diff options
| author | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
| commit | 02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b (patch) | |
| tree | 61b9147863cd8be3eff63903dc36cae168254bd5 /src/clients/kpasswd | |
| parent | 162ab371748cba0cc6f172419bd6e71fa04bb878 (diff) | |
| download | krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.zip krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.gz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.bz2 | |
make mark-cstyle
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients/kpasswd')
| -rw-r--r-- | src/clients/kpasswd/kpasswd.c | 237 | ||||
| -rw-r--r-- | src/clients/kpasswd/ksetpwd.c | 493 |
2 files changed, 366 insertions, 364 deletions
diff --git a/src/clients/kpasswd/kpasswd.c b/src/clients/kpasswd/kpasswd.c index 204a8bf..6bc0668 100644 --- a/src/clients/kpasswd/kpasswd.c +++ b/src/clients/kpasswd/kpasswd.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <stdio.h> #include <sys/types.h> #include "autoconf.h" @@ -23,13 +24,13 @@ void get_name_from_passwd_file(program_name, kcontext, me) struct passwd *pw; krb5_error_code code; if ((pw = getpwuid(getuid()))) { - if ((code = krb5_parse_name(kcontext, pw->pw_name, me))) { - com_err (program_name, code, "when parsing name %s", pw->pw_name); - exit(1); - } + if ((code = krb5_parse_name(kcontext, pw->pw_name, me))) { + com_err (program_name, code, "when parsing name %s", pw->pw_name); + exit(1); + } } else { - fprintf(stderr, "Unable to identify user from password file\n"); - exit(1); + fprintf(stderr, "Unable to identify user from password file\n"); + exit(1); } } #else /* HAVE_PWD_H */ @@ -44,116 +45,116 @@ void get_name_from_passwd_file(kcontext, me) int main(int argc, char *argv[]) { - krb5_error_code ret; - krb5_context context; - krb5_principal princ; - char *pname; - krb5_ccache ccache; - krb5_get_init_creds_opt *opts = NULL; - krb5_creds creds; - - char pw[1024]; - unsigned int pwlen; - int result_code; - krb5_data result_code_string, result_string; - - if (argc > 2) { - fprintf(stderr, "usage: %s [principal]\n", argv[0]); - exit(1); - } - - pname = argv[1]; - - ret = krb5_init_context(&context); - if (ret) { - com_err(argv[0], ret, "initializing kerberos library"); - exit(1); - } - - /* in order, use the first of: - - a name specified on the command line - - the principal name from an existing ccache - - the name corresponding to the ruid of the process - - otherwise, it's an error. - */ - - if (pname) { - if ((ret = krb5_parse_name(context, pname, &princ))) { - com_err(argv[0], ret, "parsing client name"); - exit(1); - } - } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) { - if (ret) { - com_err(argv[0], ret, "opening default ccache"); - exit(1); - } - - if ((ret = krb5_cc_get_principal(context, ccache, &princ))) { - com_err(argv[0], ret, "getting principal from ccache"); - exit(1); - } - - if ((ret = krb5_cc_close(context, ccache))) { - com_err(argv[0], ret, "closing ccache"); - exit(1); - } - } else { - get_name_from_passwd_file(argv[0], context, &princ); - } - - if ((ret = krb5_get_init_creds_opt_alloc(context, &opts))) { - com_err(argv[0], ret, "allocating krb5_get_init_creds_opt"); - exit(1); - } - krb5_get_init_creds_opt_set_tkt_life(opts, 5*60); - krb5_get_init_creds_opt_set_renew_life(opts, 0); - krb5_get_init_creds_opt_set_forwardable(opts, 0); - krb5_get_init_creds_opt_set_proxiable(opts, 0); - - if ((ret = krb5_get_init_creds_password(context, &creds, princ, NULL, - krb5_prompter_posix, NULL, - 0, "kadmin/changepw", opts))) { - if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) - com_err(argv[0], 0, - "Password incorrect while getting initial ticket"); - else - com_err(argv[0], ret, "getting initial ticket"); - krb5_get_init_creds_opt_free(context, opts); - exit(1); - } - - pwlen = sizeof(pw); - if ((ret = krb5_read_password(context, P1, P2, pw, &pwlen))) { - com_err(argv[0], ret, "while reading password"); - krb5_get_init_creds_opt_free(context, opts); - exit(1); - } - - if ((ret = krb5_change_password(context, &creds, pw, - &result_code, &result_code_string, - &result_string))) { - com_err(argv[0], ret, "changing password"); - krb5_get_init_creds_opt_free(context, opts); - exit(1); - } - - if (result_code) { - printf("%.*s%s%.*s\n", - (int) result_code_string.length, result_code_string.data, - result_string.length?": ":"", - (int) result_string.length, - result_string.data ? result_string.data : ""); - krb5_get_init_creds_opt_free(context, opts); - exit(2); - } - - if (result_string.data != NULL) - free(result_string.data); - if (result_code_string.data != NULL) - free(result_code_string.data); - krb5_get_init_creds_opt_free(context, opts); - - printf("Password changed.\n"); - exit(0); + krb5_error_code ret; + krb5_context context; + krb5_principal princ; + char *pname; + krb5_ccache ccache; + krb5_get_init_creds_opt *opts = NULL; + krb5_creds creds; + + char pw[1024]; + unsigned int pwlen; + int result_code; + krb5_data result_code_string, result_string; + + if (argc > 2) { + fprintf(stderr, "usage: %s [principal]\n", argv[0]); + exit(1); + } + + pname = argv[1]; + + ret = krb5_init_context(&context); + if (ret) { + com_err(argv[0], ret, "initializing kerberos library"); + exit(1); + } + + /* in order, use the first of: + - a name specified on the command line + - the principal name from an existing ccache + - the name corresponding to the ruid of the process + + otherwise, it's an error. + */ + + if (pname) { + if ((ret = krb5_parse_name(context, pname, &princ))) { + com_err(argv[0], ret, "parsing client name"); + exit(1); + } + } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) { + if (ret) { + com_err(argv[0], ret, "opening default ccache"); + exit(1); + } + + if ((ret = krb5_cc_get_principal(context, ccache, &princ))) { + com_err(argv[0], ret, "getting principal from ccache"); + exit(1); + } + + if ((ret = krb5_cc_close(context, ccache))) { + com_err(argv[0], ret, "closing ccache"); + exit(1); + } + } else { + get_name_from_passwd_file(argv[0], context, &princ); + } + + if ((ret = krb5_get_init_creds_opt_alloc(context, &opts))) { + com_err(argv[0], ret, "allocating krb5_get_init_creds_opt"); + exit(1); + } + krb5_get_init_creds_opt_set_tkt_life(opts, 5*60); + krb5_get_init_creds_opt_set_renew_life(opts, 0); + krb5_get_init_creds_opt_set_forwardable(opts, 0); + krb5_get_init_creds_opt_set_proxiable(opts, 0); + + if ((ret = krb5_get_init_creds_password(context, &creds, princ, NULL, + krb5_prompter_posix, NULL, + 0, "kadmin/changepw", opts))) { + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) + com_err(argv[0], 0, + "Password incorrect while getting initial ticket"); + else + com_err(argv[0], ret, "getting initial ticket"); + krb5_get_init_creds_opt_free(context, opts); + exit(1); + } + + pwlen = sizeof(pw); + if ((ret = krb5_read_password(context, P1, P2, pw, &pwlen))) { + com_err(argv[0], ret, "while reading password"); + krb5_get_init_creds_opt_free(context, opts); + exit(1); + } + + if ((ret = krb5_change_password(context, &creds, pw, + &result_code, &result_code_string, + &result_string))) { + com_err(argv[0], ret, "changing password"); + krb5_get_init_creds_opt_free(context, opts); + exit(1); + } + + if (result_code) { + printf("%.