search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / krb5 / changepw.c
blobda515411cf9d09d1bfd2eb9ea8b12f44fee84fce
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include <krb5_locl.h>
35
36 __RCSID("$Heimdal: changepw.c 21505 2007-07-12 12:28:38Z lha $"
37 "$NetBSD$");
38
39 static void
40 str2data (krb5_data *d,
41 const char *fmt,
42 ...) __attribute__ ((format (printf, 2, 3)));
43
44 static void
45 str2data (krb5_data *d,
46 const char *fmt,
47 ...)
48 {
49 va_list args;
50 char *str;
51
52 va_start(args, fmt);
53 d->length = vasprintf (&str, fmt, args);
54 va_end(args);
55 d->data = str;
56 }
57
58 /*
59 * Change password protocol defined by
60 * draft-ietf-cat-kerb-chg-password-02.txt
61 *
62 * Share the response part of the protocol with MS set password
63 * (RFC3244)
64 */
65
66 static krb5_error_code
67 chgpw_send_request (krb5_context context,
68 krb5_auth_context *auth_context,
69 krb5_creds *creds,
70 krb5_principal targprinc,
71 int is_stream,
72 int sock,
73 const char *passwd,
74 const char *host)
75 {
76 krb5_error_code ret;
77 krb5_data ap_req_data;
78 krb5_data krb_priv_data;
79 krb5_data passwd_data;
80 size_t len;
81 u_char header[6];
82 u_char *p;
83 struct iovec iov[3];
84 struct msghdr msghdr;
85
86 if (is_stream)
87 return KRB5_KPASSWD_MALFORMED;
88
89 if (targprinc &&
90 krb5_principal_compare(context, creds->client, targprinc) != TRUE)
91 return KRB5_KPASSWD_MALFORMED;
92
93 krb5_data_zero (&ap_req_data);
94
95 ret = krb5_mk_req_extended (context,
96 auth_context,
97 AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
98 NULL, /* in_data */
99 creds,
100 &ap_req_data);
101 if (ret)
102 return ret;
103
104 passwd_data.data = rk_UNCONST(passwd);
105 passwd_data.length = strlen(passwd);
106
107 krb5_data_zero (&krb_priv_data);
108
109 ret = krb5_mk_priv (context,
110 *auth_context,
111 &passwd_data,
112 &krb_priv_data,
113 NULL);
114 if (ret)
115 goto out2;
116
117 len = 6 + ap_req_data.length + krb_priv_data.length;
118 p = header;
119 *p++ = (len >> 8) & 0xFF;
120 *p++ = (len >> 0) & 0xFF;
121 *p++ = 0;
122 *p++ = 1;
123 *p++ = (ap_req_data.length >> 8) & 0xFF;
124 *p++ = (ap_req_data.length >> 0) & 0xFF;
125
126 memset(&msghdr, 0, sizeof(msghdr));
127 msghdr.msg_name = NULL;
128 msghdr.msg_namelen = 0;
129 msghdr.msg_iov = iov;
130 msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
131 #if 0
132 msghdr.msg_control = NULL;
133 msghdr.msg_controllen = 0;
134 #endif
135
136 iov[0].iov_base = (void*)header;
137 iov[0].iov_len = 6;
138 iov[1].iov_base = ap_req_data.data;
139 iov[1].iov_len = ap_req_data.length;
140 iov[2].iov_base = krb_priv_data.data;
141 iov[2].iov_len = krb_priv_data.length;
142
143 if (sendmsg (sock, &msghdr, 0) < 0) {
144 ret = errno;
145 krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
146 }
147
148 krb5_data_free (&krb_priv_data);
149 out2:
150 krb5_data_free (&ap_req_data);
151 return ret;
152 }
153
154 /*
155 * Set password protocol as defined by RFC3244 --
156 * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
157 */
158
159 static krb5_error_code
160 setpw_send_request (krb5_context context,
161 krb5_auth_context *auth_context,
162 krb5_creds *creds,
163 krb5_principal targprinc,
164 int is_stream,
165 int sock,
166 const char *passwd,
167 const char *host)
168 {
169 krb5_error_code ret;
170 krb5_data ap_req_data;
171 krb5_data krb_priv_data;
172 krb5_data pwd_data;
173 ChangePasswdDataMS chpw;
174 size_t len;
