krb5 commit: Remove ksetpwd

Greg Hudson ghudson at mit.edu
Tue May 23 00:55:32 EDT 2017


https://github.com/krb5/krb5/commit/0f5121436b3eff4e24a1a554c364d71ccbe65ecd
commit 0f5121436b3eff4e24a1a554c364d71ccbe65ecd
Author: Greg Hudson <ghudson at mit.edu>
Date:   Mon May 22 15:12:58 2017 -0400

    Remove ksetpwd
    
    ksetpwd was added in commit ec50322c3076ab4517fb4fb5cc3a931f6adb4f20
    but is not installed as it was "not of release quality yet."  It has
    not materially improved since then, and under current policy we do not
    include unfinished code in the tree, so remove it.

 .gitignore                      |    2 -
 src/clients/kpasswd/Makefile.in |   10 +-
 src/clients/kpasswd/deps        |    4 -
 src/clients/kpasswd/ksetpwd.c   |  309 ---------------------------------------
 4 files changed, 3 insertions(+), 322 deletions(-)

diff --git a/.gitignore b/.gitignore
index b1978a2..3e27969 100644
--- a/.gitignore
+++ b/.gitignore
@@ -163,8 +163,6 @@ local.properties
 
 /src/clients/kpasswd/kpasswd
 
-/src/clients/kpasswd/ksetpwd
-
 /src/clients/ksu/ksu
 
 /src/clients/kswitch/kswitch
diff --git a/src/clients/kpasswd/Makefile.in b/src/clients/kpasswd/Makefile.in
index bd4a08c..2948518 100644
--- a/src/clients/kpasswd/Makefile.in
+++ b/src/clients/kpasswd/Makefile.in
@@ -1,16 +1,12 @@
 mydir=clients$(S)kpasswd
 BUILDTOP=$(REL)..$(S)..
 
-SRCS=kpasswd.c ksetpwd.c
+SRCS=kpasswd.c
 
 kpasswd: kpasswd.o $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o kpasswd kpasswd.o $(KRB5_BASE_LIBS)
 
-ksetpwd: ksetpwd.o $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o ksetpwd ksetpwd.o $(KRB5_BASE_LIBS)
-
 kpasswd.o:	$(srcdir)/kpasswd.c
-ksetpwd.o:	$(srcdir)/ksetpwd.c
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
 ##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
@@ -22,10 +18,10 @@ ksetpwd.o:	$(srcdir)/ksetpwd.c
 ##WIN32##$(EXERES): $(VERSIONRC)
 ##WIN32##        $(RC) $(RCFLAGS) -DKPASSWD_APP -fo $@ -r $**
 
-all-unix: kpasswd ksetpwd
+all-unix: kpasswd
 
 clean-unix::
-	$(RM) kpasswd.o kpasswd ksetpwd.o ksetpwd
+	$(RM) kpasswd.o kpasswd
 
