search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Makefile: Added cleandir target.
[Samba.git] / source / smbd / chgpasswd.c
blob883ad5214a8c64a4090f91c8a2b16130fa976993
1 /* fork a child process to exec passwd and write to its
2 * tty to change a users password. This is running as the
3 * user who is attempting to change the password.
4 */
5
6 /*
7 * This code was copied/borrowed and stolen from various sources.
8 * The primary source was the poppasswd.c from the authors of POPMail. This software
9 * was included as a client to change passwords using the 'passwd' program
10 * on the remote machine.
11 *
12 * This routine is called by set_user_password() in password.c only if ALLOW_PASSWORD_CHANGE
13 * is defined in the compiler directives located in the Makefile.
14 *
15 * This code has been hacked by Bob Nance (nance@niehs.nih.gov) and Evan Patterson
16 * (patters2@niehs.nih.gov) at the National Institute of Environmental Health Sciences
17 * and rights to modify, distribute or incorporate this change to the CAP suite or
18 * using it for any other reason are granted, so long as this disclaimer is left intact.
19 */
20
21 /*
22 This code was hacked considerably for inclusion in Samba, primarily
23 by Andrew.Tridgell@anu.edu.au. The biggest change was the addition
24 of the "password chat" option, which allows the easy runtime
25 specification of the expected sequence of events to change a
26 password.
27 */
28
29 #include "includes.h"
30
31 extern int DEBUGLEVEL;
32
33 #ifdef ALLOW_CHANGE_PASSWORD
34
35 #define MINPASSWDLENGTH 5
36 #define BUFSIZE 512
37
38 static int findpty(char **slave)
39 {
40 int master;
41 #ifdef SVR4
42 extern char *ptsname();
43 #else
44 static char line[12];
45 void *dirp;
46 char *dpname;
47 #endif
48
49 #ifdef SVR4
50 if ((master = open("/dev/ptmx", O_RDWR)) >= 1) {
51 grantpt(master);
52 unlockpt(master);
53 *slave = ptsname(master);
54 return (master);
55 }
56 #else
57 strcpy( line, "/dev/ptyXX" );
58
59 dirp = OpenDir("/dev");
60 if (!dirp) return(-1);
61 while ((dpname = ReadDirName(dirp)) != NULL) {
62 if (strncmp(dpname, "pty", 3) == 0 && strlen(dpname) == 5) {
63 DEBUG(3,("pty: try to open %s, line was %s\n", dpname, line ) );
64 line[8] = dpname[3];
65 line[9] = dpname[4];
66 if ((master = open(line, O_RDWR)) >= 0) {
67 DEBUG(3,("pty: opened %s\n", line ) );
68 line[5] = 't';
69 *slave = line;
70 CloseDir(dirp);
71 return (master);
72 }
73 }
74 }
75 CloseDir(dirp);
76 #endif
77 return (-1);
78 }
79
80 static int dochild(int master,char *slavedev, char *name, char *passwordprogram)
81 {
82 int slave;
83 struct termios stermios;
84 struct passwd *pass = Get_Pwnam(name,True);
85 int gid = pass->pw_gid;
86 int uid = pass->pw_uid;
87
88 #ifdef USE_SETRES
89 setresuid(0,0,0);
90 #else
91 setuid(0);
92 #endif
93
94 /* Start new session - gets rid of controlling terminal. */
95 if (setsid() < 0) {
96 DEBUG(3,("Weirdness, couldn't let go of controlling terminal\n"));
97 return(False);
98 }
99
100 /* Open slave pty and acquire as new controlling terminal. */
101 if ((slave = open(slavedev, O_RDWR)) < 0) {
102 DEBUG(3,("More weirdness, could not open %s\n",
103 slavedev));
104 return(False);
105 }
106 #ifdef SVR4
