krb5 commit: Remove ksetpwd
Greg Hudson
ghudson at mit.edu
Tue May 23 00:55:32 EDT 2017
https://github.com/krb5/krb5/commit/0f5121436b3eff4e24a1a554c364d71ccbe65ecd
commit 0f5121436b3eff4e24a1a554c364d71ccbe65ecd
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon May 22 15:12:58 2017 -0400
Remove ksetpwd
ksetpwd was added in commit ec50322c3076ab4517fb4fb5cc3a931f6adb4f20
but is not installed as it was "not of release quality yet." It has
not materially improved since then, and under current policy we do not
include unfinished code in the tree, so remove it.
.gitignore | 2 -
src/clients/kpasswd/Makefile.in | 10 +-
src/clients/kpasswd/deps | 4 -
src/clients/kpasswd/ksetpwd.c | 309 ---------------------------------------
4 files changed, 3 insertions(+), 322 deletions(-)
diff --git a/.gitignore b/.gitignore
index b1978a2..3e27969 100644
--- a/.gitignore
+++ b/.gitignore
@@ -163,8 +163,6 @@ local.properties
/src/clients/kpasswd/kpasswd
-/src/clients/kpasswd/ksetpwd
-
/src/clients/ksu/ksu
/src/clients/kswitch/kswitch
diff --git a/src/clients/kpasswd/Makefile.in b/src/clients/kpasswd/Makefile.in
index bd4a08c..2948518 100644
--- a/src/clients/kpasswd/Makefile.in
+++ b/src/clients/kpasswd/Makefile.in
@@ -1,16 +1,12 @@
mydir=clients$(S)kpasswd
BUILDTOP=$(REL)..$(S)..
-SRCS=kpasswd.c ksetpwd.c
+SRCS=kpasswd.c
kpasswd: kpasswd.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o kpasswd kpasswd.o $(KRB5_BASE_LIBS)
-ksetpwd: ksetpwd.o $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o ksetpwd ksetpwd.o $(KRB5_BASE_LIBS)
-
kpasswd.o: $(srcdir)/kpasswd.c
-ksetpwd.o: $(srcdir)/ksetpwd.c
##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
@@ -22,10 +18,10 @@ ksetpwd.o: $(srcdir)/ksetpwd.c
##WIN32##$(EXERES): $(VERSIONRC)
##WIN32## $(RC) $(RCFLAGS) -DKPASSWD_APP -fo $@ -r $**
-all-unix: kpasswd ksetpwd
+all-unix: kpasswd
clean-unix::
- $(RM) kpasswd.o kpasswd ksetpwd.o ksetpwd
+ $(RM) kpasswd.o kpasswd
install-all install-kdc install-server install-client install-unix:
$(INSTALL_PROGRAM) kpasswd $(DESTDIR)$(CLIENT_BINDIR)/`echo kpasswd|sed '$(transform)'`
diff --git a/src/clients/kpasswd/deps b/src/clients/kpasswd/deps
index 0c01c30..360b6d7 100644
--- a/src/clients/kpasswd/deps
+++ b/src/clients/kpasswd/deps
@@ -5,7 +5,3 @@ $(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
kpasswd.c
-$(OUTPRE)ksetpwd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
- ksetpwd.c
diff --git a/src/clients/kpasswd/ksetpwd.c b/src/clients/kpasswd/ksetpwd.c
deleted file mode 100644
index 2aafb6c..0000000
--- a/src/clients/kpasswd/ksetpwd.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <k5-platform.h>
-#include <krb5.h>
-#include <unistd.h>
-#include <time.h>
-
-#define TKTTIMELEFT 60*10 /* ten minutes */
-
-static int verify_creds()
-{
- krb5_context kcontext;
- krb5_ccache ccache;
- krb5_error_code kres;
-
- kres = krb5_init_context(&kcontext);
- if( kres == 0 )
- {
- kres = krb5_cc_default( kcontext, &ccache );
- if( kres == 0 )
- {
- krb5_principal user_princ;
-
- kres = krb5_cc_get_principal( kcontext, ccache, &user_princ );
- if( kres == 0 )
- krb5_free_principal( kcontext, user_princ );
- krb5_cc_close( kcontext, ccache );
- }
- krb5_free_context(kcontext);
- }
- return kres;
-}
-
-static void get_init_creds_opt_init( krb5_get_init_creds_opt *outOptions )
