Sun Mar 15 20:03:49 2009 UTC ()
Pull up following revision(s) (requested by mlelstv in ticket #562):
	usr.sbin/user/user.c: revision 1.121
bin/40994: Michael van Elst: usermod -l change password so user is unable to
login. User getpwnam_r to avoid trashing result of previous call to getpwnam().


(snj)
diff -r1.120 -r1.120.4.1 src/usr.sbin/user/user.c
cvs diff -r1.120 -r1.120.4.1 src/usr.sbin/user/user.c (switch to unified diff)

--- src/usr.sbin/user/user.c 2008/07/21 13:37:00 1.120
+++ src/usr.sbin/user/user.c 2009/03/15 20:03:49 1.120.4.1
@@ -1,2406 +1,2408 @@ @@ -1,2406 +1,2408 @@
1/* $NetBSD: user.c,v 1.120 2008/07/21 13:37:00 lukem Exp $ */ 1/* $NetBSD: user.c,v 1.120.4.1 2009/03/15 20:03:49 snj Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999 Alistair G. Crooks. All rights reserved. 4 * Copyright (c) 1999 Alistair G. Crooks. All rights reserved.
5 * Copyright (c) 2005 Liam J. Foy. All rights reserved. 5 * Copyright (c) 2005 Liam J. Foy. All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote 15 * 3. The name of the author may not be used to endorse or promote
16 * products derived from this software without specific prior written 16 * products derived from this software without specific prior written
17 * permission. 17 * permission.
18 * 18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
20 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
25 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */ 30 */
31#include <sys/cdefs.h> 31#include <sys/cdefs.h>
32 32
33#ifndef lint 33#ifndef lint
34__COPYRIGHT("@(#) Copyright (c) 1999\ 34__COPYRIGHT("@(#) Copyright (c) 1999\
35 The NetBSD Foundation, Inc. All rights reserved."); 35 The NetBSD Foundation, Inc. All rights reserved.");
36__RCSID("$NetBSD: user.c,v 1.120 2008/07/21 13:37:00 lukem Exp $"); 36__RCSID("$NetBSD: user.c,v 1.120.4.1 2009/03/15 20:03:49 snj Exp $");
37#endif 37#endif
38 38
39#include <sys/types.h> 39#include <sys/types.h>
40#include <sys/param.h> 40#include <sys/param.h>
41#include <sys/stat.h> 41#include <sys/stat.h>
42 42
43#include <ctype.h> 43#include <ctype.h>
44#include <dirent.h> 44#include <dirent.h>
45#include <err.h> 45#include <err.h>
46#include <fcntl.h> 46#include <fcntl.h>
47#include <grp.h> 47#include <grp.h>
48#ifdef EXTENSIONS 48#ifdef EXTENSIONS
49#include <login_cap.h> 49#include <login_cap.h>
50#endif 50#endif
51#include <paths.h> 51#include <paths.h>
52#include <pwd.h> 52#include <pwd.h>
53#include <regex.h> 53#include <regex.h>
54#include <stdarg.h> 54#include <stdarg.h>
55#include <stdio.h> 55#include <stdio.h>
56#include <stdlib.h> 56#include <stdlib.h>
57#include <string.h> 57#include <string.h>
58#include <syslog.h> 58#include <syslog.h>
59#include <time.h> 59#include <time.h>
60#include <unistd.h> 60#include <unistd.h>
61#include <util.h> 61#include <util.h>
62#include <errno.h> 62#include <errno.h>
63 63
64#include "defs.h" 64#include "defs.h"
65#include "usermgmt.h" 65#include "usermgmt.h"
66 66
67 67
68/* this struct describes a uid range */ 68/* this struct describes a uid range */
69typedef struct range_t { 69typedef struct range_t {
70 int r_from; /* low uid */ 70 int r_from; /* low uid */
71 int r_to; /* high uid */ 71 int r_to; /* high uid */
72} range_t; 72} range_t;
73 73
74/* this struct encapsulates the user information */ 74/* this struct encapsulates the user information */
75typedef struct user_t { 75typedef struct user_t {
76 int u_flags; /* see below */ 76 int u_flags; /* see below */
77 int u_uid; /* uid of user */ 77 int u_uid; /* uid of user */
78 char *u_password; /* encrypted password */ 78 char *u_password; /* encrypted password */
79 char *u_comment; /* comment field */ 79 char *u_comment; /* comment field */
80 char *u_home; /* home directory */ 80 char *u_home; /* home directory */
81 mode_t u_homeperm; /* permissions of home dir */ 81 mode_t u_homeperm; /* permissions of home dir */
82 char *u_primgrp; /* primary group */ 82 char *u_primgrp; /* primary group */
83 int u_groupc; /* # of secondary groups */ 83 int u_groupc; /* # of secondary groups */
84 const char *u_groupv[NGROUPS_MAX]; /* secondary groups */ 84 const char *u_groupv[NGROUPS_MAX]; /* secondary groups */
85 char *u_shell; /* user's shell */ 85 char *u_shell; /* user's shell */
86 char *u_basedir; /* base directory for home */ 86 char *u_basedir; /* base directory for home */
87 char *u_expire; /* when password will expire */ 87 char *u_expire; /* when password will expire */
88 char *u_inactive; /* when account will expire */ 88 char *u_inactive; /* when account will expire */
89 char *u_skeldir; /* directory for startup files */ 89 char *u_skeldir; /* directory for startup files */
90 char *u_class; /* login class */ 90 char *u_class; /* login class */
91 unsigned u_rsize; /* size of range array */ 91 unsigned u_rsize; /* size of range array */
92 unsigned u_rc; /* # of ranges */ 92 unsigned u_rc; /* # of ranges */
93 range_t *u_rv; /* the ranges */ 93 range_t *u_rv; /* the ranges */
94 unsigned u_defrc; /* # of ranges in defaults */ 94 unsigned u_defrc; /* # of ranges in defaults */
95 int u_preserve; /* preserve uids on deletion */ 95 int u_preserve; /* preserve uids on deletion */
96 int u_allow_samba; /* allow trailing '$' for samba login names */ 96 int u_allow_samba; /* allow trailing '$' for samba login names */
97 int u_locked; /* user account lock */ 97 int u_locked; /* user account lock */
98} user_t; 98} user_t;
99 99
100/* flags for which fields of the user_t replace the passwd entry */ 100/* flags for which fields of the user_t replace the passwd entry */
101enum { 101enum {
102 F_COMMENT = 0x0001, 102 F_COMMENT = 0x0001,
103 F_DUPUID = 0x0002, 103 F_DUPUID = 0x0002,
104 F_EXPIRE = 0x0004, 104 F_EXPIRE = 0x0004,
105 F_GROUP = 0x0008, 105 F_GROUP = 0x0008,
106 F_HOMEDIR = 0x0010, 106 F_HOMEDIR = 0x0010,
107 F_MKDIR = 0x0020, 107 F_MKDIR = 0x0020,
108 F_INACTIVE = 0x0040, 108 F_INACTIVE = 0x0040,
109 F_PASSWORD = 0x0080, 109 F_PASSWORD = 0x0080,
110 F_SECGROUP = 0x0100, 110 F_SECGROUP = 0x0100,
111 F_SHELL = 0x0200, 111 F_SHELL = 0x0200,
112 F_UID = 0x0400, 112 F_UID = 0x0400,
113 F_USERNAME = 0x0800, 113 F_USERNAME = 0x0800,
114 F_CLASS = 0x1000 114 F_CLASS = 0x1000
115}; 115};
116 116
117#define UNLOCK 0 117#define UNLOCK 0
118#define LOCK 1 118#define LOCK 1
119#define LOCKED "*LOCKED*" 119#define LOCKED "*LOCKED*"
120 120
121#define PATH_LOGINCONF "/etc/login.conf" 121#define PATH_LOGINCONF "/etc/login.conf"
122 122
123#ifndef DEF_GROUP 123#ifndef DEF_GROUP
124#define DEF_GROUP "users" 124#define DEF_GROUP "users"
125#endif 125#endif
126 126
127#ifndef DEF_BASEDIR 127#ifndef DEF_BASEDIR
128#define DEF_BASEDIR "/home" 128#define DEF_BASEDIR "/home"
129#endif 129#endif
130 130
131#ifndef DEF_SKELDIR 131#ifndef DEF_SKELDIR
132#define DEF_SKELDIR "/etc/skel" 132#define DEF_SKELDIR "/etc/skel"
133#endif 133#endif
134 134
135#ifndef DEF_SHELL 135#ifndef DEF_SHELL
136#define DEF_SHELL _PATH_BSHELL 136#define DEF_SHELL _PATH_BSHELL
137#endif 137#endif
138 138
139#ifndef DEF_COMMENT 139#ifndef DEF_COMMENT
140#define DEF_COMMENT "" 140#define DEF_COMMENT ""
141#endif 141#endif
142 142
143#ifndef DEF_LOWUID 143#ifndef DEF_LOWUID
144#define DEF_LOWUID 1000 144#define DEF_LOWUID 1000
145#endif 145#endif
146 146
147#ifndef DEF_HIGHUID 147#ifndef DEF_HIGHUID
148#define DEF_HIGHUID 60000 148#define DEF_HIGHUID 60000
149#endif 149#endif
150 150
151#ifndef DEF_INACTIVE 151#ifndef DEF_INACTIVE
152#define DEF_INACTIVE 0 152#define DEF_INACTIVE 0
153#endif 153#endif
154 154
155#ifndef DEF_EXPIRE 155#ifndef DEF_EXPIRE
156#define DEF_EXPIRE NULL 156#define DEF_EXPIRE NULL
157#endif 157#endif
158 158
159#ifndef DEF_CLASS 159#ifndef DEF_CLASS
160#define DEF_CLASS "" 160#define DEF_CLASS ""
161#endif 161#endif
162 162
163#ifndef WAITSECS 163#ifndef WAITSECS
164#define WAITSECS 10 164#define WAITSECS 10
165#endif 165#endif
166 166
167#ifndef NOBODY_UID 167#ifndef NOBODY_UID
168#define NOBODY_UID 32767 168#define NOBODY_UID 32767
169#endif 169#endif
170 170
171#ifndef DEF_HOMEPERM 171#ifndef DEF_HOMEPERM
172#define DEF_HOMEPERM 0755 172#define DEF_HOMEPERM 0755
173#endif 173#endif
174 174
175/* some useful constants */ 175/* some useful constants */
176enum { 176enum {
177 MaxShellNameLen = 256, 177 MaxShellNameLen = 256,
178 MaxFileNameLen = MAXPATHLEN, 178 MaxFileNameLen = MAXPATHLEN,
179 MaxUserNameLen = LOGIN_NAME_MAX - 1, 179 MaxUserNameLen = LOGIN_NAME_MAX - 1,
180 MaxCommandLen = 2048, 180 MaxCommandLen = 2048,
181 MaxEntryLen = 2048, 181 MaxEntryLen = 2048,
182 PasswordLength = 2048, 182 PasswordLength = 2048,
183 183
184 DES_Len = 13, 184 DES_Len = 13,
185 185
186 LowGid = DEF_LOWUID, 186 LowGid = DEF_LOWUID,
187 HighGid = DEF_HIGHUID 187 HighGid = DEF_HIGHUID
188}; 188};
189 189
190/* Full paths of programs used here */ 190/* Full paths of programs used here */
191#define CHMOD "/bin/chmod" 191#define CHMOD "/bin/chmod"
192#define CHOWN "/usr/sbin/chown" 192#define CHOWN "/usr/sbin/chown"
193#define MKDIR "/bin/mkdir" 193#define MKDIR "/bin/mkdir"
194#define MV "/bin/mv" 194#define MV "/bin/mv"
195#define NOLOGIN "/sbin/nologin" 195#define NOLOGIN "/sbin/nologin"
196#define PAX "/bin/pax" 196#define PAX "/bin/pax"
197#define RM "/bin/rm" 197#define RM "/bin/rm"
198 198
199#define UNSET_INACTIVE "Null (unset)" 199#define UNSET_INACTIVE "Null (unset)"
200#define UNSET_EXPIRY "Null (unset)" 200#define UNSET_EXPIRY "Null (unset)"
201 201
202static int asystem(const char *fmt, ...) 202static int asystem(const char *fmt, ...)
203 __attribute__((__format__(__printf__, 1, 2))); 203 __attribute__((__format__(__printf__, 1, 2)));
204static int is_number(const char *); 204static int is_number(const char *);
205static struct group *find_group_info(const char *); 205static struct group *find_group_info(const char *);
206static int verbose; 206static int verbose;
207 207
208static char * 208static char *
209skipspace(char *s) 209skipspace(char *s)
210{ 210{
211 for (; *s && isspace((unsigned char)*s) ; s++) { 211 for (; *s && isspace((unsigned char)*s) ; s++) {
212 } 212 }
213 return s; 213 return s;
214} 214}
215 215
216static int 216static int
217check_numeric(const char *val, const char *name) 217check_numeric(const char *val, const char *name)
218{ 218{
219 if (!is_number(val)) { 219 if (!is_number(val)) {
220 errx(EXIT_FAILURE, "When using [-%c %s], " 220 errx(EXIT_FAILURE, "When using [-%c %s], "
221 "the %s must be numeric", *name, name, name); 221 "the %s must be numeric", *name, name, name);
222 } 222 }
223 return atoi(val); 223 return atoi(val);
224} 224}
225 225
226/* resize *cpp appropriately then assign `n' chars of `s' to it */ 226/* resize *cpp appropriately then assign `n' chars of `s' to it */
227static void 227static void
228memsave(char **cpp, const char *s, size_t n) 228memsave(char **cpp, const char *s, size_t n)
229{ 229{
230 RENEW(char, *cpp, n + 1, exit(1)); 230 RENEW(char, *cpp, n + 1, exit(1));
231 (void)memcpy(*cpp, s, n); 231 (void)memcpy(*cpp, s, n);
232 (*cpp)[n] = '\0'; 232 (*cpp)[n] = '\0';
233} 233}
234 234
235/* a replacement for system(3) */ 235/* a replacement for system(3) */
236static int 236static int
237asystem(const char *fmt, ...) 237asystem(const char *fmt, ...)
238{ 238{
239 va_list vp; 239 va_list vp;
240 char buf[MaxCommandLen]; 240 char buf[MaxCommandLen];
241 int ret; 241 int ret;
242 242
243 va_start(vp, fmt); 243 va_start(vp, fmt);
244 (void)vsnprintf(buf, sizeof(buf), fmt, vp); 244 (void)vsnprintf(buf, sizeof(buf), fmt, vp);
245 va_end(vp); 245 va_end(vp);
246 if (verbose) { 246 if (verbose) {
247 (void)printf("Command: %s\n", buf); 247 (void)printf("Command: %s\n", buf);
248 } 248 }
249 if ((ret = system(buf)) != 0) { 249 if ((ret = system(buf)) != 0) {
250 warn("Error running `%s'", buf); 250 warn("Error running `%s'", buf);
251 } 251 }
252 return ret; 252 return ret;
253} 253}
254 254
255/* remove a users home directory, returning 1 for success (ie, no problems encountered) */ 255/* remove a users home directory, returning 1 for success (ie, no problems encountered) */
256static int 256static int
257removehomedir(struct passwd *pwp) 257removehomedir(struct passwd *pwp)
258{ 258{
259 struct stat st; 259 struct stat st;
260 260
261 /* userid not root? */ 261 /* userid not root? */
262 if (pwp->pw_uid == 0) { 262 if (pwp->pw_uid == 0) {
263 warnx("Not deleting home directory `%s'; userid is 0", pwp->pw_dir); 263 warnx("Not deleting home directory `%s'; userid is 0", pwp->pw_dir);
264 return 0; 264 return 0;
265 } 265 }
266 266
267 /* directory exists (and is a directory!) */ 267 /* directory exists (and is a directory!) */
268 if (stat(pwp->pw_dir, &st) < 0) { 268 if (stat(pwp->pw_dir, &st) < 0) {
269 warn("Cannot access home directory `%s'", pwp->pw_dir); 269 warn("Cannot access home directory `%s'", pwp->pw_dir);
270 return 0; 270 return 0;
271 } 271 }
272 if (!S_ISDIR(st.st_mode)) { 272 if (!S_ISDIR(st.st_mode)) {
273 warnx("Home directory `%s' is not a directory", pwp->pw_dir); 273 warnx("Home directory `%s' is not a directory", pwp->pw_dir);
274 return 0; 274 return 0;
275 } 275 }
276 276
277 /* userid matches directory owner? */ 277 /* userid matches directory owner? */
278 if (st.st_uid != pwp->pw_uid) { 278 if (st.st_uid != pwp->pw_uid) {
279 warnx("User `%s' doesn't own directory `%s', not removed", 279 warnx("User `%s' doesn't own directory `%s', not removed",
280 pwp->pw_name, pwp->pw_dir); 280 pwp->pw_name, pwp->pw_dir);
281 return 0; 281 return 0;
282 } 282 }
283 283
284 (void)seteuid(pwp->pw_uid); 284 (void)seteuid(pwp->pw_uid);
285 /* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */ 285 /* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */
286 (void)asystem("%s -rf %s > /dev/null 2>&1 || true", RM, pwp->pw_dir); 286 (void)asystem("%s -rf %s > /dev/null 2>&1 || true", RM, pwp->pw_dir);
287 (void)seteuid(0); 287 (void)seteuid(0);
288 if (rmdir(pwp->pw_dir) < 0) { 288 if (rmdir(pwp->pw_dir) < 0) {
289 warn("Unable to remove all files in `%s'", pwp->pw_dir); 289 warn("Unable to remove all files in `%s'", pwp->pw_dir);
290 return 0; 290 return 0;
291 } 291 }
292 return 1; 292 return 1;
293} 293}
294 294
295/* return 1 if all of `s' is numeric */ 295/* return 1 if all of `s' is numeric */
296static int 296static int
297is_number(const char *s) 297is_number(const char *s)
298{ 298{
299 for ( ; *s ; s++) { 299 for ( ; *s ; s++) {
300 if (!isdigit((unsigned char) *s)) { 300 if (!isdigit((unsigned char) *s)) {
301 return 0; 301 return 0;
302 } 302 }
303 } 303 }
304 return 1; 304 return 1;
305} 305}
306 306
307/* 307/*
308 * check that the effective uid is 0 - called from funcs which will 308 * check that the effective uid is 0 - called from funcs which will
309 * modify data and config files. 309 * modify data and config files.
