2014-05-07 22:27:00 +00:00
|
|
|
/*
|
2020-02-27 23:26:58 +00:00
|
|
|
Copyright (c) 2012-2020 Roger Light <roger@atchoo.org>
|
2014-05-07 22:27:00 +00:00
|
|
|
|
|
|
|
|
All rights reserved. This program and the accompanying materials
|
2020-11-25 17:34:21 +00:00
|
|
|
are made available under the terms of the Eclipse Public License 2.0
|
2014-05-07 22:27:00 +00:00
|
|
|
and Eclipse Distribution License v1.0 which accompany this distribution.
|
|
|
|
|
|
|
|
|
|
The Eclipse Public License is available at
|
2020-11-25 17:34:21 +00:00
|
|
|
https://www.eclipse.org/legal/epl-2.0/
|
2014-05-07 22:27:00 +00:00
|
|
|
and the Eclipse Distribution License is available at
|
|
|
|
|
http://www.eclipse.org/org/documents/edl-v10.php.
|
|
|
|
|
|
|
|
|
|
Contributors:
|
|
|
|
|
Roger Light - initial implementation and documentation.
|
|
|
|
|
*/
|
|
|
|
|
|
2018-05-02 08:39:36 +00:00
|
|
|
#include "config.h"
|
2014-05-07 22:27:00 +00:00
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
|
#include <signal.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
2018-01-06 22:42:13 +00:00
|
|
|
|
2020-10-29 12:48:59 +00:00
|
|
|
#include "get_password.h"
|
2020-10-12 12:45:37 +00:00
|
|
|
#include "password_mosq.h"
|
2018-01-06 22:42:13 +00:00
|
|
|
|
2014-05-07 22:27:00 +00:00
|
|
|
#ifdef WIN32
|
2018-02-28 15:53:24 +00:00
|
|
|
# include <windows.h>
|
2014-05-07 22:27:00 +00:00
|
|
|
# include <process.h>
|
|
|
|
|
# ifndef __cplusplus
|
2018-01-06 22:42:13 +00:00
|
|
|
# if defined(_MSC_VER) && _MSC_VER < 1900
|
|
|
|
|
# define bool char
|
|
|
|
|
# define true 1
|
|
|
|
|
# define false 0
|
|
|
|
|
# else
|
|
|
|
|
# include <stdbool.h>
|
|
|
|
|
# endif
|
2014-05-07 22:27:00 +00:00
|
|
|
# endif
|
|
|
|
|
# define snprintf sprintf_s
|
|
|
|
|
# include <io.h>
|
2018-01-06 22:42:13 +00:00
|
|
|
# include <windows.h>
|
2014-05-07 22:27:00 +00:00
|
|
|
#else
|
|
|
|
|
# include <stdbool.h>
|
|
|
|
|
# include <unistd.h>
|
|
|
|
|
# include <termios.h>
|
2019-02-27 17:49:19 +00:00
|
|
|
# include <sys/stat.h>
|
2014-05-07 22:27:00 +00:00
|
|
|
#endif
|
|
|
|
|
|
2020-02-04 16:05:58 +00:00
|
|
|
#define MAX_BUFFER_LEN 65536
|
2014-05-07 22:27:00 +00:00
|
|
|
#define SALT_LEN 12
|
|
|
|
|
|
2020-02-04 16:05:58 +00:00
|
|
|
#include "misc_mosq.h"
|
|
|
|
|
|
|
|
|
|
struct cb_helper {
|
|
|
|
|
const char *line;
|
|
|
|
|
const char *username;
|
|
|
|
|
const char *password;
|
2020-10-21 11:26:31 +00:00
|
|
|
int iterations;
|
2020-02-04 16:05:58 +00:00
|
|
|
bool found;
|
|
|
|
|
};
|
|
|
|
|
|
2020-10-12 12:45:37 +00:00
|
|
|
static enum mosquitto_pwhash_type hashtype = pw_sha512_pbkdf2;
|
2020-09-30 08:44:36 +00:00
|
|
|
|
2019-02-27 16:38:54 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
|
static FILE *mpw_tmpfile(void)
|
|
|
|
|
{
|
|
|
|
|
return tmpfile();
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
|
2020-10-17 00:23:08 +00:00
|
|
|
static char unsigned alphanum[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
2019-02-27 16:38:54 +00:00
|
|
|
|
|
|
|
|
static unsigned char tmpfile_path[36];
|
|
|
|
|
static FILE *mpw_tmpfile(void)
|
|
|
|
|
{
|
|
|
|
|
int fd;
|
2019-03-13 13:47:01 +00:00
|
|
|
size_t i;
|
2019-02-27 16:38:54 +00:00
|
|
|
|
|
|
|
|
if(RAND_bytes(tmpfile_path, sizeof(tmpfile_path)) != 1){
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
strcpy((char *)tmpfile_path, "/tmp/");
|
|
|
|
