首页 发现 帮助
登录
SoftwareDesign
/
csu3_am335x
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: master
分支列表 标签列表
csu3_am335x
/
EVSE
/
GPL
/
mosquitto-2.0.13
/
apps
/
mosquitto_passwd
/
mosquitto_passwd.c

mosquitto_passwd.c 17 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690 
  1. /*
    2. 

  2. Copyright (c) 2012-2020 Roger Light <roger@atchoo.org>
    3. 

  3. 

  4. All rights reserved. This program and the accompanying materials
    5. 

  5. are made available under the terms of the Eclipse Public License 2.0
    6. 

  6. and Eclipse Distribution License v1.0 which accompany this distribution.
    7. 

  7. 

  8. The Eclipse Public License is available at
    9. 

  9.    https://www.eclipse.org/legal/epl-2.0/
    10. 

  10. and the Eclipse Distribution License is available at
    11. 

  11.   http://www.eclipse.org/org/documents/edl-v10.php.
    12. 

  12. 

  13. SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
    14. 

  14. 

  15. Contributors:
    16. 

  16.    Roger Light - initial implementation and documentation.
    17. 

  17. */
    18. 

  18. 

  19. #include "config.h"
    20. 

  20. 

  21. #include <ctype.h>
    22. 

  22. #include <errno.h>
    23. 

  23. #include <openssl/evp.h>
    24. 

  24. #include <openssl/rand.h>
    25. 

  25. #include <signal.h>
    26. 

  26. #include <stdio.h>
    27. 

  27. #include <stdlib.h>
    28. 

  28. #include <string.h>
    29. 

  29. 

  30. #include "get_password.h"
    31. 

  31. #include "password_mosq.h"
    32. 

  32. 

  33. #ifdef WIN32
    34. 

  34. #  include <windows.h>
    35. 

  35. #  include <process.h>
    36. 

  36. #	ifndef __cplusplus
    37. 

  37. #		if defined(_MSC_VER) && _MSC_VER < 1900
    38. 

  38. #			define bool char
    39. 

  39. #			define true 1
    40. 

  40. #			define false 0
    41. 

  41. #		else
    42. 

  42. #			include <stdbool.h>
    43. 

  43. #		endif
    44. 

  44. #	endif
    45. 

  45. #   define snprintf sprintf_s
    46. 

  46. #	include <io.h>
    47. 

  47. #	include <windows.h>
    48. 

  48. #else
    49. 

  49. #  include <stdbool.h>
    50. 

  50. #  include <unistd.h>
    51. 

  51. #  include <termios.h>
    52. 

  52. #  include <sys/stat.h>
    53. 

  53. #endif
    54. 

  54. 

  55. #define MAX_BUFFER_LEN 65500
    56. 

  56. #define SALT_LEN 12
    57. 

  57. 

  58. #include "misc_mosq.h"
    59. 

  59. 

  60. struct cb_helper {
    61. 

  61. 	const char *line;
    62. 

  62. 	const char *username;
    63. 

  63. 	const char *password;
    64. 

  64. 	int iterations;
    65. 

  65. 	bool found;
    66. 

  66. };
    67. 

  67. 

  68. static enum mosquitto_pwhash_type hashtype = pw_sha512_pbkdf2;
    69. 

  69. 

  70. #ifdef WIN32
    71. 

  71. static FILE *mpw_tmpfile(void)
    72. 

  72. {
    73. 

  73. 	return tmpfile();
    74. 

  74. }
    75. 

  75. #else
    76. 

  76. 

  77. static char unsigned alphanum[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    78. 

  78. 

  79. static unsigned char tmpfile_path[36];
    80. 

  80. static FILE *mpw_tmpfile(void)
    81. 

  81. {
    82. 

  82. 	int fd;
    83. 

  83. 	size_t i;
    84. 

  84. 

  85. 	if(RAND_bytes(tmpfile_path, sizeof(tmpfile_path)) != 1){
    86. 

  86. 		return NULL;
    87. 

  87. 	}
    88. 

  88. 

  89. 	strcpy((char *)tmpfile_path, "/tmp/");
    90. 

  90. 

  91. 	for(i=strlen((char *)tmpfile_path); i<sizeof(tmpfile_path)-8; i++){
    92. 

  92. 		tmpfile_path[i] = alphanum[tmpfile_path[i]%(sizeof(alphanum)-1)];
    93. 

