search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / usr.bin / passwd / local_passwd.c
blob3760276b78c23f4ce7c2fff7d052e1aeedd470ba
1 /* $NetBSD: local_passwd.c,v 1.32 2009/04/12 23:59:37 lukem Exp $ */
2
3 /*-
4 * Copyright (c) 1990, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 #ifndef lint
34 #if 0
35 static char sccsid[] = "from: @(#)local_passwd.c 8.3 (Berkeley) 4/2/94";
36 #else
37 __RCSID("$NetBSD: local_passwd.c,v 1.32 2009/04/12 23:59:37 lukem Exp $");
38 #endif
39 #endif /* not lint */
40
41 #include <sys/types.h>
42 #include <sys/stat.h>
43 #include <ctype.h>
44 #include <err.h>
45 #include <errno.h>
46 #include <fcntl.h>
47 #include <pwd.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <limits.h>
52 #include <time.h>
53 #include <unistd.h>
54 #include <util.h>
55 #include <login_cap.h>
56
57 #include "extern.h"
58
59 static uid_t uid;
60
61 static char *
62 getnewpasswd(struct passwd *pw, int min_pw_len)
63 {
64 int tries;
65 char *p, *t;
66 char buf[_PASSWORD_LEN+1], salt[_PASSWORD_LEN+1];
67 char option[LINE_MAX], *key, *opt;
68
69 (void)printf("Changing local password for %s.\n", pw->pw_name);
70
71 if (uid && pw->pw_passwd[0] &&
72 strcmp(crypt(getpass("Old password:"), pw->pw_passwd),
73 pw->pw_passwd)) {
74 errno = EACCES;
75 pw_error(NULL, 1, 1);
76 }
77
78 for (buf[0] = '\0', tries = 0;;) {
79 p = getpass("New password:");
80 if (!*p) {
81 (void)printf("Password unchanged.\n");
82 pw_error(NULL, 0, 0);
83 }
84 if (min_pw_len > 0 && (int)strlen(p) < min_pw_len) {
85 (void) printf("Password is too short.\n");
86 continue;
87 }
88 if (strlen(p) <= 5 && ++tries < 2) {
89 (void)printf("Please enter a longer password.\n");
90 continue;
91 }
92 for (t = p; *t && islower((unsigned char)*t); ++t);
93 if (!*t && ++tries < 2) {
94 (void)printf("Please don't use an all-lower case "
95 "password.\nUnusual capitalization, "
96 "control characters or digits are "
97 "suggested.\n");
98 continue;
99 }
100 (void)strlcpy(buf, p, sizeof(buf));
101 if (!strcmp(buf, getpass("Retype new password:")))
102 break;
103 (void)printf("Mismatch; try again, EOF to quit.\n");
104 }
105
106 pw_getpwconf(option, sizeof(option), pw, "localcipher");
107 opt = option;
108 key = strsep(&opt, ",");
109 if(pw_gensalt(salt, _PASSWORD_LEN, key, opt) == -1) {
110 warn("Couldn't generate salt");
111 pw_error(NULL, 0, 0);
112 }
113 return(crypt(buf, salt));
114 }
115
116 #ifdef USE_PAM
117
118 void
119 pwlocal_usage(const char *prefix)
120 {
121
122 (void) fprintf(stderr, "%s %s [-d files | -l] [user]\n",
123 prefix, getprogname());
124 }
125
126 void
127 pwlocal_process(const char *username, int argc, char **argv)
128 {
129 struct passwd *pw;
130 struct passwd old_pw;
131 time_t old_change;
132 int pfd, tfd;
133 int min_pw_len = 0;
134 int pw_expiry = 0;
135 int ch;
136 #ifdef LOGIN_CAP
137 login_cap_t *lc;
138 #endif
139
140 while ((ch = getopt(argc, argv, "l")) != -1) {
141 switch (ch) {
142 case 'l':
143 /*
144 * Aborb the -l that may have gotten us here.
145 */
146 break;
147
148 default:
149 usage();
150 /* NOTREACHED */
151 }
152 }
153
154 argc -= optind;
155 argv += optind;
156
157 switch (argc) {
158 case 0:
159 /* username already provided */
160 break;
161 case 1:
162 username = argv[0];
163 break;
164 default:
165 usage();
166 /* NOTREACHED */
167 }
168
169 if (!(pw = getpwnam(username)))
170 errx(1, "unknown user %s", username);
171
172 uid = getuid();
173 if (uid && uid != pw->pw_uid)
174 errx(1, "%s", strerror(EACCES));
175
176 /* Save the old pw information for comparing on pw_copy(). */
177 old_pw = *pw;
178
179 /*
180 * Get class restrictions for this user, then get the new password.
