File Manager

003 File Manager

Current Path: /usr/src/crypto/heimdal/lib/krb5

usr / src / crypto / heimdal / lib / krb5 /

📁 ..
📄 Makefile.am(7.68 KB)
📄 Makefile.in(224.98 KB)
📄 acache.c(26.87 KB)
📄 acl.c(7.58 KB)
📄 add_et_list.c(2.2 KB)
📄 addr_families.c(38.89 KB)
📄 aes-test.c(22.56 KB)
📄 aname_to_localname.c(2.83 KB)
📄 appdefault.c(4.41 KB)
📄 asn1_glue.c(2.37 KB)
📄 auth_context.c(14.97 KB)
📄 build_ap_req.c(2.77 KB)
📄 build_auth.c(5.5 KB)
📄 cache.c(41.88 KB)
📄 ccache_plugin.h(1.67 KB)
📄 changepw.c(20.59 KB)
📄 codec.c(6.1 KB)
📄 config_file.c(31.7 KB)
📄 constants.c(2.51 KB)
📄 context.c(37.71 KB)
📄 convert_creds.c(3.46 KB)
📄 copy_host_realm.c(2.66 KB)
📄 crc.c(2.19 KB)
📄 creds.c(8.75 KB)
📄 crypto-aes.c(4.62 KB)
📄 crypto-algs.c(3.04 KB)
📄 crypto-arcfour.c(8.78 KB)
📄 crypto-des-common.c(4.37 KB)
📄 crypto-des.c(8.8 KB)
📄 crypto-des3.c(5.36 KB)
📄 crypto-evp.c(5.45 KB)
📄 crypto-null.c(2.55 KB)
📄 crypto-pk.c(8.4 KB)
📄 crypto-rand.c(3.43 KB)
📄 crypto-stubs.c(3.1 KB)
📄 crypto.c(66.51 KB)
📄 crypto.h(6.5 KB)
📄 data.c(5.66 KB)
📄 deprecated.c(14.72 KB)
📄 derived-key-test.c(6.48 KB)
📄 digest.c(31.6 KB)
📄 doxygen.c(25.72 KB)
📄 eai_to_heim_errno.c(3.46 KB)
📄 error_string.c(8.93 KB)
📄 expand_hostname.c(5.59 KB)
📄 expand_path.c(12.35 KB)
📄 fcache.c(25.36 KB)
📄 free.c(2.01 KB)
📄 free_host_realm.c(2.1 KB)
📄 generate_seq_number.c(2.03 KB)
📄 generate_subkey.c(2.6 KB)
📄 get_addrs.c(8.2 KB)
📄 get_cred.c(38.45 KB)
📄 get_default_principal.c(4.47 KB)
📄 get_default_realm.c(2.74 KB)
📄 get_for_creds.c(13.48 KB)
📄 get_host_realm.c(7.06 KB)
📄 get_in_tkt.c(14.45 KB)
📄 get_port.c(2.04 KB)
📄 heim_err.et(1.7 KB)
📄 init_creds.c(12.11 KB)
📄 init_creds_pw.c(52.57 KB)
📄 k524_err.et(577 B)
📄 kcm.c(26.55 KB)
📄 kcm.h(2.83 KB)
📄 kerberos.8(4.14 KB)
📄 keyblock.c(5.31 KB)
📄 keytab.c(23.88 KB)
📄 keytab_any.c(6.48 KB)
📄 keytab_file.c(19.7 KB)
📄 keytab_keyfile.c(10.74 KB)
📄 keytab_memory.c(6.29 KB)
📄 krb5-private.h(12.91 KB)
📄 krb5-protos.h(113.43 KB)
📄 krb5-v4compat.h(4.44 KB)
📄 krb5.conf.5(18.31 KB)
📄 krb5.h(29.75 KB)
📄 krb5.moduli(1.11 KB)
📄 krb524_convert_creds_kdc.3(3.12 KB)
📄 krb5_425_conv_principal.3(7.02 KB)
📄 krb5_acl_match_file.3(3.49 KB)
📄 krb5_aname_to_localname.3(2.87 KB)
📄 krb5_appdefault.3(3.08 KB)
📄 krb5_auth_context.3(10.8 KB)
📄 krb5_c_make_checksum.3(6.92 KB)
📄 krb5_ccapi.h(7.52 KB)
📄 krb5_check_transited.3(3.28 KB)
📄 krb5_create_checksum.3(6.02 KB)
📄 krb5_creds.3(3.31 KB)
📄 krb5_digest.3(6.57 KB)
📄 krb5_eai_to_heim_errno.3(2.4 KB)
📄 krb5_encrypt.3(7 KB)
📄 krb5_err.et(12.86 KB)
📄 krb5_find_padata.3(2.53 KB)
📄 krb5_generate_random_block.3(2.1 KB)
📄 krb5_get_all_client_addrs.3(2.83 KB)
📄 krb5_get_credentials.3(5.03 KB)
📄 krb5_get_creds.3(5.28 KB)
📄 krb5_get_forwarded_creds.3(2.74 KB)
