2014-06-05 11:48:45 +00:00
|
|
|
/* See LICENSE file for copyright and license details. */
|
2014-06-30 18:03:41 +00:00
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/types.h>
|
2016-10-24 03:59:51 +00:00
|
|
|
#include <sys/syscall.h>
|
2014-06-30 18:03:41 +00:00
|
|
|
|
2014-06-05 11:48:45 +00:00
|
|
|
#include <errno.h>
|
|
|
|
#include <fcntl.h>
|
2014-07-14 12:29:40 +00:00
|
|
|
#include <limits.h>
|
2014-06-05 11:48:45 +00:00
|
|
|
#include <pwd.h>
|
2014-07-14 12:29:40 +00:00
|
|
|
#include <shadow.h>
|
2016-10-24 03:59:51 +00:00
|
|
|
#include <stdint.h>
|
2014-06-05 11:48:45 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
2014-06-30 18:03:41 +00:00
|
|
|
|
2014-06-09 15:46:30 +00:00
|
|
|
#include "config.h"
|
2014-06-05 11:48:45 +00:00
|
|
|
#include "passwd.h"
|
2014-07-10 17:51:51 +00:00
|
|
|
#include "text.h"
|
2014-07-14 12:29:40 +00:00
|
|
|
#include "util.h"
|
2014-06-05 11:48:45 +00:00
|
|
|
|
2014-07-13 19:55:46 +00:00
|
|
|
static FILE *
|
|
|
|
spw_get_file(const char *user)
|
|
|
|
{
|
|
|
|
FILE *fp = NULL;
|
|
|
|
char file[PATH_MAX];
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = snprintf(file, sizeof(file), "/etc/tcb/%s/shadow", user);
|
|
|
|
if (r < 0 || (size_t)r >= sizeof(file))
|
|
|
|
eprintf("snprintf:");
|
|
|
|
fp = fopen(file, "r+");
|
|
|
|
if (!fp)
|
|
|
|
fp = fopen("/etc/shadow", "r+");
|
|
|
|
return fp;
|
|
|
|
}
|
|
|
|
|
2014-07-10 17:51:51 +00:00
|
|
|
static int
|
2014-07-13 19:55:46 +00:00
|
|
|
spw_write_file(FILE *fp, const struct spwd *spw, char *pwhash)
|
2014-07-10 17:51:51 +00:00
|
|
|
{
|
2014-07-13 19:55:46 +00:00
|
|
|
struct spwd *spwent;
|
|
|
|
int r = -1, w = 0;
|
|
|
|
FILE *tfp = NULL;
|
2014-07-10 17:51:51 +00:00
|
|
|
|
2014-07-13 19:55:46 +00:00
|
|
|
/* write to temporary file. */
|
|
|
|
tfp = tmpfile();
|
|
|
|
if (!tfp) {
|
|
|
|
weprintf("tmpfile:");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
while ((spwent = fgetspent(fp))) {
|
|
|
|
/* update entry on name match */
|
|
|
|
if (strcmp(spwent->sp_namp, spw->sp_namp) == 0) {
|
|
|
|
spwent->sp_pwdp = pwhash;
|
|
|
|
w++;
|
|
|
|
}
|
|
|
|
errno = 0;
|
|
|
|
if (putspent(spwent, tfp) == -1) {
|
|
|
|
weprintf("putspent:");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!w) {
|
|
|
|
weprintf("shadow: no matching entry to write to\n");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
fflush(tfp);
|
|
|
|
|
|
|
|
if (fseek(fp, 0, SEEK_SET) == -1 || fseek(tfp, 0, SEEK_SET) == -1) {
|
|
|
|