175 u_char header[4 + 6];
176 u_char *p;
177 struct iovec iov[3];
178 struct msghdr msghdr;
179
180 krb5_data_zero (&ap_req_data);
181
182 ret = krb5_mk_req_extended (context,
183 auth_context,
184 AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
185 NULL, /* in_data */
186 creds,
187 &ap_req_data);
188 if (ret)
189 return ret;
190
191 chpw.newpasswd.length = strlen(passwd);
192 chpw.newpasswd.data = rk_UNCONST(passwd);
193 if (targprinc) {
194 chpw.targname = &targprinc->name;
195 chpw.targrealm = &targprinc->realm;
196 } else {
197 chpw.targname = NULL;
198 chpw.targrealm = NULL;
199 }
200
201 ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
202 &chpw, &len, ret);
203 if (ret) {
204 krb5_data_free (&ap_req_data);
205 return ret;
206 }
207
208 if(pwd_data.length != len)
209 krb5_abortx(context, "internal error in ASN.1 encoder");
210
211 ret = krb5_mk_priv (context,
212 *auth_context,
213 &pwd_data,
214 &krb_priv_data,
215 NULL);
216 if (ret)
217 goto out2;
218
219 len = 6 + ap_req_data.length + krb_priv_data.length;
220 p = header;
221 if (is_stream) {
222 _krb5_put_int(p, len, 4);
223 p += 4;
224 }
225 *p++ = (len >> 8) & 0xFF;
226 *p++ = (len >> 0) & 0xFF;
227 *p++ = 0xff;
228 *p++ = 0x80;
229 *p++ = (ap_req_data.length >> 8) & 0xFF;
230 *p++ = (ap_req_data.length >> 0) & 0xFF;
231
232 memset(&msghdr, 0, sizeof(msghdr));
233 msghdr.msg_name = NULL;
234 msghdr.msg_namelen = 0;
235 msghdr.msg_iov = iov;
236 msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
237 #if 0
238 msghdr.msg_control = NULL;
239 msghdr.msg_controllen = 0;
240 #endif
241
242 iov[0].iov_base = (void*)header;
243 if (is_stream)
244 iov[0].iov_len = 10;
245 else
246 iov[0].iov_len = 6;
247 iov[1].iov_base = ap_req_data.data;
248 iov[1].iov_len = ap_req_data.length;
249 iov[2].iov_base = krb_priv_data.data;
250 iov[2].iov_len = krb_priv_data.length;
251
252 if (sendmsg (sock, &msghdr, 0) < 0) {
253 ret = errno;
254 krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
255 }
256
257 krb5_data_free (&krb_priv_data);
258 out2:
259 krb5_data_free (&ap_req_data);
260 krb5_data_free (&pwd_data);
261 return ret;
262 }
263
264 static krb5_error_code
265 process_reply (krb5_context context,
266 krb5_auth_context auth_context,
267 int is_stream,
268 int sock,
269 int *result_code,
270 krb5_data *result_code_string,
271 krb5_data *result_string,
272 const char *host)
273 {
274 krb5_error_code ret;
275 u_char reply[1024 * 3];
276 ssize_t len;
277 uint16_t pkt_len, pkt_ver;
278 krb5_data ap_rep_data;
279 int save_errno;
280
281 len = 0;
282 if (is_stream) {
283 while (len < sizeof(reply)) {
284 unsigned long size;
285
286 ret = recvfrom (sock, reply + len, sizeof(reply) - len,
287 0, NULL, NULL);
288 if (ret < 0) {
289 save_errno = errno;
290 krb5_set_error_string(context, "recvfrom %s: %s",
291 host, strerror(save_errno));
292 return save_errno;
293 } else if (ret == 0) {
294 krb5_set_error_string(context, "recvfrom timeout %s", host);
295 return 1;
296 }
297 len += ret;
298 if (len < 4)
299 continue;
300 _krb5_get_int(reply, &size, 4);
301 if (size + 4 < len)
302 continue;
303 memmove(reply, reply + 4, size);
304 len = size;
305 break;
306 }
307 if (len == sizeof(reply)) {
308 krb5_set_error_string(context, "message too large from %s",
309 host);
310 return ENOMEM;
311 }
312 } else {
313 ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
314 if (ret < 0) {
315 save_errno = errno;
316 krb5_set_error_string(context, "recvfrom %s: %s",
