Annotation of src/usr.bin/passwd/krb_passwd.c, Revision 1.16
1.16 ! deraadt 1: /* $OpenBSD: krb_passwd.c,v 1.15 2002/06/12 06:07:16 mpech Exp $ */
1.8 art 2: /* $KTH: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $ */
1.4 deraadt 3:
1.9 art 4: /*
5: * This source code is no longer held under any constraint of USA
6: * `cryptographic laws' since it was exported legally. The cryptographic
7: * functions were removed from the code and a "Bones" distribution was
8: * made. A Commodity Jurisdiction Request #012-94 was filed with the
9: * USA State Department, who handed it to the Commerce department. The
10: * code was determined to fall under General License GTDA under ECCN 5D96G,
11: * and hence exportable. The cryptographic interfaces were re-added by Eric
12: * Young, and then KTH proceeded to maintain the code in the free world.
13: *
14: */
15:
1.16 ! deraadt 16: /*
1.9 art 17: * Copyright (C) 1989 by the Massachusetts Institute of Technology
18: *
19: * Export of this software from the United States of America is assumed
20: * to require a specific license from the United States Government.
21: * It is the responsibility of any person or organization contemplating
22: * export to obtain such a license before exporting.
23: *
24: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
25: * distribute this software and its documentation for any purpose and
26: * without fee is hereby granted, provided that the above copyright
27: * notice appear in all copies and that both that copyright notice and
28: * this permission notice appear in supporting documentation, and that
29: * the name of M.I.T. not be used in advertising or publicity pertaining
30: * to distribution of the software without specific, written prior
31: * permission. M.I.T. makes no representations about the suitability of
32: * this software for any purpose. It is provided "as is" without express
33: * or implied warranty.
34: *
35: */
1.8 art 36:
37: /*
38: * change your password with kerberos
1.1 deraadt 39: */
40:
41: #ifdef KERBEROS
42:
43: #include <sys/types.h>
44: #include <sys/socket.h>
45: #include <sys/time.h>
46: #include <sys/resource.h>
47: #include <netinet/in.h>
1.7 provos 48: #include <des.h>
1.1 deraadt 49: #include <kerberosIV/krb.h>
1.8 art 50: #include <kerberosIV/kadm.h>
51: #include <kerberosIV/kadm_err.h>
1.1 deraadt 52: #include <netdb.h>
53: #include <signal.h>
54: #include <pwd.h>
1.5 weingart 55: #include <err.h>
1.1 deraadt 56: #include <errno.h>
57: #include <stdio.h>
58: #include <string.h>
59: #include <stdlib.h>
1.5 weingart 60: #include <unistd.h>
1.12 art 61: #include <com_err.h>
1.1 deraadt 62:
1.8 art 63: char realm[REALM_SZ];
1.1 deraadt 64:
1.8 art 65: extern void usage(int value);
1.14 hugh 66: extern int get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr,
1.16 ! deraadt 67: int print_realm);
1.1 deraadt 68:
1.8 art 69: int
70: krb_passwd(int argc, char **argv)
1.1 deraadt 71: {
1.16 ! deraadt 72: char pword[MAX_KPW_LEN], tktstring[MAXPATHLEN];
! 73: krb_principal default_principal;
! 74: krb_principal principal;
! 75: int realm_given = 0; /* True if realm was give on cmdline */
! 76: int use_default = 1; /* True if we should use default name */
! 77: int status; /* return code */
! 78: int c;
! 79:
! 80: seteuid(getuid());
! 81:
! 82: memset(&principal, 0, sizeof(principal));
