OpenWrt – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | /* Add passphrases to the tpasswd file. Use the last entry in the config |
| 2 | file by default or a particular one specified by index. */ |
||
| 3 | |||
| 4 | #include <stdio.h> |
||
| 5 | #include <stdlib.h> |
||
| 6 | #include <string.h> |
||
| 7 | #include <unistd.h> |
||
| 8 | #include <sys/types.h> |
||
| 9 | #include <sys/stat.h> |
||
| 10 | #include "config.h" |
||
| 11 | #include "t_pwd.h" |
||
| 12 | #include "t_read.h" |
||
| 13 | #include "t_sha.h" |
||
| 14 | #include "t_defines.h" |
||
| 15 | |||
| 16 | char *Progname; |
||
| 17 | char Usage[] = "usage: %s [-n configindex] [-p passfile] user\n"; |
||
| 18 | #define USAGE() fprintf(stderr, Usage, Progname) |
||
| 19 | |||
| 20 | void doit(char *); |
||
| 21 | |||
| 22 | int Configindex = -1; |
||
| 23 | char *Passfile = DEFAULT_PASSWD; |
||
| 24 | |||
| 25 | int main(int argc, char **argv) |
||
| 26 | { |
||
| 27 | int c; |
||
| 28 | |||
| 29 | Progname = *argv; |
||
| 30 | |||
| 31 | /* Parse option arguments. */ |
||
| 32 | |||
| 33 | while ((c = getopt(argc, argv, "n:p:")) != EOF) { |
||
| 34 | switch (c) { |
||
| 35 | |||
| 36 | case 'n': |
||
| 37 | Configindex = atoi(optarg); |
||
| 38 | break; |
||
| 39 | |||
| 40 | case 'p': |
||
| 41 | Passfile = optarg; |
||
| 42 | break; |
||
| 43 | |||
| 44 | default: |
||
| 45 | USAGE(); |
||
| 46 | exit(1); |
||
| 47 | } |
||
| 48 | } |
||
| 49 | argc -= optind; |
||
| 50 | argv += optind; |
||
| 51 | |||
| 52 | if (argc != 1) { |
||
| 53 | USAGE(); |
||
| 54 | exit(1); |
||
| 55 | } |
||
| 56 | doit(argv[0]); |
||
| 57 | |||
| 58 | return 0; |
||
| 59 | } |
||
| 60 | |||
| 61 | void doit(char *name) |
||
| 62 | { |
||
| 63 | char passphrase[128], passphrase1[128]; |
||
| 64 | FILE *f; |
||
| 65 | struct t_confent *tcent; |
||
| 66 | struct t_pw eps_passwd; |
||
| 67 | |||
| 68 | /* Get the config entry. */ |
||
| 69 | |||
| 70 | if (Configindex <= 0) { |
||
| 71 | Configindex = t_getprecount(); |
||
| 72 | } |
||
| 73 | tcent = gettcid(Configindex); |
||
| 74 | if (tcent == NULL) { |
||
| 75 | fprintf(stderr, "Invalid configuration file entry.\n"); |
||
| 76 | exit(1); |
||
| 77 | } |
||
| 78 | |||
| 79 | /* Ask for the passphrase twice. */ |
||
| 80 | |||
| 81 | printf("Setting passphrase for %s\n", name); |
||
| 82 | |||
| 83 | if (t_getpass(passphrase, sizeof(passphrase), "Enter passphrase: ") < 0) { |
||
| 84 | exit(1); |
||
| 85 | } |
||
| 86 | if (t_getpass(passphrase1, sizeof(passphrase1), "Verify: ") < 0) { |
||
| 87 | exit(1); |
||
| 88 | } |
||
| 89 | if (strcmp(passphrase, passphrase1) != 0) { |
||
| 90 | fprintf(stderr, "mismatch\n"); |
||
| 91 | exit(1); |
||
| 92 | } |
||
| 93 | |||
| 94 | /* Create the passphrase verifier. */ |
||
| 95 | |||
| 96 | t_makepwent(&eps_passwd, name, passphrase, NULL, tcent); |
||
| 97 | |||
