket, &inbuf)){ 383 1.5 lukem warnx("Read Error During First Reply: %s", error_message(retval)); 384 1.1 brezak retval = 1; 385 1.1 brezak goto finish; 386 1.1 brezak } 387 1.1 brezak 388 1.1 brezak if ((retval = krb5_rd_priv(&inbuf, 389 1.1 brezak &my_creds.keyblock, 390 1.1 brezak &foreign_addr, 391 1.1 brezak &local_addr, 392 1.1 brezak rep_ret->seq_number, 393 1.1 brezak KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, 394 1.1 brezak 0, 395 1.1 brezak 0, 396 1.1 brezak &msg_data))) { 397 1.5 lukem warnx("Error during First Read Decoding: %s", error_message(retval)); 398 1.1 brezak goto finish; 399 1.1 brezak } 400 1.1 brezak free(inbuf.data); 401 1.1 brezak #endif 402 1.1 brezak 403 1.1 brezak if ((new_password = (char *) calloc (1, ADM_MAX_PW_LENGTH+1)) == NULL) { 404 1.5 lukem warnx("Unable to Allocate Space for New Password"); 405 1.1 brezak goto finish; 406 1.1 brezak } 407 1.1 brezak 408 1.1 brezak #ifdef MACH_PASS /* Machine-generated passwords */ 409 1.1 brezak /* Offer Client Password Choices */ 410 1.1 brezak if ((retval = print_and_choose_password(new_password, 411 1.1 brezak &msg_data))) { 412 1.1 brezak (void) memset((char *) new_password, 0, ADM_MAX_PW_LENGTH+1); 413 1.1 brezak free(new_password); 414 1.1 brezak goto finish; 415 1.1 brezak } 416 1.1 brezak #else 417 1.1 brezak new_pwsize = ADM_MAX_PW_LENGTH+1; 418 1.1 brezak if ((retval = krb5_read_password("New Kerberos password: ", 419 1.1 brezak "Retype new Kerberos password: ", 420 1.1 brezak new_password, 421 1.1 brezak &new_pwsize))) { 422 1.1 brezak fprintf(stderr, "\nError while reading new password for '%s'\n", 423 1.1 brezak client_name); 424 1.1 brezak (void) memset((char *) new_password, 0, ADM_MAX_PW_LENGTH+1); 425 1.1 brezak free(new_password); 426 1.1 brezak goto finish; 427 1.1 brezak } 428 1.1 brezak #endif 429 1.1 brezak 430 1.1 brezak inbuf.data = new_password; 431 1.1 brezak inbuf.length = strlen(new_password); 432 1.1 brezak 433 1.1 brezak if ((retval = krb5_mk_priv(&inbuf, 434 1.1 brezak ETYPE_DES_CBC_CRC, 435 1.1 brezak &my_creds.keyblock, 436 1.1 brezak &local_addr, 437 1.1 brezak &foreign_addr, 438 1.1 brezak seqno, 439 1.1 brezak KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, 440 1.1 brezak 0, 441 1.1 brezak 0, 442 1.1 brezak &msg_data))) { 443 1.5 lukem warnx("Error during Second Message Encoding: %s", 444 1.5 lukem error_message(retval)); 445 1.1 brezak goto finish; 446 1.1 brezak } 447 1.1 brezak memset(inbuf.data,0,inbuf.length); 448 1.1 brezak free(inbuf.data); 449 1.1 brezak 450 1.1 brezak /* write private message to server */ 451 1.1 brezak if (krb5_write_message(&local_socket, &msg_data)){ 452 1.5 lukem warnx("Write Error During Second Message Transmission"); 453 1.1 brezak retval = 1; 454 1.1 brezak goto finish; 455 1.1 brezak } 456 1.1 brezak free(msg_data.data); 457 1.1 brezak 458 1.1 brezak /* Ok Now let's get the private message */ 459 1.1 brezak if (retval = krb5_read_message(&local_socket, &inbuf)){ 460 1.5 lukem