diff options
Diffstat (limited to 'toys/lsb/passwd.c')
| -rw-r--r-- | toys/lsb/passwd.c | 389 |
1 files changed, 192 insertions, 197 deletions
diff --git a/toys/lsb/passwd.c b/toys/lsb/passwd.c index ef119c5d..ff109f14 100644 --- a/toys/lsb/passwd.c +++ b/toys/lsb/passwd.c @@ -1,6 +1,4 @@ -/* vi: set sw=4 ts=4: - * - * passwd.c - Program to upadte user password. +/* passwd.c - Program to update user password. * * Copyright 2012 Ashwini Kumar <ak.ashwini@gmail.com> * Modified 2012 Jason Kyungwan Han <asura321@gmail.com> @@ -10,18 +8,17 @@ USE_PASSWD(NEWTOY(passwd, ">1a:dlu", TOYFLAG_STAYROOT|TOYFLAG_USR|TOYFLAG_BIN)) config PASSWD - bool "passwd" - default y - help - usage: passwd [-a ALGO] [-d] [-l] [-u] <account name> - - update user’s authentication tokens. Default : current user + bool "passwd" + default y + help + usage: passwd [-a ALGO] [-d] [-l] [-u] <account name> - -a ALGO Encryption method (des, md5, sha256, sha512) default: des - -d Set password to '' - -l Lock (disable) account - -u Unlock (enable) account + update user’s authentication tokens. Default : current user + -a ALGO Encryption method (des, md5, sha256, sha512) default: des + -d Set password to '' + -l Lock (disable) account + -u Unlock (enable) account */ #define FOR_passwd @@ -29,7 +26,7 @@ config PASSWD #include <time.h> GLOBALS( - char *algo; + char *algo; ) #define MAX_SALT_LEN 20 //3 for id, 16 for key, 1 for '\0' @@ -41,227 +38,225 @@ char *strcasestr(const char *haystack, const char *needle); unsigned int random_number_generator(int fd) { - unsigned int randnum; - xreadall(fd, &randnum, sizeof(randnum)); - return randnum; + unsigned int randnum; + xreadall(fd, &randnum, sizeof(randnum)); + return randnum; } - - char inttoc(int i) { - // salt value uses 64 chracters in "./0-9a-zA-Z" - const char character_set[]="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - i &= 0x3f; // masking for using 10 bits only - return character_set[i]; + // salt value uses 64 chracters in "./0-9a-zA-Z" + const char character_set[]="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + i &= 0x3f; // masking for using 10 bits only + return character_set[i]; } int get_salt(char *salt) -{ - int i, salt_length = 0; - int randfd; - if(!strncmp(TT.algo,"des",3)){ - // 2 bytes salt value is used in des - salt_length = 2; - } else { - *salt++ = '$'; - if(!strncmp(TT.algo,"md5",3)){ - *salt++ = '1'; - // 8 bytes salt value is used in md5 - salt_length = 8; - } else if(!strncmp(TT.algo,"sha256",6)){ - *salt++ = '5'; - // 16 bytes salt value is used in sha256 - salt_length = 16; - } else if(!strncmp(TT.algo,"sha512",6)){ - *salt++ = '6'; - // 16 bytes salt value is used in sha512 - salt_length = 16; - } else return 1; - - *salt++ = '$'; - } - - randfd = xopen(URANDOM_PATH, O_RDONLY); - for(i=0; i<salt_length; i++) - salt[i] = inttoc(random_number_generator(randfd)); - salt[salt_length+1] = '\0'; - xclose(randfd); - - return 0; +{ + int i, salt_length = 0; + int randfd; + if(!strncmp(TT.algo,"des",3)){ + // 2 bytes salt value is used in des + salt_length = 2; + } else { + *salt++ = '$'; + if(!strncmp(TT.algo,"md5",3)){ + *salt++ = '1'; + // 8 bytes salt value is used in md5 + salt_length = 8; + } else if(!strncmp(TT.algo,"sha256",6)){ + *salt++ = '5'; + // 16 bytes salt value is used in sha256 + salt_length = 16; + } else if(!strncmp(TT.algo,"sha512",6)){ + *salt++ = '6'; + // 16 bytes salt value is used in sha512 + salt_length = 16; + } else return 1; + + *salt++ = '$'; + } + + randfd = xopen(URANDOM_PATH, O_RDONLY); + for(i=0; i<salt_length; i++) + salt[i] = inttoc(random_number_generator(randfd)); + salt[salt_length+1] = '\0'; + xclose(randfd); + + return 0; } static int str_check(char *s, char *p) { - if((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL)) - return 