Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 1 | /* vi: set sw=4 ts=4: */ |
"Robert P. J. Day" | 801ab14 | 2006-07-12 07:56:04 +0000 | [diff] [blame] | 2 | /* |
| 3 | * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. |
| 4 | */ |
| 5 | |
Denis Vlasenko | b6adbf1 | 2007-05-26 19:00:18 +0000 | [diff] [blame] | 6 | #include "libbb.h" |
Rob Landley | d921b2e | 2006-08-03 15:41:12 +0000 | [diff] [blame] | 7 | #include <syslog.h> |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 8 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 9 | |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 10 | static void nuke_str(char *str) |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 11 | { |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 12 | if (str) memset(str, 0, strlen(str)); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 13 | } |
| 14 | |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 15 | static char* new_password(const struct passwd *pw, uid_t myuid, int algo) |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 16 | { |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 17 | char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */ |
Denis Vlasenko | 06c0a71 | 2007-01-29 22:51:44 +0000 | [diff] [blame] | 18 | char *orig = (char*)""; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 19 | char *newp = NULL; |
| 20 | char *cipher = NULL; |
| 21 | char *cp = NULL; |
| 22 | char *ret = NULL; /* failure so far */ |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 23 | |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 24 | if (myuid && pw->pw_passwd[0]) { |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 25 | orig = bb_askpass(0, "Old password:"); /* returns ptr to static */ |
| 26 | if (!orig) |
| 27 | goto err_ret; |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 28 | cipher = pw_encrypt(orig, pw->pw_passwd); /* returns ptr to static */ |
| 29 | if (strcmp(cipher, pw->pw_passwd) != 0) { |
Denis Vlasenko | d78b433 | 2006-09-23 12:30:03 +0000 | [diff] [blame] | 30 | syslog(LOG_WARNING, "incorrect password for '%s'", |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 31 | pw->pw_name); |
Rob Landley | 84cb767 | 2006-01-06 20:59:09 +0000 | [diff] [blame] | 32 | bb_do_delay(FAIL_DELAY); |
Denis Vlasenko | d78b433 | 2006-09-23 12:30:03 +0000 | [diff] [blame] | 33 | puts("Incorrect password"); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 34 | goto err_ret; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 35 | } |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 36 | } |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 37 | orig = xstrdup(orig); /* or else bb_askpass() will destroy it */ |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 38 | newp = bb_askpass(0, "New password:"); /* returns ptr to static */ |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 39 | if (!newp) |
| 40 | goto err_ret; |
| 41 | newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */ |
Denis Vlasenko | 8eb3b39 | 2006-12-19 00:33:53 +0000 | [diff] [blame] | 42 | if (ENABLE_FEATURE_PASSWD_WEAK_CHECK |
| 43 | && obscure(orig, newp, pw) && myuid) |
Denis Vlasenko | 16c2c70 | 2006-12-12 18:11:58 +0000 | [diff] [blame] | 44 | goto err_ret; /* non-root is not allowed to have weak passwd */ |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 45 | |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 46 | cp = bb_askpass(0, "Retype password:"); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 47 | if (!cp) |
| 48 | goto err_ret; |
| 49 | if (strcmp(cp, newp)) { |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 50 | puts("Passwords don't match"); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 51 | goto err_ret; |
| 52 | } |
| 53 | |
Denis Vlasenko | 21d1014 | 2007-07-20 21:28:41 +0000 | [diff] [blame] | 54 | crypt_make_salt(salt, 1, 0); /* des */ |
Denis Vlasenko | 0025264 | 2006-11-30 20:41:28 +0000 | [diff] [blame] | 55 | if (algo) { /* MD5 */ |
Ned Ludd | 7919764 | 2006-04-21 00:40:35 +0000 | [diff] [blame] | 56 | strcpy(salt, "$1$"); |
Denis Vlasenko | 21d1014 | 2007-07-20 21:28:41 +0000 | [diff] [blame] | 57 | crypt_make_salt(salt + 3, 4, 0); |
Ned Ludd | 7919764 | 2006-04-21 00:40:35 +0000 | [diff] [blame] | 58 | } |
Denis Vlasenko | 3734b94 | 2007-07-27 11:20:10 +0000 | [diff] [blame] | 59 | /* pw_encrypt returns ptr to static */ |