310 */ 310 */
311static void 311static void
312checkeuid(void) 312checkeuid(void)
313{ 313{
314 if (geteuid() != 0) { 314 if (geteuid() != 0) {
315 errx(EXIT_FAILURE, "Program must be run as root"); 315 errx(EXIT_FAILURE, "Program must be run as root");
316 } 316 }
317} 317}
318 318
319/* copy any dot files into the user's home directory */ 319/* copy any dot files into the user's home directory */
320static int 320static int
321copydotfiles(char *skeldir, int uid, int gid, char *dir, mode_t homeperm) 321copydotfiles(char *skeldir, int uid, int gid, char *dir, mode_t homeperm)
322{ 322{
323 struct dirent *dp; 323 struct dirent *dp;
324 DIR *dirp; 324 DIR *dirp;
325 int n; 325 int n;
326 326
327 if ((dirp = opendir(skeldir)) == NULL) { 327 if ((dirp = opendir(skeldir)) == NULL) {
328 warn("Can't open source . files dir `%s'", skeldir); 328 warn("Can't open source . files dir `%s'", skeldir);
329 return 0; 329 return 0;
330 } 330 }
331 for (n = 0; (dp = readdir(dirp)) != NULL && n == 0 ; ) { 331 for (n = 0; (dp = readdir(dirp)) != NULL && n == 0 ; ) {
332 if (strcmp(dp->d_name, ".") == 0 || 332 if (strcmp(dp->d_name, ".") == 0 ||
333 strcmp(dp->d_name, "..") == 0) { 333 strcmp(dp->d_name, "..") == 0) {
334 continue; 334 continue;
335 } 335 }
336 n = 1; 336 n = 1;
337 } 337 }
338 (void)closedir(dirp); 338 (void)closedir(dirp);
339 if (n == 0) { 339 if (n == 0) {
340 warnx("No \"dot\" initialisation files found"); 340 warnx("No \"dot\" initialisation files found");
341 } else { 341 } else {
342 (void)asystem("cd %s && %s -rw -pe %s . %s", 342 (void)asystem("cd %s && %s -rw -pe %s . %s",
343 skeldir, PAX, (verbose) ? "-v" : "", dir); 343 skeldir, PAX, (verbose) ? "-v" : "", dir);
344 } 344 }
345 (void)asystem("%s -R -h %d:%d %s", CHOWN, uid, gid, dir); 345 (void)asystem("%s -R -h %d:%d %s", CHOWN, uid, gid, dir);
346 (void)asystem("%s -R u+w %s", CHMOD, dir); 346 (void)asystem("%s -R u+w %s", CHMOD, dir);
347#ifdef EXTENSIONS 347#ifdef EXTENSIONS
348 (void)asystem("%s 0%o %s", CHMOD, homeperm, dir); 348 (void)asystem("%s 0%o %s", CHMOD, homeperm, dir);
349#endif 349#endif
350 return n; 350 return n;
351} 351}
352 352
353/* create a group entry with gid `gid' */ 353/* create a group entry with gid `gid' */
354static int 354static int
355creategid(char *group, int gid, const char *name) 355creategid(char *group, int gid, const char *name)
356{ 356{
357 struct stat st; 357 struct stat st;
358 FILE *from; 358 FILE *from;
359 FILE *to; 359 FILE *to;
360 char buf[MaxEntryLen]; 360 char buf[MaxEntryLen];
361 char f[MaxFileNameLen]; 361 char f[MaxFileNameLen];
362 int fd; 362 int fd;
363 int cc; 363 int cc;
364 364
365 if (getgrnam(group) != NULL) { 365 if (getgrnam(group) != NULL) {
366 warnx("Can't create group `%s': already exists", group); 366 warnx("Can't create group `%s': already exists", group);
367 return 0; 367 return 0;
368 } 368 }
369 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 369 if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
370 warn("Can't create group `%s': can't open `%s'", name, 370 warn("Can't create group `%s': can't open `%s'", name,
371 _PATH_GROUP); 371 _PATH_GROUP);
372 return 0; 372 return 0;
373 } 373 }
374 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 374 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) {
375 warn("Can't lock `%s'", _PATH_GROUP); 375 warn("Can't lock `%s'", _PATH_GROUP);
376 (void)fclose(from); 376 (void)fclose(from);
377 return 0; 377 return 0;
378 } 378 }
379 (void)fstat(fileno(from), &st); 379 (void)fstat(fileno(from), &st);
380 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 380 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP);
381 if ((fd = mkstemp(f)) < 0) { 381 if ((fd = mkstemp(f)) < 0) {
382 warn("Can't create group `%s': mkstemp failed", group); 382 warn("Can't create group `%s': mkstemp failed", group);
383 (void)fclose(from); 383 (void)fclose(from);
384 return 0; 384 return 0;
385 } 385 }
386 if ((to = fdopen(fd, "w")) == NULL) { 386 if ((to = fdopen(fd, "w")) == NULL) {
387 warn("Can't create group `%s': fdopen `%s' failed", 387 warn("Can't create group `%s': fdopen `%s' failed",
388 group, f); 388 group, f);
389 (void)fclose(from); 389 (void)fclose(from);
390 (void)close(fd); 390 (void)close(fd);
391 (void)unlink(f); 391 (void)unlink(f);
392 return 0; 392 return 0;
393 } 393 }
394 while ((cc = fread(buf, sizeof(char), sizeof(buf), from)) > 0) { 394 while ((cc = fread(buf, sizeof(char), sizeof(buf), from)) > 0) {
395 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 395 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) {
396 warn("Can't create group `%s': short write to `%s'", 396 warn("Can't create group `%s': short write to `%s'",
397 group, f); 397 group, f);
398 (void)fclose(from); 398 (void)fclose(from);
399 (void)close(fd); 399 (void)close(fd);
400 (void)unlink(f); 400 (void)unlink(f);
401 return 0; 401 return 0;
402 } 402 }
403 } 403 }
404 (void)fprintf(to, "%s:*:%d:%s\n", group, gid, name); 404 (void)fprintf(to, "%s:*:%d:%s\n", group, gid, name);
405 (void)fclose(from); 405 (void)fclose(from);
406 (void)fclose(to); 406 (void)fclose(to);
407 if (rename(f, _PATH_GROUP) < 0) { 407 if (rename(f, _PATH_GROUP) < 0) {
408 warn("Can't create group `%s': can't rename `%s' to `%s'", 408 warn("Can't create group `%s': can't rename `%s' to `%s'",
409 group, f, _PATH_GROUP); 409 group, f, _PATH_GROUP);
410 (void)unlink(f); 410 (void)unlink(f);
411 return 0; 411 return 0;
412 } 412 }
413 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 413 (void)chmod(_PATH_GROUP, st.st_mode & 07777);
414 syslog(LOG_INFO, "New group added: name=%s, gid=%d", group, gid); 414 syslog(LOG_INFO, "New group added: name=%s, gid=%d", group, gid);
415 return 1; 415 return 1;
416} 416}
417 417
418/* modify the group entry with name `group' to be newent */ 418/* modify the group entry with name `group' to be newent */
419static int 419static int
420modify_gid(char *group, char *newent) 420modify_gid(char *group, char *newent)
421{ 421{
422 struct stat st; 422 struct stat st;
423 FILE *from; 423 FILE *from;
424 FILE *to; 424 FILE *to;
425 char buf[MaxEntryLen]; 425 char buf[MaxEntryLen];
426 char f[MaxFileNameLen]; 426 char f[MaxFileNameLen];
427 char *colon; 427 char *colon;
428 int groupc; 428 int groupc;
429 int entc; 429 int entc;
430 int fd; 430 int fd;
431 int cc; 431 int cc;
432 432
433 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 433 if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
434 warn("Can't modify group `%s': can't open `%s'", 434 warn("Can't modify group `%s': can't open `%s'",
435 group, _PATH_GROUP); 435 group, _PATH_GROUP);
436 return 0; 436 return 0;
437 } 437 }
438 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 438 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) {
439 warn("Can't modify group `%s': can't lock `%s'", 439 warn("Can't modify group `%s': can't lock `%s'",
440 group, _PATH_GROUP); 440 group, _PATH_GROUP);
441 (void)fclose(from); 441 (void)fclose(from);
442 return 0; 442 return 0;
443 } 443 }
444 (void)fstat(fileno(from), &st); 444 (void)fstat(fileno(from), &st);
445 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 445 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP);
446 if ((fd = mkstemp(f)) < 0) { 446 if ((fd = mkstemp(f)) < 0) {
447 warn("Can't modify group `%s': mkstemp failed", group); 447 warn("Can't modify group `%s': mkstemp failed", group);
448 (void)fclose(from); 448 (void)fclose(from);
449 return 0; 449 return 0;
450 } 450 }
451 if ((to = fdopen(fd, "w")) == NULL) { 451 if ((to = fdopen(fd, "w")) == NULL) {
452 warn("Can't modify group `%s': fdopen `%s' failed", group, f); 452 warn("Can't modify group `%s': fdopen `%s' failed", group, f);
453 (void)fclose(from); 453 (void)fclose(from);
454 (void)close(fd); 454 (void)close(fd);
455 (void)unlink(f); 455 (void)unlink(f);
456 return 0; 456 return 0;
457 } 457 }
458 groupc = strlen(group); 458 groupc = strlen(group);
459 while (fgets(buf, sizeof(buf), from) != NULL) { 459 while (fgets(buf, sizeof(buf), from) != NULL) {
460 cc = strlen(buf); 460 cc = strlen(buf);
461 if ((colon = strchr(buf, ':')) == NULL) { 461 if ((colon = strchr(buf, ':')) == NULL) {
462 warnx("Badly formed entry `%s'", buf); 462 warnx("Badly formed entry `%s'", buf);
463 continue; 463 continue;
464 } 464 }
465 entc = (int)(colon - buf); 465 entc = (int)(colon - buf);
466 if (entc == groupc && 466 if (entc == groupc &&
467 strncmp(group, buf, (unsigned) entc) == 0) { 467 strncmp(group, buf, (unsigned) entc) == 0) {
468 if (newent == NULL) { 468 if (newent == NULL) {
469 struct group *grp_rm; 469 struct group *grp_rm;
470 struct passwd *user_pwd; 470 struct passwd *user_pwd;
471 471
472 /* 472 /*
473 * Check that the group being removed 473 * Check that the group being removed
474 * isn't any user's Primary group. Just 474 * isn't any user's Primary group. Just
475 * warn if it is. This could cause problems 475 * warn if it is. This could cause problems
476 * if the group GID was reused for a 476 * if the group GID was reused for a
477 * different purpose. 477 * different purpose.
478 */ 478 */
479 479
480 grp_rm = find_group_info(group); 480 grp_rm = find_group_info(group);
481 while ((user_pwd = getpwent()) != NULL) { 481 while ((user_pwd = getpwent()) != NULL) {
482 if (user_pwd->pw_gid == grp_rm->gr_gid) { 482 if (user_pwd->pw_gid == grp_rm->gr_gid) {
483 warnx("Warning: group `%s'(%d)" 483 warnx("Warning: group `%s'(%d)"
484 " is the primary group of" 484 " is the primary group of"
485 " `%s'. Use caution if you" 485 " `%s'. Use caution if you"
486 " later add this GID.", 486 " later add this GID.",
487 grp_rm->gr_name, 487 grp_rm->gr_name,
488 grp_rm->gr_gid, user_pwd->pw_name); 488 grp_rm->gr_gid, user_pwd->pw_name);
489 } 489 }
490 } 490 }
491 endpwent(); 491 endpwent();
492 continue; 492 continue;
493 } else { 493 } else {
494 cc = strlen(newent); 494 cc = strlen(newent);
495 (void)strlcpy(buf, newent, sizeof(buf)); 495 (void)strlcpy(buf, newent, sizeof(buf));
496 } 496 }
497 } 497 }
498 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 498 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) {
499 warn("Can't modify group `%s': short write to `%s'", 499 warn("Can't modify group `%s': short write to `%s'",
500 group, f); 500 group, f);
501 (void)fclose(from); 501 (void)fclose(from);
502 (void)close(fd); 502 (void)close(fd);
503 (void)unlink(f); 503 (void)unlink(f);
504 return 0; 504 return 0;
505 } 505 }
506 } 506 }
507 (void)fclose(from); 507 (void)fclose(from);
508 (void)fclose(to); 508 (void)fclose(to);
509 if (rename(f, _PATH_GROUP) < 0) { 509 if (rename(f, _PATH_GROUP) < 0) {
510 warn("Can't modify group `%s': can't rename `%s' to `%s'", 510 warn("Can't modify group `%s': can't rename `%s' to `%s'",
511 group, f, _PATH_GROUP); 511 group, f, _PATH_GROUP);
512 (void)unlink(f); 512 (void)unlink(f);
513 return 0; 513 return 0;
514 } 514 }
515 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 515 (void)chmod(_PATH_GROUP, st.st_mode & 07777);
516 if (newent == NULL) { 516 if (newent == NULL) {
517 syslog(LOG_INFO, "group deleted: name=%s", group); 517 syslog(LOG_INFO, "group deleted: name=%s", group);
518 } else { 518 } else {
519 syslog(LOG_INFO, "group information modified: name=%s", group); 519 syslog(LOG_INFO, "group information modified: name=%s", group);
520 } 520 }
521 return 1; 521 return 1;
522} 522}
523 523
524/* modify the group entries for all `groups', by adding `user' */ 524/* modify the group entries for all `groups', by adding `user' */
525static int 525static int
526append_group(char *user, int ngroups, const char **groups) 526append_group(char *user, int ngroups, const char **groups)
527{ 527{
528 struct group *grp; 528 struct group *grp;
529 struct stat st; 529 struct stat st;
530 FILE *from; 530 FILE *from;
531 FILE *to; 531 FILE *to;
532 char buf[MaxEntryLen]; 532 char buf[MaxEntryLen];
533 char f[MaxFileNameLen]; 533 char f[MaxFileNameLen];
534 char *colon; 534 char *colon;
535 int groupc; 535 int groupc;
536 int entc; 536 int entc;
537 int fd; 537 int fd;
538 int nc; 538 int nc;
539 int cc; 539 int cc;
540 int i; 540 int i;
541 int j; 541 int j;
542 542
543 for (i = 0 ; i < ngroups ; i++) { 543 for (i = 0 ; i < ngroups ; i++) {
544 if ((grp = getgrnam(groups[i])) == NULL) { 544 if ((grp = getgrnam(groups[i])) == NULL) {
545 warnx("Can't append group `%s' for user `%s'", 545 warnx("Can't append group `%s' for user `%s'",
546 groups[i], user); 546 groups[i], user);
547 } else { 547 } else {
548 for (j = 0 ; grp->gr_mem[j] ; j++) { 548 for (j = 0 ; grp->gr_mem[j] ; j++) {
549 if (strcmp(user, grp->gr_mem[j]) == 0) { 549 if (strcmp(user, grp->gr_mem[j]) == 0) {
550 /* already in it */ 550 /* already in it */
551 groups[i] = ""; 551 groups[i] = "";
552 } 552 }
553 } 553 }
554 } 554 }
555 } 555 }
556 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 556 if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
557 warn("Can't append group(s) for `%s': can't open `%s'", 557 warn("Can't append group(s) for `%s': can't open `%s'",
558 user, _PATH_GROUP); 558 user, _PATH_GROUP);
559 return 0; 559 return 0;
560 } 560 }
561 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 561 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) {
562 warn("Can't append group(s) for `%s': can't lock `%s'", 562 warn("Can't append group(s) for `%s': can't lock `%s'",
563 user, _PATH_GROUP); 563 user, _PATH_GROUP);
564 (void)fclose(from); 564 (void)fclose(from);
565 return 0; 565 return 0;
566 } 566 }
567 (void)fstat(fileno(from), &st); 567 (void)fstat(fileno(from), &st);
568 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 568 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP);
569 if ((fd = mkstemp(f)) < 0) { 569 if ((fd = mkstemp(f)) < 0) {
570 warn("Can't append group(s) for `%s': mkstemp failed", 570 warn("Can't append group(s) for `%s': mkstemp failed",
571 user); 571 user);
572 (void)fclose(from); 572 (void)fclose(from);
573 return 0; 573 return 0;
574 } 574 }
575 if ((to = fdopen(fd, "w")) == NULL) { 575 if ((to = fdopen(fd, "w")) == NULL) {
576 warn("Can't append group(s) for `%s': fdopen `%s' failed", 576 warn("Can't append group(s) for `%s': fdopen `%s' failed",
577 user, f); 577 user, f);
578 (void)fclose(from); 578 (void)fclose(from);
579 (void)close(fd); 579 (void)close(fd);
580 (void)unlink(f); 580 (void)unlink(f);
581 return 0; 581 return 0;
582 } 582 }
583 while (fgets(buf, sizeof(buf), from) != NULL) { 583 while (fgets(buf, sizeof(buf), from) != NULL) {
584 cc = strlen(buf); 584 cc = strlen(buf);
585 if ((colon = strchr(buf, ':')) == NULL) { 585 if ((colon = strchr(buf, ':')) == NULL) {
586 warnx("Badly formed entry `%s'", buf); 586 warnx("Badly formed entry `%s'", buf);
587 continue; 587 continue;
588 } 588 }
589 entc = (int)(colon - buf); 589 entc = (int)(colon - buf);
590 for (i = 0 ; i < ngroups ; i++) { 590 for (i = 0 ; i < ngroups ; i++) {
591 if ((groupc = strlen(groups[i])) == 0) { 591 if ((groupc = strlen(groups[i])) == 0) {
592 continue; 592 continue;
593 } 593 }
594 if (entc == groupc && 594 if (entc == groupc &&
595 strncmp(groups[i], buf, (unsigned) entc) == 0) { 595 strncmp(groups[i], buf, (unsigned) entc) == 0) {
596 if ((nc = snprintf(&buf[cc - 1], 596 if ((nc = snprintf(&buf[cc - 1],
597 sizeof(buf) - cc + 1, "%s%s\n", 597 sizeof(buf) - cc + 1, "%s%s\n",
598 (buf[cc - 2] == ':') ? "" : ",", user)) < 0) { 598 (buf[cc - 2] == ':') ? "" : ",", user)) < 0) {
599 warnx("Warning: group `%s' " 599 warnx("Warning: group `%s' "
600 "entry too long", groups[i]); 600 "entry too long", groups[i]);
601 } 601 }
602 cc += nc - 1; 602 cc += nc - 1;
603 } 603 }
604 } 604 }
605 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 605 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) {
606 warn("Can't append group(s) for `%s':" 606 warn("Can't append group(s) for `%s':"
607 " short write to `%s'", user, f); 607 " short write to `%s'", user, f);
608 (void)fclose(from); 608 (void)fclose(from);
609 (void)close(fd); 609 (void)close(fd);
610 (void)unlink(f); 610 (void)unlink(f);
611 return 0; 611 return 0;
612 } 612 }
613 } 613 }
614 (void)fclose(from); 614 (void)fclose(from);
615 (void)fclose(to); 615 (void)fclose(to);
616 if (rename(f, _PATH_GROUP) < 0) { 616 if (rename(f, _PATH_GROUP) < 0) {
617 warn("Can't append group(s) for `%s': " 617 warn("Can't append group(s) for `%s': "
618 "can't rename `%s' to `%s'", user, f, _PATH_GROUP); 618 "can't rename `%s' to `%s'", user, f, _PATH_GROUP);
619 (void)unlink(f); 619 (void)unlink(f);
620 return 0; 620 return 0;
621 } 621 }
622 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 622 (void)chmod(_PATH_GROUP, st.st_mode & 07777);
623 return 1; 623 return 1;
624} 624}
625 625
626/* the valid characters for login and group names */ 626/* the valid characters for login and group names */
627#define VALID_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '_' || (c) == '-') 627#define VALID_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '_' || (c) == '-')
628 628
629/* return 1 if `login' is a valid login name */ 629/* return 1 if `login' is a valid login name */
630static int 630static int
631valid_login(char *login_name, int allow_samba) 631valid_login(char *login_name, int allow_samba)
632{ 632{
633 unsigned char *cp; 633 unsigned char *cp;
634 634
635 /* First character of a login name cannot be '-'. */ 635 /* First character of a login name cannot be '-'. */
636 if (*login_name == '-') { 636 if (*login_name == '-') {
637 return 0; 637 return 0;
638 } 638 }
639 if (strlen(login_name) >= LOGIN_NAME_MAX) { 639 if (strlen(login_name) >= LOGIN_NAME_MAX) {
640 return 0; 640 return 0;
641 } 641 }
642 for (cp = (unsigned char *)login_name ; *cp ; cp++) { 642 for (cp = (unsigned char *)login_name ; *cp ; cp++) {
643 if (!VALID_CHAR(*cp)) { 643 if (!VALID_CHAR(*cp)) {
644#ifdef EXTENSIONS 644#ifdef EXTENSIONS
645 /* check for a trailing '$' in a Samba user name */ 645 /* check for a trailing '$' in a Samba user name */
646 if (allow_samba && *cp == '$' && *(cp + 1) == 0x0) { 646 if (allow_samba && *cp == '$' && *(cp + 1) == 0x0) {
647 return 1; 647 return 1;
648 } 648 }
649#endif 649#endif
650 return 0; 650 return 0;
651 } 651 }
652 } 652 }
653 return 1; 653 return 1;
654} 654}
655 655
656/* return 1 if `group' is a valid group name */ 656/* return 1 if `group' is a valid group name */
657static int 657static int
658valid_group(char *group) 658valid_group(char *group)
659{ 659{
660 unsigned char *cp; 660 unsigned char *cp;
661 661
662 for (cp = (unsigned char *)group; *cp; cp++) { 662 for (cp = (unsigned char *)group; *cp; cp++) {
663 if (!VALID_CHAR(*cp)) { 663 if (!VALID_CHAR(*cp)) {
664 return 0; 664 return 0;
665 } 665 }
666 } 666 }
667 return 1; 667 return 1;
668} 668}
669 669
670/* find the next gid in the range lo .. hi */ 670/* find the next gid in the range lo .. hi */
671static int 671static int
672getnextgid(int *gidp, int lo, int hi) 672getnextgid(int *gidp, int lo, int hi)
673{ 673{
674 for (*gidp = lo ; *gidp < hi ; *gidp += 1) { 674 for (*gidp = lo ; *gidp < hi ; *gidp += 1) {
675 if (getgrgid((gid_t)*gidp) == NULL) { 675 if (getgrgid((gid_t)*gidp) == NULL) {
676 return 1; 676 return 1;
677 } 677 }
678 } 678 }
679 return 0; 679 return 0;
680} 680}
681 681
682#ifdef EXTENSIONS 682#ifdef EXTENSIONS
683/* save a range of uids */ 683/* save a range of uids */
684static int 684static int
685save_range(user_t *up, char *cp) 685save_range(user_t *up, char *cp)
686{ 686{
687 int from; 687 int from;
688 int to; 688 int to;
689 int i; 689 int i;
690 690
691 if (up->u_rsize == 0) { 691 if (up->u_rsize == 0) {
692 up->u_rsize = 32; 692 up->u_rsize = 32;
693 NEWARRAY(range_t, up->u_rv, up->u_rsize, return(0)); 693 NEWARRAY(range_t, up->u_rv, up->u_rsize, return(0));
694 } else if (up->u_rc == up->u_rsize) { 694 } else if (up->u_rc == up->u_rsize) {
695 up->u_rsize *= 2; 695 up->u_rsize *= 2;
696 RENEW(range_t, up->u_rv, up->u_rsize, return(0)); 696 RENEW(range_t, up->u_rv, up->u_rsize, return(0));
697 } 697 }
698 if (up->u_rv && sscanf(cp, "%d..%d", &from, &to) == 2) { 698 if (up->u_rv && sscanf(cp, "%d..%d", &from, &to) == 2) {
699 for (i = up->u_defrc ; i < up->u_rc ; i++) { 699 for (i = up->u_defrc ; i < up->u_rc ; i++) {
700 if (up->u_rv[i].r_from == from && 700 if (up->u_rv[i].r_from == from &&
701 up->u_rv[i].r_to == to) { 701 up->u_rv[i].r_to == to) {
702 break; 702 break;
703 } 703 }
704 } 704 }
705 if (i == up->u_rc) { 705 if (i == up->u_rc) {
706 up->u_rv[up->u_rc].r_from = from; 706 up->u_rv[up->u_rc].r_from = from;
707 up->u_rv[up->u_rc].r_to = to; 707 up->u_rv[up->u_rc].r_to = to;
708 up->u_rc += 1; 708 up->u_rc += 1;
709 } 709 }
710 } else { 710 } else {
711 warnx("Bad range `%s'", cp); 711 warnx("Bad range `%s'", cp);
712 return 0; 712 return 0;
713 } 713 }
714 return 1; 714 return 1;
715} 715}
716#endif 716#endif
717 717
718/* set the defaults in the defaults file */ 718/* set the defaults in the defaults file */
719static int 719static int
720setdefaults(user_t *up) 720setdefaults(user_t *up)
721{ 721{
722 char template[MaxFileNameLen]; 722 char template[MaxFileNameLen];
723 FILE *fp; 723 FILE *fp;
724 int ret; 724 int ret;
725 int fd; 725 int fd;
726#ifdef EXTENSIONS 726#ifdef EXTENSIONS
727 int i; 727 int i;
728#endif 728#endif
729 729
730 (void)snprintf(template, sizeof(template), "%s.XXXXXX", 730 (void)snprintf(template, sizeof(template), "%s.XXXXXX",
731 _PATH_USERMGMT_CONF); 731 _PATH_USERMGMT_CONF);
732 if ((fd = mkstemp(template)) < 0) { 732 if ((fd = mkstemp(template)) < 0) {
733 warn("Can't set defaults: can't mkstemp `%s' for writing", 733 warn("Can't set defaults: can't mkstemp `%s' for writing",
734 _PATH_USERMGMT_CONF); 734 _PATH_USERMGMT_CONF);
735 return 0; 735 return 0;
736 } 736 }
737 if ((fp = fdopen(fd, "w")) == NULL) { 737 if ((fp = fdopen(fd, "w")) == NULL) {
738 warn("Can't set defaults: can't fdopen `%s' for writing", 738 warn("Can't set defaults: can't fdopen `%s' for writing",
739 _PATH_USERMGMT_CONF); 739 _PATH_USERMGMT_CONF);
740 return 0; 740 return 0;
741 } 741 }
742 ret = 1; 742 ret = 1;
743 if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 || 743 if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 ||
744 fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 || 744 fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 ||
745 fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 || 745 fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 ||
746 fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 || 746 fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 ||
747#ifdef EXTENSIONS 747#ifdef EXTENSIONS
748 fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 || 748 fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 ||
749 fprintf(fp, "homeperm\t0%o\n", up->u_homeperm) <= 0 || 749 fprintf(fp, "homeperm\t0%o\n", up->u_homeperm) <= 0 ||
750#endif 750#endif
751 fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL) ? 751 fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL) ?