|
|
|
|
|
|
for(i=strlen((char *)tmpfile_path); i<sizeof(tmpfile_path)-8; i++){
|
|
|
|
|
tmpfile_path[i] = alphanum[tmpfile_path[i]%(sizeof(alphanum)-1)];
|
|
|
|
|
}
|
|
|
|
|
tmpfile_path[sizeof(tmpfile_path)-8] = '-';
|
|
|
|
|
for(i=sizeof(tmpfile_path)-7; i<sizeof(tmpfile_path)-1; i++){
|
|
|
|
|
tmpfile_path[i] = 'X';
|
|
|
|
|
}
|
|
|
|
|
tmpfile_path[sizeof(tmpfile_path)-1] = '\0';
|
|
|
|
|
|
2019-02-27 17:49:19 +00:00
|
|
|
umask(077);
|
2019-02-27 16:38:54 +00:00
|
|
|
fd = mkstemp((char *)tmpfile_path);
|
|
|
|
|
if(fd < 0) return NULL;
|
|
|
|
|
unlink((char *)tmpfile_path);
|
|
|
|
|
|
|
|
|
|
return fdopen(fd, "w+");
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
2014-05-07 22:27:00 +00:00
|
|
|
void print_usage(void)
|
|
|
|
|
{
|
|
|
|
|
printf("mosquitto_passwd is a tool for managing password files for mosquitto.\n\n");
|
2020-09-23 21:57:26 +00:00
|
|
|
printf("Usage: mosquitto_passwd [-H sha512 | -H sha512-pbkdf2] [-c | -D] passwordfile username\n");
|
2020-09-24 16:03:14 +00:00
|
|
|
printf(" mosquitto_passwd [-H sha512 | -H sha512-pbkdf2] [-c] -b passwordfile username password\n");
|
2014-05-07 22:27:00 +00:00
|
|
|
printf(" mosquitto_passwd -U passwordfile\n");
|
2014-06-20 19:59:04 +00:00
|
|
|
printf(" -b : run in batch mode to allow passing passwords on the command line.\n");
|
2014-05-07 22:27:00 +00:00
|
|
|
printf(" -c : create a new password file. This will overwrite existing files.\n");
|
|
|
|
|
printf(" -D : delete the username rather than adding/updating its password.\n");
|
2020-09-23 21:57:26 +00:00
|
|
|
printf(" -H : specify the hashing algorithm. Defaults to sha512-pbkdf2, which is recommended.\n");
|
|
|
|
|
printf(" Mosquitto 1.6 and earlier defaulted to sha512.\n");
|
2014-05-07 22:27:00 +00:00
|
|
|
printf(" -U : update a plain text password file to use hashed passwords.\n");
|
2019-03-30 20:34:40 +00:00
|
|
|
printf("\nSee https://mosquitto.org/ for more information.\n\n");
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
|
|
|
|
|
2020-10-21 11:26:31 +00:00
|
|
|
int output_new_password(FILE *fptr, const char *username, const char *password, int iterations)
|
2014-05-07 22:27:00 +00:00
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
char *salt64 = NULL, *hash64 = NULL;
|
2020-10-12 12:45:37 +00:00
|
|
|
struct mosquitto_pw pw;
|
|
|
|
|
|
2020-11-25 11:04:58 +00:00
|
|
|
if(password == NULL){
|
|
|
|
|
fprintf(stderr, "Error: Internal error, no password given.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2020-10-12 12:45:37 +00:00
|
|
|
memset(&pw, 0, sizeof(pw));
|
|
|
|
|
|
|
|
|
|
pw.hashtype = hashtype;
|
2014-05-07 22:27:00 +00:00
|
|
|
|
2020-10-21 11:26:31 +00:00
|
|
|
if(pw__hash(password, &pw, true, iterations)){
|
2020-10-12 12:45:37 +00:00
|
|
|
fprintf(stderr, "Error: Unable to hash password.\n");
|
2014-05-07 22:27:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-21 12:33:33 +00:00
|
|
|
rc = base64__encode(pw.salt, sizeof(pw.salt), &salt64);
|
2014-05-07 22:27:00 +00:00
|
|
|
if(rc){
|
2015-08-18 13:53:22 +00:00
|
|
|
free(salt64);
|
2014-05-07 22:27:00 +00:00
|
|
|
fprintf(stderr, "Error: Unable to encode salt.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-21 12:33:33 +00:00
|
|
|
rc = base64__encode(pw.password_hash, sizeof(pw.password_hash), &hash64);
|
2014-05-07 22:27:00 +00:00
|
|
|
if(rc){
|
2015-08-18 13:53:22 +00:00
