void pw_entry (const char *name, struct passwd *pwent) { struct passwd *passwd; struct spwd *spwd; if (!(passwd = getpwnam (name))) { pwent->pw_name = (char *) 0; return; } else { pwent->pw_name = xstrdup (passwd->pw_name); pwent->pw_uid = passwd->pw_uid; pwent->pw_gid = passwd->pw_gid; pwent->pw_gecos = xstrdup (passwd->pw_gecos); pwent->pw_dir = xstrdup (passwd->pw_dir); pwent->pw_shell = xstrdup (passwd->pw_shell); #if !defined(AUTOSHADOW) setspent (); if ((spwd = getspnam (name))) { pwent->pw_passwd = xstrdup (spwd->sp_pwdp); endspent (); return; } endspent (); #endif pwent->pw_passwd = xstrdup (passwd->pw_passwd); } }
static const char * getpw(void) { const char *rval; struct passwd *pw; pw = getpwuid(getuid()); if (pw == NULL) die("lock: cannot retrieve password entry\n" "(make sure to setcap CAP_DAC_READ_SEARCH+ep)\n"); endpwent(); if (pw->pw_passwd[0] != '\0') /* there is a placeholder */ { struct spwd *sp; sp = getspnam(pw->pw_name); if (sp == NULL) die("lock: cannot retrieve shadow entry\n" "(make sure to setcap CAP_DAC_READ_SEARCH+ep)\n"); endspent(); rval = sp->sp_pwdp; } else rval = pw->pw_passwd; return rval; }
static int do_classic_auth (const char *username, const char *password) { int ret = 0; const char *encr_pwd = NULL; struct passwd *pw; #ifdef HAVE_SHADOW struct spwd *spw; #endif if ((pw = getpwnam (username)) == 0) return 0; #ifdef HAVE_SHADOW setspent (); /* Password expiration is not checked! */ if ((spw = getspnam (username)) == NULL) encr_pwd = "*"; else encr_pwd = spw->sp_pwdp; endspent (); #else encr_pwd = pw->pw_passwd; #endif if (strcmp (crypt (password, encr_pwd), encr_pwd) == 0) ret = 1; endpwent (); return ret; }
static int correct_password (const struct passwd *pw) { char unencrypted[1024], *encrypted, *correct; #ifdef HAVE_SHADOW_H /* Shadow passwd stuff for SVR3 and maybe other systems. */ struct spwd *sp = getspnam (pw->pw_name); endspent (); if (sp) correct = sp->sp_pwdp; else #endif correct = pw->pw_passwd; if (getuid () == 0 || correct == 0 || correct[0] == '\0') return 1; fprintf (outf, PROTOCOL_ASK_PASS); memset (unencrypted, 0, sizeof (unencrypted)); if (fgets (unencrypted, sizeof (unencrypted), inf) == NULL) { fprintf (outf, PROTOCOL_ERROR); exit (1); } if (strlen (unencrypted) && unencrypted[strlen (unencrypted) - 1] == 10) unencrypted[strlen (unencrypted) - 1] = 0; encrypted = crypt (unencrypted, correct); memset (unencrypted, 0, sizeof (unencrypted)); return strcmp (encrypted, correct) == 0; }
int main(int argc, char *argv[]) { off_t who_am_i = getuid(); struct spwd *sp, *sp2; char *user = "******"; if (who_am_i != 0) { fprintf(stderr, "Only root can read shadow password database baby!\n"); exit(EXIT_FAILURE); } if ((sp = getspnam("b3h3m0th")) == NULL) { fprintf(stderr, "Err. %s reading gestpnam()\n", strerror(errno)); exit(EXIT_FAILURE); } printf(" user name: %s\n", sp->sp_namp); printf("encrypted pass: %s\n", sp->sp_pwdp); setspent(); while ((sp2 = getspent()) != NULL) { if(strcmp(user, sp2->sp_namp) == 0) { printf("User %s presente nel sistema\n", user); break; } printf("Searching...\n"); } endspent(); return(EXIT_SUCCESS); }
static const char * get_password(char *username) { /* only run as root */ const char *rval; struct passwd *pw; if(geteuid() != 0) die("sflock: cannot retrieve password entry (make sure to suid sflock)\n"); pw = getpwuid(getuid()); endpwent(); rval = pw->pw_passwd; #if HAVE_SHADOW_H { struct spwd *sp; sp = getspnam(username); endspent(); rval = sp->sp_pwdp; } #endif /* drop privileges temporarily */ if (setreuid(0, pw->pw_uid) == -1) die("sflock: cannot drop privileges\n"); return rval; }
