summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kpasswd
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kpasswd')
-rw-r--r--crypto/heimdal/kpasswd/Makefile.am25
-rw-r--r--crypto/heimdal/kpasswd/Makefile.in758
-rw-r--r--crypto/heimdal/kpasswd/kpasswd.120
-rw-r--r--crypto/heimdal/kpasswd/kpasswd.c144
-rw-r--r--crypto/heimdal/kpasswd/kpasswd_locl.h94
-rw-r--r--crypto/heimdal/kpasswd/kpasswdd.860
-rw-r--r--crypto/heimdal/kpasswd/kpasswdd.c634
7 files changed, 1735 insertions, 0 deletions
diff --git a/crypto/heimdal/kpasswd/Makefile.am b/crypto/heimdal/kpasswd/Makefile.am
new file mode 100644
index 0000000..fba61e3
--- /dev/null
+++ b/crypto/heimdal/kpasswd/Makefile.am
@@ -0,0 +1,25 @@
+# $Id: Makefile.am,v 1.11 1999/04/20 16:48:34 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+man_MANS = kpasswd.1 kpasswdd.8
+
+bin_PROGRAMS = kpasswd
+
+kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
+
+libexec_PROGRAMS = kpasswdd
+
+kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
+
+kpasswdd_LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LDADD) \
+ $(LIB_dlopen) \
+ $(DBLIB)
+
+LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/des/libdes.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
diff --git a/crypto/heimdal/kpasswd/Makefile.in b/crypto/heimdal/kpasswd/Makefile.in
new file mode 100644
index 0000000..11e169b
--- /dev/null
+++ b/crypto/heimdal/kpasswd/Makefile.in
@@ -0,0 +1,758 @@
+# Makefile.in generated automatically by automake 1.4 from Makefile.am
+
+# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+# $Id: Makefile.am,v 1.11 1999/04/20 16:48:34 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $
+
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+DESTDIR =
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+host_alias = @host_alias@
+host_triplet = @host@
+AFS_EXTRA_LD = @AFS_EXTRA_LD@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+DBLIB = @DBLIB@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDE_ = @INCLUDE_@
+LD = @LD@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@
+MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@
+MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NM = @NM@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include
+
+AM_CFLAGS = $(WFLAGS)
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+cat1dir = $(mandir)/cat1
+cat3dir = $(mandir)/cat3
+cat5dir = $(mandir)/cat5
+cat8dir = $(mandir)/cat8
+
+MANRX = \(.*\)\.\([0-9]\)
+CATSUFFIX = @CATSUFFIX@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+
+CHECK_LOCAL = $(PROGRAMS)
+
+man_MANS = kpasswd.1 kpasswdd.8
+
+bin_PROGRAMS = kpasswd
+
+kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
+
+libexec_PROGRAMS = kpasswdd
+
+kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
+
+kpasswdd_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la $(top_builddir)/lib/hdb/libhdb.la $(LDADD) $(LIB_dlopen) $(DBLIB)
+
+
+LDADD = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la $(LIB_roken)
+
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../include/config.h
+CONFIG_CLEAN_FILES =
+bin_PROGRAMS = kpasswd$(EXEEXT)
+libexec_PROGRAMS = kpasswdd$(EXEEXT)
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBS = @LIBS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+kpasswd_OBJECTS = kpasswd.$(OBJEXT)
+kpasswd_LDADD = $(LDADD)
+kpasswd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+$(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la
+kpasswd_LDFLAGS =
+kpasswdd_OBJECTS = kpasswdd.$(OBJEXT)
+kpasswdd_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \
+$(top_builddir)/lib/hdb/libhdb.la $(top_builddir)/lib/krb5/libkrb5.la \
+$(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la
+kpasswdd_LDFLAGS =
+CFLAGS = @CFLAGS@
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+DIST_COMMON = Makefile.am Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+TAR = tar
+GZIP_ENV = --best
+SOURCES = $(kpasswd_SOURCES) $(kpasswdd_SOURCES)
+OBJECTS = $(kpasswd_OBJECTS) $(kpasswdd_OBJECTS)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+ cd $(top_srcdir) && $(AUTOMAKE) --foreign kpasswd/Makefile
+
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ cd $(top_builddir) \
+ && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-binPROGRAMS:
+
+clean-binPROGRAMS:
+ -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+
+distclean-binPROGRAMS:
+
+maintainer-clean-binPROGRAMS:
+
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ $(mkinstalldirs) $(DESTDIR)$(bindir)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ if test -f $$p; then \
+ echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \
+ $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ list='$(bin_PROGRAMS)'; for p in $$list; do \
+ rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
+ done
+
+mostlyclean-libexecPROGRAMS:
+
+clean-libexecPROGRAMS:
+ -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+
+distclean-libexecPROGRAMS:
+
+maintainer-clean-libexecPROGRAMS:
+
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ $(mkinstalldirs) $(DESTDIR)$(libexecdir)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ if test -f $$p; then \
+ echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \
+ $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ rm -f $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
+ done
+
+.c.o:
+ $(COMPILE) -c $<
+
+# FIXME: We should only use cygpath when building on Windows,
+# and only if it is available.
