Coverage Report

Created: 2025-07-23 07:04

/src/samba/third_party/heimdal/lib/krb5/changepw.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of the Institute nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 */
33
34
#include "krb5_locl.h"
35
36
#undef __attribute__
37
#define __attribute__(X)
38
39
40
static void
41
str2data (krb5_data *d,
42
    const char *fmt,
43
    ...) __attribute__ ((__format__ (__printf__, 2, 3)));
44
45
static void
46
str2data (krb5_data *d,
47
    const char *fmt,
48
    ...)
49
0
{
50
0
    va_list args;
51
0
    char *str;
52
53
0
    va_start(args, fmt);
54
0
    d->length = vasprintf (&str, fmt, args);
55
0
    va_end(args);
56
0
    d->data = str;
57
0
}
58
59
/*
60
 * Change password protocol defined by
61
 * draft-ietf-cat-kerb-chg-password-02.txt
62
 *
63
 * Share the response part of the protocol with MS set password
64
 * (RFC3244)
65
 */
66
67
static krb5_error_code
68
chgpw_send_request (krb5_context context,
69
        krb5_auth_context *auth_context,
70
        krb5_creds *creds,
71
        krb5_principal targprinc,
72
        int is_stream,
73
        rk_socket_t sock,
74
        const char *passwd,
75
        const char *host)
76
0
{
77
0
    krb5_error_code ret;
78
0
    krb5_data ap_req_data;
79
0
    krb5_data krb_priv_data;
80
0
    krb5_data passwd_data;
81
0
    size_t len;
82
0
    u_char header[6];
83
0
    struct iovec iov[3];
84
0
    struct msghdr msghdr;
85
86
0
    if (is_stream)
87
0
  return KRB5_KPASSWD_MALFORMED;
88
89
0
    if (targprinc &&
90
0
  krb5_principal_compare(context, creds->client, targprinc) != TRUE)
91
0
  return KRB5_KPASSWD_MALFORMED;
92
93
0
    krb5_data_zero (&ap_req_data);
94
95
0
    ret = krb5_mk_req_extended (context,
96
0
        auth_context,
97
0
        AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
98
0
        NULL, /* in_data */
99
0
        creds,
100
0
        &ap_req_data);
101
0
    if (ret)
102
0
  return ret;
103
104
0
    passwd_data.data   = rk_UNCONST(passwd);
105
0
    passwd_data.length = strlen(passwd);
106
107
0
    krb5_data_zero (&krb_priv_data);
108
109
0
    ret = krb5_mk_priv (context,
110
0
      *auth_context,
111
0
      &passwd_data,
112
0
      &krb_priv_data,
113
0
      NULL);
114
0
    if (ret)
115
0
  goto out2;
116
117
0
    len = 6 + ap_req_data.length + krb_priv_data.length;
118
0
    header[0] = (len >> 8) & 0xFF;
119
0
    header[1] = (len >> 0) & 0xFF;
120
0
    header[2] = 0;
121
0
    header[3] = 1;
122
0
    header[4] = (ap_req_data.length >> 8) & 0xFF;
123
0
    header[5] = (ap_req_data.length >> 0) & 0xFF;
124
125
0
    memset(&msghdr, 0, sizeof(msghdr));
126
0
    msghdr.msg_name       = NULL;
127
0
    msghdr.msg_namelen    = 0;
128
0
    msghdr.msg_iov        = iov;
129
0
    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
130
#if 0
131
    msghdr.msg_control    = NULL;
132
    msghdr.msg_controllen = 0;
133
#endif
134
135
0
    iov[0].iov_base    = (void*)header;
136
0
    iov[0].iov_len     = 6;
137
0
    iov[1].iov_base    = ap_req_data.data;
138
0
    iov[1].iov_len     = ap_req_data.length;
139
0
    iov[2].iov_base    = krb_priv_data.data;
140
0
    iov[2].iov_len     = krb_priv_data.length;
141
142
0
    if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) {
