add usefun info on SIGINT handling peculiarities
[oweals/busybox.git] / loginutils / passwd.c
1 /* vi: set sw=4 ts=4: */
2 /*
3  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
4  */
5
6 #include "busybox.h"
7 #include <syslog.h>
8
9 static char crypt_passwd[128];
10
11 static int create_backup(const char *backup, FILE * fp);
12 static int new_password(const struct passwd *pw, int amroot, int algo);
13 static void set_filesize_limit(int blocks);
14
15
16 static int get_algo(char *a)
17 {
18         int x = 1;                                      /* standard: MD5 */
19
20         if (strcasecmp(a, "des") == 0)
21                 x = 0;
22         return x;
23 }
24
25
26 static int update_passwd(const struct passwd *pw, const char *crypt_pw)
27 {
28         char filename[1024];
29         char buf[1025];
30         char buffer[80];
31         char username[32];
32         char *pw_rest;
33         int mask;
34         int continued;
35         FILE *fp;
36         FILE *out_fp;
37         struct stat sb;
38         struct flock lock;
39
40 #if ENABLE_FEATURE_SHADOWPASSWDS
41         if (access(bb_path_shadow_file, F_OK) == 0) {
42                 snprintf(filename, sizeof filename, "%s", bb_path_shadow_file);
43         } else
44 #endif
45         {
46                 snprintf(filename, sizeof filename, "%s", bb_path_passwd_file);
47         }
48
49         fp = fopen(filename, "r+");
50         if (fp == 0 || fstat(fileno(fp), &sb)) {
51                 /* return 0; */
52                 return 1;
53         }
54
55         /* Lock the password file before updating */
56         lock.l_type = F_WRLCK;
57         lock.l_whence = SEEK_SET;
58         lock.l_start = 0;
59         lock.l_len = 0;
60         if (fcntl(fileno(fp), F_SETLK, &lock) < 0) {
61                 bb_perror_msg("%s", filename);
62                 return 1;
63         }
64         lock.l_type = F_UNLCK;
65
66         snprintf(buf, sizeof buf, "%s-", filename);
67         if (create_backup(buf, fp)) {
68                 fcntl(fileno(fp), F_SETLK, &lock);
69                 fclose(fp);
70                 return 1;
71         }
72         snprintf(buf, sizeof buf, "%s+", filename);
73         mask = umask(0777);
74         out_fp = fopen(buf, "w");
75         umask(mask);
76         if ((!out_fp) || (fchmod(fileno(out_fp), sb.st_mode & 0777))
77                 || (fchown(fileno(out_fp), sb.st_uid, sb.st_gid))) {
78                 fcntl(fileno(fp), F_SETLK, &lock);
79                 fclose(fp);
80                 fclose(out_fp);
81                 return 1;
82         }
83
84         continued = 0;
85         snprintf(username, sizeof username, "%s:", pw->pw_name);
86         rewind(fp);
87         while (!feof(fp)) {
88                 fgets(buffer, sizeof buffer, fp);
89                 if (!continued) { /* Check to see if we're updating this line.  */
90                         if (strncmp(username, buffer, strlen(username)) == 0) {
91                                 /* we have a match. */
92                                 pw_rest = strchr(buffer, ':');
93                                 *pw_rest++ = '\0';
94                                 pw_rest = strchr(pw_rest, ':');
95                                 fprintf(out_fp, "%s:%s%s", buffer, crypt_pw, pw_rest);
96                         } else {
97                                 fputs(buffer, out_fp);
98                         }
99                 } else {
100                         fputs(buffer, out_fp);
101                 }
102                 if (buffer[strlen(buffer) - 1] == '\n') {
103                         continued = 0;
104                 } else {
105                         continued = 1;
106                 }
107                 memset(buffer, 0, sizeof buffer);
108         }
109
110         if (fflush(out_fp) || fsync(fileno(out_fp)) || fclose(out_fp)) {
111                 unlink(buf);
112                 fcntl(fileno(fp), F_SETLK, &lock);
113                 fclose(fp);
114                 return 1;
115         }
116         if (rename(buf, filename) < 0) {
117                 fcntl(fileno(fp), F_SETLK, &lock);
118                 fclose(fp);
119                 return 1;
120         } else {
121                 fcntl(fileno(fp), F_SETLK, &lock);
122                 fclose(fp);
123                 return 0;
124         }
125 }
126
127
128 int passwd_main(int argc, char **argv)
129 {
130         enum {
131                 OPT_algo = 0x1, /* -a - password algorithm */