+.c.obj:
+ $(COMPILE) -c `cygpath -w $<`
+
+.s.o:
+ $(COMPILE) -c $<
+
+.S.o:
+ $(COMPILE) -c $<
+
+mostlyclean-compile:
+ -rm -f *.o core *.core
+ -rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+ -rm -f *.tab.c
+
+maintainer-clean-compile:
+
+.c.lo:
+ $(LIBTOOL) --mode=compile $(COMPILE) -c $<
+
+.s.lo:
+ $(LIBTOOL) --mode=compile $(COMPILE) -c $<
+
+.S.lo:
+ $(LIBTOOL) --mode=compile $(COMPILE) -c $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+kpasswd$(EXEEXT): $(kpasswd_OBJECTS) $(kpasswd_DEPENDENCIES)
+ @rm -f kpasswd$(EXEEXT)
+ $(LINK) $(kpasswd_LDFLAGS) $(kpasswd_OBJECTS) $(kpasswd_LDADD) $(LIBS)
+
+kpasswdd$(EXEEXT): $(kpasswdd_OBJECTS) $(kpasswdd_DEPENDENCIES)
+ @rm -f kpasswdd$(EXEEXT)
+ $(LINK) $(kpasswdd_LDFLAGS) $(kpasswdd_OBJECTS) $(kpasswdd_LDADD) $(LIBS)
+
+install-man1:
+ $(mkinstalldirs) $(DESTDIR)$(man1dir)
+ @list='$(man1_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
+ $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
+ done
+
+uninstall-man1:
+ @list='$(man1_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
+ rm -f $(DESTDIR)$(man1dir)/$$inst; \
+ done
+
+install-man8:
+ $(mkinstalldirs) $(DESTDIR)$(man8dir)
+ @list='$(man8_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
+ $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
+ done
+
+uninstall-man8:
+ @list='$(man8_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
+ rm -f $(DESTDIR)$(man8dir)/$$inst; \
+ done
+install-man: $(MANS)
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-man1 install-man8
+uninstall-man:
+ @$(NORMAL_UNINSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-man1 uninstall-man8
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP)
+ list='$(SOURCES) $(HEADERS)'; \
+ unique=`for i in $$list; do echo $$i; done | \
+ awk ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ here=`pwd` && cd $(srcdir) \
+ && mkid -f$$here/ID $$unique $(LISP)
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS)'; \
+ unique=`for i in $$list; do echo $$i; done | \
+ awk ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+ || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS)
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+ -rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+subdir = kpasswd
+
+distdir: $(DISTFILES)
+ @for file in $(DISTFILES); do \
+ d=$(srcdir); \
+ if test -d $$d/$$file; then \
+ cp -pr $$/$$file $(distdir)/$$file; \
+ else \
+ test -f $(distdir)/$$file \
+ || ln $$d/$$file $(distdir)/$$file 2> /dev/null \
+ || cp -p $$d/$$file $(distdir)/$$file || :; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-man install-data-local
+install-data: install-data-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+ uninstall-man
+uninstall: uninstall-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+all-redirect: all-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install
+installdirs:
+ $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) \
+ $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man8
+
+
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -rm -f Makefile $(CONFIG_CLEAN_FILES)
+ -rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-libexecPROGRAMS \
+ mostlyclean-compile mostlyclean-libtool \
+ mostlyclean-tags mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am: clean-binPROGRAMS clean-libexecPROGRAMS clean-compile \
+ clean-libtool clean-tags clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am: distclean-binPROGRAMS distclean-libexecPROGRAMS \
+ distclean-compile distclean-libtool distclean-tags \
+ distclean-generic clean-am
+ -rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am: maintainer-clean-binPROGRAMS \
+ maintainer-clean-libexecPROGRAMS \
+ maintainer-clean-compile maintainer-clean-libtool \
+ maintainer-clean-tags maintainer-clean-generic \
+ distclean-am
+ @echo "This command is intended for maintainers to use;"
+ @echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
+maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
+mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
+clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
+uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \
+distclean-compile clean-compile maintainer-clean-compile \
+mostlyclean-libtool distclean-libtool clean-libtool \
+maintainer-clean-libtool install-man1 uninstall-man1 install-man8 \
+uninstall-man8 install-man uninstall-man tags mostlyclean-tags \
+distclean-tags clean-tags maintainer-clean-tags distdir info-am info \
+dvi-am dvi check-local check check-am installcheck-am installcheck \
+install-exec-am install-exec install-data-local install-data-am \
+install-data install-am install uninstall-am uninstall all-local \
+all-redirect all-am all installdirs mostlyclean-generic \
+distclean-generic clean-generic maintainer-clean-generic clean \
+mostlyclean distclean maintainer-clean
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ chmod 0 $$x; fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+ @foo='$(include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " cp $$file $(buildinclude)/$$f"; \
+ cp $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat1-mans:
+ @ext=1;\
+ foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done; \
+ if test "$$foo"; then \
+ $(mkinstalldirs) $(DESTDIR)$(cat1dir); \
+ for x in $$foo; do \
+ f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \
+ if test -f "$(srcdir)/$$f"; then \
+ b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+ echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\
+ $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\
+ fi; \
+ done ;\
+ fi
+
+install-cat3-mans:
+ @ext=3;\
+ foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done; \
+ if test "$$foo"; then \
+ $(mkinstalldirs) $(DESTDIR)$(cat3dir); \
+ for x in $$foo; do \
+ f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \
+ if test -f "$(srcdir)/$$f"; then \
+ b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+ echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\
+ $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\
+ fi; \
+ done ;\
+ fi
+
+install-cat5-mans:
+ @ext=5;\
+ foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done; \
+ if test "$$foo"; then \
+ $(mkinstalldirs) $(DESTDIR)$(cat5dir); \
+ for x in $$foo; do \
+ f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \
+ if test -f "$(srcdir)/$$f"; then \
+ b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+ echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\
+ $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\
+ fi; \
+ done ;\
+ fi
+
+install-cat8-mans:
+ @ext=8;\
+ foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done; \
+ if test "$$foo"; then \
+ $(mkinstalldirs) $(DESTDIR)$(cat8dir); \
+ for x in $$foo; do \
+ f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \
+ if test -f "$(srcdir)/$$f"; then \
+ b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+ echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\
+ $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\
+ fi; \
+ done ;\
+ fi
+
+install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans
+
+install-data-local: install-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+ @foo='$(CHECK_LOCAL)'; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if ./$$i --version > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ fi
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/kpasswd/kpasswd.1 b/crypto/heimdal/kpasswd/kpasswd.1
new file mode 100644
index 0000000..8cbc83b
--- /dev/null
+++ b/crypto/heimdal/kpasswd/kpasswd.1
@@ -0,0 +1,20 @@
+.\" $Id: kpasswd.1,v 1.1 1997/08/27 23:44:08 assar Exp $
+.\"
+.Dt Aug 27, 1997
+.Dt KPASSWD 1
+.Os HEIMDAL
+.Sh NAME
+.Nm kpasswd
+.Nd
+Kerberos 5 password changing program
+.Sh SYNOPSIS
+.Nm
+.Op Ar principal
+.Sh DESCRIPTION
+.Nm
+is the client for changing passwords.
+.Sh DIAGNOSTICS
+If the password quality check fails or some other error occurs, an
+explanation is printed.
