diff options
author | dfr <dfr@FreeBSD.org> | 2008-05-07 13:39:42 +0000 |
---|---|---|
committer | dfr <dfr@FreeBSD.org> | 2008-05-07 13:39:42 +0000 |
commit | 52bf09d8197dd1ec84e1ab72684f2058f0eae9e1 (patch) | |
tree | 07a0d6761d1b42410a27e4c7d583b766d6671f80 /crypto/heimdal/kpasswd | |
parent | 6c68306921f6e85bce52c905cf2606c25acdb436 (diff) | |
parent | 51b6601db456e699ea5d4843cbc7239ee92d9c13 (diff) | |
download | FreeBSD-src-52bf09d8197dd1ec84e1ab72684f2058f0eae9e1.zip FreeBSD-src-52bf09d8197dd1ec84e1ab72684f2058f0eae9e1.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r178825,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/heimdal/kpasswd')
-rw-r--r-- | crypto/heimdal/kpasswd/Makefile.am | 8 | ||||
-rw-r--r-- | crypto/heimdal/kpasswd/Makefile.in | 316 | ||||
-rw-r--r-- | crypto/heimdal/kpasswd/kpasswd-generator.c | 26 | ||||
-rw-r--r-- | crypto/heimdal/kpasswd/kpasswd.1 | 26 | ||||
-rw-r--r-- | crypto/heimdal/kpasswd/kpasswd.c | 227 | ||||
-rw-r--r-- | crypto/heimdal/kpasswd/kpasswd_locl.h | 2 | ||||
-rw-r--r-- | crypto/heimdal/kpasswd/kpasswdd.8 | 14 | ||||
-rw-r--r-- | crypto/heimdal/kpasswd/kpasswdd.c | 427 |
8 files changed, 724 insertions, 322 deletions
diff --git a/crypto/heimdal/kpasswd/Makefile.am b/crypto/heimdal/kpasswd/Makefile.am index 5e287a9..ecfb752 100644 --- a/crypto/heimdal/kpasswd/Makefile.am +++ b/crypto/heimdal/kpasswd/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am,v 1.16 2001/08/28 08:31:29 assar Exp $ +# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_des) +AM_CPPFLAGS += $(INCLUDE_hcrypto) man_MANS = kpasswd.1 kpasswdd.8 @@ -26,6 +26,8 @@ kpasswdd_LDADD = \ $(DBLIB) LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ - $(LIB_des) \ + $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) + +EXTRA_DIST = $(man_MANS) diff --git a/crypto/heimdal/kpasswd/Makefile.in b/crypto/heimdal/kpasswd/Makefile.in index f29cde7..5c0e6db 100644 --- a/crypto/heimdal/kpasswd/Makefile.in +++ b/crypto/heimdal/kpasswd/Makefile.in @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.8.3 from Makefile.am. +# Makefile.in generated by automake 1.10 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,23 +14,17 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.16 2001/08/28 08:31:29 assar Exp $ +# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ -# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ +# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ -# $Id: Makefile.am.common,v 1.37.2.2 2003/10/13 13:15:39 joda Exp $ +# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ -SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c $(kpasswdd_SOURCES) - -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ -top_builddir = .. am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c @@ -42,6 +36,7 @@ POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +build_triplet = @build@ host_triplet = @host@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common \ @@ -52,16 +47,14 @@ noinst_PROGRAMS = kpasswd-generator$(EXEEXT) subdir = kpasswd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 \ + $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ - $(top_srcdir)/cf/broken-getnameinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ $(top_srcdir)/cf/capabilities.m4 \ $(top_srcdir)/cf/check-compile-et.m4 \ - $(top_srcdir)/cf/check-declaration.m4 \ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ $(top_srcdir)/cf/check-man.m4 \ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ @@ -74,6 +67,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ $(top_srcdir)/cf/find-if-not-broken.m4 \ + $(top_srcdir)/cf/framework-security.m4 \ $(top_srcdir)/cf/have-struct-field.m4 \ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ $(top_srcdir)/cf/krb-bigendian.m4 \ @@ -82,19 +76,24 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ - $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ - $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/proto-compat.m4 \ - $(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \ - $(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \ - $(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \ - $(top_srcdir)/cf/with-all.m4 $(top_srcdir)/configure.in + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ + $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ + $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ + $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ + $(top_srcdir)/cf/roken-frag.m4 \ + $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ + $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ + $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ + $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" +am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \ + "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS) @@ -120,17 +119,18 @@ kpasswdd_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include +DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ depcomp = am__depfiles_maybe = COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) -LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c $(kpasswdd_SOURCES) DIST_SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c \ $(kpasswdd_SOURCES) @@ -141,13 +141,7 @@ ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ -AIX4_FALSE = @AIX4_FALSE@ -AIX4_TRUE = @AIX4_TRUE@ -AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@ -AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AIX_FALSE = @AIX_FALSE@ -AIX_TRUE = @AIX_TRUE@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ @@ -157,8 +151,6 @@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ -CATMAN_FALSE = @CATMAN_FALSE@ -CATMAN_TRUE = @CATMAN_TRUE@ CC = @CC@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ @@ -169,11 +161,10 @@ CXXCPP = @CXXCPP@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DBLIB = @DBLIB@ -DCE_FALSE = @DCE_FALSE@ -DCE_TRUE = @DCE_TRUE@ DEFS = @DEFS@ DIR_com_err = @DIR_com_err@ -DIR_des = @DIR_des@ +DIR_hcrypto = @DIR_hcrypto@ +DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ @@ -181,42 +172,27 @@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -EXTRA_LIB45 = @EXTRA_LIB45@ F77 = @F77@ FFLAGS = @FFLAGS@ +GREP = @GREP@ GROFF = @GROFF@ -HAVE_DB1_FALSE = @HAVE_DB1_FALSE@ -HAVE_DB1_TRUE = @HAVE_DB1_TRUE@ -HAVE_DB3_FALSE = @HAVE_DB3_FALSE@ -HAVE_DB3_TRUE = @HAVE_DB3_TRUE@ -HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@ -HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@ -HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@ -HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@ -HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@ -HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@ -HAVE_X_FALSE = @HAVE_X_FALSE@ -HAVE_X_TRUE = @HAVE_X_TRUE@ INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_des = @INCLUDE_des@ +INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IRIX_FALSE = @IRIX_FALSE@ -IRIX_TRUE = @IRIX_TRUE@ -KRB4_FALSE = @KRB4_FALSE@ -KRB4_TRUE = @KRB4_TRUE@ -KRB5_FALSE = @KRB5_FALSE@ -KRB5_TRUE = @KRB5_TRUE@ LDFLAGS = @LDFLAGS@ +LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBADD_roken = @LIBADD_roken@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ @@ -234,12 +210,9 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ -LIB_des = @LIB_des@ -LIB_des_a = @LIB_des_a@ -LIB_des_appl = @LIB_des_appl@ -LIB_des_so = @LIB_des_so@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_door_create = @LIB_door_create@ LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ @@ -249,15 +222,14 @@ LIB_gethostbyname2 = @LIB_gethostbyname2@ LIB_getnameinfo = @LIB_getnameinfo@ LIB_getpwnam_r = @LIB_getpwnam_r@ LIB_getsockopt = @LIB_getsockopt@ +LIB_hcrypto = @LIB_hcrypto@ +LIB_hcrypto_a = @LIB_hcrypto_a@ +LIB_hcrypto_appl = @LIB_hcrypto_appl@ +LIB_hcrypto_so = @LIB_hcrypto_so@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ -LIB_krb_disable_debug = @LIB_krb_disable_debug@ -LIB_krb_enable_debug = @LIB_krb_enable_debug@ -LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@ -LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@ -LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -266,6 +238,7 @@ LIB_openpty = @LIB_openpty@ LIB_otp = @LIB_otp@ LIB_pidfile = @LIB_pidfile@ LIB_readline = @LIB_readline@ +LIB_res_ndestroy = @LIB_res_ndestroy@ LIB_res_nsearch = @LIB_res_nsearch@ LIB_res_search = @LIB_res_search@ LIB_roken = @LIB_roken@ @@ -277,15 +250,10 @@ LIB_tgetent = @LIB_tgetent@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ -MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ -MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ MAKEINFO = @MAKEINFO@ -NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ -NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +MKDIR_P = @MKDIR_P@ NROFF = @NROFF@ OBJEXT = @OBJEXT@ -OTP_FALSE = @OTP_FALSE@ -OTP_TRUE = @OTP_TRUE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ @@ -293,74 +261,80 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ +PTHREADS_LIBS = @PTHREADS_LIBS@ RANLIB = @RANLIB@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +VERSIONING = @VERSIONING@ VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +XMKMF = @XMKMF@ X_CFLAGS = @X_CFLAGS@ X_EXTRA_LIBS = @X_EXTRA_LIBS@ X_LIBS = @X_LIBS@ X_PRE_LIBS = @X_PRE_LIBS@ YACC = @YACC@ -ac_ct_AR = @ac_ct_AR@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_F77 = @ac_ct_F77@ -ac_ct_RANLIB = @ac_ct_RANLIB@ -ac_ct_STRIP = @ac_ct_STRIP@ am__leading_dot = @am__leading_dot@ +am__tar = @am__tar@ +am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ +builddir = @builddir@ datadir = @datadir@ -do_roken_rename_FALSE = @do_roken_rename_FALSE@ -do_roken_rename_TRUE = @do_roken_rename_TRUE@ +datarootdir = @datarootdir@ +docdir = @docdir@ dpagaix_cflags = @dpagaix_cflags@ dpagaix_ldadd = @dpagaix_ldadd@ dpagaix_ldflags = @dpagaix_ldflags@ -el_compat_FALSE = @el_compat_FALSE@ -el_compat_TRUE = @el_compat_TRUE@ +dvidir = @dvidir@ exec_prefix = @exec_prefix@ -have_err_h_FALSE = @have_err_h_FALSE@ -have_err_h_TRUE = @have_err_h_TRUE@ -have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@ -have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@ -have_glob_h_FALSE = @have_glob_h_FALSE@ -have_glob_h_TRUE = @have_glob_h_TRUE@ -have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@ -have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@ -have_vis_h_FALSE = @have_vis_h_FALSE@ -have_vis_h_TRUE = @have_vis_h_TRUE@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ +htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ +localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ +psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ -SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_des) +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ + $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp @@ -377,6 +351,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la +@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la man_MANS = kpasswd.1 kpasswdd.8 kpasswd_SOURCES = kpasswd.c kpasswd_locl.h @@ -391,14 +366,15 @@ kpasswdd_LDADD = \ $(DBLIB) LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ - $(LIB_des) \ + $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) +EXTRA_DIST = $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -430,7 +406,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)" + test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" @list='$(bin_PROGRAMS)'; for p in $$list; do \ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ if test -f $$p \ @@ -458,7 +434,7 @@ clean-binPROGRAMS: done install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)" + test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" @list='$(libexec_PROGRAMS)'; for p in $$list; do \ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ if test -f $$p \ @@ -493,13 +469,13 @@ clean-noinstPROGRAMS: done kpasswd$(EXEEXT): $(kpasswd_OBJECTS) $(kpasswd_DEPENDENCIES) @rm -f kpasswd$(EXEEXT) - $(LINK) $(kpasswd_LDFLAGS) $(kpasswd_OBJECTS) $(kpasswd_LDADD) $(LIBS) + $(LINK) $(kpasswd_OBJECTS) $(kpasswd_LDADD) $(LIBS) kpasswd-generator$(EXEEXT): $(kpasswd_generator_OBJECTS) $(kpasswd_generator_DEPENDENCIES) @rm -f