|
|
|
free(salt64);
|
|
|
|
|
free(hash64);
|
2014-05-07 22:27:00 +00:00
|
|
|
fprintf(stderr, "Error: Unable to encode hash.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-21 11:26:31 +00:00
|
|
|
if(pw.hashtype == pw_sha512_pbkdf2){
|
|
|
|
|
fprintf(fptr, "%s:$%d$%d$%s$%s\n", username, hashtype, iterations, salt64, hash64);
|
|
|
|
|
}else{
|
|
|
|
|
fprintf(fptr, "%s:$%d$%s$%s\n", username, hashtype, salt64, hash64);
|
|
|
|
|
}
|
2014-05-07 22:27:00 +00:00
|
|
|
free(salt64);
|
|
|
|
|
free(hash64);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-04 16:05:58 +00:00
|
|
|
|
|
|
|
|
static int pwfile_iterate(FILE *fptr, FILE *ftmp,
|
|
|
|
|
int (*cb)(FILE *, FILE *, const char *, const char *, const char *, struct cb_helper *),
|
|
|
|
|
struct cb_helper *helper)
|
2014-05-07 22:27:00 +00:00
|
|
|
{
|
2020-02-04 16:05:58 +00:00
|
|
|
char *buf;
|
|
|
|
|
int buflen = 1024;
|
|
|
|
|
char *lbuf;
|
|
|
|
|
int lbuflen;
|
|
|
|
|
int rc = 1;
|
2019-03-26 10:02:31 +00:00
|
|
|
int line = 0;
|
2020-02-04 16:05:58 +00:00
|
|
|
char *username, *password;
|
2014-05-07 22:27:00 +00:00
|
|
|
|
2020-10-17 00:23:08 +00:00
|
|
|
buf = malloc((size_t)buflen);
|
2020-02-04 16:05:58 +00:00
|
|
|
if(buf == NULL){
|
|
|
|
|
fprintf(stderr, "Error: Out of memory.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
lbuflen = buflen;
|
2020-10-17 00:23:08 +00:00
|
|
|
lbuf = malloc((size_t)lbuflen);
|
2020-02-04 16:05:58 +00:00
|
|
|
if(lbuf == NULL){
|
|
|
|
|
fprintf(stderr, "Error: Out of memory.\n");
|
|
|
|
|
free(buf);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while(!feof(fptr) && fgets_extending(&buf, &buflen, fptr)){
|
|
|
|
|
if(lbuflen != buflen){
|
|
|
|
|
free(lbuf);
|
|
|
|
|
lbuflen = buflen;
|
2020-10-17 00:23:08 +00:00
|
|
|
lbuf = malloc((size_t)lbuflen);
|
2020-02-04 16:05:58 +00:00
|
|
|
if(lbuf == NULL){
|
|
|
|
|
fprintf(stderr, "Error: Out of memory.\n");
|
|
|
|
|
free(buf);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-10-17 00:23:08 +00:00
|
|
|
memcpy(lbuf, buf, (size_t)buflen);
|
2019-03-26 10:02:31 +00:00
|
|
|
line++;
|
2020-02-04 16:05:58 +00:00
|
|
|
username = strtok(buf, ":");
|
|
|
|
|
password = strtok(NULL, ":");
|
|
|
|
|
if(username == NULL || password == NULL){
|
2019-03-26 10:02:31 +00:00
|
|
|
fprintf(stderr, "Error: Corrupt password file at line %d.\n", line);
|
2020-02-04 16:05:58 +00:00
|
|
|
free(lbuf);
|
|
|
|
|
free(buf);
|
2019-03-26 10:02:31 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2020-02-04 16:05:58 +00:00
|
|
|
username = misc__trimblanks(username);
|
|
|
|
|
password = misc__trimblanks(password);
|
2019-03-26 10:02:31 +00:00
|
|
|
|
2020-02-04 16:05:58 +00:00
|
|
|
if(strlen(username) == 0 || strlen(password) == 0){
|
|
|
|
|
fprintf(stderr, "Error: Corrupt password file at line %d.\n", line);
|
|
|
|
|
free(lbuf);
|
|
|
|
|
free(buf);
|
|
|
|
|
return 1;
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
2020-02-04 16:05:58 +00:00
|
|
|
|
|
|
|
|
rc = cb(fptr, ftmp, username, password, lbuf, helper);
|
|
|
|
|
if(rc){
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
free(lbuf);
|
|
|
|
|
free(buf);
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ======================================================================
|
|
|
|
|
* Delete a user from the password file
|
|
|
|
|
* ====================================================================== */
