/*
- * $Source$
- * $Author$
- * $Locker$
- * $Header$
+ * $Source$
+ * $Author$
+ * $Locker$
+ * $Header$
+ *
+ * (c) Copyright 1988 by the Massachusetts Institute of Technology.
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
*/
#ifndef lint
-static char *rcsid_userreg_c = "$Header$";
-#endif lint
+static char *rcsid_userreg_c = "$Header$";
+#endif
+#include <mit-copyright.h>
+#include <string.h>
#include <curses.h>
-#include "userreg.h"
#include <signal.h>
#include <sys/time.h>
#include <setjmp.h>
+#include <ctype.h>
+#include <kadm.h>
+#include <kadm_err.h>
+#include <krb.h>
+#include <des.h>
+#include <errno.h>
+#include "userreg.h"
+#include "ureg_err.h"
-#define EXIT -1
+/* 7.2 release compatibility */
+#ifndef KADM_INSECURE_PW
+#define KADM_INSECURE_PW (-1783126240L)
+#endif
+#define EXIT -1
-struct user user,
- db_user;
-struct alias alias;
-char typed_mit_id[100];
-jmp_buf redo;
-int restart();
+struct user user, db_user;
+struct alias alias;
+char realm[REALM_SZ];
+jmp_buf redo;
+int restart();
-extern int errno;
-int user_is_valid = 0;
-int already_registered = 0;
+extern int errno;
+int user_is_valid = 0;
+int user_has_login = 0;
+int already_registered = 0;
+int enrollment = 0;
+extern char *disabled();
+char typed_mit_id[100];
-fix_display( sig )
+fix_display(sig)
{
- signal( sig, SIG_IGN ); /* let us clean up, please */
- noraw();
- echo();
- endwin();
- exit( 1 );
+ struct sigaction act;
+
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ act.sa_handler = SIG_IGN;
+ sigaction(sig, &act, NULL);
+ noraw();
+ echo();
+ endwin();
+ exit(1);
}
-main (argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
{
- register int ntimes;
- register int reencrypt;
- char line[100];
-
- setup_display ();
-
- signal( SIGINT, fix_display );
- signal( SIGQUIT, fix_display );
- signal( SIGHUP, fix_display );
-
- do {
- setjmp(redo);
- reset ();
- ntimes = 0;
-
- display_text (WELCOME);
-
- gfirst();
- gmi ();
- glast ();
- gmitid ();
-
- while (dolook ()) {
- ntimes++;
- if (ntimes > 3) {
- display_text_line ("Sorry, you still cannot be found in the database.");
- display_text_line (" ");
- display_text_line ("Please call the account administrator at x1325 for help.");
- sleep (8);
- break;
- }
- display_text_line (0); /* clear the window */
- display_text_line ("I'm afraid I was unable to find you in the database.");
- display_text_line ("Do you want to change some input (for example, the spelling");
- display_text_line ("of part of your name) and try again?");
- if (askyn ("Do you want to try again ? ") == YES) {
- reencrypt = 0;
- display_text_line (0);
- sprintf (line,
- "You entered your first name as \"%s\"", user.u_first);
- display_text_line (line);
- if (askyn ("Do you want to change it? ") == YES) {
- gfirst ();
- reencrypt = 1;
+ int ntimes;
+ int reencrypt;
+ char line[100], *when, *msg;
+ int status;
+ char tmpfirst[100], tmplast[100], tmpmid[100];
+ struct sigaction act;
+
+ status = ureg_init();
+ if (status)
+ {
+ com_err(argv[0], status, "while trying to initialize");
+ exit(1);
+ }
+
+ if (when = disabled(&msg))
+ {
+ printf("We're sorry, the registration service is unavailable right now\n");
+ if (msg)
+ printf("because %s\n", msg);
+ printf("You should be able to register after %s", when);
+ printf("\nPress ENTER or RETURN to continue ");
+ fflush(stdout);
+ getchar();
+ exit(0);
+ }
+
+ /* stash the realm for later use */
+ if ((status = krb_get_lrealm(realm, 1)) != KSUCCESS)
+ {
+ printf("System error; please try another workstation.");
+ exit(1);
+ }
+
+ setup_display();
+
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ act.sa_handler = (void (*)()) fix_display;
+ sigaction(SIGINT, &act, NULL);
+ sigaction(SIGQUIT, &act, NULL);
+ sigaction(SIGHUP, &act, NULL);
+
+ while (1)
+ {
+ setjmp(redo);
+ reset();
+ ntimes = 0;
+
+ display_text(WELCOME, "");
+
+ gfirst();
+ gmi();
+ glast();
+ strcpy(tmpfirst, user.u_first);
+ strcpy(tmplast, user.u_last);
+ FixName(tmplast, tmpfirst, user.u_last, user.u_first, tmpmid);
+ redisp();
+
+ gmitid();
+
+ while (dolook())
+ {
+ ntimes++;
+ if (ntimes > 3)
+ {
+ display_text_line(0);
+ display_text_line("Sorry, you still cannot be found in the database.");
+ display_text_line(" ");
+ display_text_line("Please call an accounts consultant at x3-1325 for help.");
+ wait_for_user();
+ break;
+ }
+ display_text_line(0); /* clear the window */
