changepw.c revision 159d09a20817016f09b3ea28d1bdada4a336bb91
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* lib/krb5/os/changepw.c
*
* Copyright 1990,1999 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
#define NEED_SOCKETS
#include <k5-int.h>
#include <kadm5/admin.h>
#include <client_internal.h>
#include <gssapi/gssapi.h>
#include <gssapi_krb5.h>
#include <gssapiP_krb5.h>
#include <krb5.h>
/* #include "adm_err.h" */
#include <stdio.h>
#include <errno.h>
extern krb5_error_code krb5int_mk_chpw_req(krb5_context context,
krb5_auth_context auth_context,
krb5_data *ap_req, char *passwd,
krb5_data *packet);
extern krb5_error_code krb5int_rd_chpw_rep(krb5_context context,
krb5_auth_context auth_context,
krb5_data *packet, int *result_code,
krb5_data *result_data);
/*
* _kadm5_get_kpasswd_protocol
*
* returns the password change protocol value to the caller.
* Since the 'handle' is an opaque value to higher up callers,
* this method is needed to provide a way for them to get a peek
* at the protocol being used without having to expose the entire
* handle structure.
*/
krb5_chgpwd_prot
_kadm5_get_kpasswd_protocol(void *handle)
{
kadm5_server_handle_t srvrhdl = (kadm5_server_handle_t)handle;
return (srvrhdl->params.kpasswd_protocol);
}
/*
* krb5_change_password
*
* Prepare and send a CHANGEPW request to a password server
* using UDP datagrams. This is only used for sending to
* non-SEAM servers which support the Marc Horowitz defined
* protocol (1998) for password changing.
*
* SUNW14resync - added _local as it conflicts with one in krb5.h
*/
static krb5_error_code
krb5_change_password_local(context, params, creds, newpw, srvr_rsp_code,
srvr_msg)
krb5_context context;
kadm5_config_params *params;
krb5_creds *creds;
char *newpw;
kadm5_ret_t *srvr_rsp_code;
krb5_data *srvr_msg;
{
krb5_auth_context auth_context;
krb5_data ap_req, chpw_req, chpw_rep;
krb5_address local_kaddr, remote_kaddr;
krb5_error_code code = 0;
int i, addrlen;
struct sockaddr *addr_p, local_addr, remote_addr, tmp_addr;
struct sockaddr_in *sin_p;
struct hostent *hp;
int naddr_p;
int cc, local_result_code, tmp_len;
SOCKET s1 = INVALID_SOCKET;
SOCKET s2 = INVALID_SOCKET;
/* Initialize values so that cleanup call can safely check for NULL */
auth_context = NULL;
addr_p = NULL;
memset(&chpw_req, 0, sizeof (krb5_data));
memset(&chpw_rep, 0, sizeof (krb5_data));
memset(&ap_req, 0, sizeof (krb5_data));
/* initialize auth_context so that we know we have to free it */
if ((code = krb5_auth_con_init(context, &auth_context)))
goto cleanup;
if (code = krb5_mk_req_extended(context, &auth_context,
AP_OPTS_USE_SUBKEY,
NULL, creds, &ap_req))
goto cleanup;
/*
* find the address of the kpasswd_server.
*/
addr_p = (struct sockaddr *)malloc(sizeof (struct sockaddr));
if (!addr_p)
goto cleanup;
memset(addr_p, 0, sizeof (struct sockaddr));
if ((hp = gethostbyname(params->kpasswd_server)) == NULL) {
code = KRB5_REALM_CANT_RESOLVE;
goto cleanup;
}
sin_p = (struct sockaddr_in *)addr_p;
memset((char *)sin_p, 0, sizeof (struct sockaddr));
sin_p->sin_family = hp->h_addrtype;
sin_p->sin_port = htons(params->kpasswd_port);
memcpy((char *)&sin_p->sin_addr, (char *)hp->h_addr, hp->h_length);
naddr_p = 1;
/*
* this is really obscure. s1 is used for all communications. it
* is left unconnected in case the server is multihomed and routes
* are asymmetric. s2 is connected to resolve routes and get
* addresses. this is the *only* way to get proper addresses for
* multihomed hosts if routing is asymmetric.