kpasswd-generator$(EXEEXT) - $(LINK) $(kpasswd_generator_LDFLAGS) $(kpasswd_generator_OBJECTS) $(kpasswd_generator_LDADD) $(LIBS) + $(LINK) $(kpasswd_generator_OBJECTS) $(kpasswd_generator_LDADD) $(LIBS) kpasswdd$(EXEEXT): $(kpasswdd_OBJECTS) $(kpasswdd_DEPENDENCIES) @rm -f kpasswdd$(EXEEXT) - $(LINK) $(kpasswdd_LDFLAGS) $(kpasswdd_OBJECTS) $(kpasswdd_LDADD) $(LIBS) + $(LINK) $(kpasswdd_OBJECTS) $(kpasswdd_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -521,13 +497,9 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs - -distclean-libtool: - -rm -f libtool -uninstall-info-am: install-man1: $(man1_MANS) $(man_MANS) @$(NORMAL_INSTALL) - test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)" + test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ @@ -572,7 +544,7 @@ uninstall-man1: done install-man8: $(man8_MANS) $(man_MANS) @$(NORMAL_INSTALL) - test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)" + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ @@ -636,9 +608,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ - test -z "$(ETAGS_ARGS)$$tags$$unique" \ - || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) @@ -663,23 +637,21 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) - $(mkdir_p) $(distdir)/.. $(distdir)/../cf - @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ - list='$(DISTFILES)'; for file in $$list; do \ - case $$file in \ - $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ - $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ - esac; \ + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test "$$dir" != "$$file" && test "$$dir" != "."; then \ - dir="/$$dir"; \ - $(mkdir_p) "$(distdir)$$dir"; \ - else \ - dir=''; \ - fi; \ if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ @@ -699,7 +671,7 @@ check: check-am all-am: Makefile $(PROGRAMS) $(MANS) all-local installdirs: for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \ - test -z "$$dir" || $(mkdir_p) "$$dir"; \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am @@ -720,7 +692,7 @@ mostlyclean-generic: clean-generic: distclean-generic: - -rm -f $(CONFIG_CLEAN_FILES) + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -733,7 +705,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ - distclean-libtool distclean-tags + distclean-tags dvi: dvi-am @@ -749,14 +721,22 @@ install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook +install-dvi: install-dvi-am + install-exec-am: install-binPROGRAMS install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-html: install-html-am + install-info: install-info-am install-man: install-man1 install-man8 +install-pdf: install-pdf-am + +install-ps: install-ps-am + installcheck-am: maintainer-clean: maintainer-clean-am @@ -776,26 +756,33 @@ ps: ps-am ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-info-am \ - uninstall-libexecPROGRAMS uninstall-man +uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \ + uninstall-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-hook uninstall-man: uninstall-man1 uninstall-man8 +.MAKE: install-am install-data-am install-exec-am install-strip \ + uninstall-am + .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ - clean-libtool clean-noinstPROGRAMS ctags distclean \ + clean-libtool clean-noinstPROGRAMS ctags dist-hook distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-binPROGRAMS install-data \ - install-data-am install-exec install-exec-am install-info \ - install-info-am install-libexecPROGRAMS install-man \ - install-man1 install-man8 install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-binPROGRAMS \ - uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \ - uninstall-man1 uninstall-man8 + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-html \ + install-html-am install-info install-info-am \ + install-libexecPROGRAMS install-man install-man1 install-man8 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-hook uninstall-libexecPROGRAMS \ + uninstall-man uninstall-man1 uninstall-man8 install-suid-programs: @@ -810,8 +797,8 @@ install-suid-programs: install-exec-hook: install-suid-programs -install-build-headers:: $(include_HEADERS) $(build_HEADERZ) - @foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ +install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) + @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ for f in $$foo; do \ f=`basename $$f`; \ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ @@ -821,19 +808,31 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ) echo " $(CP) $$file $(buildinclude)/$$f"; \ $(CP) $$file $(buildinclude)/$$f; \ fi ; \ + done ; \ + foo='$(nobase_include_HEADERS)'; \ + for f in $$foo; do \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ done all-local: install-build-headers check-local:: - @if test '$(CHECK_LOCAL)'; then \ + @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ + foo=''; elif test '$(CHECK_LOCAL)'; then \ foo='$(CHECK_LOCAL)'; else \ foo='$(PROGRAMS)'; fi; \ if test "$$foo"; then \ failed=0; all=0; \ for i in $$foo; do \ all=`expr $$all + 1`; \ - if ./$$i --version > /dev/null 2>&1; then \ + if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ echo "PASS: $$i"; \ else \ echo "FAIL: $$i"; \ @@ -849,7 +848,7 @@ check-local:: echo "$$dashes"; \ echo "$$banner"; \ echo "$$dashes"; \ - test "$$failed" -eq 0; \ + test "$$failed" -eq 0 || exit 1; \ fi .x.c: @@ -919,14 +918,39 @@ dist-cat8-mans: dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +uninstall-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) install-data-hook: install-cat-mans +uninstall-hook: uninstall-cat-mans .et.h: $(COMPILE_ET) $< .et.c: $(COMPILE_ET) $< + +# +# Useful target for debugging +# + +check-valgrind: + tobjdir=`cd $(top_builddir) && pwd` ; \ + tsrcdir=`cd $(top_srcdir) && pwd` ; \ + env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + +# +# Target to please samba build farm, builds distfiles in-tree. +# Will break when automake changes... +# + +distdir-in-tree: $(DISTFILES) $(INFO_DEPS) + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" != .; then \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ + fi ; \ + done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/kpasswd/kpasswd-generator.c b/crypto/heimdal/kpasswd/kpasswd-generator.c index 202dcfc..e37f869 100644 --- a/crypto/heimdal/kpasswd/kpasswd-generator.c +++ b/crypto/heimdal/kpasswd/kpasswd-generator.