kadmin/cpw.c

   1 /*
   2  * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "kadmin_locl.h"
  35 #include "kadmin-commands.h"
  36
  37 struct cpw_entry_data {
  38     int keepold;
  39     int random_key;
  40     int random_password;
  41     char *password;
  42     krb5_key_data *key_data;
  43 };
  44
  45 static int
  46 set_random_key (krb5_principal principal, int keepold)
  47 {
  48     krb5_error_code ret;
  49     int i;
  50     krb5_keyblock *keys;
  51     int num_keys;
  52
  53     ret = kadm5_randkey_principal_3(kadm_handle, principal, keepold, 0, NULL,
  54                                     &keys, &num_keys);
  55     if(ret)
  56         return ret;
  57     for(i = 0; i < num_keys; i++)
  58         krb5_free_keyblock_contents(context, &keys[i]);
  59     free(keys);
  60     return 0;
  61 }
  62
  63 static int
  64 set_random_password (krb5_principal principal, int keepold)
  65 {
  66     krb5_error_code ret;
  67     char pw[128];
  68
  69     random_password (pw, sizeof(pw));
  70     ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL, pw);
  71     if (ret == 0) {
  72         char *princ_name;
  73
  74         krb5_unparse_name(context, principal, &princ_name);
  75
  76         printf ("%s's password set to \"%s\"\n", princ_name, pw);
  77         free (princ_name);
  78     }
  79     memset_s(pw, sizeof(pw), 0, sizeof(pw));
  80     return ret;
  81 }
  82
  83 static int
  84 set_password (krb5_principal principal, char *password, int keepold)
  85 {
  86     krb5_error_code ret = 0;
  87     char pwbuf[128];
  88     int aret;
  89
  90     if(password == NULL) {
  91         char *princ_name;
  92         char *prompt;
  93
  94         ret = krb5_unparse_name(context, principal, &princ_name);
  95         if (ret)
  96             return ret;
  97         aret = asprintf(&prompt, "%s's Password: ", princ_name);
  98         free (princ_name);
  99         if (aret == -1)
 100             return ENOMEM;
 101         ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt,
 102                                      UI_UTIL_FLAG_VERIFY |
 103                                      UI_UTIL_FLAG_VERIFY_SILENT);
 104         free (prompt);
 105         if(ret){
 106             return KRB5_LIBOS_BADPWDMATCH;
 107         }
 108         password = pwbuf;
 109     }
 110     if(ret == 0)
 111         ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL,
 112                                        password);
 113     memset_s(pwbuf, sizeof(pwbuf), 0, sizeof(pwbuf));
 114     return ret;
 115 }
 116
 117 static int
 118 set_key_data (krb5_principal principal, krb5_key_data *key_data, int keepold)
 119 {
 120     krb5_error_code ret;
 121
 122     ret = kadm5_chpass_principal_with_key_3(kadm_handle, principal, keepold,
 123                                             3, key_data);
 124     return ret;
 125 }
 126
 127 static int
 128 do_cpw_entry(krb5_principal principal, void *data)
 129 {
 130     struct cpw_entry_data *e = data;
 131
 132     if (e->random_key)
 133         return set_random_key (principal, e->keepold);
 134     else if (e->random_password)
 135         return set_random_password (principal, e->keepold);
 136     else if (e->key_data)
 137         return set_key_data (principal, e->key_data, e->keepold);
 138     else
 139         return set_password (principal, e->password, e->keepold);
 140 }
 141
 142 int
 143 cpw_entry(struct passwd_options *opt, int argc, char **argv)
 144 {
 145     krb5_error_code ret = 0;
 146     int i;
 147     struct cpw_entry_data data;
 148     int num;
 149     krb5_key_data key_data[3];
 150
 151     data.random_key = opt->random_key_flag;
 152     data.random_password = opt->random_password_flag;
 153     data.password = opt->password_string;
 154     data.key_data        = NULL;
 155
 156     /*
 157      * --keepold is the the default, and it should mean "prune all old keys not
 158      * needed to decrypt extant tickets".
 159      */
 160     num = 0;
 161     data.keepold = 1;
 162     if (opt->keepold_flag) {
 163         data.keepold = 1;
 164         num++;
 165     }
 166     if (opt->keepallold_flag) {
 167         data.keepold = 2;
 168         num++;
 169     }
 170     if (opt->pruneall_flag) {
 171         data.keepold = 0;
 172         num++;
 173     }
 174     if (num > 1) {
 175         fprintf(stderr, "use only one of --keepold, --keepallold, and --pruneall\n");
 176         return 1;
 177     }
 178
 179     num = 0;
 180     if (data.random_key)
 181         ++num;
 182     if (data.random_password)
 183         ++num;
 184     if (data.password)
 185         ++num;
 186     if (opt->key_string)
 187         ++num;
 188
 189     if (num > 1) {
 190         fprintf (stderr, "give only one of "
 191                 "--random-key, --random-password, --password, --key\n");
 192         return 1;
 193     }
 194
 195     if (opt->key_string) {
 196         const char *error;
 197
 198         if (parse_des_key (opt->key_string, key_data, &error)) {
 199             fprintf (stderr, "failed parsing key \"%s\": %s\n",
 200                      opt->key_string, error);
 201             return 1;
 202         }
 203         data.key_data = key_data;
 204     }
 205
 206     for(i = 0; i < argc; i++)
 207         ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data);
 208
 209     if (data.key_data) {
 210         int16_t dummy;
 211         kadm5_free_key_data (kadm_handle, &dummy, key_data);
 212     }
 213
 214     return ret != 0;
 215 }