[apple/system_cmds.git] / passwd.tproj / ds_passwd.c

/*
 * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * "Portions Copyright (c) 1999 Apple Computer, Inc.  All Rights
 * Reserved.  This file contains Original Code and/or Modifications of
 * Original Code as defined in and that are subject to the Apple Public
 * Source License Version 1.0 (the 'License').  You may not use this file
 * except in compliance with the License.  Please obtain a copy of the
 * License at http://www.apple.com/publicsource and read it before using
 * this file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License."
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <errno.h>
#include <pwd.h>
#include <netdb.h>
#include <ctype.h>
#include <string.h>
#include <sys/dirent.h>

#include <DirectoryService/DirServices.h>
#include <DirectoryService/DirServicesConst.h>
#include <DirectoryService/DirServicesTypes.h>
#include <DirectoryService/DirServicesUtils.h>

// password server can store 511 characters + a terminator.
#define kMaxPassword		512

//-------------------------------------------------------------------------------------
//	ds_getpasswd
//-------------------------------------------------------------------------------------

void
ds_getpasswd(const char *loginUser, char *name, int isroot, int wasroot, int changePassOnSelf, char **old_clear, char **new_clear)
{
	int tries, len;
	char *p;
	static char obuf[kMaxPassword];
	static char nbuf[kMaxPassword];
	char prompt[MAXNAMLEN + 16];
	
	printf("Changing password for %s.\n", name);

	p = "";

	if (isroot == 0)
	{
		if ( changePassOnSelf )
		{
			strcpy( prompt, "Old password:" );
		}
		else
		{
			snprintf( prompt, sizeof(prompt), "password for %s:", loginUser );
		}
		
		p = getpass( prompt );
		snprintf( obuf, sizeof(obuf), "%s", p );
	}
	
	if ( wasroot == 0 )
	{
		tries = 0;
		nbuf[0] = '\0';
		for (;;)
		{
			p = getpass("New password:");
			if (!*p)
			{
				printf("Password unchanged.\n");
				exit(0);
			}
			
			tries++;
			len = strlen(p);
			
			snprintf( nbuf, sizeof(nbuf), "%s", p );
			if (!strcmp(nbuf, getpass("Retype new password:"))) break;
			
			printf("Mismatch; try again, EOF to quit.\n");
		}
	}
	
	*old_clear = obuf;
	*new_clear = nbuf;
}


//-------------------------------------------------------------------------------------
//	ds_passwd
//-------------------------------------------------------------------------------------

int
ds_passwd(char *uname, char *locn)
{
	tDirReference				dsRef				= 0;
    tDataBuffer				   *tDataBuff			= NULL;
    tDirNodeReference			nodeRef				= 0;
    long						status				= eDSNoErr;
    tContextData				context				= NULL;
	unsigned long				nodeCount			= 0;
	unsigned long				attrIndex			= 0;
	tDataList				   *nodeName			= NULL;
    tAttributeEntryPtr			pAttrEntry			= NULL;
	tDataList				   *pRecName			= NULL;
	tDataList				   *pRecType			= NULL;
	tDataList				   *pAttrType			= NULL;
	unsigned long				recCount			= 0;
	tRecordEntry		  	 	*pRecEntry			= NULL;
	tAttributeListRef			attrListRef			= 0;
	char					   *pUserLocation		= NULL;
	char					   *pUserName			= NULL;
	tAttributeValueListRef		valueRef			= 0;
	tAttributeValueEntry  	 	*pValueEntry		= NULL;
	tDataList				   *pUserNode			= NULL;
	tDirNodeReference			userNodeRef			= 0;
	tDataBuffer					*pStepBuff			= NULL;
	tDataNode				   *pAuthType			= NULL;
	unsigned long				uiCurr				= 0;
	unsigned long				uiLen				= 0;
	char 						*old_clear			= NULL;
	char						*new_clear			= NULL;
	int							isroot				= 0;
	int							wasroot				= 0;
	char						*loginUser			= NULL;
	int							changePassOnSelf	= 1;
	const char					*errMsgStr			= NULL;
	struct passwd				*userRec			= NULL;
	
	if (uname == NULL)
		return -1;
	
