diff options
Diffstat (limited to 'usr.bin/passwd')
-rw-r--r-- | usr.bin/passwd/kpasswd_proto.h | 54 | ||||
-rw-r--r-- | usr.bin/passwd/krb_passwd.c | 319 |
2 files changed, 0 insertions, 373 deletions
diff --git a/usr.bin/passwd/kpasswd_proto.h b/usr.bin/passwd/kpasswd_proto.h deleted file mode 100644 index 465d4c7..0000000 --- a/usr.bin/passwd/kpasswd_proto.h +++ /dev/null @@ -1,54 +0,0 @@ -/*- - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)kpasswd_proto.h 8.1 (Berkeley) 6/6/93 - */ - -/* - * kpasswd_proto - * - * definitions for the kpasswd "protocol" - * (We hope this to be temporary until a real admin protocol is worked out.) - */ - -struct kpasswd_data { - des_cblock random_key; - char secure_msg[_PASSWORD_LEN]; -}; - -struct update_data { - char pw[_PASSWORD_LEN]; - char secure_msg[_PASSWORD_LEN]; -}; -#define SERVICE "kpasswd" -#define SECURE_STRING \ - "Kerberos password update program -- 12/9/88 UC Berkeley" diff --git a/usr.bin/passwd/krb_passwd.c b/usr.bin/passwd/krb_passwd.c deleted file mode 100644 index d4a0f15..0000000 --- a/usr.bin/passwd/krb_passwd.c +++ /dev/null @@ -1,319 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -static char sccsid[] = "@(#)krb_passwd.c 8.3 (Berkeley) 4/2/94"; -#endif /* not lint */ - -#ifdef KERBEROS - -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/time.h> -#include <sys/resource.h> -#include <netinet/in.h> -#include <kerberosIV/des.h> -#include <kerberosIV/krb.h> - -#include <err.h> -#include <errno.h> -#include <netdb.h> -#include <pwd.h> -#include <signal.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "kpasswd_proto.h" - -#include "extern.h" - -#define PROTO "tcp" - -static void send_update __P((int, char *, char *)); -static void recv_ack __P((int)); -static void cleanup __P((void)); -static void finish __P((void)); - -static struct timeval timeout = { CLIENT_KRB_TIMEOUT, 0 }; -static struct kpasswd_data proto_data; -static des_cblock okey; -static Key_schedule osched; -static KTEXT_ST ticket; -static Key_schedule random_schedule; -static long authopts; -static char realm[REALM_SZ], krbhst[MAX_HSTNM]; -static int sock; - -int -krb_passwd() -{ - struct servent *se; - struct hostent *host; - struct sockaddr_in sin; - CREDENTIALS cred; - fd_set readfds; - int rval; - char pass[_PASSWORD_LEN], password[_PASSWORD_LEN]; - static void finish(); - - static struct rlimit rl = { 0, 0 }; - - (void)signal(SIGHUP, SIG_IGN); - (void)signal(SIGINT, SIG_IGN); - (void)signal(SIGTSTP, SIG_IGN); - - if (setrlimit(RLIMIT_CORE, &rl) < 0) { - warn("setrlimit"); - return (1); - } - - if ((se = getservbyname(SERVICE, PROTO)) == NULL) { - warnx("couldn't find entry for service %s/%s", - SERVICE, PROTO); - return (1); - } - - if ((rval = krb_get_lrealm(realm,1)) != KSUCCESS) { - warnx("couldn't get local Kerberos realm: %s", - krb_err_txt[rval]); - return (1); - } - - if ((rval = krb_get_krbhst(krbhst, realm, 1)) != KSUCCESS) { - warnx("couldn't get Kerberos host: %s", - krb_err_txt[rval]); - return (1); - } - - if ((host = gethostbyname(krbhst)) == NULL) { - warnx("couldn't get host entry for krb host %s", - krbhst); - return (1); - } - - sin.sin_family = host->h_addrtype; - memmove((char *) &sin.sin_addr, host->h_addr, host->h_length); - sin.sin_port = se->s_port; - - if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - warn("socket"); - return (1); - } - - if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { - warn("connect"); - (void)close(sock); - return (1); - } - - rval = krb_sendauth( - authopts, /* NOT mutual */ - sock, - &ticket, /* (filled in) */ - SERVICE, - krbhst, /* instance (krbhst) */ - realm, /* dest realm */ - (u_long) getpid(), /* checksum */ - NULL, /* msg data */ - NULL, /* credentials */ - NULL, /* schedule */ - NULL, /* local addr */ - NULL, /* foreign addr */ - "KPWDV0.1" - ); - - if (rval != KSUCCESS) { - warnx("Kerberos sendauth error: %s", krb_err_txt[rval]); - return (1); - } - - krb_get_cred("krbtgt", realm, realm, &cred); - - (void)printf("Changing Kerberos password for %s.