krb5_passwd.c revision 1.8
1 1.8 thorpej /* $NetBSD: krb5_passwd.c,v 1.8 2000/06/20 06:00:37 thorpej Exp $ */ 2 1.2 thorpej 3 1.8 thorpej /* 4 1.8 thorpej * Copyright (c) 2000 The NetBSD Foundation, Inc. 5 1.1 brezak * All rights reserved. 6 1.1 brezak * 7 1.8 thorpej * This code is derived from software contributed to 8 1.8 thorpej * The NetBSD Foundation by Johan Danielsson. 9 1.8 thorpej * 10 1.8 thorpej * Redistribution and use in source and binary forms, with or without 11 1.8 thorpej * modification, are permitted provided that the following conditions 12 1.8 thorpej * are met: 13 1.8 thorpej * 14 1.8 thorpej * 1. Redistributions of source code must retain the above copyright 15 1.8 thorpej * notice, this list of conditions and the following disclaimer. 16 1.1 brezak * 17 1.8 thorpej * 2. Redistributions in binary form must reproduce the above copyright 18 1.8 thorpej * notice, this list of conditions and the following disclaimer in the 19 1.8 thorpej * documentation and/or other materials provided with the distribution. 20 1.8 thorpej * 21 1.8 thorpej * 3. Neither the name of The NetBSD Foundation nor the names of its 22 1.8 thorpej * contributors may be used to endorse or promote products derived 23 1.8 thorpej * from this software without specific prior written permission. 24 1.8 thorpej * 25 1.8 thorpej * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26 1.8 thorpej * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 1.8 thorpej * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 1.8 thorpej * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29 1.8 thorpej * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 1.8 thorpej * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 1.8 thorpej * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 1.8 thorpej * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 1.8 thorpej * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 1.8 thorpej * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 1.8 thorpej * POSSIBILITY OF SUCH DAMAGE. 36 1.1 brezak */ 37 1.1 brezak 38 1.8 thorpej /* uses the `Kerberos Change Password Protocol' */ 39 1.8 thorpej 40 1.1 brezak #include <stdio.h> 41 1.5 lukem #include <stdlib.h> 42 1.1 brezak #include <string.h> 43 1.1 brezak 44 1.8 thorpej #include <err.h> 45 1.1 brezak 46 1.8 thorpej #include <openssl/des.h> 47 1.8 thorpej #include <krb5.h> 48 1.1 brezak 49 1.8 thorpej #include "extern.h" 50 1.1 brezak 51 1.8 thorpej static krb5_context context; 52 1.8 thorpej static krb5_principal defprinc; 53 1.8 thorpej static int usage = PW_USE; 54 1.1 brezak 55 1.3 tls int 56 1.8 thorpej krb5_init(const char *progname) 57 1.1 brezak { 58 1.8 thorpej return krb5_init_context(&context); 59 1.8 thorpej } 60 1.1 brezak 61 1.8 thorpej int 62 1.8 thorpej krb5_arg (char ch, const char *optarg) 63 1.1 brezak { 64 1.8 thorpej krb5_error_code ret; 65 1.8 thorpej switch(ch) { 66 1.8 thorpej case '5': 67 1.8 thorpej case 'k': 68 1.8 thorpej usage = PW_USE_FORCE; 69 1.8 thorpej return 1; 70 1.8 thorpej case 'u': 71 1.8 thorpej ret = krb5_parse_name(context, optarg, &defprinc); 72 1.8 thorpej if(ret) { 73 1.8 thorpej krb5_warn(context, ret, "%s", optarg); 74 1.8 thorpej return 0; 75 1.1 brezak } 76 1.8 thorpej return 1; 77 1.1 brezak } 78 1.8 thorpej return 0; 79 1.1 brezak } 80 1.1 brezak 81 1.8 thorpej int 82 1.8 thorpej krb5_arg_end(void) 83 1.1 brezak { 84 1.8 thorpej return usage; 85 1.1 brezak } 86 1.1 brezak 87 1.8 thorpej void 88 1.8 thorpej krb5_end(void) 89 1.1 brezak { 90 1.8 thorpej if(defprinc) 91 1.8 thorpej krb5_free_principal(context, defprinc); 92 1.8 thorpej krb5_free_context(context); 93 1.1 brezak } 94 1.1 brezak 95 1.1 brezak 96 1.8 thorpej int 97 1.8 thorpej krb5_chpw(const char *username) 98 1.1 brezak { 99 1.8 thorpej krb5_error_code ret; 100 1.8 thorpej krb5_context context; 101 1.8 thorpej krb5_principal principal; 102 1.8 thorpej krb5_get_init_creds_opt opt; 103 1.8 thorpej krb5_creds cred; 104 1.8 thorpej int result_code; 105 1.8 thorpej krb5_data result_code_string, result_string; 106 1.8 thorpej char pwbuf[BUFSIZ]; 107 1.8 thorpej 108 1.8 thorpej ret = krb5_init_context (&context); 109 1.8 thorpej if (ret) { 110 1.8 thorpej warnx("failed kerberos initialisation: %s", 111 1.8 thorpej krb5_get_err_text(context, ret)); 112 1.8 thorpej return 1; 113 1.8 thorpej } 114 1.8 thorpej 115 1.8 thorpej krb5_get_init_creds_opt_init (&opt); 116 1.8 thorpej 117 1.8 thorpej krb5_get_init_creds_opt_set_tkt_life (&opt, 300); 118 1.8 thorpej krb5_get_init_creds_opt_set_forwardable (&opt, FALSE); 119 1.8 thorpej krb5_get_init_creds_opt_set_proxiable (&opt, FALSE); 120 1.8 thorpej 121 1.8 thorpej if(username != NULL) { 122 1.8 thorpej ret = krb5_parse_name (context, username, &principal); 123 1.8 thorpej if (ret) { 124 1.8 thorpej warnx("failed to parse principal: %s", 125 1.8 thorpej krb5_get_err_text(context, ret)); 126 1.8 thorpej return 1; 127 1.1 brezak } 128 1.8 thorpej } else 129 1.8 thorpej principal = defprinc; 130 1.1 brezak 131 1.8 thorpej ret = krb5_get_init_creds_password (context, 132 1.8 thorpej &cred, 133 1.8 thorpej principal, 134 1.8 thorpej NULL, 135 1.8 thorpej krb5_prompter_posix, 136 1.8 thorpej NULL, 137 1.8 thorpej 0, 138 1.8 thorpej "kadmin/changepw", 139 1.8 thorpej &opt); 140 1.8 thorpej 141 1.8 thorpej switch (ret) { 142 1.8 thorpej case 0: 143 1.8 thorpej break; 144 1.8 thorpej case KRB5_LIBOS_PWDINTR : 145 1.8 thorpej /* XXX */ 146 1.8 thorpej return 1; 147 1.8 thorpej case KRB5KRB_AP_ERR_BAD_INTEGRITY : 148 1.8 thorpej case KRB5KRB_AP_ERR_MODIFIED : 149 1.8 thorpej fprintf(stderr, "Password incorrect\n"); 150 1.8 thorpej return 1; 151 1.8 thorpej break; 152 1.8 thorpej default: 153 1.8 thorpej warnx("failed to get credentials: %s", 154 1.8 thorpej krb5_get_err_text(context, ret)); 155 1.8 thorpej return 1; 156 1.8 thorpej } 157 1.8 thorpej krb5_data_zero (&result_code_string); 158 1.8 thorpej krb5_data_zero (&result_string); 159 1.8 thorpej 160 1.8 thorpej /* XXX use getpass? It has a broken interface. */ 161 1.8 thorpej if(des_read_pw_string (pwbuf, sizeof(pwbuf), "New password: ", 1) != 0) 162 1.8 thorpej return 1; 163 1.8 thorpej 164 1.8 thorpej ret = krb5_change_password (context, &cred, pwbuf, 165 1.8 thorpej &result_code, 166 1.8 thorpej &result_code_string, 167 1.8 thorpej &result_string); 168 1.8 thorpej if (ret) 169 1.8 thorpej krb5_err (context, 1, ret, "krb5_change_password"); 170 1.8 thorpej 171 1.8 thorpej printf ("%.*s\n", (int)result_string.length, (char *)result_string.data); 172 1.8 thorpej 173 1.8 thorpej krb5_data_free (&result_code_string); 174 1.8 thorpej krb5_data_free (&result_string); 175 1.8 thorpej 176 1.8 thorpej krb5_free_creds_contents (context, &cred); 177 1.8 thorpej krb5_free_context (context); 178 1.8 thorpej return result_code; 179 1.1 brezak } 180
Indexes created Mon Sep 29 15:09:53 GMT 2025