  93. 	}
    94. 

  94. 	tmpfile_path[sizeof(tmpfile_path)-8] = '-';
    95. 

  95. 	for(i=sizeof(tmpfile_path)-7; i<sizeof(tmpfile_path)-1; i++){
    96. 

  96. 		tmpfile_path[i] = 'X';
    97. 

  97. 	}
    98. 

  98. 	tmpfile_path[sizeof(tmpfile_path)-1] = '\0';
    99. 

  99. 

  100. 	umask(077);
    101. 

  101. 	fd = mkstemp((char *)tmpfile_path);
    102. 

  102. 	if(fd < 0) return NULL;
    103. 

  103. 	unlink((char *)tmpfile_path);
    104. 

  104. 

  105. 	return fdopen(fd, "w+");
    106. 

  106. }
    107. 

  107. #endif
    108. 

  108. 

  109. int log__printf(void *mosq, unsigned int level, const char *fmt, ...)
    110. 

  110. {
    111. 

  111. 	/* Stub for misc_mosq.c */
    112. 

  112. 	UNUSED(mosq);
    113. 

  113. 	UNUSED(level);
    114. 

  114. 	UNUSED(fmt);
    115. 

  115. 	return 0;
    116. 

  116. }
    117. 

  117. 

  118. 

  119. static void print_usage(void)
    120. 

  120. {
    121. 

  121. 	printf("mosquitto_passwd is a tool for managing password files for mosquitto.\n\n");
    122. 

  122. 	printf("Usage: mosquitto_passwd [-H sha512 | -H sha512-pbkdf2] [-c | -D] passwordfile username\n");
    123. 

  123. 	printf("       mosquitto_passwd [-H sha512 | -H sha512-pbkdf2] [-c] -b passwordfile username password\n");
    124. 

  124. 	printf("       mosquitto_passwd -U passwordfile\n");
    125. 

  125. 	printf(" -b : run in batch mode to allow passing passwords on the command line.\n");
    126. 

  126. 	printf(" -c : create a new password file. This will overwrite existing files.\n");
    127. 

  127. 	printf(" -D : delete the username rather than adding/updating its password.\n");
    128. 

  128. 	printf(" -H : specify the hashing algorithm. Defaults to sha512-pbkdf2, which is recommended.\n");
    129. 

  129. 	printf("      Mosquitto 1.6 and earlier defaulted to sha512.\n");
    130. 

  130. 	printf(" -U : update a plain text password file to use hashed passwords.\n");
    131. 

  131. 	printf("\nSee https://mosquitto.org/ for more information.\n\n");
    132. 

  132. }
    133. 

  133. 

  134. static int output_new_password(FILE *fptr, const char *username, const char *password, int iterations)
    135. 

  135. {
    136. 

  136. 	int rc;
    137. 

  137. 	char *salt64 = NULL, *hash64 = NULL;
    138. 

  138. 	struct mosquitto_pw pw;
    139. 

  139. 

  140. 	if(password == NULL){
    141. 

  141. 		fprintf(stderr, "Error: Internal error, no password given.\n");
    142. 

  142. 		return 1;
    143. 

  143. 	}
    144. 

  144. 	memset(&pw, 0, sizeof(pw));
    145. 

  145. 

  146. 	pw.hashtype = hashtype;
    147. 

  147. 

  148. 	if(pw__hash(password, &pw, true, iterations)){
    149. 

  149. 		fprintf(stderr, "Error: Unable to hash password.\n");
    150. 

  150. 		return 1;
    151. 

  151. 	}
    152. 

  152. 

  153. 	rc = base64__encode(pw.salt, sizeof(pw.salt), &salt64);
    154. 

  154. 	if(rc){
    155. 

  155. 		free(salt64);
    156. 

  156. 		fprintf(stderr, "Error: Unable to encode salt.\n");
    157. 

  157. 		return 1;
    158. 

  158. 	}
    159. 

  159. 

  160. 	rc = base64__encode(pw.password_hash, sizeof(pw.password_hash), &hash64);
    161. 

  161. 	if(rc){
    162. 

  162. 		free(salt64);
    163. 

  163. 		free(hash64);
    164. 

  164. 		fprintf(stderr, "Error: Unable to encode hash.\n");
    165. 

  165. 		return 1;
    166. 

  166. 	}
    167. 

