oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

draft-ietf-cat-kerb-chg-password-02 and rfc3244 share the response packet

Browse Source 
sure more constants now that they exists


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12270 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-05-13 11:28:39 +00:00
parent aa1c22fde3
commit 052858243f
1 changed files with 130 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

254
lib/krb5/changepw.c
View File

@@ -53,7 +53,121 @@ str2data (krb5_data *d,
}
/*
* Change password protocol defined by draft-....-04.txt
* Change password protocol defined by /*
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <krb5_locl.h>
RCSID("$Id$");
static void
str2data (krb5_data *d,
const char *fmt,
...) __attribute__ ((format (printf, 2, 3)));
static void
str2data (krb5_data *d,
const char *fmt,
...)
{
va_list args;
va_start(args, fmt);
d->length = vasprintf ((char **)&d->data, fmt, args);
va_end(args);
}
/*
* Change password protocol defined by /*
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <krb5_locl.h>
RCSID("$Id$");
static void
str2data (krb5_data *d,
const char *fmt,
...) __attribute__ ((format (printf, 2, 3)));
static void
str2data (krb5_data *d,
const char *fmt,
...)
{
va_list args;
va_start(args, fmt);
d->length = vasprintf ((char **)&d->data, fmt, args);
va_end(args);
}
/*
* Change password protocol defined by
* draft-ietf-cat-kerb-chg-password-02.txt
*
* Share the response part of the protocol with MS set password
* (RFC3244)
*/
static krb5_error_code
@@ -140,112 +254,6 @@ out2:
return ret;
}
static krb5_error_code
chgpw_process_reply (krb5_context context,
krb5_auth_context auth_context,
int sock,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string,
const char *host)
{
krb5_error_code ret;
u_char reply[BUFSIZ];
size_t len;
u_int16_t pkt_len, pkt_ver;
krb5_data ap_rep_data, priv_data;
int save_errno;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
if (ret < 0) {
save_errno = errno;
krb5_set_error_string(context, "recvfrom %s: %s",
host, strerror(save_errno));
return save_errno;
}
len = ret;
pkt_len = (reply[0] << 8) | (reply[1]);
pkt_ver = (reply[2] << 8) | (reply[3]);
if (pkt_len != len) {
str2data (result_string, "client: wrong len in reply");
*result_code = KRB5_KPASSWD_MALFORMED;
return 0;
}
if (pkt_ver != 0x0001) {
str2data (result_string,
"client: wrong version number (%d)", pkt_ver);
*result_code = KRB5_KPASSWD_MALFORMED;
return 0;
}
ap_rep_data.data = reply + 6;
ap_rep_data.length = (reply[4] << 8) | (reply[5]);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
if ((u_char *)priv_data.data + priv_data.length > reply + len)
return KRB5_KPASSWD_MALFORMED;
if (ap_rep_data.length) {
krb5_ap_rep_enc_part *ap_rep;
u_char *p;
ret = krb5_rd_rep (context,
auth_context,
&ap_rep_data,
&ap_rep);
if (ret)
return ret;
krb5_free_ap_rep_enc_part (context, ap_rep);
ret = krb5_rd_priv (context,
auth_context,
&priv_data,
result_code_string,
NULL);
if (ret) {
krb5_data_free (result_code_string);
return ret;
}
if (result_code_string->length < 2) {
*result_code = KRB5_KPASSWD_MALFORMED;
str2data (result_string,
"client: bad length in result");
return 0;
}
p = result_code_string->data;
*result_code = (p[0] << 8) | p[1];
krb5_data_copy (result_string,
(unsigned char*)result_code_string->data + 2,
result_code_string->length - 2);
return 0;
} else {
KRB_ERROR error;
size_t size;
u_char *p;
ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
if (ret) {
return ret;
}
if (error.e_data->length < 2) {
krb5_warnx (context, "too short e_data to print anything usable");
return 1; /* XXX */
}
p = error.e_data->data;
*result_code = (p[0] << 8) | p[1];
krb5_data_copy (result_string,
p + 2,
error.e_data->length - 2);
return 0;
}
}
/*
* Set password protocol as defined by RFC3244 --
* Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
@@ -347,13 +355,13 @@ out2:
}
static krb5_error_code
setpw_process_reply (krb5_context context,
krb5_auth_context auth_context,
int sock,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string,
const char *host)
process_reply (krb5_context context,
krb5_auth_context auth_context,
int sock,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string,
const char *host)
{
krb5_error_code ret;
u_char reply[BUFSIZ];
@@ -373,8 +381,8 @@ setpw_process_reply (krb5_context context,
len = ret;
if (len < 6) {
krb5_set_error_string(context, "server %s sent to short message "
"(%d bytes)", host, len);
str2data (result_string, "server %s sent to short message "
"(%d bytes)", host, len);
return KRB5_KPASSWD_MALFORMED;
}
@@ -416,8 +424,7 @@ setpw_process_reply (krb5_context context,
*result_code = KRB5_KPASSWD_MALFORMED;
return 0;
}
if (pkt_ver != KRB5_KPASSWD_VERS_SETPW &&
pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
str2data (result_string,
"client: wrong version number (%d)", pkt_ver);
*result_code = KRB5_KPASSWD_MALFORMED;
@@ -438,6 +445,9 @@ setpw_process_reply (krb5_context context,
krb5_data priv_data;
u_char *p;
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
ret = krb5_rd_rep (context,
auth_context,
&ap_rep_data,
@@ -447,9 +457,6 @@ setpw_process_reply (krb5_context context,
krb5_free_ap_rep_enc_part (context, ap_rep);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
ret = krb5_rd_priv (context,
auth_context,
&priv_data,
@@ -524,8 +531,8 @@ struct kpwd_proc {
kpwd_send_request send_req;
kpwd_process_reply process_rep;
} procs[] = {
{ "MS set password", setpw_send_request, setpw_process_reply },
{ "change password", chgpw_send_request, chgpw_process_reply },
{ "MS set password", setpw_send_request, process_reply },
{ "change password", chgpw_send_request, process_reply },
{ NULL }
};
@@ -732,7 +739,6 @@ krb5_set_password (krb5_context context,
} else
principal = targprinc;
ret = krb5_make_principal(context, &creds.server,
*krb5_princ_realm(context, principal),
"kadmin", "changepw", NULL);