busybox/loginutils/passwd.c

/* vi: set sw=4 ts=4: */
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <utime.h>
#include <syslog.h>
#include <time.h>
#include <sys/resource.h>
#include <errno.h>

#include "busybox.h"

static char crypt_passwd[128];

static int create_backup(const char *backup, FILE * fp);
static int new_password(const struct passwd *pw, int amroot, int algo);
static void set_filesize_limit(int blocks);


static int get_algo(char *a)
{
	int x = 1;					/* standard: MD5 */

	if (strcasecmp(a, "des") == 0)
		x = 0;
	return x;
}


static int update_passwd(const struct passwd *pw, char *crypt_pw)
{
	char filename[1024];
	char buf[1025];
	char buffer[80];
	char username[32];
	char *pw_rest;
	int mask;
	int continued;
	FILE *fp;
	FILE *out_fp;
	struct stat sb;
	struct flock lock;

#ifdef CONFIG_FEATURE_SHADOWPASSWDS
	if (access(bb_path_shadow_file, F_OK) == 0) {
		snprintf(filename, sizeof filename, "%s", bb_path_shadow_file);
	} else
#endif
	{
		snprintf(filename, sizeof filename, "%s", bb_path_passwd_file);
	}

	if (((fp = fopen(filename, "r+")) == 0) || (fstat(fileno(fp), &sb))) {
		/* return 0; */
		return 1;
	}

	/* Lock the password file before updating */
	lock.l_type = F_WRLCK;
	lock.l_whence = SEEK_SET;
	lock.l_start = 0;
	lock.l_len = 0;
	if (fcntl(fileno(fp), F_SETLK, &lock) < 0) {
		fprintf(stderr, "%s: %s\n", filename, strerror(errno));
		return 1;
	}
	lock.l_type = F_UNLCK;

	snprintf(buf, sizeof buf, "%s-", filename);
	if (create_backup(buf, fp)) {
		fcntl(fileno(fp), F_SETLK, &lock);
		fclose(fp);
		return 1;
	}
	snprintf(buf, sizeof buf, "%s+", filename);
	mask = umask(0777);
	out_fp = fopen(buf, "w");
	umask(mask);
	if ((!out_fp) || (fchmod(fileno(out_fp), sb.st_mode & 0777))
		|| (fchown(fileno(out_fp), sb.st_uid, sb.st_gid))) {
		fcntl(fileno(fp), F_SETLK, &lock);
		fclose(fp);
		fclose(out_fp);
		return 1;
	}

	continued = 0;
	snprintf(username, sizeof username, "%s:", pw->pw_name);
	rewind(fp);
	while (!feof(fp)) {
		fgets(buffer, sizeof buffer, fp);
		if (!continued) {		// Check to see if we're updating this line.
			if (strncmp(username, buffer, strlen(username)) == 0) {	// we have a match.
				pw_rest = strchr(buffer, ':');
				*pw_rest++ = '\0';
				pw_rest = strchr(pw_rest, ':');
				fprintf(out_fp, "%s:%s%s", buffer, crypt_pw, pw_rest);
			} else {
				fputs(buffer, out_fp);
			}
		} else {
			fputs(buffer, out_fp);
		}
		if (buffer[strlen(buffer) - 1] == '\n') {
			continued = 0;
		} else {
			continued = 1;
		}
		bzero(buffer, sizeof buffer);
	}

	if (fflush(out_fp) || fsync(fileno(out_fp)) || fclose(out_fp)) {
		unlink(buf);
		fcntl(fileno(fp), F_SETLK, &lock);
		fclose(fp);
		return 1;
	}
	if (rename(buf, filename) < 0) {
		fcntl(fileno(fp), F_SETLK, &lock);
		fclose(fp);
		return 1;
	} else {
		fcntl(fileno(fp), F_SETLK, &lock);
		fclose(fp);
		return 0;
	}
}


extern int passwd_main(int argc, char **argv)
{
	int amroot;
	char *cp;
	char *np;
	char *name;
	char *myname;
	int flag;
	int algo = 1;				/* -a - password algorithm */
	int lflg = 0;				/* -l - lock account */
	int uflg = 0;				/* -u - unlock account */
	int dflg = 0;				/* -d - delete password */
	const struct passwd *pw;

