]>
Commit | Line | Data |
---|---|---|
cd9e6b16 | 1 | /*-- |
2 | ||
3 | THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF | |
4 | ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED | |
5 | TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A | |
6 | PARTICULAR PURPOSE. | |
7 | ||
8 | Copyright (C) 1999 Microsoft Corporation. All rights reserved. | |
9 | ||
10 | Module Name: | |
11 | ||
12 | ksetpw.c | |
13 | ||
14 | Abstract: | |
15 | ||
16 | Set a user's password using the | |
17 | Kerberos Change Password Protocol (I-D) variant for Windows 2000 | |
18 | ||
19 | --*/ | |
20 | /* | |
21 | * lib/krb5/os/changepw.c | |
22 | * | |
23 | * Copyright 1990 by the Massachusetts Institute of Technology. | |
24 | * All Rights Reserved. | |
25 | * | |
26 | * Export of this software from the United States of America may | |
27 | * require a specific license from the United States Government. | |
28 | * It is the responsibility of any person or organization contemplating | |
29 | * export to obtain such a license before exporting. | |
30 | * | |
31 | * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and | |
32 | * distribute this software and its documentation for any purpose and | |
33 | * without fee is hereby granted, provided that the above copyright | |
34 | * notice appear in all copies and that both that copyright notice and | |
35 | * this permission notice appear in supporting documentation, and that | |
36 | * the name of M.I.T. not be used in advertising or publicity pertaining | |
37 | * to distribution of the software without specific, written prior | |
38 | * permission. M.I.T. makes no representations about the suitability of | |
39 | * this software for any purpose. It is provided "as is" without express | |
40 | * or implied warranty. | |
41 | * | |
42 | */ | |
43 | ||
44 | #define NEED_SOCKETS | |
45 | #include <krb5.h> | |
46 | #include <krb.h> | |
47 | #ifdef _WIN32 | |
48 | #include "k5-int.h" | |
49 | #include "adm_err.h" | |
50 | #include "krb5_err.h" | |
51 | #endif | |
52 | #include <auth_con.h> | |
53 | #include "kpasswd.h" | |
54 | ||
55 | #ifndef _WIN32 | |
56 | #include <sys/socket.h> | |
57 | #include <netdb.h> | |
58 | #include <sys/select.h> | |
59 | #endif | |
60 | ||
61 | #include <stdio.h> | |
62 | #include <stdlib.h> | |
63 | #include <time.h> | |
64 | #include <sys/timeb.h> | |
65 | #include <errno.h> | |
66 | ||
cd9e6b16 | 67 | #define PW_LENGTH 25 |
68 | ||
69 | #ifndef krb5_is_krb_error | |
70 | #define krb5_is_krb_error(dat)\ | |
fc53249d | 71 | ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ |
72 | (dat)->data[0] == 0x5e)) | |
cd9e6b16 | 73 | #endif |
74 | ||
75 | /* Win32 defines. */ | |
76 | #if defined(_WIN32) && !defined(__CYGWIN32__) | |
77 | #ifndef ECONNABORTED | |
78 | #define ECONNABORTED WSAECONNABORTED | |
79 | #endif | |
80 | #ifndef ECONNREFUSED | |
81 | #define ECONNREFUSED WSAECONNREFUSED | |
