adduser: safe username passing to passwd/addgroup

passwd: support creating SHA passwords random code shrink function old new delta crypt_make_pw_salt - 87 +87 adduser_main 883 904 +21 ... crypt_make_salt 99 89 -10 chpasswd_main 329 312 -17 packed_usage 28731 28691 -40 passwd_main 1070 1000 -70 cryptpw_main 310 224 -86 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 4/12 up/down: 154/-288) Total: -134 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2011-05-13 03:19:01 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2011-05-13 03:19:01 +0200
commit: 12a432715f066cf9d677316a39c9e0ebc6d72404 (patch)
tree: 14a33cdedbd6ba7739449cc3dec968b55a01efad
parent: 0806e401d6747c391fa0427e0ccba9951f9a1c3d (diff)
download: busybox-w32-12a432715f066cf9d677316a39c9e0ebc6d72404.tar.gz
busybox-w32-12a432715f066cf9d677316a39c9e0ebc6d72404.tar.bz2
busybox-w32-12a432715f066cf9d677316a39c9e0ebc6d72404.zip
7 files changed, 88 insertions, 77 deletions
diff --git a/include/libbb.h b/include/libbb.h
index 4232c38f4..89e8e4452 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1259,14 +1259,19 @@ extern int correct_password(const struct passwd *pw) FAST_FUNC;
 #endif
 extern char *pw_encrypt(const char *clear, const char *salt, int cleanup) FAST_FUNC;
 extern int obscure(const char *old, const char *newval, const struct passwd *pwdp) FAST_FUNC;
-/* rnd is additional random input. New one is returned.
+/*
+ * rnd is additional random input. New one is returned.
 * Useful if you call crypt_make_salt many times in a row:
 * rnd = crypt_make_salt(buf1, 4, 0);
 * rnd = crypt_make_salt(buf2, 4, rnd);
 * rnd = crypt_make_salt(buf3, 4, rnd);
 * (otherwise we risk having same salt generated)
 */
-extern int crypt_make_salt(char *p, int cnt, int rnd) FAST_FUNC;
+extern int crypt_make_salt(char *p, int cnt /*, int rnd*/) FAST_FUNC;
+/* "$N$" + sha_salt_16_bytes + NUL */
+#define MAX_PW_SALT_LEN (3 + 16 + 1)
+extern char* crypt_make_pw_salt(char p[MAX_PW_SALT_LEN], const char *algo) FAST_FUNC;
 /* Returns number of lines changed, or -1 on error */
 #if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP)
diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
index c6c04d44a..39ffa084f 100644
--- a/libbb/pw_encrypt.c
+++ b/libbb/pw_encrypt.c
@@ -27,9 +27,10 @@ static int i64c(int i)
        return ('a' - 38 + i);
 }
-int FAST_FUNC crypt_make_salt(char *p, int cnt, int x)
+int FAST_FUNC crypt_make_salt(char *p, int cnt /*, int x */)
 {
-        x += getpid() + time(NULL);
+        /* was: x += ... */
+        int x = getpid() + monotonic_us();
        do {
                /* x = (x*1664525 + 1013904223) % 2^32 generator is lame
                 * (low-order bit is not "random", etc...),
@@ -47,6 +48,26 @@ int FAST_FUNC crypt_make_salt(char *p, int cnt, int x)
        return x;
 }
+char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo)
+{
+        int len = 2/2;
+        char *salt_ptr = salt;
+        if (algo[0] != 'd') { /* not des */
+                len = 8/2; /* so far assuming md5 */
+                *salt_ptr++ = '$';
+                *salt_ptr++ = '1';
+                *salt_ptr++ = '$';
+#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
+                if (algo[0] == 's') { /* sha */
+                        salt[1] = '5' + (strcmp(algo, "sha512") == 0);
+                        len = 16/2;
+                }
+#endif
+        }
+        crypt_make_salt(salt_ptr, len);
+        return salt_ptr;
+}
 #if ENABLE_USE_BB_CRYPT
 static char*
diff --git a/loginutils/adduser.c b/loginutils/adduser.c
index 1944d9d56..a05b72158 100644
--- a/loginutils/adduser.c
+++ b/loginutils/adduser.c
@@ -82,21 +82,23 @@ static void passwd_study(struct passwd *p)
 static void addgroup_wrapper(struct passwd *p, const char *group_name)
 {
-        char *argv[5];
+        char *argv[6];
        argv[0] = (char*)"addgroup";
        if (group_name) {
                /* Add user to existing group */
-                argv[1] = p->pw_name;
+                argv[1] = (char*)"--";
-                argv[2] = (char*)group_name;
+                argv[2] = p->pw_name;
-                argv[3] = NULL;
+                argv[3] = (char*)group_name;
+                argv[4] = NULL;
        } else {
                /* Add user to his own group with the first free gid found in passwd_study */
 //TODO: to be compatible with external addgroup programs we should use --gid instead...
