1
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
3
/* Copyright (C) 2004 Novell, Inc.
5
* This program is free software; you can redistribute it and/or
6
* modify it under the terms of version 2 of the GNU Lesser General Public
7
* License as published by the Free Software Foundation.
9
* This program is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12
* General Public License for more details.
14
* You should have received a copy of the GNU Lesser General Public
15
* License along with this program; if not, write to the
16
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
17
* Boston, MA 02110-1301, USA.
30
#include "e2k-kerberos.h"
34
e2k_kerberos_context_new (const gchar *domain)
39
if (krb5_init_context (&ctx) != 0)
42
realm = g_ascii_strup (domain, strlen (domain));
43
krb5_set_default_realm (ctx, realm);
49
static E2kKerberosResult
50
krb5_result_to_e2k_kerberos_result (gint result)
54
return E2K_KERBEROS_OK;
56
case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
57
return E2K_KERBEROS_USER_UNKNOWN;
59
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
60
case KRB5KDC_ERR_PREAUTH_FAILED:
61
case KRB5KDC_ERR_CLIENT_REVOKED:
62
return E2K_KERBEROS_PASSWORD_INCORRECT;
64
case KRB5KDC_ERR_KEY_EXP:
65
return E2K_KERBEROS_PASSWORD_EXPIRED;
67
case KRB5_KDC_UNREACH:
68
return E2K_KERBEROS_KDC_UNREACHABLE;
70
case KRB5KRB_AP_ERR_SKEW:
71
return E2K_KERBEROS_TIME_SKEW;
74
g_warning ("Unexpected kerberos error %d", result);
76
case KRB5_REALM_UNKNOWN:
77
return E2K_KERBEROS_FAILED;
81
static E2kKerberosResult
82
get_init_cred (krb5_context ctx, const gchar *usr_name, const gchar *passwd,
83
const gchar *in_tkt_service, krb5_creds *cred)
85
krb5_principal principal;
86
krb5_get_init_creds_opt opt;
87
krb5_error_code result;
89
result = krb5_parse_name (ctx, usr_name, &principal);
91
return E2K_KERBEROS_USER_UNKNOWN;
93
krb5_get_init_creds_opt_init (&opt);
94
krb5_get_init_creds_opt_set_tkt_life (&opt, 5*60);
95
krb5_get_init_creds_opt_set_renew_life (&opt, 0);
96
krb5_get_init_creds_opt_set_forwardable (&opt, 0);
97
krb5_get_init_creds_opt_set_proxiable (&opt, 0);
99
result = krb5_get_init_creds_password (ctx, cred, principal,
102
(gchar *) in_tkt_service, &opt);
103
krb5_free_principal (ctx, principal);
105
return krb5_result_to_e2k_kerberos_result (result);
109
* e2k_kerberos_change_password
111
* @domain: Windows (2000) domain name
112
* @old_password: currrent password
113
* @new_password: password to be changed to
115
* Changes the password for the given user
117
* Return value: an #E2kKerberosResult
120
e2k_kerberos_change_password (const gchar *user, const gchar *domain,
121
const gchar *old_password, const gchar *new_password)
125
krb5_data res_code_string, res_string;
126
E2kKerberosResult result;
129
ctx = e2k_kerberos_context_new (domain);
131
return E2K_KERBEROS_FAILED;
133
result = get_init_cred (ctx, user, old_password,
134
"kadmin/changepw", &creds);
135
if (result != E2K_KERBEROS_OK) {
136
krb5_free_context (ctx);
140
result = krb5_change_password (ctx, &creds, (gchar *)new_password,
141
&res_code, &res_code_string, &res_string);
142
krb5_free_cred_contents (ctx, &creds);
143
krb5_free_data_contents (ctx, &res_code_string);
144
krb5_free_data_contents (ctx, &res_string);
145
krb5_free_context (ctx);
148
return krb5_result_to_e2k_kerberos_result (result);
149
else if (res_code != 0)
150
return E2K_KERBEROS_FAILED;
152
return E2K_KERBEROS_OK;
156
* e2k_kerberos_check_password:
158
* @domain: Windows (2000) domain name
159
* @password: current password
161
* Checks if the password is valid, invalid, or expired
163
* Return value: %E2K_KERBEROS_OK, %E2K_KERBEROS_USER_UNKNOWN,
164
* %E2K_KERBEROS_PASSWORD_INCORRECT, %E2K_KERBEROS_PASSWORD_EXPIRED,
165
* or %E2K_KERBEROS_FAILED (for unknown errors)
168
e2k_kerberos_check_password (const gchar *user, const gchar *domain,
169
const gchar *password)
173
E2kKerberosResult result;
175
ctx = e2k_kerberos_context_new (domain);
177
return E2K_KERBEROS_FAILED;
179
result = get_init_cred (ctx, user, password, NULL, &creds);
181
krb5_free_context (ctx);
182
if (result == E2K_KERBEROS_OK)
183
krb5_free_cred_contents (ctx, &creds);