107 ioctl(slave, I_PUSH, "ptem");
108 ioctl(slave, I_PUSH, "ldterm");
109 #else
110 if (ioctl(slave,TIOCSCTTY,0) <0) {
111 DEBUG(3,("Error in ioctl call for slave pty\n"));
112 /* return(False); */
113 }
114 #endif
115
116 /* Close master. */
117 close(master);
118
119 /* Make slave stdin/out/err of child. */
120
121 if (dup2(slave, STDIN_FILENO) != STDIN_FILENO) {
122 DEBUG(3,("Could not re-direct stdin\n"));
123 return(False);
124 }
125 if (dup2(slave, STDOUT_FILENO) != STDOUT_FILENO) {
126 DEBUG(3,("Could not re-direct stdout\n"));
127 return(False);
128 }
129 if (dup2(slave, STDERR_FILENO) != STDERR_FILENO) {
130 DEBUG(3,("Could not re-direct stderr\n"));
131 return(False);
132 }
133 if (slave > 2) close(slave);
134
135 /* Set proper terminal attributes - no echo, canonical input processing,
136 no map NL to CR/NL on output. */
137
138 if (tcgetattr(0, &stermios) < 0) {
139 DEBUG(3,("could not read default terminal attributes on pty\n"));
140 return(False);
141 }
142 stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
143 stermios.c_lflag |= ICANON;
144 stermios.c_oflag &= ~(ONLCR);
145 if (tcsetattr(0, TCSANOW, &stermios) < 0) {
146 DEBUG(3,("could not set attributes of pty\n"));
147 return(False);
148 }
149
150 /* make us completely into the right uid */
151 #ifdef USE_SETRES
152 setresgid(0,0,0);
153 setresuid(0,0,0);
154 setresgid(gid,gid,gid);
155 setresuid(uid,uid,uid);
156 #else
157 setuid(0);
158 seteuid(0);
159 setgid(gid);
160 setegid(gid);
161 setuid(uid);
162 seteuid(uid);
163 #endif
164
165 /* execl() password-change application */
166 if (execl("/bin/sh","sh","-c",passwordprogram,NULL) < 0) {
167 DEBUG(3,("Bad status returned from %s\n",passwordprogram));
168 return(False);
169 }
170 return(True);
171 }
172
173 static int expect(int master,char *expected,char *buf)
174 {
175 int n, m;
176
177 n = 0;
178 buf[0] = 0;
179 while (1) {
180 if (n >= BUFSIZE-1) {
181 return False;
182 }
183
184 /* allow 4 seconds for some output to appear */
185 m = read_with_timeout(master, buf+n, 1, BUFSIZE-1-n, 4000);
186 if (m < 0)
187 return False;
188
189 n += m;
190 buf[n] = 0;
191
192 {
193 pstring s1,s2;
194 strcpy(s1,buf);
195 strcpy(s2,expected);
196 if (do_match(s1, s2, False))
197 return(True);
198 }
199 }
200 }
201
202 static void pwd_sub(char *buf)
203 {
204 string_sub(buf,"\\n","\n");
205 string_sub(buf,"\\r","\r");
206 string_sub(buf,"\\s"," ");
207 string_sub(buf,"\\t","\t");
208 }
209
210 static void writestring(int fd,char *s)
211 {
212 int l;
213
214 l = strlen (s);
215 write (fd, s, l);
216 }
217
218
219 static int talktochild(int master, char *chatsequence)
220 {
221 char buf[BUFSIZE];
222 int count=0;
223 char *ptr=chatsequence;
224 fstring chatbuf;
225
226 *buf = 0;
227 sleep(1);
228
229 while (next_token(&ptr,chatbuf,NULL)) {
230 BOOL ok=True;
231 count++;
232 pwd_sub(chatbuf);
233 if (!strequal(chatbuf,"."))
234 ok = expect(master,chatbuf,buf);
235
236 #if DEBUG_PASSWORD
237 DEBUG(100,("chatbuf=[%s] responsebuf=[%s]\n",chatbuf,buf));
238 #endif
239
240 if (!ok) {
241 DEBUG(3,("response %d incorrect\n",count));
242 return(False);
243 }
244
245 if (!next_token(&ptr,chatbuf,NULL)) break;
246 pwd_sub(chatbuf);
247 if (!strequal(chatbuf,"."))