82 | #endif | |
83 | #ifndef EHOSTUNREACH | |
84 | #define EHOSTUNREACH WSAEHOSTUNREACH | |
85 | #endif | |
86 | #endif /* _WIN32 && !__CYGWIN32__ */ | |
87 | ||
88 | static const char rcsid[] = "$Id$"; | |
89 | ||
90 | static int frequency[26][26] = | |
91 | { {4, 20, 28, 52, 2, 11, 28, 4, 32, 4, 6, 62, 23, 167, 2, 14, 0, 83, 76, | |
92 | 127, 7, 25, 8, 1, 9, 1}, /* aa - az */ | |
93 | {13, 0, 0, 0, 55, 0, 0, 0, 8, 2, 0, 22, 0, 0, 11, 0, 0, 15, 4, 2, 13, 0, | |
94 | 0, 0, 15, 0}, /* ba - bz */ | |
95 | {32, 0, 7, 1, 69, 0, 0, 33, 17, 0, 10, 9, 1, 0, 50, 3, 0, 10, 0, 28, 11, | |
96 | 0, 0, 0, 3, 0}, /* ca - cz */ | |
97 | {40, 16, 9, 5, 65, 18, 3, 9, 56, 0, 1, 4, 15, 6, 16, 4, 0, 21, 18, 53, | |
98 | 19, 5, 15, 0, 3, 0}, /* da - dz */ | |
99 | {84, 20, 55, 125, 51, 40, 19, 16, 50, 1, 4, 55, 54, 146, 35, 37, 6, 191, | |
100 | 149, 65, 9, 26, 21, 12, 5, 0}, /* ea - ez */ | |
101 | {19, 3, 5, 1, 19, 21, 1, 3, 30, 2, 0, 11, 1, 0, 51, 0, 0, 26, 8, 47, 6, | |
102 | 3, 3, 0, 2, 0}, /* fa - fz */ | |
103 | {20, 4, 3, 2, 35, 1, 3, 15, 18, 0, 0, 5, 1, 4, 21, 1, 1, 20, 9, 21, 9, | |
104 | 0, 5, 0, 1, 0}, /* ga - gz */ | |
105 | {101, 1, 3, 0, 270, 5, 1, 6, 57, 0, 0, 0, 3, 2, 44, 1, 0, 3, 10, 18, 6, | |
106 | 0, 5, 0, 3, 0}, /* ha - hz */ | |
107 | {40, 7, 51, 23, 25, 9, 11, 3, 0, 0, 2, 38, 25, 202, 56, 12, 1, 46, 79, | |
108 | 117, 1, 22, 0, 4, 0, 3}, /* ia - iz */ | |
109 | {3, 0, 0, 0, 5, 0, 0, 0, 1, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 3, 0, 0, 0, | |
110 | 0, 0}, /* ja - jz */ | |
111 | {1, 0, 0, 0, 11, 0, 0, 0, 13, 0, 0, 0, 0, 2, 0, 0, 0, 0, 6, 2, 1, 0, 2, | |
112 | 0, 1, 0}, /* ka - kz */ | |
113 | {44, 2, 5, 12, 62, 7, 5, 2, 42, 1, 1, 53, 2, 2, 25, 1, 1, 2, 16, 23, 9, | |
114 | 0, 1, 0, 33, 0}, /* la - lz */ | |
115 | {52, 14, 1, 0, 64, 0, 0, 3, 37, 0, 0, 0, 7, 1, 17, 18, 1, 2, 12, 3, 8, | |
116 | 0, 1, 0, 2, 0}, /* ma - mz */ | |
117 | {42, 10, 47, 122, 63, 19, 106, 12, 30, 1, 6, 6, 9, 7, 54, 7, 1, 7, 44, | |
118 | 124, 6, 1, 15, 0, 12, 0}, /* na - nz */ | |
119 | {7, 12, 14, 17, 5, 95, 3, 5, 14, 0, 0, 19, 41, 134, 13, 23, 0, 91, 23, | |
120 | 42, 55, 16, 28, 0, 4, 1}, /* oa - oz */ | |
121 | {19, 1, 0, 0, 37, 0, 0, 4, 8, 0, 0, 15, 1, 0, 27, 9, 0, 33, 14, 7, 6, 0, | |
122 | 0, 0, 0, 0}, /* pa - pz */ | |
123 | {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 17, 0, 0, | |
124 | 0, 0, 0}, /* qa - qz */ | |
125 | {83, 8, 16, 23, 169, 4, 8, 8, 77, 1, 10, 5, 26, 16, 60, 4, 0, 24, 37, | |
126 | 55, 6, 11, 4, 0, 28, 0}, /* ra - rz */ | |
127 | {65, 9, 17, 9, 73, 13, 1, 47, 75, 3, 0, 7, 11, 12, 56, 17, 6, 9, 48, | |
128 | 116, 35, 1, 28, 0, 4, 0}, /* sa - sz */ | |
129 | {57, 22, 3, 1, 76, 5, 2, 330, 126, 1, 0, 14, 10, 6, 79, 7, 0, 49, 50, | |
130 | 56, 21, 2, 27, 0, 24, 0}, /* ta - tz */ | |
131 | {11, 5, 9, 6, 9, 1, 6, 0, 9, 0, 1, 19, 5, 31, 1, 15, 0, 47, 39, 31, 0, | |
132 | 3, 0, 0, 0, 0}, /* ua - uz */ | |
