Annotation of src/usr.bin/passwd/krb_passwd.c, Revision 1.11
1.11 ! aaron 1: /* $OpenBSD: krb_passwd.c,v 1.10 1998/03/09 22:17:32 art Exp $ */
1.8 art 2: /* $KTH: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $ */
1.4 deraadt 3:
1.9 art 4: /*
5: * This source code is no longer held under any constraint of USA
6: * `cryptographic laws' since it was exported legally. The cryptographic
7: * functions were removed from the code and a "Bones" distribution was
8: * made. A Commodity Jurisdiction Request #012-94 was filed with the
9: * USA State Department, who handed it to the Commerce department. The
10: * code was determined to fall under General License GTDA under ECCN 5D96G,
11: * and hence exportable. The cryptographic interfaces were re-added by Eric
12: * Young, and then KTH proceeded to maintain the code in the free world.
13: *
14: */
15:
1.8 art 16: /*
1.9 art 17: * Copyright (C) 1989 by the Massachusetts Institute of Technology
18: *
19: * Export of this software from the United States of America is assumed
20: * to require a specific license from the United States Government.
21: * It is the responsibility of any person or organization contemplating
22: * export to obtain such a license before exporting.
23: *
24: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
25: * distribute this software and its documentation for any purpose and
26: * without fee is hereby granted, provided that the above copyright
27: * notice appear in all copies and that both that copyright notice and
28: * this permission notice appear in supporting documentation, and that
29: * the name of M.I.T. not be used in advertising or publicity pertaining
30: * to distribution of the software without specific, written prior
31: * permission. M.I.T. makes no representations about the suitability of
32: * this software for any purpose. It is provided "as is" without express
33: * or implied warranty.
34: *
35: */
1.8 art 36:
37: /*
38: * change your password with kerberos
1.1 deraadt 39: */
40:
41: #ifdef KERBEROS
42:
43: #include <sys/types.h>
44: #include <sys/socket.h>
45: #include <sys/time.h>
46: #include <sys/resource.h>
47: #include <netinet/in.h>
1.7 provos 48: #include <des.h>
1.1 deraadt 49: #include <kerberosIV/krb.h>
1.8 art 50: #include <kerberosIV/kadm.h>
51: #include <kerberosIV/kadm_err.h>
1.1 deraadt 52: #include <netdb.h>
53: #include <signal.h>
54: #include <pwd.h>
1.5 weingart 55: #include <err.h>
1.1 deraadt 56: #include <errno.h>
57: #include <stdio.h>
58: #include <string.h>
59: #include <stdlib.h>
1.5 weingart 60: #include <unistd.h>
1.1 deraadt 61:
1.8 art 62: char realm[REALM_SZ];
1.1 deraadt 63:
1.8 art 64: extern void usage(int value);
1.1 deraadt 65:
1.8 art 66: int
67: krb_passwd(int argc, char **argv)
1.1 deraadt 68: {
1.8 art 69: krb_principal principal;
70: krb_principal default_principal;
71: int realm_given = 0; /* True if realm was give on cmdline */
72: int use_default = 1; /* True if we should use default name */
73: int status; /* return code */
74: char pword[MAX_KPW_LEN];
75: int c;
76: char tktstring[MAXPATHLEN];
1.10 art 77:
78: seteuid(getuid());
1.8 art 79:
80: memset (&principal, 0, sizeof(principal));
81: memset (&default_principal, 0, sizeof(default_principal));
82:
83: krb_get_default_principal (default_principal.name,
84: default_principal.instance,
85: default_principal.realm);
86:
1.11 ! aaron 87: while ((c = getopt(argc, argv, "u:n:i:r:h")) != -1) {
1.8 art 88: switch (c) {
89: case 'u':
90: status = krb_parse_name (optarg, &principal);
91: if (status != KSUCCESS)
92: errx (2, "%s", krb_get_err_text(status));
93: if (principal.realm[0])
94: realm_given++;
95: else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS)
96: errx (1, "Could not find default realm!");
97: break;
98: case 'n':
99: if (k_isname(optarg))
100: strncpy(principal.name, optarg, sizeof(principal.name) - 1);
101: else {
102: warnx("Bad name: %s", optarg);
103: usage(1);
104: }
105: break;
106: case 'i':
107: if (k_isinst(optarg))
108: strncpy(principal.instance,
109: optarg,
110: sizeof(principal.instance) - 1);
111: else {
112: warnx("Bad instance: %s", optarg);
113: usage(1);
114: }
115: break;
116: case 'r':
117: if (k_isrealm(optarg)) {
118: strncpy(principal.realm, optarg, sizeof(principal.realm) - 1);
119: realm_given++;
120: } else {
121: warnx("Bad realm: %s", optarg);
122: usage(1);
123: }
124: break;
125: case 'h':
126: usage(0);
127: break;
128: default:
129: usage(1);
130: break;
131: }
132: use_default = 0;
133: }
134: if (optind < argc) {
135: use_default = 0;
136: status = krb_parse_name (argv[optind], &principal);
137: if(status != KSUCCESS)
138: errx (1, "%s", krb_get_err_text (status));
139: }
140:
141: if (use_default) {
142: strncpy(principal.name, default_principal.name, ANAME_SZ - 1);
143: principal.name[ANAME_SZ - 1] = '\0';
144: strncpy(principal.instance, default_principal.instance, INST_SZ - 1);
145: principal.instance[INST_SZ - 1] = '\0';
146: strncpy(principal.realm, default_principal.realm, REALM_SZ - 1);
147: principal.realm[REALM_SZ - 1] = '\0';
148: } else {
149: if (!principal.name[0]) {
150: strncpy(principal.name, default_principal.name, ANAME_SZ - 1);
151: principal.name[ANAME_SZ - 1] = '\0';
152: }
153: if (!principal.realm[0]) {
154: strncpy(principal.realm, default_principal.realm, REALM_SZ - 1);
155: principal.realm[REALM_SZ - 1] = '\0';
156: }
157: }
158:
159: snprintf(tktstring, sizeof(tktstring),
160: TKT_ROOT "_cpw_%u", (unsigned)getpid());
161: krb_set_tkt_string(tktstring);
162:
163: if (get_pw_new_pwd(pword, sizeof(pword), &principal,
164: realm_given)) {
165: dest_tkt ();
1.1 deraadt 166: exit(1);
1.8 art 167: }
168:
169: status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm);
170: if (status != KADM_SUCCESS)
171: com_err(argv[0], status, "while initializing");
172: else {
173: des_cblock newkey;
174: char *pw_msg; /* message from server */
175:
176: des_string_to_key(pword, &newkey);
177: status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg);
178: memset(newkey, 0, sizeof(newkey));
179:
180: if (status == KADM_INSECURE_PW)
181: warnx ("Insecure password: %s", pw_msg);
182: else if (status != KADM_SUCCESS)
183: com_err(argv[0], status, " attempting to change password.");
184: }
185: memset(pword, 0, sizeof(pword));
186:
187: if (status != KADM_SUCCESS)
188: fprintf(stderr,"Password NOT changed.\n");
189: else
190: printf("Password changed.\n");
191:
192: dest_tkt();
193: if (status)
194: return 2;
195: else
196: return 0;
1.1 deraadt 197: }
198:
199: #endif /* KERBEROS */