                argv[1] = (char*)"-g";
                argv[2] = utoa(p->pw_gid);
-                argv[3] = p->pw_name;
+                argv[3] = (char*)"--";
-                argv[4] = NULL;
+                argv[4] = p->pw_name;
+                argv[5] = NULL;
        }
        spawn_and_wait(argv);
@@ -106,7 +108,7 @@ static void passwd_wrapper(const char *login_name) NORETURN;
 static void passwd_wrapper(const char *login_name)
 {
-        BB_EXECLP("passwd", "passwd", login_name, NULL);
+        BB_EXECLP("passwd", "passwd", "--", login_name, NULL);
        bb_error_msg_and_die("can't execute passwd, you must set password manually");
 }
diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c
index 6c4296faa..f4718c829 100644
--- a/loginutils/chpasswd.c
+++ b/loginutils/chpasswd.c
@@ -37,9 +37,8 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
        char *name, *pass;
        char salt[sizeof("$N$XXXXXXXX")];
        int opt, rc;
-        int rnd = rnd; /* we *want* it to be non-initialized! */
-        if (getuid())
+        if (getuid() != 0)
                bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
        opt_complementary = "m--e:e--m";
@@ -55,10 +54,12 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
                xuname2uid(name); /* dies if there is no such user */
                if (!(opt & OPT_ENC)) {
-                        rnd = crypt_make_salt(salt, 1, rnd);
+                        crypt_make_salt(salt, 1);
                        if (opt & OPT_MD5) {
-                                strcpy(salt, "$1$");
+                                salt[0] = '$';
-                                rnd = crypt_make_salt(salt + 3, 4, rnd);
+                                salt[1] = '1';
+                                salt[2] = '$';
+                                crypt_make_salt(salt + 3, 4);
                        }
                        pass = pw_encrypt(pass, salt, 0);
                }
diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c
index bbaa858da..b25a39ac9 100644
--- a/loginutils/cryptpw.c
+++ b/loginutils/cryptpw.c
@@ -19,7 +19,7 @@
 //usage:        IF_LONG_OPTS(
 //usage:     "\n        -P,--password-fd=N      Read password from fd N"
 /* //usage:  "\n        -s,--stdin              Use stdin; like -P0" */
-//usage:     "\n        -m,--method=TYPE        Encryption method TYPE"
+//usage:     "\n        -m,--method=TYPE        Encryption method"
 //usage:     "\n        -S,--salt=SALT"
 //usage:        )
 //usage:        IF_NOT_LONG_OPTS(
@@ -39,7 +39,7 @@
 //usage:        IF_LONG_OPTS(
 //usage:     "\n        -P,--password-fd=N      Read password from fd N"
 /* //usage:  "\n        -s,--stdin              Use stdin; like -P0" */
-//usage:     "\n        -m,--method=TYPE        Encryption method TYPE"
+//usage:     "\n        -m,--method=TYPE        Encryption method"
 //usage:     "\n        -S,--salt=SALT"
 //usage:        )
 //usage:        IF_NOT_LONG_OPTS(
@@ -92,11 +92,9 @@ to cryptpw. -a option (alias for -m) came from cryptpw.
 int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int cryptpw_main(int argc UNUSED_PARAM, char **argv)
 {
-        /* $N$ + sha_salt_16_bytes + NUL */
+        char salt[MAX_PW_SALT_LEN];
-        char salt[3 + 16 + 1];
        char *salt_ptr;
        const char *opt_m, *opt_S;
-        int len;
        int fd;
 #if ENABLE_LONG_OPTS
@@ -121,24 +119,9 @@ int cryptpw_main(int argc UNUSED_PARAM, char **argv)
        if (argv[0] && !opt_S)
                opt_S = argv[1];
-        len = 2/2;
+        salt_ptr = crypt_make_pw_salt(salt, opt_m);
-        salt_ptr = salt;
-        if (opt_m[0] != 'd') { /* not des */
-                len = 8/2; /* so far assuming md5 */
-                *salt_ptr++ = '$';
-                *salt_ptr++ = '1';
-                *salt_ptr++ = '$';
-#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
-                if (opt_m[0] == 's') { /* sha */
-                        salt[1] = '5' + (strcmp(opt_m, "sha512") == 0);
-                        len = 16/2;
-                }
-#endif
-        }
        if (opt_S)
-                safe_strncpy(salt_ptr, opt_S, sizeof(salt) - 3);
+                safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1));
-        else
-                crypt_make_salt(salt_ptr, len, 0);
        xmove_fd(fd, STDIN_FILENO);
diff --git a/loginutils/passwd.c b/loginutils/passwd.c
index 810644e61..8c47e65ff 100644
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -9,7 +9,7 @@
 //usage:       "Change USER's password. If no USER is specified,\n"
 //usage:       "changes the password for the current user.\n"
 //usage:     "\nOptions:"
-//usage:     "\n        -a ALG  Algorithm to use for password (des, md5)" /* ", sha1)" */
+//usage:     "\n        -a ALG  Encryption method"
 //usage:     "\n        -d      Delete password for the account"
 //usage:     "\n        -l      Lock (disable) account"
 //usage:     "\n        -u      Unlock (re-enable) account"
@@ -22,15 +22,15 @@ static void nuke_str(char *str)
        if (str) memset(str, 0, strlen(str));
 }
-static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
+static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo)
 {
-        char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
+        char salt[MAX_PW_SALT_LEN];
        char *orig = (char*)"";
        char *newp = NULL;
        char *cp = NULL;
