static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo)
{
char salt[MAX_PW_SALT_LEN];
char *orig = (char*)"";
char *newp = NULL;
char *cp = NULL;
char *ret = NULL; /* failure so far */
if (myuid != 0 && pw->pw_passwd[0]) {
char *encrypted;
orig = bb_ask_stdin("Old password: "******"incorrect password for %s", pw->pw_name);
bb_do_delay(LOGIN_FAIL_DELAY);
puts("Incorrect password");
goto err_ret;
}
if (ENABLE_FEATURE_CLEAN_UP)
free(encrypted);
}
orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
newp = bb_ask_stdin("New password: "******"Retype password: "******"Passwords don't match");
goto err_ret;
}
crypt_make_pw_salt(salt, algo);
/* pw_encrypt returns malloced str */
ret = pw_encrypt(newp, salt, 1);
/* whee, success! */
err_ret:
nuke_str(orig);
if (ENABLE_FEATURE_CLEAN_UP) free(orig);
nuke_str(newp);
if (ENABLE_FEATURE_CLEAN_UP) free(newp);
nuke_str(cp);
return ret;
}
int cryptpw_main(int argc UNUSED_PARAM, char **argv)
{
/* Supports: cryptpw -m sha256 PASS 'rounds=999999999$SALT' */
char salt[MAX_PW_SALT_LEN + sizeof("rounds=999999999$")];
char *salt_ptr;
char *password;
const char *opt_m, *opt_S;
int fd;
#if ENABLE_LONG_OPTS
static const char mkpasswd_longopts[] ALIGN1 =
"stdin\0" No_argument "s"
"password-fd\0" Required_argument "P"
"salt\0" Required_argument "S"
"method\0" Required_argument "m"
;
applet_long_options = mkpasswd_longopts;
#endif
fd = STDIN_FILENO;
opt_m = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
opt_S = NULL;
/* at most two non-option arguments; -P NUM */
opt_complementary = "?2";
getopt32(argv, "sP:+S:m:a:", &fd, &opt_S, &opt_m, &opt_m);
argv += optind;
/* have no idea how to handle -s... */
if (argv[0] && !opt_S)
opt_S = argv[1];
salt_ptr = crypt_make_pw_salt(salt, opt_m);
if (opt_S)
/* put user's data after the "$N$" prefix */
safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1));
xmove_fd(fd, STDIN_FILENO);
password = argv[0];
if (!password) {
/* Only mkpasswd, and only from tty, prompts.
* Otherwise it is a plain read. */
password = (ENABLE_MKPASSWD && isatty(STDIN_FILENO) && applet_name[0] == 'm')
? bb_ask_stdin("Password: ")
: xmalloc_fgetline(stdin)
;
/* may still be NULL on EOF/error */
}
if (password)
puts(pw_encrypt(password, salt, 1));
return EXIT_SUCCESS;
}
int cryptpw_main(int argc UNUSED_PARAM, char **argv)
{
char salt[MAX_PW_SALT_LEN];
char *salt_ptr;
const char *opt_m, *opt_S;
int fd;
#if ENABLE_LONG_OPTS
static const char mkpasswd_longopts[] ALIGN1 =
"stdin\0" No_argument "s"
"password-fd\0" Required_argument "P"
"salt\0" Required_argument "S"
"method\0" Required_argument "m"
;
applet_long_options = mkpasswd_longopts;
#endif
fd = STDIN_FILENO;
opt_m = "d";
opt_S = NULL;
/* at most two non-option arguments; -P NUM */
opt_complementary = "?2:P+";
getopt32(argv, "sP:S:m:a:", &fd, &opt_S, &opt_m, &opt_m);
argv += optind;
/* have no idea how to handle -s... */
if (argv[0] && !opt_S)
opt_S = argv[1];
salt_ptr = crypt_make_pw_salt(salt, opt_m);
if (opt_S)
safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1));
xmove_fd(fd, STDIN_FILENO);
puts(pw_encrypt(
argv[0] ? argv[0] : (
/* Only mkpasswd, and only from tty, prompts.
* Otherwise it is a plain read. */
(isatty(STDIN_FILENO) && applet_name[0] == 'm')
? bb_ask_stdin("Password: ")
: xmalloc_fgetline(stdin)
),
salt, 1));
return EXIT_SUCCESS;
}
int FAST_FUNC correct_password(const struct passwd *pw)
{
char *unencrypted, *encrypted;
const char *correct;
int r;
/* fake salt. crypt() can choke otherwise. */
correct = "aa";
if (!pw) {
/* "aa" will never match */
goto fake_it;
}
correct = pw->pw_passwd;
#if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) {
struct spwd spw;
char buffer[256];
/* getspnam_r may return 0 yet set result to NULL.
* At least glibc 2.4 does this. Be extra paranoid here. */
struct spwd *result = NULL;
r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result);
correct = (r || !result) ? "aa" : result->sp_pwdp;
}
#endif
if (!correct[0]) /* empty password field? */
return 1;
fake_it:
unencrypted = bb_ask_stdin("Password: ");
if (!unencrypted) {
return 0;
}
encrypted = pw_encrypt(unencrypted, correct, 1);
r = (strcmp(encrypted, correct) == 0);
free(encrypted);
memset(unencrypted, 0, strlen(unencrypted));
return r;
}
int cryptpw_main(int argc UNUSED_PARAM, char **argv)
{
/* $N$ + sha_salt_16_bytes + NUL */
char salt[3 + 16 + 1];
char *salt_ptr;
const char *opt_m, *opt_S;
int len;
int fd;
#if ENABLE_LONG_OPTS
static const char mkpasswd_longopts[] ALIGN1 =
"stdin\0" No_argument "s"
"password-fd\0" Required_argument "P"
"salt\0" Required_argument "S"
"method\0" Required_argument "m"
;
applet_long_options = mkpasswd_longopts;
#endif
fd = STDIN_FILENO;
opt_m = "d";
opt_S = NULL;
/* at most two non-option arguments; -P NUM */
opt_complementary = "?2:P+";
getopt32(argv, "sP:S:m:a:", &fd, &opt_S, &opt_m, &opt_m);
argv += optind;
/* have no idea how to handle -s... */
if (argv[0] && !opt_S)
opt_S = argv[1];
len = 2/2;
salt_ptr = salt;
if (opt_m[0] != 'd') { /* not des */
len = 8/2; /* so far assuming md5 */
*salt_ptr++ = '$';
*salt_ptr++ = '1';
*salt_ptr++ = '$';
#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
if (opt_m[0] == 's') { /* sha */
salt[1] = '5' + (strcmp(opt_m, "sha512") == 0);
len = 16/2;
}
#endif
}
if (opt_S)
safe_strncpy(salt_ptr, opt_S, sizeof(salt) - 3);
else
crypt_make_salt(salt_ptr, len, 0);
xmove_fd(fd, STDIN_FILENO);
puts(pw_encrypt(
argv[0] ? argv[0] : (
/* Only mkpasswd, and only from tty, prompts.
* Otherwise it is a plain read. */
(isatty(STDIN_FILENO) && applet_name[0] == 'm')
? bb_ask_stdin("Password: ")
: xmalloc_fgetline(stdin)
),
salt, 1));
return EXIT_SUCCESS;
}
