2002-06-23 09:54:25 +05:30
|
|
|
/* vi: set sw=4 ts=4: */
|
2006-07-12 13:26:04 +05:30
|
|
|
/*
|
|
|
|
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
|
|
|
|
*/
|
|
|
|
|
2002-06-23 09:54:25 +05:30
|
|
|
#include "busybox.h"
|
2006-08-03 21:11:12 +05:30
|
|
|
#include <syslog.h>
|
2002-06-23 09:54:25 +05:30
|
|
|
|
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
static void nuke_str(char *str)
|
|
|
|
{
|
|
|
|
if (str) memset(str, 0, strlen(str));
|
|
|
|
}
|
2002-06-23 09:54:25 +05:30
|
|
|
|
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
static int i64c(int i)
|
2002-06-23 09:54:25 +05:30
|
|
|
{
|
2006-12-12 20:08:03 +05:30
|
|
|
i &= 0x3f;
|
|
|
|
if (i == 0)
|
2006-11-30 22:11:15 +05:30
|
|
|
return '.';
|
|
|
|
if (i == 1)
|
|
|
|
return '/';
|
2006-12-01 02:11:28 +05:30
|
|
|
if (i < 12)
|
2006-11-30 22:11:15 +05:30
|
|
|
return ('0' - 2 + i);
|
2006-12-01 02:11:28 +05:30
|
|
|
if (i < 38)
|
2006-11-30 22:11:15 +05:30
|
|
|
return ('A' - 12 + i);
|
2006-12-01 02:11:28 +05:30
|
|
|
return ('a' - 38 + i);
|
2006-11-30 22:11:15 +05:30
|
|
|
}
|
|
|
|
|
2002-06-23 09:54:25 +05:30
|
|
|
|
2006-12-01 02:11:28 +05:30
|
|
|
static void crypt_make_salt(char *p, int cnt)
|
2006-11-30 22:11:15 +05:30
|
|
|
{
|
2006-12-12 20:08:03 +05:30
|
|
|
unsigned x = x; /* it's pointless to initialize it anyway :) */
|
|
|
|
|
|
|
|
x += getpid() + time(NULL) + clock();
|
2006-12-01 02:11:28 +05:30
|
|
|
do {
|
2006-12-12 22:44:56 +05:30
|
|
|
/* x = (x*1664525 + 1013904223) % 2^32 generator is lame
|
2006-12-12 20:08:03 +05:30
|
|
|
* (low-order bit is not "random", etc...),
|
|
|
|
* but for our purposes it is good enough */
|
|
|
|
x = x*1664525 + 1013904223;
|
2006-12-12 22:44:56 +05:30
|
|
|
/* BTW, Park and Miller's "minimal standard generator" is
|
|
|
|
* x = x*16807 % ((2^31)-1)
|
|
|
|
* It has no problem with visibly alternating lowest bit
|
|
|
|
* but is also weak in cryptographic sense + needs div,
|
|
|
|
* which needs more code (and slower) on many CPUs */
|
2006-12-12 20:08:03 +05:30
|
|
|
*p++ = i64c(x >> 16);
|
|
|
|
*p++ = i64c(x >> 22);
|
2006-12-01 02:11:28 +05:30
|
|
|
} while (--cnt);
|
|
|
|
*p = '\0';
|
2006-11-30 22:11:15 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
2006-12-02 03:04:20 +05:30
|
|
|
static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
|
2006-11-30 22:11:15 +05:30
|
|
|
{
|
|
|
|
char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
|
2007-01-30 04:21:44 +05:30
|
|
|
char *orig = (char*)"";
|
2006-11-30 22:11:15 +05:30
|
|
|
char *newp = NULL;
|
|
|
|
char *cipher = NULL;
|
|
|
|
char *cp = NULL;
|
|
|
|
char *ret = NULL; /* failure so far */
|
|
|
|
|
2006-12-02 03:04:20 +05:30
|
|
|
if (myuid && pw->pw_passwd[0]) {
|
2006-11-30 22:11:15 +05:30
|
|
|
orig = bb_askpass(0, "Old password:"); /* returns ptr to static */
|
|
|
|
if (!orig)
|
|
|
|
goto err_ret;
|
2006-12-02 03:04:20 +05:30
|
|
|
cipher = pw_encrypt(orig, pw->pw_passwd); /* returns ptr to static */
|
|
|
|
if (strcmp(cipher, pw->pw_passwd) != 0) {
