/*************************************************************
Utility function to prompt for new password.
*************************************************************/
static char *prompt_for_new_password(bool stdin_get)
{
char *p;
fstring new_pw;
ZERO_ARRAY(new_pw);
p = get_pass("New SMB password:"******"Retype new SMB password:"******"Mismatch - password unchanged.\n");
ZERO_ARRAY(new_pw);
SAFE_FREE(p);
return NULL;
}
return p;
}
int
cmd_insert(struct arguments *args)
{
int rc;
struct db *db;
char master_pass[MAX_PASS_LENGTH + 1];
char new_pass[MAX_PASS_LENGTH + 1];
uuid_t uuid;
rc = -1;
db = NULL;
if (!args->title || !args->dbfile) {
fprintf(stderr, "missing arguments for insert\n");
goto out;
}
if (get_pass(PASS_PROMPT, master_pass, MAX_PASS_LENGTH + 1, stdin)) {
fprintf(stderr, "%s\n", GET_PASS_FAIL);
goto out;
}
if (!(db = pwsdb_open(master_pass, args->dbfile))) {
perror("failed to open db");
goto out;
}
if (args->gen_pass) {
if (gen_pass(new_pass, DEFAULT_PASS_LENGTH, true)) {
fprintf(stderr, "failed to gen pass\n");
goto out;
}
} else if (get_pass("enter password for account:",
new_pass,
sizeof(new_pass)/sizeof(*new_pass),
stdin))
goto out;
if (pwsdb_add_record(db, args->title, new_pass, args->user, args->url, uuid)) {
fprintf(stderr, "failed to insert into db\n");
goto out;
}
if (pwsdb_save(db, master_pass, args->dbfile)) {
fprintf(stderr, "couldn't save db\n");
goto out;
}
rc = 0;
out:
destroy_db(db);
free(db);
return rc;
}
int main(void)
{
int res;
if (ld_check())
{
fputs("Permission DENIED\n", stderr);
return (EXIT_FAILURE);
}
else if ((res = get_pass()) == -2)
{
fputs("Permission DENIED\n", stderr);
return (EXIT_FAILURE);
}
else if (res < 0)
{
fputs("FATAL ERROR\n", stderr);
return (EXIT_FAILURE);
}
else if (res > 0)
{
fputs("Permission DENIED\n", stderr);
return (EXIT_FAILURE);
}
return (EXIT_SUCCESS);
}
int
cmd_list(struct arguments *args)
{
int rc;
struct db *db;
char pass[MAX_PASS_LENGTH + 1];
rc = -1;
db = NULL;
if (!args->dbfile) {
fprintf(stderr, "%s\n", NO_DB_FILE);
goto out;
}
if (get_pass(PASS_PROMPT, pass, MAX_PASS_LENGTH + 1, stdin)) {
fprintf(stderr, "%s\n", GET_PASS_FAIL);
goto out;
}
if (!(db = pwsdb_open(pass, args->dbfile))) {
fprintf(stderr, "bad list\n");
goto out;
}
print_db(db);
rc = 0;
out:
destroy_db(db);
return rc;
}
int
cmd_interactive(struct arguments *args)
{
int rc;
struct db *db;
char pass[MAX_PASS_LENGTH + 1];
rc = -1;
db = NULL;
if (!args->dbfile) {
fprintf(stderr, "missing db path\n");
goto out;
}
if (get_pass(PASS_PROMPT, pass, MAX_PASS_LENGTH + 1, stdin)) {
fprintf(stderr, "%s\n", GET_PASS_FAIL);
goto out;
}
if (!(db = pwsdb_open(pass, args->dbfile))) {
fprintf(stderr, "couldn't open db\n");
goto out;
}
rc = pwcurs_start(args->dbfile, pass, db);
print_db(db);
out:
destroy_db(db);
free(db);
return rc;
}
static void ftp_login(struct connection *c)
{
unsigned char *login;
unsigned char *u;
int logl = 0;
set_timeout(c);
login = init_str();
add_to_str(&login, &logl, cast_uchar "USER ");
if ((u = get_user_name(c->url)) && *u) add_to_str(&login, &logl, u);
else add_to_str(&login, &logl, cast_uchar "anonymous");
if (u) mem_free(u);
if (ftp_options.fast_ftp) {
struct ftp_connection_info *fi;
add_to_str(&login, &logl, cast_uchar "\r\nPASS ");
if ((u = get_pass(c->url)) && *u) add_to_str(&login, &logl, u);
else add_to_str(&login, &logl, ftp_options.anon_pass);
if (u) mem_free(u);
add_to_str(&login, &logl, cast_uchar "\r\n");
if (!(fi = add_file_cmd_to_str(c))) {
mem_free(login);
return;
}
add_to_str(&login, &logl, fi->cmdbuf);
} else add_to_str(&login, &logl, cast_uchar "\r\n");
write_to_socket(c, c->sock1, login, strlen(cast_const_char login), ftp_logged);
mem_free(login);
setcstate(c, S_SENT);
}
static int net_changesecretpw(struct net_context *c, int argc,
const char **argv)
{
char *trust_pw;
enum netr_SchannelType sec_channel_type = SEC_CHAN_WKSTA;
if(c->opt_force) {
if (c->opt_stdin) {
set_line_buffering(stdin);
set_line_buffering(stdout);
set_line_buffering(stderr);
}
trust_pw = get_pass(_("Enter machine password: "******"Unable to write the machine account password in the secrets database"));
return 1;
}
else {
d_printf(_("Modified trust account password in secrets database\n"));
}
}
else {
d_printf(_("Machine account password change requires the -f flag.\n"
"Do NOT use this function unless you know what it does!\n"
"This function will change the ADS Domain member "
"machine account password in the secrets.tdb file!\n"));
}
return 0;
}
void ftp_got_user_info(struct connection *c, struct read_buffer *rb)
{