  167. 

  168. 	if(pw.hashtype == pw_sha512_pbkdf2){
    169. 

  169. 		fprintf(fptr, "%s:$%d$%d$%s$%s\n", username, hashtype, iterations, salt64, hash64);
    170. 

  170. 	}else{
    171. 

  171. 		fprintf(fptr, "%s:$%d$%s$%s\n", username, hashtype, salt64, hash64);
    172. 

  172. 	}
    173. 

  173. 	free(salt64);
    174. 

  174. 	free(hash64);
    175. 

  175. 

  176. 	return 0;
    177. 

  177. }
    178. 

  178. 

  179. 

  180. static int pwfile_iterate(FILE *fptr, FILE *ftmp,
    181. 

  181. 		int (*cb)(FILE *, FILE *, const char *, const char *, const char *, struct cb_helper *),
    182. 

  182. 		struct cb_helper *helper)
    183. 

  183. {
    184. 

  184. 	char *buf;
    185. 

  185. 	int buflen = 1024;
    186. 

  186. 	char *lbuf;
    187. 

  187. 	int lbuflen;
    188. 

  188. 	int rc = 1;
    189. 

  189. 	int line = 0;
    190. 

  190. 	char *username, *password;
    191. 

  191. 

  192. 	buf = malloc((size_t)buflen);
    193. 

  193. 	if(buf == NULL){
    194. 

  194. 		fprintf(stderr, "Error: Out of memory.\n");
    195. 

  195. 		return 1;
    196. 

  196. 	}
    197. 

  197. 	lbuflen = buflen;
    198. 

  198. 	lbuf = malloc((size_t)lbuflen);
    199. 

  199. 	if(lbuf == NULL){
    200. 

  200. 		fprintf(stderr, "Error: Out of memory.\n");
    201. 

  201. 		free(buf);
    202. 

  202. 		return 1;
    203. 

  203. 	}
    204. 

  204. 

  205. 	while(!feof(fptr) && fgets_extending(&buf, &buflen, fptr)){
    206. 

  206. 		if(lbuflen != buflen){
    207. 

  207. 			free(lbuf);
    208. 

  208. 			lbuflen = buflen;
    209. 

  209. 			lbuf = malloc((size_t)lbuflen);
    210. 

  210. 			if(lbuf == NULL){
    211. 

  211. 				fprintf(stderr, "Error: Out of memory.\n");
    212. 

  212. 				free(buf);
    213. 

  213. 				return 1;
    214. 

  214. 			}
    215. 

  215. 		}
    216. 

  216. 		memcpy(lbuf, buf, (size_t)buflen);
    217. 

  217. 		line++;
    218. 

  218. 		username = strtok(buf, ":");
    219. 

  219. 		password = strtok(NULL, ":");
    220. 

  220. 		if(username == NULL || password == NULL){
    221. 

  221. 			fprintf(stderr, "Error: Corrupt password file at line %d.\n", line);
    222. 

  222. 			free(lbuf);
    223. 

  223. 			free(buf);
    224. 

  224. 			return 1;
    225. 

  225. 		}
    226. 

  226. 		username = misc__trimblanks(username);
    227. 

  227. 		password = misc__trimblanks(password);
    228. 

  228. 

  229. 		if(strlen(username) == 0 || strlen(password) == 0){
    230. 

  230. 			fprintf(stderr, "Error: Corrupt password file at line %d.\n", line);
    231. 

  231. 			free(lbuf);
    232. 

  232. 			free(buf);
    233. 

  233. 			return 1;
    234. 

  234. 		}
    235. 

  235. 

  236. 		rc = cb(fptr, ftmp, username, password, lbuf, helper);
    237. 

  237. 		if(rc){
    238. 

  238. 			break;
    239. 

  239. 		}
    240. 

  240. 	}
    241. 

  241. 	free(lbuf);
    242. 

  242. 	free(buf);
    243. 

  243. 

  244. 	return rc;
    245. 

  245. }
    246. 

  246. 

  247. 

  248. /* ======================================================================
    249. 

  249.  * Delete a user from the password file
    250. 

  250.  * ====================================================================== */
    251. 

  251. static int delete_pwuser_cb(FILE *fptr, FILE *ftmp, const char *username, const char *password, const char *line, struct cb_helper *helper)
    252. 

  252. {
    253. 