1; - return 0; + if((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL)) + return 1; + return 0; } static void strength_check(char *newp, char *oldp, char *user) { - char *msg = NULL; - if(strlen(newp) < 6) { //Min passwd len - msg = "too short"; - xprintf("BAD PASSWORD: %s\n",msg); - } - if(!newp[0]) - return; //passwd is empty - - if(str_check(newp, user)) { - msg = "user based password"; - xprintf("BAD PASSWORD: %s\n",msg); - } - - if(oldp[0] && str_check(newp, oldp)) { - msg = "based on old passwd"; - xprintf("BAD PASSWORD: %s\n",msg); - } + char *msg = NULL; + if(strlen(newp) < 6) { //Min passwd len + msg = "too short"; + xprintf("BAD PASSWORD: %s\n",msg); + } + if(!newp[0]) + return; //passwd is empty + + if(str_check(newp, user)) { + msg = "user based password"; + xprintf("BAD PASSWORD: %s\n",msg); + } + + if(oldp[0] && str_check(newp, oldp)) { + msg = "based on old passwd"; + xprintf("BAD PASSWORD: %s\n",msg); + } } static int verify_passwd(char * pwd) -{ - char * pass; +{ + char * pass; - if (!pwd) return 1; - if (pwd[0] == '!' || pwd[0] == '*') return 1; + if (!pwd) return 1; + if (pwd[0] == '!' || pwd[0] == '*') return 1; - pass = crypt(toybuf, pwd); - if (pass != NULL && strcmp(pass, pwd)==0) - return 0; + pass = crypt(toybuf, pwd); + if (pass != NULL && strcmp(pass, pwd)==0) + return 0; - return 1; + return 1; } static char *new_password(char *oldp, char *user) { - char *newp = NULL; - - if(read_password(toybuf, sizeof(toybuf), "New password:")) - return NULL; //may be due to Ctrl-C + char *newp = NULL; - newp = xstrdup(toybuf); - strength_check(newp, oldp, user); - if(read_password(toybuf, sizeof(toybuf), "Retype password:")) { - free(newp); - return NULL; //may be due to Ctrl-C - } + if(read_password(toybuf, sizeof(toybuf), "New password:")) + return NULL; //may be due to Ctrl-C - if(strcmp(newp, toybuf) == 0) - return newp; - else error_msg("Passwords do not match.\n"); - /*Failure Case */ + newp = xstrdup(toybuf); + strength_check(newp, oldp, user); + if(read_password(toybuf, sizeof(toybuf), "Retype password:")) { free(newp); - return NULL; + return NULL; //may be due to Ctrl-C + } + + if(strcmp(newp, toybuf) == 0) + return newp; + else error_msg("Passwords do not match.\n"); + /*Failure Case */ + free(newp); + return NULL; } void passwd_main(void) { - uid_t myuid; - struct passwd *pw; - struct spwd *sp; - char *name = NULL; - char *pass = NULL, *encrypted = NULL, *newp = NULL; - char *orig = (char *)""; - char salt[MAX_SALT_LEN]; - int ret = -1; - - myuid = getuid(); - if((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) - error_exit("You need to be root to do these actions\n"); - - pw = getpwuid(myuid); - - if(!pw) - error_exit("Unknown uid '%u'",myuid); - - if(toys.optargs[0]) - name = toys.optargs[0]; - else - name = xstrdup(pw->pw_name); - - pw = getpwnam(name); - if(!pw) error_exit("Unknown user '%s'",name); - - if(myuid != 0 && (myuid != pw->pw_uid)) - error_exit("You need to be root to change '%s' password\n", name); - - pass = pw->pw_passwd; - if(pw->pw_passwd[0] == 'x') { - /*get shadow passwd */ - sp = getspnam(name); - if(sp) - pass = sp->sp_pwdp; + uid_t myuid; + struct passwd *pw; + struct spwd *sp; + char *name = NULL; + char *pass = NULL, *encrypted = NULL, *newp = NULL; + char *orig = (char *)""; + char salt[MAX_SALT_LEN]; + int ret = -1; + + myuid = getuid(); + if((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) + error_exit("You need to be root to do these actions\n"); + + pw = getpwuid(myuid); + + if(!pw) + error_exit("Unknown uid '%u'",myuid); + + if(toys.optargs[0]) + name = toys.optargs[0]; + else + name = xstrdup(pw->pw_name); + + pw = getpwnam(name); + if(!pw) error_exit("Unknown user '%s'",name); + + if(myuid != 0 && (myuid != pw->pw_uid)) + error_exit("You need to be root to change '%s' password\n", name); + + pass = pw->pw_passwd; + if(pw->pw_passwd[0] == 'x') { + /*get shadow passwd */ + sp = getspnam(name); + if(sp) + pass = sp->sp_pwdp; + } + + + if(!