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kpasswd_locl.h" -RCSID("$Id: kpasswd-generator.c,v 1.5 2001/07/31 02:44:42 assar Exp $"); +RCSID("$Id: kpasswd-generator.c 19233 2006-12-06 08:04:05Z lha $"); static unsigned read_words (const char *filename, char ***ret_w) @@ -48,8 +48,7 @@ read_words (const char *filename, char ***ret_w) err (1, "cannot open %s", filename); alloc = n = 0; while (fgets (buf, sizeof(buf), f) != NULL) { - if (buf[strlen (buf) - 1] == '\n') - buf[strlen (buf) - 1] = '\0'; + buf[strcspn(buf, "\r\n")] = '\0'; if (n >= alloc) { alloc += 16; w = erealloc (w, alloc * sizeof(char **)); @@ -57,6 +56,8 @@ read_words (const char *filename, char ***ret_w) w[n++] = estrdup (buf); } *ret_w = w; + if (n == 0) + errx(1, "%s is an empty file, no words to try", filename); return n; } @@ -88,17 +89,17 @@ generate_requests (const char *filename, unsigned nreq) for (i = 0; i < nreq; ++i) { char *name = words[rand() % nwords]; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt; krb5_creds cred; krb5_principal principal; int result_code; krb5_data result_code_string, result_string; char *old_pwd, *new_pwd; - krb5_get_init_creds_opt_init (&opt); - krb5_get_init_creds_opt_set_tkt_life (&opt, 300); - krb5_get_init_creds_opt_set_forwardable (&opt, FALSE); - krb5_get_init_creds_opt_set_proxiable (&opt, FALSE); + krb5_get_init_creds_opt_alloc (context, &opt); + krb5_get_init_creds_opt_set_tkt_life (opt, 300); + krb5_get_init_creds_opt_set_forwardable (opt, FALSE); + krb5_get_init_creds_opt_set_proxiable (opt, FALSE); ret = krb5_parse_name (context, name, &principal); if (ret) @@ -115,7 +116,7 @@ generate_requests (const char *filename, unsigned nreq) NULL, 0, "kadmin/changepw", - &opt); + opt); if( ret == KRB5KRB_AP_ERR_BAD_INTEGRITY || ret == KRB5KRB_AP_ERR_MODIFIED) { char *tmp; @@ -132,7 +133,7 @@ generate_requests (const char *filename, unsigned nreq) NULL, 0, "kadmin/changepw", - &opt); + opt); } if (ret) krb5_err (context, 1, ret, "krb5_get_init_creds_password"); @@ -148,7 +149,8 @@ generate_requests (const char *filename, unsigned nreq) free (old_pwd); free (new_pwd); - krb5_free_creds_contents (context, &cred); + krb5_free_cred_contents (context, &cred); + krb5_get_init_creds_opt_free(context, opt); } } diff --git a/crypto/heimdal/kpasswd/kpasswd.1 b/crypto/heimdal/kpasswd/kpasswd.1 index 1c2e26c..6d2c7c9 100644 --- a/crypto/heimdal/kpasswd/kpasswd.1 +++ b/crypto/heimdal/kpasswd/kpasswd.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1997, 2000 - 2002 Kungliga Tekniska Högskolan +.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: kpasswd.1,v 1.5 2003/02/16 21:10:22 lha Exp $ +.\" $Id: kpasswd.1 14478 2005-01-05 16:08:58Z lha $ .\" -.Dd August 27, 1997 +.Dd January 5, 2005 .Dt KPASSWD 1 .Os HEIMDAL .Sh NAME @@ -39,10 +39,28 @@ .Nd Kerberos 5 password changing program .Sh SYNOPSIS .Nm -.Op Ar principal +.Op Fl -admin-principal= Ns Ar principal +.Oo Fl c Ar cache \*(Ba Xo +.Fl -cache= Ns Ar cache +.Xc +.Oc +.Op Ar principal ... .Sh DESCRIPTION .Nm is the client for changing passwords. +.Pp +If administrator principal is given that principal is used to change +the password. +.Pp +Multiple passwords for different users can be changed at the same time, +then the administrator principal will be used. +If the administrator isn't specified on the command prompt, the +principal of the default credential cache will be used. +.Pp +If a credential cache is given, the +.Fl -admin-principal +flag is ignored and use the default name of the credential cache is +used instead. .Sh DIAGNOSTICS If the password quality check fails or some other error occurs, an explanation is printed. diff --git a/crypto/heimdal/kpasswd/kpasswd.c b/crypto/heimdal/kpasswd/kpasswd.c index 02f9557..b844628 100644 --- a/crypto/heimdal/kpasswd/kpasswd.c +++ b/crypto/heimdal/kpasswd/kpasswd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,12 +32,16 @@ */ #include "kpasswd_locl.h" -RCSID("$Id: kpasswd.c,v 1.24 2001/09/27 01:29:40 assar Exp $"); +RCSID("$Id: kpasswd.c 19078 2006-11-20 18:12:41Z lha $"); static int version_flag; static int help_flag; +static char *admin_principal_str; +static char *cred_cache_str; static struct getargs args[] = { + { "admin-principal", 0, arg_string, &admin_principal_str }, + { "cache", 'c', arg_string, &cred_cache_str }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -45,10 +49,68 @@ static struct getargs args[] = { static void usage (int ret, struct getargs *a, int num_args) { - arg_printusage (a, num_args, NULL, "[principal]"); + arg_printusage (a, num_args, NULL, "[principal ...]"); exit (ret); } +static int +change_password(krb5_context context, + krb5_principal principal, + krb5_ccache id) +{ + krb5_data result_code_string, result_string; + int result_code; + krb5_error_code ret; + char pwbuf[BUFSIZ]; + char *msg, *name; + + krb5_data_zero (&result_code_string); + krb5_data_zero (&result_string); + + name = msg = NULL; + if (principal == NULL) + asprintf(&msg, "New password: "); + else { + ret = krb5_unparse_name(context, principal, &name); + if (ret) + krb5_err(context, 1, ret, "krb5_unparse_name"); + + asprintf(&msg, "New password for %s: ", name); + } + + if (msg == NULL) + krb5_errx (context, 1, "out of memory"); + + ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), msg, 1); + free(msg); + if (name) + free(name); + if (ret != 0) { + return 1; + } + + ret = krb5_set_password_using_ccache (context, id, pwbuf, + principal, + &result_code, + &result_code_string, + &result_string); + if (ret) { + krb5_warn (context, ret, "krb5_set_password_using_ccache"); + return 1; + } + + printf ("%s%s%.