kasmvncpasswd: Add support for multiple users

2025-02-16 10:29:19 +01:00 · 2020-10-09 15:36:03 +03:00 · 2020-10-09 15:36:03 +03:00 · 896950ea13
commit 896950ea13
parent e7016550fc
4 changed files with 217 additions and 39 deletions
--- a/unix/kasmvncpasswd/CMakeLists.txt
+++ b/unix/kasmvncpasswd/CMakeLists.txt
@ -1,7 +1,8 @@
 include_directories(${CMAKE_SOURCE_DIR}/common)

 add_executable(kasmvncpasswd 
-  kasmvncpasswd.c)
+  kasmvncpasswd.c
+  kasmpasswd.c)

 target_link_libraries(kasmvncpasswd crypt)

--- a/unix/kasmvncpasswd/kasmpasswd.c
+++ b/unix/kasmvncpasswd/kasmpasswd.c
@ -0,0 +1,114 @@
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "kasmpasswd.h"
+
+struct kasmpasswd_t *readkasmpasswd(const char path[]) {
+
+	struct kasmpasswd_t *set = calloc(sizeof(struct kasmpasswd_t), 1);
+	FILE *f = fopen(path, "r");
+	if (!f)
+		return set;
+
+	// Count lines
+	unsigned lines = 0;
+	char buf[4096];
+
+	while (fgets(buf, 4096, f)) {
+		lines++;
+	}
+
+	rewind(f);
+
+	set->entries = calloc(sizeof(struct kasmpasswd_entry_t), lines);
+
+	unsigned cur = 0;
+	while (fgets(buf, 4096, f)) {
+		char *lim = strchr(buf, ':');
+		if (!lim)
+			continue;
+		*lim = '\0';
+		lim++;
+
+		const char * const pw = lim;
+
+		lim = strchr(lim, ':');
+		if (!lim)
+			continue;
+		*lim = '\0';
+		lim++;
+
+		const char * const perms = lim;
+
+		lim = strchr(lim, '\n');
+		if (lim)
+			*lim = '\0';
+
+		if (strlen(buf) + 1 > sizeof(((struct kasmpasswd_entry_t *)0)->user)) {
+			fprintf(stderr, "Username %s too long\n", buf);
+			continue;
+		}
+		if (strlen(pw) + 1 > sizeof(((struct kasmpasswd_entry_t *)0)->password)) {
+			fprintf(stderr, "Password for user %s too long\n", buf);
+			continue;
+		}
+
+		strcpy(set->entries[cur].user, buf);
+		strcpy(set->entries[cur].password, pw);
+
+		if (strchr(perms, 'w'))
+			set->entries[cur].write = 1;
+		if (strchr(perms, 'o'))
+			set->entries[cur].owner = 1;
+
+		cur++;
+	}
+
+	fclose(f);
+
+	set->num = cur;
+
+	return set;
+}
+
+void writekasmpasswd(const char path[], const struct kasmpasswd_t *set) {
+	char tmpname[PATH_MAX];
+
+	if (!set || !set->entries || !set->num)
+		return;
+
+	snprintf(tmpname, PATH_MAX, "%s.tmp", path);
+	tmpname[PATH_MAX - 1] = '\0';
+
+	FILE *f = fopen(tmpname, "w");
+	if (!f) {
+		fprintf(stderr, "Failed to open temp file %s\n", tmpname);
+		return;
+	}
+
+	static const char * const perms[] = {
+		"",
+		"w",
+		"o",
+		"ow"
+	};
+
+	unsigned i;
+	for (i = 0; i < set->num; i++) {
+		fprintf(f, "%s:%s:%s\n",
+			set->entries[i].user,
+			set->entries[i].password,
+			perms[set->entries[i].owner * 2 + set->entries[i].write]);
+	}
+
+	fsync(fileno(f));
+	fclose(f);
+
+	if (rename(tmpname, path))
+		fprintf(stderr, "Failed writing the password file %s\n", path);
+	chmod(path, S_IRUSR|S_IWUSR);
+}
--- a/unix/kasmvncpasswd/kasmpasswd.h
+++ b/unix/kasmvncpasswd/kasmpasswd.h
@ -0,0 +1,27 @@
+#ifndef KASMPASSWD_H
+#define KASMPASSWD_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct kasmpasswd_entry_t {
+	char user[32];
+	char password[128];
+	unsigned char write : 1;
+	unsigned char owner : 1;
+};
+
+struct kasmpasswd_t {
+	struct kasmpasswd_entry_t *entries;
+	unsigned num;
+};
+
+struct kasmpasswd_t *readkasmpasswd(const char path[]);
+void writekasmpasswd(const char path[], const struct kasmpasswd_t *set);
+
+#ifdef __cplusplus
+} // extern C
+#endif
+
+#endif
--- a/unix/kasmvncpasswd/kasmvncpasswd.c
+++ b/unix/kasmvncpasswd/kasmvncpasswd.c
@ -29,10 +29,16 @@
 #include <unistd.h>
 #include <wordexp.h>

