OpenBSD-4.6/usr.bin/passwd/krb5_passwd.c
/*
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <fcntl.h>
#include <sys/uio.h>
#include <unistd.h>
#include <pwd.h>
#include <sys/time.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <errno.h>
#include <dlfcn.h>
#include <util.h>
#include <err.h>
#include <des.h>
#include <kerberosV/krb5.h>
/* RCSID("$KTH: kpasswd.c,v 1.23 2000/12/31 07:48:34 assar Exp $"); */
int krb5_passwd(int, char **);
int
krb5_passwd(int argc, char **argv)
{
krb5_data result_code_string, result_string;
krb5_get_init_creds_opt opt;
krb5_principal principal;
krb5_context context;
krb5_error_code ret;
char pwbuf[BUFSIZ];
krb5_creds cred;
int result_code;
uid_t uid;
uid = getuid();
if (setresuid(uid, uid, uid)) {
errx(1, "can't drop privileges\n");
}
krb5_get_init_creds_opt_init (&opt);
krb5_get_init_creds_opt_set_tkt_life (&opt, 300);
krb5_get_init_creds_opt_set_forwardable (&opt, FALSE);
krb5_get_init_creds_opt_set_proxiable (&opt, FALSE);
ret = krb5_init_context(&context);
if (ret)
errx(1, "krb5_init_context failed: %d", ret);
if (argv[0]) {
ret = krb5_parse_name(context, argv[0], &principal);
if (ret)
krb5_err(context, 1, ret, "krb5_parse_name");
} else {
ret = krb5_get_default_principal (context, &principal);
if (ret)
krb5_err (context, 1, ret, "krb5_get_default_principal");
}
ret = krb5_get_init_creds_password (context, &cred,
principal, NULL, krb5_prompter_posix, NULL, 0,
"kadmin/changepw", &opt);
switch (ret) {
case 0:
break;
case KRB5_LIBOS_PWDINTR :
return 1;
case KRB5KRB_AP_ERR_BAD_INTEGRITY :
case KRB5KRB_AP_ERR_MODIFIED :
krb5_errx(context, 1, "Password incorrect");
break;
default:
krb5_err(context, 1, ret, "krb5_get_init_creds");
}
krb5_data_zero(&result_code_string);
krb5_data_zero(&result_string);
if (des_read_pw_string(pwbuf, sizeof(pwbuf), "New password:", 1) != 0)
return 1;
ret = krb5_change_password (context, &cred, pwbuf, &result_code,
&result_code_string, &result_string);
if (ret)
krb5_err(context, 1, ret, "krb5_change_password");
printf("Reply from server: %.*s\n", (int)result_string.length,
(char *)result_string.data);
krb5_data_free(&result_code_string);
krb5_data_free(&result_string);
krb5_free_creds_contents(context, &cred);
krb5_free_context(context);
return result_code;
}