1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
/*
* This software may now be redistributed outside the US.
*
* $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/get_pw_tkt.c,v $
*
* $Locker: $
*/
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
Export of this software from the United States of America is assumed
to require a specific license from the United States Government.
It is the responsibility of any person or organization contemplating
export to obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. M.I.T. makes no representations about the suitability of
this software for any purpose. It is provided "as is" without express
or implied warranty.
*/
#include "krb_locl.h"
#include <sys/param.h>
/*
* Get a ticket for the password-changing server ("changepw.KRB_MASTER").
*
* Given the name, instance, realm, and current password of the
* principal for which the user wants a password-changing-ticket,
* return either:
*
* GT_PW_BADPW if current password was wrong,
* GT_PW_NULL if principal had a NULL password,
* or the result of the krb_get_pw_in_tkt() call.
*
* First, try to get a ticket for "user.instance@realm" to use the
* "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h").
* The requested lifetime for the ticket is "1", and the current
* password is the "cpw" argument given.
*
* If the password was bad, give up.
*
* If the principal had a NULL password in the Kerberos database
* (indicating that the principal is known to Kerberos, but hasn't
* got a password yet), try instead to get a ticket for the principal
* "default.changepw@realm" to use the "changepw.KRB_MASTER" server.
* Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL
* if all goes well, otherwise the error.
*
* If this routine succeeds, a ticket and session key for either the
* principal "user.instance@realm" or "default.changepw@realm" to use
* the password-changing server will be in the user's ticket file.
*/
int
get_pw_tkt(user, instance, realm, cpw)
char *user;
char *instance;
char *realm;
char *cpw;
{
char *dot, admin[MAXHOSTNAMELEN];
int kerror;
if ((kerror = krb_get_admhst(admin, realm, 1)) != KSUCCESS)
return(GT_PW_BADPW);
if ((dot = strchr(admin, '.')) != NULL)
*dot = '\0';
kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",
admin, 1, cpw);
if (kerror == INTK_BADPW)
return(GT_PW_BADPW);
if (kerror == KDC_NULL_KEY) {
kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",
admin,1,"changepwkrb");
if (kerror)
return(kerror);
return(GT_PW_NULL);
}
return(kerror);
}
|
