--- /dev/null
+#define NDBM
+/*
+ * build_pwfile.c --- build a table of bad passwords, keyed by their
+ * des equivalents.
+ *
+ * Written by Theodore Ts'o
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ */
+
+#ifndef lint
+static char rcsid_build_pwfile_c[] =
+"$Id$";
+#endif lint
+
+#include <mit-copyright.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/file.h>
+
+#ifdef NDBM
+#include <ndbm.h>
+#else /*NDBM*/
+#include <dbm.h>
+#endif /*NDBM*/
+
+#include <kadm.h>
+#include <kadm_err.h>
+#include <krb_db.h>
+#include "kadm_server.h"
+
+/* Macros to convert ndbm names to dbm names.
+ * Note that dbm_nextkey() cannot be simply converted using a macro, since
+ * it is invoked giving the database, and nextkey() needs the previous key.
+ *
+ * Instead, all routines call "dbm_next" instead.
+ */
+#ifndef NDBM
+typedef char DBM;
+#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
+#define dbm_fetch(db, key) fetch(key)
+#define dbm_store(db, key, content, flag) store(key, content)
+#define dbm_firstkey(db) firstkey()
+#define dbm_next(db,key) nextkey(key)
+#define dbm_close(db) dbmclose()
+#else
+#define dbm_next(db,key) dbm_nextkey(db)
+#endif
+
+main(argc, argv)
+ int argc;
+ char **argv;
+{
+ DBM *pwfile;
+ FILE *f;
+ datum passwd, entry;
+ des_cblock key;
+ char word[1024];
+ int len, filenum, i;
+ int wptr;
+
+ if (argc != 2) {
+ fprintf(stderr,"%s: Usage: %s filename\n", argv[0], argv[0]);
+ exit(1);
+ }
+ if (!(f = fopen(argv[1], "r"))) {
+ perror(argv[1]);
+ exit(1);
+ }
+ pwfile = dbm_open(PW_CHECK_FILE, O_RDWR|O_CREAT, 0644);
+ if (!pwfile) {
+ fprintf(stderr, "Couldn't open %s for writing.\n",
+ PW_CHECK_FILE);
+ perror("dbm_open");
+ exit(1);
+ }
+ filenum = 0;
+ do {
+ filenum++;
+ passwd.dptr = (char *) &filenum;
+ passwd.dsize = sizeof(filenum);
+ entry.dptr = argv[1];
+ entry.dsize = strlen(argv[1])+1;
+ } while (dbm_store(pwfile, passwd, entry, DBM_INSERT));
+ i = 0;
+ while (!feof(f)) {
+ i++;
+ wptr = (filenum << 24) + i;
+ fgets(word, sizeof(word), f);
+ len = strlen(word);
+ if (len > 0 && word[len-1] == '\n')
+ word[--len] = '\0';
+#ifdef NOENCRYPTION
+ bzero((char *) key, sizeof(des_cblock));
+ key[0] = (unsigned char) 1;
+#else
+ (void) des_string_to_key(word, key);
+#endif
+
+ passwd.dptr = (char *) key;
+ passwd.dsize = 8;
+ entry.dptr = (char *) &wptr;
+#ifdef notdef
+ entry.dsize = sizeof(wptr);
+#else
+ entry.dsize = 0;
+#endif
+ dbm_store(pwfile, passwd, entry, DBM_REPLACE);
+ }
+ dbm_close(pwfile);
+ exit(0);
+}
+
+
+
#else
#include <time.h>
#endif
+#include <syslog.h>
#ifdef KADM5
#include <com_err.h>
memcpy((char *)(((krb5_int32 *)newkey) + 1), (char *)&keyhigh, 4);
memcpy((char *)newkey, (char *)&keylow, 4);
+ if (retval = kadm_approve_pw(ad->pname, ad->pinst, ad->prealm,
+ newkey, no_pword ? 0 : pword)) {
+ if (retval == KADM_PW_MISMATCH) {
+ /*
+ * Very strange!!! This means that the cleartext
+ * password which was sent and the DES cblock
+ * didn't match!