317 host, strerror(save_errno));
318 return save_errno;
319 }
320 len = ret;
321 }
322
323 if (len < 6) {
324 str2data (result_string, "server %s sent to too short message "
325 "(%ld bytes)", host, (long)len);
326 *result_code = KRB5_KPASSWD_MALFORMED;
327 return 0;
328 }
329
330 pkt_len = (reply[0] << 8) | (reply[1]);
331 pkt_ver = (reply[2] << 8) | (reply[3]);
332
333 if ((pkt_len != len) || (reply[1] == 0x7e || reply[1] == 0x5e)) {
334 KRB_ERROR error;
335 size_t size;
336 u_char *p;
337
338 memset(&error, 0, sizeof(error));
339
340 ret = decode_KRB_ERROR(reply, len, &error, &size);
341 if (ret)
342 return ret;
343
344 if (error.e_data->length < 2) {
345 str2data(result_string, "server %s sent too short "
346 "e_data to print anything usable", host);
347 free_KRB_ERROR(&error);
348 *result_code = KRB5_KPASSWD_MALFORMED;
349 return 0;
350 }
351
352 p = error.e_data->data;
353 *result_code = (p[0] << 8) | p[1];
354 if (error.e_data->length == 2)
355 str2data(result_string, "server only sent error code");
356 else
357 krb5_data_copy (result_string,
358 p + 2,
359 error.e_data->length - 2);
360 free_KRB_ERROR(&error);
361 return 0;
362 }
363
364 if (pkt_len != len) {
365 str2data (result_string, "client: wrong len in reply");
366 *result_code = KRB5_KPASSWD_MALFORMED;
367 return 0;
368 }
369 if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
370 str2data (result_string,
371 "client: wrong version number (%d)", pkt_ver);
372 *result_code = KRB5_KPASSWD_MALFORMED;
373 return 0;
374 }
375
376 ap_rep_data.data = reply + 6;
377 ap_rep_data.length = (reply[4] << 8) | (reply[5]);
378
379 if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) {
380 str2data (result_string, "client: wrong AP len in reply");
381 *result_code = KRB5_KPASSWD_MALFORMED;
382 return 0;
383 }
384
385 if (ap_rep_data.length) {
386 krb5_ap_rep_enc_part *ap_rep;
387 krb5_data priv_data;
388 u_char *p;
389
390 priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
391 priv_data.length = len - ap_rep_data.length - 6;
392
393 ret = krb5_rd_rep (context,
394 auth_context,
395 &ap_rep_data,
396 &ap_rep);
397 if (ret)
398 return ret;
399
400 krb5_free_ap_rep_enc_part (context, ap_rep);
401
402 ret = krb5_rd_priv (context,
403 auth_context,
404 &priv_data,
405 result_code_string,
406 NULL);
407 if (ret) {
408 krb5_data_free (result_code_string);
409 return ret;
410 }
411
412 if (result_code_string->length < 2) {
413 *result_code = KRB5_KPASSWD_MALFORMED;
414 str2data (result_string,
415 "client: bad length in result");
416 return 0;
417 }
418
419 p = result_code_string->data;
420
421 *result_code = (p[0] << 8) | p[1];
422 krb5_data_copy (result_string,
423 (unsigned char*)result_code_string->data + 2,
424 result_code_string->length - 2);
425 return 0;
426 } else {
427 KRB_ERROR error;
428 size_t size;
429 u_char *p;
430
431 ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
432 if (ret) {
433 return ret;
434 }
435 if (error.e_data->length < 2) {
436 krb5_warnx (context, "too short e_data to print anything usable");
437 return 1; /* XXX */
438 }
439
440 p = error.e_data->data;
441 *result_code = (p[0] << 8) | p[1];
442 krb5_data_copy (result_string,
443 p + 2,
444 error.e_data->length - 2);
445 return 0;
446 }
447 }
448
449
450 /*
451 * change the password using the credentials in `creds' (for the
452 * principal indicated in them) to `newpw', storing the result of
453 * the operation in `result_*' and an error code or 0.
