Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 1 | /* password.c - password read/update helper functions. |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 2 | * |
| 3 | * Copyright 2012 Ashwini Kumar <ak.ashwini@gmail.com> |
| 4 | */ |
| 5 | |
| 6 | #include "toys.h" |
| 7 | #include <time.h> |
| 8 | |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 9 | // generate appropriate random salt string for given encryption algorithm. |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 10 | int get_salt(char *salt, char *algo) |
| 11 | { |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 12 | struct { |
| 13 | char *type, id, len; |
| 14 | } al[] = {{"des", 0, 2}, {"md5", 1, 8}, {"sha256", 5, 16}, {"sha512", 6, 16}}; |
| 15 | int i; |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 16 | |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 17 | for (i = 0; i < ARRAY_LEN(al); i++) { |
| 18 | if (!strcmp(algo, al[i].type)) { |
| 19 | int len = al[i].len; |
| 20 | char *s = salt; |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 21 | |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 22 | if (al[i].id) { |
| 23 | *s++ = '$'; |
| 24 | *s++ = '0'+al[i].id; |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 25 | *s++ = '$'; |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 26 | } |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 27 | |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 28 | // Read appropriate number of random bytes for salt |
| 29 | i = xopen("/dev/urandom", O_RDONLY); |
| 30 | xreadall(i, libbuf, ((len*6)+7)/8); |
| 31 | close(i); |
Rob Landley | 3403742 | 2013-10-16 20:01:46 -0500 | [diff] [blame] | 32 | |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 33 | // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z |
| 34 | for (i=0; i<len; i++) { |
| 35 | int bitpos = i*6, bits = bitpos/8; |
Rob Landley | 3403742 | 2013-10-16 20:01:46 -0500 | [diff] [blame] | 36 | |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 37 | bits = ((libbuf[i]+(libbuf[i+1]<<8)) >> (bitpos&7)) & 0x3f; |
| 38 | bits += 46; |
| 39 | if (bits > 57) bits += 7; |
| 40 | if (bits > 90) bits += 6; |
Rob Landley | 3403742 | 2013-10-16 20:01:46 -0500 | [diff] [blame] | 41 | |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 42 | s[i] = bits; |
| 43 | } |
| 44 | salt[len] = 0; |
| 45 | |
| 46 | return s-salt; |
| 47 | } |
Rob Landley | 3403742 | 2013-10-16 20:01:46 -0500 | [diff] [blame] | 48 | } |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 49 | |
Rob Landley | 6d15f0d | 2014-06-25 22:54:59 -0500 | [diff] [blame] | 50 | return -1; |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 51 | } |
| 52 | |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 53 | // Reset terminal to known state, returning old state if old != NULL. |
| 54 | int set_terminal(int fd, int raw, struct termios *old) |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 55 | { |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 56 | struct termios termio; |
| 57 | |
| 58 | if (!tcgetattr(fd, &termio) && old) *old = termio; |
| 59 | |
| 60 | // the following are the bits set for an xterm. Linux text mode TTYs by |
| 61 | // default add two additional bits that only matter for serial processing |
| 62 | // (turn serial line break into an interrupt, and XON/XOFF flow control) |
| 63 | |
| 64 | // Any key unblocks output, swap CR and NL on input |
| 65 | termio.c_iflag = IXANY|ICRNL|INLCR; |
| 66 | if (toys.which->flags & TOYFLAG_LOCALE) termio.c_iflag |= IUTF8; |
| 67 | |
| 68 | // Output appends CR to NL, does magic undocumented postprocessing |
| 69 | termio.c_oflag = ONLCR|OPOST; |
| 70 | |
| 71 | // Leave serial port speed alone |
| 72 | // termio.c_cflag = C_READ|CS8|EXTB; |
| 73 | |
| 74 | // Generate signals, input entire line at once, echo output |
| 75 | // erase, line kill, escape control characters with ^ |
| 76 | // erase line char at a time |
| 77 | // "extended" behavior: ctrl-V quotes next char, ctrl-R reprints unread chars, |
| 78 | // ctrl-W erases word |
| 79 | termio.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN; |
| 80 | |
| 81 | if (raw) cfmakeraw(&termio); |
| 82 | |
| 83 | return tcsetattr(fd, TCSANOW, &termio); |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 84 | } |
| 85 | |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 86 | // Prompt with mesg, read password into buf, return 0 for success 1 for fail |