143
0
  ret = rk_SOCK_ERRNO;
144
0
  krb5_set_error_message(context, ret, "sendmsg %s: %s",
145
0
             host, strerror(ret));
146
0
    }
147
148
0
    krb5_data_free (&krb_priv_data);
149
0
out2:
150
0
    krb5_data_free (&ap_req_data);
151
0
    return ret;
152
0
}
153
154
/*
155
 * Set password protocol as defined by RFC3244 --
156
 * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
157
 */
158
159
static krb5_error_code
160
setpw_send_request (krb5_context context,
161
        krb5_auth_context *auth_context,
162
        krb5_creds *creds,
163
        krb5_principal targprinc,
164
        int is_stream,
165
        rk_socket_t sock,
166
        const char *passwd,
167
        const char *host)
168
0
{
169
0
    krb5_error_code ret;
170
0
    krb5_data ap_req_data;
171
0
    krb5_data krb_priv_data;
172
0
    krb5_data pwd_data;
173
0
    ChangePasswdDataMS chpw;
174
0
    size_t len = 0;
175
0
    u_char header[4 + 6];
176
0
    u_char *p;
177
0
    struct iovec iov[3];
178
0
    struct msghdr msghdr;
179
180
0
    krb5_data_zero (&ap_req_data);
181
182
0
    ret = krb5_mk_req_extended (context,
183
0
        auth_context,
184
0
        AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
185
0
        NULL, /* in_data */
186
0
        creds,
187
0
        &ap_req_data);
188
0
    if (ret)
189
0
  return ret;
190
191
0
    chpw.newpasswd.length = strlen(passwd);
192
0
    chpw.newpasswd.data = rk_UNCONST(passwd);
193
0
    if (targprinc) {
194
0
  chpw.targname = &targprinc->name;
195
0
  chpw.targrealm = &targprinc->realm;
196
0
    } else {
197
0
  chpw.targname = NULL;
198
0
  chpw.targrealm = NULL;
199
0
    }
200
201
0
    ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
202
0
           &chpw, &len, ret);
203
0
    if (ret) {
204
0
  krb5_data_free (&ap_req_data);
205
0
  return ret;
206
0
    }
207
208
0
    if(pwd_data.length != len)
209
0
  krb5_abortx(context, "internal error in ASN.1 encoder");
210
211
0
    ret = krb5_mk_priv (context,
212
0
      *auth_context,
213
0
      &pwd_data,
214
0
      &krb_priv_data,
215
0
      NULL);
216
0
    if (ret)
217
0
  goto out2;
218
219
0
    len = 6 + ap_req_data.length + krb_priv_data.length;
220
0
    p = header;
221
0
    if (is_stream) {
222
0
  _krb5_put_int(p, len, 4);
223
0
  p += 4;
224
0
    }
225
0
    *p++ = (len >> 8) & 0xFF;
226
0
    *p++ = (len >> 0) & 0xFF;
227
0
    *p++ = 0xff;
228
0
    *p++ = 0x80;
229
0
    *p++ = (ap_req_data.length >> 8) & 0xFF;
230
0
    *p   = (ap_req_data.length >> 0) & 0xFF;
231
232
0
    memset(&msghdr, 0, sizeof(msghdr));
233
0
    msghdr.msg_name       = NULL;
234
0
    msghdr.msg_namelen    = 0;
235
0
    msghdr.msg_iov        = iov;
236
0
    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
237
#if 0
238
    msghdr.msg_control    = NULL;
239
    msghdr.msg_controllen = 0;
240
#endif
241
242
0
    iov[0].iov_base    = (void*)header;
243
0
    if (is_stream)
244
0
  iov[0].iov_len     = 10;
245
0
    else
246
0
  iov[0].iov_len     = 6;
247
0
    iov[1].iov_base    = ap_req_data.data;
248
0
    iov[1].iov_len     = ap_req_data.length;
249
0
    iov[2].iov_base    = krb_priv_data.data;
250
0
    iov[2].iov_len     = krb_priv_data.length;
251
252
0
    if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) {