752 UNSET_INACTIVE : up->u_inactive) <= 0 || 752 UNSET_INACTIVE : up->u_inactive) <= 0 ||
753 fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL) ? 753 fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL) ?
754 UNSET_EXPIRY : up->u_expire) <= 0 || 754 UNSET_EXPIRY : up->u_expire) <= 0 ||
755 fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ? 755 fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ?
756 "false" : "true") <= 0) { 756 "false" : "true") <= 0) {
757 warn("Can't write to `%s'", _PATH_USERMGMT_CONF); 757 warn("Can't write to `%s'", _PATH_USERMGMT_CONF);
758 ret = 0; 758 ret = 0;
759 } 759 }
760#ifdef EXTENSIONS 760#ifdef EXTENSIONS
761 for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0; 761 for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0;
762 i < up->u_rc ; i++) { 762 i < up->u_rc ; i++) {
763 if (fprintf(fp, "range\t\t%d..%d\n", up->u_rv[i].r_from, 763 if (fprintf(fp, "range\t\t%d..%d\n", up->u_rv[i].r_from,
764 up->u_rv[i].r_to) <= 0) { 764 up->u_rv[i].r_to) <= 0) {
765 warn("Can't set defaults: can't write to `%s'", 765 warn("Can't set defaults: can't write to `%s'",
766 _PATH_USERMGMT_CONF); 766 _PATH_USERMGMT_CONF);
767 ret = 0; 767 ret = 0;
768 } 768 }
769 } 769 }
770#endif 770#endif
771 (void)fclose(fp); 771 (void)fclose(fp);
772 if (ret) { 772 if (ret) {
773 ret = ((rename(template, _PATH_USERMGMT_CONF) == 0) && 773 ret = ((rename(template, _PATH_USERMGMT_CONF) == 0) &&
774 (chmod(_PATH_USERMGMT_CONF, 0644) == 0)); 774 (chmod(_PATH_USERMGMT_CONF, 0644) == 0));
775 } 775 }
776 return ret; 776 return ret;
777} 777}
778 778
779/* read the defaults file */ 779/* read the defaults file */
780static void 780static void
781read_defaults(user_t *up) 781read_defaults(user_t *up)
782{ 782{
783 struct stat st; 783 struct stat st;
784 size_t lineno; 784 size_t lineno;
785 size_t len; 785 size_t len;
786 FILE *fp; 786 FILE *fp;
787 char *cp; 787 char *cp;
788 char *s; 788 char *s;
789 789
790 memsave(&up->u_primgrp, DEF_GROUP, strlen(DEF_GROUP)); 790 memsave(&up->u_primgrp, DEF_GROUP, strlen(DEF_GROUP));
791 memsave(&up->u_basedir, DEF_BASEDIR, strlen(DEF_BASEDIR)); 791 memsave(&up->u_basedir, DEF_BASEDIR, strlen(DEF_BASEDIR));
792 memsave(&up->u_skeldir, DEF_SKELDIR, strlen(DEF_SKELDIR)); 792 memsave(&up->u_skeldir, DEF_SKELDIR, strlen(DEF_SKELDIR));
793 memsave(&up->u_shell, DEF_SHELL, strlen(DEF_SHELL)); 793 memsave(&up->u_shell, DEF_SHELL, strlen(DEF_SHELL));
794 memsave(&up->u_comment, DEF_COMMENT, strlen(DEF_COMMENT)); 794 memsave(&up->u_comment, DEF_COMMENT, strlen(DEF_COMMENT));
795#ifdef EXTENSIONS 795#ifdef EXTENSIONS
796 memsave(&up->u_class, DEF_CLASS, strlen(DEF_CLASS)); 796 memsave(&up->u_class, DEF_CLASS, strlen(DEF_CLASS));
797#endif 797#endif
798 up->u_rsize = 16; 798 up->u_rsize = 16;
799 up->u_defrc = 0; 799 up->u_defrc = 0;
800 NEWARRAY(range_t, up->u_rv, up->u_rsize, exit(1)); 800 NEWARRAY(range_t, up->u_rv, up->u_rsize, exit(1));
801 up->u_inactive = DEF_INACTIVE; 801 up->u_inactive = DEF_INACTIVE;
802 up->u_expire = DEF_EXPIRE; 802 up->u_expire = DEF_EXPIRE;
803 if ((fp = fopen(_PATH_USERMGMT_CONF, "r")) == NULL) { 803 if ((fp = fopen(_PATH_USERMGMT_CONF, "r")) == NULL) {
804 if (stat(_PATH_USERMGMT_CONF, &st) < 0 && !setdefaults(up)) { 804 if (stat(_PATH_USERMGMT_CONF, &st) < 0 && !setdefaults(up)) {
805 warn("Can't create `%s' defaults file", 805 warn("Can't create `%s' defaults file",
806 _PATH_USERMGMT_CONF); 806 _PATH_USERMGMT_CONF);
807 } 807 }
808 fp = fopen(_PATH_USERMGMT_CONF, "r"); 808 fp = fopen(_PATH_USERMGMT_CONF, "r");
809 } 809 }
810 if (fp != NULL) { 810 if (fp != NULL) {
811 while ((s = fparseln(fp, &len, &lineno, NULL, 0)) != NULL) { 811 while ((s = fparseln(fp, &len, &lineno, NULL, 0)) != NULL) {
812 if (strncmp(s, "group", 5) == 0) { 812 if (strncmp(s, "group", 5) == 0) {
813 cp = skipspace(s + 5); 813 cp = skipspace(s + 5);
814 memsave(&up->u_primgrp, (char *)cp, strlen(cp)); 814 memsave(&up->u_primgrp, (char *)cp, strlen(cp));
815 } else if (strncmp(s, "base_dir", 8) == 0) { 815 } else if (strncmp(s, "base_dir", 8) == 0) {
816 cp = skipspace(s + 8); 816 cp = skipspace(s + 8);
817 memsave(&up->u_basedir, (char *)cp, strlen(cp)); 817 memsave(&up->u_basedir, (char *)cp, strlen(cp));
818 } else if (strncmp(s, "skel_dir", 8) == 0) { 818 } else if (strncmp(s, "skel_dir", 8) == 0) {
819 cp = skipspace(s + 8); 819 cp = skipspace(s + 8);
820 memsave(&up->u_skeldir, (char *)cp, strlen(cp)); 820 memsave(&up->u_skeldir, (char *)cp, strlen(cp));
821 } else if (strncmp(s, "shell", 5) == 0) { 821 } else if (strncmp(s, "shell", 5) == 0) {
822 cp = skipspace(s + 5); 822 cp = skipspace(s + 5);
823 memsave(&up->u_shell, cp, strlen(cp)); 823 memsave(&up->u_shell, cp, strlen(cp));
824#ifdef EXTENSIONS 824#ifdef EXTENSIONS
825 } else if (strncmp((char *)s, "class", 5) == 0) { 825 } else if (strncmp((char *)s, "class", 5) == 0) {
826 cp = skipspace(s + 5); 826 cp = skipspace(s + 5);
827 memsave(&up->u_class, cp, strlen(cp)); 827 memsave(&up->u_class, cp, strlen(cp));
828#endif 828#endif
829#ifdef EXTENSIONS 829#ifdef EXTENSIONS
830 } else if (strncmp(s, "homeperm", 8) == 0) { 830 } else if (strncmp(s, "homeperm", 8) == 0) {
831 for (cp = s + 8; *cp && 831 for (cp = s + 8; *cp &&
832 isspace((unsigned char)*cp); cp++) 832 isspace((unsigned char)*cp); cp++)
833 ; 833 ;
834 up->u_homeperm = strtoul(cp, NULL, 8); 834 up->u_homeperm = strtoul(cp, NULL, 8);
835#endif 835#endif
836 } else if (strncmp(s, "inactive", 8) == 0) { 836 } else if (strncmp(s, "inactive", 8) == 0) {
837 cp = skipspace(s + 8); 837 cp = skipspace(s + 8);
838 if (strcmp(cp, UNSET_INACTIVE) == 0) { 838 if (strcmp(cp, UNSET_INACTIVE) == 0) {
839 if (up->u_inactive) { 839 if (up->u_inactive) {
840 FREE(up->u_inactive); 840 FREE(up->u_inactive);
841 } 841 }
842 up->u_inactive = NULL; 842 up->u_inactive = NULL;
843 } else { 843 } else {
844 memsave(&up->u_inactive, cp, strlen(cp)); 844 memsave(&up->u_inactive, cp, strlen(cp));
845 } 845 }
846#ifdef EXTENSIONS 846#ifdef EXTENSIONS
847 } else if (strncmp(s, "range", 5) == 0) { 847 } else if (strncmp(s, "range", 5) == 0) {
848 cp = skipspace(s + 5); 848 cp = skipspace(s + 5);
849 (void)save_range(up, cp); 849 (void)save_range(up, cp);
850#endif 850#endif
851#ifdef EXTENSIONS 851#ifdef EXTENSIONS
852 } else if (strncmp(s, "preserve", 8) == 0) { 852 } else if (strncmp(s, "preserve", 8) == 0) {
853 cp = skipspace(s + 8); 853 cp = skipspace(s + 8);
854 up->u_preserve = 854 up->u_preserve =
855 (strncmp(cp, "true", 4) == 0) ? 1 : 855 (strncmp(cp, "true", 4) == 0) ? 1 :
856 (strncmp(cp, "yes", 3) == 0) ? 1 : atoi(cp); 856 (strncmp(cp, "yes", 3) == 0) ? 1 : atoi(cp);
857#endif 857#endif
858 } else if (strncmp(s, "expire", 6) == 0) { 858 } else if (strncmp(s, "expire", 6) == 0) {
859 cp = skipspace(s + 6); 859 cp = skipspace(s + 6);
860 if (strcmp(cp, UNSET_EXPIRY) == 0) { 860 if (strcmp(cp, UNSET_EXPIRY) == 0) {
861 if (up->u_expire) { 861 if (up->u_expire) {
862 FREE(up->u_expire); 862 FREE(up->u_expire);
863 } 863 }
864 up->u_expire = NULL; 864 up->u_expire = NULL;
865 } else { 865 } else {
866 memsave(&up->u_expire, cp, strlen(cp)); 866 memsave(&up->u_expire, cp, strlen(cp));
867 } 867 }
868 } 868 }
869 (void)free(s); 869 (void)free(s);
870 } 870 }
871 (void)fclose(fp); 871 (void)fclose(fp);
872 } 872 }
873 if (up->u_rc == 0) { 873 if (up->u_rc == 0) {
874 up->u_rv[up->u_rc].r_from = DEF_LOWUID; 874 up->u_rv[up->u_rc].r_from = DEF_LOWUID;
875 up->u_rv[up->u_rc].r_to = DEF_HIGHUID; 875 up->u_rv[up->u_rc].r_to = DEF_HIGHUID;
876 up->u_rc += 1; 876 up->u_rc += 1;
877 } 877 }
878 up->u_defrc = up->u_rc; 878 up->u_defrc = up->u_rc;
879 up->u_homeperm = DEF_HOMEPERM; 879 up->u_homeperm = DEF_HOMEPERM;
880} 880}
881 881
882/* return the next valid unused uid */ 882/* return the next valid unused uid */
883static int 883static int
884getnextuid(int sync_uid_gid, int *uid, int low_uid, int high_uid) 884getnextuid(int sync_uid_gid, int *uid, int low_uid, int high_uid)
885{ 885{
886 for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) { 886 for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) {
887 if (getpwuid((uid_t)(*uid)) == NULL && *uid != NOBODY_UID) { 887 if (getpwuid((uid_t)(*uid)) == NULL && *uid != NOBODY_UID) {
888 if (sync_uid_gid) { 888 if (sync_uid_gid) {
889 if (getgrgid((gid_t)(*uid)) == NULL) { 889 if (getgrgid((gid_t)(*uid)) == NULL) {
890 return 1; 890 return 1;
891 } 891 }
892 } else { 892 } else {
893 return 1; 893 return 1;
894 } 894 }
895 } 895 }
896 } 896 }
897 return 0; 897 return 0;
898} 898}
899 899
900/* structure which defines a password type */ 900/* structure which defines a password type */
901typedef struct passwd_type_t { 901typedef struct passwd_type_t {
902 const char *type; /* optional type descriptor */ 902 const char *type; /* optional type descriptor */
903 size_t desc_length; /* length of type descriptor */ 903 size_t desc_length; /* length of type descriptor */
904 size_t length; /* length of password */ 904 size_t length; /* length of password */
905 const char *regex; /* regexp to output the password */ 905 const char *regex; /* regexp to output the password */
906 size_t re_sub; /* subscript of regexp to use */ 906 size_t re_sub; /* subscript of regexp to use */
907} passwd_type_t; 907} passwd_type_t;
908 908
909static passwd_type_t passwd_types[] = { 909static passwd_type_t passwd_types[] = {
910 { "$sha1", 5, 28, "\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* SHA1 */ 910 { "$sha1", 5, 28, "\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* SHA1 */
911 { "$2a", 3, 54, "\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* Blowfish */ 911 { "$2a", 3, 54, "\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* Blowfish */
912 { "$1", 2, 34, NULL, 0 }, /* MD5 */ 912 { "$1", 2, 34, NULL, 0 }, /* MD5 */
913 { "", 0, DES_Len,NULL, 0 }, /* standard DES */ 913 { "", 0, DES_Len,NULL, 0 }, /* standard DES */
914 { NULL, (size_t)~0, (size_t)~0, NULL, 0 } 914 { NULL, (size_t)~0, (size_t)~0, NULL, 0 }
915 /* none - terminate search */ 915 /* none - terminate search */
916}; 916};
917 917
918/* return non-zero if it's a valid password - check length for cipher type */ 918/* return non-zero if it's a valid password - check length for cipher type */
919static int 919static int
920valid_password_length(char *newpasswd) 920valid_password_length(char *newpasswd)
921{ 921{
922 passwd_type_t *pwtp; 922 passwd_type_t *pwtp;
923 regmatch_t matchv[10]; 923 regmatch_t matchv[10];
924 regex_t r; 924 regex_t r;
925 925
926 for (pwtp = passwd_types; pwtp->desc_length != (size_t)~0; pwtp++) { 926 for (pwtp = passwd_types; pwtp->desc_length != (size_t)~0; pwtp++) {
927 if (strncmp(newpasswd, pwtp->type, pwtp->desc_length) == 0) { 927 if (strncmp(newpasswd, pwtp->type, pwtp->desc_length) == 0) {
928 if (pwtp->regex == NULL) { 928 if (pwtp->regex == NULL) {
929 return strlen(newpasswd) == pwtp->length; 929 return strlen(newpasswd) == pwtp->length;
930 } 930 }
931 (void)regcomp(&r, pwtp->regex, REG_EXTENDED); 931 (void)regcomp(&r, pwtp->regex, REG_EXTENDED);
932 if (regexec(&r, newpasswd, 10, matchv, 0) == 0) { 932 if (regexec(&r, newpasswd, 10, matchv, 0) == 0) {
933 regfree(&r); 933 regfree(&r);
934 return (int)(matchv[pwtp->re_sub].rm_eo - 934 return (int)(matchv[pwtp->re_sub].rm_eo -
935 matchv[pwtp->re_sub].rm_so + 1) == 935 matchv[pwtp->re_sub].rm_so + 1) ==
936 pwtp->length; 936 pwtp->length;
937 } 937 }
938 regfree(&r); 938 regfree(&r);
939 } 939 }
940 } 940 }
941 return 0; 941 return 0;
942} 942}
943 943
944#ifdef EXTENSIONS 944#ifdef EXTENSIONS
945/* return 1 if `class' is a valid login class */ 945/* return 1 if `class' is a valid login class */
946static int 946static int
947valid_class(char *class) 947valid_class(char *class)
948{ 948{
949 login_cap_t *lc; 949 login_cap_t *lc;
950 950
951 if (class == NULL || *class == '\0') { 951 if (class == NULL || *class == '\0') {
952 return 1; 952 return 1;
953 } 953 }
954 /* 954 /*
955 * Check if /etc/login.conf exists. login_getclass() will 955 * Check if /etc/login.conf exists. login_getclass() will
956 * return 1 due to it not existing, so not informing the 956 * return 1 due to it not existing, so not informing the
957 * user the actual login class does not exist. 957 * user the actual login class does not exist.