weprintf("fseek:");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* write temporary file to (tcb) shadow file */
|
|
|
|
concat(tfp, "tmpfile", fp, "shadow");
|
|
|
|
ftruncate(fileno(fp), ftell(tfp));
|
|
|
|
|
|
|
|
r = 0; /* success */
|
|
|
|
cleanup:
|
|
|
|
if (tfp)
|
|
|
|
fclose(tfp);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2016-04-24 16:46:53 +00:00
|
|
|
static int
|
|
|
|
pw_write_file(FILE *fp, const struct passwd *pw, char *pwhash) {
|
2014-07-13 19:55:46 +00:00
|
|
|
struct passwd *pwent;
|
|
|
|
int r = -1, w = 0;
|
|
|
|
FILE *tfp = NULL;
|
|
|
|
|
|
|
|
/* write to temporary file. */
|
|
|
|
tfp = tmpfile();
|
|
|
|
if (!tfp) {
|
|
|
|
weprintf("tmpfile:");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
while ((pwent = fgetpwent(fp))) {
|
|
|
|
/* update entry on name match */
|
|
|
|
if (strcmp(pwent->pw_name, pw->pw_name) == 0) {
|
|
|
|
pwent->pw_passwd = pwhash;
|
|
|
|
w++;
|
|
|
|
}
|
|
|
|
errno = 0;
|
|
|
|
if (putpwent(pwent, tfp) == -1) {
|
|
|
|
weprintf("putpwent:");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!w) {
|
|
|
|
weprintf("passwd: no matching entry to write to\n");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
fflush(tfp);
|
|
|
|
|
|
|
|
if (fseek(fp, 0, SEEK_SET) == -1 || fseek(tfp, 0, SEEK_SET) == -1) {
|
|
|
|
weprintf("fseek:");
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* write to passwd file. */
|
|
|
|
concat(tfp, "tmpfile", fp, "passwd");
|
|
|
|
ftruncate(fileno(fp), ftell(tfp));
|
|
|
|
|
|
|
|
r = 0; /* success */
|
|
|
|
cleanup:
|
|
|
|
if (tfp)
|
|
|
|
fclose(tfp);
|
|
|
|
return r;
|
2014-06-05 11:48:45 +00:00
|
|
|
}
|
|
|
|
|
2016-10-24 03:59:51 +00:00
|
|
|
/* generates a random base64-encoded salt string of length 16 */
|
|
|
|
static void
|
|
|
|
gensalt(char *s)
|
|
|
|
{
|
|
|
|
static const char b64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
|
|
|
uint8_t buf[12];
|
|
|
|
uint32_t n;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (syscall(SYS_getrandom, buf, sizeof(buf), 0) < 0)
|
|
|
|
eprintf("getrandom:");
|
|
|
|
for (i = 0; i < 12; i += 3) {
|
|
|
|
n = buf[i] << 16 | buf[i+1] << 8 | buf[i+2];
|
|
|
|
*s++ = b64[n%64]; n /= 64;
|
|
|
|
*s++ = b64[n%64]; n /= 64;
|
|
|
|
*s++ = b64[n%64]; n /= 64;
|
|
|
|
*s++ = b64[n];
|
|
|
|
}
|
|
|
|
*s++ = '\0';
|
|
|
|
}
|
|
|
|
|
2015-02-06 14:19:33 +00:00
|
|
|
static void
|
|
|
|
usage(void)
|
|
|
|
{
|
|
|
|
eprintf("usage: %s [username]\n", argv0);
|
|
|
|
}
|
|
|
|
|
2014-06-05 11:48:45 +00:00
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
