+ char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
+ char *orig = (char*)"";
+ char *newp = NULL;
+ char *cp = NULL;
+ char *ret = NULL; /* failure so far */
+
+ if (myuid && pw->pw_passwd[0]) {
+ char *encrypted;
+
+ orig = bb_ask_stdin("Old password: "); /* returns ptr to static */
+ if (!orig)
+ goto err_ret;
+ encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */
+ if (strcmp(encrypted, pw->pw_passwd) != 0) {
+ syslog(LOG_WARNING, "incorrect password for %s",
+ pw->pw_name);
+ bb_do_delay(FAIL_DELAY);
+ puts("Incorrect password");
+ goto err_ret;
+ }
+ if (ENABLE_FEATURE_CLEAN_UP) free(encrypted);
+ }
+ orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
+ newp = bb_ask_stdin("New password: "); /* returns ptr to static */
+ if (!newp)
+ goto err_ret;
+ newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
+ if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
+ && obscure(orig, newp, pw) && myuid)
+ goto err_ret; /* non-root is not allowed to have weak passwd */
+
+ cp = bb_ask_stdin("Retype password: ");
+ if (!cp)
+ goto err_ret;
+ if (strcmp(cp, newp)) {
+ puts("Passwords don't match");
+ goto err_ret;
+ }
+
+ crypt_make_salt(salt, 1, 0); /* des */
+ if (algo) { /* MD5 */
+ strcpy(salt, "$1$");
+ crypt_make_salt(salt + 3, 4, 0);
+ }
+ /* pw_encrypt returns malloced str */
+ ret = pw_encrypt(newp, salt, 1);
+ /* whee, success! */
+
+ err_ret:
+ nuke_str(orig);
+ if (ENABLE_FEATURE_CLEAN_UP) free(orig);
+ nuke_str(newp);
+ if (ENABLE_FEATURE_CLEAN_UP) free(newp);
+ nuke_str(cp);
+ return ret;
+}