*s\n", krb5_passwd_result_to_string(context, result_code), + result_string.length > 0 ? " : " : "", + (int)result_string.length, + result_string.length > 0 ? (char *)result_string.data : ""); + + krb5_data_free (&result_code_string); + krb5_data_free (&result_string); + + return ret != 0; +} + + int main (int argc, char **argv) { @@ -56,11 +118,9 @@ main (int argc, char **argv) krb5_context context; krb5_principal principal; int optind = 0; - krb5_get_init_creds_opt opt; - krb5_creds cred; - int result_code; - krb5_data result_code_string, result_string; - char pwbuf[BUFSIZ]; + krb5_get_init_creds_opt *opt; + krb5_ccache id = NULL; + int exit_value; optind = krb5_program_setup(&context, argc, argv, args, sizeof(args) / sizeof(args[0]), usage); @@ -73,74 +133,115 @@ main (int argc, char **argv) exit(0); } - krb5_get_init_creds_opt_init (&opt); - - krb5_get_init_creds_opt_set_tkt_life (&opt, 300); - krb5_get_init_creds_opt_set_forwardable (&opt, FALSE); - krb5_get_init_creds_opt_set_proxiable (&opt, FALSE); - argc -= optind; argv += optind; - if (argc > 1) - usage (1, args, sizeof(args) / sizeof(args[0])); - ret = krb5_init_context (&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - if(argv[0]) { - ret = krb5_parse_name (context, argv[0], &principal); + ret = krb5_get_init_creds_opt_alloc (context, &opt); + if (ret) + krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); + + krb5_get_init_creds_opt_set_tkt_life (opt, 300); + krb5_get_init_creds_opt_set_forwardable (opt, FALSE); + krb5_get_init_creds_opt_set_proxiable (opt, FALSE); + + if (cred_cache_str) { + ret = krb5_cc_resolve(context, cred_cache_str, &id); if (ret) - krb5_err (context, 1, ret, "krb5_parse_name"); - } else - principal = NULL; - - ret = krb5_get_init_creds_password (context, - &cred, - principal, - NULL, - krb5_prompter_posix, - NULL, - 0, - "kadmin/changepw", - &opt); - switch (ret) { - case 0: - break; - case KRB5_LIBOS_PWDINTR : - return 1; - case KRB5KRB_AP_ERR_BAD_INTEGRITY : - case KRB5KRB_AP_ERR_MODIFIED : - krb5_errx(context, 1, "Password incorrect"); - break; - default: - krb5_err(context, 1, ret, "krb5_get_init_creds"); + krb5_err (context, 1, ret, "krb5_cc_resolve"); + } else { + ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_gen_new"); } - krb5_data_zero (&result_code_string); - krb5_data_zero (&result_string); + if (cred_cache_str == NULL) { + krb5_principal admin_principal = NULL; + krb5_creds cred; + + if (admin_principal_str) { + ret = krb5_parse_name (context, admin_principal_str, + &admin_principal); + if (ret) + krb5_err (context, 1, ret, "krb5_parse_name"); + } else if (argc == 1) { + ret = krb5_parse_name (context, argv[0], &admin_principal); + if (ret) + krb5_err (context, 1, ret, "krb5_parse_name"); + } else { + ret = krb5_get_default_principal (context, &admin_principal); + if (ret) + krb5_err (context, 1, ret, "krb5_get_default_principal"); + } + + ret = krb5_get_init_creds_password (context, + &cred, + admin_principal, + NULL, + krb5_prompter_posix, + NULL, + 0, + "kadmin/changepw", + opt); + switch (ret) { + case 0: + break; + case KRB5_LIBOS_PWDINTR : + return 1; + case KRB5KRB_AP_ERR_BAD_INTEGRITY : + case KRB5KRB_AP_ERR_MODIFIED : + krb5_errx(context, 1, "Password incorrect"); + break; + default: + krb5_err(context, 1, ret, "krb5_get_init_creds"); + } + + krb5_get_init_creds_opt_free(context, opt); + + ret = krb5_cc_initialize(context, id, admin_principal); + krb5_free_principal(context, admin_principal); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_initialize"); - if(des_read_pw_string (pwbuf, sizeof(pwbuf), "New password: ", 1) != 0) - return 1; + ret = krb5_cc_store_cred(context, id, &cred); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_store_cred"); + + krb5_free_cred_contents (context, &cred); + } - ret = krb5_change_password (context, &cred, pwbuf, - &result_code, - &result_code_string, - &result_string); - if (ret) - krb5_err (context, 1, ret, "krb5_change_password"); + if (argc == 0) { + exit_value = change_password(context, NULL, id); + } else { + exit_value = 0; - printf ("%s%s%.*s\n", krb5_passwd_result_to_string(context, - result_code), - result_string.length > 0 ? " : " : "", - (int)result_string.length, - (char *)result_string.data); + while (argc-- > 0) { + + ret = krb5_parse_name (context, argv[0], &principal); + if (ret) + krb5_err (context, 1, ret, "krb5_parse_name"); + + ret = change_password(context, principal, id); + if (ret) + exit_value = 1; + krb5_free_principal(context, principal); + argv++; + } + } + + if (cred_cache_str == NULL) { + ret = krb5_cc_destroy(context, id); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_destroy"); + } else { + ret = krb5_cc_close(context, id); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_close"); + } - krb5_data_free (&result_code_string); - krb5_data_free (&result_string); - - krb5_free_creds_contents (context, &cred); krb5_free_context (context); - return result_code; + return ret; } diff --git a/crypto/heimdal/kpasswd/kpasswd_locl.h b/crypto/heimdal/kpasswd/kpasswd_locl.h index c254f6f..b797ceb 100644 --- a/crypto/heimdal/kpasswd/kpasswd_locl.h +++ b/crypto/heimdal/kpasswd/kpasswd_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kpasswd_locl.h,v 1.13 2002/09/10 20:03:48 joda Exp $ */ +/* $Id: kpasswd_locl.h 11444 2002-09-10 20:03:49Z joda $ */ #ifndef __KPASSWD_LOCL_H__ #define __KPASSWD_LOCL_H__ diff --git a/crypto/heimdal/kpasswd/kpasswdd.8 b/crypto/heimdal/kpasswd/kpasswdd.8 index 899b3a3..ab750bd 100644 --- a/crypto/heimdal/kpasswd/kpasswdd.8 +++ b/crypto/heimdal/kpasswd/kpasswdd.8 @@ -1,4 +1,4 @@ -.\" $Id: kpasswdd.8,v 1.8 2003/02/04 21:48:01 lha Exp $ +.\" $Id: kpasswdd.8 14481 2005-01-05 18:07:44Z lha $ .