| @@ -1,2406 +1,2408 @@ | | | @@ -1,2406 +1,2408 @@ |
1 | /* $NetBSD: user.c,v 1.120 2008/07/21 13:37:00 lukem Exp $ */ | | 1 | /* $NetBSD: user.c,v 1.120.4.1 2009/03/15 20:03:49 snj Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * Copyright (c) 1999 Alistair G. Crooks. All rights reserved. | | 4 | * Copyright (c) 1999 Alistair G. Crooks. All rights reserved. |
5 | * Copyright (c) 2005 Liam J. Foy. All rights reserved. | | 5 | * Copyright (c) 2005 Liam J. Foy. All rights reserved. |
6 | * | | 6 | * |
7 | * Redistribution and use in source and binary forms, with or without | | 7 | * Redistribution and use in source and binary forms, with or without |
8 | * modification, are permitted provided that the following conditions | | 8 | * modification, are permitted provided that the following conditions |
9 | * are met: | | 9 | * are met: |
10 | * 1. Redistributions of source code must retain the above copyright | | 10 | * 1. Redistributions of source code must retain the above copyright |
11 | * notice, this list of conditions and the following disclaimer. | | 11 | * notice, this list of conditions and the following disclaimer. |
12 | * 2. Redistributions in binary form must reproduce the above copyright | | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
13 | * notice, this list of conditions and the following disclaimer in the | | 13 | * notice, this list of conditions and the following disclaimer in the |
14 | * documentation and/or other materials provided with the distribution. | | 14 | * documentation and/or other materials provided with the distribution. |
15 | * 3. The name of the author may not be used to endorse or promote | | 15 | * 3. The name of the author may not be used to endorse or promote |
16 | * products derived from this software without specific prior written | | 16 | * products derived from this software without specific prior written |
17 | * permission. | | 17 | * permission. |
18 | * | | 18 | * |
19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS | | 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS |
20 | * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | | 20 | * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
21 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 21 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | | 22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
23 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 23 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE | | 24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE |
25 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 25 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, | | 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
27 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | | 27 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
28 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | | 28 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
29 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | 29 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
30 | */ | | 30 | */ |
31 | #include <sys/cdefs.h> | | 31 | #include <sys/cdefs.h> |
32 | | | 32 | |
33 | #ifndef lint | | 33 | #ifndef lint |
34 | __COPYRIGHT("@(#) Copyright (c) 1999\ | | 34 | __COPYRIGHT("@(#) Copyright (c) 1999\ |
35 | The NetBSD Foundation, Inc. All rights reserved."); | | 35 | The NetBSD Foundation, Inc. All rights reserved."); |
36 | __RCSID("$NetBSD: user.c,v 1.120 2008/07/21 13:37:00 lukem Exp $"); | | 36 | __RCSID("$NetBSD: user.c,v 1.120.4.1 2009/03/15 20:03:49 snj Exp $"); |
37 | #endif | | 37 | #endif |
38 | | | 38 | |
39 | #include <sys/types.h> | | 39 | #include <sys/types.h> |
40 | #include <sys/param.h> | | 40 | #include <sys/param.h> |
41 | #include <sys/stat.h> | | 41 | #include <sys/stat.h> |
42 | | | 42 | |
43 | #include <ctype.h> | | 43 | #include <ctype.h> |
44 | #include <dirent.h> | | 44 | #include <dirent.h> |
45 | #include <err.h> | | 45 | #include <err.h> |
46 | #include <fcntl.h> | | 46 | #include <fcntl.h> |
47 | #include <grp.h> | | 47 | #include <grp.h> |
48 | #ifdef EXTENSIONS | | 48 | #ifdef EXTENSIONS |
49 | #include <login_cap.h> | | 49 | #include <login_cap.h> |
50 | #endif | | 50 | #endif |
51 | #include <paths.h> | | 51 | #include <paths.h> |
52 | #include <pwd.h> | | 52 | #include <pwd.h> |
53 | #include <regex.h> | | 53 | #include <regex.h> |
54 | #include <stdarg.h> | | 54 | #include <stdarg.h> |
55 | #include <stdio.h> | | 55 | #include <stdio.h> |
56 | #include <stdlib.h> | | 56 | #include <stdlib.h> |
57 | #include <string.h> | | 57 | #include <string.h> |
58 | #include <syslog.h> | | 58 | #include <syslog.h> |
59 | #include <time.h> | | 59 | #include <time.h> |
60 | #include <unistd.h> | | 60 | #include <unistd.h> |
61 | #include <util.h> | | 61 | #include <util.h> |
62 | #include <errno.h> | | 62 | #include <errno.h> |
63 | | | 63 | |
64 | #include "defs.h" | | 64 | #include "defs.h" |
65 | #include "usermgmt.h" | | 65 | #include "usermgmt.h" |
66 | | | 66 | |
67 | | | 67 | |
68 | /* this struct describes a uid range */ | | 68 | /* this struct describes a uid range */ |
69 | typedef struct range_t { | | 69 | typedef struct range_t { |
70 | int r_from; /* low uid */ | | 70 | int r_from; /* low uid */ |
71 | int r_to; /* high uid */ | | 71 | int r_to; /* high uid */ |
72 | } range_t; | | 72 | } range_t; |
73 | | | 73 | |
74 | /* this struct encapsulates the user information */ | | 74 | /* this struct encapsulates the user information */ |
75 | typedef struct user_t { | | 75 | typedef struct user_t { |
76 | int u_flags; /* see below */ | | 76 | int u_flags; /* see below */ |
77 | int u_uid; /* uid of user */ | | 77 | int u_uid; /* uid of user */ |
78 | char *u_password; /* encrypted password */ | | 78 | char *u_password; /* encrypted password */ |
79 | char *u_comment; /* comment field */ | | 79 | char *u_comment; /* comment field */ |
80 | char *u_home; /* home directory */ | | 80 | char *u_home; /* home directory */ |
81 | mode_t u_homeperm; /* permissions of home dir */ | | 81 | mode_t u_homeperm; /* permissions of home dir */ |
82 | char *u_primgrp; /* primary group */ | | 82 | char *u_primgrp; /* primary group */ |
83 | int u_groupc; /* # of secondary groups */ | | 83 | int u_groupc; /* # of secondary groups */ |
84 | const char *u_groupv[NGROUPS_MAX]; /* secondary groups */ | | 84 | const char *u_groupv[NGROUPS_MAX]; /* secondary groups */ |
85 | char *u_shell; /* user's shell */ | | 85 | char *u_shell; /* user's shell */ |
86 | char *u_basedir; /* base directory for home */ | | 86 | char *u_basedir; /* base directory for home */ |
87 | char *u_expire; /* when password will expire */ | | 87 | char *u_expire; /* when password will expire */ |
88 | char *u_inactive; /* when account will expire */ | | 88 | char *u_inactive; /* when account will expire */ |
89 | char *u_skeldir; /* directory for startup files */ | | 89 | char *u_skeldir; /* directory for startup files */ |
90 | char *u_class; /* login class */ | | 90 | char *u_class; /* login class */ |
91 | unsigned u_rsize; /* size of range array */ | | 91 | unsigned u_rsize; /* size of range array */ |
92 | unsigned u_rc; /* # of ranges */ | | 92 | unsigned u_rc; /* # of ranges */ |
93 | range_t *u_rv; /* the ranges */ | | 93 | range_t *u_rv; /* the ranges */ |
94 | unsigned u_defrc; /* # of ranges in defaults */ | | 94 | unsigned u_defrc; /* # of ranges in defaults */ |
95 | int u_preserve; /* preserve uids on deletion */ | | 95 | int u_preserve; /* preserve uids on deletion */ |
96 | int u_allow_samba; /* allow trailing '$' for samba login names */ | | 96 | int u_allow_samba; /* allow trailing '$' for samba login names */ |
97 | int u_locked; /* user account lock */ | | 97 | int u_locked; /* user account lock */ |
98 | } user_t; | | 98 | } user_t; |
99 | | | 99 | |
100 | /* flags for which fields of the user_t replace the passwd entry */ | | 100 | /* flags for which fields of the user_t replace the passwd entry */ |
101 | enum { | | 101 | enum { |
102 | F_COMMENT = 0x0001, | | 102 | F_COMMENT = 0x0001, |
103 | F_DUPUID = 0x0002, | | 103 | F_DUPUID = 0x0002, |
104 | F_EXPIRE = 0x0004, | | 104 | F_EXPIRE = 0x0004, |
