-
-
-#ifdef KERBEROS
-KTEXT_ST ticket;
-long authopts = 0L;
-Key_schedule random_schedule;
-char realm[REALM_SZ], krbhst[MAX_HSTNM];
-static struct kpasswd_data proto_data;
-static des_cblock okey;
-static Key_schedule osched;
-int sock;
-int finish();
-#define PROTO "tcp"
-
-static struct timeval timeout = { CLIENT_KRB_TIMEOUT, 0 };
-
-do_krb_passwd()
-{
- struct servent *se;
- struct hostent *host;
- struct sockaddr_in sin;
- int rval;
- char pass[_PASSWORD_LEN], password[_PASSWORD_LEN];
- fd_set readfds;
- CREDENTIALS cred;
-
- static struct rlimit rl = { 0, 0 };
-
- (void)signal(SIGHUP, SIG_IGN);
- (void)signal(SIGINT, SIG_IGN);
- (void)signal(SIGTSTP, SIG_IGN);
-
- if (setrlimit(RLIMIT_CORE, &rl) < 0) {
- perror("setrlimit");
- return(1);
- }
-
- if ((se = getservbyname(SERVICE, PROTO)) == NULL) {
- fprintf(stderr, "couldn't find entry for service %s/%s\n",
- SERVICE, PROTO);
- return(1);
- }
-
- if ((rval = krb_get_lrealm(realm,1)) != KSUCCESS) {
- fprintf(stderr, "couldn't get local Kerberos realm: %s\n",
- krb_err_txt[rval]);
- return(1);
- }
-
- if ((rval = krb_get_krbhst(krbhst, realm, 1)) != KSUCCESS) {
- fprintf(stderr, "couldn't get Kerberos host: %s\n",
- krb_err_txt[rval]);
- return(1);
- }
-
- if ((host = gethostbyname(krbhst)) == NULL) {
- fprintf(stderr, "couldn't get host entry for krb host %s\n",
- krbhst);
- return(1);
- }
-
- sin.sin_family = host->h_addrtype;
- bcopy(host->h_addr, (char *) &sin.sin_addr, host->h_length);
- sin.sin_port = se->s_port;
-
- if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
- perror("socket");
- return(1);
- }
-
- if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) {
- perror("connect");
- close(sock);
- return(1);
- }
-
- rval = krb_sendauth(
- authopts, /* NOT mutual */
- sock,
- &ticket, /* (filled in) */
- SERVICE,
- krbhst, /* instance (krbhst) */
- realm, /* dest realm */
- (u_long) getpid(), /* checksum */
- NULL, /* msg data */
- NULL, /* credentials */
- NULL, /* schedule */
- NULL, /* local addr */
- NULL, /* foreign addr */
- "KPWDV0.1"
- );
-
-
- if (rval != KSUCCESS) {
- fprintf(stderr, "Kerberos sendauth error: %s\n",
- krb_err_txt[rval]);
- return(1);
- }
-
- krb_get_cred("krbtgt", realm, realm, &cred);
-
- printf("Changing Kerberos password for %s.%s@%s.\n",
- cred.pname, cred.pinst, realm);
-
- if (des_read_pw_string(pass,
- sizeof(pass)-1, "Old Kerberos password:", 0)) {
- fprintf(stderr,
- "error reading old Kerberos password\n");
- return(1);
- }
-
- (void)des_string_to_key(pass, okey);
- (void)des_key_sched(okey, osched);
- (void)des_set_key(okey, osched);
-
- /* wait on the verification string */
-
- FD_ZERO(&readfds);
- FD_SET(sock, &readfds);
-
- rval =
- select(sock + 1, &readfds, (fd_set *) 0, (fd_set *) 0, &timeout);
-
- if ((rval < 1) || !FD_ISSET(sock, &readfds)) {
- if(rval == 0) {
- fprintf(stderr, "timed out (aborted)\n");
- cleanup();
- return(1);
- }
- fprintf(stderr, "select failed (aborted)\n");
- cleanup();
- return(1);
- }
-
- /* read verification string */
-
- if (des_read(sock, &proto_data, sizeof(proto_data)) !=
- sizeof(proto_data)) {
- fprintf(stderr,
- "couldn't read verification string (aborted)\n");
- cleanup();
- return(1);
- }
-
- (void)signal(SIGHUP, finish);
- (void)signal(SIGINT, finish);
-
- if (strcmp(SECURE_STRING, proto_data.secure_msg) != 0) {
- cleanup();
- /* don't complain loud if user just hit return */
- if (pass == NULL || (!*pass))
- return(0);
- fprintf(stderr, "Sorry\n");
- return(1);
- }
-
- (void)des_key_sched(proto_data.random_key, random_schedule);
- (void)des_set_key(proto_data.random_key, random_schedule);
- (void)bzero(pass, sizeof(pass));
-
- if (des_read_pw_string(pass,
- sizeof(pass)-1, "New Kerberos password:", 0)) {
- fprintf(stderr,
- "error reading new Kerberos password (aborted)\n");
- cleanup();
- return(1);
- }
-
- if (des_read_pw_string(password,
- sizeof(password)-1, "Retype new Kerberos password:", 0)) {
- fprintf(stderr,
- "error reading new Kerberos password (aborted)\n");
- cleanup();
- return(1);
- }
-
- if (strcmp(password, pass) != 0) {
- fprintf(stderr, "password mismatch (aborted)\n");
- cleanup();
- return(1);
- }
-
- if (strlen(pass) == 0)
- printf("using NULL password\n");
-
- send_update(sock, password, SECURE_STRING);
-
- /* wait for ACK */
-
- FD_ZERO(&readfds);
- FD_SET(sock, &readfds);
-
- rval =
- select(sock + 1, &readfds, (fd_set *) 0, (fd_set *) 0, &timeout);
- if ((rval < 1) || !FD_ISSET(sock, &readfds)) {
- if(rval == 0) {
- fprintf(stderr, "timed out reading ACK (aborted)\n");
- cleanup();
- exit(1);
- }
- fprintf(stderr, "select failed (aborted)\n");
- cleanup();
- exit(1);
- }
-
- recv_ack(sock);
- cleanup();
- exit(0);
-}
-
-send_update(dest, pwd, str)
- int dest;
- char *pwd, *str;
-{
- static struct update_data ud;
- strncpy(ud.secure_msg, str, _PASSWORD_LEN);
- strncpy(ud.pw, pwd, sizeof(ud.pw));
- if (des_write(dest, &ud, sizeof(ud)) != sizeof(ud)) {
- fprintf(stderr, "couldn't write pw update (abort)\n");
- bzero(ud, sizeof(ud));
- cleanup();
- exit(1);
- }
-}
-
-recv_ack(remote)
- int remote;
-{
- int cc;
- char buf[BUFSIZ];
- cc = des_read(remote, buf, sizeof(buf));
- if (cc <= 0) {
- fprintf(stderr, "error reading acknowledgement (aborted)\n");
- cleanup();
- exit(1);
- }
- printf("%s", buf);
-}
-
-cleanup()
-{
- (void)bzero(&proto_data, sizeof(proto_data));
- (void)bzero(okey, sizeof(okey));
- (void)bzero(osched, sizeof(osched));
- (void)bzero(random_schedule, sizeof(random_schedule));
-}
-
-finish()
-{
- (void)close(sock);
- exit(1);
-}
-
-#endif /* KERBEROS */