]> andersk Git - moira.git/blame - incremental/ldap/setpw.c
andersk / moira.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Build without krb4 if it's unavailable.
[moira.git] / incremental / ldap / setpw.c
CommitLineData
61a2844b 1#define LDAP_AUTH_OTHERKIND 0x86L
2#define LDAP_AUTH_NEGOTIATE (LDAP_AUTH_OTHERKIND | 0x0400)
3/*--
4
5THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
6ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
7TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
8PARTICULAR PURPOSE.
9
10Copyright (C) 1999 Microsoft Corporation. All rights reserved.
11
12Module Name:
13
14 setpw.c
15
16Abstract:
17
18 Set a user's password using the
19 Kerberos Change Password Protocol (I-D) variant for Windows 2000
20
21--*/
22/*
23 * lib/krb5/os/changepw.c
24 *
25 * Copyright 1990 by the Massachusetts Institute of Technology.
26 * All Rights Reserved.
27 *
28 * Export of this software from the United States of America may
29 * require a specific license from the United States Government.
30 * It is the responsibility of any person or organization contemplating
31 * export to obtain such a license before exporting.
32 *
33 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
34 * distribute this software and its documentation for any purpose and
35 * without fee is hereby granted, provided that the above copyright
36 * notice appear in all copies and that both that copyright notice and
37 * this permission notice appear in supporting documentation, and that
38 * the name of M.I.T. not be used in advertising or publicity pertaining
39 * to distribution of the software without specific, written prior
40 * permission. M.I.T. makes no representations about the suitability of
41 * this software for any purpose. It is provided "as is" without express
42 * or implied warranty.
43 *
44 */
45
46
47#define NEED_SOCKETS
48#ifndef _WIN32
49#include "port-sockets.h"
50#endif
51#include <krb5.h>
cb974713 52#ifdef HAVE_KRB4
61a2844b 53#include <krb.h>
cb974713 54#endif
61a2844b 55#include <ldap.h>
56#ifdef _WIN32
57#include <wshelper.h>
58#include "krb5_err.h"
59#else
60#include <sys/socket.h>
61#include <netdb.h>
62#include <sys/select.h>
63#endif
64#include <auth_con.h>
65#include <stdio.h>
66#include <stdlib.h>
67#include <time.h>
68#include <sys/timeb.h>
69#include <errno.h>
70#include "kpasswd.h"
71#include "gsssasl.h"
72#include "gssldap.h"
73
74#define PW_LENGTH 25
75#define KDC_PORT 464
76#define ULONG unsigned long
77
78#ifndef krb5_is_krb_error
79#define krb5_is_krb_error(dat)\
80 ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
81 (dat)->data[0] == 0x5e))
82#endif
83
84#ifdef _WIN32
85extern krb5_error_code decode_krb5_error
86 (const krb5_data *output, krb5_error **rep);
87#define sleep(Seconds) Sleep(Seconds * 1000)
88#define gethostbyname(Server) rgethostbyname(Server)
89#endif
90
91/* Win32 defines. */
92#if defined(_WIN32) && !defined(__CYGWIN32__)
93#ifndef ECONNABORTED
94#define ECONNABORTED WSAECONNABORTED
95#endif
96#ifndef ECONNREFUSED
97#define ECONNREFUSED WSAECONNREFUSED
98#endif
99#ifndef EHOSTUNREACH
