| blob | 12f0b1546893e5f437304b8b119de41d3f873626 |
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
36 #undef __attribute__
37 #define __attribute__(X)
40 static void
45 static void
48 ...)
49 {
57 }
59 /*
60 * Change password protocol defined by
61 * draft-ietf-cat-kerb-chg-password-02.txt
62 *
63 * Share the response part of the protocol with MS set password
64 * (RFC3244)
65 */
67 static krb5_error_code
71 krb5_principal targprinc,
73 rk_socket_t sock,
76 {
77 krb5_error_code ret;
78 krb5_data ap_req_data;
79 krb5_data krb_priv_data;
80 krb5_data passwd_data;
96 auth_context,
99 creds,
113 NULL);
130 #if 0
133 #endif
146 }
149 out2:
152 }
154 /*
155 * Set password protocol as defined by RFC3244 --
156 * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
157 */
159 static krb5_error_code
163 krb5_principal targprinc,
165 rk_socket_t sock,
168 {
169 krb5_error_code ret;
170 krb5_data ap_req_data;
171 krb5_data krb_priv_data;
172 krb5_data pwd_data;
173 ChangePasswdDataMS chpw;
183 auth_context,
186 creds,
199 }
206 }
215 NULL);
224 }
237 #if 0
240 #endif
245 else
256 }
259 out2:
263 }
265 static krb5_error_code
267 krb5_auth_context auth_context,
269 rk_socket_t sock,
274 {
275 krb5_error_code ret;
279 krb5_data ap_rep_data;
298 }
308 }
312 }
316 host);
318 }
327 }
329 }
336 }
342 KRB_ERROR error;
358 }
364 else
370 }
376 }
382 }
391 }
395 krb5_data priv_data;
402 auth_context,
411 auth_context,
413 result_code_string,
414 NULL);
418 }
425 }
435 KRB_ERROR error;
442 }
446 }
454 }
455 }
458 /*
459 * change the password using the credentials in `creds' (for the
460 * principal indicated in them) to `newpw', storing the result of
461 * the operation in `result_*' and an error code or 0.
462 */
465 krb5_auth_context *,
466 krb5_creds *,
467 krb5_principal,
469 rk_socket_t,
473 krb5_auth_context,
475 rk_socket_t,
477 krb5_data *,
478 krb5_data *,
484 #define SUPPORT_TCP 1
485 #define SUPPORT_UDP 2
486 kpwd_send_request send_req;
487 kpwd_process_reply process_rep;
489 {
492 setpw_send_request,
493 process_reply
494 },
495 {
497 SUPPORT_UDP,
498 chgpw_send_request,
499 process_reply
500 },
502 };
504 /*
505 *
506 */
508 static krb5_error_code
511 krb5_principal targprinc,
517 {
518 krb5_error_code ret;
522 rk_socket_t sock;
525 krb5_realm realm;
529 else
537 KRB5_AUTH_CONTEXT_DO_SEQUENCE);
560 }
578 }
581 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
585 }
588 fd_set fdset;
596 creds,
597 targprinc,
598 is_stream,
599 sock,
600 newpw,
605 }
606 }
608 #ifndef NO_LIMIT_FD_SETSIZE
615 }
616 #endif
627 }
630 auth_context,
631 is_stream,
632 sock,
633 result_code,
634 result_code_string,
635 result_string,
643 }
644 }
646 }
647 }
649 out:
655 ret,
659 }
661 }
663 #ifndef HEIMDAL_SMALLER
667 {
672 }
674 }
676 /**
677 * Deprecated: krb5_change_password() is deprecated, use krb5_set_password().
678 *
679 * @param context a Keberos context
680 * @param creds
681 * @param newpw
682 * @param result_code
683 * @param result_code_string
684 * @param result_string
685 *
686 * @return On sucess password is changed.
688 * @ingroup @krb5_deprecated
689 */
691 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
699 {
712 }
715 /**
716 * Change password using creds.
717 *
718 * @param context a Keberos context
719 * @param creds The initial kadmin/passwd for the principal or an admin principal
720 * @param newpw The new password to set
721 * @param targprinc if unset, the client principal from creds is used
722 * @param result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed.
723 * @param result_code_string binary message from the server, contains
724 * at least the result_code.
725 * @param result_string A message from the kpasswd service or the
726 * library in human printable form. The string is NUL terminated.
727 *
728 * @return On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed.
730 * @ingroup @krb5
731 */
733 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
737 krb5_principal targprinc,
741 {
761 result_string,
765 }
770 }
772 /*
773 *
774 */
776 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
778 krb5_ccache ccache,
780 krb5_principal targprinc,
784 {
786 krb5_error_code ret;
812 }
821 credsp,
822 newpw,
823 principal,
824 result_code,
825 result_code_string,
826 result_string);
831 out:
835 }
837 /*
838 *
839 */
844 {
853 "Initial flag needed"
854 };
858 else
860 }