From 6e854a367906a138904a26317b5f44e79e3b0bdb Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Mon, 11 Aug 1997 17:12:54 +0000
Subject: [PATCH] Use krb5_change_password

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2915 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kpasswd/kpasswd.c | 355 +++++-----------------------------------------
 1 file changed, 37 insertions(+), 318 deletions(-)

diff --git a/kpasswd/kpasswd.c b/kpasswd/kpasswd.c
index 4368da464..48f9b89db 100644
--- a/kpasswd/kpasswd.c
+++ b/kpasswd/kpasswd.c
@@ -39,319 +39,6 @@
 #include "kpasswd_locl.h"
 RCSID("$Id$");
 
-static struct sockaddr_in
-get_kdc_address (krb5_context context,
-		 krb5_realm realm)
-{
-    krb5_error_code ret;
-    struct sockaddr_in addr;
-    struct hostent *hostent;
-    char **hostlist;
-    char *dot;
-
-    ret = krb5_get_krbhst (context,
-			   &realm,
-			   &hostlist);
-    if (ret)
-	errx (1, "krb5_get_krbhst: %s",
-	      krb5_get_err_text(context, ret));
-
-    dot = strchr (*hostlist, ':');
-    if (dot)
-	*dot = '\0';
-
-    hostent = gethostbyname (*hostlist);
-    if (hostent == 0)
-	errx (1, "gethostbyname '%s' failed: %s",
-	      *hostlist, hstrerror(h_errno));
-
-    krb5_free_krbhst (context, hostlist);
-
-    memset (&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-    memcpy (&addr.sin_addr, hostent->h_addr_list[0], sizeof(addr.sin_addr));
-    addr.sin_port   = krb5_getportbyname ("kpasswd",
-					  "udp",
-					  htons(KPASSWD_PORT));
-
-    return addr;
-}
-
-static void
-send_request (krb5_context context,
-	      krb5_auth_context *auth_context,
-	      krb5_creds *creds,
-	      int sock,
-	      struct sockaddr_in addr,
-	      char *passwd)
-{
-    krb5_error_code ret;
-    krb5_data ap_req_data;
-    krb5_data krb_priv_data;
-    krb5_data passwd_data;
-    size_t len;
-    u_char header[6];
-    u_char *p;
-    struct iovec iov[3];
-    struct msghdr msghdr;
-
-    krb5_data_zero (&ap_req_data);
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				AP_OPTS_MUTUAL_REQUIRED,
-				NULL, /* in_data */
-				creds,
-				&ap_req_data);
-    if (ret)
-	errx (1, "krb5_mk_req_extended: %s",
-	      krb5_get_err_text(context, ret));
-
-    passwd_data.data   = passwd;
-    passwd_data.length = strlen(passwd);
-
-    krb5_data_zero (&krb_priv_data);
-
-    ret = krb5_mk_priv (context,
-			*auth_context,
-			&passwd_data,
-			&krb_priv_data,
-			NULL);
-    if (ret)
-	errx (1, "krb5_mk_priv: %s",
-	      krb5_get_err_text(context, ret));
-
-    len = 6 + ap_req_data.length + krb_priv_data.length;
-    p = header;
-    *p++ = (len >> 8) & 0xFF;
-    *p++ = (len >> 0) & 0xFF;
-    *p++ = 0;
-    *p++ = 1;
-    *p++ = (ap_req_data.length >> 8) & 0xFF;
-    *p++ = (ap_req_data.length >> 0) & 0xFF;
-
-    memset(&msghdr, 0, sizeof(msghdr));
-    msghdr.msg_name       = (void *)&addr;
-    msghdr.msg_namelen    = sizeof(addr);
-    msghdr.msg_iov        = iov;
-    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-    msghdr.msg_control    = NULL;
-    msghdr.msg_controllen = 0;
-#endif
-
-    iov[0].iov_base    = header;
-    iov[0].iov_len     = 6;
-    iov[1].iov_base    = ap_req_data.data;
-    iov[1].iov_len     = ap_req_data.length;
-    iov[2].iov_base    = krb_priv_data.data;
-    iov[2].iov_len     = krb_priv_data.length;
-
-    if (sendmsg (sock, &msghdr, 0) < 0)
-	err (1, "sendmsg");
-
-    krb5_data_free (&ap_req_data);
-    krb5_data_free (&krb_priv_data);
-}
-
-static int
-process_reply (krb5_context context,
-	       krb5_auth_context auth_context,
-	       int sock)
-{
-    krb5_error_code ret;
-    u_char reply[BUFSIZ];
-    size_t len;
-    u_int16_t pkt_len, pkt_ver;
-    krb5_data ap_rep_data;
-
-    ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
-    if (ret < 0) {
-	warn ("recvfrom");
-	return 1;
-    }
-    len = ret;
-    pkt_len = (reply[0] << 8) | (reply[1]);
-    pkt_ver = (reply[2] << 8) | (reply[3]);
-
-    if (pkt_len != len) {
-	warnx ("wrong len in reply");
-	return 1;
-    }
-    if (pkt_ver != 0x0001) {
-	warnx ("wrong version number (%d)", pkt_ver);
-	return 1;
-    }
-
-    ap_rep_data.data = reply + 6;
