1 /* vi: set sw=4 ts=4: */
2 /*
3  * Copyright 1989 - 1991, Julianne Frances Haugh <jockgrrl@austin.rr.com>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
15  *    may be used to endorse or promote products derived from this software
16  *    without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  */
30 
31 #include "libbb.h"
32 
33 #define SHADOW_BUFSIZE 256
34 
35 /* Retrieve encrypted password string for pw.
36  * If pw == NULL, return a string which fails password check against any
37  * password.
38  */
39 #if !ENABLE_FEATURE_SHADOWPASSWDS
40 #define get_passwd(pw, buffer) get_passwd(pw)
41 #endif
get_passwd(const struct passwd * pw,char buffer[SHADOW_BUFSIZE])42 static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZE])
43 {
44 	const char *pass;
45 
46 	if (!pw)
47 		return "aa"; /* "aa" will never match */
48 
49 	pass = pw->pw_passwd;
50 #if ENABLE_FEATURE_SHADOWPASSWDS
51 	/* Using _r function to avoid pulling in static buffers */
52 	if ((pass[0] == 'x' || pass[0] == '*') && !pass[1]) {
53 		struct spwd spw;
54 		int r;
55 		/* getspnam_r may return 0 yet set result to NULL.
56 		 * At least glibc 2.4 does this. Be extra paranoid here. */
57 		struct spwd *result = NULL;
58 		r = getspnam_r(pw->pw_name, &spw, buffer, SHADOW_BUFSIZE, &result);
59 		pass = (r || !result) ? "aa" : result->sp_pwdp;
60 	}
61 #endif
62 	return pass;
63 }
64 
65 /*
66  * Return 1 if PW has an empty password.
67  * Return 1 if the user gives the correct password for entry PW,
68  * 0 if not.
69  * NULL pw means "just fake it for login with bad username"
70  */
check_password(const struct passwd * pw,const char * plaintext)71 int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext)
72 {
73 	IF_FEATURE_SHADOWPASSWDS(char buffer[SHADOW_BUFSIZE];)
74 	char *encrypted;
75 	const char *pw_pass;
76 	int r;
77 
78 	pw_pass = get_passwd(pw, buffer);
79 	if (!pw_pass[0]) { /* empty password field? */
80 		return 1;
81 	}
82 
83 	encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1);
84 	r = (strcmp(encrypted, pw_pass) == 0);
85 	free(encrypted);
86 	return r;
87 }
88 
89 
90 /* Ask the user for a password.
91  * Return 1 without asking if PW has an empty password.
92  * Return -1 on EOF, error while reading input, or timeout.
93  * Return 1 if the user gives the correct password for entry PW,
94  * 0 if not.
95  *
96  * NULL pw means "just fake it for login with bad username"
97  */
ask_and_check_password_extended(const struct passwd * pw,int timeout,const char * prompt)98 int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
99 		int timeout, const char *prompt)
100 {
101 	IF_FEATURE_SHADOWPASSWDS(char buffer[SHADOW_BUFSIZE];)
102 	char *plaintext;
103 	const char *pw_pass;
104 	int r;
105 
106 	pw_pass = get_passwd(pw, buffer);
107 	if (!pw_pass[0]) /* empty password field? */
108 		return 1;
109 
110 	plaintext = bb_ask(STDIN_FILENO, timeout, prompt);
111 	if (!plaintext) {
112 		/* EOF (such as ^D) or error (such as ^C) or timeout */
113 		return -1;
114 	}
115 
116 	r = check_password(pw, plaintext);
117 	nuke_str(plaintext);
118 	return r;
119 }
120 
ask_and_check_password(const struct passwd * pw)121 int FAST_FUNC ask_and_check_password(const struct passwd *pw)
122 {
123 	return ask_and_check_password_extended(pw, 0, "Password: ");
124 }
125