+#include "kasmpasswd.h"
+
 static void usage(const char *prog)
 {
-  fprintf(stderr, "Usage: %s [file]\n", prog);
-  fprintf(stderr, "       %s -f\n", prog);
+  fprintf(stderr, "Usage: %s -u username [-wno] [file]\n"
+                  "-w	Write permission\n"
+                  "-o	Owner\n"
+                  "-n	Don't change password, change permissions only\n"
+                  "\n"
+                  "The file is updated atomically.\n", prog);
  exit(1);
 }

@ -68,18 +74,6 @@ static char* getpassword(const char* prompt, char *buf) {
 static char pw1[4096];
 static char pw2[4096];

-// Reads passwords from stdin and prints encrypted passwords to stdout.
-static int encrypt_pipe() {
-  char *result = getpassword(NULL, pw1);
-  if (!result)
-    return 1;
-
-  printf("%s", encryptpw(result));
-  fflush(stdout);
-
-  return 0;
-}
-
 static const char *readpassword() {
  while (1) {
    if (!getpassword("Password:", pw1)) {
@ -110,20 +104,43 @@ static const char *readpassword() {

 int main(int argc, char** argv)
 {
-  char* fname = 0;
+  const char *fname = NULL;
+  const char *user = NULL;
+  const char args[] = "u:wno";
+  int opt;

-  for (int i = 1; i < argc; i++) {
-    if (strncmp(argv[i], "-f", 2) == 0) {
-      return encrypt_pipe();
-    } else if (argv[i][0] == '-') {
-      usage(argv[0]);
-    } else if (!fname) {
-      fname = argv[i];
-    } else {
-      usage(argv[0]);
+  unsigned char nopass = 0, writer = 0, owner = 0;
+
+  while ((opt = getopt(argc, argv, args)) != -1) {
+    switch (opt) {
+      case 'u':
+        user = optarg;
+        if (strlen(user) + 1 > sizeof(((struct kasmpasswd_entry_t *)0)->user)) {
+          fprintf(stderr, "Username %s too long\n", user);
+          exit(1);
+        }
+      break;
+      case 'n':
+        nopass = 1;
+      break;
+      case 'w':
+        writer = 1;
+      break;
+      case 'o':
+        owner = 1;
+      break;
+      default:
+        usage(argv[0]);
+      break;
    }
  }

+  if (!user)
+    usage(argv[0]);
+
+  if (optind < argc)
+    fname = argv[optind];
+
  if (!fname) {
    wordexp_t wexp;
    if (!wordexp("~/.kasmpasswd", &wexp, WRDE_NOCMD) && wexp.we_wordv[0])
@ -133,23 +150,42 @@ int main(int argc, char** argv)
  if (!fname)
    usage(argv[0]);

-  while (1) {
+  // Action
+  struct kasmpasswd_t *set = readkasmpasswd(fname);
+  unsigned i;
+
+  if (nopass) {
+    for (i = 0; i < set->num; i++) {
+      if (!strcmp(set->entries[i].user, user)) {
+        set->entries[i].write = writer;
+        set->entries[i].owner = owner;
+
+        writekasmpasswd(fname, set);
+        return 0;
+      }
+    }
+    fprintf(stderr, "No user named %s found\n", user);
+    return 1;
+  } else {
    const char *encrypted = readpassword();
-
-    FILE* fp = fopen(fname, "w");
-    if (!fp) {
-      fprintf(stderr, "Couldn't open %s for writing\n", fname);
-      exit(1);
-    }
-    chmod(fname, S_IRUSR|S_IWUSR);
-
-    if (fwrite(encrypted, strlen(encrypted), 1, fp) != 1) {
-      fprintf(stderr,"Writing to %s failed\n",fname);
-      exit(1);
+    for (i = 0; i < set->num; i++) {
+      if (!strcmp(set->entries[i].user, user))
+        break;
    }

-    fclose(fp);
+    // No existing user by that name?
+    if (i >= set->num) {
+      i = set->num++;
+      set->entries = realloc(set->entries, set->num * sizeof(struct kasmpasswd_entry_t));
+    }

-    return 0;
+    strcpy(set->entries[i].user, user);
+    strcpy(set->entries[i].password, encrypted);
+    set->entries[i].write = writer;
+    set->entries[i].owner = owner;
+
+    writekasmpasswd(fname, set);
  }
+
+  return 0;
 }