+ */
+ syslog(LOG_ERR, "'%s.%s@%s' sent a password string which didn't match with the DES key?!?",
+ ad->pname, ad->pinst, ad->prealm);
+ return(retval);
+ }
+ if (fascist_cpw) {
+ *outlen = strlen(bad_pw_err)+strlen(pw_blurb)+1;
+ if (*datout = (u_char *) malloc(*outlen)) {
+ strcpy((char *) *datout, bad_pw_err);
+ strcat((char *) *datout, pw_blurb);
+ } else
+ *outlen = 0;
+ syslog(LOG_ERR, "'%s.%s@%s' tried to use an insecure password in changepw",
+ ad->pname, ad->pinst, ad->prealm);
+#ifdef notdef
+ /* For debugging only, probably a bad idea */
+ if (!no_pword)
+ (void) krb_log("The password was %s\n", pword);
+#endif
+ return(retval);
+ } else {
+ *outlen = strlen(bad_pw_warn) + strlen(pw_blurb)+1;
+ if (*datout = (u_char *) malloc(*outlen)) {
+ strcpy((char *) *datout, bad_pw_warn);
+ strcat((char *) *datout, pw_blurb);
+ } else
+ *outlen = 0;
+ syslog(LOG_ERR, "'%s.%s@%s' used an insecure password in changepw",
+ ad->pname, ad->pinst, ad->prealm);
+ }
+ } else {
+ *datout = 0;
+ *outlen = 0;
+ }
+
#ifdef KADM5
/* we don't use the client-provided key itself */
keylow = keyhigh = 0;
memset(newkey, 0, sizeof(newkey));
if (no_pword) {
- krb_log("Old-style change password request from '%s.%s@%s'!",
+ syslog(LOG_ERR, "Old-style change password request from '%s.%s@%s'!",
ad->pname, ad->pinst, ad->prealm);
*outlen = strlen(pw_required)+1;
if (*datout = (u_char *) malloc(*outlen)) {
return KADM_INSECURE_PW;
}
+ syslog(LOG_INFO, "'%s.%s@%s' wants to change its password",
+ ad->pname, ad->pinst, ad->prealm);
+
if (krb5_build_principal(kadm_context, &user_princ,
strlen(ad->prealm),
ad->prealm,
strcat(*datout, "\n");
} else
*outlen = 0;
+ } else {
+ syslog(LOG_INFO,
+ "'%s.%s@%s' password changed.",
+ ad->pname, ad->pinst, ad->prealm);
}
if (retval == KADM_INSECURE_PW) {
- krb_log("'%s.%s@%s' tried to use an insecure password in changepw",
+ syslog(LOG_ERR,
+ "'%s.%s@%s' tried to use an insecure password in changepw",
ad->pname, ad->pinst, ad->prealm);
}
#else /* KADM5 */
- if (retval = kadm_approve_pw(ad->pname, ad->pinst, ad->prealm,
- newkey, no_pword ? 0 : pword)) {
- if (retval == KADM_PW_MISMATCH) {
- /*
- * Very strange!!! This means that the cleartext
- * password which was sent and the DES cblock
- * didn't match!
- */
- (void) krb_log("'%s.%s@%s' sent a password string which didn't match with the DES key?!?",
- ad->pname, ad->pinst, ad->prealm);
- return(retval);
- }
- if (fascist_cpw) {
- *outlen = strlen(bad_pw_err)+strlen(pw_blurb)+1;
- if (*datout = (u_char *) malloc(*outlen)) {
- strcpy((char *) *datout, bad_pw_err);
- strcat((char *) *datout, pw_blurb);
- } else
- *outlen = 0;
- (void) krb_log("'%s.%s@%s' tried to use an insecure password in changepw",
- ad->pname, ad->pinst, ad->prealm);
-#ifdef notdef
- /* For debugging only, probably a bad idea */
- if (!no_pword)
- (void) krb_log("The password was %s\n", pword);
-#endif
- return(retval);
- } else {
- *outlen = strlen(bad_pw_warn) + strlen(pw_blurb)+1;
- if (*datout = (u_char *) malloc(*outlen)) {
- strcpy((char *) *datout, bad_pw_warn);
- strcat((char *) *datout, pw_blurb);
- } else
- *outlen = 0;
- (void) krb_log("'%s.%s@%s' used an insecure password in changepw",
- ad->pname, ad->pinst, ad->prealm);
- }
- } else {
- *datout = 0;
- *outlen = 0;
- }
-
retval = kadm_change(ad->pname, ad->pinst, ad->prealm, newkey);
keylow = keyhigh = 0;
memset(newkey, 0, sizeof(newkey));