Strona główna Odkrywaj Pomoc
Zaloguj się
OWEALs
/
busybox
kopia lustrzana http://git.busybox.net/busybox/
3
0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: 7cc5a50465
Gałęzie Tagi
busybox
/
loginutils
/
passwd.c

passwd.c 5.4 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 
  1. /* vi: set sw=4 ts=4: */
    2. 

  2. /*
    3. 

  3.  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
    4. 

  4.  */
    5. 

  5. #include "libbb.h"
    6. 

  6. #include <syslog.h>
    7. 

  7. 

  8. static void nuke_str(char *str)
    9. 

  9. {
    10. 

  10. 	if (str) memset(str, 0, strlen(str));
    11. 

  11. }
    12. 

  12. 

  13. static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
    14. 

  14. {
    15. 

  15. 	char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
    16. 

  16. 	char *orig = (char*)"";
    17. 

  17. 	char *newp = NULL;
    18. 

  18. 	char *cp = NULL;
    19. 

  19. 	char *ret = NULL; /* failure so far */
    20. 

  20. 

  21. 	if (myuid && pw->pw_passwd[0]) {
    22. 

  22. 		char *encrypted;
    23. 

  23. 

  24. 		orig = bb_ask_stdin("Old password:"); /* returns ptr to static */
    25. 

  25. 		if (!orig)
    26. 

  26. 			goto err_ret;
    27. 

  27. 		encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */
    28. 

  28. 		if (strcmp(encrypted, pw->pw_passwd) != 0) {
    29. 

  29. 			syslog(LOG_WARNING, "incorrect password for %s",
    30. 

  30. 				pw->pw_name);
    31. 

  31. 			bb_do_delay(FAIL_DELAY);
    32. 

  32. 			puts("Incorrect password");
    33. 

  33. 			goto err_ret;
    34. 

  34. 		}
    35. 

  35. 		if (ENABLE_FEATURE_CLEAN_UP) free(encrypted);
    36. 

  36. 	}
    37. 

  37. 	orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
    38. 

  38. 	newp = bb_ask_stdin("New password:"); /* returns ptr to static */
    39. 

  39. 	if (!newp)
    40. 

  40. 		goto err_ret;
    41. 

  41. 	newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
    42. 

  42. 	if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
    43. 

  43. 	 && obscure(orig, newp, pw) && myuid)
    44. 

  44. 		goto err_ret; /* non-root is not allowed to have weak passwd */
    45. 

  45. 

  46. 	cp = bb_ask_stdin("Retype password:");
    47. 

  47. 	if (!cp)
    48. 

  48. 		goto err_ret;
    49. 

  49. 	if (strcmp(cp, newp)) {
    50. 

  50. 		puts("Passwords don't match");
    51. 

  51. 		goto err_ret;
    52. 

  52. 	}
    53. 

  53. 

  54. 	crypt_make_salt(salt, 1, 0); /* des */
    55. 

  55. 	if (algo) { /* MD5 */
    56. 

  56. 		strcpy(salt, "$1$");
    57. 

  57. 		crypt_make_salt(salt + 3, 4, 0);
    58. 

  58. 	}
    59. 

  59. 	/* pw_encrypt returns malloced str */
    60. 

  60. 	ret = pw_encrypt(newp, salt, 1);
    61. 

  61. 	/* whee, success! */
    62. 

  62. 

  63.  err_ret:
    64. 

  64. 	nuke_str(orig);
    65. 

  65. 	if (ENABLE_FEATURE_CLEAN_UP) free(orig);
    66. 

  66. 	nuke_str(newp);
    67. 

  67. 	if (ENABLE_FEATURE_CLEAN_UP) free(newp);
    68. 

  68. 	nuke_str(cp);
    69. 

  69. 	return ret;
    70. 

  70. }
    71. 

  71. 

  72. int passwd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
    73. 

  73. int passwd_main(int argc UNUSED_PARAM, char **argv)
    74. 

  74. {
    75. 

  75. 	enum {
    76. 

  76. 		OPT_algo = 0x1, /* -a - password algorithm */
    77. 

  77. 		OPT_lock = 0x2, /* -l - lock account */
    78. 

  78. 		OPT_unlock = 0x4, /* -u - unlock account */
    79. 

  79. 		OPT_delete = 0x8, /* -d - delete password */
    80. 

  80. 		OPT_lud = 0xe,
    81. 

  81. 		STATE_ALGO_md5 = 0x10,
    82. 

  82. 		//STATE_ALGO_des = 0x20, not needed yet
    83. 

  83. 	};
    84. 

  84. 	unsigned opt;
    85. 

  85. 	int rc;
    86. 

  86. 	const char *opt_a = "";
    87. 

  87. 	const char *filename;
    88. 

  88. 	char *myname;
    89. 

  89. 	char *name;
    90. 

  90. 	char *newp;
    91. 

  91. 	struct passwd *pw;
    92. 

  92. 	uid_t myuid;
    93. 

  93. 	struct rlimit rlimit_fsize;
    94. 

  94. 	char c;
    95. 

  95. #if ENABLE_FEATURE_SHADOWPASSWDS
    96. 

  96. 	/* Using _r function to avoid pulling in static buffers */
    97. 

  97. 	struct spwd spw;
    98. 

  98. 	char buffer[256];
    99. 

  99. #endif
    100. 

  100. 

  101. 	logmode = LOGMODE_BOTH;
    102. 

  102. 	openlog(applet_name, 0, LOG_AUTH);
    103. 

  103. 	opt = getopt32(argv, "a:lud", &opt_a);
    104. 

  104. 	//argc -= optind;
    105. 

  105. 	argv += optind;
    106. 

  106. 