warnx("Read Error During Second Reply: %s", error_message(retval)); 461 1.1 brezak retval = 1; 462 1.1 brezak goto finish; 463 1.1 brezak } 464 1.1 brezak 465 1.1 brezak if ((retval = krb5_rd_priv(&inbuf, 466 1.1 brezak &my_creds.keyblock, 467 1.1 brezak &foreign_addr, 468 1.1 brezak &local_addr, 469 1.1 brezak rep_ret->seq_number, 470 1.1 brezak KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME, 471 1.1 brezak 0, 472 1.1 brezak 0, 473 1.1 brezak &msg_data))) { 474 1.5 lukem warnx("Error during Second Read Decoding :%s", error_message(retval)); 475 1.1 brezak goto finish; 476 1.1 brezak } 477 1.1 brezak 478 1.1 brezak rd_priv_resp.appl_code = msg_data.data[0]; 479 1.1 brezak rd_priv_resp.oper_code = msg_data.data[1]; 480 1.1 brezak rd_priv_resp.retn_code = msg_data.data[2]; 481 1.1 brezak if (msg_data.length > 3 && msg_data.data[3]) { 482 1.1 brezak rd_priv_resp.message = malloc(msg_data.length - 2); 483 1.1 brezak if (rd_priv_resp.message) { 484 1.1 brezak memcpy(rd_priv_resp.message, msg_data.data + 3, 485 1.1 brezak msg_data.length - 3); 486 1.1 brezak rd_priv_resp.message[msg_data.length - 3] = 0; 487 1.1 brezak } 488 1.1 brezak } else 489 1.1 brezak rd_priv_resp.message = NULL; 490 1.1 brezak 491 1.1 brezak 492 1.1 brezak free(inbuf.data); 493 1.1 brezak free(msg_data.data); 494 1.1 brezak if (rd_priv_resp.appl_code == KPASSWD) { 495 1.1 brezak if (rd_priv_resp.retn_code == KPASSBAD) { 496 1.1 brezak if (rd_priv_resp.message) 497 1.5 lukem warnx("%s", rd_priv_resp.message); 498 1.1 brezak else 499 1.5 lukem warnx("Server returned KPASSBAD."); 500 1.1 brezak } else if (rd_priv_resp.retn_code != KPASSGOOD) 501 1.5 lukem warnx("Server returned unknown kerberos code."); 502 1.1 brezak } else 503 1.5 lukem warnx("Server returned bad application code %d", 504 1.5 lukem rd_priv_resp.appl_code); 505 1.1 brezak 506 1.1 brezak if (rd_priv_resp.message) 507 1.1 brezak free(rd_priv_resp.message); 508 1.1 brezak 509 1.1 brezak finish: 510 1.1 brezak (void) krb5_cc_destroy(cache); 511 1.1 brezak 512 1.1 brezak free(client_name); 513 1.1 brezak free(requested_realm.data); 514 1.1 brezak if (cksum_alloc) free(send_cksum.contents); 515 1.5 lukem if (retval) 516 1.5 lukem errx(1, "Protocol Failure - Password NOT changed"); 517 1.1 brezak 518 1.1 brezak exit(0); 519 1.1 brezak } 520 1.1 brezak 521 1.1 brezak 522 1.1 brezak 523 1.1 brezak krb5_data cpwname = { 524 1.1 brezak sizeof(CPWNAME)-1, 525 1.1 brezak CPWNAME 526 1.1 brezak }; 527 1.1 brezak 528 1.1 brezak static krb5_error_code 529 1.1 brezak get_first_ticket(cache, client) 530 1.1 brezak krb5_ccache cache; 531 1.1 brezak krb5_principal client; 532 1.1 brezak { 533 1.1 brezak char prompt[255]; /* for the password prompt */ 534 1.1 brezak char verify_prompt[255]; /* Verification Prompt if Desired */ 535 1.1 brezak char pword[ADM_MAX_PW_LENGTH+1]; /* storage for the password */ 536 1.1 brezak int pword_length = sizeof(pword); 537 1.1 brezak char *old_password; 538 1.1 brezak int old_pwsize; 