search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
support ; for comments for compatability with MIT
[heimdal.git] / lib / krb5 / changepw.c
blobbaee3709389d327c389b41e47606be827730a699
1 /*
2 * Copyright (c) 1997 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
21 *
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 */
38
39 #include <krb5_locl.h>
40
41 RCSID("$Id$");
42
43 static krb5_error_code
44 get_kdc_address (krb5_context context,
45 krb5_realm realm,
46 struct sockaddr_in *addr)
47 {
48 krb5_error_code ret;
49 struct hostent *hostent;
50 char **hostlist;
51 char *dot;
52
53 ret = krb5_get_krbhst (context,
54 &realm,
55 &hostlist);
56 if (ret)
57 return ret;
58
59 dot = strchr (*hostlist, ':');
60 if (dot)
61 *dot = '\0';
62
63 hostent = gethostbyname (*hostlist);
64 krb5_free_krbhst (context, hostlist);
65 if (hostent == 0)
66 return h_errno; /* XXX */
67
68 memset (addr, 0, sizeof(*addr));
69 addr->sin_family = AF_INET;
70 memcpy (&addr->sin_addr, hostent->h_addr_list[0], sizeof(addr->sin_addr));
71 addr->sin_port = krb5_getportbyname (context, "kpasswd", "udp",
72 KPASSWD_PORT);
73
74 return 0;
75 }
76
77 static krb5_error_code
78 send_request (krb5_context context,
79 krb5_auth_context *auth_context,
80 krb5_creds *creds,
81 int sock,
82 struct sockaddr_in addr,
83 char *passwd)
84 {
85 krb5_error_code ret;
86 krb5_data ap_req_data;
87 krb5_data krb_priv_data;
88 krb5_data passwd_data;
89 size_t len;
90 u_char header[6];
91 u_char *p;
92 struct iovec iov[3];
93 struct msghdr msghdr;
94
95 krb5_data_zero (&ap_req_data);
96
97 ret = krb5_mk_req_extended (context,
98 auth_context,
99 AP_OPTS_MUTUAL_REQUIRED,
100 NULL, /* in_data */
101 creds,
102 &ap_req_data);
103 if (ret)
104 return ret;
105
106 passwd_data.data = passwd;
107 passwd_data.length = strlen(passwd);
108
109 krb5_data_zero (&krb_priv_data);
110
111 ret = krb5_mk_priv (context,
112 *auth_context,
113 &passwd_data,
114 &krb_priv_data,
115 NULL);
116 if (ret)
117 return ret;
118
119 len = 6 + ap_req_data.length + krb_priv_data.length;
120 p = header;
121 *p++ = (len >> 8) & 0xFF;
122 *p++ = (len >> 0) & 0xFF;
123 *p++ = 0;
124 *p++ = 1;
125 *p++ = (ap_req_data.length >> 8) & 0xFF;
126 *p++ = (ap_req_data.length >> 0) & 0xFF;
127
128 memset(&msghdr, 0, sizeof(msghdr));
129 msghdr.msg_name = (void *)&addr;
130 msghdr.msg_namelen = sizeof(addr);
131 msghdr.msg_iov = iov;
132 msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
133 #if 0
134 msghdr.msg_control = NULL;
135 msghdr.msg_controllen = 0;
136 #endif
137
138 iov[0].iov_base = (void*)header;
139 iov[0].iov_len = 6;
140 iov[1].iov_base = ap_req_data.data;
141 iov[1].iov_len = ap_req_data.length;
142 iov[2].iov_base = krb_priv_data.data;
143 iov[2].iov_len = krb_priv_data.length;
144
145 if (sendmsg (sock, &msghdr, 0) < 0)
146 return errno;
147
148 krb5_data_free (&ap_req_data);
149 krb5_data_free (&krb_priv_data);
150 return 0;
151 }
152
153 static void
154 str2data (krb5_data *d,
155 char *fmt,
156 ...)