+ display_text_line("You could not be found in the database.");
+ display_text_line("Do you want to change some input "
+ "(for example, the spelling");
+ display_text_line("of part of your name) and try again?");
+ if (askyn("Do you want to try again ? ") == YES)
+ {
+ reencrypt = 0;
+ display_text_line(0);
+ sprintf(line, "You entered your first name as \"%s\"",
+ user.u_first);
+ display_text_line(line);
+ if (askyn("Do you want to change it? ") == YES)
+ {
+ gfirst();
+ strcpy(tmpfirst, user.u_first);
+ strcpy(tmplast, user.u_last);
+ FixName(tmplast, tmpfirst, user.u_last, user.u_first,
+ tmpmid);
+ redisp();
+ reencrypt = 1;
+ }
+ display_text_line(0);
+ sprintf(line, "You entered your middle initial as \"%s\"",
+ user.u_mid_init);
+ display_text_line(line);
+ if (askyn("Do you want to change it? ") == YES)
+ gmi();
+ display_text_line(0);
+ sprintf(line, "You entered your family name as \"%s\"",
+ user.u_last);
+ display_text_line(line);
+ if (askyn("Do you want to change it? ") == YES)
+ {
+ glast();
+ strcpy(tmpfirst, user.u_first);
+ strcpy(tmplast, user.u_last);
+ FixName(tmplast, tmpfirst, user.u_last, user.u_first,
+ tmpmid);
+ redisp();
+ reencrypt = 1;
+ }
+ display_text_line(0);
+ sprintf(line, "You entered your MIT id number as \"%s\"",
+ typed_mit_id);
+ display_text_line(line);
+ if (askyn("Do you want to change it? ") == YES)
+ {
+ gmitid();
+ reencrypt = 0;
+ }
+ if (reencrypt)
+ {
+ EncryptID(user.u_mit_id, typed_mit_id,
+ user.u_first, user.u_last);
+ }
+ }
+ else
+ break;
}
- display_text_line (0);
- sprintf (line,
- "You entered your middle initial as \"%s\"", user.u_mid_init);
- display_text_line (line);
- if (askyn ("Do you want to change it? ") == YES)
- gmi ();
- display_text_line (0);
- sprintf (line,
- "You entered your last name as \"%s\"", user.u_last);
- display_text_line (line);
- if (askyn ("Do you want to change it? ") == YES) {
- glast ();
- reencrypt = 1;
+ if (!user_is_valid || already_registered)
+ {
+ qexit();
+ continue;
}
- display_text_line (0);
- sprintf (line,
- "You entered your MIT id number as \"%s\"", typed_mit_id);
- display_text_line (line);
- if (askyn ("Do you want to change it? ") == YES) {
- gmitid ();
- reencrypt = 0;
+ redisp();
+ if (!user_has_login)
+ {
+ if (negotiate_login() == -1)
+ {
+ qexit();
+ continue;
+ }
}
- if (reencrypt) {
- encrypt_mitid ();
+ if (negotiate_passwd() == -1)
+ {
+ qexit();
+ continue;
}
- }
+ sleep(1);
+ if (!enrollment)
+ display_text(FINISHED, user.u_login);
else
- break;
- }
- if (!user_is_valid || already_registered) {
- qexit ();
- continue;
- }
- redisp ();
- if (negotiate_login_and_password () == -1) {
- qexit ();
- continue;
- }
- sleep (1);
- display_text_line (0);
- display_text_line ("You are now registered to get an Athena account.");
- sprintf (line, "Please remember your username of \"%s\" and the password",
- user.u_login);
- display_text_line (line);
- display_text_line ("you typed in earlier.");
- display_text_line ("");
- display_text_line ("You are now finished. Thank you!");
- sleep(5);
- qexit ();
- } while(getuid() == 0); /* Loop forever if we're root */
+ {
+ display_text(FINISHEDE, user.u_login);
+ if (askyn("Do you wish to set your mailbox now? (Yes or No) "))
+ {
+ clear();
+ refresh();
+ noraw();
+ echo();
+ kinit(user.u_login, user.u_password);
+ system(NAMESPACE_PROG);
+ dest_tkt();
+ qexit();
+ exit(0);
+ }
+ }
+ wait_for_user();
+ qexit();
+ break;
+ }
restore_display();
exit(0);
}
-reset () {
- reset_display ();
- bzero (&user, sizeof (user));
+reset(void)
+{
+ reset_display();
+ memset(&user, 0, sizeof(user));
user_is_valid = 0;
already_registered = 0;
- redisp ();
+ enrollment = 0;
+ redisp();
}
+int dolook(void)
+{
+ /* do the database lookup */
+ char line[100];
+ int result;
-dolook () {
- /* do the database lookup */
+ if (user_is_valid)
+ {
+ /* !! */
+ return 0;
+ }
+ display_text_line(0);
+ display_text_line("Looking you up in the database.... "
+ "This may take from a few seconds to a few");
+ display_text_line("minutes, depending on how busy the system is "
+ "at the moment.");
- char line[100];
- register int result;
- if (user_is_valid) {
- /* !! */
- return (0);
- }
- display_text_line (0);
- display_text_line (
- "Looking you up in the database.... This may take a few minutes.");
timer_off();
- result = initialize_database(1,NULL);
+ result = verify_user(user.u_first, user.u_last, typed_mit_id,
