1 /* vi: set sw=4 ts=4: */
3 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
10 static void nuke_str(char *str)
12 if (str) memset(str, 0, strlen(str));
16 static int i64c(int i)
24 if (i >= 12 && i < 38)
25 return ('A' - 12 + i);
26 if (i >= 38 && i < 63)
27 return ('a' - 38 + i);
32 static char *crypt_make_salt(void)
35 static unsigned long x;
36 static char result[3];
39 x += now + getpid() + clock();
40 result[0] = i64c(((x >> 18) ^ (x >> 6)) & 077);
41 result[1] = i64c(((x >> 12) ^ x) & 077);
47 static char* new_password(const struct passwd *pw, const char *old_crypted,
48 uid_t myuid, int algo)
50 char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
55 char *ret = NULL; /* failure so far */
57 if (myuid && old_crypted[0]) {
58 orig = bb_askpass(0, "Old password:"); /* returns ptr to static */
61 cipher = pw_encrypt(orig, old_crypted); /* returns ptr to static */
62 if (strcmp(cipher, old_crypted) != 0) {
63 syslog(LOG_WARNING, "incorrect password for '%s'",
65 bb_do_delay(FAIL_DELAY);
66 puts("Incorrect password");
70 orig = xstrdup(orig); /* or else bb_askpass() will destroy it */
71 newp = bb_askpass(0, "Enter the new password (minimum of 5 characters).\n"
72 "Please use a combination of upper and lower case letters and numbers.\n"
73 "Enter new password:"); /* returns ptr to static */
76 newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */
77 if (obscure(orig, newp, pw)) {
79 goto err_ret; /* non-root is not allowed to have weak passwd */
80 puts("\nWarning: weak password (continuing)");
83 cp = bb_askpass(0, "Re-enter new password:");
86 if (strcmp(cp, newp)) {
87 puts("Passwords do not match");
91 memset(salt, 0, sizeof(salt));
92 if (algo == 1) { /* MD5 */
94 strcat(salt, crypt_make_salt());
95 strcat(salt, crypt_make_salt());
96 strcat(salt, crypt_make_salt());
98 strcat(salt, crypt_make_salt());
99 ret = xstrdup(pw_encrypt(newp, salt)); /* returns ptr to static */
104 if (ENABLE_FEATURE_CLEAN_UP) free(orig);
106 if (ENABLE_FEATURE_CLEAN_UP) free(newp);
113 static void set_filesize_limit(int blocks)
115 struct rlimit rlimit_fsize;
117 rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * blocks;
118 setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
123 static int get_algo(char *a)
127 if (strcasecmp(a, "des") == 0)
134 static int update_passwd(const char *filename, const char *username,
147 int ret = 1; /* failure */
149 /* New passwd file, "/etc/passwd+" for now */
150 new_name = xasprintf("%s+", filename);
151 last_char = &new_name[strlen(new_name)-1];
152 username = xasprintf("%s:", username);
153 user_len = strlen(username);
155 old_fp = fopen(filename, "r+");
158 old_fd = fileno(old_fp);
160 /* Try to create "/etc/passwd+". Wait if it exists. */
163 // FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
164 new_fd = open(new_name, O_WRONLY|O_CREAT|O_EXCL,0600);
165 if (new_fd >= 0) goto created;
166 if (errno != EEXIST) break;
167 usleep(100000); /* 0.1 sec */
169 bb_perror_msg("cannot create '%s'", new_name);
172 if (!fstat(old_fd, &sb)) {
173 fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
174 fchown(new_fd, sb.st_uid, sb.st_gid);
176 new_fp = fdopen(new_fd, "w");
182 /* Backup file is "/etc/passwd-" */
184 /* Delete old one, create new as a hardlink to current */
185 i = (unlink(new_name) && errno != ENOENT);
186 if (i || link(filename, new_name))
187 bb_perror_msg("warning: cannot create backup copy '%s'", new_name);
