LXR toybox/toys/lsb/passwd.c

   1/* passwd.c - Program to update user password.
   2 *
   3 * Copyright 2012 Ashwini Kumar <ak.ashwini@gmail.com>
   4 * Modified 2012 Jason Kyungwan Han <asura321@gmail.com>
   5 *
   6 * http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/passwd.html
   7
   8USE_PASSWD(NEWTOY(passwd, ">1a:dlu", TOYFLAG_STAYROOT|TOYFLAG_USR|TOYFLAG_BIN))
   9
  10config PASSWD
  11  bool "passwd"
  12  default y
  13  help
  14    usage: passwd [-a ALGO] [-dlu] [USER]
  15
  16    Update user's authentication tokens. Defaults to current user.
  17
  18    -a ALGO     Encryption method (des, md5, sha256, sha512) default: des
  19    -d          Set password to ''
  20    -l          Lock (disable) account
  21    -u          Unlock (enable) account
  22
  23config PASSWD_SAD
  24  bool "Add sad password checking heuristics"
  25  default n
  26  depends on PASSWD
  27  help
  28    Password changes are checked to make sure they're at least 6 chars long,
  29    don't include the entire username (but not a subset of it), or the entire
  30    previous password (but changing password1, password2, password3 is fine).
  31    This heuristic accepts "aaaaaa" and "123456".
  32*/
  33
  34#define FOR_passwd
  35#include "toys.h"
  36
  37GLOBALS(
  38  char *a;
  39)
  40
  41// Sad advisory heuristic, won't find password1 password2 password3...
  42static void weak_check(char *new, char *old, char *user)
  43{
  44  char *msg = 0;
  45
  46  if (strlen(new) < 6) msg = "too short";
  47  if (*new) {
  48    if (strcasestr(new, user) || strcasestr(user, new)) msg = "user";
  49    if (*old && (strcasestr(new, old) || strcasestr(old, new))) msg = "old";
  50  }
  51  if (msg) xprintf("BAD PASSWORD: %s\n",msg);
  52}
  53
  54void passwd_main(void)
  55{
  56  uid_t myuid;
  57  struct passwd *pw = 0;
  58  struct spwd *sp;
  59  char *pass, *name, *encrypted = 0, salt[MAX_SALT_LEN];
  60
  61  // If we're root or not -lud, load specified user. Exit if not allowed.
  62  if (!(myuid = getuid()) || !(toys.optflags&(FLAG_l|FLAG_u|FLAG_d))) {
  63    if (*toys.optargs) pw = xgetpwnam(*toys.optargs);
  64    else pw = xgetpwuid(myuid);
  65  }
  66  if (!pw || (myuid && (myuid != pw->pw_uid))) error_exit("Not root");
  67
  68  // Get password from /etc/passwd or /etc/shadow
  69  // TODO: why still support non-shadow passwords...?
  70  name = pw->pw_name;
  71  if (*(pass = pw->pw_passwd)=='x' && (sp = getspnam(name))) pass = sp->sp_pwdp;
  72
  73  if (FLAG(l)) {
  74    if (*pass=='!') error_exit("already locked");
  75    printf("Locking '%s'\n", name);
  76    encrypted = xmprintf("!%s", pass);
  77  } else if (FLAG(u)) {
  78    if (*pass!='!') error_exit("already unlocked");
  79    printf("Unlocking '%s'\n", name);
  80    encrypted = pass+1;
  81  } else if (FLAG(d)) {
  82    printf("Deleting password for '%s'\n", name);
  83    *(encrypted = toybuf) = 0;
  84  } else {
  85    if (!TT.a) TT.a = "des";
  86    if (get_salt(salt, TT.a)<0) error_exit("bad -a '%s'", TT.a);
  87
  88    printf("Changing password for %s\n", name);
  89    if (myuid) {
  90      if (*pass=='!') error_exit("'%s' locked", name);
  91
  92      if (read_password(toybuf+2048, 2048, "Old password:")) return;
  93      pass = crypt(toybuf+2048, pw->pw_passwd);
  94      if (!pass || strcmp(pass, pw->pw_passwd)) error_exit("No");
  95    }
  96
  97    if (read_password(toybuf, 2048, "New password:")) return;
  98
  99    if (CFG_PASSWD_SAD) weak_check(toybuf, toybuf+2048, name);
 100    if (read_password(toybuf+2048, 2048, "Retype password:")) return;
 101    if (strcmp(toybuf, toybuf+2048)) error_exit("Passwords do not match.");
 102
 103    encrypted = crypt(toybuf, salt);
 104  }
 105
 106  // Update the passwd
 107  if (update_password(*pw->pw_passwd=='x' ? "/etc/shadow" : "/etc/passwd",
 108    name, encrypted, 1)) error_msg("Failure");
 109  else fprintf(stderr, "Success\n");
 110
 111  memset(toybuf, 0, sizeof(toybuf));
 112  memset(encrypted, 0, strlen(encrypted));
 113  free(encrypted);
 114}
 115