static QByteArray encrypt( const QString& value )
{
if ( value.isEmpty() )
return QByteArray();
QByteArray data = value.toUtf8();
#if defined( HAVE_WINCRYPT )
DATA_BLOB input;
input.pbData = (BYTE*)data.data();
input.cbData = data.length();
DATA_BLOB output;
if ( !CryptProtectData( &input, L"", NULL, NULL, NULL, 0, &output ) )
return QByteArray();
QByteArray result( (char*)output.pbData, output.cbData );
LocalFree( output.pbData );
return result;
#else
return obscure( data );
#endif
}
static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo)
{
char salt[MAX_PW_SALT_LEN];
char *orig = (char*)"";
char *newp = NULL;
char *cp = NULL;
char *ret = NULL; /* failure so far */
if (myuid != 0 && pw->pw_passwd[0]) {
char *encrypted;
orig = bb_ask_stdin("Old password: "******"incorrect password for %s", pw->pw_name);
bb_do_delay(LOGIN_FAIL_DELAY);
puts("Incorrect password");
goto err_ret;
}
if (ENABLE_FEATURE_CLEAN_UP)
free(encrypted);
}
orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
newp = bb_ask_stdin("New password: "******"Retype password: "******"Passwords don't match");
goto err_ret;
}
crypt_make_pw_salt(salt, algo);
/* pw_encrypt returns malloced str */
ret = pw_encrypt(newp, salt, 1);
/* whee, success! */
err_ret:
nuke_str(orig);
if (ENABLE_FEATURE_CLEAN_UP) free(orig);
nuke_str(newp);
if (ENABLE_FEATURE_CLEAN_UP) free(newp);
nuke_str(cp);
return ret;
}
/*
** Remember the URL and password if requested.
*/
void url_remember(void){
if( g.url.flags & URL_REMEMBER ){
db_set("last-sync-url", g.url.canonical, 0);
if( g.url.user!=0 && g.url.passwd!=0 && ( g.url.flags & URL_REMEMBER_PW ) ){
db_set("last-sync-pw", obscure(g.url.passwd), 0);
}
}
}
static QString decrypt( const QByteArray& value )
{
if ( value.isEmpty() )
return QString();
#if defined( HAVE_WINCRYPT )
DATA_BLOB input;
input.pbData = (BYTE*)value.data();
input.cbData = value.length();
DATA_BLOB output;
if ( !CryptUnprotectData( &input, NULL, NULL, NULL, NULL, 0, &output ) )
return QString();
QByteArray data( (char*)output.pbData, output.cbData );
LocalFree( output.pbData );
#else
QByteArray data = obscure( value );
#endif
return QString::fromUtf8( data );
}
/*
* new_password - validate old password and replace with new (both old and
* new in global "char crypt_passwd[128]")
*/
static int new_password (const struct passwd *pw)
{
char *clear; /* Pointer to clear text */
char *cipher; /* Pointer to cipher text */
char *cp; /* Pointer to getpass() response */
char orig[200]; /* Original password */
char pass[200]; /* New password */
int i; /* Counter for retries */
int warned;
int pass_max_len = -1;
char *method;
#ifdef HAVE_LIBCRACK_HIST
int HistUpdate (const char *, const char *);
#endif /* HAVE_LIBCRACK_HIST */
/*
* Authenticate the user. The user will be prompted for their own
* password.
*/
if (!amroot && crypt_passwd[0]) {
clear = getpass (_("Old password: "******"incorrect password for %s",
pw->pw_name));
sleep (1);
fprintf (stderr,
_("Incorrect password for %s.\n"),
pw->pw_name);
return -1;
}
STRFCPY (orig, clear);
strzero (clear);
strzero (cipher);
} else {
orig[0] = '\0';
}
/*
* Get the new password. The user is prompted for the new password
* and has five tries to get it right. The password will be tested
* for strength, unless it is the root user. This provides an escape
* for initial login passwords.
*/
if ((method = getdef_str ("ENCRYPT_METHOD")) == NULL) {
if (!getdef_bool ("MD5_CRYPT_ENAB")) {
pass_max_len = getdef_num ("PASS_MAX_LEN", 8);
}
} else {
if ( (strcmp (method, "MD5") == 0)
#ifdef USE_SHA_CRYPT
|| (strcmp (method, "SHA256") == 0)
|| (strcmp (method, "SHA512") == 0)
#endif /* USE_SHA_CRYPT */
) {
pass_max_len = -1;
} else {
pass_max_len = getdef_num ("PASS_MAX_LEN", 8);
}
}
if (!qflg) {
if (pass_max_len == -1) {
printf (_(
"Enter the new password (minimum of %d characters)\n"
"Please use a combination of upper and lower case letters and numbers.\n"),
getdef_num ("PASS_MIN_LEN", 5));
} else {
printf (_(
"Enter the new password (minimum of %d, maximum of %d characters)\n"
"Please use a combination of upper and lower case letters and numbers.\n"),
getdef_num ("PASS_MIN_LEN", 5), pass_max_len);
}
}
warned = 0;
for (i = getdef_num ("PASS_CHANGE_TRIES", 5); i > 0; i--) {
cp = getpass (_("New password: "******"Try again."));
continue;
}
/*
* If enabled, warn about weak passwords even if you are
* root (enter this password again to use it anyway).
* --marekm
*/
if (amroot && !warned && getdef_bool ("PASS_ALWAYS_WARN")
&& (!obscure (orig, pass, pw) || reuse (pass, pw))) {
puts (_("\nWarning: weak password (enter it again to use it anyway)."));
warned++;
continue;
}
cp = getpass (_("Re-enter new password: "******"They don't match; try again.\n"), stderr);
} else {
strzero (cp);
break;
}
}
memzero (orig, sizeof orig);
if (i == 0) {
memzero (pass, sizeof pass);
return -1;
}
/*
* Encrypt the password, then wipe the cleartext password.
*/
cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
memzero (pass, sizeof pass);
#ifdef HAVE_LIBCRACK_HIST
HistUpdate (pw->pw_name, crypt_passwd);
#endif /* HAVE_LIBCRACK_HIST */
STRFCPY (crypt_passwd, cp);
return 0;
}