133 | {7, 0, 0, 0, 72, 0, 0, 0, 28, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, | |
134 | 0, 3, 0}, /* va - vz */ | |
135 | {36, 1, 1, 0, 38, 0, 0, 33, 36, 0, 0, 4, 1, 8, 15, 0, 0, 0, 4, 2, 0, 0, | |
136 | 1, 0, 0, 0}, /* wa - wz */ | |
137 | {1, 0, 2, 0, 0, 1, 0, 0, 3, 0, 0, 0, 0, 0, 1, 5, 0, 0, 0, 3, 0, 0, 1, 0, | |
138 | 0, 0}, /* xa - xz */ | |
139 | {14, 5, 4, 2, 7, 12, 12, 6, 10, 0, 0, 3, 7, 5, 17, 3, 0, 4, 16, 30, 0, | |
140 | 0, 5, 0, 0, 0}, /* ya - yz */ | |
141 | {1, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
142 | 0, 0}}; /* za - zz */ | |
143 | ||
144 | /* | |
145 | * This MUST be equal to the sum of the equivalent rows above. | |
146 | */ | |
147 | ||
148 | static int row_sums[26] = | |
fc53249d | 149 | {796,160,284,401,1276,262,199,539,777, |
150 | 16,39,351,243,751,662,181,17,683, | |
151 | 662,968,248,115,180,17,162,5}; | |
cd9e6b16 | 152 | |
153 | /* | |
154 | * Frequencies of starting characters | |
155 | */ | |
156 | ||
157 | static int start_freq [26] = | |
fc53249d | 158 | {1299,425,725,271,375,470,93,223,1009, |
159 | 24,20,355,379,319,823,618,21,317, | |
160 | 962,1991,271,104,516,6,16,14}; | |
cd9e6b16 | 161 | |
162 | /* | |
163 | * This MUST be equal to the sum of all elements in the above array. | |
164 | */ | |
165 | static int total_sum = 11646; | |
166 | ||
167 | long myrandom(); | |
168 | void generate_password(char *password); | |
169 | int set_password(char *user, char *domain); | |
170 | krb5_error_code encode_krb5_setpw | |
fc53249d | 171 | PROTOTYPE((const krb5_setpw *rep, krb5_data ** code)); |
cd9e6b16 | 172 | krb5_error_code |
173 | krb5_locate_kpasswd(krb5_context context, const krb5_data *realm, | |
174 | struct sockaddr **addr_pp, int *naddrs); | |
175 | ||
176 | krb5_error_code krb5_mk_setpw_req(krb5_context context, krb5_auth_context auth_context, | |
177 | krb5_data *ap_req, krb5_principal targprinc, | |
178 | char *passwd, krb5_data *packet) | |
179 | { | |
180 | krb5_error_code ret; | |
181 | krb5_setpw setpw; | |
182 | krb5_data cipherpw; | |
183 | krb5_data *encoded_setpw; | |
184 | krb5_replay_data replay; | |
185 | char *ptr; | |
186 | register int count = 2; | |
187 | ||
188 | memset (&setpw, 0, sizeof(krb5_setpw)); | |
189 | if (ret = krb5_auth_con_setflags(context, auth_context, | |
190 | KRB5_AUTH_CONTEXT_DO_SEQUENCE)) | |
fc53249d | 191 | return(ret); |
cd9e6b16 | 192 | setpw.targprinc = targprinc; |
193 | setpw.newpasswd.length = strlen(passwd); | |
194 | setpw.newpasswd.data = passwd; | |
195 | if ((ret = encode_krb5_setpw(&setpw, &encoded_setpw))) | |
fc53249d | 196 | return( ret ); |
cd9e6b16 | 197 | if (ret = krb5_mk_priv(context, auth_context, |
fc53249d | 198 | encoded_setpw, &cipherpw, &replay)) |
199 | return(ret); | |
cd9e6b16 | 200 | packet->length = 6 + ap_req->length + cipherpw.length; |
201 | packet->data = (char *) malloc(packet->length); | |
202 | ptr = packet->data; | |
