| /* passwd.c - Program to update user password. |
| * |
| * Copyright 2012 Ashwini Kumar <ak.ashwini@gmail.com> |
| * Modified 2012 Jason Kyungwan Han <asura321@gmail.com> |
| * |
| * http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/passwd.html |
| |
| USE_PASSWD(NEWTOY(passwd, ">1a:dlu", TOYFLAG_STAYROOT|TOYFLAG_USR|TOYFLAG_BIN)) |
| |
| config PASSWD |
| bool "passwd" |
| default y |
| depends on TOYBOX_SHADOW |
| help |
| usage: passwd [-a ALGO] [-dlu] [USER] |
| |
| Update user's authentication tokens. Defaults to current user. |
| |
| -a ALGO Encryption method (des, md5, sha256, sha512) default: des |
| -d Set password to '' |
| -l Lock (disable) account |
| -u Unlock (enable) account |
| |
| config PASSWD_SAD |
| bool "Add sad password checking heuristics" |
| default n |
| depends on PASSWD |
| help |
| Password changes are checked to make sure they're at least 6 chars long, |
| don't include the entire username (but not a subset of it), or the entire |
| previous password (but changing password1, password2, password3 is fine). |
| This heuristic accepts "aaaaaa" and "123456". |
| */ |
| |
| #define FOR_passwd |
| #include "toys.h" |
| |
| GLOBALS( |
| char *a; |
| ) |
| |
| // Sad advisory heuristic, won't find password1 password2 password3... |
| static void weak_check(char *new, char *old, char *user) |
| { |
| char *msg = 0; |
| |
| if (strlen(new) < 6) msg = "too short"; |
| if (*new) { |
| if (strcasestr(new, user) || strcasestr(user, new)) msg = "user"; |
| if (*old && (strcasestr(new, old) || strcasestr(old, new))) msg = "old"; |
| } |
| if (msg) xprintf("BAD PASSWORD: %s\n",msg); |
| } |
| |
| void passwd_main(void) |
| { |
| uid_t myuid; |
| struct passwd *pw = 0; |
| struct spwd *sp; |
| char *pass, *name, *encrypted = 0, salt[MAX_SALT_LEN]; |
| int ret = -1; |
| |
| // If we're root or not -lud, load specified user. Exit if not allowed. |
| if (!(myuid = getuid()) || !(toys.optflags&(FLAG_l|FLAG_u|FLAG_d))) { |
| if (*toys.optargs) pw = xgetpwnam(*toys.optargs); |
| else pw = xgetpwuid(myuid); |
| } |
| if (!pw || (myuid && (myuid != pw->pw_uid))) error_exit("Not root"); |
| |
| // Get password from /etc/passwd or /etc/shadow |
| // TODO: why still support non-shadow passwords...? |
| name = pw->pw_name; |
| if (*(pass = pw->pw_passwd)=='x' && (sp = getspnam(name))) pass = sp->sp_pwdp; |
| |
| if (toys.optflags & FLAG_l) { |
| if (*pass=='!') error_exit("already locked"); |
| printf("Locking '%s'\n", name); |
| encrypted = xmprintf("!%s", pass); |
| } else if (toys.optflags & FLAG_u) { |
| if (*pass!='!') error_exit("already unlocked"); |
| printf("Unlocking '%s'\n", name); |
| encrypted = pass+1; |
| } else if (toys.optflags & FLAG_d) { |
| printf("Deleting password for '%s'\n", name); |
| encrypted = ""; |
| } else { |
| if (get_salt(salt, TT.a ? TT.a : "des")<0) error_exit("bad -a '%s'", TT.a); |
| |
| printf("Changing password for %s\n", name); |
| if (myuid) { |
| if (*pass=='!') error_exit("'%s' locked", name); |
| |
| if (read_password(toybuf+2048, 2048, "Old password:")) return; |
| pass = crypt(toybuf+2048, pw->pw_passwd); |
| if (!pass || strcmp(pass, pw->pw_passwd)) error_exit("No"); |
| } |
| |
| if (read_password(toybuf, 2048, "New password:")) return; |
| |
| if (CFG_PASSWD_SAD) weak_check(toybuf, toybuf+2048, name); |
| if (read_password(toybuf+2048, 2048, "Retype password:")) return; |
| if (strcmp(toybuf, toybuf+2048)) error_exit("Passwords do not match."); |
| |
| encrypted = crypt(toybuf, salt); |
| } |
| |
| // Update the passwd |
| ret = update_password(*pw->pw_passwd=='x' ? "/etc/shadow" : "/etc/passwd", |
| name, encrypted); |
| |
| if (ret) error_msg("Failure"); |
| else fprintf(stderr, "Success\n"); |
| |
| if (CFG_TOYBOX_FREE && (toys.optflags & FLAG_l)) free(encrypted); |
| } |