3 THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
4 ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
5 TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
8 Copyright (C) 1999 Microsoft Corporation. All rights reserved.
16 Set a user's password using the
17 Kerberos Change Password Protocol (I-D) variant for Windows 2000
21 * lib/krb5/os/changepw.c
23 * Copyright 1990 by the Massachusetts Institute of Technology.
24 * All Rights Reserved.
26 * Export of this software from the United States of America may
27 * require a specific license from the United States Government.
28 * It is the responsibility of any person or organization contemplating
29 * export to obtain such a license before exporting.
31 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
32 * distribute this software and its documentation for any purpose and
33 * without fee is hereby granted, provided that the above copyright
34 * notice appear in all copies and that both that copyright notice and
35 * this permission notice appear in supporting documentation, and that
36 * the name of M.I.T. not be used in advertising or publicity pertaining
37 * to distribution of the software without specific, written prior
38 * permission. M.I.T. makes no representations about the suitability of
39 * this software for any purpose. It is provided "as is" without express
40 * or implied warranty.
56 #include <sys/socket.h>
58 #include <sys/select.h>
64 #include <sys/timeb.h>
69 #ifndef krb5_is_krb_error
70 #define krb5_is_krb_error(dat)\
71 ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
72 (dat)->data[0] == 0x5e))
76 #if defined(_WIN32) && !defined(__CYGWIN32__)
78 #define ECONNABORTED WSAECONNABORTED
81 #define ECONNREFUSED WSAECONNREFUSED
84 #define EHOSTUNREACH WSAEHOSTUNREACH
86 #endif /* _WIN32 && !__CYGWIN32__ */
88 static const char rcsid[] = "$Id$";
90 static int frequency[26][26] =
91 { {4, 20, 28, 52, 2, 11, 28, 4, 32, 4, 6, 62, 23, 167, 2, 14, 0, 83, 76,
92 127, 7, 25, 8, 1, 9, 1}, /* aa - az */
93 {13, 0, 0, 0, 55, 0, 0, 0, 8, 2, 0, 22, 0, 0, 11, 0, 0, 15, 4, 2, 13, 0,
94 0, 0, 15, 0}, /* ba - bz */
95 {32, 0, 7, 1, 69, 0, 0, 33, 17, 0, 10, 9, 1, 0, 50, 3, 0, 10, 0, 28, 11,
96 0, 0, 0, 3, 0}, /* ca - cz */
97 {40, 16, 9, 5, 65, 18, 3, 9, 56, 0, 1, 4, 15, 6, 16, 4, 0, 21, 18, 53,
98 19, 5, 15, 0, 3, 0}, /* da - dz */
99 {84, 20, 55, 125, 51, 40, 19, 16, 50, 1, 4, 55, 54, 146, 35, 37, 6, 191,
100 149, 65, 9, 26, 21, 12, 5, 0}, /* ea - ez */
101 {19, 3, 5, 1, 19, 21, 1, 3, 30, 2, 0, 11, 1, 0, 51, 0, 0, 26, 8, 47, 6,
102 3, 3, 0, 2, 0}, /* fa - fz */
103 {20, 4, 3, 2, 35, 1, 3, 15, 18, 0, 0, 5, 1, 4, 21, 1, 1, 20, 9, 21, 9,
104 0, 5, 0, 1, 0}, /* ga - gz */
105 {101, 1, 3, 0, 270, 5, 1, 6, 57, 0, 0, 0, 3, 2, 44, 1, 0, 3, 10, 18, 6,
106 0, 5, 0, 3, 0}, /* ha - hz */
107 {40, 7, 51, 23, 25, 9, 11, 3, 0, 0, 2, 38, 25, 202, 56, 12, 1, 46, 79,
108 117, 1, 22, 0, 4, 0, 3}, /* ia - iz */
109 {3, 0, 0, 0, 5, 0, 0, 0, 1, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 3, 0, 0, 0,
111 {1, 0, 0, 0, 11, 0, 0, 0, 13, 0, 0, 0, 0, 2, 0, 0, 0, 0, 6, 2, 1, 0, 2,
112 0, 1, 0}, /* ka - kz */
113 {44, 2, 5, 12, 62, 7, 5, 2, 42, 1, 1, 53, 2, 2, 25, 1, 1, 2, 16, 23, 9,
114 0, 1, 0, 33, 0}, /* la - lz */
115 {52, 14, 1, 0, 64, 0, 0, 3, 37, 0, 0, 0, 7, 1, 17, 18, 1, 2, 12, 3, 8,
116 0, 1, 0, 2, 0}, /* ma - mz */
117 {42, 10, 47, 122, 63, 19, 106, 12, 30, 1, 6, 6, 9, 7, 54, 7, 1, 7, 44,
118 124, 6, 1, 15, 0, 12, 0}, /* na - nz */
119 {7, 12, 14, 17, 5, 95, 3, 5, 14, 0, 0, 19, 41, 134, 13, 23, 0, 91, 23,
120 42, 55, 16, 28, 0, 4, 1}, /* oa - oz */
121 {19, 1, 0, 0, 37, 0, 0, 4, 8, 0, 0, 15, 1, 0, 27, 9, 0, 33, 14, 7, 6, 0,