203 | /* Length */ | |
204 | *ptr++ = (packet->length>>8) & 0xff; | |
205 | *ptr++ = packet->length & 0xff; | |
206 | /* version */ | |
207 | *ptr++ = (char)0xff; | |
208 | *ptr++ = (char)0x80; | |
209 | /* ap_req length, big-endian */ | |
210 | *ptr++ = (ap_req->length>>8) & 0xff; | |
211 | *ptr++ = ap_req->length & 0xff; | |
212 | /* ap-req data */ | |
213 | memcpy(ptr, ap_req->data, ap_req->length); | |
214 | ptr += ap_req->length; | |
215 | /* krb-priv of password */ | |
216 | memcpy(ptr, cipherpw.data, cipherpw.length); | |
217 | return(0); | |
218 | } | |
219 | ||
220 | krb5_error_code krb5_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, | |
221 | krb5_data *packet, int *result_code, | |
222 | krb5_data *result_data) | |
223 | { | |
224 | char *ptr; | |
225 | int plen; | |
226 | int vno; | |
227 | krb5_data ap_rep; | |
228 | krb5_error_code ret; | |
229 | krb5_data cipherresult; | |
230 | krb5_data clearresult; | |
231 | krb5_error *krberror; | |
232 | krb5_replay_data replay; | |
233 | krb5_keyblock *tmp; | |
234 | krb5_ap_rep_enc_part *ap_rep_enc; | |
235 | ||
236 | if (packet->length < 4) | |
fc53249d | 237 | return(KRB5KRB_AP_ERR_MODIFIED); |
cd9e6b16 | 238 | ptr = packet->data; |
239 | if (krb5_is_krb_error(packet)) | |
240 | { | |
fc53249d | 241 | ret = decode_krb5_error(packet, &krberror); |
242 | if (ret) | |
243 | return(ret); | |
244 | ret = krberror->error; | |
245 | krb5_free_error(context, krberror); | |
246 | return(ret); | |
cd9e6b16 | 247 | } |
248 | /* verify length */ | |
249 | plen = (*ptr++ & 0xff); | |
250 | plen = (plen<<8) | (*ptr++ & 0xff); | |
251 | if (plen != packet->length) | |
fc53249d | 252 | return(KRB5KRB_AP_ERR_MODIFIED); |
cd9e6b16 | 253 | vno = (*ptr++ & 0xff); |
254 | vno = (vno<<8) | (*ptr++ & 0xff); | |
255 | if (vno != KRB5_KPASSWD_VERS_SETPW && vno != KRB5_KPASSWD_VERS_CHANGEPW) | |
fc53249d | 256 | return(KRB5KDC_ERR_BAD_PVNO); |
cd9e6b16 | 257 | /* read, check ap-rep length */ |
258 | ap_rep.length = (*ptr++ & 0xff); | |
259 | ap_rep.length = (ap_rep.length<<8) | (*ptr++ & 0xff); | |
260 | if (ptr + ap_rep.length >= packet->data + packet->length) | |
fc53249d | 261 | return(KRB5KRB_AP_ERR_MODIFIED); |
cd9e6b16 | 262 | if (ap_rep.length) |
263 | { | |
fc53249d | 264 | /* verify ap_rep */ |
265 | ap_rep.data = ptr; | |
266 | ptr += ap_rep.length; | |
267 | if (ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc)) | |
268 | return(ret); | |
269 | krb5_free_ap_rep_enc_part(context, ap_rep_enc); | |
270 | /* extract and decrypt the result */ | |
271 | cipherresult.data = ptr; | |
272 | cipherresult.length = (packet->data + packet->length) - ptr; | |
273 | /* XXX there's no api to do this right. The problem is that | |
274 | if there's a remote subkey, it will be used. This is | |
275 | not what the spec requires */ | |
276 | tmp = auth_context->remote_subkey; | |
277 | auth_context->remote_subkey = NULL; | |