        char *ret = NULL; /* failure so far */
-        if (myuid && pw->pw_passwd[0]) {
+        if (myuid != 0 && pw->pw_passwd[0]) {
                char *encrypted;
                orig = bb_ask_stdin("Old password: "); /* returns ptr to static */
@@ -38,13 +38,13 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
                        goto err_ret;
                encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */
                if (strcmp(encrypted, pw->pw_passwd) != 0) {
-                        syslog(LOG_WARNING, "incorrect password for %s",
+                        syslog(LOG_WARNING, "incorrect password for %s", pw->pw_name);
-                                pw->pw_name);
                        bb_do_delay(LOGIN_FAIL_DELAY);
                        puts("Incorrect password");
                        goto err_ret;
                }
-                if (ENABLE_FEATURE_CLEAN_UP) free(encrypted);
+                if (ENABLE_FEATURE_CLEAN_UP)
+                        free(encrypted);
        }
        orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
        newp = bb_ask_stdin("New password: "); /* returns ptr to static */
@@ -52,22 +52,22 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
                goto err_ret;
        newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
        if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
-         && obscure(orig, newp, pw) && myuid)
+         && obscure(orig, newp, pw)
+         && myuid != 0
+        ) {
                goto err_ret; /* non-root is not allowed to have weak passwd */
+        }
        cp = bb_ask_stdin("Retype password: ");
        if (!cp)
                goto err_ret;
-        if (strcmp(cp, newp)) {
+        if (strcmp(cp, newp) != 0) {
                puts("Passwords don't match");
                goto err_ret;
        }
-        crypt_make_salt(salt, 1, 0); /* des */
+        crypt_make_pw_salt(salt, algo);
-        if (algo) { /* MD5 */
-                strcpy(salt, "$1$");
-                crypt_make_salt(salt + 3, 4, 0);
-        }
        /* pw_encrypt returns malloced str */
        ret = pw_encrypt(newp, salt, 1);
        /* whee, success! */
@@ -75,8 +75,10 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
 err_ret:
        nuke_str(orig);
        if (ENABLE_FEATURE_CLEAN_UP) free(orig);
        nuke_str(newp);
        if (ENABLE_FEATURE_CLEAN_UP) free(newp);
        nuke_str(cp);
        return ret;
 }
@@ -85,17 +87,15 @@ int passwd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int passwd_main(int argc UNUSED_PARAM, char **argv)
 {
        enum {
-                OPT_algo = 0x1, /* -a - password algorithm */
+                OPT_algo   = (1 << 0), /* -a - password algorithm */
-                OPT_lock = 0x2, /* -l - lock account */
+                OPT_lock   = (1 << 1), /* -l - lock account */
-                OPT_unlock = 0x4, /* -u - unlock account */
+                OPT_unlock = (1 << 2), /* -u - unlock account */
-                OPT_delete = 0x8, /* -d - delete password */
+                OPT_delete = (1 << 3), /* -d - delete password */
-                OPT_lud = 0xe,
+                OPT_lud    = OPT_lock | OPT_unlock | OPT_delete,
-                STATE_ALGO_md5 = 0x10,
-                //STATE_ALGO_des = 0x20, not needed yet
        };
        unsigned opt;
        int rc;
-        const char *opt_a = "";
+        const char *opt_a = "d"; /* des */
        const char *filename;
        char *myname;
        char *name;
@@ -116,13 +116,9 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
        //argc -= optind;
        argv += optind;
-        if (strcasecmp(opt_a, "des") != 0) /* -a */
-                opt |= STATE_ALGO_md5;
-        //else
-        //      opt |= STATE_ALGO_des;
        myuid = getuid();
        /* -l, -u, -d require root priv and username argument */
-        if ((opt & OPT_lud) && (myuid || !argv[0]))
+        if ((opt & OPT_lud) && (myuid != 0 || !argv[0]))
                bb_show_usage();
        /* Will complain and die if username not found */
@@ -130,7 +126,7 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
        name = argv[0] ? argv[0] : myname;
        pw = xgetpwnam(name);
-        if (myuid && pw->pw_uid != myuid) {
+        if (myuid != 0 && pw->pw_uid != myuid) {
                /* LOGMODE_BOTH */
                bb_error_msg_and_die("%s can't change password for %s", myname, name);
        }
@@ -164,27 +160,29 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
        newp = NULL;
        c = pw->pw_passwd[0] - '!';
        if (!(opt & OPT_lud)) {
-                if (myuid && !c) { /* passwd starts with '!' */
+                if (myuid != 0 && !c) { /* passwd starts with '!' */
                        /* LOGMODE_BOTH */
                        bb_error_msg_and_die("can't change "
                                        "locked password for %s", name);
                }
                printf("Changing password for %s\n", name);
-                newp = new_password(pw, myuid, opt & STATE_ALGO_md5);
+                newp = new_password(pw, myuid, opt_a);
                if (!newp) {
                        logmode = LOGMODE_STDIO;
                        bb_error_msg_and_die("password for %s is unchanged", name);
                }
        } else if (opt & OPT_lock) {
-                if (!c) goto skip; /* passwd starts with '!' */