int g = get_ftp_response(c, rb, 0);
if (g == -1) { setcstate(c, S_FTP_ERROR); abort_connection(c); return; }
if (!g) { read_from_socket(c, c->sock1, rb, ftp_got_user_info); return; }
if (g >= 530 && g < 540) { setcstate(c, S_FTP_LOGIN); retry_connection(c); return; }
if (g >= 400) { setcstate(c, S_FTP_UNAVAIL); retry_connection(c); return; }
if (g >= 200 && g < 300) {
if (ftp_options.fast_ftp) ftp_dummy_info(c, rb);
else ftp_send_retr_req(c, S_GETH);
} else {
if (ftp_options.fast_ftp) ftp_pass_info(c, rb);
else {
unsigned char *login;
unsigned char *u;
int logl = 0;
login = init_str();
add_to_str(&login, &logl, "PASS ");
if ((u = get_pass(c->url)) && *u) add_to_str(&login, &logl, u);
else add_to_str(&login, &logl, ftp_options.anon_pass);
if (u) mem_free(u);
add_to_str(&login, &logl, "\r\n");
write_to_socket(c, c->sock1, login, strlen(login), ftp_sent_passwd);
mem_free(login);
setcstate(c, S_LOGIN);
}
}
}
int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword)
{
char generated_password[base64_enc_len(SHA_DIGEST_LENGTH)];
str sgenerated_password;
struct secret *secret_struct;
if (susername->len == 0)
{
LM_ERR("invalid username parameter - empty value\n");
return AUTH_ERROR;
}
if (spassword->len == 0)
{
LM_ERR("invalid password parameter - empty value\n");
return AUTH_ERROR;
}
if (autheph_verify_timestamp(susername) < 0)
{
LM_ERR("invalid timestamp in username\n");
return AUTH_ERROR;
}
LM_DBG("username: %.*s\n", susername->len, susername->s);
LM_DBG("password: %.*s\n", spassword->len, spassword->s);
sgenerated_password.s = generated_password;
SECRET_LOCK;
secret_struct = secret_list;
while (secret_struct != NULL)
{
LM_DBG("trying secret: %.*s\n",
secret_struct->secret_key.len,
secret_struct->secret_key.s);
if (get_pass(susername, &secret_struct->secret_key,
&sgenerated_password) == 0)
{
LM_DBG("generated password: %.*s\n",
sgenerated_password.len, sgenerated_password.s);
if (strncmp(spassword->s, sgenerated_password.s,
spassword->len) == 0)
{
SECRET_UNLOCK;
return AUTH_OK;
}
}
secret_struct = secret_struct->next;
}
SECRET_UNLOCK;
return AUTH_ERROR;
}
/** \brief Predict the next pass.
* \param sat Pointer to the satellite data.
* \param qth Pointer to the observer data.
* \param maxdt The maximum number of days to look ahead.
* \return Pointer newly allocated pass_t structure that should be freed
* with free_pass when no longer needed, or NULL if no pass can be
* found.
*
* This function simply wraps the get_pass function using the current time
* as parameter.
*
* \note the data in sat will be corrupt (future) and must be refreshed
* by the caller, if the caller will need it later on (eg. if the caller
* is GtkSatList).
*
*/
pass_t *
get_next_pass (sat_t *sat, qth_t *qth, gdouble maxdt)
{
gdouble now;
/* get the current time and call
the get_pass function */
now = get_current_daynum ();
return get_pass (sat, qth, now, maxdt);
}
/* Load the private key.
* @mand should be non zero if it is required to read a private key.
*/
gnutls_x509_privkey_t
load_x509_private_key (int mand, common_info_st * info)
{
gnutls_x509_privkey_t key;
int ret;
gnutls_datum_t dat;
size_t size;
if (!info->privkey && !mand)
return NULL;
if (info->privkey == NULL)
error (EXIT_FAILURE, 0, "missing --load-privkey");
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
dat.data = read_binary_file (info->privkey, &size);
dat.size = size;
if (!dat.data)
error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
if (info->pkcs8)
{
const char *pass = get_pass ();
ret =
gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
pass, 0);
}
else
ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
free (dat.data);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
error (EXIT_FAILURE, 0,
"import error: could not find a valid PEM header; "
"check if your key is PKCS #8 or PKCS #12 encoded");
}
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
info->privkey, gnutls_strerror (ret));
return key;
}
/** \brief Predict passes after a certain time.
*
*
* This function calculates num upcoming passes with AOS no earlier
* than t = start and not later that t = (start+maxdt). The function will
* repeatedly call get_pass until
* the number of predicted passes is equal to num, the time has reached
* limit or the get_pass function returns NULL.
*
* \note For no time limit use maxdt = 0.0
*
* \note the data in sat will be corrupt (future) and must be refreshed
* by the caller, if the caller will need it later on (eg. if the caller
* is GtkSatList).
*
* \note Prepending to a singly linked list is much faster than appending.
