emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

passwd: made smaller by ~130 bytes. size can go negative

Browse Source 
if current trend will continue ;)
This commit is contained in:
Denis Vlasenko
2006-12-01 21:34:20 +00:00
parent 732268fe69
commit becd8c538c
3 changed files with 84 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/libbb.h
View File

@ -320,7 +320,7 @@ uint16_t xatou16(const char *numstr);
* increases target size and is often not needed on embedded systems. */ * increases target size and is often not needed on embedded systems. */
extern long bb_xgetpwnam(const char *name); extern long bb_xgetpwnam(const char *name);
extern long bb_xgetgrnam(const char *name); extern long bb_xgetgrnam(const char *name);
extern char *bb_getug(char *buffer, char *idname, long id, int bufsize, char prefix); /*extern char *bb_getug(char *buffer, char *idname, long id, int bufsize, char prefix);*/
extern char *bb_getpwuid(char *name, long uid, int bufsize); extern char *bb_getpwuid(char *name, long uid, int bufsize);
extern char *bb_getgrgid(char *group, long gid, int bufsize); extern char *bb_getgrgid(char *group, long gid, int bufsize);
/* from chpst */ /* from chpst */

68
libbb/bb_pwd.c
View File

@ -12,6 +12,35 @@
#include <assert.h> #include <assert.h>
#include "libbb.h" #include "libbb.h"
/*
* if bufsize is > 0 char *buffer cannot be set to NULL.
* If idname is not NULL it is written on the static
* allocated buffer (and a pointer to it is returned).
* if idname is NULL, id as string is written to the static
* allocated buffer and NULL is returned.
* if bufsize is = 0 char *buffer can be set to NULL.
* If idname exists a pointer to it is returned,
* else NULL is returned.
* if bufsize is < 0 char *buffer can be set to NULL.
* If idname exists a pointer to it is returned,
* else an error message is printed and the program exits.
*/
/* internal function for bb_getpwuid and bb_getgrgid */
static char * bb_getug(char *buffer, char *idname, long id, int bufsize, char prefix)
{
if (bufsize > 0 ) {
assert(buffer!=NULL);
if(idname) {
return safe_strncpy(buffer, idname, bufsize);
}
snprintf(buffer, bufsize, "%ld", id);
} else if (bufsize < 0 && !idname) {
bb_error_msg_and_die("unknown %cid %ld", prefix, id);
}
return idname;
}
/* Hacked by Tito Ragusa (c) 2004 <farmatito@tiscali.it> to make it more /* Hacked by Tito Ragusa (c) 2004 <farmatito@tiscali.it> to make it more
* flexible : * flexible :
* *
@ -84,49 +113,18 @@ char * bb_getpwuid(char *name, long uid, int bufsize)
{ {
struct passwd *myuser = getpwuid(uid); struct passwd *myuser = getpwuid(uid);
return bb_getug(name, (myuser) ? return bb_getug(name, myuser ? myuser->pw_name : (char *)myuser,
myuser->pw_name : (char *)myuser , uid, bufsize, 'u'); uid, bufsize, 'u');
}
/*
* if bufsize is > 0 char *buffer cannot be set to NULL.
* If idname is not NULL it is written on the static
* allocated buffer (and a pointer to it is returned).
* if idname is NULL, id as string is written to the static
* allocated buffer and NULL is returned.
* if bufsize is = 0 char *buffer can be set to NULL.
* If idname exists a pointer to it is returned,
* else NULL is returned.
* if bufsize is < 0 char *buffer can be set to NULL.
* If idname exists a pointer to it is returned,
* else an error message is printed and the program exits.
*/
/* internal function for bb_getpwuid and bb_getgrgid */
char * bb_getug(char *buffer, char *idname, long id, int bufsize, char prefix)
{
if(bufsize > 0 ) {
assert(buffer!=NULL);
if(idname) {
return safe_strncpy(buffer, idname, bufsize);
}
snprintf(buffer, bufsize, "%ld", id);
} else if(bufsize < 0 && !idname) {
bb_error_msg_and_die("unknown %cid %ld", prefix, id);
}
return idname;
} }
unsigned long get_ug_id(const char *s, unsigned long get_ug_id(const char *s,
long (*__bb_getxxnam)(const char *)) long (*__bb_getxxnam)(const char *))
{ {
unsigned long r; unsigned long r;
char *p;
r = strtoul(s, &p, 10); r = bb_strtoul(s, NULL, 10);
if (*p || (s == p)) { if (errno)
r = __bb_getxxnam(s); r = __bb_getxxnam(s);
}
return r; return r;
} }

