Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/passwd Magor rework of passwd(1) for the PAM case. ...
details: https://anonhg.NetBSD.org/src/rev/bcf1f5a7e9eb
branches: trunk
changeset: 574264:bcf1f5a7e9eb
user: thorpej <thorpej%NetBSD.org@localhost>
date: Sat Feb 26 07:19:25 2005 +0000
description:
Magor rework of passwd(1) for the PAM case. Add "-d <database>" option,
similar to Solaris's "-r <repository" or Mac OS X's "-i <infosystem>",
to select the password database (files, nis, krb5). Otherwise, we default
to using whatever PAM decides.
diffstat:
usr.bin/passwd/Makefile | 8 +-
usr.bin/passwd/extern.h | 35 ++-
usr.bin/passwd/kpasswd.1 | 55 ++++
usr.bin/passwd/krb5_passwd.c | 195 +++++++++++++++-
usr.bin/passwd/local_passwd.c | 121 +++++++++-
usr.bin/passwd/pam_passwd.c | 114 +++-----
usr.bin/passwd/passwd.1 | 139 +++-------
usr.bin/passwd/passwd.c | 183 +++++++++++++--
usr.bin/passwd/yp_passwd.c | 501 +++++++++++++++++++++++++++--------------
usr.bin/passwd/yppasswd.1 | 55 ++++
10 files changed, 1009 insertions(+), 397 deletions(-)
diffs (truncated from 1737 to 300 lines):
diff -r 6e89afa2627b -r bcf1f5a7e9eb usr.bin/passwd/Makefile
--- a/usr.bin/passwd/Makefile Sat Feb 26 05:45:54 2005 +0000
+++ b/usr.bin/passwd/Makefile Sat Feb 26 07:19:25 2005 +0000
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.37 2005/02/22 01:08:43 christos Exp $
+# $NetBSD: Makefile,v 1.38 2005/02/26 07:19:25 thorpej Exp $
# from: @(#)Makefile 8.3 (Berkeley) 4/2/94
.include <bsd.own.mk>
PROG= passwd
SRCS= local_passwd.c passwd.c
+MAN= passwd.1
CPPFLAGS+=-I${.CURDIR} -DLOGIN_CAP
+COPTS+=-g
.if (${USE_YP} != "no")
SRCS+= yp_passwd.c
@@ -14,7 +16,7 @@
DPADD+= ${LIBRPCSVC}
LDADD+= -lrpcsvc
LINKS+= ${BINDIR}/passwd ${BINDIR}/yppasswd
-MLINKS+=passwd.1 yppasswd.1
+MAN+= yppasswd.1
.endif
DPADD+= ${LIBCRYPT} ${LIBUTIL}
@@ -30,7 +32,7 @@
DPADD+= ${LIBKRB5} ${LIBCRYPTO} ${LIBASN1} ${LIBCOM_ERR} ${LIBROKEN} ${LIBCRYPT}
LDADD+= -lkrb5 -lcrypto -lasn1 -lcom_err -lroken -lcrypt
LINKS+= ${BINDIR}/passwd ${BINDIR}/kpasswd
-MLINKS+= passwd.1 kpasswd.1
+MAN+= kpasswd.1
.endif
.if (${USE_PAM} != "no")
diff -r 6e89afa2627b -r bcf1f5a7e9eb usr.bin/passwd/extern.h
--- a/usr.bin/passwd/extern.h Sat Feb 26 05:45:54 2005 +0000
+++ b/usr.bin/passwd/extern.h Sat Feb 26 07:19:25 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: extern.h,v 1.11 2005/02/22 01:08:43 christos Exp $ */
+/* $NetBSD: extern.h,v 1.12 2005/02/26 07:19:25 thorpej Exp $ */
/*
* Copyright (c) 1994
@@ -31,6 +31,29 @@
* @(#)extern.h 8.1 (Berkeley) 4/2/94
*/
+#ifdef USE_PAM
+
+void usage(void);
+
+#ifdef KERBEROS5
+void pwkrb5_usage(const char *);
+void pwkrb5_argv0_usage(const char *);
+void pwkrb5_process(const char *, int, char **);
+#endif
+
+#ifdef YP
+void pwyp_usage(const char *);
+void pwyp_argv0_usage(const char *);
+void pwyp_process(const char *, int, char **);
+#endif
+
+void pwlocal_usage(const char *);
+void pwlocal_process(const char *, int, char **);
+
+void pwpam_process(const char *, int, char **);
+
+#else /* ! USE_PAM */
+
/* return values from pw_init() and pw_arg_end() */
enum {
PW_USE_FORCE,
@@ -59,17 +82,11 @@
void yp_end __P((void));
int yp_chpw __P((const char *));
#endif
-#ifdef USE_PAM
-/* PAM */
-int pwpam_init __P((const char *));
-int pwpam_arg __P((char, const char *));
-int pwpam_arg_end __P((void));
-void pwpam_end __P((void));
-int pwpam_chpw __P((const char *));
-#endif
/* local */
int local_init __P((const char *));
int local_arg __P((char, const char *));
int local_arg_end __P((void));
void local_end __P((void));
int local_chpw __P((const char *));
+
+#endif /* USE_PAM */
diff -r 6e89afa2627b -r bcf1f5a7e9eb usr.bin/passwd/kpasswd.1
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr.bin/passwd/kpasswd.1 Sat Feb 26 07:19:25 2005 +0000
@@ -0,0 +1,55 @@
+.\" $NetBSD: kpasswd.1,v 1.1 2005/02/26 07:19:25 thorpej Exp $
+.\"
+.\" Copyright (c) 2005 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Jason R. Thorpe.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the NetBSD
+.\" Foundation, Inc. and its contributors.