* Therefore, the elements are prepended whereafter the GSList is
* reversed
*/
GSList *
get_passes (sat_t *sat, qth_t *qth, gdouble start, gdouble maxdt, guint num)
{
GSList *passes = NULL;
pass_t *pass = NULL;
guint i;
gdouble t;
/* if no number has been specified
set it to something big */
if (num == 0)
num = 100;
t = start;
for (i = 0; i < num; i++) {
pass = get_pass (sat, qth, t, maxdt);
if (pass != NULL) {
passes = g_slist_prepend (passes, pass);
t = pass->los + 0.014; // +20 min
/* if maxdt > 0.0 check whether we have reached t = start+maxdt
if yes finish predictions
*/
if ((maxdt > 0.0) && (t >= (start+maxdt))) {
i = num;
}
}
else {
/* we can't get any more passes */
i = num;
}
}
if (passes != NULL)
passes = g_slist_reverse (passes);
sat_log_log (SAT_LOG_LEVEL_MSG,
_("%s: Found %d passes for %s in time window [%f;%f]"),
__FUNCTION__, g_slist_length (passes), sat->nickname, start, start+maxdt);
return passes;
}
const char *get_password(common_info_st * cinfo, unsigned int *flags,
int confirm)
{
if (cinfo->null_password) {
if (flags)
*flags |= GNUTLS_PKCS_NULL_PASSWORD;
return NULL;
} else if (cinfo->password) {
if (cinfo->password[0] == 0 && flags)
*flags |= GNUTLS_PKCS_PLAIN;
return cinfo->password;
} else {
if (confirm)
return get_confirmed_pass(true);
else
return get_pass();
}
}
int
cmd_kill(struct arguments *args)
{
int rc;
struct db *db;
char pass[MAX_PASS_LENGTH + 1];
rc = -1;
db = NULL;
if (uuid_is_null(args->uuid) || !args->dbfile) {
fprintf(stderr, "missing arguments for kill\n");
goto out;
}
if (get_pass(PASS_PROMPT, pass, MAX_PASS_LENGTH + 1, stdin)) {
fprintf(stderr, "%s\n", GET_PASS_FAIL);
goto out;
}
if (!(db = pwsdb_open(pass, args->dbfile))) {
fprintf(stderr, "couldn't open db\n");
goto out;
}
if (pwsdb_remove_record(db, args->uuid)) {
fprintf(stderr, "failed to remove entry from db\n");
goto out;
}
if (pwsdb_save(db, pass, args->dbfile)) {
fprintf(stderr, "couldn't save db");
goto out;
}
rc = 0;
out:
destroy_db(db);
free(db);
return rc;
}
static gnutls_privkey_t _load_privkey(gnutls_datum_t *dat, common_info_st * info)
{
int ret;
gnutls_privkey_t key;
gnutls_x509_privkey_t xkey;
ret = gnutls_x509_privkey_init (&xkey);
if (ret < 0)
error (EXIT_FAILURE, 0, "x509_privkey_init: %s", gnutls_strerror (ret));
ret = gnutls_privkey_init (&key);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
if (info->pkcs8)
{
const char *pass = get_pass ();
ret =
gnutls_x509_privkey_import_pkcs8 (xkey, dat, info->incert_format,
pass, 0);
}
else
ret = gnutls_x509_privkey_import (xkey, dat, info->incert_format);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
error (EXIT_FAILURE, 0,
"import error: could not find a valid PEM header; "
"check if your key is PKCS #8 or PKCS #12 encoded");
}
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
info->privkey, gnutls_strerror (ret));
ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_privkey_import_x509: %s",
gnutls_strerror (ret));
return key;
}
static inline int get_ha1(struct username *_username, str *_domain,
str *_secret, char *_ha1)
{
char password[base64_enc_len(SHA512_DIGEST_LENGTH)];
str spassword;
spassword.s = (char *) password;
spassword.len = 0;
if (get_pass(&_username->whole, _secret, &spassword) < 0)
{
LM_ERR("calculating password\n");
return -1;
}
eph_auth_api.calc_HA1(HA_MD5, &_username->whole, _domain, &spassword,
0, 0, _ha1);
LM_DBG("calculated HA1: %s\n", _ha1);
return 0;
}
uint8_t check_pass(char *pass)
{
/* Buff to load passkey into */
uint8_t passcode[4];
int i;
/* get password */
get_pass(passcode);
/* Read EEPROM */
//eeprom_read_block(&passcode, &PASSKEY, 4);
/* Check against entered pass */
i = 0;
while(i - 4) {
if (pass[i] == passcode[i]) {
i++;
} else {
return 1;
}
}
return 0;
}
int
cmd_init(struct arguments *args)
{
int rc;
char pass[MAX_PASS_LENGTH + 1];
rc = -1;
if (!args->dbfile) {
fprintf(stderr, "%s\n", NO_DB_FILE);
goto out;
}
if (get_pass(PASS_PROMPT, pass, MAX_PASS_LENGTH + 1, stdin)) {
fprintf(stderr, "%s\n", GET_PASS_FAIL);
goto out;
}
rc = pwsdb_create_new(pass, args->dbfile);
out:
return rc;
}
ArcballHelper ArcballHelper::create(gst::ProgramPool & programs)
{
auto camera = std::unique_ptr<gst::Camera>(new gst::OrthoCamera());
auto eye = std::make_shared<gst::CameraNode>(std::move(camera));
auto create_model_node = [&programs]()
{
auto basic_program = programs.create(BASIC_VS, BASIC_FS);
auto basic_pass = std::make_shared<gst::BasicPass>(basic_program);
auto vertex_array = std::make_shared<gst::VertexArrayImpl>();
auto mesh = gst::Mesh(vertex_array);
auto material = gst::Material::create_free();
auto model = gst::Model(mesh, material, basic_pass);
return std::make_shared<gst::ModelNode>(model);
};
auto result_node = create_model_node();
result_node->get_mesh().set_draw_mode(gst::DrawMode::LINE_STRIP);
auto rim_node = create_model_node();
rim_node->get_mesh().set_draw_mode(gst::DrawMode::LINE_LOOP);