253
0
  ret = rk_SOCK_ERRNO;
254
0
  krb5_set_error_message(context, ret, "sendmsg %s: %s",
255
0
             host, strerror(ret));
256
0
    }
257
258
0
    krb5_data_free (&krb_priv_data);
259
0
out2:
260
0
    krb5_data_free (&ap_req_data);
261
0
    krb5_data_free (&pwd_data);
262
0
    return ret;
263
0
}
264
265
static krb5_error_code
266
process_reply (krb5_context context,
267
         krb5_auth_context auth_context,
268
         int is_stream,
269
         rk_socket_t sock,
270
         int *result_code,
271
         krb5_data *result_code_string,
272
         krb5_data *result_string,
273
         const char *host)
274
0
{
275
0
    krb5_error_code ret;
276
0
    u_char reply[1024 * 3];
277
0
    size_t len;
278
0
    uint16_t pkt_len, pkt_ver;
279
0
    krb5_data ap_rep_data;
280
0
    int save_errno;
281
282
0
    len = 0;
283
0
    if (is_stream) {
284
0
  while (len < sizeof(reply)) {
285
0
      unsigned long size;
286
287
0
      ret = recvfrom (sock, reply + len, sizeof(reply) - len,
288
0
          0, NULL, NULL);
289
0
      if (rk_IS_SOCKET_ERROR(ret)) {
290
0
    save_errno = rk_SOCK_ERRNO;
291
0
    krb5_set_error_message(context, save_errno,
292
0
               "recvfrom %s: %s",
293
0
               host, strerror(save_errno));
294
0
    return save_errno;
295
0
      } else if (ret == 0) {
296
0
    krb5_set_error_message(context, 1,"recvfrom timeout %s", host);
297
0
    return 1;
298
0
      }
299
0
      len += ret;
300
0
      if (len < 4)
301
0
    continue;
302
0
      _krb5_get_int(reply, &size, 4);
303
0
      if (size + 4 < len)
304
0
    continue;
305
0
      if (sizeof(reply) - 4 < size) {
306
0
    krb5_set_error_message(context, ERANGE, "size from server too large %s", host);
307
0
    return ERANGE;
308
0
      }
309
0
      memmove(reply, reply + 4, size);
310
0
      len = size;
311
0
      break;
312
0
  }
313
0
  if (len == sizeof(reply)) {
314
0
      krb5_set_error_message(context, ENOMEM,
315
0
           N_("Message too large from %s", "host"),
316
0
           host);
317
0
      return ENOMEM;
318
0
  }
319
0
    } else {
320
0
  ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
321
0
  if (rk_IS_SOCKET_ERROR(ret)) {
322
0
      save_errno = rk_SOCK_ERRNO;
323
0
      krb5_set_error_message(context, save_errno,
324
0
           "recvfrom %s: %s",
325
0
           host, strerror(save_errno));
326
0
      return save_errno;
327
0
  }
328
0
  len = ret;
329
0
    }
330
331
0
    if (len < 6) {
332
0
  str2data (result_string, "server %s sent to too short message "
333
0
      "(%llu bytes)", host, (unsigned long long)len);
334
0
  *result_code = KRB5_KPASSWD_MALFORMED;
335
0
  return 0;
336
0
    }
337
338
0
    pkt_len = (reply[0] << 8) | (reply[1]);
339
0
    pkt_ver = (reply[2] << 8) | (reply[3]);
340
341
0
    if ((pkt_len != len) || (reply[1] == 0x7e || reply[1] == 0x5e)) {
342
0
  KRB_ERROR error;
343
0
  size_t size;
344
0
  u_char *p;
345
346
0
  memset(&error, 0, sizeof(error));
347
348
0
  ret = decode_KRB_ERROR(reply, len, &error, &size);
349
0
  if (ret)
350
0
      return ret;
351
352
0
  if (error.e_data->length < 2) {
353
0
      str2data(result_string, "server %s sent too short "
354
0
         "e_data to print anything usable", host);