958 */ 958 */
959 959
960 if (access(PATH_LOGINCONF, R_OK) == -1) { 960 if (access(PATH_LOGINCONF, R_OK) == -1) {
961 warn("Access failed for `%s'; will not validate class `%s'", 961 warn("Access failed for `%s'; will not validate class `%s'",
962 PATH_LOGINCONF, class); 962 PATH_LOGINCONF, class);
963 return 1; 963 return 1;
964 } 964 }
965 965
966 if ((lc = login_getclass(class)) != NULL) { 966 if ((lc = login_getclass(class)) != NULL) {
967 login_close(lc); 967 login_close(lc);
968 return 1; 968 return 1;
969 } 969 }
970 return 0; 970 return 0;
971} 971}
972 972
973/* return 1 if the `shellname' is a valid user shell */ 973/* return 1 if the `shellname' is a valid user shell */
974static int  974static int
975valid_shell(const char *shellname) 975valid_shell(const char *shellname)
976{ 976{
977 char *shellp; 977 char *shellp;
978 978
979 if (access(_PATH_SHELLS, R_OK) == -1) { 979 if (access(_PATH_SHELLS, R_OK) == -1) {
980 /* Don't exit */ 980 /* Don't exit */
981 warn("Access failed for `%s'; will not validate shell `%s'", 981 warn("Access failed for `%s'; will not validate shell `%s'",
982 _PATH_SHELLS, shellname); 982 _PATH_SHELLS, shellname);
983 return 1; 983 return 1;
984 }  984 }
985 985
986 /* if nologin is used as a shell, consider it a valid shell */ 986 /* if nologin is used as a shell, consider it a valid shell */
987 if (strcmp(shellname, NOLOGIN) == 0) 987 if (strcmp(shellname, NOLOGIN) == 0)
988 return 1; 988 return 1;
989 989
990 while ((shellp = getusershell()) != NULL) 990 while ((shellp = getusershell()) != NULL)
991 if (strcmp(shellp, shellname) == 0) 991 if (strcmp(shellp, shellname) == 0)
992 return 1; 992 return 1;
993 993
994 warnx("Shell `%s' not found in `%s'", shellname, _PATH_SHELLS); 994 warnx("Shell `%s' not found in `%s'", shellname, _PATH_SHELLS);
995 995
996 return access(shellname, X_OK) != -1; 996 return access(shellname, X_OK) != -1;
997} 997}
998#endif 998#endif
999 999
1000/* look for a valid time, return 0 if it was specified but bad */ 1000/* look for a valid time, return 0 if it was specified but bad */
1001static int 1001static int
1002scantime(time_t *tp, char *s) 1002scantime(time_t *tp, char *s)
1003{ 1003{
1004 struct tm tm; 1004 struct tm tm;
1005 char *ep; 1005 char *ep;
1006 long val; 1006 long val;
1007 1007
1008 *tp = 0; 1008 *tp = 0;
1009 if (s != NULL) { 1009 if (s != NULL) {
1010 (void)memset(&tm, 0, sizeof(tm)); 1010 (void)memset(&tm, 0, sizeof(tm));
1011 if (strptime(s, "%c", &tm) != NULL) { 1011 if (strptime(s, "%c", &tm) != NULL) {
1012 *tp = mktime(&tm); 1012 *tp = mktime(&tm);
1013 return (*tp == -1) ? 0 : 1; 1013 return (*tp == -1) ? 0 : 1;
1014 } else if (strptime(s, "%B %d %Y", &tm) != NULL) { 1014 } else if (strptime(s, "%B %d %Y", &tm) != NULL) {
1015 *tp = mktime(&tm); 1015 *tp = mktime(&tm);
1016 return (*tp == -1) ? 0 : 1; 1016 return (*tp == -1) ? 0 : 1;
1017 } else { 1017 } else {
1018 errno = 0; 1018 errno = 0;
1019 *tp = val = strtol(s, &ep, 10); 1019 *tp = val = strtol(s, &ep, 10);
1020 if (*ep != '\0' || *tp < -1 || errno == ERANGE) { 1020 if (*ep != '\0' || *tp < -1 || errno == ERANGE) {
1021 *tp = 0; 1021 *tp = 0;
1022 return 0; 1022 return 0;
1023 } 1023 }
1024 if (*tp != val) { 1024 if (*tp != val) {
1025 return 0; 1025 return 0;
1026 } 1026 }
1027 } 1027 }
1028 } 1028 }
1029 return 1; 1029 return 1;
1030} 1030}
1031 1031
1032/* add a user */ 1032/* add a user */
1033static int 1033static int
1034adduser(char *login_name, user_t *up) 1034adduser(char *login_name, user_t *up)
1035{ 1035{
1036 struct group *grp; 1036 struct group *grp;
1037 struct stat st; 1037 struct stat st;
1038 time_t expire; 1038 time_t expire;
1039 time_t inactive; 1039 time_t inactive;
1040 char password[PasswordLength + 1]; 1040 char password[PasswordLength + 1];
1041 char home[MaxFileNameLen]; 1041 char home[MaxFileNameLen];
1042 char buf[MaxFileNameLen]; 1042 char buf[MaxFileNameLen];
1043 int sync_uid_gid; 1043 int sync_uid_gid;
1044 int masterfd; 1044 int masterfd;
1045 int ptmpfd; 1045 int ptmpfd;
1046 int gid; 1046 int gid;
1047 int cc; 1047 int cc;
1048 int i; 1048 int i;
1049 1049
1050 if (!valid_login(login_name, up->u_allow_samba)) { 1050 if (!valid_login(login_name, up->u_allow_samba)) {
1051 errx(EXIT_FAILURE, "Can't add user `%s': invalid login name", login_name); 1051 errx(EXIT_FAILURE, "Can't add user `%s': invalid login name", login_name);
1052 } 1052 }
1053#ifdef EXTENSIONS 1053#ifdef EXTENSIONS
1054 if (!valid_class(up->u_class)) { 1054 if (!valid_class(up->u_class)) {
1055 errx(EXIT_FAILURE, "Can't add user `%s': no such login class `%s'", 1055 errx(EXIT_FAILURE, "Can't add user `%s': no such login class `%s'",
1056 login_name, up->u_class); 1056 login_name, up->u_class);
1057 } 1057 }
1058#endif 1058#endif
1059 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { 1059 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) {
1060 err(EXIT_FAILURE, "Can't add user `%s': can't open `%s'", 1060 err(EXIT_FAILURE, "Can't add user `%s': can't open `%s'",
1061 login_name, _PATH_MASTERPASSWD); 1061 login_name, _PATH_MASTERPASSWD);
1062 } 1062 }
1063 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { 1063 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) {
1064 err(EXIT_FAILURE, "Can't add user `%s': can't lock `%s'", 1064 err(EXIT_FAILURE, "Can't add user `%s': can't lock `%s'",
1065 login_name, _PATH_MASTERPASSWD); 1065 login_name, _PATH_MASTERPASSWD);
1066 } 1066 }
1067 pw_init(); 1067 pw_init();
1068 if ((ptmpfd = pw_lock(WAITSECS)) < 0) { 1068 if ((ptmpfd = pw_lock(WAITSECS)) < 0) {
1069 int serrno = errno; 1069 int serrno = errno;
1070 (void)close(masterfd); 1070 (void)close(masterfd);
1071 errno = serrno; 1071 errno = serrno;
1072 err(EXIT_FAILURE, "Can't add user `%s': can't obtain pw_lock", 1072 err(EXIT_FAILURE, "Can't add user `%s': can't obtain pw_lock",
1073 login_name); 1073 login_name);
1074 } 1074 }
1075 while ((cc = read(masterfd, buf, sizeof(buf))) > 0) { 1075 while ((cc = read(masterfd, buf, sizeof(buf))) > 0) {
1076 if (write(ptmpfd, buf, (size_t)(cc)) != cc) { 1076 if (write(ptmpfd, buf, (size_t)(cc)) != cc) {
1077 int serrno = errno; 1077 int serrno = errno;
1078 (void)close(masterfd); 1078 (void)close(masterfd);
1079 (void)close(ptmpfd); 1079 (void)close(ptmpfd);
1080 (void)pw_abort(); 1080 (void)pw_abort();
1081 errno = serrno; 1081 errno = serrno;
1082 err(EXIT_FAILURE, "Can't add user `%s': " 1082 err(EXIT_FAILURE, "Can't add user `%s': "
1083 "short write to /etc/ptmp", login_name); 1083 "short write to /etc/ptmp", login_name);
1084 } 1084 }
1085 } 1085 }
1086 /* if no uid was specified, get next one in [low_uid..high_uid] range */ 1086 /* if no uid was specified, get next one in [low_uid..high_uid] range */
1087 sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0); 1087 sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0);
1088 if (up->u_uid == -1) { 1088 if (up->u_uid == -1) {
1089 int got_id = 0; 1089 int got_id = 0;
1090 1090
1091 /* 1091 /*
1092 * Look for a free UID in the command line ranges (if any). 1092 * Look for a free UID in the command line ranges (if any).
1093 * These start after the ranges specified in the config file. 1093 * These start after the ranges specified in the config file.
1094 */ 1094 */
1095 for (i = up->u_defrc; !got_id && i < up->u_rc ; i++) { 1095 for (i = up->u_defrc; !got_id && i < up->u_rc ; i++) {
1096 got_id = getnextuid(sync_uid_gid, &up->u_uid, 1096 got_id = getnextuid(sync_uid_gid, &up->u_uid,
1097 up->u_rv[i].r_from, up->u_rv[i].r_to); 1097 up->u_rv[i].r_from, up->u_rv[i].r_to);
1098 } 1098 }
1099 /* 1099 /*
1100 * If there were no free UIDs in the command line ranges, 1100 * If there were no free UIDs in the command line ranges,
1101 * try the ranges from the config file (there will always 1101 * try the ranges from the config file (there will always
1102 * be at least one default). 1102 * be at least one default).
1103 */ 1103 */
1104 for (i = 0; !got_id && i < up->u_defrc; i++) { 1104 for (i = 0; !got_id && i < up->u_defrc; i++) {
1105 got_id = getnextuid(sync_uid_gid, &up->u_uid, 1105 got_id = getnextuid(sync_uid_gid, &up->u_uid,
1106 up->u_rv[i].r_from, up->u_rv[i].r_to); 1106 up->u_rv[i].r_from, up->u_rv[i].r_to);
1107 } 1107 }
1108 if (!got_id) { 1108 if (!got_id) {
1109 (void)close(ptmpfd); 1109 (void)close(ptmpfd);
1110 (void)pw_abort(); 1110 (void)pw_abort();
1111 errx(EXIT_FAILURE, "Can't add user `%s': " 1111 errx(EXIT_FAILURE, "Can't add user `%s': "
1112 "can't get next uid for %d", login_name, 1112 "can't get next uid for %d", login_name,
1113 up->u_uid); 1113 up->u_uid);
1114 } 1114 }
1115 } 1115 }
1116 /* check uid isn't already allocated */ 1116 /* check uid isn't already allocated */
1117 if (!(up->u_flags & F_DUPUID) && getpwuid((uid_t)(up->u_uid)) != NULL) { 1117 if (!(up->u_flags & F_DUPUID) && getpwuid((uid_t)(up->u_uid)) != NULL) {
1118 (void)close(ptmpfd); 1118 (void)close(ptmpfd);
1119 (void)pw_abort(); 1119 (void)pw_abort();
1120 errx(EXIT_FAILURE, "Can't add user `%s': " 1120 errx(EXIT_FAILURE, "Can't add user `%s': "
1121 "uid %d is already in use", login_name, up->u_uid); 1121 "uid %d is already in use", login_name, up->u_uid);
1122 } 1122 }
1123 /* if -g=uid was specified, check gid is unused */ 1123 /* if -g=uid was specified, check gid is unused */
1124 if (sync_uid_gid) { 1124 if (sync_uid_gid) {
1125 if (getgrgid((gid_t)(up->u_uid)) != NULL) { 1125 if (getgrgid((gid_t)(up->u_uid)) != NULL) {
1126 (void)close(ptmpfd); 1126 (void)close(ptmpfd);
1127 (void)pw_abort(); 1127 (void)pw_abort();
1128 errx(EXIT_FAILURE, "Can't add user `%s': " 1128 errx(EXIT_FAILURE, "Can't add user `%s': "
1129 "gid %d is already in use", login_name, 1129 "gid %d is already in use", login_name,
1130 up->u_uid); 1130 up->u_uid);
1131 } 1131 }
1132 gid = up->u_uid; 1132 gid = up->u_uid;
1133 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { 1133 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) {
1134 gid = grp->gr_gid; 1134 gid = grp->gr_gid;
1135 } else if (is_number(up->u_primgrp) && 1135 } else if (is_number(up->u_primgrp) &&
1136 (grp = getgrgid((gid_t)atoi(up->u_primgrp))) != NULL) { 1136 (grp = getgrgid((gid_t)atoi(up->u_primgrp))) != NULL) {
1137 gid = grp->gr_gid; 1137 gid = grp->gr_gid;
1138 } else { 1138 } else {
1139 (void)close(ptmpfd); 1139 (void)close(ptmpfd);
1140 (void)pw_abort(); 1140 (void)pw_abort();
1141 errx(EXIT_FAILURE, "Can't add user `%s': group %s not found", 1141 errx(EXIT_FAILURE, "Can't add user `%s': group %s not found",
1142 login_name, up->u_primgrp); 1142 login_name, up->u_primgrp);
1143 } 1143 }
1144 /* check name isn't already in use */ 1144 /* check name isn't already in use */
1145 if (!(up->u_flags & F_DUPUID) && getpwnam(login_name) != NULL) { 1145 if (!(up->u_flags & F_DUPUID) && getpwnam(login_name) != NULL) {
1146 (void)close(ptmpfd); 1146 (void)close(ptmpfd);
1147 (void)pw_abort(); 1147 (void)pw_abort();
1148 errx(EXIT_FAILURE, "Can't add user `%s': " 1148 errx(EXIT_FAILURE, "Can't add user `%s': "
1149 "`%s' is already a user", login_name, login_name); 1149 "`%s' is already a user", login_name, login_name);
1150 } 1150 }
1151 if (up->u_flags & F_HOMEDIR) { 1151 if (up->u_flags & F_HOMEDIR) {
1152 (void)strlcpy(home, up->u_home, sizeof(home)); 1152 (void)strlcpy(home, up->u_home, sizeof(home));
1153 } else { 1153 } else {
1154 /* if home directory hasn't been given, make it up */ 1154 /* if home directory hasn't been given, make it up */
1155 (void)snprintf(home, sizeof(home), "%s/%s", up->u_basedir, 1155 (void)snprintf(home, sizeof(home), "%s/%s", up->u_basedir,
1156 login_name); 1156 login_name);
1157 } 1157 }
1158 if (up->u_flags & F_SHELL) { 1158 if (up->u_flags & F_SHELL) {
1159#ifdef EXTENSIONS 1159#ifdef EXTENSIONS
1160 if (!valid_shell(up->u_shell)) { 1160 if (!valid_shell(up->u_shell)) {
1161 int oerrno = errno; 1161 int oerrno = errno;
1162 (void)close(ptmpfd); 1162 (void)close(ptmpfd);
1163 (void)pw_abort(); 1163 (void)pw_abort();
1164 errno = oerrno; 1164 errno = oerrno;
1165 errx(EXIT_FAILURE, "Can't add user `%s': " 1165 errx(EXIT_FAILURE, "Can't add user `%s': "
1166 "Cannot access shell `%s'", 1166 "Cannot access shell `%s'",
1167 login_name, up->u_shell); 1167 login_name, up->u_shell);
1168 } 1168 }
1169#endif 1169#endif
1170 } 1170 }
1171 1171
1172 if (!scantime(&inactive, up->u_inactive)) { 1172 if (!scantime(&inactive, up->u_inactive)) {
1173 warnx("Warning: inactive time `%s' invalid, password expiry off", 1173 warnx("Warning: inactive time `%s' invalid, password expiry off",
1174 up->u_inactive); 1174 up->u_inactive);
1175 } 1175 }
1176 if (!scantime(&expire, up->u_expire) || expire == -1) { 1176 if (!scantime(&expire, up->u_expire) || expire == -1) {
1177 warnx("Warning: expire time `%s' invalid, account expiry off", 1177 warnx("Warning: expire time `%s' invalid, account expiry off",
1178 up->u_expire); 1178 up->u_expire);
1179 expire = 0; /* Just in case. */ 1179 expire = 0; /* Just in case. */
1180 } 1180 }
1181 if (lstat(home, &st) < 0 && !(up->u_flags & F_MKDIR)) { 1181 if (lstat(home, &st) < 0 && !(up->u_flags & F_MKDIR)) {
1182 warnx("Warning: home directory `%s' doesn't exist, " 1182 warnx("Warning: home directory `%s' doesn't exist, "
1183 "and -m was not specified", home); 1183 "and -m was not specified", home);
1184 } 1184 }
1185 password[sizeof(password) - 1] = '\0'; 1185 password[sizeof(password) - 1] = '\0';
1186 if (up->u_password != NULL && valid_password_length(up->u_password)) { 1186 if (up->u_password != NULL && valid_password_length(up->u_password)) {
1187 (void)strlcpy(password, up->u_password, sizeof(password)); 1187 (void)strlcpy(password, up->u_password, sizeof(password));
1188 } else { 1188 } else {
1189 (void)memset(password, '*', DES_Len); 1189 (void)memset(password, '*', DES_Len);
1190 password[DES_Len] = 0; 1190 password[DES_Len] = 0;
1191 if (up->u_password != NULL) { 1191 if (up->u_password != NULL) {
1192 warnx("Password `%s' is invalid: setting it to `%s'", 1192 warnx("Password `%s' is invalid: setting it to `%s'",
1193 up->u_password, password); 1193 up->u_password, password);
1194 } 1194 }
1195 } 1195 }
1196 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n", 1196 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
1197 login_name, 1197 login_name,
1198 password, 1198 password,
1199 up->u_uid, 1199 up->u_uid,
1200 gid, 1200 gid,
1201#ifdef EXTENSIONS 1201#ifdef EXTENSIONS
1202 up->u_class, 1202 up->u_class,
1203#else 1203#else
1204 "", 1204 "",
1205#endif 1205#endif
1206 (long) inactive, 1206 (long) inactive,
1207 (long) expire, 1207 (long) expire,
1208 up->u_comment, 1208 up->u_comment,
1209 home, 1209 home,
1210 up->u_shell); 1210 up->u_shell);
1211 if (write(ptmpfd, buf, (size_t) cc) != cc) { 1211 if (write(ptmpfd, buf, (size_t) cc) != cc) {
1212 int serrno = errno; 1212 int serrno = errno;
1213 (void)close(ptmpfd); 1213 (void)close(ptmpfd);
1214 (void)pw_abort(); 1214 (void)pw_abort();
1215 errno = serrno; 1215 errno = serrno;
1216 err(EXIT_FAILURE, "Can't add user `%s': write failed", 1216 err(EXIT_FAILURE, "Can't add user `%s': write failed",
1217 login_name); 1217 login_name);
1218 } 1218 }
1219 if (up->u_flags & F_MKDIR) { 1219 if (up->u_flags & F_MKDIR) {
1220 if (lstat(home, &st) == 0) { 1220 if (lstat(home, &st) == 0) {
1221 (void)close(ptmpfd); 1221 (void)close(ptmpfd);
1222 (void)pw_abort(); 1222 (void)pw_abort();
1223 errx(EXIT_FAILURE, 1223 errx(EXIT_FAILURE,