int Input::Correct() { char *unencrypted, *encrypted, *correct; struct passwd *pw; pw = getpwnam(NameBuffer); endpwent(); if(pw == 0) return 0; #ifdef HAVE_SHADOW struct spwd *sp = getspnam(pw->pw_name); endspent(); if(sp) correct = sp->sp_pwdp; else #endif correct = pw->pw_passwd; if(correct == 0 || correct[0] == '\0') return 1; unencrypted = PasswdBuffer; encrypted = crypt(unencrypted, correct); memset(unencrypted, 0, strlen (unencrypted)); return (strcmp(encrypted, correct) == 0); }
static const char * get_password() { /* only run as root */ const char *rval; struct passwd *pw; if(geteuid() != 0) die("slock: cannot retrieve password entry (make sure to suid slock)\n"); pw = getpwuid(getuid()); endpwent(); rval = pw->pw_passwd; #if HAVE_SHADOW_H { struct spwd *sp; sp = getspnam(getenv("USER")); endspent(); rval = sp->sp_pwdp; } #endif /* drop privileges */ if(setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) die("slock: cannot drop privileges\n"); return rval; }
uid_t SecurityManager::authenticate(char *userName, char *password) { #ifdef __APPLE__ // lckpwdf etc. are not supported by MacOS. return (uid_t)-1; #else if ((userName == NULL) || (password == NULL)) return (uid_t)-1; uid_t result = (uid_t)-1; lckpwdf(); setpwent(); setspent(); struct passwd *passwdEntry = getpwnam(userName); struct spwd *shadowEntry = getspnam(userName); if ((shadowEntry != NULL) && (passwdEntry != NULL)) { char *plain = password; char *encrypted = shadowEntry->sp_pwdp; if (strcmp(crypt(plain, encrypted), encrypted) == 0) result = passwdEntry->pw_uid; } endpwent(); endspent(); ulckpwdf(); return result; #endif } // end of authenticate(char*, char*)
static const char * getpw(void) { /* only run as root */ const char *rval; struct passwd *pw; pw = getpwuid(getuid()); if(!pw) die("slock: cannot retrieve password entry (make sure to suid or sgid slock)"); endpwent(); rval = pw->pw_passwd; #if HAVE_SHADOW_H if (strlen(rval) >= 1) { /* kludge, assumes pw placeholder entry has len >= 1 */ struct spwd *sp; sp = getspnam(getenv("USER")); if(!sp) die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); endspent(); rval = sp->sp_pwdp; } #endif /* drop privileges */ if(setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) die("slock: cannot drop privileges"); return rval; }
/* * Read /etc/shadow. */ void readshadow(void) { #ifdef SHADOW_PWD struct login *lp; struct spwd *sp; size_t sz; setspent(); while (sp = getspent()) { if ((lp = findlogin(sp->sp_namp)) == NULL) continue; sz = strlen(sp->sp_pwdp); lp->l_pwdp = salloc(sz + 1); strcpy(lp->l_pwdp, sp->sp_pwdp); lp->l_lstchg = sp->sp_lstchg; lp->l_min = sp->sp_min; lp->l_max = sp->sp_max; lp->l_warn = sp->sp_warn; lp->l_inact = sp->sp_inact; lp->l_expire = sp->sp_expire; lp->l_flag = sp->sp_flag; } endspent(); #endif /* SHADOW_PWD */ }
int lxdm_auth_user_authenticate(LXDM_AUTH *a,const char *user,const char *pass,int type) { struct passwd *pw; struct spwd *sp; char *real; char *enc; if(!user || !user[0]) { g_debug("user==NULL\n"); return AUTH_ERROR; } pw = getpwnam(user); endpwent(); if(!pw) { g_debug("user %s not found\n",user); return AUTH_BAD_USER; } if(strstr(pw->pw_shell, "nologin")) { g_debug("user %s have nologin shell\n",user); return AUTH_PRIV; } if(type==AUTH_TYPE_AUTO_LOGIN && !pass) { goto out; } sp = getspnam(user); if( !sp ) { return AUTH_FAIL; } endspent(); real = sp->sp_pwdp; if( !real || !real[0] ) { if( !pass || !pass[0] ) { passwd_copy(&a->pw,pw); g_debug("user %s auth with no password ok\n",user); return AUTH_SUCCESS; } else { g_debug("user %s password not match\n",user); return AUTH_FAIL; } } enc = crypt(pass, real); if( strcmp(real, enc) ) { g_debug("user %s password not match\n",user); return AUTH_FAIL; } out: g_debug("user %s auth ok\n",pw->pw_name); passwd_copy(&a->pw,pw); return AUTH_SUCCESS; }
