Changeset 1770 in MondoRescue for branches/stable/mindi-busybox/loginutils/passwd.c

Timestamp:

Nov 6, 2007, 11:01:53 AM (16 years ago)

Author:

Bruno Cornec

Message:

• Better output for mindi-busybox revision
• Remove dummy file created on NFS - report from Arnaud Tiger <arnaud.tiger_at_hp.com>
• strace useful for debug
• fix new versions for pb (2.0.0 for mindi and 1.7.2 for mindi-busybox)
• fix build process for mindi-busybox + options used in that version (dd for label-partitions-as-necessary)
• fix typo in label-partitions-as-necessary which doesn't seem to work
• Update to busybox 1.7.2
• perl is now required at restore time to support uuid swap partitions (and will be used for many other thigs

in the future for sure)

• next mindi version will be 2.0.0 due to all the changes made in it (udev may break working distros)
• small optimization in mindi on keyboard handling (one single find instead of multiple)
• better interaction for USB device when launching mindi manually
• attempt to automatically guess block disk size for ramdisk
• fix typos in bkphw
• Fix the remaining problem with UUID support for swap partitions
• Updates mondoarchive man page for USB support
• Adds preliminary Hardware support to mindi (Proliant SSSTK)
• Tries to add udev support also for rhel4
• Fix UUID support which was still broken.
• Be conservative in test for the start-nfs script
• Update config file for mindi-busybox for 1.7.2 migration
• Try to run around a busybox bug (1.2.2 pb on inexistant links)
• Add build content for mindi-busybox in pb
• Remove distributions content for mindi-busybox
• Fix a warning on inexistant raidtab
• Solve problem on tmpfs in restore init (Problem of inexistant symlink and busybox)
• Create MONDO_CACHE and use it everywhere + creation at start
• Really never try to eject a USB device
• Fix a issue with &> usage (replaced with 1> and 2>)
• Adds magic file to depllist in order to have file working + ldd which helps for debugging issues
• tty modes correct to avoid sh error messages
• Use ext3 normally and not ext2 instead
• USB device should be corrected after reading (take 1st part)
• Adds a mount_USB_here function derived from mount_CDROM_here
• usb detection place before /dev detection in device name at restore time
• Fix when restoring from USB: media is asked in interactive mode
• Adds USB support for mondorestore
• mount_cdrom => mount_media
• elilo.efi is now searched throughout /boot/efi and not in a fixed place as there is no standard
• untar-and-softlink => untar (+ interface change)
• suppress useless softlinks creation/removal in boot process
• avoids udevd messages on groups
• Increase # of disks to 99 as in mindi at restore time (should be a conf file parameter)
• skip existing big file creation
• seems to work correctly for USB mindi boot
• Adds group and tty link to udev conf
• Always load usb-torage (even 2.6) to initiate USB bus discovery
• Better printing of messages
• Attempt to fix a bug in supporting OpenSusE 10.3 kernel for initramfs (mindi may now use multiple regex for kernel initrd detection)
• Links were not correctly done as non relative for modules in mindi
• exclusion of modules denied now works
• Also create modules in their ordinary place, so that classical modprobe works + copy modules.dep
• Fix bugs for DENY_MODS handling
• Add device /dev/console for udev
• ide-generic should now really be excluded
• Fix a bug in major number for tty
• If udev then adds modprobe/insmod to rootfs
• tty0 is also cretaed with udev
• ide-generic put rather in DENY_MODS
• udevd remove from deplist s handled in mindi directly
• better default for mindi when using --usb
• Handles dynamically linked busybox (in case we want to use it soon ;-)
• Adds fixed devices to create for udev
• ide-generic should not be part of the initrd when using libata v2
• support a dynamically linked udev (case on Ubuntu 7.10 and Mandriva 2008.0 so should be quite generic) This will give incitation to move to dyn. linked binaries in the initrd which will help for other tasks (ia6 4)
• Improvement in udev support (do not use cl options not available in busybox)
• Udev in mindi
  • auto creation of the right links at boot time with udev-links.conf(from Mandriva 2008.0)
  • rework startup of udev as current makes kernel crash (from Mandriva 2008.0)
  • add support for 64 bits udev
• Try to render MyInsmod silent at boot time
• Adds udev support (mandatory for newest distributions to avoid remapping of devices in a different way as on the original system)
• We also need vaft format support for USB boot
• Adds libusual support (Ubuntu 7.10 needs it for USB)
• Improve Ubuntu/Debian keyboard detection and support
• pbinit adapted to new pb (0.8.10). Filtering of docs done in it
• Suppress some mondo warnings and errors on USB again
• Tries to fix lack of files in deb mindi package
• Verify should now work for USB devices
• More log/mesages improvement for USB support
• - Supress g_erase_tmpdir_and_scratchdir
• Improve some log messages for USB support
• Try to improve install in mindi to avoid issues with isolinux.cfg not installed vene if in the pkg :-(
• Improve mindi-busybox build
• In conformity with pb 0.8.9
• Add support for Ubuntu 7.10 in build process
• Add USB Key button to Menu UI (CD streamer removed)
• Attempt to fix error messages on tmp/scratch files at the end by removing those dir at the latest possible.
• Fix a bug linked to the size of the -E param which could be used (Arnaud Tiger/René Ribaud).
• Integrate ~/.pbrc content into mondorescue.pb (required project-builder >= 0.8.7)
• Put mondorescue in conformity with new pb filtering rules
• Add USB support at restore time (no test done yet). New start-usb script PB varibale added where useful
• Unmounting USB device before removal of temporary scratchdir
• Stil refining USB copy back to mondo (one command was not executed)
• No need to have the image subdor in the csratchdir when USB.
• umount the USB partition before attempting to use it
• Remove useless copy from mindi to mondo at end of USB handling