105 | F_GROUP = 0x0008, | | 105 | F_GROUP = 0x0008, |
106 | F_HOMEDIR = 0x0010, | | 106 | F_HOMEDIR = 0x0010, |
107 | F_MKDIR = 0x0020, | | 107 | F_MKDIR = 0x0020, |
108 | F_INACTIVE = 0x0040, | | 108 | F_INACTIVE = 0x0040, |
109 | F_PASSWORD = 0x0080, | | 109 | F_PASSWORD = 0x0080, |
110 | F_SECGROUP = 0x0100, | | 110 | F_SECGROUP = 0x0100, |
111 | F_SHELL = 0x0200, | | 111 | F_SHELL = 0x0200, |
112 | F_UID = 0x0400, | | 112 | F_UID = 0x0400, |
113 | F_USERNAME = 0x0800, | | 113 | F_USERNAME = 0x0800, |
114 | F_CLASS = 0x1000 | | 114 | F_CLASS = 0x1000 |
115 | }; | | 115 | }; |
116 | | | 116 | |
117 | #define UNLOCK 0 | | 117 | #define UNLOCK 0 |
118 | #define LOCK 1 | | 118 | #define LOCK 1 |
119 | #define LOCKED "*LOCKED*" | | 119 | #define LOCKED "*LOCKED*" |
120 | | | 120 | |
121 | #define PATH_LOGINCONF "/etc/login.conf" | | 121 | #define PATH_LOGINCONF "/etc/login.conf" |
122 | | | 122 | |
123 | #ifndef DEF_GROUP | | 123 | #ifndef DEF_GROUP |
124 | #define DEF_GROUP "users" | | 124 | #define DEF_GROUP "users" |
125 | #endif | | 125 | #endif |
126 | | | 126 | |
127 | #ifndef DEF_BASEDIR | | 127 | #ifndef DEF_BASEDIR |
128 | #define DEF_BASEDIR "/home" | | 128 | #define DEF_BASEDIR "/home" |
129 | #endif | | 129 | #endif |
130 | | | 130 | |
131 | #ifndef DEF_SKELDIR | | 131 | #ifndef DEF_SKELDIR |
132 | #define DEF_SKELDIR "/etc/skel" | | 132 | #define DEF_SKELDIR "/etc/skel" |
133 | #endif | | 133 | #endif |
134 | | | 134 | |
135 | #ifndef DEF_SHELL | | 135 | #ifndef DEF_SHELL |
136 | #define DEF_SHELL _PATH_BSHELL | | 136 | #define DEF_SHELL _PATH_BSHELL |
137 | #endif | | 137 | #endif |
138 | | | 138 | |
139 | #ifndef DEF_COMMENT | | 139 | #ifndef DEF_COMMENT |
140 | #define DEF_COMMENT "" | | 140 | #define DEF_COMMENT "" |
141 | #endif | | 141 | #endif |
142 | | | 142 | |
143 | #ifndef DEF_LOWUID | | 143 | #ifndef DEF_LOWUID |
144 | #define DEF_LOWUID 1000 | | 144 | #define DEF_LOWUID 1000 |
145 | #endif | | 145 | #endif |
146 | | | 146 | |
147 | #ifndef DEF_HIGHUID | | 147 | #ifndef DEF_HIGHUID |
148 | #define DEF_HIGHUID 60000 | | 148 | #define DEF_HIGHUID 60000 |
149 | #endif | | 149 | #endif |
150 | | | 150 | |
151 | #ifndef DEF_INACTIVE | | 151 | #ifndef DEF_INACTIVE |
152 | #define DEF_INACTIVE 0 | | 152 | #define DEF_INACTIVE 0 |
153 | #endif | | 153 | #endif |
154 | | | 154 | |
155 | #ifndef DEF_EXPIRE | | 155 | #ifndef DEF_EXPIRE |
156 | #define DEF_EXPIRE NULL | | 156 | #define DEF_EXPIRE NULL |
157 | #endif | | 157 | #endif |
158 | | | 158 | |
159 | #ifndef DEF_CLASS | | 159 | #ifndef DEF_CLASS |
160 | #define DEF_CLASS "" | | 160 | #define DEF_CLASS "" |
161 | #endif | | 161 | #endif |
162 | | | 162 | |
163 | #ifndef WAITSECS | | 163 | #ifndef WAITSECS |
164 | #define WAITSECS 10 | | 164 | #define WAITSECS 10 |
165 | #endif | | 165 | #endif |
166 | | | 166 | |
167 | #ifndef NOBODY_UID | | 167 | #ifndef NOBODY_UID |
168 | #define NOBODY_UID 32767 | | 168 | #define NOBODY_UID 32767 |
169 | #endif | | 169 | #endif |
170 | | | 170 | |
171 | #ifndef DEF_HOMEPERM | | 171 | #ifndef DEF_HOMEPERM |
172 | #define DEF_HOMEPERM 0755 | | 172 | #define DEF_HOMEPERM 0755 |
173 | #endif | | 173 | #endif |
174 | | | 174 | |
175 | /* some useful constants */ | | 175 | /* some useful constants */ |
176 | enum { | | 176 | enum { |
177 | MaxShellNameLen = 256, | | 177 | MaxShellNameLen = 256, |
178 | MaxFileNameLen = MAXPATHLEN, | | 178 | MaxFileNameLen = MAXPATHLEN, |
179 | MaxUserNameLen = LOGIN_NAME_MAX - 1, | | 179 | MaxUserNameLen = LOGIN_NAME_MAX - 1, |
180 | MaxCommandLen = 2048, | | 180 | MaxCommandLen = 2048, |
181 | MaxEntryLen = 2048, | | 181 | MaxEntryLen = 2048, |
182 | PasswordLength = 2048, | | 182 | PasswordLength = 2048, |
183 | | | 183 | |
184 | DES_Len = 13, | | 184 | DES_Len = 13, |
185 | | | 185 | |
186 | LowGid = DEF_LOWUID, | | 186 | LowGid = DEF_LOWUID, |
187 | HighGid = DEF_HIGHUID | | 187 | HighGid = DEF_HIGHUID |
188 | }; | | 188 | }; |
189 | | | 189 | |
190 | /* Full paths of programs used here */ | | 190 | /* Full paths of programs used here */ |
191 | #define CHMOD "/bin/chmod" | | 191 | #define CHMOD "/bin/chmod" |
192 | #define CHOWN "/usr/sbin/chown" | | 192 | #define CHOWN "/usr/sbin/chown" |
193 | #define MKDIR "/bin/mkdir" | | 193 | #define MKDIR "/bin/mkdir" |
194 | #define MV "/bin/mv" | | 194 | #define MV "/bin/mv" |
195 | #define NOLOGIN "/sbin/nologin" | | 195 | #define NOLOGIN "/sbin/nologin" |
196 | #define PAX "/bin/pax" | | 196 | #define PAX "/bin/pax" |
197 | #define RM "/bin/rm" | | 197 | #define RM "/bin/rm" |
198 | | | 198 | |
199 | #define UNSET_INACTIVE "Null (unset)" | | 199 | #define UNSET_INACTIVE "Null (unset)" |
200 | #define UNSET_EXPIRY "Null (unset)" | | 200 | #define UNSET_EXPIRY "Null (unset)" |
201 | | | 201 | |
202 | static int asystem(const char *fmt, ...) | | 202 | static int asystem(const char *fmt, ...) |
203 | __attribute__((__format__(__printf__, 1, 2))); | | 203 | __attribute__((__format__(__printf__, 1, 2))); |
204 | static int is_number(const char *); | | 204 | static int is_number(const char *); |
205 | static struct group *find_group_info(const char *); | | 205 | static struct group *find_group_info(const char *); |
206 | static int verbose; | | 206 | static int verbose; |
207 | | | 207 | |
208 | static char * | | 208 | static char * |
209 | skipspace(char *s) | | 209 | skipspace(char *s) |
210 | { | | 210 | { |
211 | for (; *s && isspace((unsigned char)*s) ; s++) { | | 211 | for (; *s && isspace((unsigned char)*s) ; s++) { |
212 | } | | 212 | } |
213 | return s; | | 213 | return s; |
214 | } | | 214 | } |
215 | | | 215 | |
216 | static int | | 216 | static int |
217 | check_numeric(const char *val, const char *name) | | 217 | check_numeric(const char *val, const char *name) |
218 | { | | 218 | { |
219 | if (!is_number(val)) { | | 219 | if (!is_number(val)) { |
220 | errx(EXIT_FAILURE, "When using [-%c %s], " | | 220 | errx(EXIT_FAILURE, "When using [-%c %s], " |
221 | "the %s must be numeric", *name, name, name); | | 221 | "the %s must be numeric", *name, name, name); |
222 | } | | 222 | } |
223 | return atoi(val); | | 223 | return atoi(val); |
224 | } | | 224 | } |
225 | | | 225 | |
226 | /* resize *cpp appropriately then assign `n' chars of `s' to it */ | | 226 | /* resize *cpp appropriately then assign `n' chars of `s' to it */ |
227 | static void | | 227 | static void |
228 | memsave(char **cpp, const char *s, size_t n) | | 228 | memsave(char **cpp, const char *s, size_t n) |
229 | { | | 229 | { |
230 | RENEW(char, *cpp, n + 1, exit(1)); | | 230 | RENEW(char, *cpp, n + 1, exit(1)); |
231 | (void)memcpy(*cpp, s, n); | | 231 | (void)memcpy(*cpp, s, n); |
232 | (*cpp)[n] = '\0'; | | 232 | (*cpp)[n] = '\0'; |
233 | } | | 233 | } |
234 | | | 234 | |
235 | /* a replacement for system(3) */ | | 235 | /* a replacement for system(3) */ |
236 | static int | | 236 | static int |
237 | asystem(const char *fmt, ...) | | 237 | asystem(const char *fmt, ...) |
238 | { | | 238 | { |
239 | va_list vp; | | 239 | va_list vp; |
240 | char buf[MaxCommandLen]; | | 240 | char buf[MaxCommandLen]; |
241 | int ret; | | 241 | int ret; |
242 | | | 242 | |
243 | va_start(vp, fmt); | | 243 | va_start(vp, fmt); |
244 | (void)vsnprintf(buf, sizeof(buf), fmt, vp); | | 244 | (void)vsnprintf(buf, sizeof(buf), fmt, vp); |
245 | va_end(vp); | | 245 | va_end(vp); |
246 | if (verbose) { | | 246 | if (verbose) { |
247 | (void)printf("Command: %s\n", buf); | | 247 | (void)printf("Command: %s\n", buf); |
248 | } | | 248 | } |
249 | if ((ret = system(buf)) != 0) { | | 249 | if ((ret = system(buf)) != 0) { |
250 | warn("Error running `%s'", buf); | | 250 | warn("Error running `%s'", buf); |
251 | } | | 251 | } |
252 | return ret; | | 252 | return ret; |
253 | } | | 253 | } |
254 | | | 254 | |
255 | /* remove a users home directory, returning 1 for success (ie, no problems encountered) */ | | 255 | /* remove a users home directory, returning 1 for success (ie, no problems encountered) */ |
256 | static int | | 256 | static int |
257 | removehomedir(struct passwd *pwp) | | 257 | removehomedir(struct passwd *pwp) |
258 | { | | 258 | { |
259 | struct stat st; | | 259 | struct stat st; |
260 | | | 260 | |
261 | /* userid not root? */ | | 261 | /* userid not root? */ |
