| 1 | /* vi: set sw=4 ts=4: */
|
|---|
| 2 | /*
|
|---|
| 3 | * chpasswd.c
|
|---|
| 4 | *
|
|---|
| 5 | * Written for SLIND (from passwd.c) by Alexander Shishkin <virtuoso@slind.org>
|
|---|
| 6 | * Licensed under GPLv2 or later, see file LICENSE in this source tree.
|
|---|
| 7 | */
|
|---|
| 8 | #include "libbb.h"
|
|---|
| 9 |
|
|---|
| 10 | //usage:#define chpasswd_trivial_usage
|
|---|
| 11 | //usage: IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]")
|
|---|
| 12 | //usage:#define chpasswd_full_usage "\n\n"
|
|---|
| 13 | //usage: "Read user:password from stdin and update /etc/passwd\n"
|
|---|
| 14 | //usage: IF_LONG_OPTS(
|
|---|
| 15 | //usage: "\n -e,--encrypted Supplied passwords are in encrypted form"
|
|---|
| 16 | //usage: "\n -m,--md5 Use MD5 encryption instead of DES"
|
|---|
| 17 | //usage: )
|
|---|
| 18 | //usage: IF_NOT_LONG_OPTS(
|
|---|
| 19 | //usage: "\n -e Supplied passwords are in encrypted form"
|
|---|
| 20 | //usage: "\n -m Use MD5 encryption instead of DES"
|
|---|
| 21 | //usage: )
|
|---|
| 22 |
|
|---|
| 23 | //TODO: implement -c ALGO
|
|---|
| 24 |
|
|---|
| 25 | #if ENABLE_LONG_OPTS
|
|---|
| 26 | static const char chpasswd_longopts[] ALIGN1 =
|
|---|
| 27 | "encrypted\0" No_argument "e"
|
|---|
| 28 | "md5\0" No_argument "m"
|
|---|
| 29 | ;
|
|---|
| 30 | #endif
|
|---|
| 31 |
|
|---|
| 32 | #define OPT_ENC 1
|
|---|
| 33 | #define OPT_MD5 2
|
|---|
| 34 |
|
|---|
| 35 | int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
|---|
| 36 | int chpasswd_main(int argc UNUSED_PARAM, char **argv)
|
|---|
| 37 | {
|
|---|
| 38 | char *name;
|
|---|
| 39 | int opt;
|
|---|
| 40 |
|
|---|
| 41 | if (getuid() != 0)
|
|---|
| 42 | bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
|
|---|
| 43 |
|
|---|
| 44 | opt_complementary = "m--e:e--m";
|
|---|
| 45 | IF_LONG_OPTS(applet_long_options = chpasswd_longopts;)
|
|---|
| 46 | opt = getopt32(argv, "em");
|
|---|
| 47 |
|
|---|
| 48 | while ((name = xmalloc_fgetline(stdin)) != NULL) {
|
|---|
| 49 | char *free_me;
|
|---|
| 50 | char *pass;
|
|---|
| 51 | int rc;
|
|---|
| 52 |
|
|---|
| 53 | pass = strchr(name, ':');
|
|---|
| 54 | if (!pass)
|
|---|
| 55 | bb_error_msg_and_die("missing new password");
|
|---|
| 56 | *pass++ = '\0';
|
|---|
| 57 |
|
|---|
| 58 | xuname2uid(name); /* dies if there is no such user */
|
|---|
| 59 |
|
|---|
| 60 | free_me = NULL;
|
|---|
| 61 | if (!(opt & OPT_ENC)) {
|
|---|
| 62 | char salt[sizeof("$N$XXXXXXXX")];
|
|---|
| 63 |
|
|---|
| 64 | crypt_make_salt(salt, 1);
|
|---|
| 65 | if (opt & OPT_MD5) {
|
|---|
| 66 | salt[0] = '$';
|
|---|
| 67 | salt[1] = '1';
|
|---|
| 68 | salt[2] = '$';
|
|---|
| 69 | crypt_make_salt(salt + 3, 4);
|
|---|
| 70 | }
|
|---|
| 71 | free_me = pass = pw_encrypt(pass, salt, 0);
|
|---|
| 72 | }
|
|---|
| 73 |
|
|---|
| 74 | /* This is rather complex: if user is not found in /etc/shadow,
|
|---|
| 75 | * we try to find & change his passwd in /etc/passwd */
|
|---|
| 76 | #if ENABLE_FEATURE_SHADOWPASSWDS
|
|---|
| 77 | rc = update_passwd(bb_path_shadow_file, name, pass, NULL);
|
|---|
| 78 | if (rc > 0) /* password in /etc/shadow was updated */
|
|---|
| 79 | pass = (char*)"x";
|
|---|
| 80 | if (rc >= 0)
|
|---|
| 81 | /* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */
|
|---|
| 82 | #endif
|
|---|
| 83 | rc = update_passwd(bb_path_passwd_file, name, pass, NULL);
|
|---|
| 84 | /* LOGMODE_BOTH logs to syslog also */
|
|---|
| 85 | logmode = LOGMODE_BOTH;
|
|---|
| 86 | if (rc < 0)
|
|---|
| 87 | bb_error_msg_and_die("an error occurred updating password for %s", name);
|
|---|
| 88 | if (rc)
|
|---|
| 89 | bb_info_msg("Password for '%s' changed", name);
|
|---|
| 90 | logmode = LOGMODE_STDIO;
|
|---|
| 91 | free(name);
|
|---|
| 92 | free(free_me);
|
|---|
| 93 | }
|
|---|
| 94 | return EXIT_SUCCESS;
|
|---|
| 95 | }
|
|---|
