static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo) { char salt[MAX_PW_SALT_LEN]; char *orig = (char*)""; char *newp = NULL; char *cp = NULL; char *ret = NULL; /* failure so far */ if (myuid != 0 && pw->pw_passwd[0]) { char *encrypted; orig = bb_ask_stdin("Old password: "******"incorrect password for %s", pw->pw_name); bb_do_delay(LOGIN_FAIL_DELAY); puts("Incorrect password"); goto err_ret; } if (ENABLE_FEATURE_CLEAN_UP) free(encrypted); } orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */ newp = bb_ask_stdin("New password: "******"Retype password: "******"Passwords don't match"); goto err_ret; } crypt_make_pw_salt(salt, algo); /* pw_encrypt returns malloced str */ ret = pw_encrypt(newp, salt, 1); /* whee, success! */ err_ret: nuke_str(orig); if (ENABLE_FEATURE_CLEAN_UP) free(orig); nuke_str(newp); if (ENABLE_FEATURE_CLEAN_UP) free(newp); nuke_str(cp); return ret; }
int cryptpw_main(int argc UNUSED_PARAM, char **argv) { /* Supports: cryptpw -m sha256 PASS 'rounds=999999999$SALT' */ char salt[MAX_PW_SALT_LEN + sizeof("rounds=999999999$")]; char *salt_ptr; char *password; const char *opt_m, *opt_S; int fd; #if ENABLE_LONG_OPTS static const char mkpasswd_longopts[] ALIGN1 = "stdin\0" No_argument "s" "password-fd\0" Required_argument "P" "salt\0" Required_argument "S" "method\0" Required_argument "m" ; applet_long_options = mkpasswd_longopts; #endif fd = STDIN_FILENO; opt_m = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO; opt_S = NULL; /* at most two non-option arguments; -P NUM */ opt_complementary = "?2"; getopt32(argv, "sP:+S:m:a:", &fd, &opt_S, &opt_m, &opt_m); argv += optind; /* have no idea how to handle -s... */ if (argv[0] && !opt_S) opt_S = argv[1]; salt_ptr = crypt_make_pw_salt(salt, opt_m); if (opt_S) /* put user's data after the "$N$" prefix */ safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1)); xmove_fd(fd, STDIN_FILENO); password = argv[0]; if (!password) { /* Only mkpasswd, and only from tty, prompts. * Otherwise it is a plain read. */ password = (ENABLE_MKPASSWD && isatty(STDIN_FILENO) && applet_name[0] == 'm') ? bb_ask_stdin("Password: ") : xmalloc_fgetline(stdin) ; /* may still be NULL on EOF/error */ } if (password) puts(pw_encrypt(password, salt, 1)); return EXIT_SUCCESS; }
int cryptpw_main(int argc UNUSED_PARAM, char **argv) { char salt[MAX_PW_SALT_LEN]; char *salt_ptr; const char *opt_m, *opt_S; int fd; #if ENABLE_LONG_OPTS static const char mkpasswd_longopts[] ALIGN1 = "stdin\0" No_argument "s" "password-fd\0" Required_argument "P" "salt\0" Required_argument "S" "method\0" Required_argument "m" ; applet_long_options = mkpasswd_longopts; #endif fd = STDIN_FILENO; opt_m = "d"; opt_S = NULL; /* at most two non-option arguments; -P NUM */ opt_complementary = "?2:P+"; getopt32(argv, "sP:S:m:a:", &fd, &opt_S, &opt_m, &opt_m); argv += optind; /* have no idea how to handle -s... */ if (argv[0] && !opt_S) opt_S = argv[1]; salt_ptr = crypt_make_pw_salt(salt, opt_m); if (opt_S) safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1)); xmove_fd(fd, STDIN_FILENO); puts(pw_encrypt( argv[0] ? argv[0] : ( /* Only mkpasswd, and only from tty, prompts. * Otherwise it is a plain read. */ (isatty(STDIN_FILENO) && applet_name[0] == 'm') ? bb_ask_stdin("Password: ") : xmalloc_fgetline(stdin) ), salt, 1)); return EXIT_SUCCESS; }
int chpasswd_main(int argc UNUSED_PARAM, char **argv) { char *name; const char *algo = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO; int opt; if (getuid() != 0) bb_error_msg_and_die(bb_msg_perm_denied_are_you_root); opt = getopt32long(argv, "^" "emc:" "\0" "m--ec:e--mc:c--em", chpasswd_longopts, &algo ); while ((name = xmalloc_fgetline(stdin)) != NULL) { char *free_me; char *pass; int rc; pass = strchr(name, ':'); if (!pass) bb_error_msg_and_die("missing new password"); *pass++ = '\0'; xuname2uid(name); /* dies if there is no such user */ free_me = NULL; if (!(opt & OPT_ENC)) { char salt[MAX_PW_SALT_LEN]; if (opt & OPT_MD5) { /* Force MD5 if the -m flag is set */ algo = "md5"; } crypt_make_pw_salt(salt, algo); free_me = pass = pw_encrypt(pass, salt, 0); } /* This is rather complex: if user is not found in /etc/shadow, * we try to find & change his passwd in /etc/passwd */ #if ENABLE_FEATURE_SHADOWPASSWDS rc = update_passwd(bb_path_shadow_file, name, pass, NULL); if (rc > 0) /* password in /etc/shadow was updated */ pass = (char*)"x"; if (rc >= 0) /* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */ #endif rc = update_passwd(bb_path_passwd_file, name, pass, NULL); /* LOGMODE_BOTH logs to syslog also */ logmode = LOGMODE_BOTH; if (rc < 0) bb_error_msg_and_die("an error occurred updating password for %s", name); if (rc) bb_error_msg("password for '%s' changed", name); logmode = LOGMODE_STDIO; free(name); free(free_me); } return EXIT_SUCCESS; }