| 98 | /* Don't need these anymore. */ |
||
| 99 | |||
| 100 | memset(passphrase, 0, sizeof(passphrase)); |
||
| 101 | memset(passphrase1, 0, sizeof(passphrase1)); |
||
| 102 | |||
| 103 | /* See if the passphrase file is there; create it if not. */ |
||
| 104 | |||
| 105 | if ((f = fopen(Passfile, "r+")) == NULL) { |
||
| 106 | creat(Passfile, 0400); |
||
| 107 | } else { |
||
| 108 | fclose(f); |
||
| 109 | } |
||
| 110 | |||
| 111 | /* Change the passphrase. */ |
||
| 112 | |||
| 113 | if (t_changepw(Passfile, &eps_passwd.pebuf) < 0) { |
||
| 114 | fprintf(stderr, "Error changing passphrase\n"); |
||
| 115 | exit(1); |
||
| 116 | } |
||
| 117 | } |
||
| 118 | |||
| 119 | /* TODO: Implement a more general method to handle delete/change */ |
||
| 120 | |||
| 121 | _TYPE( int ) |
||
| 122 | t_changepw(pwname, diff) |
||
| 123 | const char * pwname; |
||
| 124 | const struct t_pwent * diff; |
||
| 125 | { |
||
| 126 | char * bakfile; |
||
| 127 | char * bakfile2; |
||
| 128 | struct stat st; |
||
| 129 | FILE * passfp; |
||
| 130 | FILE * bakfp; |
||
| 131 | |||
| 132 | if(pwname == NULL) |
||
| 133 | pwname = DEFAULT_PASSWD; |
||
| 134 | |||
| 135 | if((passfp = fopen(pwname, "rb")) == NULL || fstat(fileno(passfp), &st) < 0) |
||
| 136 | return -1; |
||
| 137 | |||
| 138 | if((bakfile = malloc(strlen(pwname) + 5)) == NULL) { |
||
| 139 | fclose(passfp); |
||
| 140 | return -1; |
||
| 141 | } |
||
| 142 | else if((bakfile2 = malloc(strlen(pwname) + 5)) == NULL) { |
||
| 143 | fclose(passfp); |
||
| 144 | free(bakfile); |
||
| 145 | return -1; |
||
| 146 | } |
||
| 147 | |||
| 148 | sprintf(bakfile, "%s.bak", pwname); |
||
| 149 | sprintf(bakfile2, "%s.sav", pwname); |
||
| 150 | |||
| 151 | if((bakfp = fopen(bakfile2, "wb")) == NULL && |
||
| 152 | (unlink(bakfile2) < 0 || (bakfp = fopen(bakfile2, "wb")) == NULL)) { |
||
| 153 | fclose(passfp); |
||
| 154 | free(bakfile); |
||
| 155 | free(bakfile2); |
||
| 156 | return -1; |
||
| 157 | } |
||
| 158 | |||
| 159 | #ifdef NO_FCHMOD |
||
| 160 | chmod(bakfile2, st.st_mode & 0777); |
||
| 161 | #else |
||
| 162 | fchmod(fileno(bakfp), st.st_mode & 0777); |
||
| 163 | #endif |
||
| 164 | |||
| 165 | t_pwcopy(bakfp, passfp, diff); |
||
| 166 | |||
| 167 | fclose(bakfp); |
||
| 168 | fclose(passfp); |
||
| 169 | |||
| 170 | #ifdef USE_RENAME |
||
| 171 | unlink(bakfile); |
||
| 172 | if(rename(pwname, bakfile) < 0) { |
||
| 173 | free(bakfile); |
||
| 174 | free(bakfile2); |
||
| 175 | return -1; |
||
| 176 | } |
||
| 177 | if(rename(bakfile2, pwname) < 0) { |
||
| 178 | free(bakfile); |
||
| 179 | free(bakfile2); |
||
| 180 | return -1; |
||
| 181 | } |
||
| 182 | #else |
||
| 183 | unlink(bakfile); |
||
| 184 | link(pwname, bakfile); |
||
| 185 | unlink(pwname); |
||
| 186 | link(bakfile2, pwname); |
||
| 187 | unlink(bakfile2); |
||
| 188 | #endif |
||
| 189 | free(bakfile); |
