123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241 |
- #include <u.h>
- #include <libc.h>
- #include <mp.h>
- #include <libsec.h>
- #include "SConn.h"
- #include "secstore.h"
- int verbose;
- static void userinput(char *, int);
- static void
- ensure_exists(char *f, ulong perm)
- {
- int fd;
- if(access(f, AEXIST) >= 0)
- return;
- if(verbose)
- fprint(2,"first time setup for secstore: create %s %lo\n", f, perm);
- fd = create(f, OREAD, perm);
- if(fd < 0){
- fprint(2, "secuser: unable to create %s\n", f);
- exits("secstored directories");
- }
- close(fd);
- }
- int
- main(int argc, char **argv)
- {
- int isnew;
- char *id, buf[Maxmsg], home[Maxmsg], prompt[100], *hexHi;
- char *pass, *passck;
- long expsecs;
- mpint *H = mpnew(0), *Hi = mpnew(0);
- PW *pw;
- Tm *tm;
- ARGBEGIN{
- case 'v':
- verbose++;
- break;
- }ARGEND;
- if(argc!=1){
- print("usage: secuser [-v] <user>\n");
- exits("usage");
- }
- ensure_exists(SECSTORE_DIR, DMDIR|0755L);
- snprint(home, sizeof(home), "%s/who", SECSTORE_DIR);
- ensure_exists(home, DMDIR|0755L);
- snprint(home, sizeof(home), "%s/store", SECSTORE_DIR);
- ensure_exists(home, DMDIR|0700L);
- id = argv[0];
- if(verbose)
- fprint(2,"secuser %s\n", id);
- if((pw = getPW(id,1)) == nil){
- isnew = 1;
- print("new account (because %s/%s %r)\n", SECSTORE_DIR, id);
- pw = emalloc(sizeof(*pw));
- pw->id = estrdup(id);
- snprint(home, sizeof(home), "%s/store/%s", SECSTORE_DIR, id);
- if(access(home, AEXIST) == 0){
- print("new user, but directory %s already exists\n", home);
- exits(home);
- }
- }else{
- isnew = 0;
- }
- /* get main password for id */
- for(;;){
- if(isnew)
- snprint(prompt, sizeof(prompt), "%s password: ", id);
- else
- snprint(prompt, sizeof(prompt), "%s password [default = don't change]: ", id);
- pass = getpassm(prompt);
- if(pass == nil){
- print("getpassm failed\n");
- exits("getpassm failed");
- }
- if(verbose)
- print("%ld characters\n", strlen(pass));
- if(pass[0] == '\0' && isnew == 0)
- break;
- if(strlen(pass) >= 7)
- break;
- print("password must be at least 7 characters\n");
- }
- if(pass[0] != '\0'){
- snprint(prompt, sizeof(prompt), "retype password: ");
- if(verbose)
- print("confirming...\n");
- passck = getpassm(prompt);
- if(passck == nil){
- print("getpassm failed\n");
- exits("getpassm failed");
- }
- if(strcmp(pass, passck) != 0){
- print("passwords didn't match\n");
- exits("no match");
- }
- memset(passck, 0, strlen(passck));
- free(passck);
- hexHi = PAK_Hi(id, pass, H, Hi);
- memset(pass, 0, strlen(pass));
- free(pass);
- free(hexHi);
- mpfree(H);
- pw->Hi = Hi;
- }
- /* get expiration time (midnight of date specified) */
- if(isnew)
- expsecs = time(0) + 365*24*60*60;
- else
- expsecs = pw->expire;
- for(;;){
- tm = localtime(expsecs);
- print("expires [DDMMYYYY, default = %2.2d%2.2d%4.4d]: ",
- tm->mday, tm->mon, tm->year+1900);
- userinput(buf, sizeof(buf));
- if(strlen(buf) == 0)
- break;
- if(strlen(buf) != 8){
- print("!bad date format: %s\n", buf);
- continue;
- }
- tm->mday = (buf[0]-'0')*10 + (buf[1]-'0');
- if(tm->mday > 31 || tm->mday < 1){
- print("!bad day of month: %d\n", tm->mday);
- continue;
- }
- tm->mon = (buf[2]-'0')*10 + (buf[3]-'0') - 1;
- if(tm->mon > 11 || tm->mday < 0){
- print("!bad month: %d\n", tm->mon + 1);
- continue;
- }
- tm->year = atoi(buf+4) - 1900;
- if(tm->year < 70){
- print("!bad year: %d\n", tm->year + 1900);
- continue;
- }
- tm->sec = 59;
- tm->min = 59;
- tm->hour = 23;
- tm->yday = 0;
- expsecs = tm2sec(tm);
- break;
- }
- pw->expire = expsecs;
- /* failed logins */
- if(pw->failed != 0 )
- print("clearing %d failed login attempts\n", pw->failed);
- pw->failed = 0;
- /* status bits */
- if(isnew)
- pw->status = Enabled;
- for(;;){
- print("Enabled or Disabled [default %s]: ",
- (pw->status & Enabled) ? "Enabled" : "Disabled" );
- userinput(buf, sizeof(buf));
- if(strlen(buf) == 0)
- break;
- if(buf[0]=='E' || buf[0]=='e'){
- pw->status |= Enabled;
- break;
- }
- if(buf[0]=='D' || buf[0]=='d'){
- pw->status = pw->status & ~Enabled;
- break;
- }
- }
- for(;;){
- print("require STA? [default %s]: ",
- (pw->status & STA) ? "yes" : "no" );
- userinput(buf, sizeof(buf));
- if(strlen(buf) == 0)
- break;
- if(buf[0]=='Y' || buf[0]=='y'){
- pw->status |= STA;
- break;
- }
- if(buf[0]=='N' || buf[0]=='n'){
- pw->status = pw->status & ~STA;
- break;
- }
- }
- /* free form field */
- if(isnew)
- pw->other = nil;
- print("comments [default = %s]: ", (pw->other == nil) ? "" : pw->other);
- userinput(buf, 72); /* 72 comes from password.h */
- if(buf[0])
- if((pw->other = strdup(buf)) == nil)
- sysfatal("strdup");
- syslog(0, LOG, "CHANGELOGIN for '%s'", pw->id);
- if(putPW(pw) < 0){
- print("error writing entry: %r\n");
- exits("can't write password file");
- }else{
- print("change written\n");
- if(isnew && create(home, OREAD, DMDIR | 0775L) < 0){
- print("unable to create %s: %r\n", home);
- exits(home);
- }
- }
- exits("");
- return 1; /* keep other compilers happy */
- }
- static void
- userinput(char *buf, int blen)
- {
- int n;
- for(;;){
- n = read(0, buf, blen);
- if(n<=0)
- exits("read error");
- if(buf[n-1]=='\n'){
- buf[n-1] = '\0';
- return;
- }
- buf += n; blen -= n;
- if(blen<=0)
- exits("input too large");
- }
- }
|