-{
- krb5_preauthtype preauth[] = { KRB5_PADATA_ENC_TIMESTAMP };
- krb5_enctype etypes[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_CRC};
- krb5_get_init_creds_opt_set_address_list(outOptions, NULL);
- krb5_get_init_creds_opt_set_etype_list( outOptions, etypes, sizeof(etypes)/sizeof(krb5_enctype) );
- krb5_get_init_creds_opt_set_preauth_list(outOptions, preauth, sizeof(preauth)/sizeof(krb5_preauthtype) );
-}
-
-typedef void * kbrccache_t;
-#define CCACHE_PREFIX_DEFAULT "MEMORY:C_"
-
-static kbrccache_t userinitcontext(
- const char * user, const char * domain, const char * passwd, const char * cachename, int initialize,
- int * outError )
-{
- krb5_context kcontext = 0;
- krb5_ccache kcache = 0;
- krb5_creds kcreds;
- krb5_principal kme = 0;
- krb5_error_code kres;
- char * pPass = strdup( passwd );
- char * pName = NULL;
- char * pCacheName = NULL;
- int numCreds = 0;
-
- memset( &kcreds, 0, sizeof(kcreds) );
- kres = krb5_init_context( &kcontext );
- if( kres )
- goto return_error;
- if( domain )
- kres = krb5_build_principal( kcontext, &kme, strlen(domain), domain, user, (char *) 0 );
- else
- kres = krb5_parse_name( kcontext, user, &kme );
- if( kres )
- goto fail;
- krb5_unparse_name( kcontext, kme, &pName );
- if( cachename )
- {
- if (asprintf(&pCacheName, "%s%s", cachename, pName) < 0)
- {
- kres = KRB5_CC_NOMEM;
- goto fail;
- }
- kres = krb5_cc_resolve( kcontext, pCacheName, &kcache );
- if( kres )
- {
- kres = krb5_cc_resolve( kcontext, CCACHE_PREFIX_DEFAULT, &kcache );
- if( kres == 0 )
- pCacheName = strdup(CCACHE_PREFIX_DEFAULT);
- }
- }
- else
- {
- kres = krb5_cc_default( kcontext, &kcache );
- pCacheName = strdup( krb5_cc_get_name( kcontext, kcache ) );
- }
- if( kres )
- {
- krb5_free_context(kcontext);
- goto return_error;
- }
- if( initialize )
- krb5_cc_initialize( kcontext, kcache, kme );
- if( kres == 0 && user && passwd )
- {
- long timeneeded = time(0L) +TKTTIMELEFT;
- int have_credentials = 0;
- krb5_cc_cursor cc_curs = NULL;
- numCreds = 0;
- if( (kres=krb5_cc_start_seq_get(kcontext, kcache, &cc_curs)) >= 0 )
- {
- while( (kres=krb5_cc_next_cred(kcontext, kcache, &cc_curs, &kcreds))== 0)
- {
- numCreds++;
- if( krb5_principal_compare( kcontext, kme, kcreds.client ) )
- {
- if( kcreds.ticket_flags & TKT_FLG_INITIAL && kcreds.times.endtime>timeneeded )
- have_credentials = 1;
- }
- krb5_free_cred_contents( kcontext, &kcreds );
- if( have_credentials )
- break;
- }
- krb5_cc_end_seq_get( kcontext, kcache, &cc_curs );
- }
- else
- {
- const char * errmsg = error_message(kres);
- fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg );
- }
- if( kres != 0 || have_credentials == 0 )
- {
- krb5_get_init_creds_opt *options = NULL;
- kres = krb5_get_init_creds_opt_alloc(kcontext, &options);
- if ( kres == 0 )
- {
- get_init_creds_opt_init(options);
-/*
-** no valid credentials - get new ones
-*/
- kres = krb5_get_init_creds_password( kcontext, &kcreds, kme, pPass,
- NULL /*prompter*/,
- NULL /*data*/,
- 0 /*starttime*/,
- 0 /*in_tkt_service*/,
- options /*options*/ );
- }
- if( kres == 0 )
- {
- if( numCreds <= 0 )
- kres = krb5_cc_initialize( kcontext, kcache, kme );
- if( kres == 0 )
- kres = krb5_cc_store_cred( kcontext, kcache, &kcreds );
- if( kres == 0 )
