Home Explore Help
Sign In
ProjectNagae
/
toybox-clone
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 50361a1b07
Branches Tags
toybox-clone
/
toys
/
lsb
/
passwd.c

passwd.c 3.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. /* passwd.c - Program to update user password.
    2. 

  2.  *
    3. 

  3.  * Copyright 2012 Ashwini Kumar <ak.ashwini@gmail.com>
    4. 

  4.  * Modified 2012 Jason Kyungwan Han <asura321@gmail.com>
    5. 

  5.  *
    6. 

  6.  * http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/passwd.html
    7. 

  7. 

  8. USE_PASSWD(NEWTOY(passwd, ">1a:dlu", TOYFLAG_STAYROOT|TOYFLAG_USR|TOYFLAG_BIN))
    9. 

  9. 

  10. config PASSWD
    11. 

  11.   bool "passwd"
    12. 

  12.   default y
    13. 

  13.   depends on TOYBOX_SHADOW
    14. 

  14.   help
    15. 

  15.     usage: passwd [-a ALGO] [-dlu] [USER]
    16. 

  16. 

  17.     Update user's authentication tokens. Defaults to current user.
    18. 

  18. 

  19.     -a ALGO	Encryption method (des, md5, sha256, sha512) default: des
    20. 

  20.     -d		Set password to ''
    21. 

  21.     -l		Lock (disable) account
    22. 

  22.     -u		Unlock (enable) account
    23. 

  23. 

  24. config PASSWD_SAD
    25. 

  25.   bool "Add sad password checking heuristics"
    26. 

  26.   default n
    27. 

  27.   depends on PASSWD
    28. 

  28.   help
    29. 

  29.     Password changes are checked to make sure they're at least 6 chars long,
    30. 

  30.     don't include the entire username (but not a subset of it), or the entire
    31. 

  31.     previous password (but changing password1, password2, password3 is fine).
    32. 

  32.     This heuristic accepts "aaaaaa" and "123456".
    33. 

  33. */
    34. 

  34. 

  35. #define FOR_passwd
    36. 

  36. #include "toys.h"
    37. 

  37. 

  38. GLOBALS(
    39. 

  39.   char *a;
    40. 

  40. )
    41. 

  41. 

  42. // Sad advisory heuristic, won't find password1 password2 password3...
    43. 

  43. static void weak_check(char *new, char *old, char *user)
    44. 

  44. {
    45. 

  45.   char *msg = 0;
    46. 

  46. 

  47.   if (strlen(new) < 6) msg = "too short";
    48. 

  48.   if (*new) {
    49. 

  49.     if (strcasestr(new, user) || strcasestr(user, new)) msg = "user";
    50. 

  50.     if (*old && (strcasestr(new, old) || strcasestr(old, new))) msg = "old";
    51. 

  51.   }
    52. 

  52.   if (msg) xprintf("BAD PASSWORD: %s\n",msg);
    53. 

  53. }
    54. 

  54. 

  55. void passwd_main(void)
    56. 

  56. {
    57. 

  57.   uid_t myuid;
    58. 

  58.   struct passwd *pw = 0;
    59. 

  59.   struct spwd *sp;
    60. 

  60.   char *pass, *name, *encrypted = 0, salt[MAX_SALT_LEN];
    61. 

  61. 

  62.   // If we're root or not -lud, load specified user. Exit if not allowed.
    63. 

  63.   if (!(myuid = getuid()) || !(toys.optflags&(FLAG_l|FLAG_u|FLAG_d))) {
    64. 

  64.     if (*toys.optargs) pw = xgetpwnam(*toys.optargs);
    65. 

  65.     else pw = xgetpwuid(myuid);
    66. 

  66.   }
    67. 

  67.   if (!pw || (myuid && (myuid != pw->pw_uid))) error_exit("Not root");
    68. 

  68. 

  69.   // Get password from /etc/passwd or /etc/shadow
    70. 

  70.   // TODO: why still support non-shadow passwords...?
    71. 

  71.   name = pw->pw_name;
    72. 

  72.   if (*(pass = pw->pw_passwd)=='x' && (sp = getspnam(name))) pass = sp->sp_pwdp;
    73. 

  73. 

  74.   if (FLAG(l)) {
    75. 

  75.     if (*pass=='!') error_exit("already locked");
    76. 

  76.     printf("Locking '%s'\n", name);
    77. 

  77.     encrypted = xmprintf("!%s", pass);
    78. 

  78.   } else if (FLAG(u)) {
    79. 

  79.     if (*pass!='!') error_exit("already unlocked");
    80. 

  80.     printf("Unlocking '%s'\n", name);
    81. 

  81.     encrypted = pass+1;
    82. 

  82.   } else if (FLAG(d)) {
    83. 

  83.     printf("Deleting password for '%s'\n", name);
    84. 

  84.     *(encrypted = toybuf) = 0;
    85. 

  85.   } else {
    86. 

  86.     if (!TT.a) TT.a = "des";
    87. 

  87.     if (get_salt(salt, TT.a)<0) error_exit("bad -a '%s'", TT.a);
    88. 

  88. 

  89.     printf("Changing password for %s\n", name);
    90. 

  90.     if (myuid) {
    91. 

  91.       if (*pass=='!') error_exit("'%s' locked", name);
    92. 

  92. 

  93.       if (read_password(toybuf+2048, 2048, "Old password:")) return;
    94. 

  94.       pass = crypt(toybuf+2048, pw->pw_passwd);
    95. 

  95.       if (!pass || strcmp(pass, pw->pw_passwd)) error_exit("No");
    96. 

  96.     }
    97. 

  97. 

  98.     if (read_password(toybuf, 2048, "New password:")) return;
    99. 

  99. 

  100.     if (CFG_PASSWD_SAD) weak_check(toybuf, toybuf+2048, name);
    101. 

  101.     if (read_password(toybuf+2048, 2048, "Retype password:")) return;
    102. 

  102.     if (strcmp(toybuf, toybuf+2048)) error_exit("Passwords do not match.");
    103. 

  103. 

  104.     encrypted = crypt(toybuf, salt);
    105. 

  105.   }
    106. 

  106. 

  107.   // Update the passwd
    108. 

  108.   if (update_password(*pw->pw_passwd=='x' ? "/etc/shadow" : "/etc/passwd",
    109. 

  109.     name, encrypted, 1)) error_msg("Failure");
    110. 

  110.   else fprintf(stderr, "Success\n");
    111. 

  111. 

  112.   memset(toybuf, 0, sizeof(toybuf));
    113. 

  113.   memset(encrypted, 0, strlen(encrypted));
    114. 

  114.   free(encrypted);
    115. 

  115. }
    116.