changepw.c revision 55682 
1/*
2 * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include <krb5_locl.h>
35
36RCSID("$Id: changepw.c,v 1.19 1999/12/11 23:14:51 assar Exp $");
37
38static krb5_error_code
39get_kdc_address (krb5_context context,
40		 krb5_realm realm,
41		 struct addrinfo **ai)
42{
43    struct addrinfo hints;
44    krb5_error_code ret;
45    char **hostlist;
46    int port = 0;
47    char portstr[NI_MAXSERV];
48    int error;
49    char *host;
50    char *dot;
51
52    ret = krb5_get_krb_changepw_hst (context,
53				     &realm,
54				     &hostlist);
55    if (ret)
56	return ret;
57
58    host = *hostlist;
59
60    dot = strchr (host, ':');
61    if (dot != NULL) {
62	char *end;
63
64	*dot++ = '\0';
65	port = strtol (dot, &end, 0);
66    }
67    if (port == 0)
68	port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
69    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
70
71    memset (&hints, 0, sizeof(hints));
72    hints.ai_socktype = SOCK_DGRAM;
73    hints.ai_protocol = IPPROTO_UDP;
74
75    error = getaddrinfo (host, portstr, &hints, ai);
76    krb5_free_krbhst (context, hostlist);
77    return error;
78}
79
80static krb5_error_code
81send_request (krb5_context context,
82	      krb5_auth_context *auth_context,
83	      krb5_creds *creds,
84	      int sock,
85	      struct sockaddr *sa,
86	      int sa_size,
87	      char *passwd)
88{
89    krb5_error_code ret;
90    krb5_data ap_req_data;
91    krb5_data krb_priv_data;
92    krb5_data passwd_data;
93    size_t len;
94    u_char header[6];
95    u_char *p;
96    struct iovec iov[3];
97    struct msghdr msghdr;
98
99    krb5_data_zero (&ap_req_data);
100
101    ret = krb5_mk_req_extended (context,
102				auth_context,
103				AP_OPTS_MUTUAL_REQUIRED,
104				NULL, /* in_data */
105				creds,
106				&ap_req_data);
107    if (ret)
108	return ret;
109
110    passwd_data.data   = passwd;
111    passwd_data.length = strlen(passwd);
112
113    krb5_data_zero (&krb_priv_data);
114
115    ret = krb5_mk_priv (context,
116			*auth_context,
117			&passwd_data,
118			&krb_priv_data,
119			NULL);
120    if (ret)
121	goto out2;
122
123    len = 6 + ap_req_data.length + krb_priv_data.length;
124    p = header;
125    *p++ = (len >> 8) & 0xFF;
126    *p++ = (len >> 0) & 0xFF;
127    *p++ = 0;
128    *p++ = 1;
129    *p++ = (ap_req_data.length >> 8) & 0xFF;
130    *p++ = (ap_req_data.length >> 0) & 0xFF;
131
132    memset(&msghdr, 0, sizeof(msghdr));
133    msghdr.msg_name       = (void *)sa;
134    msghdr.msg_namelen    = sa_size;
135    msghdr.msg_iov        = iov;
136    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
137#if 0
138    msghdr.msg_control    = NULL;
139    msghdr.msg_controllen = 0;
140#endif
141
142    iov[0].iov_base    = (void*)header;
143    iov[0].iov_len     = 6;
144    iov[1].iov_base    = ap_req_data.data;
145    iov[1].iov_len     = ap_req_data.length;
146    iov[2].iov_base    = krb_priv_data.data;
147    iov[2].iov_len     = krb_priv_data.length;
148
149    if (sendmsg (sock, &msghdr, 0) < 0)
150	ret = errno;
151
152    krb5_data_free (&krb_priv_data);
153out2:
154    krb5_data_free (&ap_req_data);
155    return ret;
156}
157
158static void
159str2data (krb5_data *d,
160	  char *fmt,
161	  ...)