- have_credentials = 1;
- }
- krb5_get_init_creds_opt_free(kcontext, options);
- }
-#ifdef NOTUSED
- if( have_credentials )
- {
- int mstat;
- kres = gss_krb5_ccache_name( &mstat, pCacheName, NULL );
- if( getenv( ENV_DEBUG_LDAPKERB ) )
- fprintf( stderr, "gss credentials cache set to %s(%d)\n", pCacheName, kres );
- }
-#endif
- krb5_cc_close( kcontext, kcache );
- }
-fail:
- if( kres )
- {
- const char * errmsg = error_message(kres);
- fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg );
- }
- krb5_free_principal( kcontext, kme );
- krb5_free_cred_contents( kcontext, &kcreds );
- if( pName )
- free( pName );
- free(pPass);
- krb5_free_context(kcontext);
-
-return_error:
- if( kres )
- {
- if( pCacheName )
- {
- free(pCacheName);
- pCacheName = NULL;
- }
- }
- if( outError )
- *outError = kres;
- return pCacheName;
-}
-
-static int init_creds()
-{
- char user[512];
- char * password = NULL;
- int result;
-
- user[0] = 0;
- result = -1;
-
- for(;;)
- {
- while( user[0] == 0 )
- {
- int userlen;
- printf( "Username: ");
- fflush(stdout);
- if( fgets( user, sizeof(user), stdin ) == NULL )
- return -1;
- userlen = strlen( user);
- if( userlen < 2 )
- continue;
- user[userlen-1] = 0; /* get rid of the newline */
- break;
- }
- {
- kbrccache_t usercontext;
- password = getpass( "Password: ");
- if( ! password )
- return -1;
- result = 0;
- usercontext = userinitcontext( user, NULL, password, NULL, 1, &result );
- if( usercontext )
- break;
- }
- }
- return result;
-}
-
-int main( int argc, char ** argv )
-{
- char * new_password;
- char * new_password2;
- krb5_context kcontext;
- krb5_error_code kerr;
- krb5_principal target_principal;
-
-
- if( argc < 2 )
- {
- fprintf( stderr, "Usage: setpass user at REALM\n");
- exit(1);
- }
-
-/*
-** verify credentials -
-*/
- if( verify_creds() )
- init_creds();
- if( verify_creds() )
- {
- fprintf( stderr, "No user credentials available\n");
- exit(1);
- }
-/*
-** check the principal name -
-*/
- krb5_init_context(&kcontext);
- kerr = krb5_parse_name( kcontext, argv[1], &target_principal );
-
- {
- char * pname = NULL;
- kerr = krb5_unparse_name( kcontext, target_principal, &pname );
- printf( "Changing password for %s:\n", pname);
- fflush( stdout );
- free( pname );
- }
-/*
-** get the new password -
-*/
- for (;;)
- {
- new_password = getpass("Enter new password: ");
- new_password2 = getpass("Verify new password: ");
- if( strcmp( new_password, new_password2 ) == 0)
- break;
- printf("Passwords do not match\n");
- free( new_password );
- free( new_password2 );
- }
-/*
-** change the password -
-*/
- {
- int pw_result;
- krb5_ccache ccache;
- krb5_data pw_res_string, res_string;
-
- kerr = krb5_cc_default( kcontext, &ccache );
- if( kerr == 0 )
- {
- kerr = krb5_set_password_using_ccache(kcontext, ccache, new_password, target_principal,
- &pw_result, &pw_res_string, &res_string );
- if( kerr )
- fprintf( stderr, "Failed: %s\n", error_message(kerr) );
- else
- {
- if( pw_result )
- {
- fprintf( stderr, "Failed(%d)", pw_result );
- if( pw_res_string.length > 0 )
- fprintf( stderr, ": %s", pw_res_string.data);
- if( res_string.length > 0 )
- fprintf( stderr, " %s", res_string.data);
- fprintf( stderr, "\n");
- }
- }
- }
- }
- return(0);
-}
More information about the cvs-krb5
mailing list