355
0
      free_KRB_ERROR(&error);
356
0
      *result_code = KRB5_KPASSWD_MALFORMED;
357
0
      return 0;
358
0
  }
359
360
0
  p = error.e_data->data;
361
0
  *result_code = (p[0] << 8) | p[1];
362
0
  if (error.e_data->length == 2)
363
0
      str2data(result_string, "server only sent error code");
364
0
  else
365
0
      krb5_data_copy (result_string,
366
0
          p + 2,
367
0
          error.e_data->length - 2);
368
0
  free_KRB_ERROR(&error);
369
0
  return 0;
370
0
    }
371
372
0
    if (pkt_len != len) {
373
0
  str2data (result_string, "client: wrong len in reply");
374
0
  *result_code = KRB5_KPASSWD_MALFORMED;
375
0
  return 0;
376
0
    }
377
0
    if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
378
0
  str2data (result_string,
379
0
      "client: wrong version number (%d)", pkt_ver);
380
0
  *result_code = KRB5_KPASSWD_MALFORMED;
381
0
  return 0;
382
0
    }
383
384
0
    ap_rep_data.data = reply + 6;
385
0
    ap_rep_data.length  = (reply[4] << 8) | (reply[5]);
386
387
0
    if (len - 6 < ap_rep_data.length) {
388
0
  str2data (result_string, "client: wrong AP len in reply");
389
0
  *result_code = KRB5_KPASSWD_MALFORMED;
390
0
  return 0;
391
0
    }
392
393
0
    if (ap_rep_data.length) {
394
0
  krb5_ap_rep_enc_part *ap_rep;
395
0
  krb5_data priv_data;
396
0
  u_char *p;
397
398
0
  priv_data.data   = (u_char*)ap_rep_data.data + ap_rep_data.length;
399
0
  priv_data.length = len - ap_rep_data.length - 6;
400
401
0
  ret = krb5_rd_rep (context,
402
0
         auth_context,
403
0
         &ap_rep_data,
404
0
         &ap_rep);
405
0
  if (ret)
406
0
      return ret;
407
408
0
  krb5_free_ap_rep_enc_part (context, ap_rep);
409
410
0
  ret = krb5_rd_priv (context,
411
0
          auth_context,
412
0
          &priv_data,
413
0
          result_code_string,
414
0
          NULL);
415
0
  if (ret) {
416
0
      krb5_data_free (result_code_string);
417
0
      return ret;
418
0
  }
419
420
0
  if (result_code_string->length < 2) {
421
0
      *result_code = KRB5_KPASSWD_MALFORMED;
422
0
      str2data (result_string,
423
0
          "client: bad length in result");
424
0
      return 0;
425
0
  }
426
427
0
        p = result_code_string->data;
428
429
0
        *result_code = (p[0] << 8) | p[1];
430
0
        krb5_data_copy (result_string,
431
0
                        (unsigned char*)result_code_string->data + 2,
432
0
                        result_code_string->length - 2);
433
0
        return 0;
434
0
    } else {
435
0
  KRB_ERROR error;
436
0
  size_t size;
437
0
  u_char *p;
438
439
0
  ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
440
0
  if (ret) {
441
0
      return ret;
442
0
  }
443
0
  if (error.e_data->length < 2) {
444
0
      krb5_warnx (context, "too short e_data to print anything usable");
445
0
      return 1;   /* XXX */
446
0
  }
447
448
0
  p = error.e_data->data;
449
0
  *result_code = (p[0] << 8) | p[1];
450
0
  krb5_data_copy (result_string,
451
0
      p + 2,
452
0
      error.e_data->length - 2);
453
0
  return 0;
454
0
    }
455
0
}
456
457
458
/*
459
 * change the password using the credentials in `creds' (for the
460
 * principal indicated in them) to `newpw', storing the result of
461
 * the operation in `result_*' and an error code or 0.