  253. 	UNUSED(fptr);
    254. 

  254. 	UNUSED(password);
    255. 

  255. 	UNUSED(line);
    256. 

  256. 

  257. 	if(strcmp(username, helper->username)){
    258. 

  258. 		/* If this isn't the username to delete, write it to the new file */
    259. 

  259. 		fprintf(ftmp, "%s", line);
    260. 

  260. 	}else{
    261. 

  261. 		/* Don't write the matching username to the file. */
    262. 

  262. 		helper->found = true;
    263. 

  263. 	}
    264. 

  264. 	return 0;
    265. 

  265. }
    266. 

  266. 

  267. static int delete_pwuser(FILE *fptr, FILE *ftmp, const char *username)
    268. 

  268. {
    269. 

  269. 	struct cb_helper helper;
    270. 

  270. 	int rc;
    271. 

  271. 

  272. 	memset(&helper, 0, sizeof(helper));
    273. 

  273. 	helper.username = username;
    274. 

  274. 	rc = pwfile_iterate(fptr, ftmp, delete_pwuser_cb, &helper);
    275. 

  275. 

  276. 	if(helper.found == false){
    277. 

  277. 		fprintf(stderr, "Warning: User %s not found in password file.\n", username);
    278. 

  278. 		return 1;
    279. 

  279. 	}
    280. 

  280. 	return rc;
    281. 

  281. }
    282. 

  282. 

  283. 

  284. 

  285. /* ======================================================================
    286. 

  286.  * Update a plain text password file to use hashes
    287. 

  287.  * ====================================================================== */
    288. 

  288. static int update_file_cb(FILE *fptr, FILE *ftmp, const char *username, const char *password, const char *line, struct cb_helper *helper)
    289. 

  289. {
    290. 

  290. 	UNUSED(fptr);
    291. 

  291. 	UNUSED(line);
    292. 

  292. 

  293. 	if(helper){
    294. 

  294. 		return output_new_password(ftmp, username, password, helper->iterations);
    295. 

  295. 	}else{
    296. 

  296. 		return output_new_password(ftmp, username, password, PW_DEFAULT_ITERATIONS);
    297. 

  297. 	}
    298. 

  298. }
    299. 

  299. 

  300. static int update_file(FILE *fptr, FILE *ftmp)
    301. 

  301. {
    302. 

  302. 	return pwfile_iterate(fptr, ftmp, update_file_cb, NULL);
    303. 

  303. }
    304. 

  304. 

  305. 

  306. /* ======================================================================
    307. 

  307.  * Update an existing user password / create a new password
    308. 

  308.  * ====================================================================== */
    309. 

  309. static int update_pwuser_cb(FILE *fptr, FILE *ftmp, const char *username, const char *password, const char *line, struct cb_helper *helper)
    310. 

  310. {
    311. 

  311. 	int rc = 0;
    312. 

  312. 

  313. 	UNUSED(fptr);
    314. 

  314. 	UNUSED(password);
    315. 

  315. 

  316. 	if(strcmp(username, helper->username)){
    317. 

  317. 		/* If this isn't the matching user, then writing out the exiting line */
    318. 

  318. 		fprintf(ftmp, "%s", line);
    319. 

  319. 	}else{
    320. 

  320. 		/* Write out a new line for our matching username */
    321. 

  321. 		helper->found = true;
    322. 

  322. 		rc = output_new_password(ftmp, username, helper->password, helper->iterations);
    323. 

  323. 	}
    324. 

  324. 	return rc;
    325. 

  325. }
    326. 

  326. 

  327. static int update_pwuser(FILE *fptr, FILE *ftmp, const char *username, const char *password, int iterations)
    328. 

  328. {
    329. 

  329. 	struct cb_helper helper;
    330. 

  330. 	int rc;
    331. 

  331. 

  332. 	memset(&helper, 0, sizeof(helper));
    333. 

  333. 	helper.username = username;
    334. 

  334. 	helper.password = password;
    335. 

  335. 	helper.iterations = iterations;
    336. 

  336. 	rc = pwfile_iterate(fptr, ftmp, update_pwuser_cb, &helper);
    337. 

  337. 

  338. 	if(helper.found){
    339. 

  339. 		return rc;
    340. 

  340. 	}else{
    341. 

  341. 		return output_new_password(ftmp, username, password, iterations);
    342. 

  342. 	}
    343. 