||
| 190 | free(bakfile2); |
||
| 191 | |||
| 192 | return 0; |
||
| 193 | } |
||
| 194 | |||
| 195 | _TYPE( struct t_pwent * ) |
||
| 196 | t_makepwent(tpw, user, pass, salt, confent) |
||
| 197 | struct t_pw * tpw; |
||
| 198 | const char * user; |
||
| 199 | const char * pass; |
||
| 200 | const struct t_num * salt; |
||
| 201 | const struct t_confent * confent; |
||
| 202 | { |
||
| 203 | BigInteger x, v, n, g; |
||
| 204 | unsigned char dig[SHA_DIGESTSIZE]; |
||
| 205 | SHA1_CTX ctxt; |
||
| 206 | |||
| 207 | tpw->pebuf.name = tpw->userbuf; |
||
| 208 | tpw->pebuf.password.data = tpw->pwbuf; |
||
| 209 | tpw->pebuf.salt.data = tpw->saltbuf; |
||
| 210 | |||
| 211 | strncpy(tpw->pebuf.name, user, MAXUSERLEN); |
||
| 212 | tpw->pebuf.index = confent->index; |
||
| 213 | |||
| 214 | if(salt) { |
||
| 215 | tpw->pebuf.salt.len = salt->len; |
||
| 216 | memcpy(tpw->pebuf.salt.data, salt->data, salt->len); |
||
| 217 | } |
||
| 218 | else { |
||
| 219 | memset(dig, 0, SALTLEN); /* salt is 80 bits */ |
||
| 220 | tpw->pebuf.salt.len = SALTLEN; |
||
| 221 | do { |
||
| 222 | t_random(tpw->pebuf.salt.data, SALTLEN); |
||
| 223 | } while(memcmp(tpw->pebuf.salt.data, dig, SALTLEN) == 0); |
||
| 224 | if(tpw->pebuf.salt.data[0] == 0) |
||
| 225 | tpw->pebuf.salt.data[0] = 0xff; |
||
| 226 | } |
||
| 227 | |||
| 228 | n = BigIntegerFromBytes(confent->modulus.data, confent->modulus.len); |
||
| 229 | g = BigIntegerFromBytes(confent->generator.data, confent->generator.len); |
||
| 230 | v = BigIntegerFromInt(0); |
||
| 231 | |||
| 232 | SHA1Init(&ctxt); |
||
| 233 | SHA1Update(&ctxt, user, strlen(user)); |
||
| 234 | SHA1Update(&ctxt, ":", 1); |
||
| 235 | SHA1Update(&ctxt, pass, strlen(pass)); |
||
| 236 | SHA1Final(dig, &ctxt); |
||
| 237 | |||
| 238 | SHA1Init(&ctxt); |
||
| 239 | SHA1Update(&ctxt, tpw->pebuf.salt.data, tpw->pebuf.salt.len); |
||
| 240 | SHA1Update(&ctxt, dig, sizeof(dig)); |
||
| 241 | SHA1Final(dig, &ctxt); |
||
| 242 | |||
| 243 | /* x = H(s, H(u, ':', p)) */ |
||
| 244 | x = BigIntegerFromBytes(dig, sizeof(dig)); |
||
| 245 | |||
| 246 | BigIntegerModExp(v, g, x, n); |
||
| 247 | tpw->pebuf.password.len = BigIntegerToBytes(v, tpw->pebuf.password.data); |
||
| 248 | |||
| 249 | BigIntegerFree(v); |
||
| 250 | BigIntegerFree(x); |
||
| 251 | BigIntegerFree(g); |
||
| 252 | BigIntegerFree(n); |
||
| 253 | |||
| 254 | return &tpw->pebuf; |
||
| 255 | } |
||
| 256 | |||
| 257 | int |
||
| 258 | t_pwcopy(pwdest, pwsrc, diff) |
||
| 259 | FILE * pwdest; |
||
| 260 | FILE * pwsrc; |
||
| 261 | struct t_pwent * diff; |
||
| 262 | { |
||
| 263 | struct t_pw * src; |
||
| 264 | struct t_pwent * ent; |
||
| 265 | |||
| 266 | if((src = t_openpw(pwsrc)) == NULL) |
||
| 267 | return -1; |
||
| 268 | |||
| 269 | while((ent = t_getpwent(src)) != NULL) |
||
| 270 | if(diff && strcmp(diff->name, ent->name) == 0) { |