struct spwd * mygetspnam(const char *name){ struct spwd *sp; setspent(); while((sp=getspent()) != NULL) if(strcmp(name, sp->sp_namp) == 0) break;/*found a match*/ endspent(); return(sp); }
LFUNC auth_local(char *username, char *passwd) { struct passwd *pw; char *xpasswd; #ifdef SHADOW_PASSWORD struct spwd *spw; #endif if ((pw = getpwnam(username)) == NULL) { endpwent(); rc_log(LOG_NOTICE, "authentication FAILED, type local, username %s", username); printf(SC_LOCAL_FAILED); return NULL; } endpwent(); #ifdef SHADOW_PASSWORD if((spw = getspnam(pw->pw_name)) == NULL) { endspent(); rc_log(LOG_NOTICE, "authentication FAILED, type local, username %s", username); printf(SC_LOCAL_FAILED); return NULL; } else { pw->pw_passwd = spw->sp_pwdp; } endspent(); #endif /* SHADOW_PASSWORD */ xpasswd = crypt(passwd, pw->pw_passwd); if (*pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) { rc_log(LOG_NOTICE, "authentication FAILED, type local, username %s", username); printf(SC_LOCAL_FAILED); return NULL; } rc_log(LOG_NOTICE, "authentication OK, type local, username %s", username); printf(SC_LOCAL_OK); return local_login; }
struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[]) { char tmp[MAILTMPLEN]; struct spwd *sp = NIL; time_t left; time_t now = time (0); struct tm *t = gmtime (&now); int zone = t->tm_hour * 60 + t->tm_min; int julian = t->tm_yday; t = localtime (&now); /* get local time now */ /* minus UTC minutes since midnight */ zone = t->tm_hour * 60 + t->tm_min - zone; /* julian can be one of: * 36x local time is December 31, UTC is January 1, offset -24 hours * 1 local time is 1 day ahead of UTC, offset +24 hours * 0 local time is same day as UTC, no offset * -1 local time is 1 day behind UTC, offset -24 hours * -36x local time is January 1, UTC is December 31, offset +24 hours */ if (julian = t->tm_yday -julian) zone += ((julian < 0) == (abs (julian) == 1)) ? -24*60 : 24*60; /* days since 1/1/1970 local time */ now = ((now /60) + zone) / (60*24); /* non-shadow authentication */ if (!pw->pw_passwd || !pw->pw_passwd[0] || !pw->pw_passwd[1] || strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) { /* As far as I've been able to determine, here is how the expiration * fields in the shadow authentication data work: * lstchg last password change date if non-negative. If zero, the * user can not log in without changing password. * max number of days a password is valid if positive * warn number of days of password expiration warning * The expiration day is the *last* day that the password is valid. */ /* shadow authentication */ if ((sp = getspnam (pw->pw_name)) && sp->sp_lstchg && ((sp->sp_lstchg < 0) || (sp->sp_max <= 0) || ((sp->sp_lstchg + sp->sp_max) >= now)) && sp->sp_pwdp && sp->sp_pwdp[0] && sp->sp_pwdp[1] && !strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) { if ((sp->sp_lstchg > 0) && (sp->sp_max > 0) && ((left = (sp->sp_lstchg + sp->sp_max) - now) <= sp->sp_warn)) { if (left) { sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left); mm_notify (NIL,tmp,NIL); } else mm_notify (NIL,"[ALERT] Password expires today!",WARN); } endspent (); /* don't need shadow password data any more */ } else pw = NIL; /* password failed */ } return pw; }