|
|
|
|
|
static int delete_pwuser_cb(FILE *fptr, FILE *ftmp, const char *username, const char *password, const char *line, struct cb_helper *helper)
|
|
|
|
|
{
|
|
|
|
|
if(strcmp(username, helper->username)){
|
|
|
|
|
/* If this isn't the username to delete, write it to the new file */
|
|
|
|
|
fprintf(ftmp, "%s", line);
|
|
|
|
|
}else{
|
|
|
|
|
/* Don't write the matching username to the file. */
|
|
|
|
|
helper->found = true;
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
2020-02-04 16:05:58 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int delete_pwuser(FILE *fptr, FILE *ftmp, const char *username)
|
|
|
|
|
{
|
|
|
|
|
struct cb_helper helper;
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
memset(&helper, 0, sizeof(helper));
|
|
|
|
|
helper.username = username;
|
|
|
|
|
rc = pwfile_iterate(fptr, ftmp, delete_pwuser_cb, &helper);
|
|
|
|
|
|
|
|
|
|
if(helper.found == false){
|
2014-05-07 22:27:00 +00:00
|
|
|
fprintf(stderr, "Warning: User %s not found in password file.\n", username);
|
2019-09-17 08:37:16 +00:00
|
|
|
return 1;
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
2020-02-04 16:05:58 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ======================================================================
|
|
|
|
|
* Update a plain text password file to use hashes
|
|
|
|
|
* ====================================================================== */
|
|
|
|
|
static int update_file_cb(FILE *fptr, FILE *ftmp, const char *username, const char *password, const char *line, struct cb_helper *helper)
|
|
|
|
|
{
|
2020-10-21 11:26:31 +00:00
|
|
|
return output_new_password(ftmp, username, password, helper->iterations);
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int update_file(FILE *fptr, FILE *ftmp)
|
|
|
|
|
{
|
2020-02-04 16:05:58 +00:00
|
|
|
return pwfile_iterate(fptr, ftmp, update_file_cb, NULL);
|
|
|
|
|
}
|
2014-05-07 22:27:00 +00:00
|
|
|
|
2020-02-04 16:05:58 +00:00
|
|
|
|
|
|
|
|
/* ======================================================================
|
|
|
|
|
* Update an existing user password / create a new password
|
|
|
|
|
* ====================================================================== */
|
|
|
|
|
static int update_pwuser_cb(FILE *fptr, FILE *ftmp, const char *username, const char *password, const char *line, struct cb_helper *helper)
|
|
|
|
|
{
|
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
|
|
if(strcmp(username, helper->username)){
|
|
|
|
|
/* If this isn't the matching user, then writing out the exiting line */
|
|
|
|
|
fprintf(ftmp, "%s", line);
|
|
|
|
|
}else{
|
|
|
|
|
/* Write out a new line for our matching username */
|
|
|
|
|
helper->found = true;
|
2020-10-21 11:26:31 +00:00
|
|
|
rc = output_new_password(ftmp, username, helper->password, helper->iterations);
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
2020-02-04 16:05:58 +00:00
|
|
|
return rc;
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
|
|
|
|
|
2020-10-21 11:26:31 +00:00
|
|
|
int update_pwuser(FILE *fptr, FILE *ftmp, const char *username, const char *password, int iterations)
|
2014-05-07 22:27:00 +00:00
|
|
|
{
|
2020-02-04 16:05:58 +00:00
|
|
|
struct cb_helper helper;
|
|
|
|
|
int rc;
|
2014-05-07 22:27:00 +00:00
|
|
|
|
2020-02-04 16:05:58 +00:00
|
|
|
memset(&helper, 0, sizeof(helper));
|
|
|
|
|
helper.username = username;
