oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use HDB keytabs; change some error messages; add --realm flag

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6877 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1999-08-27 09:00:26 +00:00
parent 5ac5a33197
commit 43c3f079e3
1 changed files with 43 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
kpasswd/kpasswdd.c
View File

@@ -44,6 +44,8 @@ RCSID("$Id$");
#include <dlfcn.h> #include <dlfcn.h>
#endif #endif
#include <hdb.h>
static krb5_context context; static krb5_context context;
static krb5_log_facility *log_facility; static krb5_log_facility *log_facility;
@@ -304,7 +306,7 @@ change (krb5_auth_context auth_context,
free (client); free (client);
krb5_warn (context, ret, "kadm5_init_with_password_ctx"); krb5_warn (context, ret, "kadm5_init_with_password_ctx");
reply_priv (auth_context, s, sa, sa_size, 2, reply_priv (auth_context, s, sa, sa_size, 2,
"kadm5_init_with_password_ctx failed"); "Internal error");
return; return;
} }
@@ -326,7 +328,7 @@ change (krb5_auth_context auth_context,
if (ret) { if (ret) {
krb5_warn (context, ret, "kadm5_get_principal"); krb5_warn (context, ret, "kadm5_get_principal");
reply_priv (auth_context, s, sa, sa_size, 2, reply_priv (auth_context, s, sa, sa_size, 2,
"kadm5_get_principal failed"); "Internal error");
kadm5_destroy (kadm5_handle); kadm5_destroy (kadm5_handle);
return; return;
} }
@@ -367,7 +369,7 @@ change (krb5_auth_context auth_context,
if (tmp == NULL) { if (tmp == NULL) {
krb5_warnx (context, "malloc: out of memory"); krb5_warnx (context, "malloc: out of memory");
reply_priv (auth_context, s, sa, sa_size, 2, reply_priv (auth_context, s, sa, sa_size, 2,
"malloc failed"); "Internal error");
goto out; goto out;
} }
memcpy (tmp, pwd_data->data, pwd_data->length); memcpy (tmp, pwd_data->data, pwd_data->length);
@@ -381,11 +383,11 @@ change (krb5_auth_context auth_context,
if (ret) { if (ret) {
krb5_warn (context, ret, "kadm5_s_chpass_principal"); krb5_warn (context, ret, "kadm5_s_chpass_principal");
reply_priv (auth_context, s, sa, sa_size, 2, reply_priv (auth_context, s, sa, sa_size, 2,
"change failed"); "Internal error");
goto out; goto out;
} }
} }
reply_priv (auth_context, s, sa, sa_size, 0, "password changed"); reply_priv (auth_context, s, sa, sa_size, 0, "Password changed");
out: out:
kadm5_free_principal_ent (kadm5_handle, &ent); kadm5_free_principal_ent (kadm5_handle, &ent);
kadm5_destroy (kadm5_handle); kadm5_destroy (kadm5_handle);
@@ -414,12 +416,12 @@ verify (krb5_auth_context *auth_context,
if (pkt_len != len) { if (pkt_len != len) {
krb5_warnx (context, "Strange len: %ld != %ld", krb5_warnx (context, "Strange len: %ld != %ld",
(long)pkt_len, (long)len); (long)pkt_len, (long)len);
reply_error (server, s, sa, sa_size, 0, 1, "bad length"); reply_error (server, s, sa, sa_size, 0, 1, "Bad request");
return 1; return 1;
} }
if (pkt_ver != 0x0001) { if (pkt_ver != 0x0001) {
krb5_warnx (context, "Bad version (%d)", pkt_ver); krb5_warnx (context, "Bad version (%d)", pkt_ver);
reply_error (server, s, sa, sa_size, 0, 1, "bad version"); reply_error (server, s, sa, sa_size, 0, 1, "Wrong program version");
return 1; return 1;
} }
@@ -434,15 +436,22 @@ verify (krb5_auth_context *auth_context,
NULL, NULL,
ticket); ticket);
if (ret) { if (ret) {
krb5_warn (context, ret, "krb5_rd_req"); if(ret == KRB5_KT_NOTFOUND) {
reply_error (server, s, sa, sa_size, ret, 3, "rd_req failed"); char *name;
krb5_unparse_name(context, server, &name);
krb5_warnx (context, "krb5_rd_req: %s (%s)",
krb5_get_err_text(context, ret), name);
free(name);
} else
krb5_warn (context, ret, "krb5_rd_req");
reply_error (server, s, sa, sa_size, ret, 3, "Authentication failed");
return 1; return 1;
} }