100#define EHOSTUNREACH WSAEHOSTUNREACH
101#endif
102#endif /* _WIN32 && !__CYGWIN32__ */
103
104static const char rcsid[] = "$Id$";
105
106static int frequency[26][26] =
107{ {4, 20, 28, 52, 2, 11, 28, 4, 32, 4, 6, 62, 23, 167, 2, 14, 0, 83, 76,
108127, 7, 25, 8, 1, 9, 1}, /* aa - az */
109 {13, 0, 0, 0, 55, 0, 0, 0, 8, 2, 0, 22, 0, 0, 11, 0, 0, 15, 4, 2, 13, 0,
1100, 0, 15, 0}, /* ba - bz */
111 {32, 0, 7, 1, 69, 0, 0, 33, 17, 0, 10, 9, 1, 0, 50, 3, 0, 10, 0, 28, 11,
1120, 0, 0, 3, 0}, /* ca - cz */
113 {40, 16, 9, 5, 65, 18, 3, 9, 56, 0, 1, 4, 15, 6, 16, 4, 0, 21, 18, 53,
11419, 5, 15, 0, 3, 0}, /* da - dz */
115 {84, 20, 55, 125, 51, 40, 19, 16, 50, 1, 4, 55, 54, 146, 35, 37, 6, 191,
116149, 65, 9, 26, 21, 12, 5, 0}, /* ea - ez */
117 {19, 3, 5, 1, 19, 21, 1, 3, 30, 2, 0, 11, 1, 0, 51, 0, 0, 26, 8, 47, 6,
1183, 3, 0, 2, 0}, /* fa - fz */
119 {20, 4, 3, 2, 35, 1, 3, 15, 18, 0, 0, 5, 1, 4, 21, 1, 1, 20, 9, 21, 9,
1200, 5, 0, 1, 0}, /* ga - gz */
121 {101, 1, 3, 0, 270, 5, 1, 6, 57, 0, 0, 0, 3, 2, 44, 1, 0, 3, 10, 18, 6,
1220, 5, 0, 3, 0}, /* ha - hz */
123 {40, 7, 51, 23, 25, 9, 11, 3, 0, 0, 2, 38, 25, 202, 56, 12, 1, 46, 79,
124117, 1, 22, 0, 4, 0, 3}, /* ia - iz */
125 {3, 0, 0, 0, 5, 0, 0, 0, 1, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 3, 0, 0, 0,
1260, 0}, /* ja - jz */
127 {1, 0, 0, 0, 11, 0, 0, 0, 13, 0, 0, 0, 0, 2, 0, 0, 0, 0, 6, 2, 1, 0, 2,
1280, 1, 0}, /* ka - kz */
129 {44, 2, 5, 12, 62, 7, 5, 2, 42, 1, 1, 53, 2, 2, 25, 1, 1, 2, 16, 23, 9,
1300, 1, 0, 33, 0}, /* la - lz */
131 {52, 14, 1, 0, 64, 0, 0, 3, 37, 0, 0, 0, 7, 1, 17, 18, 1, 2, 12, 3, 8,
1320, 1, 0, 2, 0}, /* ma - mz */
133 {42, 10, 47, 122, 63, 19, 106, 12, 30, 1, 6, 6, 9, 7, 54, 7, 1, 7, 44,
134124, 6, 1, 15, 0, 12, 0}, /* na - nz */
135 {7, 12, 14, 17, 5, 95, 3, 5, 14, 0, 0, 19, 41, 134, 13, 23, 0, 91, 23,
13642, 55, 16, 28, 0, 4, 1}, /* oa - oz */
137 {19, 1, 0, 0, 37, 0, 0, 4, 8, 0, 0, 15, 1, 0, 27, 9, 0, 33, 14, 7, 6, 0,
1380, 0, 0, 0}, /* pa - pz */
139 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 17, 0, 0,
1400, 0, 0}, /* qa - qz */
141 {83, 8, 16, 23, 169, 4, 8, 8, 77, 1, 10, 5, 26, 16, 60, 4, 0, 24, 37,
14255, 6, 11, 4, 0, 28, 0}, /* ra - rz */
143 {65, 9, 17, 9, 73, 13, 1, 47, 75, 3, 0, 7, 11, 12, 56, 17, 6, 9, 48,
144116, 35, 1, 28, 0, 4, 0}, /* sa - sz */
145 {57, 22, 3, 1, 76, 5, 2, 330, 126, 1, 0, 14, 10, 6, 79, 7, 0, 49, 50,
14656, 21, 2, 27, 0, 24, 0}, /* ta - tz */
147 {11, 5, 9, 6, 9, 1, 6, 0, 9, 0, 1, 19, 5, 31, 1, 15, 0, 47, 39, 31, 0,
1483, 0, 0, 0, 0}, /* ua - uz */
149 {7, 0, 0, 0, 72, 0, 0, 0, 28, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0,
1500, 3, 0}, /* va - vz */
151 {36, 1, 1, 0, 38, 0, 0, 33, 36, 0, 0, 4, 1, 8, 15, 0, 0, 0, 4, 2, 0, 0,
1521, 0, 0, 0}, /* wa - wz */
153 {1, 0, 2, 0, 0, 1, 0, 0, 3, 0, 0, 0, 0, 0, 1, 5, 0, 0, 0, 3, 0, 0, 1, 0,
1540, 0}, /* xa - xz */
155 {14, 5, 4, 2, 7, 12, 12, 6, 10, 0, 0, 3, 7, 5, 17, 3, 0, 4, 16, 30, 0,
1560, 5, 0, 0, 0}, /* ya - yz */
157 {1, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1580, 0}}; /* za - zz */
159
160/*
161 * This MUST be equal to the sum of the equivalent rows above.
