X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=loginutils%2Fpasswd.c;h=728e6186760ee5e997d1bbd7920aaf682f6b6473;hb=e298ce69baef029f3951dd1d5ed50fdbc6c55c80;hp=cd98d410180a08ff9af600686b7a0414d6548d64;hpb=21d1014b5b91d1a1319273945291b7a9f4717827;p=oweals%2Fbusybox.git diff --git a/loginutils/passwd.c b/loginutils/passwd.c index cd98d4101..728e61867 100644 --- a/loginutils/passwd.c +++ b/loginutils/passwd.c @@ -1,12 +1,10 @@ /* vi: set sw=4 ts=4: */ /* - * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. + * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ - #include "libbb.h" #include - static void nuke_str(char *str) { if (str) memset(str, 0, strlen(str)); @@ -17,33 +15,35 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo) char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */ char *orig = (char*)""; char *newp = NULL; - char *cipher = NULL; char *cp = NULL; char *ret = NULL; /* failure so far */ if (myuid && pw->pw_passwd[0]) { - orig = bb_askpass(0, "Old password:"); /* returns ptr to static */ + char *encrypted; + + orig = bb_ask_stdin("Old password: "); /* returns ptr to static */ if (!orig) goto err_ret; - cipher = pw_encrypt(orig, pw->pw_passwd); /* returns ptr to static */ - if (strcmp(cipher, pw->pw_passwd) != 0) { - syslog(LOG_WARNING, "incorrect password for '%s'", + encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */ + if (strcmp(encrypted, pw->pw_passwd) != 0) { + syslog(LOG_WARNING, "incorrect password for %s", pw->pw_name); bb_do_delay(FAIL_DELAY); puts("Incorrect password"); goto err_ret; } + if (ENABLE_FEATURE_CLEAN_UP) free(encrypted); } - orig = xstrdup(orig); /* or else bb_askpass() will destroy it */ - newp = bb_askpass(0, "New password:"); /* returns ptr to static */ + orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */ + newp = bb_ask_stdin("New password: "); /* returns ptr to static */ if (!newp) goto err_ret; - newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */ + newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */ if (ENABLE_FEATURE_PASSWD_WEAK_CHECK && obscure(orig, newp, pw) && myuid) goto err_ret; /* non-root is not allowed to have weak passwd */ - cp = bb_askpass(0, "Retype password:"); + cp = bb_ask_stdin("Retype password: "); if (!cp) goto err_ret; if (strcmp(cp, newp)) { @@ -51,13 +51,13 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo) goto err_ret; } - /*memset(salt, 0, sizeof(salt)); - why?*/ crypt_make_salt(salt, 1, 0); /* des */ if (algo) { /* MD5 */ strcpy(salt, "$1$"); crypt_make_salt(salt + 3, 4, 0); } - ret = xstrdup(pw_encrypt(newp, salt)); /* returns ptr to static */ + /* pw_encrypt returns malloced str */ + ret = pw_encrypt(newp, salt, 1); /* whee, success! */ err_ret: @@ -65,13 +65,12 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo) if (ENABLE_FEATURE_CLEAN_UP) free(orig); nuke_str(newp); if (ENABLE_FEATURE_CLEAN_UP) free(newp); - nuke_str(cipher); nuke_str(cp); return ret; } -int passwd_main(int argc, char **argv); -int passwd_main(int argc, char **argv) +int passwd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; +int passwd_main(int argc UNUSED_PARAM, char **argv) { enum { OPT_algo = 0x1, /* -a - password algorithm */ @@ -80,7 +79,7 @@ int passwd_main(int argc, char **argv) OPT_delete = 0x8, /* -d - delete password */ OPT_lud = 0xe, STATE_ALGO_md5 = 0x10, - /*STATE_ALGO_des = 0x20, not needed yet */ + //STATE_ALGO_des = 0x20, not needed yet }; unsigned opt; int rc; @@ -93,18 +92,16 @@ int passwd_main(int argc, char **argv) uid_t myuid; struct rlimit rlimit_fsize; char c; - #if ENABLE_FEATURE_SHADOWPASSWDS /* Using _r function to avoid pulling in static buffers */ struct spwd spw; - struct spwd *result; char buffer[256]; #endif logmode = LOGMODE_BOTH; - openlog(applet_name, LOG_NOWAIT, LOG_AUTH); - opt = getopt32(argc, argv, "a:lud", &opt_a); - argc -= optind; + openlog(applet_name, 0, LOG_AUTH); + opt = getopt32(argv, "a:lud", &opt_a); + //argc -= optind; argv += optind; if (strcasecmp(opt_a, "des") != 0) /* -a */ @@ -112,29 +109,42 @@ int passwd_main(int argc, char **argv) //else // opt |= STATE_ALGO_des; myuid = getuid(); - if ((opt & OPT_lud) && (!argc || myuid)) + /* -l, -u, -d require root priv and username argument */ + if ((opt & OPT_lud) && (myuid || !argv[0])) bb_show_usage(); - myname = xstrdup(bb_getpwuid(NULL, myuid, -1)); - name = argc ? argv[0] : myname; + /* Will complain and die if username not found */ + myname = xstrdup(xuid2uname(myuid)); + name = argv[0] ? argv[0] : myname; - pw = getpwnam(name); - if (!pw) bb_error_msg_and_die("unknown user %s", name); + pw = xgetpwnam(name); if (myuid && pw->pw_uid != myuid) { /* LOGMODE_BOTH */ bb_error_msg_and_die("%s can't change password for %s", myname, name); } - filename = bb_path_passwd_file; #if ENABLE_FEATURE_SHADOWPASSWDS - if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) { - /* LOGMODE_BOTH */ - bb_error_msg("no record of %s in %s, using %s", - name, bb_path_shadow_file, - bb_path_passwd_file); - } else { - filename = bb_path_shadow_file; - pw->pw_passwd = spw.sp_pwdp; + { + /* getspnam_r may return 0 yet set result to NULL. + * At least glibc 2.4 does this. Be extra paranoid here. */ + struct spwd *result = NULL; + errno = 0; + if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result) != 0 + || !result /* no error, but no record found either */ + || strcmp(result->sp_namp, pw->pw_name) != 0 /* paranoia */ + ) { + if (errno != ENOENT) { + /* LOGMODE_BOTH */ + bb_perror_msg("no record of %s in %s, using %s", + name, bb_path_shadow_file, + bb_path_passwd_file); + } + /* else: /etc/shadow does not exist, + * apparently we are on a shadow-less system, + * no surprise there */ + } else { + pw->pw_passwd = result->sp_pwdp; + } } #endif @@ -144,7 +154,7 @@ int passwd_main(int argc, char **argv) if (!(opt & OPT_lud)) { if (myuid && !c) { /* passwd starts with '!' */ /* LOGMODE_BOTH */ - bb_error_msg_and_die("cannot change " + bb_error_msg_and_die("can't change " "locked password for %s", name); } printf("Changing password for %s\n", name); @@ -158,27 +168,41 @@ int passwd_main(int argc, char **argv) newp = xasprintf("!%s", pw->pw_passwd); } else if (opt & OPT_unlock) { if (c) goto skip; /* not '!' */ + /* pw->pw_passwd points to static storage, + * strdup'ing to avoid nasty surprizes */ newp = xstrdup(&pw->pw_passwd[1]); } else if (opt & OPT_delete) { - newp = xstrdup(""); + //newp = xstrdup(""); + newp = (char*)""; } rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000; setrlimit(RLIMIT_FSIZE, &rlimit_fsize); - signal(SIGHUP, SIG_IGN); - signal(SIGINT, SIG_IGN); - signal(SIGQUIT, SIG_IGN); + bb_signals(0 + + (1 << SIGHUP) + + (1 << SIGINT) + + (1 << SIGQUIT) + , SIG_IGN); umask(077); xsetuid(0); - rc = update_passwd(filename, name, newp); - logmode = LOGMODE_BOTH; + +#if ENABLE_FEATURE_SHADOWPASSWDS + filename = bb_path_shadow_file; + rc = update_passwd(bb_path_shadow_file, name, newp, NULL); + if (rc == 0) /* no lines updated, no errors detected */ +#endif + { + filename = bb_path_passwd_file; + rc = update_passwd(bb_path_passwd_file, name, newp, NULL); + } + /* LOGMODE_BOTH */ if (rc < 0) - bb_error_msg_and_die("cannot update password file %s", + bb_error_msg_and_die("can't update password file %s", filename); bb_info_msg("Password for %s changed by %s", name, myname); - if (ENABLE_FEATURE_CLEAN_UP) free(newp); -skip: + //if (ENABLE_FEATURE_CLEAN_UP) free(newp); + skip: if (!newp) { bb_error_msg_and_die("password for %s is already %slocked", name, (opt & OPT_unlock) ? "un" : "");