2 * Copyright 1988 by the Massachusetts Institute of Technology.
4 * For copying and distribution information, please see the file
7 * change your password with kerberos
12 static char rcsid_kpasswd_c[] =
13 "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp ";
15 static const char rcsid[] =
16 "$FreeBSD: src/crypto/kerberosIV/kadmin/kpasswd_standalone.c,v 1.1.8.3 2003/02/14 22:37:37 nectar Exp $";
21 * change your password with kerberos
25 #include <sys/types.h>
26 #include <sys/param.h>
27 #include <netinet/in.h>
38 extern void krb_set_tkt_string();
39 static void go_home(char *, int);
42 int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag)
44 char name[ANAME_SZ]; /* name of user */
45 char inst[INST_SZ]; /* instance of user */
46 char realm[REALM_SZ]; /* realm of user */
47 char default_name[ANAME_SZ];
48 char default_inst[INST_SZ];
49 char default_realm[REALM_SZ];
50 int realm_given = 0; /* True if realm was give on cmdline */
51 int use_default = 1; /* True if we should use default name */
53 int status; /* return code */
57 char tktstring[MAXPATHLEN];
59 void get_pw_new_key();
62 int placebo_long_pw_string();
63 #define read_long_pw_string placebo_read_pw_string
65 #define read_long_pw_string des_read_pw_string
68 bzero(name, sizeof(name));
69 bzero(inst, sizeof(inst));
70 bzero(realm, sizeof(realm));
72 if (krb_get_tf_fullname(TKT_FILE, default_name, default_inst,
73 default_realm) != KSUCCESS) {
74 pw = getpwuid((int) getuid());
76 strcpy(default_name, pw->pw_name);
78 /* seems like a null name is kinda silly */
79 strcpy(default_name, "");
81 strcpy(default_inst, "");
82 if (krb_get_lrealm(default_realm, 1) != KSUCCESS)
83 strcpy(default_realm, KRB_REALM);
87 if ((status = kname_parse(name, inst, realm, uflag))) {
88 errx(2, "Kerberos error: %s", krb_err_txt[status]);
93 if (krb_get_lrealm(realm, 1) != KSUCCESS)
94 strcpy(realm, KRB_REALM);
98 if (k_isname(uname)) {
99 strncpy(name, uname, sizeof(name) - 1);
101 errx(1, "bad name: %s", uname);
106 if (k_isinst(iflag)) {
107 strncpy(inst, iflag, sizeof(inst) - 1);
109 errx(1, "bad instance: %s", iflag);
114 if (k_isrealm(rflag)) {
115 strncpy(realm, rflag, sizeof(realm) - 1);
118 errx(1, "bad realm: %s", rflag);
122 if(uname || iflag || rflag || uflag) use_default = 0;
125 strcpy(name, default_name);
126 strcpy(inst, default_inst);
127 strcpy(realm, default_realm);
130 strcpy(name, default_name);
132 strcpy(realm, default_realm);
135 (void) sprintf(tktstring, "/tmp/tkt_cpw_%d",getpid());
136 krb_set_tkt_string(tktstring);
138 get_pw_new_key(new_key, name, inst, realm, realm_given);
140 if ((status = kadm_init_link("changepw", KRB_MASTER, realm))
142 com_err("kpasswd", status, "while initializing");
143 else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS)
144 com_err("kpasswd", status, " attempting to change password.");
146 if (status != KADM_SUCCESS)
147 fprintf(stderr,"Password NOT changed.\n");
149 printf("Password changed.\n");
158 void get_pw_new_key(new_key, name, inst, realm, print_realm)
163 int print_realm; /* True if realm was give on cmdline */
165 char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
166 char pword[MAX_KPW_LEN]; /* storage for the password */
167 char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
169 char local_realm[REALM_SZ];
173 * We don't care about failure; this is to determine whether or
174 * not to print the realm in the prompt for a new password.
176 (void) krb_get_lrealm(local_realm, 1);
178 if (strcmp(local_realm, realm))
181 (void) sprintf(ppromp,"Old password for %s%s%s%s%s:",
182 name, *inst ? "." : "", inst,
183 print_realm ? "@" : "", print_realm ? realm : "");
184 if (read_long_pw_string(pword, sizeof(pword)-1, ppromp, 0)) {
185 fprintf(stderr, "Error reading old password.\n");
189 if ((status = krb_get_pw_in_tkt(name, inst, realm, PWSERV_NAME,
190 KADM_SINST, 1, pword)) != KSUCCESS) {
191 if (status == INTK_BADPW) {
192 printf("Incorrect old password.\n");
196 fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]);
200 bzero(pword, sizeof(pword));
202 (void) sprintf(npromp,"New Password for %s%s%s%s%s:",
203 name, *inst ? "." : "", inst,
204 print_realm ? "@" : "", print_realm ? realm : "");
205 if (read_long_pw_string(pword, sizeof(pword)-1, npromp, 1))
206 go_home("Error reading new password, password unchanged.\n",0);
207 if (strlen(pword) == 0)
208 printf("Null passwords are not allowed; try again.\n");
209 } while (strlen(pword) == 0);
212 bzero((char *) new_key, sizeof(des_cblock));
213 new_key[0] = (unsigned char) 1;
215 (void) des_string_to_key(pword, (des_cblock *)new_key);
217 bzero(pword, sizeof(pword));
225 fprintf(stderr, str, x);