%s@%s.\n", - cred.pname, cred.pinst, realm); - - if (des_read_pw_string(pass, - sizeof(pass)-1, "Old Kerberos password:", 0)) { - warnx("error reading old Kerberos password"); - return (1); - } - - (void)des_string_to_key(pass, okey); - (void)des_key_sched(okey, osched); - (void)des_set_key(okey, osched); - - /* wait on the verification string */ - - FD_ZERO(&readfds); - FD_SET(sock, &readfds); - - rval = - select(sock + 1, &readfds, (fd_set *) 0, (fd_set *) 0, &timeout); - - if ((rval < 1) || !FD_ISSET(sock, &readfds)) { - if(rval == 0) { - warnx("timed out (aborted)"); - cleanup(); - return (1); - } - warnx("select failed (aborted)"); - cleanup(); - return (1); - } - - /* read verification string */ - - if (des_read(sock, &proto_data, sizeof(proto_data)) != - sizeof(proto_data)) { - warnx("couldn't read verification string (aborted)"); - cleanup(); - return (1); - } - - (void)signal(SIGHUP, finish); - (void)signal(SIGINT, finish); - - if (strcmp(SECURE_STRING, proto_data.secure_msg) != 0) { - cleanup(); - /* don't complain loud if user just hit return */ - if (pass == NULL || (!*pass)) - return (0); - (void)fprintf(stderr, "Sorry\n"); - return (1); - } - - (void)des_key_sched(proto_data.random_key, random_schedule); - (void)des_set_key(proto_data.random_key, random_schedule); - (void)memset(pass, 0, sizeof(pass)); - - if (des_read_pw_string(pass, - sizeof(pass)-1, "New Kerberos password:", 0)) { - warnx("error reading new Kerberos password (aborted)"); - cleanup(); - return (1); - } - - if (des_read_pw_string(password, - sizeof(password)-1, "Retype new Kerberos password:", 0)) { - warnx("error reading new Kerberos password (aborted)"); - cleanup(); - return (1); - } - - if (strcmp(password, pass) != 0) { - warnx("password mismatch (aborted)"); - cleanup(); - return (1); - } - - if (strlen(pass) == 0) - (void)printf("using NULL password\n"); - - send_update(sock, password, SECURE_STRING); - - /* wait for ACK */ - - FD_ZERO(&readfds); - FD_SET(sock, &readfds); - - rval = - select(sock + 1, &readfds, (fd_set *) 0, (fd_set *) 0, &timeout); - if ((rval < 1) || !FD_ISSET(sock, &readfds)) { - if(rval == 0) { - warnx("timed out reading ACK (aborted)"); - cleanup(); - exit(1); - } - warnx("select failed (aborted)"); - cleanup(); - exit(1); - } - recv_ack(sock); - cleanup(); - return (0); -} - -static void -send_update(dest, pwd, str) - int dest; - char *pwd, *str; -{ - static struct update_data ud; - - (void)strncpy(ud.secure_msg, str, _PASSWORD_LEN); - (void)strncpy(ud.pw, pwd, sizeof(ud.pw)); - if (des_write(dest, &ud, sizeof(ud)) != sizeof(ud)) { - warnx("couldn't write pw update (abort)"); - memset((char *)&ud, 0, sizeof(ud)); - cleanup(); - exit(1); - } -} - -static void -recv_ack(remote) - int remote; -{ - int cc; - char buf[BUFSIZ]; - - cc = des_read(remote, buf, sizeof(buf)); - if (cc <= 0) { - warnx("error reading acknowledgement (aborted)"); - cleanup(); - exit(1); - } - (void)printf("%s", buf); -} - -static void -cleanup() -{ - - (void)memset((char *)&proto_data, 0, sizeof(proto_data)); - (void)memset((char *)okey, 0, sizeof(okey)); - (void)memset((char *)osched, 0, sizeof(osched)); - (void)memset((char *)random_schedule, 0, sizeof(random_schedule)); -} - -static void -finish() -{ - - (void)close(sock); - exit(1); -} - -#endif /* KERBEROS */ |