162 */
163
164static int row_sums[26] =
165{796,160,284,401,1276,262,199,539,777,
166 16,39,351,243,751,662,181,17,683,
167 662,968,248,115,180,17,162,5};
168
169/*
170 * Frequencies of starting characters
171 */
172
173static int start_freq [26] =
174{1299,425,725,271,375,470,93,223,1009,
175 24,20,355,379,319,823,618,21,317,
176 962,1991,271,104,516,6,16,14};
177
178/*
179 * This MUST be equal to the sum of all elements in the above array.
180 */
181
182struct sockaddr_in kdc_server;
183SOCKET kdc_socket;
184krb5_context context;
185krb5_ccache ccache;
186krb5_auth_context auth_context = NULL;
187krb5_data ap_req;
188krb5_creds *credsp = NULL;
189krb5_creds creds;
190char connected_server[128];
191
192static int total_sum = 11646;
193
194int get_krb5_error(krb5_error_code rc, char *in, char *out);
195int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
196 char *Win2kPassword, char *Win2kUser, char *default_server,
197 int connect_to_kdc, char **ServerList, char *ldap_realm,
198 char *ldap_port);
199int ad_kdc_connect(char *connectedServer);
200int ad_server_connect(char *connectedServer, char *domain);
201void ad_kdc_disconnect();
202int compare_elements(const void *arg1, const void *arg2);
203int convert_domain_to_dn(char *domain, char *dnp);
204int set_password(char *user, char *password, char *domain);
205
206int locate_ldap_server(char *domain, char **server_name);
207
208long myrandom();
209void generate_password(char *password);
210
211#ifdef WIN32
212krb5_error_code encode_krb5_setpw
213 PROTOTYPE((const krb5_setpw *rep, krb5_data ** code));
214#endif
215
216krb5_error_code make_setpw_req(krb5_context context, krb5_auth_context auth_context,
217 krb5_data *ap_req, krb5_principal targprinc,
218 char *passwd, krb5_data *packet)
219{
220 krb5_error_code ret;
221 krb5_setpw setpw;
222 krb5_data cipherpw;
223 krb5_data *encoded_setpw;
224 krb5_replay_data replay;
225 char *ptr;
226 register int count = 2;
227
228 memset(&setpw, 0, sizeof(krb5_setpw));
229 if (ret = krb5_auth_con_setflags(context, auth_context,
230 KRB5_AUTH_CONTEXT_DO_SEQUENCE))
231 return(ret);
232 setpw.targprinc = targprinc;
233 setpw.newpasswd.length = strlen(passwd);
234 setpw.newpasswd.data = passwd;
235 if ((ret = encode_krb5_setpw(&setpw, &encoded_setpw)))
236 return( ret );
237 if (ret = krb5_mk_priv(context, auth_context,
238 encoded_setpw, &cipherpw, &replay))
239 return(ret);
240 packet->length = 6 + ap_req->length + cipherpw.length;
241 packet->data = (char *) malloc(packet->length);
242 ptr = packet->data;
243 /* Length */
244 *ptr++ = (packet->length>>8) & 0xff;
245 *ptr++ = packet->length & 0xff;
246 /* version */
247 *ptr++ = (char)0xff;
248 *ptr++ = (char)0x80;
249 /* ap_req length, big-endian */
250 *ptr++ = (ap_req->length>>8) & 0xff;
251 *ptr++ = ap_req->length & 0xff;
252 /* ap-req data */
253 memcpy(ptr, ap_req->data, ap_req->length);
254 ptr += ap_req->length;
255 /* krb-priv of password */
256 memcpy(ptr, cipherpw.data, cipherpw.length);
257 free(cipherpw.data);
258/* krb5_free_data_contents(context, &cipherpw);*/
259 krb5_free_data(context, encoded_setpw);
260 return(0);
261}
262
263krb5_error_code get_setpw_rep(krb5_context context, krb5_auth_context auth_context,