262 | if (pwp->pw_uid == 0) { | | 262 | if (pwp->pw_uid == 0) { |
263 | warnx("Not deleting home directory `%s'; userid is 0", pwp->pw_dir); | | 263 | warnx("Not deleting home directory `%s'; userid is 0", pwp->pw_dir); |
264 | return 0; | | 264 | return 0; |
265 | } | | 265 | } |
266 | | | 266 | |
267 | /* directory exists (and is a directory!) */ | | 267 | /* directory exists (and is a directory!) */ |
268 | if (stat(pwp->pw_dir, &st) < 0) { | | 268 | if (stat(pwp->pw_dir, &st) < 0) { |
269 | warn("Cannot access home directory `%s'", pwp->pw_dir); | | 269 | warn("Cannot access home directory `%s'", pwp->pw_dir); |
270 | return 0; | | 270 | return 0; |
271 | } | | 271 | } |
272 | if (!S_ISDIR(st.st_mode)) { | | 272 | if (!S_ISDIR(st.st_mode)) { |
273 | warnx("Home directory `%s' is not a directory", pwp->pw_dir); | | 273 | warnx("Home directory `%s' is not a directory", pwp->pw_dir); |
274 | return 0; | | 274 | return 0; |
275 | } | | 275 | } |
276 | | | 276 | |
277 | /* userid matches directory owner? */ | | 277 | /* userid matches directory owner? */ |
278 | if (st.st_uid != pwp->pw_uid) { | | 278 | if (st.st_uid != pwp->pw_uid) { |
279 | warnx("User `%s' doesn't own directory `%s', not removed", | | 279 | warnx("User `%s' doesn't own directory `%s', not removed", |
280 | pwp->pw_name, pwp->pw_dir); | | 280 | pwp->pw_name, pwp->pw_dir); |
281 | return 0; | | 281 | return 0; |
282 | } | | 282 | } |
283 | | | 283 | |
284 | (void)seteuid(pwp->pw_uid); | | 284 | (void)seteuid(pwp->pw_uid); |
285 | /* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */ | | 285 | /* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */ |
286 | (void)asystem("%s -rf %s > /dev/null 2>&1 || true", RM, pwp->pw_dir); | | 286 | (void)asystem("%s -rf %s > /dev/null 2>&1 || true", RM, pwp->pw_dir); |
287 | (void)seteuid(0); | | 287 | (void)seteuid(0); |
288 | if (rmdir(pwp->pw_dir) < 0) { | | 288 | if (rmdir(pwp->pw_dir) < 0) { |
289 | warn("Unable to remove all files in `%s'", pwp->pw_dir); | | 289 | warn("Unable to remove all files in `%s'", pwp->pw_dir); |
290 | return 0; | | 290 | return 0; |
291 | } | | 291 | } |
292 | return 1; | | 292 | return 1; |
293 | } | | 293 | } |
294 | | | 294 | |
295 | /* return 1 if all of `s' is numeric */ | | 295 | /* return 1 if all of `s' is numeric */ |
296 | static int | | 296 | static int |
297 | is_number(const char *s) | | 297 | is_number(const char *s) |
298 | { | | 298 | { |
299 | for ( ; *s ; s++) { | | 299 | for ( ; *s ; s++) { |
300 | if (!isdigit((unsigned char) *s)) { | | 300 | if (!isdigit((unsigned char) *s)) { |
301 | return 0; | | 301 | return 0; |
302 | } | | 302 | } |
303 | } | | 303 | } |
304 | return 1; | | 304 | return 1; |
305 | } | | 305 | } |
306 | | | 306 | |
307 | /* | | 307 | /* |
308 | * check that the effective uid is 0 - called from funcs which will | | 308 | * check that the effective uid is 0 - called from funcs which will |
309 | * modify data and config files. | | 309 | * modify data and config files. |
310 | */ | | 310 | */ |
311 | static void | | 311 | static void |
312 | checkeuid(void) | | 312 | checkeuid(void) |
313 | { | | 313 | { |
314 | if (geteuid() != 0) { | | 314 | if (geteuid() != 0) { |
315 | errx(EXIT_FAILURE, "Program must be run as root"); | | 315 | errx(EXIT_FAILURE, "Program must be run as root"); |
316 | } | | 316 | } |
317 | } | | 317 | } |
318 | | | 318 | |
319 | /* copy any dot files into the user's home directory */ | | 319 | /* copy any dot files into the user's home directory */ |
320 | static int | | 320 | static int |
321 | copydotfiles(char *skeldir, int uid, int gid, char *dir, mode_t homeperm) | | 321 | copydotfiles(char *skeldir, int uid, int gid, char *dir, mode_t homeperm) |
322 | { | | 322 | { |
323 | struct dirent *dp; | | 323 | struct dirent *dp; |
324 | DIR *dirp; | | 324 | DIR *dirp; |
325 | int n; | | 325 | int n; |
326 | | | 326 | |
327 | if ((dirp = opendir(skeldir)) == NULL) { | | 327 | if ((dirp = opendir(skeldir)) == NULL) { |
328 | warn("Can't open source . files dir `%s'", skeldir); | | 328 | warn("Can't open source . files dir `%s'", skeldir); |
329 | return 0; | | 329 | return 0; |
330 | } | | 330 | } |
331 | for (n = 0; (dp = readdir(dirp)) != NULL && n == 0 ; ) { | | 331 | for (n = 0; (dp = readdir(dirp)) != NULL && n == 0 ; ) { |
332 | if (strcmp(dp->d_name, ".") == 0 || | | 332 | if (strcmp(dp->d_name, ".") == 0 || |
333 | strcmp(dp->d_name, "..") == 0) { | | 333 | strcmp(dp->d_name, "..") == 0) { |
334 | continue; | | 334 | continue; |
335 | } | | 335 | } |
336 | n = 1; | | 336 | n = 1; |
337 | } | | 337 | } |
338 | (void)closedir(dirp); | | 338 | (void)closedir(dirp); |
339 | if (n == 0) { | | 339 | if (n == 0) { |
340 | warnx("No \"dot\" initialisation files found"); | | 340 | warnx("No \"dot\" initialisation files found"); |
341 | } else { | | 341 | } else { |
342 | (void)asystem("cd %s && %s -rw -pe %s . %s", | | 342 | (void)asystem("cd %s && %s -rw -pe %s . %s", |
343 | skeldir, PAX, (verbose) ? "-v" : "", dir); | | 343 | skeldir, PAX, (verbose) ? "-v" : "", dir); |
344 | } | | 344 | } |
345 | (void)asystem("%s -R -h %d:%d %s", CHOWN, uid, gid, dir); | | 345 | (void)asystem("%s -R -h %d:%d %s", CHOWN, uid, gid, dir); |
346 | (void)asystem("%s -R u+w %s", CHMOD, dir); | | 346 | (void)asystem("%s -R u+w %s", CHMOD, dir); |
347 | #ifdef EXTENSIONS | | 347 | #ifdef EXTENSIONS |
348 | (void)asystem("%s 0%o %s", CHMOD, homeperm, dir); | | 348 | (void)asystem("%s 0%o %s", CHMOD, homeperm, dir); |
349 | #endif | | 349 | #endif |
350 | return n; | | 350 | return n; |
351 | } | | 351 | } |
352 | | | 352 | |
353 | /* create a group entry with gid `gid' */ | | 353 | /* create a group entry with gid `gid' */ |
354 | static int | | 354 | static int |
355 | creategid(char *group, int gid, const char *name) | | 355 | creategid(char *group, int gid, const char *name) |
356 | { | | 356 | { |
357 | struct stat st; | | 357 | struct stat st; |
358 | FILE *from; | | 358 | FILE *from; |
359 | FILE *to; | | 359 | FILE *to; |
360 | char buf[MaxEntryLen]; | | 360 | char buf[MaxEntryLen]; |
361 | char f[MaxFileNameLen]; | | 361 | char f[MaxFileNameLen]; |
362 | int fd; | | 362 | int fd; |
363 | int cc; | | 363 | int cc; |
364 | | | 364 | |
365 | if (getgrnam(group) != NULL) { | | 365 | if (getgrnam(group) != NULL) { |
366 | warnx("Can't create group `%s': already exists", group); | | 366 | warnx("Can't create group `%s': already exists", group); |
367 | return 0; | | 367 | return 0; |
368 | } | | 368 | } |
369 | if ((from = fopen(_PATH_GROUP, "r")) == NULL) { | | 369 | if ((from = fopen(_PATH_GROUP, "r")) == NULL) { |
370 | warn("Can't create group `%s': can't open `%s'", name, | | 370 | warn("Can't create group `%s': can't open `%s'", name, |
371 | _PATH_GROUP); | | 371 | _PATH_GROUP); |
372 | return 0; | | 372 | return 0; |
373 | } | | 373 | } |
374 | if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { | | 374 | if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { |
375 | warn("Can't lock `%s'", _PATH_GROUP); | | 375 | warn("Can't lock `%s'", _PATH_GROUP); |
376 | (void)fclose(from); | | 376 | (void)fclose(from); |
377 | return 0; | | 377 | return 0; |
378 | } | | 378 | } |
379 | (void)fstat(fileno(from), &st); | | 379 | (void)fstat(fileno(from), &st); |
380 | (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); | | 380 | (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); |
381 | if ((fd = mkstemp(f)) < 0) { | | 381 | if ((fd = mkstemp(f)) < 0) { |
382 | warn("Can't create group `%s': mkstemp failed", group); | | 382 | warn("Can't create group `%s': mkstemp failed", group); |
383 | (void)fclose(from); | | 383 | (void)fclose(from); |
384 | return 0; | | 384 | return 0; |
385 | } | | 385 | } |
386 | if ((to = fdopen(fd, "w")) == NULL) { | | 386 | if ((to = fdopen(fd, "w")) == NULL) { |
387 | warn("Can't create group `%s': fdopen `%s' failed", | | 387 | warn("Can't create group `%s': fdopen `%s' failed", |
388 | group, f); | | 388 | group, f); |
389 | (void)fclose(from); | | 389 | (void)fclose(from); |
390 | (void)close(fd); | | 390 | (void)close(fd); |
391 | (void)unlink(f); | | 391 | (void)unlink(f); |
392 | return 0; | | 392 | return 0; |
393 | } | | 393 | } |
