From 2b2d75971d1bc35d6945470bcffacb815bf956c2 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Thu, 16 Oct 1997 04:25:26 +0000 Subject: [PATCH] update to new hdb interface change all the keys in the database git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3631 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kpasswd/kpasswdd.c | 54 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/kpasswd/kpasswdd.c b/kpasswd/kpasswdd.c index 28d40170f..9e8e62188 100644 --- a/kpasswd/kpasswdd.c +++ b/kpasswd/kpasswdd.c @@ -45,6 +45,9 @@ static krb5_log_facility *log_facility; static sig_atomic_t exit_flag = 0; +static krb5_data msater_key; +static int master_key_set = 0; + #define KPASSWDD_LOG_ERR 0 #define KPASSWDD_LOG_INFO 1 @@ -60,6 +63,7 @@ syslog_and_die (const char *m, ...) } static char *database = HDB_DEFAULT_DB; +static HDB *db; static void send_reply (int s, @@ -215,6 +219,15 @@ reply_priv (krb5_auth_context auth_context, krb5_data_free (&krb_priv_data); } +static char * +passwd_quality_check (krb5_data *pwd) +{ + if (pwd->length < 6) + return "Password too short"; + else + return NULL; +} + static void change (krb5_auth_context auth_context, krb5_principal principal, @@ -225,10 +238,10 @@ change (krb5_auth_context auth_context, { krb5_error_code ret; char *c; - HDB *db; hdb_entry ent; krb5_data salt; krb5_keyblock new_keyblock, *old_keyblock; + char *pwd_reason; krb5_unparse_name (context, principal, &c); @@ -236,14 +249,15 @@ change (krb5_auth_context auth_context, "Changing password for %s", c); free (c); - if (pwd_data->length < 6) { /* XXX */ + pwd_reason = passwd_quality_check (pwd_data); + if (pwd_reason != NULL ) { krb5_log (context, log_facility, - KPASSWDD_LOG_ERR, "Password too short"); - reply_priv (auth_context, s, sa, sa_size, 4, "password too short"); + KPASSWDD_LOG_ERR, pwd_reason); + reply_priv (auth_context, s, sa, sa_size, 4, pwd_reason); return; } - ret = hdb_open (context, &db, database, O_RDWR, 0600); + ret = db->open(context, db, O_RDWR, 0600); if (ret) { krb5_log (context, log_facility, KPASSWDD_LOG_ERR, "hdb_open: %s", krb5_get_err_text(context, ret)); @@ -272,13 +286,18 @@ change (krb5_auth_context auth_context, goto out; } + /* + * Compare with the first key to see if it already has been + * changed. If it hasn't, store the new key in the database and + * string2key all the rest of them. + */ + krb5_data_zero (&salt); krb5_get_salt (principal, &salt); memset (&new_keyblock, 0, sizeof(new_keyblock)); old_keyblock = &ent.keys.val[0].key; krb5_string_to_key_data (pwd_data, &salt, old_keyblock->keytype, /* XXX */ &new_keyblock); - krb5_data_free (&salt); if (new_keyblock.keytype == old_keyblock->keytype && new_keyblock.keyvalue.length == old_keyblock->keyvalue.length @@ -288,6 +307,7 @@ change (krb5_auth_context auth_context, ret = 0; } else { Event *e; + int i; free_EncryptionKey (old_keyblock); memset (old_keyblock, 0, sizeof(*old_keyblock)); @@ -295,6 +315,15 @@ change (krb5_auth_context auth_context, krb5_data_copy (&old_keyblock->keyvalue, new_keyblock.keyvalue.data, new_keyblock.keyvalue.length); + + for(i = 1; i < ent.keys.len; ++i) { + free_Key (&ent.keys.val[i]); + krb5_string_to_key_data (pwd_data, + &salt, + ent.keys.val[i].key.keytype, + &ent.keys.val[i].key); + } + ent.kvno++; e = malloc(sizeof(*e)); e->time = time(NULL); @@ -308,6 +337,7 @@ change (krb5_auth_context auth_context, *ent.pw_end = e->time + 3600; /* XXX - Change here! */ ret = db->store (context, db, 1, &ent); } + krb5_data_free (&salt); krb5_free_keyblock (context, &new_keyblock); if (ret) { @@ -573,11 +603,23 @@ sigterm(int sig) int main (int argc, char **argv) { + krb5_error_code ret; + char *keyfile = NULL; + krb5_init_context (&context); set_progname (argv[0]); krb5_openlog (context, "kpasswdd", &log_facility); + ret = hdb_create (context, &db, database); + if (ret) + syslog_and_die ("Failed to open database %s: %s", + database, krb5_get_err_text(context, ret)); + ret = hdb_set_master_key(context, db, keyfile); + if (ret) + syslog_and_die ("Failed to set master key: %s", + krb5_get_err_text(context, ret)); + #ifdef HAVE_SIGACTION { struct sigaction sa;