#ifdef CONFIG_FEATURE_SHADOWPASSWDS
	const struct spwd *sp;
#endif							/* CONFIG_FEATURE_SHADOWPASSWDS */
	amroot = (getuid() == 0);
	openlog("passwd", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
	while ((flag = getopt(argc, argv, "a:dlu")) != EOF) {
		switch (flag) {
		case 'a':
			algo = get_algo(optarg);
			break;
		case 'd':
			dflg++;
			break;
		case 'l':
			lflg++;
			break;
		case 'u':
			uflg++;
			break;
		default:
			bb_show_usage();
		}
	}
	myname = (char *) bb_xstrdup(bb_getpwuid(NULL, getuid(), -1));
	/* exits on error */
	if (optind < argc) {
		name = argv[optind];
	} else {
		name = myname;
	}
	if ((lflg || uflg || dflg) && (optind >= argc || !amroot)) {
		bb_show_usage();
	}
	pw = getpwnam(name);
	if (!pw) {
		bb_error_msg_and_die("Unknown user %s\n", name);
	}
	if (!amroot && pw->pw_uid != getuid()) {
		syslog(LOG_WARNING, "can't change pwd for `%s'", name);
		bb_error_msg_and_die("Permission denied.\n");
	}
#ifdef CONFIG_FEATURE_SHADOWPASSWDS
	sp = getspnam(name);
	if (!sp) {
		sp = (struct spwd *) pwd_to_spwd(pw);
	}
	cp = sp->sp_pwdp;
	np = sp->sp_namp;
#else
	cp = pw->pw_passwd;
	np = name;
#endif							/* CONFIG_FEATURE_SHADOWPASSWDS */

	safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
	if (!(dflg || lflg || uflg)) {
		if (!amroot) {
			if (cp[0] == '!') {
				syslog(LOG_WARNING, "password locked for `%s'", np);
				bb_error_msg_and_die( "The password for `%s' cannot be changed.\n", np);
			}
		}
		printf("Changing password for %s\n", name);
		if (new_password(pw, amroot, algo)) {
			bb_error_msg_and_die( "The password for %s is unchanged.\n", name);
		}
	} else if (lflg) {
		if (crypt_passwd[0] != '!') {
			memmove(&crypt_passwd[1], crypt_passwd,
					sizeof crypt_passwd - 1);
			crypt_passwd[sizeof crypt_passwd - 1] = '\0';
			crypt_passwd[0] = '!';
		}
	} else if (uflg) {
		if (crypt_passwd[0] == '!') {
			memmove(crypt_passwd, &crypt_passwd[1],
					sizeof crypt_passwd - 1);
		}
	} else if (dflg) {
		crypt_passwd[0] = '\0';
	}
	set_filesize_limit(30000);
	signal(SIGHUP, SIG_IGN);
	signal(SIGINT, SIG_IGN);
	signal(SIGQUIT, SIG_IGN);
	umask(077);
	if (setuid(0)) {
		syslog(LOG_ERR, "can't setuid(0)");
		bb_error_msg_and_die( "Cannot change ID to root.\n");
	}
	if (!update_passwd(pw, crypt_passwd)) {
		syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
			   myname);
		printf("Password changed.\n");
	} else {
		syslog(LOG_WARNING, "an error occurred updating the password file");
		bb_error_msg_and_die("An error occurred updating the password file.\n");
	}
	return (0);
}


static int create_backup(const char *backup, FILE * fp)
{
	struct stat sb;
	struct utimbuf ub;
	FILE *bkfp;
	int c, mask;

	if (fstat(fileno(fp), &sb))
		/* return -1; */
		return 1;

	mask = umask(077);
	bkfp = fopen(backup, "w");
	umask(mask);
	if (!bkfp)
		/* return -1; */
		return 1;

