Add passwd by Kyungwan Han.

3 files changed, 421 insertions, 0 deletions

diff --git a/lib/lib.h b/lib/lib.h
index 8028737e..de2e214c 100644
--- a/lib/lib.h
+++ b/lib/lib.h
@@ -168,3 +168,8 @@ int sig_to_num(char *pidstr);
 char *num_to_sig(int sig);
 
 mode_t string_to_mode(char *mode_str, mode_t base);
+
+// password helper functions
+int read_passwd(char * buff, int buflen, char* mesg);
+int update_passwd(char *filename, char* username, char* encrypted);
+
diff --git a/lib/password.c b/lib/password.c
new file mode 100644
index 00000000..2b11144e
--- /dev/null
+++ b/lib/password.c
@@ -0,0 +1,142 @@
+/* vi: set sw=4 ts=4 :                                                                                                                                                          
+ * pwdutils.c - password read/update helper functions.
+ *
+ * Copyright 2012 Ashwini Kumar <ak.ashwini@gmail.com>
+ */
+
+#include "toys.h"
+#include <time.h>
+
+
+int read_passwd(char * buff, int buflen, char* mesg)
+{           
+    int i = 0;
+    struct termios termio, oldtermio;
+    tcgetattr(0, &oldtermio);
+    tcflush(0, TCIFLUSH);
+    termio = oldtermio;
+
+    termio.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY);
+    termio.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP);
+    tcsetattr(0, TCSANOW, &termio);
+
+    fputs(mesg, stdout);
+    fflush(stdout);
+
+    while (1) {
+        int ret = read(0, &buff[i], 1);
+        if ( ret < 0 ) {   
+            buff[0] = 0;
+            tcsetattr(0, TCSANOW, &oldtermio);
+            return 1;
+        }   
+        else if ( ret == 0 || buff[i] == '\n' ||
+                buff[i] == '\r' || buflen == i+1) {   
+            buff[i] = '\0';
+            break;
+        }   
+        i++;
+    }       
+
+    tcsetattr(0, TCSANOW, &oldtermio);
+    puts("");
+    fflush(stdout);
+    return 0;
+}
+
+static char *get_nextcolon(const char *line, char delim)
+{
+    char *current_ptr = NULL;
+    if((current_ptr = strchr(line, ':')) == NULL) 
+        error_exit("Invalid Entry\n");      
+    return current_ptr;
+}
+
+int update_passwd(char *filename, char* username, char* encrypted)
+{
+    char *filenamesfx = NULL, *namesfx = NULL;
+    char *shadow = NULL, *sfx = NULL;
+    FILE *exfp, *newfp;
+    int ret = -1; //fail
+    struct flock lock;
+    char *line = NULL;
+
+    shadow = strstr(filename, "shadow");
+    filenamesfx = xmsprintf("%s+", filename);
+    sfx = strchr(filenamesfx, '+');
+
+    exfp = fopen(filename, "r+");
+    if(!exfp) {      
+        perror_msg("Couldn't open file %s",filename);
+        goto free_storage;
+    }
+
+    *sfx = '-';
+    ret = unlink(filenamesfx);
+    ret = link(filename, filenamesfx);
+    if(ret < 0) error_msg("can't create backup file");
+
+    *sfx = '+';
+    lock.l_type = F_WRLCK;
+    lock.l_whence = SEEK_SET;
+    lock.l_start = 0;
+    lock.l_len = 0;
+
+    ret = fcntl(fileno(exfp), F_SETLK, &lock);
+    if(ret < 0) perror_msg("Couldn't lock file %s",filename);
+
+    lock.l_type = F_UNLCK; //unlocking at a later stage                                                                                                                         
+
+    newfp = fopen(filenamesfx, "w+");
+    if(!newfp) {       
+        error_msg("couldn't open file for writing");
+        ret = -1;
+        fclose(exfp);
+        goto free_storage;
+    }       
+
+    ret = 0;
+    namesfx = xmsprintf("%s:",username);
+    while((line = get_line(fileno(exfp))) != NULL)
+    {
+        if(strncmp(line, namesfx, strlen(namesfx)) != 0)
+            fprintf(newfp, "%s\n", line);
+        else {
+            char *current_ptr = NULL;
+            fprintf(newfp, "%s%s:",namesfx,encrypted);
+            current_ptr = get_nextcolon(line, ':'); //past username
+            current_ptr++; //past colon ':' after username
+            current_ptr = get_nextcolon(current_ptr, ':'); //past passwd
+            current_ptr++; //past colon ':' after passwd
+            if(shadow) {
+                fprintf(newfp, "%u:",(unsigned)(time(NULL))/(24*60*60));
+                current_ptr = get_nextcolon(current_ptr, ':'); 
+                current_ptr++; //past time stamp colon.