190 /* Lock the password file before updating */
191 lock.l_type = F_WRLCK;
192 lock.l_whence = SEEK_SET;
195 if (fcntl(old_fd, F_SETLK, &lock) < 0)
196 bb_perror_msg("warning: cannot lock '%s'", filename);
197 lock.l_type = F_UNLCK;
199 /* Read current password file, write updated one */
201 char *line = xmalloc_fgets(old_fp);
202 if (!line) break; /* EOF/error */
203 if (strncmp(username, line, user_len) == 0) {
204 /* we have a match with "username:"... */
205 const char *cp = line + user_len;
206 /* now cp -> old passwd, skip it: */
207 cp = strchr(cp, ':');
209 /* now cp -> ':' after old passwd or -> "" */
210 fprintf(new_fp, "%s%s%s", username, new_pw, cp);
211 /* Erase password in memory */
216 fcntl(old_fd, F_SETLK, &lock);
218 /* We do want all of them to execute, thus | instead of || */
219 if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
220 || rename(new_name, filename)
222 /* At least one of those failed */
225 ret = 0; /* whee, success! */
228 if (ret) unlink(new_name);
234 if (ENABLE_FEATURE_CLEAN_UP) free(new_name);
235 if (ENABLE_FEATURE_CLEAN_UP) free((char*)username);
240 int passwd_main(int argc, char **argv)
243 OPT_algo = 0x1, /* -a - password algorithm */
244 OPT_lock = 0x2, /* -l - lock account */
245 OPT_unlock = 0x4, /* -u - unlock account */
246 OPT_delete = 0x8, /* -d - delete password */
248 STATE_ALGO_md5 = 0x10,
249 STATE_ALGO_des = 0x20,
253 const char *filename;
257 char *newp = NULL; /* gcc happiness */
258 const struct passwd *pw;
261 openlog("passwd", LOG_NOWAIT, LOG_AUTH);
262 opt = getopt32(argc, argv, "a:lud", &opt_a);
266 if (strcasecmp(opt_a, "des") == 0) /* -a */
267 opt |= STATE_ALGO_des;
269 opt |= STATE_ALGO_md5;
271 if ((opt & OPT_lud) && (!argc || myuid))
274 myname = xstrdup(bb_getpwuid(NULL, myuid, -1));
276 if (argc) name = argv[0];
279 if (!pw) bb_error_msg_and_die("unknown user %s", name);
280 if (myuid && pw->pw_uid != myuid) {
281 syslog(LOG_WARNING, "can't change pwd for '%s'", name);
282 bb_error_msg_and_die("permission denied");
285 filename = bb_path_passwd_file;
286 oldp = pw->pw_passwd;
287 if (ENABLE_FEATURE_SHADOWPASSWDS) {
288 struct spwd *sp = getspnam(name);
290 bb_error_msg("no shadow record for user %s found, "
291 "changing ordinary password instead", name);
293 filename = bb_path_shadow_file;
298 /* Decide what the new password will be */
299 if (!(opt & OPT_lud)) {
301 if (oldp[0] == '!') {
302 syslog(LOG_WARNING, "password locked for '%s'", name);
303 bb_error_msg_and_die("the password for %s cannot be changed", name);
306 printf("Changing password for %s\n", name);
307 newp = new_password(pw, oldp,
309 opt & STATE_ALGO_md5);
311 bb_error_msg_and_die("the password for %s is unchanged", name);
313 } else if (opt & OPT_lock) {
314 if (oldp[0] == '!') goto skip;
315 newp = xasprintf("!%s", oldp);
316 } else if (opt & OPT_unlock) {
317 if (oldp[0] != '!') goto skip;
318 newp = xstrdup(oldp + 1);
319 } else if (opt & OPT_delete) {
323 set_filesize_limit(30000);
324 signal(SIGHUP, SIG_IGN);
325 signal(SIGINT, SIG_IGN);
326 signal(SIGQUIT, SIG_IGN);
329 if (update_passwd(filename, name, newp) == 0) {
330 syslog(LOG_INFO, "password for '%s' changed by user '%s'", name,
332 puts("Password changed");
334 syslog(LOG_WARNING, "cannot update password file");
335 bb_error_msg_and_die("cannot update password file");
338 if (ENABLE_FEATURE_CLEAN_UP) free(newp);
340 if (ENABLE_FEATURE_CLEAN_UP) free(myname);