+.Sh SEE ALSO
+.Xr kpasswdd 8
diff --git a/crypto/heimdal/kpasswd/kpasswd.c b/crypto/heimdal/kpasswd/kpasswd.c
new file mode 100644
index 0000000..eecea78
--- /dev/null
+++ b/crypto/heimdal/kpasswd/kpasswd.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kpasswd_locl.h"
+RCSID("$Id: kpasswd.c,v 1.20 1999/12/02 17:05:00 joda Exp $");
+
+static int version_flag;
+static int help_flag;
+
+static struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "[principal]");
+ exit (ret);
+}
+
+int
+main (int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_principal principal;
+ int optind = 0;
+ krb5_get_init_creds_opt opt;
+ krb5_creds cred;
+ int result_code;
+ krb5_data result_code_string, result_string;
+ char pwbuf[BUFSIZ];
+
+ optind = krb5_program_setup(&context, argc, argv,
+ args, sizeof(args) / sizeof(args[0]), NULL);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version (NULL);
+ exit(0);
+ }
+
+ krb5_get_init_creds_opt_init (&opt);
+
+ krb5_get_init_creds_opt_set_tkt_life (&opt, 300);
+
+ argc -= optind;
+ argv += optind;
+
+ if (argc > 1)
+ usage(1);
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context: %s", krb5_get_err_text(context, ret));
+
+ if(argv[0]) {
+ ret = krb5_parse_name (context, argv[0], &principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name");
+ } else
+ principal = NULL;
+
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ principal,
+ NULL,
+ krb5_prompter_posix,
+ NULL,
+ 0,
+ "kadmin/changepw",
+ &opt);
+ switch (ret) {
+ case 0:
+ break;
+ case KRB5_LIBOS_PWDINTR :
+ return 1;
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY :
+ case KRB5KRB_AP_ERR_MODIFIED :
+ krb5_errx(context, 1, "Password incorrect");
+ break;
+ default:
+ krb5_err(context, 1, ret, "krb5_get_init_creds");
+ }
+
+ krb5_data_zero (&result_code_string);
+ krb5_data_zero (&result_string);
+
+ if(des_read_pw_string (pwbuf, sizeof(pwbuf), "New password: ", 1) != 0)
+ return 1;
+
+ ret = krb5_change_password (context, &cred, pwbuf,
+ &result_code,
+ &result_code_string,
+ &result_string);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_change_password");
+
+ printf ("Reply from server: %.*s\n", (int)result_string.length,
+ (char *)result_string.data);
+
+ krb5_data_free (&result_code_string);
+ krb5_data_free (&result_string);
+
+ krb5_free_creds_contents (context, &cred);
+ krb5_free_context (context);
+ return result_code;
+}
diff --git a/crypto/heimdal/kpasswd/kpasswd_locl.h b/crypto/heimdal/kpasswd/kpasswd_locl.h
new file mode 100644
index 0000000..0e05489
--- /dev/null
+++ b/crypto/heimdal/kpasswd/kpasswd_locl.h
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kpasswd_locl.h,v 1.7 1999/12/02 17:05:00 joda Exp $ */
+
+#ifndef __KPASSWD_LOCL_H__
+#define __KPASSWD_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+#include <krb5.h>
+
+#endif /* __KPASSWD_LOCL_H__ */
diff --git a/crypto/heimdal/kpasswd/kpasswdd.8 b/crypto/heimdal/kpasswd/kpasswdd.8
new file mode 100644
index 0000000..f4db441
--- /dev/null
+++ b/crypto/heimdal/kpasswd/kpasswdd.8
@@ -0,0 +1,60 @@
+.\" $Id: kpasswdd.8,v 1.2 1999/04/19 16:32:01 joda Exp $
+.\"
+.Dd April 19, 1999
+.Dt KPASSWDD 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kpasswdd
+.Nd
+Kerberos 5 password changing server
+.Sh SYNOPSIS
+.Nm
+.Op Fl -check-library= Ns Ar library
+.Op Fl -check-function= Ns Ar function
+.Sh DESCRIPTION
+.Nm
+serves request for password changes. It listens on UDP port 464
+(service kpasswd) and processes requests when they arrive. It changes
+the database directly and should thus only run on the master KDC.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl -check-library= Ns Ar library
+.Xc
+If your system has support for dynamic loading of shared libraries,
+you can use an external function to check password quality. This
+option specifies which library to load.
+.It Xo
+.Fl -check-function= Ns Ar function
+.Xc
+This is the function to call in the loaded library. The function
+should look like this:
+.Pp
+.Ft const char *
+.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
+.Pp
+.Fa context
+is an initialized context;
+.Fa principal
+is the one who tries to change passwords, and
+.Fa password
+is the new password. Note that the password (in
+.Fa password->data )
+is not zero terminated.
+.El
+.Sh DIAGNOSTICS
+If an error occurs, the error message is returned to the user and/or
+logged to syslog.
+.Sh BUGS
+The default password quality checks are too basic.
