source: MondoRescue/branches/stable/mindi-busybox/loginutils/passwd.c

Last change on this file was 1770, checked in by Bruno Cornec, 16 years ago
  • Better output for mindi-busybox revision
  • Remove dummy file created on NFS - report from Arnaud Tiger <arnaud.tiger_at_hp.com>
  • strace useful for debug
  • fix new versions for pb (2.0.0 for mindi and 1.7.2 for mindi-busybox)
  • fix build process for mindi-busybox + options used in that version (dd for label-partitions-as-necessary)
  • fix typo in label-partitions-as-necessary which doesn't seem to work
  • Update to busybox 1.7.2
  • perl is now required at restore time to support uuid swap partitions (and will be used for many other thigs

in the future for sure)

  • next mindi version will be 2.0.0 due to all the changes made in it (udev may break working distros)
  • small optimization in mindi on keyboard handling (one single find instead of multiple)
  • better interaction for USB device when launching mindi manually
  • attempt to automatically guess block disk size for ramdisk
  • fix typos in bkphw
  • Fix the remaining problem with UUID support for swap partitions
  • Updates mondoarchive man page for USB support
  • Adds preliminary Hardware support to mindi (Proliant SSSTK)
  • Tries to add udev support also for rhel4
  • Fix UUID support which was still broken.
  • Be conservative in test for the start-nfs script
  • Update config file for mindi-busybox for 1.7.2 migration
  • Try to run around a busybox bug (1.2.2 pb on inexistant links)
  • Add build content for mindi-busybox in pb
  • Remove distributions content for mindi-busybox
  • Fix a warning on inexistant raidtab
  • Solve problem on tmpfs in restore init (Problem of inexistant symlink and busybox)
  • Create MONDO_CACHE and use it everywhere + creation at start
  • Really never try to eject a USB device
  • Fix a issue with &> usage (replaced with 1> and 2>)
  • Adds magic file to depllist in order to have file working + ldd which helps for debugging issues
  • tty modes correct to avoid sh error messages
  • Use ext3 normally and not ext2 instead
  • USB device should be corrected after reading (take 1st part)
  • Adds a mount_USB_here function derived from mount_CDROM_here
  • usb detection place before /dev detection in device name at restore time
  • Fix when restoring from USB: media is asked in interactive mode
  • Adds USB support for mondorestore
  • mount_cdrom => mount_media
  • elilo.efi is now searched throughout /boot/efi and not in a fixed place as there is no standard
  • untar-and-softlink => untar (+ interface change)
  • suppress useless softlinks creation/removal in boot process
  • avoids udevd messages on groups
  • Increase # of disks to 99 as in mindi at restore time (should be a conf file parameter)
  • skip existing big file creation
  • seems to work correctly for USB mindi boot
  • Adds group and tty link to udev conf
  • Always load usb-torage (even 2.6) to initiate USB bus discovery
  • Better printing of messages
  • Attempt to fix a bug in supporting OpenSusE 10.3 kernel for initramfs (mindi may now use multiple regex for kernel initrd detection)
  • Links were not correctly done as non relative for modules in mindi
  • exclusion of modules denied now works
  • Also create modules in their ordinary place, so that classical modprobe works + copy modules.dep
  • Fix bugs for DENY_MODS handling
  • Add device /dev/console for udev
  • ide-generic should now really be excluded
  • Fix a bug in major number for tty
  • If udev then adds modprobe/insmod to rootfs
  • tty0 is also cretaed with udev
  • ide-generic put rather in DENY_MODS
  • udevd remove from deplist s handled in mindi directly
  • better default for mindi when using --usb
  • Handles dynamically linked busybox (in case we want to use it soon ;-)
  • Adds fixed devices to create for udev
  • ide-generic should not be part of the initrd when using libata v2
  • support a dynamically linked udev (case on Ubuntu 7.10 and Mandriva 2008.0 so should be quite generic) This will give incitation to move to dyn. linked binaries in the initrd which will help for other tasks (ia6 4)
  • Improvement in udev support (do not use cl options not available in busybox)
  • Udev in mindi
    • auto creation of the right links at boot time with udev-links.conf(from Mandriva 2008.0)
    • rework startup of udev as current makes kernel crash (from Mandriva 2008.0)
    • add support for 64 bits udev
  • Try to render MyInsmod silent at boot time
  • Adds udev support (mandatory for newest distributions to avoid remapping of devices in a different way as on the original system)
  • We also need vaft format support for USB boot
  • Adds libusual support (Ubuntu 7.10 needs it for USB)
  • Improve Ubuntu/Debian keyboard detection and support
  • pbinit adapted to new pb (0.8.10). Filtering of docs done in it
  • Suppress some mondo warnings and errors on USB again
  • Tries to fix lack of files in deb mindi package
  • Verify should now work for USB devices
  • More log/mesages improvement for USB support
  • - Supress g_erase_tmpdir_and_scratchdir
  • Improve some log messages for USB support
  • Try to improve install in mindi to avoid issues with isolinux.cfg not installed vene if in the pkg :-(
  • Improve mindi-busybox build
  • In conformity with pb 0.8.9
  • Add support for Ubuntu 7.10 in build process
  • Add USB Key button to Menu UI (CD streamer removed)
  • Attempt to fix error messages on tmp/scratch files at the end by removing those dir at the latest possible.