|
2006-11-30 22:11:15 +05:30
|
|
|
syslog(LOG_WARNING, "incorrect password for '%s'",
|
|
|
|
pw->pw_name);
|
|
|
|
bb_do_delay(FAIL_DELAY);
|
|
|
|
puts("Incorrect password");
|
|
|
|
goto err_ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
orig = xstrdup(orig); /* or else bb_askpass() will destroy it */
|
2006-12-02 03:04:20 +05:30
|
|
|
newp = bb_askpass(0, "New password:"); /* returns ptr to static */
|
2006-11-30 22:11:15 +05:30
|
|
|
if (!newp)
|
|
|
|
goto err_ret;
|
|
|
|
newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */
|
2006-12-19 06:03:53 +05:30
|
|
|
if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
|
|
|
|
&& obscure(orig, newp, pw) && myuid)
|
2006-12-12 23:41:58 +05:30
|
|
|
goto err_ret; /* non-root is not allowed to have weak passwd */
|
2006-11-30 22:11:15 +05:30
|
|
|
|
2006-12-02 03:04:20 +05:30
|
|
|
cp = bb_askpass(0, "Retype password:");
|
2006-11-30 22:11:15 +05:30
|
|
|
if (!cp)
|
|
|
|
goto err_ret;
|
|
|
|
if (strcmp(cp, newp)) {
|
2006-12-02 03:04:20 +05:30
|
|
|
puts("Passwords don't match");
|
2006-11-30 22:11:15 +05:30
|
|
|
goto err_ret;
|
|
|
|
}
|
|
|
|
|
2006-12-01 02:11:28 +05:30
|
|
|
/*memset(salt, 0, sizeof(salt)); - why?*/
|
|
|
|
crypt_make_salt(salt, 1); /* des */
|
|
|
|
if (algo) { /* MD5 */
|
2006-11-30 22:11:15 +05:30
|
|
|
strcpy(salt, "$1$");
|
2006-12-01 02:11:28 +05:30
|
|
|
crypt_make_salt(salt + 3, 4);
|
2006-11-30 22:11:15 +05:30
|
|
|
}
|
|
|
|
ret = xstrdup(pw_encrypt(newp, salt)); /* returns ptr to static */
|
|
|
|
/* whee, success! */
|
|
|
|
|
|
|
|
err_ret:
|
|
|
|
nuke_str(orig);
|
|
|
|
if (ENABLE_FEATURE_CLEAN_UP) free(orig);
|
|
|
|
nuke_str(newp);
|
|
|
|
if (ENABLE_FEATURE_CLEAN_UP) free(newp);
|
|
|
|
nuke_str(cipher);
|
|
|
|
nuke_str(cp);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
static int get_algo(char *a)
|
|
|
|
{
|
|
|
|
/* standard: MD5 */
|
|
|
|
int x = 1;
|
2003-02-09 04:50:02 +05:30
|
|
|
if (strcasecmp(a, "des") == 0)
|
|
|
|
x = 0;
|
2002-06-23 09:54:25 +05:30
|
|
|
return x;
|
|
|
|
}
|
2006-11-30 22:11:15 +05:30
|
|
|
#endif
|
2002-06-23 09:54:25 +05:30
|
|
|
|
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
static int update_passwd(const char *filename, const char *username,
|
|
|
|
const char *new_pw)
|
2002-06-23 09:54:25 +05:30
|
|
|
{
|
|
|
|
struct stat sb;
|
|
|
|
struct flock lock;
|
2006-11-30 22:11:15 +05:30
|
|
|
FILE *old_fp;
|
|
|
|
FILE *new_fp;
|
|
|
|
char *new_name;
|
|
|
|
char *last_char;
|
|
|
|
unsigned user_len;
|
|
|
|
int old_fd;
|
|
|
|
int new_fd;
|
|
|
|
int i;
|
|
|
|
int ret = 1; /* failure */
|
|
|
|
|
2006-12-02 03:04:20 +05:30
|
|
|
logmode = LOGMODE_STDIO;
|
2006-11-30 22:11:15 +05:30
|
|
|
/* New passwd file, "/etc/passwd+" for now */
|
|
|
|
new_name = xasprintf("%s+", filename);
|
|
|
|
last_char = &new_name[strlen(new_name)-1];
|
|
|
|
username = xasprintf("%s:", username);
|
|
|
|
user_len = strlen(username);
|
|
|
|
|
|
|
|
old_fp = fopen(filename, "r+");
|
|
|
|
if (!old_fp)
|