278 | ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult, | |
279 | &replay); | |
280 | auth_context->remote_subkey = tmp; | |
281 | if (ret) | |
282 | return(ret); | |
cd9e6b16 | 283 | } |
284 | else | |
285 | { | |
fc53249d | 286 | cipherresult.data = ptr; |
287 | cipherresult.length = (packet->data + packet->length) - ptr; | |
288 | if (ret = krb5_rd_error(context, &cipherresult, &krberror)) | |
289 | return(ret); | |
290 | clearresult = krberror->e_data; | |
cd9e6b16 | 291 | } |
292 | if (clearresult.length < 2) | |
293 | { | |
fc53249d | 294 | ret = KRB5KRB_AP_ERR_MODIFIED; |
295 | goto cleanup; | |
cd9e6b16 | 296 | } |
297 | ptr = clearresult.data; | |
298 | *result_code = (*ptr++ & 0xff); | |
299 | *result_code = (*result_code<<8) | (*ptr++ & 0xff); | |
300 | if ((*result_code < KRB5_KPASSWD_SUCCESS) || | |
fc53249d | 301 | (*result_code > KRB5_KPASSWD_ACCESSDENIED)) |
cd9e6b16 | 302 | { |
fc53249d | 303 | ret = KRB5KRB_AP_ERR_MODIFIED; |
304 | goto cleanup; | |
cd9e6b16 | 305 | } |
306 | /* all success replies should be authenticated/encrypted */ | |
307 | if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS)) | |
308 | { | |
fc53249d | 309 | ret = KRB5KRB_AP_ERR_MODIFIED; |
310 | goto cleanup; | |
cd9e6b16 | 311 | } |
312 | result_data->length = (clearresult.data + clearresult.length) - ptr; | |
313 | if (result_data->length) | |
314 | { | |
fc53249d | 315 | result_data->data = (char *) malloc(result_data->length); |
316 | memcpy(result_data->data, ptr, result_data->length); | |
cd9e6b16 | 317 | } |
318 | else | |
fc53249d | 319 | result_data->data = NULL; |
cd9e6b16 | 320 | ret = 0; |
321 | cleanup: | |
322 | if (ap_rep.length) | |
fc53249d | 323 | free(clearresult.data); |
cd9e6b16 | 324 | else |
fc53249d | 325 | krb5_free_error(context, krberror); |
cd9e6b16 | 326 | return(ret); |
327 | } | |
328 | ||
329 | krb5_error_code krb5_set_password(krb5_context context, krb5_ccache ccache, | |
330 | char *newpw, char *user, char *domain, | |
331 | int *result_code) | |
332 | { | |
333 | krb5_auth_context auth_context; | |
334 | krb5_data ap_req; | |
335 | krb5_data chpw_req; | |
336 | krb5_data chpw_rep; | |
337 | krb5_data result_string; | |
338 | krb5_address local_kaddr; | |
339 | krb5_address remote_kaddr; | |
340 | char userrealm[256]; | |
341 | char temp[256]; | |
342 | krb5_error_code code; | |
343 | krb5_creds creds; | |
344 | krb5_creds *credsp; | |
345 | struct sockaddr *addr_p; | |
346 | struct sockaddr local_addr; | |
347 | struct sockaddr remote_addr; | |
348 | struct sockaddr tmp_addr; | |
349 | SOCKET s1; | |
350 | SOCKET s2; | |
351 | int i; | |
352 | int out; | |
353 | int addrlen; | |
354 | int cc; | |
355 | int local_result_code; | |
356 | int tmp_len; | |
357 | int error_count; | |
358 | krb5_principal targprinc; | |
fc53249d | 359 | int count; |
360 | int last_count; | |
cd9e6b16 | 361 | |