  343. }
    344. 

  344. 

  345. 

  346. static int copy_contents(FILE *src, FILE *dest)
    347. 

  347. {
    348. 

  348. 	char buf[MAX_BUFFER_LEN];
    349. 

  349. 	size_t len;
    350. 

  350. 

  351. 	rewind(src);
    352. 

  352. 	rewind(dest);
    353. 

  353. 

  354. #ifdef WIN32
    355. 

  355. 	_chsize(fileno(dest), 0);
    356. 

  356. #else
    357. 

  357. 	if(ftruncate(fileno(dest), 0)) return 1;
    358. 

  358. #endif
    359. 

  359. 

  360. 	while(!feof(src)){
    361. 

  361. 		len = fread(buf, 1, MAX_BUFFER_LEN, src);
    362. 

  362. 		if(len > 0){
    363. 

  363. 			if(fwrite(buf, 1, len, dest) != len){
    364. 

  364. 				return 1;
    365. 

  365. 			}
    366. 

  366. 		}else{
    367. 

  367. 			return !feof(src);
    368. 

  368. 		}
    369. 

  369. 	}
    370. 

  370. 	return 0;
    371. 

  371. }
    372. 

  372. 

  373. static int create_backup(const char *backup_file, FILE *fptr)
    374. 

  374. {
    375. 

  375. 	FILE *fbackup;
    376. 

  376. 

  377. 	fbackup = fopen(backup_file, "wt");
    378. 

  378. 	if(!fbackup){
    379. 

  379. 		fprintf(stderr, "Error creating backup password file \"%s\", not continuing.\n", backup_file);
    380. 

  380. 		return 1;
    381. 

  381. 	}
    382. 

  382. 	if(copy_contents(fptr, fbackup)){
    383. 

  383. 		fprintf(stderr, "Error copying data to backup password file \"%s\", not continuing.\n", backup_file);
    384. 

  384. 		fclose(fbackup);
    385. 

  385. 		return 1;
    386. 

  386. 	}
    387. 

  387. 	fclose(fbackup);
    388. 

  388. 	rewind(fptr);
    389. 

  389. 	return 0;
    390. 

  390. }
    391. 

  391. 

  392. static void handle_sigint(int signal)
    393. 

  393. {
    394. 

  394. 	get_password__reset_term();
    395. 

  395. 

  396. 	UNUSED(signal);
    397. 

  397. 

  398. 	exit(0);
    399. 

  399. }
    400. 

  400. 

  401. 

  402. static bool is_username_valid(const char *username)
    403. 

  403. {
    404. 

  404. 	size_t i;
    405. 

  405. 	size_t slen;
    406. 

  406. 

  407. 	if(username){
    408. 

  408. 		slen = strlen(username);
    409. 

  409. 		if(slen > 65535){
    410. 

  410. 			fprintf(stderr, "Error: Username must be less than 65536 characters long.\n");
    411. 

  411. 			return false;
    412. 

  412. 		}
    413. 

  413. 		for(i=0; i<slen; i++){
    414. 

  414. 			if(iscntrl(username[i])){
    415. 

  415. 				fprintf(stderr, "Error: Username must not contain control characters.\n");
    416. 

  416. 				return false;
    417. 

  417. 			}
    418. 

  418. 		}
    419. 

  419. 		if(strchr(username, ':')){
    420. 

  420. 			fprintf(stderr, "Error: Username must not contain the ':' character.\n");
    421. 

  421. 			return false;
    422. 

  422. 		}
    423. 

  423. 	}
    424. 

  424. 	return true;
    425. 

  425. }
    426. 

  426. 

  427. int main(int argc, char *argv[])
    428. 

  428. {
    429. 

  429. 	char *password_file_tmp = NULL;
    430. 

  430. 	char *password_file = NULL;
    431. 

  431. 	char *username = NULL;
    432. 

  432. 	char *password_cmd = NULL;
    433. 

  433. 	bool batch_mode = false;
    434. 

  434. 	bool create_new = false;
    435. 

  435. 	bool delete_user = false;
    436. 

  436. 	FILE *fptr, *ftmp;
    437. 

  437. 	char password[MAX_BUFFER_LEN];
    438. 

  438. 	int rc;
    439. 

  439. 	bool do_update_file = false;
    440. 

  440. 	char *backup_file;
    441. 

  441. 	int idx;
    442. 