*
* A related problem in the server, but not the client, is that
* many os's have no way to disconnect a connected udp socket, so
* the s2 socket needs to be closed and recreated for each
* request. The s1 socket must not be closed, or else queued
* requests will be lost.
*
* A "naive" client implementation (one socket, no connect,
* hostname resolution to get the local ip addr) will work and
* interoperate if the client is single-homed.
*/
if ((s1 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET)
{
code = errno;
goto cleanup;
}
if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET)
{
code = errno;
goto cleanup;
}
for (i = 0; i < naddr_p; i++)
{
fd_set fdset;
struct timeval timeout;
if (connect(s2, &addr_p[i], sizeof (addr_p[i])) ==
SOCKET_ERROR)
{
if ((errno == ECONNREFUSED) ||
(errno == EHOSTUNREACH))
continue; /* try the next addr */
code = errno;
goto cleanup;
}
addrlen = sizeof (local_addr);
if (getsockname(s2, &local_addr, &addrlen) < 0)
{
if ((errno == ECONNREFUSED) ||
(errno == EHOSTUNREACH))
continue; /* try the next addr */
code = errno;
goto cleanup;
}
/*
* some brain-dead OS's don't return useful information from
* the getsockname call. Namely, windows and solaris.
*/
if (((struct sockaddr_in *)&local_addr)->sin_addr.s_addr != 0)
{
local_kaddr.addrtype = ADDRTYPE_INET;
local_kaddr.length = sizeof (((struct sockaddr_in *)
&local_addr)->sin_addr);
local_kaddr.contents = (krb5_octet *)
&(((struct sockaddr_in *)
&local_addr)->sin_addr);
}
else
{
krb5_address **addrs;
krb5_os_localaddr(context, &addrs);
local_kaddr.magic = addrs[0]->magic;
local_kaddr.addrtype = addrs[0]->addrtype;
local_kaddr.length = addrs[0]->length;
local_kaddr.contents = malloc(addrs[0]->length);
memcpy(local_kaddr.contents, addrs[0]->contents,
addrs[0]->length);
krb5_free_addresses(context, addrs);
}
addrlen = sizeof (remote_addr);
if (getpeername(s2, &remote_addr, &addrlen) < 0)
{
if ((errno == ECONNREFUSED) ||
(errno == EHOSTUNREACH))
continue; /* try the next addr */
code = errno;
goto cleanup;
}
remote_kaddr.addrtype = ADDRTYPE_INET;
remote_kaddr.length = sizeof (((struct sockaddr_in *)
&remote_addr)->sin_addr);
remote_kaddr.contents = (krb5_octet *)
&(((struct sockaddr_in *)&remote_addr)->sin_addr);
/*
* mk_priv requires that the local address be set.
* getsockname is used for this. rd_priv requires that the
* remote address be set. recvfrom is used for this. If
* rd_priv is given a local address, and the message has the
* recipient addr in it, this will be checked. However, there
* is simply no way to know ahead of time what address the
* message will be delivered *to*. Therefore, it is important
* that either no recipient address is in the messages when
* mk_priv is called, or that no local address is passed to
* rd_priv. Both is a better idea, and I have done that. In
* summary, when mk_priv is called, *only* a local address is
* specified. when rd_priv is called, *only* a remote address
* is specified. Are we having fun yet?