+ user.u_mit_id, db_user.u_login);
+ wfeep();
+ display_text_line(0);
timer_on();
- if( result == SUCCESS ) {
- timer_off();
- result = get_user_by_mit_id (&db_user, user.u_mit_id);
- finalize_database();
- timer_on();
- if (result == SUCCESS) {
- /* check to see if the first and last names match */
- if (lenient_strcmp (user.u_first, db_user.u_first))
- return (1);
- if (lenient_strcmp (user.u_last, db_user.u_last))
- return (1);
- /* at this point the user has been verified */
- bcopy ((char *) & db_user, (char *) & user, sizeof (user));
+ switch(result)
+ {
+ case 0:
+ case UREG_ENROLLED:
+ display_text_line("You have been located in the user registration database.");
user_is_valid = 1;
- if (user.u_status & 1) {
- already_registered = 1;
- /* we have to reset this so we dont ask for a new username */
- user_is_valid = 0;
- display_text_line ("You are already registered. An account for you probably already exists");
- display_text_line ("on one of the W20 systems (if not, it will appear within 12 hours).");
- display_text_line ("Refer to the documents 'Essential Athena' and 'Essential Unix'");
- sprintf (line, "for help logging in. Remember, the username you chose was '%s'",
- db_user.u_login);
- display_text_line (line);
- redisp();
- sleep (5);
- return (0);
- }
- display_text_line ("You have been located in the user registration database.");
- sleep (1);
- return (0);
+ user_has_login = 0;
+ sleep(1);
+ return 0;
+ case UREG_HALF_ENROLLED:
+ enrollment = 1;
+ /* fall through to: */
+ case UREG_NO_PASSWD_YET:
+ user_is_valid = 1;
+ user_has_login = 1;
+ display_text_line ("You have chosen a login name, but you have not yet chosen a password.");
+ sprintf(line, "Remember: the username you chose was '%s'",
+ db_user.u_login);
+ strcpy(user.u_login, db_user.u_login);
+ display_text_line(line);
+ redisp();
+ sleep(5);
+ return 0;
+
+ case UREG_ALREADY_REGISTERED:
+ already_registered = 1;
+ /*
+ * we have to reset this so we dont ask for a
+ * new username
+ */
+ user_is_valid = 0;
+ display_text_line("You are already registered. "
+ "An account for you probably already exists");
+ display_text_line("(if not, it will appear within 24 hours).");
+ display_text_line("");
+ display_text_line("Refer to the document 'Working on Athena' "
+ "for help logging in.");
+ strcpy(user.u_login, db_user.u_login);
+ sprintf(line, "Remember, the username you chose was '%s'",
+ db_user.u_login);
+ display_text_line(line);
+ redisp();
+ wait_for_user();
+ return 0;
+ case UREG_DELETED:
+ display_text(DELETED_ACCT, db_user.u_login);
+ wait_for_user();
+ restore_display();
+ exit(0);
+ case UREG_NOT_ALLOWED:
+ display_text(OFFER_ENROLL, db_user.u_login);
+ redisp();
+ if (!askyn("Continue choosing a name and password (Y/N)? "))
+ {
+ already_registered = 1;
+ return 0;
+ }
+ user_has_login = 0;
+ user_is_valid = 1;
+ enrollment = 1;
+ return 0;
+ case UREG_ENROLL_NOT_ALLOWED:
+ display_text(NOT_ALLOWED, db_user.u_login);
+ wait_for_user();
+ restore_display();
+ exit(0);
+ case UREG_KRB_TAKEN:
+ display_text(IMPROPER_LOGIN, db_user.u_login);
+ wait_for_user();
+ return 0;
+ case UREG_USER_NOT_FOUND:
+ return 1;
+
+ case ECONNREFUSED:
+ case ETIMEDOUT:
+ case UREG_MISC_ERROR:
+ display_text(NETWORK_DOWN, db_user.u_login);
+ display_text_line(" ");
+ sprintf(line, "The specific error was: %s", error_message(result));
+ display_text_line(line);
+ wait_for_user();
+ return 0;
+
+ default:
+ display_text_line("An unexpected error occurred while trying to "
+ "access the database");
+ display_text_line(error_message(result));
+ redisp();
+ wait_for_user();
+ return 1;
}
- }
- if (result == FAILURE) {
- display_text (NETWORK_DOWN);
- sleep(5);
- restart();
- }
- return (1);
}
-negotiate_login_and_password () {
- register int result, result2;
- int same;
- char line[100];
- char old_login[LOGIN_SIZE];
- char old_password[PASSWORD_SIZE];
-
- display_text (USERNAME_BLURB);
- strcpy (old_login, user.u_login);
- sprintf (line, "We suggest the username '%s'.", user.u_login);
- display_text_line (line);
- display_text_line (
- "If you are sure you would prefer another username, feel free to enter");
- display_text_line (
- "one, but remember that it will remain with you for all the time you");
- display_text_line ("are at MIT.");
-
- get_login:
- while (1) {
- glogin ();
- /* compare the typed username with the one we have already * reserved.
