void RPC2_setbindaddr(RPC2_HostIdent *host)
{
if (rpc2_bindhost.Tag == RPC2_HOSTBYADDRINFO)
RPC2_freeaddrinfo(rpc2_bindhost.Value.AddrInfo);
rpc2_bindhost.Tag = RPC2_DUMMYHOST;
if (!host)
return;
memcpy(&rpc2_bindhost, host, sizeof(RPC2_HostIdent));
if (host->Tag == RPC2_HOSTBYADDRINFO)
rpc2_bindhost.Value.AddrInfo = RPC2_copyaddrinfo(host->Value.AddrInfo);
}
static int TryBinding(const RPC2_Integer AuthenticationType,
const char *viceName, const int viceNamelen,
const char *vicePasswd, const int vicePasswdlen,
const struct RPC2_addrinfo *AuthHost, RPC2_Handle *RPCid)
{
RPC2_BindParms bp;
RPC2_HostIdent hident;
RPC2_SubsysIdent sident;
RPC2_CountedBS cident;
RPC2_EncryptionKey hkey;
long rc;
int len;
hident.Tag = RPC2_HOSTBYADDRINFO;
hident.Value.AddrInfo = RPC2_copyaddrinfo(AuthHost);
sident.Tag = RPC2_SUBSYSBYID;
sident.Value.SubsysId = htonl(AUTH_SUBSYSID);
cident.SeqLen = viceNamelen;
cident.SeqBody = (RPC2_ByteSeq)viceName;
len = vicePasswdlen;
if ( len > RPC2_KEYSIZE)
len = RPC2_KEYSIZE;
memset(hkey, 0, RPC2_KEYSIZE);
memcpy(hkey, vicePasswd, len);
bp.SecurityLevel = RPC2_SECURE;
bp.EncryptionType = RPC2_XOR;
bp.SideEffectType = 0;
bp.AuthenticationType = AuthenticationType;
bp.ClientIdent = &cident;
bp.SharedSecret = &hkey;
rc = RPC2_NewBinding(&hident, NULL, &sident, &bp, RPCid);
RPC2_freeaddrinfo(hident.Value.AddrInfo);
return (rc);
}
int main(int argc, char **argv)
{
char *p;
int insist;
int flags;
int c, pwlen;
char oldpw[128], newpw[128];
int ok, rc;
char *username = NULL;
const char *realm = NULL;
char *host = NULL;
struct RPC2_addrinfo *srvs;
if (argc > 1) {
if (strcmp(argv[1], "-h") == 0) {
if (argc < 3) {
printf("Usage: %s [-h SCM-host-name] [coda-user-name][@realm]\n", argv[0]);
exit(1);
}
host = argv[2];
argv += 2;
argc -= 2;
}
}
insist = 0;
if (argc >= 2) {
username = argv[1];
SplitRealmFromName(username, &realm);
}
if (!username || *username == '\0') {
#ifdef __CYGWIN32__
username = getlogin();
#else
struct passwd *pw = getpwuid(geteuid());
if (pw) {
username=pw->pw_name;
}
#endif
}
codaconf_init("venus.conf");
codaconf_init("auth2.conf");
CODACONF_STR(realm, "realm", NULL);
if (!username || !realm) {
fprintf (stderr, "Can't figure out your username or realm.\n");
fprintf (stderr, "Try \"cpasswd user[@realm]\"\n");
exit (1);
}
/* Make sure our arrays don't overflow. */
if (strlen(username) > 20) {
fprintf(stderr, "User name is invalid.\n");
exit(1);
}
printf("Changing password for %s@%s\n", username, realm);
/*
if (U_InitRPC() != 0) {
fprintf(stderr, "Internal error: RPC or vstab problems.\n");
exit(1);
}
*/
U_InitRPC();
strncpy(oldpw, getpass("Old password: "******"New password: "******"Password unchanged.\n");
exit(1);
}
/*
* Insure password is of reasonable length and
* composition. If we really wanted to make things
* sticky, we could check the dictionary for common
* words, but then things would really be slow.
*/
ok = 0;
flags = 0;
p = newpw;
while (( c = *p++) ) {
if (c >= 'a' && c <= 'z')
flags |= 2;
else if (c >= 'A' && c <= 'Z')
flags |= 4;
else if (c >= '0' && c <= '9')
flags |= 1;
else
flags |= 8;
}
if (flags >= 7 && pwlen >= 4)
ok = 1;
if ((flags == 2 || flags == 4) && pwlen >= 6)
ok = 1;
if ((flags == 3 || flags == 5 || flags == 6) && pwlen >= 5)
ok = 1;
if (!ok && insist < 2) {
printf("Please use %s.\n", flags == 1 ?
