1 #define LDAP_AUTH_OTHERKIND 0x86L
2 #define LDAP_AUTH_NEGOTIATE (LDAP_AUTH_OTHERKIND | 0x0400)
5 THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
6 ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
7 TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
10 Copyright (C) 1999 Microsoft Corporation. All rights reserved.
18 Set a user's password using the
19 Kerberos Change Password Protocol (I-D) variant for Windows 2000
23 * lib/krb5/os/changepw.c
25 * Copyright 1990 by the Massachusetts Institute of Technology.
26 * All Rights Reserved.
28 * Export of this software from the United States of America may
29 * require a specific license from the United States Government.
30 * It is the responsibility of any person or organization contemplating
31 * export to obtain such a license before exporting.
33 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
34 * distribute this software and its documentation for any purpose and
35 * without fee is hereby granted, provided that the above copyright
36 * notice appear in all copies and that both that copyright notice and
37 * this permission notice appear in supporting documentation, and that
38 * the name of M.I.T. not be used in advertising or publicity pertaining
39 * to distribution of the software without specific, written prior
40 * permission. M.I.T. makes no representations about the suitability of
41 * this software for any purpose. It is provided "as is" without express
42 * or implied warranty.
49 #include "port-sockets.h"
58 #include <sys/socket.h>
60 #include <sys/select.h>
66 #include <sys/timeb.h>
74 #define ULONG unsigned long
76 #ifndef krb5_is_krb_error
77 #define krb5_is_krb_error(dat)\
78 ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\
79 (dat)->data[0] == 0x5e))
83 extern krb5_error_code decode_krb5_error
84 (const krb5_data *output, krb5_error **rep);
85 #define sleep(Seconds) Sleep(Seconds * 1000)
86 #define gethostbyname(Server) rgethostbyname(Server)
90 #if defined(_WIN32) && !defined(__CYGWIN32__)
92 #define ECONNABORTED WSAECONNABORTED
95 #define ECONNREFUSED WSAECONNREFUSED
98 #define EHOSTUNREACH WSAEHOSTUNREACH
100 #endif /* _WIN32 && !__CYGWIN32__ */
102 static const char rcsid[] = "$Id$";
104 static int frequency[26][26] =
105 { {4, 20, 28, 52, 2, 11, 28, 4, 32, 4, 6, 62, 23, 167, 2, 14, 0, 83, 76,
106 127, 7, 25, 8, 1, 9, 1}, /* aa - az */
107 {13, 0, 0, 0, 55, 0, 0, 0, 8, 2, 0, 22, 0, 0, 11, 0, 0, 15, 4, 2, 13, 0,
108 0, 0, 15, 0}, /* ba - bz */
109 {32, 0, 7, 1, 69, 0, 0, 33, 17, 0, 10, 9, 1, 0, 50, 3, 0, 10, 0, 28, 11,
110 0, 0, 0, 3, 0}, /* ca - cz */
111 {40, 16, 9, 5, 65, 18, 3, 9, 56, 0, 1, 4, 15, 6, 16, 4, 0, 21, 18, 53,
112 19, 5, 15, 0, 3, 0}, /* da - dz */
113 {84, 20, 55, 125, 51, 40, 19, 16, 50, 1, 4, 55, 54, 146, 35, 37, 6, 191,