	/* TODO: faster copy, not one-char-at-a-time.  --marekm */
	rewind(fp);
	while ((c = getc(fp)) != EOF) {
		if (putc(c, bkfp) == EOF)
			break;
	}
	if (c != EOF || fflush(bkfp)) {
		fclose(bkfp);
		/* return -1; */
		return 1;
	}
	if (fclose(bkfp))
		/* return -1; */
		return 1;

	ub.actime = sb.st_atime;
	ub.modtime = sb.st_mtime;
	utime(backup, &ub);
	return 0;
}

static int i64c(int i)
{
	if (i <= 0)
		return ('.');
	if (i == 1)
		return ('/');
	if (i >= 2 && i < 12)
		return ('0' - 2 + i);
	if (i >= 12 && i < 38)
		return ('A' - 12 + i);
	if (i >= 38 && i < 63)
		return ('a' - 38 + i);
	return ('z');
}

static char *crypt_make_salt(void)
{
	time_t now;
	static unsigned long x;
	static char result[3];

	time(&now);
	x += now + getpid() + clock();
	result[0] = i64c(((x >> 18) ^ (x >> 6)) & 077);
	result[1] = i64c(((x >> 12) ^ x) & 077);
	result[2] = '\0';
	return result;
}


static int new_password(const struct passwd *pw, int amroot, int algo)
{
	char *clear;
	char *cipher;
	char *cp;
	char orig[200];
	char pass[200];
	time_t start, now;

	if (!amroot && crypt_passwd[0]) {
		if (!(clear = bb_askpass(0, "Old password:"))) {
			/* return -1; */
			return 1;
		}
		cipher = pw_encrypt(clear, crypt_passwd);
		if (strcmp(cipher, crypt_passwd) != 0) {
			syslog(LOG_WARNING, "incorrect password for `%s'",
				   pw->pw_name);
			time(&start);
			now = start;
			while (difftime(now, start) < FAIL_DELAY) {
				sleep(FAIL_DELAY);
				time(&now);
			}
			fprintf(stderr, "Incorrect password.\n");
			/* return -1; */
			return 1;
		}
		safe_strncpy(orig, clear, sizeof(orig));
		bzero(clear, strlen(clear));
		bzero(cipher, strlen(cipher));
	} else {
		orig[0] = '\0';
	}
	if (! (cp=bb_askpass(0, "Enter the new password (minimum of 5, maximum of 8 characters)\n"
					  "Please use a combination of upper and lower case letters and numbers.\n"
					  "Enter new password: ")))
	{
		bzero(orig, sizeof orig);
		/* return -1; */
		return 1;
	}
	safe_strncpy(pass, cp, sizeof(pass));
	bzero(cp, strlen(cp));
	/* if (!obscure(orig, pass, pw)) { */
	if (obscure(orig, pass, pw)) {
		if (amroot) {
			printf("\nWarning: weak password (continuing).\n");
		} else {
			/* return -1; */
			return 1;
		}
	}
	if (!(cp = bb_askpass(0, "Re-enter new password: "))) {
		bzero(orig, sizeof orig);
		/* return -1; */
		return 1;
	}
	if (strcmp(cp, pass)) {
		fprintf(stderr, "Passwords do not match.\n");
		/* return -1; */
		return 1;
	}
	bzero(cp, strlen(cp));
	bzero(orig, sizeof(orig));

	if (algo == 1) {
		cp = pw_encrypt(pass, "$1$");
	} else
		cp = pw_encrypt(pass, crypt_make_salt());
	bzero(pass, sizeof pass);
	safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
	return 0;
}

static void set_filesize_limit(int blocks)
{
	struct rlimit rlimit_fsize;

	rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * blocks;
	setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
}
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`/* vi: set sw=4 ts=4: */`
			`#include <fcntl.h>`
			`#include <stdio.h>`
			`#include <string.h>`
			`#include <signal.h>`
			`#include <sys/stat.h>`
			`#include <sys/types.h>`
			`#include <unistd.h>`
			`#include <utime.h>`
			`#include <syslog.h>`
			`#include <time.h>`
			`#include <sys/resource.h>`
			`#include <errno.h>`

			`#include "busybox.h"`

			`static char crypt_passwd[128];`

			`static int create_backup(const char backup, FILE fp);`
			`static int new_password(const struct passwd *pw, int amroot, int algo);`
			`static void set_filesize_limit(int blocks);`


Patch from Bernhard Fischer to make a bunch of symbols static which were otherwise cluttering the global namespace. 2005-04-17 01:09:00 +05:30			`static int get_algo(char *a)`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`{`
Patch from Joshua Jackson, make md5 the default hash algorithm 2003-02-09 04:50:02 +05:30			`int x = 1; /* standard: MD5 */`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30
Patch from Joshua Jackson, make md5 the default hash algorithm 2003-02-09 04:50:02 +05:30			`if (strcasecmp(a, "des") == 0)`
			`x = 0;`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`return x;`
			`}`