454 */
455
456 typedef krb5_error_code (*kpwd_send_request) (krb5_context,
457 krb5_auth_context *,
458 krb5_creds *,
459 krb5_principal,
460 int,
461 int,
462 const char *,
463 const char *);
464 typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
465 krb5_auth_context,
466 int,
467 int,
468 int *,
469 krb5_data *,
470 krb5_data *,
471 const char *);
472
473 static struct kpwd_proc {
474 const char *name;
475 int flags;
476 #define SUPPORT_TCP 1
477 #define SUPPORT_UDP 2
478 kpwd_send_request send_req;
479 kpwd_process_reply process_rep;
480 } procs[] = {
481 {
482 "MS set password",
483 SUPPORT_TCP|SUPPORT_UDP,
484 setpw_send_request,
485 process_reply
486 },
487 {
488 "change password",
489 SUPPORT_UDP,
490 chgpw_send_request,
491 process_reply
492 },
493 { NULL }
494 };
495
496 static struct kpwd_proc *
497 find_chpw_proto(const char *name)
498 {
499 struct kpwd_proc *p;
500 for (p = procs; p->name != NULL; p++) {
501 if (strcmp(p->name, name) == 0)
502 return p;
503 }
504 return NULL;
505 }
506
507 /*
508 *
509 */
510
511 static krb5_error_code
512 change_password_loop (krb5_context context,
513 krb5_creds *creds,
514 krb5_principal targprinc,
515 const char *newpw,
516 int *result_code,
517 krb5_data *result_code_string,
518 krb5_data *result_string,
519 struct kpwd_proc *proc)
520 {
521 krb5_error_code ret;
522 krb5_auth_context auth_context = NULL;
523 krb5_krbhst_handle handle = NULL;
524 krb5_krbhst_info *hi;
525 int sock;
526 int i;
527 int done = 0;
528 krb5_realm realm;
529
530 if (targprinc)
531 realm = targprinc->realm;
532 else
533 realm = creds->client->realm;
534
535 ret = krb5_auth_con_init (context, &auth_context);
536 if (ret)
537 return ret;
538
539 krb5_auth_con_setflags (context, auth_context,
540 KRB5_AUTH_CONTEXT_DO_SEQUENCE);
541
542 ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle);
543 if (ret)
544 goto out;
545
546 while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) {
547 struct addrinfo *ai, *a;
548 int is_stream;
549
550 switch (hi->proto) {
551 case KRB5_KRBHST_UDP:
552 if ((proc->flags & SUPPORT_UDP) == 0)
553 continue;
554 is_stream = 0;
555 break;
556 case KRB5_KRBHST_TCP:
557 if ((proc->flags & SUPPORT_TCP) == 0)
558 continue;
559 is_stream = 1;
560 break;
561 default:
562 continue;
563 }
564
565 ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
566 if (ret)
567 continue;
568
569 for (a = ai; !done && a != NULL; a = a->ai_next) {
570 int replied = 0;
571
572 sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
573 if (sock < 0)
574 continue;
575
576 ret = connect(sock, a->ai_addr, a->ai_addrlen);
577 if (ret < 0) {
578 close (sock);
579 goto out;
580 }
581
582 ret = krb5_auth_con_genaddrs (context, auth_context, sock,
583 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
584 if (ret) {
585 close (sock);
586 goto out;
587 }
588
589 for (i = 0; !done && i < 5; ++i) {
590 fd_set fdset;
591 struct timeval tv;
592
593 if (!replied) {
594 replied = 0;
595
596 ret = (*proc->send_req) (context,
597 &auth_context,
598 creds,
599 targprinc,
600 is_stream,
601 sock,
602 newpw,
603 hi->hostname);
604 if (ret) {
605 close(sock);
606 goto out;
607 }
608 }
609
610 if (sock >= FD_SETSIZE) {
611 krb5_set_error_string(context, "fd %d too large", sock);
612 ret = ERANGE;
613 close (sock);
614 goto out;
615 }
616
617 FD_ZERO(&fdset);
618 FD_SET(sock, &fdset);
619 tv.tv_usec = 0;
620 tv.tv_sec = 1 + (1 << i);
621
622 ret = select (sock + 1, &fdset, NULL, NULL, &tv);
623 if (ret < 0 && errno != EINTR) {
624 close(sock);
625 goto out;
626 }
627 if (ret == 1) {
628 ret = (*proc->process_rep) (context,
629 auth_context,
630 is_stream,
631 sock,
632 result_code,
633 result_code_string,
634 result_string,
635 hi->hostname);
636 if (ret == 0)
637 done = 1;
638 else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
639 replied = 1;
640 } else {
641 ret = KRB5_KDC_UNREACH;
642 }
643 }
644 close (sock);
645 }
646 }
647
648 out:
649 krb5_krbhst_free (context, handle);
650 krb5_auth_con_free (context, auth_context);
651 if (done)
652 return 0;
653 else {
654 if (ret == KRB5_KDC_UNREACH) {
655 krb5_set_error_string(context,
656 "unable to reach any changepw server "
657 " in realm %s", realm);
658 *result_code = KRB5_KPASSWD_HARDERROR;
659 }
660 return ret;
661 }
662 }
663
664
665 /*
666 * change the password using the credentials in `creds' (for the
667 * principal indicated in them) to `newpw', storing the result of
668 * the operation in `result_*' and an error code or 0.