+.\" 4. Neither the name of The NetBSD Foundation nor the names of its
+.\" contributors may be used to endorse or promote products derived
+.\" from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd February 25, 2005
+.Dt KPASSWD 1
+.Os
+.Sh NAME
+.Nm kpasswd
+.Nd modify a user's Kerberos 5 password
+.Sh SYNOPSIS
+.Nm
+.Op Ar principal
+.Sh DESCRIPTION
+.Nm
+changes the user's Kerberos 5 password.
+.Pp
+The
+.Nm
+command is deprecated.
+See
+.Xr passwd 1
+for more infomration.
diff -r 6e89afa2627b -r bcf1f5a7e9eb usr.bin/passwd/krb5_passwd.c
--- a/usr.bin/passwd/krb5_passwd.c Sat Feb 26 05:45:54 2005 +0000
+++ b/usr.bin/passwd/krb5_passwd.c Sat Feb 26 07:19:25 2005 +0000
@@ -1,11 +1,11 @@
-/* $NetBSD: krb5_passwd.c,v 1.12 2004/10/05 14:12:56 lha Exp $ */
+/* $NetBSD: krb5_passwd.c,v 1.13 2005/02/26 07:19:25 thorpej Exp $ */
/*
- * Copyright (c) 2000 The NetBSD Foundation, Inc.
+ * Copyright (c) 2000, 2005 The NetBSD Foundation, Inc.
* All rights reserved.
*
- * This code is derived from software contributed to
- * The NetBSD Foundation by Johan Danielsson.
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Johan Danielsson; and by Jason R. Thorpe.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -13,12 +13,14 @@
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of The NetBSD Foundation nor the names of its
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the NetBSD
+ * Foundation, Inc. and its contributors.
+ * 4. Neither the name of The NetBSD Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
@@ -41,16 +43,187 @@
#include <stdlib.h>
#include <string.h>
#include <err.h>
+#include <errno.h>
#include <pwd.h>
+#include <unistd.h>
#include <openssl/ui.h>
#include <krb5.h>
#include "extern.h"
+#ifdef USE_PAM
+
+void
+pwkrb5_usage(const char *prefix)
+{
+
+ (void) fprintf(stderr, "%s %s [-d krb5 | -k] [principal]\n",
+ prefix, getprogname());
+}
+
+void
+pwkrb5_argv0_usage(const char *prefix)
+{
+
+ (void) fprintf(stderr, "%s %s [principal]\n",
+ prefix, getprogname());
+}
+
+void
+pwkrb5_process(const char *username, int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_get_init_creds_opt opt;
+ krb5_principal principal;
+ krb5_creds cred;
+ int result_code;
+ krb5_data result_code_string, result_string;
+ char pwbuf[BUFSIZ];
+ int ch;
+
+ while ((ch = getopt(argc, argv, "5ku:")) != -1) {
+ switch (ch) {
+ case '5':
+ /*
+ * Compatibility option that historically
+ * specified to use Kerberos 5. Silently
+ * ignore it.
+ */
+ break;
+
+ case 'k':
+ /*
+ * Absorb the -k that may have gotten us here.
+ */
+ break;
+
+ case 'u':
+ /*
+ * Historical option to specify principal.
+ */
+ username = optarg;
+ break;
+
+ default:
+ usage();
+ /* NOTREACHED */
+ }
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ switch (argc) {
+ case 0:
+ /* username already provided */
+ break;
+ case 1:
+ /* overrides -u <principal> */
+ username = argv[0];
+ break;
+ default:
+ usage();
+ /* NOTREACHED */
+ }
+
+ ret = krb5_init_context(&context);
+ if (ret != 0) {
+ if (ret == ENXIO)
+ errx(1, "Kerberos 5 not in use.");
+ warnx("Unable to initialize Kerberos 5: %s",
+ krb5_get_err_text(context, ret));
+ goto bad;
+ }
+
+ krb5_get_init_creds_opt_init(&opt);
+
+ krb5_get_init_creds_opt_set_tkt_life(&opt, 300);
+ krb5_get_init_creds_opt_set_forwardable(&opt, FALSE);
+ krb5_get_init_creds_opt_set_proxiable(&opt, FALSE);
+
+ ret = krb5_parse_name(context, username, &principal);
+ if (ret) {
+ warnx("failed to parse principal: %s",
+ krb5_get_err_text(context, ret));
Home |
Main Index |
Thread Index |
Old Index