Changeset 3232 in MondoRescue for branches/3.2/mindi-busybox/loginutils/passwd.c

Timestamp:

Jan 1, 2014, 12:47:38 AM (10 years ago)

Author:

Bruno Cornec

Message:

• Update mindi-busybox to 1.21.1

File:

• branches/3.2/mindi-busybox/loginutils/passwd.c (modified) (15 diffs)

branches/3.2/mindi-busybox/loginutils/passwd.c

@@ -3 +3 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+
+//usage:#define passwd_trivial_usage
+//usage:       "[OPTIONS] [USER]"
+//usage:#define passwd_full_usage "\n\n"
+//usage:       "Change USER's password (default: current user)"
+//usage:     "\n"
+//usage:     "\n    -a ALG  Encryption method"
+//usage:     "\n    -d  Set password to ''"
+//usage:     "\n    -l  Lock (disable) account"
+//usage:     "\n    -u  Unlock (enable) account"
+
 #include "libbb.h"
 #include <syslog.h>
+#include <sys/resource.h> /* setrlimit */
 
 static void nuke_str(char *str)
@@ -11 +23 @@
 }
 
-static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
+static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo)
 {
-    char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
+    char salt[MAX_PW_SALT_LEN];
     char *orig = (char*)"";
     char *newp = NULL;
@@ -19 +31 @@
     char *ret = NULL; /* failure so far */
 
-    if (myuid && pw->pw_passwd[0]) {
+    if (myuid != 0 && pw->pw_passwd[0]) {
         char *encrypted;
 
@@ -27 +39 @@
         encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */
         if (strcmp(encrypted, pw->pw_passwd) != 0) {
-            syslog(LOG_WARNING, "incorrect password for %s",
-                pw->pw_name);
-            bb_do_delay(FAIL_DELAY);
+            syslog(LOG_WARNING, "incorrect password for %s", pw->pw_name);
+            bb_do_delay(LOGIN_FAIL_DELAY);
             puts("Incorrect password");
             goto err_ret;
         }
-        if (ENABLE_FEATURE_CLEAN_UP) free(encrypted);
+        if (ENABLE_FEATURE_CLEAN_UP)
+            free(encrypted);
     }
     orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
@@ -41 +53 @@
     newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
     if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
-     && obscure(orig, newp, pw) && myuid)
+     && obscure(orig, newp, pw)
+     && myuid != 0
+    ) {
         goto err_ret; /* non-root is not allowed to have weak passwd */
+    }
 
     cp = bb_ask_stdin("Retype password: ");
     if (!cp)
         goto err_ret;
-    if (strcmp(cp, newp)) {
+    if (strcmp(cp, newp) != 0) {
         puts("Passwords don't match");
         goto err_ret;
     }
 
-    crypt_make_salt(salt, 1, 0); /* des */
-    if (algo) { /* MD5 */
-        strcpy(salt, "$1$");
-        crypt_make_salt(salt + 3, 4, 0);
-    }
+    crypt_make_pw_salt(salt, algo);
+
     /* pw_encrypt returns malloced str */
     ret = pw_encrypt(newp, salt, 1);
@@ -64 +76 @@
     nuke_str(orig);
     if (ENABLE_FEATURE_CLEAN_UP) free(orig);
+
     nuke_str(newp);
     if (ENABLE_FEATURE_CLEAN_UP) free(newp);
+
     nuke_str(cp);
     return ret;
@@ -74 +88 @@
 {
     enum {
-        OPT_algo = 0x1, /* -a - password algorithm */
-        OPT_lock = 0x2, /* -l - lock account */
-        OPT_unlock = 0x4, /* -u - unlock account */
-        OPT_delete = 0x8, /* -d - delete password */
-        OPT_lud = 0xe,
-        STATE_ALGO_md5 = 0x10,
-        //STATE_ALGO_des = 0x20, not needed yet
+        OPT_algo   = (1 << 0), /* -a - password algorithm */
+        OPT_lock   = (1 << 1), /* -l - lock account */
+        OPT_unlock = (1 << 2), /* -u - unlock account */
+        OPT_delete = (1 << 3), /* -d - delete password */
+        OPT_lud    = OPT_lock | OPT_unlock | OPT_delete,
     };
     unsigned opt;
     int rc;
-    const char *opt_a = "";
+    const char *opt_a = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
     const char *filename;
     char *myname;
@@ -105 +117 @@
     argv += optind;
 
-    if (strcasecmp(opt_a, "des") != 0) /* -a */
-        opt |= STATE_ALGO_md5;
-    //else
-    //  opt |= STATE_ALGO_des;
     myuid = getuid();
     /* -l, -u, -d require root priv and username argument */
-    if ((opt & OPT_lud) && (myuid || !argv[0]))
+    if ((opt & OPT_lud) && (myuid != 0 || !argv[0]))
         bb_show_usage();
 
@@ -119 +127 @@
 
     pw = xgetpwnam(name);
-    if (myuid && pw->pw_uid != myuid) {
+    if (myuid != 0 && pw->pw_uid != myuid) {
         /* LOGMODE_BOTH */
         bb_error_msg_and_die("%s can't change password for %s", myname, name);
@@ -153 +161 @@
     c = pw->pw_passwd[0] - '!';
     if (!(opt & OPT_lud)) {
-        if (myuid && !c) { /* passwd starts with '!' */
+        if (myuid != 0 && !c) { /* passwd starts with '!' */
             /* LOGMODE_BOTH */
             bb_error_msg_and_die("can't change "
@@ -159 +167 @@
         }
         printf("Changing password for %s\n", name);
-        newp = new_password(pw, myuid, opt & STATE_ALGO_md5);
+        newp = new_password(pw, myuid, opt_a);
         if (!newp) {
             logmode = LOGMODE_STDIO;
@@ -165 +173 @@
         }
     } else if (opt & OPT_lock) {
-        if (!c) goto skip; /* passwd starts with '!' */
+        if (!c)
+            goto skip; /* passwd starts with '!' */
         newp = xasprintf("!%s", pw->pw_passwd);
     } else if (opt & OPT_unlock) {
-        if (c) goto skip; /* not '!' */
+        if (c)
+            goto skip; /* not '!' */
         /* pw->pw_passwd points to static storage,
          * strdup'ing to avoid nasty surprizes */
         newp = xstrdup(&pw->pw_passwd[1]);
     } else if (opt & OPT_delete) {
-        //newp = xstrdup("");
         newp = (char*)"";
     }
@@ -190 +199 @@
     filename = bb_path_shadow_file;
     rc = update_passwd(bb_path_shadow_file, name, newp, NULL);
-    if (rc == 0) /* no lines updated, no errors detected */
+    if (rc > 0)
+        /* password in /etc/shadow was updated */
+        newp = (char*) "x";
+    if (rc >= 0)
+        /* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */
 #endif
     {
@@ -198 +211 @@
     /* LOGMODE_BOTH */
     if (rc < 0)
-        bb_error_msg_and_die("can't update password file %s",
-                filename);
+        bb_error_msg_and_die("can't update password file %s", filename);
     bb_info_msg("Password for %s changed by %s", name, myname);
 
-    //if (ENABLE_FEATURE_CLEAN_UP) free(newp);
+    /*if (ENABLE_FEATURE_CLEAN_UP) free(newp); - can't, it may be non-malloced */
  skip:
     if (!newp) {
@@ -208 +220 @@
             name, (opt & OPT_unlock) ? "un" : "");
     }
-    if (ENABLE_FEATURE_CLEAN_UP) free(myname);
+
+    if (ENABLE_FEATURE_CLEAN_UP)
+        free(myname);
     return 0;
 }