blob: 31ba184bb5d680aa3f18d666e44481814ce7cbd6 [file] [log] [blame]
#include <u.h>
#include <libc.h>
#include <mp.h>
#include <libsec.h>
#include "SConn.h"
#include "secstore.h"
int verbose;
static void userinput(char *, int);
char *SECSTORE_DIR;
static void
ensure_exists(char *f, ulong perm)
{
int fd;
if(access(f, AEXIST) >= 0)
return;
if(verbose)
fprint(2,"first time setup for secstore: create %s %lo\n", f, perm);
fd = create(f, OREAD, perm);
if(fd < 0){
fprint(2, "unable to create %s\n", f);
exits("secstored directories");
}
close(fd);
}
int
main(int argc, char **argv)
{
int isnew;
char *id, buf[Maxmsg], home[Maxmsg], prompt[100], *hexHi;
char *pass, *passck;
long expsecs;
mpint *H = mpnew(0), *Hi = mpnew(0);
PW *pw;
Tm *tm;
SECSTORE_DIR = unsharp("#9/secstore");
ARGBEGIN{
case 'v':
verbose++;
break;
}ARGEND;
if(argc!=1){
print("usage: secuser [-v] <user>\n");
exits("usage");
}
ensure_exists(SECSTORE_DIR, DMDIR|0755L);
snprint(home, sizeof(home), "%s/who", SECSTORE_DIR);
ensure_exists(home, DMDIR|0755L);
snprint(home, sizeof(home), "%s/store", SECSTORE_DIR);
ensure_exists(home, DMDIR|0700L);
id = argv[0];
if(verbose)
fprint(2,"secuser %s\n", id);
if((pw = getPW(id,1)) == nil){
isnew = 1;
print("new account (because %s/%s %r)\n", SECSTORE_DIR, id);
pw = emalloc(sizeof(*pw));
pw->id = estrdup(id);
snprint(home, sizeof(home), "%s/store/%s", SECSTORE_DIR, id);
if(access(home, AEXIST) == 0){
print("new user, but directory %s already exists\n", home);
exits(home);
}
}else{
isnew = 0;
}
/* get main password for id */
for(;;){
if(isnew)
snprint(prompt, sizeof(prompt), "%s password", id);
else
snprint(prompt, sizeof(prompt), "%s password [default = don't change]", id);
pass = readcons(prompt, nil, 1);
if(pass == nil){
print("getpass failed\n");
exits("getpass failed");
}
if(verbose)
print("%ld characters\n", strlen(pass));
if(pass[0] == '\0' && isnew == 0)
break;
if(strlen(pass) >= 7)
break;
print("password must be at least 7 characters\n");
}
if(pass[0] != '\0'){
snprint(prompt, sizeof(prompt), "retype password");
if(verbose)
print("confirming...\n");
passck = readcons(prompt, nil, 1);
if(passck == nil){
print("getpass failed\n");
exits("getpass failed");
}
if(strcmp(pass, passck) != 0){
print("passwords didn't match\n");
exits("no match");
}
memset(passck, 0, strlen(passck));
free(passck);
hexHi = PAK_Hi(id, pass, H, Hi);
memset(pass, 0, strlen(pass));
free(pass);
free(hexHi);
mpfree(H);
pw->Hi = Hi;
}
/* get expiration time (midnight of date specified) */
if(isnew)
expsecs = time(0) + 365*24*60*60;
else
expsecs = pw->expire;
for(;;){
tm = localtime(expsecs);
print("expires [DDMMYYYY, default = %2.2d%2.2d%4.4d]: ",
tm->mday, tm->mon, tm->year+1900);
userinput(buf, sizeof(buf));
if(strlen(buf) == 0)
break;
if(strlen(buf) != 8){
print("!bad date format: %s\n", buf);
continue;
}
tm->mday = (buf[0]-'0')*10 + (buf[1]-'0');
if(tm->mday > 31 || tm->mday < 1){
print("!bad day of month: %d\n", tm->mday);
continue;
}
tm->mon = (buf[2]-'0')*10 + (buf[3]-'0') - 1;
if(tm->mon > 11 || tm->mday < 0){
print("!bad month: %d\n", tm->mon + 1);
continue;
}
tm->year = atoi(buf+4) - 1900;
if(tm->year < 70){
print("!bad year: %d\n", tm->year + 1900);
continue;
}
tm->sec = 59;
tm->min = 59;
tm->hour = 23;
tm->yday = 0;
expsecs = tm2sec(tm);
break;
}
pw->expire = expsecs;
/* failed logins */
if(pw->failed != 0 )
print("clearing %d failed login attempts\n", pw->failed);
pw->failed = 0;
/* status bits */
if(isnew)
pw->status = Enabled;
for(;;){
print("Enabled or Disabled [default %s]: ",
(pw->status & Enabled) ? "Enabled" : "Disabled" );
userinput(buf, sizeof(buf));
if(strlen(buf) == 0)
break;
if(buf[0]=='E' || buf[0]=='e'){
pw->status |= Enabled;
break;
}
if(buf[0]=='D' || buf[0]=='d'){
pw->status = pw->status & ~Enabled;
break;
}
}
for(;;){
print("require STA? [default %s]: ",
(pw->status & STA) ? "yes" : "no" );
userinput(buf, sizeof(buf));
if(strlen(buf) == 0)
break;
if(buf[0]=='Y' || buf[0]=='y'){
pw->status |= STA;
break;
}
if(buf[0]=='N' || buf[0]=='n'){
pw->status = pw->status & ~STA;
break;
}
}
/* free form field */
if(isnew)
pw->other = nil;
print("comments [default = %s]: ", (pw->other == nil) ? "" : pw->other);
userinput(buf, 72); /* 72 comes from password.h */
if(buf[0])
if((pw->other = strdup(buf)) == nil)
sysfatal("strdup");
syslog(0, LOG, "CHANGELOGIN for '%s'", pw->id);
if(putPW(pw) < 0){
print("error writing entry: %r\n");
exits("can't write password file");
}else{
print("change written\n");
if(isnew && create(home, OREAD, DMDIR | 0775L) < 0){
print("unable to create %s: %r\n", home);
exits(home);
}
}
exits("");
return 1; /* keep other compilers happy */
}
static void
userinput(char *buf, int blen)
{
int n;
while(1){
n = read(0, buf, blen);
if(n<=0)
exits("read error");
if(buf[n-1]=='\n'){
buf[n-1] = '\0';
return;
}
buf += n; blen -= n;
if(blen<=0)
exits("input too large");
}
}