122 0, 0, 0, 0}, /* pa - pz */
123 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 17, 0, 0,
124 0, 0, 0}, /* qa - qz */
125 {83, 8, 16, 23, 169, 4, 8, 8, 77, 1, 10, 5, 26, 16, 60, 4, 0, 24, 37,
126 55, 6, 11, 4, 0, 28, 0}, /* ra - rz */
127 {65, 9, 17, 9, 73, 13, 1, 47, 75, 3, 0, 7, 11, 12, 56, 17, 6, 9, 48,
128 116, 35, 1, 28, 0, 4, 0}, /* sa - sz */
129 {57, 22, 3, 1, 76, 5, 2, 330, 126, 1, 0, 14, 10, 6, 79, 7, 0, 49, 50,
130 56, 21, 2, 27, 0, 24, 0}, /* ta - tz */
131 {11, 5, 9, 6, 9, 1, 6, 0, 9, 0, 1, 19, 5, 31, 1, 15, 0, 47, 39, 31, 0,
132 3, 0, 0, 0, 0}, /* ua - uz */
133 {7, 0, 0, 0, 72, 0, 0, 0, 28, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0,
134 0, 3, 0}, /* va - vz */
135 {36, 1, 1, 0, 38, 0, 0, 33, 36, 0, 0, 4, 1, 8, 15, 0, 0, 0, 4, 2, 0, 0,
136 1, 0, 0, 0}, /* wa - wz */
137 {1, 0, 2, 0, 0, 1, 0, 0, 3, 0, 0, 0, 0, 0, 1, 5, 0, 0, 0, 3, 0, 0, 1, 0,
139 {14, 5, 4, 2, 7, 12, 12, 6, 10, 0, 0, 3, 7, 5, 17, 3, 0, 4, 16, 30, 0,
140 0, 5, 0, 0, 0}, /* ya - yz */
141 {1, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
142 0, 0}}; /* za - zz */
145 * This MUST be equal to the sum of the equivalent rows above.
148 static int row_sums[26] =
149 {796,160,284,401,1276,262,199,539,777,
150 16,39,351,243,751,662,181,17,683,
151 662,968,248,115,180,17,162,5};
154 * Frequencies of starting characters
157 static int start_freq [26] =
158 {1299,425,725,271,375,470,93,223,1009,
159 24,20,355,379,319,823,618,21,317,
160 962,1991,271,104,516,6,16,14};
163 * This MUST be equal to the sum of all elements in the above array.
165 static int total_sum = 11646;
168 void generate_password(char *password);
169 int set_password(char *user, char *domain);
170 krb5_error_code encode_krb5_setpw
171 PROTOTYPE((const krb5_setpw *rep, krb5_data ** code));
173 krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
174 struct sockaddr **addr_pp, int *naddrs);
176 krb5_error_code krb5_mk_setpw_req(krb5_context context, krb5_auth_context auth_context,
177 krb5_data *ap_req, krb5_principal targprinc,
178 char *passwd, krb5_data *packet)
183 krb5_data *encoded_setpw;
184 krb5_replay_data replay;
186 register int count = 2;
188 memset (&setpw, 0, sizeof(krb5_setpw));
189 if (ret = krb5_auth_con_setflags(context, auth_context,
190 KRB5_AUTH_CONTEXT_DO_SEQUENCE))
192 setpw.targprinc = targprinc;
193 setpw.newpasswd.length = strlen(passwd);
194 setpw.newpasswd.data = passwd;
195 if ((ret = encode_krb5_setpw(&setpw, &encoded_setpw)))
197 if (ret = krb5_mk_priv(context, auth_context,
198 encoded_setpw, &cipherpw, &replay))
200 packet->length = 6 + ap_req->length + cipherpw.length;
201 packet->data = (char *) malloc(packet->length);
204 *ptr++ = (packet->length>>8) & 0xff;
205 *ptr++ = packet->length & 0xff;
209 /* ap_req length, big-endian */
210 *ptr++ = (ap_req->length>>8) & 0xff;
211 *ptr++ = ap_req->length & 0xff;
213 memcpy(ptr, ap_req->data, ap_req->length);
214 ptr += ap_req->length;
215 /* krb-priv of password */
216 memcpy(ptr, cipherpw.data, cipherpw.length);
220 krb5_error_code krb5_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context,
221 krb5_data *packet, int *result_code,
222 krb5_data *result_data)
229 krb5_data cipherresult;
230 krb5_data clearresult;
231 krb5_error *krberror;
232 krb5_replay_data replay;
234 krb5_ap_rep_enc_part *ap_rep_enc;
236 if (packet->length < 4)
237 return(KRB5KRB_AP_ERR_MODIFIED);
239 if (krb5_is_krb_error(packet))
241 ret = decode_krb5_error(packet, &krberror);
244 ret = krberror->error;
245 krb5_free_error(context, krberror);
249 plen = (*ptr++ & 0xff);
250 plen = (plen<<8) | (*ptr++ & 0xff);
251 if (plen != packet->length)