| 87 | int read_password(char *buf, int buflen, char *mesg) |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 88 | { |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 89 | struct termios oldtermio; |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 90 | struct sigaction sa, oldsa; |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 91 | int i, ret = 1; |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 92 | |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 93 | // NOP signal handler to return from the read |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 94 | memset(&sa, 0, sizeof(sa)); |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 95 | sa.sa_handler = generic_signal; |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 96 | sigaction(SIGINT, &sa, &oldsa); |
| 97 | |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 98 | tcflush(0, TCIFLUSH); |
| 99 | set_terminal(0, 1, &oldtermio); |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 100 | |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 101 | xprintf("%s", mesg); |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 102 | |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 103 | for (i=0; i < buflen-1; i++) { |
| 104 | if ((ret = read(0, buf+i, 1)) < 0 || (!ret && !i)) { |
| 105 | i = 0; |
| 106 | ret = 1; |
| 107 | |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 108 | break; |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 109 | } else if (!ret || buf[i] == '\n' || buf[i] == '\r') { |
| 110 | ret = 0; |
| 111 | |
| 112 | break; |
| 113 | } else if (buf[i] == 8 || buf[i] == 127) i -= i ? 2 : 1; |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 114 | } |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 115 | |
| 116 | // Restore terminal/signal state, terminate string |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 117 | sigaction(SIGINT, &oldsa, NULL); |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 118 | tcsetattr(0, TCSANOW, &oldtermio); |
Rob Landley | c0e5ff3 | 2014-06-28 20:02:01 -0500 | [diff] [blame] | 119 | buf[i] = 0; |
| 120 | xputc('\n'); |
| 121 | |
| 122 | return ret; |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 123 | } |
| 124 | |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 125 | static char *get_nextcolon(char *line, int cnt) |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 126 | { |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 127 | while (cnt--) { |
| 128 | if (!(line = strchr(line, ':'))) error_exit("Invalid Entry\n"); |
| 129 | line++; //jump past the colon |
| 130 | } |
| 131 | return line; |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 132 | } |
| 133 | |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 134 | /*update_password is used by multiple utilities to update /etc/passwd, |
| 135 | * /etc/shadow, /etc/group and /etc/gshadow files, |
| 136 | * which are used as user, group databeses |
| 137 | * entry can be |
| 138 | * 1. encrypted password, when updating user password. |
| 139 | * 2. complete entry for user details, when creating new user |
| 140 | * 3. group members comma',' separated list, when adding user to group |
| 141 | * 4. complete entry for group details, when creating new group |
Ashwini Sharma | 656d504 | 2013-12-23 07:23:28 -0600 | [diff] [blame] | 142 | * 5. entry = NULL, delete the named entry user/group |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 143 | */ |
| 144 | int update_password(char *filename, char* username, char* entry) |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 145 | { |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 146 | char *filenamesfx = NULL, *namesfx = NULL, *shadow = NULL, |
| 147 | *sfx = NULL, *line = NULL; |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 148 | FILE *exfp, *newfp; |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 149 | int ret = -1, found = 0; |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 150 | struct flock lock; |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 151 | |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 152 | shadow = strstr(filename, "shadow"); |
Rob Landley | 59d85e2 | 2014-01-16 09:26:50 -0600 | [diff] [blame] | 153 | filenamesfx = xmprintf("%s+", filename); |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 154 | sfx = strchr(filenamesfx, '+'); |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 155 | |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 156 | exfp = fopen(filename, "r+"); |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 157 | if (!exfp) { |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 158 | perror_msg("Couldn't open file %s",filename); |
| 159 | goto free_storage; |
| 160 | } |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 161 | |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 162 | *sfx = '-'; |
| 163 | ret = unlink(filenamesfx); |
| 164 | ret = link(filename, filenamesfx); |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 165 | if (ret < 0) error_msg("can't create backup file"); |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 166 | |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 167 | *sfx = '+'; |
| 168 | lock.l_type = F_WRLCK; |