|
|
|
goto free_mem;
|
|
|
|
old_fd = fileno(old_fp);
|
|
|
|
|
|
|
|
/* Try to create "/etc/passwd+". Wait if it exists. */
|
|
|
|
i = 30;
|
|
|
|
do {
|
|
|
|
// FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
|
|
|
|
new_fd = open(new_name, O_WRONLY|O_CREAT|O_EXCL,0600);
|
|
|
|
if (new_fd >= 0) goto created;
|
|
|
|
if (errno != EEXIST) break;
|
|
|
|
usleep(100000); /* 0.1 sec */
|
|
|
|
} while (--i);
|
|
|
|
bb_perror_msg("cannot create '%s'", new_name);
|
|
|
|
goto close_old_fp;
|
|
|
|
created:
|
|
|
|
if (!fstat(old_fd, &sb)) {
|
|
|
|
fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
|
|
|
|
fchown(new_fd, sb.st_uid, sb.st_gid);
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
2006-11-30 22:11:15 +05:30
|
|
|
new_fp = fdopen(new_fd, "w");
|
|
|
|
if (!new_fp) {
|
|
|
|
close(new_fd);
|
|
|
|
goto unlink_new;
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
/* Backup file is "/etc/passwd-" */
|
|
|
|
last_char[0] = '-';
|
|
|
|
/* Delete old one, create new as a hardlink to current */
|
|
|
|
i = (unlink(new_name) && errno != ENOENT);
|
|
|
|
if (i || link(filename, new_name))
|
|
|
|
bb_perror_msg("warning: cannot create backup copy '%s'", new_name);
|
|
|
|
last_char[0] = '+';
|
|
|
|
|
2002-06-23 09:54:25 +05:30
|
|
|
/* Lock the password file before updating */
|
|
|
|
lock.l_type = F_WRLCK;
|
|
|
|
lock.l_whence = SEEK_SET;
|
|
|
|
lock.l_start = 0;
|
|
|
|
lock.l_len = 0;
|
2006-11-30 22:11:15 +05:30
|
|
|
if (fcntl(old_fd, F_SETLK, &lock) < 0)
|
|
|
|
bb_perror_msg("warning: cannot lock '%s'", filename);
|
2002-06-23 09:54:25 +05:30
|
|
|
lock.l_type = F_UNLCK;
|
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
/* Read current password file, write updated one */
|
|
|
|
while (1) {
|
|
|
|
char *line = xmalloc_fgets(old_fp);
|
|
|
|
if (!line) break; /* EOF/error */
|
|
|
|
if (strncmp(username, line, user_len) == 0) {
|
|
|
|
/* we have a match with "username:"... */
|
|
|
|
const char *cp = line + user_len;
|
|
|
|
/* now cp -> old passwd, skip it: */
|
|
|
|
cp = strchr(cp, ':');
|
|
|
|
if (!cp) cp = "";
|
|
|
|
/* now cp -> ':' after old passwd or -> "" */
|
|
|
|
fprintf(new_fp, "%s%s%s", username, new_pw, cp);
|
|
|
|
/* Erase password in memory */
|
|
|
|
} else
|
|
|
|
fputs(line, new_fp);
|
|
|
|
free(line);
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
2006-11-30 22:11:15 +05:30
|
|
|
fcntl(old_fd, F_SETLK, &lock);
|
|
|
|
|
|
|
|
/* We do want all of them to execute, thus | instead of || */
|
|
|
|
if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
|
|
|
|
|| rename(new_name, filename)
|
|
|
|
) {
|
|
|
|
/* At least one of those failed */
|
|
|
|
goto unlink_new;
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
2006-11-30 22:11:15 +05:30
|
|
|
ret = 0; /* whee, success! */
|
2002-06-23 09:54:25 +05:30
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
unlink_new:
|
|
|
|
if (ret) unlink(new_name);
|
2002-06-23 09:54:25 +05:30
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