Patch from Bernhard Fischer to make a bunch of symbols static which were otherwise cluttering the global namespace. 2005-04-17 01:09:00 +05:30			`static int update_passwd(const struct passwd pw, char crypt_pw)`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`{`
			`char filename[1024];`
			`char buf[1025];`
			`char buffer[80];`
			`char username[32];`
			`char *pw_rest;`
			`int mask;`
			`int continued;`
			`FILE *fp;`
			`FILE *out_fp;`
			`struct stat sb;`
			`struct flock lock;`

Only write to shadow file is shadow passwords are enabled. Patch by magicfox modified by myself to retain check for shadow file access. 2004-09-15 08:09:09 +05:30			`#ifdef CONFIG_FEATURE_SHADOWPASSWDS`
Major coreutils update. 2003-03-19 14:43:01 +05:30			`if (access(bb_path_shadow_file, F_OK) == 0) {`
			`snprintf(filename, sizeof filename, "%s", bb_path_shadow_file);`
Only write to shadow file is shadow passwords are enabled. Patch by magicfox modified by myself to retain check for shadow file access. 2004-09-15 08:09:09 +05:30			`} else`
			`#endif`
			`{`
Major coreutils update. 2003-03-19 14:43:01 +05:30			`snprintf(filename, sizeof filename, "%s", bb_path_passwd_file);`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`

			`if (((fp = fopen(filename, "r+")) == 0) \|\| (fstat(fileno(fp), &sb))) {`
			`/* return 0; */`
			`return 1;`
			`}`

			`/* Lock the password file before updating */`
			`lock.l_type = F_WRLCK;`
			`lock.l_whence = SEEK_SET;`
			`lock.l_start = 0;`
			`lock.l_len = 0;`
			`if (fcntl(fileno(fp), F_SETLK, &lock) < 0) {`
			`fprintf(stderr, "%s: %s\n", filename, strerror(errno));`
			`return 1;`
			`}`
			`lock.l_type = F_UNLCK;`

			`snprintf(buf, sizeof buf, "%s-", filename);`
			`if (create_backup(buf, fp)) {`
			`fcntl(fileno(fp), F_SETLK, &lock);`
			`fclose(fp);`
			`return 1;`
			`}`
			`snprintf(buf, sizeof buf, "%s+", filename);`
			`mask = umask(0777);`
			`out_fp = fopen(buf, "w");`
			`umask(mask);`
			`if ((!out_fp) \|\| (fchmod(fileno(out_fp), sb.st_mode & 0777))`
			`\|\| (fchown(fileno(out_fp), sb.st_uid, sb.st_gid))) {`
			`fcntl(fileno(fp), F_SETLK, &lock);`
			`fclose(fp);`
			`fclose(out_fp);`
			`return 1;`
			`}`

			`continued = 0;`
			`snprintf(username, sizeof username, "%s:", pw->pw_name);`
			`rewind(fp);`
			`while (!feof(fp)) {`
			`fgets(buffer, sizeof buffer, fp);`
			`if (!continued) { // Check to see if we're updating this line.`
			`if (strncmp(username, buffer, strlen(username)) == 0) { // we have a match.`
			`pw_rest = strchr(buffer, ':');`
			`*pw_rest++ = '\0';`
			`pw_rest = strchr(pw_rest, ':');`
			`fprintf(out_fp, "%s:%s%s", buffer, crypt_pw, pw_rest);`
			`} else {`
			`fputs(buffer, out_fp);`
			`}`
			`} else {`
			`fputs(buffer, out_fp);`
			`}`
			`if (buffer[strlen(buffer) - 1] == '\n') {`
			`continued = 0;`
			`} else {`
			`continued = 1;`
			`}`
			`bzero(buffer, sizeof buffer);`
			`}`

