diff options
Diffstat (limited to 'toys/lsb')
-rw-r--r-- | toys/lsb/passwd.c | 107 |
1 files changed, 47 insertions, 60 deletions
diff --git a/toys/lsb/passwd.c b/toys/lsb/passwd.c index ff109f14..167d5730 100644 --- a/toys/lsb/passwd.c +++ b/toys/lsb/passwd.c @@ -39,6 +39,7 @@ char *strcasestr(const char *haystack, const char *needle); unsigned int random_number_generator(int fd) { unsigned int randnum; + xreadall(fd, &randnum, sizeof(randnum)); return randnum; } @@ -47,6 +48,7 @@ char inttoc(int i) { // salt value uses 64 chracters in "./0-9a-zA-Z" const char character_set[]="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + i &= 0x3f; // masking for using 10 bits only return character_set[i]; } @@ -55,20 +57,21 @@ int get_salt(char *salt) { int i, salt_length = 0; int randfd; - if(!strncmp(TT.algo,"des",3)){ + + if (!strncmp(TT.algo,"des",3)) { // 2 bytes salt value is used in des salt_length = 2; } else { *salt++ = '$'; - if(!strncmp(TT.algo,"md5",3)){ + if (!strncmp(TT.algo,"md5",3)) { *salt++ = '1'; // 8 bytes salt value is used in md5 salt_length = 8; - } else if(!strncmp(TT.algo,"sha256",6)){ + } else if (!strncmp(TT.algo,"sha256",6)) { *salt++ = '5'; // 16 bytes salt value is used in sha256 salt_length = 16; - } else if(!strncmp(TT.algo,"sha512",6)){ + } else if (!strncmp(TT.algo,"sha512",6)) { *salt++ = '6'; // 16 bytes salt value is used in sha512 salt_length = 16; @@ -78,7 +81,7 @@ int get_salt(char *salt) } randfd = xopen(URANDOM_PATH, O_RDONLY); - for(i=0; i<salt_length; i++) + for (i=0; i<salt_length; i++) salt[i] = inttoc(random_number_generator(randfd)); salt[salt_length+1] = '\0'; xclose(randfd); @@ -88,27 +91,25 @@ int get_salt(char *salt) static int str_check(char *s, char *p) { - if((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL)) - return 1; + if ((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL)) return 1; return 0; } static void strength_check(char *newp, char *oldp, char *user) { char *msg = NULL; - if(strlen(newp) < 6) { //Min passwd len + if (strlen(newp) < 6) { //Min passwd len msg = "too short"; xprintf("BAD PASSWORD: %s\n",msg); } - if(!newp[0]) - return; //passwd is empty + if (!newp[0]) return; //passwd is empty - if(str_check(newp, user)) { + if (str_check(newp, user)) { msg = "user based password"; xprintf("BAD PASSWORD: %s\n",msg); } - if(oldp[0] && str_check(newp, oldp)) { + if (oldp[0] && str_check(newp, oldp)) { msg = "based on old passwd"; xprintf("BAD PASSWORD: %s\n",msg); } @@ -122,8 +123,7 @@ static int verify_passwd(char * pwd) if (pwd[0] == '!' || pwd[0] == '*') return 1; pass = crypt(toybuf, pwd); - if (pass != NULL && strcmp(pass, pwd)==0) - return 0; + if (pass != NULL && strcmp(pass, pwd)==0) return 0; return 1; } @@ -132,21 +132,21 @@ static char *new_password(char *oldp, char *user) { char *newp = NULL; - if(read_password(toybuf, sizeof(toybuf), "New password:")) + if (read_password(toybuf, sizeof(toybuf), "New password:")) return NULL; //may be due to Ctrl-C newp = xstrdup(toybuf); strength_check(newp, oldp, user); - if(read_password(toybuf, sizeof(toybuf), "Retype password:")) { + if (read_password(toybuf, sizeof(toybuf), "Retype password:")) { free(newp); return NULL; //may be due to Ctrl-C } - if(strcmp(newp, toybuf) == 0) - return newp; + if (strcmp(newp, toybuf) == 0) return newp; else error_msg("Passwords do not match.