1 /* $NetBSD: krb5_passwd.c,v 1.18 2009/04/18 09:04:34 mlelstv Exp $ */
4 * Copyright (c) 2000, 2005 The NetBSD Foundation, Inc.
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Johan Danielsson; and by Jason R. Thorpe.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
33 /* uses the `Kerberos Change Password Protocol' */
43 #include <openssl/ui.h>
51 pwkrb5_usage(const char *prefix
)
54 (void) fprintf(stderr
, "%s %s [-d krb5 | -k] [principal]\n",
55 prefix
, getprogname());
59 pwkrb5_argv0_usage(const char *prefix
)
62 (void) fprintf(stderr
, "%s %s [principal]\n",
63 prefix
, getprogname());
67 pwkrb5_process(const char *username
, int argc
, char **argv
)
71 krb5_get_init_creds_opt opt
;
72 krb5_principal principal
;
75 krb5_data result_code_string
, result_string
;
79 while ((ch
= getopt(argc
, argv
, "5ku:")) != -1) {
83 * Compatibility option that historically
84 * specified to use Kerberos 5. Silently
91 * Absorb the -k that may have gotten us here.
97 * Historical option to specify principal.
113 /* username already provided */
116 /* overrides -u <principal> */
124 ret
= krb5_init_context(&context
);
127 errx(1, "Kerberos 5 not in use.");
128 warnx("Unable to initialize Kerberos 5: %s",
129 krb5_get_err_text(context
, ret
));
133 krb5_get_init_creds_opt_init(&opt
);
135 krb5_get_init_creds_opt_set_tkt_life(&opt
, 300L);
136 krb5_get_init_creds_opt_set_forwardable(&opt
, FALSE
);
137 krb5_get_init_creds_opt_set_proxiable(&opt
, FALSE
);
139 ret
= krb5_parse_name(context
, username
, &principal
);
141 warnx("failed to parse principal: %s",
142 krb5_get_err_text(context
, ret
));
146 ret
= krb5_get_init_creds_password(context
,
161 case KRB5_LIBOS_PWDINTR
:
165 case KRB5KRB_AP_ERR_BAD_INTEGRITY
:
166 case KRB5KRB_AP_ERR_MODIFIED
:
167 fprintf(stderr
, "Password incorrect\n");
171 warnx("failed to get credentials: %s",
172 krb5_get_err_text(context
, ret
));
176 krb5_data_zero(&result_code_string
);
177 krb5_data_zero(&result_string
);
179 /* XXX use getpass? It has a broken interface. */
180 if (UI_UTIL_read_pw_string(pwbuf
, sizeof(pwbuf
),
181 "New password: ", 1) != 0)
184 ret
= krb5_set_password(context
, &cred
, pwbuf
, NULL
,
189 warnx("unable to set password: %s",
190 krb5_get_err_text(context
, ret
));
195 krb5_passwd_result_to_string(context
, result_code
),
196 result_string
.length
> 0 ? " : " : "",
197 (int)result_string
.length
,
198 result_string
.length
> 0 ? (char *)result_string
.data
: "");
200 krb5_data_free(&result_code_string
);
201 krb5_data_free(&result_string
);
203 krb5_free_cred_contents(context
, &cred
);
204 krb5_free_context(context
);
210 krb5_free_context(context
);
214 #else /* ! USE_PAM */
216 static krb5_context defcontext
;
217 static krb5_principal defprinc
;
218 static int kusage
= PW_USE
;
221 krb5_init(const char *progname
)
223 return krb5_init_context(&defcontext
);
227 krb5_arg (char ch
, const char *opt
)
233 kusage
= PW_USE_FORCE
;
236 ret
= krb5_parse_name(defcontext
, opt
, &defprinc
);
238 krb5_warn(defcontext
, ret
, "%s", opt
);
255 if (defcontext
== NULL
)
258 krb5_free_principal(defcontext
, defprinc
);
259 krb5_free_context(defcontext
);
264 krb5_chpw(const char *username
)
267 krb5_context context
;
268 krb5_principal principal
;
269 krb5_get_init_creds_opt opt
;
272 krb5_data result_code_string
, result_string
;
275 ret
= krb5_init_context (&context
);
277 warnx("failed kerberos initialisation: %s",
278 krb5_get_err_text(context
, ret
));
282 krb5_get_init_creds_opt_init (&opt
);
284 krb5_get_init_creds_opt_set_tkt_life (&opt
, 300);
285 krb5_get_init_creds_opt_set_forwardable (&opt
, FALSE
);
286 krb5_get_init_creds_opt_set_proxiable (&opt
, FALSE
);
288 if(username
!= NULL
) {
289 ret
= krb5_parse_name (context
, username
, &principal
);
291 warnx("failed to parse principal: %s",
292 krb5_get_err_text(context
, ret
));
296 principal
= defprinc
;
298 ret
= krb5_get_init_creds_password (context
,
311 case KRB5_LIBOS_PWDINTR
:
314 case KRB5KRB_AP_ERR_BAD_INTEGRITY
:
315 case KRB5KRB_AP_ERR_MODIFIED
:
316 fprintf(stderr
, "Password incorrect\n");
320 warnx("failed to get credentials: %s",
321 krb5_get_err_text(context
, ret
));
324 krb5_data_zero (&result_code_string
);
325 krb5_data_zero (&result_string
);
327 /* XXX use getpass? It has a broken interface. */
328 if(UI_UTIL_read_pw_string(pwbuf
, sizeof(pwbuf
), "New password: ", 1) != 0)
331 ret
= krb5_set_password (context
, &cred
, pwbuf
, NULL
,
336 krb5_err (context
, 1, ret
, "krb5_set_password");
338 printf ("%s%s%.*s\n", krb5_passwd_result_to_string(context
, result_code
),
339 result_string
.length
> 0 ? " : " : "",
340 (int)result_string
.length
,
341 result_string
.length
> 0 ? (char *)result_string
.data
: "");
343 krb5_data_free (&result_code_string
);
344 krb5_data_free (&result_string
);
346 krb5_free_cred_contents (context
, &cred
);
347 krb5_free_context (context
);