void Plugin::ChangePassword (const QString& oldPass, const QString& newPass)
{
CryptoSystem oldCs (oldPass);
if (!IsPasswordCorrect (oldCs))
{
qWarning () << Q_FUNC_INFO << "Called with incorrect old password";
return;
}
CryptoSystem newCs (newPass);
Q_FOREACH (const QString& key, Storage_->allKeys ())
{
try
{
const QByteArray& oldEncrypted = Storage_->value (key).toByteArray ();
const QByteArray& data = oldCs.Decrypt (oldEncrypted);
const QByteArray& newEncrypted = newCs.Encrypt (data);
QVariant encryptedData (newEncrypted);
Storage_->setValue (key, encryptedData);
}
catch (const WrongHMACException&)
{
qWarning () << Q_FUNC_INFO <<
"Removing value of key \"" << key << "\" (wrong HMAC)";
Storage_->remove (key);
}
}
UpdatePasswordSettings (newPass);
UpdateActionsStates ();
}
void Plugin::changePassword ()
{
if (!IsPasswordSet ())
{
CreateNewPassword ();
return;
}
// get old password from a settings
QString oldPassword = SettingsWidget_->GetOldPassword ();
CryptoSystem oldCs (oldPassword);
if (!IsPasswordCorrect (oldCs))
{
QMessageBox::critical (0, WindowTitle_,
tr ("Wrong old master password"),
QMessageBox::Ok);
return;
}
// get new password from a settings
try
{
QString password = SettingsWidget_->GetNewPassword ();
ChangePassword (oldPassword, password);
// clear the password fields of the settings widget
SettingsWidget_->ClearPasswordFields ();
}
catch (const PasswordNotEnteredException&)
{
QMessageBox::critical (0,
WindowTitle_,
tr ("The passwords are different."),
QMessageBox::Ok);
}
}
int main(int argc, char **argv)
{
int checkPass = 0;
if (argc < 2)
{
printf("%s password_to_unlock", argv[0]);
exit(0);
}
checkPass = IsPasswordCorrect(argv[1], "l33tsp3ak");
if (checkPass == 1)
{
UnlockSecret();
}
else
{
printf("\n\n Incorrect Password! please try again! \n\n\n");
}
return 0;
}
static bool VerifyIfUserNeedsModifs (const char *puser, const User *u, const struct passwd *passwd_info,
uint32_t *changemap)
{
assert(u != NULL);
if (u->description != NULL && strcmp (u->description, passwd_info->pw_gecos))
{
CFUSR_SETBIT (*changemap, i_comment);
}
if (u->uid != NULL && (atoi (u->uid) != passwd_info->pw_uid))
{
CFUSR_SETBIT (*changemap, i_uid);
}
if (u->home_dir != NULL && strcmp (u->home_dir, passwd_info->pw_dir))
{
CFUSR_SETBIT (*changemap, i_home);
}
if (u->shell != NULL && strcmp (u->shell, passwd_info->pw_shell))
{
CFUSR_SETBIT (*changemap, i_shell);
}
bool account_is_locked = IsAccountLocked(puser, passwd_info);
if ((!account_is_locked && u->policy == USER_STATE_LOCKED)
|| (account_is_locked && u->policy != USER_STATE_LOCKED))
{
CFUSR_SETBIT(*changemap, i_locked);
}
// Don't bother with passwords if the account is going to be locked anyway.
if (u->password != NULL && strcmp (u->password, "")
&& u->policy != USER_STATE_LOCKED)
{
if (!IsPasswordCorrect(puser, u->password, u->password_format, passwd_info))
{
CFUSR_SETBIT (*changemap, i_password);
}
}
if (SafeStringLength(u->group_primary))
{
bool group_could_be_gid = (strlen(u->group_primary) == strspn(u->group_primary, "0123456789"));
int gid;
// We try name first, even if it looks like a gid. Only fall back to gid.
struct group *group_info;
errno = 0;
group_info = GetGrEntry(u->group_primary, &EqualGroupName);
if (!group_info && errno != 0)
{
Log(LOG_LEVEL_ERR, "Could not obtain information about group '%s': %s", u->group_primary, GetErrorStr());
gid = -1;
}
else if (!group_info)
{
if (group_could_be_gid)
{
gid = atoi(u->group_primary);
}
else
{
Log(LOG_LEVEL_ERR, "No such group '%s'.", u->group_primary);
gid = -1;
}
}
else
{
gid = group_info->gr_gid;
}
if (gid != passwd_info->pw_gid)
{
CFUSR_SETBIT (*changemap, i_group);
}
}
if (u->groups_secondary_given)
{
StringSet *wanted_groups = StringSetNew();
for (Rlist *ptr = u->groups_secondary; ptr; ptr = ptr->next)
{
StringSetAdd(wanted_groups, xstrdup(RvalScalarValue(ptr->val)));
}
TransformGidsToGroups(&wanted_groups);
StringSet *current_groups = StringSetNew();
if (!GroupGetUserMembership (puser, current_groups))
{
CFUSR_SETBIT (*changemap, i_groups);
}
else if (!StringSetIsEqual (current_groups, wanted_groups))
{
CFUSR_SETBIT (*changemap, i_groups);
}
StringSetDestroy(current_groups);
StringSetDestroy(wanted_groups);
}
////////////////////////////////////////////
if (*changemap == 0)
{
return false;
}
else
{
return true;
}
}
const CryptoSystem& Plugin::GetCryptoSystem ()
{
if (!IsPasswordSet ())
CreateNewPassword ();
if (!CryptoSystem_)
{
if (IsPasswordEmpty ())
SetCryptoSystem (new CryptoSystem (""));
else
{
while (true)
{
// This method can be called recursively from loop.exec() below,
// but we should display only one password dialog.
if (!InputPasswordDialog_->isVisible ())
{
InputPasswordDialog_->setTextEchoMode (QLineEdit::Password);
InputPasswordDialog_->setWindowTitle (WindowTitle_);
InputPasswordDialog_->setLabelText (tr ("Enter master password:"******"Loop start";
loop.exec ();
// qDebug () << Q_FUNC_INFO << "Loop exit";
if (CryptoSystem_)
break;
if (InputPasswordDialog_->result () != QDialog::Accepted)
throw PasswordNotEnteredException ();
QString password = InputPasswordDialog_->textValue ();
CryptoSystem *cs = new CryptoSystem (password);
if (IsPasswordCorrect (*cs))
{
SetCryptoSystem (cs);
break;
}
else // continue
{
delete cs;
InputPasswordDialog_->setLabelText (tr ("Wrong password.\n"
"Try enter master password again:"));
}
}
}
}
// qDebug () << Q_FUNC_INFO << "ok";
return *CryptoSystem_;
}