! 83: memset(&default_principal, 0, sizeof(default_principal));
! 84:
! 85: krb_get_default_principal(default_principal.name,
! 86: default_principal.instance, default_principal.realm);
! 87:
! 88: while ((c = getopt(argc, argv, "u:n:i:r:h")) != -1) {
! 89: switch (c) {
! 90: case 'u':
! 91: status = krb_parse_name (optarg, &principal);
! 92: if (status != KSUCCESS)
! 93: errx(2, "%s", krb_get_err_text(status));
! 94: if (principal.realm[0])
! 95: realm_given++;
! 96: else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS)
! 97: errx(1, "Could not find default realm!");
! 98: break;
! 99: case 'n':
! 100: if (k_isname(optarg))
! 101: strlcpy(principal.name, optarg,
! 102: sizeof(principal.name));
! 103: else {
! 104: warnx("Bad name: %s", optarg);
! 105: usage(1);
! 106: }
! 107: break;
! 108: case 'i':
! 109: if (k_isinst(optarg))
! 110: strlcpy(principal.instance, optarg,
! 111: sizeof(principal.instance));
! 112: else {
! 113: warnx("Bad instance: %s", optarg);
! 114: usage(1);
! 115: }
! 116: break;
! 117: case 'r':
! 118: if (k_isrealm(optarg)) {
! 119: strlcpy(principal.realm, optarg,
! 120: sizeof(principal.realm));
! 121: realm_given++;
! 122: } else {
! 123: warnx("Bad realm: %s", optarg);
! 124: usage(1);
! 125: }
! 126: break;
! 127: case 'h':
! 128: usage(0);
! 129: break;
! 130: default:
! 131: usage(1);
! 132: break;
! 133: }
! 134: use_default = 0;
! 135: }
! 136: if (optind < argc) {
! 137: use_default = 0;
! 138: status = krb_parse_name(argv[optind], &principal);
! 139: if (status != KSUCCESS)
! 140: errx(1, "%s", krb_get_err_text (status));
! 141: }
! 142:
! 143: if (use_default) {
! 144: strlcpy(principal.name, default_principal.name, ANAME_SZ);
! 145: strlcpy(principal.instance, default_principal.instance, INST_SZ);
! 146: strlcpy(principal.realm, default_principal.realm, REALM_SZ);
! 147: } else {
! 148: if (!principal.name[0])
! 149: strlcpy(principal.name, default_principal.name, ANAME_SZ);
! 150: if (!principal.realm[0])
! 151: strlcpy(principal.realm, default_principal.realm, REALM_SZ);
1.8 art 152: }
1.16 ! deraadt 153:
! 154: snprintf(tktstring, sizeof(tktstring), "%s_cpw_%ld",
! 155: TKT_ROOT, (long)getpid());
! 156: krb_set_tkt_string(tktstring);
! 157:
! 158: if (get_pw_new_pwd(pword, sizeof(pword), &principal, realm_given)) {
! 159: dest_tkt();
! 160: exit(1);
1.8 art 161: }
1.16 ! deraadt 162:
! 163: status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm);
! 164: if (status != KADM_SUCCESS)
! 165: com_err(argv[0], status, "while initializing");
! 166: else {
! 167: des_cblock newkey;
! 168: char *pw_msg; /* message from server */
! 169:
! 170: des_string_to_key(pword, &newkey);
! 171: status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg);
! 172: memset(newkey, 0, sizeof(newkey));
! 173:
! 174: if (status == KADM_INSECURE_PW)
! 175: warnx("Insecure password: %s", pw_msg);
! 176: else if (status != KADM_SUCCESS)
! 177: com_err(argv[0], status, " attempting to change password.");
1.8 art 178: }
1.16 ! deraadt 179: memset(pword, 0, sizeof(pword));
1.8 art 180:
1.16 ! deraadt 181: if (status != KADM_SUCCESS)
! 182: fprintf(stderr,"Password NOT changed.\n");
! 183: else
! 184: printf("Password changed.\n");
! 185:
! 186: dest_tkt();
! 187: if (status)
! 188: return 2;
! 189: else
! 190: return 0;
1.1 deraadt 191: }
192:
193: #endif /* KERBEROS */