-    ap_rep_data.length  = (reply[4] << 8) | (reply[5]);
-  
-    if (ap_rep_data.length) {
-	u_int16_t result_code;
-	krb5_ap_rep_enc_part *ap_rep;
-	krb5_data result_data;
-	krb5_data priv_data;
-	u_char *p;
-
-	ret = krb5_rd_rep (context,
-			   auth_context,
-			   &ap_rep_data,
-			   &ap_rep);
-	if (ret)
-	    errx (1, "krb5_rd_rep: %s",
-		  krb5_get_err_text(context, ret));
-
-	krb5_free_ap_rep_enc_part (context, ap_rep);
-
-	priv_data.data   = (u_char*)ap_rep_data.data + ap_rep_data.length;
-	priv_data.length = len - ap_rep_data.length - 6;
-
-	krb5_data_zero (&result_data);
-
-	ret = krb5_rd_priv (context,
-			    auth_context,
-			    &priv_data,
-			    &result_data,
-			    NULL);
-	if (ret) {
-	    warnx ("krb5_rd_priv: %s",
-		   krb5_get_err_text(context, ret));
-	    krb5_data_free (&result_data);
-	    return 1;
-	}
-
-	if (result_data.length < 2) {
-	    warnx ("bad length in result");
-	    krb5_data_free (&result_data);
-	    return 1;
-	}
-	p = result_data.data;
-      
-	result_code = (p[0] << 8) | p[1];
-	if (result_code == 0) {
-	    printf ("succeeded: %.*s\n",
-		    (int)result_data.length - 2,
-		    (char *)result_data.data + 2);
-	    krb5_data_free (&result_data);
-	    return 0;
-	} else {
-	    printf ("failed(%d): %.*s\n",
-		    result_code,
-		    (int)result_data.length - 2,
-		    (char *)result_data.data + 2);
-	    krb5_data_free (&result_data);
-	    return 1;
-	}
-    } else {
-	KRB_ERROR error;
-	size_t size;
-	u_char *p;
-	u_int16_t result_code;
-      
-	ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
-	if (ret) {
-	    warnx ("even failed to decode the krb_error message");
-	    return 1;
-	}
-	if (error.e_data->length < 2) {
-	    warnx ("too short e_data to print anything usable");
-	    return 1;
-	}
-
-	p = error.e_data->data;
-	result_code = (p[0] << 8) | p[1];
-	if (result_code == 0) {
-	    warnx ("result code == 0 in a krb_error. What?");
-	} else {
-	    printf ("failed(%d) %.*s\n",
-		    result_code,
-		    (int)error.e_data->length - 2,
-		    p + 2);
-	}
-	return 1;
-    }
-}
-
-static int
-change_password (krb5_context context,
-		 krb5_principal principal,
-		 krb5_get_init_creds_opt *opt)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    krb5_creds cred;
-    char pwbuf[BUFSIZ];
-    int sock;
-    struct sockaddr_in addr;
-    int i;
-
-    memset(&cred, 0, sizeof(cred));
-
-    ret = krb5_get_init_creds_password (context,
-					&cred,
-					principal,
-					NULL,
-					krb5_prompter_posix,
-					NULL,
-					0,
-					"kadmin/changepw",
-					opt);
-    if (ret)
-	errx (1, "krb5_get_init_creds: %s", krb5_get_err_text(context, ret));
-
-    if(des_read_pw_string (pwbuf, sizeof(pwbuf), "New password: ", 1) != 0)
-	return 1;
-
-    sock = socket (AF_INET, SOCK_DGRAM, 0);
-    if (sock < 0)
-	err (1, "socket");
-
-    addr = get_kdc_address (context, cred.client->realm);
-
-    ret = krb5_auth_con_init (context, &auth_context);
-    if (ret)
-	errx (1, "krb5_auth_con_init: %s",
-	      krb5_get_err_text (context, ret));
-
-    krb5_auth_con_setflags (context, auth_context,
-			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-
-    for (i = 0; i < 5; ++i) {
-	struct fd_set fdset;
-	struct timeval tv;
-
-	send_request (context,
-		      &auth_context,
-		      &cred,
-		      sock,
-		      addr,
-		      pwbuf);
-
-	FD_ZERO(&fdset);
-	FD_SET(sock, &fdset);
-	tv.tv_usec = 0;
-	tv.tv_sec  = 1 << i;
-
-	ret = select (sock + 1, &fdset, NULL, NULL, &tv);
-	if (ret < 0 && errno != EINTR)
-	    err (1, "select");
-	if (ret == 1)
-	    break;
-    }
-    if (i == 5)
-	errx (1, "Did not manage to contact kdc");
-
-    krb5_free_creds_contents (context, &cred);
-
-    ret = process_reply (context,
-			 auth_context,
-			 sock);
-
-    krb5_auth_con_free (context, auth_context);
-
-    return ret;
-}
-
 static int preauth = 1;
 static int version_flag;
 static int help_flag;
@@ -383,6 +70,10 @@ main (int argc, char **argv)
     krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
     int optind = 0;
     krb5_get_init_creds_opt opt;
+    krb5_creds cred;
+    int result_code;
+    krb5_data result_code_string, result_string;
+    char pwbuf[BUFSIZ];
 
