X-Git-Url: https://git.saurik.com/apple/system_cmds.git/blobdiff_plain/20e66415abeb3fec26bdbd0c220fb926593ab135..00bf83c00bdd789601d0af3bad04d92d92951111:/passwd.tproj/passwd.c diff --git a/passwd.tproj/passwd.c b/passwd.tproj/passwd.c index 894d797..877036e 100644 --- a/passwd.tproj/passwd.c +++ b/passwd.tproj/passwd.c @@ -1,36 +1,28 @@ /* - * Copyright (c) 1999 Apple Computer, Inc. All rights reserved. + * Copyright (c) 1999-2016 Apple Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ - * - * "Portions Copyright (c) 1999 Apple Computer, Inc. All Rights - * Reserved. This file contains Original Code and/or Modifications of - * Original Code as defined in and that are subject to the Apple Public - * Source License Version 1.0 (the 'License'). You may not use this file - * except in compliance with the License. Please obtain a copy of the - * License at http://www.apple.com/publicsource and read it before using - * this file. - * + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License." - * + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * * @APPLE_LICENSE_HEADER_END@ */ -#define INFO_NETINFO 0 -#define INFO_FILE 1 -#define INFO_NIS 2 -#define INFO_DIRECTORYSERVICES 3 +#include -#ifndef __SLICK__ #define _PASSWD_FILE "/etc/master.passwd" -#else -#define _PASSWD_FILE "/etc/passwd" -#endif #include #include @@ -38,25 +30,22 @@ #include #include #include -#include -#include "stringops.h" +#include "passwd.h" #ifdef __SLICK__ #define _PASSWORD_LEN 8 #endif -static char *saltchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; +char* progname = "passwd"; -extern int file_passwd(char *, char *); -extern int netinfo_passwd(char *, char *); -extern int nis_passwd(char *, char *); -extern int ds_passwd(char *, char *); +static char *saltchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; void getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, char *old_pw, char **new_pw, char **old_clear, char **new_clear) { - int i, tries, len, pw_ok, upper, lower, alpha, notalpha; + int i, tries, pw_ok, upper, lower, alpha, notalpha; + size_t len; int isNull; char *p; static char obuf[_PASSWORD_LEN+1]; @@ -81,7 +70,7 @@ getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, } //strcpy(obuf, p); snprintf( obuf, sizeof(obuf), "%s", p ); - + tries = 0; nbuf[0] = '\0'; for (;;) @@ -117,12 +106,12 @@ getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, * An insistent root may override security options. */ if ((isroot == 1) && (tries > 2)) pw_ok = 1; - + /* * A very insistent user may override security options. */ if (tries > 4) pw_ok = 1; - + if (pw_ok == 0) { if (len < minlen) @@ -136,7 +125,7 @@ getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, //strcpy(nbuf, p); snprintf( nbuf, sizeof(nbuf), "%s", p ); - + if (!strcmp(nbuf, getpass("Retype new password:"))) break; printf("Mismatch; try again, EOF to quit.\n"); @@ -156,103 +145,158 @@ getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, return; } -void -usage() +static void +usage(void) { - fprintf(stderr, "usage: passwd [-i infosystem] [-l location] [name]\n"); - fprintf(stderr, "supported infosystems are:\n"); - fprintf(stderr, " netinfo\n"); + fprintf(stderr, "usage: %s [-i infosystem] -l location]] [-u authname] [name]\n", progname); + fprintf(stderr, " infosystem:\n"); fprintf(stderr, " file\n"); - fprintf(stderr, " nis\n"); - fprintf(stderr, " opendirectory\n"); - fprintf(stderr, "for netinfo, location may be a domain name or server/tag\n"); - fprintf(stderr, "for file, location may be a file name (%s is the default)\n", - _PASSWD_FILE); - fprintf(stderr, "for nis, location may be a NIS domainname\n"); - fprintf(stderr, "for opendirectory, location may be a directory node name\n"); + fprintf(stderr, " NIS\n"); + fprintf(stderr, " OpenDirectory\n"); + fprintf(stderr, " PAM\n"); + fprintf(stderr, " location (for infosystem):\n"); + fprintf(stderr, " file location is path to file (default is %s)\n", _PASSWD_FILE); + fprintf(stderr, " NIS location is NIS domain name\n"); + fprintf(stderr, " OpenDirectory location is directory node name\n"); + fprintf(stderr, " PAM location is not used\n"); exit(1); } int main(int argc, char *argv[]) { - char *user, *locn; - int