394 | while ((cc = fread(buf, sizeof(char), sizeof(buf), from)) > 0) { | | 394 | while ((cc = fread(buf, sizeof(char), sizeof(buf), from)) > 0) { |
395 | if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { | | 395 | if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { |
396 | warn("Can't create group `%s': short write to `%s'", | | 396 | warn("Can't create group `%s': short write to `%s'", |
397 | group, f); | | 397 | group, f); |
398 | (void)fclose(from); | | 398 | (void)fclose(from); |
399 | (void)close(fd); | | 399 | (void)close(fd); |
400 | (void)unlink(f); | | 400 | (void)unlink(f); |
401 | return 0; | | 401 | return 0; |
402 | } | | 402 | } |
403 | } | | 403 | } |
404 | (void)fprintf(to, "%s:*:%d:%s\n", group, gid, name); | | 404 | (void)fprintf(to, "%s:*:%d:%s\n", group, gid, name); |
405 | (void)fclose(from); | | 405 | (void)fclose(from); |
406 | (void)fclose(to); | | 406 | (void)fclose(to); |
407 | if (rename(f, _PATH_GROUP) < 0) { | | 407 | if (rename(f, _PATH_GROUP) < 0) { |
408 | warn("Can't create group `%s': can't rename `%s' to `%s'", | | 408 | warn("Can't create group `%s': can't rename `%s' to `%s'", |
409 | group, f, _PATH_GROUP); | | 409 | group, f, _PATH_GROUP); |
410 | (void)unlink(f); | | 410 | (void)unlink(f); |
411 | return 0; | | 411 | return 0; |
412 | } | | 412 | } |
413 | (void)chmod(_PATH_GROUP, st.st_mode & 07777); | | 413 | (void)chmod(_PATH_GROUP, st.st_mode & 07777); |
414 | syslog(LOG_INFO, "New group added: name=%s, gid=%d", group, gid); | | 414 | syslog(LOG_INFO, "New group added: name=%s, gid=%d", group, gid); |
415 | return 1; | | 415 | return 1; |
416 | } | | 416 | } |
417 | | | 417 | |
418 | /* modify the group entry with name `group' to be newent */ | | 418 | /* modify the group entry with name `group' to be newent */ |
419 | static int | | 419 | static int |
420 | modify_gid(char *group, char *newent) | | 420 | modify_gid(char *group, char *newent) |
421 | { | | 421 | { |
422 | struct stat st; | | 422 | struct stat st; |
423 | FILE *from; | | 423 | FILE *from; |
424 | FILE *to; | | 424 | FILE *to; |
425 | char buf[MaxEntryLen]; | | 425 | char buf[MaxEntryLen]; |
426 | char f[MaxFileNameLen]; | | 426 | char f[MaxFileNameLen]; |
427 | char *colon; | | 427 | char *colon; |
428 | int groupc; | | 428 | int groupc; |
429 | int entc; | | 429 | int entc; |
430 | int fd; | | 430 | int fd; |
431 | int cc; | | 431 | int cc; |
432 | | | 432 | |
433 | if ((from = fopen(_PATH_GROUP, "r")) == NULL) { | | 433 | if ((from = fopen(_PATH_GROUP, "r")) == NULL) { |
434 | warn("Can't modify group `%s': can't open `%s'", | | 434 | warn("Can't modify group `%s': can't open `%s'", |
435 | group, _PATH_GROUP); | | 435 | group, _PATH_GROUP); |
436 | return 0; | | 436 | return 0; |
437 | } | | 437 | } |
438 | if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { | | 438 | if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { |
439 | warn("Can't modify group `%s': can't lock `%s'", | | 439 | warn("Can't modify group `%s': can't lock `%s'", |
440 | group, _PATH_GROUP); | | 440 | group, _PATH_GROUP); |
441 | (void)fclose(from); | | 441 | (void)fclose(from); |
442 | return 0; | | 442 | return 0; |
443 | } | | 443 | } |
444 | (void)fstat(fileno(from), &st); | | 444 | (void)fstat(fileno(from), &st); |
445 | (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); | | 445 | (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); |
446 | if ((fd = mkstemp(f)) < 0) { | | 446 | if ((fd = mkstemp(f)) < 0) { |
447 | warn("Can't modify group `%s': mkstemp failed", group); | | 447 | warn("Can't modify group `%s': mkstemp failed", group); |
448 | (void)fclose(from); | | 448 | (void)fclose(from); |
449 | return 0; | | 449 | return 0; |
450 | } | | 450 | } |
451 | if ((to = fdopen(fd, "w")) == NULL) { | | 451 | if ((to = fdopen(fd, "w")) == NULL) { |
452 | warn("Can't modify group `%s': fdopen `%s' failed", group, f); | | 452 | warn("Can't modify group `%s': fdopen `%s' failed", group, f); |
453 | (void)fclose(from); | | 453 | (void)fclose(from); |
454 | (void)close(fd); | | 454 | (void)close(fd); |
455 | (void)unlink(f); | | 455 | (void)unlink(f); |
456 | return 0; | | 456 | return 0; |
457 | } | | 457 | } |
458 | groupc = strlen(group); | | 458 | groupc = strlen(group); |
459 | while (fgets(buf, sizeof(buf), from) != NULL) { | | 459 | while (fgets(buf, sizeof(buf), from) != NULL) { |
460 | cc = strlen(buf); | | 460 | cc = strlen(buf); |
461 | if ((colon = strchr(buf, ':')) == NULL) { | | 461 | if ((colon = strchr(buf, ':')) == NULL) { |
462 | warnx("Badly formed entry `%s'", buf); | | 462 | warnx("Badly formed entry `%s'", buf); |
463 | continue; | | 463 | continue; |
464 | } | | 464 | } |
465 | entc = (int)(colon - buf); | | 465 | entc = (int)(colon - buf); |
466 | if (entc == groupc && | | 466 | if (entc == groupc && |
467 | strncmp(group, buf, (unsigned) entc) == 0) { | | 467 | strncmp(group, buf, (unsigned) entc) == 0) { |
468 | if (newent == NULL) { | | 468 | if (newent == NULL) { |
469 | struct group *grp_rm; | | 469 | struct group *grp_rm; |
470 | struct passwd *user_pwd; | | 470 | struct passwd *user_pwd; |
471 | | | 471 | |
472 | /* | | 472 | /* |
473 | * Check that the group being removed | | 473 | * Check that the group being removed |
474 | * isn't any user's Primary group. Just | | 474 | * isn't any user's Primary group. Just |
475 | * warn if it is. This could cause problems | | 475 | * warn if it is. This could cause problems |
476 | * if the group GID was reused for a | | 476 | * if the group GID was reused for a |
477 | * different purpose. | | 477 | * different purpose. |
478 | */ | | 478 | */ |
479 | | | 479 | |
480 | grp_rm = find_group_info(group); | | 480 | grp_rm = find_group_info(group); |
481 | while ((user_pwd = getpwent()) != NULL) { | | 481 | while ((user_pwd = getpwent()) != NULL) { |
482 | if (user_pwd->pw_gid == grp_rm->gr_gid) { | | 482 | if (user_pwd->pw_gid == grp_rm->gr_gid) { |
483 | warnx("Warning: group `%s'(%d)" | | 483 | warnx("Warning: group `%s'(%d)" |
484 | " is the primary group of" | | 484 | " is the primary group of" |
485 | " `%s'. Use caution if you" | | 485 | " `%s'. Use caution if you" |
486 | " later add this GID.", | | 486 | " later add this GID.", |
487 | grp_rm->gr_name, | | 487 | grp_rm->gr_name, |
488 | grp_rm->gr_gid, user_pwd->pw_name); | | 488 | grp_rm->gr_gid, user_pwd->pw_name); |
489 | } | | 489 | } |
490 | } | | 490 | } |
491 | endpwent(); | | 491 | endpwent(); |
492 | continue; | | 492 | continue; |
493 | } else { | | 493 | } else { |
494 | cc = strlen(newent); | | 494 | cc = strlen(newent); |
495 | (void)strlcpy(buf, newent, sizeof(buf)); | | 495 | (void)strlcpy(buf, newent, sizeof(buf)); |
496 | } | | 496 | } |
497 | } | | 497 | } |
498 | if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { | | 498 | if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { |
499 | warn("Can't modify group `%s': short write to `%s'", | | 499 | warn("Can't modify group `%s': short write to `%s'", |
500 | group, f); | | 500 | group, f); |
501 | (void)fclose(from); | | 501 | (void)fclose(from); |
502 | (void)close(fd); | | 502 | (void)close(fd); |
503 | (void)unlink(f); | | 503 | (void)unlink(f); |
504 | return 0; | | 504 | return 0; |
505 | } | | 505 | } |
506 | } | | 506 | } |
507 | (void)fclose(from); | | 507 | (void)fclose(from); |
508 | (void)fclose(to); | | 508 | (void)fclose(to); |
509 | if (rename(f, _PATH_GROUP) < 0) { | | 509 | if (rename(f, _PATH_GROUP) < 0) { |
510 | warn("Can't modify group `%s': can't rename `%s' to `%s'", | | 510 | warn("Can't modify group `%s': can't rename `%s' to `%s'", |
511 | group, f, _PATH_GROUP); | | 511 | group, f, _PATH_GROUP); |
512 | (void)unlink(f); | | 512 | (void)unlink(f); |
513 | return 0; | | 513 | return 0; |
514 | } | | 514 | } |
515 | (void)chmod(_PATH_GROUP, st.st_mode & 07777); | | 515 | (void)chmod(_PATH_GROUP, st.st_mode & 07777); |
516 | if (newent == NULL) { | | 516 | if (newent == NULL) { |
517 | syslog(LOG_INFO, "group deleted: name=%s", group); | | 517 | syslog(LOG_INFO, "group deleted: name=%s", group); |
518 | } else { | | 518 | } else { |
519 | syslog(LOG_INFO, "group information modified: name=%s", group); | | 519 | syslog(LOG_INFO, "group information modified: name=%s", group); |