252 return(KRB5KRB_AP_ERR_MODIFIED);
253 vno = (*ptr++ & 0xff);
254 vno = (vno<<8) | (*ptr++ & 0xff);
255 if (vno != KRB5_KPASSWD_VERS_SETPW && vno != KRB5_KPASSWD_VERS_CHANGEPW)
256 return(KRB5KDC_ERR_BAD_PVNO);
257 /* read, check ap-rep length */
258 ap_rep.length = (*ptr++ & 0xff);
259 ap_rep.length = (ap_rep.length<<8) | (*ptr++ & 0xff);
260 if (ptr + ap_rep.length >= packet->data + packet->length)
261 return(KRB5KRB_AP_ERR_MODIFIED);
266 ptr += ap_rep.length;
267 if (ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc))
269 krb5_free_ap_rep_enc_part(context, ap_rep_enc);
270 /* extract and decrypt the result */
271 cipherresult.data = ptr;
272 cipherresult.length = (packet->data + packet->length) - ptr;
273 /* XXX there's no api to do this right. The problem is that
274 if there's a remote subkey, it will be used. This is
275 not what the spec requires */
276 tmp = auth_context->remote_subkey;
277 auth_context->remote_subkey = NULL;
278 ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
280 auth_context->remote_subkey = tmp;
286 cipherresult.data = ptr;
287 cipherresult.length = (packet->data + packet->length) - ptr;
288 if (ret = krb5_rd_error(context, &cipherresult, &krberror))
290 clearresult = krberror->e_data;
292 if (clearresult.length < 2)
294 ret = KRB5KRB_AP_ERR_MODIFIED;
297 ptr = clearresult.data;
298 *result_code = (*ptr++ & 0xff);
299 *result_code = (*result_code<<8) | (*ptr++ & 0xff);
300 if ((*result_code < KRB5_KPASSWD_SUCCESS) ||
301 (*result_code > KRB5_KPASSWD_ACCESSDENIED))
303 ret = KRB5KRB_AP_ERR_MODIFIED;
306 /* all success replies should be authenticated/encrypted */
307 if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS))
309 ret = KRB5KRB_AP_ERR_MODIFIED;
312 result_data->length = (clearresult.data + clearresult.length) - ptr;
313 if (result_data->length)
315 result_data->data = (char *) malloc(result_data->length);
316 memcpy(result_data->data, ptr, result_data->length);
319 result_data->data = NULL;
323 free(clearresult.data);
325 krb5_free_error(context, krberror);
329 krb5_error_code krb5_set_password(krb5_context context, krb5_ccache ccache,
330 char *newpw, char *user, char *domain,
333 krb5_auth_context auth_context;
337 krb5_data result_string;
338 krb5_address local_kaddr;
339 krb5_address remote_kaddr;
342 krb5_error_code code;
345 struct sockaddr *addr_p;
346 struct sockaddr local_addr;
347 struct sockaddr remote_addr;
348 struct sockaddr tmp_addr;
355 int local_result_code;
358 krb5_principal targprinc;
365 memset(&local_addr, 0, sizeof(local_addr));
366 memset(&local_kaddr, 0, sizeof(local_kaddr));
367 memset(&result_string, 0, sizeof(result_string));
368 memset(&remote_kaddr, 0, sizeof(remote_kaddr));
369 memset(&chpw_req, 0, sizeof(krb5_data));
370 memset(&chpw_rep, 0, sizeof(krb5_data));
371 memset(&ap_req, 0, sizeof(krb5_data));
373 memset(&creds, 0, sizeof(creds));
374 memset(userrealm, '\0', sizeof(userrealm));
376 for (i = 0; i < (int)strlen(domain); i++)
377 userrealm[i] = toupper(domain[i]);
379 sprintf(temp, "%s@%s", user, userrealm);
380 krb5_parse_name(context, temp, &targprinc);
382 sprintf(temp, "%s@%s", "kadmin/changepw", userrealm);
383 if (code = krb5_parse_name(context, temp, &creds.server))
386 if (code = krb5_cc_get_principal(context, ccache, &creds.client))
388 if (code = krb5_get_credentials(context, 0, ccache, &creds, &credsp))
390 if (code = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
391 NULL, credsp, &ap_req))
393 if (code = krb5_locate_kpasswd(context, &targprinc->realm, &addr_p, &out))
396 { /* Couldn't resolve any KPASSWD names */
401 if ((s1 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET)