📄 krb5_get_in_cred.3(7.46 KB)
📄 krb5_get_init_creds.3(11.03 KB)
📄 krb5_get_krbhst.3(3.26 KB)
📄 krb5_getportbyname.3(2.32 KB)
📄 krb5_init_context.3(7.88 KB)
📄 krb5_is_thread_safe.3(2.24 KB)
📄 krb5_krbhst_init.3(5.67 KB)
📄 krb5_locl.h(8.47 KB)
📄 krb5_mk_req.3(5.18 KB)
📄 krb5_mk_safe.3(2.78 KB)
📄 krb5_openlog.3(7.96 KB)
📄 krb5_parse_name.3(2.57 KB)
📄 krb5_principal.3(11.85 KB)
📄 krb5_rcache.3(4.21 KB)
📄 krb5_rd_error.3(3.33 KB)
📄 krb5_rd_safe.3(2.77 KB)
📄 krb5_set_default_realm.3(4.29 KB)
📄 krb5_set_password.3(4.11 KB)
📄 krb5_string_to_key.3(4.39 KB)
📄 krb5_timeofday.3(3.33 KB)
📄 krb5_verify_init_creds.3(3.51 KB)
📄 krb5_verify_user.3(6.71 KB)
📄 krb_err.et(2.55 KB)
📄 krbhst-test.c(3.02 KB)
📄 krbhst.c(26.94 KB)
📄 kuserok.c(8.14 KB)
📄 locate_plugin.h(2.36 KB)
📄 log.c(11.94 KB)
📄 mcache.c(11.54 KB)
📄 misc.c(3.9 KB)
📄 mit_glue.c(11.14 KB)
📄 mk_error.c(3.23 KB)
📄 mk_priv.c(4.54 KB)
📄 mk_rep.c(3.99 KB)
📄 mk_req.c(3.58 KB)
📄 mk_req_ext.c(4.78 KB)
📄 mk_safe.c(4.36 KB)
📄 n-fold-test.c(4.14 KB)
📄 n-fold.c(3.8 KB)
📄 net_read.c(1.86 KB)
📄 net_write.c(3.05 KB)
📄 pac.c(28.37 KB)
📄 padata.c(2.35 KB)
📄 parse-name-test.c(5.81 KB)
📄 pcache.c(2.33 KB)
📄 pkinit.c(63.8 KB)
📄 plugin.c(13.71 KB)
📄 principal.c(28.4 KB)
📄 prog_setup.c(2.34 KB)
📄 prompter_posix.c(2.45 KB)
📄 rd_cred.c(9.44 KB)
📄 rd_error.c(3.83 KB)
📄 rd_priv.c(5.38 KB)
📄 rd_rep.c(3.72 KB)
📄 rd_req.c(25.6 KB)
📄 rd_safe.c(6.34 KB)
📄 read_message.c(3.22 KB)
📄 recvauth.c(6.16 KB)
📄 replay.c(8.24 KB)
📄 salt-aes.c(3.34 KB)
📄 salt-arcfour.c(3.24 KB)
📄 salt-des.c(6.68 KB)
📄 salt-des3.c(4.36 KB)
📄 salt.c(9 KB)
📄 scache.c(32.86 KB)
📄 send_to_kdc.c(16.06 KB)
📄 send_to_kdc_plugin.h(2.22 KB)
📄 sendauth.c(6.12 KB)
📄 set_default_realm.c(3.01 KB)
📄 sock_principal.c(2.52 KB)
📄 store-int.c(2.14 KB)
📄 store-int.h(2.07 KB)
📄 store-test.c(3.63 KB)
📄 store.c(35.77 KB)
📄 store_emem.c(5.06 KB)
📄 store_fd.c(3.4 KB)
📄 store_mem.c(5.42 KB)
📄 string-to-key-test.c(5.75 KB)
📄 test_acl.c(4.56 KB)
📄 test_addr.c(7.27 KB)
📄 test_alname.c(4.28 KB)
📄 test_cc.c(19.39 KB)
📄 test_config.c(7.92 KB)
📄 test_crypto.c(5.68 KB)
📄 test_crypto_wrapping.c(4.48 KB)
📄 test_forward.c(3.64 KB)
📄 test_get_addrs.c(3.21 KB)
📄 test_hostname.c(3.82 KB)
📄 test_keytab.c(7.42 KB)
📄 test_kuserok.c(2.9 KB)
📄 test_mem.c(2.21 KB)
📄 test_pac.c(15.1 KB)
📄 test_pkinit_dh2key.c(6.9 KB)
📄 test_plugin.c(3.4 KB)
📄 test_prf.c(3.21 KB)
📄 test_princ.c(10.44 KB)
📄 test_renew.c(3.22 KB)
📄 test_store.c(7.96 KB)
📄 test_time.c(2.57 KB)
📄 ticket.c(21.91 KB)
📄 time.c(3.84 KB)
📄 transited.c(11.11 KB)
📄 verify_init.c(6.47 KB)
📄 verify_krb5_conf.8(3.41 KB)
📄 verify_krb5_conf.c(20.63 KB)
📄 verify_user.c(7 KB)
📄 version-script.map(18.82 KB)
📄 version.c(1.71 KB)
📄 warn.c(8.98 KB)
📄 write_message.c(2.87 KB)

