diff options
Diffstat (limited to 'toys/lsb')
-rw-r--r-- | toys/lsb/passwd.c | 113 |
1 files changed, 25 insertions, 88 deletions
diff --git a/toys/lsb/passwd.c b/toys/lsb/passwd.c index 167d5730..1784c049 100644 --- a/toys/lsb/passwd.c +++ b/toys/lsb/passwd.c @@ -11,9 +11,9 @@ config PASSWD bool "passwd" default y help - usage: passwd [-a ALGO] [-d] [-l] [-u] <account name> + usage: passwd [-a ALGO] [-dlu] <account name> - update user’s authentication tokens. Default : current user + update user's authentication tokens. Default : current user -a ALGO Encryption method (des, md5, sha256, sha512) default: des -d Set password to '' @@ -23,81 +23,25 @@ config PASSWD #define FOR_passwd #include "toys.h" -#include <time.h> GLOBALS( char *algo; ) -#define MAX_SALT_LEN 20 //3 for id, 16 for key, 1 for '\0' -#define URANDOM_PATH "/dev/urandom" - #ifndef _GNU_SOURCE char *strcasestr(const char *haystack, const char *needle); #endif -unsigned int random_number_generator(int fd) -{ - unsigned int randnum; - - xreadall(fd, &randnum, sizeof(randnum)); - return randnum; -} - -char inttoc(int i) -{ - // salt value uses 64 chracters in "./0-9a-zA-Z" - const char character_set[]="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - - i &= 0x3f; // masking for using 10 bits only - return character_set[i]; -} - -int get_salt(char *salt) -{ - int i, salt_length = 0; - int randfd; - - if (!strncmp(TT.algo,"des",3)) { - // 2 bytes salt value is used in des - salt_length = 2; - } else { - *salt++ = '$'; - if (!strncmp(TT.algo,"md5",3)) { - *salt++ = '1'; - // 8 bytes salt value is used in md5 - salt_length = 8; - } else if (!strncmp(TT.algo,"sha256",6)) { - *salt++ = '5'; - // 16 bytes salt value is used in sha256 - salt_length = 16; - } else if (!strncmp(TT.algo,"sha512",6)) { - *salt++ = '6'; - // 16 bytes salt value is used in sha512 - salt_length = 16; - } else return 1; - - *salt++ = '$'; - } - - randfd = xopen(URANDOM_PATH, O_RDONLY); - for (i=0; i<salt_length; i++) - salt[i] = inttoc(random_number_generator(randfd)); - salt[salt_length+1] = '\0'; - xclose(randfd); - - return 0; -} - static int str_check(char *s, char *p) { - if ((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL)) return 1; + if (strcasestr(s, p) || strcasestr(p, s)) return 1; return 0; } static void strength_check(char *newp, char *oldp, char *user) { char *msg = NULL; + if (strlen(newp) < 6) { //Min passwd len msg = "too short"; xprintf("BAD PASSWORD: %s\n",msg); @@ -123,7 +67,7 @@ static int verify_passwd(char * pwd) if (pwd[0] == '!' || pwd[0] == '*') return 1; pass = crypt(toybuf, pwd); - if (pass != NULL && strcmp(pass, pwd)==0) return 0; + if (pass && !strcmp(pass, pwd)) return 0; return 1; } @@ -142,32 +86,27 @@ static char *new_password(char *oldp, char *user) return NULL; //may be due to Ctrl-C } - if (strcmp(newp, toybuf) == 0) return newp; + if (!strcmp(newp, toybuf)) return newp; else error_msg("Passwords do not match.\n"); - /*Failure Case */ + // Failure Case free(newp); - return NULL; } - void passwd_main(void) { uid_t myuid; struct passwd *pw; struct spwd *sp; - char *name = NULL; - char *pass = NULL, *encrypted = NULL, *newp = NULL; - char *orig = (char *)""; - char salt[MAX_SALT_LEN]; + char *name = NULL, *pass = NULL, *encrypted = NULL, *newp = NULL, + *orig = (char *)"", salt[MAX_SALT_LEN]; int ret = -1; myuid = getuid(); - if ((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) + if ((myuid) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) error_exit("You need to be root to do these actions\n"); pw = getpwuid(myuid); - if (!pw) error_exit("Unknown uid '%u'",myuid); if (toys.optargs[0]) name = toys.optargs[0]; @@ -176,23 +115,28 @@ void passwd_main(void) pw = getpwnam(name); if (!pw) error_exit("Unknown user '%s'",name); - if (myuid != 0 && (myuid != pw->pw_uid)) + if (myuid && (myuid != pw->pw_uid)) error_exit("You need to be root to change '%s' password\n", name); pass = pw->pw_passwd; if (pw->pw_passwd[0] == 'x') { - /*get shadow passwd */ + //get shadow passwd sp = getspnam(name); if (sp) pass = sp->sp_pwdp; } if (!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) { + + if (!(toys.optflags & FLAG_a)) TT.algo = "des"; + if (get_salt(salt, TT.algo) == -1) + error_exit("Error: Unkown encryption algorithm\n"); + printf("Changing password for %s\n",name); - if (pass[0] == '!') + if (myuid && pass[0] == '!') error_exit("Can't change, password is locked for %s",name); - if (myuid != 0) { - /*Validate user */ + if (myuid) { + //Validate user if (read_password(toybuf, sizeof(toybuf), "Origial password:")) { if (!toys.optargs[0]) free(name); @@ -204,7 +148,7 @@ void passwd_main(void) orig = xstrdup(orig); - /*Get new password */ + // Get new password newp = new_password(orig, name); if (!newp) { free(orig); @@ -212,31 +156,24 @@ void passwd_main(void) return; //new password is not set well. } - /*Encrypt the passwd */ - if (!(toys.optflags & FLAG_a)) TT.algo = "des"; - - if (get_salt(salt)) error_exit("Error: Unkown encryption algorithm\n"); - encrypted = crypt(newp, salt); free(newp); free(orig); } else if (toys.optflags & FLAG_l) { - if (pass[0] == '!') - error_exit("password is already locked for %s",name); + if (pass[0] == '!') error_exit("password is already locked for %s",name); printf("Locking password for %s\n",name); encrypted = xmsprintf("!%s",pass); } else if (toys.optflags & FLAG_u) { - if (pass[0] != '!') - error_exit("password is already unlocked for %s",name); + if (pass[0] != '!') error_exit("password is already unlocked for %s",name); printf("Unlocking password for %s\n",name); encrypted = xstrdup(&pass[1]); } else if (toys.optflags & FLAG_d) { printf("Deleting password for %s\n",name); - encrypted = (char*)xzalloc(sizeof(char)*2); //1 = "", 2 = '\0' + encrypted = xstrdup(""); //1 = "", 2 = '\0' } - /*Update the passwd */ + // Update the passwd if (pw->pw_passwd[0] == 'x') ret = update_password("/etc/shadow", name, encrypted); else ret = update_password("/etc/passwd", name, encrypted); |