static int change_password(krb5_context context, krb5_principal principal, krb5_ccache id) { krb5_data result_code_string, result_string; int result_code; krb5_error_code ret; char pwbuf[BUFSIZ]; char *msg, *name; int aret; krb5_data_zero (&result_code_string); krb5_data_zero (&result_string); name = msg = NULL; if (principal == NULL) aret = asprintf(&msg, "New password: "******"krb5_unparse_name"); aret = asprintf(&msg, "New password for %s: ", name); } if (aret == -1 || msg == NULL) krb5_errx (context, 1, "out of memory"); ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), msg, 1); free(msg); if (name) free(name); if (ret != 0) { return 1; } ret = krb5_set_password_using_ccache (context, id, pwbuf, principal, &result_code, &result_code_string, &result_string); if (ret) { krb5_warn (context, ret, "krb5_set_password_using_ccache"); return 1; } printf ("%s%s%.*s\n", krb5_passwd_result_to_string(context, result_code), result_string.length > 0 ? " : " : "", (int)result_string.length, result_string.length > 0 ? (char *)result_string.data : ""); krb5_data_free (&result_code_string); krb5_data_free (&result_string); return ret != 0; }
/* * Push a password change to Active Directory. Takes the module * configuration, a Kerberos context, the principal whose password is being * changed (we will have to change the realm), and the new password and its * length. Returns a Kerberos error code. */ krb5_error_code sync_ad_chpass(kadm5_hook_modinfo *config, krb5_context ctx, krb5_principal principal, const char *password) { krb5_error_code code; char *target = NULL; krb5_ccache ccache; krb5_principal ad_principal = NULL; int result_code; krb5_data result_code_string, result_string; /* Ensure the configuration is sane. */ CHECK_CONFIG(ad_realm); /* Get the credentials we'll use to make the change in AD. */ code = get_creds(config, ctx, &ccache); if (code != 0) return code; /* Get the corresponding AD principal. */ code = get_ad_principal(config, ctx, principal, &ad_principal); if (code != 0) goto done; /* This is just for logging purposes. */ code = krb5_unparse_name(ctx, ad_principal, &target); if (code != 0) goto done; /* Do the actual password change and record any error. */ code = krb5_set_password_using_ccache(ctx, ccache, (char *) password, ad_principal, &result_code, &result_code_string, &result_string); if (code != 0) goto done; if (result_code != 0) { code = sync_error_generic(ctx, "password change failed for %s: (%d)" " %.*s%s%.*s", target, result_code, (int) result_code_string.length, (char *) result_code_string.data, result_string.length ? ": " : "", (int) result_string.length, (char *) result_string.data); goto done; } free(result_string.data); free(result_code_string.data); sync_syslog_info(config, "krb5-sync: %s password changed", target); done: krb5_cc_destroy(ctx, ccache); if (target != NULL) krb5_free_unparsed_name(ctx, target); if (ad_principal != NULL) krb5_free_principal(ctx, ad_principal); return code; }
static PyObject * k5_set_password(PyObject *self, PyObject *args) { int result_code; char *name, *newpass; krb5_context ctx; krb5_error_code code; krb5_principal principal; krb5_data result_code_string, result_string; krb5_ccache ccache; if (!PyArg_ParseTuple(args, "ss", &name, &newpass)) return NULL; /* Initialize parameters. */ code = krb5_init_context(&ctx); RETURN_ON_ERROR("krb5_init_context()", code); code = krb5_parse_name(ctx, name, &principal); RETURN_ON_ERROR("krb5_parse_name()", code); /* Get credentials */ code = krb5_cc_default(ctx, &ccache); RETURN_ON_ERROR("krb5_cc_default()", code); /* Set password */ code = krb5_set_password_using_ccache(ctx, ccache, newpass, principal, &result_code, &result_code_string, &result_string); RETURN_ON_ERROR("krb5_set_password_using_ccache()", code); /* Any other error? */ if (result_code != 0) { _k5_set_password_error(&result_code_string, &result_string); return NULL; } /* Free up results. */ if (result_code_string.data != NULL) free(result_code_string.data); if (result_string.data != NULL) free(result_string.data); Py_INCREF(Py_None); return Py_None; }
int main( int argc, char ** argv ) { char * new_password; char * new_password2; krb5_context kcontext; krb5_error_code kerr; krb5_principal target_principal; if( argc < 2 ) { fprintf( stderr, "Usage: setpass user@REALM\n"); exit(1); } /* ** verify credentials - */ if( verify_creds() ) init_creds(); if( verify_creds() ) { fprintf( stderr, "No user credentials available\n"); exit(1); } /* ** check the principal name - */ krb5_init_context(&kcontext); kerr = krb5_parse_name( kcontext, argv[1], &target_principal ); { char * pname = NULL; kerr = krb5_unparse_name( kcontext, target_principal, &pname ); printf( "Changing password for %s:\n", pname); fflush( stdout ); free( pname ); } /* ** get the new password - */ for (;;) { new_password = getpass("Enter new password: "******"Verify new password: "******"Passwords do not match\n"); free( new_password ); free( new_password2 ); } /* ** change the password - */ { int pw_result; krb5_ccache ccache; krb5_data pw_res_string, res_string; kerr = krb5_cc_default( kcontext, &ccache ); if( kerr == 0 ) { kerr = krb5_set_password_using_ccache(kcontext, ccache, new_password, target_principal, &pw_result, &pw_res_string, &res_string ); if( kerr ) fprintf( stderr, "Failed: %s\n", error_message(kerr) ); else { if( pw_result ) { fprintf( stderr, "Failed(%d)", pw_result ); if( pw_res_string.length > 0 ) fprintf( stderr, ": %s", pw_res_string.data); if( res_string.length > 0 ) fprintf( stderr, " %s", res_string.data); fprintf( stderr, "\n"); } } } } return(0); }