264 krb5_data *packet, int *result_code,
265 krb5_data *result_data)
266{
267 char *ptr;
268 int plen;
269 int vno;
270 krb5_data ap_rep;
271 krb5_error_code ret;
272 krb5_data cipherresult;
273 krb5_data clearresult;
274 krb5_error *krberror;
275 krb5_replay_data replay;
276 krb5_ap_rep_enc_part *ap_rep_enc;
277
278 if (packet->length < 4)
279 return(KRB5KRB_AP_ERR_MODIFIED);
280 ptr = packet->data;
281 if (krb5_is_krb_error(packet))
282 {
283 ret = decode_krb5_error(packet, &krberror);
284 if (ret)
285 return(ret);
286 ret = krberror->error;
287 krb5_free_error(context, krberror);
288 return(ret);
289 }
290 /* verify length */
291 plen = (*ptr++ & 0xff);
292 plen = (plen<<8) | (*ptr++ & 0xff);
293 if (plen != (int)packet->length)
294 return(KRB5KRB_AP_ERR_MODIFIED);
295 vno = (*ptr++ & 0xff);
296 vno = (vno<<8) | (*ptr++ & 0xff);
297 if (vno != KRB5_KPASSWD_VERS_SETPW && vno != KRB5_KPASSWD_VERS_CHANGEPW)
298 return(KRB5KDC_ERR_BAD_PVNO);
299 /* read, check ap-rep length */
300 ap_rep.length = (*ptr++ & 0xff);
301 ap_rep.length = (ap_rep.length<<8) | (*ptr++ & 0xff);
302 if (ptr + ap_rep.length >= packet->data + packet->length)
303 return(KRB5KRB_AP_ERR_MODIFIED);
304 if (ap_rep.length)
305 {
306 /* verify ap_rep */
307 ap_rep.data = ptr;
308 ptr += ap_rep.length;
309 if (ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc))
310 return(ret);
311 krb5_free_ap_rep_enc_part(context, ap_rep_enc);
312 /* extract and decrypt the result */
313 cipherresult.data = ptr;
314 cipherresult.length = (packet->data + packet->length) - ptr;
315 /* XXX there's no api to do this right. The problem is that
316 if there's a remote subkey, it will be used. This is
317 not what the spec requires */
318 ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
319 &replay);
320 if (ret)
321 return(ret);
322 }
323 else
324 {
325 cipherresult.data = ptr;
326 cipherresult.length = (packet->data + packet->length) - ptr;
327
328 if (ret = krb5_rd_error(context, &cipherresult, &krberror))
329 return(ret);
330
331 clearresult = krberror->e_data;
332 }
333 if (clearresult.length < 2)
334 {
335 ret = KRB5KRB_AP_ERR_MODIFIED;
336 goto cleanup;
337 }
338 ptr = clearresult.data;
339 *result_code = (*ptr++ & 0xff);
340 *result_code = (*result_code<<8) | (*ptr++ & 0xff);
341 if ((*result_code < KRB5_KPASSWD_SUCCESS) ||
342 (*result_code > KRB5_KPASSWD_ACCESSDENIED))
343 {
344 ret = KRB5KRB_AP_ERR_MODIFIED;
345 goto cleanup;
346 }
347 /* all success replies should be authenticated/encrypted */
348 if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS))
349 {
350 ret = KRB5KRB_AP_ERR_MODIFIED;
351 goto cleanup;
352 }
353 result_data->length = (clearresult.data + clearresult.length) - ptr;
354 if (result_data->length)
355 {
356 result_data->data = (char *) malloc(result_data->length);
357 memcpy(result_data->data, ptr, result_data->length);
358 }
359 else
360 result_data->data = NULL;
361 ret = 0;
362cleanup:
363 if (ap_rep.length)
364 free(clearresult.data);
365 else
366 krb5_free_error(context, krberror);
367 return(ret);
368}
369
370krb5_error_code kdc_set_password(krb5_context context, krb5_ccache ccache,
371 char *newpw, char *user, char *domain,