520 | } | | 520 | } |
521 | return 1; | | 521 | return 1; |
522 | } | | 522 | } |
523 | | | 523 | |
524 | /* modify the group entries for all `groups', by adding `user' */ | | 524 | /* modify the group entries for all `groups', by adding `user' */ |
525 | static int | | 525 | static int |
526 | append_group(char *user, int ngroups, const char **groups) | | 526 | append_group(char *user, int ngroups, const char **groups) |
527 | { | | 527 | { |
528 | struct group *grp; | | 528 | struct group *grp; |
529 | struct stat st; | | 529 | struct stat st; |
530 | FILE *from; | | 530 | FILE *from; |
531 | FILE *to; | | 531 | FILE *to; |
532 | char buf[MaxEntryLen]; | | 532 | char buf[MaxEntryLen]; |
533 | char f[MaxFileNameLen]; | | 533 | char f[MaxFileNameLen]; |
534 | char *colon; | | 534 | char *colon; |
535 | int groupc; | | 535 | int groupc; |
536 | int entc; | | 536 | int entc; |
537 | int fd; | | 537 | int fd; |
538 | int nc; | | 538 | int nc; |
539 | int cc; | | 539 | int cc; |
540 | int i; | | 540 | int i; |
541 | int j; | | 541 | int j; |
542 | | | 542 | |
543 | for (i = 0 ; i < ngroups ; i++) { | | 543 | for (i = 0 ; i < ngroups ; i++) { |
544 | if ((grp = getgrnam(groups[i])) == NULL) { | | 544 | if ((grp = getgrnam(groups[i])) == NULL) { |
545 | warnx("Can't append group `%s' for user `%s'", | | 545 | warnx("Can't append group `%s' for user `%s'", |
546 | groups[i], user); | | 546 | groups[i], user); |
547 | } else { | | 547 | } else { |
548 | for (j = 0 ; grp->gr_mem[j] ; j++) { | | 548 | for (j = 0 ; grp->gr_mem[j] ; j++) { |
549 | if (strcmp(user, grp->gr_mem[j]) == 0) { | | 549 | if (strcmp(user, grp->gr_mem[j]) == 0) { |
550 | /* already in it */ | | 550 | /* already in it */ |
551 | groups[i] = ""; | | 551 | groups[i] = ""; |
552 | } | | 552 | } |
553 | } | | 553 | } |
554 | } | | 554 | } |
555 | } | | 555 | } |
556 | if ((from = fopen(_PATH_GROUP, "r")) == NULL) { | | 556 | if ((from = fopen(_PATH_GROUP, "r")) == NULL) { |
557 | warn("Can't append group(s) for `%s': can't open `%s'", | | 557 | warn("Can't append group(s) for `%s': can't open `%s'", |
558 | user, _PATH_GROUP); | | 558 | user, _PATH_GROUP); |
559 | return 0; | | 559 | return 0; |
560 | } | | 560 | } |
561 | if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { | | 561 | if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { |
562 | warn("Can't append group(s) for `%s': can't lock `%s'", | | 562 | warn("Can't append group(s) for `%s': can't lock `%s'", |
563 | user, _PATH_GROUP); | | 563 | user, _PATH_GROUP); |
564 | (void)fclose(from); | | 564 | (void)fclose(from); |
565 | return 0; | | 565 | return 0; |
566 | } | | 566 | } |
567 | (void)fstat(fileno(from), &st); | | 567 | (void)fstat(fileno(from), &st); |
568 | (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); | | 568 | (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); |
569 | if ((fd = mkstemp(f)) < 0) { | | 569 | if ((fd = mkstemp(f)) < 0) { |
570 | warn("Can't append group(s) for `%s': mkstemp failed", | | 570 | warn("Can't append group(s) for `%s': mkstemp failed", |
571 | user); | | 571 | user); |
572 | (void)fclose(from); | | 572 | (void)fclose(from); |
573 | return 0; | | 573 | return 0; |
574 | } | | 574 | } |
575 | if ((to = fdopen(fd, "w")) == NULL) { | | 575 | if ((to = fdopen(fd, "w")) == NULL) { |
576 | warn("Can't append group(s) for `%s': fdopen `%s' failed", | | 576 | warn("Can't append group(s) for `%s': fdopen `%s' failed", |
577 | user, f); | | 577 | user, f); |
578 | (void)fclose(from); | | 578 | (void)fclose(from); |
579 | (void)close(fd); | | 579 | (void)close(fd); |
580 | (void)unlink(f); | | 580 | (void)unlink(f); |
581 | return 0; | | 581 | return 0; |
582 | } | | 582 | } |
583 | while (fgets(buf, sizeof(buf), from) != NULL) { | | 583 | while (fgets(buf, sizeof(buf), from) != NULL) { |
584 | cc = strlen(buf); | | 584 | cc = strlen(buf); |
585 | if ((colon = strchr(buf, ':')) == NULL) { | | 585 | if ((colon = strchr(buf, ':')) == NULL) { |
586 | warnx("Badly formed entry `%s'", buf); | | 586 | warnx("Badly formed entry `%s'", buf); |
587 | continue; | | 587 | continue; |
588 | } | | 588 | } |
589 | entc = (int)(colon - buf); | | 589 | entc = (int)(colon - buf); |
590 | for (i = 0 ; i < ngroups ; i++) { | | 590 | for (i = 0 ; i < ngroups ; i++) { |
591 | if ((groupc = strlen(groups[i])) == 0) { | | 591 | if ((groupc = strlen(groups[i])) == 0) { |
592 | continue; | | 592 | continue; |
593 | } | | 593 | } |
594 | if (entc == groupc && | | 594 | if (entc == groupc && |
595 | strncmp(groups[i], buf, (unsigned) entc) == 0) { | | 595 | strncmp(groups[i], buf, (unsigned) entc) == 0) { |
596 | if ((nc = snprintf(&buf[cc - 1], | | 596 | if ((nc = snprintf(&buf[cc - 1], |
597 | sizeof(buf) - cc + 1, "%s%s\n", | | 597 | sizeof(buf) - cc + 1, "%s%s\n", |
598 | (buf[cc - 2] == ':') ? "" : ",", user)) < 0) { | | 598 | (buf[cc - 2] == ':') ? "" : ",", user)) < 0) { |
599 | warnx("Warning: group `%s' " | | 599 | warnx("Warning: group `%s' " |
600 | "entry too long", groups[i]); | | 600 | "entry too long", groups[i]); |
601 | } | | 601 | } |
602 | cc += nc - 1; | | 602 | cc += nc - 1; |
603 | } | | 603 | } |
604 | } | | 604 | } |
605 | if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { | | 605 | if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { |
606 | warn("Can't append group(s) for `%s':" | | 606 | warn("Can't append group(s) for `%s':" |
607 | " short write to `%s'", user, f); | | 607 | " short write to `%s'", user, f); |
608 | (void)fclose(from); | | 608 | (void)fclose(from); |
609 | (void)close(fd); | | 609 | (void)close(fd); |
610 | (void)unlink(f); | | 610 | (void)unlink(f); |
611 | return 0; | | 611 | return 0; |
612 | } | | 612 | } |
613 | } | | 613 | } |
614 | (void)fclose(from); | | 614 | (void)fclose(from); |
615 | (void)fclose(to); | | 615 | (void)fclose(to); |
616 | if (rename(f, _PATH_GROUP) < 0) { | | 616 | if (rename(f, _PATH_GROUP) < 0) { |
617 | warn("Can't append group(s) for `%s': " | | 617 | warn("Can't append group(s) for `%s': " |
618 | "can't rename `%s' to `%s'", user, f, _PATH_GROUP); | | 618 | "can't rename `%s' to `%s'", user, f, _PATH_GROUP); |
619 | (void)unlink(f); | | 619 | (void)unlink(f); |
620 | return 0; | | 620 | return 0; |
621 | } | | 621 | } |
622 | (void)chmod(_PATH_GROUP, st.st_mode & 07777); | | 622 | (void)chmod(_PATH_GROUP, st.st_mode & 07777); |
623 | return 1; | | 623 | return 1; |
624 | } | | 624 | } |
625 | | | 625 | |
626 | /* the valid characters for login and group names */ | | 626 | /* the valid characters for login and group names */ |
627 | #define VALID_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '_' || (c) == '-') | | 627 | #define VALID_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '_' || (c) == '-') |
628 | | | 628 | |
629 | /* return 1 if `login' is a valid login name */ | | 629 | /* return 1 if `login' is a valid login name */ |
630 | static int | | 630 | static int |
631 | valid_login(char *login_name, int allow_samba) | | 631 | valid_login(char *login_name, int allow_samba) |
632 | { | | 632 | { |
633 | unsigned char *cp; | | 633 | unsigned char *cp; |
634 | | | 634 | |
635 | /* First character of a login name cannot be '-'. */ | | 635 | /* First character of a login name cannot be '-'. */ |
636 | if (*login_name == '-') { | | 636 | if (*login_name == '-') { |
637 | return 0; | | 637 | return 0; |
638 | } | | 638 | } |
639 | if (strlen(login_name) >= LOGIN_NAME_MAX) { | | 639 | if (strlen(login_name) >= LOGIN_NAME_MAX) { |
640 | return 0; | | 640 | return 0; |
641 | } | | 641 | } |
642 | for (cp = (unsigned char *)login_name ; *cp ; cp++) { | | 642 | for (cp = (unsigned char *)login_name ; *cp ; cp++) { |
643 | if (!VALID_CHAR(*cp)) { | | 643 | if (!VALID_CHAR(*cp)) { |
644 | #ifdef EXTENSIONS | | 644 | #ifdef EXTENSIONS |
645 | /* check for a trailing '$' in a Samba user name */ | | 645 | /* check for a trailing '$' in a Samba user name */ |
646 | if (allow_samba && *cp == '$' && *(cp + 1) == 0x0) { | | 646 | if (allow_samba && *cp == '$' && *(cp + 1) == 0x0) { |
647 | return 1; | | 647 | return 1; |
648 | } | | 648 | } |
649 | #endif | | 649 | #endif |
650 | return 0; | | 650 | return 0; |