157 {
158 char *p;
159 size_t len;
160 va_list args;
161
162 va_start(args, fmt);
163 d->length = vasprintf ((char **)&d->data, fmt, args);
164 va_end(args);
165 }
166
167 static krb5_error_code
168 process_reply (krb5_context context,
169 krb5_auth_context auth_context,
170 int sock,
171 int *result_code,
172 krb5_data *result_code_string,
173 krb5_data *result_string)
174 {
175 krb5_error_code ret;
176 u_char reply[BUFSIZ];
177 size_t len;
178 u_int16_t pkt_len, pkt_ver;
179 krb5_data ap_rep_data;
180
181 ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
182 if (ret < 0)
183 return errno;
184
185 len = ret;
186 pkt_len = (reply[0] << 8) | (reply[1]);
187 pkt_ver = (reply[2] << 8) | (reply[3]);
188
189 if (pkt_len != len) {
190 str2data (result_string, "client: wrong len in reply");
191 *result_code = KRB5_KPASSWD_MALFORMED;
192 return 0;
193 }
194 if (pkt_ver != 0x0001) {
195 str2data (result_string,
196 "client: wrong version number (%d)", pkt_ver);
197 *result_code = KRB5_KPASSWD_MALFORMED;
198 return 0;
199 }
200
201 ap_rep_data.data = reply + 6;
202 ap_rep_data.length = (reply[4] << 8) | (reply[5]);
203
204 if (ap_rep_data.length) {
205 krb5_ap_rep_enc_part *ap_rep;
206 krb5_data priv_data;
207 u_char *p;
208
209 ret = krb5_rd_rep (context,
210 auth_context,
211 &ap_rep_data,
212 &ap_rep);
213 if (ret)
214 return ret;
215
216 krb5_free_ap_rep_enc_part (context, ap_rep);
217
218 priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
219 priv_data.length = len - ap_rep_data.length - 6;
220
221 ret = krb5_rd_priv (context,
222 auth_context,
223 &priv_data,
224 result_code_string,
225 NULL);
226 if (ret) {
227 krb5_data_free (result_code_string);
228 return ret;
229 }
230
231 if (result_code_string->length < 2) {
232 *result_code = KRB5_KPASSWD_MALFORMED;
233 str2data (result_string,
234 "client: bad length in result");
235 return 0;
236 }
237 p = result_code_string->data;
238
239 *result_code = (p[0] << 8) | p[1];
240 krb5_data_copy (result_string,
241 (unsigned char*)result_code_string->data + 2,
242 result_code_string->length - 2);
243 return 0;
244 } else {
245 KRB_ERROR error;
246 size_t size;
247 u_char *p;
248
249 ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
250 if (ret) {
251 return ret;
252 }
253 if (error.e_data->length < 2) {
254 krb5_warnx (context, "too short e_data to print anything usable");
255 return 1;
256 }
257
258 p = error.e_data->data;
259 *result_code = (p[0] << 8) | p[1];
260 krb5_data_copy (result_string,
261 p + 2,
262 error.e_data->length - 2);
263 return 0;
264 }
265 }
266
267 krb5_error_code
268 krb5_change_password (krb5_context context,
269 krb5_creds *creds,
270 char *newpw,
271 int *result_code,
272 krb5_data *result_code_string,
273 krb5_data *result_string)
274 {
275 krb5_error_code ret;
276 krb5_auth_context auth_context = NULL;
277 krb5_creds cred;
278 int sock;
279 struct sockaddr_in addr;
280 int i;
281
282 sock = socket (AF_INET, SOCK_DGRAM, 0);
283 if (sock < 0)
284 return errno;
285
286 ret = get_kdc_address (context, creds->client->realm, &addr);
287 if (ret)
288 return ret;
289
290 ret = krb5_auth_con_init (context, &auth_context);
291 if (ret)
292 return ret;
293
294 krb5_auth_con_setflags (context, auth_context,
295 KRB5_AUTH_CONTEXT_DO_SEQUENCE);
296
297 for (i = 0; i < 5; ++i) {
298 struct fd_set fdset;
299 struct timeval tv;
300
301 ret = send_request (context,
302 &auth_context,
303 creds,
304 sock,
305 addr,
306 newpw);
307 if (ret)
308 goto out;
309
310 FD_ZERO(&fdset);
311 FD_SET(sock, &fdset);
312 tv.tv_usec = 0;
313 tv.tv_sec = 1 << i;
314
315 ret = select (sock + 1, &fdset, NULL, NULL, &tv);
316 if (ret < 0 && errno != EINTR)
317 goto out;
318 if (ret == 1)
319 break;
320 }
321 if (i == 5) {
322 ret = KRB5_KDC_UNREACH;
323 goto out;
324 }
325
326 ret = process_reply (context,
327 auth_context,
328 sock,
329 result_code,
330 result_code_string,
331 result_string);
332
333 out:
334 krb5_auth_con_free (context, auth_context);
335 return ret;
336 }
Heimdal