static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo) { char salt[MAX_PW_SALT_LEN]; char *orig = (char*)""; char *newp = NULL; char *cp = NULL; char *ret = NULL; /* failure so far */ if (myuid != 0 && pw->pw_passwd[0]) { char *encrypted; orig = bb_ask_stdin("Old password: "******"incorrect password for %s", pw->pw_name); bb_do_delay(LOGIN_FAIL_DELAY); puts("Incorrect password"); goto err_ret; } if (ENABLE_FEATURE_CLEAN_UP) free(encrypted); } orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */ newp = bb_ask_stdin("New password: "******"Retype password: "******"Passwords don't match"); goto err_ret; } crypt_make_pw_salt(salt, algo); /* pw_encrypt returns malloced str */ ret = pw_encrypt(newp, salt, 1); /* whee, success! */ err_ret: nuke_str(orig); if (ENABLE_FEATURE_CLEAN_UP) free(orig); nuke_str(newp); if (ENABLE_FEATURE_CLEAN_UP) free(newp); nuke_str(cp); return ret; }
int cryptpw_main(int argc UNUSED_PARAM, char **argv) { /* Supports: cryptpw -m sha256 PASS 'rounds=999999999$SALT' */ char salt[MAX_PW_SALT_LEN + sizeof("rounds=999999999$")]; char *salt_ptr; char *password; const char *opt_m, *opt_S; int fd; #if ENABLE_LONG_OPTS static const char mkpasswd_longopts[] ALIGN1 = "stdin\0" No_argument "s" "password-fd\0" Required_argument "P" "salt\0" Required_argument "S" "method\0" Required_argument "m" ; applet_long_options = mkpasswd_longopts; #endif fd = STDIN_FILENO; opt_m = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO; opt_S = NULL; /* at most two non-option arguments; -P NUM */ opt_complementary = "?2"; getopt32(argv, "sP:+S:m:a:", &fd, &opt_S, &opt_m, &opt_m); argv += optind; /* have no idea how to handle -s... */ if (argv[0] && !opt_S) opt_S = argv[1]; salt_ptr = crypt_make_pw_salt(salt, opt_m); if (opt_S) /* put user's data after the "$N$" prefix */ safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1)); xmove_fd(fd, STDIN_FILENO); password = argv[0]; if (!password) { /* Only mkpasswd, and only from tty, prompts. * Otherwise it is a plain read. */ password = (ENABLE_MKPASSWD && isatty(STDIN_FILENO) && applet_name[0] == 'm') ? bb_ask_stdin("Password: ") : xmalloc_fgetline(stdin) ; /* may still be NULL on EOF/error */ } if (password) puts(pw_encrypt(password, salt, 1)); return EXIT_SUCCESS; }
int cryptpw_main(int argc UNUSED_PARAM, char **argv) { char salt[MAX_PW_SALT_LEN]; char *salt_ptr; const char *opt_m, *opt_S; int fd; #if ENABLE_LONG_OPTS static const char mkpasswd_longopts[] ALIGN1 = "stdin\0" No_argument "s" "password-fd\0" Required_argument "P" "salt\0" Required_argument "S" "method\0" Required_argument "m" ; applet_long_options = mkpasswd_longopts; #endif fd = STDIN_FILENO; opt_m = "d"; opt_S = NULL; /* at most two non-option arguments; -P NUM */ opt_complementary = "?2:P+"; getopt32(argv, "sP:S:m:a:", &fd, &opt_S, &opt_m, &opt_m); argv += optind; /* have no idea how to handle -s... */ if (argv[0] && !opt_S) opt_S = argv[1]; salt_ptr = crypt_make_pw_salt(salt, opt_m); if (opt_S) safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1)); xmove_fd(fd, STDIN_FILENO); puts(pw_encrypt( argv[0] ? argv[0] : ( /* Only mkpasswd, and only from tty, prompts. * Otherwise it is a plain read. */ (isatty(STDIN_FILENO) && applet_name[0] == 'm') ? bb_ask_stdin("Password: ") : xmalloc_fgetline(stdin) ), salt, 1)); return EXIT_SUCCESS; }
int FAST_FUNC correct_password(const struct passwd *pw) { char *unencrypted, *encrypted; const char *correct; int r; /* fake salt. crypt() can choke otherwise. */ correct = "aa"; if (!pw) { /* "aa" will never match */ goto fake_it; } correct = pw->pw_passwd; #if ENABLE_FEATURE_SHADOWPASSWDS /* Using _r function to avoid pulling in static buffers */ if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) { struct spwd spw; char buffer[256]; /* getspnam_r may return 0 yet set result to NULL. * At least glibc 2.4 does this. Be extra paranoid here. */ struct spwd *result = NULL; r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result); correct = (r || !result) ? "aa" : result->sp_pwdp; } #endif if (!correct[0]) /* empty password field? */ return 1; fake_it: unencrypted = bb_ask_stdin("Password: "); if (!unencrypted) { return 0; } encrypted = pw_encrypt(unencrypted, correct, 1); r = (strcmp(encrypted, correct) == 0); free(encrypted); memset(unencrypted, 0, strlen(unencrypted)); return r; }
int cryptpw_main(int argc UNUSED_PARAM, char **argv) { /* $N$ + sha_salt_16_bytes + NUL */ char salt[3 + 16 + 1]; char *salt_ptr; const char *opt_m, *opt_S; int len; int fd; #if ENABLE_LONG_OPTS static const char mkpasswd_longopts[] ALIGN1 = "stdin\0" No_argument "s" "password-fd\0" Required_argument "P" "salt\0" Required_argument "S" "method\0" Required_argument "m" ; applet_long_options = mkpasswd_longopts; #endif fd = STDIN_FILENO; opt_m = "d"; opt_S = NULL; /* at most two non-option arguments; -P NUM */ opt_complementary = "?2:P+"; getopt32(argv, "sP:S:m:a:", &fd, &opt_S, &opt_m, &opt_m); argv += optind; /* have no idea how to handle -s... */ if (argv[0] && !opt_S) opt_S = argv[1]; len = 2/2; salt_ptr = salt; if (opt_m[0] != 'd') { /* not des */ len = 8/2; /* so far assuming md5 */ *salt_ptr++ = '$'; *salt_ptr++ = '1'; *salt_ptr++ = '$'; #if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA if (opt_m[0] == 's') { /* sha */ salt[1] = '5' + (strcmp(opt_m, "sha512") == 0); len = 16/2; } #endif } if (opt_S) safe_strncpy(salt_ptr, opt_S, sizeof(salt) - 3); else crypt_make_salt(salt_ptr, len, 0); xmove_fd(fd, STDIN_FILENO); puts(pw_encrypt( argv[0] ? argv[0] : ( /* Only mkpasswd, and only from tty, prompts. * Otherwise it is a plain read. */ (isatty(STDIN_FILENO) && applet_name[0] == 'm') ? bb_ask_stdin("Password: ") : xmalloc_fgetline(stdin) ), salt, 1)); return EXIT_SUCCESS; }