Annotation of src/usr.bin/passwd/krb_passwd.c, Revision 1.9
1.9 ! art 1: /* $OpenBSD$ */
1.8 art 2: /* $KTH: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $ */
1.4 deraadt 3:
1.9 ! art 4: /*
! 5: * This source code is no longer held under any constraint of USA
! 6: * `cryptographic laws' since it was exported legally. The cryptographic
! 7: * functions were removed from the code and a "Bones" distribution was
! 8: * made. A Commodity Jurisdiction Request #012-94 was filed with the
! 9: * USA State Department, who handed it to the Commerce department. The
! 10: * code was determined to fall under General License GTDA under ECCN 5D96G,
! 11: * and hence exportable. The cryptographic interfaces were re-added by Eric
! 12: * Young, and then KTH proceeded to maintain the code in the free world.
! 13: *
! 14: */
! 15:
1.8 art 16: /*
1.9 ! art 17: * Copyright (C) 1989 by the Massachusetts Institute of Technology
! 18: *
! 19: * Export of this software from the United States of America is assumed
! 20: * to require a specific license from the United States Government.
! 21: * It is the responsibility of any person or organization contemplating
! 22: * export to obtain such a license before exporting.
! 23: *
! 24: * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
! 25: * distribute this software and its documentation for any purpose and
! 26: * without fee is hereby granted, provided that the above copyright
! 27: * notice appear in all copies and that both that copyright notice and
! 28: * this permission notice appear in supporting documentation, and that
! 29: * the name of M.I.T. not be used in advertising or publicity pertaining
! 30: * to distribution of the software without specific, written prior
! 31: * permission. M.I.T. makes no representations about the suitability of
! 32: * this software for any purpose. It is provided "as is" without express
! 33: * or implied warranty.
! 34: *
! 35: */
1.8 art 36:
37: /*
38: * change your password with kerberos
1.1 deraadt 39: */
40:
41: #ifdef KERBEROS
42:
43: #include <sys/types.h>
44: #include <sys/socket.h>
45: #include <sys/time.h>
46: #include <sys/resource.h>
47: #include <netinet/in.h>
1.7 provos 48: #include <des.h>
1.1 deraadt 49: #include <kerberosIV/krb.h>
1.8 art 50: #include <kerberosIV/kadm.h>
51: #include <kerberosIV/kadm_err.h>
1.1 deraadt 52: #include <netdb.h>
53: #include <signal.h>
54: #include <pwd.h>
1.5 weingart 55: #include <err.h>
1.1 deraadt 56: #include <errno.h>
57: #include <stdio.h>
58: #include <string.h>
59: #include <stdlib.h>
1.5 weingart 60: #include <unistd.h>
1.1 deraadt 61:
1.8 art 62: char realm[REALM_SZ];
1.1 deraadt 63:
1.8 art 64: extern void usage(int value);
1.1 deraadt 65:
1.8 art 66: int
67: krb_passwd(int argc, char **argv)
1.1 deraadt 68: {
1.8 art 69: krb_principal principal;
70: krb_principal default_principal;
71: int realm_given = 0; /* True if realm was give on cmdline */
72: int use_default = 1; /* True if we should use default name */
73: int status; /* return code */
74: char pword[MAX_KPW_LEN];
75: int c;
76: char tktstring[MAXPATHLEN];
77:
78: memset (&principal, 0, sizeof(principal));
79: memset (&default_principal, 0, sizeof(default_principal));
80:
81: krb_get_default_principal (default_principal.name,
82: default_principal.instance,
83: default_principal.realm);
84:
85: while ((c = getopt(argc, argv, "u:n:i:r:h")) != EOF) {
86: switch (c) {
87: case 'u':
88: status = krb_parse_name (optarg, &principal);
89: if (status != KSUCCESS)
90: errx (2, "%s", krb_get_err_text(status));
91: if (principal.realm[0])
92: realm_given++;
93: else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS)
94: errx (1, "Could not find default realm!");
95: break;
96: case 'n':
97: if (k_isname(optarg))
98: strncpy(principal.name, optarg, sizeof(principal.name) - 1);
99: else {
100: warnx("Bad name: %s", optarg);
101: usage(1);
102: }
103: break;
104: case 'i':
105: if (k_isinst(optarg))
106: strncpy(principal.instance,
107: optarg,
108: sizeof(principal.instance) - 1);
109: else {
110: warnx("Bad instance: %s", optarg);
111: usage(1);
112: }
113: break;
114: case 'r':
115: if (k_isrealm(optarg)) {
116: strncpy(principal.realm, optarg, sizeof(principal.realm) - 1);
117: realm_given++;
118: } else {
119: warnx("Bad realm: %s", optarg);
120: usage(1);
121: }
122: break;
123: case 'h':
124: usage(0);
125: break;
126: default:
127: usage(1);
128: break;
129: }
130: use_default = 0;
131: }
132: if (optind < argc) {
133: use_default = 0;
134: status = krb_parse_name (argv[optind], &principal);
135: if(status != KSUCCESS)
136: errx (1, "%s", krb_get_err_text (status));
137: }
138:
139: if (use_default) {
140: strncpy(principal.name, default_principal.name, ANAME_SZ - 1);
141: principal.name[ANAME_SZ - 1] = '\0';
142: strncpy(principal.instance, default_principal.instance, INST_SZ - 1);
143: principal.instance[INST_SZ - 1] = '\0';
144: strncpy(principal.realm, default_principal.realm, REALM_SZ - 1);
145: principal.realm[REALM_SZ - 1] = '\0';
146: } else {
147: if (!principal.name[0]) {
148: strncpy(principal.name, default_principal.name, ANAME_SZ - 1);
149: principal.name[ANAME_SZ - 1] = '\0';
150: }
151: if (!principal.realm[0]) {
152: strncpy(principal.realm, default_principal.realm, REALM_SZ - 1);
153: principal.realm[REALM_SZ - 1] = '\0';
154: }
155: }
156:
157: snprintf(tktstring, sizeof(tktstring),
158: TKT_ROOT "_cpw_%u", (unsigned)getpid());
159: krb_set_tkt_string(tktstring);
160:
161: if (get_pw_new_pwd(pword, sizeof(pword), &principal,
162: realm_given)) {
163: dest_tkt ();
1.1 deraadt 164: exit(1);
1.8 art 165: }
166:
167: status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm);
168: if (status != KADM_SUCCESS)
169: com_err(argv[0], status, "while initializing");
170: else {
171: des_cblock newkey;
172: char *pw_msg; /* message from server */
173:
174: des_string_to_key(pword, &newkey);
175: status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg);
176: memset(newkey, 0, sizeof(newkey));
177:
178: if (status == KADM_INSECURE_PW)
179: warnx ("Insecure password: %s", pw_msg);
180: else if (status != KADM_SUCCESS)
181: com_err(argv[0], status, " attempting to change password.");
182: }
183: memset(pword, 0, sizeof(pword));
184:
185: if (status != KADM_SUCCESS)
186: fprintf(stderr,"Password NOT changed.\n");
187: else
188: printf("Password changed.\n");
189:
190: dest_tkt();
191: if (status)
192: return 2;
193: else
194: return 0;
1.1 deraadt 195: }
196:
197: #endif /* KERBEROS */