2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <krb5_locl.h>
36 RCSID("$Id: changepw.c 17442 2006-05-05 09:31:15Z lha $");
39 str2data (krb5_data *d,
41 ...) __attribute__ ((format (printf, 2, 3)));
44 str2data (krb5_data *d,
51 d->length = vasprintf ((char **)&d->data, fmt, args);
56 * Change password protocol defined by
57 * draft-ietf-cat-kerb-chg-password-02.txt
59 * Share the response part of the protocol with MS set password
63 static krb5_error_code
64 chgpw_send_request (krb5_context context,
65 krb5_auth_context *auth_context,
67 krb5_principal targprinc,
74 krb5_data ap_req_data;
75 krb5_data krb_priv_data;
76 krb5_data passwd_data;
84 return KRB5_KPASSWD_MALFORMED;
87 krb5_principal_compare(context, creds->client, targprinc) != TRUE)
88 return KRB5_KPASSWD_MALFORMED;
90 krb5_data_zero (&ap_req_data);
92 ret = krb5_mk_req_extended (context,
94 AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
101 passwd_data.data = rk_UNCONST(passwd);
102 passwd_data.length = strlen(passwd);
104 krb5_data_zero (&krb_priv_data);
106 ret = krb5_mk_priv (context,
114 len = 6 + ap_req_data.length + krb_priv_data.length;
116 *p++ = (len >> 8) & 0xFF;
117 *p++ = (len >> 0) & 0xFF;
120 *p++ = (ap_req_data.length >> 8) & 0xFF;
121 *p++ = (ap_req_data.length >> 0) & 0xFF;
123 memset(&msghdr, 0, sizeof(msghdr));
124 msghdr.msg_name = NULL;
125 msghdr.msg_namelen = 0;
126 msghdr.msg_iov = iov;
127 msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
129 msghdr.msg_control = NULL;
130 msghdr.msg_controllen = 0;
133 iov[0].iov_base = (void*)header;
135 iov[1].iov_base = ap_req_data.data;
136 iov[1].iov_len = ap_req_data.length;
137 iov[2].iov_base = krb_priv_data.data;
138 iov[2].iov_len = krb_priv_data.length;
140 if (sendmsg (sock, &msghdr, 0) < 0) {
142 krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
145 krb5_data_free (&krb_priv_data);
147 krb5_data_free (&ap_req_data);
152 * Set password protocol as defined by RFC3244 --
153 * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
156 static krb5_error_code
157 setpw_send_request (krb5_context context,
158 krb5_auth_context *auth_context,
160 krb5_principal targprinc,
167 krb5_data ap_req_data;
168 krb5_data krb_priv_data;
170 ChangePasswdDataMS chpw;
172 u_char header[4 + 6];
175 struct msghdr msghdr;
177 krb5_data_zero (&ap_req_data);
179 ret = krb5_mk_req_extended (context,
181 AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
188 chpw.newpasswd.length = strlen(passwd);
189 chpw.newpasswd.data = rk_UNCONST(passwd);
191 chpw.targname = &targprinc->name;
192 chpw.targrealm = &targprinc->realm;
194 chpw.targname = NULL;
195 chpw.targrealm = NULL;
198 ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
201 krb5_data_free (&ap_req_data);
205 if(pwd_data.length != len)
206 krb5_abortx(context, "internal error in ASN.1 encoder");
208 ret = krb5_mk_priv (context,
216 len = 6 + ap_req_data.length + krb_priv_data.length;
219 _krb5_put_int(p, len, 4);
222 *p++ = (len >> 8) & 0xFF;
223 *p++ = (len >> 0) & 0xFF;
226 *p++ = (ap_req_data.length >> 8) & 0xFF;
227 *p++ = (ap_req_data.length >> 0) & 0xFF;
229 memset(&msghdr, 0, sizeof(msghdr));
230 msghdr.msg_name = NULL;
231 msghdr.msg_namelen = 0;
232 msghdr.msg_iov = iov;
233 msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
235 msghdr.msg_control = NULL;
236 msghdr.msg_controllen = 0;
239 iov[0].iov_base = (void*)header;
244 iov[1].iov_base = ap_req_data.data;
245 iov[1].iov_len = ap_req_data.length;
246 iov[2].iov_base = krb_priv_data.data;
247 iov[2].iov_len = krb_priv_data.length;
249 if (sendmsg (sock, &msghdr, 0) < 0) {