539 1.1 brezak int i; 540 1.1 brezak 541 1.1 brezak krb5_address **my_addresses; 542 1.1 brezak 543 1.1 brezak char *client_name; 544 1.1 brezak char local_realm[255]; 545 1.1 brezak krb5_error_code retval; 546 1.1 brezak 547 1.1 brezak if ((retval = krb5_unparse_name(client, &client_name))) { 548 1.5 lukem warnx("Unable to Unparse Client Name"); 549 1.1 brezak return(1); 550 1.1 brezak } 551 1.1 brezak 552 1.1 brezak (void) printf("Changing Kerberos password for %s\n", client_name); 553 1.1 brezak 554 1.1 brezak if ((retval = krb5_os_localaddr(&my_addresses))) { 555 1.5 lukem warnx("Unable to Get Customers Address"); 556 1.1 brezak return(1); 557 1.1 brezak } 558 1.1 brezak 559 1.1 brezak memset((char *) &my_creds, 0, sizeof(my_creds)); 560 1.1 brezak 561 1.1 brezak my_creds.client = client; 562 1.1 brezak 563 1.1 brezak if ((retval = krb5_build_principal_ext(&my_creds.server, 564 1.1 brezak client->realm.length, 565 1.1 brezak client->realm.data, 566 1.1 brezak cpwname.length, /* 6 */ 567 1.1 brezak cpwname.data, /* "kadmin" */ 568 1.1 brezak client->realm.length, 569 1.1 brezak /* instance is local realm */ 570 1.1 brezak client->realm.data, 571 1.1 brezak 0))) { 572 1.5 lukem warnx("Error %s while building server name"); 573 1.1 brezak return(1); 574 1.1 brezak } 575 1.1 brezak 576 1.1 brezak 577 1.1 brezak if ((old_password = (char *) calloc (1, 255)) == NULL) { 578 1.5 lukem warnx("No Memory for Retrieving old password"); 579 1.1 brezak return(1); 580 1.1 brezak } 581 1.1 brezak 582 1.1 brezak old_pwsize = 255; 583 1.1 brezak if ((retval = krb5_read_password("Old kerberos password: ", 584 1.1 brezak 0, 585 1.1 brezak old_password, 586 1.1 brezak &old_pwsize))) { 587 1.1 brezak fprintf(stderr, "\nError while reading password for '%s'\n", 588 1.1 brezak client_name); 589 1.1 brezak return(1); 590 1.1 brezak } 591 1.1 brezak 592 1.1 brezak /* Build Request for Initial Credentials */ 593 1.1 brezak for (i=0; preauth_search_list[i] >= 0; i++) { 594 1.1 brezak retval = krb5_get_in_tkt_with_password( 595 1.1 brezak 0, /* options */ 596 1.1 brezak my_addresses, 597 1.1 brezak /* do random preauth */ 598 1.1 brezak preauth_search_list[i], 599 1.1 brezak ETYPE_DES_CBC_CRC, /* etype */ 600 1.1 brezak KEYTYPE_DES, 601 1.1 brezak old_password, 602 1.1 brezak cache, 603 1.1 brezak &my_creds, 604 1.1 brezak 0); 605 1.1 brezak if (retval != KRB5KDC_PREAUTH_FAILED && 606 1.1 brezak retval != KRB5KRB_ERR_GENERIC) 607 1.1 brezak break; 608 1.1 brezak } 609 1.1 brezak 610 1.1 brezak if (retval) { 611 1.5 lukem warnx("Unable to Get Initial Credentials : %s", error_message(retval)); 612 1.1 brezak } 613 1.1 brezak 614 1.1 brezak /* Do NOT Forget to zap password */ 615 1.1 brezak memset((char *) old_password, 0, old_pwsize); 616 1.1 brezak free(old_password); 617 1.1 brezak memset((char *) pword, 0, sizeof(pword)); 618 1.1 brezak return(retval); 619 1.1 brezak } 620 1.1 brezak 621 1.1 brezak #ifdef MACH_PASS /* Machine-generated Passwords */ 622 1.1 brezak