669 */
670
671 krb5_error_code KRB5_LIB_FUNCTION
672 krb5_change_password (krb5_context context,
673 krb5_creds *creds,
674 const char *newpw,
675 int *result_code,
676 krb5_data *result_code_string,
677 krb5_data *result_string)
678 {
679 struct kpwd_proc *p = find_chpw_proto("change password");
680
681 *result_code = KRB5_KPASSWD_MALFORMED;
682 result_code_string->data = result_string->data = NULL;
683 result_code_string->length = result_string->length = 0;
684
685 if (p == NULL)
686 return KRB5_KPASSWD_MALFORMED;
687
688 return change_password_loop(context, creds, NULL, newpw,
689 result_code, result_code_string,
690 result_string, p);
691 }
692
693 /*
694 *
695 */
696
697 krb5_error_code KRB5_LIB_FUNCTION
698 krb5_set_password(krb5_context context,
699 krb5_creds *creds,
700 const char *newpw,
701 krb5_principal targprinc,
702 int *result_code,
703 krb5_data *result_code_string,
704 krb5_data *result_string)
705 {
706 krb5_principal principal = NULL;
707 krb5_error_code ret = 0;
708 int i;
709
710 *result_code = KRB5_KPASSWD_MALFORMED;
711 result_code_string->data = result_string->data = NULL;
712 result_code_string->length = result_string->length = 0;
713
714 if (targprinc == NULL) {
715 ret = krb5_get_default_principal(context, &principal);
716 if (ret)
717 return ret;
718 } else
719 principal = targprinc;
720
721 for (i = 0; procs[i].name != NULL; i++) {
722 *result_code = 0;
723 ret = change_password_loop(context, creds, principal, newpw,
724 result_code, result_code_string,
725 result_string,
726 &procs[i]);
727 if (ret == 0 && *result_code == 0)
728 break;
729 }
730
731 if (targprinc == NULL)
732 krb5_free_principal(context, principal);
733 return ret;
734 }
735
736 /*
737 *
738 */
739
740 krb5_error_code KRB5_LIB_FUNCTION
741 krb5_set_password_using_ccache(krb5_context context,
742 krb5_ccache ccache,
743 const char *newpw,
744 krb5_principal targprinc,
745 int *result_code,
746 krb5_data *result_code_string,
747 krb5_data *result_string)
748 {
749 krb5_creds creds, *credsp;
750 krb5_error_code ret;
751 krb5_principal principal = NULL;
752
753 *result_code = KRB5_KPASSWD_MALFORMED;
754 result_code_string->data = result_string->data = NULL;
755 result_code_string->length = result_string->length = 0;
756
757 memset(&creds, 0, sizeof(creds));
758
759 if (targprinc == NULL) {
760 ret = krb5_cc_get_principal(context, ccache, &principal);
761 if (ret)
762 return ret;
763 } else
764 principal = targprinc;
765
766 ret = krb5_make_principal(context, &creds.server,
767 krb5_principal_get_realm(context, principal),
768 "kadmin", "changepw", NULL);
769 if (ret)
770 goto out;
771
772 ret = krb5_cc_get_principal(context, ccache, &creds.client);
773 if (ret) {
774 krb5_free_principal(context, creds.server);
775 goto out;
776 }
777
778 ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
779 krb5_free_principal(context, creds.server);
780 krb5_free_principal(context, creds.client);
781 if (ret)
782 goto out;
783
784 ret = krb5_set_password(context,
785 credsp,
786 newpw,
787 principal,
788 result_code,
789 result_code_string,
790 result_string);
791
792 krb5_free_creds(context, credsp);
793
794 return ret;
795 out:
796 if (targprinc == NULL)
797 krb5_free_principal(context, principal);
798 return ret;
799 }
800
801 /*
802 *
803 */
804
805 const char* KRB5_LIB_FUNCTION
806 krb5_passwd_result_to_string (krb5_context context,
807 int result)
808 {
809 static const char *strings[] = {
810 "Success",
811 "Malformed",
812 "Hard error",
813 "Auth error",
814 "Soft error" ,
815 "Access denied",
816 "Bad version",
817 "Initial flag needed"
818 };
819
820 if (result < 0 || result > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)
821 return "unknown result code";
822 else
823 return strings[result];
824 }
NetBSD on the FriendlyARM MINI2440