			`if (fflush(out_fp) \|\| fsync(fileno(out_fp)) \|\| fclose(out_fp)) {`
			`unlink(buf);`
			`fcntl(fileno(fp), F_SETLK, &lock);`
			`fclose(fp);`
			`return 1;`
			`}`
			`if (rename(buf, filename) < 0) {`
			`fcntl(fileno(fp), F_SETLK, &lock);`
			`fclose(fp);`
			`return 1;`
			`} else {`
			`fcntl(fileno(fp), F_SETLK, &lock);`
			`fclose(fp);`
			`return 0;`
			`}`
			`}`


			`extern int passwd_main(int argc, char **argv)`
			`{`
			`int amroot;`
			`char *cp;`
			`char *np;`
			`char *name;`
			`char *myname;`
			`int flag;`
Set the default password to md5, patch by Joshua Jackson 2003-09-04 13:51:36 +05:30			`int algo = 1; /* -a - password algorithm */`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`int lflg = 0; /* -l - lock account */`
			`int uflg = 0; /* -u - unlock account */`
			`int dflg = 0; /* -d - delete password */`
			`const struct passwd *pw;`

			`#ifdef CONFIG_FEATURE_SHADOWPASSWDS`
			`const struct spwd *sp;`
			`#endif /* CONFIG_FEATURE_SHADOWPASSWDS */`
			`amroot = (getuid() == 0);`
			`openlog("passwd", LOG_PID \| LOG_CONS \| LOG_NOWAIT, LOG_AUTH);`
			`while ((flag = getopt(argc, argv, "a:dlu")) != EOF) {`
			`switch (flag) {`
			`case 'a':`
			`algo = get_algo(optarg);`
			`break;`
			`case 'd':`
			`dflg++;`
			`break;`
			`case 'l':`
			`lflg++;`
			`break;`
			`case 'u':`
			`uflg++;`
			`break;`
			`default:`
Major coreutils update. 2003-03-19 14:43:01 +05:30			`bb_show_usage();`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`
			`}`
- rename libbb's password helpers as suggested in libbb.h my_getpwnam -> bb_xgetpwnam /* dies on error / my_getgrnam -> bb_xgetgrnam / dies on error */ my_getgrgid -> bb_getgrgid my_getpwuid -> bb_getpwuid my_getug -> bb_getug 2005-09-21 02:36:17 +05:30			`myname = (char *) bb_xstrdup(bb_getpwuid(NULL, getuid(), -1));`
Tito writes: Hi Erik, Hi to all, This is part five of the my_getid story. I've tweaked a bit this two functions to make them more flexible, but this changes will not affect existing code. Now they work so: 1) my_getpwuid( char user, uid_t uid, int bufsize) if bufsize is > 0 char user cannot be set to NULL on success username is written on static allocated buffer on failure uid as string is written to buffer and NULL is returned if bufsize is = 0 char user can be set to NULL on success username is returned on failure NULL is returned if bufsize is < 0 char user can be set to NULL on success username is returned on failure an error message is printed and the program exits 2) 1) my_getgrgid( char group, uid_t uid, int bufsize) if bufsize is > 0 char group cannot be set to NULL on success groupname is written on static allocated buffer on failure gid as string is written to buffer and NULL is returned if bufsize is = 0 char group can be set to NULL on success groupname is returned on failure NULL is returned if bufsize is < 0 char *group can be set to nULL on success groupname is returned on failure an error message is printed and the program exits This changes were needed mainly for my new id applet. It is somewhat bigger then the previous but matches the behaviour of GNU id and is capable to handle usernames of whatever length. BTW: at a first look it seems to me that it will integrate well (with just a few changes) with the pending patch in patches/id_groups_alias.patch. The increase in size is balanced by the removal of my_getpwnamegid.c from libbb as this was used only in previous id applet and by size optimizations made possible in whoami.c and in passwd.c. I know that we are in feature freeze but I think that i've tested it enough (at least I hope so.......). 2004-09-03 03:51:41 +05:30			`/* exits on error */`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`if (optind < argc) {`
			`name = argv[optind];`
			`} else {`
			`name = myname;`
			`}`
			`if ((lflg \|\| uflg \|\| dflg) && (optind >= argc \|\| !amroot)) {`
Major coreutils update. 2003-03-19 14:43:01 +05:30			`bb_show_usage();`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`
			`pw = getpwnam(name);`
			`if (!pw) {`
Major coreutils update. 2003-03-19 14:43:01 +05:30			`bb_error_msg_and_die("Unknown user %s\n", name);`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`
			`if (!amroot && pw->pw_uid != getuid()) {`
			syslog(LOG_WARNING, "can't change pwd for `%s'", name);
Major coreutils update. 2003-03-19 14:43:01 +05:30			`bb_error_msg_and_die("Permission denied.\n");`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`
			`#ifdef CONFIG_FEATURE_SHADOWPASSWDS`
			`sp = getspnam(name);`
			`if (!sp) {`
			`sp = (struct spwd *) pwd_to_spwd(pw);`
			`}`
			`cp = sp->sp_pwdp;`
			`np = sp->sp_namp;`
			`#else`
			`cp = pw->pw_passwd;`
			`np = name;`
			`#endif /* CONFIG_FEATURE_SHADOWPASSWDS */`