  442. 	int iterations = PW_DEFAULT_ITERATIONS;
    443. 

  443. 

  444. 	signal(SIGINT, handle_sigint);
    445. 

  445. 	signal(SIGTERM, handle_sigint);
    446. 

  446. 

  447. #if OPENSSL_VERSION_NUMBER < 0x10100000L || OPENSSL_API_COMPAT < 0x10100000L
    448. 

  448. 	OpenSSL_add_all_digests();
    449. 

  449. #else
    450. 

  450. 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
    451. 

  451. 			| OPENSSL_INIT_ADD_ALL_DIGESTS \
    452. 

  452. 			| OPENSSL_INIT_LOAD_CONFIG, NULL);
    453. 

  453. #endif
    454. 

  454. 

  455. 	if(argc == 1){
    456. 

  456. 		print_usage();
    457. 

  457. 		return 1;
    458. 

  458. 	}
    459. 

  459. 

  460. 	idx = 1;
    461. 

  461. 	for(idx = 1; idx < argc; idx++){
    462. 

  462. 		if(!strcmp(argv[idx], "-H")){
    463. 

  463. 			if(idx+1 == argc){
    464. 

  464. 				fprintf(stderr, "Error: -H argument given but not enough other arguments.\n");
    465. 

  465. 				return 1;
    466. 

  466. 			}
    467. 

  467. 			if(!strcmp(argv[idx+1], "sha512")){
    468. 

  468. 				hashtype = pw_sha512;
    469. 

  469. 			}else if(!strcmp(argv[idx+1], "sha512-pbkdf2")){
    470. 

  470. 				hashtype = pw_sha512_pbkdf2;
    471. 

  471. 			}else{
    472. 

  472. 				fprintf(stderr, "Error: Unknown hash type '%s'\n", argv[idx+1]);
    473. 

  473. 				return 1;
    474. 

  474. 			}
    475. 

  475. 			idx++;
    476. 

  476. 		}else if(!strcmp(argv[idx], "-b")){
    477. 

  477. 			batch_mode = true;
    478. 

  478. 		}else if(!strcmp(argv[idx], "-c")){
    479. 

  479. 			create_new = true;
    480. 

  480. 		}else if(!strcmp(argv[idx], "-D")){
    481. 

  481. 			delete_user = true;
    482. 

  482. 		}else if(!strcmp(argv[idx], "-I")){
    483. 

  483. 			if(idx+1 == argc){
    484. 

  484. 				fprintf(stderr, "Error: -I argument given but not enough other arguments.\n");
    485. 

  485. 				return 1;
    486. 

  486. 			}
    487. 

  487. 			iterations = atoi(argv[idx+1]);
    488. 

  488. 			idx++;
    489. 

  489. 			if(iterations < 1){
    490. 

  490. 				fprintf(stderr, "Error: Number of iterations must be > 0.\n");
    491. 

  491. 				return 1;
    492. 

  492. 			}
    493. 

  493. 		}else if(!strcmp(argv[idx], "-U")){
    494. 

  494. 			do_update_file = true;
    495. 

  495. 		}else{
    496. 

  496. 			break;
    497. 

  497. 		}
    498. 

  498. 	}
    499. 

  499. 

  500. 	if(create_new && delete_user){
    501. 

  501. 		fprintf(stderr, "Error: -c and -D cannot be used together.\n");
    502. 

  502. 		return 1;
    503. 

  503. 	}
    504. 

  504. 	if(create_new && do_update_file){
    505. 

  505. 		fprintf(stderr, "Error: -c and -U cannot be used together.\n");
    506. 

  506. 		return 1;
    507. 

  507. 	}
    508. 

  508. 	if(delete_user && do_update_file){
    509. 

  509. 		fprintf(stderr, "Error: -D and -U cannot be used together.\n");
    510. 

  510. 		return 1;
    511. 

  511. 	}
    512. 

  512. 	if(delete_user && batch_mode){
    513. 

  513. 		fprintf(stderr, "Error: -b and -D cannot be used together.\n");
    514. 

  514. 		return 1;
    515. 

  515. 	}
    516. 

  516. 

  517. 	if(create_new){
    518. 

  518. 		if(batch_mode){
    519. 

  519. 			if(idx+2 >= argc){
    520. 

  520. 				fprintf(stderr, "Error: -c argument given but password file, username, or password missing.\n");
    521. 