(risky merge, we are raising the limits of 2 diverging branches. The status of stable is not completely sure as such. Will need lots of tests, but it's not yet done :-()
(merge -r1692:1769 $SVN_M/branches/2.2.5)

File:

• branches/stable/mindi-busybox/loginutils/passwd.c (modified) (2 diffs)

branches/stable/mindi-busybox/loginutils/passwd.c

@@ -1 +1 @@
 /* vi: set sw=4 ts=4: */
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <utime.h>
+/*
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ */
+
+#include "libbb.h"
 #include <syslog.h>
-#include <time.h>
-#include <sys/resource.h>
-#include <errno.h>
-
-#include "busybox.h"
-
-static char crypt_passwd[128];
-
-static int create_backup(const char *backup, FILE * fp);
-static int new_password(const struct passwd *pw, int amroot, int algo);
-static void set_filesize_limit(int blocks);
-
-
-static int get_algo(char *a)
+
+
+static void nuke_str(char *str)
 {
-    int x = 1;                  /* standard: MD5 */
-
-    if (strcasecmp(a, "des") == 0)
-        x = 0;
-    return x;
+    if (str) memset(str, 0, strlen(str));
 }
 
-
-static int update_passwd(const struct passwd *pw, const char *crypt_pw)
+static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
 {
-    char filename[1024];
-    char buf[1025];
-    char buffer[80];
-    char username[32];
-    char *pw_rest;
-    int mask;
-    int continued;
-    FILE *fp;
-    FILE *out_fp;
-    struct stat sb;
-    struct flock lock;
-
-#if ENABLE_FEATURE_SHADOWPASSWDS
-    if (access(bb_path_shadow_file, F_OK) == 0) {
-        snprintf(filename, sizeof filename, "%s", bb_path_shadow_file);
-    } else
-#endif
-    {
-        snprintf(filename, sizeof filename, "%s", bb_path_passwd_file);
-    }
-
-    if (((fp = fopen(filename, "r+")) == 0) || (fstat(fileno(fp), &sb))) {
-        /* return 0; */
-        return 1;
-    }
-
-    /* Lock the password file before updating */
-    lock.l_type = F_WRLCK;
-    lock.l_whence = SEEK_SET;
-    lock.l_start = 0;
-    lock.l_len = 0;
-    if (fcntl(fileno(fp), F_SETLK, &lock) < 0) {
-        fprintf(stderr, "%s: %s\n", filename, strerror(errno));
-        return 1;
-    }
-    lock.l_type = F_UNLCK;
-
-    snprintf(buf, sizeof buf, "%s-", filename);
-    if (create_backup(buf, fp)) {
-        fcntl(fileno(fp), F_SETLK, &lock);
-        fclose(fp);
-        return 1;
-    }
-    snprintf(buf, sizeof buf, "%s+", filename);
-    mask = umask(0777);
-    out_fp = fopen(buf, "w");
-    umask(mask);
-    if ((!out_fp) || (fchmod(fileno(out_fp), sb.st_mode & 0777))
-        || (fchown(fileno(out_fp), sb.st_uid, sb.st_gid))) {
-        fcntl(fileno(fp), F_SETLK, &lock);
-        fclose(fp);
-        fclose(out_fp);
-        return 1;
-    }
-
-    continued = 0;
-    snprintf(username, sizeof username, "%s:", pw->pw_name);
-    rewind(fp);
-    while (!feof(fp)) {
-        fgets(buffer, sizeof buffer, fp);