- We use lenient_strcmp because the username we * get form the database
- may have extra spaces... */
- if (same = !lenient_strcmp (old_login, user.u_login)) {
- break; /* he didnt change the default */
- }
- display_text_line (0);
- display_text_line ("Looking up that username in the database... This may take a few minutes.");
- timer_off();
- result = initialize_database(1,NULL);
- timer_on();
- if( result == SUCCESS ) {
- timer_off();
- result = get_user_by_login (&db_user, user.u_login);
- result2 = get_alias_by_name (&alias, user.u_login);
- finalize_database();
- timer_on();
+
+/* Get a login name from the user and register it. There are several steps
+ * to this: display help message, get name, check name, display confirmation
+ * message, get confirmation, register name.
+ */
+
+int negotiate_login(void)
+{
+ int result, i;
+ char line[100], old_login[LOGIN_SIZE + 2];
+ char *error, *cp;
+
+ /* build suggested username */
+ cp = user.u_login;
+ if (isalpha(user.u_first[0]))
+ *cp++ = user.u_first[0];
+ if (isalpha(user.u_mid_init[0]))
+ *cp++ = user.u_mid_init[0];
+ for (i = 0; user.u_last[i] && cp - user.u_login < 8; i++)
+ {
+ if (isalpha(user.u_last[i]))
+ *cp++ = user.u_last[i];
}
- if (result == FAILURE || result2 == FAILURE) {
- display_text (NETWORK_DOWN);
- sleep(5);
- restart();
+ for (i = 0; user.u_login[i]; i++)
+ {
+ if (isupper(user.u_login[i]))
+ user.u_login[i] = tolower(user.u_login[i]);
}
- else
- if (result != NOT_FOUND || result2 != NOT_FOUND) {
- strcpy (user.u_login, old_login);
- redisp ();
- display_text_line ("I'm sorry, but that username is already taken. Please try again.");
- continue;
- }
- else { /* yay! we can go ahead and change it! */
- /* technically, this is not sound. Somebody may have grabbed the
- username before us. It's unlikely, so we just hope it won't
- happen. */
- display_text_line (0);
- sprintf (line,"No one else is using \"%s\" as a username so you can have it.", user.u_login);
- display_text_line (line);
- if (askyn ("Are you sure that is the one you want? ") == NO) {
- display_text_line (0);
- if (askyn ("Do you want to abort this session? ") == YES) {
- display_text_line (" ");
- display_text_line (" ");
- display_text_line ("aborting...");
- return (-1);
- }
- display_text_line (0);
- redisp ();
- continue;
- }
- break;
+ strcpy(old_login, user.u_login);
+
+ /* print message */
+ display_text(USERNAME_BLURB, user.u_login);
+
+again:
+ /* get name from user */
+ glogin();
+
+ display_text_line(0);
+ display_text_line("Testing that username...");
+ error = "";
+ if (strlen(user.u_login) < 3)
+ error = "Your username must be at least 3 characters long.";
+ else if (strlen(user.u_login) > 8)
+ error = "Your username cannot be longer than 8 characters.";
+ else if (!isalpha(user.u_login[0]) || !islower(user.u_login[0]))
+ error = "Your username must start with a lowercase letter.";
+ else
+ for (i = 1; i < strlen(user.u_login); i++)
+ {
+ if (!islower(user.u_login[i]) &&
+ !isdigit(user.u_login[i]) &&
+ user.u_login[i] != '_')
+ error = "Your username must contain only lower case letters, "
+ "numbers, and underscore";
}
- }
+ timer_off();
+ result = krb_get_pw_in_tkt(user.u_login, "", realm, "krbtgt", realm, 1, "");
+ timer_on();
+ if (*error == 0 && result != KDC_PR_UNKNOWN)
+ error = "That username is already taken.";
-get_password:
+ /* if it's bad, get another name from user */
+ if (*error)
+ {
+ strcpy(user.u_login, old_login);
+ redisp();
+ display_text_line(error);
+ display_text_line("Please choose another username.");
+ goto again;
+ }
+
+ /* name is OK, make sure */
+ display_text(USERNAME_BLURB2, user.u_login);
+ if (!askyn("Do you want to register this username? (Yes or No) "))
+ goto again;
+
+ display_text_line(0);
+ display_text_line("Trying to assign that username... "
+ "This may take a few minutes.");
+
+ /* Do It! */
+ timer_off();
+ if (!enrollment)
+ {
+ result = grab_login(user.u_first, user.u_last, typed_mit_id,
+ user.u_mit_id, user.u_login);
+ }
+ else
+ {
+ result = enroll_login(user.u_first, user.u_last, typed_mit_id,
+ user.u_mit_id, user.u_login);