	/* getlogin() is the wrong thing to use here. Use getpwuid(getuid()); */
	/* sns 5 Jan 2005 */
		
	userRec = getpwuid( getuid() );
	if ( userRec != NULL ) {
		loginUser = userRec->pw_name;
		if ( loginUser != NULL )
			changePassOnSelf = (strcmp(loginUser, uname) == 0);
	}
	
	status = dsOpenDirService( &dsRef );
	if (status != eDSNoErr)
		return status;
		
	do
    {
		if ( tDataBuff == NULL )
			tDataBuff = dsDataBufferAllocate( dsRef, 4096 );
		if (tDataBuff == NULL) break;
        
		if ( locn != NULL )
		{
			nodeName = dsBuildFromPath( dsRef, locn, "/" );
			if ( nodeName == NULL ) break;
			
			// find
			status = dsFindDirNodes( dsRef, tDataBuff, nodeName, eDSiExact, &nodeCount, &context );
        }
		else
		{
			// find on search node
			status = dsFindDirNodes( dsRef, tDataBuff, NULL, eDSSearchNodeName, &nodeCount, &context );
		}
		
		if (status != eDSNoErr) break;
		if ( nodeCount < 1 ) {
			status = eDSNodeNotFound;
			break;
		}
		
		if ( isroot == 1 )
		{
			// we already tried SetPasswordAsRoot and it didn't work
			// get the old (current) password and try again
			
			// getpass
			isroot = 0;
			wasroot = 1;
		}
		else
		if ( getuid() == 0 )
			isroot = 1;
		
		ds_getpasswd( loginUser, uname, isroot, wasroot, changePassOnSelf, &old_clear, &new_clear );
		
		status = dsGetDirNodeName( dsRef, tDataBuff, 1, &nodeName );
		if (status != eDSNoErr) continue;
		
		status = dsOpenDirNode( dsRef, nodeName, &nodeRef );
		dsDataListDeallocate( dsRef, nodeName );
		free( nodeName );
		nodeName = NULL;
		if (status != eDSNoErr) continue;
		
		pRecName = dsBuildListFromStrings( dsRef, uname, NULL );
		pRecType = dsBuildListFromStrings( dsRef, kDSStdRecordTypeUsers, NULL );
		pAttrType = dsBuildListFromStrings( dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL );

		recCount = 1;
		status = dsGetRecordList( nodeRef, tDataBuff, pRecName, eDSExact, pRecType,
													pAttrType, 0, &recCount, &context );
		if ( status != eDSNoErr ) break;
		if ( recCount == 0 ) {
			status = eDSAuthUnknownUser;
			break;
		}
		
		status = dsGetRecordEntry( nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry );
		if ( status != eDSNoErr ) break;
		
		for ( attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++ )
		{
			status = dsGetAttributeEntry( nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry );
			if ( status == eDSNoErr && pAttrEntry != NULL )
			{
				if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation ) == 0 )
				{
					status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
					if ( status == eDSNoErr && pValueEntry != NULL )
					{
						pUserLocation = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
						memcpy( pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
					}
				}
				else
				if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName ) == 0 )
				{
					status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
					if ( status == eDSNoErr && pValueEntry != NULL )
					{
						pUserName = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
						memcpy( pUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
					}
				}
				
				if ( pValueEntry != NULL )
					dsDeallocAttributeValueEntry( dsRef, pValueEntry );
				pValueEntry = NULL;
				
				dsDeallocAttributeEntry( dsRef, pAttrEntry );
				pAttrEntry = NULL;
				dsCloseAttributeValueList( valueRef );
				valueRef = 0;
			}
		}
		
		if ( pUserLocation == NULL || pUserName == NULL ) {
			status = eDSAuthInvalidUserName;
			break;
		}
		
		pUserNode = dsBuildFromPath( dsRef, pUserLocation, "/" );
		status = dsOpenDirNode( dsRef, pUserNode, &userNodeRef );
		if ( status != eDSNoErr ) break;
		
		pStepBuff = dsDataBufferAllocate( dsRef, 128 );
		
		if ( isroot )
		{
			pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthSetPasswdAsRoot );
			uiCurr = 0;
			
