1 /* $OpenBSD: login_lchpass.c,v 1.12 2004/03/10 21:30:27 millert Exp $ */
2
3 /*-
4 * Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 * must display the following acknowledgement:
16 * This product includes software developed by Berkeley Software Design,
17 * Inc.
18 * 4. The name of Berkeley Software Design, Inc. may not be used to endorse
19 * or promote products derived from this software without specific prior
20 * written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * BSDI $From: login_lchpass.c,v 1.4 1997/08/08 18:58:23 prb Exp $
35 */
36 #include <sys/param.h>
37 #include <sys/stat.h>
38 #include <sys/time.h>
39 #include <sys/resource.h>
40 #include <sys/file.h>
41 #include <sys/uio.h>
42 #include <sys/wait.h>
43
44 #include <err.h>
45 #include <errno.h>
46 #include <pwd.h>
47 #include <signal.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <syslog.h>
52 #include <unistd.h>
53 #include <stdarg.h>
54 #include <login_cap.h>
55
56 #define BACK_CHANNEL 3
57
58 int local_passwd(char *, int);
59
60 int
main(int argc,char * argv[])61 main(int argc, char *argv[])
62 {
63 struct iovec iov[2];
64 struct passwd *pwd;
65 char *username = NULL, *salt, *p;
66 struct rlimit rl;
67 int c;
68
69 iov[0].iov_base = BI_SILENT;
70 iov[0].iov_len = sizeof(BI_SILENT) - 1;
71 iov[1].iov_base = "\n";
72 iov[1].iov_len = 1;
73
74 rl.rlim_cur = 0;
75 rl.rlim_max = 0;
76 (void)setrlimit(RLIMIT_CORE, &rl);
77
78 (void)setpriority(PRIO_PROCESS, 0, 0);
79
80 openlog("login", LOG_ODELAY, LOG_AUTH);
81
82 while ((c = getopt(argc, argv, "v:s:")) != -1)
83 switch (c) {
84 case 'v':
85 break;
86 case 's': /* service */
87 if (strcmp(optarg, "login") != 0) {
88 syslog(LOG_ERR, "%s: invalid service", optarg);
89 exit(1);
90 }
91 break;
92 default:
93 syslog(LOG_ERR, "usage error");
94 exit(1);
95 }
96
97 switch (argc - optind) {
98 case 2:
99 /* class is not used */
100 case 1:
101 username = argv[optind];
102 break;
103 default:
104 syslog(LOG_ERR, "usage error");
105 exit(1);
106 }
107
108 pwd = getpwnam(username);
109 if (pwd) {
110 if (pwd->pw_uid == 0) {
111 syslog(LOG_ERR, "attempted root password change");
112 pwd = NULL;
113 } else if (*pwd->pw_passwd == '\0') {
114 syslog(LOG_ERR, "%s attempting to add password",
115 username);
116 pwd = NULL;
117 }
118 }
119
120 if (pwd)
121 salt = pwd->pw_passwd;
122 else
123 salt = "xx";
124
125 (void)setpriority(PRIO_PROCESS, 0, -4);
126
127 (void)printf("Changing local password for %s.\n", username);
128 if ((p = getpass("Old Password:")) == NULL)
129 exit(1);
130
131 salt = crypt(p, salt);
132 memset(p, 0, strlen(p));
133 if (!pwd || strcmp(salt, pwd->pw_passwd) != 0)
134 exit(1);
135
136 /*
137 * We rely on local_passwd() to block signals during the
138 * critical section.
139 */
140 local_passwd(pwd->pw_name, 1);
141 (void)writev(BACK_CHANNEL, iov, 2);
142 exit(0);
143 }
144