aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--toys/lsb/passwd.c107
1 files changed, 47 insertions, 60 deletions
diff --git a/toys/lsb/passwd.c b/toys/lsb/passwd.c
index ff109f14..167d5730 100644
--- a/toys/lsb/passwd.c
+++ b/toys/lsb/passwd.c
@@ -39,6 +39,7 @@ char *strcasestr(const char *haystack, const char *needle);
unsigned int random_number_generator(int fd)
{
unsigned int randnum;
+
xreadall(fd, &randnum, sizeof(randnum));
return randnum;
}
@@ -47,6 +48,7 @@ char inttoc(int i)
{
// salt value uses 64 chracters in "./0-9a-zA-Z"
const char character_set[]="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
i &= 0x3f; // masking for using 10 bits only
return character_set[i];
}
@@ -55,20 +57,21 @@ int get_salt(char *salt)
{
int i, salt_length = 0;
int randfd;
- if(!strncmp(TT.algo,"des",3)){
+
+ if (!strncmp(TT.algo,"des",3)) {
// 2 bytes salt value is used in des
salt_length = 2;
} else {
*salt++ = '$';
- if(!strncmp(TT.algo,"md5",3)){
+ if (!strncmp(TT.algo,"md5",3)) {
*salt++ = '1';
// 8 bytes salt value is used in md5
salt_length = 8;
- } else if(!strncmp(TT.algo,"sha256",6)){
+ } else if (!strncmp(TT.algo,"sha256",6)) {
*salt++ = '5';
// 16 bytes salt value is used in sha256
salt_length = 16;
- } else if(!strncmp(TT.algo,"sha512",6)){
+ } else if (!strncmp(TT.algo,"sha512",6)) {
*salt++ = '6';
// 16 bytes salt value is used in sha512
salt_length = 16;
@@ -78,7 +81,7 @@ int get_salt(char *salt)
}
randfd = xopen(URANDOM_PATH, O_RDONLY);
- for(i=0; i<salt_length; i++)
+ for (i=0; i<salt_length; i++)
salt[i] = inttoc(random_number_generator(randfd));
salt[salt_length+1] = '\0';
xclose(randfd);
@@ -88,27 +91,25 @@ int get_salt(char *salt)
static int str_check(char *s, char *p)
{
- if((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL))
- return 1;
+ if ((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL)) return 1;
return 0;
}
static void strength_check(char *newp, char *oldp, char *user)
{
char *msg = NULL;
- if(strlen(newp) < 6) { //Min passwd len
+ if (strlen(newp) < 6) { //Min passwd len
msg = "too short";
xprintf("BAD PASSWORD: %s\n",msg);
}
- if(!newp[0])
- return; //passwd is empty
+ if (!newp[0]) return; //passwd is empty
- if(str_check(newp, user)) {
+ if (str_check(newp, user)) {
msg = "user based password";
xprintf("BAD PASSWORD: %s\n",msg);
}
- if(oldp[0] && str_check(newp, oldp)) {
+ if (oldp[0] && str_check(newp, oldp)) {
msg = "based on old passwd";
xprintf("BAD PASSWORD: %s\n",msg);
}
@@ -122,8 +123,7 @@ static int verify_passwd(char * pwd)
if (pwd[0] == '!' || pwd[0] == '*') return 1;
pass = crypt(toybuf, pwd);
- if (pass != NULL && strcmp(pass, pwd)==0)
- return 0;
+ if (pass != NULL && strcmp(pass, pwd)==0) return 0;
return 1;
}
@@ -132,21 +132,21 @@ static char *new_password(char *oldp, char *user)
{
char *newp = NULL;
- if(read_password(toybuf, sizeof(toybuf), "New password:"))
+ if (read_password(toybuf, sizeof(toybuf), "New password:"))
return NULL; //may be due to Ctrl-C
newp = xstrdup(toybuf);
strength_check(newp, oldp, user);
- if(read_password(toybuf, sizeof(toybuf), "Retype password:")) {
+ if (read_password(toybuf, sizeof(toybuf), "Retype password:")) {
free(newp);
return NULL; //may be due to Ctrl-C
}
- if(strcmp(newp, toybuf) == 0)
- return newp;
+ if (strcmp(newp, toybuf) == 0) return newp;
else error_msg("Passwords do not match.\n");
/*Failure Case */
free(newp);
+
return NULL;
}
@@ -163,100 +163,87 @@ void passwd_main(void)
int ret = -1;
myuid = getuid();
- if((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d)))
+ if ((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d)))
error_exit("You need to be root to do these actions\n");
pw = getpwuid(myuid);
- if(!pw)
- error_exit("Unknown uid '%u'",myuid);
+ if (!pw) error_exit("Unknown uid '%u'",myuid);
- if(toys.optargs[0])
- name = toys.optargs[0];
- else
- name = xstrdup(pw->pw_name);
+ if (toys.optargs[0]) name = toys.optargs[0];
+ else name = xstrdup(pw->pw_name);
pw = getpwnam(name);
- if(!pw) error_exit("Unknown user '%s'",name);
+ if (!pw) error_exit("Unknown user '%s'",name);
- if(myuid != 0 && (myuid != pw->pw_uid))
+ if (myuid != 0 && (myuid != pw->pw_uid))
error_exit("You need to be root to change '%s' password\n", name);
pass = pw->pw_passwd;
- if(pw->pw_passwd[0] == 'x') {
+ if (pw->pw_passwd[0] == 'x') {
/*get shadow passwd */
sp = getspnam(name);
- if(sp)
- pass = sp->sp_pwdp;
+ if (sp) pass = sp->sp_pwdp;
}
- if(!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) {
+ if (!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) {
printf("Changing password for %s\n",name);
- if(pass[0] == '!')
+ if (pass[0] == '!')
error_exit("Can't change, password is locked for %s",name);
- if(myuid != 0) {
+ if (myuid != 0) {
/*Validate user */
- if(read_password(toybuf, sizeof(toybuf), "Origial password:")) {
- if(!toys.optargs[0]) free(name);
+ if (read_password(toybuf, sizeof(toybuf), "Origial password:")) {
+ if (!toys.optargs[0]) free(name);
return;
}
orig = toybuf;
- if(verify_passwd(pass))
- error_exit("Authentication failed\n");
+ if (verify_passwd(pass)) error_exit("Authentication failed\n");
}
orig = xstrdup(orig);
/*Get new password */
newp = new_password(orig, name);
- if(!newp) {
+ if (!newp) {
free(orig);
- if(!toys.optargs[0]) free(name);
+ if (!toys.optargs[0]) free(name);
return; //new password is not set well.
}
/*Encrypt the passwd */
- if(!(toys.optflags & FLAG_a)) TT.algo = "des";
+ if (!(toys.optflags & FLAG_a)) TT.algo = "des";
- if(get_salt(salt))
- error_exit("Error: Unkown encryption algorithm\n");
+ if (get_salt(salt)) error_exit("Error: Unkown encryption algorithm\n");
encrypted = crypt(newp, salt);
free(newp);
free(orig);
- }
- else if(toys.optflags & FLAG_l) {
- if(pass[0] == '!')
+ } else if (toys.optflags & FLAG_l) {
+ if (pass[0] == '!')
error_exit("password is already locked for %s",name);
printf("Locking password for %s\n",name);
encrypted = xmsprintf("!%s",pass);
- }
- else if(toys.optflags & FLAG_u) {
- if(pass[0] != '!')
+ } else if (toys.optflags & FLAG_u) {
+ if (pass[0] != '!')
error_exit("password is already unlocked for %s",name);
printf("Unlocking password for %s\n",name);
encrypted = xstrdup(&pass[1]);
- }
- else if(toys.optflags & FLAG_d) {
+ } else if (toys.optflags & FLAG_d) {
printf("Deleting password for %s\n",name);
encrypted = (char*)xzalloc(sizeof(char)*2); //1 = "", 2 = '\0'
}
/*Update the passwd */
- if(pw->pw_passwd[0] == 'x')
+ if (pw->pw_passwd[0] == 'x')
ret = update_password("/etc/shadow", name, encrypted);
- else
- ret = update_password("/etc/passwd", name, encrypted);
+ else ret = update_password("/etc/passwd", name, encrypted);
- if((toys.optflags & (FLAG_l | FLAG_u | FLAG_d)))
- free(encrypted);
+ if ((toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) free(encrypted);
- if(!toys.optargs[0]) free(name);
- if(!ret)
- error_msg("Success");
- else
- error_msg("Failure");
+ if (!toys.optargs[0]) free(name);
+ if (!ret) error_msg("Success");
+ else error_msg("Failure");
}