162{
163    va_list args;
164
165    va_start(args, fmt);
166    d->length = vasprintf ((char **)&d->data, fmt, args);
167    va_end(args);
168}
169
170static krb5_error_code
171process_reply (krb5_context context,
172	       krb5_auth_context auth_context,
173	       int sock,
174	       int *result_code,
175	       krb5_data *result_code_string,
176	       krb5_data *result_string)
177{
178    krb5_error_code ret;
179    u_char reply[BUFSIZ];
180    size_t len;
181    u_int16_t pkt_len, pkt_ver;
182    krb5_data ap_rep_data;
183
184    ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
185    if (ret < 0)
186	return errno;
187
188    len = ret;
189    pkt_len = (reply[0] << 8) | (reply[1]);
190    pkt_ver = (reply[2] << 8) | (reply[3]);
191
192    if (pkt_len != len) {
193	str2data (result_string, "client: wrong len in reply");
194	*result_code = KRB5_KPASSWD_MALFORMED;
195	return 0;
196    }
197    if (pkt_ver != 0x0001) {
198	str2data (result_string,
199		  "client: wrong version number (%d)", pkt_ver);
200	*result_code = KRB5_KPASSWD_MALFORMED;
201	return 0;
202    }
203
204    ap_rep_data.data = reply + 6;
205    ap_rep_data.length  = (reply[4] << 8) | (reply[5]);
206
207    if (ap_rep_data.length) {
208	krb5_ap_rep_enc_part *ap_rep;
209	krb5_data priv_data;
210	u_char *p;
211
212	ret = krb5_rd_rep (context,
213			   auth_context,
214			   &ap_rep_data,
215			   &ap_rep);
216	if (ret)
217	    return ret;
218
219	krb5_free_ap_rep_enc_part (context, ap_rep);
220
221	priv_data.data   = (u_char*)ap_rep_data.data + ap_rep_data.length;
222	priv_data.length = len - ap_rep_data.length - 6;
223
224	ret = krb5_rd_priv (context,
225			    auth_context,
226			    &priv_data,
227			    result_code_string,
228			    NULL);
229	if (ret) {
230	    krb5_data_free (result_code_string);
231	    return ret;
232	}
233
234	if (result_code_string->length < 2) {
235	    *result_code = KRB5_KPASSWD_MALFORMED;
236	    str2data (result_string,
237		      "client: bad length in result");
238	    return 0;
239	}
240	p = result_code_string->data;
241
242	*result_code = (p[0] << 8) | p[1];
243	krb5_data_copy (result_string,
244			(unsigned char*)result_code_string->data + 2,
245			result_code_string->length - 2);
246	return 0;
247    } else {
248	KRB_ERROR error;
249	size_t size;
250	u_char *p;
251
252	ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
253	if (ret) {
254	    return ret;
255	}
256	if (error.e_data->length < 2) {
257	    krb5_warnx (context, "too short e_data to print anything usable");
258	    return 1;
259	}
260
261	p = error.e_data->data;
262	*result_code = (p[0] << 8) | p[1];
263	krb5_data_copy (result_string,
264			p + 2,
265			error.e_data->length - 2);
266	return 0;
267    }
268}
269
270krb5_error_code
271krb5_change_password (krb5_context	context,
272		      krb5_creds	*creds,
273		      char		*newpw,
274		      int		*result_code,
275		      krb5_data		*result_code_string,
276		      krb5_data		*result_string)
277{
278    krb5_error_code ret;
279    krb5_auth_context auth_context = NULL;
280    int sock;
281    int i;
282    struct addrinfo *ai, *a;
283
284    ret = krb5_auth_con_init (context, &auth_context);
285    if (ret)
286	return ret;
287
288    ret = get_kdc_address (context, creds->client->realm, &ai);
289    if (ret)
290	goto out;
291
292    krb5_auth_con_setflags (context, auth_context,
293			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
294
295    for (a = ai; a != NULL; a = a->ai_next) {
296	sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
297	if (sock < 0)
298	    continue;
299
300	for (i = 0; i < 5; ++i) {
301	    fd_set fdset;
302	    struct timeval tv;
303
304	    ret = send_request (context,
305				&auth_context,
306				creds,
307				sock,
308				a->ai_addr,
309				a->ai_addrlen,
310				newpw);
311	    if (ret)
312		goto out;
313
314	    FD_ZERO(&fdset);
315	    FD_SET(sock, &fdset);
316	    tv.tv_usec = 0;
317	    tv.tv_sec  = 1 << i;
318
319	    ret = select (sock + 1, &fdset, NULL, NULL, &tv);
320	    if (ret < 0 && errno != EINTR)
321		goto out;
322	    if (ret == 1)
323		break;
324	}
325	if (i == 5) {
326	    ret = KRB5_KDC_UNREACH;
327	    close (sock);
328	    continue;
329	}
330
331	ret = process_reply (context,
332			     auth_context,
333			     sock,
334			     result_code,
335			     result_code_string,
336			     result_string);
337	close (sock);
338	if (ret == 0)
339	    break;
340    }
341    freeaddrinfo (ai);
342
343out:
344    krb5_auth_con_free (context, auth_context);
345    return ret;
346}
347