  107. 	if (strcasecmp(opt_a, "des") != 0) /* -a */
    108. 

  108. 		opt |= STATE_ALGO_md5;
    109. 

  109. 	//else
    110. 

  110. 	//	opt |= STATE_ALGO_des;
    111. 

  111. 	myuid = getuid();
    112. 

  112. 	/* -l, -u, -d require root priv and username argument */
    113. 

  113. 	if ((opt & OPT_lud) && (myuid || !argv[0]))
    114. 

  114. 		bb_show_usage();
    115. 

  115. 

  116. 	/* Will complain and die if username not found */
    117. 

  117. 	myname = xstrdup(xuid2uname(myuid));
    118. 

  118. 	name = argv[0] ? argv[0] : myname;
    119. 

  119. 

  120. 	pw = xgetpwnam(name);
    121. 

  121. 	if (myuid && pw->pw_uid != myuid) {
    122. 

  122. 		/* LOGMODE_BOTH */
    123. 

  123. 		bb_error_msg_and_die("%s can't change password for %s", myname, name);
    124. 

  124. 	}
    125. 

  125. 

  126. #if ENABLE_FEATURE_SHADOWPASSWDS
    127. 

  127. 	{
    128. 

  128. 		/* getspnam_r may return 0 yet set result to NULL.
    129. 

  129. 		 * At least glibc 2.4 does this. Be extra paranoid here. */
    130. 

  130. 		struct spwd *result = NULL;
    131. 

  131. 		if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)
    132. 

  132. 		 || !result || strcmp(result->sp_namp, pw->pw_name) != 0) {
    133. 

  133. 			/* LOGMODE_BOTH */
    134. 

  134. 			bb_error_msg("no record of %s in %s, using %s",
    135. 

  135. 					name, bb_path_shadow_file,
    136. 

  136. 					bb_path_passwd_file);
    137. 

  137. 		} else {
    138. 

  138. 			pw->pw_passwd = result->sp_pwdp;
    139. 

  139. 		}
    140. 

  140. 	}
    141. 

  141. #endif
    142. 

  142. 

  143. 	/* Decide what the new password will be */
    144. 

  144. 	newp = NULL;
    145. 

  145. 	c = pw->pw_passwd[0] - '!';
    146. 

  146. 	if (!(opt & OPT_lud)) {
    147. 

  147. 		if (myuid && !c) { /* passwd starts with '!' */
    148. 

  148. 			/* LOGMODE_BOTH */
    149. 

  149. 			bb_error_msg_and_die("cannot change "
    150. 

  150. 					"locked password for %s", name);
    151. 

  151. 		}
    152. 

  152. 		printf("Changing password for %s\n", name);
    153. 

  153. 		newp = new_password(pw, myuid, opt & STATE_ALGO_md5);
    154. 

  154. 		if (!newp) {
    155. 

  155. 			logmode = LOGMODE_STDIO;
    156. 

  156. 			bb_error_msg_and_die("password for %s is unchanged", name);
    157. 

  157. 		}
    158. 

  158. 	} else if (opt & OPT_lock) {
    159. 

  159. 		if (!c) goto skip; /* passwd starts with '!' */
    160. 

  160. 		newp = xasprintf("!%s", pw->pw_passwd);
    161. 

  161. 	} else if (opt & OPT_unlock) {
    162. 

  162. 		if (c) goto skip; /* not '!' */
    163. 

  163. 		/* pw->pw_passwd points to static storage,
    164. 

  164. 		 * strdup'ing to avoid nasty surprizes */
    165. 

  165. 		newp = xstrdup(&pw->pw_passwd[1]);
    166. 

  166. 	} else if (opt & OPT_delete) {
    167. 

  167. 		//newp = xstrdup("");
    168. 

  168. 		newp = (char*)"";
    169. 

  169. 	}
    170. 

  170. 

  171. 	rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
    172. 

  172. 	setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
    173. 

  173. 	bb_signals(0
    174. 

  174. 		+ (1 << SIGHUP)
    175. 

  175. 		+ (1 << SIGINT)
    176. 

  176. 		+ (1 << SIGQUIT)
    177. 

  177. 		, SIG_IGN);
    178. 

  178. 	umask(077);
    179. 

  179. 	xsetuid(0);
    180. 

  180. 

  181. #if ENABLE_FEATURE_SHADOWPASSWDS
    182. 

  182. 	filename = bb_path_shadow_file;
    183. 

  183. 	rc = update_passwd(bb_path_shadow_file, name, newp, NULL);
    184. 

  184. 	if (rc == 0) /* no lines updated, no errors detected */
    185. 

  185. #endif
    186. 

  186. 	{
    187. 

  187. 		filename = bb_path_passwd_file;
    188. 

  188. 		rc = update_passwd(bb_path_passwd_file, name, newp, NULL);
    189. 

  189. 	}
    190. 

  190. 	/* LOGMODE_BOTH */
    191. 

  191. 	if (rc < 0)
    192. 

  192. 		bb_error_msg_and_die("cannot update password file %s",
    193. 

  193. 				filename);
    194. 

  194. 	bb_info_msg("Password for %s changed by %s", name, myname);
    195. 

  195. 

  196. 	//if (ENABLE_FEATURE_CLEAN_UP) free(newp);
    197. 

  197.  skip:
    198. 

  198. 	if (!newp) {
    199. 

  199. 		bb_error_msg_and_die("password for %s is already %slocked",
    200. 

  200. 			name, (opt & OPT_unlock) ? "un" : "");
    201. 

  201. 	}
    202. 

  202. 	if (ENABLE_FEATURE_CLEAN_UP) free(myname);
    203. 

  203. 	return 0;
    204. 

  204. }
    205.