local_passwd.c revision 1.28
1 1.28 christos /* $NetBSD: local_passwd.c,v 1.28 2005/01/11 22:42:30 christos Exp $ */ 2 1.9 thorpej 3 1.1 cgd /*- 4 1.10 tls * Copyright (c) 1990, 1993, 1994 5 1.10 tls * The Regents of the University of California. All rights reserved. 6 1.1 cgd * 7 1.1 cgd * Redistribution and use in source and binary forms, with or without 8 1.1 cgd * modification, are permitted provided that the following conditions 9 1.1 cgd * are met: 10 1.1 cgd * 1. Redistributions of source code must retain the above copyright 11 1.1 cgd * notice, this list of conditions and the following disclaimer. 12 1.1 cgd * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 cgd * notice, this list of conditions and the following disclaimer in the 14 1.1 cgd * documentation and/or other materials provided with the distribution. 15 1.26 agc * 3. Neither the name of the University nor the names of its contributors 16 1.1 cgd * may be used to endorse or promote products derived from this software 17 1.1 cgd * without specific prior written permission. 18 1.1 cgd * 19 1.1 cgd * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 1.1 cgd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 1.1 cgd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 1.1 cgd * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 1.1 cgd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 1.1 cgd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 1.1 cgd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 1.1 cgd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 1.1 cgd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 cgd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 cgd * SUCH DAMAGE. 30 1.1 cgd */ 31 1.1 cgd 32 1.14 lukem #include <sys/cdefs.h> 33 1.1 cgd #ifndef lint 34 1.9 thorpej #if 0 35 1.10 tls static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; 36 1.9 thorpej #else 37 1.28 christos __RCSID("$NetBSD: local_passwd.c,v 1.28 2005/01/11 22:42:30 christos Exp $"); 38 1.9 thorpej #endif 39 1.1 cgd #endif /* not lint */ 40 1.1 cgd 41 1.1 cgd #include <sys/types.h> 42 1.8 jtc #include <sys/stat.h> 43 1.14 lukem #include <ctype.h> 44 1.14 lukem #include <err.h> 45 1.14 lukem #include <errno.h> 46 1.14 lukem #include <fcntl.h> 47 1.1 cgd #include <pwd.h> 48 1.1 cgd #include <stdio.h> 49 1.14 lukem #include <stdlib.h> 50 1.7 cgd #include <string.h> 51 1.15 kleink #include <time.h> 52 1.8 jtc #include <unistd.h> 53 1.8 jtc #include <util.h> 54 1.17 mjl #include <login_cap.h> 55 1.1 cgd 56 1.10 tls #include "extern.h" 57 1.10 tls 58 1.22 ad static char *getnewpasswd __P((struct passwd *, int)); 59 1.14 lukem 60 1.10 tls static uid_t uid; 61 1.19 aidan static int force_local; 62 1.1 cgd 63 1.1 cgd char *tempname; 64 1.1 cgd 65 1.14 lukem static char * 66 1.22 ad getnewpasswd(pw, min_pw_len) 67 1.10 tls struct passwd *pw; 68 1.17 mjl int min_pw_len; 69 1.1 cgd { 70 1.1 cgd int tries; 71 1.10 tls char *p, *t; 72 1.20 ad char buf[_PASSWORD_LEN+1], salt[_PASSWORD_LEN+1]; 73 1.17 mjl 74 1.1 cgd (void)printf("Changing local password for %s.\n", pw->pw_name); 75 1.1 cgd 76 1.2 proven if (uid && pw->pw_passwd[0] && 77 1.1 cgd strcmp(crypt(getpass("Old password:"), pw->pw_passwd), 78 1.1 cgd pw->pw_passwd)) { 79 1.1 cgd errno = EACCES; 80 1.1 cgd pw_error(NULL, 1, 1); 81 1.1 cgd } 82 1.1 cgd 83 1.1 cgd for (buf[0] = '\0', tries = 0;;) { 84 1.1 cgd p = getpass("New password:"); 85 1.1 cgd if (!*p) { 86 1.1 cgd (void)printf("Password unchanged.\n"); 87 1.1 cgd pw_error(NULL, 0, 0); 88 1.1 cgd } 89 1.17 mjl if (min_pw_len > 0 && strlen(p) < min_pw_len) { 90 1.22 ad (void) printf("Password is too short.\n"); 91 1.17 mjl continue; 92 1.17 mjl } 93 1.6 deraadt if (strlen(p) <= 5 && ++tries < 2) { 94 1.1 cgd (void)printf("Please enter a longer password.\n"); 95 1.1 cgd continue; 96 1.1 cgd } 97 1.27 dsl for (t = p; *t && islower((unsigned char)*t); ++t); 98 1.6 deraadt if (!