362 | auth_context = NULL; | |
363 | addr_p = NULL; | |
364 | credsp = NULL; | |
365 | memset(&local_addr, 0, sizeof(local_addr)); | |
366 | memset(&local_kaddr, 0, sizeof(local_kaddr)); | |
367 | memset(&result_string, 0, sizeof(result_string)); | |
368 | memset(&remote_kaddr, 0, sizeof(remote_kaddr)); | |
369 | memset(&chpw_req, 0, sizeof(krb5_data)); | |
370 | memset(&chpw_rep, 0, sizeof(krb5_data)); | |
371 | memset(&ap_req, 0, sizeof(krb5_data)); | |
372 | auth_context = NULL; | |
373 | memset(&creds, 0, sizeof(creds)); | |
374 | memset(userrealm, '\0', sizeof(userrealm)); | |
375 | targprinc = NULL; | |
376 | for (i = 0; i < (int)strlen(domain); i++) | |
fc53249d | 377 | userrealm[i] = toupper(domain[i]); |
cd9e6b16 | 378 | |
379 | sprintf(temp, "%s@%s", user, userrealm); | |
380 | krb5_parse_name(context, temp, &targprinc); | |
381 | ||
382 | sprintf(temp, "%s@%s", "kadmin/changepw", userrealm); | |
383 | if (code = krb5_parse_name(context, temp, &creds.server)) | |
384 | goto cleanup; | |
385 | ||
386 | if (code = krb5_cc_get_principal(context, ccache, &creds.client)) | |
387 | goto cleanup; | |
388 | if (code = krb5_get_credentials(context, 0, ccache, &creds, &credsp)) | |
389 | goto cleanup; | |
390 | if (code = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY, | |
fc53249d | 391 | NULL, credsp, &ap_req)) |
392 | goto cleanup; | |
393 | if (code = krb5_locate_kpasswd(context, &targprinc->realm, &addr_p, &out)) | |
cd9e6b16 | 394 | goto cleanup; |
cd9e6b16 | 395 | if (out == 0) |
396 | { /* Couldn't resolve any KPASSWD names */ | |
397 | code = 1; | |
398 | goto cleanup; | |
399 | } | |
400 | ||
cd9e6b16 | 401 | if ((s1 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) |
402 | { | |
403 | free(addr_p); | |
fc53249d | 404 | return(errno); |
cd9e6b16 | 405 | } |
406 | if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET) | |
407 | { | |
408 | closesocket(s1); | |
409 | free(addr_p); | |
fc53249d | 410 | return(errno); |
cd9e6b16 | 411 | } |
412 | error_count = 0; | |
413 | for (i=0; i<out; i++) | |
414 | { | |
fc53249d | 415 | if (connect(s2, &addr_p[i], sizeof(addr_p[i])) == SOCKET_ERROR) |
cd9e6b16 | 416 | continue; |
fc53249d | 417 | addrlen = sizeof(local_addr); |
418 | if (getsockname(s2, &local_addr, &addrlen) < 0) | |
cd9e6b16 | 419 | continue; |
fc53249d | 420 | if (((struct sockaddr_in *)&local_addr)->sin_addr.s_addr != 0) |
cd9e6b16 | 421 | { |
fc53249d | 422 | printf("1\n"); |
423 | local_kaddr.addrtype = ADDRTYPE_INET; | |
424 | local_kaddr.length = | |
425 | sizeof(((struct sockaddr_in *) &local_addr)->sin_addr); | |
426 | local_kaddr.contents = | |
427 | (char *) &(((struct sockaddr_in *) &local_addr)->sin_addr); | |
428 | } | |
cd9e6b16 | 429 | else |
430 | { | |
fc53249d | 431 | krb5_address **addrs; |
432 | krb5_os_localaddr(context, &addrs); | |
433 | local_kaddr.magic = addrs[0]->magic; | |
434 | local_kaddr.addrtype = addrs[0]->addrtype; | |