+                if (!c)
+                        goto skip; /* passwd starts with '!' */
                newp = xasprintf("!%s", pw->pw_passwd);
        } else if (opt & OPT_unlock) {
-                if (c) goto skip; /* not '!' */
+                if (c)
+                        goto skip; /* not '!' */
                /* pw->pw_passwd points to static storage,
                 * strdup'ing to avoid nasty surprizes */
                newp = xstrdup(&pw->pw_passwd[1]);
        } else if (opt & OPT_delete) {
-                newp = (char*)""; //xstrdup("");
+                newp = (char*)"";
        }
        rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
@@ -202,7 +200,7 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
        rc = update_passwd(bb_path_shadow_file, name, newp, NULL);
        if (rc > 0)
                /* password in /etc/shadow was updated */
-                newp = (char*) "x"; //xstrdup("x");
+                newp = (char*) "x";
        if (rc >= 0)
                /* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */
 #endif
@@ -212,16 +210,17 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
        }
        /* LOGMODE_BOTH */
        if (rc < 0)
-                bb_error_msg_and_die("can't update password file %s",
+                bb_error_msg_and_die("can't update password file %s", filename);
-                                filename);
        bb_info_msg("Password for %s changed by %s", name, myname);
-        //if (ENABLE_FEATURE_CLEAN_UP) free(newp);
+        /*if (ENABLE_FEATURE_CLEAN_UP) free(newp); - can't, it may be non-malloced */
 skip:
        if (!newp) {
                bb_error_msg_and_die("password for %s is already %slocked",
                        name, (opt & OPT_unlock) ? "un" : "");
        }
-        if (ENABLE_FEATURE_CLEAN_UP) free(myname);
+        if (ENABLE_FEATURE_CLEAN_UP)
+                free(myname);
        return 0;
 }
diff --git a/networking/httpd.c b/networking/httpd.c
index d6157aca2..d77342a2a 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2424,7 +2424,7 @@ int httpd_main(int argc UNUSED_PARAM, char **argv)
                salt[0] = '$';
                salt[1] = '1';
                salt[2] = '$';
-                crypt_make_salt(salt + 3, 4, 0);
+                crypt_make_salt(salt + 3, 4);
                puts(pw_encrypt(pass, salt, 1));
                return 0;
        }
author	Denys Vlasenko <vda.linux@googlemail.com>	2011-05-13 03:19:01 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2011-05-13 03:19:01 +0200
commit	12a432715f066cf9d677316a39c9e0ebc6d72404 (patch)
tree	14a33cdedbd6ba7739449cc3dec968b55a01efad
parent	0806e401d6747c391fa0427e0ccba9951f9a1c3d (diff)
download	busybox-w32-12a432715f066cf9d677316a39c9e0ebc6d72404.tar.gz busybox-w32-12a432715f066cf9d677316a39c9e0ebc6d72404.tar.bz2 busybox-w32-12a432715f066cf9d677316a39c9e0ebc6d72404.zip

diff --git a/include/libbb.h b/include/libbb.h index 4232c38f4..89e8e4452 100644 --- a/include/libbb.h +++ b/include/libbb.h
@@ -1259,14 +1259,19 @@ extern int correct_password(const struct passwd *pw) FAST_FUNC;
1259	#endif	1259	#endif
1260	extern char pw_encrypt(const char clear, const char *salt, int cleanup) FAST_FUNC;	1260	extern char pw_encrypt(const char clear, const char *salt, int cleanup) FAST_FUNC;
1261	extern int obscure(const char old, const char newval, const struct passwd *pwdp) FAST_FUNC;	1261	extern int obscure(const char old, const char newval, const struct passwd *pwdp) FAST_FUNC;
1262	/* rnd is additional random input. New one is returned.	1262	/*
		1263	* rnd is additional random input. New one is returned.
1263	* Useful if you call crypt_make_salt many times in a row:	1264	* Useful if you call crypt_make_salt many times in a row:
1264	* rnd = crypt_make_salt(buf1, 4, 0);	1265	* rnd = crypt_make_salt(buf1, 4, 0);
1265	* rnd = crypt_make_salt(buf2, 4, rnd);	1266	* rnd = crypt_make_salt(buf2, 4, rnd);
1266	* rnd = crypt_make_salt(buf3, 4, rnd);	1267	* rnd = crypt_make_salt(buf3, 4, rnd);
1267	* (otherwise we risk having same salt generated)	1268	* (otherwise we risk having same salt generated)
1268	*/	1269	*/
1269	extern int crypt_make_salt(char *p, int cnt, int rnd) FAST_FUNC;	1270	extern int crypt_make_salt(char p, int cnt /, int rnd*/) FAST_FUNC;
		1271	/* "$N$" + sha_salt_16_bytes + NUL */
		1272	#define MAX_PW_SALT_LEN (3 + 16 + 1)
		1273	extern char* crypt_make_pw_salt(char p[MAX_PW_SALT_LEN], const char *algo) FAST_FUNC;
		1274
1270		1275
1271	/* Returns number of lines changed, or -1 on error */	1276	/* Returns number of lines changed, or -1 on error */
1272	#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP \|\| ENABLE_FEATURE_DEL_USER_FROM_GROUP)	1277	#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP \|\| ENABLE_FEATURE_DEL_USER_FROM_GROUP)


diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c index c6c04d44a..39ffa084f 100644 --- a/libbb/pw_encrypt.c +++ b/libbb/pw_encrypt.c
@@ -27,9 +27,10 @@ static int i64c(int i)
27	return ('a' - 38 + i);	27	return ('a' - 38 + i);
28	}	28	}
29		29
30	int FAST_FUNC crypt_make_salt(char *p, int cnt, int x)	30	int FAST_FUNC crypt_make_salt(char p, int cnt /, int x */)
31	{	31	{
32	x += getpid() + time(NULL);	32	/* was: x += ... */
		33	int x = getpid() + monotonic_us();
33	do {	34	do {
34	/* x = (x*1664525 + 1013904223) % 2^32 generator is lame	35	/* x = (x*1664525 + 1013904223) % 2^32 generator is lame