372 int *result_code)
373{
374 krb5_data chpw_snd;
375 krb5_data chpw_rcv;
376 krb5_data result_string;
377 krb5_address local_kaddr;
378 krb5_address remote_kaddr;
379 char userrealm[256];
380 char temp[256];
381 krb5_error_code code;
382 struct sockaddr local_addr;
383 struct sockaddr remote_addr;
384 int i;
385 int addrlen;
386 int cc;
387 int local_result_code;
388 int nfds;
389 krb5_principal targprinc;
390 struct timeval TimeVal;
391 fd_set readfds;
392
393 memset(&local_addr, 0, sizeof(local_addr));
394 memset(&local_kaddr, 0, sizeof(local_kaddr));
395 memset(&result_string, 0, sizeof(result_string));
396 memset(&remote_kaddr, 0, sizeof(remote_kaddr));
397 memset(&chpw_snd, 0, sizeof(krb5_data));
398 memset(&chpw_rcv, 0, sizeof(krb5_data));
399 memset(userrealm, '\0', sizeof(userrealm));
400 targprinc = NULL;
401
402 chpw_rcv.length = 1500;
403 chpw_rcv.data = (char *) calloc(1, chpw_rcv.length);
404
405 for (i = 0; i < (int)strlen(domain); i++)
406 userrealm[i] = toupper(domain[i]);
407
408 sprintf(temp, "%s@%s", user, userrealm);
409 krb5_parse_name(context, temp, &targprinc);
410
411 if (credsp == NULL)
412 {
413 memset(&creds, 0, sizeof(creds));
414 memset(&ap_req, 0, sizeof(krb5_data));
415 sprintf(temp, "%s@%s", "kadmin/changepw", userrealm);
416 if (code = krb5_parse_name(context, temp, &creds.server))
417 goto cleanup;
418 if (code = krb5_cc_get_principal(context, ccache, &creds.client))
419 goto cleanup;
420 if (code = krb5_get_credentials(context, 0, ccache, &creds, &credsp))
421 goto cleanup;
422 if (code = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
423 NULL, credsp, &ap_req))
424 goto cleanup;
425 }
426
427 addrlen = sizeof(local_addr);
428 if (getsockname(kdc_socket, &local_addr, &addrlen) < 0)
429 {
430 code = KDC_GETSOCKNAME_ERROR;
431 goto cleanup;
432 }
433 if (((struct sockaddr_in *)&local_addr)->sin_addr.s_addr != 0)
434 {
435 local_kaddr.addrtype = ADDRTYPE_INET;
436 local_kaddr.length =
437 sizeof(((struct sockaddr_in *) &local_addr)->sin_addr);
438 local_kaddr.contents =
439 (char *) &(((struct sockaddr_in *) &local_addr)->sin_addr);
440 }
441 else
442 {
443 krb5_address **addrs;
444 krb5_os_localaddr(context, &addrs);
445 local_kaddr.magic = addrs[0]->magic;
446 local_kaddr.addrtype = addrs[0]->addrtype;
447 local_kaddr.length = addrs[0]->length;
448 local_kaddr.contents = calloc(1, addrs[0]->length);
449 memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
450 krb5_free_addresses(context, addrs);
451 }
452
453 addrlen = sizeof(remote_addr);
454 if (getpeername(kdc_socket, &remote_addr, &addrlen) < 0)
455 {
456 code = KDC_GETPEERNAME_ERROR;
457 goto cleanup;
458 }
459 remote_kaddr.addrtype = ADDRTYPE_INET;
460 remote_kaddr.length = sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr);
461 remote_kaddr.contents = (char *) &(((struct sockaddr_in *) &remote_addr)->sin_addr);
462
463 if (code = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL))
464 goto cleanup;
465 if (code = make_setpw_req(context, auth_context, &ap_req,
466 targprinc, newpw, &chpw_snd))
467 goto cleanup;
468
469 for (i = 0; i < 3; i++)
470 {
471 if ((cc = sendto(kdc_socket, chpw_snd.data, chpw_snd.length, 0,
472 NULL,