close_old_fp:
|
|
|
|
fclose(old_fp);
|
|
|
|
|
|
|
|
free_mem:
|
|
|
|
if (ENABLE_FEATURE_CLEAN_UP) free(new_name);
|
|
|
|
if (ENABLE_FEATURE_CLEAN_UP) free((char*)username);
|
2006-12-02 03:04:20 +05:30
|
|
|
logmode = LOGMODE_BOTH;
|
2006-11-30 22:11:15 +05:30
|
|
|
return ret;
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
2007-02-03 22:58:39 +05:30
|
|
|
int passwd_main(int argc, char **argv);
|
2006-03-07 02:17:33 +05:30
|
|
|
int passwd_main(int argc, char **argv)
|
2002-06-23 09:54:25 +05:30
|
|
|
{
|
2006-09-23 18:00:03 +05:30
|
|
|
enum {
|
|
|
|
OPT_algo = 0x1, /* -a - password algorithm */
|
|
|
|
OPT_lock = 0x2, /* -l - lock account */
|
|
|
|
OPT_unlock = 0x4, /* -u - unlock account */
|
|
|
|
OPT_delete = 0x8, /* -d - delete password */
|
|
|
|
OPT_lud = 0xe,
|
2006-11-30 22:11:15 +05:30
|
|
|
STATE_ALGO_md5 = 0x10,
|
2006-12-02 03:04:20 +05:30
|
|
|
/*STATE_ALGO_des = 0x20, not needed yet */
|
2006-09-23 18:00:03 +05:30
|
|
|
};
|
2006-10-04 02:30:06 +05:30
|
|
|
unsigned opt;
|
2007-01-30 04:21:44 +05:30
|
|
|
const char *opt_a = "";
|
2006-11-30 22:11:15 +05:30
|
|
|
const char *filename;
|
2002-06-23 09:54:25 +05:30
|
|
|
char *myname;
|
2006-11-30 22:11:15 +05:30
|
|
|
char *name;
|
2006-12-02 03:04:20 +05:30
|
|
|
char *newp;
|
|
|
|
struct passwd *pw;
|
2006-11-30 22:11:15 +05:30
|
|
|
uid_t myuid;
|
2006-12-02 03:04:20 +05:30
|
|
|
struct rlimit rlimit_fsize;
|
|
|
|
char c;
|
2002-06-23 09:54:25 +05:30
|
|
|
|
2006-12-02 03:04:20 +05:30
|
|
|
logmode = LOGMODE_BOTH;
|
|
|
|
openlog(applet_name, LOG_NOWAIT, LOG_AUTH);
|
2006-10-04 02:30:06 +05:30
|
|
|
opt = getopt32(argc, argv, "a:lud", &opt_a);
|
2006-09-23 18:00:03 +05:30
|
|
|
argc -= optind;
|
|
|
|
argv += optind;
|
2006-11-30 22:11:15 +05:30
|
|
|
|
2006-12-01 04:43:59 +05:30
|
|
|
if (strcasecmp(opt_a, "des") != 0) /* -a */
|
2006-11-30 22:11:15 +05:30
|
|
|
opt |= STATE_ALGO_md5;
|
2006-12-01 04:43:59 +05:30
|
|
|
//else
|
|
|
|
// opt |= STATE_ALGO_des;
|
2006-11-30 22:11:15 +05:30
|
|
|
myuid = getuid();
|
|
|
|
if ((opt & OPT_lud) && (!argc || myuid))
|
2003-03-19 14:43:01 +05:30
|
|
|
bb_show_usage();
|
2006-09-23 18:00:03 +05:30
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
myname = xstrdup(bb_getpwuid(NULL, myuid, -1));
|
2006-12-02 03:04:20 +05:30
|
|
|
name = argc ? argv[0] : myname;
|
2006-09-23 18:00:03 +05:30
|
|
|
|
2002-06-23 09:54:25 +05:30
|
|
|
pw = getpwnam(name);
|
2006-11-30 22:11:15 +05:30
|
|
|
if (!pw) bb_error_msg_and_die("unknown user %s", name);
|
|
|
|
if (myuid && pw->pw_uid != myuid) {
|
2006-12-02 03:04:20 +05:30
|
|
|
/* LOGMODE_BOTH */
|
|
|
|
bb_error_msg_and_die("%s can't change password for %s", myname, name);
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
2006-11-30 22:11:15 +05:30
|
|
|
|
|
|
|
filename = bb_path_passwd_file;
|
2006-12-30 20:16:51 +05:30
|
|
|
#if ENABLE_FEATURE_SHADOWPASSWDS
|
|
|
|
{
|
2006-07-11 21:49:17 +05:30
|
|
|
struct spwd *sp = getspnam(name);
|
2006-11-30 22:11:15 +05:30
|
|
|
if (!sp) {
