/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved. * Copyright (C) 2010 Antoine Martin. All Rights Reserved. * Copyright (C) 2010 D. R. Commander. All Rights Reserved. * Copyright (C) 2020 Kasm. All Rights Reserved. * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this software; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA. */ #include #include #include #include #include #include #include #include #include #include "kasmpasswd.h" static void usage(const char *prog) { fprintf(stderr, "Usage: %s -u username [-wnod] [file]\n" "-r Read permission\n" "-w Write permission\n" "-o Owner\n" "-n Don't change password, change permissions only\n" "-d Delete this user\n" "\n" "The file is updated atomically.\n\n" "To pass the password via a pipe, use\n" "echo -e \"password\\npassword\\n\" | %s [-args]\n", prog, prog); exit(1); } static void enableEcho(unsigned char enable) { struct termios attrs; if (!isatty(fileno(stdin))) return; tcgetattr(fileno(stdin), &attrs); if (enable) attrs.c_lflag |= ECHO; else attrs.c_lflag &= ~ECHO; attrs.c_lflag |= ECHONL; tcsetattr(fileno(stdin), TCSAFLUSH, &attrs); } static const char *encryptpw(const char *in) { return crypt(in, "$5$kasm$"); } static char* getpassword(const char* prompt, char *buf) { if (prompt && isatty(fileno(stdin))) fputs(prompt, stdout); enableEcho(0); char* result = fgets(buf, 4096, stdin); enableEcho(1); if (result) { if (result[strlen(result)-1] == '\n') result[strlen(result)-1] = 0; return buf; } return NULL; } static char pw1[4096]; static char pw2[4096]; static const char *readpassword() { while (1) { if (!getpassword("Password:", pw1)) { perror("getpassword error"); exit(1); } if (strlen(pw1) < 6) { if (strlen(pw1) == 0) { fprintf(stderr,"Password not changed\n"); exit(1); } fprintf(stderr,"Password must be at least 6 characters - try again\n"); continue; } if (!getpassword("Verify:", pw2)) { perror("getpass error"); exit(1); } if (strcmp(pw1, pw2) != 0) { if (!isatty(fileno(stdin))) { fprintf(stderr,"Passwords don't match\n"); exit(1); } fprintf(stderr,"Passwords don't match - try again\n"); continue; } return encryptpw(pw1); } } int main(int argc, char** argv) { const char *fname = NULL; const char *user = NULL; const char args[] = "u:rwnod"; int opt; unsigned char nopass = 0, reader = 0, writer = 0, owner = 0, deleting = 0; while ((opt = getopt(argc, argv, args)) != -1) { switch (opt) { case 'u': user = optarg; if (strlen(user) + 1 > sizeof(((struct kasmpasswd_entry_t *)0)->user)) { fprintf(stderr, "Username %s too long\n", user); exit(1); } break; case 'n': nopass = 1; break; case 'r': reader = 1; break; case 'w': writer = 1; break; case 'o': owner = 1; break; case 'd': deleting = 1; break; default: usage(argv[0]); break; } } if (deleting && (nopass || reader || writer || owner)) usage(argv[0]); if (!user) usage(argv[0]); if (optind < argc) fname = argv[optind]; if (!fname) { wordexp_t wexp; if (!wordexp("~/.kasmpasswd", &wexp, WRDE_NOCMD) && wexp.we_wordv[0]) fname = strdup(wexp.we_wordv[0]); wordfree(&wexp); } if (!fname) usage(argv[0]); // Action struct kasmpasswd_t *set = readkasmpasswd(fname); unsigned i; if (nopass) { for (i = 0; i < set->num; i++) { if (!strcmp(set->entries[i].user, user)) { set->entries[i].read = reader; set->entries[i].write = writer; set->entries[i].owner = owner; writekasmpasswd(fname, set); return 0; } } fprintf(stderr, "No user named %s found\n", user); return 1; } else if (deleting) { for (i = 0; i < set->num; i++) { if (!strcmp(set->entries[i].user, user)) { set->entries[i].user[0] = '\0'; writekasmpasswd(fname, set); return 0; } } fprintf(stderr, "No user named %s found\n", user); return 1; } else { const char *encrypted = readpassword(); for (i = 0; i < set->num; i++) { if (!strcmp(set->entries[i].user, user)) break; } // No existing user by that name? if (i >= set->num) { i = set->num++; set->entries = realloc(set->entries, set->num * sizeof(struct kasmpasswd_entry_t)); } strcpy(set->entries[i].user, user); strcpy(set->entries[i].password, encrypted); set->entries[i].read = reader; set->entries[i].write = writer; set->entries[i].owner = owner; writekasmpasswd(fname, set); } return 0; }