| 60 | ret = xstrdup(pw_encrypt(newp, salt)); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 61 | /* whee, success! */ |
Ned Ludd | 7919764 | 2006-04-21 00:40:35 +0000 | [diff] [blame] | 62 | |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 63 | err_ret: |
| 64 | nuke_str(orig); |
| 65 | if (ENABLE_FEATURE_CLEAN_UP) free(orig); |
| 66 | nuke_str(newp); |
| 67 | if (ENABLE_FEATURE_CLEAN_UP) free(newp); |
| 68 | nuke_str(cipher); |
| 69 | nuke_str(cp); |
| 70 | return ret; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 71 | } |
| 72 | |
Denis Vlasenko | 06af216 | 2007-02-03 17:28:39 +0000 | [diff] [blame] | 73 | int passwd_main(int argc, char **argv); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 74 | int passwd_main(int argc, char **argv) |
| 75 | { |
| 76 | enum { |
| 77 | OPT_algo = 0x1, /* -a - password algorithm */ |
| 78 | OPT_lock = 0x2, /* -l - lock account */ |
| 79 | OPT_unlock = 0x4, /* -u - unlock account */ |
| 80 | OPT_delete = 0x8, /* -d - delete password */ |
| 81 | OPT_lud = 0xe, |
| 82 | STATE_ALGO_md5 = 0x10, |
Denis Vlasenko | 3734b94 | 2007-07-27 11:20:10 +0000 | [diff] [blame] | 83 | //STATE_ALGO_des = 0x20, not needed yet |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 84 | }; |
| 85 | unsigned opt; |
Denis Vlasenko | 21d1014 | 2007-07-20 21:28:41 +0000 | [diff] [blame] | 86 | int rc; |
Denis Vlasenko | 06c0a71 | 2007-01-29 22:51:44 +0000 | [diff] [blame] | 87 | const char *opt_a = ""; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 88 | const char *filename; |
| 89 | char *myname; |
| 90 | char *name; |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 91 | char *newp; |
| 92 | struct passwd *pw; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 93 | uid_t myuid; |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 94 | struct rlimit rlimit_fsize; |
| 95 | char c; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 96 | |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 97 | #if ENABLE_FEATURE_SHADOWPASSWDS |
| 98 | /* Using _r function to avoid pulling in static buffers */ |
| 99 | struct spwd spw; |
| 100 | struct spwd *result; |
| 101 | char buffer[256]; |
| 102 | #endif |
| 103 | |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 104 | logmode = LOGMODE_BOTH; |
| 105 | openlog(applet_name, LOG_NOWAIT, LOG_AUTH); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 106 | opt = getopt32(argc, argv, "a:lud", &opt_a); |
Denis Vlasenko | 3734b94 | 2007-07-27 11:20:10 +0000 | [diff] [blame] | 107 | //argc -= optind; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 108 | argv += optind; |
| 109 | |
Denis Vlasenko | 4c87d4f | 2006-11-30 23:13:59 +0000 | [diff] [blame] | 110 | if (strcasecmp(opt_a, "des") != 0) /* -a */ |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 111 | opt |= STATE_ALGO_md5; |
Denis Vlasenko | 4c87d4f | 2006-11-30 23:13:59 +0000 | [diff] [blame] | 112 | //else |
| 113 | // opt |= STATE_ALGO_des; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 114 | myuid = getuid(); |
Denis Vlasenko | 3734b94 | 2007-07-27 11:20:10 +0000 | [diff] [blame] | 115 | /* -l, -u, -d require root priv and username argument */ |
| 116 | if ((opt & OPT_lud) && (myuid || !argv[0])) |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 117 | bb_show_usage(); |
| 118 | |
Denis Vlasenko | 3734b94 | 2007-07-27 11:20:10 +0000 | [diff] [blame] | 119 | /* Will complain and die if username not found */ |
| 120 | myname = xstrdup(bb_getpwuid(NULL, -1, myuid)); |
| 121 | name = argv[0] ? argv[0] : myname; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 122 | |
| 123 | pw = getpwnam(name); |
| 124 | if (!pw) bb_error_msg_and_die("unknown user %s", name); |
| 125 | if (myuid && pw->pw_uid != myuid) { |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 126 | /* LOGMODE_BOTH */ |
| 127 | bb_error_msg_and_die("%s can't change password for %s", myname, name); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 128 | } |
| 129 | |
Denis Vlasenko | b5a122b | 2006-12-30 14:46:51 +0000 | [diff] [blame] | 130 | #if ENABLE_FEATURE_SHADOWPASSWDS |
Denis Vlasenko | 1d10aaf | 2007-07-27 11:22:34 +0000 | [diff] [blame] | 131 | /* getspnam_r() can lie! Even if user isn't in shadow, it can |
| 132 | * return success (pwd field was seen set to "!" in this case) */ |
