]> git.cameronkatri.com Git - apple_cmds.git/blob - system_cmds/passwd.tproj/passwd.c
system_cmds: 880.120.1
[apple_cmds.git] / system_cmds / passwd.tproj / passwd.c
1 /*
2 * Copyright (c) 1999-2016 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #include <TargetConditionals.h>
24
25 #define _PASSWD_FILE "/etc/master.passwd"
26
27 #include <stdio.h>
28 #include <errno.h>
29 #include <pwd.h>
30 #include <libc.h>
31 #include <ctype.h>
32 #include <string.h>
33 #include "passwd.h"
34
35 #ifdef __SLICK__
36 #define _PASSWORD_LEN 8
37 #endif
38
39 char* progname = "passwd";
40
41 static char *saltchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
42
43 void
44 getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha,
45 char *old_pw, char **new_pw, char **old_clear, char **new_clear)
46 {
47 int i, tries, pw_ok, upper, lower, alpha, notalpha;
48 size_t len;
49 int isNull;
50 char *p;
51 static char obuf[_PASSWORD_LEN+1];
52 static char nbuf[_PASSWORD_LEN+1];
53 char salt[9];
54
55 printf("Changing password for %s.\n", name);
56
57 p = "";
58 isNull = 0;
59 if (old_pw == NULL) isNull = 1;
60 if ((isNull == 0) && (old_pw[0] == '\0')) isNull = 1;
61 if ((isroot == 0) && (isNull == 0))
62 {
63 p = getpass("Old password:");
64 if (strcmp(crypt(p, old_pw), old_pw))
65 {
66 errno = EACCES;
67 fprintf(stderr, "Sorry\n");
68 exit(1);
69 }
70 }
71 //strcpy(obuf, p);
72 snprintf( obuf, sizeof(obuf), "%s", p );
73
74 tries = 0;
75 nbuf[0] = '\0';
76 for (;;)
77 {
78 p = getpass("New password:");
79 if (!*p)
80 {
81 printf("Password unchanged.\n");
82 exit(0);
83 }
84
85 tries++;
86 len = strlen(p);
87 upper = 0;
88 lower = 0;
89 alpha = 0;
90 notalpha = 0;
91 for (i = 0; i < len; i++)
92 {
93 if (isupper(p[i])) upper++;
94 if (islower(p[i])) lower++;
95 if (isalpha(p[i])) alpha++;
96 else notalpha++;
97 }
98
99
100 pw_ok = 1;
101 if (len < minlen) pw_ok = 0;
102 if ((mixcase == 1) && ((upper == 0) || (lower == 0))) pw_ok = 0;
103 if ((nonalpha == 1) && (notalpha == 0)) pw_ok = 0;
104
105 /*
106 * An insistent root may override security options.
107 */
108 if ((isroot == 1) && (tries > 2)) pw_ok = 1;
109
110 /*
111 * A very insistent user may override security options.
112 */
113 if (tries > 4) pw_ok = 1;
114
115 if (pw_ok == 0)
116 {
117 if (len < minlen)
118 printf("Password must be at least %d characters long.\n", minlen);
119 if ((mixcase == 1) && ((upper == 0) || (lower == 0)))
120 printf("Password must contain both upper and lower case characters.\n");
121 if ((nonalpha == 1) && (notalpha == 0))
122 printf("Password must contain non-alphabetic characters.\n");
123 continue;
124 }
125
126 //strcpy(nbuf, p);
127 snprintf( nbuf, sizeof(nbuf), "%s", p );
128
129 if (!strcmp(nbuf, getpass("Retype new password:"))) break;
130
131 printf("Mismatch; try again, EOF to quit.\n");
132 }
133
134 /*
135 * Create a random salt
136 */
137 srandom((int)time((time_t *)NULL));
138 salt[0] = saltchars[random() % strlen(saltchars)];
139 salt[1] = saltchars[random() % strlen(saltchars)];
140 salt[2] = '\0';
141 *new_pw = crypt(nbuf, salt);
142
143 *old_clear = obuf;
144 *new_clear = nbuf;
145 return;
146 }
147
148 static void
149 usage(void)
150 {
151 fprintf(stderr, "usage: %s [-i infosystem] -l location]] [-u authname] [name]\n", progname);
152 fprintf(stderr, " infosystem:\n");
153 fprintf(stderr, " file\n");
154 fprintf(stderr, " NIS\n");
155 fprintf(stderr, " OpenDirectory\n");
156 fprintf(stderr, " PAM\n");
157 fprintf(stderr, " location (for infosystem):\n");
