[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: [BusyBox] [PATCH], RFC - set password from script in tinylogin
From: Torrey Hoffman <thoffman () arnor ! net>
Date: 2002-01-23 15:59:03
[Download RAW message or body]
This is a simple little patch that I wrote for work.
It adds a command line option to the passwd applet of tinylogin to allow
setting passwords from the command line. The result is that scripts
(with root permission) can now use passwd.
I think it also fixes some bugs in how passwd handles other flags.
Setting passwords from the command line may have security implications
in multiuser systems, but I suppose most busybox and tinylogin systems
aren't multiuser.
Oh, and I didn't bother updating the usage text. Sorry.
Anyway, patch is against passwd.c of tinylogin-0.80, share and enjoy...
If anyone sees a horrific security problem with it, please let me know.
Torrey Hoffman
thoffman@arnor.net, torrey.hoffman@myrio.com
--- tinylogin-0.80/passwd.c Fri Dec 22 21:36:40 2000
+++ tinylogin-0.80-torrey/passwd.c Thu Jan 17 20:01:41 2002
@@ -21,6 +21,7 @@
static int create_backup(const char *backup, FILE * fp);
static int new_password(const struct passwd *pw, int amroot, int algo);
+static int encrypt_password(char *pass, int algo);
static void set_filesize_limit();
@@ -52,6 +53,8 @@
int lflg = 0; /* -l - lock account */
int uflg = 0; /* -u - unlock account */
int dflg = 0; /* -d - delete password */
+ int pflg = 0; /* -p - set password from argument */
+ char pass[200];
const struct passwd *pw;
unsigned short ruid;
@@ -61,10 +64,14 @@
amroot = (getuid() == 0);
openlog("passwd", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
#define FLAGS "dlu"
- while ((flag = getopt(argc, argv, "adlu")) != EOF) {
+ while ((flag = getopt(argc, argv, "a:d:l:u:p:")) != EOF) {
switch (flag) {
case 'a':
+ if (optarg != argv[optind - 1]) {
+ usage(passwd_usage);
+ }
algo = get_algo(optarg);
+ break;
case 'd':
dflg++;
break;
@@ -74,6 +81,13 @@
case 'u':
uflg++;
break;
+ case 'p':
+ pflg++;
+ if (optarg != argv[optind - 1]) {
+ usage(passwd_usage);
+ }
+ STRFCPY(pass,optarg);
+ break;
default:
usage(passwd_usage);
}
@@ -113,7 +127,7 @@
#endif /* TLG_FEATURE_SHADOWPASSWDS */
STRFCPY(crypt_passwd, cp);
- if (!(dflg || lflg || uflg)) {
+ if (!(dflg || lflg || uflg || pflg)) {
if (!amroot) {
if (cp[0] == '!') {
syslog(LOG_WARNING, "password locked for `%s'", np);
@@ -124,6 +138,14 @@
if (new_password(pw, amroot, algo)) {
error_msg_and_die( "The password for %s is unchanged.\n", name);
}
+ } else if (pflg) {
+ if (!amroot)
+ error_msg_and_die("Only root can set passwords through argument.\n");
+ if (strlen(pass) < 4)
+ error_msg_and_die("Use a longer password.\n");
+ printf("Setting password for %s\n", name);
+ printf("... to \"%s\"\n", pass);
+ encrypt_password(pass, algo);
} else if (lflg) {
if (crypt_passwd[0] != '!') {
memmove(&crypt_passwd[1], crypt_passwd,
@@ -148,7 +170,7 @@
syslog(LOG_ERR, "can't setuid(0)");
error_msg_and_die( "Cannot change ID to root.\n");
}
- /* if (update_passwd(pw, crypt_passwd)) { */
+
if (!update_passwd(pw, crypt_passwd)) {
syslog(LOG_INFO, "password for `%s' changed by user `%s'", name,
myname);
@@ -398,6 +420,13 @@
}
bzero(cp, strlen(cp));
bzero(orig, sizeof(orig));
+
+ return encrypt_password(pass, algo);
+}
+
+static int encrypt_password(char *pass, int algo)
+{
+ char *cp;
#ifdef TLG_FEATURE_SHA1_PASSWORDS
if (algo == 2) {
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic