diff options
Diffstat (limited to 'kdc.go')
| -rw-r--r-- | kdc.go | 65 |
1 files changed, 65 insertions, 0 deletions
@@ -0,0 +1,65 @@ +package main + +import ( + "fmt" + "gopkg.in/jcmturner/gokrb5.v5/client" + "gopkg.in/jcmturner/gokrb5.v5/config" + "os/exec" + "strings" +) + +var suffixMap map[string]string = map[string]string{ + "SSO": "", + "EDUROAM": "/ppp", + "TACACS": "/net", +} + +func CheckDuplicatePw(username, password string) error { + for suffix, _ := range suffixMap { + err := checkKerberosDuplicatePw(suffix, username, password) + if err != nil { + return err + } + } + return nil +} + +func checkKerberosDuplicatePw(suffix, username, password string) error { + principal := username + suffixMap[suffix] + + config, err := config.Load(pwman.Krb5Conf) + kclient := client.NewClientWithPassword(principal, "NORDU.NET", password) + kclient.WithConfig(config) + err = kclient.Login() + if err != nil { + // error either means bad password or no connection etc. + if strings.Contains(err.Error(), "KDC_ERR_PREAUTH_REQUIRED") { + // Password did not match + return nil + } + fmt.Println("ERROR", err) + return err + } + return fmt.Errorf("Password already used with: %s account", suffix) +} + +func ChangeKerberosPw(suffix, username, new_password string) error { + kerberos_uid := fmt.Sprintf("%s%s", username, suffixMap[suffix]) + // call script + cmd := exec.Command(pwman.ChangePwScript) + stdin, err := cmd.StdinPipe() + if err != nil { + return fmt.Errorf("Unable to open pipe for kerberos script: %v", err) + } + go func() { + defer stdin.Close() + fmt.Fprintf(stdin, "%s@NORDU.NET %s", kerberos_uid, new_password) + }() + + err = cmd.Run() + if err != nil { + return fmt.Errorf("Error running change password script, got error: %v", err) + } + + return nil +} |