Editing: changepw.c

/*
 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the Institute nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "krb5_locl.h"

#undef __attribute__
#define __attribute__(X)

static void
str2data (krb5_data *d,
	  const char *fmt,
	  ...) __attribute__ ((format (printf, 2, 3)));

static void
str2data (krb5_data *d,
	  const char *fmt,
	  ...)
{
    va_list args;
    char *str;

va_start(args, fmt);
    d->length = vasprintf (&str, fmt, args);
    va_end(args);
    d->data = str;
}

/*
 * Change password protocol defined by
 * draft-ietf-cat-kerb-chg-password-02.txt
 *
 * Share the response part of the protocol with MS set password
 * (RFC3244)
 */

static krb5_error_code
chgpw_send_request (krb5_context context,
		    krb5_auth_context *auth_context,
		    krb5_creds *creds,
		    krb5_principal targprinc,
		    int is_stream,
		    rk_socket_t sock,
		    const char *passwd,
		    const char *host)
{
    krb5_error_code ret;
    krb5_data ap_req_data;
    krb5_data krb_priv_data;
    krb5_data passwd_data;
    size_t len;
    u_char header[6];
    struct iovec iov[3];
    struct msghdr msghdr;

if (is_stream)
	return KRB5_KPASSWD_MALFORMED;

if (targprinc &&
	krb5_principal_compare(context, creds->client, targprinc) != TRUE)
	return KRB5_KPASSWD_MALFORMED;