|
2006-12-02 03:04:20 +05:30
|
|
|
/* LOGMODE_BOTH */
|
|
|
|
bb_error_msg("no record of %s in %s, using %s",
|
|
|
|
name, bb_path_shadow_file,
|
|
|
|
bb_path_passwd_file);
|
2006-11-30 22:11:15 +05:30
|
|
|
} else {
|
|
|
|
filename = bb_path_shadow_file;
|
2006-12-02 03:04:20 +05:30
|
|
|
pw->pw_passwd = sp->sp_pwdp;
|
2006-11-30 22:11:15 +05:30
|
|
|
}
|
|
|
|
}
|
2006-12-30 20:16:51 +05:30
|
|
|
#endif
|
2002-06-23 09:54:25 +05:30
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
/* Decide what the new password will be */
|
2006-12-02 03:04:20 +05:30
|
|
|
newp = NULL;
|
|
|
|
c = pw->pw_passwd[0] - '!';
|
2006-09-23 18:00:03 +05:30
|
|
|
if (!(opt & OPT_lud)) {
|
2006-12-02 03:04:20 +05:30
|
|
|
if (myuid && !c) { /* passwd starts with '!' */
|
|
|
|
/* LOGMODE_BOTH */
|
|
|
|
bb_error_msg_and_die("cannot change "
|
|
|
|
"locked password for %s", name);
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
|
|
|
printf("Changing password for %s\n", name);
|
2006-12-02 03:04:20 +05:30
|
|
|
newp = new_password(pw, myuid, opt & STATE_ALGO_md5);
|
2006-11-30 22:11:15 +05:30
|
|
|
if (!newp) {
|
2006-12-02 03:04:20 +05:30
|
|
|
logmode = LOGMODE_STDIO;
|
|
|
|
bb_error_msg_and_die("password for %s is unchanged", name);
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
2006-09-23 18:00:03 +05:30
|
|
|
} else if (opt & OPT_lock) {
|
2006-12-02 03:04:20 +05:30
|
|
|
if (!c) goto skip; /* passwd starts with '!' */
|
|
|
|
newp = xasprintf("!%s", pw->pw_passwd);
|
2006-09-23 18:00:03 +05:30
|
|
|
} else if (opt & OPT_unlock) {
|
2006-12-02 03:04:20 +05:30
|
|
|
if (c) goto skip; /* not '!' */
|
|
|
|
newp = xstrdup(&pw->pw_passwd[1]);
|
2006-09-23 18:00:03 +05:30
|
|
|
} else if (opt & OPT_delete) {
|
2006-11-30 22:11:15 +05:30
|
|
|
newp = xstrdup("");
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
2006-11-30 22:11:15 +05:30
|
|
|
|
2006-12-02 03:04:20 +05:30
|
|
|
rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
|
|
|
|
setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
|
2002-06-23 09:54:25 +05:30
|
|
|
signal(SIGHUP, SIG_IGN);
|
|
|
|
signal(SIGINT, SIG_IGN);
|
|
|
|
signal(SIGQUIT, SIG_IGN);
|
|
|
|
umask(077);
|
2006-07-16 13:36:34 +05:30
|
|
|
xsetuid(0);
|
2006-12-02 03:04:20 +05:30
|
|
|
if (update_passwd(filename, name, newp) != 0) {
|
|
|
|
/* LOGMODE_BOTH */
|
|
|
|
bb_error_msg_and_die("cannot update password file %s",
|
|
|
|
filename);
|
2002-06-23 09:54:25 +05:30
|
|
|
}
|
2006-12-02 03:04:20 +05:30
|
|
|
/* LOGMODE_BOTH */
|
|
|
|
bb_info_msg("Password for %s changed by %s", name, myname);
|
2002-06-23 09:54:25 +05:30
|
|
|
|
2006-11-30 22:11:15 +05:30
|
|
|
if (ENABLE_FEATURE_CLEAN_UP) free(newp);
|
|
|
|
skip:
|
2006-12-02 03:04:20 +05:30
|
|
|
if (!newp) {
|
|
|
|
bb_error_msg_and_die("password for %s is already %slocked",
|
|
|
|
name, (opt & OPT_unlock) ? "un" : "");
|
|
|
|
}
|
2006-11-30 22:11:15 +05:30
|
|
|
if (ENABLE_FEATURE_CLEAN_UP) free(myname);
|
2002-06-23 09:54:25 +05:30
|
|
|
return 0;
|
|
|
|
}
|