114 149, 65, 9, 26, 21, 12, 5, 0}, /* ea - ez */
115 {19, 3, 5, 1, 19, 21, 1, 3, 30, 2, 0, 11, 1, 0, 51, 0, 0, 26, 8, 47, 6,
116 3, 3, 0, 2, 0}, /* fa - fz */
117 {20, 4, 3, 2, 35, 1, 3, 15, 18, 0, 0, 5, 1, 4, 21, 1, 1, 20, 9, 21, 9,
118 0, 5, 0, 1, 0}, /* ga - gz */
119 {101, 1, 3, 0, 270, 5, 1, 6, 57, 0, 0, 0, 3, 2, 44, 1, 0, 3, 10, 18, 6,
120 0, 5, 0, 3, 0}, /* ha - hz */
121 {40, 7, 51, 23, 25, 9, 11, 3, 0, 0, 2, 38, 25, 202, 56, 12, 1, 46, 79,
122 117, 1, 22, 0, 4, 0, 3}, /* ia - iz */
123 {3, 0, 0, 0, 5, 0, 0, 0, 1, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 3, 0, 0, 0,
125 {1, 0, 0, 0, 11, 0, 0, 0, 13, 0, 0, 0, 0, 2, 0, 0, 0, 0, 6, 2, 1, 0, 2,
126 0, 1, 0}, /* ka - kz */
127 {44, 2, 5, 12, 62, 7, 5, 2, 42, 1, 1, 53, 2, 2, 25, 1, 1, 2, 16, 23, 9,
128 0, 1, 0, 33, 0}, /* la - lz */
129 {52, 14, 1, 0, 64, 0, 0, 3, 37, 0, 0, 0, 7, 1, 17, 18, 1, 2, 12, 3, 8,
130 0, 1, 0, 2, 0}, /* ma - mz */
131 {42, 10, 47, 122, 63, 19, 106, 12, 30, 1, 6, 6, 9, 7, 54, 7, 1, 7, 44,
132 124, 6, 1, 15, 0, 12, 0}, /* na - nz */
133 {7, 12, 14, 17, 5, 95, 3, 5, 14, 0, 0, 19, 41, 134, 13, 23, 0, 91, 23,
134 42, 55, 16, 28, 0, 4, 1}, /* oa - oz */
135 {19, 1, 0, 0, 37, 0, 0, 4, 8, 0, 0, 15, 1, 0, 27, 9, 0, 33, 14, 7, 6, 0,
136 0, 0, 0, 0}, /* pa - pz */
137 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 17, 0, 0,
138 0, 0, 0}, /* qa - qz */
139 {83, 8, 16, 23, 169, 4, 8, 8, 77, 1, 10, 5, 26, 16, 60, 4, 0, 24, 37,
140 55, 6, 11, 4, 0, 28, 0}, /* ra - rz */
141 {65, 9, 17, 9, 73, 13, 1, 47, 75, 3, 0, 7, 11, 12, 56, 17, 6, 9, 48,
142 116, 35, 1, 28, 0, 4, 0}, /* sa - sz */
143 {57, 22, 3, 1, 76, 5, 2, 330, 126, 1, 0, 14, 10, 6, 79, 7, 0, 49, 50,
144 56, 21, 2, 27, 0, 24, 0}, /* ta - tz */
145 {11, 5, 9, 6, 9, 1, 6, 0, 9, 0, 1, 19, 5, 31, 1, 15, 0, 47, 39, 31, 0,
146 3, 0, 0, 0, 0}, /* ua - uz */
147 {7, 0, 0, 0, 72, 0, 0, 0, 28, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0,
148 0, 3, 0}, /* va - vz */
149 {36, 1, 1, 0, 38, 0, 0, 33, 36, 0, 0, 4, 1, 8, 15, 0, 0, 0, 4, 2, 0, 0,
150 1, 0, 0, 0}, /* wa - wz */
151 {1, 0, 2, 0, 0, 1, 0, 0, 3, 0, 0, 0, 0, 0, 1, 5, 0, 0, 0, 3, 0, 0, 1, 0,
153 {14, 5, 4, 2, 7, 12, 12, 6, 10, 0, 0, 3, 7, 5, 17, 3, 0, 4, 16, 30, 0,
154 0, 5, 0, 0, 0}, /* ya - yz */
155 {1, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
156 0, 0}}; /* za - zz */
159 * This MUST be equal to the sum of the equivalent rows above.
162 static int row_sums[26] =
163 {796,160,284,401,1276,262,199,539,777,
164 16,39,351,243,751,662,181,17,683,
165 662,968,248,115,180,17,162,5};
168 * Frequencies of starting characters
171 static int start_freq [26] =
172 {1299,425,725,271,375,470,93,223,1009,
173 24,20,355,379,319,823,618,21,317,
174 962,1991,271,104,516,6,16,14};
177 * This MUST be equal to the sum of all elements in the above array.
