version 1.1, 1998/01/20 15:32:20 |
version 1.2, 1998/02/24 20:46:16 |
|
|
static char * |
static char * |
check_pw (char *pword) |
check_pw (char *pword) |
{ |
{ |
if (strlen(pword) == 0) |
char *t; |
return "Null passwords are not allowed - Please enter a longer password."; |
|
|
if (strlen(pword) == 0) |
|
return "Null passwords are not allowed - Please enter a longer password."; |
|
|
if (strlen(pword) < MIN_KPW_LEN) |
if (strlen(pword) < MIN_KPW_LEN) |
return "Password is to short - Please enter a longer password."; |
return "Password is to short - Please enter a longer password."; |
|
|
/* Don't allow all lower case passwords regardless of length */ |
if (strcmp(pword, "s/key") == 0) |
{ |
return "That password collides with a system feature. Choose another.\n"; |
char *t; |
|
|
/* Don't allow all lower case passwords regardless of length */ |
for (t = pword; *t && islower(*t); t++) |
for (t = pword; *t && islower(*t); t++) |
; |
; |
if (*t == 0) |
if (*t == 0) |
return "Please don't use an all-lower case password.\n" |
return "Please don't use an all-lower case password.\n" |
"\tUnusual capitalization, delimiter characters or " |
"\tUnusual capitalization, delimiter characters or " |
"digits are suggested."; |
"digits are suggested."; |
} |
return NULL; |
|
|
return NULL; |
|
} |
} |
|
|
int |
int |
get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm) |
get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm) |
{ |
{ |
char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ |
char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ |
char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ |
char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ |
|
char p[MAX_K_NAME_SZ]; |
|
char local_realm[REALM_SZ]; |
|
int status; |
|
char *expl; |
|
char *q; |
|
|
char p[MAX_K_NAME_SZ]; |
/* |
|
* We don't care about failure; this is to determine whether or |
|
* not to print the realm in the prompt for a new password. |
|
*/ |
|
krb_get_lrealm(local_realm, 1); |
|
|
char local_realm[REALM_SZ]; |
if (strcmp(local_realm, pr->realm)) |
int status; |
print_realm++; |
char *expl; |
|
|
|
/* |
|
* We don't care about failure; this is to determine whether or |
|
* not to print the realm in the prompt for a new password. |
|
*/ |
|
krb_get_lrealm(local_realm, 1); |
|
|
|
if (strcmp(local_realm, pr->realm)) |
|
print_realm++; |
|
|
|
{ |
|
char *q; |
|
krb_unparse_name_r(pr, p); |
krb_unparse_name_r(pr, p); |
if(print_realm == 0 && (q = strrchr(p, '@'))) |
if (print_realm == 0 && (q = strrchr(p, '@'))) |
*q = 0; |
*q = 0; |
} |
|
|
|
snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p); |
snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p); |
if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) { |
if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) { |
fprintf(stderr, "Error reading old password.\n"); |
fprintf(stderr, "Error reading old password.\n"); |
return -1; |
return -1; |
} |
|
|
|
status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm, |
|
PWSERV_NAME, KADM_SINST, 1, pword); |
|
if (status != KSUCCESS) { |
|
if (status == INTK_BADPW) { |
|
printf("Incorrect old password.\n"); |
|
return -1; |
|
} |
} |
else { |
|
fprintf(stderr, "Kerberos error: %s\n", krb_get_err_text(status)); |
|
return -1; |
|
} |
|
} |
|
memset(pword, 0, pwlen); |
|
|
|
do { |
status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm, |
char verify[MAX_KPW_LEN]; |
PWSERV_NAME, KADM_SINST, 1, pword); |
snprintf(npromp, sizeof(npromp), "New Password for %s:",p); |
if (status != KSUCCESS) { |
if (read_long_pw_string(pword, pwlen-1, npromp, 0)) { |
if (status == INTK_BADPW) { |
fprintf(stderr, |
printf("Incorrect old password.\n"); |
"Error reading new password, password unchanged.\n"); |
return -1; |
return -1; |
} else { |
} |
fprintf(stderr, "Kerberos error: %s\n", |
expl = check_pw (pword); |
krb_get_err_text(status)); |
if (expl) { |
return -1; |
printf("\n\t%s\n\n", expl); |
} |
continue; |
|
} |
} |
/* Now we got an ok password, verify it. */ |
memset(pword, 0, pwlen); |
snprintf(npromp, sizeof(npromp), "Verifying New Password for %s:", p); |
|
if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) { |
do { |
fprintf(stderr, |
char verify[MAX_KPW_LEN]; |
"Error reading new password, password unchanged.\n"); |
snprintf(npromp, sizeof(npromp), "New Password for %s:",p); |
return -1; |
if (read_long_pw_string(pword, pwlen-1, npromp, 0)) { |
} |
fprintf(stderr, |
if (strcmp(pword, verify) != 0) { |
"Error reading new password, password unchanged.\n"); |
printf("Verify failure - try again\n"); |
return -1; |
expl = ""; /* continue */ |
} |
} |
expl = check_pw (pword); |
} while (expl); |
if (expl) { |
return 0; |
printf("\n\t%s\n\n", expl); |
|
continue; |
|
} |
|
|
|
/* Now we got an ok password, verify it. */ |
|
snprintf(npromp, sizeof(npromp), |
|
"Verifying New Password for %s:", p); |
|
if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) { |
|
fprintf(stderr, |
|
"Error reading new password, password unchanged.\n"); |
|
return -1; |
|
} |
|
if (strcmp(pword, verify) != 0) { |
|
printf("Verify failure - try again\n"); |
|
expl = ""; /* continue */ |
|
} |
|
} while (expl); |
|
return 0; |
} |
} |