*s%s%.*s\n", + (int) result_code_string.length, result_code_string.data, + result_string.length?": ":"", + (int) result_string.length, + result_string.data ? result_string.data : ""); + krb5_get_init_creds_opt_free(context, opts); + exit(2); + } + + if (result_string.data != NULL) + free(result_string.data); + if (result_code_string.data != NULL) + free(result_code_string.data); + krb5_get_init_creds_opt_free(context, opts); + + printf("Password changed.\n"); + exit(0); } diff --git a/src/clients/kpasswd/ksetpwd.c b/src/clients/kpasswd/ksetpwd.c index a489f06..9719905 100644 --- a/src/clients/kpasswd/ksetpwd.c +++ b/src/clients/kpasswd/ksetpwd.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <krb5.h> #include <string.h> #include <unistd.h> @@ -9,26 +10,26 @@ static int verify_creds() { - krb5_context kcontext; - krb5_ccache ccache; - krb5_error_code kres; + krb5_context kcontext; + krb5_ccache ccache; + krb5_error_code kres; - kres = krb5_init_context(&kcontext); - if( kres == 0 ) - { - kres = krb5_cc_default( kcontext, &ccache ); - if( kres == 0 ) - { - krb5_principal user_princ; + kres = krb5_init_context(&kcontext); + if( kres == 0 ) + { + kres = krb5_cc_default( kcontext, &ccache ); + if( kres == 0 ) + { + krb5_principal user_princ; - kres = krb5_cc_get_principal( kcontext, ccache, &user_princ ); - if( kres == 0 ) - krb5_free_principal( kcontext, user_princ ); - krb5_cc_close( kcontext, ccache ); - } - krb5_free_context(kcontext); - } - return kres; + kres = krb5_cc_get_principal( kcontext, ccache, &user_princ ); + if( kres == 0 ) + krb5_free_principal( kcontext, user_princ ); + krb5_cc_close( kcontext, ccache ); + } + krb5_free_context(kcontext); + } + return kres; } static void get_init_creds_opt_init( krb5_get_init_creds_opt *outOptions ) @@ -44,269 +45,269 @@ typedef void * kbrccache_t; #define CCACHE_PREFIX_DEFAULT "MEMORY:C_" static kbrccache_t userinitcontext( - const char * user, const char * domain, const char * passwd, const char * cachename, int initialize, - int * outError ) + const char * user, const char * domain, const char * passwd, const char * cachename, int initialize, + int * outError ) { - krb5_context kcontext = 0; - krb5_ccache kcache = 0; - krb5_creds kcreds; - krb5_principal kme = 0; - krb5_error_code kres; - char * pPass = strdup( passwd ); - char * pName = NULL; - char * pCacheName = NULL; - int numCreds = 0; + krb5_context kcontext = 0; + krb5_ccache kcache = 0; + krb5_creds kcreds; + krb5_principal kme = 0; + krb5_error_code kres; + char * pPass = strdup( passwd ); + char * pName = NULL; + char * pCacheName = NULL; + int numCreds = 0; - memset( &kcreds, 0, sizeof(kcreds) ); - kres = krb5_init_context( &kcontext ); - if( kres ) - goto return_error; - if( domain ) - kres = krb5_build_principal( kcontext, &kme, strlen(domain), domain, user, (char *) 0 ); - else - kres = krb5_parse_name( kcontext, user, &kme ); - if( kres ) - goto fail; - krb5_unparse_name( kcontext, kme, &pName ); - if( cachename ) - { - if (asprintf(&pCacheName, "%s%s", cachename, pName) < 0) - { - kres = KRB5_CC_NOMEM; - goto fail; - } - kres = krb5_cc_resolve( kcontext, pCacheName, &kcache ); - if( kres ) - { - kres = krb5_cc_resolve( kcontext, CCACHE_PREFIX_DEFAULT, &kcache ); - if( kres == 0 ) - pCacheName = strdup(CCACHE_PREFIX_DEFAULT); - } - } - else - { - kres = krb5_cc_default( kcontext, &kcache ); - pCacheName = strdup( krb5_cc_get_name( kcontext, kcache ) ); - } - if( kres ) - { - krb5_free_context(kcontext); - goto return_error; - } - if( initialize ) - krb5_cc_initialize( kcontext, kcache, kme ); - if( kres == 0 && user && passwd ) - { - long timeneeded = time(0L) +TKTTIMELEFT; - int have_credentials = 0; - krb5_cc_cursor cc_curs = NULL; - numCreds = 0; - if( (kres=krb5_cc_start_seq_get(kcontext, kcache, &cc_curs)) >= 0 ) - { - while( (kres=krb5_cc_next_cred(kcontext, kcache, &cc_curs, &kcreds))== 0) - { - numCreds++; - if( krb5_principal_compare( kcontext, kme, kcreds.client ) ) - { - if( kcreds.ticket_flags & TKT_FLG_INITIAL && kcreds.times.endtime>timeneeded ) - have_credentials = 1; - } - krb5_free_cred_contents( kcontext, &kcreds ); - if( have_credentials ) - break; - } - krb5_cc_end_seq_get( kcontext, kcache, &cc_curs ); - } - else - { - const char * errmsg = error_message(kres); - fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg ); - } - if( kres != 0 || have_credentials == 0 ) - { - krb5_get_init_creds_opt *options = NULL; - kres = krb5_get_init_creds_opt_alloc(kcontext, &options); - if ( kres == 0 ) - { - get_init_creds_opt_init(options); + memset( &kcreds, 0, sizeof(kcreds) ); + kres = krb5_init_context( &kcontext ); + if( kres ) + goto return_error; + if( domain ) + kres = krb5_build_principal( kcontext, &kme, strlen(domain), domain, user, (char *) 0 ); + else + kres = krb5_parse_name( kcontext, user, &kme ); + if( kres ) + goto fail; + krb5_unparse_name( kcontext, kme, &pName ); + if( cachename ) + { + if (asprintf(&pCacheName, "%s%s", cachename, pName) < 0) + { + kres = KRB5_CC_NOMEM; + goto fail; + } + kres = krb5_cc_resolve( kcontext, pCacheName, &kcache ); + if( kres ) + { + kres = krb5_cc_resolve( kcontext, CCACHE_PREFIX_DEFAULT, &kcache ); + if( kres == 0 ) + pCacheName = strdup(CCACHE_PREFIX_DEFAULT); + } + } + else + { + kres = krb5_cc_default( kcontext, &kcache ); + pCacheName = strdup( krb5_cc_get_name( kcontext, kcache ) ); + } + if( kres ) + { + krb5_free_context(kcontext); + goto return_error; + } + if( initialize ) + krb5_cc_initialize( kcontext, kcache, kme ); + if( kres == 0 && user && passwd ) + { + long timeneeded = time(0L) +TKTTIMELEFT; + int have_credentials = 0; + krb5_cc_cursor cc_curs = NULL; + numCreds = 0; + if( (kres=krb5_cc_start_seq_get(kcontext, kcache, &cc_curs)) >= 0 ) + { + while( (kres=krb5_cc_next_cred(kcontext, kcache, &cc_curs, &kcreds))== 0) + { + numCreds++; + if( krb5_principal_compare( kcontext, kme, kcreds.client ) ) + { + if( kcreds.ticket_flags & TKT_FLG_INITIAL && kcreds.times.endtime>timeneeded ) + have_credentials = 1; + } + krb5_free_cred_contents( kcontext, &kcreds ); + if( have_credentials ) + break; + } + krb5_cc_end_seq_get( kcontext, kcache, &cc_curs ); + } + else + { + const char * errmsg = error_message(kres); + fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg ); + } + if( kres != 0 || have_credentials == 0 ) + { + krb5_get_init_creds_opt *options = NULL; + kres = krb5_get_init_creds_opt_alloc(kcontext, &options); + if ( kres == 0 ) + { + get_init_creds_opt_init(options); /* ** no valid credentials - get new ones */ - kres = krb5_get_init_creds_password( kcontext, &kcreds, kme, pPass, - NULL /*prompter*/, - NULL /*data*/, - 0 /*starttime*/, - 0 /*in_tkt_service*/, - options /*options*/ ); - } - if( kres == 0 ) - { - if( numCreds <= 0 ) - kres = krb5_cc_initialize( kcontext, kcache, kme ); - if( kres == 0 ) - kres = krb5_cc_store_cred( kcontext, kcache, &kcreds ); - if( kres == 0 ) - have_credentials = 1; - } - krb5_get_init_creds_opt_free(kcontext, options); - } + kres = krb5_get_init_creds_password( kcontext, &kcreds, kme, pPass, + NULL /*prompter*/, + NULL /*data*/, + 0 /*starttime*/, + 0 /*in_tkt_service*/, + options /*options*/ ); + } + if( kres == 0 ) + { + if( numCreds <= 0 ) + kres = krb5_cc_initialize( kcontext, kcache, kme ); + if( kres == 0 ) + kres = krb5_cc_store_cred( kcontext, kcache, &kcreds ); + if( kres == 0 ) + have_credentials = 1; + } + krb5_get_init_creds_opt_free(kcontext, options); + } #ifdef NOTUSED - if( have_credentials ) - { - int mstat; - kres = gss_krb5_ccache_name( &mstat, pCacheName, NULL ); - if( getenv( ENV_DEBUG_LDAPKERB ) ) - fprintf( stderr, "gss credentials cache set to %s(%d)\n", pCacheName, kres ); - } + if( have_credentials ) + { + int mstat; + kres = gss_krb5_ccache_name( &mstat, pCacheName, NULL ); + if( getenv( ENV_DEBUG_LDAPKERB ) ) + fprintf( stderr, "gss credentials cache set to %s(%d)\n", pCacheName, kres ); + } #endif - krb5_cc_close( kcontext, kcache ); - } + krb5_cc_close( kcontext, kcache ); + } fail: - if( kres ) - { - const char * errmsg = error_message(kres); - fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg ); - } - krb5_free_principal( kcontext, kme ); - krb5_free_cred_contents( kcontext, &kcreds ); - if( pName ) - free( pName ); - free(pPass); - krb5_free_context(kcontext); + if( kres ) + { + const char * errmsg = error_message(kres); + fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg ); + } + krb5_free_principal( kcontext, kme ); + krb5_free_cred_contents( kcontext, &kcreds ); + if( pName ) + free( pName ); + free(pPass); + krb5_free_context(kcontext); return_error: - if( kres ) - { - if( pCacheName ) - { - free(pCacheName); - pCacheName = NULL; - } - } - if( outError ) - *outError = kres; - return pCacheName; + if( kres ) + { + if( pCacheName ) + { + free(pCacheName); + pCacheName = NULL; + } + } + if( outError ) + *outError = kres; + return pCacheName; } static int init_creds() { - char user[512]; - char * password = NULL; - int result; + char user[512]; + char * password = NULL; + int result; - user[0] = 0; - result = -1; + user[0] = 0; + result = -1; - for(;;) - { - while( user[0] == 0 ) - { - int userlen; - printf( "Username: "); - fflush(stdout); - if( fgets( user, sizeof(user), stdin ) == NULL ) - return -1; - userlen = strlen( user); - if( userlen < 2 ) - continue; - user[userlen-1] = 0; /* get rid of the newline */ - break; - } - { - kbrccache_t usercontext; - password = getpass( "Password: "); - if( ! password ) - return -1; - result = 0; - usercontext = userinitcontext( user, NULL, password, NULL, 1, &result ); - if( usercontext ) - break; - } - } - return result; + for(;;) + { + while( user[0] == 0 ) + { + int userlen; + printf( "Username: "); + fflush(stdout); + if( fgets( user, sizeof(user), stdin ) == NULL ) + return -1; + userlen = strlen( user); + if( userlen < 2 ) + continue; + user[userlen-1] = 0; /* get rid of the newline */ + break; + } + { + kbrccache_t usercontext; + password = getpass( "Password: "); + if( ! password ) + return -1; + result = 0; + usercontext = userinitcontext( user, NULL, password, NULL, 1, &result ); + if( usercontext ) + break; + } + } + return result; } int main( int argc, char ** argv ) { - char * new_password = NULL; - char * new_password2; - krb5_context kcontext; - krb5_error_code kerr; - krb5_principal target_principal; + char * new_password = NULL; + char * new_password2; + krb5_context kcontext; + krb5_error_code kerr; + krb5_principal target_principal; - if( argc < 2 ) - { - fprintf( stderr, "Usage: setpass user@REALM\n"); - exit(1); - } + if( argc < 2 ) + { + fprintf( stderr, "Usage: setpass user@REALM\n"); + exit(1); + } /* ** verify credentials - */ - if( verify_creds() ) - init_creds(); - if( verify_creds() ) - { - fprintf( stderr, "No user credentials available\n"); - exit(1); - } + if( verify_creds() ) + init_creds(); + if( verify_creds() ) + { + fprintf( stderr, "No user credentials available\n"); + exit(1); + } /* ** check the principal name - */ - krb5_init_context(&kcontext); - kerr = krb5_parse_name( kcontext, argv[1], &target_principal ); + krb5_init_context(&kcontext); + kerr = krb5_parse_name( kcontext, argv[1], &target_principal ); - { - char * pname = NULL; - kerr = krb5_unparse_name( kcontext, target_principal, &pname ); - printf( "Changing password for %s:\n", pname); - fflush( stdout ); - free( pname ); - } + { + char * pname = NULL; + kerr = krb5_unparse_name( kcontext, target_principal, &pname ); + printf( "Changing password for %s:\n", pname); + fflush( stdout ); + free( pname ); + } /* ** get the new password - */ - while( !new_password ) - { - new_password = getpass("Enter new password: "); - new_password2 = getpass("Verify new password: "); - if( strcmp( new_password, new_password2 ) ) - { - printf("Passwords do not match\n"); - free( new_password ); - free( new_password2 ); - continue; - } - } + while( !new_password ) + { + new_password = getpass("Enter new password: "); + new_password2 = getpass("Verify new password: "); + if( strcmp( new_password, new_password2 ) ) + { + printf("Passwords do not match\n"); + free( new_password ); + free( new_password2 ); + continue; + } + } /* ** change the password - */ - { - int pw_result; - krb5_ccache ccache; - krb5_data pw_res_string, res_string; + { + int pw_result; + krb5_ccache ccache; + krb5_data pw_res_string, res_string; - kerr = krb5_cc_default( kcontext, &ccache ); - if( kerr == 0 ) - { - kerr = krb5_set_password_using_ccache(kcontext, ccache, new_password, target_principal, - &pw_result, &pw_res_string, &res_string ); - if( kerr ) - fprintf( stderr, "Failed: %s\n", error_message(kerr) ); - else - { - if( pw_result ) - { - fprintf( stderr, "Failed(%d)", pw_result ); - if( pw_res_string.length > 0 ) - fprintf( stderr, ": %s", pw_res_string.data); - if( res_string.length > 0 ) - fprintf( stderr, " %s", res_string.data); - fprintf( stderr, "\n"); - } - } - } - } - return(0); + kerr = krb5_cc_default( kcontext, &ccache ); + if( kerr == 0 ) + { + kerr = krb5_set_password_using_ccache(kcontext, ccache, new_password, target_principal, + &pw_result, &pw_res_string, &res_string ); + if( kerr ) + fprintf( stderr, "Failed: %s\n", error_message(kerr) ); + else + { + if( pw_result ) + { + fprintf( stderr, "Failed(%d)", pw_result ); + if( pw_res_string.length > 0 ) + fprintf( stderr, ": %s", pw_res_string.data); + if( res_string.length > 0 ) + fprintf( stderr, " %s", res_string.data); + fprintf( stderr, "\n"); + } + } + } + } + return(0); } |