Annotation of src/usr.bin/passwd/new_pwd.c, Revision 1.1
1.1 ! art 1: /* $KTH: new_pwd.c,v 1.11 1997/05/02 14:28:54 assar Exp $ */
! 2:
! 3: /*
! 4: * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
! 5: * (Royal Institute of Technology, Stockholm, Sweden).
! 6: * All rights reserved.
! 7: *
! 8: * Redistribution and use in source and binary forms, with or without
! 9: * modification, are permitted provided that the following conditions
! 10: * are met:
! 11: *
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: *
! 15: * 2. Redistributions in binary form must reproduce the above copyright
! 16: * notice, this list of conditions and the following disclaimer in the
! 17: * documentation and/or other materials provided with the distribution.
! 18: *
! 19: * 3. All advertising materials mentioning features or use of this software
! 20: * must display the following acknowledgement:
! 21: * This product includes software developed by the Kungliga Tekniska
! 22: * Högskolan and its contributors.
! 23: *
! 24: * 4. Neither the name of the Institute nor the names of its contributors
! 25: * may be used to endorse or promote products derived from this software
! 26: * without specific prior written permission.
! 27: *
! 28: * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
! 29: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 30: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 31: * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
! 32: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 33: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 34: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 35: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 36: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 37: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 38: * SUCH DAMAGE.
! 39: */
! 40:
! 41: #include <sys/types.h>
! 42: #include <sys/socket.h>
! 43: #include <sys/time.h>
! 44: #include <sys/resource.h>
! 45: #include <netinet/in.h>
! 46: #include <des.h>
! 47: #include <kerberosIV/krb.h>
! 48: #include <kerberosIV/kadm.h>
! 49: #include <stdio.h>
! 50: #include <stdlib.h>
! 51: #include <string.h>
! 52:
! 53: #ifdef NOENCRYPTION
! 54: #define read_long_pw_string placebo_read_pw_string
! 55: #else
! 56: #define read_long_pw_string des_read_pw_string
! 57: #endif
! 58:
! 59: static char *
! 60: check_pw (char *pword)
! 61: {
! 62: if (strlen(pword) == 0)
! 63: return "Null passwords are not allowed - Please enter a longer password.";
! 64:
! 65: if (strlen(pword) < MIN_KPW_LEN)
! 66: return "Password is to short - Please enter a longer password.";
! 67:
! 68: /* Don't allow all lower case passwords regardless of length */
! 69: {
! 70: char *t;
! 71: for (t = pword; *t && islower(*t); t++)
! 72: ;
! 73: if (*t == 0)
! 74: return "Please don't use an all-lower case password.\n"
! 75: "\tUnusual capitalization, delimiter characters or "
! 76: "digits are suggested.";
! 77: }
! 78:
! 79: return NULL;
! 80: }
! 81:
! 82: int
! 83: get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm)
! 84: {
! 85: char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
! 86: char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
! 87:
! 88: char p[MAX_K_NAME_SZ];
! 89:
! 90: char local_realm[REALM_SZ];
! 91: int status;
! 92: char *expl;
! 93:
! 94: /*
! 95: * We don't care about failure; this is to determine whether or
! 96: * not to print the realm in the prompt for a new password.
! 97: */
! 98: krb_get_lrealm(local_realm, 1);
! 99:
! 100: if (strcmp(local_realm, pr->realm))
! 101: print_realm++;
! 102:
! 103: {
! 104: char *q;
! 105: krb_unparse_name_r(pr, p);
! 106: if(print_realm == 0 && (q = strrchr(p, '@')))
! 107: *q = 0;
! 108: }
! 109:
! 110: snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p);
! 111: if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) {
! 112: fprintf(stderr, "Error reading old password.\n");
! 113: return -1;
! 114: }
! 115:
! 116: status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm,
! 117: PWSERV_NAME, KADM_SINST, 1, pword);
! 118: if (status != KSUCCESS) {
! 119: if (status == INTK_BADPW) {
! 120: printf("Incorrect old password.\n");
! 121: return -1;
! 122: }
! 123: else {
! 124: fprintf(stderr, "Kerberos error: %s\n", krb_get_err_text(status));
! 125: return -1;
! 126: }
! 127: }
! 128: memset(pword, 0, pwlen);
! 129:
! 130: do {
! 131: char verify[MAX_KPW_LEN];
! 132: snprintf(npromp, sizeof(npromp), "New Password for %s:",p);
! 133: if (read_long_pw_string(pword, pwlen-1, npromp, 0)) {
! 134: fprintf(stderr,
! 135: "Error reading new password, password unchanged.\n");
! 136: return -1;
! 137: }
! 138: expl = check_pw (pword);
! 139: if (expl) {
! 140: printf("\n\t%s\n\n", expl);
! 141: continue;
! 142: }
! 143: /* Now we got an ok password, verify it. */
! 144: snprintf(npromp, sizeof(npromp), "Verifying New Password for %s:", p);
! 145: if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) {
! 146: fprintf(stderr,
! 147: "Error reading new password, password unchanged.\n");
! 148: return -1;
! 149: }
! 150: if (strcmp(pword, verify) != 0) {
! 151: printf("Verify failure - try again\n");
! 152: expl = ""; /* continue */
! 153: }
! 154: } while (expl);
! 155: return 0;
! 156: }