			`safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));`
			`if (!(dflg \|\| lflg \|\| uflg)) {`
			`if (!amroot) {`
			`if (cp[0] == '!') {`
			syslog(LOG_WARNING, "password locked for `%s'", np);
Major coreutils update. 2003-03-19 14:43:01 +05:30			bb_error_msg_and_die( "The password for `%s' cannot be changed.\n", np);
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`
			`}`
			`printf("Changing password for %s\n", name);`
			`if (new_password(pw, amroot, algo)) {`
Major coreutils update. 2003-03-19 14:43:01 +05:30			`bb_error_msg_and_die( "The password for %s is unchanged.\n", name);`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`
			`} else if (lflg) {`
			`if (crypt_passwd[0] != '!') {`
			`memmove(&crypt_passwd[1], crypt_passwd,`
			`sizeof crypt_passwd - 1);`
			`crypt_passwd[sizeof crypt_passwd - 1] = '\0';`
			`crypt_passwd[0] = '!';`
			`}`
			`} else if (uflg) {`
			`if (crypt_passwd[0] == '!') {`
			`memmove(crypt_passwd, &crypt_passwd[1],`
			`sizeof crypt_passwd - 1);`
			`}`
			`} else if (dflg) {`
			`crypt_passwd[0] = '\0';`
			`}`
			`set_filesize_limit(30000);`
			`signal(SIGHUP, SIG_IGN);`
			`signal(SIGINT, SIG_IGN);`
			`signal(SIGQUIT, SIG_IGN);`
			`umask(077);`
			`if (setuid(0)) {`
			`syslog(LOG_ERR, "can't setuid(0)");`
Major coreutils update. 2003-03-19 14:43:01 +05:30			`bb_error_msg_and_die( "Cannot change ID to root.\n");`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`
			`if (!update_passwd(pw, crypt_passwd)) {`
			syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
			`myname);`
			`printf("Password changed.\n");`
			`} else {`
Fix text alignment, thanks to Sander Klein <s.klein@quicknet.nl> 2002-07-03 10:24:52 +05:30			`syslog(LOG_WARNING, "an error occurred updating the password file");`
Major coreutils update. 2003-03-19 14:43:01 +05:30			`bb_error_msg_and_die("An error occurred updating the password file.\n");`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`}`
			`return (0);`
			`}`



			`static int create_backup(const char backup, FILE fp)`
			`{`
			`struct stat sb;`
			`struct utimbuf ub;`
			`FILE *bkfp;`
			`int c, mask;`

			`if (fstat(fileno(fp), &sb))`
			`/* return -1; */`
			`return 1;`

			`mask = umask(077);`
			`bkfp = fopen(backup, "w");`
			`umask(mask);`
			`if (!bkfp)`
			`/* return -1; */`
			`return 1;`

			`/* TODO: faster copy, not one-char-at-a-time. --marekm */`
			`rewind(fp);`
			`while ((c = getc(fp)) != EOF) {`
			`if (putc(c, bkfp) == EOF)`
			`break;`
			`}`
			`if (c != EOF \|\| fflush(bkfp)) {`
			`fclose(bkfp);`
			`/* return -1; */`
			`return 1;`
			`}`
			`if (fclose(bkfp))`
			`/* return -1; */`
			`return 1;`

			`ub.actime = sb.st_atime;`
			`ub.modtime = sb.st_mtime;`
			`utime(backup, &ub);`
			`return 0;`
			`}`