+.Sh SEE ALSO
+.Xr kdc 8 ,
+.Xr kpasswd 1
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh SEE ALSO
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
diff --git a/crypto/heimdal/kpasswd/kpasswdd.c b/crypto/heimdal/kpasswd/kpasswdd.c
new file mode 100644
index 0000000..04b8ea3
--- /dev/null
+++ b/crypto/heimdal/kpasswd/kpasswdd.c
@@ -0,0 +1,634 @@
+/*
+ * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kpasswd_locl.h"
+RCSID("$Id: kpasswdd.c,v 1.41 1999/12/02 17:05:00 joda Exp $");
+
+#include <kadm5/admin.h>
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <hdb.h>
+
+static krb5_context context;
+static krb5_log_facility *log_facility;
+
+static sig_atomic_t exit_flag = 0;
+
+static void
+send_reply (int s,
+ struct sockaddr *sa,
+ int sa_size,
+ krb5_data *ap_rep,
+ krb5_data *rest)
+{
+ struct msghdr msghdr;
+ struct iovec iov[3];
+ u_int16_t len, ap_rep_len;
+ u_char header[6];
+ u_char *p;
+
+ if (ap_rep)
+ ap_rep_len = ap_rep->length;
+ else
+ ap_rep_len = 0;
+
+ len = 6 + ap_rep_len + rest->length;
+ p = header;
+ *p++ = (len >> 8) & 0xFF;
+ *p++ = (len >> 0) & 0xFF;
+ *p++ = 0;
+ *p++ = 1;
+ *p++ = (ap_rep_len >> 8) & 0xFF;
+ *p++ = (ap_rep_len >> 0) & 0xFF;
+
+ memset (&msghdr, 0, sizeof(msghdr));
+ msghdr.msg_name = (void *)sa;
+ msghdr.msg_namelen = sa_size;
+ msghdr.msg_iov = iov;
+ msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
+#if 0
+ msghdr.msg_control = NULL;
+ msghdr.msg_controllen = 0;
+#endif
+
+ iov[0].iov_base = (char *)header;
+ iov[0].iov_len = 6;
+ if (ap_rep_len) {
+ iov[1].iov_base = ap_rep->data;
+ iov[1].iov_len = ap_rep->length;
+ } else {
+ iov[1].iov_base = NULL;
+ iov[1].iov_len = 0;
+ }
+ iov[2].iov_base = rest->data;
+ iov[2].iov_len = rest->length;
+
+ if (sendmsg (s, &msghdr, 0) < 0)
+ krb5_warn (context, errno, "sendmsg");
+}
+
+static int
+make_result (krb5_data *data,
+ u_int16_t result_code,
+ const char *expl)
+{
+ krb5_data_zero (data);
+
+ data->length = asprintf ((char **)&data->data,
+ "%c%c%s",
+ (result_code >> 8) & 0xFF,
+ result_code & 0xFF,
+ expl);
+
+ if (data->data == NULL) {
+ krb5_warnx (context, "Out of memory generating error reply");
+ return 1;
+ }
+ return 0;
+}
+
+static void
+reply_error (krb5_principal server,
+ int s,
+ struct sockaddr *sa,
+ int sa_size,
+ krb5_error_code error_code,
+ u_int16_t result_code,
+ const char *expl)
+{
+ krb5_error_code ret;
+ krb5_data error_data;
+ krb5_data e_data;
+
+ if (make_result(&e_data, result_code, expl))
+ return;
+
+ ret = krb5_mk_error (context,
+ error_code,
+ NULL,
+ &e_data,
+ NULL,
+ server,
+ 0,
+ &error_data);
+ krb5_data_free (&e_data);
+ if (ret) {
+ krb5_warn (context, ret, "Could not even generate error reply");
+ return;
+ }
+ send_reply (s, sa, sa_size, NULL, &error_data);
+ krb5_data_free (&error_data);
+}
+
+static void
+reply_priv (krb5_auth_context auth_context,
+ int s,
+ struct sockaddr *sa,
+ int sa_size,
+ u_int16_t result_code,
+ const char *expl)
+{
+ krb5_error_code ret;
+ krb5_data krb_priv_data;
+ krb5_data ap_rep_data;
+ krb5_data e_data;
+
+ ret = krb5_mk_rep (context,
+ &auth_context,
+ &ap_rep_data);
+ if (ret) {
+ krb5_warn (context, ret, "Could not even generate error reply");
+ return;
+ }
+
+ if (make_result(&e_data, result_code, expl))
+ return;
+
+ ret = krb5_mk_priv (context,
+ auth_context,
+ &e_data,
+ &krb_priv_data,
+ NULL);
+ krb5_data_free (&e_data);
+ if (ret) {
+ krb5_warn (context, ret, "Could not even generate error reply");
+ return;
+ }
+ send_reply (s, sa, sa_size, &ap_rep_data, &krb_priv_data);
+ krb5_data_free (&ap_rep_data);
+ krb5_data_free (&krb_priv_data);
+}
+
+/*
+ * Change the password for `principal', sending the reply back on `s'
+ * (`sa', `sa_size') to `pwd_data'.