+ }
+ wfeep();
+ timer_on();
+ if (result != 0)
+ {
+ char buf[BUFSIZ];
+
+ if (result == UREG_LOGIN_USED)
+ {
+ /* name was in moira but not kerberos */
+ error = "Sorry, that username really was in use after all.";
+ strcpy(user.u_login, old_login);
+ redisp();
+ display_text_line(error);
+ display_text_line("Please choose another username.");
+ goto again;
+ }
- /* at this point we have successfully negotiated a username */
+ display_text(NETWORK_DOWN, "");
+ display_text_line(" ");
+ sprintf(buf, "The specific error was: %s", error_message(result));
+ display_text_line(buf);
+ wait_for_user();
+ return qexit();
+ }
- sprintf (line, "O.K. your username will be \"%s.\"", user.u_login);
- display_text_line (0);
- display_text_line (line);
+ /* at this point we have successfully negotiated a username */
+ sprintf(line, "O.K. your username will be \"%s\".", user.u_login);
+ display_text_line(0);
+ display_text_line(line);
redisp();
- sleep (3);
- display_text_line (0);
- display_text (PASSWORD_BLURB);
- gpass ();
- display_text_line ("You password is now established.");
- /* we now make sure that the user must type his old password the next
- time he tries to change it */
- already_registered = 1;
- user.u_status = 1;
- display_text_line ("Storing information in the database... This may take a few minutes.");
- /* Check one more time to make sure someone hasn't grabbed that login
- since last time we checked. */
- if (!same) /* Recheck username if it was changed. */
+ sleep(3);
+ return 0;
+}
+
+
+int negotiate_passwd(void)
+{
+ char *passwd, *error;
+ char old_passwd[256], fullname[256], tktstring[256], inst[INST_SZ];
+ char login[ANAME_SZ], lpassword[PASSWORD_SIZE];
+ int result;
+ des_cblock key;
+ FILE *in;
+
+again:
+ display_text(PASSWORD_BLURB, "");
+ gpass();
+
+ /* validate password */
+ error = NULL;
+ passwd = user.u_password;
+ sprintf(fullname, "%s%s", user.u_first, user.u_last);
+ if (strlen(passwd) < 6)
+ error = "Please choose a longer password.";
+ if (!strpasscmp(passwd, user.u_first) ||
+ !strpasscmp(passwd, user.u_last) ||
+ !strpasscmp(passwd, user.u_login) ||
+ !strpasscmp(passwd, fullname) ||
+ !strpasscmp(passwd, typed_mit_id))
+ error = "Please do not use your name or ID number for your password.";
+ if (!error)
{
- timer_off();
- result = initialize_database(1,NULL);
- timer_on();
- if( result == SUCCESS ) {
- timer_off();
- result = get_user_by_login (&db_user, user.u_login);
- result2 = get_alias_by_name (&alias, user.u_login);
- finalize_database();
- timer_on();
- }
- if (result == FAILURE || result2 == FAILURE) {
- display_text (NETWORK_DOWN);
- return (-1); }
+ in = fopen(LOGIN_INFO, "r");
+ if (in)
+ {
+ fgets(login, sizeof(login), in);
+ /* trim trailing newline */
+ if (strlen(login))
+ login[strlen(login) - 1] = '\0';
+ fgets(lpassword, sizeof(lpassword), in);
+ /* trim trailing newline */
+ if (strlen(lpassword))
+ lpassword[strlen(lpassword) - 1] = '\0';
+ fclose(in);
+ }
else
- if (result != NOT_FOUND || result2 != NOT_FOUND) {
- strcpy (user.u_login, old_login);
- redisp ();
- display_text_line(0);
- display_text_line ("You're not going to believe this, but someone just now took the username");
- display_text_line("you wanted.");
+ {
+ strcpy(login, "moira");
+ strcpy(lpassword, "moira");
+ }
+
+ sprintf(tktstring, "/tmp/tkt_cpw_%d", getpid());
+ krb_set_tkt_string(tktstring);
+ des_string_to_key(passwd, key);
+ inst[0] = 0;
+
+ result = krb_get_pw_in_tkt(login, inst, realm, PWSERV_NAME,
+ KADM_SINST, 1, lpassword);
+ if (result == KSUCCESS)
+ result = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm);
+ if (result == KSUCCESS)
+ result = kadm_check_pw(key, passwd, &error);
+ dest_tkt();
+ if (result == KADM_INSECURE_PW)
+ {
+ error = "You have chosen a passsword that is in the dictionary "
+ "of commonly\nselected user passwords. You will have to choose "
+ "a better password.";
+ }
+ else if (result != KSUCCESS)
+ {
+ display_text(NETWORK_DOWN);
display_text_line(" ");
- display_text_line("You will have to choose a new username.");
- goto get_login;