 install-all install-kdc install-server install-client install-unix:
 	$(INSTALL_PROGRAM) kpasswd $(DESTDIR)$(CLIENT_BINDIR)/`echo kpasswd|sed '$(transform)'`
diff --git a/src/clients/kpasswd/deps b/src/clients/kpasswd/deps
index 0c01c30..360b6d7 100644
--- a/src/clients/kpasswd/deps
+++ b/src/clients/kpasswd/deps
@@ -5,7 +5,3 @@ $(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
   $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
   kpasswd.c
-$(OUTPRE)ksetpwd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
-  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
-  ksetpwd.c
diff --git a/src/clients/kpasswd/ksetpwd.c b/src/clients/kpasswd/ksetpwd.c
deleted file mode 100644
index 2aafb6c..0000000
--- a/src/clients/kpasswd/ksetpwd.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <k5-platform.h>
-#include <krb5.h>
-#include <unistd.h>
-#include <time.h>
-
-#define TKTTIMELEFT     60*10   /* ten minutes */
-
-static int verify_creds()
-{
-    krb5_context    kcontext;
-    krb5_ccache             ccache;
-    krb5_error_code kres;
-
-    kres = krb5_init_context(&kcontext);
-    if( kres == 0 )
-    {
-        kres = krb5_cc_default( kcontext, &ccache );
-        if( kres == 0 )
-        {
-            krb5_principal  user_princ;
-
-            kres = krb5_cc_get_principal( kcontext, ccache, &user_princ );
-            if( kres == 0 )
-                krb5_free_principal( kcontext, user_princ );
-            krb5_cc_close( kcontext, ccache );
-        }
-        krb5_free_context(kcontext);
-    }
-    return kres;
-}
-
-static void get_init_creds_opt_init( krb5_get_init_creds_opt *outOptions )
-{
-    krb5_preauthtype    preauth[] = { KRB5_PADATA_ENC_TIMESTAMP };
-    krb5_enctype        etypes[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_CRC};
-    krb5_get_init_creds_opt_set_address_list(outOptions, NULL);
-    krb5_get_init_creds_opt_set_etype_list( outOptions, etypes, sizeof(etypes)/sizeof(krb5_enctype) );
-    krb5_get_init_creds_opt_set_preauth_list(outOptions, preauth, sizeof(preauth)/sizeof(krb5_preauthtype) );
-}
-
-typedef void * kbrccache_t;
-#define CCACHE_PREFIX_DEFAULT "MEMORY:C_"
-
-static kbrccache_t userinitcontext(
-    const char * user, const char * domain, const char * passwd, const char * cachename, int initialize,
-    int * outError )
-{
-    krb5_context    kcontext = 0;
-    krb5_ccache             kcache = 0;
-    krb5_creds              kcreds;
-    krb5_principal  kme = 0;
-    krb5_error_code kres;
-    char *                  pPass = strdup( passwd );
-    char *                  pName = NULL;
-    char *                  pCacheName = NULL;
-    int                             numCreds = 0;
-
-    memset( &kcreds, 0, sizeof(kcreds) );
-    kres = krb5_init_context( &kcontext );
-    if( kres )
-        goto return_error;
-    if( domain )
-        kres = krb5_build_principal( kcontext, &kme, strlen(domain), domain, user, (char *) 0 );
-    else
-        kres = krb5_parse_name( kcontext, user, &kme );
-    if( kres )
-        goto fail;
-    krb5_unparse_name( kcontext, kme, &pName );
-    if( cachename )
-    {
-        if (asprintf(&pCacheName, "%s%s", cachename, pName) < 0)
-        {
-            kres = KRB5_CC_NOMEM;
-            goto fail;
-        }
-        kres = krb5_cc_resolve( kcontext, pCacheName, &kcache );
-        if( kres )
-        {
-            kres = krb5_cc_resolve( kcontext, CCACHE_PREFIX_DEFAULT, &kcache );
-            if( kres == 0 )
-                pCacheName = strdup(CCACHE_PREFIX_DEFAULT);
-        }
-    }
-    else
-    {
-        kres = krb5_cc_default( kcontext, &kcache );
-        pCacheName = strdup( krb5_cc_get_name( kcontext, kcache ) );
-    }
-    if( kres )
-    {
-        krb5_free_context(kcontext);
-        goto return_error;
-    }
-    if( initialize )
-        krb5_cc_initialize( kcontext, kcache, kme );
-    if( kres == 0 && user && passwd )
-    {
-        long timeneeded = time(0L) +TKTTIMELEFT;
-        int have_credentials = 0;
-        krb5_cc_cursor cc_curs = NULL;
-        numCreds = 0;
-        if( (kres=krb5_cc_start_seq_get(kcontext, kcache, &cc_curs)) >= 0 )
-        {
-            while( (kres=krb5_cc_next_cred(kcontext, kcache, &cc_curs, &kcreds))== 0)
-            {
-                numCreds++;
-                if( krb5_principal_compare( kcontext, kme, kcreds.client ) )
-                {
-                    if( kcreds.ticket_flags & TKT_FLG_INITIAL && kcreds.times.endtime>timeneeded )
-                        have_credentials = 1;
-                }
-                krb5_free_cred_contents( kcontext, &kcreds );
-                if( have_credentials )
-                    break;
-            }
-            krb5_cc_end_seq_get( kcontext, kcache, &cc_curs );
-        }
-        else
-        {
-            const char * errmsg = error_message(kres);
-            fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg );
-        }
-        if( kres != 0 || have_credentials == 0 )
-        {
-            krb5_get_init_creds_opt *options = NULL;
-            kres = krb5_get_init_creds_opt_alloc(kcontext, &options);
-            if ( kres == 0 )
-            {