251 krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
254 krb5_data_free (&krb_priv_data);
256 krb5_data_free (&ap_req_data);
257 krb5_data_free (&pwd_data);
261 static krb5_error_code
262 process_reply (krb5_context context,
263 krb5_auth_context auth_context,
267 krb5_data *result_code_string,
268 krb5_data *result_string,
272 u_char reply[1024 * 3];
274 uint16_t pkt_len, pkt_ver;
275 krb5_data ap_rep_data;
280 while (len < sizeof(reply)) {
283 ret = recvfrom (sock, reply + len, sizeof(reply) - len,
287 krb5_set_error_string(context, "recvfrom %s: %s",
288 host, strerror(save_errno));
290 } else if (ret == 0) {
291 krb5_set_error_string(context, "recvfrom timeout %s", host);
297 _krb5_get_int(reply, &size, 4);
300 memmove(reply, reply + 4, size);
304 if (len == sizeof(reply)) {
305 krb5_set_error_string(context, "message too large from %s",
310 ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
313 krb5_set_error_string(context, "recvfrom %s: %s",
314 host, strerror(save_errno));
321 str2data (result_string, "server %s sent to too short message "
322 "(%ld bytes)", host, (long)len);
323 *result_code = KRB5_KPASSWD_MALFORMED;
327 pkt_len = (reply[0] << 8) | (reply[1]);
328 pkt_ver = (reply[2] << 8) | (reply[3]);
330 if ((pkt_len != len) || (reply[1] == 0x7e || reply[1] == 0x5e)) {
335 memset(&error, 0, sizeof(error));
337 ret = decode_KRB_ERROR(reply, len, &error, &size);
341 if (error.e_data->length < 2) {
342 str2data(result_string, "server %s sent too short "
343 "e_data to print anything usable", host);
344 free_KRB_ERROR(&error);
345 *result_code = KRB5_KPASSWD_MALFORMED;
349 p = error.e_data->data;
350 *result_code = (p[0] << 8) | p[1];
351 if (error.e_data->length == 2)
352 str2data(result_string, "server only sent error code");
354 krb5_data_copy (result_string,
356 error.e_data->length - 2);
357 free_KRB_ERROR(&error);
361 if (pkt_len != len) {
362 str2data (result_string, "client: wrong len in reply");
363 *result_code = KRB5_KPASSWD_MALFORMED;
366 if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
367 str2data (result_string,
368 "client: wrong version number (%d)", pkt_ver);
369 *result_code = KRB5_KPASSWD_MALFORMED;
373 ap_rep_data.data = reply + 6;
374 ap_rep_data.length = (reply[4] << 8) | (reply[5]);
376 if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) {
377 str2data (result_string, "client: wrong AP len in reply");
378 *result_code = KRB5_KPASSWD_MALFORMED;
382 if (ap_rep_data.length) {
383 krb5_ap_rep_enc_part *ap_rep;
387 priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
388 priv_data.length = len - ap_rep_data.length - 6;
390 ret = krb5_rd_rep (context,
397 krb5_free_ap_rep_enc_part (context, ap_rep);
399 ret = krb5_rd_priv (context,
405 krb5_data_free (result_code_string);
409 if (result_code_string->length < 2) {
410 *result_code = KRB5_KPASSWD_MALFORMED;
411 str2data (result_string,
412 "client: bad length in result");
416 p = result_code_string->data;
418 *result_code = (p[0] << 8) | p[1];
419 krb5_data_copy (result_string,
420 (unsigned char*)result_code_string->data + 2,
421 result_code_string->length - 2);
428 ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
432 if (error.e_data->length < 2) {
433 krb5_warnx (context, "too short e_data to print anything usable");
437 p = error.e_data->data;
438 *result_code = (p[0] << 8) | p[1];
439 krb5_data_copy (result_string,
441 error.e_data->length - 2);
448 * change the password using the credentials in `creds' (for the
449 * principal indicated in them) to `newpw', storing the result of
450 * the operation in `result_*' and an error code or 0.