35	* (low-order bit is not "random", etc...),	36	* (low-order bit is not "random", etc...),
@@ -47,6 +48,26 @@ int FAST_FUNC crypt_make_salt(char *p, int cnt, int x)
47	return x;	48	return x;
48	}	49	}
49		50
		51	char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo)
		52	{
		53	int len = 2/2;
		54	char *salt_ptr = salt;
		55	if (algo[0] != 'd') { /* not des */
		56	len = 8/2; /* so far assuming md5 */
		57	*salt_ptr++ = '$';
		58	*salt_ptr++ = '1';
		59	*salt_ptr++ = '$';
		60	#if !ENABLE_USE_BB_CRYPT \|\| ENABLE_USE_BB_CRYPT_SHA
		61	if (algo[0] == 's') { /* sha */
		62	salt[1] = '5' + (strcmp(algo, "sha512") == 0);
		63	len = 16/2;
		64	}
		65	#endif
		66	}
		67	crypt_make_salt(salt_ptr, len);
		68	return salt_ptr;
		69	}
		70
50	#if ENABLE_USE_BB_CRYPT	71	#if ENABLE_USE_BB_CRYPT
51		72
52	static char*	73	static char*


diff --git a/loginutils/adduser.c b/loginutils/adduser.c index 1944d9d56..a05b72158 100644 --- a/loginutils/adduser.c +++ b/loginutils/adduser.c
@@ -82,21 +82,23 @@ static void passwd_study(struct passwd *p)
82		82
83	static void addgroup_wrapper(struct passwd p, const char group_name)	83	static void addgroup_wrapper(struct passwd p, const char group_name)
84	{	84	{
85	char *argv[5];	85	char *argv[6];
86		86
87	argv[0] = (char*)"addgroup";	87	argv[0] = (char*)"addgroup";
88	if (group_name) {	88	if (group_name) {
89	/* Add user to existing group */	89	/* Add user to existing group */
90	argv[1] = p->pw_name;	90	argv[1] = (char*)"--";
91	argv[2] = (char*)group_name;	91	argv[2] = p->pw_name;
92	argv[3] = NULL;	92	argv[3] = (char*)group_name;
		93	argv[4] = NULL;
93	} else {	94	} else {
94	/* Add user to his own group with the first free gid found in passwd_study */	95	/* Add user to his own group with the first free gid found in passwd_study */
95	//TODO: to be compatible with external addgroup programs we should use --gid instead...	96	//TODO: to be compatible with external addgroup programs we should use --gid instead...
96	argv[1] = (char*)"-g";	97	argv[1] = (char*)"-g";
97	argv[2] = utoa(p->pw_gid);	98	argv[2] = utoa(p->pw_gid);
98	argv[3] = p->pw_name;	99	argv[3] = (char*)"--";
99	argv[4] = NULL;	100	argv[4] = p->pw_name;
		101	argv[5] = NULL;
100	}	102	}
101		103
102	spawn_and_wait(argv);	104	spawn_and_wait(argv);
@@ -106,7 +108,7 @@ static void passwd_wrapper(const char *login_name) NORETURN;
106		108
107	static void passwd_wrapper(const char *login_name)	109	static void passwd_wrapper(const char *login_name)
108	{	110	{
109	BB_EXECLP("passwd", "passwd", login_name, NULL);	111	BB_EXECLP("passwd", "passwd", "--", login_name, NULL);
110	bb_error_msg_and_die("can't execute passwd, you must set password manually");	112	bb_error_msg_and_die("can't execute passwd, you must set password manually");
111	}	113	}
112		114


diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c index 6c4296faa..f4718c829 100644 --- a/loginutils/chpasswd.c +++ b/loginutils/chpasswd.c
@@ -37,9 +37,8 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
37	char name, pass;	37	char name, pass;
38	char salt[sizeof("$N$XXXXXXXX")];	38	char salt[sizeof("$N$XXXXXXXX")];
39	int opt, rc;	39	int opt, rc;
40	int rnd = rnd; /* we want it to be non-initialized! */
41		40
42	if (getuid())	41	if (getuid() != 0)
43	bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);	42	bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
44		43
45	opt_complementary = "m--e:e--m";	44	opt_complementary = "m--e:e--m";
@@ -55,10 +54,12 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
55	xuname2uid(name); /* dies if there is no such user */	54	xuname2uid(name); /* dies if there is no such user */
56		55
57	if (!(opt & OPT_ENC)) {	56	if (!(opt & OPT_ENC)) {
58	rnd = crypt_make_salt(salt, 1, rnd);	57	crypt_make_salt(salt, 1);
59	if (opt & OPT_MD5) {	58	if (opt & OPT_MD5) {
60	strcpy(salt, "$1$");	59	salt[0] = '$';
61	rnd = crypt_make_salt(salt + 3, 4, rnd);	60	salt[1] = '1';
		61	salt[2] = '$';
		62	crypt_make_salt(salt + 3, 4);
62	}	63	}
63	pass = pw_encrypt(pass, salt, 0);	64	pass = pw_encrypt(pass, salt, 0);
64	}	65	}


diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c index bbaa858da..b25a39ac9 100644 --- a/loginutils/cryptpw.c +++ b/loginutils/cryptpw.c
@@ -19,7 +19,7 @@
19	//usage: IF_LONG_OPTS(	19	//usage: IF_LONG_OPTS(
20	//usage: "\n -P,--password-fd=N Read password from fd N"	20	//usage: "\n -P,--password-fd=N Read password from fd N"
21	/* //usage: "\n -s,--stdin Use stdin; like -P0" */	21	/* //usage: "\n -s,--stdin Use stdin; like -P0" */
22	//usage: "\n -m,--method=TYPE Encryption method TYPE"	22	//usage: "\n -m,--method=TYPE Encryption method"
23	//usage: "\n -S,--salt=SALT"	23	//usage: "\n -S,--salt=SALT"
24	//usage: )	24	//usage: )
25	//usage: IF_NOT_LONG_OPTS(	25	//usage: IF_NOT_LONG_OPTS(
@@ -39,7 +39,7 @@
39	//usage: IF_LONG_OPTS(	39	//usage: IF_LONG_OPTS(
40	//usage: "\n -P,--password-fd=N Read password from fd N"	40	//usage: "\n -P,--password-fd=N Read password from fd N"
41	/* //usage: "\n -s,--stdin Use stdin; like -P0" */	41	/* //usage: "\n -s,--stdin Use stdin; like -P0" */
42	//usage: "\n -m,--method=TYPE Encryption method TYPE"	42	//usage: "\n -m,--method=TYPE Encryption method"
43	//usage: "\n -S,--salt=SALT"	43	//usage: "\n -S,--salt=SALT"
44	//usage: )	44	//usage: )
45	//usage: IF_NOT_LONG_OPTS(	45	//usage: IF_NOT_LONG_OPTS(
@@ -92,11 +92,9 @@ to cryptpw. -a option (alias for -m) came from cryptpw.