static krb5_error_code 623 1.1 brezak print_and_choose_password(new_password, decodable_pwd_string) 624 1.1 brezak char * new_password; 625 1.1 brezak krb5_data *decodable_pwd_string; 626 1.1 brezak { 627 1.1 brezak krb5_error_code retval; 628 1.1 brezak krb5_pwd_data *pwd_data; 629 1.1 brezak passwd_phrase_element **next_passwd_phrase_element; 630 1.1 brezak char prompt[255]; 631 1.1 brezak char *verify_prompt = 0; 632 1.1 brezak int i, j, k; 633 1.1 brezak int legit_pswd = 0; /* Assume No Legitimate Password */ 634 1.1 brezak char *password_list[ADM_MAX_PW_CHOICES]; 635 1.1 brezak char verification_passwd[ADM_MAX_PW_LENGTH+1]; 636 1.1 brezak char phrase_in[ADM_MAX_PHRASE_LENGTH]; 637 1.1 brezak int new_passwd_length; 638 1.1 brezak char *ptr; 639 1.1 brezak int verify = 0; /* Do Not Request Password Selection Verification */ 640 1.1 brezak int ok = 0; 641 1.1 brezak 642 1.1 brezak #define free_local_password_list() \ 643 1.1 brezak { for ( k = 0; k < i && k < ADM_MAX_PW_CHOICES; k++) { \ 644 1.1 brezak (void) memset(password_list[k], 0, ADM_MAX_PW_LENGTH); \ 645 1.1 brezak free(password_list[k]); } \ 646 1.1 brezak } 647 1.1 brezak 648 1.1 brezak /* Decode Password and Phrase Information Obtained from krb5_rd_priv */ 649 1.1 brezak if ((retval = decode_krb5_pwd_data(decodable_pwd_string , &pwd_data))) { 650 1.5 lukem warnx("Unable to Decode Passwords and Phrases\n%s", 651 1.5 lukem " Notify your System Administrator or the Kerberos Administrator"); 652 1.1 brezak return(1); 653 1.1 brezak } 654 1.1 brezak 655 1.1 brezak next_passwd_phrase_element = pwd_data->element; 656 1.1 brezak /* Display List in 5 Password/Phrase Increments up to MAX Iterations */ 657 1.1 brezak memset((char *) phrase_in, 0, ADM_MAX_PHRASE_LENGTH); 658 1.1 brezak for ( j = 0; j <= ADM_MAX_PW_ITERATIONS; j++) { 659 1.1 brezak if (j == ADM_MAX_PW_ITERATIONS) { 660 1.5 lukem warnx("Sorry - You Have Exceeded the List of Choices (%d)\n%s%s%s", 661 1.5 lukem ADM_MAX_PW_ITERATIONS * ADM_MAX_PW_CHOICES, 662 1.5 lukem "\tAllowed for Password Modification.\n", 663 1.5 lukem "\tYou Must Repeat this Operation in order\n", 664 1.5 lukem "\tto Successfully Change your Password."); 665 1.1 brezak break; 666 1.1 brezak } 667 1.1 brezak 668 1.1 brezak display_print: 669 1.1 brezak printf("Choose a password from the following list:\n"); 670 1.1 brezak 671 1.1 brezak printf("\nPassword Remembrance Aid\n"); 672 1.1 brezak 673 1.1 brezak /* Print Passwords and Assistance Phrases List */ 674 1.1 brezak for ( i = 0; i < ADM_MAX_PW_CHOICES; i++){ 675 1.1 brezak if ((password_list[i] = (char *) calloc (1, 676 1.1 brezak ADM_MAX_PW_LENGTH + 1)) == NULL) { 677 1.5 lukem warnx("Unable to Allocate Password List."); 678 1.1 brezak return(1); 679 1.1 brezak } 680 1.1 brezak 681 1.1 brezak memcpy(password_list[i], 682 1.1 brezak (*next_passwd_phrase_element)->passwd->data, 683 1.1 brezak (*next_passwd_phrase_element)->passwd->length); 684 1.1 brezak printf("%s ", password_list[i]); 685 1.1 brezak 