			`static int i64c(int i)`
			`{`
			`if (i <= 0)`
			`return ('.');`
			`if (i == 1)`
			`return ('/');`
			`if (i >= 2 && i < 12)`
			`return ('0' - 2 + i);`
			`if (i >= 12 && i < 38)`
			`return ('A' - 12 + i);`
			`if (i >= 38 && i < 63)`
			`return ('a' - 38 + i);`
			`return ('z');`
			`}`

			`static char *crypt_make_salt(void)`
			`{`
			`time_t now;`
			`static unsigned long x;`
			`static char result[3];`

			`time(&now);`
			`x += now + getpid() + clock();`
			`result[0] = i64c(((x >> 18) ^ (x >> 6)) & 077);`
			`result[1] = i64c(((x >> 12) ^ x) & 077);`
			`result[2] = '\0';`
			`return result;`
			`}`


			`static int new_password(const struct passwd *pw, int amroot, int algo)`
			`{`
			`char *clear;`
			`char *cipher;`
			`char *cp;`
			`char orig[200];`
			`char pass[200];`
			`time_t start, now;`

			`if (!amroot && crypt_passwd[0]) {`
Do not use getpass(3) 2004-05-01 06:57:30 +05:30			`if (!(clear = bb_askpass(0, "Old password:"))) {`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`/* return -1; */`
			`return 1;`
			`}`
			`cipher = pw_encrypt(clear, crypt_passwd);`
			`if (strcmp(cipher, crypt_passwd) != 0) {`
			syslog(LOG_WARNING, "incorrect password for `%s'",
			`pw->pw_name);`
			`time(&start);`
			`now = start;`
			`while (difftime(now, start) < FAIL_DELAY) {`
			`sleep(FAIL_DELAY);`
			`time(&now);`
			`}`
			`fprintf(stderr, "Incorrect password.\n");`
			`/* return -1; */`
			`return 1;`
			`}`
			`safe_strncpy(orig, clear, sizeof(orig));`
			`bzero(clear, strlen(clear));`
			`bzero(cipher, strlen(cipher));`
			`} else {`
			`orig[0] = '\0';`
			`}`
Do not use getpass(3) 2004-05-01 06:57:30 +05:30			`if (! (cp=bb_askpass(0, "Enter the new password (minimum of 5, maximum of 8 characters)\n"`
Fix text alignment, thanks to Sander Klein <s.klein@quicknet.nl> 2002-07-03 10:24:52 +05:30			`"Please use a combination of upper and lower case letters and numbers.\n"`
			`"Enter new password: ")))`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`{`
			`bzero(orig, sizeof orig);`
			`/* return -1; */`
			`return 1;`
			`}`
			`safe_strncpy(pass, cp, sizeof(pass));`
			`bzero(cp, strlen(cp));`
			`/* if (!obscure(orig, pass, pw)) { */`
			`if (obscure(orig, pass, pw)) {`
			`if (amroot) {`
			`printf("\nWarning: weak password (continuing).\n");`
			`} else {`
			`/* return -1; */`
			`return 1;`
			`}`
			`}`
Do not use getpass(3) 2004-05-01 06:57:30 +05:30			`if (!(cp = bb_askpass(0, "Re-enter new password: "))) {`
Port over the last of the tinylogin applets -Erik 2002-06-23 09:54:25 +05:30			`bzero(orig, sizeof orig);`
			`/* return -1; */`
			`return 1;`
			`}`
			`if (strcmp(cp, pass)) {`
			`fprintf(stderr, "Passwords do not match.\n");`
			`/* return -1; */`
			`return 1;`
			`}`
			`bzero(cp, strlen(cp));`
			`bzero(orig, sizeof(orig));`

			`if (algo == 1) {`
			`cp = pw_encrypt(pass, "$1$");`
			`} else`
			`cp = pw_encrypt(pass, crypt_make_salt());`
			`bzero(pass, sizeof pass);`
			`safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));`
			`return 0;`
			`}`

			`static void set_filesize_limit(int blocks)`
			`{`
			`struct rlimit rlimit_fsize;`

			`rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * blocks;`
			`setrlimit(RLIMIT_FSIZE, &rlimit_fsize);`
			`}`