Changeset 3232 in MondoRescue for branches/3.2/mindi-busybox/loginutils/passwd.c
- Timestamp:
- Jan 1, 2014, 12:47:38 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.2/mindi-busybox/loginutils/passwd.c
r2725 r3232 3 3 * Licensed under GPLv2 or later, see file LICENSE in this source tree. 4 4 */ 5 6 //usage:#define passwd_trivial_usage 7 //usage: "[OPTIONS] [USER]" 8 //usage:#define passwd_full_usage "\n\n" 9 //usage: "Change USER's password (default: current user)" 10 //usage: "\n" 11 //usage: "\n -a ALG Encryption method" 12 //usage: "\n -d Set password to ''" 13 //usage: "\n -l Lock (disable) account" 14 //usage: "\n -u Unlock (enable) account" 15 5 16 #include "libbb.h" 6 17 #include <syslog.h> 18 #include <sys/resource.h> /* setrlimit */ 7 19 8 20 static void nuke_str(char *str) … … 11 23 } 12 24 13 static char* new_password(const struct passwd *pw, uid_t myuid, intalgo)25 static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo) 14 26 { 15 char salt[ sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */27 char salt[MAX_PW_SALT_LEN]; 16 28 char *orig = (char*)""; 17 29 char *newp = NULL; … … 19 31 char *ret = NULL; /* failure so far */ 20 32 21 if (myuid && pw->pw_passwd[0]) {33 if (myuid != 0 && pw->pw_passwd[0]) { 22 34 char *encrypted; 23 35 … … 27 39 encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */ 28 40 if (strcmp(encrypted, pw->pw_passwd) != 0) { 29 syslog(LOG_WARNING, "incorrect password for %s", 30 pw->pw_name); 31 bb_do_delay(FAIL_DELAY); 41 syslog(LOG_WARNING, "incorrect password for %s", pw->pw_name); 42 bb_do_delay(LOGIN_FAIL_DELAY); 32 43 puts("Incorrect password"); 33 44 goto err_ret; 34 45 } 35 if (ENABLE_FEATURE_CLEAN_UP) free(encrypted); 46 if (ENABLE_FEATURE_CLEAN_UP) 47 free(encrypted); 36 48 } 37 49 orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */ … … 41 53 newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */ 42 54 if (ENABLE_FEATURE_PASSWD_WEAK_CHECK 43 && obscure(orig, newp, pw) && myuid) 55 && obscure(orig, newp, pw) 56 && myuid != 0 57 ) { 44 58 goto err_ret; /* non-root is not allowed to have weak passwd */ 59 } 45 60 46 61 cp = bb_ask_stdin("Retype password: "); 47 62 if (!cp) 48 63 goto err_ret; 49 if (strcmp(cp, newp) ) {64 if (strcmp(cp, newp) != 0) { 50 65 puts("Passwords don't match"); 51 66 goto err_ret; 52 67 } 53 68 54 crypt_make_salt(salt, 1, 0); /* des */ 55 if (algo) { /* MD5 */ 56 strcpy(salt, "$1$"); 57 crypt_make_salt(salt + 3, 4, 0); 58 } 69 crypt_make_pw_salt(salt, algo); 70 59 71 /* pw_encrypt returns malloced str */ 60 72 ret = pw_encrypt(newp, salt, 1); … … 64 76 nuke_str(orig); 65 77 if (ENABLE_FEATURE_CLEAN_UP) free(orig); 78 66 79 nuke_str(newp); 67 80 if (ENABLE_FEATURE_CLEAN_UP) free(newp); 81 68 82 nuke_str(cp); 69 83 return ret; … … 74 88 { 75 89 enum { 76 OPT_algo = 0x1, /* -a - password algorithm */ 77 OPT_lock = 0x2, /* -l - lock account */ 78 OPT_unlock = 0x4, /* -u - unlock account */ 79 OPT_delete = 0x8, /* -d - delete password */ 80 OPT_lud = 0xe, 81 STATE_ALGO_md5 = 0x10, 82 //STATE_ALGO_des = 0x20, not needed yet 90 OPT_algo = (1 << 0), /* -a - password algorithm */ 91 OPT_lock = (1 << 1), /* -l - lock account */ 92 OPT_unlock = (1 << 2), /* -u - unlock account */ 93 OPT_delete = (1 << 3), /* -d - delete password */ 94 OPT_lud = OPT_lock | OPT_unlock | OPT_delete, 83 95 }; 84 96 unsigned opt; 85 97 int rc; 86 const char *opt_a = "";98 const char *opt_a = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO; 87 99 const char *filename; 88 100 char *myname; … … 105 117 argv += optind; 106 118 107 if (strcasecmp(opt_a, "des") != 0) /* -a */108 opt |= STATE_ALGO_md5;109 //else110 // opt |= STATE_ALGO_des;111 119 myuid = getuid(); 112 120 /* -l, -u, -d require root priv and username argument */ 113 if ((opt & OPT_lud) && (myuid || !argv[0]))121 if ((opt & OPT_lud) && (myuid != 0 || !argv[0])) 114 122 bb_show_usage(); 115 123 … … 119 127 120 128 pw = xgetpwnam(name); 121 if (myuid && pw->pw_uid != myuid) {129 if (myuid != 0 && pw->pw_uid != myuid) { 122 130 /* LOGMODE_BOTH */ 123 131 bb_error_msg_and_die("%s can't change password for %s", myname, name); … … 153 161 c = pw->pw_passwd[0] - '!'; 154 162 if (!(opt & OPT_lud)) { 155 if (myuid && !c) { /* passwd starts with '!' */163 if (myuid != 0 && !c) { /* passwd starts with '!' */ 156 164 /* LOGMODE_BOTH */ 157 165 bb_error_msg_and_die("can't change " … … 159 167 } 160 168 printf("Changing password for %s\n", name); 161 newp = new_password(pw, myuid, opt & STATE_ALGO_md5);169 newp = new_password(pw, myuid, opt_a); 162 170 if (!newp) { 163 171 logmode = LOGMODE_STDIO; … … 165 173 } 166 174 } else if (opt & OPT_lock) { 167 if (!c) goto skip; /* passwd starts with '!' */ 175 if (!c) 176 goto skip; /* passwd starts with '!' */ 168 177 newp = xasprintf("!%s", pw->pw_passwd); 169 178 } else if (opt & OPT_unlock) { 170 if (c) goto skip; /* not '!' */ 179 if (c) 180 goto skip; /* not '!' */ 171 181 /* pw->pw_passwd points to static storage, 172 182 * strdup'ing to avoid nasty surprizes */ 173 183 newp = xstrdup(&pw->pw_passwd[1]); 174 184 } else if (opt & OPT_delete) { 175 //newp = xstrdup("");176 185 newp = (char*)""; 177 186 } … … 190 199 filename = bb_path_shadow_file; 191 200 rc = update_passwd(bb_path_shadow_file, name, newp, NULL); 192 if (rc == 0) /* no lines updated, no errors detected */ 201 if (rc > 0) 202 /* password in /etc/shadow was updated */ 203 newp = (char*) "x"; 204 if (rc >= 0) 205 /* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */ 193 206 #endif 194 207 { … … 198 211 /* LOGMODE_BOTH */ 199 212 if (rc < 0) 200 bb_error_msg_and_die("can't update password file %s", 201 filename); 213 bb_error_msg_and_die("can't update password file %s", filename); 202 214 bb_info_msg("Password for %s changed by %s", name, myname); 203 215 204 / /if (ENABLE_FEATURE_CLEAN_UP) free(newp);216 /*if (ENABLE_FEATURE_CLEAN_UP) free(newp); - can't, it may be non-malloced */ 205 217 skip: 206 218 if (!newp) { … … 208 220 name, (opt & OPT_unlock) ? "un" : ""); 209 221 } 210 if (ENABLE_FEATURE_CLEAN_UP) free(myname); 222 223 if (ENABLE_FEATURE_CLEAN_UP) 224 free(myname); 211 225 return 0; 212 226 }
Note:
See TracChangeset
for help on using the changeset viewer.