X-Git-Url: https://git.saurik.com/apple/system_cmds.git/blobdiff_plain/6d658acdb5f61932718109ed8f339604b778ab80..00bf83c00bdd789601d0af3bad04d92d92951111:/passwd.tproj/passwd.c?ds=inline diff --git a/passwd.tproj/passwd.c b/passwd.tproj/passwd.c index 4b16ce7..877036e 100644 --- a/passwd.tproj/passwd.c +++ b/passwd.tproj/passwd.c @@ -1,17 +1,15 @@ /* - * Copyright (c) 1999 Apple Computer, Inc. All rights reserved. + * Copyright (c) 1999-2016 Apple Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ - * - * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -19,18 +17,12 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ -#define INFO_NETINFO 0 -#define INFO_FILE 1 -#define INFO_NIS 2 +#include -#ifndef __SLICK__ #define _PASSWD_FILE "/etc/master.passwd" -#else -#define _PASSWD_FILE "/etc/passwd" -#endif #include #include @@ -38,24 +30,22 @@ #include #include #include -#include -#include "stringops.h" +#include "passwd.h" #ifdef __SLICK__ #define _PASSWORD_LEN 8 #endif -static char *saltchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; +char* progname = "passwd"; -extern int file_passwd(char *, char *); -extern int netinfo_passwd(char *, char *); -extern int nis_passwd(char *, char *); +static char *saltchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; void getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, char *old_pw, char **new_pw, char **old_clear, char **new_clear) { - int i, tries, len, pw_ok, upper, lower, alpha, notalpha; + int i, tries, pw_ok, upper, lower, alpha, notalpha; + size_t len; int isNull; char *p; static char obuf[_PASSWORD_LEN+1]; @@ -78,7 +68,8 @@ getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, exit(1); } } - strcpy(obuf, p); + //strcpy(obuf, p); + snprintf( obuf, sizeof(obuf), "%s", p ); tries = 0; nbuf[0] = '\0'; @@ -115,12 +106,12 @@ getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, * An insistent root may override security options. */ if ((isroot == 1) && (tries > 2)) pw_ok = 1; - + /* * A very insistent user may override security options. */ if (tries > 4) pw_ok = 1; - + if (pw_ok == 0) { if (len < minlen) @@ -132,7 +123,9 @@ getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, continue; } - strcpy(nbuf, p); + //strcpy(nbuf, p); + snprintf( nbuf, sizeof(nbuf), "%s", p ); + if (!strcmp(nbuf, getpass("Retype new password:"))) break; printf("Mismatch; try again, EOF to quit.\n"); @@ -152,95 +145,158 @@ getpasswd(char *name, int isroot, int minlen, int mixcase, int nonalpha, return; } -void -usage() +static void +usage(void) { - fprintf(stderr, "usage: passwd [-i infosystem] [-l location] [name]\n"); - fprintf(stderr, "supported infosystems are:\n"); - fprintf(stderr, " netinfo\n"); + fprintf(stderr, "usage: %s [-i infosystem] -l location]] [-u authname] [name]\n", progname); + fprintf(stderr, " infosystem:\n"); fprintf(stderr, " file\n"); - fprintf(stderr, " nis\n"); - fprintf(stderr, "for netinfo, location may be a domain name or server/tag\n"); - fprintf(stderr, "for file, location may be a file name (%s is the default)\n", - _PASSWD_FILE); - fprintf(stderr, "for nis, location may be a NIS domainname\n"); + fprintf(stderr, " NIS\n"); + fprintf(stderr, " OpenDirectory\n"); + fprintf(stderr, " PAM\n"); + fprintf(stderr, " location (for infosystem):\n"); + fprintf(stderr, " file location is path to file (default is %s)\n", _PASSWD_FILE); + fprintf(stderr, " NIS location is NIS domain name\n"); + fprintf(stderr, " OpenDirectory location is directory node name\n"); + fprintf(stderr, " PAM location is not used\n"); exit(1); } int main(int argc, char *argv[]) { - char *user, *locn; - int i, infosystem; + char* user = NULL; + char* locn = NULL; + char* auth = NULL; + int infosystem, ch; + int free_user = 0; + int res = -1; - infosystem = INFO_NETINFO; - user = NULL; - locn = NULL; +#ifdef INFO_PAM + infosystem = INFO_PAM; +#else +#ifdef INFO_OPEN_DIRECTORY + infosystem = INFO_OPEN_DIRECTORY; +#else + infosystem = INFO_FILE; +#endif +#endif - for (i = 1; i < argc; i++) - { - if (!strcmp(argv[i], "-i")) - { - if (++i >= argc) - { - fprintf(stderr, "no argument for -i option\n"); - usage(); - } +#ifdef INFO_OPEN_DIRECTORY + /* PAM is the default infosystem, but we still want to use OpenDirectory directly when run by root */ + if (0 == getuid()) + infosystem = INFO_OPEN_DIRECTORY; +#endif - if (!strcmp(argv[i], "NetInfo")) infosystem = INFO_NETINFO; - else if (!strcmp(argv[i], "netinfo")) infosystem = INFO_NETINFO; - else if (!strcmp(argv[i], "File")) infosystem = INFO_FILE; - else if (!strcmp(argv[i], "file")) infosystem = INFO_FILE; - else if (!strcmp(argv[i], "NIS")) infosystem = INFO_NIS; - else if (!strcmp(argv[i], "nis")) infosystem = INFO_NIS; - else if (!strcmp(argv[i], "YP")) infosystem = INFO_NIS; - else if (!strcmp(argv[i], "yp")) infosystem = INFO_NIS; - else - { - fprintf(stderr, "unknown info system \"%s\"\n", argv[i]); + while ((ch = getopt(argc, argv, "i:l:u:")) != -1) + switch(ch) { + case 'i': + if (!strcasecmp(optarg, "file")) { + infosystem = INFO_FILE; +#ifdef INFO_NIS + } else if (!strcasecmp(optarg, "NIS")) { + infosystem = INFO_NIS; + } else if (!strcasecmp(optarg, "YP")) { + infosystem = INFO_NIS; +#endif +#ifdef INFO_OPEN_DIRECTORY + } else if (!strcasecmp(optarg, "opendirectory")) { + infosystem = INFO_OPEN_DIRECTORY; +#endif +#ifdef INFO_PAM + } else if (!strcasecmp(optarg, "PAM")) { + infosystem = INFO_PAM; +#endif + } else { + fprintf(stderr, "%s: Unknown info system \'%s\'.\n", + progname, optarg); usage(); } - } + break; + case 'l': + locn = optarg; + break; + case 'u': + auth = optarg; + break; + case '?': + default: + usage(); + break; + } + argc -= optind; + argv += optind; - else if (!strcmp(argv[i], "-l")) - { - if (++i >= argc) - { - fprintf(stderr, "no argument for -l option\n"); - usage(); - } - locn = argv[i]; - } - else if (user == NULL) user = argv[i]; - else usage(); + if (argc > 1) { + usage(); + } else if (argc == 1) { + user = argv[0]; } +#ifdef INFO_PAM + if (INFO_PAM == infosystem && NULL != locn) + usage(); +#endif + if (user == NULL) { - /* + /* * Verify that the login name exists. * lukeh 24 Dec 1997 */ - if ((user = getlogin()) == NULL) + + /* getlogin() is the wrong thing to use here because it returns the wrong user after su */ + /* sns 5 Jan 2005 */ + + struct passwd * userRec = getpwuid(getuid()); + if (userRec != NULL && userRec->pw_name != NULL) { + /* global static mem is volatile; must strdup */ + user = strdup(userRec->pw_name); + free_user = 1; + } + + if (user == NULL) { fprintf(stderr, "you don't have a login name\n"); exit(1); } } - + switch (infosystem) { - case INFO_NETINFO: - netinfo_passwd(user, locn); - break; case INFO_FILE: - file_passwd(user, locn); + res = file_passwd(user, locn); break; +#ifdef INFO_NIS case INFO_NIS: - nis_passwd(user, locn); + res = nis_passwd(user, locn); + break; +#endif +#ifdef INFO_OPEN_DIRECTORY + case INFO_OPEN_DIRECTORY: + res = od_passwd(user, locn, auth); + break; +#endif +#ifdef INFO_PAM + case INFO_PAM: + res = pam_passwd(user); break; +#endif + } + + if (res == 0) + { + printf("\n"); + printf("################################### WARNING ###################################\n"); + printf("# This tool does not update the login keychain password. #\n"); + printf("# To update it, run `security set-keychain-password` as the user in question, #\n"); + printf("# or as root providing a path to such user's login keychain. #\n"); + printf("###############################################################################\n"); + printf("\n"); } + if (free_user == 1) + free(user); + exit(0); } -