Annotation of src/usr.bin/passwd/krb_passwd.c, Revision 1.14
1.14 ! hugh 1: /* $OpenBSD: krb_passwd.c,v 1.13 2000/02/25 22:09:14 hin Exp $ */
1.8 art 2: /* $KTH: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $ */
1.4 deraadt 3:
1.9 art 4: /*
5: * This source code is no longer held under any constraint of USA
6: * `cryptographic laws' since it was exported legally. The cryptographic
7: * functions were removed from the code and a "Bones" distribution was
8: * made. A Commodity Jurisdiction Request #012-94 was filed with the
9: * USA State Department, who handed it to the Commerce department. The
10: * code was determined to fall under General License GTDA under ECCN 5D96G,
11: * and hence exportable. The cryptographic interfaces were re-added by Eric
12: * Young, and then KTH proceeded to maintain the code in the free world.
13: *
14: */
15:
1.8 art 16: /*
1.9 art 17: * Copyright (C) 1989 by the Massachusetts Institute of Technology
18: *
19: * Export of this software from the United States of America is assumed
20: * to require a specific license from the United States Government.
21: * It is the responsibility of any person or organization contemplating
22: * export to obtain such a license before exporting.
23: *
24: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
25: * distribute this software and its documentation for any purpose and
26: * without fee is hereby granted, provided that the above copyright
27: * notice appear in all copies and that both that copyright notice and
28: * this permission notice appear in supporting documentation, and that
29: * the name of M.I.T. not be used in advertising or publicity pertaining
30: * to distribution of the software without specific, written prior
31: * permission. M.I.T. makes no representations about the suitability of
32: * this software for any purpose. It is provided "as is" without express
33: * or implied warranty.
34: *
35: */
1.8 art 36:
37: /*
38: * change your password with kerberos
1.1 deraadt 39: */
40:
41: #ifdef KERBEROS
42:
43: #include <sys/types.h>
44: #include <sys/socket.h>
45: #include <sys/time.h>
46: #include <sys/resource.h>
47: #include <netinet/in.h>
1.7 provos 48: #include <des.h>
1.1 deraadt 49: #include <kerberosIV/krb.h>
1.8 art 50: #include <kerberosIV/kadm.h>
51: #include <kerberosIV/kadm_err.h>
1.1 deraadt 52: #include <netdb.h>
53: #include <signal.h>
54: #include <pwd.h>
1.5 weingart 55: #include <err.h>
1.1 deraadt 56: #include <errno.h>
57: #include <stdio.h>
58: #include <string.h>
59: #include <stdlib.h>
1.5 weingart 60: #include <unistd.h>
1.12 art 61: #include <com_err.h>
1.1 deraadt 62:
1.8 art 63: char realm[REALM_SZ];
1.1 deraadt 64:
1.8 art 65: extern void usage(int value);
1.14 ! hugh 66: extern int get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr,
! 67: int print_realm);
1.1 deraadt 68:
1.8 art 69: int
70: krb_passwd(int argc, char **argv)
1.1 deraadt 71: {
1.8 art 72: krb_principal principal;
73: krb_principal default_principal;
74: int realm_given = 0; /* True if realm was give on cmdline */
75: int use_default = 1; /* True if we should use default name */
76: int status; /* return code */
77: char pword[MAX_KPW_LEN];
78: int c;
79: char tktstring[MAXPATHLEN];
1.10 art 80:
81: seteuid(getuid());
1.8 art 82:
83: memset (&principal, 0, sizeof(principal));
84: memset (&default_principal, 0, sizeof(default_principal));
85:
86: krb_get_default_principal (default_principal.name,
87: default_principal.instance,
88: default_principal.realm);
89:
1.11 aaron 90: while ((c = getopt(argc, argv, "u:n:i:r:h")) != -1) {
1.8 art 91: switch (c) {
92: case 'u':
93: status = krb_parse_name (optarg, &principal);
94: if (status != KSUCCESS)
95: errx (2, "%s", krb_get_err_text(status));
96: if (principal.realm[0])
97: realm_given++;
98: else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS)
99: errx (1, "Could not find default realm!");
100: break;
101: case 'n':
102: if (k_isname(optarg))
103: strncpy(principal.name, optarg, sizeof(principal.name) - 1);
104: else {
105: warnx("Bad name: %s", optarg);
106: usage(1);
107: }
108: break;
109: case 'i':
110: if (k_isinst(optarg))
111: strncpy(principal.instance,
112: optarg,
113: sizeof(principal.instance) - 1);
114: else {
115: warnx("Bad instance: %s", optarg);
116: usage(1);
117: }
118: break;
119: case 'r':
120: if (k_isrealm(optarg)) {
121: strncpy(principal.realm, optarg, sizeof(principal.realm) - 1);
122: realm_given++;
123: } else {
124: warnx("Bad realm: %s", optarg);
125: usage(1);
126: }
127: break;
128: case 'h':
129: usage(0);
130: break;
131: default:
132: usage(1);
133: break;
134: }
135: use_default = 0;
136: }
137: if (optind < argc) {
138: use_default = 0;
139: status = krb_parse_name (argv[optind], &principal);
140: if(status != KSUCCESS)
141: errx (1, "%s", krb_get_err_text (status));
142: }
143:
144: if (use_default) {
145: strncpy(principal.name, default_principal.name, ANAME_SZ - 1);
146: principal.name[ANAME_SZ - 1] = '\0';
147: strncpy(principal.instance, default_principal.instance, INST_SZ - 1);
148: principal.instance[INST_SZ - 1] = '\0';
149: strncpy(principal.realm, default_principal.realm, REALM_SZ - 1);
150: principal.realm[REALM_SZ - 1] = '\0';
151: } else {
152: if (!principal.name[0]) {
153: strncpy(principal.name, default_principal.name, ANAME_SZ - 1);
154: principal.name[ANAME_SZ - 1] = '\0';
155: }
156: if (!principal.realm[0]) {
157: strncpy(principal.realm, default_principal.realm, REALM_SZ - 1);
158: principal.realm[REALM_SZ - 1] = '\0';
159: }
160: }
161:
162: snprintf(tktstring, sizeof(tktstring),
1.13 hin 163: "%s_cpw_%u", TKT_ROOT, (unsigned)getpid());
1.8 art 164: krb_set_tkt_string(tktstring);
165:
166: if (get_pw_new_pwd(pword, sizeof(pword), &principal,
167: realm_given)) {
168: dest_tkt ();
1.1 deraadt 169: exit(1);
1.8 art 170: }
171:
172: status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm);
173: if (status != KADM_SUCCESS)
174: com_err(argv[0], status, "while initializing");
175: else {
176: des_cblock newkey;
177: char *pw_msg; /* message from server */
178:
179: des_string_to_key(pword, &newkey);
180: status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg);
181: memset(newkey, 0, sizeof(newkey));
182:
183: if (status == KADM_INSECURE_PW)
184: warnx ("Insecure password: %s", pw_msg);
185: else if (status != KADM_SUCCESS)
186: com_err(argv[0], status, " attempting to change password.");
187: }
188: memset(pword, 0, sizeof(pword));
189:
190: if (status != KADM_SUCCESS)
191: fprintf(stderr,"Password NOT changed.\n");
192: else
193: printf("Password changed.\n");
194:
195: dest_tkt();
196: if (status)
197: return 2;
198: else
199: return 0;
1.1 deraadt 200: }
201:
202: #endif /* KERBEROS */