d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/crypto/heimdal/lib/krb5/changepw.c
Mark Murray b528cefc6b Import KTH Heimdal, which will be the core of our Kerberos5. 
Userland to follow.
2000-01-09 20:58:00 +00:00

347 lines
8.3 KiB
C
Raw Blame History

/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <krb5_locl.h>
RCSID("$Id: changepw.c,v 1.19 1999/12/11 23:14:51 assar Exp $");
static krb5_error_code
get_kdc_address (krb5_context context,
krb5_realm realm,
struct addrinfo **ai)
{
struct addrinfo hints;
krb5_error_code ret;
char **hostlist;
int port = 0;
char portstr[NI_MAXSERV];
int error;
char *host;
char *dot;
ret = krb5_get_krb_changepw_hst (context,
&realm,
&hostlist);
if (ret)
return ret;
host = *hostlist;
dot = strchr (host, ':');
if (dot != NULL) {
char *end;
*dot++ = '\0';
port = strtol (dot, &end, 0);
}
if (port == 0)
port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
memset (&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
error = getaddrinfo (host, portstr, &hints, ai);
krb5_free_krbhst (context, hostlist);
return error;
}
static krb5_error_code
send_request (krb5_context context,
krb5_auth_context *auth_context,
krb5_creds *creds,
int sock,
struct sockaddr *sa,
int sa_size,
char *passwd)
{
krb5_error_code ret;
krb5_data ap_req_data;
krb5_data krb_priv_data;
krb5_data passwd_data;
size_t len;
u_char header[6];
u_char *p;
struct iovec iov[3];
struct msghdr msghdr;
krb5_data_zero (&ap_req_data);
ret = krb5_mk_req_extended (context,
auth_context,
AP_OPTS_MUTUAL_REQUIRED,
NULL, /* in_data */
creds,
&ap_req_data);
if (ret)
return ret;
passwd_data.data = passwd;
passwd_data.length = strlen(passwd);
krb5_data_zero (&krb_priv_data);
ret = krb5_mk_priv (context,
*auth_context,
&passwd_data,
&krb_priv_data,
NULL);
if (ret)
goto out2;
len = 6 + ap_req_data.length + krb_priv_data.length;
p = header;
*p++ = (len >> 8) & 0xFF;
*p++ = (len >> 0) & 0xFF;
*p++ = 0;
*p++ = 1;
*p++ = (ap_req_data.length >> 8) & 0xFF;
*p++ = (ap_req_data.length >> 0) & 0xFF;
memset(&msghdr, 0, sizeof(msghdr));
msghdr.msg_name = (void *)sa;
msghdr.msg_namelen = sa_size;
msghdr.msg_iov = iov;
msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
#if 0
msghdr.msg_control = NULL;
msghdr.msg_controllen = 0;
#endif
iov[0].iov_base = (void*)header;
iov[0].iov_len = 6;
iov[1].iov_base = ap_req_data.data;
iov[1].iov_len = ap_req_data.length;
iov[2].iov_base = krb_priv_data.data;
iov[2].iov_len = krb_priv_data.length;
if (sendmsg (sock, &msghdr, 0) < 0)
ret = errno;
krb5_data_free (&krb_priv_data);
out2:
krb5_data_free (&ap_req_data);
return ret;
}
static void
str2data (krb5_data *d,
char *fmt,
...)
{
va_list args;
va_start(args, fmt);
d->length = vasprintf ((char **)&d->data, fmt, args);
va_end(args);
}
static krb5_error_code
process_reply (krb5_context context,
krb5_auth_context auth_context,
int sock,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
{
krb5_error_code ret;
u_char reply[BUFSIZ];
size_t len;
u_int16_t pkt_len, pkt_ver;
krb5_data ap_rep_data;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
if (ret < 0)
return errno;
len = ret;
pkt_len = (reply[0] << 8) | (reply[1]);
pkt_ver = (reply[2] << 8) | (reply[3]);
if (pkt_len != len) {
str2data (result_string, "client: wrong len in reply");
*result_code = KRB5_KPASSWD_MALFORMED;
return 0;
}
if (pkt_ver != 0x0001) {
str2data (result_string,
"client: wrong version number (%d)", pkt_ver);
*result_code = KRB5_KPASSWD_MALFORMED;
return 0;
}
ap_rep_data.data = reply + 6;
ap_rep_data.length = (reply[4] << 8) | (reply[5]);
if (ap_rep_data.length) {
krb5_ap_rep_enc_part *ap_rep;
krb5_data priv_data;
u_char *p;
ret = krb5_rd_rep (context,
auth_context,
&ap_rep_data,
&ap_rep);
if (ret)
return ret;
krb5_free_ap_rep_enc_part (context, ap_rep);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
ret = krb5_rd_priv (context,
auth_context,
&priv_data,
result_code_string,
NULL);
if (ret) {
krb5_data_free (result_code_string);
return ret;
}
if (result_code_string->length < 2) {
*result_code = KRB5_KPASSWD_MALFORMED;
str2data (result_string,
"client: bad length in result");
return 0;
}
p = result_code_string->data;
*result_code = (p[0] << 8) | p[1];
krb5_data_copy (result_string,
(unsigned char*)result_code_string->data + 2,
result_code_string->length - 2);
return 0;
} else {
KRB_ERROR error;
size_t size;
u_char *p;
ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
if (ret) {
return ret;
}
if (error.e_data->length < 2) {
krb5_warnx (context, "too short e_data to print anything usable");
return 1;
}
p = error.e_data->data;
*result_code = (p[0] << 8) | p[1];
krb5_data_copy (result_string,
p + 2,
error.e_data->length - 2);
return 0;
}
}
krb5_error_code
krb5_change_password (krb5_context context,
krb5_creds *creds,
char *newpw,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string)
{
krb5_error_code ret;
krb5_auth_context auth_context = NULL;
int sock;
int i;
struct addrinfo *ai, *a;
ret = krb5_auth_con_init (context, &auth_context);
if (ret)
return ret;
ret = get_kdc_address (context, creds->client->realm, &ai);
if (ret)
goto out;
krb5_auth_con_setflags (context, auth_context,
KRB5_AUTH_CONTEXT_DO_SEQUENCE);
for (a = ai; a != NULL; a = a->ai_next) {
sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
if (sock < 0)
continue;
for (i = 0; i < 5; ++i) {
fd_set fdset;
struct timeval tv;
ret = send_request (context,
&auth_context,
creds,
sock,
a->ai_addr,
a->ai_addrlen,
newpw);
if (ret)
goto out;
FD_ZERO(&fdset);
FD_SET(sock, &fdset);
tv.tv_usec = 0;
tv.tv_sec = 1 << i;
ret = select (sock + 1, &fdset, NULL, NULL, &tv);
if (ret < 0 && errno != EINTR)
goto out;
if (ret == 1)
break;
}
if (i == 5) {
ret = KRB5_KDC_UNREACH;
close (sock);
continue;
}
ret = process_reply (context,
auth_context,
sock,
result_code,
result_code_string,
result_string);
close (sock);
if (ret == 0)
break;
}
freeaddrinfo (ai);
out:
krb5_auth_con_free (context, auth_context);
return ret;
}
Reference in New Issue View Git Blame Copy Permalink