			// User name
			uiLen = strlen( pUserName );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
			uiCurr += uiLen;
			
			// new pw
			uiLen = strlen( new_clear );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), new_clear, uiLen );
			uiCurr += uiLen;
			
			tDataBuff->fBufferLength = uiCurr;
			
			status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL );
		}
		else
		if ( changePassOnSelf )
		{
			pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthChangePasswd );
			uiCurr = 0;
			
			// User name
			uiLen = strlen( pUserName );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
			uiCurr += uiLen;
			
			// old pw
			uiLen = strlen( old_clear );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), old_clear, uiLen );
			uiCurr += uiLen;
			
			// new pw
			uiLen = strlen( new_clear );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), new_clear, uiLen );
			uiCurr += uiLen;
			
			tDataBuff->fBufferLength = uiCurr;
			
			status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL );
		}
		else
		if ( loginUser != NULL )
		{
			pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthSetPasswd );
			uiCurr = 0;
			
			// User name
			uiLen = strlen( pUserName );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
			uiCurr += uiLen;
			
			// new pw
			uiLen = strlen( new_clear );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), new_clear, uiLen );
			uiCurr += uiLen;
			
			// Authenticator name
			uiLen = strlen( loginUser );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), loginUser, uiLen );
			uiCurr += uiLen;
			
			// authenticator pw
			uiLen = strlen( old_clear );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
			uiCurr += sizeof( unsigned long );
			memcpy( &(tDataBuff->fBufferData[ uiCurr ]), old_clear, uiLen );
			uiCurr += uiLen;
			
			tDataBuff->fBufferLength = uiCurr;
			
			status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL );
		}
		else
		{
			status = eDSAuthFailed;
		}
	}
	while ( isroot == 1 && status != eDSNoErr );
	
	/* old_clear and new_clear are statics (don't call free) */
	if (old_clear != NULL) {
		memset(old_clear, 0, strlen(old_clear));
	}
	if (new_clear != NULL) {
		memset(new_clear, 0, strlen(new_clear));
	}
    if (tDataBuff != NULL) {
		memset(tDataBuff, 0, tDataBuff->fBufferSize);
		dsDataBufferDeAllocate( dsRef, tDataBuff );
		tDataBuff = NULL;
	}
	
    if (pStepBuff != NULL) {
		dsDataBufferDeAllocate( dsRef, pStepBuff );
		pStepBuff = NULL;
	}
	if (pUserLocation != NULL ) {
		free(pUserLocation);
		pUserLocation = NULL;
	}
	if (pRecName != NULL) {
		dsDataListDeallocate( dsRef, pRecName );
		free( pRecName );
		pRecName = NULL;
	}
	if (pRecType != NULL) {
		dsDataListDeallocate( dsRef, pRecType );
		free( pRecType );
		pRecType = NULL;
	}
	if (pAttrType != NULL) {
		dsDataListDeallocate( dsRef, pAttrType );
		free( pAttrType );
		pAttrType = NULL;
	}
    if (nodeRef != 0) {
		dsCloseDirNode(nodeRef);
		nodeRef = 0;
	}
	if (dsRef != 0) {
		dsCloseDirService(dsRef);
		dsRef = 0;
	}

	if ( status != eDSNoErr ) {
		errno = EACCES;
		switch( status )
		{
			case eDSAuthPasswordTooShort:
				errMsgStr = "The new password is too short.";
				break;
			
			case eDSAuthPasswordTooLong:
				errMsgStr = "The new password is too long.";
				break;
				
			case eDSAuthPasswordNeedsLetter:
				errMsgStr = "The new password must contain a letter.";
				break;
				