158 fprintf(stderr, " file location is path to file (default is %s)\n", _PASSWD_FILE);
159 fprintf(stderr, " NIS location is NIS domain name\n");
160 fprintf(stderr, " OpenDirectory location is directory node name\n");
161 fprintf(stderr, " PAM location is not used\n");
162 exit(1);
163 }
164
165 int
166 main(int argc, char *argv[])
167 {
168 char* user = NULL;
169 char* locn = NULL;
170 char* auth = NULL;
171 int infosystem, ch;
172 int free_user = 0;
173 int res = -1;
174
175 #ifdef INFO_PAM
176 infosystem = INFO_PAM;
177 #else
178 #ifdef INFO_OPEN_DIRECTORY
179 infosystem = INFO_OPEN_DIRECTORY;
180 #else
181 infosystem = INFO_FILE;
182 #endif
183 #endif
184
185 #ifdef INFO_OPEN_DIRECTORY
186 /* PAM is the default infosystem, but we still want to use OpenDirectory directly when run by root */
187 if (0 == getuid())
188 infosystem = INFO_OPEN_DIRECTORY;
189 #endif
190
191 while ((ch = getopt(argc, argv, "i:l:u:")) != -1)
192 switch(ch) {
193 case 'i':
194 if (!strcasecmp(optarg, "file")) {
195 infosystem = INFO_FILE;
196 #ifdef INFO_NIS
197 } else if (!strcasecmp(optarg, "NIS")) {
198 infosystem = INFO_NIS;
199 } else if (!strcasecmp(optarg, "YP")) {
200 infosystem = INFO_NIS;
201 #endif
202 #ifdef INFO_OPEN_DIRECTORY
203 } else if (!strcasecmp(optarg, "opendirectory")) {
204 infosystem = INFO_OPEN_DIRECTORY;
205 #endif
206 #ifdef INFO_PAM
207 } else if (!strcasecmp(optarg, "PAM")) {
208 infosystem = INFO_PAM;
209 #endif
210 } else {
211 fprintf(stderr, "%s: Unknown info system \'%s\'.\n",
212 progname, optarg);
213 usage();
214 }
215 break;
216 case 'l':
217 locn = optarg;
218 break;
219 case 'u':
220 auth = optarg;
221 break;
222 case '?':
223 default:
224 usage();
225 break;
226 }
227 argc -= optind;
228 argv += optind;
229
230 if (argc > 1) {
231 usage();
232 } else if (argc == 1) {
233 user = argv[0];
234 }
235
236 #ifdef INFO_PAM
237 if (INFO_PAM == infosystem && NULL != locn)
238 usage();
239 #endif
240
241 if (user == NULL)
242 {
243 /*
244 * Verify that the login name exists.
245 * lukeh 24 Dec 1997
246 */
247
248 /* getlogin() is the wrong thing to use here because it returns the wrong user after su */
249 /* sns 5 Jan 2005 */
250
251 struct passwd * userRec = getpwuid(getuid());
252 if (userRec != NULL && userRec->pw_name != NULL) {
253 /* global static mem is volatile; must strdup */
254 user = strdup(userRec->pw_name);
255 free_user = 1;
256 }
257
258 if (user == NULL)
259 {
260 fprintf(stderr, "you don't have a login name\n");
261 exit(1);
262 }
263 }
264
265 switch (infosystem)
266 {
267 case INFO_FILE:
268 res = file_passwd(user, locn);
269 break;
270 #ifdef INFO_NIS
271 case INFO_NIS:
272 res = nis_passwd(user, locn);
273 break;
274 #endif
275 #ifdef INFO_OPEN_DIRECTORY
276 case INFO_OPEN_DIRECTORY:
277 res = od_passwd(user, locn, auth);
278 break;
279 #endif
280 #ifdef INFO_PAM
281 case INFO_PAM:
282 res = pam_passwd(user);
283 break;
284 #endif
285 }
286
287 if (res == 0)
288 {
289 printf("\n");
290 printf("################################### WARNING ###################################\n");
291 printf("# This tool does not update the login keychain password. #\n");
292 printf("# To update it, run `security set-keychain-password` as the user in question, #\n");
293 printf("# or as root providing a path to such user's login keychain. #\n");
294 printf("###############################################################################\n");
295 printf("\n");
296 }
297
298 if (free_user == 1)
299 free(user);
300
301 exit(0);
302 }