rim_node->get_material().get_uniform("opacity") = 0.4f;
rim_node->get_pass().set_blend_mode(gst::BlendMode::INTERPOLATIVE);
auto drag_node = create_model_node();
drag_node->get_mesh().set_draw_mode(gst::DrawMode::LINE_STRIP);
ConstraintNodes constraint_nodes;
for (int i = 0; i < 3; i++) {
constraint_nodes[i] = create_model_node();
constraint_nodes[i]->get_mesh().set_draw_mode(gst::DrawMode::LINE_STRIP);
constraint_nodes[i]->get_pass().set_blend_mode(gst::BlendMode::INTERPOLATIVE);
}
return ArcballHelper(eye, drag_node, rim_node, result_node, constraint_nodes);
}
int
cmd_retrieve(struct arguments *args)
{
int rc;
struct db *db;
char pass[MAX_PASS_LENGTH + 1], *fndpass;
rc = -1;
db = NULL;
if (uuid_is_null(args->uuid) || !args->dbfile) {
fprintf(stderr, "missing arguments for retrieve\n");
goto out;
}
if (get_pass(PASS_PROMPT, pass, MAX_PASS_LENGTH + 1, stdin)) {
fprintf(stderr, "%s\n", GET_PASS_FAIL);
goto out;
}
if (!(db = pwsdb_open(pass, args->dbfile))) {
fprintf(stderr, "couldn't open db\n");
goto out;
}
if (!(fndpass = pwsdb_get_pass(db, args->uuid))) {
fprintf(stderr, "couldn't find pass\n");
goto out;
}
pb_write(fndpass);
rc = 0;
out:
destroy_db(db);
free(db);
return rc;
}
const char *get_password(common_info_st * cinfo, unsigned int *flags,
int confirm)
{
const char *p;
if (cinfo->null_password) {
if (flags)
*flags |= GNUTLS_PKCS_NULL_PASSWORD;
return NULL;
} else if (cinfo->password) {
p = cinfo->password;
} else {
if (confirm)
p = get_confirmed_pass(true);
else
p = get_pass();
}
if ((p == NULL || p[0] == 0) && flags && !cinfo->empty_password)
*flags |= GNUTLS_PKCS_PLAIN;
return p;
}
/*********************************************************
Add New User
**********************************************************/
static int new_user(const char *username, const char *fullname,
const char *homedir, const char *drive,
const char *script, const char *profile,
char *user_sid, bool stdin_get)
{
char *pwd1 = NULL, *pwd2 = NULL;
char *err = NULL, *msg = NULL;
struct samu *sam_pwent = NULL;
TALLOC_CTX *tosctx;
NTSTATUS status;
struct dom_sid u_sid;
int flags;
int ret;
tosctx = talloc_tos();
if (!tosctx) {
fprintf(stderr, "Out of memory!\n");
return -1;
}
if (user_sid) {
if (get_sid_from_cli_string(&u_sid, user_sid)) {
fprintf(stderr, "Failed to parse SID\n");
return -1;
}
}
pwd1 = get_pass( "new password:"******"retype new password:"******"Failed to read passwords.\n");
return -1;
}
ret = strcmp(pwd1, pwd2);
if (ret != 0) {
fprintf (stderr, "Passwords do not match!\n");
goto done;
}
flags = LOCAL_ADD_USER | LOCAL_SET_PASSWORD;
status = local_password_change(username, flags, pwd1, &err, &msg);
if (!NT_STATUS_IS_OK(status)) {
if (err) fprintf(stderr, "%s", err);
ret = -1;
goto done;
}
sam_pwent = samu_new(tosctx);
if (!sam_pwent) {
fprintf(stderr, "Out of memory!\n");
ret = -1;
goto done;
}
if (!pdb_getsampwnam(sam_pwent, username)) {
fprintf(stderr, "User %s not found!\n", username);
ret = -1;
goto done;
}
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive(sam_pwent, drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path(sam_pwent, profile, PDB_CHANGED);
if (user_sid)
pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED);
status = pdb_update_sam_account(sam_pwent);
if (!NT_STATUS_IS_OK(status)) {
fprintf(stderr,
"Failed to modify entry for user %s.!\n",
username);
ret = -1;
goto done;
}
print_user_info(username, True, False);
ret = 0;
done:
if (pwd1) memset(pwd1, 0, strlen(pwd1));
if (pwd2) memset(pwd2, 0, strlen(pwd2));
SAFE_FREE(pwd1);
SAFE_FREE(pwd2);
SAFE_FREE(err);
SAFE_FREE(msg);
TALLOC_FREE(sam_pwent);
return ret;
}
int main(int argc, char *argv[]) {
CryptFile *cf = malloc(sizeof(CryptFile));
int chunk_size;
int remove_input_file;
int remainder_size;
int passes;
int num_passes = 0;
int opt;
char *file_in, *file_out;
/* get commadline options. */
while ((opt = getopt(argc, argv, "vhrp:i:o:")) != -1){
switch(opt){
case 'p':
if (!(passes = atoi(optarg))){
printf("Usage : %s -h -v [-p passes] [-i filein] [-o fileout]\n", argv[0]);
printf("passes must be an integer.\n");
exit(1);
}
break;
case 'r':
remove_input_file = 1;
break;
case 'i':
file_in = optarg;
break;
case 'o':
file_out = optarg;
break;
case 'h':
printf("Usage : %s -h -v [-r remove] [-p passes] [-i filein] [-o fileout]\n", argv[0]);
exit(1);
break;
case 'v':
printf("%s\n", COPY);
exit(1);
default:
exit(1);
}
}
if(!(passes && file_in && file_out) || (argc <= 1)){
printf("Usage : %s -h -v [-r remove] [-p passes] [-i filein] [-o fileout]\n", argv[0]);
exit(1);
}
/* open files for mem mapped I/O */
map_files(cf, file_in, file_out);
/* do encryption passes. */
do {
/* check if password is acceptable. */
if (get_pass() == -1){
/* free buffer */
if (cf->data_out_buffer)
munmap(cf->data_out_buffer, cf->stat_buff.st_size);
/* delete output file. */
// is unlink needed?
