/* $NetBSD: kpasswd-generator.c,v 1.2 2017/01/28 21:31:45 christos Exp $ */ /* * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kpasswd_locl.h" __RCSID("$NetBSD: kpasswd-generator.c,v 1.2 2017/01/28 21:31:45 christos Exp $"); static unsigned read_words(const char *filename, char ***ret_w) { unsigned n, alloc; FILE *f; char buf[256]; char **w = NULL; f = fopen(filename, "r"); if (f == NULL) err(1, "cannot open %s", filename); alloc = n = 0; while (fgets(buf, sizeof(buf), f) != NULL) { buf[strcspn(buf, "\r\n")] = '\0'; if (n >= alloc) { alloc += 16; w = erealloc(w, alloc * sizeof(char *)); } w[n++] = estrdup(buf); } *ret_w = w; if (n == 0) errx(1, "%s is an empty file, no words to try", filename); fclose(f); return n; } static int nop_prompter(krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]) { return 0; } static void generate_requests(const char *filename, unsigned nreq) { krb5_context context; krb5_error_code ret; int i; char **words; unsigned nwords, k; ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); nwords = read_words(filename, &words); for (i = 0; i < nreq; ++i) { char *name = words[rand() % nwords]; krb5_get_init_creds_opt *opt; krb5_creds cred; krb5_principal principal; int result_code; krb5_data result_code_string, result_string; char *old_pwd, *new_pwd; int aret; krb5_get_init_creds_opt_alloc(context, &opt); krb5_get_init_creds_opt_set_tkt_life (opt, 300); krb5_get_init_creds_opt_set_forwardable (opt, FALSE); krb5_get_init_creds_opt_set_proxiable (opt, FALSE); ret = krb5_parse_name(context, name, &principal); if (ret) krb5_err(context, 1, ret, "krb5_parse_name %s", name); aret = asprintf(&old_pwd, "%s", name); if (aret == -1) krb5_errx(context, 1, "out of memory"); aret = asprintf(&new_pwd, "%s2", name); if (aret == -1) krb5_errx(context, 1, "out of memory"); ret = krb5_get_init_creds_password(context, &cred, principal, old_pwd, nop_prompter, NULL, 0, "kadmin/changepw", opt); if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY || ret == KRB5KRB_AP_ERR_MODIFIED) { char *tmp; tmp = new_pwd; new_pwd = old_pwd; old_pwd = tmp; ret = krb5_get_init_creds_password(context, &cred, principal, old_pwd, nop_prompter, NULL, 0, "kadmin/changepw", opt); } if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_password"); krb5_free_principal(context, principal); ret = krb5_set_password(context, &cred, new_pwd, NULL, &result_code, &result_code_string, &result_string); if (ret) krb5_err(context, 1, ret, "krb5_change_password"); free(old_pwd); free(new_pwd); krb5_free_cred_contents(context, &cred); krb5_get_init_creds_opt_free(context, opt); } for (k = 0; k < nwords; k++) free(words[k]); free(words); } static int version_flag = 0; static int help_flag = 0; static struct getargs args[] = { { "version", 0, arg_flag, &version_flag, NULL, NULL }, { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void usage(int ret) { arg_printusage(args, sizeof(args)/sizeof(*args), NULL, "file [number]"); exit (ret); } int main(int argc, char **argv) { int optidx = 0; int nreq; char *end; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); if (help_flag) usage (0); if (version_flag) { print_version(NULL); return 0; } argc -= optidx; argv += optidx; if (argc != 2) usage (1); srand (0); nreq = strtol(argv[1], &end, 0); if (argv[1] == end || *end != '\0') usage (1); generate_requests(argv[0], nreq); return 0; }