2014-06-05 16:12:21 +00:00
|
|
|
char *cryptpass1 = NULL, *cryptpass2 = NULL, *cryptpass3 = NULL;
|
2016-10-24 03:59:51 +00:00
|
|
|
char *inpass, *p, *prevhash = NULL, salt[sizeof(PW_CIPHER) + 16] = PW_CIPHER;
|
2014-06-05 11:48:45 +00:00
|
|
|
struct passwd *pw;
|
2014-07-13 19:55:46 +00:00
|
|
|
struct spwd *spw = NULL;
|
|
|
|
FILE *fp = NULL;
|
2014-10-02 22:45:25 +00:00
|
|
|
int r = -1, status = 1;
|
2014-06-05 11:48:45 +00:00
|
|
|
|
|
|
|
ARGBEGIN {
|
|
|
|
default:
|
|
|
|
usage();
|
|
|
|
} ARGEND;
|
|
|
|
|
2014-06-10 10:38:45 +00:00
|
|
|
pw_init();
|
2014-07-13 19:55:46 +00:00
|
|
|
umask(077);
|
2014-06-10 10:38:45 +00:00
|
|
|
|
2014-06-05 11:48:45 +00:00
|
|
|
errno = 0;
|
2014-07-10 17:51:51 +00:00
|
|
|
if (argc == 0)
|
|
|
|
pw = getpwuid(getuid());
|
|
|
|
else
|
|
|
|
pw = getpwnam(argv[0]);
|
|
|
|
if (!pw) {
|
|
|
|
if (errno)
|
|
|
|
eprintf("getpwnam: %s:", argv[0]);
|
|
|
|
else
|
|
|
|
eprintf("who are you?\n");
|
|
|
|
}
|
2014-06-05 11:48:45 +00:00
|
|
|
|
2014-07-10 17:51:51 +00:00
|
|
|
/* is using shadow entry ? */
|
2014-07-13 19:55:46 +00:00
|
|
|
if (pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') {
|
2014-07-10 17:51:51 +00:00
|
|
|
errno = 0;
|
|
|
|
spw = getspnam(pw->pw_name);
|
|
|
|
if (!spw) {
|
|
|
|
if (errno)
|
|
|
|
eprintf("getspnam: %s:", pw->pw_name);
|
|
|
|
else
|
|
|
|
eprintf("who are you?\n");
|
|
|
|
}
|
|
|
|
}
|
2014-06-05 11:48:45 +00:00
|
|
|
|
2014-07-13 19:55:46 +00:00
|
|
|
/* Flush pending input */
|
2014-11-30 13:12:15 +00:00
|
|
|
ioctl(0, TCFLSH, (void *)0);
|
2014-07-13 19:55:46 +00:00
|
|
|
|
|
|
|
if (getuid() == 0) {
|
2014-06-05 11:48:45 +00:00
|
|
|
goto newpass;
|
2014-06-09 11:46:40 +00:00
|
|
|
} else {
|
|
|
|
if (pw->pw_passwd[0] == '!' ||
|
|
|
|
pw->pw_passwd[0] == '*')
|
|
|
|
eprintf("denied\n");
|
|
|
|
if (pw->pw_passwd[0] == '\0') {
|
|
|
|
goto newpass;
|
|
|
|
}
|
2014-07-13 19:55:46 +00:00
|
|
|
if (pw->pw_passwd[0] == 'x')
|
2016-10-24 03:59:51 +00:00
|
|
|
prevhash = spw->sp_pwdp;
|
2014-07-13 19:55:46 +00:00
|
|
|
else
|
2016-10-24 03:59:51 +00:00
|
|
|
prevhash = pw->pw_passwd;
|
2014-06-05 16:12:21 +00:00
|
|
|
}
|
2014-06-05 11:48:45 +00:00
|
|
|
|
2014-07-10 17:51:51 +00:00
|
|
|
printf("Changing password for %s\n", pw->pw_name);
|
|
|
|
inpass = getpass("Old password: ");
|
|
|
|
if (!inpass)
|
2014-06-05 11:48:45 +00:00
|
|
|
eprintf("getpass:");
|
2014-07-10 17:51:51 +00:00
|
|
|
if (inpass[0] == '\0')
|
2014-06-05 16:12:21 +00:00
|
|
|
eprintf("no password supplied\n");