106
loginutils/passwd.c
View File

@ -52,8 +52,7 @@ static void crypt_make_salt(char *p, int cnt)
} }
static char* new_password(const struct passwd *pw, const char *old_crypted, static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
uid_t myuid, int algo)
{ {
char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */ char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
char *orig = ""; char *orig = "";
@ -62,12 +61,12 @@ static char* new_password(const struct passwd *pw, const char *old_crypted,
char *cp = NULL; char *cp = NULL;
char *ret = NULL; /* failure so far */ char *ret = NULL; /* failure so far */
if (myuid && old_crypted[0]) { if (myuid && pw->pw_passwd[0]) {
orig = bb_askpass(0, "Old password:"); /* returns ptr to static */ orig = bb_askpass(0, "Old password:"); /* returns ptr to static */
if (!orig) if (!orig)
goto err_ret; goto err_ret;
cipher = pw_encrypt(orig, old_crypted); /* returns ptr to static */ cipher = pw_encrypt(orig, pw->pw_passwd); /* returns ptr to static */
if (strcmp(cipher, old_crypted) != 0) { if (strcmp(cipher, pw->pw_passwd) != 0) {
syslog(LOG_WARNING, "incorrect password for '%s'", syslog(LOG_WARNING, "incorrect password for '%s'",
pw->pw_name); pw->pw_name);
bb_do_delay(FAIL_DELAY); bb_do_delay(FAIL_DELAY);
@ -76,23 +75,19 @@ static char* new_password(const struct passwd *pw, const char *old_crypted,
} }
} }
orig = xstrdup(orig); /* or else bb_askpass() will destroy it */ orig = xstrdup(orig); /* or else bb_askpass() will destroy it */
newp = bb_askpass(0, "Enter the new password (minimum of 5 characters).\n" newp = bb_askpass(0, "New password:"); /* returns ptr to static */
"Please use a combination of upper and lower case letters and numbers.\n"
"Enter new password:"); /* returns ptr to static */
if (!newp) if (!newp)
goto err_ret; goto err_ret;
newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */ newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */
if (obscure(orig, newp, pw)) { if (obscure(orig, newp, pw) && myuid) {
if (myuid)
goto err_ret; /* non-root is not allowed to have weak passwd */ goto err_ret; /* non-root is not allowed to have weak passwd */
puts("\nWarning: weak password (continuing)");
} }
cp = bb_askpass(0, "Re-enter new password:"); cp = bb_askpass(0, "Retype password:");
if (!cp) if (!cp)
goto err_ret; goto err_ret;
if (strcmp(cp, newp)) { if (strcmp(cp, newp)) {
puts("Passwords do not match"); puts("Passwords don't match");
goto err_ret; goto err_ret;
} }
@ -116,15 +111,6 @@ static char* new_password(const struct passwd *pw, const char *old_crypted,
} }
static void set_filesize_limit(int blocks)
{
struct rlimit rlimit_fsize;
rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * blocks;
setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
}
#if 0 #if 0
static int get_algo(char *a) static int get_algo(char *a)
{ {
@ -152,6 +138,7 @@ static int update_passwd(const char *filename, const char *username,
int i; int i;
int ret = 1; /* failure */ int ret = 1; /* failure */
logmode = LOGMODE_STDIO;
/* New passwd file, "/etc/passwd+" for now */ /* New passwd file, "/etc/passwd+" for now */
new_name = xasprintf("%s+", filename); new_name = xasprintf("%s+", filename);
last_char = &new_name[strlen(new_name)-1]; last_char = &new_name[strlen(new_name)-1];
@ -239,6 +226,7 @@ static int update_passwd(const char *filename, const char *username,
free_mem: free_mem:
if (ENABLE_FEATURE_CLEAN_UP) free(new_name); if (ENABLE_FEATURE_CLEAN_UP) free(new_name);
if (ENABLE_FEATURE_CLEAN_UP) free((char*)username); if (ENABLE_FEATURE_CLEAN_UP) free((char*)username);
logmode = LOGMODE_BOTH;
return ret; return ret;
} }
@ -252,19 +240,21 @@ int passwd_main(int argc, char **argv)
OPT_delete = 0x8, /* -d - delete password */ OPT_delete = 0x8, /* -d - delete password */
OPT_lud = 0xe, OPT_lud = 0xe,
STATE_ALGO_md5 = 0x10, STATE_ALGO_md5 = 0x10,
/*STATE_ALGO_des = 0x20, not yet needed */ /*STATE_ALGO_des = 0x20, not needed yet */
}; };
unsigned opt; unsigned opt;
char *opt_a = ""; char *opt_a = "";
const char *filename; const char *filename;
char *myname; char *myname;
char *name; char *name;
char *oldp; char *newp;