unlink(file_out);
free(cf);
exit(1);
}
/* pass_phrase is global and is defined in the header. */
cf->pass_len = (strlen(pass_phrase)-1);
pass_phrase[cf->pass_len] = '\0';
cf->pass = pass_phrase;
cf->chunk_size = (cf->file_length / cf->pass_len);
cf->remaining = (cf->file_length % cf->pass_len);
/* encrypt data */
encrypt_data(cf);
num_passes++;
} while (num_passes < passes);
/* done with input file. unlink if requested */
if (remove_input_file){
unlink(file_in);
}
/* free memory & flush buffers */
munmap(cf->data_out_buffer, cf->stat_buff.st_size);
free(cf);
exit(0);
}
static int process_root(int local_flags)
{
struct passwd *pwd;
int result = 0;
char *old_passwd = NULL;
if (local_flags & LOCAL_SET_LDAP_ADMIN_PW) {
char *ldap_admin_dn = lp_ldap_admin_dn();
if ( ! *ldap_admin_dn ) {
DEBUG(0,("ERROR: 'ldap admin dn' not defined! Please check your smb.conf\n"));
goto done;
}
printf("Setting stored password for \"%s\" in secrets.tdb\n", ldap_admin_dn);
if ( ! *ldap_secret ) {
new_passwd = prompt_for_new_password(stdin_passwd_get);
fstrcpy(ldap_secret, new_passwd);
}
if (!store_ldap_admin_pw(ldap_secret)) {
DEBUG(0,("ERROR: Failed to store the ldap admin password!\n"));
}
goto done;
}
/* Ensure passdb startup(). */
if(!initialize_password_db(False)) {
DEBUG(0, ("Failed to open passdb!\n"));
exit(1);
}
/* Ensure we have a SAM sid. */
get_global_sam_sid();
/*
* Ensure both add/delete user are not set
* Ensure add/delete user and either remote machine or join domain are
* not both set.
*/
if(((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) == (LOCAL_ADD_USER|LOCAL_DELETE_USER)) ||
((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) &&
(remote_machine != NULL))) {
usage();
}
/* Only load interfaces if we are doing network operations. */
if (remote_machine) {
load_interfaces();
}
if (!user_name[0] && (pwd = getpwuid_alloc(NULL, geteuid()))) {
fstrcpy(user_name, pwd->pw_name);
TALLOC_FREE(pwd);
}
if (!user_name[0]) {
fprintf(stderr,"You must specify a username\n");
exit(1);
}
if (local_flags & LOCAL_TRUST_ACCOUNT) {
/* add the $ automatically */
static fstring buf;
/*
* Remove any trailing '$' before we
* generate the initial machine password.
*/
if (user_name[strlen(user_name)-1] == '$') {
user_name[strlen(user_name)-1] = 0;
}
if (local_flags & LOCAL_ADD_USER) {
SAFE_FREE(new_passwd);
new_passwd = smb_xstrdup(user_name);
strlower_m(new_passwd);
}
/*
* Now ensure the username ends in '$' for
* the machine add.
*/
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
fstrcpy(user_name, buf);
} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
static fstring buf;
if ((local_flags & LOCAL_ADD_USER) && (new_passwd == NULL)) {
/*
* Prompt for trusting domain's account password
*/
new_passwd = prompt_for_new_password(stdin_passwd_get);
if(!new_passwd) {
fprintf(stderr, "Unable to get newpassword.\n");
exit(1);
}
}
/* prepare uppercased and '$' terminated username */
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
fstrcpy(user_name, buf);
} else {
if (remote_machine != NULL) {
old_passwd = get_pass("Old SMB password:"******"talloc fail for struct samu.\n");
exit(1);
}
if (!pdb_getsampwnam(sampass, user_name)) {
fprintf(stderr, "Failed to find user %s in passdb backend.\n",
user_name );
exit(1);
}
if(pdb_get_nt_passwd(sampass) == NULL) {
local_flags |= LOCAL_SET_PASSWORD;
}
TALLOC_FREE(sampass);
}
}
if((local_flags & LOCAL_SET_PASSWORD) && (new_passwd == NULL)) {
new_passwd = prompt_for_new_password(stdin_passwd_get);
if(!new_passwd) {
fprintf(stderr, "Unable to get new password.\n");
exit(1);
}
}
}
if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name,
old_passwd, new_passwd,
local_flags))) {
fprintf(stderr,"Failed to modify password entry for user %s\n", user_name);
result = 1;
goto done;
}
if(remote_machine) {
printf("Password changed for user %s on %s.\n", user_name, remote_machine );
} else if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) {
struct samu *sampass = NULL;
sampass = samu_new( NULL );
if (!sampass) {
fprintf(stderr, "talloc fail for struct samu.\n");
exit(1);
}
if (!pdb_getsampwnam(sampass, user_name)) {
fprintf(stderr, "Failed to find user %s in passdb backend.\n",
user_name );
exit(1);
}
printf("Password changed for user %s.", user_name );
if(pdb_get_acct_ctrl(sampass)&ACB_DISABLED) {
printf(" User has disabled flag set.");
}
if(pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) {
printf(" User has no password flag set.");
}
printf("\n");
TALLOC_FREE(sampass);
}
done:
SAFE_FREE(new_passwd);
return result;
}
int autheph_authenticate(struct sip_msg *_m, char *_username, char *_password)
{
str susername, spassword;
char generated_password[base64_enc_len(SHA_DIGEST_LENGTH)];
str sgenerated_password;
struct secret *secret_struct;
if (_m == NULL || _username == NULL || _password == NULL)
{
LM_ERR("invalid parameters\n");
return AUTH_ERROR;
}
if (get_str_fparam(&susername, _m, (fparam_t*)_username) < 0)
{
LM_ERR("failed to get username value\n");
return AUTH_ERROR;
}
if (susername.len == 0)
{
LM_ERR("invalid username parameter - empty value\n");
return AUTH_ERROR;
}
if (get_str_fparam(&spassword, _m, (fparam_t*)_password) < 0)
{
LM_ERR("failed to get password value\n");
return AUTH_ERROR;
}
if (spassword.len == 0)
{
LM_ERR("invalid password parameter - empty value\n");
return AUTH_ERROR;
}
if (autheph_verify_timestamp(&susername) < 0)
{
LM_ERR("invalid timestamp in username\n");
return AUTH_ERROR;
}
LM_DBG("username: %.*s\n", susername.len, susername.s);
LM_DBG("password: %.*s\n", spassword.len, spassword.s);
sgenerated_password.s = generated_password;
SECRET_LOCK;
secret_struct = secret_list;
while (secret_struct != NULL)
{
LM_DBG("trying secret: %.*s\n",
secret_struct->secret_key.len,
secret_struct->secret_key.s);
if (get_pass(&susername, &secret_struct->secret_key,
&sgenerated_password) == 0)
{
LM_DBG("generated password: %.*s\n",
sgenerated_password.len, sgenerated_password.s);
if (strncmp(spassword.s, sgenerated_password.s,
spassword.len) == 0)
{
SECRET_UNLOCK;
return AUTH_OK;
}
}
secret_struct = secret_struct->next;
}
SECRET_UNLOCK;
return AUTH_ERROR;
}
/** \brief Show details of the next pass.