			case eDSAuthPasswordNeedsDigit:
				errMsgStr = "The new password must contain a number.";
				break;
				
			default:
				errMsgStr = "Sorry";
		}
		fprintf(stderr, "%s\n", errMsgStr);
		exit(1);
	}
	
	return status;
}
Commit	Line	Data
20e66415 A	1	/*
	2	* Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
2fc1e207 A	6	* "Portions Copyright (c) 1999 Apple Computer, Inc. All Rights
	7	* Reserved. This file contains Original Code and/or Modifications of
	8	* Original Code as defined in and that are subject to the Apple Public
	9	* Source License Version 1.0 (the 'License'). You may not use this file
	10	* except in compliance with the License. Please obtain a copy of the
	11	* License at http://www.apple.com/publicsource and read it before using
	12	* this file.
20e66415 A	13	*
	14	* The Original Code and all software distributed under the License are
	15	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	16	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	17	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2fc1e207 A	18	* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
	19	* License for the specific language governing rights and limitations
	20	* under the License."
20e66415 A	21	*
	22	* @APPLE_LICENSE_HEADER_END@
	23	*/
	24	#include <stdio.h>
	25	#include <unistd.h>
	26	#include <stdlib.h>
	27	#include <sys/param.h>
	28	#include <sys/socket.h>
	29	#include <net/if.h>
	30	#include <netinet/in.h>
	31	#include <arpa/inet.h>
	32	#include <sys/ioctl.h>
	33	#include <errno.h>
	34	#include <pwd.h>
	35	#include <netdb.h>
	36	#include <ctype.h>
	37	#include <string.h>
c3a08f59	38	#include <sys/dirent.h>
20e66415 A	39
	40	#include <DirectoryService/DirServices.h>
	41	#include <DirectoryService/DirServicesConst.h>
	42	#include <DirectoryService/DirServicesTypes.h>
	43	#include <DirectoryService/DirServicesUtils.h>
	44
	45	// password server can store 511 characters + a terminator.
	46	#define kMaxPassword 512
	47
	48	//-------------------------------------------------------------------------------------
	49	// ds_getpasswd
	50	//-------------------------------------------------------------------------------------
	51
	52	void
c3a08f59	53	ds_getpasswd(const char loginUser, char name, int isroot, int wasroot, int changePassOnSelf, char old_clear, char new_clear)
20e66415 A	54	{
	55	int tries, len;
	56	char *p;
	57	static char obuf[kMaxPassword];
	58	static char nbuf[kMaxPassword];
c3a08f59	59	char prompt[MAXNAMLEN + 16];
20e66415 A	60
	61	printf("Changing password for %s.\n", name);
	62
	63	p = "";
	64
	65	if (isroot == 0)
	66	{
c3a08f59 A	67	if ( changePassOnSelf )
	68	{
	69	strcpy( prompt, "Old password:" );
	70	}
	71	else
	72	{
	73	snprintf( prompt, sizeof(prompt), "password for %s:", loginUser );
	74	}
	75
	76	p = getpass( prompt );
20e66415 A	77	snprintf( obuf, sizeof(obuf), "%s", p );
	78	}
	79
	80	if ( wasroot == 0 )
	81	{
	82	tries = 0;
	83	nbuf[0] = '\0';
	84	for (;;)
	85	{
	86	p = getpass("New password:");
	87	if (!*p)
	88	{
	89	printf("Password unchanged.\n");
	90	exit(0);
	91	}
	92
	93	tries++;
	94	len = strlen(p);
	95
	96	snprintf( nbuf, sizeof(nbuf), "%s", p );
	97	if (!strcmp(nbuf, getpass("Retype new password:"))) break;
	98
	99	printf("Mismatch; try again, EOF to quit.\n");
	100	}
	101	}
	102
	103	*old_clear = obuf;
	104	*new_clear = nbuf;
	105	}
	106
	107
	108	//-------------------------------------------------------------------------------------
	109	// ds_passwd