-        if (!continued) { /* Check to see if we're updating this line.  */
-            if (strncmp(username, buffer, strlen(username)) == 0) {
-                /* we have a match. */
-                pw_rest = strchr(buffer, ':');
-                *pw_rest++ = '\0';
-                pw_rest = strchr(pw_rest, ':');
-                fprintf(out_fp, "%s:%s%s", buffer, crypt_pw, pw_rest);
-            } else {
-                fputs(buffer, out_fp);
-            }
-        } else {
-            fputs(buffer, out_fp);
+    char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
+    char *orig = (char*)"";
+    char *newp = NULL;
+    char *cipher = NULL;
+    char *cp = NULL;
+    char *ret = NULL; /* failure so far */
+
+    if (myuid && pw->pw_passwd[0]) {
+        orig = bb_askpass(0, "Old password:"); /* returns ptr to static */
+        if (!orig)
+            goto err_ret;
+        cipher = pw_encrypt(orig, pw->pw_passwd); /* returns ptr to static */
+        if (strcmp(cipher, pw->pw_passwd) != 0) {
+            syslog(LOG_WARNING, "incorrect password for '%s'",
+                pw->pw_name);
+            bb_do_delay(FAIL_DELAY);
+            puts("Incorrect password");
+            goto err_ret;
         }
-        if (buffer[strlen(buffer) - 1] == '\n') {
-            continued = 0;
-        } else {
-            continued = 1;
-        }
-        memset(buffer, 0, sizeof buffer);
-    }
-
-    if (fflush(out_fp) || fsync(fileno(out_fp)) || fclose(out_fp)) {
-        unlink(buf);
-        fcntl(fileno(fp), F_SETLK, &lock);
-        fclose(fp);
-        return 1;
-    }
-    if (rename(buf, filename) < 0) {
-        fcntl(fileno(fp), F_SETLK, &lock);
-        fclose(fp);
-        return 1;
-    } else {
-        fcntl(fileno(fp), F_SETLK, &lock);
-        fclose(fp);
-        return 0;
-    }
+    }
+    orig = xstrdup(orig); /* or else bb_askpass() will destroy it */
+    newp = bb_askpass(0, "New password:"); /* returns ptr to static */
+    if (!newp)
+        goto err_ret;
+    newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */
+    if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
+     && obscure(orig, newp, pw) && myuid)
+        goto err_ret; /* non-root is not allowed to have weak passwd */
+
+    cp = bb_askpass(0, "Retype password:");
+    if (!cp)
+        goto err_ret;
+    if (strcmp(cp, newp)) {
+        puts("Passwords don't match");
+        goto err_ret;
+    }
+
+    crypt_make_salt(salt, 1, 0); /* des */
+    if (algo) { /* MD5 */
+        strcpy(salt, "$1$");
+        crypt_make_salt(salt + 3, 4, 0);
+    }
+    /* pw_encrypt returns ptr to static */
+    ret = xstrdup(pw_encrypt(newp, salt));
+    /* whee, success! */
+
+ err_ret:
+    nuke_str(orig);
+    if (ENABLE_FEATURE_CLEAN_UP) free(orig);
+    nuke_str(newp);
+    if (ENABLE_FEATURE_CLEAN_UP) free(newp);
+    nuke_str(cipher);
+    nuke_str(cp);
+    return ret;
 }
 
