in src/kerberospw.c [81:172]
int change_user_krb5pwd(
const char *user, const char* oldpswd, const char *newpswd
) {
krb5_context kcontext = NULL;
krb5_error_code code;
krb5_principal client = NULL;
krb5_creds creds;
int ret = 0;
int bytes = 0;
char *name = NULL;
const char* service = "kadmin/changepw";
int result_code;
krb5_data result_code_string, result_string;
code = krb5_init_context(&kcontext);
if (code) {
PyErr_SetObject(
PwdChangeException_class,
Py_BuildValue(
"((s:i))", "Cannot initialize Kerberos5 context", code
)
);
return 0;
}
name = (char *)malloc(256);
if (name == NULL)
{
PyErr_NoMemory();
goto end;
}
snprintf(name, 256, "%s", user);
code = krb5_parse_name(kcontext, name, &client);
if (code) {
set_pwchange_error(kcontext, code);
goto end;
}
code = verify_krb5_user(kcontext, client, oldpswd, service, &creds);
if (! code) { /* exception set by verify_krb5_user */
goto end;
}
code = krb5_change_password(kcontext, &creds, (char*)newpswd,
&result_code, &result_code_string, &result_string);
if (code) {
set_pwchange_error(kcontext, code);
goto end;
}
if (result_code) {
char *message = NULL;
bytes = asprintf(
&message, "%.*s: %.*s",
(int) result_code_string.length,
(char *) result_code_string.data,
(int) result_string.length,
(char *) result_string.data
);
if (bytes == -1)
{
PyErr_NoMemory();
}
else
{
PyErr_SetObject(
PwdChangeException_class,
Py_BuildValue("((s:i))", message, result_code)
);
free(message);
}
goto end;
}
ret = 1; /* success */
end:
#ifdef PRINTFS
printf("%s: ret=%d user=%s\n", __FUNCTION__, ret, name);
#endif
if (name) {
free(name);
}
if (client) {
krb5_free_principal(kcontext, client);
}
krb5_free_context(kcontext);
return ret;
}