180 struct sockaddr_in kdc_server;
182 krb5_context context;
184 krb5_auth_context auth_context = NULL;
186 krb5_creds *credsp = NULL;
188 char connected_server[128];
190 static int total_sum = 11646;
192 int get_krb5_error(krb5_error_code rc, char *in, char *out);
193 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
194 char *Win2kPassword, char *Win2kUser, char *default_server,
195 int connect_to_kdc, char **ServerList);
196 int ad_kdc_connect(char *connectedServer);
197 int ad_server_connect(char *connectedServer, char *domain);
198 void ad_kdc_disconnect();
199 int compare_elements(const void *arg1, const void *arg2);
200 int convert_domain_to_dn(char *domain, char *dnp);
201 int set_password(char *user, char *password, char *domain);
203 int locate_ldap_server(char *domain, char **server_name);
206 void generate_password(char *password);
209 krb5_error_code encode_krb5_setpw
210 PROTOTYPE((const krb5_setpw *rep, krb5_data ** code));
213 krb5_error_code make_setpw_req(krb5_context context, krb5_auth_context auth_context,
214 krb5_data *ap_req, krb5_principal targprinc,
215 char *passwd, krb5_data *packet)
220 krb5_data *encoded_setpw;
221 krb5_replay_data replay;
223 register int count = 2;
225 memset(&setpw, 0, sizeof(krb5_setpw));
226 if (ret = krb5_auth_con_setflags(context, auth_context,
227 KRB5_AUTH_CONTEXT_DO_SEQUENCE))
229 setpw.targprinc = targprinc;
230 setpw.newpasswd.length = strlen(passwd);
231 setpw.newpasswd.data = passwd;
232 if ((ret = encode_krb5_setpw(&setpw, &encoded_setpw)))
234 if (ret = krb5_mk_priv(context, auth_context,
235 encoded_setpw, &cipherpw, &replay))
237 packet->length = 6 + ap_req->length + cipherpw.length;
238 packet->data = (char *) malloc(packet->length);
241 *ptr++ = (packet->length>>8) & 0xff;
242 *ptr++ = packet->length & 0xff;
246 /* ap_req length, big-endian */
247 *ptr++ = (ap_req->length>>8) & 0xff;
248 *ptr++ = ap_req->length & 0xff;
250 memcpy(ptr, ap_req->data, ap_req->length);
251 ptr += ap_req->length;
252 /* krb-priv of password */
253 memcpy(ptr, cipherpw.data, cipherpw.length);
255 /* krb5_free_data_contents(context, &cipherpw);*/
256 krb5_free_data(context, encoded_setpw);
260 krb5_error_code get_setpw_rep(krb5_context context, krb5_auth_context auth_context,
261 krb5_data *packet, int *result_code,
262 krb5_data *result_data)
269 krb5_data cipherresult;
270 krb5_data clearresult;
271 krb5_error *krberror;
272 krb5_replay_data replay;
273 krb5_ap_rep_enc_part *ap_rep_enc;
275 if (packet->length < 4)
276 return(KRB5KRB_AP_ERR_MODIFIED);
278 if (krb5_is_krb_error(packet))
280 ret = decode_krb5_error(packet, &krberror);
283 ret = krberror->error;
284 krb5_free_error(context, krberror);
288 plen = (*ptr++ & 0xff);
289 plen = (plen<<8) | (*ptr++ & 0xff);
290 if (plen != (int)packet->length)
291 return(KRB5KRB_AP_ERR_MODIFIED);
292 vno = (*ptr++ & 0xff);
293 vno = (vno<<8) | (*ptr++ & 0xff);
294 if (vno != KRB5_KPASSWD_VERS_SETPW && vno != KRB5_KPASSWD_VERS_CHANGEPW)
295 return(KRB5KDC_ERR_BAD_PVNO);
296 /* read, check ap-rep length */
297 ap_rep.length = (*ptr++ & 0xff);
298 ap_rep.length = (ap_rep.length<<8) | (*ptr++ & 0xff);
299 if (ptr + ap_rep.length >= packet->data + packet->length)
300 return(KRB5KRB_AP_ERR_MODIFIED);
305 ptr += ap_rep.length;
306 if (ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc))
308 krb5_free_ap_rep_enc_part(context, ap_rep_enc);
309 /* extract and decrypt the result */
310 cipherresult.data = ptr;
311 cipherresult.length = (packet->data + packet->length) - ptr;
312 /* XXX there's no api to do this right. The problem is that
313 if there's a remote subkey, it will be used. This is