462
 */
463
464
typedef krb5_error_code (*kpwd_send_request) (krb5_context,
465
                krb5_auth_context *,
466
                krb5_creds *,
467
                krb5_principal,
468
                int,
469
                rk_socket_t,
470
                const char *,
471
                const char *);
472
typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
473
                 krb5_auth_context,
474
                 int,
475
                 rk_socket_t,
476
                 int *,
477
                 krb5_data *,
478
                 krb5_data *,
479
                 const char *);
480
481
static const struct kpwd_proc {
482
    const char *name;
483
    int flags;
484
0
#define SUPPORT_TCP 1
485
0
#define SUPPORT_UDP 2
486
    kpwd_send_request send_req;
487
    kpwd_process_reply process_rep;
488
} procs[] = {
489
    {
490
  "MS set password",
491
  SUPPORT_TCP|SUPPORT_UDP,
492
  setpw_send_request,
493
  process_reply
494
    },
495
    {
496
  "change password",
497
  SUPPORT_UDP,
498
  chgpw_send_request,
499
  process_reply
500
    },
501
    { NULL, 0, NULL, NULL }
502
};
503
504
/*
505
 *
506
 */
507
508
static krb5_error_code
509
change_password_loop (krb5_context  context,
510
          krb5_creds  *creds,
511
          krb5_principal  targprinc,
512
          const char  *newpw,
513
          int   *result_code,
514
          krb5_data   *result_code_string,
515
          krb5_data   *result_string,
516
          const struct kpwd_proc  *proc)
517
0
{
518
0
    krb5_error_code ret;
519
0
    krb5_auth_context auth_context = NULL;
520
0
    krb5_krbhst_handle handle = NULL;
521
0
    krb5_krbhst_info *hi;
522
0
    rk_socket_t sock;
523
0
    unsigned int i;
524
0
    int done = 0;
525
0
    krb5_realm realm;
526
527
0
    if (targprinc)
528
0
  realm = targprinc->realm;
529
0
    else
530
0
  realm = creds->client->realm;
531
532
0
    ret = krb5_auth_con_init (context, &auth_context);
533
0
    if (ret)
534
0
  return ret;
535
536
0
    krb5_auth_con_setflags (context, auth_context,
537
0
          KRB5_AUTH_CONTEXT_DO_SEQUENCE);
538
539
0
    ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle);
540
0
    if (ret)
541
0
  goto out;
542
543
0
    while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) {
544
0
  struct addrinfo *ai, *a;
545
0
  int is_stream;
546
547
0
  switch (hi->proto) {
548
0
  case KRB5_KRBHST_UDP:
549
0
      if ((proc->flags & SUPPORT_UDP) == 0)
550
0
    continue;
551
0
      is_stream = 0;
552
0
      break;
553
0
  case KRB5_KRBHST_TCP:
554
0
      if ((proc->flags & SUPPORT_TCP) == 0)
555
0
    continue;
556
0
      is_stream = 1;
557
0
      break;
558
0
  default:
559
0
      continue;
560
0
  }
561
562
0
  ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
563
0
  if (ret)
564
0
      continue;
565
566
0
  for (a = ai; !done && a != NULL; a = a->ai_next) {
567
0
      int replied = 0;
568
569
0
      sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol);
570
0
      if (rk_IS_BAD_SOCKET(sock))
571
0
    continue;
572
0
      rk_cloexec(sock);
573
574
0
      ret = connect(sock, a->ai_addr, a->ai_addrlen);
575
0
      if (rk_IS_SOCKET_ERROR(ret)) {
576
0
    rk_closesocket (sock);
577
0
    goto out;
578
0
      }
579
580
0
      ret = krb5_auth_con_genaddrs (context, auth_context, sock,
581
0
            KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
582
0
      if (ret) {
583
0
    rk_closesocket (sock);
584
0
    goto out;
585
0
      }
586
587
0
      for (i = 0; !done && i < 5; ++i) {
588
0
    fd_set fdset;
589
0
    struct timeval tv;
590
591
0
    if (!replied) {
592
0
        replied = 0;
593
594
0
        ret = (*proc->send_req) (context,
595
0
               &auth_context,
596
0
               creds,
597
0
               targprinc,
598
0
               is_stream,
599
0
               sock,
600
0
               newpw,
601
0
               hi->hostname);
602