+ */
+
+static void
+change (krb5_auth_context auth_context,
+ krb5_principal principal,
+ int s,
+ struct sockaddr *sa,
+ int sa_size,
+ krb5_data *pwd_data)
+{
+ krb5_error_code ret;
+ char *client;
+ kadm5_principal_ent_rec ent;
+ krb5_key_data *kd;
+ krb5_salt salt;
+ krb5_keyblock new_keyblock;
+ const char *pwd_reason;
+ int unchanged;
+ kadm5_config_params conf;
+ void *kadm5_handle;
+
+ memset (&conf, 0, sizeof(conf));
+
+ krb5_unparse_name (context, principal, &client);
+
+ ret = kadm5_init_with_password_ctx(context,
+ client,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm5_handle);
+ if (ret) {
+ free (client);
+ krb5_warn (context, ret, "kadm5_init_with_password_ctx");
+ reply_priv (auth_context, s, sa, sa_size, 2,
+ "Internal error");
+ return;
+ }
+
+ krb5_warnx (context, "Changing password for %s", client);
+ free (client);
+
+ pwd_reason = kadm5_check_password_quality (context, principal, pwd_data);
+ if (pwd_reason != NULL ) {
+ krb5_warnx (context, "%s", pwd_reason);
+ reply_priv (auth_context, s, sa, sa_size, 4, pwd_reason);
+ kadm5_destroy (kadm5_handle);
+ return;
+ }
+
+ ret = kadm5_get_principal (kadm5_handle,
+ principal,
+ &ent,
+ KADM5_KEY_DATA);
+ if (ret) {
+ krb5_warn (context, ret, "kadm5_get_principal");
+ reply_priv (auth_context, s, sa, sa_size, 2,
+ "Internal error");
+ kadm5_destroy (kadm5_handle);
+ return;
+ }
+
+ /*
+ * Compare with the first key to see if it already has been
+ * changed. If it hasn't, store the new key in the database and
+ * string2key all the rest of them.
+ */
+
+ kd = &ent.key_data[0];
+
+ salt.salttype = kd->key_data_type[1];
+ salt.saltvalue.length = kd->key_data_length[1];
+ salt.saltvalue.data = kd->key_data_contents[1];
+
+ memset (&new_keyblock, 0, sizeof(new_keyblock));
+ krb5_string_to_key_data_salt (context,
+ kd->key_data_type[0],
+ *pwd_data,
+ salt,
+ &new_keyblock);
+
+ unchanged = new_keyblock.keytype == kd->key_data_type[0]
+ && new_keyblock.keyvalue.length == kd->key_data_length[0]
+ && memcmp(new_keyblock.keyvalue.data,
+ kd->key_data_contents[0],
+ new_keyblock.keyvalue.length) == 0;
+
+ krb5_free_keyblock_contents (context, &new_keyblock);
+
+ if (unchanged) {
+ ret = 0;
+ } else {
+ char *tmp;
+
+ tmp = malloc (pwd_data->length + 1);
+ if (tmp == NULL) {
+ krb5_warnx (context, "malloc: out of memory");
+ reply_priv (auth_context, s, sa, sa_size, 2,
+ "Internal error");
+ goto out;
+ }
+ memcpy (tmp, pwd_data->data, pwd_data->length);
+ tmp[pwd_data->length] = '\0';
+
+ ret = kadm5_chpass_principal (kadm5_handle,
+ principal,
+ tmp);
+ memset (tmp, 0, pwd_data->length);
+ free (tmp);
+ if (ret) {
+ krb5_warn (context, ret, "kadm5_s_chpass_principal");
+ reply_priv (auth_context, s, sa, sa_size, 2,
+ "Internal error");
+ goto out;
+ }
+ }
+ reply_priv (auth_context, s, sa, sa_size, 0, "Password changed");
+out:
+ kadm5_free_principal_ent (kadm5_handle, &ent);
+ kadm5_destroy (kadm5_handle);
+}
+
+static int
+verify (krb5_auth_context *auth_context,
+ krb5_principal server,
+ krb5_keytab keytab,
+ krb5_ticket **ticket,
+ krb5_data *out_data,
+ int s,
+ struct sockaddr *sa,
+ int sa_size,
+ u_char *msg,
+ size_t len)
+{
+ krb5_error_code ret;
+ u_int16_t pkt_len, pkt_ver, ap_req_len;
+ krb5_data ap_req_data;
+ krb5_data krb_priv_data;