     set_progname (argv[0]);
 
@@ -420,11 +111,39 @@ main (int argc, char **argv)
     } else
 	principal = NULL;
 
-    ret = change_password (context,
-			   principal,
-			   &opt);
+    ret = krb5_get_init_creds_password (context,
+					&cred,
+					principal,
+					NULL,
+					krb5_prompter_posix,
+					NULL,
+					0,
+					"kadmin/changepw",
+					&opt);
+    if (ret)
+	errx (1, "krb5_get_initial_creds: %s",
+	      krb5_get_err_text(context, ret));
 
-    krb5_free_principal (context, principal);
+    krb5_data_zero (&result_code_string);
+    krb5_data_zero (&result_string);
+
+    if(des_read_pw_string (pwbuf, sizeof(pwbuf), "New password: ", 1) != 0)
+	return 1;
+
+    ret = krb5_change_password (context, &cred, pwbuf,
+				&result_code,
+				&result_code_string,
+				&result_string);
+    if (ret)
+	errx (1, "krb5_change_password: %s",
+	      krb5_get_err_text(context, ret));
+
+    printf ("%.*s\n", result_string.length, result_string.data);
+
+    krb5_data_free (&result_code_string);
+    krb5_data_free (&result_string);
+    
+    krb5_free_creds_contents (context, &cred);
     krb5_free_context (context);
-    return ret;
+    return result_code;
 }