"at least one non-numeric character" :
"a longer password");
insist++;
goto tryagain;
}
if (strcmp(newpw, getpass("Retype new password: "******"Mismatch - password unchanged.\n");
exit(1);
}
srvs = U_GetAuthServers(realm, host);
rc = U_ChangePassword (srvs, username, newpw, AUTH_METHOD_CODAUSERNAME, username, strlen(username)+1, oldpw, strlen(oldpw)+1);
RPC2_freeaddrinfo(srvs);
switch(rc) {
case RPC2_DEAD:
printf("Server to change passwords down, try again later\n");
break;
case AUTH_DENIED:
printf("authentication failed, unable to change passwd for %s\n", username);
break;
case AUTH_SUCCESS:
printf("Password changed\n");
break;
case AUTH_BADKEY:
printf("Bad new password. Try again\n");
break;
case AUTH_READONLY:
printf("Auth server is read-only\n");
break;
case AUTH_FAILED:
printf("Auth failed\n");
break;
case RPC2_NOTAUTHENTICATED:
printf("bind failed; user unauthenticated\n");
break;
default:
printf("Authentication Failed: %s\n", RPC2_ErrorMsg(rc));
}
fflush(stdout);
exit(0);
}
long RPC2_Init(const char *VId, /* magic version string */
RPC2_Options *Options,
RPC2_PortIdent *Port, /* array of portal ids */
long RetryCount, /* max number of retries before breaking conn*/
struct timeval *KAInterval /* for keeping long RPC requests alive */
)
{
char *c;
long i;
PROCESS ctpid;
struct RPC2_addrinfo *rpc2_localaddrs;
long rc1 = RPC2_NOCONNECTION, rc2, rc;
short port = 0;
int verbose;
char *env;
rpc2_logfile = stderr;
rpc2_tracefile = stderr;
rpc2_Enter();
say(1, RPC2_DebugLevel, "RPC2_Init()\n");
say(999, RPC2_DebugLevel, "Runtime system version: \"%s\"\n", RPC2_VERSION);
if (strcmp(VId, RPC2_VERSION) != 0)
{
say(-1, RPC2_DebugLevel, "RPC2_Init(): Wrong RPC2 version\n");
rpc2_Quit (RPC2_WRONGVERSION);
}
/* rpc2_InitConn returns 0 if we're already initialized */
if (rpc2_InitConn() == 0) rpc2_Quit(RPC2_SUCCESS);
if (Options && (Options->Flags & RPC2_OPTION_IPV6))
rpc2_ipv6ready = 1;
env = getenv("RPC2SEC_KEYSIZE");
if (env)
RPC2_Preferred_Keysize = atoi(env);
if (RPC2_Preferred_Keysize > 64)
RPC2_Preferred_Keysize /= 8;
/* Do we accept only secure connections, default is yes. This can be
* disabled by setting the RPC2SEC_ONLY to 0, false, no, (nada, forgetit) */
env = getenv("RPC2SEC_ONLY");
RPC2_secure_only = !env || (env && memchr("0fFnN", *env, 5) == NULL);
verbose = (Options && (Options->Flags & RPC2_OPTION_VERBOSE_INIT));
secure_init(verbose);
rpc2_InitMgrp();
rpc2_InitHost();
rpc2_localaddrs = rpc2_resolve(&rpc2_bindhost, Port);
if (!rpc2_localaddrs) {
say(-1, RPC2_DebugLevel, "RPC2_Init(): Couldn't get addrinfo for localhost!\n");
rpc2_Quit(RPC2_FAIL);
}
#ifdef PF_INET6
rc1 = rpc2_CreateIPSocket(PF_INET6, &rpc2_v6RequestSocket,
rpc2_localaddrs, &port);
#endif
rc2 = rpc2_CreateIPSocket(PF_INET, &rpc2_v4RequestSocket,
rpc2_localaddrs, &port);
RPC2_freeaddrinfo(rpc2_localaddrs);
/* rc should probably be the most 'positive' result of the two */
rc = (rc1 > rc2) ? rc1 : rc2;
if (rc < RPC2_ELIMIT) {
say(-1, RPC2_DebugLevel, "RPC2_Init(): Couldn't create socket\n");
rpc2_Quit(rc);
}
rpc2_LocalPort.Tag = RPC2_PORTBYINETNUMBER;
rpc2_LocalPort.Value.InetPortNumber = port;
if (Port)
*Port = rpc2_LocalPort;
/* Initialize retry parameters */
if (rpc2_InitRetry(RetryCount, KAInterval) != 0) {
say(-1, RPC2_DebugLevel,"RPC2_Init(): Failed to init retryintervals\n");
rpc2_Quit(RPC2_FAIL);
}
IOMGR_Initialize();
TM_Init(&rpc2_TimerQueue);
/* Register rpc2 packet handler with rpc2_SocketListener before
* initializing the sideeffects */
SL_RegisterHandler(RPC2_PROTOVERSION, rpc2_HandlePacket);
/* Call side effect initialization routines */
for (i = 0; i < SE_DefCount; i++)
if (SE_DefSpecs[i].SE_Init != NULL)
if ((*SE_DefSpecs[i].SE_Init)() < RPC2_ELIMIT) {
say(-1, RPC2_DebugLevel, "RPC2_Init(): Failed to init SE\n");
rpc2_Quit(RPC2_SEFAIL2);
}
c = "SocketListener";
LWP_CreateProcess(rpc2_SocketListener, 32768, LWP_NORMAL_PRIORITY, NULL,
c, &rpc2_SocketListenerPID);
c = "ClockTick";
LWP_CreateProcess(rpc2_ClockTick, 16384, LWP_NORMAL_PRIORITY, NULL, c, &ctpid);
LUA_init();
if (rc != RPC2_SUCCESS)
say(-1, RPC2_DebugLevel, "RPC2_Init(): Exiting with error\n");
rpc2_Quit(rc);
}