oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
2388bc93f0b18c38dec6d24edd335794fa851019
heimdal/kpasswd/kpasswd.c
Assar Westerlund 85b631b8f5 converted to getarg and get_init_creds 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2747 ec53bebd-3082-4978-b11e-865c3cabbd6b
1997-08-07 22:37:07 +00:00

431 lines
10 KiB
C
Raw Blame History

/*
* Copyright (c) 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kpasswd_locl.h"
RCSID("$Id$");
static struct sockaddr_in
get_kdc_address (krb5_context context,
krb5_realm realm)
{
krb5_error_code ret;
struct sockaddr_in addr;
struct hostent *hostent;
char **hostlist;
char *dot;
ret = krb5_get_krbhst (context,
&realm,
&hostlist);
if (ret)
errx (1, "krb5_get_krbhst: %s",
krb5_get_err_text(context, ret));
dot = strchr (*hostlist, ':');
if (dot)
*dot = '\0';
hostent = gethostbyname (*hostlist);
if (hostent == 0)
errx (1, "gethostbyname '%s' failed: %s",
*hostlist, hstrerror(h_errno));
krb5_free_krbhst (context, hostlist);
memset (&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
memcpy (&addr.sin_addr, hostent->h_addr_list[0], sizeof(addr.sin_addr));
addr.sin_port = krb5_getportbyname ("kpasswd",
"udp",
htons(KPASSWD_PORT));
return addr;
}
static void
send_request (krb5_context context,
krb5_auth_context *auth_context,
krb5_creds *creds,
int sock,
struct sockaddr_in addr,
char *passwd)
{
krb5_error_code ret;
krb5_data ap_req_data;
krb5_data krb_priv_data;
krb5_data passwd_data;
size_t len;
u_char header[6];
u_char *p;
struct iovec iov[3];
struct msghdr msghdr;
krb5_data_zero (&ap_req_data);
ret = krb5_mk_req_extended (context,
auth_context,
AP_OPTS_MUTUAL_REQUIRED,
NULL, /* in_data */
creds,
&ap_req_data);
if (ret)
errx (1, "krb5_mk_req_extended: %s",
krb5_get_err_text(context, ret));
passwd_data.data = passwd;
passwd_data.length = strlen(passwd);
krb5_data_zero (&krb_priv_data);
ret = krb5_mk_priv (context,
*auth_context,
&passwd_data,
&krb_priv_data,
NULL);
if (ret)
errx (1, "krb5_mk_priv: %s",
krb5_get_err_text(context, ret));
len = 6 + ap_req_data.length + krb_priv_data.length;
p = header;
*p++ = (len >> 8) & 0xFF;
*p++ = (len >> 0) & 0xFF;
*p++ = 0;
*p++ = 1;
*p++ = (ap_req_data.length >> 8) & 0xFF;
*p++ = (ap_req_data.length >> 0) & 0xFF;
memset(&msghdr, 0, sizeof(msghdr));
msghdr.msg_name = (void *)&addr;
msghdr.msg_namelen = sizeof(addr);
msghdr.msg_iov = iov;
msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
#if 0
msghdr.msg_control = NULL;
msghdr.msg_controllen = 0;
#endif
iov[0].iov_base = header;
iov[0].iov_len = 6;
iov[1].iov_base = ap_req_data.data;
iov[1].iov_len = ap_req_data.length;
iov[2].iov_base = krb_priv_data.data;
iov[2].iov_len = krb_priv_data.length;
if (sendmsg (sock, &msghdr, 0) < 0)
err (1, "sendmsg");
krb5_data_free (&ap_req_data);
krb5_data_free (&krb_priv_data);
}
static int
process_reply (krb5_context context,
krb5_auth_context auth_context,
int sock)
{
krb5_error_code ret;
u_char reply[BUFSIZ];
size_t len;
u_int16_t pkt_len, pkt_ver;
krb5_data ap_rep_data;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
if (ret < 0) {
warn ("recvfrom");
return 1;
}
len = ret;
pkt_len = (reply[0] << 8) | (reply[1]);
pkt_ver = (reply[2] << 8) | (reply[3]);
if (pkt_len != len) {
warnx ("wrong len in reply");
return 1;
}
if (pkt_ver != 0x0001) {
warnx ("wrong version number (%d)", pkt_ver);
return 1;
}
ap_rep_data.data = reply + 6;
ap_rep_data.length = (reply[4] << 8) | (reply[5]);
if (ap_rep_data.length) {
u_int16_t result_code;
krb5_ap_rep_enc_part *ap_rep;
krb5_data result_data;
krb5_data priv_data;
u_char *p;
ret = krb5_rd_rep (context,
auth_context,
&ap_rep_data,
&ap_rep);
if (ret)
errx (1, "krb5_rd_rep: %s",
krb5_get_err_text(context, ret));
krb5_free_ap_rep_enc_part (context, ap_rep);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
krb5_data_zero (&result_data);
ret = krb5_rd_priv (context,
auth_context,
&priv_data,
&result_data,
NULL);
if (ret) {
warnx ("krb5_rd_priv: %s",
krb5_get_err_text(context, ret));