132                 OPT_lock = 0x2, /* -l - lock account */
133                 OPT_unlock = 0x4, /* -u - unlock account */
134                 OPT_delete = 0x8, /* -d - delete password */
135                 OPT_lud = 0xe,
136         };
137         unsigned opt;
138         char *opt_a;
139         int amroot;
140         char *cp;
141         char *np;
142         char *name;
143         char *myname;
144         int algo = 1;
145         const struct passwd *pw;
146
147         amroot = (getuid() == 0);
148         openlog("passwd", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
149         opt = getopt32(argc, argv, "a:lud", &opt_a);
150         argc -= optind;
151         argv += optind;
152         if (opt & OPT_algo) algo = get_algo(opt_a); // -a
153         if ((opt & OPT_lud) && (!argc || !amroot))
154                 bb_show_usage();
155
156         myname = xstrdup(bb_getpwuid(NULL, getuid(), -1));
157         name = myname;
158         if (argc) name = argv[0];
159
160         pw = getpwnam(name);
161         if (!pw) {
162                 bb_error_msg_and_die("unknown user %s", name);
163         }
164         if (!amroot && pw->pw_uid != getuid()) {
165                 syslog(LOG_WARNING, "can't change pwd for '%s'", name);
166                 bb_error_msg_and_die("permission denied");
167         }
168         if (ENABLE_FEATURE_SHADOWPASSWDS) {
169                 struct spwd *sp = getspnam(name);
170                 if (!sp) bb_error_msg_and_die("unknown user %s", name);
171                 cp = sp->sp_pwdp;
172         } else cp = pw->pw_passwd;
173
174         np = name;
175         safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
176         if (!(opt & OPT_lud)) {
177                 if (!amroot) {
178                         if (cp[0] == '!') {
179                                 syslog(LOG_WARNING, "password locked for '%s'", np);
180                                 bb_error_msg_and_die("the password for %s cannot be changed", np);
181                         }
182                 }
183                 printf("Changing password for %s\n", name);
184                 if (new_password(pw, amroot, algo)) {
185                         bb_error_msg_and_die("the password for %s is unchanged", name);
186                 }
187         } else if (opt & OPT_lock) {
188                 if (crypt_passwd[0] != '!') {
189                         memmove(&crypt_passwd[1], crypt_passwd,
190                                         sizeof crypt_passwd - 1);
191                         crypt_passwd[sizeof crypt_passwd - 1] = '\0';
192                         crypt_passwd[0] = '!';
193                 }
194         } else if (opt & OPT_unlock) {
195                 if (crypt_passwd[0] == '!') {
196                         memmove(crypt_passwd, &crypt_passwd[1],
197                                         sizeof crypt_passwd - 1);
198                 }
199         } else if (opt & OPT_delete) {
200                 crypt_passwd[0] = '\0';
201         }
202         set_filesize_limit(30000);
203         signal(SIGHUP, SIG_IGN);
204         signal(SIGINT, SIG_IGN);
205         signal(SIGQUIT, SIG_IGN);
206         umask(077);
207         xsetuid(0);
208         if (!update_passwd(pw, crypt_passwd)) {
209                 syslog(LOG_INFO, "password for '%s' changed by user '%s'", name,
210                                 myname);
211                 puts("Password changed");
212         } else {
213                 syslog(LOG_WARNING, "cannot update password file");
214                 bb_error_msg_and_die("cannot update password file");
215         }
216         if (ENABLE_FEATURE_CLEAN_UP) free(myname);
217         return 0;
218 }
219
220
221
222 static int create_backup(const char *backup, FILE * fp)
223 {
224         struct stat sb;
225         struct utimbuf ub;
226         FILE *bkfp;
227         int c, mask;
228
229         if (fstat(fileno(fp), &sb))
230                 /* return -1; */
231                 return 1;
232
233         mask = umask(077);
234         bkfp = fopen(backup, "w");
235         umask(mask);
236         if (!bkfp)
237                 /* return -1; */
238                 return 1;
239
240         /* TODO: faster copy, not one-char-at-a-time.  --marekm */
241         rewind(fp);
242         while ((c = getc(fp)) != EOF) {
243                 if (putc(c, bkfp) == EOF)
244                         break;
245         }
246         if (c != EOF || fflush(bkfp)) {
