From c74adccd451a84b0d321e863101107ecdd91d584 Mon Sep 17 00:00:00 2001 From: wollman Date: Fri, 20 Jan 1995 22:14:14 +0000 Subject: Password-changing program with Kerberos support via the `kadmin' protocol. Replaces passwd(1) when eBones is installed. As before, HOW-TO explains the gory details. --- eBones/usr.bin/passwd/kpasswd.c | 223 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 223 insertions(+) create mode 100644 eBones/usr.bin/passwd/kpasswd.c (limited to 'eBones/usr.bin/passwd') diff --git a/eBones/usr.bin/passwd/kpasswd.c b/eBones/usr.bin/passwd/kpasswd.c new file mode 100644 index 0000000..708e677 --- /dev/null +++ b/eBones/usr.bin/passwd/kpasswd.c @@ -0,0 +1,223 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * change your password with kerberos + */ + +#ifndef lint +#if 0 +static char rcsid_kpasswd_c[] = + "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id$"; +#endif lint + +/* + * kpasswd + * change your password with kerberos + */ + +#include +#include +#include +#include +#include "kadm.h" + +#include "extern.h" + +extern void krb_set_tkt_string(); +static void go_home(char *, int); + + +int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag) +{ + char name[ANAME_SZ]; /* name of user */ + char inst[INST_SZ]; /* instance of user */ + char realm[REALM_SZ]; /* realm of user */ + char default_name[ANAME_SZ]; + char default_inst[INST_SZ]; + char default_realm[REALM_SZ]; + int realm_given = 0; /* True if realm was give on cmdline */ + int use_default = 1; /* True if we should use default name */ + struct passwd *pw; + int status; /* return code */ + des_cblock new_key; + int c; + extern char *optarg; + extern int optind; + char tktstring[MAXPATHLEN]; + + void get_pw_new_key(); + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif + int read_long_pw_string(); + + bzero(name, sizeof(name)); + bzero(inst, sizeof(inst)); + bzero(realm, sizeof(realm)); + + if (krb_get_tf_fullname(TKT_FILE, default_name, default_inst, + default_realm) != KSUCCESS) { + pw = getpwuid((int) getuid()); + if (pw) { + strcpy(default_name, pw->pw_name); + } else { + /* seems like a null name is kinda silly */ + strcpy(default_name, ""); + } + strcpy(default_inst, ""); + if (krb_get_lrealm(default_realm, 1) != KSUCCESS) + strcpy(default_realm, KRB_REALM); + } + + if(uflag) { + if (status = kname_parse(name, inst, realm, uflag)) { + errx(2, "Kerberos error: %s", krb_err_txt[status]); + } + if (realm[0]) + realm_given++; + else + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); + } + + if(uname) { + if (k_isname(uname)) { + strncpy(name, uname, sizeof(name) - 1); + } else { + errx(1, "bad name: %s", uname); + } + } + + if(iflag) { + if (k_isinst(iflag)) { + strncpy(inst, iflag, sizeof(inst) - 1); + } else { + errx(1, "bad instance: %s", iflag); + } + } + + if(rflag) { + if (k_isrealm(rflag)) { + strncpy(realm, rflag, sizeof(realm) - 1); + realm_given++; + } else { + errx(1, "bad realm: %s", rflag); + } + } + + if(uname || iflag || rflag || uflag) use_default = 0; + + if (use_default) { + strcpy(name, default_name); + strcpy(inst, default_inst); + strcpy(realm, default_realm); + } else { + if (!name[0]) + strcpy(name, default_name); + if (!realm[0]) + strcpy(realm, default_realm); + } + + (void) sprintf(tktstring, "/tmp/tkt_cpw_%d",getpid()); + krb_set_tkt_string(tktstring); + + get_pw_new_key(new_key, name, inst, realm, realm_given); + + if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) + != KADM_SUCCESS) + com_err("kpasswd", status, "while initializing"); + else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) + com_err("kpasswd", status, " attempting to change password."); + + if (status != KADM_SUCCESS) + fprintf(stderr,"Password NOT changed.\n"); + else + printf("Password changed.\n"); + + (void) dest_tkt(); + if (status) + exit(2); + else + exit(0); +} + +void get_pw_new_key(new_key, name, inst, realm, print_realm) + des_cblock new_key; + char *name; + char *inst; + char *realm; + int print_realm; /* True if realm was give on cmdline */ +{ + char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + char pword[MAX_KPW_LEN]; /* storage for the password */ + char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + + char local_realm[REALM_SZ]; + int status; + + /* + * We don't care about failure; this is to determine whether or + * not to print the realm in the prompt for a new password. + */ + (void) krb_get_lrealm(local_realm, 1); + + if (strcmp(local_realm, realm)) + print_realm++; + + (void) sprintf(ppromp,"Old password for %s%s%s%s%s:", + name, *inst ? "." : "", inst, + print_realm ? "@" : "", print_realm ? realm : ""); + if (read_long_pw_string(pword, sizeof(pword)-1, ppromp, 0)) { + fprintf(stderr, "Error reading old password.\n"); + exit(1); + } + + if ((status = krb_get_pw_in_tkt(name, inst, realm, PWSERV_NAME, + KADM_SINST, 1, pword)) != KSUCCESS) { + if (status == INTK_BADPW) { + printf("Incorrect old password.\n"); + exit(0); + } + else { + fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]); + exit(1); + } + } + bzero(pword, sizeof(pword)); + do { + (void) sprintf(npromp,"New Password for %s%s%s%s%s:", + name, *inst ? "." : "", inst, + print_realm ? "@" : "", print_realm ? realm : ""); + if (read_long_pw_string(pword, sizeof(pword)-1, npromp, 1)) + go_home("Error reading new password, password unchanged.\n",0); + if (strlen(pword) == 0) + printf("Null passwords are not allowed; try again.\n"); + } while (strlen(pword) == 0); + +#ifdef NOENCRYPTION + bzero((char *) new_key, sizeof(des_cblock)); + new_key[0] = (unsigned char) 1; +#else + (void) des_string_to_key(pword, new_key); +#endif + bzero(pword, sizeof(pword)); +} + +static void +go_home(str,x) + char *str; + int x; +{ + fprintf(stderr, str, x); + (void) dest_tkt(); + exit(1); +} -- cgit v1.1