0
        if (ret) {
603
0
      rk_closesocket(sock);
604
0
      goto out;
605
0
        }
606
0
    }
607
608
0
#ifndef NO_LIMIT_FD_SETSIZE
609
0
    if (sock >= FD_SETSIZE) {
610
0
        ret = ERANGE;
611
0
        krb5_set_error_message(context, ret,
612
0
             "fd %d too large", sock);
613
0
        rk_closesocket (sock);
614
0
        goto out;
615
0
    }
616
0
#endif
617
618
0
    FD_ZERO(&fdset);
619
0
    FD_SET(sock, &fdset);
620
0
    tv.tv_usec = 0;
621
0
    tv.tv_sec  = 1 + (1 << i);
622
623
0
    ret = select (sock + 1, &fdset, NULL, NULL, &tv);
624
0
    if (rk_IS_SOCKET_ERROR(ret) && rk_SOCK_ERRNO != EINTR) {
625
0
        rk_closesocket(sock);
626
0
        goto out;
627
0
    }
628
0
    if (ret == 1) {
629
0
        ret = (*proc->process_rep) (context,
630
0
            auth_context,
631
0
            is_stream,
632
0
            sock,
633
0
            result_code,
634
0
            result_code_string,
635
0
            result_string,
636
0
            hi->hostname);
637
0
        if (ret == 0)
638
0
      done = 1;
639
0
        else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
640
0
      replied = 1;
641
0
    } else {
642
0
        ret = KRB5_KDC_UNREACH;
643
0
    }
644
0
      }
645
0
      rk_closesocket (sock);
646
0
  }
647
0
    }
648
649
0
 out:
650
0
    krb5_krbhst_free (context, handle);
651
0
    krb5_auth_con_free (context, auth_context);
652
653
0
    if (ret == KRB5_KDC_UNREACH) {
654
0
  krb5_set_error_message(context,
655
0
             ret,
656
0
             N_("Unable to reach any changepw server "
657
0
         " in realm %s", "realm"), realm);
658
0
  *result_code = KRB5_KPASSWD_HARDERROR;
659
0
    }
660
0
    return ret;
661
0
}
662
663
#ifndef HEIMDAL_SMALLER
664
665
static const struct kpwd_proc *
666
find_chpw_proto(const char *name)
667
0
{
668
0
    const struct kpwd_proc *p;
669
0
    for (p = procs; p->name != NULL; p++) {
670
0
  if (strcmp(p->name, name) == 0)
671
0
      return p;
672
0
    }
673
0
    return NULL;
674
0
}
675
676
/**
677
 * Deprecated: krb5_change_password() is deprecated, use krb5_set_password().
678
 *
679
 * @param context a Keberos context
680
 * @param creds
681
 * @param newpw
682
 * @param result_code
683
 * @param result_code_string
684
 * @param result_string
685
 *
686
 * @return On sucess password is changed.
687
688
 * @ingroup @krb5_deprecated
689
 */
690
691
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
692
krb5_change_password (krb5_context  context,
693
          krb5_creds  *creds,
694
          const char  *newpw,
695
          int   *result_code,
696
          krb5_data   *result_code_string,
697
          krb5_data   *result_string)
698
    KRB5_DEPRECATED_FUNCTION("Use krb5_set_password instead")
699
0
{
700
0
    const struct kpwd_proc *p = find_chpw_proto("change password");
701
702
0
    *result_code = KRB5_KPASSWD_MALFORMED;
703
0
    result_code_string->data = result_string->data = NULL;
704
0
    result_code_string->length = result_string->length = 0;
705
706
0
    if (p == NULL)
707
0
  return KRB5_KPASSWD_MALFORMED;
708
709
0
    return change_password_loop(context, creds, NULL, newpw,
710
0
        result_code, result_code_string,
711
0
        result_string, p);
712
0
}
713
#endif /* HEIMDAL_SMALLER */
714
715
/**
716
 * Change password using creds.
717
 *
718
 * @param context a Keberos context
719
 * @param creds The initial kadmin/passwd for the principal or an admin principal
720
 * @param newpw The new password to set
721
 * @param targprinc if unset, the client principal from creds is used
722
 * @param result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed.
723
 * @param result_code_string binary message from the server, contains
724
 * at least the result_code.
725
 * @param result_string A message from the kpasswd service or the
726
 * library in human printable form. The string is NUL terminated.
