/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
** set password functions added by Paul W. Nelson, Thursby Software Systems, Inc.
*/
#include <string.h>
#include "k5-int.h"
#include "auth_con.h"
char *passwd,
{
char *ptr;
goto cleanup;
goto cleanup;
goto cleanup;
}
/* length */
ptr += 2;
/* version == 0x0001 big-endian */
*ptr++ = 0;
*ptr++ = 1;
/* ap_req length, big-endian */
ptr += 2;
/* ap-req data */
/* krb-priv of password */
return(ret);
}
{
char *ptr;
/* either this, or the server is printing bad messages,
or the caller passed in garbage */
return(KRB5KRB_AP_ERR_MODIFIED);
/* verify length */
/*
* MS KDCs *may* send back a KRB_ERROR. Although
* not 100% correct via RFC3244, it's something
* we can workaround here.
*/
if (krb5_is_krb_error(packet)) {
return(ret);
else
return(ret);
} else {
return(KRB5KRB_AP_ERR_MODIFIED);
}
}
/* verify version number */
if (vno != 1)
return(KRB5KDC_ERR_BAD_PVNO);
/* read, check ap-rep length */
return(KRB5KRB_AP_ERR_MODIFIED);
/* verify ap_rep */
/*
* Save send_subkey to later smash recv_subkey.
*/
if (ret)
return ret;
if (ret) {
return(ret);
}
/* extract and decrypt the result */
/*
* Smash recv_subkey to be send_subkey, per spec.
*/
if (ret)
return ret;
&replay);
if (ret)
return(ret);
} else {
return(ret);
}
goto cleanup;
}
if ((*result_code < KRB5_KPASSWD_SUCCESS) ||
goto cleanup;
}
/* all success replies should be authenticated/encrypted */
goto cleanup;
}
if (result_data->length) {
goto cleanup;
}
} else {
}
ret = 0;
} else {
}
return(ret);
}
char **code_string)
{
switch (result_code) {
case KRB5_KPASSWD_MALFORMED:
*code_string = "Malformed request error";
break;
case KRB5_KPASSWD_HARDERROR:
*code_string = "Server error";
break;
case KRB5_KPASSWD_AUTHERROR:
*code_string = "Authentication error";
break;
case KRB5_KPASSWD_SOFTERROR:
*code_string = "Password change rejected";
break;
default:
*code_string = "Password change failed";
break;
}
return(0);
}
char *passwd,
{
char *ptr;
return(ret);
if (ret) {
return ret;
}
return(ret);
}
goto cleanup;
}
/*
** build the packet -
*/
/* put in the length */
ptr += 2;
/* put in the version */
*ptr++ = (char)0xff;
*ptr++ = (char)0x80;
/* the ap_req length is big endian */
ptr += 2;
/* put in the request data */
/*
** put in the "private" password data -
*/
ret = 0;
}
return ret;
}
{
char *ptr;
/*
** validate the packet length -
*/
return(KRB5KRB_AP_ERR_MODIFIED);
/*
** see if it is an error
*/
if (krb5_is_krb_error(packet)) {
return(ret);
return (ret);
}
} else { /* Not an error*/
/*
** validate the message length -
** length is big endian
*/
ptr += 2;
/*
** make sure the message length and packet length agree -
*/
return(KRB5KRB_AP_ERR_MODIFIED);
/*
** get the version number -
*/
ptr += 2;
/*
** make sure we support the version returned -
*/
/*
** set password version is 0xff80, change password version is 1
*/
return(KRB5KDC_ERR_BAD_PVNO);
/*
** now fill in ap_rep with the reply -
*/
/*
** get the reply length -
*/
ptr += 2;
/*
** validate ap_rep length agrees with the packet length -
*/
return(KRB5KRB_AP_ERR_MODIFIED);
/*
** if data was returned, set the ap_rep ptr -
*/
/*
* Save send_subkey to later smash recv_subkey.
*/
if (ret)
return ret;
if (ret) {
return(ret);
}
/*
** now decrypt the result -
*/
/*
* Smash recv_subkey to be send_subkey, per spec.
*/
if (ret)
return ret;
NULL);
if (ret)
return(ret);
} /*We got an ap_rep*/
else
return (KRB5KRB_AP_ERR_MODIFIED);
} /*Response instead of error*/
/*
** validate the cleartext length
*/
goto cleanup;
}
/*
** now decode the result -
*/
ptr += 2;
/*
** result code 5 is access denied
*/
goto cleanup;
}
/*
** all success replies should be authenticated/encrypted
*/
goto cleanup;
}
if (result_data) {
if (result_data->length) {
if (result_data->data)
} else
}
ret = 0;
return(ret);
}
const char **code_string)
{
switch (result_code) {
case KRB5_KPASSWD_MALFORMED:
*code_string = "Malformed request error";
break;
case KRB5_KPASSWD_HARDERROR:
*code_string = "Server error";
break;
case KRB5_KPASSWD_AUTHERROR:
*code_string = "Authentication error";
break;
case KRB5_KPASSWD_SOFTERROR:
*code_string = "Password change rejected";
break;
case 5: /* access denied */
*code_string = "Access denied";
break;
case 6: /* bad version */
*code_string = "Wrong protocol version";
break;
case 7: /* initial flag is needed */
*code_string = "Initial password required";
break;
case 0:
*code_string = "Success";
break;
default:
*code_string = "Password change failed";
break;
}
return(0);
}