1224 "Can't add user `%s': home directory `%s' " 1224 "Can't add user `%s': home directory `%s' "
1225 "already exists", login_name, home); 1225 "already exists", login_name, home);
1226 } else { 1226 } else {
1227 if (asystem("%s -p %s", MKDIR, home) != 0) { 1227 if (asystem("%s -p %s", MKDIR, home) != 0) {
1228 (void)close(ptmpfd); 1228 (void)close(ptmpfd);
1229 (void)pw_abort(); 1229 (void)pw_abort();
1230 errx(EXIT_FAILURE, "Can't add user `%s': " 1230 errx(EXIT_FAILURE, "Can't add user `%s': "
1231 "can't mkdir `%s'", login_name, home); 1231 "can't mkdir `%s'", login_name, home);
1232 } 1232 }
1233 (void)copydotfiles(up->u_skeldir, up->u_uid, gid, home, 1233 (void)copydotfiles(up->u_skeldir, up->u_uid, gid, home,
1234 up->u_homeperm); 1234 up->u_homeperm);
1235 } 1235 }
1236 } 1236 }
1237 if (strcmp(up->u_primgrp, "=uid") == 0 && 1237 if (strcmp(up->u_primgrp, "=uid") == 0 &&
1238 getgrnam(login_name) == NULL && 1238 getgrnam(login_name) == NULL &&
1239 !creategid(login_name, gid, login_name)) { 1239 !creategid(login_name, gid, login_name)) {
1240 (void)close(ptmpfd); 1240 (void)close(ptmpfd);
1241 (void)pw_abort(); 1241 (void)pw_abort();
1242 errx(EXIT_FAILURE, "Can't add user `%s': can't create gid %d ", 1242 errx(EXIT_FAILURE, "Can't add user `%s': can't create gid %d ",
1243 login_name, gid); 1243 login_name, gid);
1244 } 1244 }
1245 if (up->u_groupc > 0 && 1245 if (up->u_groupc > 0 &&
1246 !append_group(login_name, up->u_groupc, up->u_groupv)) { 1246 !append_group(login_name, up->u_groupc, up->u_groupv)) {
1247 (void)close(ptmpfd); 1247 (void)close(ptmpfd);
1248 (void)pw_abort(); 1248 (void)pw_abort();
1249 errx(EXIT_FAILURE, "Can't add user `%s': can't append " 1249 errx(EXIT_FAILURE, "Can't add user `%s': can't append "
1250 "to new groups", login_name); 1250 "to new groups", login_name);
1251 } 1251 }
1252 (void)close(ptmpfd); 1252 (void)close(ptmpfd);
1253#if PW_MKDB_ARGC == 2 1253#if PW_MKDB_ARGC == 2
1254 if (pw_mkdb(login_name, 0) < 0) 1254 if (pw_mkdb(login_name, 0) < 0)
1255#else 1255#else
1256 if (pw_mkdb() < 0) 1256 if (pw_mkdb() < 0)
1257#endif 1257#endif
1258 { 1258 {
1259 (void)pw_abort(); 1259 (void)pw_abort();
1260 errx(EXIT_FAILURE, "Can't add user `%s': pw_mkdb failed", 1260 errx(EXIT_FAILURE, "Can't add user `%s': pw_mkdb failed",
1261 login_name); 1261 login_name);
1262 } 1262 }
1263 syslog(LOG_INFO, "New user added: name=%s, uid=%d, gid=%d, home=%s, " 1263 syslog(LOG_INFO, "New user added: name=%s, uid=%d, gid=%d, home=%s, "
1264 "shell=%s", login_name, up->u_uid, gid, home, up->u_shell); 1264 "shell=%s", login_name, up->u_uid, gid, home, up->u_shell);
1265 return 1; 1265 return 1;
1266} 1266}
1267 1267
1268/* remove a user from the groups file */ 1268/* remove a user from the groups file */
1269static int 1269static int
1270rm_user_from_groups(char *login_name) 1270rm_user_from_groups(char *login_name)
1271{ 1271{
1272 struct stat st; 1272 struct stat st;
1273 regmatch_t matchv[10]; 1273 regmatch_t matchv[10];
1274 regex_t r; 1274 regex_t r;
1275 FILE *from; 1275 FILE *from;
1276 FILE *to; 1276 FILE *to;
1277 char line[MaxEntryLen]; 1277 char line[MaxEntryLen];
1278 char buf[MaxEntryLen]; 1278 char buf[MaxEntryLen];
1279 char f[MaxFileNameLen]; 1279 char f[MaxFileNameLen];
1280 int fd; 1280 int fd;
1281 int cc; 1281 int cc;
1282 int sc; 1282 int sc;
1283 1283
1284 (void)snprintf(line, sizeof(line), "(:|,)(%s)(,|$)", login_name); 1284 (void)snprintf(line, sizeof(line), "(:|,)(%s)(,|$)", login_name);
1285 if ((sc = regcomp(&r, line, REG_EXTENDED|REG_NEWLINE)) != 0) { 1285 if ((sc = regcomp(&r, line, REG_EXTENDED|REG_NEWLINE)) != 0) {
1286 (void)regerror(sc, &r, buf, sizeof(buf)); 1286 (void)regerror(sc, &r, buf, sizeof(buf));
1287 warnx("Can't compile regular expression `%s' (%s)", line, 1287 warnx("Can't compile regular expression `%s' (%s)", line,
1288 buf); 1288 buf);
1289 return 0; 1289 return 0;
1290 } 1290 }
1291 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 1291 if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
1292 warn("Can't remove user `%s' from `%s': can't open `%s'", 1292 warn("Can't remove user `%s' from `%s': can't open `%s'",
1293 login_name, _PATH_GROUP, _PATH_GROUP); 1293 login_name, _PATH_GROUP, _PATH_GROUP);
1294 return 0; 1294 return 0;
1295 } 1295 }
1296 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 1296 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) {
1297 warn("Can't remove user `%s' from `%s': can't lock `%s'", 1297 warn("Can't remove user `%s' from `%s': can't lock `%s'",
1298 login_name, _PATH_GROUP, _PATH_GROUP); 1298 login_name, _PATH_GROUP, _PATH_GROUP);
1299 (void)fclose(from); 1299 (void)fclose(from);
1300 return 0; 1300 return 0;
1301 } 1301 }
1302 (void)fstat(fileno(from), &st); 1302 (void)fstat(fileno(from), &st);
1303 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 1303 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP);
1304 if ((fd = mkstemp(f)) < 0) { 1304 if ((fd = mkstemp(f)) < 0) {
1305 warn("Can't remove user `%s' from `%s': mkstemp failed", 1305 warn("Can't remove user `%s' from `%s': mkstemp failed",
1306 login_name, _PATH_GROUP); 1306 login_name, _PATH_GROUP);
1307 (void)fclose(from); 1307 (void)fclose(from);
1308 return 0; 1308 return 0;
1309 } 1309 }
1310 if ((to = fdopen(fd, "w")) == NULL) { 1310 if ((to = fdopen(fd, "w")) == NULL) {
1311 warn("Can't remove user `%s' from `%s': fdopen `%s' failed", 1311 warn("Can't remove user `%s' from `%s': fdopen `%s' failed",
1312 login_name, _PATH_GROUP, f); 1312 login_name, _PATH_GROUP, f);
1313 (void)fclose(from); 1313 (void)fclose(from);
1314 (void)close(fd); 1314 (void)close(fd);
1315 (void)unlink(f); 1315 (void)unlink(f);
1316 return 0; 1316 return 0;
1317 } 1317 }
1318 while (fgets(buf, sizeof(buf), from) != NULL) { 1318 while (fgets(buf, sizeof(buf), from) != NULL) {
1319 cc = strlen(buf); 1319 cc = strlen(buf);
1320 if (regexec(&r, buf, 10, matchv, 0) == 0) { 1320 if (regexec(&r, buf, 10, matchv, 0) == 0) {
1321 if (buf[(int)matchv[1].rm_so] == ',') { 1321 if (buf[(int)matchv[1].rm_so] == ',') {
1322 matchv[2].rm_so = matchv[1].rm_so; 1322 matchv[2].rm_so = matchv[1].rm_so;
1323 } else if (matchv[2].rm_eo != matchv[3].rm_eo) { 1323 } else if (matchv[2].rm_eo != matchv[3].rm_eo) {
1324 matchv[2].rm_eo = matchv[3].rm_eo; 1324 matchv[2].rm_eo = matchv[3].rm_eo;
1325 } 1325 }
1326 cc -= (int) matchv[2].rm_eo; 1326 cc -= (int) matchv[2].rm_eo;
1327 sc = (int) matchv[2].rm_so; 1327 sc = (int) matchv[2].rm_so;
1328 if (fwrite(buf, sizeof(char), (size_t)sc, to) != sc || 1328 if (fwrite(buf, sizeof(char), (size_t)sc, to) != sc ||
1329 fwrite(&buf[(int)matchv[2].rm_eo], sizeof(char), 1329 fwrite(&buf[(int)matchv[2].rm_eo], sizeof(char),
1330 (size_t)cc, to) != cc) { 1330 (size_t)cc, to) != cc) {
1331 warn("Can't remove user `%s' from `%s': " 1331 warn("Can't remove user `%s' from `%s': "
1332 "short write to `%s'", login_name, 1332 "short write to `%s'", login_name,
1333 _PATH_GROUP, f); 1333 _PATH_GROUP, f);
1334 (void)fclose(from); 1334 (void)fclose(from);
1335 (void)close(fd); 1335 (void)close(fd);
1336 (void)unlink(f); 1336 (void)unlink(f);
1337 return 0; 1337 return 0;
1338 } 1338 }
1339 } else if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 1339 } else if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) {
1340 warn("Can't remove user `%s' from `%s': " 1340 warn("Can't remove user `%s' from `%s': "
1341 "short write to `%s'", login_name, _PATH_GROUP, f); 1341 "short write to `%s'", login_name, _PATH_GROUP, f);
1342 (void)fclose(from); 1342 (void)fclose(from);
1343 (void)close(fd); 1343 (void)close(fd);
1344 (void)unlink(f); 1344 (void)unlink(f);
1345 return 0; 1345 return 0;
1346 } 1346 }
1347 } 1347 }
1348 (void)fclose(from); 1348 (void)fclose(from);
1349 (void)fclose(to); 1349 (void)fclose(to);
1350 if (rename(f, _PATH_GROUP) < 0) { 1350 if (rename(f, _PATH_GROUP) < 0) {
1351 warn("Can't remove user `%s' from `%s': " 1351 warn("Can't remove user `%s' from `%s': "
1352 "can't rename `%s' to `%s'", 1352 "can't rename `%s' to `%s'",
1353 login_name, _PATH_GROUP, f, _PATH_GROUP); 1353 login_name, _PATH_GROUP, f, _PATH_GROUP);
1354 (void)unlink(f); 1354 (void)unlink(f);
1355 return 0; 1355 return 0;
1356 } 1356 }
1357 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 1357 (void)chmod(_PATH_GROUP, st.st_mode & 07777);
1358 return 1; 1358 return 1;
1359} 1359}
1360 1360
1361/* check that the user or group is local, not from YP/NIS */ 1361/* check that the user or group is local, not from YP/NIS */
1362static int 1362static int
1363is_local(char *name, const char *file) 1363is_local(char *name, const char *file)
1364{ 1364{
1365 FILE *fp; 1365 FILE *fp;
1366 char buf[MaxEntryLen]; 1366 char buf[MaxEntryLen];
1367 size_t len; 1367 size_t len;
1368 int ret; 1368 int ret;
1369 1369
1370 if ((fp = fopen(file, "r")) == NULL) { 1370 if ((fp = fopen(file, "r")) == NULL) {
1371 err(EXIT_FAILURE, "Can't open `%s'", file); 1371 err(EXIT_FAILURE, "Can't open `%s'", file);
1372 } 1372 }
1373 len = strlen(name); 1373 len = strlen(name);
1374 for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL ; ) { 1374 for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL ; ) {
1375 if (strncmp(buf, name, len) == 0 && buf[len] == ':') { 1375 if (strncmp(buf, name, len) == 0 && buf[len] == ':') {
1376 ret = 1; 1376 ret = 1;
1377 break; 1377 break;
1378 } 1378 }
1379 } 1379 }
1380 (void)fclose(fp); 1380 (void)fclose(fp);
1381 return ret; 1381 return ret;
1382} 1382}
1383 1383
1384/* modify a user */ 1384/* modify a user */
1385static int 1385static int
1386moduser(char *login_name, char *newlogin, user_t *up, int allow_samba) 1386moduser(char *login_name, char *newlogin, user_t *up, int allow_samba)
1387{ 1387{
1388 struct passwd *pwp; 1388 struct passwd *pwp, pw;
1389 struct group *grp; 1389 struct group *grp;
1390 const char *homedir; 1390 const char *homedir;
1391 char *locked_pwd; 1391 char *locked_pwd;
1392 size_t colonc; 1392 size_t colonc;
1393 size_t loginc; 1393 size_t loginc;
1394 size_t len; 1394 size_t len;
1395 FILE *master; 1395 FILE *master;
1396 char newdir[MaxFileNameLen]; 1396 char newdir[MaxFileNameLen];
1397 char buf[MaxEntryLen]; 1397 char buf[MaxEntryLen];
 1398 char pwbuf[MaxEntryLen];
1398 char *colon; 1399 char *colon;
1399 int masterfd; 1400 int masterfd;
1400 int ptmpfd; 1401 int ptmpfd;
1401 int error; 1402 int error;
1402 1403
1403 if (!valid_login(newlogin, allow_samba)) { 1404 if (!valid_login(newlogin, allow_samba)) {
1404 errx(EXIT_FAILURE, "Can't modify user `%s': invalid login name", 1405 errx(EXIT_FAILURE, "Can't modify user `%s': invalid login name",
1405 login_name); 1406 login_name);
1406 } 1407 }
1407 if ((pwp = getpwnam(login_name)) == NULL) { 1408 if (getpwnam_r(login_name, &pw, pwbuf, sizeof(pwbuf), &pwp) != 0
 1409 || pwp == NULL) {
1408 errx(EXIT_FAILURE, "Can't modify user `%s': no such user", 1410 errx(EXIT_FAILURE, "Can't modify user `%s': no such user",
1409 login_name); 1411 login_name);
1410 } 1412 }
1411 if (!is_local(login_name, _PATH_MASTERPASSWD)) { 1413 if (!is_local(login_name, _PATH_MASTERPASSWD)) {
1412 errx(EXIT_FAILURE, "Can't modify user `%s': must be a local user", 1414 errx(EXIT_FAILURE, "Can't modify user `%s': must be a local user",
1413 login_name); 1415 login_name);
1414 } 1416 }
1415 /* keep dir name in case we need it for '-m' */ 1417 /* keep dir name in case we need it for '-m' */
1416 homedir = pwp->pw_dir; 1418 homedir = pwp->pw_dir;
1417 1419
1418 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { 1420 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) {
1419 err(EXIT_FAILURE, "Can't modify user `%s': can't open `%s'", 1421 err(EXIT_FAILURE, "Can't modify user `%s': can't open `%s'",
1420 login_name, _PATH_MASTERPASSWD); 1422 login_name, _PATH_MASTERPASSWD);
1421 } 1423 }
1422 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { 1424 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) {
1423 err(EXIT_FAILURE, "Can't modify user `%s': can't lock `%s'", 1425 err(EXIT_FAILURE, "Can't modify user `%s': can't lock `%s'",
1424 login_name, _PATH_MASTERPASSWD); 1426 login_name, _PATH_MASTERPASSWD);
1425 } 1427 }
1426 pw_init(); 1428 pw_init();
1427 if ((ptmpfd = pw_lock(WAITSECS)) < 0) { 1429 if ((ptmpfd = pw_lock(WAITSECS)) < 0) {
1428 int serrno = errno; 1430 int serrno = errno;
1429 (void)close(masterfd); 1431 (void)close(masterfd);
1430 errno = serrno; 1432 errno = serrno;
1431 err(EXIT_FAILURE, "Can't modify user `%s': " 1433 err(EXIT_FAILURE, "Can't modify user `%s': "
1432 "can't obtain pw_lock", login_name); 1434 "can't obtain pw_lock", login_name);
1433 } 1435 }
1434 if ((master = fdopen(masterfd, "r")) == NULL) { 1436 if ((master = fdopen(masterfd, "r")) == NULL) {
1435 int serrno = errno; 1437 int serrno = errno;
1436 (void)close(masterfd); 1438 (void)close(masterfd);
1437 (void)close(ptmpfd); 1439 (void)close(ptmpfd);
1438 (void)pw_abort(); 1440 (void)pw_abort();
1439 errno = serrno; 1441 errno = serrno;
1440 err(EXIT_FAILURE, "Can't modify user `%s': " 1442 err(EXIT_FAILURE, "Can't modify user `%s': "
1441 "fdopen fd for %s", login_name, _PATH_MASTERPASSWD); 1443 "fdopen fd for %s", login_name, _PATH_MASTERPASSWD);
1442 } 1444 }
1443 if (up != NULL) { 1445 if (up != NULL) {
1444 if (up->u_flags & F_USERNAME) { 1446 if (up->u_flags & F_USERNAME) {
1445 /* 1447 /*
1446 * If changing name, 1448 * If changing name,
1447 * check new name isn't already in use 1449 * check new name isn't already in use
1448 */ 1450 */
1449 if (strcmp(login_name, newlogin) != 0 && 1451 if (strcmp(login_name, newlogin) != 0 &&
1450 getpwnam(newlogin) != NULL) { 1452 getpwnam(newlogin) != NULL) {
1451 (void)close(ptmpfd); 1453 (void)close(ptmpfd);
1452 (void)pw_abort(); 1454 (void)pw_abort();
1453 errx(EXIT_FAILURE, "Can't modify user `%s': " 1455 errx(EXIT_FAILURE, "Can't modify user `%s': "
1454 "`%s' is already a user", login_name, 1456 "`%s' is already a user", login_name,
1455 newlogin); 1457 newlogin);
1456 } 1458 }
1457 pwp->pw_name = newlogin; 1459 pwp->pw_name = newlogin;
1458 1460
1459 /* 1461 /*
1460 * Provide a new directory name in case the 1462 * Provide a new directory name in case the
1461 * home directory is to be moved. 1463 * home directory is to be moved.
1462 */ 1464 */
1463 if (up->u_flags & F_MKDIR) { 1465 if (up->u_flags & F_MKDIR) {
1464 (void)snprintf(newdir, sizeof(newdir), "%s/%s", 1466 (void)snprintf(newdir, sizeof(newdir), "%s/%s",
1465 up->u_basedir, newlogin); 1467 up->u_basedir, newlogin);
1466 pwp->pw_dir = newdir; 1468 pwp->pw_dir = newdir;
1467 } 1469 }
1468 } 1470 }
1469 if (up->u_flags & F_PASSWORD) { 1471 if (up->u_flags & F_PASSWORD) {
1470 if (up->u_password != NULL) { 1472 if (up->u_password != NULL) {
1471 if (!valid_password_length(up->u_password)) { 1473 if (!valid_password_length(up->u_password)) {
1472 (void)close(ptmpfd); 1474 (void)close(ptmpfd);
1473 (void)pw_abort(); 1475 (void)pw_abort();
1474 errx(EXIT_FAILURE, 1476 errx(EXIT_FAILURE,
1475 "Can't modify user `%s': " 1477 "Can't modify user `%s': "
1476 "invalid password: `%s'", 1478 "invalid password: `%s'",
1477 login_name, up->u_password); 1479 login_name, up->u_password);
1478 } 1480 }
1479 if ((locked_pwd = 1481 if ((locked_pwd =
1480 strstr(pwp->pw_passwd, LOCKED)) != NULL) { 1482 strstr(pwp->pw_passwd, LOCKED)) != NULL) {
1481 /* 1483 /*
1482 * account is locked - keep it locked 1484 * account is locked - keep it locked
1483 * and just change the password. 1485 * and just change the password.