247                 fclose(bkfp);
248                 /* return -1; */
249                 return 1;
250         }
251         if (fclose(bkfp))
252                 /* return -1; */
253                 return 1;
254
255         ub.actime = sb.st_atime;
256         ub.modtime = sb.st_mtime;
257         utime(backup, &ub);
258         return 0;
259 }
260
261 static int i64c(int i)
262 {
263         if (i <= 0)
264                 return ('.');
265         if (i == 1)
266                 return ('/');
267         if (i >= 2 && i < 12)
268                 return ('0' - 2 + i);
269         if (i >= 12 && i < 38)
270                 return ('A' - 12 + i);
271         if (i >= 38 && i < 63)
272                 return ('a' - 38 + i);
273         return ('z');
274 }
275
276 static char *crypt_make_salt(void)
277 {
278         time_t now;
279         static unsigned long x;
280         static char result[3];
281
282         time(&now);
283         x += now + getpid() + clock();
284         result[0] = i64c(((x >> 18) ^ (x >> 6)) & 077);
285         result[1] = i64c(((x >> 12) ^ x) & 077);
286         result[2] = '\0';
287         return result;
288 }
289
290
291 static int new_password(const struct passwd *pw, int amroot, int algo)
292 {
293         char *clear;
294         char *cipher;
295         char *cp;
296         char salt[12]; /* "$N$XXXXXXXX" or "XX" */
297         char orig[200];
298         char pass[200];
299
300         if (!amroot && crypt_passwd[0]) {
301                 clear = bb_askpass(0, "Old password:");
302                 if (!clear) {
303                         /* return -1; */
304                         return 1;
305                 }
306                 cipher = pw_encrypt(clear, crypt_passwd);
307                 if (strcmp(cipher, crypt_passwd) != 0) {
308                         syslog(LOG_WARNING, "incorrect password for '%s'",
309                                    pw->pw_name);
310                         bb_do_delay(FAIL_DELAY);
311                         puts("Incorrect password");
312                         /* return -1; */
313                         return 1;
314                 }
315                 safe_strncpy(orig, clear, sizeof(orig));
316                 memset(clear, 0, strlen(clear));
317                 memset(cipher, 0, strlen(cipher));
318         } else {
319                 orig[0] = '\0';
320         }
321         cp = bb_askpass(0, "Enter the new password (minimum of 5 characters).\n"
322                            "Please use a combination of upper and lower case letters and numbers.\n"
323                            "Enter new password: ");
324         if (!cp ) {
325                 memset(orig, 0, sizeof orig);
326                 /* return -1; */
327                 return 1;
328         }
329         safe_strncpy(pass, cp, sizeof(pass));
330         memset(cp, 0, strlen(cp));
331         /* if (!obscure(orig, pass, pw)) { */
332         if (obscure(orig, pass, pw)) {
333                 if (amroot) {
334                         puts("\nWarning: weak password (continuing)");
335                 } else {
336                         /* return -1; */
337                         return 1;
338                 }
339         }
340         cp = bb_askpass(0, "Re-enter new password: ");
341         if (!cp) {
342                 memset(orig, 0, sizeof orig);
343                 /* return -1; */
344                 return 1;
345         }
346         if (strcmp(cp, pass)) {
347                 puts("Passwords do not match");
348                 /* return -1; */
349                 return 1;
350         }
351         memset(cp, 0, strlen(cp));
352         memset(orig, 0, sizeof(orig));
353         memset(salt, 0, sizeof(salt));
354
355         if (algo == 1) {
356                 strcpy(salt, "$1$");
357                 strcat(salt, crypt_make_salt());
358                 strcat(salt, crypt_make_salt());
359                 strcat(salt, crypt_make_salt());
360         }
361
362         strcat(salt, crypt_make_salt());
363         cp = pw_encrypt(pass, salt);
364
365         memset(pass, 0, sizeof pass);
366         safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
367         return 0;
368 }
369
370 static void set_filesize_limit(int blocks)
371 {
372         struct rlimit rlimit_fsize;
373
374         rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * blocks;
375         setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
376 }