651 | } | | 651 | } |
652 | } | | 652 | } |
653 | return 1; | | 653 | return 1; |
654 | } | | 654 | } |
655 | | | 655 | |
656 | /* return 1 if `group' is a valid group name */ | | 656 | /* return 1 if `group' is a valid group name */ |
657 | static int | | 657 | static int |
658 | valid_group(char *group) | | 658 | valid_group(char *group) |
659 | { | | 659 | { |
660 | unsigned char *cp; | | 660 | unsigned char *cp; |
661 | | | 661 | |
662 | for (cp = (unsigned char *)group; *cp; cp++) { | | 662 | for (cp = (unsigned char *)group; *cp; cp++) { |
663 | if (!VALID_CHAR(*cp)) { | | 663 | if (!VALID_CHAR(*cp)) { |
664 | return 0; | | 664 | return 0; |
665 | } | | 665 | } |
666 | } | | 666 | } |
667 | return 1; | | 667 | return 1; |
668 | } | | 668 | } |
669 | | | 669 | |
670 | /* find the next gid in the range lo .. hi */ | | 670 | /* find the next gid in the range lo .. hi */ |
671 | static int | | 671 | static int |
672 | getnextgid(int *gidp, int lo, int hi) | | 672 | getnextgid(int *gidp, int lo, int hi) |
673 | { | | 673 | { |
674 | for (*gidp = lo ; *gidp < hi ; *gidp += 1) { | | 674 | for (*gidp = lo ; *gidp < hi ; *gidp += 1) { |
675 | if (getgrgid((gid_t)*gidp) == NULL) { | | 675 | if (getgrgid((gid_t)*gidp) == NULL) { |
676 | return 1; | | 676 | return 1; |
677 | } | | 677 | } |
678 | } | | 678 | } |
679 | return 0; | | 679 | return 0; |
680 | } | | 680 | } |
681 | | | 681 | |
682 | #ifdef EXTENSIONS | | 682 | #ifdef EXTENSIONS |
683 | /* save a range of uids */ | | 683 | /* save a range of uids */ |
684 | static int | | 684 | static int |
685 | save_range(user_t *up, char *cp) | | 685 | save_range(user_t *up, char *cp) |
686 | { | | 686 | { |
687 | int from; | | 687 | int from; |
688 | int to; | | 688 | int to; |
689 | int i; | | 689 | int i; |
690 | | | 690 | |
691 | if (up->u_rsize == 0) { | | 691 | if (up->u_rsize == 0) { |
692 | up->u_rsize = 32; | | 692 | up->u_rsize = 32; |
693 | NEWARRAY(range_t, up->u_rv, up->u_rsize, return(0)); | | 693 | NEWARRAY(range_t, up->u_rv, up->u_rsize, return(0)); |
694 | } else if (up->u_rc == up->u_rsize) { | | 694 | } else if (up->u_rc == up->u_rsize) { |
695 | up->u_rsize *= 2; | | 695 | up->u_rsize *= 2; |
696 | RENEW(range_t, up->u_rv, up->u_rsize, return(0)); | | 696 | RENEW(range_t, up->u_rv, up->u_rsize, return(0)); |
697 | } | | 697 | } |
698 | if (up->u_rv && sscanf(cp, "%d..%d", &from, &to) == 2) { | | 698 | if (up->u_rv && sscanf(cp, "%d..%d", &from, &to) == 2) { |
699 | for (i = up->u_defrc ; i < up->u_rc ; i++) { | | 699 | for (i = up->u_defrc ; i < up->u_rc ; i++) { |
700 | if (up->u_rv[i].r_from == from && | | 700 | if (up->u_rv[i].r_from == from && |
701 | up->u_rv[i].r_to == to) { | | 701 | up->u_rv[i].r_to == to) { |
702 | break; | | 702 | break; |
703 | } | | 703 | } |
704 | } | | 704 | } |
705 | if (i == up->u_rc) { | | 705 | if (i == up->u_rc) { |
706 | up->u_rv[up->u_rc].r_from = from; | | 706 | up->u_rv[up->u_rc].r_from = from; |
707 | up->u_rv[up->u_rc].r_to = to; | | 707 | up->u_rv[up->u_rc].r_to = to; |
708 | up->u_rc += 1; | | 708 | up->u_rc += 1; |
709 | } | | 709 | } |
710 | } else { | | 710 | } else { |
711 | warnx("Bad range `%s'", cp); | | 711 | warnx("Bad range `%s'", cp); |
712 | return 0; | | 712 | return 0; |
713 | } | | 713 | } |
714 | return 1; | | 714 | return 1; |
715 | } | | 715 | } |
716 | #endif | | 716 | #endif |
717 | | | 717 | |
718 | /* set the defaults in the defaults file */ | | 718 | /* set the defaults in the defaults file */ |
719 | static int | | 719 | static int |
720 | setdefaults(user_t *up) | | 720 | setdefaults(user_t *up) |
721 | { | | 721 | { |
722 | char template[MaxFileNameLen]; | | 722 | char template[MaxFileNameLen]; |
723 | FILE *fp; | | 723 | FILE *fp; |
724 | int ret; | | 724 | int ret; |
725 | int fd; | | 725 | int fd; |
726 | #ifdef EXTENSIONS | | 726 | #ifdef EXTENSIONS |
727 | int i; | | 727 | int i; |
728 | #endif | | 728 | #endif |
729 | | | 729 | |
730 | (void)snprintf(template, sizeof(template), "%s.XXXXXX", | | 730 | (void)snprintf(template, sizeof(template), "%s.XXXXXX", |
731 | _PATH_USERMGMT_CONF); | | 731 | _PATH_USERMGMT_CONF); |
732 | if ((fd = mkstemp(template)) < 0) { | | 732 | if ((fd = mkstemp(template)) < 0) { |
733 | warn("Can't set defaults: can't mkstemp `%s' for writing", | | 733 | warn("Can't set defaults: can't mkstemp `%s' for writing", |
734 | _PATH_USERMGMT_CONF); | | 734 | _PATH_USERMGMT_CONF); |
735 | return 0; | | 735 | return 0; |
736 | } | | 736 | } |
737 | if ((fp = fdopen(fd, "w")) == NULL) { | | 737 | if ((fp = fdopen(fd, "w")) == NULL) { |
738 | warn("Can't set defaults: can't fdopen `%s' for writing", | | 738 | warn("Can't set defaults: can't fdopen `%s' for writing", |
739 | _PATH_USERMGMT_CONF); | | 739 | _PATH_USERMGMT_CONF); |
740 | return 0; | | 740 | return 0; |
741 | } | | 741 | } |
742 | ret = 1; | | 742 | ret = 1; |
743 | if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 || | | 743 | if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 || |
744 | fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 || | | 744 | fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 || |
745 | fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 || | | 745 | fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 || |
746 | fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 || | | 746 | fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 || |
747 | #ifdef EXTENSIONS | | 747 | #ifdef EXTENSIONS |
748 | fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 || | | 748 | fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 || |
749 | fprintf(fp, "homeperm\t0%o\n", up->u_homeperm) <= 0 || | | 749 | fprintf(fp, "homeperm\t0%o\n", up->u_homeperm) <= 0 || |
750 | #endif | | 750 | #endif |
751 | fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL) ? | | 751 | fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL) ? |
752 | UNSET_INACTIVE : up->u_inactive) <= 0 || | | 752 | UNSET_INACTIVE : up->u_inactive) <= 0 || |
753 | fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL) ? | | 753 | fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL) ? |
754 | UNSET_EXPIRY : up->u_expire) <= 0 || | | 754 | UNSET_EXPIRY : up->u_expire) <= 0 || |
755 | fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ? | | 755 | fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ? |
756 | "false" : "true") <= 0) { | | 756 | "false" : "true") <= 0) { |
757 | warn("Can't write to `%s'", _PATH_USERMGMT_CONF); | | 757 | warn("Can't write to `%s'", _PATH_USERMGMT_CONF); |
758 | ret = 0; | | 758 | ret = 0; |
759 | } | | 759 | } |
760 | #ifdef EXTENSIONS | | 760 | #ifdef EXTENSIONS |
761 | for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0; | | 761 | for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0; |
762 | i < up->u_rc ; i++) { | | 762 | i < up->u_rc ; i++) { |
763 | if (fprintf(fp, "range\t\t%d..%d\n", up->u_rv[i].r_from, | | 763 | if (fprintf(fp, "range\t\t%d..%d\n", up->u_rv[i].r_from, |
764 | up->u_rv[i].r_to) <= 0) { | | 764 | up->u_rv[i].r_to) <= 0) { |
765 | warn("Can't set defaults: can't write to `%s'", | | 765 | warn("Can't set defaults: can't write to `%s'", |
766 | _PATH_USERMGMT_CONF); | | 766 | _PATH_USERMGMT_CONF); |
767 | ret = 0; | | 767 | ret = 0; |
768 | } | | 768 | } |
769 | } | | 769 | } |
770 | #endif | | 770 | #endif |
771 | (void)fclose(fp); | | 771 | (void)fclose(fp); |
772 | if (ret) { | | 772 | if (ret) { |
773 | ret = ((rename(template, _PATH_USERMGMT_CONF) == 0) && | | 773 | ret = ((rename(template, _PATH_USERMGMT_CONF) == 0) && |
774 | (chmod(_PATH_USERMGMT_CONF, 0644) == 0)); | | 774 | (chmod(_PATH_USERMGMT_CONF, 0644) == 0)); |
775 | } | | 775 | } |
776 | return ret; | | 776 | return ret; |
777 | } | | 777 | } |
778 | | | 778 | |
779 | /* read the defaults file */ | | 779 | /* read the defaults file */ |
780 | static void | | 780 | static void |
781 | read_defaults(user_t *up) | | 781 | read_defaults(user_t *up) |
782 | { | | 782 | { |
783 | struct stat st; | | 783 | struct stat st; |
784 | size_t lineno; | | 784 | size_t lineno; |
785 | size_t len; | | 785 | size_t len; |
786 | FILE *fp; | | 786 | FILE *fp; |
787 | char *cp; | | 787 | char *cp; |
