Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / toybox / c0e56edaf256adb6c60c5a052525a1ffbb927901 / . / toys / lsb / passwd.c
blob: ef119c5d69585ed9ffd12ce580bd9b6d547912f8 [file] [log] [blame]
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]1/* vi: set sw=4 ts=4:
2 *
3 * passwd.c - Program to upadte user password.
4 *
5 * Copyright 2012 Ashwini Kumar <ak.ashwini@gmail.com>
6 * Modified 2012 Jason Kyungwan Han <asura321@gmail.com>
7 *
Rob Landleyf91b7c82012-08-25 18:08:51 -0500[diff] [blame]8 * http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/passwd.html
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]9
10USE_PASSWD(NEWTOY(passwd, ">1a:dlu", TOYFLAG_STAYROOT|TOYFLAG_USR|TOYFLAG_BIN))
11
12config PASSWD
13 bool "passwd"
14 default y
15 help
16 usage: passwd [-a ALGO] [-d] [-l] [-u] <account name>
17
18 update user’s authentication tokens. Default : current user
19
20 -a ALGO Encryption method (des, md5, sha256, sha512) default: des
21 -d Set password to ''
22 -l Lock (disable) account
23 -u Unlock (enable) account
24
25*/
26
Rob Landleyc0e56ed2012-10-08 00:02:30 -0500[diff] [blame^]27#define FOR_passwd
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]28#include "toys.h"
29#include <time.h>
30
Rob Landleyc0e56ed2012-10-08 00:02:30 -0500[diff] [blame^]31GLOBALS(
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]32 char *algo;
33)
34
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]35#define MAX_SALT_LEN 20 //3 for id, 16 for key, 1 for '\0'
36#define URANDOM_PATH "/dev/urandom"
37
38#ifndef _GNU_SOURCE
39char *strcasestr(const char *haystack, const char *needle);
40#endif
41
42unsigned int random_number_generator(int fd)
43{
44 unsigned int randnum;
45 xreadall(fd, &randnum, sizeof(randnum));
46 return randnum;
47}
48
49
50
51char inttoc(int i)
52{
53 // salt value uses 64 chracters in "./0-9a-zA-Z"
54 const char character_set[]="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
55 i &= 0x3f; // masking for using 10 bits only
56 return character_set[i];
57}
58
59int get_salt(char *salt)
60{
61 int i, salt_length = 0;
62 int randfd;
63 if(!strncmp(TT.algo,"des",3)){
64 // 2 bytes salt value is used in des
65 salt_length = 2;
66 } else {
67 *salt++ = '$';
68 if(!strncmp(TT.algo,"md5",3)){
69 *salt++ = '1';
70 // 8 bytes salt value is used in md5
71 salt_length = 8;
72 } else if(!strncmp(TT.algo,"sha256",6)){
73 *salt++ = '5';
74 // 16 bytes salt value is used in sha256
75 salt_length = 16;
76 } else if(!strncmp(TT.algo,"sha512",6)){
77 *salt++ = '6';
78 // 16 bytes salt value is used in sha512
79 salt_length = 16;
80 } else return 1;
81
82 *salt++ = '$';
83 }
84
85 randfd = xopen(URANDOM_PATH, O_RDONLY);
86 for(i=0; i<salt_length; i++)
87 salt[i] = inttoc(random_number_generator(randfd));
88 salt[salt_length+1] = '\0';
89 xclose(randfd);
90
91 return 0;
92}
93
94static int str_check(char *s, char *p)
95{
96 if((strcasestr(s, p) != NULL) || (strcasestr(p, s) != NULL))
97 return 1;
98 return 0;
99}
100
101static void strength_check(char *newp, char *oldp, char *user)
102{
103 char *msg = NULL;
104 if(strlen(newp) < 6) { //Min passwd len
105 msg = "too short";
106 xprintf("BAD PASSWORD: %s\n",msg);
107 }
108 if(!newp[0])
109 return; //passwd is empty
110
111 if(str_check(newp, user)) {
112 msg = "user based password";
113 xprintf("BAD PASSWORD: %s\n",msg);
114 }
115
116 if(oldp[0] && str_check(newp, oldp)) {
117 msg = "based on old passwd";
118 xprintf("BAD PASSWORD: %s\n",msg);
119 }
120}
121
122static int verify_passwd(char * pwd)
123{
124 char * pass;
125
126 if (!pwd) return 1;
127 if (pwd[0] == '!' || pwd[0] == '*') return 1;
128
129 pass = crypt(toybuf, pwd);
130 if (pass != NULL && strcmp(pass, pwd)==0)
131 return 0;
132
133 return 1;
134}
135
136static char *new_password(char *oldp, char *user)
137{
138 char *newp = NULL;
139