435 | local_kaddr.length = addrs[0]->length; | |
436 | local_kaddr.contents = calloc(1, addrs[0]->length); | |
437 | memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length); | |
438 | krb5_free_addresses(context, addrs); | |
439 | } | |
440 | ||
441 | addrlen = sizeof(remote_addr); | |
442 | if (getpeername(s2, &remote_addr, &addrlen) < 0) | |
443 | continue; | |
444 | remote_kaddr.addrtype = ADDRTYPE_INET; | |
445 | remote_kaddr.length = | |
446 | sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr); | |
447 | remote_kaddr.contents = | |
448 | (char *) &(((struct sockaddr_in *) &remote_addr)->sin_addr); | |
449 | ||
450 | if (code = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL)) | |
cd9e6b16 | 451 | goto cleanup; |
fc53249d | 452 | if (code = krb5_mk_setpw_req(context, auth_context, &ap_req, |
453 | targprinc, newpw, &chpw_req)) | |
cd9e6b16 | 454 | goto cleanup; |
fc53249d | 455 | |
456 | if ((cc = sendto(s1, chpw_req.data, chpw_req.length, 0, | |
457 | (struct sockaddr *) &addr_p[i], | |
458 | sizeof(addr_p[i]))) != chpw_req.length) | |
459 | continue; | |
460 | ||
461 | if (chpw_req.data != NULL) | |
462 | free(chpw_req.data); | |
463 | chpw_rep.length = 1500; | |
464 | chpw_rep.data = (char *) calloc(1, chpw_rep.length); | |
465 | ||
466 | tmp_len = sizeof(tmp_addr); | |
467 | last_count = 0; | |
468 | while (1) | |
cd9e6b16 | 469 | { |
fc53249d | 470 | cc = recvfrom(s1, chpw_rep.data, chpw_rep.length, MSG_PEEK, |
471 | &tmp_addr, &tmp_len); | |
472 | if ((last_count == cc) && (cc != 0)) | |
473 | break; | |
474 | last_count = cc; | |
475 | if (cc == 0) | |
cd9e6b16 | 476 | { |
fc53249d | 477 | if (last_count == -1) |
478 | break; | |
479 | last_count = -1; | |
cd9e6b16 | 480 | } |
fc53249d | 481 | sleep(1); |
cd9e6b16 | 482 | } |
fc53249d | 483 | if ((cc = recvfrom(s1, chpw_rep.data, chpw_rep.length, 0, &tmp_addr, &tmp_len)) < 0) |
cd9e6b16 | 484 | { |
485 | code = errno; | |
486 | goto cleanup; | |
fc53249d | 487 | } |
488 | chpw_rep.length = cc; | |
489 | if (code = krb5_auth_con_setaddrs(context, auth_context, NULL, | |
490 | &remote_kaddr)) | |
cd9e6b16 | 491 | { |
492 | goto cleanup; | |
fc53249d | 493 | } |
cd9e6b16 | 494 | local_result_code = 0; |
fc53249d | 495 | code = krb5_rd_setpw_rep(context, auth_context, &chpw_rep, |
496 | &local_result_code, &result_string); | |
cd9e6b16 | 497 | |
fc53249d | 498 | if (local_result_code) |
499 | { | |
500 | if (local_result_code == KRB5_KPASSWD_SOFTERROR) | |
501 | local_result_code = KRB5_KPASSWD_SUCCESS; | |
502 | *result_code = local_result_code; | |
503 | } | |
504 | if (chpw_rep.data != NULL) | |
505 | free(chpw_rep.data); | |
cd9e6b16 | 506 | break; |
507 | ||
508 | } | |
509 | cleanup: | |
510 | closesocket(s1); | |
511 | closesocket(s2); | |
512 | if (addr_p != NULL) | |
513 | free(addr_p); | |
514 | if (auth_context != NULL) | |
