oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use HDB keytabs; change some error messages; add --realm flag

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6877 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1999-08-27 09:00:26 +00:00
parent 5ac5a33197
commit 43c3f079e3
1 changed files with 43 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
kpasswd/kpasswdd.c
View File

@@ -44,6 +44,8 @@ RCSID("$Id$");
#include <dlfcn.h>
#endif
#include <hdb.h>
static krb5_context context;
static krb5_log_facility *log_facility;
@@ -304,7 +306,7 @@ change (krb5_auth_context auth_context,
free (client);
krb5_warn (context, ret, "kadm5_init_with_password_ctx");
reply_priv (auth_context, s, sa, sa_size, 2,
"kadm5_init_with_password_ctx failed");
"Internal error");
return;
}
@@ -326,7 +328,7 @@ change (krb5_auth_context auth_context,
if (ret) {
krb5_warn (context, ret, "kadm5_get_principal");
reply_priv (auth_context, s, sa, sa_size, 2,
"kadm5_get_principal failed");
"Internal error");
kadm5_destroy (kadm5_handle);
return;
}
@@ -367,7 +369,7 @@ change (krb5_auth_context auth_context,
if (tmp == NULL) {
krb5_warnx (context, "malloc: out of memory");
reply_priv (auth_context, s, sa, sa_size, 2,
"malloc failed");
"Internal error");
goto out;
}
memcpy (tmp, pwd_data->data, pwd_data->length);
@@ -381,11 +383,11 @@ change (krb5_auth_context auth_context,
if (ret) {
krb5_warn (context, ret, "kadm5_s_chpass_principal");
reply_priv (auth_context, s, sa, sa_size, 2,
"change failed");
"Internal error");
goto out;
}
}
reply_priv (auth_context, s, sa, sa_size, 0, "password changed");
reply_priv (auth_context, s, sa, sa_size, 0, "Password changed");
out:
kadm5_free_principal_ent (kadm5_handle, &ent);
kadm5_destroy (kadm5_handle);
@@ -414,12 +416,12 @@ verify (krb5_auth_context *auth_context,
if (pkt_len != len) {
krb5_warnx (context, "Strange len: %ld != %ld",
(long)pkt_len, (long)len);
reply_error (server, s, sa, sa_size, 0, 1, "bad length");
reply_error (server, s, sa, sa_size, 0, 1, "Bad request");
return 1;
}
if (pkt_ver != 0x0001) {
krb5_warnx (context, "Bad version (%d)", pkt_ver);
reply_error (server, s, sa, sa_size, 0, 1, "bad version");
reply_error (server, s, sa, sa_size, 0, 1, "Wrong program version");
return 1;
}
@@ -434,15 +436,22 @@ verify (krb5_auth_context *auth_context,
NULL,
ticket);
if (ret) {
krb5_warn (context, ret, "krb5_rd_req");
reply_error (server, s, sa, sa_size, ret, 3, "rd_req failed");
if(ret == KRB5_KT_NOTFOUND) {
char *name;
krb5_unparse_name(context, server, &name);
krb5_warnx (context, "krb5_rd_req: %s (%s)",
krb5_get_err_text(context, ret), name);
free(name);
} else
krb5_warn (context, ret, "krb5_rd_req");
reply_error (server, s, sa, sa_size, ret, 3, "Authentication failed");
return 1;
}
if (!(*ticket)->ticket.flags.initial) {
krb5_warnx (context, "initial flag not set");
reply_error (server, s, sa, sa_size, ret, 1,
"initial flag not set");
"Bad request");
goto out;
}
krb_priv_data.data = msg + 6 + ap_req_len;
@@ -456,7 +465,7 @@ verify (krb5_auth_context *auth_context,
if (ret) {
krb5_warn (context, ret, "krb5_rd_priv");
reply_error (server, s, sa, sa_size, ret, 3, "rd_priv failed");
reply_error (server, s, sa, sa_size, ret, 3, "Bad request");
goto out;
}
return 0;
@@ -555,9 +564,9 @@ doit (krb5_keytab keytab,
free (realm);
ret = krb5_get_all_client_addrs (context, &addrs);
ret = krb5_get_all_server_addrs (context, &addrs);
if (ret)
krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
n = addrs.len;
@@ -571,11 +580,16 @@ doit (krb5_keytab keytab,
krb5_addr2sockaddr (&addrs.val[i], sa, &sa_size, port);
sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0);
if (sockets[i] < 0)
krb5_err (context, 1, errno, "socket");
if (bind (sockets[i], sa, sa_size) < 0)
krb5_err (context, 1, errno, "bind");
if (bind (sockets[i], sa, sa_size) < 0) {
char str[128];
size_t len;
ret = krb5_print_address (&addrs.val[i], str, sizeof(str), &len);
krb5_err (context, 1, errno, "bind(%s)", str);
}
maxfd = max (maxfd, sockets[i]);
FD_SET(sockets[i], &real_fdset);
}
@@ -627,7 +641,8 @@ sigterm(int sig)
const char *check_library;
const char *check_function;
#endif
char *keytab_str;
char *keytab_str = "HDB:";
char *realm_str;
int version_flag;
int help_flag;
@@ -640,6 +655,7 @@ struct getargs args[] = {
#endif
{ "keytab", 'k', arg_string, &keytab_str,
"keytab to get authentication key from", "kspec" },
{ "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
@@ -650,6 +666,7 @@ main (int argc, char **argv)
{
int optind;
krb5_keytab keytab;
krb5_error_code ret;
optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
@@ -660,6 +677,9 @@ main (int argc, char **argv)
exit(0);
}
if(realm_str)
krb5_set_default_realm(context, realm_str);
krb5_openlog (context, "kpasswdd", &log_facility);
krb5_set_warn_dest(context, log_facility);
@@ -687,13 +707,14 @@ main (int argc, char **argv)
}
#endif
if(keytab_str) {
krb5_error_code ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "%s", keytab_str);
} else
keytab = NULL;
ret = krb5_kt_register(context, &hdb_kt_ops);
if(ret)
krb5_err(context, 1, ret, "krb5_kt_register");
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "%s", keytab_str);
setup_passwd_quality_check(context);
#ifdef HAVE_SIGACTION