char *newp = NULL; /* gcc happiness */ struct passwd *pw;
const struct passwd *pw;
uid_t myuid; uid_t myuid;
struct rlimit rlimit_fsize;
char c;
openlog("passwd", LOG_NOWAIT, LOG_AUTH); logmode = LOGMODE_BOTH;
openlog(applet_name, LOG_NOWAIT, LOG_AUTH);
opt = getopt32(argc, argv, "a:lud", &opt_a); opt = getopt32(argc, argv, "a:lud", &opt_a);
argc -= optind; argc -= optind;
argv += optind; argv += optind;
@ -278,71 +268,75 @@ int passwd_main(int argc, char **argv)
bb_show_usage(); bb_show_usage();
myname = xstrdup(bb_getpwuid(NULL, myuid, -1)); myname = xstrdup(bb_getpwuid(NULL, myuid, -1));
name = myname; name = argc ? argv[0] : myname;
if (argc) name = argv[0];
pw = getpwnam(name); pw = getpwnam(name);
if (!pw) bb_error_msg_and_die("unknown user %s", name); if (!pw) bb_error_msg_and_die("unknown user %s", name);
if (myuid && pw->pw_uid != myuid) { if (myuid && pw->pw_uid != myuid) {
syslog(LOG_WARNING, "can't change pwd for '%s'", name); /* LOGMODE_BOTH */
bb_error_msg_and_die("permission denied"); bb_error_msg_and_die("%s can't change password for %s", myname, name);
} }
filename = bb_path_passwd_file; filename = bb_path_passwd_file;
oldp = pw->pw_passwd;
if (ENABLE_FEATURE_SHADOWPASSWDS) { if (ENABLE_FEATURE_SHADOWPASSWDS) {
struct spwd *sp = getspnam(name); struct spwd *sp = getspnam(name);
if (!sp) { if (!sp) {
bb_error_msg("no shadow record for user %s found, " /* LOGMODE_BOTH */
"changing ordinary password instead", name); bb_error_msg("no record of %s in %s, using %s",
name, bb_path_shadow_file,
bb_path_passwd_file);
} else { } else {
filename = bb_path_shadow_file; filename = bb_path_shadow_file;
oldp = sp->sp_pwdp; pw->pw_passwd = sp->sp_pwdp;
} }
} }
/* Decide what the new password will be */ /* Decide what the new password will be */
newp = NULL;
c = pw->pw_passwd[0] - '!';
if (!(opt & OPT_lud)) { if (!(opt & OPT_lud)) {
if (myuid) { if (myuid && !c) { /* passwd starts with '!' */
if (oldp[0] == '!') { /* LOGMODE_BOTH */
syslog(LOG_WARNING, "password locked for '%s'", name); bb_error_msg_and_die("cannot change "
bb_error_msg_and_die("the password for %s cannot be changed", name); "locked password for %s", name);
}
} }
printf("Changing password for %s\n", name); printf("Changing password for %s\n", name);
newp = new_password(pw, oldp, newp = new_password(pw, myuid, opt & STATE_ALGO_md5);
myuid,
opt & STATE_ALGO_md5);
if (!newp) { if (!newp) {
bb_error_msg_and_die("the password for %s is unchanged", name); logmode = LOGMODE_STDIO;
bb_error_msg_and_die("password for %s is unchanged", name);
} }
} else if (opt & OPT_lock) { } else if (opt & OPT_lock) {
if (oldp[0] == '!') goto skip; if (!c) goto skip; /* passwd starts with '!' */
newp = xasprintf("!%s", oldp); newp = xasprintf("!%s", pw->pw_passwd);
} else if (opt & OPT_unlock) { } else if (opt & OPT_unlock) {
if (oldp[0] != '!') goto skip; if (c) goto skip; /* not '!' */
newp = xstrdup(oldp + 1); newp = xstrdup(&pw->pw_passwd[1]);
} else if (opt & OPT_delete) { } else if (opt & OPT_delete) {
newp = xstrdup(""); newp = xstrdup("");
} }
set_filesize_limit(30000); rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
signal(SIGHUP, SIG_IGN); signal(SIGHUP, SIG_IGN);
signal(SIGINT, SIG_IGN); signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN); signal(SIGQUIT, SIG_IGN);
umask(077); umask(077);
xsetuid(0); xsetuid(0);
if (update_passwd(filename, name, newp) == 0) { if (update_passwd(filename, name, newp) != 0) {
syslog(LOG_INFO, "password for '%s' changed by user '%s'", name, /* LOGMODE_BOTH */
myname); bb_error_msg_and_die("cannot update password file %s",
puts("Password changed"); filename);
} else {
syslog(LOG_WARNING, "cannot update password file");
bb_error_msg_and_die("cannot update password file");
} }
/* LOGMODE_BOTH */
bb_info_msg("Password for %s changed by %s", name, myname);
if (ENABLE_FEATURE_CLEAN_UP) free(newp); if (ENABLE_FEATURE_CLEAN_UP) free(newp);
skip: skip:
if (!newp) {
bb_error_msg_and_die("password for %s is already %slocked",
name, (opt & OPT_unlock) ? "un" : "");
}
if (ENABLE_FEATURE_CLEAN_UP) free(myname); if (ENABLE_FEATURE_CLEAN_UP) free(myname);
return 0; return 0;
} }