  • Fix a bug linked to the size of the -E param which could be used (Arnaud Tiger/René Ribaud).
  • Integrate ~/.pbrc content into mondorescue.pb (required project-builder >= 0.8.7)
  • Put mondorescue in conformity with new pb filtering rules
  • Add USB support at restore time (no test done yet). New start-usb script PB varibale added where useful
  • Unmounting USB device before removal of temporary scratchdir
  • Stil refining USB copy back to mondo (one command was not executed)
  • No need to have the image subdor in the csratchdir when USB.
  • umount the USB partition before attempting to use it
  • Remove useless copy from mindi to mondo at end of USB handling

(risky merge, we are raising the limits of 2 diverging branches. The status of stable is not completely sure as such. Will need lots of tests, but it's not yet done :-()
(merge -r1692:1769 $SVN_M/branches/2.2.5)
File size: 5.4 KB
Line 
1/* vi: set sw=4 ts=4: */
2/*
3 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
4 */
5
6#include "libbb.h"
7#include <syslog.h>
8
9
10static void nuke_str(char *str)
11{
12 if (str) memset(str, 0, strlen(str));
13}
14
15static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
16{
17 char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
18 char *orig = (char*)"";
19 char *newp = NULL;
20 char *cipher = NULL;
21 char *cp = NULL;
22 char *ret = NULL; /* failure so far */
23
24 if (myuid && pw->pw_passwd[0]) {
25 orig = bb_askpass(0, "Old password:"); /* returns ptr to static */
26 if (!orig)
27 goto err_ret;
28 cipher = pw_encrypt(orig, pw->pw_passwd); /* returns ptr to static */
29 if (strcmp(cipher, pw->pw_passwd) != 0) {
30 syslog(LOG_WARNING, "incorrect password for '%s'",
31 pw->pw_name);
32 bb_do_delay(FAIL_DELAY);
33 puts("Incorrect password");
34 goto err_ret;
35 }
36 }
37 orig = xstrdup(orig); /* or else bb_askpass() will destroy it */
38 newp = bb_askpass(0, "New password:"); /* returns ptr to static */
39 if (!newp)
40 goto err_ret;
41 newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */
42 if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
43 && obscure(orig, newp, pw) && myuid)
44 goto err_ret; /* non-root is not allowed to have weak passwd */
45
46 cp = bb_askpass(0, "Retype password:");
47 if (!cp)
48 goto err_ret;
49 if (strcmp(cp, newp)) {
50 puts("Passwords don't match");
51 goto err_ret;
52 }
53
54 crypt_make_salt(salt, 1, 0); /* des */
55 if (algo) { /* MD5 */
56 strcpy(salt, "$1$");
57 crypt_make_salt(salt + 3, 4, 0);
58 }
59 /* pw_encrypt returns ptr to static */
60 ret = xstrdup(pw_encrypt(newp, salt));
61 /* whee, success! */
62
63 err_ret:
64 nuke_str(orig);
65 if (ENABLE_FEATURE_CLEAN_UP) free(orig);
66 nuke_str(newp);
67 if (ENABLE_FEATURE_CLEAN_UP) free(newp);
68 nuke_str(cipher);
69 nuke_str(cp);
70 return ret;
71}
72
73int passwd_main(int argc, char **argv);
74int passwd_main(int argc, char **argv)
75{
76 enum {
77 OPT_algo = 0x1, /* -a - password algorithm */
78 OPT_lock = 0x2, /* -l - lock account */
79 OPT_unlock = 0x4, /* -u - unlock account */
80 OPT_delete = 0x8, /* -d - delete password */
81 OPT_lud = 0xe,
82 STATE_ALGO_md5 = 0x10,
83 //STATE_ALGO_des = 0x20, not needed yet
84 };
85 unsigned opt;
86 int rc;
87 const char *opt_a = "";
88 const char *filename;
89 char *myname;
90 char *name;
91 char *newp;
92 struct passwd *pw;
93 uid_t myuid;
94 struct rlimit rlimit_fsize;
95 char c;
96
97#if ENABLE_FEATURE_SHADOWPASSWDS