92	int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;	92	int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
93	int cryptpw_main(int argc UNUSED_PARAM, char **argv)	93	int cryptpw_main(int argc UNUSED_PARAM, char **argv)
94	{	94	{
95	/* $N$ + sha_salt_16_bytes + NUL */	95	char salt[MAX_PW_SALT_LEN];
96	char salt[3 + 16 + 1];
97	char *salt_ptr;	96	char *salt_ptr;
98	const char opt_m, opt_S;	97	const char opt_m, opt_S;
99	int len;
100	int fd;	98	int fd;
101		99
102	#if ENABLE_LONG_OPTS	100	#if ENABLE_LONG_OPTS
@@ -121,24 +119,9 @@ int cryptpw_main(int argc UNUSED_PARAM, char **argv)
121	if (argv[0] && !opt_S)	119	if (argv[0] && !opt_S)
122	opt_S = argv[1];	120	opt_S = argv[1];
123		121
124	len = 2/2;	122	salt_ptr = crypt_make_pw_salt(salt, opt_m);
125	salt_ptr = salt;
126	if (opt_m[0] != 'd') { /* not des */
127	len = 8/2; /* so far assuming md5 */
128	*salt_ptr++ = '$';
129	*salt_ptr++ = '1';
130	*salt_ptr++ = '$';
131	#if !ENABLE_USE_BB_CRYPT \|\| ENABLE_USE_BB_CRYPT_SHA
132	if (opt_m[0] == 's') { /* sha */
133	salt[1] = '5' + (strcmp(opt_m, "sha512") == 0);
134	len = 16/2;
135	}
136	#endif
137	}
138	if (opt_S)	123	if (opt_S)
139	safe_strncpy(salt_ptr, opt_S, sizeof(salt) - 3);	124	safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1));
140	else
141	crypt_make_salt(salt_ptr, len, 0);
142		125
143	xmove_fd(fd, STDIN_FILENO);	126	xmove_fd(fd, STDIN_FILENO);
144		127


diff --git a/loginutils/passwd.c b/loginutils/passwd.c index 810644e61..8c47e65ff 100644 --- a/loginutils/passwd.c +++ b/loginutils/passwd.c
@@ -9,7 +9,7 @@
9	//usage: "Change USER's password. If no USER is specified,\n"	9	//usage: "Change USER's password. If no USER is specified,\n"
10	//usage: "changes the password for the current user.\n"	10	//usage: "changes the password for the current user.\n"
11	//usage: "\nOptions:"	11	//usage: "\nOptions:"
12	//usage: "\n -a ALG Algorithm to use for password (des, md5)" /* ", sha1)" */	12	//usage: "\n -a ALG Encryption method"
13	//usage: "\n -d Delete password for the account"	13	//usage: "\n -d Delete password for the account"
14	//usage: "\n -l Lock (disable) account"	14	//usage: "\n -l Lock (disable) account"
15	//usage: "\n -u Unlock (re-enable) account"	15	//usage: "\n -u Unlock (re-enable) account"
@@ -22,15 +22,15 @@ static void nuke_str(char *str)
22	if (str) memset(str, 0, strlen(str));	22	if (str) memset(str, 0, strlen(str));
23	}	23	}
24		24
25	static char* new_password(const struct passwd *pw, uid_t myuid, int algo)	25	static char* new_password(const struct passwd pw, uid_t myuid, const char algo)
26	{	26	{
27	char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */	27	char salt[MAX_PW_SALT_LEN];
28	char orig = (char)"";	28	char orig = (char)"";
29	char *newp = NULL;	29	char *newp = NULL;
30	char *cp = NULL;	30	char *cp = NULL;
31	char ret = NULL; / failure so far */	31	char ret = NULL; / failure so far */
32		32
33	if (myuid && pw->pw_passwd[0]) {	33	if (myuid != 0 && pw->pw_passwd[0]) {
34	char *encrypted;	34	char *encrypted;
35		35
36	orig = bb_ask_stdin("Old password: "); /* returns ptr to static */	36	orig = bb_ask_stdin("Old password: "); /* returns ptr to static */
@@ -38,13 +38,13 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
38	goto err_ret;	38	goto err_ret;
39	encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */	39	encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */
40	if (strcmp(encrypted, pw->pw_passwd) != 0) {	40	if (strcmp(encrypted, pw->pw_passwd) != 0) {
41	syslog(LOG_WARNING, "incorrect password for %s",	41	syslog(LOG_WARNING, "incorrect password for %s", pw->pw_name);
42	pw->pw_name);
43	bb_do_delay(LOGIN_FAIL_DELAY);	42	bb_do_delay(LOGIN_FAIL_DELAY);
44	puts("Incorrect password");	43	puts("Incorrect password");
45	goto err_ret;	44	goto err_ret;
46	}	45	}
47	if (ENABLE_FEATURE_CLEAN_UP) free(encrypted);	46	if (ENABLE_FEATURE_CLEAN_UP)
		47	free(encrypted);
48	}	48	}
49	orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */	49	orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
