Changeset 2725 in MondoRescue for branches/2.2.9/mindi-busybox/loginutils/passwd.c
- Timestamp:
- Feb 25, 2011, 9:26:54 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2.9/mindi-busybox/loginutils/passwd.c
r1765 r2725 1 1 /* vi: set sw=4 ts=4: */ 2 2 /* 3 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.3 * Licensed under GPLv2 or later, see file LICENSE in this source tree. 4 4 */ 5 6 5 #include "libbb.h" 7 6 #include <syslog.h> 8 9 7 10 8 static void nuke_str(char *str) … … 18 16 char *orig = (char*)""; 19 17 char *newp = NULL; 20 char *cipher = NULL;21 18 char *cp = NULL; 22 19 char *ret = NULL; /* failure so far */ 23 20 24 21 if (myuid && pw->pw_passwd[0]) { 25 orig = bb_askpass(0, "Old password:"); /* returns ptr to static */ 22 char *encrypted; 23 24 orig = bb_ask_stdin("Old password: "); /* returns ptr to static */ 26 25 if (!orig) 27 26 goto err_ret; 28 cipher = pw_encrypt(orig, pw->pw_passwd); /* returns ptr to static*/29 if (strcmp( cipher, pw->pw_passwd) != 0) {30 syslog(LOG_WARNING, "incorrect password for '%s'",27 encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */ 28 if (strcmp(encrypted, pw->pw_passwd) != 0) { 29 syslog(LOG_WARNING, "incorrect password for %s", 31 30 pw->pw_name); 32 31 bb_do_delay(FAIL_DELAY); … … 34 33 goto err_ret; 35 34 } 36 } 37 orig = xstrdup(orig); /* or else bb_askpass() will destroy it */ 38 newp = bb_askpass(0, "New password:"); /* returns ptr to static */ 35 if (ENABLE_FEATURE_CLEAN_UP) free(encrypted); 36 } 37 orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */ 38 newp = bb_ask_stdin("New password: "); /* returns ptr to static */ 39 39 if (!newp) 40 40 goto err_ret; 41 newp = xstrdup(newp); /* we are going to bb_ask pass() again, so save it */41 newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */ 42 42 if (ENABLE_FEATURE_PASSWD_WEAK_CHECK 43 43 && obscure(orig, newp, pw) && myuid) 44 44 goto err_ret; /* non-root is not allowed to have weak passwd */ 45 45 46 cp = bb_ask pass(0, "Retype password:");46 cp = bb_ask_stdin("Retype password: "); 47 47 if (!cp) 48 48 goto err_ret; … … 57 57 crypt_make_salt(salt + 3, 4, 0); 58 58 } 59 /* pw_encrypt returns ptr to static*/60 ret = xstrdup(pw_encrypt(newp, salt));59 /* pw_encrypt returns malloced str */ 60 ret = pw_encrypt(newp, salt, 1); 61 61 /* whee, success! */ 62 62 … … 66 66 nuke_str(newp); 67 67 if (ENABLE_FEATURE_CLEAN_UP) free(newp); 68 nuke_str(cipher);69 68 nuke_str(cp); 70 69 return ret; 71 70 } 72 71 73 int passwd_main(int argc, char **argv) ;74 int passwd_main(int argc , char **argv)72 int passwd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; 73 int passwd_main(int argc UNUSED_PARAM, char **argv) 75 74 { 76 75 enum { … … 94 93 struct rlimit rlimit_fsize; 95 94 char c; 96 97 95 #if ENABLE_FEATURE_SHADOWPASSWDS 98 96 /* Using _r function to avoid pulling in static buffers */ 99 97 struct spwd spw; 100 struct spwd *result;101 98 char buffer[256]; 102 99 #endif 103 100 104 101 logmode = LOGMODE_BOTH; 105 openlog(applet_name, LOG_NOWAIT, LOG_AUTH);102 openlog(applet_name, 0, LOG_AUTH); 106 103 opt = getopt32(argv, "a:lud", &opt_a); 107 104 //argc -= optind; … … 118 115 119 116 /* Will complain