1484 */ 1486 */
1485 if (asprintf(&locked_pwd, "%s%s", 1487 if (asprintf(&locked_pwd, "%s%s",
1486 LOCKED, up->u_password) == -1) { 1488 LOCKED, up->u_password) == -1) {
1487 (void)close(ptmpfd); 1489 (void)close(ptmpfd);
1488 (void)pw_abort(); 1490 (void)pw_abort();
1489 err(EXIT_FAILURE, 1491 err(EXIT_FAILURE,
1490 "Can't modify user `%s': " 1492 "Can't modify user `%s': "
1491 "asprintf failed", 1493 "asprintf failed",
1492 login_name); 1494 login_name);
1493 } 1495 }
1494 pwp->pw_passwd = locked_pwd; 1496 pwp->pw_passwd = locked_pwd;
1495 } else { 1497 } else {
1496 pwp->pw_passwd = up->u_password; 1498 pwp->pw_passwd = up->u_password;
1497 } 1499 }
1498 } 1500 }
1499 } 1501 }
1500 1502
1501 /* check whether we should lock the account. */ 1503 /* check whether we should lock the account. */
1502 if (up->u_locked == LOCK) { 1504 if (up->u_locked == LOCK) {
1503 /* check to see account if already locked. */ 1505 /* check to see account if already locked. */
1504 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) 1506 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED))
1505 != NULL) { 1507 != NULL) {
1506 warnx("Account is already locked"); 1508 warnx("Account is already locked");
1507 } else { 1509 } else {
1508 if (asprintf(&locked_pwd, "%s%s", LOCKED, 1510 if (asprintf(&locked_pwd, "%s%s", LOCKED,
1509 pwp->pw_passwd) == -1) { 1511 pwp->pw_passwd) == -1) {
1510 (void)close(ptmpfd); 1512 (void)close(ptmpfd);
1511 (void)pw_abort(); 1513 (void)pw_abort();
1512 err(EXIT_FAILURE, 1514 err(EXIT_FAILURE,
1513 "Can't modify user `%s': " 1515 "Can't modify user `%s': "
1514 "asprintf failed", login_name); 1516 "asprintf failed", login_name);
1515 } 1517 }
1516 pwp->pw_passwd = locked_pwd; 1518 pwp->pw_passwd = locked_pwd;
1517 } 1519 }
1518 } else if (up->u_locked == UNLOCK) { 1520 } else if (up->u_locked == UNLOCK) {
1519 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) 1521 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED))
1520 == NULL) { 1522 == NULL) {
1521 warnx("Can't modify user `%s': " 1523 warnx("Can't modify user `%s': "
1522 "account is not locked", login_name); 1524 "account is not locked", login_name);
1523 } else { 1525 } else {
1524 pwp->pw_passwd = locked_pwd + strlen(LOCKED); 1526 pwp->pw_passwd = locked_pwd + strlen(LOCKED);
1525 } 1527 }
1526 } 1528 }
1527 1529
1528 if (up->u_flags & F_UID) { 1530 if (up->u_flags & F_UID) {
1529 /* check uid isn't already allocated */ 1531 /* check uid isn't already allocated */
1530 if (!(up->u_flags & F_DUPUID) && 1532 if (!(up->u_flags & F_DUPUID) &&
1531 getpwuid((uid_t)(up->u_uid)) != NULL) { 1533 getpwuid((uid_t)(up->u_uid)) != NULL) {
1532 (void)close(ptmpfd); 1534 (void)close(ptmpfd);
1533 (void)pw_abort(); 1535 (void)pw_abort();
1534 errx(EXIT_FAILURE, "Can't modify user `%s': " 1536 errx(EXIT_FAILURE, "Can't modify user `%s': "
1535 "uid `%d' is already in use", login_name, 1537 "uid `%d' is already in use", login_name,
1536 up->u_uid); 1538 up->u_uid);
1537 } 1539 }
1538 pwp->pw_uid = up->u_uid; 1540 pwp->pw_uid = up->u_uid;
1539 } 1541 }
1540 if (up->u_flags & F_GROUP) { 1542 if (up->u_flags & F_GROUP) {
1541 /* if -g=uid was specified, check gid is unused */ 1543 /* if -g=uid was specified, check gid is unused */
1542 if (strcmp(up->u_primgrp, "=uid") == 0) { 1544 if (strcmp(up->u_primgrp, "=uid") == 0) {
1543 if (getgrgid((gid_t)(up->u_uid)) != NULL) { 1545 if (getgrgid((gid_t)(up->u_uid)) != NULL) {
1544 (void)close(ptmpfd); 1546 (void)close(ptmpfd);
1545 (void)pw_abort(); 1547 (void)pw_abort();
1546 errx(EXIT_FAILURE, 1548 errx(EXIT_FAILURE,
1547 "Can't modify user `%s': " 1549 "Can't modify user `%s': "
1548 "gid %d is already in use", 1550 "gid %d is already in use",
1549 login_name, up->u_uid); 1551 login_name, up->u_uid);
1550 } 1552 }
1551 pwp->pw_gid = up->u_uid; 1553 pwp->pw_gid = up->u_uid;
1552 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { 1554 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) {
1553 pwp->pw_gid = grp->gr_gid; 1555 pwp->pw_gid = grp->gr_gid;
1554 } else if (is_number(up->u_primgrp) && 1556 } else if (is_number(up->u_primgrp) &&
1555 (grp = getgrgid( 1557 (grp = getgrgid(
1556 (gid_t)atoi(up->u_primgrp))) != NULL) { 1558 (gid_t)atoi(up->u_primgrp))) != NULL) {
1557 pwp->pw_gid = grp->gr_gid; 1559 pwp->pw_gid = grp->gr_gid;
1558 } else { 1560 } else {
1559 (void)close(ptmpfd); 1561 (void)close(ptmpfd);
1560 (void)pw_abort(); 1562 (void)pw_abort();
1561 errx(EXIT_FAILURE, "Can't modify user `%s': " 1563 errx(EXIT_FAILURE, "Can't modify user `%s': "
1562 "group %s not found", login_name, 1564 "group %s not found", login_name,
1563 up->u_primgrp); 1565 up->u_primgrp);
1564 } 1566 }
1565 } 1567 }
1566 if (up->u_flags & F_INACTIVE) { 1568 if (up->u_flags & F_INACTIVE) {
1567 if (!scantime(&pwp->pw_change, up->u_inactive)) { 1569 if (!scantime(&pwp->pw_change, up->u_inactive)) {
1568 warnx("Warning: inactive time `%s' invalid, " 1570 warnx("Warning: inactive time `%s' invalid, "
1569 "password expiry off", 1571 "password expiry off",
1570 up->u_inactive); 1572 up->u_inactive);
1571 } 1573 }
1572 } 1574 }
1573 if (up->u_flags & F_EXPIRE) { 1575 if (up->u_flags & F_EXPIRE) {
1574 if (!scantime(&pwp->pw_expire, up->u_expire) || 1576 if (!scantime(&pwp->pw_expire, up->u_expire) ||
1575 pwp->pw_expire == -1) { 1577 pwp->pw_expire == -1) {
1576 warnx("Warning: expire time `%s' invalid, " 1578 warnx("Warning: expire time `%s' invalid, "
1577 "account expiry off", 1579 "account expiry off",
1578 up->u_expire); 1580 up->u_expire);
1579 pwp->pw_expire = 0; 1581 pwp->pw_expire = 0;
1580 } 1582 }
1581 } 1583 }
1582 if (up->u_flags & F_COMMENT) { 1584 if (up->u_flags & F_COMMENT) {
1583 pwp->pw_gecos = up->u_comment; 1585 pwp->pw_gecos = up->u_comment;
1584 } 1586 }
1585 if (up->u_flags & F_HOMEDIR) { 1587 if (up->u_flags & F_HOMEDIR) {
1586 pwp->pw_dir = up->u_home; 1588 pwp->pw_dir = up->u_home;
1587 } 1589 }
1588 if (up->u_flags & F_SHELL) { 1590 if (up->u_flags & F_SHELL) {
1589#ifdef EXTENSIONS 1591#ifdef EXTENSIONS
1590 if (!valid_shell(up->u_shell)) { 1592 if (!valid_shell(up->u_shell)) {
1591 int oerrno = errno; 1593 int oerrno = errno;
1592 (void)close(ptmpfd); 1594 (void)close(ptmpfd);
1593 (void)pw_abort(); 1595 (void)pw_abort();
1594 errno = oerrno; 1596 errno = oerrno;
1595 errx(EXIT_FAILURE, "Can't modify user `%s': " 1597 errx(EXIT_FAILURE, "Can't modify user `%s': "
1596 "Cannot access shell `%s'", 1598 "Cannot access shell `%s'",
1597 login_name, up->u_shell); 1599 login_name, up->u_shell);
1598 } 1600 }
1599 pwp->pw_shell = up->u_shell; 1601 pwp->pw_shell = up->u_shell;
1600#else 1602#else
1601 pwp->pw_shell = up->u_shell; 1603 pwp->pw_shell = up->u_shell;
1602#endif 1604#endif
1603 } 1605 }
1604#ifdef EXTENSIONS 1606#ifdef EXTENSIONS
1605 if (up->u_flags & F_CLASS) { 1607 if (up->u_flags & F_CLASS) {
1606 if (!valid_class(up->u_class)) { 1608 if (!valid_class(up->u_class)) {
1607 (void)close(ptmpfd); 1609 (void)close(ptmpfd);
1608 (void)pw_abort(); 1610 (void)pw_abort();
1609 errx(EXIT_FAILURE, "Can't modify user `%s': " 1611 errx(EXIT_FAILURE, "Can't modify user `%s': "
1610 "no such login class `%s'", login_name, 1612 "no such login class `%s'", login_name,
1611 up->u_class); 1613 up->u_class);
1612 } 1614 }
1613 pwp->pw_class = up->u_class; 1615 pwp->pw_class = up->u_class;
1614 } 1616 }
1615#endif 1617#endif
1616 } 1618 }
1617 loginc = strlen(login_name); 1619 loginc = strlen(login_name);
1618 while (fgets(buf, sizeof(buf), master) != NULL) { 1620 while (fgets(buf, sizeof(buf), master) != NULL) {
1619 if ((colon = strchr(buf, ':')) == NULL) { 1621 if ((colon = strchr(buf, ':')) == NULL) {
1620 warnx("Malformed entry `%s'. Skipping", buf); 1622 warnx("Malformed entry `%s'. Skipping", buf);
1621 continue; 1623 continue;
1622 } 1624 }
1623 colonc = (size_t)(colon - buf); 1625 colonc = (size_t)(colon - buf);
1624 if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) { 1626 if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) {
1625 if (up != NULL) { 1627 if (up != NULL) {
1626 len = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:" 1628 len = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:"
1627#ifdef EXTENSIONS 1629#ifdef EXTENSIONS
1628 "%s" 1630 "%s"
1629#endif 1631#endif
1630 ":%ld:%ld:%s:%s:%s\n", 1632 ":%ld:%ld:%s:%s:%s\n",
1631 newlogin, 1633 newlogin,
1632 pwp->pw_passwd, 1634 pwp->pw_passwd,
1633 pwp->pw_uid, 1635 pwp->pw_uid,
1634 pwp->pw_gid, 1636 pwp->pw_gid,
1635#ifdef EXTENSIONS 1637#ifdef EXTENSIONS
1636 pwp->pw_class, 1638 pwp->pw_class,
1637#endif 1639#endif
1638 (long)pwp->pw_change, 1640 (long)pwp->pw_change,
1639 (long)pwp->pw_expire, 1641 (long)pwp->pw_expire,
1640 pwp->pw_gecos, 1642 pwp->pw_gecos,
1641 pwp->pw_dir, 1643 pwp->pw_dir,
1642 pwp->pw_shell); 1644 pwp->pw_shell);
1643 if (write(ptmpfd, buf, len) != len) { 1645 if (write(ptmpfd, buf, len) != len) {
1644 int serrno = errno; 1646 int serrno = errno;
1645 (void)close(ptmpfd); 1647 (void)close(ptmpfd);
1646 (void)pw_abort(); 1648 (void)pw_abort();
1647 errno = serrno; 1649 errno = serrno;
1648 err(EXIT_FAILURE, "Can't modify user " 1650 err(EXIT_FAILURE, "Can't modify user "
1649 "`%s': write", login_name); 1651 "`%s': write", login_name);
1650 } 1652 }
1651 } 1653 }
1652 } else { 1654 } else {
1653 len = strlen(buf); 1655 len = strlen(buf);
1654 if (write(ptmpfd, buf, len) != len) { 1656 if (write(ptmpfd, buf, len) != len) {
1655 int serrno = errno; 1657 int serrno = errno;
1656 (void)close(masterfd); 1658 (void)close(masterfd);
1657 (void)close(ptmpfd); 1659 (void)close(ptmpfd);
1658 (void)pw_abort(); 1660 (void)pw_abort();
1659 errno = serrno; 1661 errno = serrno;
1660 err(EXIT_FAILURE, "Can't modify `%s': " 1662 err(EXIT_FAILURE, "Can't modify `%s': "
1661 "write", login_name); 1663 "write", login_name);
1662 } 1664 }
1663 } 1665 }
1664 } 1666 }
1665 if (up != NULL) { 1667 if (up != NULL) {
1666 if ((up->u_flags & F_MKDIR) && 1668 if ((up->u_flags & F_MKDIR) &&
1667 asystem("%s %s %s", MV, homedir, pwp->pw_dir) != 0) { 1669 asystem("%s %s %s", MV, homedir, pwp->pw_dir) != 0) {
1668 (void)close(ptmpfd); 1670 (void)close(ptmpfd);
1669 (void)pw_abort(); 1671 (void)pw_abort();
1670 errx(EXIT_FAILURE, "Can't modify user `%s': " 1672 errx(EXIT_FAILURE, "Can't modify user `%s': "
1671 "can't move `%s' to `%s'", 1673 "can't move `%s' to `%s'",
1672 login_name, homedir, pwp->pw_dir); 1674 login_name, homedir, pwp->pw_dir);
1673 } 1675 }
1674 if (up->u_groupc > 0 && 1676 if (up->u_groupc > 0 &&
1675 !append_group(newlogin, up->u_groupc, up->u_groupv)) { 1677 !append_group(newlogin, up->u_groupc, up->u_groupv)) {
1676 (void)close(ptmpfd); 1678 (void)close(ptmpfd);
1677 (void)pw_abort(); 1679 (void)pw_abort();
1678 errx(EXIT_FAILURE, "Can't modify user `%s': " 1680 errx(EXIT_FAILURE, "Can't modify user `%s': "
1679 "can't append `%s' to new groups", 1681 "can't append `%s' to new groups",
1680 login_name, newlogin); 1682 login_name, newlogin);
1681 } 1683 }
1682 } 1684 }
1683 (void)close(ptmpfd); 1685 (void)close(ptmpfd);
1684 (void)fclose(master); 1686 (void)fclose(master);
1685#if PW_MKDB_ARGC == 2 1687#if PW_MKDB_ARGC == 2
1686 if (up != NULL && strcmp(login_name, newlogin) == 0) { 1688 if (up != NULL && strcmp(login_name, newlogin) == 0) {
1687 error = pw_mkdb(login_name, 0); 1689 error = pw_mkdb(login_name, 0);
1688 } else { 1690 } else {
1689 error = pw_mkdb(NULL, 0); 1691 error = pw_mkdb(NULL, 0);
1690 } 1692 }
1691#else 1693#else
1692 error = pw_mkdb(); 1694 error = pw_mkdb();
1693#endif 1695#endif
1694 if (error < 0) { 1696 if (error < 0) {
1695 (void)pw_abort(); 1697 (void)pw_abort();
1696 errx(EXIT_FAILURE, "Can't modify user `%s': pw_mkdb failed", 1698 errx(EXIT_FAILURE, "Can't modify user `%s': pw_mkdb failed",
1697 login_name); 1699 login_name);
1698 } 1700 }
1699 if (up == NULL) { 1701 if (up == NULL) {
1700 syslog(LOG_INFO, "User removed: name=%s", login_name); 1702 syslog(LOG_INFO, "User removed: name=%s", login_name);
1701 } else if (strcmp(login_name, newlogin) == 0) { 1703 } else if (strcmp(login_name, newlogin) == 0) {
1702 syslog(LOG_INFO, "User information modified: name=%s, uid=%d, " 1704 syslog(LOG_INFO, "User information modified: name=%s, uid=%d, "
1703 "gid=%d, home=%s, shell=%s", 1705 "gid=%d, home=%s, shell=%s",
1704 login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, 1706 login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir,
1705 pwp->pw_shell); 1707 pwp->pw_shell);
1706 } else { 1708 } else {
1707 syslog(LOG_INFO, "User information modified: name=%s, " 1709 syslog(LOG_INFO, "User information modified: name=%s, "
1708 "new name=%s, uid=%d, gid=%d, home=%s, shell=%s", 1710 "new name=%s, uid=%d, gid=%d, home=%s, shell=%s",
1709 login_name, newlogin, pwp->pw_uid, pwp->pw_gid, 1711 login_name, newlogin, pwp->pw_uid, pwp->pw_gid,
1710 pwp->pw_dir, pwp->pw_shell); 1712 pwp->pw_dir, pwp->pw_shell);
1711 } 1713 }
1712 return 1; 1714 return 1;
1713} 1715}
1714 1716
1715#ifdef EXTENSIONS 1717#ifdef EXTENSIONS
1716/* see if we can find out the user struct */ 1718/* see if we can find out the user struct */
1717static struct passwd * 1719static struct passwd *
1718find_user_info(const char *name) 1720find_user_info(const char *name)
1719{ 1721{
1720 struct passwd *pwp; 1722 struct passwd *pwp;
1721 1723
1722 if ((pwp = getpwnam(name)) != NULL) { 1724 if ((pwp = getpwnam(name)) != NULL) {
1723 return pwp; 1725 return pwp;
1724 } 1726 }
1725 if (is_number(name) && (pwp = getpwuid((uid_t)atoi(name))) != NULL) { 1727 if (is_number(name) && (pwp = getpwuid((uid_t)atoi(name))) != NULL) {
1726 return pwp; 1728 return pwp;
1727 } 1729 }
1728 return NULL; 1730 return NULL;
1729} 1731}
1730#endif 1732#endif
1731 1733
1732/* see if we can find out the group struct */ 1734/* see if we can find out the group struct */
1733static struct group * 1735static struct group *
1734find_group_info(const char *name) 1736find_group_info(const char *name)
1735{ 1737{
1736 struct group *grp; 1738 struct group *grp;
1737 1739
1738 if ((grp = getgrnam(name)) != NULL) { 1740 if ((grp = getgrnam(name)) != NULL) {
1739 return grp; 1741 return grp;
1740 } 1742 }
1741 if (is_number(name) && (grp = getgrgid((gid_t)atoi(name))) != NULL) { 1743 if (is_number(name) && (grp = getgrgid((gid_t)atoi(name))) != NULL) {
1742 return grp; 1744 return grp;
1743 } 1745 }
1744 return NULL; 1746 return NULL;
1745} 1747}
1746 1748
1747/* print out usage message, and then exit */ 1749/* print out usage message, and then exit */
1748void 1750void
1749usermgmt_usage(const char *prog) 1751usermgmt_usage(const char *prog)
1750{ 1752{
1751 if (strcmp(prog, "useradd") == 0) { 1753 if (strcmp(prog, "useradd") == 0) {
1752 (void)fprintf(stderr, "usage: %s -D [-F] [-b base-dir] " 1754 (void)fprintf(stderr, "usage: %s -D [-F] [-b base-dir] "
1753 "[-e expiry-time] [-f inactive-time]\n" 1755 "[-e expiry-time] [-f inactive-time]\n"
1754 "\t[-g gid | name | =uid] [-k skel-dir] [-L login-class]\n" 1756 "\t[-g gid | name | =uid] [-k skel-dir] [-L login-class]\n"
1755 "\t[-M homeperm] [-r lowuid..highuid] [-s shell]\n", prog); 1757 "\t[-M homeperm] [-r lowuid..highuid] [-s shell]\n", prog);
1756 (void)fprintf(stderr, "usage: %s [-moSv] [-b base-dir] " 1758 (void)fprintf(stderr, "usage: %s [-moSv] [-b base-dir] "
1757 "[-c comment] [-d home-dir] [-e expiry-time]\n" 1759 "[-c comment] [-d home-dir] [-e expiry-time]\n"
1758 "\t[-f inactive-time] [-G secondary-group] " 1760 "\t[-f inactive-time] [-G secondary-group] "
1759 "[-g gid | name | =uid]\n" 1761 "[-g gid | name | =uid]\n"
1760 "\t[-k skeletondir] [-L login-class] [-M homeperm] " 1762 "\t[-k skeletondir] [-L login-class] [-M homeperm] "
1761 "[-p password]\n" 1763 "[-p password]\n"
1762 "\t[-r lowuid..highuid] [-s shell] [-u uid] user\n", 1764 "\t[-r lowuid..highuid] [-s shell] [-u uid] user\n",
1763 prog); 1765 prog);
1764 } else if (strcmp(prog, "usermod") == 0) { 1766 } else if (strcmp(prog, "usermod") == 0) {
1765 (void)fprintf(stderr, "usage: %s [-FmoSv] [-C yes/no] " 1767 (void)fprintf(stderr, "usage: %s [-FmoSv] [-C yes/no] "
1766 "[-c comment] [-d home-dir] [-e expiry-time]\n" 1768 "[-c comment] [-d home-dir] [-e expiry-time]\n"
1767 "\t[-f inactive] [-G secondary-group] " 1769 "\t[-f inactive] [-G secondary-group] "
1768 "[-g gid | name | =uid]\n" 1770 "[-g gid | name | =uid]\n"
1769 "\t[-L login-class] [-l new-login] [-p password] " 1771 "\t[-L login-class] [-l new-login] [-p password] "
1770 "[-s shell] [-u uid]\n" 1772 "[-s shell] [-u uid]\n"
1771 "\tuser\n", prog); 1773 "\tuser\n", prog);
1772 } else if (strcmp(prog, "userdel") == 0) { 1774 } else if (strcmp(prog, "userdel") == 0) {
1773 (void)fprintf(stderr, "usage: %s -D [-p preserve-value]\n", prog); 1775 (void)fprintf(stderr, "usage: %s -D [-p preserve-value]\n", prog);
1774 (void)fprintf(stderr, 1776 (void)fprintf(stderr,
1775 "usage: %s [-rSv] [-p preserve-value] user\n", prog); 1777 "usage: %s [-rSv] [-p preserve-value] user\n", prog);
1776#ifdef EXTENSIONS 1778#ifdef EXTENSIONS
1777 } else if (strcmp(prog, "userinfo") == 0) { 1779 } else if (strcmp(prog, "userinfo") == 0) {
1778 (void)fprintf(stderr, "usage: %s [-e] user\n", prog); 1780 (void)fprintf(stderr, "usage: %s [-e] user\n", prog);
1779#endif 1781#endif
1780 } else if (strcmp(prog, "groupadd") == 0) { 1782 } else if (strcmp(prog, "groupadd") == 0) {
1781 (void)fprintf(stderr, "usage: %s [-ov] [-g gid]" 1783 (void)fprintf(stderr, "usage: %s [-ov] [-g gid]"
1782 " [-r lowgid..highgid] group\n", prog); 1784 " [-r lowgid..highgid] group\n", prog);
1783 } else if (strcmp(prog, "groupdel") == 0) { 1785 } else if (strcmp(prog, "groupdel") == 0) {
1784 (void)fprintf(stderr, "usage: %s [-v] group\n", prog); 1786 (void)fprintf(stderr, "usage: %s [-v] group\n", prog);
1785 } else if (strcmp(prog, "groupmod") == 0) { 1787 } else if (strcmp(prog, "groupmod") == 0) {
1786 (void)fprintf(stderr, 1788 (void)fprintf(stderr,
1787 "usage: %s [-ov] [-g gid] [-n newname] group\n", prog); 1789 "usage: %s [-ov] [-g gid] [-n newname] group\n", prog);
1788 } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) { 1790 } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) {
1789 (void)fprintf(stderr, 1791 (void)fprintf(stderr,
1790 "usage: %s ( add | del | mod | info ) ...\n", prog); 1792 "usage: %s ( add | del | mod | info ) ...\n", prog);
1791#ifdef EXTENSIONS 1793#ifdef EXTENSIONS
1792 } else if (strcmp(prog, "groupinfo") == 0) { 1794 } else if (strcmp(prog, "groupinfo") == 0) {
1793 (void)fprintf(stderr, "usage: %s [-ev] group\n", prog); 1795 (void)fprintf(stderr, "usage: %s [-ev] group\n", prog);
1794#endif 1796#endif
1795 } 1797 }
1796 exit(EXIT_FAILURE); 1798 exit(EXIT_FAILURE);
1797 /* NOTREACHED */ 1799 /* NOTREACHED */
1798} 1800}
1799 1801
1800#ifdef EXTENSIONS 1802#ifdef EXTENSIONS
1801#define ADD_OPT_EXTENSIONS "M:p:r:vL:S" 1803#define ADD_OPT_EXTENSIONS "M:p:r:vL:S"
1802#else 1804#else
1803#define ADD_OPT_EXTENSIONS 1805#define ADD_OPT_EXTENSIONS
1804#endif 1806#endif
1805 1807
1806int 1808int
1807useradd(int argc, char **argv) 1809useradd(int argc, char **argv)
1808{ 1810{
1809 user_t u; 1811 user_t u;
1810 int defaultfield; 1812 int defaultfield;
1811 int bigD; 1813 int bigD;
1812 int c; 1814 int c;
1813#ifdef EXTENSIONS 1815#ifdef EXTENSIONS
1814 int i; 1816 int i;
1815#endif 1817#endif
1816 1818
1817 (void)memset(&u, 0, sizeof(u)); 1819 (void)memset(&u, 0, sizeof(u));
1818 read_defaults(&u); 1820 read_defaults(&u);
1819 u.u_uid = -1; 1821 u.u_uid = -1;
1820 defaultfield = bigD = 0; 1822 defaultfield = bigD = 0;
1821 while ((c = getopt(argc, argv, "DFG:b:c:d:e:f:g:k:mou:s:" 1823 while ((c = getopt(argc, argv, "DFG:b:c:d:e:f:g:k:mou:s:"
1822 ADD_OPT_EXTENSIONS)) != -1) { 1824 ADD_OPT_EXTENSIONS)) != -1) {
1823 switch(c) { 1825 switch(c) {
1824 case 'D': 1826 case 'D':
1825 bigD = 1; 1827 bigD = 1;
1826 break; 1828 break;
1827 case 'F': 1829 case 'F':
1828 /* 1830 /*
1829 * Setting -1 will force the new user to 1831 * Setting -1 will force the new user to
1830 * change their password as soon as they 1832 * change their password as soon as they
1831 * next log in - passwd(5). 1833 * next log in - passwd(5).