+ sprintf(fullname, "%s while verifying password",
+ error_message(result));
+ display_text_line(fullname);
+ wait_for_user();
+ return -1;
}
}
- /* Do the database update and hope nobody grabs the same login before we
- do. Its really not very likely that they will. */
- if (do_replace ()) {
- return (-1);
- }
- display_text_line ("done.");
-}
-gfirst () {
- /* input the first name */
- char buf[100];
+ if (error)
+ {
+ display_text_line(0);
+ display_text_line(error);
+ wait_for_user();
+ goto again;
+ }
- signal(SIGALRM, restart);
- input ("Enter first Name:", buf, 100, FIRSTNAME_TIMEOUT);
- strncpy (user.u_first, buf, FIRST_NAME_SIZE);
- user.u_first[FIRST_NAME_SIZE - 1] = '\0';
- redisp ();
+ display_text(PASSWORD_BLURB2, "");
+ strcpy(old_passwd, user.u_password);
+ gpass();
+ if (strcmp(old_passwd, user.u_password))
+ {
+ display_text_line(0);
+ display_text_line("What you just typed did not match the password "
+ "you gave the first time.");
+ sleep(8);
+ goto again;
+ }
+
+ display_text_line("Storing password in the database... This may take "
+ "a few minutes.");
+ if (do_replace())
+ return -1;
+ display_text_line("done.");
+ return 0;
}
-glast () {
- /* input the last name */
- char buf[100];
+gfirst(void)
+{
+ /* input the first name */
+ char buf[FIRST_NAME_SIZE + 2];
+ struct sigaction act;
+
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ act.sa_handler = (void (*)()) fix_display;
+ sigaction(SIGALRM, &act, NULL);
+ input("Enter first Name:", buf, FIRST_NAME_SIZE + 1,
+ FIRSTNAME_TIMEOUT, TRUE);
+ strncpy(user.u_first, buf, FIRST_NAME_SIZE);
+ user.u_first[FIRST_NAME_SIZE - 1] = '\0';
+ canon_name(user.u_first);
+ redisp();
+}
- signal(SIGALRM, restart);
- input ("Enter last Name:", buf, 100, LASTNAME_TIMEOUT);
- strncpy (user.u_last, buf, LAST_NAME_SIZE);
+glast(void)
+{
+ /* input the last name */
+ char buf[LAST_NAME_SIZE + 2];
+ struct sigaction act;
+
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ act.sa_handler = (void (*)()) fix_display;
+ sigaction(SIGALRM, &act, NULL);
+ input("Enter family Name:", buf, LAST_NAME_SIZE + 1,
+ LASTNAME_TIMEOUT, FALSE);
+ strncpy(user.u_last, buf, LAST_NAME_SIZE);
user.u_last[LAST_NAME_SIZE - 1] = '\0';
- redisp ();
+ canon_name(user.u_last);
+ redisp();
}
-gpass () {
- /* input password */
- char old_password[PASSWORD_SIZE];
- char new_password[PASSWORD_SIZE];
- char new_password_again[PASSWORD_SIZE];
-
- if (already_registered) { /* we have to ask for his old password */
- signal(SIGALRM, restart);
- input_no_echo ("Enter old Password:", old_password,
- PASSWORD_SIZE, OLD_PASSWORD_TIMEOUT);
- if (strcmp (user.u_password, crypt (old_password,
- user.u_password))) {
- display_text_line ("Sorry, that does not match your old password.");
- display_text_line ("In order to get a new one, you have to know the old one.");
- return (1);
- }
- }
-
- do_input:
- signal(SIGALRM, restart);
- input_no_echo ("Enter password:", new_password,
- PASSWORD_SIZE, NEW_PASSWORD_TIMEOUT);
- if (strlen (new_password) < 4) {
- display_text_line ("Please use a password of at least 4 characters.");
- goto do_input;
- }
- signal(SIGALRM, restart);
- input_no_echo ("Enter password again:", new_password_again,
- PASSWORD_SIZE, REENTER_PASSWORD_TIMEOUT);
- if (strcmp (new_password, new_password_again)) {
- display_text_line ("Sorry, the two passwords you just typed in don't match.");
- display_text_line ("Please try again.");
- goto do_input;
- }
-
- /* give him a new password. It looks funny because we are trying to get
- a semi_random key without a lot of hair by using the login name as a
- seed */
-
- strcpy (user.u_password, crypt (new_password, user.u_login));
- redisp ();
+gpass(void)
+{
+ /* input password */
+ char new_password[PASSWORD_SIZE + 1];
+ struct sigaction act;
+
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ act.sa_handler = (void (*)()) fix_display;
+ sigaction(SIGALRM, &act, NULL);
+ input_no_echo("Enter password:", new_password,
+ PASSWORD_SIZE, NEW_PASSWORD_TIMEOUT);
+ strcpy(user.u_password, new_password);
+ redisp();
}
-glogin () {
- /* get login name */
- register int i;