*
*/
static void show_next_pass_cb (GtkWidget *menuitem, gpointer data)
{
sat_t *sat;
qth_t *qth;
pass_t *pass;
GtkWidget *dialog;
GtkWindow *toplevel = GTK_WINDOW (gtk_widget_get_toplevel (GTK_WIDGET (data)));
GtkEventList *list = GTK_EVENT_LIST (data);
/* get next pass */
sat = SAT(g_object_get_data (G_OBJECT (menuitem), "sat"));
qth = (qth_t *) (g_object_get_data (G_OBJECT (menuitem), "qth"));
/* check wheather sat actially has AOS */
if ((sat->otype != ORBIT_TYPE_GEO) && (sat->otype != ORBIT_TYPE_DECAYED) &&
has_aos (sat, qth)) {
if (sat_cfg_get_bool (SAT_CFG_BOOL_PRED_USE_REAL_T0)) {
pass = get_next_pass (sat, qth,
sat_cfg_get_int (SAT_CFG_INT_PRED_LOOK_AHEAD));
}
else {
pass = get_pass (sat, qth, list->tstamp,
sat_cfg_get_int (SAT_CFG_INT_PRED_LOOK_AHEAD));
}
if (pass != NULL) {
show_pass (sat->nickname, qth, pass, GTK_WIDGET (toplevel));
}
else {
/* show dialog that there are no passes within time frame */
dialog = gtk_message_dialog_new (toplevel,
GTK_DIALOG_MODAL |
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_INFO,
GTK_BUTTONS_OK,
_("Satellite %s has no passes\n"\
"within the next %d days"),
sat->nickname,
sat_cfg_get_int (SAT_CFG_INT_PRED_LOOK_AHEAD));
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
}
}
else {
/* show dialog telling that this sat never reaches AOS*/
dialog = gtk_message_dialog_new (toplevel,
GTK_DIALOG_MODAL |
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("Satellite %s has no passes for\n"\
"the current ground station!\n\n"\
"This can be because the satellite\n"\
"is geostationary, decayed or simply\n"\
"never comes above the horizon"),
sat->nickname);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
}
}
static
rc_t run(bool quiet)
{
rc_t rc = 0;
char password[PWD_SZ] = "";
bool empty = false;
KWrtHandler handler;
handler.writer = KOutWriterGet();
handler.data = KOutDataGet();
KOutHandlerSetStdErr();
KLogLibHandlerSet(NULL, NULL);
OUTMSG(("Changing password\n"));
#if 1
if (rc == 0) {
int i = 0;
for (i = 0; i < 3 && rc == 0; ++i) {
rc = get_pass("New password:"******"cannot read the password");
if (rc != 0) {
break;
}
if (password[0] == '\0') {
OUTMSG(("BAD PASSWORD: too short\n"));
}
else {
break;
}
}
if (rc == 0 && password[0] == '\0') {
rc = RC(rcExe, rcString, rcReading, rcString, rcIncorrect);
empty = true;
/* LOGERR(klogErr, rc, "failed to set password"); */
}
}
if (rc == 0) {
char repassword[PWD_SZ] = "";
rc = get_pass("Retype new password:"******"cannot read the password");
if (rc == 0) {
if (strcmp(password, repassword)) {
OUTMSG(("Sorry, passwords do not match.\n"));
rc = RC(rcExe, rcString, rcReading, rcString, rcInconsistent);
/* LOGERR(klogErr, rc, "failed to set password"); */
}
}
}
#else
strcpy(password, "1n2");
#endif
if (rc == 0) {
rc = SetPwd(password, quiet);
}
KOutHandlerSet(handler.writer, handler.data);
if (empty)
{ rc = 0; }
return rc;
}
/*********************************************************
Add New User
**********************************************************/
static int new_user (struct pdb_methods *in, const char *username,
const char *fullname, const char *homedir,
const char *drive, const char *script,
const char *profile, char *user_sid, BOOL stdin_get)
{
struct samu *sam_pwent;
char *password1, *password2;
int rc_pwd_cmp;
struct passwd *pwd;
get_global_sam_sid();
if ( !(pwd = getpwnam_alloc( NULL, username )) ) {
DEBUG(0,("Cannot locate Unix account for %s\n", username));
return -1;
}
if ( (sam_pwent = samu_new( NULL )) == NULL ) {
DEBUG(0, ("Memory allocation failure!\n"));
return -1;
}
if (!NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd ))) {
TALLOC_FREE( sam_pwent );
TALLOC_FREE( pwd );
DEBUG(0, ("could not create account to add new user %s\n", username));
return -1;
}
password1 = get_pass( "new password:"******"retype new password:"******"Passwords do not match!\n");
TALLOC_FREE(sam_pwent);
} else {
pdb_set_plaintext_passwd(sam_pwent, password1);
}
memset(password1, 0, strlen(password1));
SAFE_FREE(password1);
memset(password2, 0, strlen(password2));
SAFE_FREE(password2);
/* pwds do _not_ match? */
if (rc_pwd_cmp)
return -1;
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
if (drive)
pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
if (script)