1832 */ 1834 */
1833 defaultfield = 1; 1835 defaultfield = 1;
1834 memsave(&u.u_inactive, "-1", strlen("-1")); 1836 memsave(&u.u_inactive, "-1", strlen("-1"));
1835 break; 1837 break;
1836 case 'G': 1838 case 'G':
1837 while (u.u_groupc < NGROUPS_MAX && 1839 while (u.u_groupc < NGROUPS_MAX &&
1838 (u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL) { 1840 (u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL) {
1839 if (u.u_groupv[u.u_groupc][0] != 0) { 1841 if (u.u_groupv[u.u_groupc][0] != 0) {
1840 u.u_groupc++; 1842 u.u_groupc++;
1841 } 1843 }
1842 } 1844 }
1843 if (optarg != NULL) { 1845 if (optarg != NULL) {
1844 warnx("Truncated list of secondary groups " 1846 warnx("Truncated list of secondary groups "
1845 "to %d entries", NGROUPS_MAX); 1847 "to %d entries", NGROUPS_MAX);
1846 } 1848 }
1847 break; 1849 break;
1848#ifdef EXTENSIONS 1850#ifdef EXTENSIONS
1849 case 'S': 1851 case 'S':
1850 u.u_allow_samba = 1; 1852 u.u_allow_samba = 1;
1851 break; 1853 break;
1852#endif 1854#endif
1853 case 'b': 1855 case 'b':
1854 defaultfield = 1; 1856 defaultfield = 1;
1855 memsave(&u.u_basedir, optarg, strlen(optarg)); 1857 memsave(&u.u_basedir, optarg, strlen(optarg));
1856 break; 1858 break;
1857 case 'c': 1859 case 'c':
1858 memsave(&u.u_comment, optarg, strlen(optarg)); 1860 memsave(&u.u_comment, optarg, strlen(optarg));
1859 break; 1861 break;
1860 case 'd': 1862 case 'd':
1861 memsave(&u.u_home, optarg, strlen(optarg)); 1863 memsave(&u.u_home, optarg, strlen(optarg));
1862 u.u_flags |= F_HOMEDIR; 1864 u.u_flags |= F_HOMEDIR;
1863 break; 1865 break;
1864 case 'e': 1866 case 'e':
1865 defaultfield = 1; 1867 defaultfield = 1;
1866 memsave(&u.u_expire, optarg, strlen(optarg)); 1868 memsave(&u.u_expire, optarg, strlen(optarg));
1867 break; 1869 break;
1868 case 'f': 1870 case 'f':
1869 defaultfield = 1; 1871 defaultfield = 1;
1870 memsave(&u.u_inactive, optarg, strlen(optarg)); 1872 memsave(&u.u_inactive, optarg, strlen(optarg));
1871 break; 1873 break;
1872 case 'g': 1874 case 'g':
1873 defaultfield = 1; 1875 defaultfield = 1;
1874 memsave(&u.u_primgrp, optarg, strlen(optarg)); 1876 memsave(&u.u_primgrp, optarg, strlen(optarg));
1875 break; 1877 break;
1876 case 'k': 1878 case 'k':
1877 defaultfield = 1; 1879 defaultfield = 1;
1878 memsave(&u.u_skeldir, optarg, strlen(optarg)); 1880 memsave(&u.u_skeldir, optarg, strlen(optarg));
1879 break; 1881 break;
1880#ifdef EXTENSIONS 1882#ifdef EXTENSIONS
1881 case 'L': 1883 case 'L':
1882 defaultfield = 1; 1884 defaultfield = 1;
1883 memsave(&u.u_class, optarg, strlen(optarg)); 1885 memsave(&u.u_class, optarg, strlen(optarg));
1884 break; 1886 break;
1885#endif 1887#endif
1886 case 'm': 1888 case 'm':
1887 u.u_flags |= F_MKDIR; 1889 u.u_flags |= F_MKDIR;
1888 break; 1890 break;
1889#ifdef EXTENSIONS 1891#ifdef EXTENSIONS
1890 case 'M': 1892 case 'M':
1891 defaultfield = 1; 1893 defaultfield = 1;
1892 u.u_homeperm = strtoul(optarg, NULL, 8); 1894 u.u_homeperm = strtoul(optarg, NULL, 8);
1893 break; 1895 break;
1894#endif 1896#endif
1895 case 'o': 1897 case 'o':
1896 u.u_flags |= F_DUPUID; 1898 u.u_flags |= F_DUPUID;
1897 break; 1899 break;
1898#ifdef EXTENSIONS 1900#ifdef EXTENSIONS
1899 case 'p': 1901 case 'p':
1900 memsave(&u.u_password, optarg, strlen(optarg)); 1902 memsave(&u.u_password, optarg, strlen(optarg));
1901 break; 1903 break;
1902#endif 1904#endif
1903#ifdef EXTENSIONS 1905#ifdef EXTENSIONS
1904 case 'r': 1906 case 'r':
1905 defaultfield = 1; 1907 defaultfield = 1;
1906 (void)save_range(&u, optarg); 1908 (void)save_range(&u, optarg);
1907 break; 1909 break;
1908#endif 1910#endif
1909 case 's': 1911 case 's':
1910 u.u_flags |= F_SHELL; 1912 u.u_flags |= F_SHELL;
1911 defaultfield = 1; 1913 defaultfield = 1;
1912 memsave(&u.u_shell, optarg, strlen(optarg)); 1914 memsave(&u.u_shell, optarg, strlen(optarg));
1913 break; 1915 break;
1914 case 'u': 1916 case 'u':
1915 u.u_uid = check_numeric(optarg, "uid"); 1917 u.u_uid = check_numeric(optarg, "uid");
1916 break; 1918 break;
1917#ifdef EXTENSIONS 1919#ifdef EXTENSIONS
1918 case 'v': 1920 case 'v':
1919 verbose = 1; 1921 verbose = 1;
1920 break; 1922 break;
1921#endif 1923#endif
1922 default: 1924 default:
1923 usermgmt_usage("useradd"); 1925 usermgmt_usage("useradd");
1924 /* NOTREACHED */ 1926 /* NOTREACHED */
1925 } 1927 }
1926 } 1928 }
1927 if (bigD) { 1929 if (bigD) {
1928 if (defaultfield) { 1930 if (defaultfield) {
1929 checkeuid(); 1931 checkeuid();
1930 return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; 1932 return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE;
1931 } 1933 }
1932 (void)printf("group\t\t%s\n", u.u_primgrp); 1934 (void)printf("group\t\t%s\n", u.u_primgrp);
1933 (void)printf("base_dir\t%s\n", u.u_basedir); 1935 (void)printf("base_dir\t%s\n", u.u_basedir);
1934 (void)printf("skel_dir\t%s\n", u.u_skeldir); 1936 (void)printf("skel_dir\t%s\n", u.u_skeldir);
1935 (void)printf("shell\t\t%s\n", u.u_shell); 1937 (void)printf("shell\t\t%s\n", u.u_shell);
1936#ifdef EXTENSIONS 1938#ifdef EXTENSIONS
1937 (void)printf("class\t\t%s\n", u.u_class); 1939 (void)printf("class\t\t%s\n", u.u_class);
1938 (void)printf("homeperm\t0%o\n", u.u_homeperm); 1940 (void)printf("homeperm\t0%o\n", u.u_homeperm);
1939#endif 1941#endif
1940 (void)printf("inactive\t%s\n", (u.u_inactive == NULL) ? 1942 (void)printf("inactive\t%s\n", (u.u_inactive == NULL) ?
1941 UNSET_INACTIVE : u.u_inactive); 1943 UNSET_INACTIVE : u.u_inactive);
1942 (void)printf("expire\t\t%s\n", (u.u_expire == NULL) ? 1944 (void)printf("expire\t\t%s\n", (u.u_expire == NULL) ?
1943 UNSET_EXPIRY : u.u_expire); 1945 UNSET_EXPIRY : u.u_expire);
1944#ifdef EXTENSIONS 1946#ifdef EXTENSIONS
1945 for (i = 0 ; i < u.u_rc ; i++) { 1947 for (i = 0 ; i < u.u_rc ; i++) {
1946 (void)printf("range\t\t%d..%d\n", 1948 (void)printf("range\t\t%d..%d\n",
1947 u.u_rv[i].r_from, u.u_rv[i].r_to); 1949 u.u_rv[i].r_from, u.u_rv[i].r_to);
1948 } 1950 }
1949#endif 1951#endif
1950 return EXIT_SUCCESS; 1952 return EXIT_SUCCESS;
1951 } 1953 }
1952 argc -= optind; 1954 argc -= optind;
1953 argv += optind; 1955 argv += optind;
1954 if (argc != 1) { 1956 if (argc != 1) {
1955 usermgmt_usage("useradd"); 1957 usermgmt_usage("useradd");
1956 } 1958 }
1957 checkeuid(); 1959 checkeuid();
1958 openlog("useradd", LOG_PID, LOG_USER); 1960 openlog("useradd", LOG_PID, LOG_USER);
1959 return adduser(*argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE; 1961 return adduser(*argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE;
1960} 1962}
1961 1963
1962#ifdef EXTENSIONS 1964#ifdef EXTENSIONS
1963#define MOD_OPT_EXTENSIONS "p:vL:S" 1965#define MOD_OPT_EXTENSIONS "p:vL:S"
1964#else 1966#else
1965#define MOD_OPT_EXTENSIONS 1967#define MOD_OPT_EXTENSIONS
1966#endif 1968#endif
1967 1969
1968int 1970int
1969usermod(int argc, char **argv) 1971usermod(int argc, char **argv)
1970{ 1972{
1971 user_t u; 1973 user_t u;
1972 char newuser[MaxUserNameLen + 1]; 1974 char newuser[MaxUserNameLen + 1];
1973 int c, have_new_user; 1975 int c, have_new_user;
1974 1976
1975 (void)memset(&u, 0, sizeof(u)); 1977 (void)memset(&u, 0, sizeof(u));
1976 (void)memset(newuser, 0, sizeof(newuser)); 1978 (void)memset(newuser, 0, sizeof(newuser));
1977 read_defaults(&u); 1979 read_defaults(&u);
1978 have_new_user = 0; 1980 have_new_user = 0;
1979 u.u_locked = -1; 1981 u.u_locked = -1;
1980 while ((c = getopt(argc, argv, "C:FG:c:d:e:f:g:l:mos:u:" 1982 while ((c = getopt(argc, argv, "C:FG:c:d:e:f:g:l:mos:u:"
1981 MOD_OPT_EXTENSIONS)) != -1) { 1983 MOD_OPT_EXTENSIONS)) != -1) {
1982 switch(c) { 1984 switch(c) {
1983 case 'G': 1985 case 'G':
1984 while (u.u_groupc < NGROUPS_MAX && 1986 while (u.u_groupc < NGROUPS_MAX &&
1985 (u.u_groupv[u.u_groupc] = 1987 (u.u_groupv[u.u_groupc] =
1986 strsep(&optarg, ",")) != NULL) { 1988 strsep(&optarg, ",")) != NULL) {
1987 if (u.u_groupv[u.u_groupc][0] != 0) { 1989 if (u.u_groupv[u.u_groupc][0] != 0) {
1988 u.u_groupc++; 1990 u.u_groupc++;
1989 } 1991 }
1990 } 1992 }
1991 if (optarg != NULL) { 1993 if (optarg != NULL) {
1992 warnx("Truncated list of secondary groups " 1994 warnx("Truncated list of secondary groups "
1993 "to %d entries", NGROUPS_MAX); 1995 "to %d entries", NGROUPS_MAX);
1994 } 1996 }
1995 u.u_flags |= F_SECGROUP; 1997 u.u_flags |= F_SECGROUP;
1996 break; 1998 break;
1997#ifdef EXTENSIONS 1999#ifdef EXTENSIONS
1998 case 'S': 2000 case 'S':
1999 u.u_allow_samba = 1; 2001 u.u_allow_samba = 1;
2000 break; 2002 break;
2001#endif 2003#endif
2002 case 'c': 2004 case 'c':
2003 memsave(&u.u_comment, optarg, strlen(optarg)); 2005 memsave(&u.u_comment, optarg, strlen(optarg));
2004 u.u_flags |= F_COMMENT; 2006 u.u_flags |= F_COMMENT;
2005 break; 2007 break;
2006 case 'C': 2008 case 'C':
2007 if (strcasecmp(optarg, "yes") == 0) { 2009 if (strcasecmp(optarg, "yes") == 0) {
2008 u.u_locked = LOCK; 2010 u.u_locked = LOCK;
2009 } else if (strcasecmp(optarg, "no") == 0) { 2011 } else if (strcasecmp(optarg, "no") == 0) {
2010 u.u_locked = UNLOCK; 2012 u.u_locked = UNLOCK;
2011 } else { 2013 } else {
2012 /* No idea. */ 2014 /* No idea. */
2013 errx(EXIT_FAILURE, 2015 errx(EXIT_FAILURE,
2014 "Please type 'yes' or 'no'"); 2016 "Please type 'yes' or 'no'");
2015 } 2017 }
2016 break; 2018 break;
2017 case 'F': 2019 case 'F':
2018 memsave(&u.u_inactive, "-1", strlen("-1")); 2020 memsave(&u.u_inactive, "-1", strlen("-1"));
2019 u.u_flags |= F_INACTIVE; 2021 u.u_flags |= F_INACTIVE;
2020 break; 2022 break;
2021 case 'd': 2023 case 'd':
2022 memsave(&u.u_home, optarg, strlen(optarg)); 2024 memsave(&u.u_home, optarg, strlen(optarg));
2023 u.u_flags |= F_HOMEDIR; 2025 u.u_flags |= F_HOMEDIR;
2024 break; 2026 break;
2025 case 'e': 2027 case 'e':
2026 memsave(&u.u_expire, optarg, strlen(optarg)); 2028 memsave(&u.u_expire, optarg, strlen(optarg));
2027 u.u_flags |= F_EXPIRE; 2029 u.u_flags |= F_EXPIRE;
2028 break; 2030 break;
2029 case 'f': 2031 case 'f':
2030 memsave(&u.u_inactive, optarg, strlen(optarg)); 2032 memsave(&u.u_inactive, optarg, strlen(optarg));
2031 u.u_flags |= F_INACTIVE; 2033 u.u_flags |= F_INACTIVE;
2032 break; 2034 break;
2033 case 'g': 2035 case 'g':
2034 memsave(&u.u_primgrp, optarg, strlen(optarg)); 2036 memsave(&u.u_primgrp, optarg, strlen(optarg));
2035 u.u_flags |= F_GROUP; 2037 u.u_flags |= F_GROUP;
2036 break; 2038 break;
2037 case 'l': 2039 case 'l':
2038 (void)strlcpy(newuser, optarg, sizeof(newuser)); 2040 (void)strlcpy(newuser, optarg, sizeof(newuser));
2039 have_new_user = 1; 2041 have_new_user = 1;
2040 u.u_flags |= F_USERNAME; 2042 u.u_flags |= F_USERNAME;
2041 break; 2043 break;
2042#ifdef EXTENSIONS 2044#ifdef EXTENSIONS
2043 case 'L': 2045 case 'L':
2044 memsave(&u.u_class, optarg, strlen(optarg)); 2046 memsave(&u.u_class, optarg, strlen(optarg));
2045 u.u_flags |= F_CLASS; 2047 u.u_flags |= F_CLASS;
2046 break; 2048 break;
2047#endif 2049#endif
2048 case 'm': 2050 case 'm':
2049 u.u_flags |= F_MKDIR; 2051 u.u_flags |= F_MKDIR;
2050 break; 2052 break;
2051 case 'o': 2053 case 'o':
2052 u.u_flags |= F_DUPUID; 2054 u.u_flags |= F_DUPUID;
2053 break; 2055 break;
2054#ifdef EXTENSIONS 2056#ifdef EXTENSIONS
2055 case 'p': 2057 case 'p':
2056 memsave(&u.u_password, optarg, strlen(optarg)); 2058 memsave(&u.u_password, optarg, strlen(optarg));
2057 u.u_flags |= F_PASSWORD; 2059 u.u_flags |= F_PASSWORD;
2058 break; 2060 break;
2059#endif 2061#endif
2060 case 's': 2062 case 's':
2061 memsave(&u.u_shell, optarg, strlen(optarg)); 2063 memsave(&u.u_shell, optarg, strlen(optarg));
2062 u.u_flags |= F_SHELL; 2064 u.u_flags |= F_SHELL;
2063 break; 2065 break;
2064 case 'u': 2066 case 'u':
2065 u.u_uid = check_numeric(optarg, "uid"); 2067 u.u_uid = check_numeric(optarg, "uid");
2066 u.u_flags |= F_UID; 2068 u.u_flags |= F_UID;
2067 break; 2069 break;
2068#ifdef EXTENSIONS 2070#ifdef EXTENSIONS
2069 case 'v': 2071 case 'v':
2070 verbose = 1; 2072 verbose = 1;
2071 break; 2073 break;
2072#endif 2074#endif
2073 default: 2075 default:
2074 usermgmt_usage("usermod"); 2076 usermgmt_usage("usermod");
2075 /* NOTREACHED */ 2077 /* NOTREACHED */
2076 } 2078 }
2077 } 2079 }
2078 if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) && 2080 if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) &&
2079 !(u.u_flags & F_USERNAME)) { 2081 !(u.u_flags & F_USERNAME)) {
2080 warnx("Option 'm' useless without 'd' or 'l' -- ignored"); 2082 warnx("Option 'm' useless without 'd' or 'l' -- ignored");
2081 u.u_flags &= ~F_MKDIR; 2083 u.u_flags &= ~F_MKDIR;
2082 } 2084 }
2083 argc -= optind; 2085 argc -= optind;
2084 argv += optind; 2086 argv += optind;
2085 if (argc != 1) { 2087 if (argc != 1) {
2086 usermgmt_usage("usermod"); 2088 usermgmt_usage("usermod");
2087 } 2089 }
2088 checkeuid(); 2090 checkeuid();
2089 openlog("usermod", LOG_PID, LOG_USER); 2091 openlog("usermod", LOG_PID, LOG_USER);
2090 return moduser(*argv, (have_new_user) ? newuser : *argv, &u, 2092 return moduser(*argv, (have_new_user) ? newuser : *argv, &u,
2091 u.u_allow_samba) ? EXIT_SUCCESS : EXIT_FAILURE; 2093 u.u_allow_samba) ? EXIT_SUCCESS : EXIT_FAILURE;
2092} 2094}
2093 2095
2094#ifdef EXTENSIONS 2096#ifdef EXTENSIONS
2095#define DEL_OPT_EXTENSIONS "Dp:vS" 2097#define DEL_OPT_EXTENSIONS "Dp:vS"
2096#else 2098#else
2097#define DEL_OPT_EXTENSIONS 2099#define DEL_OPT_EXTENSIONS
2098#endif 2100#endif
2099 2101
2100int 2102int
2101userdel(int argc, char **argv) 2103userdel(int argc, char **argv)
2102{ 2104{
2103 struct passwd *pwp; 2105 struct passwd *pwp;
2104 user_t u; 2106 user_t u;
2105 char password[PasswordLength + 1]; 2107 char password[PasswordLength + 1];
2106 int defaultfield; 2108 int defaultfield;
2107 int rmhome; 2109 int rmhome;
2108 int bigD; 2110 int bigD;
2109 int c; 2111 int c;
2110 2112
2111 (void)memset(&u, 0, sizeof(u)); 2113 (void)memset(&u, 0, sizeof(u));
2112 read_defaults(&u); 2114 read_defaults(&u);
2113 defaultfield = bigD = rmhome = 0; 2115 defaultfield = bigD = rmhome = 0;
2114 while ((c = getopt(argc, argv, "r" DEL_OPT_EXTENSIONS)) != -1) { 2116 while ((c = getopt(argc, argv, "r" DEL_OPT_EXTENSIONS)) != -1) {
2115 switch(c) { 2117 switch(c) {
2116#ifdef EXTENSIONS 2118#ifdef EXTENSIONS
2117 case 'D': 2119 case 'D':
2118 bigD = 1; 2120 bigD = 1;
2119 break; 2121 break;
2120#endif 2122#endif
2121#ifdef EXTENSIONS 2123#ifdef EXTENSIONS
2122 case 'S': 2124 case 'S':
2123 u.u_allow_samba = 1; 2125 u.u_allow_samba = 1;
2124 break; 2126 break;
2125#endif 2127#endif
2126#ifdef EXTENSIONS 2128#ifdef EXTENSIONS
2127 case 'p': 2129 case 'p':
2128 defaultfield = 1; 2130 defaultfield = 1;
2129 u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 : 2131 u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 :
2130 (strcmp(optarg, "yes") == 0) ? 1 : 2132 (strcmp(optarg, "yes") == 0) ? 1 :
2131 atoi(optarg); 2133 atoi(optarg);
2132 break; 2134 break;
2133#endif 2135#endif
2134 case 'r': 2136 case 'r':
2135 rmhome = 1; 2137 rmhome = 1;
2136 break; 2138 break;
2137#ifdef EXTENSIONS 2139#ifdef EXTENSIONS
2138 case 'v': 2140 case 'v':
2139 verbose = 1; 2141 verbose = 1;
2140 break; 2142 break;
2141#endif 2143#endif
2142 default: 2144 default:
2143 usermgmt_usage("userdel"); 2145 usermgmt_usage("userdel");
2144 /* NOTREACHED */ 2146 /* NOTREACHED */
2145 } 2147 }
2146 } 2148 }
2147#ifdef EXTENSIONS 2149#ifdef EXTENSIONS
2148 if (bigD) { 2150 if (bigD) {
2149 if (defaultfield) { 2151 if (defaultfield) {
2150 checkeuid(); 2152 checkeuid();
2151 return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; 2153 return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE;
2152 } 2154 }
2153 (void)printf("preserve\t%s\n", (u.u_preserve) ? "true" : 2155 (void)printf("preserve\t%s\n", (u.u_preserve) ? "true" :
2154 "false"); 2156 "false");
2155 return EXIT_SUCCESS; 2157 return EXIT_SUCCESS;
2156 } 2158 }
2157#endif 2159#endif
2158 argc -= optind; 2160 argc -= optind;
2159 argv += optind; 2161 argv += optind;
2160 if (argc != 1) { 2162 if (argc != 1) {
2161 usermgmt_usage("userdel"); 2163 usermgmt_usage("userdel");
2162 } 2164 }
2163 checkeuid(); 2165 checkeuid();
2164 if ((pwp = getpwnam(*argv)) == NULL) { 2166 if ((pwp = getpwnam(*argv)) == NULL) {
2165 warnx("No such user `%s'", *argv); 2167 warnx("No such user `%s'", *argv);
2166 return EXIT_FAILURE; 2168 return EXIT_FAILURE;
2167 } 2169 }
2168 if (rmhome) { 2170 if (rmhome) {
2169 (void)removehomedir(pwp); 2171 (void)removehomedir(pwp);
2170 } 2172 }
2171 if (u.u_preserve) { 2173 if (u.u_preserve) {
2172 u.u_flags |= F_SHELL; 2174 u.u_flags |= F_SHELL;
2173 memsave(&u.u_shell, NOLOGIN, strlen(NOLOGIN)); 2175 memsave(&u.u_shell, NOLOGIN, strlen(NOLOGIN));
2174 (void)memset(password, '*', DES_Len); 2176 (void)memset(password, '*', DES_Len);
2175 password[DES_Len] = 0; 2177 password[DES_Len] = 0;
2176 memsave(&u.u_password, password, strlen(password)); 2178 memsave(&u.u_password, password, strlen(password));
2177 u.u_flags |= F_PASSWORD; 2179 u.u_flags |= F_PASSWORD;
2178 openlog("userdel", LOG_PID, LOG_USER); 2180 openlog("userdel", LOG_PID, LOG_USER);
2179 return moduser(*argv, *argv, &u, u.u_allow_samba) ? 2181 return moduser(*argv, *argv, &u, u.u_allow_samba) ?