+                fprintf(newfp, "%s\n",current_ptr);
+            }
+            else {
+                fprintf(newfp, "%s\n",current_ptr);
+            }
+        }
+
+        free(line);
+    }
+    free(namesfx);
+    fcntl(fileno(exfp), F_SETLK, &lock);
+    fclose(exfp);
+    
+    errno = 0;
+    fflush(newfp);
+    fsync(fileno(newfp));
+    fclose(newfp);
+    rename(filenamesfx, filename);
+    if(errno) {
+        perror_msg("File Writing/Saving failed: ");
+        unlink(filenamesfx);
+        ret = -1;
+    }      
+
+free_storage:
+    free(filenamesfx);
+    return ret;
+} 
diff --git a/toys/passwd.c b/toys/passwd.c
new file mode 100644
index 00000000..501ce952
--- /dev/null
+++ b/toys/passwd.c
@@ -0,0 +1,274 @@
+/* vi: set sw=4 ts=4:
+ *
+ * passwd.c - Program to upadte user password.
+ *
+ * Copyright 2012 Ashwini Kumar <ak.ashwini@gmail.com>
+ * Modified 2012 Jason Kyungwan Han <asura321@gmail.com>
+ *
+ * Not in SUSv4.
+
+USE_PASSWD(NEWTOY(passwd, ">1a:dlu", TOYFLAG_STAYROOT|TOYFLAG_USR|TOYFLAG_BIN))
+
+config PASSWD
+	bool "passwd"
+	default y
+	help
+	  usage: passwd [-a ALGO] [-d] [-l] [-u] <account name>
+
+	  update user’s authentication tokens. Default : current user
+
+	  -a ALGO	Encryption method (des, md5, sha256, sha512) default: des
+	  -d		Set password to ''
+	  -l		Lock (disable) account
+	  -u 		Unlock (enable) account
+
+*/
+
+#include "toys.h"
+#include <time.h>
+
+
+DEFINE_GLOBALS(
+	char *algo;
+)
+
+#define TT this.passwd
+
+#define FLAG_u	(1 << 0)
+#define FLAG_l	(1 << 1)
+#define FLAG_d	(1 << 2)
+#define FLAG_a	(1 << 3)
+
+#define MAX_SALT_LEN  20 //3 for id, 16 for key, 1 for '\0'
+#define URANDOM_PATH    "/dev/urandom"
+
+#ifndef _GNU_SOURCE
+char *strcasestr(const char *haystack, const char *needle);
+#endif
+
+unsigned int random_number_generator(int fd)
+{
+    unsigned int randnum;
+    xreadall(fd, &randnum, sizeof(randnum));
+	return randnum;
+}
+
+
+
+char inttoc(int i)
+{
+	// salt value uses 64 chracters in "./0-9a-zA-Z"
+	const char character_set[]="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+    i &= 0x3f; // masking for using 10 bits only
+	return character_set[i];
+}
+
+int get_salt(char *salt)
+{                     
+	int i, salt_length = 0;
+    int randfd;
+	if(!strncmp(TT.algo,"des",3)){
+		// 2 bytes salt value is used in des
+		salt_length = 2;
+	} else {
+		*salt++ = '$';
+		if(!strncmp(TT.algo,"md5",3)){
+			*salt++ = '1';
+			// 8 bytes salt value is used in md5
+			salt_length = 8;
+		} else if(!strncmp(TT.algo,"sha256",6)){
+			*salt++ = '5';
+			// 16 bytes salt value is used in sha256
+			salt_length = 16;
+		} else if(!strncmp(TT.algo,"sha512",6)){
+			*salt++ = '6';
+			// 16 bytes salt value is used in sha512
+			salt_length = 16;
+		} else return 1;
+
+		*salt++ = '$';
+	}
+
+    randfd = xopen(URANDOM_PATH, O_RDONLY);
+	for(i=0; i<salt_length; i++)
+		salt[i] = inttoc(random_number_generator(randfd));
+	salt[salt_length+1] = '\0';
+    xclose(randfd);
+
+	return 0;
+}
+
+static int str_check(char *s, char *p)
+{
+    if((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL))
+        return 1;
+    return 0;
+}
+
+static void strength_check(char *newp, char *oldp, char *user)
+{
+    char *msg = NULL;
+    if(strlen(newp) < 6) { //Min passwd len
+        msg = "too short";
+        xprintf("BAD PASSWORD: %s\n",msg);
+    }
+    if(!newp[0])
+        return; //passwd is empty
+
+    if(str_check(newp, user)) {
+        msg = "user based password";
+        xprintf("BAD PASSWORD: %s\n",msg);
+    }
+
+    if(oldp[0] && str_check(newp, oldp)) {
+        msg = "based on old passwd";
+        xprintf("BAD PASSWORD: %s\n",msg);
+    }
+}
+
+static int verify_passwd(char * pwd)
+{    
+    char * pass;
+
+    if (!pwd) return 1;
+    if (pwd[0] == '!' || pwd[0] == '*') return 1;
+
+    pass = crypt(toybuf, pwd);