-
+int passwd_main(int argc, char **argv);
 int passwd_main(int argc, char **argv)
 {
-    int amroot;
-    char *cp;
-    char *np;
+    enum {
+        OPT_algo = 0x1, /* -a - password algorithm */
+        OPT_lock = 0x2, /* -l - lock account */
+        OPT_unlock = 0x4, /* -u - unlock account */
+        OPT_delete = 0x8, /* -d - delete password */
+        OPT_lud = 0xe,
+        STATE_ALGO_md5 = 0x10,
+        //STATE_ALGO_des = 0x20, not needed yet
+    };
+    unsigned opt;
+    int rc;
+    const char *opt_a = "";
+    const char *filename;
+    char *myname;
     char *name;
-    char *myname;
-    int flag;
-    int algo = 1;               /* -a - password algorithm */
-    int lflg = 0;               /* -l - lock account */
-    int uflg = 0;               /* -u - unlock account */
-    int dflg = 0;               /* -d - delete password */
-    const struct passwd *pw;
+    char *newp;
+    struct passwd *pw;
+    uid_t myuid;
+    struct rlimit rlimit_fsize;
+    char c;
 
 #if ENABLE_FEATURE_SHADOWPASSWDS
-    const struct spwd *sp;
+    /* Using _r function to avoid pulling in static buffers */
+    struct spwd spw;
+    struct spwd *result;
+    char buffer[256];
 #endif
-    amroot = (getuid() == 0);
-    openlog("passwd", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
-    while ((flag = getopt(argc, argv, "a:dlu")) != EOF) {
-        switch (flag) {
-        case 'a':
-            algo = get_algo(optarg);
-            break;
-        case 'd':
-            dflg++;
-            break;
-        case 'l':
-            lflg++;
-            break;
-        case 'u':
-            uflg++;
-            break;
-        default:
-            bb_show_usage();
-        }
-    }
-    myname = (char *) bb_xstrdup(bb_getpwuid(NULL, getuid(), -1));
-    /* exits on error */
-    if (optind < argc) {
-        name = argv[optind];
+
+    logmode = LOGMODE_BOTH;
+    openlog(applet_name, LOG_NOWAIT, LOG_AUTH);
+    opt = getopt32(argv, "a:lud", &opt_a);
+    //argc -= optind;
+    argv += optind;
+
+    if (strcasecmp(opt_a, "des") != 0) /* -a */
+        opt |= STATE_ALGO_md5;
+    //else
+    //  opt |= STATE_ALGO_des;
+    myuid = getuid();
+    /* -l, -u, -d require root priv and username argument */
+    if ((opt & OPT_lud) && (myuid || !argv[0]))
+        bb_show_usage();
+
+    /* Will complain and die if username not found */
+    myname = xstrdup(bb_getpwuid(NULL, -1, myuid));
+    name = argv[0] ? argv[0] : myname;
+
+    pw = getpwnam(name);
+    if (!pw) bb_error_msg_and_die("unknown user %s", name);
+    if (myuid && pw->pw_uid != myuid) {
+        /* LOGMODE_BOTH */
+        bb_error_msg_and_die("%s can't change password for %s", myname, name);
+    }
+
+#if ENABLE_FEATURE_SHADOWPASSWDS
+    /* getspnam_r() can lie! Even if user isn't in shadow, it can
+     * return success (pwd field was seen set to "!" in this case) */
+    if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)
+     || LONE_CHAR(spw.sp_pwdp, '!')) {
+        /* LOGMODE_BOTH */
+        bb_error_msg("no record of %s in %s, using %s",
+                name, bb_path_shadow_file,
+                bb_path_passwd_file);
     } else {
-        name = myname;
-    }
-    if ((lflg || uflg || dflg) && (optind >= argc || !amroot)) {
-        bb_show_usage();
-    }
-    pw = getpwnam(name);
-    if (!pw) {
-        bb_error_msg_and_die("Unknown user %s\n", name);
-    }
-    if (!amroot && pw->pw_uid != getuid()) {
-        syslog(LOG_WARNING, "can't change pwd for `%s'", name);
-        bb_error_msg_and_die("Permission denied.\n");
-    }
-#if ENABLE_FEATURE_SHADOWPASSWDS
-    sp = getspnam(name);
-    if (!sp) {
-        sp = (struct spwd *) pwd_to_spwd(pw);
-    }
-    cp = sp->sp_pwdp;
-    np = sp->sp_namp;
-#else
-    cp = pw->pw_passwd;
-    np = name;
+        pw->pw_passwd = spw.sp_pwdp;
+    }
 #endif
 