98 /* Using _r function to avoid pulling in static buffers */
99 struct spwd spw;
100 struct spwd *result;
101 char buffer[256];
102#endif
103
104 logmode = LOGMODE_BOTH;
105 openlog(applet_name, LOG_NOWAIT, LOG_AUTH);
106 opt = getopt32(argv, "a:lud", &opt_a);
107 //argc -= optind;
108 argv += optind;
109
110 if (strcasecmp(opt_a, "des") != 0) /* -a */
111 opt |= STATE_ALGO_md5;
112 //else
113 // opt |= STATE_ALGO_des;
114 myuid = getuid();
115 /* -l, -u, -d require root priv and username argument */
116 if ((opt & OPT_lud) && (myuid || !argv[0]))
117 bb_show_usage();
118
119 /* Will complain and die if username not found */
120 myname = xstrdup(bb_getpwuid(NULL, -1, myuid));
121 name = argv[0] ? argv[0] : myname;
122
123 pw = getpwnam(name);
124 if (!pw) bb_error_msg_and_die("unknown user %s", name);
125 if (myuid && pw->pw_uid != myuid) {
126 /* LOGMODE_BOTH */
127 bb_error_msg_and_die("%s can't change password for %s", myname, name);
128 }
129
130#if ENABLE_FEATURE_SHADOWPASSWDS
131 /* getspnam_r() can lie! Even if user isn't in shadow, it can
132 * return success (pwd field was seen set to "!" in this case) */
133 if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)
134 || LONE_CHAR(spw.sp_pwdp, '!')) {
135 /* LOGMODE_BOTH */
136 bb_error_msg("no record of %s in %s, using %s",
137 name, bb_path_shadow_file,
138 bb_path_passwd_file);
139 } else {
140 pw->pw_passwd = spw.sp_pwdp;
141 }
142#endif
143
144 /* Decide what the new password will be */
145 newp = NULL;
146 c = pw->pw_passwd[0] - '!';
147 if (!(opt & OPT_lud)) {
148 if (myuid && !c) { /* passwd starts with '!' */
149 /* LOGMODE_BOTH */
150 bb_error_msg_and_die("cannot change "
151 "locked password for %s", name);
152 }
153 printf("Changing password for %s\n", name);
154 newp = new_password(pw, myuid, opt & STATE_ALGO_md5);
155 if (!newp) {
156 logmode = LOGMODE_STDIO;
157 bb_error_msg_and_die("password for %s is unchanged", name);
158 }
159 } else if (opt & OPT_lock) {
160 if (!c) goto skip; /* passwd starts with '!' */
161 newp = xasprintf("!%s", pw->pw_passwd);
162 } else if (opt & OPT_unlock) {
163 if (c) goto skip; /* not '!' */
164 /* pw->pw_passwd pints to static storage,
165 * strdup'ing to avoid nasty surprizes */
166 newp = xstrdup(&pw->pw_passwd[1]);
167 } else if (opt & OPT_delete) {
168 //newp = xstrdup("");
169 newp = (char*)"";
170 }
171
172 rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
173 setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
174 signal(SIGHUP, SIG_IGN);
175 signal(SIGINT, SIG_IGN);
176 signal(SIGQUIT, SIG_IGN);
177 umask(077);
178 xsetuid(0);
179
180#if ENABLE_FEATURE_SHADOWPASSWDS
181 filename = bb_path_shadow_file;
182 rc = update_passwd(bb_path_shadow_file, name, newp);
183 if (rc == 0) /* no lines updated, no errors detected */
184#endif
185 {
186 filename = bb_path_passwd_file;
187 rc = update_passwd(bb_path_passwd_file, name, newp);
188 }
189 /* LOGMODE_BOTH */
190 if (rc < 0)
191 bb_error_msg_and_die("cannot update password file %s",
192 filename);
193 bb_info_msg("Password for %s changed by %s", name, myname);
194
195 //if (ENABLE_FEATURE_CLEAN_UP) free(newp);
196 skip:
197 if (!newp) {
198 bb_error_msg_and_die("password for %s is already %slocked",
199 name, (opt & OPT_unlock) ? "un" : "");
200 }
201 if (ENABLE_FEATURE_CLEAN_UP) free(myname);
202 return 0;
203}
Note: See TracBrowser for help on using the repository browser.