--- a/toys/lsb/passwd.c 2013-09-23 01:21:06.000000000 +0900 +++ b/toys/lsb/passwd.c 2013-10-01 10:53:14.942339730 +0900 @@ -11,9 +11,9 @@ bool "passwd" default y help - usage: passwd [-a ALGO] [-d] [-l] [-u] + usage: passwd [-a ALGO] [-dlu] - update user’s authentication tokens. Default : current user + update user's authentication tokens. Default : current user -a ALGO Encryption method (des, md5, sha256, sha512) default: des -d Set password to '' @@ -23,81 +23,25 @@ #define FOR_passwd #include "toys.h" -#include GLOBALS( char *algo; ) -#define MAX_SALT_LEN 20 //3 for id, 16 for key, 1 for '\0' -#define URANDOM_PATH "/dev/urandom" - #ifndef _GNU_SOURCE char *strcasestr(const char *haystack, const char *needle); #endif -unsigned int random_number_generator(int fd) -{ - unsigned int randnum; - - xreadall(fd, &randnum, sizeof(randnum)); - return randnum; -} - -char inttoc(int i) -{ - // salt value uses 64 chracters in "./0-9a-zA-Z" - const char character_set[]="./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - - i &= 0x3f; // masking for using 10 bits only - return character_set[i]; -} - -int get_salt(char *salt) -{ - int i, salt_length = 0; - int randfd; - - if (!strncmp(TT.algo,"des",3)) { - // 2 bytes salt value is used in des - salt_length = 2; - } else { - *salt++ = '$'; - if (!strncmp(TT.algo,"md5",3)) { - *salt++ = '1'; - // 8 bytes salt value is used in md5 - salt_length = 8; - } else if (!strncmp(TT.algo,"sha256",6)) { - *salt++ = '5'; - // 16 bytes salt value is used in sha256 - salt_length = 16; - } else if (!strncmp(TT.algo,"sha512",6)) { - *salt++ = '6'; - // 16 bytes salt value is used in sha512 - salt_length = 16; - } else return 1; - - *salt++ = '$'; - } - - randfd = xopen(URANDOM_PATH, O_RDONLY); - for (i=0; ipw_uid)) + if (myuid && (myuid != pw->pw_uid)) error_exit("You need to be root to change '%s' password\n", name); pass = pw->pw_passwd; if (pw->pw_passwd[0] == 'x') { - /*get shadow passwd */ + //get shadow passwd sp = getspnam(name); if (sp) pass = sp->sp_pwdp; } if (!(toys.optflags & (FLAG_l | FLAG_u | FLAG_d))) { + + if (!(toys.optflags & FLAG_a)) TT.algo = "des"; + if (get_salt(salt, TT.algo) == -1) + error_exit("Error: Unkown encryption algorithm\n"); + printf("Changing password for %s\n",name); - if (pass[0] == '!') + if (myuid && pass[0] == '!') error_exit("Can't change, password is locked for %s",name); - if (myuid != 0) { - /*Validate user */ + if (myuid) { + //Validate user if (read_password(toybuf, sizeof(toybuf), "Origial password:")) { if (!toys.optargs[0]) free(name); @@ -204,7 +148,7 @@ orig = xstrdup(orig); - /*Get new password */ + // Get new password newp = new_password(orig, name); if (!newp) { free(orig); @@ -212,31 +156,24 @@ return; //new password is not set well. } - /*Encrypt the passwd */ - if (!(toys.optflags & FLAG_a)) TT.algo = "des"; - - if (get_salt(salt)) error_exit("Error: Unkown encryption algorithm\n"); - encrypted = crypt(newp, salt); free(newp); free(orig); } else if (toys.optflags & FLAG_l) { - if (pass[0] == '!') - error_exit("password is already locked for %s",name); + if (pass[0] == '!') error_exit("password is already locked for %s",name); printf("Locking password for %s\n",name); encrypted = xmsprintf("!%s",pass); } else if (toys.optflags & FLAG_u) { - if (pass[0] != '!') - error_exit("password is already unlocked for %s",name); + if (pass[0] != '!') error_exit("password is already unlocked for %s",name); printf("Unlocking password for %s\n",name); encrypted = xstrdup(&pass[1]); } else if (toys.optflags & FLAG_d) { printf("Deleting password for %s\n",name); - encrypted = (char*)xzalloc(sizeof(char)*2); //1 = "", 2 = '\0' + encrypted = xstrdup(""); //1 = "", 2 = '\0' } - /*Update the passwd */ + // Update the passwd if (pw->pw_passwd[0] == 'x') ret = update_password("/etc/shadow", name, encrypted); else ret = update_password("/etc/passwd", name, encrypted);