« back to all changes in this revision
Viewing changes to pam_krb5_pass.c
- browse files at revision 2
- compare with another revision
- download diff
- download tarball
- view history from revision 2
- Committer: Bazaar Package Importer
- Author(s): Sam Hartman
- Date: 2002-04-06 20:55:14 UTC
- Revision ID: james.westby@ubuntu.com-20020406205514-iwfytmlrxk2nqzt3
Tags: 1.0-7
Move fron non-us to main--second to last package of mine
- files added:
- README.patched
- debian
- patches
- files modified:
- Makefile
added
removed
pam_krb5_pass.c
5
5
*
6
6
*/
7
7
8
static const char rcsid[] = "$Id: pam_krb5_pass.c,v 1.1.1.1 2000/11/30 20:09:43 hartmans Exp $";
8
static const char rcsid[] = "$Id: pam_krb5_pass.c,v 1.2 2000/11/30 20:40:37 hartmans Exp $";
9
9
10
#include <errno.h>
11
#include <stdio.h> /* sprintf */
12
#include <stdlib.h> /* malloc */
10
13
#include <syslog.h> /* syslog */
11
14
#include <security/pam_appl.h>
12
15
#include <security/pam_modules.h>
13
16
#include <krb5.h>
17
#include <com_err.h>
14
18
#include "pam_krb5.h"
15
19
16
20
/* A useful logging macro */
27
31
krb5_context pam_context;
28
32
krb5_creds creds;
29
33
krb5_principal princ;
30
krb5_ccache ccache;
31
34
krb5_get_init_creds_opt opts;
32
35
33
36
int result_code;
41
44
int debug = 0;
42
45
int try_first_pass = 0, use_first_pass = 0;
43
46
47
48
if (flags & PAM_PRELIM_CHECK) /* not sure if this a right way to do it */
49
return PAM_SUCCESS;
44
50
if (!(flags & PAM_UPDATE_AUTHTOK))
45
51
return PAM_AUTHTOK_ERR;
46
52
54
60
}
55
61
56
62
/* Get username */
57
if (pam_get_item(pamh, PAM_USER, (void **) &name)) {
63
if ((pam_get_item(pamh, PAM_USER, (const void **) &name)) != 0) {
58
64
return PAM_SERVICE_ERR;
59
65
}
60
66
61
67
/* Get service name */
62
(void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
68
(void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
63
69
if (!service)
64
70
service = "unknown";
65
71
66
72
DLOG("entry", "");
67
73
68
if (krb5_init_context(&pam_context)) {
74
if ((krbret = krb5_init_context(&pam_context)) != 0) {
69
75
DLOG("krb5_init_context()", error_message(krbret));
70
76
return PAM_SERVICE_ERR;
71
77
}
72
78
73
if (krb5_init_context(&pam_context)) {
79
if ((krbret = krb5_init_context(&pam_context)) != 0) {
74
80
DLOG("krb5_init_context()", error_message(krbret));
75
81
return PAM_SERVICE_ERR;
76
82
}
78
84
memset(&creds, 0, sizeof(krb5_creds));
79
85
80
86
/* Get principal name */
81
if (krbret = krb5_parse_name(pam_context, name, &princ)) {
87
if ((krbret = krb5_parse_name(pam_context, name, &princ)) != 0) {
82
88
DLOG("krb5_parse_name()", error_message(krbret));
83
89
pamret = PAM_USER_UNKNOWN;
84
90
goto cleanup3;
85
91
}
86
92
87
93
/* Now convert the principal name into something human readable */
88
if (krbret = krb5_unparse_name(pam_context, princ, &princ_name)) {
94
if ((krbret = krb5_unparse_name(pam_context, princ, &princ_name)) != 0) {
89
95
DLOG("krb5_unparse_name()", error_message(krbret));
90
96
pamret = PAM_SERVICE_ERR;
91
97
goto cleanup2;
101
107
(void) sprintf(prompt, "Password for %s: ", princ_name);
102
108
103
109
if (try_first_pass || use_first_pass)
104
(void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
110
(void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
105
111
106
112
get_pass:
107
113
if (!pass) {
108
114
try_first_pass = 0;
109
if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
115
if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF,
116
&pass)) != 0) {
110
117
DLOG("get_user_info()", pam_strerror(pamh, pamret));
111
118
pamret = PAM_SERVICE_ERR;
112
119
goto cleanup2;
113
120
}
114
121
/* We have to free pass. */
115
if (pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) {
122
if ((pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) != 0) {
116
123
DLOG("pam_set_item()", pam_strerror(pamh, pamret));
117
124
free(pass);
118
125
pamret = PAM_SERVICE_ERR;
120
127
}
121
128
free(pass);
122
129
/* Now we get it back from the library. */
123
(void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
130
(void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
124
131
}
125
132
126
if (krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
127
pass, pam_prompter, pamh,
128
0, "kadmin/changepw", &opts)) {
133
if ((krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
134
pass, pam_prompter, pamh, 0, "kadmin/changepw", &opts)) != 0) {
129
135
DLOG("krb5_get_init_creds_password()", error_message(krbret));
130
136
if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
131
137
pass = NULL;
138
144
/* Now get the new password */
139
145
free(prompt);
140
146
prompt = "Enter new password: ";
141
if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
147
if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass))
148
!= 0) {
142
149
DLOG("get_user_info()", pam_strerror(pamh, pamret));
143
150
prompt = NULL;
144
151
pamret = PAM_SERVICE_ERR;
145
152
goto cleanup;
146
153
}
147
154
prompt = "Enter it again: ";
148
if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass2)) {
155
if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass2))
156
!= 0) {
149
157
DLOG("get_user_info()", pam_strerror(pamh, pamret));
150
158
prompt = NULL;
151
159
pamret = PAM_SERVICE_ERR;
160
168
}
161
169
162
170
/* Change it */
163
if (krbret = krb5_change_password(pam_context, &creds, pass,
164
&result_code, &result_code_string,
165
&result_string)) {
171
if ((krbret = krb5_change_password(pam_context, &creds, pass,
172
&result_code, &result_code_string, &result_string)) != 0) {
166
173
DLOG("krb5_change_password()", error_message(krbret));
167
174
pamret = PAM_AUTHTOK_ERR;
168
175
goto cleanup;
Loggerhead is a web-based interface for Breezy
Version: 2.0.1