|
2016-10-24 03:59:51 +00:00
|
|
|
p = crypt(inpass, prevhash);
|
2014-06-05 11:48:45 +00:00
|
|
|
if (!p)
|
|
|
|
eprintf("crypt:");
|
|
|
|
cryptpass1 = estrdup(p);
|
2014-07-13 19:55:46 +00:00
|
|
|
if (strcmp(cryptpass1, prevhash) != 0)
|
2014-06-05 11:48:45 +00:00
|
|
|
eprintf("incorrect password\n");
|
|
|
|
|
|
|
|
newpass:
|
2014-07-10 17:51:51 +00:00
|
|
|
inpass = getpass("Enter new password: ");
|
|
|
|
if (!inpass)
|
2014-06-05 11:48:45 +00:00
|
|
|
eprintf("getpass:");
|
2014-07-10 17:51:51 +00:00
|
|
|
if (inpass[0] == '\0')
|
2014-06-05 16:12:21 +00:00
|
|
|
eprintf("no password supplied\n");
|
2016-10-24 03:59:51 +00:00
|
|
|
p = crypt(inpass, prevhash);
|
|
|
|
if (!p)
|
|
|
|
eprintf("crypt:");
|
|
|
|
if (cryptpass1 && strcmp(cryptpass1, p) == 0)
|
|
|
|
eprintf("password left unchanged\n");
|
|
|
|
gensalt(salt + strlen(salt));
|
2014-07-13 19:55:46 +00:00
|
|
|
p = crypt(inpass, salt);
|
2014-06-05 11:48:45 +00:00
|
|
|
if (!p)
|
|
|
|
eprintf("crypt:");
|
|
|
|
cryptpass2 = estrdup(p);
|
|
|
|
|
|
|
|
/* Flush pending input */
|
2014-11-30 13:12:15 +00:00
|
|
|
ioctl(0, TCFLSH, (void *)0);
|
2014-06-05 11:48:45 +00:00
|
|
|
|
2014-07-10 17:51:51 +00:00
|
|
|
inpass = getpass("Retype new password: ");
|
|
|
|
if (!inpass)
|
2014-06-05 11:48:45 +00:00
|
|
|
eprintf("getpass:");
|
2014-07-10 17:51:51 +00:00
|
|
|
if (inpass[0] == '\0')
|
2014-06-05 16:12:21 +00:00
|
|
|
eprintf("no password supplied\n");
|
2014-07-13 19:55:46 +00:00
|
|
|
p = crypt(inpass, salt);
|
2014-06-05 11:48:45 +00:00
|
|
|
if (!p)
|
|
|
|
eprintf("crypt:");
|
|
|
|
cryptpass3 = estrdup(p);
|
|
|
|
if (strcmp(cryptpass2, cryptpass3) != 0)
|
|
|
|
eprintf("passwords don't match\n");
|
|
|
|
|
2014-07-13 19:55:46 +00:00
|
|
|
fp = spw_get_file(pw->pw_name);
|
2014-07-10 17:51:51 +00:00
|
|
|
if (fp) {
|
2014-07-13 19:55:46 +00:00
|
|
|
r = spw_write_file(fp, spw, cryptpass3);
|
2014-07-10 17:51:51 +00:00
|
|
|
} else {
|
2014-07-13 19:55:46 +00:00
|
|
|
fp = fopen("/etc/passwd", "r+");
|
|
|
|
if (fp)
|
|
|
|
r = pw_write_file(fp, pw, cryptpass3);
|
|
|
|
else
|
|
|
|
weprintf("fopen:");
|
2014-07-10 17:51:51 +00:00
|
|
|
}
|
2014-07-13 19:55:46 +00:00
|
|
|
if (!r)
|
2014-10-02 22:45:25 +00:00
|
|
|
status = 0;
|
2014-07-10 17:51:51 +00:00
|
|
|
|
|
|
|
if (fp)
|
|
|
|
fclose(fp);
|
2014-06-05 11:48:45 +00:00
|
|
|
free(cryptpass3);
|
|
|
|
free(cryptpass2);
|
|
|
|
free(cryptpass1);
|
|
|
|
|
2014-07-10 17:51:51 +00:00
|
|
|
return status;
|
2014-06-05 11:48:45 +00:00
|
|
|
}
|