- char buf[100];
- register char *nbuf = buf;
-input_login:
- i = 0;
+/* get login name */
+
+glogin(void)
+{
+ char buf[LOGIN_SIZE + 2];
+ struct sigaction act;
+
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ act.sa_handler = (void (*)()) fix_display;
+ sigaction(SIGALRM, &act, NULL);
user.u_login[0] = '\0';
- nbuf = &buf[0];
- signal(SIGALRM, restart);
- input ("Enter username:", buf, 100, USERNAME_TIMEOUT);
- while (*nbuf != '\0') {
- if (!islower (*nbuf)) {
- display_text_line ("Your username must be all lowercase alphabetic characters.");
- goto input_login;
- }
- user.u_login[i] = *nbuf++;
- i++;
- if (i > LOGIN_SIZE - 1) {
- display_text_line ("Your username must be no more than 8 characters long.");
- goto input_login;
- }
- }
- if (i != 0) {
- user.u_login[i] = '\0';
- }
- if (strlen (user.u_login) < 2) {
- goto input_login;
- }
- /* This part added to fix home directories -- asp */
- strcpy (user.u_home_dir, "/mit/");
- user.u_home_dir[5] = user.u_login[0];
- user.u_home_dir[6] = '/';
- user.u_home_dir[7] = user.u_login[1];
- user.u_home_dir[8] = '/';
- strcpy (user.u_home_dir + 9, user.u_login);
-
- redisp ();
+ input("Enter username:", buf, LOGIN_SIZE, USERNAME_TIMEOUT, FALSE);
+ strcpy(user.u_login, buf);
+ redisp();
}
-gmitid () {
- /* get mid id */
- register int i;
- char buf[100];
- register char *nbuf = buf;
-
- input_mit_id:
- signal(SIGALRM, restart);
- input ("Enter MIT Id:", buf, 100, MITID_TIMEOUT);
+gmitid(void)
+{
+ /* get mid id */
+ int i;
+ char buf[15];
+ char *nbuf = buf;
+ struct sigaction act;
+
+input_mit_id:
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ act.sa_handler = (void (*)()) fix_display;
+ sigaction(SIGALRM, &act, NULL);
+ input("Enter MIT Id:", buf, 14, MITID_TIMEOUT, FALSE);
i = 0;
nbuf = &buf[0];
- while (*nbuf != '\0') {
- if (*nbuf == ' ' || *nbuf == '-') {
+ while (*nbuf)
+ {
+ if (*nbuf == ' ' || *nbuf == '-')
+ {
+ nbuf++;
+ continue;
+ }
+ if (!isdigit(*nbuf))
+ {
+ i = 0;
+ break;
+ }
+ typed_mit_id[i] = *nbuf;
nbuf++;
- continue;
+ i++;
}
- if (!isdigit (*nbuf)) {
- i = 0;
- break;
+ if (i != 9)
+ {
+ display_text_line("Your MIT id must be a nine-digit number. "
+ "Please try again.");
+ goto input_mit_id;
}
- typed_mit_id[i] = *nbuf;
- nbuf++;
- i++;
- }
- if (i != 9) {
- display_text_line (
- "Your MIT id must be a nine-digit number. Please try again.");
- goto input_mit_id;
- }
typed_mit_id[9] = '\0';
- redisp ();
- encrypt_mitid ();
-}
-
-encrypt_mitid () {
- char salt[3];
-
- make_salt (salt, user.u_first, user.u_last);
- strcpy (user.u_mit_id, crypt (&typed_mit_id[2], salt));
+ redisp();
+ EncryptID(user.u_mit_id, typed_mit_id, user.u_first, user.u_last);
}
-
-#define _tolower(c) ((c)|0x60)
-
-make_salt (salt, first, last)
-char *salt,
- *first,
- *last;
+gmi(void)
{
- salt[0] = _tolower (last[0]);
- salt[1] = _tolower (first[0]);
-}
-
-
-gmi () {
- /* get middle initial */
- char buf[100];
-
- signal(SIGALRM, restart);
- input ("Enter Middle Initial:", buf, 100, MI_TIMEOUT);
- strncpy (user.u_mid_init, buf, MID_INIT_SIZE);
+ /* get middle initial */
+ char buf[MID_INIT_SIZE + 2];
+ struct sigaction act;
+
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ act.sa_handler = (void (*)()) fix_display;
+ sigaction(SIGALRM, &act, NULL);
+ input("Enter Middle Initial:", buf, MID_INIT_SIZE + 1, MI_TIMEOUT, TRUE);
+ strncpy(user.u_mid_init, buf, MID_INIT_SIZE);
user.u_mid_init[MID_INIT_SIZE - 1] = '\0';
- redisp ();
+ canon_name(user.u_mid_init);
+ redisp();
}
-qexit () {
- /* exit quickly, not saving anything in the database */
- bzero (&user, sizeof (user));
+int qexit(void)
+{
+ /* exit quickly, not saving anything in the database */
+ memset(&user, 0, sizeof(user));
typed_mit_id[0] = '\0';
user_is_valid = 0;
already_registered = 0;
- sleep (6); /* give the user a chance to see the
- screen */
- display_text_line (0);
- return (EXIT);
+ enrollment = 0;
+ sleep(2); /* give the user a chance to see the screen */
+ display_text_line(0);
+ return EXIT;
}
-do_replace () {
- /* replaces a user in the database. If there is an error, it informs