	110	//-------------------------------------------------------------------------------------
	111
	112	int
	113	ds_passwd(char uname, char locn)
	114	{
	115	tDirReference dsRef = 0;
	116	tDataBuffer *tDataBuff = NULL;
	117	tDirNodeReference nodeRef = 0;
	118	long status = eDSNoErr;
	119	tContextData context = NULL;
	120	unsigned long nodeCount = 0;
	121	unsigned long attrIndex = 0;
	122	tDataList *nodeName = NULL;
	123	tAttributeEntryPtr pAttrEntry = NULL;
	124	tDataList *pRecName = NULL;
	125	tDataList *pRecType = NULL;
	126	tDataList *pAttrType = NULL;
	127	unsigned long recCount = 0;
	128	tRecordEntry *pRecEntry = NULL;
	129	tAttributeListRef attrListRef = 0;
	130	char *pUserLocation = NULL;
	131	char *pUserName = NULL;
	132	tAttributeValueListRef valueRef = 0;
	133	tAttributeValueEntry *pValueEntry = NULL;
	134	tDataList *pUserNode = NULL;
	135	tDirNodeReference userNodeRef = 0;
	136	tDataBuffer *pStepBuff = NULL;
	137	tDataNode *pAuthType = NULL;
	138	unsigned long uiCurr = 0;
	139	unsigned long uiLen = 0;
	140	char *old_clear = NULL;
141	char *new_clear = NULL;
142	int isroot = 0;
143	int wasroot = 0;
144	char *loginUser = NULL;
145	int changePassOnSelf = 1;
2fc1e207 A	146	const char *errMsgStr = NULL;
2fc1e207 A	147	struct passwd *userRec = NULL;
20e66415 A	148
	149	if (uname == NULL)
	150	return -1;
	151
2fc1e207 A	152	/* getlogin() is the wrong thing to use here. Use getpwuid(getuid()); */
	153	/* sns 5 Jan 2005 */
	154
	155	userRec = getpwuid( getuid() );
	156	if ( userRec != NULL ) {
	157	loginUser = userRec->pw_name;
	158	if ( loginUser != NULL )
	159	changePassOnSelf = (strcmp(loginUser, uname) == 0);
	160	}
20e66415 A	161
	162	status = dsOpenDirService( &dsRef );
	163	if (status != eDSNoErr)
	164	return status;
	165
	166	do
	167	{
	168	if ( tDataBuff == NULL )
	169	tDataBuff = dsDataBufferAllocate( dsRef, 4096 );
	170	if (tDataBuff == NULL) break;
	171
	172	if ( locn != NULL )
	173	{
	174	nodeName = dsBuildFromPath( dsRef, locn, "/" );
	175	if ( nodeName == NULL ) break;
	176
	177	// find
	178	status = dsFindDirNodes( dsRef, tDataBuff, nodeName, eDSiExact, &nodeCount, &context );
	179	}
	180	else
	181	{
	182	// find on search node
	183	status = dsFindDirNodes( dsRef, tDataBuff, NULL, eDSSearchNodeName, &nodeCount, &context );
	184	}
	185
	186	if (status != eDSNoErr) break;
	187	if ( nodeCount < 1 ) {
	188	status = eDSNodeNotFound;
	189	break;
	190	}
	191
	192	if ( isroot == 1 )
	193	{
	194	// we already tried SetPasswordAsRoot and it didn't work
	195	// get the old (current) password and try again
	196
	197	// getpass
	198	isroot = 0;
	199	wasroot = 1;
	200	}
	201	else
	202	if ( getuid() == 0 )
	203	isroot = 1;
	204
c3a08f59	205	ds_getpasswd( loginUser, uname, isroot, wasroot, changePassOnSelf, &old_clear, &new_clear );
20e66415 A	206
	207	status = dsGetDirNodeName( dsRef, tDataBuff, 1, &nodeName );
	208	if (status != eDSNoErr) continue;
	209
	210	status = dsOpenDirNode( dsRef, nodeName, &nodeRef );
	211	dsDataListDeallocate( dsRef, nodeName );
	212	free( nodeName );
	213	nodeName = NULL;
	214	if (status != eDSNoErr) continue;
	215
	216	pRecName = dsBuildListFromStrings( dsRef, uname, NULL );
	217	pRecType = dsBuildListFromStrings( dsRef, kDSStdRecordTypeUsers, NULL );
	218	pAttrType = dsBuildListFromStrings( dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL );
	219
	220	recCount = 1;
	221	status = dsGetRecordList( nodeRef, tDataBuff, pRecName, eDSExact, pRecType,
	222	pAttrType, 0, &recCount, &context );