|
2020-04-26 21:44:21 +00:00
|
|
|
helper.password = password;
|
2020-10-21 11:26:31 +00:00
|
|
|
helper.iterations = iterations;
|
2020-02-04 16:05:58 +00:00
|
|
|
rc = pwfile_iterate(fptr, ftmp, update_pwuser_cb, &helper);
|
2019-03-26 10:02:31 +00:00
|
|
|
|
2020-02-04 16:05:58 +00:00
|
|
|
if(helper.found){
|
2014-05-07 22:27:00 +00:00
|
|
|
return rc;
|
|
|
|
|
}else{
|
2020-10-21 11:26:31 +00:00
|
|
|
return output_new_password(ftmp, username, password, iterations);
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-04 16:05:58 +00:00
|
|
|
|
2014-05-07 22:27:00 +00:00
|
|
|
int copy_contents(FILE *src, FILE *dest)
|
|
|
|
|
{
|
|
|
|
|
char buf[MAX_BUFFER_LEN];
|
2019-03-13 13:47:01 +00:00
|
|
|
size_t len;
|
2014-05-07 22:27:00 +00:00
|
|
|
|
|
|
|
|
rewind(src);
|
|
|
|
|
rewind(dest);
|
|
|
|
|
|
|
|
|
|
#ifdef WIN32
|
|
|
|
|
_chsize(fileno(dest), 0);
|
|
|
|
|
#else
|
|
|
|
|
if(ftruncate(fileno(dest), 0)) return 1;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
while(!feof(src)){
|
|
|
|
|
len = fread(buf, 1, MAX_BUFFER_LEN, src);
|
|
|
|
|
if(len > 0){
|
|
|
|
|
if(fwrite(buf, 1, len, dest) != len){
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}else{
|
|
|
|
|
return !feof(src);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int create_backup(const char *backup_file, FILE *fptr)
|
|
|
|
|
{
|
|
|
|
|
FILE *fbackup;
|
|
|
|
|
|
|
|
|
|
fbackup = fopen(backup_file, "wt");
|
|
|
|
|
if(!fbackup){
|
|
|
|
|
fprintf(stderr, "Error creating backup password file \"%s\", not continuing.\n", backup_file);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if(copy_contents(fptr, fbackup)){
|
|
|
|
|
fprintf(stderr, "Error copying data to backup password file \"%s\", not continuing.\n", backup_file);
|
|
|
|
|
fclose(fbackup);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
fclose(fbackup);
|
|
|
|
|
rewind(fptr);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2020-10-29 12:48:59 +00:00
|
|
|
|
2014-05-07 22:27:00 +00:00
|
|
|
void handle_sigint(int signal)
|
|
|
|
|
{
|
2020-10-29 12:48:59 +00:00
|
|
|
get_password__reset_term();
|
2019-03-13 14:11:50 +00:00
|
|
|
|
|
|
|
|
UNUSED(signal);
|
|
|
|
|
|
2014-05-07 22:27:00 +00:00
|
|
|
exit(0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int main(int argc, char *argv[])
|
|
|
|
|
{
|
2014-11-17 21:00:33 +00:00
|
|
|
char *password_file_tmp = NULL;
|
2018-03-27 06:32:41 +00:00
|
|
|
char *password_file = NULL;
|
2014-05-07 22:27:00 +00:00
|
|
|
char *username = NULL;
|
2014-06-20 19:59:04 +00:00
|
|
|
char *password_cmd = NULL;
|
|
|
|
|
bool batch_mode = false;
|
2014-05-07 22:27:00 +00:00
|
|
|
bool create_new = false;
|
|
|
|
|
bool delete_user = false;
|
|
|
|
|
FILE *fptr, *ftmp;
|
|
|
|
|
char password[MAX_BUFFER_LEN];
|
|
|
|
|
int rc;
|
|
|
|
|
bool do_update_file = false;
|
|
|
|
|
char *backup_file;
|
2020-09-23 21:57:26 +00:00
|
|
|
int idx;
|
2020-10-21 11:26:31 +00:00
|
|
|
int iterations = PW_DEFAULT_ITERATIONS;
|
2014-05-07 22:27:00 +00:00
|
|
|
|
|
|
|
|
signal(SIGINT, handle_sigint);
|
|
|
|
|
signal(SIGTERM, handle_sigint);
|
|
|
|
|
|
2019-01-10 17:44:46 +00:00
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L || OPENSSL_API_COMPAT < 0x10100000L
|
2014-05-07 22:27:00 +00:00
|
|
|
OpenSSL_add_all_digests();
|
2019-02-28 12:21:11 +00:00
|
|
|
#else
|
|
|
|
|
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