453 typedef krb5_error_code (*kpwd_send_request) (krb5_context,
461 typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
470 static struct kpwd_proc {
473 #define SUPPORT_TCP 1
474 #define SUPPORT_UDP 2
475 kpwd_send_request send_req;
476 kpwd_process_reply process_rep;
480 SUPPORT_TCP|SUPPORT_UDP,
493 static struct kpwd_proc *
494 find_chpw_proto(const char *name)
497 for (p = procs; p->name != NULL; p++) {
498 if (strcmp(p->name, name) == 0)
508 static krb5_error_code
509 change_password_loop (krb5_context context,
511 krb5_principal targprinc,
514 krb5_data *result_code_string,
515 krb5_data *result_string,
516 struct kpwd_proc *proc)
519 krb5_auth_context auth_context = NULL;
520 krb5_krbhst_handle handle = NULL;
521 krb5_krbhst_info *hi;
528 realm = targprinc->realm;
530 realm = creds->client->realm;
532 ret = krb5_auth_con_init (context, &auth_context);
536 krb5_auth_con_setflags (context, auth_context,
537 KRB5_AUTH_CONTEXT_DO_SEQUENCE);
539 ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle);
543 while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) {
544 struct addrinfo *ai, *a;
548 case KRB5_KRBHST_UDP:
549 if ((proc->flags & SUPPORT_UDP) == 0)
553 case KRB5_KRBHST_TCP:
554 if ((proc->flags & SUPPORT_TCP) == 0)
562 ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
566 for (a = ai; !done && a != NULL; a = a->ai_next) {
569 sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
573 ret = connect(sock, a->ai_addr, a->ai_addrlen);
579 ret = krb5_auth_con_genaddrs (context, auth_context, sock,
580 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
586 for (i = 0; !done && i < 5; ++i) {
593 ret = (*proc->send_req) (context,
607 if (sock >= FD_SETSIZE) {
608 krb5_set_error_string(context, "fd %d too large", sock);
615 FD_SET(sock, &fdset);
617 tv.tv_sec = 1 + (1 << i);
619 ret = select (sock + 1, &fdset, NULL, NULL, &tv);
620 if (ret < 0 && errno != EINTR) {
625 ret = (*proc->process_rep) (context,
635 else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
638 ret = KRB5_KDC_UNREACH;
646 krb5_krbhst_free (context, handle);
647 krb5_auth_con_free (context, auth_context);
651 if (ret == KRB5_KDC_UNREACH) {
652 krb5_set_error_string(context,
653 "unable to reach any changepw server "
654 " in realm %s", realm);
655 *result_code = KRB5_KPASSWD_HARDERROR;
663 * change the password using the credentials in `creds' (for the
664 * principal indicated in them) to `newpw', storing the result of
665 * the operation in `result_*' and an error code or 0.
668 krb5_error_code KRB5_LIB_FUNCTION
669 krb5_change_password (krb5_context context,
673 krb5_data *result_code_string,
674 krb5_data *result_string)
676 struct kpwd_proc *p = find_chpw_proto("change password");
678 *result_code = KRB5_KPASSWD_MALFORMED;
679 result_code_string->data = result_string->data = NULL;
680 result_code_string->length = result_string->length = 0;
683 return KRB5_KPASSWD_MALFORMED;
685 return change_password_loop(context, creds, NULL, newpw,
686 result_code, result_code_string,
694 krb5_error_code KRB5_LIB_FUNCTION
695 krb5_set_password(krb5_context context,
698 krb5_principal targprinc,
700 krb5_data *result_code_string,
701 krb5_data *result_string)
703 krb5_principal principal = NULL;
704 krb5_error_code ret = 0;
707 *result_code = KRB5_KPASSWD_MALFORMED;
708 result_code_string->data = result_string->data = NULL;
709 result_code_string->length = result_string->length = 0;
711 if (targprinc == NULL) {
712 ret = krb5_get_default_principal(context, &principal);
716 principal = targprinc;
718 for (i = 0; procs[i].name != NULL; i++) {
720 ret = change_password_loop(context, creds, principal, newpw,
721 result_code, result_code_string,
724 if (ret == 0 && *result_code == 0)
728 if (targprinc == NULL)
729 krb5_free_principal(context, principal);
737 krb5_error_code KRB5_LIB_FUNCTION
738 krb5_set_password_using_ccache(krb5_context context,
741 krb5_principal targprinc,
743 krb5_data *result_code_string,
744 krb5_data *result_string)
746 krb5_creds creds, *credsp;
748 krb5_principal principal = NULL;
750 *result_code = KRB5_KPASSWD_MALFORMED;
751 result_code_string->data = result_string->data = NULL;
752 result_code_string->length = result_string->length = 0;
754 memset(&creds, 0, sizeof(creds));
756 if (targprinc == NULL) {
757 ret = krb5_cc_get_principal(context, ccache, &principal);
761 principal = targprinc;
763 ret = krb5_make_principal(context, &creds.server,
764 krb5_principal_get_realm(context, principal),
765 "kadmin", "changepw", NULL);
769 ret = krb5_cc_get_principal(context, ccache, &creds.client);
771 krb5_free_principal(context, creds.server);
775 ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
776 krb5_free_principal(context, creds.server);
777 krb5_free_principal(context, creds.client);
781 ret = krb5_set_password(context,
789 krb5_free_creds(context, credsp);
793 if (targprinc == NULL)
794 krb5_free_principal(context, principal);
802 const char* KRB5_LIB_FUNCTION
803 krb5_passwd_result_to_string (krb5_context context,
806 static const char *strings[] = {
814 "Initial flag needed"
817 if (result < 0 || result > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)
818 return "unknown result code";
820 return strings[result];