314 not what the spec requires */
315 ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
322 cipherresult.data = ptr;
323 cipherresult.length = (packet->data + packet->length) - ptr;
325 if (ret = krb5_rd_error(context, &cipherresult, &krberror))
328 clearresult = krberror->e_data;
330 if (clearresult.length < 2)
332 ret = KRB5KRB_AP_ERR_MODIFIED;
335 ptr = clearresult.data;
336 *result_code = (*ptr++ & 0xff);
337 *result_code = (*result_code<<8) | (*ptr++ & 0xff);
338 if ((*result_code < KRB5_KPASSWD_SUCCESS) ||
339 (*result_code > KRB5_KPASSWD_ACCESSDENIED))
341 ret = KRB5KRB_AP_ERR_MODIFIED;
344 /* all success replies should be authenticated/encrypted */
345 if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS))
347 ret = KRB5KRB_AP_ERR_MODIFIED;
350 result_data->length = (clearresult.data + clearresult.length) - ptr;
351 if (result_data->length)
353 result_data->data = (char *) malloc(result_data->length);
354 memcpy(result_data->data, ptr, result_data->length);
357 result_data->data = NULL;
361 free(clearresult.data);
363 krb5_free_error(context, krberror);
367 krb5_error_code kdc_set_password(krb5_context context, krb5_ccache ccache,
368 char *newpw, char *user, char *domain,
373 krb5_data result_string;
374 krb5_address local_kaddr;
375 krb5_address remote_kaddr;
378 krb5_error_code code;
379 struct sockaddr local_addr;
380 struct sockaddr remote_addr;
384 int local_result_code;
386 krb5_principal targprinc;
387 struct timeval TimeVal;
390 memset(&local_addr, 0, sizeof(local_addr));
391 memset(&local_kaddr, 0, sizeof(local_kaddr));
392 memset(&result_string, 0, sizeof(result_string));
393 memset(&remote_kaddr, 0, sizeof(remote_kaddr));
394 memset(&chpw_snd, 0, sizeof(krb5_data));
395 memset(&chpw_rcv, 0, sizeof(krb5_data));
396 memset(userrealm, '\0', sizeof(userrealm));
399 chpw_rcv.length = 1500;
400 chpw_rcv.data = (char *) calloc(1, chpw_rcv.length);
402 for (i = 0; i < (int)strlen(domain); i++)
403 userrealm[i] = toupper(domain[i]);
405 sprintf(temp, "%s@%s", user, userrealm);
406 krb5_parse_name(context, temp, &targprinc);
410 memset(&creds, 0, sizeof(creds));
411 memset(&ap_req, 0, sizeof(krb5_data));
412 sprintf(temp, "%s@%s", "kadmin/changepw", userrealm);
413 if (code = krb5_parse_name(context, temp, &creds.server))
415 if (code = krb5_cc_get_principal(context, ccache, &creds.client))
417 if (code = krb5_get_credentials(context, 0, ccache, &creds, &credsp))
419 if (code = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
420 NULL, credsp, &ap_req))
424 addrlen = sizeof(local_addr);
425 if (getsockname(kdc_socket, &local_addr, &addrlen) < 0)
427 code = KDC_GETSOCKNAME_ERROR;
430 if (((struct sockaddr_in *)&local_addr)->sin_addr.s_addr != 0)
432 local_kaddr.addrtype = ADDRTYPE_INET;
434 sizeof(((struct sockaddr_in *) &local_addr)->sin_addr);
435 local_kaddr.contents =
436 (char *) &(((struct sockaddr_in *) &local_addr)->sin_addr);
440 krb5_address **addrs;
441 krb5_os_localaddr(context, &addrs);
442 local_kaddr.magic = addrs[0]->magic;
443 local_kaddr.addrtype = addrs[0]->addrtype;
444 local_kaddr.length = addrs[0]->length;
445 local_kaddr.contents = calloc(1, addrs[0]->length);
446 memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
447 krb5_free_addresses(context, addrs);
450 addrlen = sizeof(remote_addr);
451 if (getpeername(kdc_socket, &remote_addr, &addrlen) < 0)
453 code = KDC_GETPEERNAME_ERROR;
456 remote_kaddr.addrtype = ADDRTYPE_INET;
457 remote_kaddr.length = sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr);
458 remote_kaddr.contents = (char *) &(((struct sockaddr_in *) &remote_addr)->sin_addr);