-                get_init_creds_opt_init(options);
-/*
-** no valid credentials - get new ones
-*/
-                kres = krb5_get_init_creds_password( kcontext, &kcreds, kme, pPass,
-                                                     NULL /*prompter*/,
-                                                     NULL /*data*/,
-                                                     0 /*starttime*/,
-                                                     0 /*in_tkt_service*/,
-                                                     options /*options*/ );
-            }
-            if( kres == 0 )
-            {
-                if( numCreds <= 0 )
-                    kres = krb5_cc_initialize( kcontext, kcache, kme );
-                if( kres == 0 )
-                    kres = krb5_cc_store_cred( kcontext, kcache, &kcreds );
-                if( kres == 0 )
-                    have_credentials = 1;
-            }
-            krb5_get_init_creds_opt_free(kcontext, options);
-        }
-#ifdef NOTUSED
-        if( have_credentials )
-        {
-            int mstat;
-            kres = gss_krb5_ccache_name( &mstat, pCacheName, NULL );
-            if( getenv( ENV_DEBUG_LDAPKERB ) )
-                fprintf( stderr, "gss credentials cache set to %s(%d)\n", pCacheName, kres );
-        }
-#endif
-        krb5_cc_close( kcontext, kcache );
-    }
-fail:
-    if( kres )
-    {
-        const char * errmsg = error_message(kres);
-        fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg );
-    }
-    krb5_free_principal( kcontext, kme );
-    krb5_free_cred_contents( kcontext, &kcreds );
-    if( pName )
-        free( pName );
-    free(pPass);
-    krb5_free_context(kcontext);
-
-return_error:
-    if( kres )
-    {
-        if( pCacheName )
-        {
-            free(pCacheName);
-            pCacheName = NULL;
-        }
-    }
-    if( outError )
-        *outError = kres;
-    return pCacheName;
-}
-
-static int init_creds()
-{
-    char user[512];
-    char * password = NULL;
-    int result;
-
-    user[0] = 0;
-    result = -1;
-
-    for(;;)
-    {
-        while( user[0] == 0 )
-        {
-            int userlen;
-            printf( "Username: ");
-            fflush(stdout);
-            if( fgets( user, sizeof(user), stdin ) == NULL )
-                return -1;
-            userlen = strlen( user);
-            if( userlen < 2 )
-                continue;
-            user[userlen-1] = 0;    /* get rid of the newline */
-            break;
-        }
-        {
-            kbrccache_t usercontext;
-            password = getpass( "Password: ");
-            if( ! password )
-                return -1;
-            result = 0;
-            usercontext = userinitcontext( user, NULL, password, NULL, 1, &result );
-            if( usercontext )
-                break;
-        }
-    }
-    return result;
-}
-
-int main( int argc, char ** argv )
-{
-    char * new_password;
-    char * new_password2;
-    krb5_context    kcontext;
-    krb5_error_code kerr;
-    krb5_principal  target_principal;
-
-
-    if( argc < 2 )
-    {
-        fprintf( stderr, "Usage: setpass user at REALM\n");
-        exit(1);
-    }
-
-/*
-** verify credentials -
-*/
-    if( verify_creds() )
-        init_creds();
-    if( verify_creds() )
-    {
-        fprintf( stderr, "No user credentials available\n");
-        exit(1);
-    }
-/*
-** check the principal name -
-*/
-    krb5_init_context(&kcontext);
-    kerr = krb5_parse_name( kcontext, argv[1], &target_principal );
-
-    {
-        char * pname = NULL;
-        kerr = krb5_unparse_name( kcontext, target_principal, &pname );
-        printf( "Changing password for %s:\n", pname);
-        fflush( stdout );
-        free( pname );
-    }
-/*
-** get the new password -
-*/
-    for (;;)
-    {
-        new_password = getpass("Enter new password: ");
-        new_password2 = getpass("Verify new password: ");
-        if( strcmp( new_password, new_password2 ) == 0)
-            break;
-        printf("Passwords do not match\n");
-        free( new_password );
-        free( new_password2 );
-    }
-/*
-** change the password -
-*/
-    {
-        int pw_result;
-        krb5_ccache ccache;
-        krb5_data       pw_res_string, res_string;
-
-        kerr = krb5_cc_default( kcontext, &ccache );
-        if( kerr == 0 )
-        {
-            kerr = krb5_set_password_using_ccache(kcontext, ccache, new_password, target_principal,
-                                                  &pw_result, &pw_res_string, &res_string );
-            if( kerr )
-                fprintf( stderr, "Failed: %s\n", error_message(kerr) );
-            else
-            {
-                if( pw_result )
-                {
-                    fprintf( stderr, "Failed(%d)", pw_result );
-                    if( pw_res_string.length > 0 )
-                        fprintf( stderr, ": %s", pw_res_string.data);
-                    if( res_string.length > 0 )
-                        fprintf( stderr, " %s", res_string.data);
-                    fprintf( stderr, "\n");
-                }
-            }
-        }
-    }
-    return(0);
-}


More information about the cvs-krb5 mailing list