\" .Dd April 19, 1999 .Dt KPASSWDD 8 @@ -8,6 +8,8 @@ .Nd Kerberos 5 password changing server .Sh SYNOPSIS .Nm +.Bk -words +.Op Fl -addresses= Ns Ar address .Op Fl -check-library= Ns Ar library .Op Fl -check-function= Ns Ar function .Oo Fl k Ar kspec \*(Ba Xo @@ -24,6 +26,7 @@ .Oc .Op Fl -version .Op Fl -help +.Ek .Sh DESCRIPTION .Nm serves request for password changes. It listens on UDP port 464 @@ -33,6 +36,11 @@ the database directly and should thus only run on the master KDC. Supported options: .Bl -tag -width Ds .It Xo +.Fl -addresses= Ns Ar address +.Xc +For each till the argument is given, add the address to what kpasswdd +should listen too. +.It Xo .Fl -check-library= Ns Ar library .Xc If your system has support for dynamic loading of shared libraries, @@ -59,12 +67,12 @@ is not zero terminated. .Fl k Ar kspec , .Fl -keytab= Ns Ar kspec .Xc -Keytab to get authentication key from +Keytab to get authentication key from. .It Xo .Fl r Ar realm , .Fl -realm= Ns Ar realm .Xc -Default realm +Default realm. .It Xo .Fl p Ar string , .Fl -port= Ns Ar string diff --git a/crypto/heimdal/kpasswd/kpasswdd.c b/crypto/heimdal/kpasswd/kpasswdd.c index 6b33732..5b4119c 100644 --- a/crypto/heimdal/kpasswd/kpasswdd.c +++ b/crypto/heimdal/kpasswd/kpasswdd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "kpasswd_locl.h" -RCSID("$Id: kpasswdd.c,v 1.54 2002/12/02 14:31:52 joda Exp $"); +RCSID("$Id: kpasswdd.c 22252 2007-12-09 05:59:34Z lha $"); #include <kadm5/admin.h> #ifdef HAVE_SYS_UN_H @@ -44,9 +44,28 @@ RCSID("$Id: kpasswdd.c,v 1.54 2002/12/02 14:31:52 joda Exp $"); static krb5_context context; static krb5_log_facility *log_facility; +static struct getarg_strings addresses_str; +krb5_addresses explicit_addresses; + static sig_atomic_t exit_flag = 0; static void +add_one_address (const char *str, int first) +{ + krb5_error_code ret; + krb5_addresses tmp; + + ret = krb5_parse_address (context, str, &tmp); + if (ret) + krb5_err (context, 1, ret, "parse_address `%s'", str); + if (first) + krb5_copy_addresses(context, &tmp, &explicit_addresses); + else + krb5_append_addresses(context, &explicit_addresses, &tmp); + krb5_free_addresses (context, &tmp); +} + +static void send_reply (int s, struct sockaddr *sa, int sa_size, @@ -55,7 +74,7 @@ send_reply (int s, { struct msghdr msghdr; struct iovec iov[3]; - u_int16_t len, ap_rep_len; + uint16_t len, ap_rep_len; u_char header[6]; u_char *p; @@ -101,40 +120,52 @@ send_reply (int s, static int make_result (krb5_data *data, - u_int16_t result_code, + uint16_t result_code, const char *expl) { + char *str; krb5_data_zero (data); - data->length = asprintf ((char **)&data->data, + data->length = asprintf (&str, "%c%c%s", (result_code >> 8) & 0xFF, result_code & 0xFF, expl); - if (data->data == NULL) { + if (str == NULL) { krb5_warnx (context, "Out of memory generating error reply"); return 1; } + data->data = str; return 0; } static void -reply_error (krb5_principal server, +reply_error (krb5_realm realm, int s, struct sockaddr *sa, int sa_size, krb5_error_code error_code, - u_int16_t result_code, + uint16_t result_code, const char *expl) { krb5_error_code ret; krb5_data error_data; krb5_data e_data; + krb5_principal server = NULL; if (make_result(&e_data, result_code, expl)) return; + if (realm) { + ret = krb5_make_principal (context, &server, realm, + "kadmin", "changepw", NULL); + if (ret) { + krb5_data_free (&e_data); + return; + } + } + ret = krb5_mk_error (context, error_code, NULL, @@ -144,6 +175,8 @@ reply_error (krb5_principal server, NULL, NULL, &error_data); + if (server) + krb5_free_principal(context, server); krb5_data_free (&e_data); if (ret) { krb5_warn (context, ret, "Could not even generate error reply"); @@ -158,7 +191,7 @@ reply_priv (krb5_auth_context auth_context, int s, struct sockaddr *sa, int sa_size, - u_int16_t result_code, + uint16_t result_code, const char *expl) { krb5_error_code ret; @@ -199,78 +232,207 @@ reply_priv (krb5_auth_context auth_context, static void change (krb5_auth_context auth_context, - krb5_principal principal, + krb5_principal admin_principal, + uint16_t version, int s, struct sockaddr *sa, int sa_size, - krb5_data *pwd_data) + krb5_data *in_data) { krb5_error_code ret; - char *client; + char *client = NULL, *admin = NULL; const char *pwd_reason; kadm5_config_params conf; - void *kadm5_handle; + void *kadm5_handle = NULL; + krb5_principal principal; + krb5_data *pwd_data = NULL; char *tmp; + ChangePasswdDataMS chpw; memset (&conf, 0, sizeof(conf)); + memset(&chpw, 0, sizeof(chpw)); - krb5_unparse_name (context, principal, &client); + if (version == KRB5_KPASSWD_VERS_CHANGEPW) { + ret = krb5_copy_data(context, in_data, &pwd_data); + if (ret) { + krb5_warn (context, ret, "krb5_copy_data"); + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED, + "out out memory copying password"); + return; + } + principal = admin_principal; + } else if (version == KRB5_KPASSWD_VERS_SETPW) { + size_t len; + + ret = decode_ChangePasswdDataMS(in_data->data, in_data->length, + &chpw, &len); + if (ret) { + krb5_warn (context, ret, "decode_ChangePasswdDataMS"); + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED, + "malformed ChangePasswdData"); + return; + } + + + ret = krb5_copy_data(context, &chpw.newpasswd, &pwd_data); + if (ret) { + krb5_warn (context, ret, "krb5_copy_data"); + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED, + "out out memory copying password"); + goto out; + } + + if (chpw.targname == NULL && chpw.targrealm != NULL) { + krb5_warn (context, ret, "kadm5_init_with_password_ctx"); + reply_priv (auth_context, s, sa, sa_size, + KRB5_KPASSWD_MALFORMED, + "targrealm but not targname"); + goto out; + } + + if (chpw.targname) { + krb5_principal_data princ; + + princ.name = *chpw.targname; + princ.realm = *chpw.targrealm; + if (princ.realm == NULL) { + ret = krb5_get_default_realm(context, &princ.realm); + + if (ret) { + krb5_warnx (context, + "kadm5_init_with_password_ctx: " + "failed to allocate realm"); + reply_priv (auth_context, s, sa, sa_size, + KRB5_KPASSWD_SOFTERROR, + "failed to allocate realm"); + goto out; + } + } + ret = krb5_copy_principal(context, &princ, &principal); + if (*chpw.targrealm == NULL) + free(princ.realm); + if (ret) { + krb5_warn(context, ret, "krb5_copy_principal"); + reply_priv(auth_context, s, sa, sa_size, + KRB5_KPASSWD_HARDERROR, + "failed to allocate principal"); + goto out; + } + } else + principal = admin_principal; + } else { + krb5_warnx (context, "kadm5_init_with_password_ctx: unknown proto"); + reply_priv (auth_context, s, sa, sa_size, + KRB5_KPASSWD_HARDERROR, + "Unknown protocol used"); + return; + } + + ret = krb5_unparse_name (context, admin_principal, &admin); + if (ret) { + krb5_warn (context, ret, "unparse_name failed"); + reply_priv (auth_context, s, sa, sa_size, + KRB5_KPASSWD_HARDERROR, "out of memory error"); + goto