2180 EXIT_SUCCESS : EXIT_FAILURE; 2182 EXIT_SUCCESS : EXIT_FAILURE;
2181 } 2183 }
2182 if (!rm_user_from_groups(*argv)) { 2184 if (!rm_user_from_groups(*argv)) {
2183 return 0; 2185 return 0;
2184 } 2186 }
2185 openlog("userdel", LOG_PID, LOG_USER); 2187 openlog("userdel", LOG_PID, LOG_USER);
2186 return moduser(*argv, *argv, NULL, u.u_allow_samba) ? 2188 return moduser(*argv, *argv, NULL, u.u_allow_samba) ?
2187 EXIT_SUCCESS : EXIT_FAILURE; 2189 EXIT_SUCCESS : EXIT_FAILURE;
2188} 2190}
2189 2191
2190#ifdef EXTENSIONS 2192#ifdef EXTENSIONS
2191#define GROUP_ADD_OPT_EXTENSIONS "r:v" 2193#define GROUP_ADD_OPT_EXTENSIONS "r:v"
2192#else 2194#else
2193#define GROUP_ADD_OPT_EXTENSIONS 2195#define GROUP_ADD_OPT_EXTENSIONS
2194#endif 2196#endif
2195 2197
2196/* add a group */ 2198/* add a group */
2197int 2199int
2198groupadd(int argc, char **argv) 2200groupadd(int argc, char **argv)
2199{ 2201{
2200 int dupgid; 2202 int dupgid;
2201 int gid; 2203 int gid;
2202 int c; 2204 int c;
2203 int lowgid; 2205 int lowgid;
2204 int highgid; 2206 int highgid;
2205 2207
2206 gid = -1; 2208 gid = -1;
2207 dupgid = 0; 2209 dupgid = 0;
2208 lowgid = LowGid; 2210 lowgid = LowGid;
2209 highgid = HighGid; 2211 highgid = HighGid;
2210 while ((c = getopt(argc, argv, "g:o" GROUP_ADD_OPT_EXTENSIONS)) != -1) { 2212 while ((c = getopt(argc, argv, "g:o" GROUP_ADD_OPT_EXTENSIONS)) != -1) {
2211 switch(c) { 2213 switch(c) {
2212 case 'g': 2214 case 'g':
2213 gid = check_numeric(optarg, "gid"); 2215 gid = check_numeric(optarg, "gid");
2214 break; 2216 break;
2215 case 'o': 2217 case 'o':
2216 dupgid = 1; 2218 dupgid = 1;
2217 break; 2219 break;
2218#ifdef EXTENSIONS 2220#ifdef EXTENSIONS
2219 case 'r': 2221 case 'r':
2220 if (sscanf(optarg, "%d..%d", &lowgid, &highgid) != 2) { 2222 if (sscanf(optarg, "%d..%d", &lowgid, &highgid) != 2) {
2221 errx(EXIT_FAILURE, "Bad range `%s'", optarg); 2223 errx(EXIT_FAILURE, "Bad range `%s'", optarg);
2222 } 2224 }
2223 break; 2225 break;
2224 case 'v': 2226 case 'v':
2225 verbose = 1; 2227 verbose = 1;
2226 break; 2228 break;
2227#endif 2229#endif
2228 default: 2230 default:
2229 usermgmt_usage("groupadd"); 2231 usermgmt_usage("groupadd");
2230 /* NOTREACHED */ 2232 /* NOTREACHED */
2231 } 2233 }
2232 } 2234 }
2233 argc -= optind; 2235 argc -= optind;
2234 argv += optind; 2236 argv += optind;
2235 if (argc != 1) { 2237 if (argc != 1) {
2236 usermgmt_usage("groupadd"); 2238 usermgmt_usage("groupadd");
2237 } 2239 }
2238 checkeuid(); 2240 checkeuid();
2239 if (gid < 0 && !getnextgid(&gid, lowgid, highgid)) { 2241 if (gid < 0 && !getnextgid(&gid, lowgid, highgid)) {
2240 err(EXIT_FAILURE, "Can't add group: can't get next gid"); 2242 err(EXIT_FAILURE, "Can't add group: can't get next gid");
2241 } 2243 }
2242 if (!dupgid && getgrgid((gid_t) gid) != NULL) { 2244 if (!dupgid && getgrgid((gid_t) gid) != NULL) {
2243 errx(EXIT_FAILURE, "Can't add group: gid %d is a duplicate", 2245 errx(EXIT_FAILURE, "Can't add group: gid %d is a duplicate",
2244 gid); 2246 gid);
2245 } 2247 }
2246 if (!valid_group(*argv)) { 2248 if (!valid_group(*argv)) {
2247 warnx("Invalid group name `%s'", *argv); 2249 warnx("Invalid group name `%s'", *argv);
2248 } 2250 }
2249 openlog("groupadd", LOG_PID, LOG_USER); 2251 openlog("groupadd", LOG_PID, LOG_USER);
2250 if (!creategid(*argv, gid, "")) 2252 if (!creategid(*argv, gid, ""))
2251 exit(EXIT_FAILURE); 2253 exit(EXIT_FAILURE);
2252 2254
2253 return EXIT_SUCCESS; 2255 return EXIT_SUCCESS;
2254} 2256}
2255 2257
2256#ifdef EXTENSIONS 2258#ifdef EXTENSIONS
2257#define GROUP_DEL_OPT_EXTENSIONS "v" 2259#define GROUP_DEL_OPT_EXTENSIONS "v"
2258#else 2260#else
2259#define GROUP_DEL_OPT_EXTENSIONS 2261#define GROUP_DEL_OPT_EXTENSIONS
2260#endif 2262#endif
2261 2263
2262/* remove a group */ 2264/* remove a group */
2263int 2265int
2264groupdel(int argc, char **argv) 2266groupdel(int argc, char **argv)
2265{ 2267{
2266 int c; 2268 int c;
2267 2269
2268 while ((c = getopt(argc, argv, "" GROUP_DEL_OPT_EXTENSIONS)) != -1) { 2270 while ((c = getopt(argc, argv, "" GROUP_DEL_OPT_EXTENSIONS)) != -1) {
2269 switch(c) { 2271 switch(c) {
2270#ifdef EXTENSIONS 2272#ifdef EXTENSIONS
2271 case 'v': 2273 case 'v':
2272 verbose = 1; 2274 verbose = 1;
2273 break; 2275 break;
2274#endif 2276#endif
2275 default: 2277 default:
2276 usermgmt_usage("groupdel"); 2278 usermgmt_usage("groupdel");
2277 /* NOTREACHED */ 2279 /* NOTREACHED */
2278 } 2280 }
2279 } 2281 }
2280 argc -= optind; 2282 argc -= optind;
2281 argv += optind; 2283 argv += optind;
2282 if (argc != 1) { 2284 if (argc != 1) {
2283 usermgmt_usage("groupdel"); 2285 usermgmt_usage("groupdel");
2284 } 2286 }
2285 if (getgrnam(*argv) == NULL) { 2287 if (getgrnam(*argv) == NULL) {
2286 errx(EXIT_FAILURE, "No such group `%s'", *argv); 2288 errx(EXIT_FAILURE, "No such group `%s'", *argv);
2287 } 2289 }
2288 checkeuid(); 2290 checkeuid();
2289 openlog("groupdel", LOG_PID, LOG_USER); 2291 openlog("groupdel", LOG_PID, LOG_USER);
2290 if (!modify_gid(*argv, NULL)) 2292 if (!modify_gid(*argv, NULL))
2291 exit(EXIT_FAILURE); 2293 exit(EXIT_FAILURE);
2292 2294
2293 return EXIT_SUCCESS; 2295 return EXIT_SUCCESS;
2294} 2296}
2295 2297
2296#ifdef EXTENSIONS 2298#ifdef EXTENSIONS
2297#define GROUP_MOD_OPT_EXTENSIONS "v" 2299#define GROUP_MOD_OPT_EXTENSIONS "v"
2298#else 2300#else
2299#define GROUP_MOD_OPT_EXTENSIONS 2301#define GROUP_MOD_OPT_EXTENSIONS
2300#endif 2302#endif
2301 2303
2302/* modify a group */ 2304/* modify a group */
2303int 2305int
2304groupmod(int argc, char **argv) 2306groupmod(int argc, char **argv)
2305{ 2307{
2306 struct group *grp; 2308 struct group *grp;
2307 char buf[MaxEntryLen]; 2309 char buf[MaxEntryLen];
2308 char *newname; 2310 char *newname;
2309 char **cpp; 2311 char **cpp;
2310 int dupgid; 2312 int dupgid;
2311 int gid; 2313 int gid;
2312 int cc; 2314 int cc;
2313 int c; 2315 int c;
2314 2316
2315 gid = -1; 2317 gid = -1;
2316 dupgid = 0; 2318 dupgid = 0;
2317 newname = NULL; 2319 newname = NULL;
2318 while ((c = getopt(argc, argv, "g:on:" GROUP_MOD_OPT_EXTENSIONS)) != -1) { 2320 while ((c = getopt(argc, argv, "g:on:" GROUP_MOD_OPT_EXTENSIONS)) != -1) {
2319 switch(c) { 2321 switch(c) {
2320 case 'g': 2322 case 'g':
2321 gid = check_numeric(optarg, "gid"); 2323 gid = check_numeric(optarg, "gid");
2322 break; 2324 break;
2323 case 'o': 2325 case 'o':
2324 dupgid = 1; 2326 dupgid = 1;
2325 break; 2327 break;
2326 case 'n': 2328 case 'n':
2327 memsave(&newname, optarg, strlen(optarg)); 2329 memsave(&newname, optarg, strlen(optarg));
2328 break; 2330 break;
2329#ifdef EXTENSIONS 2331#ifdef EXTENSIONS
2330 case 'v': 2332 case 'v':
2331 verbose = 1; 2333 verbose = 1;
2332 break; 2334 break;
2333#endif 2335#endif
2334 default: 2336 default:
2335 usermgmt_usage("groupmod"); 2337 usermgmt_usage("groupmod");
2336 /* NOTREACHED */ 2338 /* NOTREACHED */
2337 } 2339 }
2338 } 2340 }
2339 argc -= optind; 2341 argc -= optind;
2340 argv += optind; 2342 argv += optind;
2341 if (argc != 1) { 2343 if (argc != 1) {
2342 usermgmt_usage("groupmod"); 2344 usermgmt_usage("groupmod");
2343 } 2345 }
2344 checkeuid(); 2346 checkeuid();
2345 if (gid < 0 && newname == NULL) { 2347 if (gid < 0 && newname == NULL) {
2346 errx(EXIT_FAILURE, "Nothing to change"); 2348 errx(EXIT_FAILURE, "Nothing to change");
2347 } 2349 }
2348 if (dupgid && gid < 0) { 2350 if (dupgid && gid < 0) {
2349 errx(EXIT_FAILURE, "Duplicate which gid?"); 2351 errx(EXIT_FAILURE, "Duplicate which gid?");
2350 } 2352 }
2351 if ((grp = find_group_info(*argv)) == NULL) { 2353 if ((grp = find_group_info(*argv)) == NULL) {
2352 errx(EXIT_FAILURE, "Can't find group `%s' to modify", *argv); 2354 errx(EXIT_FAILURE, "Can't find group `%s' to modify", *argv);
2353 } 2355 }
2354 if (!is_local(*argv, _PATH_GROUP)) { 2356 if (!is_local(*argv, _PATH_GROUP)) {
2355 errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv); 2357 errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv);
2356 } 2358 }
2357 if (newname != NULL && !valid_group(newname)) { 2359 if (newname != NULL && !valid_group(newname)) {
2358 warnx("Invalid group name `%s'", newname); 2360 warnx("Invalid group name `%s'", newname);
2359 } 2361 }
2360 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:", 2362 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:",
2361 (newname) ? newname : grp->gr_name, 2363 (newname) ? newname : grp->gr_name,
2362 grp->gr_passwd, 2364 grp->gr_passwd,
2363 (gid < 0) ? grp->gr_gid : gid); 2365 (gid < 0) ? grp->gr_gid : gid);
2364 for (cpp = grp->gr_mem ; *cpp && cc < sizeof(buf) ; cpp++) { 2366 for (cpp = grp->gr_mem ; *cpp && cc < sizeof(buf) ; cpp++) {
2365 cc += snprintf(&buf[cc], sizeof(buf) - cc, "%s%s", *cpp, 2367 cc += snprintf(&buf[cc], sizeof(buf) - cc, "%s%s", *cpp,
2366 (cpp[1] == NULL) ? "" : ","); 2368 (cpp[1] == NULL) ? "" : ",");
2367 } 2369 }
2368 cc += snprintf(&buf[cc], sizeof(buf) - cc, "\n"); 2370 cc += snprintf(&buf[cc], sizeof(buf) - cc, "\n");
2369 if (newname != NULL) 2371 if (newname != NULL)
2370 free(newname); 2372 free(newname);
2371 openlog("groupmod", LOG_PID, LOG_USER); 2373 openlog("groupmod", LOG_PID, LOG_USER);
2372 if (!modify_gid(*argv, buf)) 2374 if (!modify_gid(*argv, buf))
2373 exit(EXIT_FAILURE); 2375 exit(EXIT_FAILURE);
2374 2376
2375 return EXIT_SUCCESS; 2377 return EXIT_SUCCESS;
2376} 2378}
2377 2379
2378#ifdef EXTENSIONS 2380#ifdef EXTENSIONS
2379/* display user information */ 2381/* display user information */
2380int 2382int
2381userinfo(int argc, char **argv) 2383userinfo(int argc, char **argv)
2382{ 2384{
2383 struct passwd *pwp; 2385 struct passwd *pwp;
2384 struct group *grp; 2386 struct group *grp;
2385 char buf[MaxEntryLen]; 2387 char buf[MaxEntryLen];
2386 char **cpp; 2388 char **cpp;
2387 int exists; 2389 int exists;
2388 int cc; 2390 int cc;
2389 int i; 2391 int i;
2390 2392
2391 exists = 0; 2393 exists = 0;
2392 buf[0] = '\0'; 2394 buf[0] = '\0';
2393 while ((i = getopt(argc, argv, "e")) != -1) { 2395 while ((i = getopt(argc, argv, "e")) != -1) {
2394 switch(i) { 2396 switch(i) {
2395 case 'e': 2397 case 'e':
2396 exists = 1; 2398 exists = 1;
2397 break; 2399 break;
2398 default: 2400 default:
2399 usermgmt_usage("userinfo"); 2401 usermgmt_usage("userinfo");
2400 /* NOTREACHED */ 2402 /* NOTREACHED */
2401 } 2403 }
2402 } 2404 }
2403 argc -= optind; 2405 argc -= optind;
2404 argv += optind; 2406 argv += optind;
2405 if (argc != 1) { 2407 if (argc != 1) {
2406 usermgmt_usage("userinfo"); 2408 usermgmt_usage("userinfo");