	223	if ( status != eDSNoErr ) break;
	224	if ( recCount == 0 ) {
	225	status = eDSAuthUnknownUser;
	226	break;
	227	}
	228
	229	status = dsGetRecordEntry( nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry );
	230	if ( status != eDSNoErr ) break;
	231
	232	for ( attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++ )
	233	{
	234	status = dsGetAttributeEntry( nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry );
	235	if ( status == eDSNoErr && pAttrEntry != NULL )
	236	{
	237	if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation ) == 0 )
	238	{
	239	status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
	240	if ( status == eDSNoErr && pValueEntry != NULL )
	241	{
	242	pUserLocation = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
	243	memcpy( pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
	244	}
	245	}
	246	else
	247	if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName ) == 0 )
	248	{
	249	status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
	250	if ( status == eDSNoErr && pValueEntry != NULL )
	251	{
	252	pUserName = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
	253	memcpy( pUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
	254	}
	255	}
	256
	257	if ( pValueEntry != NULL )
	258	dsDeallocAttributeValueEntry( dsRef, pValueEntry );
	259	pValueEntry = NULL;
	260
	261	dsDeallocAttributeEntry( dsRef, pAttrEntry );
	262	pAttrEntry = NULL;
	263	dsCloseAttributeValueList( valueRef );
	264	valueRef = 0;
	265	}
	266	}
	267
2fc1e207 A	268	if ( pUserLocation == NULL \|\| pUserName == NULL ) {
	269	status = eDSAuthInvalidUserName;
	270	break;
	271	}
	272
20e66415 A	273	pUserNode = dsBuildFromPath( dsRef, pUserLocation, "/" );
	274	status = dsOpenDirNode( dsRef, pUserNode, &userNodeRef );
	275	if ( status != eDSNoErr ) break;
	276
	277	pStepBuff = dsDataBufferAllocate( dsRef, 128 );
	278
	279	if ( isroot )
	280	{
	281	pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthSetPasswdAsRoot );
	282	uiCurr = 0;
	283
	284	// User name
	285	uiLen = strlen( pUserName );
	286	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	287	uiCurr += sizeof( unsigned long );
	288	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
	289	uiCurr += uiLen;
	290
	291	// new pw
	292	uiLen = strlen( new_clear );
	293	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	294	uiCurr += sizeof( unsigned long );
	295	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), new_clear, uiLen );
	296	uiCurr += uiLen;
	297
	298	tDataBuff->fBufferLength = uiCurr;
	299
	300	status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL );
	301	}
	302	else
	303	if ( changePassOnSelf )
	304	{
	305	pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthChangePasswd );
	306	uiCurr = 0;
	307
	308	// User name
	309	uiLen = strlen( pUserName );
	310	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	311	uiCurr += sizeof( unsigned long );
	312	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
	313	uiCurr += uiLen;
	314
	315	// old pw
	316	uiLen = strlen( old_clear );
	317	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	318	uiCurr += sizeof( unsigned long );
	319	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), old_clear, uiLen );
	320	uiCurr += uiLen;
	321
	322	// new pw
	323	uiLen = strlen( new_clear );
	324	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	325	uiCurr += sizeof( unsigned long );
	326	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), new_clear, uiLen );