if (!(*ticket)->ticket.flags.initial) { if (!(*ticket)->ticket.flags.initial) {
krb5_warnx (context, "initial flag not set"); krb5_warnx (context, "initial flag not set");
reply_error (server, s, sa, sa_size, ret, 1, reply_error (server, s, sa, sa_size, ret, 1,
"initial flag not set"); "Bad request");
goto out; goto out;
} }
krb_priv_data.data = msg + 6 + ap_req_len; krb_priv_data.data = msg + 6 + ap_req_len;
@@ -456,7 +465,7 @@ verify (krb5_auth_context *auth_context,
if (ret) { if (ret) {
krb5_warn (context, ret, "krb5_rd_priv"); krb5_warn (context, ret, "krb5_rd_priv");
reply_error (server, s, sa, sa_size, ret, 3, "rd_priv failed"); reply_error (server, s, sa, sa_size, ret, 3, "Bad request");
goto out; goto out;
} }
return 0; return 0;
@@ -555,9 +564,9 @@ doit (krb5_keytab keytab,
free (realm); free (realm);
ret = krb5_get_all_client_addrs (context, &addrs); ret = krb5_get_all_server_addrs (context, &addrs);
if (ret) if (ret)
krb5_err (context, 1, ret, "krb5_get_all_client_addrs"); krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
n = addrs.len; n = addrs.len;
@@ -571,11 +580,16 @@ doit (krb5_keytab keytab,
krb5_addr2sockaddr (&addrs.val[i], sa, &sa_size, port); krb5_addr2sockaddr (&addrs.val[i], sa, &sa_size, port);
sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0); sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0);
if (sockets[i] < 0) if (sockets[i] < 0)
krb5_err (context, 1, errno, "socket"); krb5_err (context, 1, errno, "socket");
if (bind (sockets[i], sa, sa_size) < 0) if (bind (sockets[i], sa, sa_size) < 0) {
krb5_err (context, 1, errno, "bind"); char str[128];
size_t len;
ret = krb5_print_address (&addrs.val[i], str, sizeof(str), &len);
krb5_err (context, 1, errno, "bind(%s)", str);
}
maxfd = max (maxfd, sockets[i]); maxfd = max (maxfd, sockets[i]);
FD_SET(sockets[i], &real_fdset); FD_SET(sockets[i], &real_fdset);
} }
@@ -627,7 +641,8 @@ sigterm(int sig)
const char *check_library; const char *check_library;
const char *check_function; const char *check_function;
#endif #endif
char *keytab_str; char *keytab_str = "HDB:";
char *realm_str;
int version_flag; int version_flag;
int help_flag; int help_flag;
@@ -640,6 +655,7 @@ struct getargs args[] = {
#endif #endif
{ "keytab", 'k', arg_string, &keytab_str, { "keytab", 'k', arg_string, &keytab_str,
"keytab to get authentication key from", "kspec" }, "keytab to get authentication key from", "kspec" },
{ "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
{ "version", 0, arg_flag, &version_flag }, { "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag } { "help", 0, arg_flag, &help_flag }
}; };
@@ -650,6 +666,7 @@ main (int argc, char **argv)
{ {
int optind; int optind;
krb5_keytab keytab; krb5_keytab keytab;
krb5_error_code ret;
optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL); optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
@@ -660,6 +677,9 @@ main (int argc, char **argv)
exit(0); exit(0);
} }
if(realm_str)
krb5_set_default_realm(context, realm_str);
krb5_openlog (context, "kpasswdd", &log_facility); krb5_openlog (context, "kpasswdd", &log_facility);
krb5_set_warn_dest(context, log_facility); krb5_set_warn_dest(context, log_facility);
@@ -687,13 +707,14 @@ main (int argc, char **argv)
} }
#endif #endif
if(keytab_str) { ret = krb5_kt_register(context, &hdb_kt_ops);
krb5_error_code ret = krb5_kt_resolve(context, keytab_str, &keytab); if(ret)
if(ret) krb5_err(context, 1, ret, "krb5_kt_register");
krb5_err(context, 1, ret, "%s", keytab_str);
} else
keytab = NULL;
ret = krb5_kt_resolve(context, keytab_str, &keytab);
if(ret)
krb5_err(context, 1, ret, "%s", keytab_str);
setup_passwd_quality_check(context); setup_passwd_quality_check(context);
#ifdef HAVE_SIGACTION #ifdef HAVE_SIGACTION