local_passwd.c revision 1.30.18.1
1 1.30.18.1 matt /* local_passwd.c,v 1.30 2005/02/26 07:19:25 thorpej Exp */ 2 1.9 thorpej 3 1.1 cgd /*- 4 1.10 tls * Copyright (c) 1990, 1993, 1994 5 1.10 tls * The Regents of the University of California. All rights reserved. 6 1.1 cgd * 7 1.1 cgd * Redistribution and use in source and binary forms, with or without 8 1.1 cgd * modification, are permitted provided that the following conditions 9 1.1 cgd * are met: 10 1.1 cgd * 1. Redistributions of source code must retain the above copyright 11 1.1 cgd * notice, this list of conditions and the following disclaimer. 12 1.1 cgd * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 cgd * notice, this list of conditions and the following disclaimer in the 14 1.1 cgd * documentation and/or other materials provided with the distribution. 15 1.26 agc * 3. Neither the name of the University nor the names of its contributors 16 1.1 cgd * may be used to endorse or promote products derived from this software 17 1.1 cgd * without specific prior written permission. 18 1.1 cgd * 19 1.1 cgd * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 1.1 cgd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 1.1 cgd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 1.1 cgd * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 1.1 cgd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 1.1 cgd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 1.1 cgd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 1.1 cgd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 1.1 cgd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 cgd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 cgd * SUCH DAMAGE. 30 1.1 cgd */ 31 1.1 cgd 32 1.14 lukem #include <sys/cdefs.h> 33 1.1 cgd #ifndef lint 34 1.9 thorpej #if 0 35 1.10 tls static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; 36 1.9 thorpej #else 37 1.30.18.1 matt __RCSID("local_passwd.c,v 1.30 2005/02/26 07:19:25 thorpej Exp"); 38 1.9 thorpej #endif 39 1.1 cgd #endif /* not lint */ 40 1.1 cgd 41 1.1 cgd #include <sys/types.h> 42 1.8 jtc #include <sys/stat.h> 43 1.14 lukem #include <ctype.h> 44 1.14 lukem #include <err.h> 45 1.14 lukem #include <errno.h> 46 1.14 lukem #include <fcntl.h> 47 1.1 cgd #include <pwd.h> 48 1.1 cgd #include <stdio.h> 49 1.14 lukem #include <stdlib.h> 50 1.7 cgd #include <string.h> 51 1.29 christos #include <limits.h> 52 1.15 kleink #include <time.h> 53 1.8 jtc #include <unistd.h> 54 1.8 jtc #include <util.h> 55 1.17 mjl #include <login_cap.h> 56 1.1 cgd 57 1.10 tls #include "extern.h" 58 1.10 tls 59 1.10 tls static uid_t uid; 60 1.1 cgd 61 1.14 lukem static char * 62 1.30 thorpej getnewpasswd(struct passwd *pw, int min_pw_len) 63 1.1 cgd { 64 1.1 cgd int tries; 65 1.10 tls char *p, *t; 66 1.20 ad char buf[_PASSWORD_LEN+1], salt[_PASSWORD_LEN+1]; 67 1.29 christos char option[LINE_MAX], *key, *opt; 68 1.17 mjl 69 1.1 cgd (void)printf("Changing local password for %s.