  521. 				return 1;
    522. 

  522. 			}else{
    523. 

  523. 				password_file_tmp = argv[idx];
    524. 

  524. 				username = argv[idx+1];
    525. 

  525. 				password_cmd = argv[idx+2];
    526. 

  526. 			}
    527. 

  527. 		}else{
    528. 

  528. 			if(idx+1 >= argc){
    529. 

  529. 				fprintf(stderr, "Error: -c argument given but password file or username missing.\n");
    530. 

  530. 				return 1;
    531. 

  531. 			}else{
    532. 

  532. 				password_file_tmp = argv[idx];
    533. 

  533. 				username = argv[idx+1];
    534. 

  534. 			}
    535. 

  535. 		}
    536. 

  536. 	}else if(delete_user){
    537. 

  537. 		if(idx+1 >= argc){
    538. 

  538. 			fprintf(stderr, "Error: -D argument given but password file or username missing.\n");
    539. 

  539. 			return 1;
    540. 

  540. 		}else{
    541. 

  541. 			password_file_tmp = argv[idx];
    542. 

  542. 			username = argv[idx+1];
    543. 

  543. 		}
    544. 

  544. 	}else if(do_update_file){
    545. 

  545. 		if(idx+1 != argc){
    546. 

  546. 			fprintf(stderr, "Error: -U argument given but password file missing.\n");
    547. 

  547. 			return 1;
    548. 

  548. 		}else{
    549. 

  549. 			password_file_tmp = argv[idx];
    550. 

  550. 		}
    551. 

  551. 	}else if(batch_mode == true && idx+3 == argc){
    552. 

  552. 		password_file_tmp = argv[idx];
    553. 

  553. 		username = argv[idx+1];
    554. 

  554. 		password_cmd = argv[idx+2];
    555. 

  555. 	}else if(batch_mode == false && idx+2 == argc){
    556. 

  556. 		password_file_tmp = argv[idx];
    557. 

  557. 		username = argv[idx+1];
    558. 

  558. 	}else{
    559. 

  559. 		print_usage();
    560. 

  560. 		return 1;
    561. 

  561. 	}
    562. 

  562. 

  563. 	if(!is_username_valid(username)){
    564. 

  564. 		return 1;
    565. 

  565. 	}
    566. 

  566. 	if(password_cmd && strlen(password_cmd) > 65535){
    567. 

  567. 		fprintf(stderr, "Error: Password must be less than 65536 characters long.\n");
    568. 

  568. 		return 1;
    569. 

  569. 	}
    570. 

  570. 

  571. #ifdef WIN32
    572. 

  572. 	password_file = _fullpath(NULL, password_file_tmp, 0);
    573. 

  573. 	if(!password_file){
    574. 

  574. 		fprintf(stderr, "Error getting full path for password file.\n");
    575. 

  575. 		return 1;
    576. 

  576. 	}
    577. 

  577. #else
    578. 

  578. 	password_file = realpath(password_file_tmp, NULL);
    579. 

  579. 	if(!password_file){
    580. 

  580. 		if(errno == ENOENT){
    581. 

  581. 			password_file = strdup(password_file_tmp);
    582. 

  582. 			if(!password_file){
    583. 

  583. 				fprintf(stderr, "Error: Out of memory.\n");
    584. 

  584. 				return 1;
    585. 

  585. 			}
    586. 

  586. 		}else{
    587. 

  587. 			fprintf(stderr, "Error reading password file: %s\n", strerror(errno));
    588. 

  588. 			return 1;
    589. 

  589. 		}
    590. 

  590. 	}
    591. 

  591. #endif
    592. 

  592. 

  593. 	if(create_new){
    594. 

  594. 		if(batch_mode == false){
    595. 

  595. 			rc = get_password("Password: ", "Reenter password: ", false, password, MAX_BUFFER_LEN);
    596. 

  596. 			if(rc){
    597. 

  597. 				free(password_file);
    598. 

  598. 				return rc;
    599. 

  599. 			}
    600. 

  600. 			password_cmd = password;
    601. 

  601. 		}
    602. 

  602. 		fptr = fopen(password_file, "wt");
    603. 

  603. 		if(!fptr){
    604. 

  604. 			fprintf(stderr, "Error: Unable to open file %s for writing. %s.\n", password_file, strerror(errno));
    605. 