krb5_data_zero (&ap_req_data);

ret = krb5_mk_req_extended (context,
				auth_context,
				AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
				NULL, /* in_data */
				creds,
				&ap_req_data);
    if (ret)
	return ret;

passwd_data.data   = rk_UNCONST(passwd);
    passwd_data.length = strlen(passwd);

krb5_data_zero (&krb_priv_data);

ret = krb5_mk_priv (context,
			*auth_context,
			&passwd_data,
			&krb_priv_data,
			NULL);
    if (ret)
	goto out2;

len = 6 + ap_req_data.length + krb_priv_data.length;
    header[0] = (len >> 8) & 0xFF;
    header[1] = (len >> 0) & 0xFF;
    header[2] = 0;
    header[3] = 1;
    header[4] = (ap_req_data.length >> 8) & 0xFF;
    header[5] = (ap_req_data.length >> 0) & 0xFF;

memset(&msghdr, 0, sizeof(msghdr));
    msghdr.msg_name       = NULL;
    msghdr.msg_namelen    = 0;
    msghdr.msg_iov        = iov;
    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
#if 0
    msghdr.msg_control    = NULL;
    msghdr.msg_controllen = 0;
#endif

iov[0].iov_base    = (void*)header;
    iov[0].iov_len     = 6;
    iov[1].iov_base    = ap_req_data.data;
    iov[1].iov_len     = ap_req_data.length;
    iov[2].iov_base    = krb_priv_data.data;
    iov[2].iov_len     = krb_priv_data.length;

if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) {
	ret = rk_SOCK_ERRNO;
	krb5_set_error_message(context, ret, "sendmsg %s: %s",
			       host, strerror(ret));
    }

krb5_data_free (&krb_priv_data);
out2:
    krb5_data_free (&ap_req_data);
    return ret;
}

/*
 * Set password protocol as defined by RFC3244 --
 * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
 */

static krb5_error_code
setpw_send_request (krb5_context context,
		    krb5_auth_context *auth_context,
		    krb5_creds *creds,
		    krb5_principal targprinc,
		    int is_stream,
		    rk_socket_t sock,
		    const char *passwd,
		    const char *host)
{
    krb5_error_code ret;
    krb5_data ap_req_data;
    krb5_data krb_priv_data;
    krb5_data pwd_data;
    ChangePasswdDataMS chpw;
    size_t len = 0;
    u_char header[4 + 6];
    u_char *p;
    struct iovec iov[3];
    struct msghdr msghdr;

krb5_data_zero (&ap_req_data);

ret = krb5_mk_req_extended (context,
				auth_context,
				AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
				NULL, /* in_data */
				creds,
				&ap_req_data);
    if (ret)
	return ret;

chpw.newpasswd.length = strlen(passwd);
    chpw.newpasswd.data = rk_UNCONST(passwd);
    if (targprinc) {
	chpw.targname = &targprinc->name;
	chpw.targrealm = &targprinc->realm;
    } else {
	chpw.targname = NULL;
	chpw.targrealm = NULL;
    }

ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
		       &chpw, &len, ret);
    if (ret) {
	krb5_data_free (&ap_req_data);
	return ret;
    }

if(pwd_data.length != len)
	krb5_abortx(context, "internal error in ASN.1 encoder");

ret = krb5_mk_priv (context,
			*auth_context,
			&pwd_data,
			&krb_priv_data,
			NULL);
    if (ret)
	goto out2;

len = 6 + ap_req_data.length + krb_priv_data.length;
    p = header;
    if (is_stream) {
	_krb5_put_int(p, len, 4);
	p += 4;
    }
    *p++ = (len >> 8) & 0xFF;
    *p++ = (len >> 0) & 0xFF;
    *p++ = 0xff;
    *p++ = 0x80;
    *p++ = (ap_req_data.length >> 8) & 0xFF;
    *p   = (ap_req_data.length >> 0) & 0xFF;