460 if (code = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL))
462 if (code = make_setpw_req(context, auth_context, &ap_req,
463 targprinc, newpw, &chpw_snd))
466 for (i = 0; i < 3; i++)
468 if ((cc = sendto(kdc_socket, chpw_snd.data, chpw_snd.length, 0,
470 0)) != (int)chpw_snd.length)
472 code = KDC_SEND_ERROR;
480 FD_SET(kdc_socket, &readfds);
481 nfds = kdc_socket + 1;
482 code = select(nfds, &readfds, NULL, NULL, &TimeVal);
483 if ((code == 0) || (code == SOCKET_ERROR))
485 code = KDC_RECEIVE_TIMEOUT;
490 if ((cc = recvfrom(kdc_socket, chpw_rcv.data, chpw_rcv.length, 0,
493 code = KDC_RECEIVE_TIMEOUT;
497 chpw_rcv.length = cc;
498 if (code = krb5_auth_con_setaddrs(context, auth_context, NULL, &remote_kaddr))
503 local_result_code = 0;
504 code = get_setpw_rep(context, auth_context, &chpw_rcv,
505 &local_result_code, &result_string);
507 if (local_result_code)
509 if (local_result_code == KRB5_KPASSWD_SOFTERROR)
510 local_result_code = KRB5_KPASSWD_SUCCESS;
511 *result_code = local_result_code;
513 if ((code == 0) && (local_result_code == 0))
519 if (chpw_snd.data != NULL)
521 if (chpw_rcv.data != NULL)
523 if (targprinc != NULL)
524 krb5_free_principal(context, targprinc);
528 int set_password(char *user, char *password, char *domain)
531 krb5_error_code retval;
532 char pw[PW_LENGTH+1];
534 memset(pw, '\0', sizeof(pw));
535 if (strlen(password) != 0)
536 strcpy(pw, password);
538 generate_password(pw);
540 retval = kdc_set_password(context, ccache, pw, user, domain, &res_code);
547 void generate_password(char *password)
558 for (line = 22; line; --line)
560 for (word = 7; word; --word)
562 position = myrandom()%total_sum;
563 for(row_position = 0, j = 0; position >= row_position; row_position += start_freq[j], j++)
565 *(pwp = password) = j + 'a' - 1;
566 for (nchars = PW_LENGTH-1; nchars; --nchars)
570 position = myrandom()%row_sums[i];
571 for (row_position = 0, j = 0; position >= row_position; row_position += frequency[i][j], j++)
587 struct _timeb timebuffer;
598 srand(timebuffer.time ^ timebuffer.millitm ^ pid);
600 gettimeofday(&tv, (struct timezone *) NULL);
601 srandom(tv.tv_sec ^ tv.tv_usec ^ pid);
607 int get_krb5_error(krb5_error_code rc, char *in, char *out)
616 krb5Error = ((int)(rc & 255));
617 sprintf(out, "%s: %s(%ld)", in, error_message(rc), krb5Error);
623 case KDC_RECEIVE_TIMEOUT:
626 sprintf(out, "%s: %s(%d)", in, "Receive timeout", rc);
629 case KDC_RECEIVE_ERROR:
632 sprintf(out, "%s: %s(%d)", in, "Receive error", rc);
635 case KRB5_KPASSWD_MALFORMED:
637 sprintf(out, "%s: %s(%d)", in, "malformed password", rc);
640 case KRB5_KPASSWD_HARDERROR:
642 sprintf(out, "%s: %s(%d)", in, "hard error", rc);
645 case KRB5_KPASSWD_AUTHERROR:
648 sprintf(out, "%s: %s(%d)", in, "authentication error", rc);
651 case KRB5_KPASSWD_SOFTERROR:
654 sprintf(out, "%s: %s(%d)", in, "soft error", rc);
657 case KRB5_KPASSWD_ACCESSDENIED:
659 sprintf(out, "%s: %s(%d)", in, "Access denied", rc);
665 sprintf(out, "%s: %s(%d)", in, "Send error", rc);
668 case KDC_GETSOCKNAME_ERROR:
671 sprintf(out, "%s: %s(%d)", in, "Socket error - getsockname", rc);
674 case KDC_GETPEERNAME_ERROR:
677 sprintf(out, "%s: %s(%d)", in, "Socket error - getpeername", rc);
682 sprintf(out, "%s: %s(%d)", in, "unknown error", rc);
690 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
691 char *Win2kPassword, char *Win2kUser, char *default_server,
692 int connect_to_kdc, char **ServerList)
697 char *server_name[MAX_SERVER_NAMES];
698 static char temp[128];
699 ULONG version = LDAP_VERSION3;
701 int Max_wait_time = 1000;
702 int Max_size_limit = LDAP_NO_LIMIT;