473 0)) != (int)chpw_snd.length)
474 {
475 code = KDC_SEND_ERROR;
476 sleep(1);
477 continue;
478 }
479
480 TimeVal.tv_sec = 3;
481 TimeVal.tv_usec = 0;
482 FD_ZERO(&readfds);
483 FD_SET(kdc_socket, &readfds);
484 nfds = kdc_socket + 1;
485 code = select(nfds, &readfds, NULL, NULL, &TimeVal);
486 if ((code == 0) || (code == SOCKET_ERROR))
487 {
488 code = KDC_RECEIVE_TIMEOUT;
489 sleep(1);
490 continue;
491 }
492
493 if ((cc = recvfrom(kdc_socket, chpw_rcv.data, chpw_rcv.length, 0,
494 NULL, NULL)) < 0)
495 {
496 code = KDC_RECEIVE_TIMEOUT;
497 sleep(1);
498 continue;
499 }
500 chpw_rcv.length = cc;
501 if (code = krb5_auth_con_setaddrs(context, auth_context, NULL, &remote_kaddr))
502 {
503 sleep(1);
504 continue;
505 }
506 local_result_code = 0;
507 code = get_setpw_rep(context, auth_context, &chpw_rcv,
508 &local_result_code, &result_string);
509
510 if (local_result_code)
511 {
512 if (local_result_code == KRB5_KPASSWD_SOFTERROR)
513 local_result_code = KRB5_KPASSWD_SUCCESS;
514 *result_code = local_result_code;
515 }
516 if ((code == 0) && (local_result_code == 0))
517 break;
518 sleep(1);
519 }
520
521cleanup:
522 if (chpw_snd.data != NULL)
523 free(chpw_snd.data);
524 if (chpw_rcv.data != NULL)
525 free(chpw_rcv.data);
526 if (targprinc != NULL)
527 krb5_free_principal(context, targprinc);
528 return(code);
529}
530
531int set_password(char *user, char *password, char *domain)
532{
533 int res_code;
534 krb5_error_code retval;
535 char pw[PW_LENGTH+1];
536
537 memset(pw, '\0', sizeof(pw));
538 if (strlen(password) != 0)
539 strcpy(pw, password);
540 else
541 generate_password(pw);
542 res_code = 0;
543 retval = kdc_set_password(context, ccache, pw, user, domain, &res_code);
544
545 if (res_code)
546 return(res_code);
547 return(retval);
548}
549
550void generate_password(char *password)
551{
552 int i;
553 int j;
554 int row_position;
555 int nchars;
556 int position;
557 int word;
558 int line;
559 char *pwp;
560
561 for (line = 22; line; --line)
562 {
563 for (word = 7; word; --word)
564 {
565 position = myrandom()%total_sum;
566 for(row_position = 0, j = 0; position >= row_position; row_position += start_freq[j], j++)
567 continue;
568 *(pwp = password) = j + 'a' - 1;
569 for (nchars = PW_LENGTH-1; nchars; --nchars)
570 {
571 i = *pwp - 'a';
572 pwp++;
573 position = myrandom()%row_sums[i];
574 for (row_position = 0, j = 0; position >= row_position; row_position += frequency[i][j], j++)
575 continue;
576 *pwp = j + 'a' - 1;
577 }
578 *(++pwp)='\0';
579 return;
580 }
581 putchar('\n');
582 }
583}
584
585long myrandom()
586{
587 static int init = 0;
588 int pid;
589#ifdef _WIN32
590 struct _timeb timebuffer;
591#else
592 struct timeval tv;
593#endif
594
595 if (!init)
596 {
597 init = 1;
598 pid = getpid();
599#ifdef _WIN32
600 _ftime(&timebuffer);
601 srand(timebuffer.time ^ timebuffer.millitm ^ pid);
602#else
603 gettimeofday(&tv, (struct timezone *) NULL);
604 srandom(tv.tv_sec ^ tv.tv_usec ^ pid);
605#endif
606 }
607 return (rand());
608}
609
610int get_krb5_error(krb5_error_code rc, char *in, char *out)
611{
612 int krb5Error;
613 int retval;
614
615 retval = 1;
616
617 if (rc < 0)
618 {
619 krb5Error = ((int)(rc & 255));
