1 /*	$OpenBSD: login_lchpass.c,v 1.12 2004/03/10 21:30:27 millert Exp $	*/
2 
3 /*-
4  * Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. All advertising materials mentioning features or use of this software
15  *    must display the following acknowledgement:
16  *      This product includes software developed by Berkeley Software Design,
17  *      Inc.
18  * 4. The name of Berkeley Software Design, Inc.  may not be used to endorse
19  *    or promote products derived from this software without specific prior
20  *    written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  *
34  *	BSDI $From: login_lchpass.c,v 1.4 1997/08/08 18:58:23 prb Exp $
35  */
36 #include <sys/param.h>
37 #include <sys/stat.h>
38 #include <sys/time.h>
39 #include <sys/resource.h>
40 #include <sys/file.h>
41 #include <sys/uio.h>
42 #include <sys/wait.h>
43 
44 #include <err.h>
45 #include <errno.h>
46 #include <pwd.h>
47 #include <signal.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <syslog.h>
52 #include <unistd.h>
53 #include <stdarg.h>
54 #include <login_cap.h>
55 
56 #define BACK_CHANNEL	3
57 
58 int local_passwd(char *, int);
59 
60 int
main(int argc,char * argv[])61 main(int argc, char *argv[])
62 {
63 	struct iovec iov[2];
64 	struct passwd *pwd;
65 	char *username = NULL, *salt, *p;
66 	struct rlimit rl;
67 	int c;
68 
69 	iov[0].iov_base = BI_SILENT;
70 	iov[0].iov_len = sizeof(BI_SILENT) - 1;
71 	iov[1].iov_base = "\n";
72 	iov[1].iov_len = 1;
73 
74 	rl.rlim_cur = 0;
75 	rl.rlim_max = 0;
76 	(void)setrlimit(RLIMIT_CORE, &rl);
77 
78 	(void)setpriority(PRIO_PROCESS, 0, 0);
79 
80 	openlog("login", LOG_ODELAY, LOG_AUTH);
81 
82 	while ((c = getopt(argc, argv, "v:s:")) != -1)
83 		switch (c) {
84 		case 'v':
85 			break;
86 		case 's':	/* service */
87 			if (strcmp(optarg, "login") != 0) {
88 				syslog(LOG_ERR, "%s: invalid service", optarg);
89 				exit(1);
90 			}
91 			break;
92 		default:
93 			syslog(LOG_ERR, "usage error");
94 			exit(1);
95 		}
96 
97 	switch (argc - optind) {
98 	case 2:
99 		/* class is not used */
100 	case 1:
101 		username = argv[optind];
102 		break;
103 	default:
104 		syslog(LOG_ERR, "usage error");
105 		exit(1);
106 	}
107 
108 	pwd = getpwnam(username);
109 	if (pwd) {
110 		if (pwd->pw_uid == 0) {
111 			syslog(LOG_ERR, "attempted root password change");
112 			pwd = NULL;
113 		} else if (*pwd->pw_passwd == '\0') {
114 			syslog(LOG_ERR, "%s attempting to add password",
115 			    username);
116 			pwd = NULL;
117 		}
118 	}
119 
120 	if (pwd)
121 		salt = pwd->pw_passwd;
122 	else
123 		salt = "xx";
124 
125 	(void)setpriority(PRIO_PROCESS, 0, -4);
126 
127 	(void)printf("Changing local password for %s.\n", username);
128 	if ((p = getpass("Old Password:")) == NULL)
129 		exit(1);
130 
131 	salt = crypt(p, salt);
132 	memset(p, 0, strlen(p));
133 	if (!pwd || strcmp(salt, pwd->pw_passwd) != 0)
134 		exit(1);
135 
136 	/*
137 	 * We rely on local_passwd() to block signals during the
138 	 * critical section.
139 	 */
140 	local_passwd(pwd->pw_name, 1);
141 	(void)writev(BACK_CHANNEL, iov, 2);
142 	exit(0);
143 }
144