+ int status;
+ char *argv[U_END];
+
+ com_err(whoami, 0, "checking status of secure password for %s",
+ message->first);
+ argv[0] = message->first;
+ status = mr_query("get_user_account_by_login", 1, argv, getuserinfo, argv);
+ if (status != SUCCESS)
+ {
+ com_err(whoami, status, " while getting user info");
+ return status;
+ }
+ if (atoi(argv[U_SECURE + 1]))
+ return UREG_ALREADY_REGISTERED;
+ return SUCCESS;
+}
+
+
+/* Set someone's secure instance password. */
+
+int set_secure(struct msg *message, char *retval)
+{
+ int status;
+ char *argv[U_END], *bp, buf[512], *passwd, *id;
+ KTEXT_ST creds;
+ AUTH_DAT auth;
+ C_Block key;
+ Key_schedule keys;
+ Kadm_vals kv;
+ u_long *lkey = (u_long *)key;
+ struct timeval now;
+ static int inited = 0;
+ static char *host;
+ struct utsname uts;
+
+ if (!inited)
+ {
+ inited++;
+ if (uname(&uts) < 0)
+ com_err(whoami, errno, "getting local hostname");
+ host = strdup(krb_get_phost(uts.nodename));
+ }
+
+ com_err(whoami, 0, "setting secure passwd for %s", message->first);
+ argv[0] = message->first;
+ status = mr_query("get_user_account_by_login", 1, argv, getuserinfo, argv);
+ if (status != SUCCESS)
+ {
+ com_err(whoami, status, " while getting user info");
+ return status;
+ }
+ if (atoi(argv[U_SECURE + 1]))
+ {
+ com_err(whoami, UREG_ALREADY_REGISTERED, "in set_secure()");
+ return UREG_ALREADY_REGISTERED;
+ }
+
+ bp = message->encrypted;
+ /* round up to word boundary */
+ bp = (char *)((((u_long)bp + 3) >> 2) << 2);
+
+ creds.length = ntohl(*((int *)bp));
+ bp += sizeof(int);
+ memcpy(creds.dat, bp, creds.length);
+ creds.mbz = 0;
+ bp += creds.length;
+
+ status = krb_rd_req(&creds, "changepw", host, cur_req_sender(), &auth, "");
+ if (status)
+ {
+ status += krb_err_base;
+ com_err(whoami, status, " verifying credentials in set_secure()");
+ return status;
+ }
+
+ message->leftover_len = ntohl(*((int *)(bp)));
+ bp += sizeof(int);
+ message->leftover = bp;
+
+ des_key_sched(auth.session, keys);
+ des_pcbc_encrypt(message->leftover, buf, message->leftover_len,
+ keys, auth.session, 0);
+
+ id = buf;
+ passwd = strchr(buf, ',');
+ *passwd++ = 0;
+
+ if (strcmp(id, argv[U_MITID + 1]))
+ {
+ char buf[32];
+
+ EncryptID(buf, id, argv[U_FIRST + 1], argv[U_LAST + 1]);
+ if (strcmp(buf, argv[U_MITID + 1]))
+ {
+ status = UREG_USER_NOT_FOUND;
+ com_err(whoami, status, "IDs mismatch: %s (%s), %s", id, buf,
+ argv[U_MITID + 1]);
+ return status;