|
|
|
|
|
| OPENSSL_INIT_ADD_ALL_DIGESTS \
|
|
|
|
|
| OPENSSL_INIT_LOAD_CONFIG, NULL);
|
2019-01-10 17:44:46 +00:00
|
|
|
#endif
|
2014-05-07 22:27:00 +00:00
|
|
|
|
2017-02-12 21:22:58 +00:00
|
|
|
if(argc == 1){
|
|
|
|
|
print_usage();
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-23 21:57:26 +00:00
|
|
|
idx = 1;
|
2020-09-24 16:03:14 +00:00
|
|
|
for(idx = 1; idx < argc; idx++){
|
|
|
|
|
if(!strcmp(argv[idx], "-H")){
|
|
|
|
|
if(idx+1 == argc){
|
|
|
|
|
fprintf(stderr, "Error: -H argument given but not enough other arguments.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if(!strcmp(argv[idx+1], "sha512")){
|
|
|
|
|
hashtype = pw_sha512;
|
|
|
|
|
}else if(!strcmp(argv[idx+1], "sha512-pbkdf2")){
|
|
|
|
|
hashtype = pw_sha512_pbkdf2;
|
2020-04-08 11:38:15 +00:00
|
|
|
}else{
|
2020-09-24 16:03:14 +00:00
|
|
|
fprintf(stderr, "Error: Unknown hash type '%s'\n", argv[idx+1]);
|
2020-04-08 11:38:15 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2020-09-24 16:03:14 +00:00
|
|
|
idx++;
|
|
|
|
|
}else if(!strcmp(argv[idx], "-b")){
|
|
|
|
|
batch_mode = true;
|
|
|
|
|
}else if(!strcmp(argv[idx], "-c")){
|
|
|
|
|
create_new = true;
|
|
|
|
|
}else if(!strcmp(argv[idx], "-D")){
|
|
|
|
|
delete_user = true;
|
2020-10-21 11:26:31 +00:00
|
|
|
}else if(!strcmp(argv[idx], "-I")){
|
|
|
|
|
if(idx+1 == argc){
|
|
|
|
|
fprintf(stderr, "Error: -I argument given but not enough other arguments.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
iterations = atoi(argv[idx+1]);
|
|
|
|
|
idx++;
|
|
|
|
|
if(iterations < 1){
|
|
|
|
|
fprintf(stderr, "Error: Number of iterations must be > 0.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2020-09-24 16:03:14 +00:00
|
|
|
}else if(!strcmp(argv[idx], "-U")){
|
|
|
|
|
do_update_file = true;
|
2020-09-23 21:57:26 +00:00
|
|
|
}else{
|
2020-09-24 16:03:14 +00:00
|
|
|
break;
|
2020-09-23 21:57:26 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-24 16:03:14 +00:00
|
|
|
if(create_new && delete_user){
|
|
|
|
|
fprintf(stderr, "Error: -c and -D cannot be used together.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if(create_new && do_update_file){
|
|
|
|
|
fprintf(stderr, "Error: -c and -U cannot be used together.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if(delete_user && do_update_file){
|
|
|
|
|
fprintf(stderr, "Error: -D and -U cannot be used together.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if(delete_user && batch_mode){
|
|
|
|
|
fprintf(stderr, "Error: -b and -D cannot be used together.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(create_new){
|
|
|
|
|
if(batch_mode){
|
|
|
|
|
if(idx+2 >= argc){
|
|
|
|
|
fprintf(stderr, "Error: -c argument given but password file, username, or password missing.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}else{
|
|
|
|
|
password_file_tmp = argv[idx];
|
|
|
|
|
username = argv[idx+1];
|
|
|
|
|
password_cmd = argv[idx+2];
|
|
|
|
|
}
|
2017-02-12 21:22:58 +00:00
|
|
|
}else{
|
2020-09-24 16:03:14 +00:00
|
|
|
if(idx+1 >= argc){
|
|
|
|
|
fprintf(stderr, "Error: -c argument given but password file or username missing.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}else{
|
|
|
|
|
password_file_tmp = argv[idx];
|
|
|
|
|
username = argv[idx+1];
|
|
|
|
|
}
|
2014-06-20 19:59:04 +00:00
|
|
|
}
|
2020-09-24 16:03:14 +00:00
|
|
|
}else if(delete_user){