*/
if (code = krb5_auth_con_setaddrs(context, auth_context,
&local_kaddr, NULL))
{
code = errno;
goto cleanup;
}
if (code = krb5int_mk_chpw_req(context, auth_context,
&ap_req, newpw, &chpw_req))
{
code = errno;
goto cleanup;
}
if ((cc = sendto(s1, chpw_req.data, chpw_req.length, 0,
(struct sockaddr *)&addr_p[i],
sizeof (addr_p[i]))) != chpw_req.length)
{
if ((cc < 0) && ((errno == ECONNREFUSED) ||
(errno == EHOSTUNREACH)))
continue; /* try the next addr */
code = (cc < 0) ? errno : ECONNABORTED;
goto cleanup;
}
chpw_rep.length = 1500;
chpw_rep.data = (char *)malloc(chpw_rep.length);
/* XXX need a timeout/retry loop here */
FD_ZERO(&fdset);
FD_SET(s1, &fdset);
timeout.tv_sec = 120;
timeout.tv_usec = 0;
switch (select(s1 + 1, &fdset, 0, 0, &timeout)) {
case -1:
code = errno;
goto cleanup;
case 0:
code = ETIMEDOUT;
goto cleanup;
default:
/* fall through */
;
}
tmp_len = sizeof (tmp_addr);
if ((cc = recvfrom(s1, chpw_rep.data, chpw_rep.length,
0, &tmp_addr, &tmp_len)) < 0)
{
code = errno;
goto cleanup;
}
closesocket(s1);
s1 = INVALID_SOCKET;
closesocket(s2);
s2 = INVALID_SOCKET;
chpw_rep.length = cc;
if (code = krb5_auth_con_setaddrs(context, auth_context,
NULL, &remote_kaddr))
goto cleanup;
if (code = krb5int_rd_chpw_rep(context, auth_context, &chpw_rep,
&local_result_code, srvr_msg))
goto cleanup;
if (srvr_rsp_code)
*srvr_rsp_code = local_result_code;
code = 0;
goto cleanup;
}
code = errno;
cleanup:
if (auth_context != NULL)
krb5_auth_con_free(context, auth_context);
if (addr_p != NULL)
krb5_xfree(addr_p);
if (s1 != INVALID_SOCKET)
closesocket(s1);
if (s2 != INVALID_SOCKET)
closesocket(s2);
krb5_xfree(chpw_req.data);
krb5_xfree(chpw_rep.data);
krb5_xfree(ap_req.data);
return (code);
}
/*
* kadm5_chpass_principal_v2
*
* New function used to prepare to make the change password request to a
* non-SEAM admin server. The protocol used in this case is not based on
* RPCSEC_GSS, it simply makes the request to port 464 (udp and tcp).
* This is the same way that MIT KRB5 1.2.1 changes passwords.
*/
kadm5_ret_t
kadm5_chpass_principal_v2(void *server_handle,
krb5_principal princ,
char *newpw,
kadm5_ret_t *srvr_rsp_code,
krb5_data *srvr_msg)
{
kadm5_ret_t code;
kadm5_server_handle_t handle = (kadm5_server_handle_t)server_handle;
krb5_error_code result;
krb5_creds mcreds;
krb5_creds ncreds;
krb5_ccache ccache;
int cpwlen;
char *cpw_service = NULL;
/*
* The credentials have already been stored in the cache in the
* initialization step earlier, but we dont have direct access to it
* at this level. Derive the cache and fetch the credentials to use for
* sending the request.
*/
memset(&mcreds, 0, sizeof (krb5_creds));
if ((code = krb5_cc_resolve(handle->context, handle->cache_name,
&ccache)))
return (code);
/* set the client principal in the credential match structure */
mcreds.client = princ;
/*
* set the server principal (kadmin/changepw@REALM) in the credential
* match struct
*/
cpwlen = strlen(KADM5_CHANGEPW_SERVICE) +
strlen(handle->params.realm) + 2;
cpw_service = malloc(cpwlen);
if (cpw_service == NULL) {
return (ENOMEM);
}
snprintf(cpw_service, cpwlen, "%s@%s",
KADM5_CHANGEPW_SERVICE, handle->params.realm);
/* generate the server principal from the name string we generated */
if ((code = krb5_parse_name(handle->context, cpw_service,
&mcreds.server))) {
free(cpw_service);
return (code);
}
/* Find the credentials in the cache */
if ((code = krb5_cc_retrieve_cred(handle->context, ccache, 0, &mcreds,
&ncreds))) {
free(cpw_service);
return (code);
}
/* Now we have all we need to make the change request. */
result = krb5_change_password_local(handle->context, &handle->params,
&ncreds, newpw,
srvr_rsp_code,
srvr_msg);
free(cpw_service);
return (result);
}