686 1.1 brezak memcpy((char *) phrase_in, 687 1.1 brezak (*next_passwd_phrase_element)->phrase->data, 688 1.1 brezak (*next_passwd_phrase_element)->phrase->length); 689 1.1 brezak for ( k = 0; 690 1.1 brezak k < 50 && k < (*next_passwd_phrase_element)->phrase->length; 691 1.1 brezak k++) { 692 1.1 brezak printf("%c", phrase_in[k]); 693 1.1 brezak } 694 1.1 brezak for ( k = k; 695 1.1 brezak k < 70 && k < (*next_passwd_phrase_element)->phrase->length; 696 1.1 brezak k++) { 697 1.1 brezak if (phrase_in[k] == ' ') { 698 1.1 brezak printf("\n "); 699 1.1 brezak k++; 700 1.1 brezak break; 701 1.1 brezak } else { 702 1.1 brezak printf("%c", phrase_in[k]); 703 1.1 brezak } 704 1.1 brezak } 705 1.1 brezak for ( k = k; 706 1.1 brezak k < (*next_passwd_phrase_element)->phrase->length; 707 1.1 brezak k++) { 708 1.1 brezak printf("%c", phrase_in[k]); 709 1.1 brezak } 710 1.1 brezak printf("\n"); 711 1.1 brezak memset((char *) phrase_in, 0, ADM_MAX_PHRASE_LENGTH); 712 1.1 brezak next_passwd_phrase_element++; 713 1.1 brezak } 714 1.1 brezak 715 1.4 mrg (void)snprintf(prompt, sizeof prompt, 716 1.1 brezak "\nEnter Password Selection or a <CR> to get new list: "); 717 1.1 brezak 718 1.1 brezak new_passwd_length = ADM_MAX_PW_LENGTH+1; 719 1.1 brezak /* Read New Password from Terminal (Do Not Print on Screen) */ 720 1.1 brezak if ((retval = krb5_read_password(&prompt[0], 0, 721 1.1 brezak new_password, &new_passwd_length))) { 722 1.5 lukem warnx("Error Reading Password Input or Input Aborted"); 723 1.1 brezak free_local_password_list(); 724 1.1 brezak break;; 725 1.1 brezak } 726 1.1 brezak 727 1.1 brezak /* Check for <CR> ==> Provide a New List */ 728 1.1 brezak if (new_passwd_length == 0) continue; 729 1.1 brezak 730 1.1 brezak /* Check that Selection is from List - Server also does this */ 731 1.1 brezak legit_pswd = 0; 732 1.1 brezak for (i = 0; i < ADM_MAX_PW_CHOICES && !legit_pswd; i++) 733 1.1 brezak if ((retval = memcmp(new_password, 734 1.1 brezak password_list[i], 8)) == 0) { 735 1.1 brezak legit_pswd++; 736 1.1 brezak } 737 1.1 brezak free_local_password_list(); 738 1.1 brezak 739 1.1 brezak if (!(legit_pswd)) { 740 1.1 brezak printf("\07\07Password must be from the specified list "); 741 1.1 brezak printf("- Try Again\n"); 742 1.1 brezak } 743 1.1 brezak 744 1.1 brezak if (legit_pswd) break; /* Exit Loop */ 745 1.1 brezak } /* ADM_MAX_PW_CHOICES Loop */ 746 1.1 brezak 747 1.1 brezak if (!(legit_pswd)) return (1); 748 1.1 brezak 749 1.1 brezak return(0); /* SUCCESS */ 750 1.1 brezak } 751 1.1 brezak #endif 752 1.1 brezak 753 1.1 brezak static krb5_error_code 754 1.1 brezak adm5_init_link(realm_of_server, local_socket) 755 1.1 brezak krb5_data *realm_of_server; 756 1.1 brezak int * local_socket; 757 1.1 brezak { 758 1.1 brezak struct servent *service_process; /* service we will talk to */ 759 1.1 brezak struct hostent *local_host; /* us */ 760 1.1 brezak struct hostent *remote_host; /* host we will talk to */ 761 1.1 brezak struct sockaddr *sockaddr_list; 762 1.1 brezak 763 1.1 brezak char **hostlist; 764 1.1 brezak 765 1.1 brezak int host_count; 766 1.1 brezak int namelen; 767 1.1 brezak int i, count; 768 1.1 brezak 769 1.1 brezak krb5_error_code retval; 770 1.1 brezak 771 1.1 brezak /* clear out the structure first */ 772 1.1 brezak (void) memset((char *)&remote_sin, 0, sizeof(remote_sin)); 773 1.1 brezak 774 1.1 brezak if ((service_process = getservbyname(CPW_SNAME, "tcp")) == NULL) { 775 1.5 lukem warnx("Unable to find Service (%s) Check services file", CPW_SNAME); 776 1.1 brezak return(1); 777 1.1 brezak } 778 1.1 brezak 779 1.1 brezak /* Copy the Port Number */ 780 1.1 brezak remote_sin.sin_port = service_process->s_port; 781 1.1 brezak 782 1.1 brezak hostlist = 0; 783 1.1 brezak 784 1.1 brezak /* Identify all Hosts Associated with this Realm */ 785 1.1 brezak if ((retval = krb5_get_krbhst (realm_of_server, &hostlist))) { 786 1.5 lukem warnx("Unable to Determine Server Name"); 787 1.1 brezak return(1); 788 1.1 brezak } 789 1.1 brezak 790 1.1 brezak for (i=0; hostlist[i]; i++); 791 1.1 brezak 792 1.1 brezak count = i; 793 1.1 brezak 794 1.1 brezak if (count == 0) { 795 1.1 brezak host_count = 0; 796 1.5 lukem warnx("No hosts found"); 797 1.1 brezak return(1); 798 1.1 brezak } 799 1.1 brezak 800 1.1 brezak for (i=0; hostlist[i]; i++) { 801 1.1 brezak remote_host = gethostbyname(hostlist[i]); 802 1.1 brezak if (remote_host != 0) { 803 1.1 brezak 804 1.1 brezak /* set up the address of the foreign socket for connect() */ 805 1.1 brezak remote_sin.sin_family = remote_host->h_addrtype; 806 1.1 brezak (void) memcpy((char *) &remote_sin.sin_addr, 807 1.1 brezak (char *) remote_host->h_addr, 808 1.1 brezak sizeof(remote_host->h_addr)); 809 1.1 brezak break; /* Only Need one */ 810 1.1 brezak } 811 1.1 brezak } 812 1.1 brezak 813 1.1 brezak free ((char *)hostlist); 814 1.1 brezak 815 1.1 brezak /* open a TCP socket */ 816 1.1 brezak *local_socket = socket(PF_INET, SOCK_STREAM, 0); 817 1.1 brezak if (*local_socket < 0) { 818 1.5 lukem warnx("Cannot Open Socket"); 819 1.1 brezak return(1); 820 1.1 brezak } 821 1.1 brezak /* connect to the server */ 822 1.1 brezak if (connect(*local_socket, (struct sockaddr *)&remote_sin, sizeof(remote_sin)) < 0) { 823 1.5 lukem warnx("Cannot Connect to Socket"); 824 1.1 brezak close(*local_socket); 825 1.1 brezak return(1); 826 1.1 brezak } 827 1.1 brezak 828 1.1 brezak /* find out who I am, now that we are connected and therefore bound */ 829 1.1 brezak namelen = sizeof(local_sin); 830 1.1 brezak if (getsockname(*local_socket, 831 1.1 brezak (struct sockaddr *) &local_sin, &namelen) < 0) { 832 1.5 lukem warnx("Cannot Perform getsockname"); 833 1.1 brezak close(*local_socket); 834 1.1 brezak return(1); 835 1.1 brezak } 836 1.1 brezak return(0); 837 1.1 brezak } 838 1.1 brezak 839 1.1 brezak static void 840 1.1 brezak finish() 841 1.1 brezak { 842 1.1 brezak exit(1); 843 1.1 brezak } 844 1.1 brezak 845 1.1 brezak #ifdef KRB_NONETWORK 846 1.1 brezak #include <utmp.h> 847 1.1 brezak 848 1.1 brezak #ifndef MAXHOSTNAME 849 1.1 brezak #define MAXHOSTNAME 64 850 1.1 brezak #endif 851 1.1 brezak 852 1.1 brezak int utfile; /* Global utfile file descriptor for BSD version 853 1.1 brezak of setutent, getutline, and endutent */ 854 1.1 brezak 855 1.1 brezak #if !defined(SYSV) && !defined(UMIPS) /* Setutent, Endutent, and getutline 856 1.1 brezak routines for non System V Unix 857 1.1 brezak systems */ 858 1.1 brezak #include <fcntl.h> 859 1.1 brezak 860 1.1 brezak void setutent() 861 1.1 brezak { 862 1.1 brezak utfile = open("/etc/utmp",O_RDONLY); 863 1.1 brezak } 864 1.1 brezak 865 1.1 brezak struct utmp * getutline(utmpent) 866 1.1 brezak struct utmp *utmpent; 867 1.1 brezak { 868 1.1 brezak static struct utmp tmputmpent; 869 1.1 brezak int found = 0; 870 1.1 brezak while ( read(utfile,&tmputmpent,sizeof(struct utmp)) > 0 ){ 871 1.1 brezak if ( strcmp(tmputmpent.ut_line,utmpent->ut_line) == 0){ 872 1.1 brezak #ifdef NO_UT_HOST 873 1.1 brezak if ( ( 1) && 874 1.1 brezak #else 875 1.1 brezak if ( (strcmp(tmputmpent.ut_host,"") == 0) && 876 1.1 brezak #endif 877 1.1 brezak (strcmp(tmputmpent.ut_name,"") == 0)) continue; 878 1.1 brezak found = 1; 879 1.1 brezak break; 880 1.1 brezak } 881 1.1 brezak } 882 1.1 brezak if (found) 883 1.1 brezak return(&tmputmpent); 884 1.1 brezak return((struct utmp *) 0); 885 1.1 brezak } 886 1.1 brezak 887 1.1 brezak void endutent() 888 1.1 brezak { 889 1.1 brezak close(utfile); 890 1.1 brezak } 891 1.1 brezak #endif /* not SYSV */ 892 1.1 brezak 893 1.1 brezak 894 1.1 brezak int network_connected() 895 1.1 brezak { 896 1.1 brezak struct utmp utmpent; 897 1.1 brezak struct utmp retutent, *tmpptr; 898 1.1 brezak char *display_indx; 899 1.1 brezak char currenthost[MAXHOSTNAME]; 900 1.1 brezak char *username,*tmpname; 901 1.1 brezak 902 1.1 brezak 903 1.1 brezak /* Macro for pseudo_tty */ 904 1.1 brezak #define pseudo_tty(ut) \ 905 1.1 brezak ((strncmp((ut).ut_line, "tty", 3) == 0 && ((ut).ut_line[3] == 'p' \ 906 1.1 brezak || (ut).ut_line[3] == 'q' \ 907 1.1 brezak || (ut).ut_line[3] == 'r' \ 908 1.1 brezak || (ut).ut_line[3] == 's'))\ 909 1.1 brezak || (strncmp((ut).ut_line, "pty", 3) == 0)) 910 1.1 brezak 911 1.1 brezak /* Check to see if getlogin returns proper name */ 912 1.4 mrg if ( (tmpname = (char *) getlogin()) == (char *) 0) 913 1.4 mrg return(1); 914 1.4 mrg username = strdup(tmpname); 915 1.4 mrg if (username == (char *) 0) 916 1.4 mrg return(1); 917 1.1 brezak 918 1.1 brezak /* Obtain tty device for controlling tty of current process.