[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    [BusyBox] [PATCH], RFC - set password from script in tinylogin
From:       Torrey Hoffman <thoffman () arnor ! net>
Date:       2002-01-23 15:59:03
[Download RAW message or body]

This is a simple little patch that I wrote for work.  

It adds a command line option to the passwd applet of tinylogin to allow
setting passwords from the command line.  The result is that scripts
(with root permission) can now use passwd.

I think it also fixes some bugs in how passwd handles other flags.

Setting passwords from the command line may have security implications
in multiuser systems, but I suppose most busybox and tinylogin systems
aren't multiuser.

Oh, and I didn't bother updating the usage text. Sorry.

Anyway, patch is against passwd.c of tinylogin-0.80, share and enjoy...
If anyone sees a horrific security problem with it, please let me know.

Torrey Hoffman
thoffman@arnor.net, torrey.hoffman@myrio.com

--- tinylogin-0.80/passwd.c	Fri Dec 22 21:36:40 2000
+++ tinylogin-0.80-torrey/passwd.c	Thu Jan 17 20:01:41 2002
@@ -21,6 +21,7 @@
 
 static int create_backup(const char *backup, FILE * fp);
 static int new_password(const struct passwd *pw, int amroot, int algo);
+static int encrypt_password(char *pass, int algo);
 static void set_filesize_limit();
 

@@ -52,6 +53,8 @@
 	int lflg = 0;				/* -l - lock account */
 	int uflg = 0;				/* -u - unlock account */
 	int dflg = 0;				/* -d - delete password */
+	int pflg = 0;                           /* -p - set password from argument */
+	char pass[200];
 	const struct passwd *pw;
 	unsigned short ruid;
 
@@ -61,10 +64,14 @@
 	amroot = (getuid() == 0);
 	openlog("passwd", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
 #define FLAGS "dlu"
-	while ((flag = getopt(argc, argv, "adlu")) != EOF) {
+	while ((flag = getopt(argc, argv, "a:d:l:u:p:")) != EOF) {
 		switch (flag) {
 		case 'a':
+			if (optarg != argv[optind - 1]) {
+			  usage(passwd_usage);
+			}
 			algo = get_algo(optarg);
+			break;
 		case 'd':
 			dflg++;
 			break;
@@ -74,6 +81,13 @@
 		case 'u':
 			uflg++;
 			break;
+		case 'p':
+		  pflg++;
+			if (optarg != argv[optind - 1]) {
+			  usage(passwd_usage);
+			}
+		  STRFCPY(pass,optarg);
+			break;
 		default:
 			usage(passwd_usage);
 		}
@@ -113,7 +127,7 @@
 #endif							/* TLG_FEATURE_SHADOWPASSWDS */
 
 	STRFCPY(crypt_passwd, cp);
-	if (!(dflg || lflg || uflg)) {
+	if (!(dflg || lflg || uflg || pflg)) {
 		if (!amroot) {
 			if (cp[0] == '!') {
 				syslog(LOG_WARNING, "password locked for `%s'", np);
@@ -124,6 +138,14 @@
 		if (new_password(pw, amroot, algo)) {
 			error_msg_and_die( "The password for %s is unchanged.\n", name);
 		}
+	} else if (pflg) {
+		if (!amroot)
+			error_msg_and_die("Only root can set passwords through argument.\n");
+		if (strlen(pass) < 4)
+			error_msg_and_die("Use a longer password.\n");
+		printf("Setting password for %s\n", name);
+		printf("... to \"%s\"\n", pass);
+		encrypt_password(pass, algo);
 	} else if (lflg) {
 		if (crypt_passwd[0] != '!') {
 			memmove(&crypt_passwd[1], crypt_passwd,
@@ -148,7 +170,7 @@
 		syslog(LOG_ERR, "can't setuid(0)");
 		error_msg_and_die( "Cannot change ID to root.\n");
 	}
-	/* if (update_passwd(pw, crypt_passwd)) { */
+
 	if (!update_passwd(pw, crypt_passwd)) {
 		syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
 			   myname);
@@ -398,6 +420,13 @@
 	}
 	bzero(cp, strlen(cp));
 	bzero(orig, sizeof(orig));
+
+	return encrypt_password(pass, algo);
+}
+
+static int encrypt_password(char *pass, int algo)
+{
+	char *cp;
 
 #ifdef TLG_FEATURE_SHA1_PASSWORDS
 	if (algo == 2) {






[prev in list] [next in list] [prev in thread] [next in thread]