iov[0].iov_base    = (void*)header;
    if (is_stream)
	iov[0].iov_len     = 10;
    else
	iov[0].iov_len     = 6;
    iov[1].iov_base    = ap_req_data.data;
    iov[1].iov_len     = ap_req_data.length;
    iov[2].iov_base    = krb_priv_data.data;
    iov[2].iov_len     = krb_priv_data.length;

if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) {
	ret = rk_SOCK_ERRNO;
	krb5_set_error_message(context, ret, "sendmsg %s: %s",
			       host, strerror(ret));
    }

krb5_data_free (&krb_priv_data);
out2:
    krb5_data_free (&ap_req_data);
    krb5_data_free (&pwd_data);
    return ret;
}

static krb5_error_code
process_reply (krb5_context context,
	       krb5_auth_context auth_context,
	       int is_stream,
	       rk_socket_t sock,
	       int *result_code,
	       krb5_data *result_code_string,
	       krb5_data *result_string,
	       const char *host)
{
    krb5_error_code ret;
    u_char reply[1024 * 3];
    size_t len;
    uint16_t pkt_len, pkt_ver;
    krb5_data ap_rep_data;
    int save_errno;

len = 0;
    if (is_stream) {
	while (len < sizeof(reply)) {
	    unsigned long size;

ret = recvfrom (sock, reply + len, sizeof(reply) - len,
			    0, NULL, NULL);
	    if (rk_IS_SOCKET_ERROR(ret)) {
		save_errno = rk_SOCK_ERRNO;
		krb5_set_error_message(context, save_errno,
				       "recvfrom %s: %s",
				       host, strerror(save_errno));
		return save_errno;
	    } else if (ret == 0) {
		krb5_set_error_message(context, 1,"recvfrom timeout %s", host);
		return 1;
	    }
	    len += ret;
	    if (len < 4)
		continue;
	    _krb5_get_int(reply, &size, 4);
	    if (size + 4 < len)
		continue;
	    memmove(reply, reply + 4, size);
	    len = size;
	    break;
	}
	if (len == sizeof(reply)) {
	    krb5_set_error_message(context, ENOMEM,
				   N_("Message too large from %s", "host"),
				   host);
	    return ENOMEM;
	}
    } else {
	ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
	if (rk_IS_SOCKET_ERROR(ret)) {
	    save_errno = rk_SOCK_ERRNO;
	    krb5_set_error_message(context, save_errno,
				   "recvfrom %s: %s",
				   host, strerror(save_errno));
	    return save_errno;
	}
	len = ret;
    }

if (len < 6) {
	str2data (result_string, "server %s sent to too short message "
		  "(%zu bytes)", host, len);
	*result_code = KRB5_KPASSWD_MALFORMED;
	return 0;
    }

pkt_len = (reply[0] << 8) | (reply[1]);
    pkt_ver = (reply[2] << 8) | (reply[3]);

if ((pkt_len != len) || (reply[1] == 0x7e || reply[1] == 0x5e)) {
	KRB_ERROR error;
	size_t size;
	u_char *p;

memset(&error, 0, sizeof(error));

ret = decode_KRB_ERROR(reply, len, &error, &size);
	if (ret)
	    return ret;

if (error.e_data->length < 2) {
	    str2data(result_string, "server %s sent too short "
		     "e_data to print anything usable", host);
	    free_KRB_ERROR(&error);
	    *result_code = KRB5_KPASSWD_MALFORMED;
	    return 0;
	}

p = error.e_data->data;
	*result_code = (p[0] << 8) | p[1];
	if (error.e_data->length == 2)
	    str2data(result_string, "server only sent error code");
	else
	    krb5_data_copy (result_string,
			    p + 2,
			    error.e_data->length - 2);
	free_KRB_ERROR(&error);
	return 0;
    }

if (pkt_len != len) {
	str2data (result_string, "client: wrong len in reply");
	*result_code = KRB5_KPASSWD_MALFORMED;
	return 0;
    }
    if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
	str2data (result_string,
		  "client: wrong version number (%d)", pkt_ver);
	*result_code = KRB5_KPASSWD_MALFORMED;
	return 0;
    }