|
|
|
|
|
if(idx+1 >= argc){
|
2017-02-12 21:22:58 +00:00
|
|
|
fprintf(stderr, "Error: -D argument given but password file or username missing.\n");
|
|
|
|
|
return 1;
|
2014-06-20 19:59:04 +00:00
|
|
|
}else{
|
2020-09-24 16:03:14 +00:00
|
|
|
password_file_tmp = argv[idx];
|
|
|
|
|
username = argv[idx+1];
|
2017-02-12 21:22:58 +00:00
|
|
|
}
|
2020-09-24 16:03:14 +00:00
|
|
|
}else if(do_update_file){
|
|
|
|
|
if(idx+1 != argc){
|
2017-02-12 21:22:58 +00:00
|
|
|
fprintf(stderr, "Error: -U argument given but password file missing.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}else{
|
2020-09-24 16:03:14 +00:00
|
|
|
password_file_tmp = argv[idx];
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
2020-09-24 16:03:14 +00:00
|
|
|
}else if(batch_mode == true && idx+3 == argc){
|
|
|
|
|
password_file_tmp = argv[idx];
|
|
|
|
|
username = argv[idx+1];
|
|
|
|
|
password_cmd = argv[idx+1];
|
|
|
|
|
}else if(batch_mode == false && idx+2 == argc){
|
2020-09-23 21:57:26 +00:00
|
|
|
password_file_tmp = argv[idx];
|
|
|
|
|
username = argv[idx+1];
|
2014-05-07 22:27:00 +00:00
|
|
|
}else{
|
|
|
|
|
print_usage();
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2020-09-24 16:03:14 +00:00
|
|
|
|
2020-11-24 00:58:01 +00:00
|
|
|
if(username){
|
|
|
|
|
if(strlen(username) > 65535){
|
|
|
|
|
fprintf(stderr, "Error: Username must be less than 65536 characters long.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if(strchr(username, ':')){
|
|
|
|
|
fprintf(stderr, "Error: Username must not contain the ':' character.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2020-02-04 16:05:58 +00:00
|
|
|
}
|
|
|
|
|
if(password_cmd && strlen(password_cmd) > 65535){
|
|
|
|
|
fprintf(stderr, "Error: Password must be less than 65536 characters long.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2014-05-07 22:27:00 +00:00
|
|
|
|
2018-03-27 06:32:41 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
|
password_file = _fullpath(NULL, password_file_tmp, 0);
|
|
|
|
|
if(!password_file){
|
|
|
|
|
fprintf(stderr, "Error getting full path for password file.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
password_file = realpath(password_file_tmp, NULL);
|
|
|
|
|
if(!password_file){
|
2018-05-02 20:21:07 +00:00
|
|
|
if(errno == ENOENT){
|
|
|
|
|
password_file = strdup(password_file_tmp);
|
|
|
|
|
if(!password_file){
|
|
|
|
|
fprintf(stderr, "Error: Out of memory.\n");
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}else{
|
|
|
|
|
fprintf(stderr, "Error reading password file: %s\n", strerror(errno));
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2018-03-27 06:32:41 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
2014-11-17 21:00:33 +00:00
|
|
|
|
2014-05-07 22:27:00 +00:00
|
|
|
if(create_new){
|
2020-04-08 11:38:15 +00:00
|
|
|
if(batch_mode == false){
|
2020-10-29 14:35:50 +00:00
|
|
|
rc = get_password("Password: ", "Reenter password: ", false, password, MAX_BUFFER_LEN);
|
2020-04-08 11:38:15 +00:00
|
|
|
if(rc){
|
|
|
|
|
free(password_file);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
password_cmd = password;
|
2019-03-26 14:00:42 +00:00
|
|
|
}
|
2014-05-07 22:27:00 +00:00
|
|
|
fptr = fopen(password_file, "wt");
|
|
|
|
|
if(!fptr){
|
|
|
|
|
fprintf(stderr, "Error: Unable to open file %s for writing. %s.\n", password_file, strerror(errno));
|
2018-03-27 06:32:41 +00:00