515 | krb5_auth_con_free(context, auth_context); | |
516 | if (ap_req.data != NULL) | |
fc53249d | 517 | free(ap_req.data); |
cd9e6b16 | 518 | krb5_free_cred_contents(context, &creds); |
519 | if (credsp != NULL) | |
520 | krb5_free_creds(context, credsp); | |
521 | if (targprinc != NULL) | |
522 | krb5_free_principal(context, targprinc); | |
fc53249d | 523 | return(code); |
cd9e6b16 | 524 | } |
525 | ||
526 | int set_password(char *user, char *domain) | |
527 | { | |
528 | krb5_context context; | |
529 | krb5_ccache ccache; | |
530 | int res_code; | |
531 | krb5_error_code retval; | |
fc53249d | 532 | char pw[PW_LENGTH+1]; |
cd9e6b16 | 533 | |
534 | if (retval = krb5_init_context(&context)) | |
535 | return retval; | |
536 | if (retval = krb5_cc_default(context, &ccache)) | |
fc53249d | 537 | return(retval); |
cd9e6b16 | 538 | |
539 | memset(pw, '\0', sizeof(pw)); | |
540 | generate_password(pw); | |
fc53249d | 541 | res_code = 0; |
cd9e6b16 | 542 | retval = krb5_set_password(context, ccache, pw, user, domain, &res_code); |
543 | ||
fc53249d | 544 | krb5_cc_close(context, ccache); |
545 | krb5_free_context(context); | |
546 | if (retval) | |
547 | return(retval); | |
548 | return(res_code); | |
cd9e6b16 | 549 | } |
550 | ||
551 | void generate_password(char *password) | |
552 | { | |
fc53249d | 553 | int i; |
cd9e6b16 | 554 | int j; |
555 | int row_position; | |
556 | int nchars; | |
557 | int position; | |
fc53249d | 558 | int word; |
cd9e6b16 | 559 | int line; |
fc53249d | 560 | char *pwp; |
cd9e6b16 | 561 | |
fc53249d | 562 | for (line = 22; line; --line) |
cd9e6b16 | 563 | { |
564 | for (word = 7; word; --word) | |
565 | { | |
566 | position = myrandom()%total_sum; | |
567 | for(row_position = 0, j = 0; position >= row_position; row_position += start_freq[j], j++) | |
568 | continue; | |
569 | *(pwp = password) = j + 'a' - 1; | |
570 | for (nchars = PW_LENGTH-1; nchars; --nchars) | |
571 | { | |
572 | i = *pwp - 'a'; | |
573 | pwp++; | |
574 | position = myrandom()%row_sums[i]; | |
575 | for (row_position = 0, j = 0; position >= row_position; row_position += frequency[i][j], j++) | |
576 | continue; | |
577 | *pwp = j + 'a' - 1; | |
578 | } | |
579 | *(++pwp)='\0'; | |
580 | return; | |
fc53249d | 581 | } |
cd9e6b16 | 582 | putchar('\n'); |
583 | } | |
584 | } | |
585 | ||
586 | long myrandom() | |
587 | { | |
588 | static int init = 0; | |
589 | int pid; | |
590 | #ifdef _WIN32 | |
591 | struct _timeb timebuffer; | |
592 | #else | |
593 | struct timeval tv; | |
594 | #endif | |
595 | ||
596 | if (!init) | |
597 | { | |
598 | init = 1; | |
599 | pid = getpid(); | |
600 | #ifdef _WIN32 | |
601 | _ftime(&timebuffer); | |
602 | srand(timebuffer.time ^ timebuffer.millitm ^ pid); | |
603 | #else | |
604 | gettimeofday(&tv, (struct timezone *) NULL); | |
605 | srandom(tv.tv_sec ^ tv.tv_usec ^ pid); | |
606 | #endif | |
607 | } | |
608 | return (rand()); | |
609 | } |