ap_rep_data.data = reply + 6;
    ap_rep_data.length  = (reply[4] << 8) | (reply[5]);

if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) {
	str2data (result_string, "client: wrong AP len in reply");
	*result_code = KRB5_KPASSWD_MALFORMED;
	return 0;
    }

if (ap_rep_data.length) {
	krb5_ap_rep_enc_part *ap_rep;
	krb5_data priv_data;
	u_char *p;

priv_data.data   = (u_char*)ap_rep_data.data + ap_rep_data.length;
	priv_data.length = len - ap_rep_data.length - 6;

ret = krb5_rd_rep (context,
			   auth_context,
			   &ap_rep_data,
			   &ap_rep);
	if (ret)
	    return ret;

krb5_free_ap_rep_enc_part (context, ap_rep);

ret = krb5_rd_priv (context,
			    auth_context,
			    &priv_data,
			    result_code_string,
			    NULL);
	if (ret) {
	    krb5_data_free (result_code_string);
	    return ret;
	}

if (result_code_string->length < 2) {
	    *result_code = KRB5_KPASSWD_MALFORMED;
	    str2data (result_string,
		      "client: bad length in result");
	    return 0;
	}

p = result_code_string->data;

*result_code = (p[0] << 8) | p[1];
        krb5_data_copy (result_string,
                        (unsigned char*)result_code_string->data + 2,
                        result_code_string->length - 2);
        return 0;
    } else {
	KRB_ERROR error;
	size_t size;
	u_char *p;

ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
	if (ret) {
	    return ret;
	}
	if (error.e_data->length < 2) {
	    krb5_warnx (context, "too short e_data to print anything usable");
	    return 1;		/* XXX */
	}

p = error.e_data->data;
	*result_code = (p[0] << 8) | p[1];
	krb5_data_copy (result_string,
			p + 2,
			error.e_data->length - 2);
	return 0;
    }
}

/*
 * change the password using the credentials in `creds' (for the
 * principal indicated in them) to `newpw', storing the result of
 * the operation in `result_*' and an error code or 0.
 */

typedef krb5_error_code (*kpwd_send_request) (krb5_context,
					      krb5_auth_context *,
					      krb5_creds *,
					      krb5_principal,
					      int,
					      rk_socket_t,
					      const char *,
					      const char *);
typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
					       krb5_auth_context,
					       int,
					       rk_socket_t,
					       int *,
					       krb5_data *,
					       krb5_data *,
					       const char *);

static struct kpwd_proc {
    const char *name;
    int flags;
#define SUPPORT_TCP	1
#define SUPPORT_UDP	2
    kpwd_send_request send_req;
    kpwd_process_reply process_rep;
} procs[] = {
    {
	"MS set password",
	SUPPORT_TCP|SUPPORT_UDP,
	setpw_send_request,
	process_reply
    },
    {
	"change password",
	SUPPORT_UDP,
	chgpw_send_request,
	process_reply
    },
    { NULL, 0, NULL, NULL }
};

/*
 *
 */

static krb5_error_code
change_password_loop (krb5_context	context,
		      krb5_creds	*creds,
		      krb5_principal	targprinc,
		      const char	*newpw,
		      int		*result_code,
		      krb5_data		*result_code_string,
		      krb5_data		*result_string,
		      struct kpwd_proc	*proc)
{
    krb5_error_code ret;
    krb5_auth_context auth_context = NULL;
    krb5_krbhst_handle handle = NULL;
    krb5_krbhst_info *hi;
    rk_socket_t sock;
    unsigned int i;
    int done = 0;
    krb5_realm realm;

if (targprinc)
	realm = targprinc->realm;
    else
	realm = creds->client->realm;

ret = krb5_auth_con_init (context, &auth_context);
    if (ret)
	return ret;

krb5_auth_con_setflags (context, auth_context,
			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);

ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle);
    if (ret)
	goto out;

while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) {
	struct addrinfo *ai, *a;
	int is_stream;

switch (hi->proto) {
	case KRB5_KRBHST_UDP:
	    if ((proc->flags & SUPPORT_UDP) == 0)
		continue;
	    is_stream = 0;
	    break;
	case KRB5_KRBHST_TCP:
	    if ((proc->flags & SUPPORT_TCP) == 0)
		continue;
	    is_stream = 1;
	    break;
	default:
	    continue;
	}

ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
	if (ret)
	    continue;

for (a = ai; !done && a != NULL; a = a->ai_next) {
	    int replied = 0;

sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol);
	    if (rk_IS_BAD_SOCKET(sock))
		continue;
	    rk_cloexec(sock);

ret = connect(sock, a->ai_addr, a->ai_addrlen);
	    if (rk_IS_SOCKET_ERROR(ret)) {
		rk_closesocket (sock);
		goto out;
	    }

ret = krb5_auth_con_genaddrs (context, auth_context, sock,
					  KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
	    if (ret) {
		rk_closesocket (sock);
		goto out;
	    }

for (i = 0; !done && i < 5; ++i) {
		fd_set fdset;
		struct timeval tv;

if (!replied) {
		    replied = 0;

ret = (*proc->send_req) (context,
					     &auth_context,
					     creds,
					     targprinc,
					     is_stream,
					     sock,
					     newpw,
					     hi->hostname);
		    if (ret) {
			rk_closesocket(sock);
			goto out;
		    }
		}

#ifndef NO_LIMIT_FD_SETSIZE
		if (sock >= FD_SETSIZE) {
		    ret = ERANGE;
		    krb5_set_error_message(context, ret,
					   "fd %d too large", sock);
		    rk_closesocket (sock);
		    goto out;
		}
#endif

FD_ZERO(&fdset);
		FD_SET(sock, &fdset);
		tv.tv_usec = 0;
		tv.tv_sec  = 1 + (1 << i);

ret = select (sock + 1, &fdset, NULL, NULL, &tv);
		if (rk_IS_SOCKET_ERROR(ret) && rk_SOCK_ERRNO != EINTR) {
		    rk_closesocket(sock);
		    goto out;
		}
		if (ret == 1) {
		    ret = (*proc->process_rep) (context,
						auth_context,
						is_stream,
						sock,
						result_code,
						result_code_string,
						result_string,
						hi->hostname);
		    if (ret == 0)
			done = 1;
		    else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
			replied = 1;
		} else {
		    ret = KRB5_KDC_UNREACH;
		}
	    }
	    rk_closesocket (sock);
	}
    }

out:
    krb5_krbhst_free (context, handle);
    krb5_auth_con_free (context, auth_context);

if (ret == KRB5_KDC_UNREACH) {
	krb5_set_error_message(context,
			       ret,
			       N_("Unable to reach any changepw server "
				 " in realm %s", "realm"), realm);
	*result_code = KRB5_KPASSWD_HARDERROR;
    }
    return ret;
}

#ifndef HEIMDAL_SMALLER

static struct kpwd_proc *
find_chpw_proto(const char *name)
{
    struct kpwd_proc *p;
    for (p = procs; p->name != NULL; p++) {
	if (strcmp(p->name, name) == 0)
	    return p;
    }
    return NULL;
}

/**
 * Deprecated: krb5_change_password() is deprecated, use krb5_set_password().
 *
 * @param context a Keberos context
 * @param creds
 * @param newpw
 * @param result_code
 * @param result_code_string
 * @param result_string
 *
 * @return On sucess password is changed.