Rob Landley6ba38c22012-07-21 18:38:36 -0500[diff] [blame]140 if(read_password(toybuf, sizeof(toybuf), "New password:"))
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]141 return NULL; //may be due to Ctrl-C
142
143 newp = xstrdup(toybuf);
144 strength_check(newp, oldp, user);
Rob Landley6ba38c22012-07-21 18:38:36 -0500[diff] [blame]145 if(read_password(toybuf, sizeof(toybuf), "Retype password:")) {
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]146 free(newp);
147 return NULL; //may be due to Ctrl-C
148 }
149
150 if(strcmp(newp, toybuf) == 0)
151 return newp;
152 else error_msg("Passwords do not match.\n");
153 /*Failure Case */
154 free(newp);
155 return NULL;
156}
157
158
159void passwd_main(void)
160{
161 uid_t myuid;
162 struct passwd *pw;
163 struct spwd *sp;
164 char *name = NULL;
165 char *pass = NULL, *encrypted = NULL, *newp = NULL;
166 char *orig = (char *)"";
167 char salt[MAX_SALT_LEN];
168 int ret = -1;
169
170 myuid = getuid();
171 if((myuid != 0) && (toys.optflags & (FLAG_l | FLAG_u | FLAG_d)))
172 error_exit("You need to be root to do these actions\n");
173
174 pw = getpwuid(myuid);
175
176 if(!pw)
177 error_exit("Unknown uid '%u'",myuid);
178
179 if(toys.optargs[0])
180 name = toys.optargs[0];
181 else
182 name = xstrdup(pw->pw_name);
183
184 pw = getpwnam(name);
185 if(!pw) error_exit("Unknown user '%s'",name);
186
187 if(myuid != 0 && (myuid != pw->pw_uid))
188 error_exit("You need to be root to change '%s' password\n", name);
189
190 pass = pw->pw_passwd;
191 if(pw->pw_passwd[0] == 'x') {
192 /*get shadow passwd */
193 sp = getspnam(name);
194 if(sp)
195 pass = sp->sp_pwdp;
196 }
197
198
199 if(!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) {
200 printf("Changing password for %s\n",name);
201 if(pass[0] == '!')
202 error_exit("Can't change, password is locked for %s",name);
203 if(myuid != 0) {
204 /*Validate user */
205
Rob Landley6ba38c22012-07-21 18:38:36 -0500[diff] [blame]206 if(read_password(toybuf, sizeof(toybuf), "Origial password:")) {
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]207 if(!toys.optargs[0]) free(name);
208 return;
209 }
210 orig = toybuf;
211 if(verify_passwd(pass))
212 error_exit("Authentication failed\n");
213 }
214
215 orig = xstrdup(orig);
216
217 /*Get new password */
218 newp = new_password(orig, name);
219 if(!newp) {
220 free(orig);
221 if(!toys.optargs[0]) free(name);
222 return; //new password is not set well.
223 }
224
225 /*Encrypt the passwd */
226 if(!(toys.optflags & FLAG_a)) TT.algo = "des";
227
228 if(get_salt(salt))
229 error_exit("Error: Unkown encryption algorithm\n");
230
231 encrypted = crypt(newp, salt);
232 free(newp);
233 free(orig);
234 }
235 else if(toys.optflags & FLAG_l) {
236 if(pass[0] == '!')
237 error_exit("password is already locked for %s",name);
238 printf("Locking password for %s\n",name);
239 encrypted = xmsprintf("!%s",pass);
240 }
241 else if(toys.optflags & FLAG_u) {
242 if(pass[0] != '!')
243 error_exit("password is already unlocked for %s",name);
244
245 printf("Unlocking password for %s\n",name);
246 encrypted = xstrdup(&pass[1]);
247 }
248 else if(toys.optflags & FLAG_d) {
249 printf("Deleting password for %s\n",name);
250 encrypted = (char*)xzalloc(sizeof(char)*2); //1 = "", 2 = '\0'
251 }
252
253 /*Update the passwd */
254 if(pw->pw_passwd[0] == 'x')
Rob Landley6ba38c22012-07-21 18:38:36 -0500[diff] [blame]255 ret = update_password("/etc/shadow", name, encrypted);
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]256 else
Rob Landley6ba38c22012-07-21 18:38:36 -0500[diff] [blame]257 ret = update_password("/etc/passwd", name, encrypted);
Rob Landley2c917f52012-07-17 08:54:47 -0500[diff] [blame]258
259 if((toys.optflags & (FLAG_l | FLAG_u | FLAG_d)))
260 free(encrypted);
261
262 if(!toys.optargs[0]) free(name);
263 if(!ret)
264 error_msg("Success");
265 else
266 error_msg("Failure");
267}