chgpwd.c revision 46736d35df047bb400483364f76bfcb08cdcbb25
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright 1998 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
/*
* chgpwd.c - Handles changepw requests issued from non-Solaris krb5 clients.
*/
#include <libintl.h>
#include <locale.h>
#include <syslog.h>
#include <krb5/adm_proto.h>
#define MAXAPREQ 1500
static krb5_error_code
{
char *ptr;
int allocated_mem = 0;
int addrlen;
int numresult;
char strresult[1024];
char *clientstr;
char *cdots;
ret = 0;
auth_context = NULL;
/*
* either this, or the server is printing bad messages,
* or the caller passed in garbage
*/
sizeof (strresult));
goto chpwfail;
}
/*
* Verify length
*/
return (KRB5KRB_AP_ERR_MODIFIED);
/*
* Verify version number
*/
if (vno != 1) {
"Request contained unknown protocol version number %d",
vno);
goto chpwfail;
}
/*
* Read, check ap-req length
*/
sizeof (strresult));
goto chpwfail;
}
/*
* Verify ap_req
*/
gettext("Change password request failed. "
"Failed initializing auth context: %s"),
error_message(ret));
sizeof (strresult));
goto chpwfail;
}
gettext("Change password request failed. "
"Failed setting auth "
"context flags: %s"),
error_message(ret));
sizeof (strresult));
goto chpwfail;
}
gettext("Change password request failed "
"principal: %s"),
error_message(ret));
sizeof (strresult));
goto chpwfail;
}
if (ret) {
char kt_name[MAX_KEYTAB_NAME_LEN];
switch (ret) {
case KRB5_KT_NOTFOUND:
gettext("Change password request failed because "
"is missing from \"%s\""),
kt_name);
break;
case ENOENT:
gettext("Change password request failed because "
"keytab file \"%s\" does not exist"),
kt_name);
break;
default:
gettext("Change password request failed. "
"Failed to parse Kerberos AP_REQ message: %s"),
error_message(ret));
}
sizeof (strresult));
goto chpwfail;
}
/*
* Set up address info
*/
addrlen = sizeof (local_addr);
"Failed getting server internet address",
sizeof (strresult));
goto chpwfail;
}
/*
* Some brain-dead OS's don't return useful information from
* the getsockname call. Namely, windows and solaris.
*/
&local_addr)->sin_addr);
/* CSTYLED */
} else {
"Malloc failed for local_kaddr",
sizeof (strresult));
goto chpwfail;
}
}
addrlen = sizeof (remote_addr);
"Failed getting client internet address",
sizeof (strresult));
goto chpwfail;
}
&remote_addr)->sin_addr);
/* CSTYLED */
/*
* mk_priv requires that the local address be set.
* getsockname is used for this. rd_priv requires that the
* remote address be set. recvfrom is used for this. If
* rd_priv is given a local address, and the message has the
* recipient addr in it, this will be checked. However, there
* is simply no way to know ahead of time what address the
* message will be delivered *to*. Therefore, it is important
* that either no recipient address is in the messages when
* mk_priv is called, or that no local address is passed to
* rd_priv. Both is a better idea, and I have done that. In
* summary, when mk_priv is called, *only* a local address is
* specified. when rd_priv is called, *only* a remote address
* is specified. Are we having fun yet?
*/
&remote_kaddr)) {
"Failed storing client internet address",
sizeof (strresult));
goto chpwfail;
}
/*
* Verify that this is an AS_REQ ticket
*/
"Ticket must be derived from a password",
sizeof (strresult));
goto chpwfail;
}
/*
* Construct the ap-rep
*/
"Failed replying to application request",
sizeof (strresult));
goto chpwfail;
}
/*
* Decrypt the new password
*/
sizeof (strresult));
goto chpwfail;
}
if (ret) {
goto chpwfail;
}
/*
* Change the password
*/
sizeof (strresult));
goto chpwfail;
}
sizeof (strresult));
/*
* Zap the password
*/
}
if (ret) {
if ((ret != KADM5_PASS_Q_TOOSHORT) &&
(ret != KADM5_PASS_REUSE) &&
(ret != KADM5_PASS_Q_CLASS) &&
(ret != KADM5_PASS_Q_DICT) &&
(ret != KADM5_PASS_TOOSOON))
else
/*
* strresult set by kadb5_chpass_principal_util()
*/
goto chpwfail;
}
/*
* Success!
*/
}
sizeof (strresult));
}
&local_kaddr, NULL)) {
"Failed storing client and server internet addresses",
sizeof (strresult));
} else {
"Failed encrypting reply",
sizeof (strresult));
}
}
}
/*
* If no KRB-PRIV was constructed, then we need a KRB-ERROR.
* If this fails, just bail. There's nothing else we can do.
*/
/*
* Clear out ap_rep now, so that it won't be inserted
* in the reply
*/
}
goto bailout;
/*
* This is really icky. but it's what all the other callers
* to mk_error do.
*/
goto bailout;
}
if (ret)
goto bailout;
}
/*
* Construct the reply
*/
goto bailout;
}
/*
* Length
*/
/*
* Version == 0x0001 big-endian
*/
*ptr++ = 0;
*ptr++ = 1;
/*
* ap_rep length, big-endian
*/
/*
* ap-rep data
*/
}
/*
* krb-priv or krb-error
*/
if (auth_context)
if (changepw)
if (ticket)
if (allocated_mem)
return (ret);
}
/*
* This routine is used to handle password-change requests received
* on kpasswd-port 464 from MIT/M$ clients.
*/
void
{
int len;
struct sockaddr_in from;
int fromlen;
int s2 = -1;
&fromlen)) < 0) {
return;
}
return;
}
/*
* This is really obscure. s1 is used for all communications. it
* is left unconnected in case the server is multihomed and routes
* are asymmetric. s2 is connected to resolve routes and get
* addresses. this is the *only* way to get proper addresses for
* multihomed hosts if routing is asymmetric.
*
* A related problem in the server, but not the client, is that
* many os's have no way to disconnect a connected udp socket, so
* the s2 socket needs to be closed and recreated for each
* request. The s1 socket must not be closed, or else queued
* requests will be lost.
*
* A "naive" client implementation (one socket, no connect,
* hostname resolution to get the local ip addr) will work and
* interoperate if the client is single-homed.
*/
goto cleanup;
}
if (s2 > 0)
goto cleanup;
}
}
if (s2 > 0)
/*
* Just return. This means something really bad happened
*/
goto cleanup;
}
goto cleanup;
}
}