* @ingroup @krb5_deprecated
 */

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_change_password (krb5_context	context,
		      krb5_creds	*creds,
		      const char	*newpw,
		      int		*result_code,
		      krb5_data		*result_code_string,
		      krb5_data		*result_string)
    KRB5_DEPRECATED_FUNCTION("Use X instead")
{
    struct kpwd_proc *p = find_chpw_proto("change password");

*result_code = KRB5_KPASSWD_MALFORMED;
    result_code_string->data = result_string->data = NULL;
    result_code_string->length = result_string->length = 0;

if (p == NULL)
	return KRB5_KPASSWD_MALFORMED;

return change_password_loop(context, creds, NULL, newpw,
				result_code, result_code_string,
				result_string, p);
}
#endif /* HEIMDAL_SMALLER */

/**
 * Change password using creds.
 *
 * @param context a Keberos context
 * @param creds The initial kadmin/passwd for the principal or an admin principal
 * @param newpw The new password to set
 * @param targprinc if unset, the default principal is used.
 * @param result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed.
 * @param result_code_string binary message from the server, contains
 * at least the result_code.
 * @param result_string A message from the kpasswd service or the
 * library in human printable form. The string is NUL terminated.
 *
 * @return On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed.

* @ingroup @krb5
 */

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password(krb5_context context,
		  krb5_creds *creds,
		  const char *newpw,
		  krb5_principal targprinc,
		  int *result_code,
		  krb5_data *result_code_string,
		  krb5_data *result_string)
{
    krb5_principal principal = NULL;
    krb5_error_code ret = 0;
    int i;

*result_code = KRB5_KPASSWD_MALFORMED;
    krb5_data_zero(result_code_string);
    krb5_data_zero(result_string);

if (targprinc == NULL) {
	ret = krb5_get_default_principal(context, &principal);
	if (ret)
	    return ret;
    } else
	principal = targprinc;

for (i = 0; procs[i].name != NULL; i++) {
	*result_code = 0;
	ret = change_password_loop(context, creds, principal, newpw,
				   result_code, result_code_string,
				   result_string,
				   &procs[i]);
	if (ret == 0 && *result_code == 0)
	    break;
    }

if (targprinc == NULL)
	krb5_free_principal(context, principal);
    return ret;
}

/*
 *
 */

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password_using_ccache(krb5_context context,
			       krb5_ccache ccache,
			       const char *newpw,
			       krb5_principal targprinc,
			       int *result_code,
			       krb5_data *result_code_string,
			       krb5_data *result_string)
{
    krb5_creds creds, *credsp;
    krb5_error_code ret;
    krb5_principal principal = NULL;

*result_code = KRB5_KPASSWD_MALFORMED;
    result_code_string->data = result_string->data = NULL;
    result_code_string->length = result_string->length = 0;

memset(&creds, 0, sizeof(creds));

if (targprinc == NULL) {
	ret = krb5_cc_get_principal(context, ccache, &principal);
	if (ret)
	    return ret;
    } else
	principal = targprinc;

ret = krb5_make_principal(context, &creds.server,
			      krb5_principal_get_realm(context, principal),
			      "kadmin", "changepw", NULL);
    if (ret)
	goto out;

ret = krb5_cc_get_principal(context, ccache, &creds.client);
    if (ret) {
        krb5_free_principal(context, creds.server);
	goto out;
    }

ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
    krb5_free_principal(context, creds.server);
    krb5_free_principal(context, creds.client);
    if (ret)
	goto out;

ret = krb5_set_password(context,
			    credsp,
			    newpw,
			    principal,
			    result_code,
			    result_code_string,
			    result_string);

krb5_free_creds(context, credsp);

return ret;
 out:
    if (targprinc == NULL)
	krb5_free_principal(context, principal);
    return ret;
}

/*
 *
 */

KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_passwd_result_to_string (krb5_context context,
			      int result)
{
    static const char *strings[] = {
	"Success",
	"Malformed",
	"Hard error",
	"Auth error",
	"Soft error" ,
	"Access denied",
	"Bad version",
	"Initial flag needed"
    };

if (result < 0 || result > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)
	return "unknown result code";
    else
	return strings[result];
}

003 File Manager

Editing: changepw.c

Upload File

Create Folder