50	newp = bb_ask_stdin("New password: "); /* returns ptr to static */	50	newp = bb_ask_stdin("New password: "); /* returns ptr to static */
@@ -52,22 +52,22 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
52	goto err_ret;	52	goto err_ret;
53	newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */	53	newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
54	if (ENABLE_FEATURE_PASSWD_WEAK_CHECK	54	if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
55	&& obscure(orig, newp, pw) && myuid)	55	&& obscure(orig, newp, pw)
		56	&& myuid != 0
		57	) {
56	goto err_ret; /* non-root is not allowed to have weak passwd */	58	goto err_ret; /* non-root is not allowed to have weak passwd */
		59	}
57		60
58	cp = bb_ask_stdin("Retype password: ");	61	cp = bb_ask_stdin("Retype password: ");
59	if (!cp)	62	if (!cp)
60	goto err_ret;	63	goto err_ret;
61	if (strcmp(cp, newp)) {	64	if (strcmp(cp, newp) != 0) {
62	puts("Passwords don't match");	65	puts("Passwords don't match");
63	goto err_ret;	66	goto err_ret;
64	}	67	}
65		68
66	crypt_make_salt(salt, 1, 0); /* des */	69	crypt_make_pw_salt(salt, algo);
67	if (algo) { /* MD5 */	70
68	strcpy(salt, "$1$");
69	crypt_make_salt(salt + 3, 4, 0);
70	}
71	/* pw_encrypt returns malloced str */	71	/* pw_encrypt returns malloced str */
72	ret = pw_encrypt(newp, salt, 1);	72	ret = pw_encrypt(newp, salt, 1);
73	/* whee, success! */	73	/* whee, success! */
@@ -75,8 +75,10 @@ static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
75	err_ret:	75	err_ret:
76	nuke_str(orig);	76	nuke_str(orig);
77	if (ENABLE_FEATURE_CLEAN_UP) free(orig);	77	if (ENABLE_FEATURE_CLEAN_UP) free(orig);
		78
78	nuke_str(newp);	79	nuke_str(newp);
79	if (ENABLE_FEATURE_CLEAN_UP) free(newp);	80	if (ENABLE_FEATURE_CLEAN_UP) free(newp);
		81
80	nuke_str(cp);	82	nuke_str(cp);
81	return ret;	83	return ret;
82	}	84	}
@@ -85,17 +87,15 @@ int passwd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
85	int passwd_main(int argc UNUSED_PARAM, char **argv)	87	int passwd_main(int argc UNUSED_PARAM, char **argv)
86	{	88	{
87	enum {	89	enum {
88	OPT_algo = 0x1, /* -a - password algorithm */	90	OPT_algo = (1 << 0), /* -a - password algorithm */
89	OPT_lock = 0x2, /* -l - lock account */	91	OPT_lock = (1 << 1), /* -l - lock account */
90	OPT_unlock = 0x4, /* -u - unlock account */	92	OPT_unlock = (1 << 2), /* -u - unlock account */
91	OPT_delete = 0x8, /* -d - delete password */	93	OPT_delete = (1 << 3), /* -d - delete password */
92	OPT_lud = 0xe,	94	OPT_lud = OPT_lock \| OPT_unlock \| OPT_delete,
93	STATE_ALGO_md5 = 0x10,
94	//STATE_ALGO_des = 0x20, not needed yet
95	};	95	};
96	unsigned opt;	96	unsigned opt;
97	int rc;	97	int rc;
98	const char *opt_a = "";	98	const char opt_a = "d"; / des */
99	const char *filename;	99	const char *filename;
100	char *myname;	100	char *myname;
101	char *name;	101	char *name;
@@ -116,13 +116,9 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
116	//argc -= optind;	116	//argc -= optind;
117	argv += optind;	117	argv += optind;
118		118
119	if (strcasecmp(opt_a, "des") != 0) /* -a */
120	opt \|= STATE_ALGO_md5;
121	//else
122	// opt \|= STATE_ALGO_des;
123	myuid = getuid();	119	myuid = getuid();
124	/* -l, -u, -d require root priv and username argument */	120	/* -l, -u, -d require root priv and username argument */
125	if ((opt & OPT_lud) && (myuid \|\| !argv[0]))	121	if ((opt & OPT_lud) && (myuid != 0 \|\| !argv[0]))
126	bb_show_usage();	122	bb_show_usage();
127		123
128	/* Will complain and die if username not found */	124	/* Will complain and die if username not found */
@@ -130,7 +126,7 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
130	name = argv[0] ? argv[0] : myname;	126	name = argv[0] ? argv[0] : myname;
131		127
132	pw = xgetpwnam(name);	128	pw = xgetpwnam(name);
133	if (myuid && pw->pw_uid != myuid) {	129	if (myuid != 0 && pw->pw_uid != myuid) {
134	/* LOGMODE_BOTH */	130	/* LOGMODE_BOTH */
135	bb_error_msg_and_die("%s can't change password for %s", myname, name);	131	bb_error_msg_and_die("%s can't change password for %s", myname, name);