+
+ pkt_len = (msg[0] << 8) | (msg[1]);
+ pkt_ver = (msg[2] << 8) | (msg[3]);
+ ap_req_len = (msg[4] << 8) | (msg[5]);
+ if (pkt_len != len) {
+ krb5_warnx (context, "Strange len: %ld != %ld",
+ (long)pkt_len, (long)len);
+ reply_error (server, s, sa, sa_size, 0, 1, "Bad request");
+ return 1;
+ }
+ if (pkt_ver != 0x0001) {
+ krb5_warnx (context, "Bad version (%d)", pkt_ver);
+ reply_error (server, s, sa, sa_size, 0, 1, "Wrong program version");
+ return 1;
+ }
+
+ ap_req_data.data = msg + 6;
+ ap_req_data.length = ap_req_len;
+
+ ret = krb5_rd_req (context,
+ auth_context,
+ &ap_req_data,
+ server,
+ keytab,
+ NULL,
+ ticket);
+ if (ret) {
+ if(ret == KRB5_KT_NOTFOUND) {
+ char *name;
+ krb5_unparse_name(context, server, &name);
+ krb5_warnx (context, "krb5_rd_req: %s (%s)",
+ krb5_get_err_text(context, ret), name);
+ free(name);
+ } else
+ krb5_warn (context, ret, "krb5_rd_req");
+ reply_error (server, s, sa, sa_size, ret, 3, "Authentication failed");
+ return 1;
+ }
+
+ if (!(*ticket)->ticket.flags.initial) {
+ krb5_warnx (context, "initial flag not set");
+ reply_error (server, s, sa, sa_size, ret, 1,
+ "Bad request");
+ goto out;
+ }
+ krb_priv_data.data = msg + 6 + ap_req_len;
+ krb_priv_data.length = len - 6 - ap_req_len;
+
+ ret = krb5_rd_priv (context,
+ *auth_context,
+ &krb_priv_data,
+ out_data,
+ NULL);
+
+ if (ret) {
+ krb5_warn (context, ret, "krb5_rd_priv");
+ reply_error (server, s, sa, sa_size, ret, 3, "Bad request");
+ goto out;
+ }
+ return 0;
+out:
+ krb5_free_ticket (context, *ticket);
+ return 1;
+}
+
+static void
+process (krb5_principal server,
+ krb5_keytab keytab,
+ int s,
+ krb5_address *this_addr,
+ struct sockaddr *sa,
+ int sa_size,
+ u_char *msg,
+ int len)
+{
+ krb5_error_code ret;
+ krb5_auth_context auth_context = NULL;
+ krb5_data out_data;
+ krb5_ticket *ticket;
+ krb5_address other_addr;
+
+ krb5_data_zero (&out_data);
+
+ ret = krb5_auth_con_init (context, &auth_context);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_auth_con_init");
+ return;
+ }
+
+ krb5_auth_con_setflags (context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+ ret = krb5_sockaddr2address (sa, &other_addr);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_sockaddr2address");
+ goto out;
+ }
+
+ ret = krb5_auth_con_setaddrs (context,
+ auth_context,
+ this_addr,
+ &other_addr);
+ krb5_free_address (context, &other_addr);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_auth_con_setaddr");
+ goto out;
+ }
+
+ if (verify (&auth_context, server, keytab, &ticket, &out_data,
+ s, sa, sa_size, msg, len) == 0) {
+ change (auth_context,
+ ticket->client,
+ s,
+ sa, sa_size,
+ &out_data);
+ krb5_free_ticket (context, ticket);
+ free (ticket);
+ }
+
+out:
+ krb5_data_free (&out_data);
+ krb5_auth_con_free (context, auth_context);
+}
+
+static int
+doit (krb5_keytab keytab,
+ int port)
+{
+ krb5_error_code ret;
+ krb5_principal server;
+ int *sockets;
+ int maxfd;
+ char *realm;
+ krb5_addresses addrs;
+ unsigned n, i;
+ fd_set real_fdset;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+
+ ret = krb5_get_default_realm (context, &realm);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_default_realm");
+
+ ret = krb5_build_principal (context,
+ &server,
+ strlen(realm),
+ realm,