and die if username not found */ 120 myname = xstrdup( bb_getpwuid(NULL, -1,myuid));117 myname = xstrdup(xuid2uname(myuid)); 121 118 name = argv[0] ? argv[0] : myname; 122 119 123 pw = getpwnam(name); 124 if (!pw) bb_error_msg_and_die("unknown user %s", name); 120 pw = xgetpwnam(name); 125 121 if (myuid && pw->pw_uid != myuid) { 126 122 /* LOGMODE_BOTH */ … … 129 125 130 126 #if ENABLE_FEATURE_SHADOWPASSWDS 131 /* getspnam_r() can lie! Even if user isn't in shadow, it can 132 * return success (pwd field was seen set to "!" in this case) */ 133 if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result) 134 || LONE_CHAR(spw.sp_pwdp, '!')) { 135 /* LOGMODE_BOTH */ 136 bb_error_msg("no record of %s in %s, using %s", 137 name, bb_path_shadow_file, 138 bb_path_passwd_file); 139 } else { 140 pw->pw_passwd = spw.sp_pwdp; 127 { 128 /* getspnam_r may return 0 yet set result to NULL. 129 * At least glibc 2.4 does this. Be extra paranoid here. */ 130 struct spwd *result = NULL; 131 errno = 0; 132 if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result) != 0 133 || !result /* no error, but no record found either */ 134 || strcmp(result->sp_namp, pw->pw_name) != 0 /* paranoia */ 135 ) { 136 if (errno != ENOENT) { 137 /* LOGMODE_BOTH */ 138 bb_perror_msg("no record of %s in %s, using %s", 139 name, bb_path_shadow_file, 140 bb_path_passwd_file); 141 } 142 /* else: /etc/shadow does not exist, 143 * apparently we are on a shadow-less system, 144 * no surprise there */ 145 } else { 146 pw->pw_passwd = result->sp_pwdp; 147 } 141 148 } 142 149 #endif … … 148 155 if (myuid && !c) { /* passwd starts with '!' */ 149 156 /* LOGMODE_BOTH */ 150 bb_error_msg_and_die("can not change "157 bb_error_msg_and_die("can't change " 151 158 "locked password for %s", name); 152 159 } … … 162 169 } else if (opt & OPT_unlock) { 163 170 if (c) goto skip; /* not '!' */ 164 /* pw->pw_passwd p ints to static storage,171 /* pw->pw_passwd points to static storage, 165 172 * strdup'ing to avoid nasty surprizes */ 166 173 newp = xstrdup(&pw->pw_passwd[1]); … … 172 179 rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000; 173 180 setrlimit(RLIMIT_FSIZE, &rlimit_fsize); 174 signal(SIGHUP, SIG_IGN); 175 signal(SIGINT, SIG_IGN); 176 signal(SIGQUIT, SIG_IGN); 181 bb_signals(0 182 + (1 << SIGHUP) 183 + (1 << SIGINT) 184 + (1 << SIGQUIT) 185 , SIG_IGN); 177 186 umask(077); 178 187 xsetuid(0); … … 180 189 #if ENABLE_FEATURE_SHADOWPASSWDS 181 190 filename = bb_path_shadow_file; 182 rc = update_passwd(bb_path_shadow_file, name, newp );191 rc = update_passwd(bb_path_shadow_file, name, newp, NULL); 183 192 if (rc == 0) /* no lines updated, no errors detected */ 184 193 #endif 185 194 { 186 195 filename = bb_path_passwd_file; 187 rc = update_passwd(bb_path_passwd_file, name, newp );196 rc = update_passwd(bb_path_passwd_file, name, newp, NULL); 188 197 } 189 198 /* LOGMODE_BOTH */ 190 199 if (rc < 0) 191 bb_error_msg_and_die("can not update password file %s",200 bb_error_msg_and_die("can't update password file %s", 192 201 filename); 193 202 bb_info_msg("Password for %s changed by %s", name, myname);
Note:
See TracChangeset
for help on using the changeset viewer.