-/* $NetBSD: krb5_passwd.c,v 1.18 2009/04/18 09:04:34 mlelstv Exp $ */
+/* $NetBSD: krb5_passwd.c,v 1.20 2012/04/22 23:43:51 christos Exp $ */
/*
* Copyright (c) 2000, 2005 The NetBSD Foundation, Inc.
#include "extern.h"
+static void
+pwkrb5_warn(const char *msg, krb5_context context, krb5_error_code ret)
+{
+ const char *errtxt = krb5_get_error_message(context, ret);
+ if (errtxt != NULL) {
+ warnx("%s: %s", msg, errtxt);
+ krb5_free_error_message(context, errtxt);
+ } else
+ warnx("%s: %d", msg, ret);
+}
+
#ifdef USE_PAM
void
{
krb5_context context;
krb5_error_code ret;
- krb5_get_init_creds_opt opt;
+ krb5_get_init_creds_opt *opt;
krb5_principal principal;
krb5_creds cred;
int result_code;
if (ret != 0) {
if (ret == ENXIO)
errx(1, "Kerberos 5 not in use.");
- warnx("Unable to initialize Kerberos 5: %s",
- krb5_get_err_text(context, ret));
- goto bad;
+ errx(1, "Unable to initialize Kerberos 5: %s", strerror(ret));
}
- krb5_get_init_creds_opt_init(&opt);
+ ret = krb5_get_init_creds_opt_alloc(context, &opt);
+ if (ret) {
+ pwkrb5_warn("failed to allocate opts", context, ret);
+ goto bad;
+ }
- krb5_get_init_creds_opt_set_tkt_life(&opt, 300L);
- krb5_get_init_creds_opt_set_forwardable(&opt, FALSE);
- krb5_get_init_creds_opt_set_proxiable(&opt, FALSE);
+ krb5_get_init_creds_opt_set_tkt_life(opt, 300L);
+ krb5_get_init_creds_opt_set_forwardable(opt, FALSE);
+ krb5_get_init_creds_opt_set_proxiable(opt, FALSE);
ret = krb5_parse_name(context, username, &principal);
if (ret) {
- warnx("failed to parse principal: %s",
- krb5_get_err_text(context, ret));
+ krb5_get_init_creds_opt_free(context, opt);
+ pwkrb5_warn("failed to parse principal", context, ret);
goto bad;
}
NULL,
0L,
"kadmin/changepw",
- &opt);
-
+ opt);
+ krb5_get_init_creds_opt_free(context, opt);
switch (ret) {
case 0:
break;
goto bad;
default:
- warnx("failed to get credentials: %s",
- krb5_get_err_text(context, ret));
+ pwkrb5_warn("failed to get credentials", context, ret);
goto bad;
}
&result_code_string,
&result_string);
if (ret) {
- warnx("unable to set password: %s",
- krb5_get_err_text(context, ret));
+ pwkrb5_warn("unable to set password", context, ret);
goto bad;
}
krb5_free_context(defcontext);
}
-
int
krb5_chpw(const char *username)
{
krb5_error_code ret;
krb5_context context;
krb5_principal principal;
- krb5_get_init_creds_opt opt;
+ krb5_get_init_creds_opt *opt;
krb5_creds cred;
int result_code;
krb5_data result_code_string, result_string;
ret = krb5_init_context (&context);
if (ret) {
- warnx("failed kerberos initialisation: %s",
- krb5_get_err_text(context, ret));
+ pwkrb5_warn("failed kerberos initialisation", context, ret);
return 1;
}
- krb5_get_init_creds_opt_init (&opt);
+ ret = krb5_get_init_creds_opt_alloc (context, &opt);
+ if (ret) {
+ pwkrb5_warn("failed to allocate credential opt", context, ret);
+ return 1;
+ }
- krb5_get_init_creds_opt_set_tkt_life (&opt, 300);
- krb5_get_init_creds_opt_set_forwardable (&opt, FALSE);
- krb5_get_init_creds_opt_set_proxiable (&opt, FALSE);
+ krb5_get_init_creds_opt_set_tkt_life (opt, 300);
+ krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
+ krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
if(username != NULL) {
ret = krb5_parse_name (context, username, &principal);
if (ret) {
- warnx("failed to parse principal: %s",
- krb5_get_err_text(context, ret));
+ krb5_get_init_creds_opt_free (context, opt);
+ pwkrb5_warn("failed to parse principal", context, ret);
return 1;
}
} else
NULL,
0,
"kadmin/changepw",
- &opt);
+ opt);
+ krb5_get_init_creds_opt_free (context, opt);
switch (ret) {
case 0:
break;
return 1;
break;
default:
- warnx("failed to get credentials: %s",
- krb5_get_err_text(context, ret));
+ pwkrb5_warn("failed to get credentials", context, ret);
return 1;
}
krb5_data_zero (&result_code_string);
-/* $NetBSD: local_passwd.c,v 1.34 2010/03/02 16:19:13 gdt Exp $ */
+/* $NetBSD: local_passwd.c,v 1.36 2012/03/25 05:55:07 dholland Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
#if 0
static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: local_passwd.c,v 1.34 2010/03/02 16:19:13 gdt Exp $");
+__RCSID("$NetBSD: local_passwd.c,v 1.36 2012/03/25 05:55:07 dholland Exp $");
#endif
#endif /* not lint */
login_close(lc);
}
#endif
-#if 0
- printf("AAA: pw_expiry = %x\n", pw_expiry);
-#endif
+
pw->pw_passwd = getnewpasswd(pw, min_pw_len);
old_change = pw->pw_change;
pw->pw_change = pw_expiry ? pw_expiry + time(NULL) : 0;
pw_copy(pfd, tfd, pw, &old_pw);
if (pw_mkdb(username, old_change == pw->pw_change) < 0)
- pw_error((char *)NULL, 0, 1);
+ pw_error(NULL, 0, 1);
syslog(LOG_AUTH | LOG_INFO,
"user %s (UID %lu) successfully changed "
static int force_local;
int
-local_init(progname)
- const char *progname;
+local_init(const char *progname)
{
force_local = 0;
return (0);
}
int
-local_arg_end()
+local_arg_end(void)
{
if (force_local)
return(PW_USE_FORCE);
}
void
-local_end()
+local_end(void)
{
/* NOOP */
}
int
-local_chpw(uname)
- const char *uname;
+local_chpw(const char *uname)
{
struct passwd *pw;
struct passwd old_pw;
login_close(lc);
}
#endif
-#if 0
- printf("pw_expiry = %x, pw->pw_expire = %x\n", pw_expiry, pw->pw_expire);
-#endif
+
pw->pw_passwd = getnewpasswd(pw, min_pw_len);
old_change = pw->pw_change;
pw->pw_change = pw_expiry ? pw_expiry + time(NULL) : 0;
pw_copy(pfd, tfd, pw, &old_pw);
if (pw_mkdb(uname, old_change == pw->pw_change) < 0)
- pw_error((char *)NULL, 0, 1);
+ pw_error(NULL, 0, 1);
syslog(LOG_AUTH | LOG_INFO,
"user %s (UID %lu) successfully changed "