\n"); /*Failure Case */ free(newp); + return NULL; } @@ -163,100 +163,87 @@ void passwd_main(void) int ret = -1; myuid = getuid(); - if((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) + if ((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) error_exit("You need to be root to do these actions\n"); pw = getpwuid(myuid); - if(!pw) - error_exit("Unknown uid '%u'",myuid); + if (!pw) error_exit("Unknown uid '%u'",myuid); - if(toys.optargs[0]) - name = toys.optargs[0]; - else - name = xstrdup(pw->pw_name); + if (toys.optargs[0]) name = toys.optargs[0]; + else name = xstrdup(pw->pw_name); pw = getpwnam(name); - if(!pw) error_exit("Unknown user '%s'",name); + if (!pw) error_exit("Unknown user '%s'",name); - if(myuid != 0 && (myuid != pw->pw_uid)) + if (myuid != 0 && (myuid != pw->pw_uid)) error_exit("You need to be root to change '%s' password\n", name); pass = pw->pw_passwd; - if(pw->pw_passwd[0] == 'x') { + if (pw->pw_passwd[0] == 'x') { /*get shadow passwd */ sp = getspnam(name); - if(sp) - pass = sp->sp_pwdp; + if (sp) pass = sp->sp_pwdp; } - if(!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) { + if (!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) { printf("Changing password for %s\n",name); - if(pass[0] == '!') + if (pass[0] == '!') error_exit("Can't change, password is locked for %s",name); - if(myuid != 0) { + if (myuid != 0) { /*Validate user */ - if(read_password(toybuf, sizeof(toybuf), "Origial password:")) { - if(!toys.optargs[0]) free(name); + if (read_password(toybuf, sizeof(toybuf), "Origial password:")) { + if (!toys.optargs[0]) free(name); return; } orig = toybuf; - if(verify_passwd(pass)) - error_exit("Authentication failed\n"); + if (verify_passwd(pass)) error_exit("Authentication failed\n"); } orig = xstrdup(orig); /*Get new password */ newp = new_password(orig, name); - if(!newp) { + if (!newp) { free(orig); - if(!toys.optargs[0]) free(name); + if (!toys.optargs[0]) free(name); return; //new password is not set well. } /*Encrypt the passwd */ - if(!(toys.optflags & FLAG_a)) TT.algo = "des"; + if (!(toys.optflags & FLAG_a)) TT.algo = "des"; - if(get_salt(salt)) - error_exit("Error: Unkown encryption algorithm\n"); + if (get_salt(salt)) error_exit("Error: Unkown encryption algorithm\n"); encrypted = crypt(newp, salt); free(newp); free(orig); - } - else if(toys.optflags & FLAG_l) { - if(pass[0] == '!') + } else if (toys.optflags & FLAG_l) { + if (pass[0] == '!') error_exit("password is already locked for %s",name); printf("Locking password for %s\n",name); encrypted = xmsprintf("!%s",pass); - } - else if(toys.optflags & FLAG_u) { - if(pass[0] != '!') + } else if (toys.optflags & FLAG_u) { + if (pass[0] != '!') error_exit("password is already unlocked for %s",name); printf("Unlocking password for %s\n",name); encrypted = xstrdup(&pass[1]); - } - else if(toys.optflags & FLAG_d) { + } else if (toys.optflags & FLAG_d) { printf("Deleting password for %s\n",name); encrypted = (char*)xzalloc(sizeof(char)*2); //1 = "", 2 = '\0' } /*Update the passwd */ - if(pw->pw_passwd[0] == 'x') + if (pw->pw_passwd[0] == 'x') ret = update_password("/etc/shadow", name, encrypted); - else - ret = update_password("/etc/passwd", name, encrypted); + else ret = update_password("/etc/passwd", name, encrypted); - if((toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) - free(encrypted); + if ((toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) free(encrypted); - if(!toys.optargs[0]) free(name); - if(!ret) - error_msg("Success"); - else - error_msg("Failure"); + if (!toys.optargs[0]) free(name); + if (!ret) error_msg("Success"); + else error_msg("Failure"); } |