620 sprintf(out, "%s: %s(%ld)", in, error_message(rc), krb5Error);
621 }
622 else
623 {
624 switch (rc)
625 {
626 case KDC_RECEIVE_TIMEOUT:
627 {
628 retval = 0;
629 sprintf(out, "%s: %s(%d)", in, "Receive timeout", rc);
630 break;
631 }
632 case KDC_RECEIVE_ERROR:
633 {
634 retval = 0;
635 sprintf(out, "%s: %s(%d)", in, "Receive error", rc);
636 break;
637 }
638 case KRB5_KPASSWD_MALFORMED:
639 {
640 sprintf(out, "%s: %s(%d)", in, "malformed password", rc);
641 break;
642 }
643 case KRB5_KPASSWD_HARDERROR:
644 {
645 sprintf(out, "%s: %s(%d)", in, "hard error", rc);
646 break;
647 }
648 case KRB5_KPASSWD_AUTHERROR:
649 {
650 retval = 0;
651 sprintf(out, "%s: %s(%d)", in, "authentication error", rc);
652 break;
653 }
654 case KRB5_KPASSWD_SOFTERROR:
655 {
656 retval = 0;
657 sprintf(out, "%s: %s(%d)", in, "soft error", rc);
658 break;
659 }
660 case KRB5_KPASSWD_ACCESSDENIED:
661 {
662 sprintf(out, "%s: %s(%d)", in, "Access denied", rc);
663 break;
664 }
665 case KDC_SEND_ERROR:
666 {
667 retval = 0;
668 sprintf(out, "%s: %s(%d)", in, "Send error", rc);
669 break;
670 }
671 case KDC_GETSOCKNAME_ERROR:
672 {
673 retval = 0;
674 sprintf(out, "%s: %s(%d)", in, "Socket error - getsockname", rc);
675 break;
676 }
677 case KDC_GETPEERNAME_ERROR:
678 {
679 retval = 0;
680 sprintf(out, "%s: %s(%d)", in, "Socket error - getpeername", rc);
681 break;
682 }
683 default:
684 {
685 sprintf(out, "%s: %s(%d)", in, "unknown error", rc);
686 break;
687 }
688 }
689 }
690 return(retval);
691}
692
693int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
694 char *Win2kPassword, char *Win2kUser, char *default_server,
695 int connect_to_kdc, char **ServerList, char *ldap_realm,
696 char *ldap_port)
697{
698 int i;
699 int k;
700 int Count;
701 char *server_name[MAX_SERVER_NAMES];
702 static char temp[128];
703 ULONG version = LDAP_VERSION3;
704 ULONG rc;
705 int Max_wait_time = 1000;
706 int Max_size_limit = LDAP_NO_LIMIT;
707
708 if (strlen(ldap_domain) == 0)
709 return(1);
710
711 if (strlen(ldap_port) == 0)
712 return(1);
713
714 convert_domain_to_dn(ldap_domain, dn_path);
715 if (strlen(dn_path) == 0)
716 return(1);
717
718 Count = 0;
719 while (ServerList[Count] != NULL)
720 ++Count;
721
722 if ((Count == 0) && (connect_to_kdc))
723 return(1);
724
725 for (i = 0; i < Count; i++)
726 {
727 if (ServerList[i] == NULL)
728 continue;
729
730 if (((*ldap_handle) = ldap_open(ServerList[i], atoi(ldap_port))) != NULL)
731 {
732 rc = ldap_set_option((*ldap_handle), LDAP_OPT_PROTOCOL_VERSION,
733 &version);
734 rc = ldap_set_option((*ldap_handle), LDAP_OPT_TIMELIMIT,
735 (void *)&Max_wait_time);
736 rc = ldap_set_option((*ldap_handle), LDAP_OPT_SIZELIMIT,
737 (void *)&Max_size_limit);
738 rc = ldap_set_option((*ldap_handle), LDAP_OPT_REFERRALS,
739 LDAP_OPT_OFF);
740 rc = ldap_adgssapi_bind((*ldap_handle), "",
741 GSSSASL_NO_SECURITY_LAYER, ldap_domain,
742 ldap_realm, ServerList[i]);
743 if (rc == LDAP_SUCCESS)
744 {
745 if (connect_to_kdc)
746 {
747 if (!ad_server_connect(ServerList[i], ldap_domain))
748 {
749 ldap_unbind_s((*ldap_handle));
750 (*ldap_handle) = NULL;
751 continue;
752 }
753 }
754 if (strlen(default_server) == 0)
755 strcpy(default_server, ServerList[i]);