krb5_data_free (&result_data);
return 1;
}
if (result_data.length < 2) {
warnx ("bad length in result");
krb5_data_free (&result_data);
return 1;
}
p = result_data.data;
result_code = (p[0] << 8) | p[1];
if (result_code == 0) {
printf ("succeeded: %.*s\n",
(int)result_data.length - 2,
(char *)result_data.data + 2);
krb5_data_free (&result_data);
return 0;
} else {
printf ("failed(%d): %.*s\n",
result_code,
(int)result_data.length - 2,
(char *)result_data.data + 2);
krb5_data_free (&result_data);
return 1;
}
} else {
KRB_ERROR error;
size_t size;
u_char *p;
u_int16_t result_code;
ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
if (ret) {
warnx ("even failed to decode the krb_error message");
return 1;
}
if (error.e_data->length < 2) {
warnx ("too short e_data to print anything usable");
return 1;
}
p = error.e_data->data;
result_code = (p[0] << 8) | p[1];
if (result_code == 0) {
warnx ("result code == 0 in a krb_error. What?");
} else {
printf ("failed(%d) %.*s\n",
result_code,
(int)error.e_data->length - 2,
p + 2);
}
return 1;
}
}
static int
change_password (krb5_context context,
krb5_principal principal,
krb5_get_init_creds_opt *opt)
{
krb5_error_code ret;
krb5_auth_context auth_context = NULL;
krb5_creds cred;
char pwbuf[BUFSIZ];
int sock;
struct sockaddr_in addr;
int i;
memset(&cred, 0, sizeof(cred));
ret = krb5_get_init_creds_password (context,
&cred,
principal,
NULL,
krb5_prompter_posix,
NULL,
0,
"kadmin/changepw",
opt);
if (ret)
errx (1, "krb5_get_init_creds: %s", krb5_get_err_text(context, ret));
if(des_read_pw_string (pwbuf, sizeof(pwbuf), "New password: ", 1) != 0)
return 1;
sock = socket (AF_INET, SOCK_DGRAM, 0);
if (sock < 0)
err (1, "socket");
addr = get_kdc_address (context, cred.client->realm);
ret = krb5_auth_con_init (context, &auth_context);
if (ret)
errx (1, "krb5_auth_con_init: %s",
krb5_get_err_text (context, ret));
krb5_auth_con_setflags (context, auth_context,
KRB5_AUTH_CONTEXT_DO_SEQUENCE);
for (i = 0; i < 5; ++i) {
struct fd_set fdset;
struct timeval tv;
send_request (context,
&auth_context,
&cred,
sock,
addr,
pwbuf);
FD_ZERO(&fdset);
FD_SET(sock, &fdset);
tv.tv_usec = 0;
tv.tv_sec = 1 << i;
ret = select (sock + 1, &fdset, NULL, NULL, &tv);
if (ret < 0 && errno != EINTR)
err (1, "select");
if (ret == 1)
break;
}
if (i == 5)
errx (1, "Did not manage to contact kdc");
krb5_free_creds_contents (context, &cred);
ret = process_reply (context,
auth_context,
sock);
krb5_auth_con_free (context, auth_context);
return ret;
}
static int preauth = 1;
static int version_flag;
static int help_flag;
static struct getargs args[] = {
{ "preauthentication", 'p', arg_negative_flag, &preauth,
"disable preauthentication", NULL },
{ "version", 0, arg_flag, &version_flag,
"print version", NULL },
{ "help", 0, arg_flag, &help_flag,
NULL, NULL}
};
static void
usage (int ret)
{
arg_printusage (args,
sizeof(args)/sizeof(*args),
"[principal]");
exit (ret);
}
int
main (int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_principal principal;
krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
int optind = 0;
krb5_get_init_creds_opt opt;
set_progname (argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
usage(1);
if (help_flag)
usage (0);
if(version_flag){
printf("%s (%s-%s)\n", __progname, PACKAGE, VERSION);
exit(0);
}
krb5_get_init_creds_opt_init (&opt);
if (preauth)
krb5_get_init_creds_opt_set_preauth_list (&opt,
pre_auth_types,
1);
krb5_get_init_creds_opt_set_tkt_life (&opt, 300);
argc -= optind;
argv += optind;
ret = krb5_init_context (&context);
if (ret)
errx (1, "krb5_init_context: %s", krb5_get_err_text(context, ret));
if(argv[0]) {
ret = krb5_parse_name (context, argv[0], &principal);
if (ret)
errx (1, "krb5_parse_name: %s", krb5_get_err_text(context, ret));
} else
principal = NULL;
ret = change_password (context,
principal,
&opt);
krb5_free_principal (context, principal);
krb5_free_context (context);
return ret;
}
Reference in New Issue View Git Blame Copy Permalink