1/* vi: set sw=4 ts=4: */ 2/* 3 * Copyright 1989 - 1991, Julianne Frances Haugh <jockgrrl@austin.rr.com> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of Julianne F. Haugh nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ''AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30#include "libbb.h" 31 32#define SHADOW_BUFSIZE 256 33 34/* Retrieve encrypted password string for pw. 35 * If pw == NULL, return a string which fails password check against any 36 * password. 37 */ 38#if !ENABLE_FEATURE_SHADOWPASSWDS 39#define get_passwd(pw, buffer) get_passwd(pw) 40#endif 41static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZE]) 42{ 43 const char *pass; 44 45 if (!pw) 46 return "aa"; /* "aa" will never match */ 47 48 pass = pw->pw_passwd; 49#if ENABLE_FEATURE_SHADOWPASSWDS 50 /* Using _r function to avoid pulling in static buffers */ 51 if ((pass[0] == 'x' || pass[0] == '*') && !pass[1]) { 52 struct spwd spw; 53 int r; 54 /* getspnam_r may return 0 yet set result to NULL. 55 * At least glibc 2.4 does this. Be extra paranoid here. */ 56 struct spwd *result = NULL; 57 r = getspnam_r(pw->pw_name, &spw, buffer, SHADOW_BUFSIZE, &result); 58 pass = (r || !result) ? "aa" : result->sp_pwdp; 59 } 60#endif 61 return pass; 62} 63 64/* 65 * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD if PW has an empty password. 66 * Return 1 if the user gives the correct password for entry PW, 67 * 0 if not. 68 * NULL pw means "just fake it for login with bad username" 69 */ 70int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext) 71{ 72 IF_FEATURE_SHADOWPASSWDS(char buffer[SHADOW_BUFSIZE];) 73 char *encrypted; 74 const char *pw_pass; 75 int r; 76 77 pw_pass = get_passwd(pw, buffer); 78 if (!pw_pass[0]) { /* empty password field? */ 79 return CHECKPASS_PW_HAS_EMPTY_PASSWORD; 80 } 81 82 encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1); 83 r = (strcmp(encrypted, pw_pass) == 0); 84 free(encrypted); 85 return r; 86} 87 88 89/* Ask the user for a password. 90 * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD without asking if PW has an empty password. 91 * Return -1 on EOF, error while reading input, or timeout. 92 * Return 1 if the user gives the correct password for entry PW, 93 * 0 if not. 94 * 95 * NULL pw means "just fake it for login with bad username" 96 */ 97int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw, 98 int timeout, const char *prompt) 99{ 100 IF_FEATURE_SHADOWPASSWDS(char buffer[SHADOW_BUFSIZE];) 101 char *plaintext; 102 const char *pw_pass; 103 int r; 104 105 pw_pass = get_passwd(pw, buffer); 106 if (!pw_pass[0]) /* empty password field? */ 107 return CHECKPASS_PW_HAS_EMPTY_PASSWORD; 108 109 plaintext = bb_ask_noecho(STDIN_FILENO, timeout, prompt); 110 if (!plaintext) { 111 /* EOF (such as ^D) or error (such as ^C) or timeout */ 112 return -1; 113 } 114 115 r = check_password(pw, plaintext); 116 nuke_str(plaintext); 117 return r; 118} 119 120int FAST_FUNC ask_and_check_password(const struct passwd *pw) 121{ 122 return ask_and_check_password_extended(pw, 0, "Password: "); 123} 124