/* vi: set sw=4 ts=4: */
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <utime.h>
-#include <syslog.h>
-#include <time.h>
-#include <sys/resource.h>
-#include <errno.h>
+/*
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ */
#include "busybox.h"
+#include <syslog.h>
static char crypt_passwd[128];
static void set_filesize_limit(int blocks);
-int get_algo(char *a)
+static int get_algo(char *a)
{
- int x = 0; /* standart: DES */
+ int x = 1; /* standard: MD5 */
- if (strcasecmp(a, "md5") == 0)
- x = 1;
+ if (strcasecmp(a, "des") == 0)
+ x = 0;
return x;
}
-extern int update_passwd(const struct passwd *pw, char *crypt_pw)
+static int update_passwd(const struct passwd *pw, const char *crypt_pw)
{
char filename[1024];
char buf[1025];
char buffer[80];
char username[32];
char *pw_rest;
- int has_shadow = 0;
int mask;
int continued;
FILE *fp;
struct stat sb;
struct flock lock;
- if (access(shadow_file, F_OK) == 0) {
- has_shadow = 1;
- }
- if (has_shadow) {
- snprintf(filename, sizeof filename, "%s", shadow_file);
- } else {
- snprintf(filename, sizeof filename, "%s", passwd_file);
+#if ENABLE_FEATURE_SHADOWPASSWDS
+ if (access(bb_path_shadow_file, F_OK) == 0) {
+ snprintf(filename, sizeof filename, "%s", bb_path_shadow_file);
+ } else
+#endif
+ {
+ snprintf(filename, sizeof filename, "%s", bb_path_passwd_file);
}
if (((fp = fopen(filename, "r+")) == 0) || (fstat(fileno(fp), &sb))) {
rewind(fp);
while (!feof(fp)) {
fgets(buffer, sizeof buffer, fp);
- if (!continued) { // Check to see if we're updating this line.
- if (strncmp(username, buffer, strlen(username)) == 0) { // we have a match.
+ if (!continued) { /* Check to see if we're updating this line. */
+ if (strncmp(username, buffer, strlen(username)) == 0) {
+ /* we have a match. */
pw_rest = strchr(buffer, ':');
*pw_rest++ = '\0';
pw_rest = strchr(pw_rest, ':');
} else {
continued = 1;
}
- bzero(buffer, sizeof buffer);
+ memset(buffer, 0, sizeof buffer);
}
if (fflush(out_fp) || fsync(fileno(out_fp)) || fclose(out_fp)) {
}
-extern int passwd_main(int argc, char **argv)
+int passwd_main(int argc, char **argv)
{
int amroot;
char *cp;
char *name;
char *myname;
int flag;
- int algo = 0; /* -a - password algorithm */
+ int algo = 1; /* -a - password algorithm */
int lflg = 0; /* -l - lock account */
int uflg = 0; /* -u - unlock account */
int dflg = 0; /* -d - delete password */
const struct passwd *pw;
- unsigned short ruid;
-#ifdef CONFIG_FEATURE_SHADOWPASSWDS
- const struct spwd *sp;
-#endif /* CONFIG_FEATURE_SHADOWPASSWDS */
amroot = (getuid() == 0);
openlog("passwd", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
while ((flag = getopt(argc, argv, "a:dlu")) != EOF) {
uflg++;
break;
default:
- show_usage();
+ bb_show_usage();
}
}
- ruid = getuid();
- pw = (struct passwd *) getpwuid(ruid);
- if (!pw) {
- error_msg_and_die("Cannot determine your user name.");
- }
- myname = (char *) xstrdup(pw->pw_name);
+ myname = (char *) xstrdup(bb_getpwuid(NULL, getuid(), -1));
+ /* exits on error */
if (optind < argc) {
name = argv[optind];
} else {
name = myname;
}
if ((lflg || uflg || dflg) && (optind >= argc || !amroot)) {
- show_usage();
+ bb_show_usage();
}
pw = getpwnam(name);
if (!pw) {
- error_msg_and_die("Unknown user %s\n", name);
+ bb_error_msg_and_die("Unknown user %s\n", name);
}
if (!amroot && pw->pw_uid != getuid()) {
syslog(LOG_WARNING, "can't change pwd for `%s'", name);
- error_msg_and_die("Permission denied.\n");
- }
-#ifdef CONFIG_FEATURE_SHADOWPASSWDS
- sp = getspnam(name);
- if (!sp) {
- sp = (struct spwd *) pwd_to_spwd(pw);
+ bb_error_msg_and_die("Permission denied.\n");
}
- cp = sp->sp_pwdp;
- np = sp->sp_namp;
-#else