out; + } + + conf.realm = principal->realm; + conf.mask |= KADM5_CONFIG_REALM; ret = kadm5_init_with_password_ctx(context, - client, + admin, NULL, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm5_handle); if (ret) { - free (client); krb5_warn (context, ret, "kadm5_init_with_password_ctx"); reply_priv (auth_context, s, sa, sa_size, 2, "Internal error"); - return; + goto out; } - krb5_warnx (context, "Changing password for %s", client); - free (client); + ret = krb5_unparse_name(context, principal, &client); + if (ret) { + krb5_warn (context, ret, "unparse_name failed"); + reply_priv (auth_context, s, sa, sa_size, + KRB5_KPASSWD_HARDERROR, "out of memory error"); + goto out; + } - pwd_reason = kadm5_check_password_quality (context, principal, pwd_data); - if (pwd_reason != NULL ) { - krb5_warnx (context, "%s", pwd_reason); - reply_priv (auth_context, s, sa, sa_size, 4, pwd_reason); - kadm5_destroy (kadm5_handle); - return; + /* + * Check password quality if not changing as administrator + */ + + if (krb5_principal_compare(context, admin_principal, principal) == TRUE) { + + pwd_reason = kadm5_check_password_quality (context, principal, + pwd_data); + if (pwd_reason != NULL ) { + krb5_warnx (context, + "%s didn't pass password quality check with error: %s", + client, pwd_reason); + reply_priv (auth_context, s, sa, sa_size, + KRB5_KPASSWD_SOFTERROR, pwd_reason); + goto out; + } + krb5_warnx (context, "Changing password for %s", client); + } else { + ret = _kadm5_acl_check_permission(kadm5_handle, KADM5_PRIV_CPW, + principal); + if (ret) { + krb5_warn (context, ret, + "Check ACL failed for %s for changing %s password", + admin, client); + reply_priv (auth_context, s, sa, sa_size, + KRB5_KPASSWD_HARDERROR, "permission denied"); + goto out; + } + krb5_warnx (context, "%s is changing password for %s", admin, client); } - tmp = malloc (pwd_data->length + 1); - if (tmp == NULL) { - krb5_warnx (context, "malloc: out of memory"); - reply_priv (auth_context, s, sa, sa_size, 2, + ret = krb5_data_realloc(pwd_data, pwd_data->length + 1); + if (ret) { + krb5_warn (context, ret, "malloc: out of memory"); + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR, "Internal error"); goto out; } - memcpy (tmp, pwd_data->data, pwd_data->length); - tmp[pwd_data->length] = '\0'; + tmp = pwd_data->data; + tmp[pwd_data->length - 1] = '\0'; ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, tmp); - memset (tmp, 0, pwd_data->length); - free (tmp); + krb5_free_data (context, pwd_data); + pwd_data = NULL; if (ret) { - krb5_warn (context, ret, "kadm5_s_chpass_principal_cond"); - reply_priv (auth_context, s, sa, sa_size, 2, - "Internal error"); + char *str = krb5_get_error_message(context, ret); + krb5_warnx(context, "kadm5_s_chpass_principal_cond: %s", str); + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, + str ? str : "Internal error"); + krb5_free_error_string(context, str); goto out; } - reply_priv (auth_context, s, sa, sa_size, 0, "Password changed"); + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SUCCESS, + "Password changed"); out: - kadm5_destroy (kadm5_handle); + free_ChangePasswdDataMS(&chpw); + if (admin) + free(admin); + if (client) + free(client); + if (pwd_data) + krb5_free_data(context, pwd_data); + if (kadm5_handle) + kadm5_destroy (kadm5_handle); } static int verify (krb5_auth_context *auth_context, - krb5_principal server, + krb5_realm *realms, krb5_keytab keytab, krb5_ticket **ticket, krb5_data *out_data, + uint16_t *version, int s, struct sockaddr *sa, int sa_size, @@ -278,9 +440,10 @@ verify (krb5_auth_context *auth_context, size_t len) { krb5_error_code ret; - u_int16_t pkt_len, pkt_ver, ap_req_len; + uint16_t pkt_len, pkt_ver, ap_req_len; krb5_data ap_req_data; krb5_data krb_priv_data; + krb5_realm *r; pkt_len = (msg[0] << 8) | (msg[1]); pkt_ver = (msg[2] << 8) | (msg[3]); @@ -288,14 +451,16 @@ verify (krb5_auth_context *auth_context, if (pkt_len != len) { krb5_warnx (context, "Strange len: %ld != %ld", (long)pkt_len, (long)len); - reply_error (server, s, sa, sa_size, 0, 1, "Bad request"); + reply_error (NULL, s, sa, sa_size, 0, 1, "Bad request"); return 1; } - if (pkt_ver != 0x0001) { + if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW && + pkt_ver != KRB5_KPASSWD_VERS_SETPW) { krb5_warnx (context, "Bad version (%d)", pkt_ver); - reply_error (server, s, sa, sa_size, 0, 1, "Wrong program version"); + reply_error (NULL, s, sa, sa_size, 0, 1, "Wrong program version"); return 1; } + *version = pkt_ver; ap_req_data.data = msg + 6; ap_req_data.length = ap_req_len; @@ -303,26 +468,56 @@ verify (krb5_auth_context *auth_context, ret = krb5_rd_req (context, auth_context, &ap_req_data, - server, + NULL, keytab, NULL, ticket); if (ret) { - if(ret == KRB5_KT_NOTFOUND) { - char *name; - krb5_unparse_name(context, server, &name); - krb5_warnx (context, "krb5_rd_req: %s (%s)", - krb5_get_err_text(context, ret), name); - free(name); - } else - krb5_warn (context, ret, "krb5_rd_req"); - reply_error (server, s, sa, sa_size, ret, 3, "Authentication failed"); + krb5_warn (context, ret, "krb5_rd_req"); + reply_error (NULL, s, sa, sa_size, ret, 3, "Authentication failed"); return 1; } + /* verify realm and principal */ + for (r = realms; *r != NULL; r++) { + krb5_principal principal; + krb5_boolean same; + + ret = krb5_make_principal (context, + &principal, + *r, + "kadmin", + "changepw", + NULL); + if (ret) + krb5_err (context, 1, ret, "krb5_make_principal"); + + same = krb5_principal_compare(context, principal, (*ticket)->server); + krb5_free_principal(context, principal); + if (same == TRUE) + break; + } + if (*r == NULL) { + char *str; + krb5_unparse_name(context, (*ticket)->server, &str); + krb5_warnx (context, "client used not valid principal %s", str); + free(str); + reply_error (NULL, s, sa, sa_size, ret, 1, + "Bad request"); + goto out; + } + + if (strcmp((*ticket)->server->realm, (*ticket)->client->realm) != 0) { + krb5_warnx (context, "server realm (%s) not same a client realm (%s)", + (*ticket)->server->realm, (*ticket)->client->realm); + reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 1, + "Bad request"); + goto out; + } + if (!