+    if (pass != NULL && strcmp(pass, pwd)==0)
+        return 0;
+
+    return 1;
+}
+
+static char *new_password(char *oldp, char *user)
+{
+    char *newp = NULL;
+
+    if(read_passwd(toybuf, sizeof(toybuf), "New password:"))
+        return NULL; //may be due to Ctrl-C
+
+    newp = xstrdup(toybuf);
+    strength_check(newp, oldp, user);
+    if(read_passwd(toybuf, sizeof(toybuf), "Retype password:")) {
+        free(newp);
+        return NULL; //may be due to Ctrl-C
+    }
+
+    if(strcmp(newp, toybuf) == 0)
+        return newp;
+    else error_msg("Passwords do not match.\n");
+    /*Failure Case */
+    free(newp);
+    return NULL;
+}
+
+
+void passwd_main(void)
+{
+    uid_t myuid;
+    struct passwd *pw;
+    struct spwd *sp;
+    char *name = NULL;
+    char *pass = NULL, *encrypted = NULL, *newp = NULL;
+    char *orig = (char *)"";
+    char salt[MAX_SALT_LEN];
+    int ret = -1;
+
+    myuid = getuid();
+    if((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d)))
+        error_exit("You need to be root to do these actions\n");
+
+    pw = getpwuid(myuid);
+
+    if(!pw)
+        error_exit("Unknown uid '%u'",myuid);
+
+    if(toys.optargs[0])
+        name = toys.optargs[0];
+    else
+        name = xstrdup(pw->pw_name);
+
+    pw = getpwnam(name);
+    if(!pw) error_exit("Unknown user '%s'",name);
+
+    if(myuid != 0 && (myuid != pw->pw_uid))
+        error_exit("You need to be root to change '%s' password\n", name);
+
+    pass = pw->pw_passwd;
+    if(pw->pw_passwd[0] == 'x') {
+        /*get shadow passwd */
+        sp = getspnam(name);
+        if(sp)
+            pass = sp->sp_pwdp;
+    }
+
+
+    if(!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) {
+        printf("Changing password for %s\n",name);
+        if(pass[0] == '!') 
+            error_exit("Can't change, password is locked for %s",name);
+        if(myuid != 0) {
+            /*Validate user */
+
+            if(read_passwd(toybuf, sizeof(toybuf), "Origial password:")) {
+                if(!toys.optargs[0]) free(name);
+                return;
+            }
+            orig = toybuf;
+            if(verify_passwd(pass))
+                error_exit("Authentication failed\n");
+        }
+
+        orig = xstrdup(orig);
+
+        /*Get new password */
+        newp = new_password(orig, name);
+        if(!newp) {
+            free(orig);
+            if(!toys.optargs[0]) free(name);
+            return; //new password is not set well.
+        }
+
+        /*Encrypt the passwd */
+        if(!(toys.optflags & FLAG_a)) TT.algo = "des";
+
+		if(get_salt(salt))
+			error_exit("Error: Unkown encryption algorithm\n");
+		
+        encrypted = crypt(newp, salt);
+        free(newp);
+        free(orig);
+    }
+    else if(toys.optflags & FLAG_l) {
+        if(pass[0] == '!')
+            error_exit("password is already locked for %s",name);
+        printf("Locking password for %s\n",name);
+        encrypted = xmsprintf("!%s",pass);
+    }
+    else if(toys.optflags & FLAG_u) {
+        if(pass[0] != '!')         
+            error_exit("password is already unlocked for %s",name);
+
+        printf("Unlocking password for %s\n",name);
+        encrypted = xstrdup(&pass[1]);
+    }
+    else if(toys.optflags & FLAG_d) {
+        printf("Deleting password for %s\n",name);
+        encrypted = (char*)xzalloc(sizeof(char)*2); //1 = "", 2 = '\0'
+    }
+
+    /*Update the passwd */
+    if(pw->pw_passwd[0] == 'x')
+        ret = update_passwd("/etc/shadow", name, encrypted);
+    else
+        ret = update_passwd("/etc/passwd", name, encrypted);
+
+    if((toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) 
+        free(encrypted);
+
+    if(!toys.optargs[0]) free(name);
+    if(!ret)
+        error_msg("Success");
+    else
+        error_msg("Failure");
+}