-    safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
-    if (!(dflg || lflg || uflg)) {
-        if (!amroot) {
-            if (cp[0] == '!') {
-                syslog(LOG_WARNING, "password locked for `%s'", np);
-                bb_error_msg_and_die( "The password for `%s' cannot be changed.\n", np);
-            }
+    /* Decide what the new password will be */
+    newp = NULL;
+    c = pw->pw_passwd[0] - '!';
+    if (!(opt & OPT_lud)) {
+        if (myuid && !c) { /* passwd starts with '!' */
+            /* LOGMODE_BOTH */
+            bb_error_msg_and_die("cannot change "
+                    "locked password for %s", name);
         }
         printf("Changing password for %s\n", name);
-        if (new_password(pw, amroot, algo)) {
-            bb_error_msg_and_die( "The password for %s is unchanged.\n", name);
+        newp = new_password(pw, myuid, opt & STATE_ALGO_md5);
+        if (!newp) {
+            logmode = LOGMODE_STDIO;
+            bb_error_msg_and_die("password for %s is unchanged", name);
         }
-    } else if (lflg) {
-        if (crypt_passwd[0] != '!') {
-            memmove(&crypt_passwd[1], crypt_passwd,
-                    sizeof crypt_passwd - 1);
-            crypt_passwd[sizeof crypt_passwd - 1] = '\0';
-            crypt_passwd[0] = '!';
-        }
-    } else if (uflg) {
-        if (crypt_passwd[0] == '!') {
-            memmove(crypt_passwd, &crypt_passwd[1],
-                    sizeof crypt_passwd - 1);
-        }
-    } else if (dflg) {
-        crypt_passwd[0] = '\0';
-    }
-    set_filesize_limit(30000);
+    } else if (opt & OPT_lock) {
+        if (!c) goto skip; /* passwd starts with '!' */
+        newp = xasprintf("!%s", pw->pw_passwd);
+    } else if (opt & OPT_unlock) {
+        if (c) goto skip; /* not '!' */
+        /* pw->pw_passwd pints to static storage,
+         * strdup'ing to avoid nasty surprizes */
+        newp = xstrdup(&pw->pw_passwd[1]);
+    } else if (opt & OPT_delete) {
+        //newp = xstrdup("");
+        newp = (char*)"";
+    }
+
+    rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
+    setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
     signal(SIGHUP, SIG_IGN);
     signal(SIGINT, SIG_IGN);
@@ -233 +177 @@
     umask(077);
     xsetuid(0);
-    if (!update_passwd(pw, crypt_passwd)) {
-        syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
-               myname);
-        printf("Password changed.\n");
-    } else {
-        syslog(LOG_WARNING, "an error occurred updating the password file");
-        bb_error_msg_and_die("An error occurred updating the password file.\n");
-    }
-    return (0);
-}
-
-
-
-static int create_backup(const char *backup, FILE * fp)
-{
-    struct stat sb;
-    struct utimbuf ub;
-    FILE *bkfp;
-    int c, mask;
-
-    if (fstat(fileno(fp), &sb))
-        /* return -1; */
-        return 1;
-
-    mask = umask(077);
-    bkfp = fopen(backup, "w");
-    umask(mask);
-    if (!bkfp)
-        /* return -1; */
-        return 1;
-
-    /* TODO: faster copy, not one-char-at-a-time.  --marekm */
-    rewind(fp);
-    while ((c = getc(fp)) != EOF) {
-        if (putc(c, bkfp) == EOF)
-            break;
-    }
-    if (c != EOF || fflush(bkfp)) {
-        fclose(bkfp);
-        /* return -1; */
-        return 1;
-    }
-    if (fclose(bkfp))
-        /* return -1; */
-        return 1;
-
-    ub.actime = sb.st_atime;
-    ub.modtime = sb.st_mtime;
-    utime(backup, &ub);
+
+#if ENABLE_FEATURE_SHADOWPASSWDS
+    filename = bb_path_shadow_file;
+    rc = update_passwd(bb_path_shadow_file, name, newp);
+    if (rc == 0) /* no lines updated, no errors detected */
+#endif
+    {
+        filename = bb_path_passwd_file;
