forked from brunonymous/vpopmail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vchangepw.c
122 lines (110 loc) · 3.5 KB
/
vchangepw.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/*
* Copyright (C) 1999-2009 Inter7 Internet Technologies, Inc.
*
* Modified version of vpasswd created by Rolf Eike Beer, November 2003
*
* Usage Note:
* Set up another user account with this binary as shell. Then chmod
* it to suid vpopmail. Now users can ssh to the box as this user and
* change the password remote without asking anyone. If you only allow
* logins via ssh the password wont be sent unencrypted.
*
* Copyright (C) 1999,2001 Inter7 Internet Technologies, Inc.
* Copyright (C) 2003-2006 Rolf Eike Beer
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <syslog.h>
#include "config.h"
#include "vpopmail.h"
#include "vauth.h"
int main(void)
{
int i;
struct vqpasswd *vpw = NULL;
char Email[MAX_BUFF];
char User[MAX_BUFF];
char Domain[MAX_BUFF];
char Passwd[128]; /* must be at least the size of the buffer in vpopmail.c::getpass */
char *passwdtmp;
if( vauth_open( 1 )) {
vexiterror( stderr, "Initial open." );
}
memset(Passwd, 0, sizeof(Passwd));
memset(Domain, 0, sizeof(Domain));
memset(User, 0, sizeof(User));
fputs("Please enter the email address: ", stdout);
if (fgets(Email, sizeof(Email), stdin) == NULL) {
puts("\n");
return 0; // exit, no address entered
} else {
i = strlen(Email) - 1;
if (i >= 0 && (Email[i] == '\n' || Email[i] == '\r')) {
Email[i] = '\0';
} else {
puts("\nError: email address too long");
return 3;
}
}
puts(Email);
if ( (i = parse_email( Email, User, Domain, MAX_BUFF)) != 0 ) {
fputs("Error: ", stdout);
puts(verror(i));
vexit(i);
}
passwdtmp = getpass("Enter old password: ");
i = strlen(passwdtmp);
if (i >= sizeof(Passwd)) {
puts("Error: password too long.");
openlog("vchangepw", 0, LOG_AUTH);
syslog(LOG_NOTICE, "Too long password for user <%s>\n", Email);
closelog();
vexit(3);
}
strncpy(Passwd, passwdtmp, i + 1);
if ( (vpw = vauth_getpw(User, Domain)) != NULL ) {
vget_assign(Domain, NULL, 0, NULL, NULL);
if ( vauth_crypt(User, Domain, Passwd, vpw) != 0 ) {
puts("Error: authentication failed!");
openlog("vchangepw", 0, LOG_AUTH);
syslog(LOG_NOTICE, "Wrong password for user <%s>\n", Email);
closelog();
vexit(3);
}
} else {
puts("Error: authentication failed!");
openlog("vchangepw", 0, LOG_AUTH);
syslog(LOG_NOTICE, "Domain of address <%s> does not exist\n", Email);
closelog();
vexit(3);
}
vgetpasswd(Email, Passwd, sizeof(Passwd));
if ( (i = vpasswd( User, Domain, Passwd, USE_POP )) != 0 ) {
printf("Error: %s\n", verror(i));
openlog("vchangepw", 0, LOG_AUTH);
syslog(LOG_NOTICE, "Error changing users password! User <%s>, message: ""%s""\n",
Email, verror(i));
closelog();
vexit(i);
} else {
printf("Password successfully changed.\n");
openlog("vchangepw", 0, LOG_AUTH);
syslog(LOG_DEBUG, "User <%s> changed password\n", Email);
closelog();
}
return vexit(i);
}