788 | char *s; | | 788 | char *s; |
789 | | | 789 | |
790 | memsave(&up->u_primgrp, DEF_GROUP, strlen(DEF_GROUP)); | | 790 | memsave(&up->u_primgrp, DEF_GROUP, strlen(DEF_GROUP)); |
791 | memsave(&up->u_basedir, DEF_BASEDIR, strlen(DEF_BASEDIR)); | | 791 | memsave(&up->u_basedir, DEF_BASEDIR, strlen(DEF_BASEDIR)); |
792 | memsave(&up->u_skeldir, DEF_SKELDIR, strlen(DEF_SKELDIR)); | | 792 | memsave(&up->u_skeldir, DEF_SKELDIR, strlen(DEF_SKELDIR)); |
793 | memsave(&up->u_shell, DEF_SHELL, strlen(DEF_SHELL)); | | 793 | memsave(&up->u_shell, DEF_SHELL, strlen(DEF_SHELL)); |
794 | memsave(&up->u_comment, DEF_COMMENT, strlen(DEF_COMMENT)); | | 794 | memsave(&up->u_comment, DEF_COMMENT, strlen(DEF_COMMENT)); |
795 | #ifdef EXTENSIONS | | 795 | #ifdef EXTENSIONS |
796 | memsave(&up->u_class, DEF_CLASS, strlen(DEF_CLASS)); | | 796 | memsave(&up->u_class, DEF_CLASS, strlen(DEF_CLASS)); |
797 | #endif | | 797 | #endif |
798 | up->u_rsize = 16; | | 798 | up->u_rsize = 16; |
799 | up->u_defrc = 0; | | 799 | up->u_defrc = 0; |
800 | NEWARRAY(range_t, up->u_rv, up->u_rsize, exit(1)); | | 800 | NEWARRAY(range_t, up->u_rv, up->u_rsize, exit(1)); |
801 | up->u_inactive = DEF_INACTIVE; | | 801 | up->u_inactive = DEF_INACTIVE; |
802 | up->u_expire = DEF_EXPIRE; | | 802 | up->u_expire = DEF_EXPIRE; |
803 | if ((fp = fopen(_PATH_USERMGMT_CONF, "r")) == NULL) { | | 803 | if ((fp = fopen(_PATH_USERMGMT_CONF, "r")) == NULL) { |
804 | if (stat(_PATH_USERMGMT_CONF, &st) < 0 && !setdefaults(up)) { | | 804 | if (stat(_PATH_USERMGMT_CONF, &st) < 0 && !setdefaults(up)) { |
805 | warn("Can't create `%s' defaults file", | | 805 | warn("Can't create `%s' defaults file", |
806 | _PATH_USERMGMT_CONF); | | 806 | _PATH_USERMGMT_CONF); |
807 | } | | 807 | } |
808 | fp = fopen(_PATH_USERMGMT_CONF, "r"); | | 808 | fp = fopen(_PATH_USERMGMT_CONF, "r"); |
809 | } | | 809 | } |
810 | if (fp != NULL) { | | 810 | if (fp != NULL) { |
811 | while ((s = fparseln(fp, &len, &lineno, NULL, 0)) != NULL) { | | 811 | while ((s = fparseln(fp, &len, &lineno, NULL, 0)) != NULL) { |
812 | if (strncmp(s, "group", 5) == 0) { | | 812 | if (strncmp(s, "group", 5) == 0) { |
813 | cp = skipspace(s + 5); | | 813 | cp = skipspace(s + 5); |
814 | memsave(&up->u_primgrp, (char *)cp, strlen(cp)); | | 814 | memsave(&up->u_primgrp, (char *)cp, strlen(cp)); |
815 | } else if (strncmp(s, "base_dir", 8) == 0) { | | 815 | } else if (strncmp(s, "base_dir", 8) == 0) { |
816 | cp = skipspace(s + 8); | | 816 | cp = skipspace(s + 8); |
817 | memsave(&up->u_basedir, (char *)cp, strlen(cp)); | | 817 | memsave(&up->u_basedir, (char *)cp, strlen(cp)); |
818 | } else if (strncmp(s, "skel_dir", 8) == 0) { | | 818 | } else if (strncmp(s, "skel_dir", 8) == 0) { |
819 | cp = skipspace(s + 8); | | 819 | cp = skipspace(s + 8); |
820 | memsave(&up->u_skeldir, (char *)cp, strlen(cp)); | | 820 | memsave(&up->u_skeldir, (char *)cp, strlen(cp)); |
821 | } else if (strncmp(s, "shell", 5) == 0) { | | 821 | } else if (strncmp(s, "shell", 5) == 0) { |
822 | cp = skipspace(s + 5); | | 822 | cp = skipspace(s + 5); |
823 | memsave(&up->u_shell, cp, strlen(cp)); | | 823 | memsave(&up->u_shell, cp, strlen(cp)); |
824 | #ifdef EXTENSIONS | | 824 | #ifdef EXTENSIONS |
825 | } else if (strncmp((char *)s, "class", 5) == 0) { | | 825 | } else if (strncmp((char *)s, "class", 5) == 0) { |
826 | cp = skipspace(s + 5); | | 826 | cp = skipspace(s + 5); |
827 | memsave(&up->u_class, cp, strlen(cp)); | | 827 | memsave(&up->u_class, cp, strlen(cp)); |
828 | #endif | | 828 | #endif |
829 | #ifdef EXTENSIONS | | 829 | #ifdef EXTENSIONS |
830 | } else if (strncmp(s, "homeperm", 8) == 0) { | | 830 | } else if (strncmp(s, "homeperm", 8) == 0) { |
831 | for (cp = s + 8; *cp && | | 831 | for (cp = s + 8; *cp && |
832 | isspace((unsigned char)*cp); cp++) | | 832 | isspace((unsigned char)*cp); cp++) |
833 | ; | | 833 | ; |
834 | up->u_homeperm = strtoul(cp, NULL, 8); | | 834 | up->u_homeperm = strtoul(cp, NULL, 8); |
835 | #endif | | 835 | #endif |
836 | } else if (strncmp(s, "inactive", 8) == 0) { | | 836 | } else if (strncmp(s, "inactive", 8) == 0) { |
837 | cp = skipspace(s + 8); | | 837 | cp = skipspace(s + 8); |
838 | if (strcmp(cp, UNSET_INACTIVE) == 0) { | | 838 | if (strcmp(cp, UNSET_INACTIVE) == 0) { |
839 | if (up->u_inactive) { | | 839 | if (up->u_inactive) { |
840 | FREE(up->u_inactive); | | 840 | FREE(up->u_inactive); |
841 | } | | 841 | } |
842 | up->u_inactive = NULL; | | 842 | up->u_inactive = NULL; |
843 | } else { | | 843 | } else { |
844 | memsave(&up->u_inactive, cp, strlen(cp)); | | 844 | memsave(&up->u_inactive, cp, strlen(cp)); |
845 | } | | 845 | } |
846 | #ifdef EXTENSIONS | | 846 | #ifdef EXTENSIONS |
847 | } else if (strncmp(s, "range", 5) == 0) { | | 847 | } else if (strncmp(s, "range", 5) == 0) { |
848 | cp = skipspace(s + 5); | | 848 | cp = skipspace(s + 5); |
849 | (void)save_range(up, cp); | | 849 | (void)save_range(up, cp); |
850 | #endif | | 850 | #endif |
851 | #ifdef EXTENSIONS | | 851 | #ifdef EXTENSIONS |
852 | } else if (strncmp(s, "preserve", 8) == 0) { | | 852 | } else if (strncmp(s, "preserve", 8) == 0) { |
853 | cp = skipspace(s + 8); | | 853 | cp = skipspace(s + 8); |
854 | up->u_preserve = | | 854 | up->u_preserve = |
855 | (strncmp(cp, "true", 4) == 0) ? 1 : | | 855 | (strncmp(cp, "true", 4) == 0) ? 1 : |
856 | (strncmp(cp, "yes", 3) == 0) ? 1 : atoi(cp); | | 856 | (strncmp(cp, "yes", 3) == 0) ? 1 : atoi(cp); |
857 | #endif | | 857 | #endif |
858 | } else if (strncmp(s, "expire", 6) == 0) { | | 858 | } else if (strncmp(s, "expire", 6) == 0) { |
859 | cp = skipspace(s + 6); | | 859 | cp = skipspace(s + 6); |
860 | if (strcmp(cp, UNSET_EXPIRY) == 0) { | | 860 | if (strcmp(cp, UNSET_EXPIRY) == 0) { |
861 | if (up->u_expire) { | | 861 | if (up->u_expire) { |
862 | FREE(up->u_expire); | | 862 | FREE(up->u_expire); |
863 | } | | 863 | } |
864 | up->u_expire = NULL; | | 864 | up->u_expire = NULL; |
865 | } else { | | 865 | } else { |
866 | memsave(&up->u_expire, cp, strlen(cp)); | | 866 | memsave(&up->u_expire, cp, strlen(cp)); |
867 | } | | 867 | } |
868 | } | | 868 | } |
869 | (void)free(s); | | 869 | (void)free(s); |
870 | } | | 870 | } |
871 | (void)fclose(fp); | | 871 | (void)fclose(fp); |
872 | } | | 872 | } |
873 | if (up->u_rc == 0) { | | 873 | if (up->u_rc == 0) { |
874 | up->u_rv[up->u_rc].r_from = DEF_LOWUID; | | 874 | up->u_rv[up->u_rc].r_from = DEF_LOWUID; |
875 | up->u_rv[up->u_rc].r_to = DEF_HIGHUID; | | 875 | up->u_rv[up->u_rc].r_to = DEF_HIGHUID; |
876 | up->u_rc += 1; | | 876 | up->u_rc += 1; |
877 | } | | 877 | } |
878 | up->u_defrc = up->u_rc; | | 878 | up->u_defrc = up->u_rc; |
879 | up->u_homeperm = DEF_HOMEPERM; | | 879 | up->u_homeperm = DEF_HOMEPERM; |
880 | } | | 880 | } |
881 | | | 881 | |
882 | /* return the next valid unused uid */ | | 882 | /* return the next valid unused uid */ |
883 | static int | | 883 | static int |
884 | getnextuid(int sync_uid_gid, int *uid, int low_uid, int high_uid) | | 884 | getnextuid(int sync_uid_gid, int *uid, int low_uid, int high_uid) |
885 | { | | 885 | { |
886 | for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) { | | 886 | for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) { |
887 | if (getpwuid((uid_t)(*uid)) == NULL && *uid != NOBODY_UID) { | | 887 | if (getpwuid((uid_t)(*uid)) == NULL && *uid != NOBODY_UID) { |
888 | if (sync_uid_gid) { | | 888 | if (sync_uid_gid) { |
889 | if (getgrgid((gid_t)(*uid)) == NULL) { | | 889 | if (getgrgid((gid_t)(*uid)) == NULL) { |
890 | return 1; | | 890 | return 1; |
891 | } | | 891 | } |
892 | } else { | | 892 | } else { |
893 | return 1; | | 893 | return 1; |
894 | } | | 894 | } |
895 | } | | 895 | } |
896 | } | | 896 | } |
897 | return 0; | | 897 | return 0; |
898 | } | | 898 | } |
899 | | | 899 | |
900 | /* structure which defines a password type */ | | 900 | /* structure which defines a password type */ |
901 | typedef struct passwd_type_t { | | 901 | typedef struct passwd_type_t { |
902 | const char *type; /* optional type descriptor */ | | 902 | const char *type; /* optional type descriptor */ |
903 | size_t desc_length; /* length of type descriptor */ | | 903 | size_t desc_length; /* length of type descriptor */ |