136	}	132	}
@@ -164,27 +160,29 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
164	newp = NULL;	160	newp = NULL;
165	c = pw->pw_passwd[0] - '!';	161	c = pw->pw_passwd[0] - '!';
166	if (!(opt & OPT_lud)) {	162	if (!(opt & OPT_lud)) {
167	if (myuid && !c) { /* passwd starts with '!' */	163	if (myuid != 0 && !c) { /* passwd starts with '!' */
168	/* LOGMODE_BOTH */	164	/* LOGMODE_BOTH */
169	bb_error_msg_and_die("can't change "	165	bb_error_msg_and_die("can't change "
170	"locked password for %s", name);	166	"locked password for %s", name);
171	}	167	}
172	printf("Changing password for %s\n", name);	168	printf("Changing password for %s\n", name);
173	newp = new_password(pw, myuid, opt & STATE_ALGO_md5);	169	newp = new_password(pw, myuid, opt_a);
174	if (!newp) {	170	if (!newp) {
175	logmode = LOGMODE_STDIO;	171	logmode = LOGMODE_STDIO;
176	bb_error_msg_and_die("password for %s is unchanged", name);	172	bb_error_msg_and_die("password for %s is unchanged", name);
177	}	173	}
178	} else if (opt & OPT_lock) {	174	} else if (opt & OPT_lock) {
179	if (!c) goto skip; /* passwd starts with '!' */	175	if (!c)
		176	goto skip; /* passwd starts with '!' */
180	newp = xasprintf("!%s", pw->pw_passwd);	177	newp = xasprintf("!%s", pw->pw_passwd);
181	} else if (opt & OPT_unlock) {	178	} else if (opt & OPT_unlock) {
182	if (c) goto skip; /* not '!' */	179	if (c)
		180	goto skip; /* not '!' */
183	/* pw->pw_passwd points to static storage,	181	/* pw->pw_passwd points to static storage,
184	* strdup'ing to avoid nasty surprizes */	182	* strdup'ing to avoid nasty surprizes */
185	newp = xstrdup(&pw->pw_passwd[1]);	183	newp = xstrdup(&pw->pw_passwd[1]);
186	} else if (opt & OPT_delete) {	184	} else if (opt & OPT_delete) {
187	newp = (char*)""; //xstrdup("");	185	newp = (char*)"";
188	}	186	}
189		187
190	rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;	188	rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
@@ -202,7 +200,7 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
202	rc = update_passwd(bb_path_shadow_file, name, newp, NULL);	200	rc = update_passwd(bb_path_shadow_file, name, newp, NULL);
203	if (rc > 0)	201	if (rc > 0)
204	/* password in /etc/shadow was updated */	202	/* password in /etc/shadow was updated */
205	newp = (char*) "x"; //xstrdup("x");	203	newp = (char*) "x";
206	if (rc >= 0)	204	if (rc >= 0)
207	/* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */	205	/* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */
208	#endif	206	#endif
@@ -212,16 +210,17 @@ int passwd_main(int argc UNUSED_PARAM, char **argv)
212	}	210	}
213	/* LOGMODE_BOTH */	211	/* LOGMODE_BOTH */
214	if (rc < 0)	212	if (rc < 0)
215	bb_error_msg_and_die("can't update password file %s",	213	bb_error_msg_and_die("can't update password file %s", filename);
216	filename);
217	bb_info_msg("Password for %s changed by %s", name, myname);	214	bb_info_msg("Password for %s changed by %s", name, myname);
218		215
219	//if (ENABLE_FEATURE_CLEAN_UP) free(newp);	216	/if (ENABLE_FEATURE_CLEAN_UP) free(newp); - can't, it may be non-malloced /
220	skip:	217	skip:
221	if (!newp) {	218	if (!newp) {
222	bb_error_msg_and_die("password for %s is already %slocked",	219	bb_error_msg_and_die("password for %s is already %slocked",
223	name, (opt & OPT_unlock) ? "un" : "");	220	name, (opt & OPT_unlock) ? "un" : "");
224	}	221	}
225	if (ENABLE_FEATURE_CLEAN_UP) free(myname);	222
		223	if (ENABLE_FEATURE_CLEAN_UP)
		224	free(myname);
226	return 0;	225	return 0;
227	}	226	}


diff --git a/networking/httpd.c b/networking/httpd.c index d6157aca2..d77342a2a 100644 --- a/networking/httpd.c +++ b/networking/httpd.c
@@ -2424,7 +2424,7 @@ int httpd_main(int argc UNUSED_PARAM, char **argv)
2424	salt[0] = '$';	2424	salt[0] = '$';
2425	salt[1] = '1';	2425	salt[1] = '1';
2426	salt[2] = '$';	2426	salt[2] = '$';
2427	crypt_make_salt(salt + 3, 4, 0);	2427	crypt_make_salt(salt + 3, 4);
2428	puts(pw_encrypt(pass, salt, 1));	2428	puts(pw_encrypt(pass, salt, 1));
2429	return 0;	2429	return 0;
2430	}	2430	}