- the user and calls qexit(); It returns only if is is successful */
-
- register int result, uid;
+int do_replace(void)
+{
+ int status;
+ char buf[100];
- signal(SIGALRM, SIG_IGN); /* Don't bother me */
- uid = getuid();
- setruid(0); /* Look, I'm root! */
+ /*
+ * replaces a user in the database. If there is an error, it informs
+ * the user and calls qexit(); It returns only if is is successful
+ */
timer_off();
- result = initialize_database(1,NULL);
+ if (!enrollment)
+ {
+ status = set_password(user.u_first, user.u_last, typed_mit_id,
+ user.u_mit_id, user.u_password);
+ }
+ else
+ {
+ status = get_krb(user.u_first, user.u_last, typed_mit_id,
+ user.u_mit_id, user.u_password);
+ }
+ wfeep();
timer_on();
- if( result == SUCCESS ) {
- timer_off();
- result = replace_user_admin (&user);
- finalize_database();
- timer_on();
- }
- setruid(uid); /* Back to normal */
- signal(SIGALRM, restart);
-
- if (result == FAILURE) {
- display_text (NETWORK_DOWN);
- return (-1);
- }
- if (result != SUCCESS) {
- display_text_line (0);
- display_text_line ("There was an unknown error in trying to give you that username.");
- display_text_line ("The database was not updated.");
- display_text_line ("Please try again later.");
- printf ("Replace error %d\n", result);
- return (-1);
- }
- /* finally, if we get to here, there are no problems */
- else {
- return (0);
- }
+ if (status)
+ {
+ display_text(NETWORK_DOWN);
+ display_text_line(" ");
+ sprintf(buf, "The specific error was: %s", error_message(status));
+ display_text_line(buf);
+ wait_for_user();
+ return -1;
+ }
+ else
+ return 0;
}
+
+int kinit(char *user, char *passwd)
+{
+ int status;
+ char inst[INST_SZ];
+
+ inst[0] = '\0';
+ status = krb_get_pw_in_tkt(user, inst, realm, "krbtgt",
+ realm, DEFAULT_TKT_LIFE, 0);
+ return status;
+}
+
+
+#ifndef _toupper
#define _toupper(c) ((c) & ~0x20)
+#endif
-lenient_strcmp (string1, string2)
-register char *string1,
- *string2;
+int lenient_strcmp(char *string1, char *string2)
{
- /* a primitive case insensitive string comparison. It returns only 0 if
- the strings are equal (ignoring case) and 1 if they are different.
- Also ignores spaces. */
+ /*
+ * a primitive case insensitive string comparison. It returns only 0
+ * if the strings are equal (ignoring case) and 1 if they are
+ * different. Also ignores spaces.
+ */
- while (1) {
- if (*string1 == '\0' && *string2 == '\0') {
- return (0);
- }
- if (*string1 == ' ' || *string1 == '.' || *string1 == '-' || *string1 == '\'') {
+ while (1)
+ {
+ if (*string1 == '\0' && *string2 == '\0')
+ return 0;
+ if (*string1 == ' ' || *string1 == '.' || *string1 == '-' ||
+ *string1 == '\'' || *string1 == '_')
+ {
+ string1++;
+ continue;
+ }
+ if (*string2 == ' ' || *string2 == '.' || *string2 == '-' ||
+ *string2 == '\'' || *string2 == '_')
+ {
+ string2++;
+ continue;
+ }
+ if (_toupper(*string1) != _toupper(*string2))
+ return 1;
string1++;
- continue;
- }
- if (*string2 == ' ' || *string2 == '.' || *string2 == '-' || *string2 == '\'') {
string2++;
- continue;
- }
- if (_toupper (*string1) != _toupper (*string2)) {
- return (1);
}
- string1++;
- string2++;
- }
}
-/* Input timeout handler. Loop back to asking for the first name.
+
+/* See if the strings match in forward & reverse direction, ignoring
+ * case and spaces/punctuation.
+ */
+
+int strpasscmp(char *s1, char *s2)
+{
+ char buf[256], *from, *to;
+
+ if (!lenient_strcmp(s1, s2))
+ return 0;
+ /* if s2 is empty, say OK */
+ if (!*s2)
+ return 1;
+
+ from = &s2[strlen(s2)];
+ from--;
+ for (to = &buf[0]; from >= s2; from--)
+ *to++ = *from;
+
+ return lenient_strcmp(s1, buf);
+}
+
+
+/*
+ * Input timeout handler. Loop back to asking for the first name.
*/
-restart()
/* Go to asking for first name. */
+restart(void)
{
qexit();
- longjmp(redo);
+ longjmp(redo, 1);
+}
+
+canon_name(char *cp)
+{
+ char *p2 = cp;
+
+ /* Trim whitespace off both ends. */
+ for (; *p2 && isspace(*p2); p2++)
+ ;
+ if (*p2)
+ {
+ strcpy(cp, p2);
+ p2 = cp + strlen(cp);
+ --p2;
+ while (p2 >= cp && isspace(*p2))
+ *(--p2) = '\0';
+ }
+ /* Make it capitalized */
+ FixCase(cp);
}