Annotation of src/usr.bin/passwd/krb_passwd.c, Revision 1.13
1.13 ! hin 1: /* $OpenBSD: krb_passwd.c,v 1.12 1999/08/16 19:51:26 art Exp $ */
1.8 art 2: /* $KTH: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $ */
1.4 deraadt 3:
1.9 art 4: /*
5: * This source code is no longer held under any constraint of USA
6: * `cryptographic laws' since it was exported legally. The cryptographic
7: * functions were removed from the code and a "Bones" distribution was
8: * made. A Commodity Jurisdiction Request #012-94 was filed with the
9: * USA State Department, who handed it to the Commerce department. The
10: * code was determined to fall under General License GTDA under ECCN 5D96G,
11: * and hence exportable. The cryptographic interfaces were re-added by Eric
12: * Young, and then KTH proceeded to maintain the code in the free world.
13: *
14: */
15:
1.8 art 16: /*
1.9 art 17: * Copyright (C) 1989 by the Massachusetts Institute of Technology
18: *
19: * Export of this software from the United States of America is assumed
20: * to require a specific license from the United States Government.
21: * It is the responsibility of any person or organization contemplating
22: * export to obtain such a license before exporting.
23: *
24: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
25: * distribute this software and its documentation for any purpose and
26: * without fee is hereby granted, provided that the above copyright
27: * notice appear in all copies and that both that copyright notice and
28: * this permission notice appear in supporting documentation, and that
29: * the name of M.I.T. not be used in advertising or publicity pertaining
30: * to distribution of the software without specific, written prior
31: * permission. M.I.T. makes no representations about the suitability of
32: * this software for any purpose. It is provided "as is" without express
33: * or implied warranty.
34: *
35: */
1.8 art 36:
37: /*
38: * change your password with kerberos
1.1 deraadt 39: */
40:
41: #ifdef KERBEROS
42:
43: #include <sys/types.h>
44: #include <sys/socket.h>
45: #include <sys/time.h>
46: #include <sys/resource.h>
47: #include <netinet/in.h>
1.7 provos 48: #include <des.h>
1.1 deraadt 49: #include <kerberosIV/krb.h>
1.8 art 50: #include <kerberosIV/kadm.h>
51: #include <kerberosIV/kadm_err.h>
1.1 deraadt 52: #include <netdb.h>
53: #include <signal.h>
54: #include <pwd.h>
1.5 weingart 55: #include <err.h>
1.1 deraadt 56: #include <errno.h>
57: #include <stdio.h>
58: #include <string.h>
59: #include <stdlib.h>
1.5 weingart 60: #include <unistd.h>
1.12 art 61: #include <com_err.h>
1.1 deraadt 62:
1.8 art 63: char realm[REALM_SZ];
1.1 deraadt 64:
1.8 art 65: extern void usage(int value);
1.1 deraadt 66:
1.8 art 67: int
68: krb_passwd(int argc, char **argv)
1.1 deraadt 69: {
1.8 art 70: krb_principal principal;
71: krb_principal default_principal;
72: int realm_given = 0; /* True if realm was give on cmdline */
73: int use_default = 1; /* True if we should use default name */
74: int status; /* return code */
75: char pword[MAX_KPW_LEN];
76: int c;
77: char tktstring[MAXPATHLEN];
1.10 art 78:
79: seteuid(getuid());
1.8 art 80:
81: memset (&principal, 0, sizeof(principal));
82: memset (&default_principal, 0, sizeof(default_principal));
83:
84: krb_get_default_principal (default_principal.name,
85: default_principal.instance,
86: default_principal.realm);
87:
1.11 aaron 88: while ((c = getopt(argc, argv, "u:n:i:r:h")) != -1) {
1.8 art 89: switch (c) {
90: case 'u':
91: status = krb_parse_name (optarg, &principal);
92: if (status != KSUCCESS)
93: errx (2, "%s", krb_get_err_text(status));
94: if (principal.realm[0])
95: realm_given++;
96: else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS)
97: errx (1, "Could not find default realm!");
98: break;
99: case 'n':
100: if (k_isname(optarg))
101: strncpy(principal.name, optarg, sizeof(principal.name) - 1);
102: else {
103: warnx("Bad name: %s", optarg);
104: usage(1);
105: }
106: break;
107: case 'i':
108: if (k_isinst(optarg))
109: strncpy(principal.instance,
110: optarg,
111: sizeof(principal.instance) - 1);
112: else {
113: warnx("Bad instance: %s", optarg);
114: usage(1);
115: }
116: break;
117: case 'r':
118: if (k_isrealm(optarg)) {
119: strncpy(principal.realm, optarg, sizeof(principal.realm) - 1);
120: realm_given++;
121: } else {
122: warnx("Bad realm: %s", optarg);
123: usage(1);
124: }
125: break;
126: case 'h':
127: usage(0);
128: break;
129: default:
130: usage(1);
131: break;
132: }
133: use_default = 0;
134: }
135: if (optind < argc) {
136: use_default = 0;
137: status = krb_parse_name (argv[optind], &principal);
138: if(status != KSUCCESS)
139: errx (1, "%s", krb_get_err_text (status));
140: }
141:
142: if (use_default) {
143: strncpy(principal.name, default_principal.name, ANAME_SZ - 1);
144: principal.name[ANAME_SZ - 1] = '\0';
145: strncpy(principal.instance, default_principal.instance, INST_SZ - 1);
146: principal.instance[INST_SZ - 1] = '\0';
147: strncpy(principal.realm, default_principal.realm, REALM_SZ - 1);
148: principal.realm[REALM_SZ - 1] = '\0';
149: } else {
150: if (!principal.name[0]) {
151: strncpy(principal.name, default_principal.name, ANAME_SZ - 1);
152: principal.name[ANAME_SZ - 1] = '\0';
153: }
154: if (!principal.realm[0]) {
155: strncpy(principal.realm, default_principal.realm, REALM_SZ - 1);
156: principal.realm[REALM_SZ - 1] = '\0';
157: }
158: }
159:
160: snprintf(tktstring, sizeof(tktstring),
1.13 ! hin 161: "%s_cpw_%u", TKT_ROOT, (unsigned)getpid());
1.8 art 162: krb_set_tkt_string(tktstring);
163:
164: if (get_pw_new_pwd(pword, sizeof(pword), &principal,
165: realm_given)) {
166: dest_tkt ();
1.1 deraadt 167: exit(1);
1.8 art 168: }
169:
170: status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm);
171: if (status != KADM_SUCCESS)
172: com_err(argv[0], status, "while initializing");
173: else {
174: des_cblock newkey;
175: char *pw_msg; /* message from server */
176:
177: des_string_to_key(pword, &newkey);
178: status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg);
179: memset(newkey, 0, sizeof(newkey));
180:
181: if (status == KADM_INSECURE_PW)
182: warnx ("Insecure password: %s", pw_msg);
183: else if (status != KADM_SUCCESS)
184: com_err(argv[0], status, " attempting to change password.");
185: }
186: memset(pword, 0, sizeof(pword));
187:
188: if (status != KADM_SUCCESS)
189: fprintf(stderr,"Password NOT changed.\n");
190: else
191: printf("Password changed.\n");
192:
193: dest_tkt();
194: if (status)
195: return 2;
196: else
197: return 0;
1.1 deraadt 198: }
199:
200: #endif /* KERBEROS */