1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
/*
* Copyright (c) 2020, Peter Elliott <pelliott@ualberta.ca>
* Copyright (c) 2021, Andreas Kling <kling@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <AK/Types.h>
#include <LibCore/Account.h>
#include <LibCore/ArgsParser.h>
#include <LibCore/File.h>
#include <LibCore/GetPassword.h>
#include <string.h>
#include <unistd.h>
int main(int argc, char** argv)
{
if (geteuid() != 0) {
warnln("Not running as root :^(");
return 1;
}
if (setegid(0) < 0) {
perror("setegid");
return 1;
}
if (pledge("stdio wpath rpath cpath fattr tty", nullptr) < 0) {
perror("pledge");
return 1;
}
if (unveil("/etc", "rwc") < 0) {
perror("unveil");
return 1;
}
unveil(nullptr, nullptr);
bool del = false;
bool lock = false;
bool unlock = false;
const char* username = nullptr;
auto args_parser = Core::ArgsParser();
args_parser.set_general_help("Modify an account password.");
args_parser.add_option(del, "Delete password", "delete", 'd');
args_parser.add_option(lock, "Lock password", "lock", 'l');
args_parser.add_option(unlock, "Unlock password", "unlock", 'u');
args_parser.add_positional_argument(username, "Username", "username", Core::ArgsParser::Required::No);
args_parser.parse(argc, argv);
uid_t current_uid = getuid();
auto account_or_error = (username)
? Core::Account::from_name(username)
: Core::Account::from_uid(current_uid);
if (account_or_error.is_error()) {
warnln("Core::Account::{}: {}", (username) ? "from_name" : "from_uid", account_or_error.error());
return 1;
}
setpwent();
if (pledge("stdio wpath rpath cpath fattr tty", nullptr) < 0) {
perror("pledge");
return 1;
}
// target_account is the account we are changing the password of.
auto& target_account = account_or_error.value();
if (current_uid != 0 && current_uid != target_account.uid()) {
warnln("You can't modify passwd for {}", username);
return 1;
}
if (del) {
target_account.delete_password();
} else if (lock) {
target_account.set_password_enabled(false);
} else if (unlock) {
target_account.set_password_enabled(true);
} else {
if (current_uid != 0) {
auto current_password = Core::get_password("Current password: ");
if (current_password.is_error()) {
warnln("{}", current_password.error());
return 1;
}
if (!target_account.authenticate(current_password.value().characters())) {
warnln("Incorrect or disabled password.");
warnln("Password for user {} unchanged.", target_account.username());
return 1;
}
}
auto new_password = Core::get_password("New password: ");
if (new_password.is_error()) {
warnln("{}", new_password.error());
return 1;
}
auto new_password_retype = Core::get_password("Retype new password: ");
if (new_password_retype.is_error()) {
warnln("{}", new_password_retype.error());
return 1;
}
if (new_password.value().is_empty() && new_password_retype.value().is_empty()) {
warnln("No password supplied.");
warnln("Password for user {} unchanged.", target_account.username());
return 1;
}
if (new_password.value() != new_password_retype.value()) {
warnln("Sorry, passwords don't match.");
warnln("Password for user {} unchanged.", target_account.username());
return 1;
}
target_account.set_password(new_password.value().characters());
}
if (pledge("stdio wpath rpath cpath fattr", nullptr) < 0) {
perror("pledge");
return 1;
}
if (!target_account.sync()) {
perror("Core::Account::Sync");
} else {
outln("Password for user {} successfully updated.", target_account.username());
}
return 0;
}
|