727
 *
728
 * @return On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed.
729
730
 * @ingroup @krb5
731
 */
732
733
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
734
krb5_set_password(krb5_context context,
735
      krb5_creds *creds,
736
      const char *newpw,
737
      krb5_principal targprinc,
738
      int *result_code,
739
      krb5_data *result_code_string,
740
      krb5_data *result_string)
741
0
{
742
0
    krb5_principal principal = NULL;
743
0
    krb5_error_code ret = 0;
744
0
    int i;
745
746
0
    *result_code = KRB5_KPASSWD_MALFORMED;
747
0
    krb5_data_zero(result_code_string);
748
0
    krb5_data_zero(result_string);
749
750
0
    if (targprinc == NULL) {
751
0
  ret = krb5_copy_principal(context, creds->client, &principal);
752
0
  if (ret)
753
0
      return ret;
754
0
    } else
755
0
  principal = targprinc;
756
757
0
    for (i = 0; procs[i].name != NULL; i++) {
758
0
  *result_code = 0;
759
0
  ret = change_password_loop(context, creds, principal, newpw,
760
0
           result_code, result_code_string,
761
0
           result_string,
762
0
           &procs[i]);
763
0
  if (ret == 0 && *result_code == 0)
764
0
      break;
765
0
    }
766
767
0
    if (targprinc == NULL)
768
0
  krb5_free_principal(context, principal);
769
0
    return ret;
770
0
}
771
772
/*
773
 *
774
 */
775
776
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
777
krb5_set_password_using_ccache(krb5_context context,
778
             krb5_ccache ccache,
779
             const char *newpw,
780
             krb5_principal targprinc,
781
             int *result_code,
782
             krb5_data *result_code_string,
783
             krb5_data *result_string)
784
0
{
785
0
    krb5_creds creds, *credsp;
786
0
    krb5_error_code ret;
787
0
    krb5_principal principal = NULL;
788
789
0
    *result_code = KRB5_KPASSWD_MALFORMED;
790
0
    result_code_string->data = result_string->data = NULL;
791
0
    result_code_string->length = result_string->length = 0;
792
793
0
    memset(&creds, 0, sizeof(creds));
794
795
0
    if (targprinc == NULL) {
796
0
  ret = krb5_cc_get_principal(context, ccache, &principal);
797
0
  if (ret)
798
0
      return ret;
799
0
    } else
800
0
  principal = targprinc;
801
802
0
    ret = krb5_make_principal(context, &creds.server,
803
0
            krb5_principal_get_realm(context, principal),
804
0
            "kadmin", "changepw", NULL);
805
0
    if (ret)
806
0
  goto out;
807
808
0
    ret = krb5_cc_get_principal(context, ccache, &creds.client);
809
0
    if (ret) {
810
0
        krb5_free_principal(context, creds.server);
811
0
  goto out;
812
0
    }
813
814
0
    ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
815
0
    krb5_free_principal(context, creds.server);
816
0
    krb5_free_principal(context, creds.client);
817
0
    if (ret)
818
0
  goto out;
819
820
0
    ret = krb5_set_password(context,
821
0
          credsp,
822
0
          newpw,
823
0
          principal,
824
0
          result_code,
825
0
          result_code_string,
826
0
          result_string);
827
828
0
    krb5_free_creds(context, credsp);
829
830
0
    return ret;
831
0
 out:
832
0
    if (targprinc == NULL)
833
0
  krb5_free_principal(context, principal);
834
0
    return ret;
835
0
}
836
837
/*
838
 *
839
 */
840
841
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
842
krb5_passwd_result_to_string (krb5_context context,
843
            int result)
844
0
{
845
0
    static const char *strings[] = {
846
0
  "Success",
847
0
  "Malformed",
848
0
  "Hard error",
849
0
  "Auth error",
850
0
  "Soft error" ,
851
0
  "Access denied",
852
0
  "Bad version",
853
0
  "Initial flag needed"
854
0
    };
855
856
0
    if (result < 0 || result > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)
857
0
  return "unknown result code";
858
0
    else
859
0
  return strings[result];
860
0
}