*t && ++tries < 2) { 99 1.12 thorpej (void)printf("Please don't use an all-lower case " 100 1.12 thorpej "password.\nUnusual capitalization, " 101 1.12 thorpej "control characters or digits are " 102 1.12 thorpej "suggested.\n"); 103 1.1 cgd continue; 104 1.1 cgd } 105 1.25 itojun (void)strlcpy(buf, p, sizeof(buf)); 106 1.1 cgd if (!strcmp(buf, getpass("Retype new password:"))) 107 1.1 cgd break; 108 1.1 cgd (void)printf("Mismatch; try again, EOF to quit.\n"); 109 1.1 cgd } 110 1.20 ad 111 1.28 christos if(pw_gensalt(salt, _PASSWORD_LEN, pw, 'l') == -1) { 112 1.28 christos warn("Couldn't generate salt"); 113 1.20 ad pw_error(NULL, 0, 0); 114 1.20 ad } 115 1.1 cgd return(crypt(buf, salt)); 116 1.1 cgd } 117 1.1 cgd 118 1.10 tls int 119 1.19 aidan local_init(progname) 120 1.19 aidan const char *progname; 121 1.19 aidan { 122 1.19 aidan force_local = 0; 123 1.19 aidan return (0); 124 1.19 aidan } 125 1.19 aidan 126 1.19 aidan int 127 1.19 aidan local_arg(char arg, const char *optarg) 128 1.19 aidan { 129 1.19 aidan switch (arg) { 130 1.19 aidan case 'l': 131 1.19 aidan force_local = 1; 132 1.19 aidan break; 133 1.19 aidan default: 134 1.19 aidan return(0); 135 1.19 aidan } 136 1.19 aidan return(1); 137 1.19 aidan } 138 1.19 aidan 139 1.19 aidan int 140 1.19 aidan local_arg_end() 141 1.19 aidan { 142 1.19 aidan if (force_local) 143 1.19 aidan return(PW_USE_FORCE); 144 1.19 aidan return(PW_USE); 145 1.19 aidan } 146 1.19 aidan 147 1.19 aidan void 148 1.19 aidan local_end() 149 1.19 aidan { 150 1.19 aidan /* NOOP */ 151 1.19 aidan } 152 1.19 aidan 153 1.19 aidan int 154 1.19 aidan local_chpw(uname) 155 1.19 aidan const char *uname; 156 1.10 tls { 157 1.10 tls struct passwd *pw; 158 1.13 phil struct passwd old_pw; 159 1.24 ad time_t old_change; 160 1.10 tls int pfd, tfd; 161 1.17 mjl int min_pw_len = 0; 162 1.17 mjl int pw_expiry = 0; 163 1.18 mjl #ifdef LOGIN_CAP 164 1.17 mjl login_cap_t *lc; 165 1.18 mjl #endif 166 1.22 ad 167 1.10 tls if (!(pw = getpwnam(uname))) { 168 1.10 tls warnx("unknown user %s", uname); 169 1.10 tls return (1); 170 1.10 tls } 171 1.1 cgd 172 1.10 tls uid = getuid(); 173 1.10 tls if (uid && uid != pw->pw_uid) { 174 1.10 tls warnx("%s", strerror(EACCES)); 175 1.10 tls return (1); 176 1.1 cgd } 177 1.10 tls 178 1.13 phil /* Save the old pw information for comparing on pw_copy(). */ 179 1.13 phil old_pw = *pw; 180 1.10 tls 181 1.10 tls /* 182 1.17 mjl * Get class restrictions for this user, then get the new password. 183 1.10 tls */ 184 1.18 mjl #ifdef LOGIN_CAP 185 1.17 mjl if((lc = login_getclass(pw->pw_class))) { 186 1.17 mjl min_pw_len = (int) login_getcapnum(lc, "minpasswordlen", 0, 0); 187 1.17 mjl pw_expiry = (int) login_getcaptime(lc, "passwordtime", 0, 0); 188 1.17 mjl login_close(lc); 189 1.17 mjl } 190 1.18 mjl #endif 191 1.17 mjl 192 1.22 ad pw->pw_passwd = getnewpasswd(pw, min_pw_len); 193 1.24 ad old_change = pw->pw_change; 194 1.17 mjl pw->pw_change = pw_expiry ? pw_expiry + time(NULL) : 0; 195 1.13 phil 196 1.16 mrg /* 197 1.16 mrg * Now that the user has given us a new password, let us 198 1.13 phil * change the database. 199 1.13 phil */ 200 1.13 phil pw_init(); 201 1.13 phil tfd = pw_lock(0); 202 1.13 phil if (tfd < 0) { 203 1.13 phil warnx ("The passwd file is busy, waiting..."); 204 1.13 phil tfd = pw_lock(10); 205 1.13 phil if (tfd < 0) 206 1.13 phil errx(1, "The passwd file is still busy, " 207 1.13 phil "try again later."); 208 1.13 phil } 209 1.13 phil 210 1.13 phil pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0); 211 1.13 phil if (pfd < 0) 212 1.13 phil pw_error(_PATH_MASTERPASSWD, 1, 1); 213 1.13 phil 214 1.13 phil pw_copy(pfd, tfd, pw, &old_pw); 215 1.10 tls 216 1.24 ad if (pw_mkdb(uname, old_change == pw->pw_change) < 0) 217 1.10 tls pw_error((char *)NULL, 0, 1); 218 1.10 tls return (0); 219 1.1 cgd } 220
Indexes created Tue Sep 30 11:09:46 GMT 2025