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(&u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a SID */
int u_rid;
if (sscanf(user_sid, "%d", &u_rid) != 1) {
fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
TALLOC_FREE(sam_pwent);
return -1;
}
sid_copy(&u_sid, get_global_sam_sid());
sid_append_rid(&u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
}
pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
if (NT_STATUS_IS_OK(in->add_sam_account (in, sam_pwent))) {
print_user_info (in, username, True, False);
} else {
fprintf (stderr, "Unable to add user! (does it already exist?)\n");
TALLOC_FREE(sam_pwent);
return -1;
}
TALLOC_FREE(sam_pwent);
return 0;
}
void http_got_header(struct connection *c, struct read_buffer *rb)
{
int cf;
int state = c->state != S_PROC ? S_GETH : S_PROC;
unsigned char *head;
unsigned char *cookie, *ch;
int a, h, version;
unsigned char *d;
struct cache_entry *e;
struct http_connection_info *info;
unsigned char *host = upcase(c->url[0]) != 'P' ? c->url : get_url_data(c->url);
set_timeout(c);
info = c->info;
if (rb->close == 2) {
unsigned char *h;
if (!c->tries && (h = get_host_name(host))) {
if (info->bl_flags & BL_NO_CHARSET) {
del_blacklist_entry(h, BL_NO_CHARSET);
} else {
add_blacklist_entry(h, BL_NO_CHARSET);
c->tries = -1;
}
mem_free(h);
}
setcstate(c, S_CANT_READ);
retry_connection(c);
return;
}
rb->close = 0;
again:
if ((a = get_header(rb)) == -1) {
setcstate(c, S_HTTP_ERROR);
abort_connection(c);
return;
}
if (!a) {
read_from_socket(c, c->sock1, rb, http_got_header);
setcstate(c, state);
return;
}
if (a != -2) {
head = mem_alloc(a + 1);
memcpy(head, rb->data, a);
head[a] = 0;
kill_buffer_data(rb, a);
} else {
head = stracpy("HTTP/0.9 200 OK\r\nContent-Type: text/html\r\n\r\n");
}
if (get_http_code(head, &h, &version) || h == 101) {
mem_free(head);
setcstate(c, S_HTTP_ERROR);
abort_connection(c);
return;
}
if (check_http_server_bugs(host, c->info, head) && is_connection_restartable(c)) {
mem_free(head);
setcstate(c, S_RESTART);
retry_connection(c);
return;
}
ch = head;
while ((cookie = parse_http_header(ch, "Set-Cookie", &ch))) {
unsigned char *host = upcase(c->url[0]) != 'P' ? c->url : get_url_data(c->url);
set_cookie(NULL, host, cookie);
mem_free(cookie);
}
if (h == 100) {
mem_free(head);
state = S_PROC;
goto again;
}
if (h < 200) {
mem_free(head);
setcstate(c, S_HTTP_ERROR);
abort_connection(c);
return;
}
if (h == 204) {
mem_free(head);
setcstate(c, S_HTTP_204);
http_end_request(c, 0);
return;
}
if (h == 304) {
mem_free(head);
setcstate(c, S_OK);
http_end_request(c, 1);
return;
}
if ((h == 500 || h == 502 || h == 503 || h == 504) && http_bugs.retry_internal_errors && is_connection_restartable(c)) {
/* !!! FIXME: wait some time ... */
mem_free(head);
setcstate(c, S_RESTART);
retry_connection(c);
return;
}
if (!c->cache && get_cache_entry(c->url, &c->cache)) {
mem_free(head);
setcstate(c, S_OUT_OF_MEM);
abort_connection(c);
return;
}
e = c->cache;
e->http_code = h;
if (e->head) mem_free(e->head);
e->head = head;
if ((d = parse_http_header(head, "Expires", NULL))) {
time_t t = parse_http_date(d);
if (t && e->expire_time != 1) e->expire_time = t;
mem_free(d);
}
if ((d = parse_http_header(head, "Pragma", NULL))) {
if (!casecmp(d, "no-cache", 8)) e->expire_time = 1;
mem_free(d);
}
if ((d = parse_http_header(head, "Cache-Control", NULL))) {
char *f = d;
while (1) {
while (*f && (*f == ' ' || *f == ',')) f++;
if (!*f) break;
if (!casecmp(f, "no-cache", 8) || !casecmp(f, "must-revalidate", 15)) {
e->expire_time = 1;
}
if (!casecmp(f, "max-age=", 8)) {
if (e->expire_time != 1) e->expire_time = time(NULL) + atoi(f + 8);
}
while (*f && *f != ',') f++;
}
mem_free(d);
}
#ifdef HAVE_SSL
if (c->ssl) {
int l = 0;
if (e->ssl_info) mem_free(e->ssl_info);
e->ssl_info = init_str();
add_num_to_str(&e->ssl_info, &l, SSL_get_cipher_bits(c->ssl, NULL));
add_to_str(&e->ssl_info, &l, "-bit ");
add_to_str(&e->ssl_info, &l, SSL_get_cipher_version(c->ssl));
add_to_str(&e->ssl_info, &l, " ");
add_to_str(&e->ssl_info, &l, (unsigned char *)SSL_get_cipher_name(c->ssl));
}
#endif
if (e->redirect) mem_free(e->redirect), e->redirect = NULL;
if (h == 301 || h == 302 || h == 303 || h == 307) {
if ((h == 302 || h == 307) && !e->expire_time) e->expire_time = 1;
if ((d = parse_http_header(e->head, "Location", NULL))) {
unsigned char *user, *ins;