| 169 | lock.l_whence = SEEK_SET; |
| 170 | lock.l_start = 0; |
| 171 | lock.l_len = 0; |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 172 | |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 173 | ret = fcntl(fileno(exfp), F_SETLK, &lock); |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 174 | if (ret < 0) perror_msg("Couldn't lock file %s",filename); |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 175 | |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 176 | lock.l_type = F_UNLCK; //unlocking at a later stage |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 177 | |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 178 | newfp = fopen(filenamesfx, "w+"); |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 179 | if (!newfp) { |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 180 | error_msg("couldn't open file for writing"); |
| 181 | ret = -1; |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 182 | fclose(exfp); |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 183 | goto free_storage; |
| 184 | } |
| 185 | |
| 186 | ret = 0; |
Rob Landley | 59d85e2 | 2014-01-16 09:26:50 -0600 | [diff] [blame] | 187 | namesfx = xmprintf("%s:",username); |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 188 | while ((line = get_line(fileno(exfp))) != NULL) |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 189 | { |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 190 | if (strncmp(line, namesfx, strlen(namesfx))) |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 191 | fprintf(newfp, "%s\n", line); |
Ashwini Sharma | 656d504 | 2013-12-23 07:23:28 -0600 | [diff] [blame] | 192 | else if (entry) { |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 193 | char *current_ptr = NULL; |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 194 | |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 195 | found = 1; |
| 196 | if (!strcmp(toys.which->name, "passwd")) { |
| 197 | fprintf(newfp, "%s%s:",namesfx, entry); |
| 198 | current_ptr = get_nextcolon(line, 2); //past passwd |
| 199 | if (shadow) { |
| 200 | fprintf(newfp, "%u:",(unsigned)(time(NULL))/(24*60*60)); |
| 201 | current_ptr = get_nextcolon(current_ptr, 1); |
| 202 | fprintf(newfp, "%s\n",current_ptr); |
| 203 | } else fprintf(newfp, "%s\n",current_ptr); |
| 204 | } else if (!strcmp(toys.which->name, "groupadd") || |
Ashwini Sharma | 656d504 | 2013-12-23 07:23:28 -0600 | [diff] [blame] | 205 | !strcmp(toys.which->name, "addgroup") || |
| 206 | !strcmp(toys.which->name, "delgroup") || |
| 207 | !strcmp(toys.which->name, "groupdel")){ |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 208 | current_ptr = get_nextcolon(line, 3); //past gid/admin list |
| 209 | *current_ptr = '\0'; |
| 210 | fprintf(newfp, "%s", line); |
| 211 | fprintf(newfp, "%s\n", entry); |
| 212 | } |
| 213 | } |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 214 | free(line); |
| 215 | } |
| 216 | free(namesfx); |
Ashwini Sharma | 656d504 | 2013-12-23 07:23:28 -0600 | [diff] [blame] | 217 | if (!found && entry) fprintf(newfp, "%s\n", entry); |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 218 | fcntl(fileno(exfp), F_SETLK, &lock); |
| 219 | fclose(exfp); |
| 220 | |
| 221 | errno = 0; |
| 222 | fflush(newfp); |
| 223 | fsync(fileno(newfp)); |
| 224 | fclose(newfp); |
| 225 | rename(filenamesfx, filename); |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 226 | if (errno) { |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 227 | perror_msg("File Writing/Saving failed: "); |
| 228 | unlink(filenamesfx); |
| 229 | ret = -1; |
| 230 | } |
Rob Landley | 2c917f5 | 2012-07-17 08:54:47 -0500 | [diff] [blame] | 231 | |
| 232 | free_storage: |
Rob Landley | 7aa651a | 2012-11-13 17:14:08 -0600 | [diff] [blame] | 233 | free(filenamesfx); |
| 234 | return ret; |
| 235 | } |
Rob Landley | d0f7935 | 2013-10-16 19:30:17 -0500 | [diff] [blame] | 236 | |
| 237 | void is_valid_username(const char *name) |
| 238 | { |
| 239 | regex_t rp; |
| 240 | regmatch_t rm[1]; |
| 241 | int eval; |
| 242 | char *regex = "^[_.A-Za-z0-9][-_.A-Za-z0-9]*"; //User name REGEX |
| 243 | |
| 244 | xregcomp(&rp, regex, REG_NEWLINE); |
| 245 | |
| 246 | /* compare string against pattern -- remember that patterns |
| 247 | are anchored to the beginning of the line */ |
| 248 | eval = regexec(&rp, name, 1, rm, 0); |
| 249 | regfree(&rp); |
| 250 | if (!eval && !rm[0].rm_so) { |
| 251 | int len = strlen(name); |
| 252 | if ((rm[0].rm_eo == len) || |
| 253 | (rm[0].rm_eo == len - 1 && name[len - 1] == '$')) { |
| 254 | if (len >= LOGIN_NAME_MAX) error_exit("name is too long"); |
| 255 | else return; |
| 256 | } |
| 257 | } |
| 258 | error_exit("'%s', not valid %sname",name, |
| 259 | (((toys.which->name[3] == 'g') || |
| 260 | (toys.which->name[0] == 'g'))? "group" : "user")); |
| 261 | } |