248 writestring(master,chatbuf);
249
250 #if DEBUG_PASSWORD
251 DEBUG(100,("sendbuf=[%s]\n",chatbuf));
252 #endif
253 }
254
255 if (count<1) return(False);
256
257 return (True);
258 }
259
260
261 BOOL chat_with_program(char *passwordprogram,char *name,char *chatsequence)
262 {
263 char *slavedev;
264 int master;
265 pid_t pid, wpid;
266 int wstat;
267 BOOL chstat;
268
269 /* allocate a pseudo-terminal device */
270 if ((master = findpty (&slavedev)) < 0) {
271 DEBUG(3,("Cannot Allocate pty for password change: %s",name));
272 return(False);
273 }
274
275 if ((pid = fork()) < 0) {
276 DEBUG(3,("Cannot fork() child for password change: %s",name));
277 return(False);
278 }
279
280 /* we now have a pty */
281 if (pid > 0){ /* This is the parent process */
282 if ((chstat = talktochild(master, chatsequence)) == False) {
283 DEBUG(3,("Child failed to change password: %s\n",name));
284 kill(pid, SIGKILL); /* be sure to end this process */
285 return(False);
286 }
287 if ((wpid = sys_waitpid(pid, &wstat, 0)) < 0) {
288 DEBUG(3,("The process is no longer waiting!\n\n"));
289 return(False);
290 }
291 if (pid != wpid) {
292 DEBUG(3,("We were waiting for the wrong process ID\n"));
293 return(False);
294 }
295 if (WIFEXITED(wstat) == 0) {
296 DEBUG(3,("The process exited while we were waiting\n"));
297 return(False);
298 }
299 if (WEXITSTATUS(wstat) != 0) {
300 DEBUG(3,("The status of the process exiting was %d\n", wstat));
301 return(False);
302 }
303
304 } else {
305 /* CHILD */
306
307 /* make sure it doesn't freeze */
308 alarm(20);
309
310 DEBUG(3,("Dochild for user %s (uid=%d,gid=%d)\n",name,getuid(),getgid()));
311 chstat = dochild(master, slavedev, name, passwordprogram);
312 }
313 DEBUG(3,("Password change %ssuccessful for user %s\n", (chstat?"":"un"), name));
314 return (chstat);
315 }
316
317
318 BOOL chgpasswd(char *name,char *oldpass,char *newpass)
319 {
320 pstring passwordprogram;
321 pstring chatsequence;
322
323 strlower(name);
324 DEBUG(3,("Password change for user: %s\n",name));
325
326 #if DEBUG_PASSWORD
327 DEBUG(100,("Passwords: old=%s new=%s\n",oldpass,newpass));
328 #endif
329
330 /* Take the passed information and test it for minimum criteria */
331 /* Minimum password length */
332 if (strlen(newpass) < MINPASSWDLENGTH) /* too short, must be at least MINPASSWDLENGTH */
333 {
334 DEBUG(2,("Password Change: %s, New password is shorter than MINPASSWDLENGTH\n",name));
335 return (False); /* inform the user */
336 }
337
338 /* Password is same as old password */
339 if (strcmp(oldpass,newpass) == 0) /* don't allow same password */
340 {
341 DEBUG(2,("Password Change: %s, New password is same as old\n",name)); /* log the attempt */
342 return (False); /* inform the user */
343 }
344
345 #if (defined(PASSWD_PROGRAM) && defined(PASSWD_CHAT))
346 strcpy(passwordprogram,PASSWD_PROGRAM);
347 strcpy(chatsequence,PASSWD_CHAT);
348 #else
349 strcpy(passwordprogram,lp_passwd_program());
350 strcpy(chatsequence,lp_passwd_chat());
351 #endif
352
353 if (!*chatsequence) {
354 DEBUG(2,("Null chat sequence - no password changing\n"));
355 return(False);
356 }
357
358 if (!*passwordprogram) {
359 DEBUG(2,("Null password program - no password changing\n"));
360 return(False);
361 }
362
363 string_sub(passwordprogram,"%u",name);
364 string_sub(passwordprogram,"%o",oldpass);
365 string_sub(passwordprogram,"%n",newpass);
366
367 string_sub(chatsequence,"%u",name);
368 string_sub(chatsequence,"%o",oldpass);
369 string_sub(chatsequence,"%n",newpass);
370 return(chat_with_program(passwordprogram,name,chatsequence));
371 }
372
373 #else
374 BOOL chgpasswd(char *name,char *oldpass,char *newpass)
375 {
376 DEBUG(0,("Password changing not compiled in (user=%s)\n",name));
377 return(False);
378 }
379 #endif
Samba GIT mirror