|
|
|
free(password_file);
|
2014-05-07 22:27:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2018-03-27 06:32:41 +00:00
|
|
|
free(password_file);
|
2020-10-21 11:26:31 +00:00
|
|
|
rc = output_new_password(fptr, username, password_cmd, iterations);
|
2014-05-07 22:27:00 +00:00
|
|
|
fclose(fptr);
|
|
|
|
|
return rc;
|
|
|
|
|
}else{
|
|
|
|
|
fptr = fopen(password_file, "r+t");
|
|
|
|
|
if(!fptr){
|
|
|
|
|
fprintf(stderr, "Error: Unable to open password file %s. %s.\n", password_file, strerror(errno));
|
2018-03-27 06:32:41 +00:00
|
|
|
free(password_file);
|
2014-05-07 22:27:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-17 00:23:08 +00:00
|
|
|
backup_file = malloc((size_t)strlen(password_file)+5);
|
2015-09-22 09:03:57 +00:00
|
|
|
if(!backup_file){
|
|
|
|
|
fprintf(stderr, "Error: Out of memory.\n");
|
2018-03-27 06:32:41 +00:00
|
|
|
free(password_file);
|
2015-09-22 09:03:57 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2014-05-07 22:27:00 +00:00
|
|
|
snprintf(backup_file, strlen(password_file)+5, "%s.tmp", password_file);
|
2018-03-27 06:32:41 +00:00
|
|
|
free(password_file);
|
|
|
|
|
password_file = NULL;
|
2014-05-07 22:27:00 +00:00
|
|
|
|
|
|
|
|
if(create_backup(backup_file, fptr)){
|
|
|
|
|
fclose(fptr);
|
|
|
|
|
free(backup_file);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-27 16:38:54 +00:00
|
|
|
ftmp = mpw_tmpfile();
|
2014-05-07 22:27:00 +00:00
|
|
|
if(!ftmp){
|
|
|
|
|
fprintf(stderr, "Error: Unable to open temporary file. %s.\n", strerror(errno));
|
|
|
|
|
fclose(fptr);
|
|
|
|
|
free(backup_file);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if(delete_user){
|
|
|
|
|
rc = delete_pwuser(fptr, ftmp, username);
|
|
|
|
|
}else if(do_update_file){
|
|
|
|
|
rc = update_file(fptr, ftmp);
|
|
|
|
|
}else{
|
2014-06-20 19:59:04 +00:00
|
|
|
if(batch_mode){
|
|
|
|
|
/* Update password for individual user */
|
2020-10-21 11:26:31 +00:00
|
|
|
rc = update_pwuser(fptr, ftmp, username, password_cmd, iterations);
|
2014-06-20 19:59:04 +00:00
|
|
|
}else{
|
2020-10-29 14:35:50 +00:00
|
|
|
rc = get_password("Password: ", "Reenter password: ", false, password, MAX_BUFFER_LEN);
|
2014-06-20 19:59:04 +00:00
|
|
|
if(rc){
|
|
|
|
|
fclose(fptr);
|
|
|
|
|
fclose(ftmp);
|
|
|
|
|
unlink(backup_file);
|
|
|
|
|
free(backup_file);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
/* Update password for individual user */
|
2020-10-21 11:26:31 +00:00
|
|
|
rc = update_pwuser(fptr, ftmp, username, password, iterations);
|
2014-05-07 22:27:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if(rc){
|
|
|
|
|
fclose(fptr);
|
|
|
|
|
fclose(ftmp);
|
|
|
|
|
unlink(backup_file);
|
|
|
|
|
free(backup_file);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(copy_contents(ftmp, fptr)){
|
|
|
|
|
fclose(fptr);
|
|
|
|
|
fclose(ftmp);
|
|
|
|
|
fprintf(stderr, "Error occurred updating password file.\n");
|
|
|
|
|
fprintf(stderr, "Password file may be corrupt, check the backup file: %s.\n", backup_file);
|
|
|
|
|
free(backup_file);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
fclose(fptr);
|
|
|
|
|
fclose(ftmp);
|
|
|
|
|
|
|
|
|
|
/* Everything was ok so backup no longer needed. May contain old
|
|
|
|
|
* passwords so shouldn't be kept around. */
|
|
|
|
|
unlink(backup_file);
|
|
|
|
|
free(backup_file);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