||
| 271 | t_putpwent(diff, pwdest); |
||
| 272 | diff = NULL; |
||
| 273 | } |
||
| 274 | else |
||
| 275 | t_putpwent(ent, pwdest); |
||
| 276 | |||
| 277 | if(diff) |
||
| 278 | t_putpwent(diff, pwdest); |
||
| 279 | |||
| 280 | return 0; |
||
| 281 | } |
||
| 282 | |||
| 283 | _TYPE( struct t_pwent * ) |
||
| 284 | t_getpwent(tpw) |
||
| 285 | struct t_pw * tpw; |
||
| 286 | { |
||
| 287 | char indexbuf[16]; |
||
| 288 | char passbuf[MAXB64PARAMLEN]; |
||
| 289 | char saltstr[MAXB64SALTLEN]; |
||
| 290 | |||
| 291 | #ifdef ENABLE_YP |
||
| 292 | struct t_passwd * nisent; |
||
| 293 | /* FIXME: should tell caller to get conf entry from NIS also */ |
||
| 294 | |||
| 295 | if(tpw->state == IN_NIS) { |
||
| 296 | nisent = _yp_gettpent(); |
||
| 297 | if(nisent != NULL) { |
||
| 298 | savepwent(tpw, &nisent->tp); |
||
| 299 | return &tpw->pebuf; |
||
| 300 | } |
||
| 301 | tpw->state = FILE_NIS; |
||
| 302 | } |
||
| 303 | #endif |
||
| 304 | |||
| 305 | while(1) { |
||
| 306 | if(t_nextfield(tpw->instream, tpw->userbuf, MAXUSERLEN) > 0) { |
||
| 307 | #ifdef ENABLE_YP |
||
| 308 | if(tpw->state == FILE_NIS && *tpw->userbuf == '+') { |
||
| 309 | t_nextline(tpw->instream); |
||
| 310 | if(strlen(tpw->userbuf) > 1) { /* +name:... */ |
||
| 311 | nisent = _yp_gettpnam(tpw->userbuf + 1); |
||
| 312 | if(nisent != NULL) { |
||
| 313 | savepwent(tpw, nisent); |
||
| 314 | return &tpw->pebuf; |
||
| 315 | } |
||
| 316 | } |
||
| 317 | else { /* +:... */ |
||
| 318 | tpw->state = IN_NIS; |
||
| 319 | _yp_settpent(); |
||
| 320 | return t_getpwent(tpw); |
||
| 321 | } |
||
| 322 | } |
||
| 323 | #endif |
||
| 324 | if(t_nextfield(tpw->instream, passbuf, MAXB64PARAMLEN) > 0 && |
||
| 325 | (tpw->pebuf.password.len = t_fromb64(tpw->pwbuf, passbuf)) > 0 && |
||
| 326 | t_nextfield(tpw->instream, saltstr, MAXB64SALTLEN) > 0 && |
||
| 327 | (tpw->pebuf.salt.len = t_fromb64(tpw->saltbuf, saltstr)) > 0 && |
||
| 328 | t_nextfield(tpw->instream, indexbuf, 16) > 0 && |
||
| 329 | (tpw->pebuf.index = atoi(indexbuf)) > 0) { |
||
| 330 | tpw->pebuf.name = tpw->userbuf; |
||
| 331 | tpw->pebuf.password.data = tpw->pwbuf; |
||
| 332 | tpw->pebuf.salt.data = tpw->saltbuf; |
||
| 333 | t_nextline(tpw->instream); |
||
| 334 | return &tpw->pebuf; |
||
| 335 | } |
||
| 336 | } |
||
| 337 | if(t_nextline(tpw->instream) < 0) |
||
| 338 | return NULL; |
||
| 339 | } |
||
| 340 | } |
||
| 341 | |||
| 342 | _TYPE( void ) |
||
| 343 | t_putpwent(ent, fp) |
||
| 344 | const struct t_pwent * ent; |
||
| 345 | FILE * fp; |
||
| 346 | { |
||
| 347 | char strbuf[MAXB64PARAMLEN]; |
||
| 348 | char saltbuf[MAXB64SALTLEN]; |
||
| 349 | |||
| 350 | fprintf(fp, "%s:%s:%s:%d\n", ent->name, |
||
| 351 | t_tob64(strbuf, ent->password.data, ent->password.len), |
||
| 352 | t_tob64(saltbuf, ent->salt.data, ent->salt.len), ent->index); |
||
| 353 | } |
||
| 354 |