static PyObject * spwd_getspall(PyObject *self, PyObject *args) { PyObject *d; struct spwd *p; if ((d = PyList_New(0)) == NULL) return NULL; setspent(); while ((p = getspent()) != NULL) { PyObject *v = mkspent(p); if (v == NULL || PyList_Append(d, v) != 0) { Py_XDECREF(v); Py_DECREF(d); endspent(); return NULL; } Py_DECREF(v); } endspent(); return d; }
static void auth_shadow_cleanup() { #if HAVE_ENDPWENT endpwent(); #endif #if HAVE_ENDSPENT endspent(); #endif }
int main(void) { struct spwd *spwd; spwd = getspnam("qy"); printf("shadow password = %s\n", spwd->sp_pwdp); setspent(); while ((spwd = getspent()) != NULL) { printf("shadow password = %s\n", spwd->sp_pwdp); } endspent(); return 0; }
static PyObject * spwd_getspall_impl(PyObject *module) /*[clinic end generated code: output=4fda298d6bf6d057 input=b2c84b7857d622bd]*/ { PyObject *d; struct spwd *p; if ((d = PyList_New(0)) == NULL) return NULL; setspent(); while ((p = getspent()) != NULL) { PyObject *v = mkspent(p); if (v == NULL || PyList_Append(d, v) != 0) { Py_XDECREF(v); Py_DECREF(d); endspent(); return NULL; } Py_DECREF(v); } endspent(); return d; }
int main(int argc,char* argv[]){ struct spwd* user; setspent(); while((user=getspent())!=NULL){ printf("loginname:%s,password:%s\n",user->sp_namp,user->sp_pwdp); } endspent(); user=getspnam("linuxmin"); if(user!=NULL) printf("loginname:%s,password:%s\n",user->sp_namp,user->sp_pwdp); printf("......\n"); return 0; }
int main(void) { struct spwd *ptr; setspent(); while ((ptr = getspent()) != NULL) { printf("name= %s\tshaow passwd = %s\n", ptr->sp_namp, ptr->sp_pwdp); } endspent(); return 0; }
/* getspnam - get a shadow entry by name */ struct spwd *getspnam(const char *name) { struct spwd *sp; if (!name || !strlen(name)) return NULL; setspent(); while ((sp = getspent()) != NULL) { if (strcmp(name, sp->sp_namp) == 0) break; } endspent(); return (sp); }
/* getspuid - get a shadow entry by uid */ struct spwd *getspuid(uid_t uid) { struct spwd *sp; struct passwd *mypw; if ((mypw = getpwuid(getuid())) == NULL) { return (NULL); } setspent(); while ((sp = getspent()) != NULL) { if (strcmp(mypw->pw_name, sp->sp_namp) == 0) break; } endspent(); return (sp); }
static bool verify_root_pw( const char* pw) { const char* superuser = "******"; #ifdef USESHADOW struct spwd *spws = getspnam( superuser); #endif #ifdef USE_PAM pam_handle_t *pamh; int pam_error; #endif /* USE_PAM */ struct passwd *pws = getpwnam( superuser); CHECK_PTR( pws); #ifndef USE_PAM #ifdef USESHADOW // If USESHADOW is defined, kdm will work for both shadow and non // shadow systems if( spws != NULL) { char* tmp = pws->pw_passwd; pws->pw_passwd = spws->sp_pwdp; spws->sp_pwdp = tmp; } endspent(); #endif /* USESHADOW */ if( strcmp( crypt( pw, pws->pw_passwd), pws->pw_passwd)) { printf("Root passwd verification failed\n"); return false; } #else /* USE_PAM */ #define PAM_BAIL \ if (pam_error != PAM_SUCCESS) { \ pam_end(pamh, 0); \ return false; \ } PAM_password = pw; pam_error = pam_start(KDE_PAM, superuser, &PAM_conversation, &pamh); PAM_BAIL; pam_error = pam_authenticate( pamh, 0); PAM_BAIL; /* OK, if we get here, the user _should_ be root */ pam_end( pamh, PAM_SUCCESS); #endif /* USE_PAM */ return true; }
// 读取/etc/shadow文件 // 执行时sudo, 才能读取到 void op_shadow() { struct spwd *sp; char name[] = "root"; // 将指针移到开始位置 setspent(); // 获取第一条记录 while((sp = getspent()) != NULL) { //if (strcmp(name, sp->pw_name) == 0) //{ // printf("pw_name:%s, pw_uid:%d, pw_shell:%s\n", ptr->pw_name, ptr->pw_uid, ptr->pw_shell); // break; //} printf("sp_namp:%s, sp_pwdp:%s, sp_expire:%ld\n", sp->sp_namp, sp->sp_pwdp, sp->sp_expire); } // 结束读取 endspent(); }
struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t uid) { struct passwd *p; p = getpwuid (uid); #if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD) if (p) { struct spwd *spwd; spwd = getspnam (p->pw_name); if (spwd) p->pw_passwd = spwd->sp_pwdp; endspent (); } #else endpwent (); #endif return p; }
ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwnam (const char *user) { struct passwd *p; p = getpwnam (user); #if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD) if(p) { struct spwd *spwd; spwd = getspnam (user); if (spwd) p->pw_passwd = spwd->sp_pwdp; endspent (); } #else endpwent (); #endif return p; }
int main(int argc, char * argv[]) { struct spwd * sp; if(argc < 2) { printf("Usage: %s username\n", argv[0]); exit(-1); } setspent(); if((sp = getspnam(argv[1])) != NULL) { printf("%s, %s\n", sp->sp_namp, sp->sp_pwdp); } setspent(); while((sp = getspent()) != NULL) { printf("%s, %s\n", sp->sp_namp, sp->sp_pwdp); } endspent(); return 0; }
static const char * getpw(void) { /* only run as root */ const char *rval; struct passwd *pw; if(g_pw) return g_pw; errno = 0; pw = getpwuid(getuid()); if (!pw) { if (errno) die("slock: getpwuid: %s\n", strerror(errno)); else die("slock: cannot retrieve password entry (make sure to suid or sgid slock)\n"); } endpwent(); rval = pw->pw_passwd; #if HAVE_SHADOW_H if (rval[0] == 'x' && rval[1] == '\0') { struct spwd *sp; sp = getspnam(getenv("USER")); if(!sp) die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); endspent(); rval = sp->sp_pwdp; } #endif /* drop privileges */ if (geteuid() == 0 && ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0)) die("slock: cannot drop privileges\n"); return rval; }
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { params_t params; struct pam_response *resp; struct passwd *pw, fake_pw; #ifdef HAVE_SHADOW struct spwd *spw; #endif char *user, *oldpass, *newpass, *randompass; const char *reason; int ask_oldauthtok; int randomonly, enforce, retries_left, retry_wanted; int status; params = defaults; status = parse(¶ms, pamh, argc, argv); if (status != PAM_SUCCESS) return status; ask_oldauthtok = 0; if (flags & PAM_PRELIM_CHECK) { if (params.flags & F_ASK_OLDAUTHTOK_PRELIM) ask_oldauthtok = 1; } else if (flags & PAM_UPDATE_AUTHTOK) { if (params.flags & F_ASK_OLDAUTHTOK_UPDATE) ask_oldauthtok = 1; } else return PAM_SERVICE_ERR; if (ask_oldauthtok && getuid() != 0) { status = converse(pamh, PAM_PROMPT_ECHO_OFF, PROMPT_OLDPASS, &resp); if (status == PAM_SUCCESS) { if (resp && resp->resp) { status = pam_set_item(pamh, PAM_OLDAUTHTOK, resp->resp); _pam_drop_reply(resp, 1); } else status = PAM_AUTHTOK_RECOVERY_ERR; } if (status != PAM_SUCCESS) return status; } if (flags & PAM_PRELIM_CHECK) return status; status = pam_get_item(pamh, PAM_USER, (pam_item_t *)&user); if (status != PAM_SUCCESS) return status; status = pam_get_item(pamh, PAM_OLDAUTHTOK, (pam_item_t *)&oldpass); if (status != PAM_SUCCESS) return status; if (params.flags & F_NON_UNIX) { pw = &fake_pw; pw->pw_name = user; pw->pw_gecos = ""; } else { pw = getpwnam(user); endpwent(); if (!pw) return PAM_USER_UNKNOWN; if ((params.flags & F_CHECK_OLDAUTHTOK) && getuid() != 0) { if (!oldpass) status = PAM_AUTH_ERR; else #ifdef HAVE_SHADOW if (!strcmp(pw->pw_passwd, "x")) { spw = getspnam(user); endspent(); if (spw) { if (strcmp(crypt(oldpass, spw->sp_pwdp), spw->sp_pwdp)) status = PAM_AUTH_ERR; memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp)); } else status = PAM_AUTH_ERR; } else #endif if (strcmp(crypt(oldpass, pw->pw_passwd), pw->pw_passwd)) status = PAM_AUTH_ERR; } memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); if (status != PAM_SUCCESS) return status; } randomonly = params.qc.min[4] > params.qc.max; if (getuid() != 0) enforce = params.flags & F_ENFORCE_USERS; else enforce = params.flags & F_ENFORCE_ROOT; if (params.flags & F_USE_AUTHTOK) { status = pam_get_item(pamh, PAM_AUTHTOK, (pam_item_t *)&newpass); if (status != PAM_SUCCESS) return status; if (!newpass || (check_max(¶ms, pamh, newpass) && enforce)) return PAM_AUTHTOK_ERR; reason = _passwdqc_check(¶ms.qc, newpass, oldpass, pw); if (reason) { say(pamh, PAM_ERROR_MSG, MESSAGE_WEAKPASS, reason); if (enforce) status = PAM_AUTHTOK_ERR; } return status; } retries_left = params.retry; retry: retry_wanted = 0; if (!randomonly && params.qc.passphrase_words && params.qc.min[2] <= params.qc.max) status = say(pamh, PAM_TEXT_INFO, MESSAGE_INTRO_BOTH); else status = say(pamh, PAM_TEXT_INFO, MESSAGE_INTRO_PASSWORD); if (status != PAM_SUCCESS) return status; if (!randomonly && params.qc.min[3] <= params.qc.min[4]) status = say(pamh, PAM_TEXT_INFO, MESSAGE_EXPLAIN_PASSWORD_1, params.qc.min[3] == 8 || params.qc.min[3] == 11 ? "n" : "", params.qc.min[3]); else if (!randomonly) status = say(pamh, PAM_TEXT_INFO, MESSAGE_EXPLAIN_PASSWORD_2, params.qc.min[3] == 8 || params.qc.min[3] == 11 ? "n" : "", params.qc.min[3], params.qc.min[4] == 8 || params.qc.min[4] == 11 ? "n" : "", params.qc.min[4]); if (status != PAM_SUCCESS) return status; if (!randomonly && params.qc.passphrase_words && params.qc.min[2] <= params.qc.max) { status = say(pamh, PAM_TEXT_INFO, MESSAGE_EXPLAIN_PASSPHRASE, params.qc.passphrase_words, params.qc.min[2], params.qc.max); if (status != PAM_SUCCESS) return status; } randompass = _passwdqc_random(¶ms.qc); if (randompass) { status = say(pamh, PAM_TEXT_INFO, randomonly ? MESSAGE_RANDOMONLY : MESSAGE_RANDOM, randompass); if (status != PAM_SUCCESS) { _pam_overwrite(randompass); randompass = NULL; } } else if (randomonly) { say(pamh, PAM_ERROR_MSG, getuid() != 0 ? MESSAGE_MISCONFIGURED : MESSAGE_RANDOMFAILED); return PAM_AUTHTOK_ERR; } status = converse(pamh, PAM_PROMPT_ECHO_OFF, PROMPT_NEWPASS1, &resp); if (status == PAM_SUCCESS && (!resp || !resp->resp)) status = PAM_AUTHTOK_ERR; if (status != PAM_SUCCESS) { if (randompass) _pam_overwrite(randompass); return status; } newpass = strdup(resp->resp); _pam_drop_reply(resp, 1); if (!newpass) { if (randompass) _pam_overwrite(randompass); return PAM_AUTHTOK_ERR; } if (check_max(¶ms, pamh, newpass) && enforce) { status = PAM_AUTHTOK_ERR; retry_wanted = 1; } reason = NULL; if (status == PAM_SUCCESS && (!randompass || !strstr(newpass, randompass)) && (randomonly || (reason = _passwdqc_check(¶ms.qc, newpass, oldpass, pw)))) { if (randomonly) say(pamh, PAM_ERROR_MSG, MESSAGE_NOTRANDOM); else say(pamh, PAM_ERROR_MSG, MESSAGE_WEAKPASS, reason); if (enforce) { status = PAM_AUTHTOK_ERR; retry_wanted = 1; } } if (status == PAM_SUCCESS) status = converse(pamh, PAM_PROMPT_ECHO_OFF, PROMPT_NEWPASS2, &resp); if (status == PAM_SUCCESS) { if (resp && resp->resp) { if (strcmp(newpass, resp->resp)) { status = say(pamh, PAM_ERROR_MSG, MESSAGE_MISTYPED); if (status == PAM_SUCCESS) { status = PAM_AUTHTOK_ERR; retry_wanted = 1; } } _pam_drop_reply(resp, 1); } else status = PAM_AUTHTOK_ERR; } if (status == PAM_SUCCESS) status = pam_set_item(pamh, PAM_AUTHTOK, newpass); if (randompass) _pam_overwrite(randompass); _pam_overwrite(newpass); free(newpass); if (retry_wanted && --retries_left > 0) { status = say(pamh, PAM_TEXT_INFO, MESSAGE_RETRY); if (status == PAM_SUCCESS) goto retry; } return status; }