i, infosystem; - - /* since DS works for most infosystems, make it the default */ - //infosystem = INFO_NETINFO; - infosystem = INFO_DIRECTORYSERVICES; - user = NULL; - locn = NULL; - - for (i = 1; i < argc; i++) - { - if (!strcmp(argv[i], "-i")) - { - if (++i >= argc) - { - fprintf(stderr, "no argument for -i option\n"); - usage(); - } + char* user = NULL; + char* locn = NULL; + char* auth = NULL; + int infosystem, ch; + int free_user = 0; + int res = -1; - if (!strcmp(argv[i], "NetInfo")) infosystem = INFO_NETINFO; - else if (!strcmp(argv[i], "netinfo")) infosystem = INFO_NETINFO; - else if (!strcmp(argv[i], "File")) infosystem = INFO_FILE; - else if (!strcmp(argv[i], "file")) infosystem = INFO_FILE; - else if (!strcmp(argv[i], "NIS")) infosystem = INFO_NIS; - else if (!strcmp(argv[i], "nis")) infosystem = INFO_NIS; - else if (!strcmp(argv[i], "YP")) infosystem = INFO_NIS; - else if (!strcmp(argv[i], "yp")) infosystem = INFO_NIS; - else if (!strcasecmp(argv[i], "opendirectory")) infosystem = INFO_DIRECTORYSERVICES; - else - { - fprintf(stderr, "unknown info system \"%s\"\n", argv[i]); - usage(); - } - } +#ifdef INFO_PAM + infosystem = INFO_PAM; +#else +#ifdef INFO_OPEN_DIRECTORY + infosystem = INFO_OPEN_DIRECTORY; +#else + infosystem = INFO_FILE; +#endif +#endif - else if (!strcmp(argv[i], "-l")) - { - if (++i >= argc) - { - fprintf(stderr, "no argument for -l option\n"); +#ifdef INFO_OPEN_DIRECTORY + /* PAM is the default infosystem, but we still want to use OpenDirectory directly when run by root */ + if (0 == getuid()) + infosystem = INFO_OPEN_DIRECTORY; +#endif + + while ((ch = getopt(argc, argv, "i:l:u:")) != -1) + switch(ch) { + case 'i': + if (!strcasecmp(optarg, "file")) { + infosystem = INFO_FILE; +#ifdef INFO_NIS + } else if (!strcasecmp(optarg, "NIS")) { + infosystem = INFO_NIS; + } else if (!strcasecmp(optarg, "YP")) { + infosystem = INFO_NIS; +#endif +#ifdef INFO_OPEN_DIRECTORY + } else if (!strcasecmp(optarg, "opendirectory")) { + infosystem = INFO_OPEN_DIRECTORY; +#endif +#ifdef INFO_PAM + } else if (!strcasecmp(optarg, "PAM")) { + infosystem = INFO_PAM; +#endif + } else { + fprintf(stderr, "%s: Unknown info system \'%s\'.\n", + progname, optarg); usage(); } - locn = argv[i]; - } - else if (user == NULL) user = argv[i]; - else usage(); + break; + case 'l': + locn = optarg; + break; + case 'u': + auth = optarg; + break; + case '?': + default: + usage(); + break; } + argc -= optind; + argv += optind; + + if (argc > 1) { + usage(); + } else if (argc == 1) { + user = argv[0]; + } + +#ifdef INFO_PAM + if (INFO_PAM == infosystem && NULL != locn) + usage(); +#endif if (user == NULL) { - /* + /* * Verify that the login name exists. * lukeh 24 Dec 1997 */ - if ((user = getlogin()) == NULL) + + /* getlogin() is the wrong thing to use here because it returns the wrong user after su */ + /* sns 5 Jan 2005 */ + + struct passwd * userRec = getpwuid(getuid()); + if (userRec != NULL && userRec->pw_name != NULL) { + /* global static mem is volatile; must strdup */ + user = strdup(userRec->pw_name); + free_user = 1; + } + + if (user == NULL) { fprintf(stderr, "you don't have a login name\n"); exit(1); } } - + switch (infosystem) { - case INFO_NETINFO: - netinfo_passwd(user, locn); - break; case INFO_FILE: - file_passwd(user, locn); + res = file_passwd(user, locn); break; +#ifdef INFO_NIS case INFO_NIS: - nis_passwd(user, locn); + res = nis_passwd(user, locn); break; - case INFO_DIRECTORYSERVICES: - ds_passwd(user, locn); +#endif +#ifdef INFO_OPEN_DIRECTORY + case INFO_OPEN_DIRECTORY: + res = od_passwd(user, locn, auth); + break; +#endif +#ifdef INFO_PAM + case INFO_PAM: + res = pam_passwd(user); break; +#endif + } + + if (res == 0) + { + printf("\n"); + printf("################################### WARNING ###################################\n"); + printf("# This tool does not update the login keychain password. #\n"); + printf("# To update it, run `security set-keychain-password` as the user in question, #\n"); + printf("# or as root providing a path to such user's login keychain. #\n"); + printf("###############################################################################\n"); + printf("\n"); } + if (free_user == 1) + free(user); + exit(0); } -