+        rc = update_passwd(bb_path_passwd_file, name, newp);
+    }
+    /* LOGMODE_BOTH */
+    if (rc < 0)
+        bb_error_msg_and_die("cannot update password file %s",
+                filename);
+    bb_info_msg("Password for %s changed by %s", name, myname);
+
+    //if (ENABLE_FEATURE_CLEAN_UP) free(newp);
+ skip:
+    if (!newp) {
+        bb_error_msg_and_die("password for %s is already %slocked",
+            name, (opt & OPT_unlock) ? "un" : "");
+    }
+    if (ENABLE_FEATURE_CLEAN_UP) free(myname);
     return 0;
 }
-
-static int i64c(int i)
-{
-    if (i <= 0)
-        return ('.');
-    if (i == 1)
-        return ('/');
-    if (i >= 2 && i < 12)
-        return ('0' - 2 + i);
-    if (i >= 12 && i < 38)
-        return ('A' - 12 + i);
-    if (i >= 38 && i < 63)
-        return ('a' - 38 + i);
-    return ('z');
-}
-
-static char *crypt_make_salt(void)
-{
-    time_t now;
-    static unsigned long x;
-    static char result[3];
-
-    time(&now);
-    x += now + getpid() + clock();
-    result[0] = i64c(((x >> 18) ^ (x >> 6)) & 077);
-    result[1] = i64c(((x >> 12) ^ x) & 077);
-    result[2] = '\0';
-    return result;
-}
-
-
-static int new_password(const struct passwd *pw, int amroot, int algo)
-{
-    char *clear;
-    char *cipher;
-    char *cp;
-    char salt[12]; /* "$N$XXXXXXXX" or "XX" */
-    char orig[200];
-    char pass[200];
-
-    if (!amroot && crypt_passwd[0]) {
-        if (!(clear = bb_askpass(0, "Old password:"))) {
-            /* return -1; */
-            return 1;
-        }
-        cipher = pw_encrypt(clear, crypt_passwd);
-        if (strcmp(cipher, crypt_passwd) != 0) {
-            syslog(LOG_WARNING, "incorrect password for `%s'",
-                   pw->pw_name);
-            bb_do_delay(FAIL_DELAY);
-            fprintf(stderr, "Incorrect password.\n");
-            /* return -1; */
-            return 1;
-        }
-        safe_strncpy(orig, clear, sizeof(orig));
-        memset(clear, 0, strlen(clear));
-        memset(cipher, 0, strlen(cipher));
-    } else {
-        orig[0] = '\0';
-    }
-    if (! (cp=bb_askpass(0, "Enter the new password (minimum of 5, maximum of 8 characters)\n"
-                      "Please use a combination of upper and lower case letters and numbers.\n"
-                      "Enter new password: ")))
-    {
-        memset(orig, 0, sizeof orig);
-        /* return -1; */
-        return 1;
-    }
-    safe_strncpy(pass, cp, sizeof(pass));
-    memset(cp, 0, strlen(cp));
-    /* if (!obscure(orig, pass, pw)) { */
-    if (obscure(orig, pass, pw)) {
-        if (amroot) {
-            printf("\nWarning: weak password (continuing).\n");
-        } else {
-            /* return -1; */
-            return 1;
-        }
-    }
-    if (!(cp = bb_askpass(0, "Re-enter new password: "))) {
-        memset(orig, 0, sizeof orig);
-        /* return -1; */
-        return 1;
-    }
-    if (strcmp(cp, pass)) {
-        fprintf(stderr, "Passwords do not match.\n");
-        /* return -1; */
-        return 1;
-    }
-    memset(cp, 0, strlen(cp));
-    memset(orig, 0, sizeof(orig));
-    memset(salt, 0, sizeof(salt));
-
-    if (algo == 1) {
-        strcpy(salt, "$1$");
-        strcat(salt, crypt_make_salt());
-        strcat(salt, crypt_make_salt());
-        strcat(salt, crypt_make_salt());
-    }
-
-    strcat(salt, crypt_make_salt());
-    cp = pw_encrypt(pass, salt);
-
-    memset(pass, 0, sizeof pass);
-    safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
-    return 0;
-}
-
-static void set_filesize_limit(int blocks)
-{
-    struct rlimit rlimit_fsize;
-
-    rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * blocks;
-    setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
-}