704 if (strlen(ldap_domain) == 0)
707 convert_domain_to_dn(ldap_domain, dn_path);
708 if (strlen(dn_path) == 0)
712 while (ServerList[Count] != NULL)
715 if ((Count == 0) && (connect_to_kdc))
718 memset(server_name, 0, sizeof(server_name[0]) * MAX_SERVER_NAMES);
719 if (locate_ldap_server(ldap_domain, server_name) == -1)
722 for (i = 0; i < MAX_SERVER_NAMES; i++)
724 if (server_name[i] != NULL)
726 if (Count >= MAX_SERVER_NAMES)
728 free(server_name[i]);
729 server_name[i] = NULL;
732 for (k = 0; k < (int)strlen(server_name[i]); k++)
733 server_name[i][k] = toupper(server_name[i][k]);
734 for (k = 0; k < Count; k++)
736 if (!strcasecmp(server_name[i], ServerList[k]))
738 free(server_name[i]);
739 server_name[i] = NULL;
745 ServerList[Count] = calloc(1, 256);
746 strcpy(ServerList[Count], server_name[i]);
747 ServerList[Count] = (char *)strdup((char *)server_name[i]);
749 free(server_name[i]);
754 for (i = 0; i < Count; i++)
756 if (ServerList[i] == NULL)
759 if (((*ldap_handle) = ldap_open(ServerList[i], LDAP_PORT)) != NULL)
761 rc = ldap_set_option((*ldap_handle), LDAP_OPT_PROTOCOL_VERSION, &version);
762 rc = ldap_set_option((*ldap_handle), LDAP_OPT_TIMELIMIT,
763 (void *)&Max_wait_time);
764 rc = ldap_set_option((*ldap_handle), LDAP_OPT_SIZELIMIT,
765 (void *)&Max_size_limit);
766 rc = ldap_set_option((*ldap_handle), LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
767 rc = ldap_adgssapi_bind((*ldap_handle), dn_path, 0);
768 if (rc == LDAP_SUCCESS)
772 if (!ad_server_connect(ServerList[i], ldap_domain))
774 ldap_unbind_s((*ldap_handle));
775 (*ldap_handle) = NULL;
779 if (strlen(default_server) == 0)
780 strcpy(default_server, ServerList[i]);
781 strcpy(connected_server, ServerList[i]);
786 (*ldap_handle) = NULL;
790 if ((*ldap_handle) == NULL)
795 int ad_server_connect(char *connectedServer, char *domain)
803 unsigned short port = KDC_PORT;
807 memset(&ccache, 0, sizeof(ccache));
808 memset(&creds, 0, sizeof(creds));
809 memset(userrealm, '\0', sizeof(userrealm));
812 if (krb5_init_context(&context))
814 if (krb5_cc_default(context, &ccache))
817 for (i = 0; i < (int)strlen(domain); i++)
818 userrealm[i] = toupper(domain[i]);
819 sprintf(temp, "%s@%s", "kadmin/changepw", userrealm);
820 if (krb5_parse_name(context, temp, &creds.server))
822 if (krb5_cc_get_principal(context, ccache, &creds.client))
824 if (krb5_get_credentials(context, 0, ccache, &creds, &credsp))
827 rc = ad_kdc_connect(connectedServer);
833 krb5_cc_close(context, ccache);
834 krb5_free_context(context);
836 krb5_free_cred_contents(context, &creds);
838 krb5_free_creds(context, credsp);
843 int ad_kdc_connect(char *connectedServer)
849 hp = gethostbyname(connectedServer);
852 memset(&kdc_server, 0, sizeof(kdc_server));
853 memcpy(&(kdc_server.sin_addr),hp->h_addr_list[0],hp->h_length);
854 kdc_server.sin_family = hp->h_addrtype;
855 kdc_server.sin_port = htons(KDC_PORT);
857 if ((kdc_socket = socket(AF_INET, SOCK_DGRAM, 0)) == INVALID_SOCKET)
859 if (connect(kdc_socket, (struct sockaddr*)&kdc_server, sizeof(kdc_server)) == SOCKET_ERROR)
867 void ad_kdc_disconnect()
870 if (auth_context != NULL)
872 krb5_auth_con_free(context, auth_context);
873 if (ap_req.data != NULL)
875 krb5_free_cred_contents(context, &creds);
877 krb5_free_creds(context, credsp);
883 krb5_cc_close(context, ccache);
884 krb5_free_context(context);
886 closesocket(kdc_socket);
890 int convert_domain_to_dn(char *domain, char *dnp)
896 memset(dn, '\0', sizeof(dn));
899 for (fp = domain; *fp; fp++)
914 int compare_elements(const void *arg1, const void *arg2)
918 rc = strcmp((char*)arg1, (char*)arg2);