+ "kadmin",
+ "changepw",
+ NULL);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_build_principal");
+
+ free (realm);
+
+ ret = krb5_get_all_server_addrs (context, &addrs);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
+
+ n = addrs.len;
+
+ sockets = malloc (n * sizeof(*sockets));
+ if (sockets == NULL)
+ krb5_errx (context, 1, "out of memory");
+ maxfd = 0;
+ FD_ZERO(&real_fdset);
+ for (i = 0; i < n; ++i) {
+ int sa_size;
+
+ krb5_addr2sockaddr (&addrs.val[i], sa, &sa_size, port);
+
+
+ sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0);
+ if (sockets[i] < 0)
+ krb5_err (context, 1, errno, "socket");
+ if (bind (sockets[i], sa, sa_size) < 0) {
+ char str[128];
+ size_t len;
+ ret = krb5_print_address (&addrs.val[i], str, sizeof(str), &len);
+ krb5_err (context, 1, errno, "bind(%s)", str);
+ }
+ maxfd = max (maxfd, sockets[i]);
+ FD_SET(sockets[i], &real_fdset);
+ }
+
+ while(exit_flag == 0) {
+ int ret;
+ fd_set fdset = real_fdset;
+
+ ret = select (maxfd + 1, &fdset, NULL, NULL, NULL);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ krb5_err (context, 1, errno, "select");
+ }
+ for (i = 0; i < n; ++i)
+ if (FD_ISSET(sockets[i], &fdset)) {
+ u_char buf[BUFSIZ];
+ int addrlen = sizeof(__ss);
+
+ ret = recvfrom (sockets[i], buf, sizeof(buf), 0,
+ sa, &addrlen);
+ if (ret < 0) {
+ if(errno == EINTR)
+ break;
+ else
+ krb5_err (context, 1, errno, "recvfrom");
+ }
+
+ process (server, keytab, sockets[i],
+ &addrs.val[i],
+ sa, addrlen,
+ buf, ret);
+ }
+ }
+ krb5_free_addresses (context, &addrs);
+ krb5_free_principal (context, server);
+ krb5_free_context (context);
+ return 0;
+}
+
+static RETSIGTYPE
+sigterm(int sig)
+{
+ exit_flag = 1;
+}
+
+const char *check_library = NULL;
+const char *check_function = NULL;
+char *keytab_str = "HDB:";
+char *realm_str;
+int version_flag;
+int help_flag;
+
+struct getargs args[] = {
+#ifdef HAVE_DLOPEN
+ { "check-library", 0, arg_string, &check_library,
+ "library to load password check function from", "library" },
+ { "check-function", 0, arg_string, &check_function,
+ "password check function to load", "function" },
+#endif
+ { "keytab", 'k', arg_string, &keytab_str,
+ "keytab to get authentication key from", "kspec" },
+ { "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+int
+main (int argc, char **argv)
+{
+ int optind;
+ krb5_keytab keytab;
+ krb5_error_code ret;
+
+ optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+
+ if(help_flag)
+ krb5_std_usage(0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(realm_str)
+ krb5_set_default_realm(context, realm_str);
+
+ krb5_openlog (context, "kpasswdd", &log_facility);
+ krb5_set_warn_dest(context, log_facility);
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_register");
+
+ ret = krb5_kt_resolve(context, keytab_str, &keytab);
+ if(ret)
+ krb5_err(context, 1, ret, "%s", keytab_str);
+
+ kadm5_setup_passwd_quality_check (context, check_library, check_function);
+
+#ifdef HAVE_SIGACTION
+ {
+ struct sigaction sa;
+
+ sa.sa_flags = 0;
+ sa.sa_handler = sigterm;
+ sigemptyset(&sa.sa_mask);
+
+ sigaction(SIGINT, &sa, NULL);
+ }
+#else
+ signal(SIGINT, sigterm);
+#endif
+
+ return doit (keytab,
+ krb5_getportbyname (context, "kpasswd",
+ "udp", KPASSWD_PORT));
+}
OpenPOWER on IntegriCloud