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) { + printf("Changing password for %s\n",name); + if(pass[0] == '!') + error_exit("Can't change, password is locked for %s",name); + if(myuid != 0) { + /*Validate user */ + + if(read_password(toybuf, sizeof(toybuf), "Origial password:")) { + if(!toys.optargs[0]) free(name); + return; + } + orig = toybuf; + if(verify_passwd(pass)) + error_exit("Authentication failed\n"); } + orig = xstrdup(orig); - if(!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) { - printf("Changing password for %s\n",name); - if(pass[0] == '!') - error_exit("Can't change, password is locked for %s",name); - if(myuid != 0) { - /*Validate user */ - - if(read_password(toybuf, sizeof(toybuf), "Origial password:")) { - if(!toys.optargs[0]) free(name); - return; - } - orig = toybuf; - if(verify_passwd(pass)) - error_exit("Authentication failed\n"); - } - - orig = xstrdup(orig); - - /*Get new password */ - newp = new_password(orig, name); - if(!newp) { - free(orig); - if(!toys.optargs[0]) free(name); - return; //new password is not set well. - } - - /*Encrypt the passwd */ - if(!(toys.optflags & FLAG_a)) TT.algo = "des"; - - if(get_salt(salt)) - error_exit("Error: Unkown encryption algorithm\n"); - - encrypted = crypt(newp, salt); - free(newp); - free(orig); + /*Get new password */ + newp = new_password(orig, name); + if(!newp) { + free(orig); + if(!toys.optargs[0]) free(name); + return; //new password is not set well. } - else if(toys.optflags & FLAG_l) { - if(pass[0] == '!') - error_exit("password is already locked for %s",name); - printf("Locking password for %s\n",name); - encrypted = xmsprintf("!%s",pass); - } - else if(toys.optflags & FLAG_u) { - if(pass[0] != '!') - error_exit("password is already unlocked for %s",name); - printf("Unlocking password for %s\n",name); - encrypted = xstrdup(&pass[1]); - } - else if(toys.optflags & FLAG_d) { - printf("Deleting password for %s\n",name); - encrypted = (char*)xzalloc(sizeof(char)*2); //1 = "", 2 = '\0' - } + /*Encrypt the passwd */ + if(!(toys.optflags & FLAG_a)) TT.algo = "des"; - /*Update the passwd */ - if(pw->pw_passwd[0] == 'x') - ret = update_password("/etc/shadow", name, encrypted); - else - ret = update_password("/etc/passwd", name, encrypted); + if(get_salt(salt)) + error_exit("Error: Unkown encryption algorithm\n"); - if((toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) - free(encrypted); - - if(!toys.optargs[0]) free(name); - if(!ret) - error_msg("Success"); - else - error_msg("Failure"); + encrypted = crypt(newp, salt); + free(newp); + free(orig); + } + else if(toys.optflags & FLAG_l) { + if(pass[0] == '!') + error_exit("password is already locked for %s",name); + printf("Locking password for %s\n",name); + encrypted = xmsprintf("!%s",pass); + } + else if(toys.optflags & FLAG_u) { + if(pass[0] != '!') + error_exit("password is already unlocked for %s",name); + + printf("Unlocking password for %s\n",name); + encrypted = xstrdup(&pass[1]); + } + else if(toys.optflags & FLAG_d) { + printf("Deleting password for %s\n",name); + encrypted = (char*)xzalloc(sizeof(char)*2); //1 = "", 2 = '\0' + } + + /*Update the passwd */ + if(pw->pw_passwd[0] == 'x') + ret = update_password("/etc/shadow", name, encrypted); + else + ret = update_password("/etc/passwd", name, encrypted); + + if((toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) + free(encrypted); + + if(!toys.optargs[0]) free(name); + if(!ret) + error_msg("Success"); + else + error_msg("Failure"); } |