| 133 | if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result) |
| 134 | || LONE_CHAR(spw.sp_pwdp, '!')) { |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 135 | /* LOGMODE_BOTH */ |
| 136 | bb_error_msg("no record of %s in %s, using %s", |
| 137 | name, bb_path_shadow_file, |
| 138 | bb_path_passwd_file); |
| 139 | } else { |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 140 | pw->pw_passwd = spw.sp_pwdp; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 141 | } |
Denis Vlasenko | b5a122b | 2006-12-30 14:46:51 +0000 | [diff] [blame] | 142 | #endif |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 143 | |
| 144 | /* Decide what the new password will be */ |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 145 | newp = NULL; |
| 146 | c = pw->pw_passwd[0] - '!'; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 147 | if (!(opt & OPT_lud)) { |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 148 | if (myuid && !c) { /* passwd starts with '!' */ |
| 149 | /* LOGMODE_BOTH */ |
| 150 | bb_error_msg_and_die("cannot change " |
| 151 | "locked password for %s", name); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 152 | } |
| 153 | printf("Changing password for %s\n", name); |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 154 | newp = new_password(pw, myuid, opt & STATE_ALGO_md5); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 155 | if (!newp) { |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 156 | logmode = LOGMODE_STDIO; |
| 157 | bb_error_msg_and_die("password for %s is unchanged", name); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 158 | } |
| 159 | } else if (opt & OPT_lock) { |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 160 | if (!c) goto skip; /* passwd starts with '!' */ |
| 161 | newp = xasprintf("!%s", pw->pw_passwd); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 162 | } else if (opt & OPT_unlock) { |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 163 | if (c) goto skip; /* not '!' */ |
Denis Vlasenko | 3734b94 | 2007-07-27 11:20:10 +0000 | [diff] [blame] | 164 | /* pw->pw_passwd pints to static storage, |
| 165 | * strdup'ing to avoid nasty surprizes */ |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 166 | newp = xstrdup(&pw->pw_passwd[1]); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 167 | } else if (opt & OPT_delete) { |
Denis Vlasenko | 3734b94 | 2007-07-27 11:20:10 +0000 | [diff] [blame] | 168 | //newp = xstrdup(""); |
| 169 | newp = (char*)""; |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 170 | } |
| 171 | |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 172 | rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000; |
| 173 | setrlimit(RLIMIT_FSIZE, &rlimit_fsize); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 174 | signal(SIGHUP, SIG_IGN); |
| 175 | signal(SIGINT, SIG_IGN); |
| 176 | signal(SIGQUIT, SIG_IGN); |
| 177 | umask(077); |
| 178 | xsetuid(0); |
Denis Vlasenko | 1d10aaf | 2007-07-27 11:22:34 +0000 | [diff] [blame] | 179 | |
| 180 | #if ENABLE_FEATURE_SHADOWPASSWDS |
| 181 | filename = bb_path_shadow_file; |
| 182 | rc = update_passwd(bb_path_shadow_file, name, newp); |
| 183 | if (rc == 0) /* no lines updated, no errors detected */ |
| 184 | #endif |
| 185 | { |
| 186 | filename = bb_path_passwd_file; |
| 187 | rc = update_passwd(bb_path_passwd_file, name, newp); |
| 188 | } |
| 189 | /* LOGMODE_BOTH */ |
Denis Vlasenko | 21d1014 | 2007-07-20 21:28:41 +0000 | [diff] [blame] | 190 | if (rc < 0) |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 191 | bb_error_msg_and_die("cannot update password file %s", |
| 192 | filename); |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 193 | bb_info_msg("Password for %s changed by %s", name, myname); |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 194 | |
Denis Vlasenko | 3734b94 | 2007-07-27 11:20:10 +0000 | [diff] [blame] | 195 | //if (ENABLE_FEATURE_CLEAN_UP) free(newp); |
| 196 | skip: |
Denis Vlasenko | becd8c5 | 2006-12-01 21:34:20 +0000 | [diff] [blame] | 197 | if (!newp) { |
| 198 | bb_error_msg_and_die("password for %s is already %slocked", |
| 199 | name, (opt & OPT_unlock) ? "un" : ""); |
| 200 | } |
Denis Vlasenko | ab24e18 | 2006-11-30 16:41:15 +0000 | [diff] [blame] | 201 | if (ENABLE_FEATURE_CLEAN_UP) free(myname); |
| 202 | return 0; |
| 203 | } |