(*ticket)->ticket.flags.initial) { krb5_warnx (context, "initial flag not set"); - reply_error (server, s, sa, sa_size, ret, 1, + reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 1, "Bad request"); goto out; } @@ -337,17 +532,19 @@ verify (krb5_auth_context *auth_context, if (ret) { krb5_warn (context, ret, "krb5_rd_priv"); - reply_error (server, s, sa, sa_size, ret, 3, "Bad request"); + reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 3, + "Bad request"); goto out; } return 0; out: krb5_free_ticket (context, *ticket); + ticket = NULL; return 1; } static void -process (krb5_principal server, +process (krb5_realm *realms, krb5_keytab keytab, int s, krb5_address *this_addr, @@ -361,6 +558,8 @@ process (krb5_principal server, krb5_data out_data; krb5_ticket *ticket; krb5_address other_addr; + uint16_t version; + krb5_data_zero (&out_data); @@ -389,16 +588,16 @@ process (krb5_principal server, goto out; } - if (verify (&auth_context, server, keytab, &ticket, &out_data, - s, sa, sa_size, msg, len) == 0) { + if (verify (&auth_context, realms, keytab, &ticket, &out_data, + &version, s, sa, sa_size, msg, len) == 0) { change (auth_context, ticket->client, + version, s, sa, sa_size, &out_data); memset (out_data.data, 0, out_data.length); krb5_free_ticket (context, ticket); - free (ticket); } out: @@ -410,36 +609,26 @@ static int doit (krb5_keytab keytab, int port) { krb5_error_code ret; - krb5_principal server; int *sockets; int maxfd; - char *realm; + krb5_realm *realms; krb5_addresses addrs; unsigned n, i; fd_set real_fdset; struct sockaddr_storage __ss; struct sockaddr *sa = (struct sockaddr *)&__ss; - ret = krb5_get_default_realm (context, &realm); + ret = krb5_get_default_realms(context, &realms); if (ret) - krb5_err (context, 1, ret, "krb5_get_default_realm"); - - ret = krb5_build_principal (context, - &server, - strlen(realm), - realm, - "kadmin", - "changepw", - NULL); - if (ret) - krb5_err (context, 1, ret, "krb5_build_principal"); - - free (realm); - - ret = krb5_get_all_server_addrs (context, &addrs); - if (ret) - krb5_err (context, 1, ret, "krb5_get_all_server_addrs"); + krb5_err (context, 1, ret, "krb5_get_default_realms"); + if (explicit_addresses.len) { + addrs = explicit_addresses; + } else { + ret = krb5_get_all_server_addrs (context, &addrs); + if (ret) + krb5_err (context, 1, ret, "krb5_get_all_server_addrs"); + } n = addrs.len; sockets = malloc (n * sizeof(*sockets)); @@ -448,7 +637,7 @@ doit (krb5_keytab keytab, int port) maxfd = -1; FD_ZERO(&real_fdset); for (i = 0; i < n; ++i) { - int sa_size = sizeof(__ss); + krb5_socklen_t sa_size = sizeof(__ss); krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port); @@ -499,14 +688,19 @@ doit (krb5_keytab keytab, int port) krb5_err (context, 1, errno, "recvfrom"); } - process (server, keytab, sockets[i], + process (realms, keytab, sockets[i], &addrs.val[i], sa, addrlen, buf, ret); } } + + for (i = 0; i < n; ++i) + close(sockets[i]); + free(sockets); + krb5_free_addresses (context, &addrs); - krb5_free_principal (context, server); + krb5_free_host_realm (context, realms); krb5_free_context (context); return 0; } @@ -517,13 +711,15 @@ sigterm(int sig) exit_flag = 1; } -const char *check_library = NULL; -const char *check_function = NULL; -char *keytab_str = "HDB:"; -char *realm_str; -int version_flag; -int help_flag; -char *port_str; +static const char *check_library = NULL; +static const char *check_function = NULL; +static getarg_strings policy_libraries = { 0, NULL }; +static char *keytab_str = "HDB:"; +static char *realm_str; +static int version_flag; +static int help_flag; +static char *port_str; +static char *config_file; struct getargs args[] = { #ifdef HAVE_DLOPEN @@ -531,9 +727,14 @@ struct getargs args[] = { "library to load password check function from", "library" }, { "check-function", 0, arg_string, &check_function, "password check function to load", "function" }, + { "policy-libraries", 0, arg_strings, &policy_libraries, + "password check function to load", "function" }, #endif + { "addresses", 0, arg_strings, &addresses_str, + "addresses to listen on", "list of addresses" }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication key from", "kspec" }, + { "config-file", 'c', arg_string, &config_file }, { "realm", 'r', arg_string, &realm_str, "default realm", "realm" }, { "port", 'p', arg_string, &port_str, "port" }, { "version", 0, arg_flag, &version_flag }, @@ -547,7 +748,8 @@ main (int argc, char **argv) int optind; krb5_keytab keytab; krb5_error_code ret; - int port; + char **files; + int port, i; optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL); @@ -558,6 +760,21 @@ main (int argc, char **argv) exit(0); } + if (config_file == NULL) { + asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); + if (config_file == NULL) + errx(1, "out of memory"); + } + + ret = krb5_prepend_config_files_default(config_file, &files); + if (ret) + krb5_err(context, 1, ret, "getting configuration files"); + + ret = krb5_set_config_files(context, files); + krb5_free_config_files(files); + if (ret) + krb5_err(context, 1, ret, "reading configuration files"); + if(realm_str) krb5_set_default_realm(context, realm_str); @@ -590,6 +807,36 @@ main (int argc, char **argv) kadm5_setup_passwd_quality_check (context, check_library, check_function); + for (i = 0; i < policy_libraries.num_strings; i++) { + ret = kadm5_add_passwd_quality_verifier(context, + policy_libraries.strings[i]); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + } + ret = kadm5_add_passwd_quality_verifier(context, NULL); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + + + explicit_addresses.len = 0; + + if (addresses_str.num_strings) { + int i; + + for (i = 0; i < addresses_str.num_strings; ++i) + add_one_address (addresses_str.strings[i], i == 0); + free_getarg_strings (&addresses_str); + } else { + char **foo = krb5_config_get_strings (context, NULL, + "kdc", "addresses", NULL); + + if (foo != NULL) { + add_one_address (*foo++, TRUE); + while (*foo) + add_one_address (*foo++, FALSE); + } + } + #ifdef HAVE_SIGACTION { struct sigaction sa; |