406 if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET)
413 for (i=0; i<out; i++)
415 if (connect(s2, &addr_p[i], sizeof(addr_p[i])) == SOCKET_ERROR)
417 addrlen = sizeof(local_addr);
418 if (getsockname(s2, &local_addr, &addrlen) < 0)
420 if (((struct sockaddr_in *)&local_addr)->sin_addr.s_addr != 0)
423 local_kaddr.addrtype = ADDRTYPE_INET;
425 sizeof(((struct sockaddr_in *) &local_addr)->sin_addr);
426 local_kaddr.contents =
427 (char *) &(((struct sockaddr_in *) &local_addr)->sin_addr);
431 krb5_address **addrs;
432 krb5_os_localaddr(context, &addrs);
433 local_kaddr.magic = addrs[0]->magic;
434 local_kaddr.addrtype = addrs[0]->addrtype;
435 local_kaddr.length = addrs[0]->length;
436 local_kaddr.contents = calloc(1, addrs[0]->length);
437 memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
438 krb5_free_addresses(context, addrs);
441 addrlen = sizeof(remote_addr);
442 if (getpeername(s2, &remote_addr, &addrlen) < 0)
444 remote_kaddr.addrtype = ADDRTYPE_INET;
445 remote_kaddr.length =
446 sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr);
447 remote_kaddr.contents =
448 (char *) &(((struct sockaddr_in *) &remote_addr)->sin_addr);
450 if (code = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL))
452 if (code = krb5_mk_setpw_req(context, auth_context, &ap_req,
453 targprinc, newpw, &chpw_req))
456 if ((cc = sendto(s1, chpw_req.data, chpw_req.length, 0,
457 (struct sockaddr *) &addr_p[i],
458 sizeof(addr_p[i]))) != chpw_req.length)
461 if (chpw_req.data != NULL)
463 chpw_rep.length = 1500;
464 chpw_rep.data = (char *) calloc(1, chpw_rep.length);
466 tmp_len = sizeof(tmp_addr);
470 cc = recvfrom(s1, chpw_rep.data, chpw_rep.length, MSG_PEEK,
471 &tmp_addr, &tmp_len);
472 if ((last_count == cc) && (cc != 0))
477 if (last_count == -1)
483 if ((cc = recvfrom(s1, chpw_rep.data, chpw_rep.length, 0, &tmp_addr, &tmp_len)) < 0)
488 chpw_rep.length = cc;
489 if (code = krb5_auth_con_setaddrs(context, auth_context, NULL,
494 local_result_code = 0;
495 code = krb5_rd_setpw_rep(context, auth_context, &chpw_rep,
496 &local_result_code, &result_string);
498 if (local_result_code)
500 if (local_result_code == KRB5_KPASSWD_SOFTERROR)
501 local_result_code = KRB5_KPASSWD_SUCCESS;
502 *result_code = local_result_code;
504 if (chpw_rep.data != NULL)
514 if (auth_context != NULL)
515 krb5_auth_con_free(context, auth_context);
516 if (ap_req.data != NULL)
518 krb5_free_cred_contents(context, &creds);
520 krb5_free_creds(context, credsp);
521 if (targprinc != NULL)
522 krb5_free_principal(context, targprinc);
526 int set_password(char *user, char *domain)
528 krb5_context context;
531 krb5_error_code retval;
532 char pw[PW_LENGTH+1];
534 if (retval = krb5_init_context(&context))
536 if (retval = krb5_cc_default(context, &ccache))
539 memset(pw, '\0', sizeof(pw));
540 generate_password(pw);
542 retval = krb5_set_password(context, ccache, pw, user, domain, &res_code);
544 krb5_cc_close(context, ccache);
545 krb5_free_context(context);
551 void generate_password(char *password)
562 for (line = 22; line; --line)
564 for (word = 7; word; --word)
566 position = myrandom()%total_sum;
567 for(row_position = 0, j = 0; position >= row_position; row_position += start_freq[j], j++)
569 *(pwp = password) = j + 'a' - 1;
570 for (nchars = PW_LENGTH-1; nchars; --nchars)
574 position = myrandom()%row_sums[i];
575 for (row_position = 0, j = 0; position >= row_position; row_position += frequency[i][j], j++)
591 struct _timeb timebuffer;
602 srand(timebuffer.time ^ timebuffer.millitm ^ pid);
604 gettimeofday(&tv, (struct timezone *) NULL);
605 srandom(tv.tv_sec ^ tv.tv_usec ^ pid);