  605. 			free(password_file);
    606. 

  606. 			return 1;
    607. 

  607. 		}
    608. 

  608. 		free(password_file);
    609. 

  609. 		rc = output_new_password(fptr, username, password_cmd, iterations);
    610. 

  610. 		fclose(fptr);
    611. 

  611. 		return rc;
    612. 

  612. 	}else{
    613. 

  613. 		fptr = fopen(password_file, "r+t");
    614. 

  614. 		if(!fptr){
    615. 

  615. 			fprintf(stderr, "Error: Unable to open password file %s. %s.\n", password_file, strerror(errno));
    616. 

  616. 			free(password_file);
    617. 

  617. 			return 1;
    618. 

  618. 		}
    619. 

  619. 

  620. 		backup_file = malloc((size_t)strlen(password_file)+5);
    621. 

  621. 		if(!backup_file){
    622. 

  622. 			fprintf(stderr, "Error: Out of memory.\n");
    623. 

  623. 			free(password_file);
    624. 

  624. 			return 1;
    625. 

  625. 		}
    626. 

  626. 		snprintf(backup_file, strlen(password_file)+5, "%s.tmp", password_file);
    627. 

  627. 		free(password_file);
    628. 

  628. 		password_file = NULL;
    629. 

  629. 

  630. 		if(create_backup(backup_file, fptr)){
    631. 

  631. 			fclose(fptr);
    632. 

  632. 			free(backup_file);
    633. 

  633. 			return 1;
    634. 

  634. 		}
    635. 

  635. 

  636. 		ftmp = mpw_tmpfile();
    637. 

  637. 		if(!ftmp){
    638. 

  638. 			fprintf(stderr, "Error: Unable to open temporary file. %s.\n", strerror(errno));
    639. 

  639. 			fclose(fptr);
    640. 

  640. 			free(backup_file);
    641. 

  641. 			return 1;
    642. 

  642. 		}
    643. 

  643. 		if(delete_user){
    644. 

  644. 			rc = delete_pwuser(fptr, ftmp, username);
    645. 

  645. 		}else if(do_update_file){
    646. 

  646. 			rc = update_file(fptr, ftmp);
    647. 

  647. 		}else{
    648. 

  648. 			if(batch_mode){
    649. 

  649. 				/* Update password for individual user */
    650. 

  650. 				rc = update_pwuser(fptr, ftmp, username, password_cmd, iterations);
    651. 

  651. 			}else{
    652. 

  652. 				rc = get_password("Password: ", "Reenter password: ", false, password, MAX_BUFFER_LEN);
    653. 

  653. 				if(rc){
    654. 

  654. 					fclose(fptr);
    655. 

  655. 					fclose(ftmp);
    656. 

  656. 					unlink(backup_file);
    657. 

  657. 					free(backup_file);
    658. 

  658. 					return rc;
    659. 

  659. 				}
    660. 

  660. 				/* Update password for individual user */
    661. 

  661. 				rc = update_pwuser(fptr, ftmp, username, password, iterations);
    662. 

  662. 			}
    663. 

  663. 		}
    664. 

  664. 		if(rc){
    665. 

  665. 			fclose(fptr);
    666. 

  666. 			fclose(ftmp);
    667. 

  667. 			unlink(backup_file);
    668. 

  668. 			free(backup_file);
    669. 

  669. 			return rc;
    670. 

  670. 		}
    671. 

  671. 

  672. 		if(copy_contents(ftmp, fptr)){
    673. 

  673. 			fclose(fptr);
    674. 

  674. 			fclose(ftmp);
    675. 

  675. 			fprintf(stderr, "Error occurred updating password file.\n");
    676. 

  676. 			fprintf(stderr, "Password file may be corrupt, check the backup file: %s.\n", backup_file);
    677. 

  677. 			free(backup_file);
    678. 

  678. 			return 1;
    679. 

  679. 		}
    680. 

  680. 		fclose(fptr);
    681. 

  681. 		fclose(ftmp);
    682. 

  682. 

  683. 		/* Everything was ok so backup no longer needed. May contain old
    684. 

  684. 		 * passwords so shouldn't be kept around. */
    685. 

  685. 		unlink(backup_file);
    686. 

  686. 		free(backup_file);
    687. 

  687. 	}
    688. 

  688. 

  689. 	return 0;
    690. 

  690. }
    691.