*/ 919 1.1 brezak strncpy(utmpent.ut_line,ttyname(0) + strlen("/dev/"), 920 1.1 brezak sizeof(utmpent.ut_line)); 921 1.1 brezak 922 1.1 brezak /* See if this device is currently listed in /etc/utmp under 923 1.1 brezak calling user */ 924 1.1 brezak #ifdef SYSV 925 1.1 brezak utmpent.ut_type = USER_PROCESS; 926 1.1 brezak #define ut_name ut_user 927 1.1 brezak #endif 928 1.1 brezak setutent(); 929 1.1 brezak while ( (tmpptr = (struct utmp *) getutline(&utmpent)) 930 1.1 brezak != ( struct utmp *) 0) { 931 1.1 brezak 932 1.1 brezak /* If logged out name and host will be empty */ 933 1.1 brezak if ((strcmp(tmpptr->ut_name,"") == 0) && 934 1.1 brezak #ifdef NO_UT_HOST 935 1.1 brezak ( 1)) continue; 936 1.1 brezak #else 937 1.1 brezak (strcmp(tmpptr->ut_host,"") == 0)) continue; 938 1.1 brezak #endif 939 1.1 brezak else break; 940 1.1 brezak } 941 1.1 brezak if ( tmpptr == (struct utmp *) 0) { 942 1.1 brezak endutent(); 943 1.1 brezak return(1); 944 1.1 brezak } 945 1.5 lukem memmove((char *)tmpptr, (char *)&retutent, sizeof(struct utmp)); 946 1.1 brezak endutent(); 947 1.1 brezak #ifdef DEBUG 948 1.1 brezak #ifdef NO_UT_HOST 949 1.1 brezak printf("User %s on line %s :\n", 950 1.1 brezak retutent.ut_name,retutent.ut_line); 951 1.1 brezak #else 952 1.1 brezak printf("User %s on line %s connected from host :%s:\n", 953 1.1 brezak retutent.ut_name,retutent.ut_line,retutent.ut_host); 954 1.1 brezak #endif 955 1.1 brezak #endif 956 1.1 brezak if (strcmp(retutent.ut_name,username) != 0) { 957 1.1 brezak return(1); 958 1.1 brezak } 959 1.1 brezak 960 1.1 brezak 961 1.1 brezak /* If this is not a pseudo tty then everything is OK */ 962 1.1 brezak if (! pseudo_tty(retutent)) return(0); 963 1.1 brezak 964 1.1 brezak /* OK now the work begins there is an entry in utmp and 965 1.1 brezak the device is a pseudo tty. */ 966 1.1 brezak 967 1.1 brezak /* Check if : is in hostname if so this is xwindow display */ 968 1.1 brezak 969 1.1 brezak if (gethostname(currenthost,sizeof(currenthost))) return(1); 970 1.1 brezak #ifdef NO_UT_HOST 971 1.1 brezak display_indx = (char *) 0; 972 1.1 brezak #else 973 1.1 brezak display_indx = (char *) strchr(retutent.ut_host,':'); 974 1.1 brezak #endif 975 1.1 brezak if ( display_indx != (char *) 0) { 976 1.1 brezak /* 977 1.1 brezak We have X window application here. The host field should have 978 1.1 brezak the form => local_system_name:0.0 or :0.0 979 1.1 brezak if the window is being displayed on the local system. 980 1.1 brezak */ 981 1.1 brezak #ifdef NO_UT_HOST 982 1.1 brezak return(1); 983 1.1 brezak #else 984 1.1 brezak if (strncmp(currenthost,retutent.ut_host, 985 1.1 brezak (display_indx - retutent.ut_host)) != 0) return(1); 986 1.1 brezak else return(0); 987 1.1 brezak #endif 988 1.1 brezak } 989 1.1 brezak 990 1.1 brezak /* Host field is empty or is not X window entry. At this point 991 1.1 brezak we can't trust that the pseudo tty is not connected to a 992 1.1 brezak networked process so let's return 1. 993 1.1 brezak */ 994 1.1 brezak return(1); 995 1.1 brezak } 996 1.1 brezak 997 1.1 brezak int networked() 998 1.1 brezak { 999 1.1 brezak return(network_connected()); 1000 1.1 brezak } 1001 1.1 brezak #endif 1002 1.3 tls 1003 1.3 tls int 1004 1.3 tls krb_check() 1005 1.3 tls { 1006 1.3 tls return(1): /* XXX! */ 1007 1.3 tls } 1008 1.1 brezak 1009 1.1 brezak #endif /* KERBEROS5 */ 1010
Indexes created Mon Sep 29 21:09:56 GMT 2025