unsigned char *newuser, *newpassword;
if (!parse_url(d, NULL, &user, NULL, NULL, NULL, &ins, NULL, NULL, NULL, NULL, NULL, NULL) && !user && ins && (newuser = get_user_name(host))) {
if (*newuser) {
int ins_off = ins - d;
newpassword = get_pass(host);
if (!newpassword) newpassword = stracpy("");
add_to_strn(&newuser, ":");
add_to_strn(&newuser, newpassword);
add_to_strn(&newuser, "@");
extend_str(&d, strlen(newuser));
ins = d + ins_off;
memmove(ins + strlen(newuser), ins, strlen(ins) + 1);
memcpy(ins, newuser, strlen(newuser));
mem_free(newpassword);
}
mem_free(newuser);
}
if (e->redirect) mem_free(e->redirect);
e->redirect = d;
e->redirect_get = h == 303;
}
}
if (!e->expire_time && strchr(c->url, POST_CHAR)) e->expire_time = 1;
info->close = 0;
info->length = -1;
info->version = version;
if ((d = parse_http_header(e->head, "Connection", NULL)) || (d = parse_http_header(e->head, "Proxy-Connection", NULL))) {
if (!strcasecmp(d, "close")) info->close = 1;
mem_free(d);
} else if (version < 11) info->close = 1;
cf = c->from;
c->from = 0;
if ((d = parse_http_header(e->head, "Content-Range", NULL))) {
if (strlen(d) > 6) {
d[5] = 0;
if (!(strcasecmp(d, "bytes")) && d[6] >= '0' && d[6] <= '9') {
#if defined(HAVE_STRTOLL)
long long f = strtoll(d + 6, NULL, 10);
#elif defined(HAVE_STRTOQ)
longlong f = strtoq(d + 6, NULL, 10);
#else
long f = strtol(d + 6, NULL, 10);
if (f == MAXLONG) f = -1;
#endif
if (f >= 0 && (off_t)f >= 0 && (off_t)f == f) c->from = f;
}
}
mem_free(d);
}
if (cf && !c->from && !c->unrestartable) c->unrestartable = 1;
if (c->from > cf || c->from < 0) {
setcstate(c, S_HTTP_ERROR);
abort_connection(c);
return;
}
if ((d = parse_http_header(e->head, "Content-Length", NULL))) {
unsigned char *ep;
#if defined(HAVE_STRTOLL)
long long l = strtoll(d, (char **)(void *)&ep, 10);
#elif defined(HAVE_STRTOQ)
longlong l = strtoq(d, (char **)(void *)&ep, 10);
#else
long l = strtol(d, (char **)(void *)&ep, 10);
if (l == MAXLONG) l = -1;
#endif
if (!*ep && l >= 0 && (off_t)l >= 0 && (off_t)l == l) {
if (!info->close || version >= 11) info->length = l;
if (c->from + l >= 0) c->est_length = c->from + l;
}
mem_free(d);
}
if ((d = parse_http_header(e->head, "Accept-Ranges", NULL))) {
if (!strcasecmp(d, "none") && !c->unrestartable) c->unrestartable = 1;
mem_free(d);
} else {
if (!c->unrestartable && !c->from) c->unrestartable = 1;
}
if (info->bl_flags & BL_NO_RANGE && !c->unrestartable) c->unrestartable = 1;
if ((d = parse_http_header(e->head, "Transfer-Encoding", NULL))) {
if (!strcasecmp(d, "chunked")) {
info->length = -2;
info->chunk_remaining = -1;
}
mem_free(d);
}
if (!info->close && info->length == -1) info->close = 1;
if ((d = parse_http_header(e->head, "Last-Modified", NULL))) {
if (e->last_modified && strcasecmp(e->last_modified, d)) {
delete_entry_content(e);
if (c->from) {
c->from = 0;
mem_free(d);
setcstate(c, S_MODIFIED);
retry_connection(c);
return;
}
}
if (!e->last_modified) e->last_modified = d;
else mem_free(d);
}
if (!e->last_modified && (d = parse_http_header(e->head, "Date", NULL)))
e->last_modified = d;
if (info->length == -1 || (version < 11 && info->close)) rb->close = 1;
read_http_data(c, rb);
}
static int process_nonroot(int local_flags)
{
struct passwd *pwd = NULL;
int result = 0;
char *old_pw = NULL;
char *new_pw = NULL;
if (local_flags & ~(LOCAL_AM_ROOT | LOCAL_SET_PASSWORD)) {
/* Extra flags that we can't honor non-root */
usage();
}
if (!user_name[0]) {
pwd = getpwuid_alloc(NULL, getuid());
if (pwd) {
fstrcpy(user_name,pwd->pw_name);
TALLOC_FREE(pwd);
} else {
fprintf(stderr, "smbpasswd: cannot lookup user name for uid %u\n", (unsigned int)getuid());
exit(1);
}
}
/*
* A non-root user is always setting a password
* via a remote machine (even if that machine is
* localhost).
*/
load_interfaces(); /* Delayed from main() */
if (remote_machine == NULL) {
remote_machine = "127.0.0.1";
}
if (remote_machine != NULL) {
old_pw = get_pass("Old SMB password:"******"Unable to get new password.\n");
exit(1);
}
if (!NT_STATUS_IS_OK(password_change(remote_machine, user_name, old_pw,
new_pw, 0))) {
fprintf(stderr,"Failed to change password for %s\n", user_name);
result = 1;
goto done;
}
printf("Password changed for user %s\n", user_name);
done:
SAFE_FREE(old_pw);
SAFE_FREE(new_pw);
return result;
}