- cp = pw->pw_passwd;
- np = name;
-#endif /* CONFIG_FEATURE_SHADOWPASSWDS */
+ if (ENABLE_FEATURE_SHADOWPASSWDS) {
+ struct spwd *sp = getspnam(name);
+ if (!sp) bb_error_msg_and_die("Unknown user %s", name);
+ cp = sp->sp_pwdp;
+ } else cp = pw->pw_passwd;
+ np = name;
safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
if (!(dflg || lflg || uflg)) {
if (!amroot) {
if (cp[0] == '!') {
syslog(LOG_WARNING, "password locked for `%s'", np);
- error_msg_and_die( "The password for `%s' cannot be changed.\n", np);
+ bb_error_msg_and_die( "The password for `%s' cannot be changed.\n", np);
}
}
printf("Changing password for %s\n", name);
if (new_password(pw, amroot, algo)) {
- error_msg_and_die( "The password for %s is unchanged.\n", name);
+ bb_error_msg_and_die( "The password for %s is unchanged.\n", name);
}
} else if (lflg) {
if (crypt_passwd[0] != '!') {
signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
umask(077);
- if (setuid(0)) {
- syslog(LOG_ERR, "can't setuid(0)");
- error_msg_and_die( "Cannot change ID to root.\n");
- }
+ xsetuid(0);
if (!update_passwd(pw, crypt_passwd)) {
syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
myname);
printf("Password changed.\n");
} else {
syslog(LOG_WARNING, "an error occurred updating the password file");
- error_msg_and_die("An error occurred updating the password file.\n");
+ bb_error_msg_and_die("An error occurred updating the password file.\n");
}
+ if (ENABLE_FEATURE_CLEAN_UP) free(myname);
return (0);
}
char *clear;
char *cipher;
char *cp;
+ char salt[12]; /* "$N$XXXXXXXX" or "XX" */
char orig[200];
char pass[200];
- time_t start, now;
if (!amroot && crypt_passwd[0]) {
- if (!(clear = getpass("Old password:"))) {
+ if (!(clear = bb_askpass(0, "Old password:"))) {
/* return -1; */
return 1;
}
if (strcmp(cipher, crypt_passwd) != 0) {
syslog(LOG_WARNING, "incorrect password for `%s'",
pw->pw_name);
- time(&start);
- now = start;
- while (difftime(now, start) < FAIL_DELAY) {
- sleep(FAIL_DELAY);
- time(&now);
- }
+ bb_do_delay(FAIL_DELAY);
fprintf(stderr, "Incorrect password.\n");
/* return -1; */
return 1;
}
safe_strncpy(orig, clear, sizeof(orig));
- bzero(clear, strlen(clear));
- bzero(cipher, strlen(cipher));
+ memset(clear, 0, strlen(clear));
+ memset(cipher, 0, strlen(cipher));
} else {
orig[0] = '\0';
}
- if (! (cp=getpass("Enter the new password (minimum of 5, maximum of 8 characters)\n"
+ if (! (cp=bb_askpass(0, "Enter the new password (minimum of 5, maximum of 8 characters)\n"
"Please use a combination of upper and lower case letters and numbers.\n"
"Enter new password: ")))
{
- bzero(orig, sizeof orig);
+ memset(orig, 0, sizeof orig);
/* return -1; */
return 1;
}
safe_strncpy(pass, cp, sizeof(pass));
- bzero(cp, strlen(cp));
+ memset(cp, 0, strlen(cp));
/* if (!obscure(orig, pass, pw)) { */
if (obscure(orig, pass, pw)) {
if (amroot) {
return 1;
}
}
- if (!(cp = getpass("Re-enter new password: "))) {
- bzero(orig, sizeof orig);
+ if (!(cp = bb_askpass(0, "Re-enter new password: "))) {
+ memset(orig, 0, sizeof orig);
/* return -1; */
return 1;
}
/* return -1; */
return 1;
}
- bzero(cp, strlen(cp));
- bzero(orig, sizeof(orig));
+ memset(cp, 0, strlen(cp));
+ memset(orig, 0, sizeof(orig));
+ memset(salt, 0, sizeof(salt));
if (algo == 1) {
- cp = pw_encrypt(pass, "$1$");
- } else
- cp = pw_encrypt(pass, crypt_make_salt());
- bzero(pass, sizeof pass);
+ strcpy(salt, "$1$");
+ strcat(salt, crypt_make_salt());
+ strcat(salt, crypt_make_salt());
+ strcat(salt, crypt_make_salt());
+ }
+
+ strcat(salt, crypt_make_salt());
+ cp = pw_encrypt(pass, salt);
+
+ memset(pass, 0, sizeof pass);
safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
return 0;
}