	327	uiCurr += uiLen;
	328
	329	tDataBuff->fBufferLength = uiCurr;
	330
	331	status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL );
	332	}
	333	else
2fc1e207	334	if ( loginUser != NULL )
20e66415 A	335	{
	336	pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthSetPasswd );
	337	uiCurr = 0;
	338
	339	// User name
	340	uiLen = strlen( pUserName );
	341	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	342	uiCurr += sizeof( unsigned long );
	343	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
	344	uiCurr += uiLen;
	345
	346	// new pw
	347	uiLen = strlen( new_clear );
	348	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	349	uiCurr += sizeof( unsigned long );
	350	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), new_clear, uiLen );
	351	uiCurr += uiLen;
	352
	353	// Authenticator name
	354	uiLen = strlen( loginUser );
	355	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	356	uiCurr += sizeof( unsigned long );
	357	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), loginUser, uiLen );
	358	uiCurr += uiLen;
	359
	360	// authenticator pw
	361	uiLen = strlen( old_clear );
	362	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
	363	uiCurr += sizeof( unsigned long );
	364	memcpy( &(tDataBuff->fBufferData[ uiCurr ]), old_clear, uiLen );
	365	uiCurr += uiLen;
	366
	367	tDataBuff->fBufferLength = uiCurr;
	368
	369	status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL );
	370	}
2fc1e207 A	371	else
	372	{
	373	status = eDSAuthFailed;
	374	}
20e66415 A	375	}
	376	while ( isroot == 1 && status != eDSNoErr );
	377
	378	/* old_clear and new_clear are statics (don't call free) */
	379	if (old_clear != NULL) {
	380	memset(old_clear, 0, strlen(old_clear));
	381	}
	382	if (new_clear != NULL) {
	383	memset(new_clear, 0, strlen(new_clear));
	384	}
	385	if (tDataBuff != NULL) {
	386	memset(tDataBuff, 0, tDataBuff->fBufferSize);
	387	dsDataBufferDeAllocate( dsRef, tDataBuff );
	388	tDataBuff = NULL;
	389	}
	390
	391	if (pStepBuff != NULL) {
	392	dsDataBufferDeAllocate( dsRef, pStepBuff );
	393	pStepBuff = NULL;
	394	}
	395	if (pUserLocation != NULL ) {
	396	free(pUserLocation);
	397	pUserLocation = NULL;
	398	}
	399	if (pRecName != NULL) {
	400	dsDataListDeallocate( dsRef, pRecName );
	401	free( pRecName );
	402	pRecName = NULL;
	403	}
	404	if (pRecType != NULL) {
	405	dsDataListDeallocate( dsRef, pRecType );
	406	free( pRecType );
	407	pRecType = NULL;
	408	}
	409	if (pAttrType != NULL) {
	410	dsDataListDeallocate( dsRef, pAttrType );
	411	free( pAttrType );
	412	pAttrType = NULL;
	413	}
	414	if (nodeRef != 0) {
	415	dsCloseDirNode(nodeRef);
	416	nodeRef = 0;
	417	}
	418	if (dsRef != 0) {
	419	dsCloseDirService(dsRef);
	420	dsRef = 0;
	421	}
	422
	423	if ( status != eDSNoErr ) {
	424	errno = EACCES;
2fc1e207 A	425	switch( status )
	426	{
	427	case eDSAuthPasswordTooShort:
	428	errMsgStr = "The new password is too short.";
	429	break;
	430
	431	case eDSAuthPasswordTooLong:
	432	errMsgStr = "The new password is too long.";
	433	break;
	434
	435	case eDSAuthPasswordNeedsLetter:
	436	errMsgStr = "The new password must contain a letter.";
	437	break;
	438
	439	case eDSAuthPasswordNeedsDigit:
	440	errMsgStr = "The new password must contain a number.";
	441	break;
	442
	443	default:
	444	errMsgStr = "Sorry";
	445	}
	446	fprintf(stderr, "%s\n", errMsgStr);
20e66415 A	447	exit(1);
	448	}
	449
	450	return status;
	451	}
	452
	453
	454
	455
	456
	457
	458
	459
	460
	461
	462