\n", pw->pw_name); 70 1.1 cgd 71 1.2 proven if (uid && pw->pw_passwd[0] && 72 1.1 cgd strcmp(crypt(getpass("Old password:"), pw->pw_passwd), 73 1.1 cgd pw->pw_passwd)) { 74 1.1 cgd errno = EACCES; 75 1.1 cgd pw_error(NULL, 1, 1); 76 1.1 cgd } 77 1.1 cgd 78 1.1 cgd for (buf[0] = '\0', tries = 0;;) { 79 1.1 cgd p = getpass("New password:"); 80 1.1 cgd if (!*p) { 81 1.1 cgd (void)printf("Password unchanged.\n"); 82 1.1 cgd pw_error(NULL, 0, 0); 83 1.1 cgd } 84 1.17 mjl if (min_pw_len > 0 && strlen(p) < min_pw_len) { 85 1.22 ad (void) printf("Password is too short.\n"); 86 1.17 mjl continue; 87 1.17 mjl } 88 1.6 deraadt if (strlen(p) <= 5 && ++tries < 2) { 89 1.1 cgd (void)printf("Please enter a longer password.\n"); 90 1.1 cgd continue; 91 1.1 cgd } 92 1.27 dsl for (t = p; *t && islower((unsigned char)*t); ++t); 93 1.6 deraadt if (!*t && ++tries < 2) { 94 1.12 thorpej (void)printf("Please don't use an all-lower case " 95 1.12 thorpej "password.\nUnusual capitalization, " 96 1.12 thorpej "control characters or digits are " 97 1.12 thorpej "suggested.\n"); 98 1.1 cgd continue; 99 1.1 cgd } 100 1.25 itojun (void)strlcpy(buf, p, sizeof(buf)); 101 1.1 cgd if (!strcmp(buf, getpass("Retype new password:"))) 102 1.1 cgd break; 103 1.1 cgd (void)printf("Mismatch; try again, EOF to quit.\n"); 104 1.1 cgd } 105 1.20 ad 106 1.29 christos pw_getpwconf(option, sizeof(option), pw, "localcipher"); 107 1.29 christos opt = option; 108 1.29 christos key = strsep(&opt, ","); 109 1.29 christos if(pw_gensalt(salt, _PASSWORD_LEN, key, opt) == -1) { 110 1.28 christos warn("Couldn't generate salt"); 111 1.20 ad pw_error(NULL, 0, 0); 112 1.20 ad } 113 1.1 cgd return(crypt(buf, salt)); 114 1.1 cgd } 115 1.1 cgd 116 1.30 thorpej #ifdef USE_PAM 117 1.30 thorpej 118 1.30 thorpej void 119 1.30 thorpej pwlocal_usage(const char *prefix) 120 1.30 thorpej { 121 1.30 thorpej 122 1.30 thorpej (void) fprintf(stderr, "%s %s [-d files | -l] [user]\n", 123 1.30 thorpej prefix, getprogname()); 124 1.30 thorpej } 125 1.30 thorpej 126 1.30 thorpej void 127 1.30 thorpej pwlocal_process(const char *username, int argc, char **argv) 128 1.30 thorpej { 129 1.30 thorpej struct passwd *pw; 130 1.30 thorpej struct passwd old_pw; 131 1.30 thorpej time_t old_change; 132 1.30 thorpej int pfd, tfd; 133 1.30 thorpej int min_pw_len = 0; 134 1.30 thorpej int pw_expiry = 0; 135 1.30 thorpej int ch; 136 1.30 thorpej #ifdef LOGIN_CAP 137 1.30 thorpej login_cap_t *lc; 138 1.30 thorpej #endif 139 1.30 thorpej 140 1.30 thorpej while ((ch = getopt(argc, argv, "l")) != -1) { 141 1.30 thorpej switch (ch) { 142 1.30 thorpej case 'l': 143 1.30 thorpej /* 144 1.30 thorpej * Aborb the -l that may have gotten us here. 145 1.30 thorpej */ 146 1.30 thorpej break; 147 1.30 thorpej 148 1.30 thorpej default: 149 1.30 thorpej usage(); 150 1.30 thorpej /* NOTREACHED */ 151 1.30 thorpej } 152 1.30 thorpej } 153 1.30 thorpej 154 1.30 thorpej argc -= optind; 155 1.30 thorpej argv += optind; 156 1.30 thorpej 157 1.30 thorpej switch (argc) { 158 1.30 thorpej case 0: 159 1.30 thorpej /* username already provided */ 160 1.30 thorpej break; 161 1.30 thorpej case 1: 162 1.30 thorpej username = argv[0]; 163 1.30 thorpej break; 164 1.30 thorpej default: 165 1.30 thorpej usage(); 166 1.30 thorpej /* NOTREACHED */ 167 1.30 thorpej } 168 1.30 thorpej 169 1.30 thorpej if (!(pw = getpwnam(username))) 170 1.30 thorpej errx(1, "unknown user %s", username); 171 1.30 thorpej 172 1.30 thorpej uid = getuid(); 173 1.30 thorpej if (uid && uid != pw->pw_uid) 174 1.30 thorpej errx(1, "%s", strerror(EACCES)); 175 1.30 thorpej 176 1.30 thorpej /* Save the old pw information for comparing on pw_copy(). */ 177 1.30 thorpej old_pw = *pw; 178 1.30 thorpej 179 1.30 thorpej /* 180 1.30 thorpej * Get class restrictions for this user, then get the new password. 181 1.30 thorpej */ 182 1.30 thorpej #ifdef LOGIN_CAP 183 1.30.18.1 matt if((lc = login_getclass(pw->pw_class)) != NULL) { 184 1.30 thorpej min_pw_len = (int) login_getcapnum(lc, "minpasswordlen", 0, 0); 185 1.30 thorpej pw_expiry = (int) login_getcaptime(lc, "passwordtime", 0, 0); 186 1.30 thorpej login_close(lc); 187 1.30 thorpej } 188 1.30 thorpej #endif 189 1.30 thorpej 190 1.30 thorpej pw->pw_passwd = getnewpasswd(pw, min_pw_len); 191 1.30 thorpej old_change = pw->pw_change; 192 1.30 thorpej pw->pw_change = pw_expiry ? pw_expiry + time(NULL) : 0; 193 1.30 thorpej 194 1.30 thorpej /* 195 1.30 thorpej * Now that the user has given us a new password, let us 196 1.30 thorpej * change the database. 197 1.30 thorpej */ 198 1.30 thorpej pw_init(); 199 1.30 thorpej tfd = pw_lock(0); 200 1.30 thorpej if (tfd < 0) { 201 1.30 thorpej warnx ("The passwd file is busy, waiting..."); 202 1.30 thorpej tfd = pw_lock(10); 203 1.30 thorpej if (tfd < 0) 204 1.30 thorpej errx(1, "The passwd file is still busy, " 205 1.30 thorpej "try again later."); 206 1.30 thorpej } 207 1.30 thorpej 208 1.30 thorpej pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0); 209 1.30 thorpej if (pfd < 0) 210 1.30 thorpej pw_error(_PATH_MASTERPASSWD, 1, 1); 211 1.30 thorpej 212 1.30 thorpej pw_copy(pfd, tfd, pw, &old_pw); 213 1.30 thorpej 214 1.30 thorpej if (pw_mkdb(username, old_change == pw->pw_change) < 0) 215 1.30 thorpej pw_error((char *)NULL, 0, 1); 216 1.30 thorpej } 217 1.30 thorpej 218 1.30 thorpej #else /* ! USE_PAM */ 219 1.30 thorpej 220 1.30 thorpej static int force_local; 221 1.30 thorpej 222 1.10 tls int 223 1.19 aidan local_init(progname) 224 1.19 aidan const char *progname; 225 1.19 aidan { 226 1.19 aidan force_local = 0; 227 1.19 aidan return (0); 228 1.19 aidan } 229 1.19 aidan 230 1.19 aidan int 231 1.19 aidan local_arg(char arg, const char *optarg) 232 1.19 aidan { 233 1.19 aidan switch (arg) { 234 1.19 aidan case 'l': 235 1.19 aidan force_local = 1; 236 1.19 aidan break; 237 1.19 aidan default: 238 1.19 aidan return(0); 239 1.19 aidan } 240 1.19 aidan return(1); 241 1.19 aidan } 242 1.19 aidan 243 1.19 aidan int 244 1.19 aidan local_arg_end() 245 1.19 aidan { 246 1.19 aidan if (force_local) 247 1.19 aidan return(PW_USE_FORCE); 248 1.19 aidan return(PW_USE); 249 1.19 aidan } 250 1.19 aidan 251 1.19 aidan void 252 1.19 aidan local_end() 253 1.19 aidan { 254 1.19 aidan /* NOOP */ 255 1.19 aidan } 256 1.19 aidan 257 1.19 aidan int 258 1.19 aidan local_chpw(uname) 259 1.19 aidan const char *uname; 260 1.10 tls { 261 1.10 tls struct passwd *pw; 262 1.13 phil struct passwd old_pw; 263 1.24 ad time_t old_change; 264 1.10 tls int pfd, tfd; 265 1.17 mjl int min_pw_len = 0; 266 1.17 mjl int pw_expiry = 0; 267 1.18 mjl #ifdef LOGIN_CAP 268 1.17 mjl login_cap_t *lc; 269 1.18 mjl #endif 270 1.22 ad 271 1.10 tls if (!(pw = getpwnam(uname))) { 272 1.10 tls warnx("unknown user %s", uname); 273 1.10 tls return (1); 274 1.10 tls } 275 1.1 cgd 276 1.10 tls uid = getuid(); 277 1.10 tls if (uid && uid != pw->pw_uid) { 278 1.10 tls warnx("%s", strerror(EACCES)); 279 1.10 tls return (1); 280 1.1 cgd } 281 1.10 tls 282 1.13 phil /* Save the old pw information for comparing on pw_copy(). */ 283 1.13 phil old_pw = *pw; 284 1.10 tls 285 1.10 tls /* 286 1.17 mjl * Get class restrictions for this user, then get the new password. 287 1.10 tls */ 288 1.18 mjl #ifdef LOGIN_CAP 289 1.17 mjl if((lc = login_getclass(pw->pw_class))) { 290 1.17 mjl min_pw_len = (int) login_getcapnum(lc, "minpasswordlen", 0, 0); 291 1.17 mjl pw_expiry = (int) login_getcaptime(lc, "passwordtime", 0, 0); 292 1.17 mjl login_close(lc); 293 1.17 mjl } 294 1.18 mjl #endif 295 1.17 mjl 296 1.22 ad pw->pw_passwd = getnewpasswd(pw, min_pw_len); 297 1.24 ad old_change = pw->pw_change; 298 1.17 mjl pw->pw_change = pw_expiry ? pw_expiry + time(NULL) : 0; 299 1.13 phil 300 1.16 mrg /* 301 1.16 mrg * Now that the user has given us a new password, let us 302 1.13 phil * change the database. 303 1.13 phil */ 304 1.13 phil pw_init(); 305 1.13 phil tfd = pw_lock(0); 306 1.13 phil if (tfd < 0) { 307 1.13 phil warnx ("The passwd file is busy, waiting..."); 308 1.13 phil tfd = pw_lock(10); 309 1.13 phil if (tfd < 0) 310 1.13 phil errx(1, "The passwd file is still busy, " 311 1.13 phil "try again later."); 312 1.13 phil } 313 1.13 phil 314 1.13 phil pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0); 315 1.13 phil if (pfd < 0) 316 1.13 phil pw_error(_PATH_MASTERPASSWD, 1, 1); 317 1.13 phil 318 1.13 phil pw_copy(pfd, tfd, pw, &old_pw); 319 1.10 tls 320 1.24 ad if (pw_mkdb(uname, old_change == pw->pw_change) < 0) 321 1.10 tls pw_error((char *)NULL, 0, 1); 322 1.10 tls return (0); 323 1.1 cgd } 324 1.30 thorpej 325 1.30 thorpej #endif /* USE_PAM */ 326
Indexes created Wed Oct 22 13:09:56 GMT 2025