181 */
182 #ifdef LOGIN_CAP
183 if((lc = login_getclass(pw->pw_class)) != NULL) {
184 min_pw_len = (int) login_getcapnum(lc, "minpasswordlen", 0, 0);
185 pw_expiry = (int) login_getcaptime(lc, "passwordtime", 0, 0);
186 login_close(lc);
187 }
188 #endif
189
190 pw->pw_passwd = getnewpasswd(pw, min_pw_len);
191 old_change = pw->pw_change;
192 pw->pw_change = pw_expiry ? pw_expiry + time(NULL) : 0;
193
194 /*
195 * Now that the user has given us a new password, let us
196 * change the database.
197 */
198 pw_init();
199 tfd = pw_lock(0);
200 if (tfd < 0) {
201 warnx ("The passwd file is busy, waiting...");
202 tfd = pw_lock(10);
203 if (tfd < 0)
204 errx(1, "The passwd file is still busy, "
205 "try again later.");
206 }
207
208 pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
209 if (pfd < 0)
210 pw_error(_PATH_MASTERPASSWD, 1, 1);
211
212 pw_copy(pfd, tfd, pw, &old_pw);
213
214 if (pw_mkdb(username, old_change == pw->pw_change) < 0)
215 pw_error((char *)NULL, 0, 1);
216 }
217
218 #else /* ! USE_PAM */
219
220 static int force_local;
221
222 int
223 local_init(progname)
224 const char *progname;
225 {
226 force_local = 0;
227 return (0);
228 }
229
230 int
231 local_arg(char ch, const char *arg)
232 {
233 switch (ch) {
234 case 'l':
235 force_local = 1;
236 break;
237 default:
238 return(0);
239 }
240 return(1);
241 }
242
243 int
244 local_arg_end()
245 {
246 if (force_local)
247 return(PW_USE_FORCE);
248 return(PW_USE);
249 }
250
251 void
252 local_end()
253 {
254 /* NOOP */
255 }
256
257 int
258 local_chpw(uname)
259 const char *uname;
260 {
261 struct passwd *pw;
262 struct passwd old_pw;
263 time_t old_change;
264 int pfd, tfd;
265 int min_pw_len = 0;
266 int pw_expiry = 0;
267 #ifdef LOGIN_CAP
268 login_cap_t *lc;
269 #endif
270
271 if (!(pw = getpwnam(uname))) {
272 warnx("unknown user %s", uname);
273 return (1);
274 }
275
276 uid = getuid();
277 if (uid && uid != pw->pw_uid) {
278 warnx("%s", strerror(EACCES));
279 return (1);
280 }
281
282 /* Save the old pw information for comparing on pw_copy(). */
283 old_pw = *pw;
284
285 /*
286 * Get class restrictions for this user, then get the new password.
287 */
288 #ifdef LOGIN_CAP
289 if((lc = login_getclass(pw->pw_class))) {
290 min_pw_len = (int) login_getcapnum(lc, "minpasswordlen", 0, 0);
291 pw_expiry = (int) login_getcaptime(lc, "passwordtime", 0, 0);
292 login_close(lc);
293 }
294 #endif
295
296 pw->pw_passwd = getnewpasswd(pw, min_pw_len);
297 old_change = pw->pw_change;
298 pw->pw_change = pw_expiry ? pw_expiry + time(NULL) : 0;
299
300 /*
301 * Now that the user has given us a new password, let us
302 * change the database.
303 */
304 pw_init();
305 tfd = pw_lock(0);
306 if (tfd < 0) {
307 warnx ("The passwd file is busy, waiting...");
308 tfd = pw_lock(10);
309 if (tfd < 0)
310 errx(1, "The passwd file is still busy, "
311 "try again later.");
312 }
313
314 pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
315 if (pfd < 0)
316 pw_error(_PATH_MASTERPASSWD, 1, 1);
317
318 pw_copy(pfd, tfd, pw, &old_pw);
319
320 if (pw_mkdb(uname, old_change == pw->pw_change) < 0)
321 pw_error((char *)NULL, 0, 1);
322 return (0);
323 }
324
325 #endif /* USE_PAM */
NetBSD on the FriendlyARM MINI2440