756 strcpy(connected_server, ServerList[i]);
757 break;
758 }
759 else
760 {
761 (*ldap_handle) = NULL;
762 }
763 }
764 }
765 if ((*ldap_handle) == NULL)
766 return(1);
767 return(0);
768}
769
770int ad_server_connect(char *connectedServer, char *domain)
771{
772 krb5_error_code rc;
773 krb5_creds creds;
774 krb5_creds *credsp;
775 char temp[256];
776 char userrealm[256];
777 int i;
778 unsigned short port = KDC_PORT;
779
780 context = NULL;
781 credsp = NULL;
782 memset(&ccache, 0, sizeof(ccache));
783 memset(&creds, 0, sizeof(creds));
784 memset(userrealm, '\0', sizeof(userrealm));
785
786 rc = 0;
787 if (krb5_init_context(&context))
788 goto cleanup;
789 if (krb5_cc_default(context, &ccache))
790 goto cleanup;
791
792 for (i = 0; i < (int)strlen(domain); i++)
793 userrealm[i] = toupper(domain[i]);
794 sprintf(temp, "%s@%s", "kadmin/changepw", userrealm);
795 if (krb5_parse_name(context, temp, &creds.server))
796 goto cleanup;
797 if (krb5_cc_get_principal(context, ccache, &creds.client))
798 goto cleanup;
799 if (krb5_get_credentials(context, 0, ccache, &creds, &credsp))
800 goto cleanup;
801
802 rc = ad_kdc_connect(connectedServer);
803
804
805cleanup:
806 if (!rc)
807 {
808 krb5_cc_close(context, ccache);
809 krb5_free_context(context);
810 }
811 krb5_free_cred_contents(context, &creds);
812 if (credsp != NULL)
813 krb5_free_creds(context, credsp);
814 return(rc);
815}
816
817
818int ad_kdc_connect(char *connectedServer)
819{
820 struct hostent *hp;
821 int rc;
822
823 rc = 0;
824 hp = gethostbyname(connectedServer);
825 if (hp == NULL)
826 goto cleanup;
827 memset(&kdc_server, 0, sizeof(kdc_server));
828 memcpy(&(kdc_server.sin_addr),hp->h_addr_list[0],hp->h_length);
829 kdc_server.sin_family = hp->h_addrtype;
830 kdc_server.sin_port = htons(KDC_PORT);
831
832 if ((kdc_socket = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET)
833 goto cleanup;
834 if (connect(kdc_socket, (struct sockaddr*)&kdc_server, sizeof(kdc_server)) == SOCKET_ERROR)
835 goto cleanup;
836 rc = 1;
837
838cleanup:
839 return(rc);
840}
841
842void ad_kdc_disconnect()
843{
844
845 if (auth_context != NULL)
846 {
847 krb5_auth_con_free(context, auth_context);
848 if (ap_req.data != NULL)
849 free(ap_req.data);
850 krb5_free_cred_contents(context, &creds);
851 if (credsp != NULL)
852 krb5_free_creds(context, credsp);
853 }
854 credsp = NULL;
855 auth_context = NULL;
856 if (context != NULL)
857 {
858 krb5_cc_close(context, ccache);
859 krb5_free_context(context);
860 }
861 closesocket(kdc_socket);
862
863}
864
865int convert_domain_to_dn(char *domain, char *dnp)
866{
867 char *fp;
868 char *dp;
869 char dn[512];
870
871 memset(dn, '\0', sizeof(dn));
872 strcpy(dn, "dc=");
873 dp = dn+3;
874 for (fp = domain; *fp; fp++)
875 {
876 if (*fp == '.')
877 {
878 strcpy(dp, ",dc=");
879 dp += 4;
880 }
881 else
882 *dp++ = *fp;
883 }
884
885 strcpy(dnp, dn);
886 return 0;
887}
888
889int compare_elements(const void *arg1, const void *arg2)
890{
891 int rc;
892
893 rc = strcmp((char*)arg1, (char*)arg2);
894 if (rc < 0)
895 return(1);
896 if (rc > 0)
897 return(-1);
898 return(rc);
899}
Moira, the Athena Service Management system
This page took 3.590846 seconds and 5 git commands to generate.