904 | size_t length; /* length of password */ | | 904 | size_t length; /* length of password */ |
905 | const char *regex; /* regexp to output the password */ | | 905 | const char *regex; /* regexp to output the password */ |
906 | size_t re_sub; /* subscript of regexp to use */ | | 906 | size_t re_sub; /* subscript of regexp to use */ |
907 | } passwd_type_t; | | 907 | } passwd_type_t; |
908 | | | 908 | |
909 | static passwd_type_t passwd_types[] = { | | 909 | static passwd_type_t passwd_types[] = { |
910 | { "$sha1", 5, 28, "\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* SHA1 */ | | 910 | { "$sha1", 5, 28, "\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* SHA1 */ |
911 | { "$2a", 3, 54, "\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* Blowfish */ | | 911 | { "$2a", 3, 54, "\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* Blowfish */ |
912 | { "$1", 2, 34, NULL, 0 }, /* MD5 */ | | 912 | { "$1", 2, 34, NULL, 0 }, /* MD5 */ |
913 | { "", 0, DES_Len,NULL, 0 }, /* standard DES */ | | 913 | { "", 0, DES_Len,NULL, 0 }, /* standard DES */ |
914 | { NULL, (size_t)~0, (size_t)~0, NULL, 0 } | | 914 | { NULL, (size_t)~0, (size_t)~0, NULL, 0 } |
915 | /* none - terminate search */ | | 915 | /* none - terminate search */ |
916 | }; | | 916 | }; |
917 | | | 917 | |
918 | /* return non-zero if it's a valid password - check length for cipher type */ | | 918 | /* return non-zero if it's a valid password - check length for cipher type */ |
919 | static int | | 919 | static int |
920 | valid_password_length(char *newpasswd) | | 920 | valid_password_length(char *newpasswd) |
921 | { | | 921 | { |
922 | passwd_type_t *pwtp; | | 922 | passwd_type_t *pwtp; |
923 | regmatch_t matchv[10]; | | 923 | regmatch_t matchv[10]; |
924 | regex_t r; | | 924 | regex_t r; |
925 | | | 925 | |
926 | for (pwtp = passwd_types; pwtp->desc_length != (size_t)~0; pwtp++) { | | 926 | for (pwtp = passwd_types; pwtp->desc_length != (size_t)~0; pwtp++) { |
927 | if (strncmp(newpasswd, pwtp->type, pwtp->desc_length) == 0) { | | 927 | if (strncmp(newpasswd, pwtp->type, pwtp->desc_length) == 0) { |
928 | if (pwtp->regex == NULL) { | | 928 | if (pwtp->regex == NULL) { |
929 | return strlen(newpasswd) == pwtp->length; | | 929 | return strlen(newpasswd) == pwtp->length; |
930 | } | | 930 | } |
931 | (void)regcomp(&r, pwtp->regex, REG_EXTENDED); | | 931 | (void)regcomp(&r, pwtp->regex, REG_EXTENDED); |
932 | if (regexec(&r, newpasswd, 10, matchv, 0) == 0) { | | 932 | if (regexec(&r, newpasswd, 10, matchv, 0) == 0) { |
933 | regfree(&r); | | 933 | regfree(&r); |
934 | return (int)(matchv[pwtp->re_sub].rm_eo - | | 934 | return (int)(matchv[pwtp->re_sub].rm_eo - |
935 | matchv[pwtp->re_sub].rm_so + 1) == | | 935 | matchv[pwtp->re_sub].rm_so + 1) == |
936 | pwtp->length; | | 936 | pwtp->length; |
937 | } | | 937 | } |
938 | regfree(&r); | | 938 | regfree(&r); |
939 | } | | 939 | } |
940 | } | | 940 | } |
941 | return 0; | | 941 | return 0; |
942 | } | | 942 | } |
943 | | | 943 | |
944 | #ifdef EXTENSIONS | | 944 | #ifdef EXTENSIONS |
945 | /* return 1 if `class' is a valid login class */ | | 945 | /* return 1 if `class' is a valid login class */ |
946 | static int | | 946 | static int |
947 | valid_class(char *class) | | 947 | valid_class(char *class) |
948 | { | | 948 | { |
949 | login_cap_t *lc; | | 949 | login_cap_t *lc; |
950 | | | 950 | |
951 | if (class == NULL || *class == '\0') { | | 951 | if (class == NULL || *class == '\0') { |
952 | return 1; | | 952 | return 1; |
953 | } | | 953 | } |
954 | /* | | 954 | /* |
955 | * Check if /etc/login.conf exists. login_getclass() will | | 955 | * Check if /etc/login.conf exists. login_getclass() will |
956 | * return 1 due to it not existing, so not informing the | | 956 | * return 1 due to it not existing, so not informing the |
957 | * user the actual login class does not exist. | | 957 | * user the actual login class does not exist. |
958 | */ | | 958 | */ |
959 | | | 959 | |
960 | if (access(PATH_LOGINCONF, R_OK) == -1) { | | 960 | if (access(PATH_LOGINCONF, R_OK) == -1) { |
961 | warn("Access failed for `%s'; will not validate class `%s'", | | 961 | warn("Access failed for `%s'; will not validate class `%s'", |
962 | PATH_LOGINCONF, class); | | 962 | PATH_LOGINCONF, class); |
963 | return 1; | | 963 | return 1; |
964 | } | | 964 | } |
965 | | | 965 | |
966 | if ((lc = login_getclass(class)) != NULL) { | | 966 | if ((lc = login_getclass(class)) != NULL) { |
967 | login_close(lc); | | 967 | login_close(lc); |
968 | return 1; | | 968 | return 1; |
969 | } | | 969 | } |
970 | return 0; | | 970 | return 0; |
971 | } | | 971 | } |
972 | | | 972 | |
973 | /* return 1 if the `shellname' is a valid user shell */ | | 973 | /* return 1 if the `shellname' is a valid user shell */ |
974 | static int | | 974 | static int |
975 | valid_shell(const char *shellname) | | 975 | valid_shell(const char *shellname) |
976 | { | | 976 | { |
977 | char *shellp; | | 977 | char *shellp; |
978 | | | 978 | |
979 | if (access(_PATH_SHELLS, R_OK) == -1) { | | 979 | if (access(_PATH_SHELLS, R_OK) == -1) { |
980 | /* Don't exit */ | | 980 | /* Don't exit */ |
981 | warn("Access failed for `%s'; will not validate shell `%s'", | | 981 | warn("Access failed for `%s'; will not validate shell `%s'", |
982 | _PATH_SHELLS, shellname); | | 982 | _PATH_SHELLS, shellname); |
983 | return 1; | | 983 | return 1; |
984 | } | | 984 | } |
985 | | | 985 | |
986 | /* if nologin is used as a shell, consider it a valid shell */ | | 986 | /* if nologin is used as a shell, consider it a valid shell */ |
987 | if (strcmp(shellname, NOLOGIN) == 0) | | 987 | if (strcmp(shellname, NOLOGIN) == 0) |
988 | return 1; | | 988 | return 1; |
989 | | | 989 | |
990 | while ((shellp = getusershell()) != NULL) | | 990 | while ((shellp = getusershell()) != NULL) |
991 | if (strcmp(shellp, shellname) == 0) | | 991 | if (strcmp(shellp, shellname) == 0) |
992 | return 1; | | 992 | return 1; |
993 | | | 993 | |
994 | warnx("Shell `%s' not found in `%s'", shellname, _PATH_SHELLS); | | 994 | warnx("Shell `%s' not found in `%s'", shellname, _PATH_SHELLS); |
995 | | | 995 | |
996 | return access(shellname, X_OK) != -1; | | 996 | return access(shellname, X_OK) != -1; |
997 | } | | 997 | } |
998 | #endif | | 998 | #endif |
999 | | | 999 | |
1000 | /* look for a valid time, return 0 if it was specified but bad */ | | 1000 | /* look for a valid time, return 0 if it was specified but bad */ |
1001 | static int | | 1001 | static int |
1002 | scantime(time_t *tp, char *s) | | 1002 | scantime(time_t *tp, char *s) |
1003 | { | | 1003 | { |
1004 | struct tm tm; | | 1004 | struct tm tm; |
1005 | char *ep; | | 1005 | char *ep; |
1006 | long val; | | 1006 | long val; |
1007 | | | 1007 | |
1008 | *tp = 0; | | 1008 | *tp = 0; |
1009 | if (s != NULL) { | | 1009 | if (s != NULL) { |
1010 | (void)memset(&tm, 0, sizeof(tm)); | | 1010 | (void)memset(&tm, 0, sizeof(tm)); |
1011 | if (strptime(s, "%c", &tm) != NULL) { | | 1011 | if (strptime(s, "%c", &tm) != NULL) { |
1012 | *tp = mktime(&tm); | | 1012 | *tp = mktime(&tm); |
1013 | return (*tp == -1) ? 0 : 1; | | 1013 | return (*tp == -1) ? 0 : 1; |
1014 | } else if (strptime(s, "%B %d %Y", &tm) != NULL) { | | 1014 | } else if (strptime(s, "%B %d %Y", &tm) != NULL) { |
1015 | *tp = mktime(&tm); | | 1015 | *tp = mktime(&tm); |
1016 | return (*tp == -1) ? 0 : 1; | | 1016 | return (*tp == -1) ? 0 : 1; |
1017 | } else { | | 1017 | } else { |
1018 | errno = 0; | | 1018 | errno = 0; |
1019 | *tp = val = strtol(s, &ep, 10); | | 1019 | *tp = val = strtol(s, &ep, 10); |
1020 | if (*ep != '\0' || *tp < -1 || errno == ERANGE) { | | 1020 | if (*ep != '\0' || *tp < -1 || errno == ERANGE) { |
1021 | *tp = 0; | | 1021 | *tp = 0; |
1022 | return 0; | | 1022 | return 0; |
1023 | } | | 1023 | } |
1024 | if (*tp != val) { | | 1024 | if (*tp != val) { |
1025 | return 0; | | 1025 | return 0; |
1026 | } | | 1026 | } |
1027 | } | | 1027 | } |
1028 | } | | 1028 | } |
1029 | return 1; | | 1029 | return 1; |
1030 | } | | 1030 | } |
1031 | | | 1031 | |
1032 | /* add a user */ | | 1032 | /* add a user */ |
1033 | static int | | 1033 | static int |
1034 | adduser(char *login_name, user_t *up) | | 1034 | adduser(char *login_name, user_t *up) |
1035 | { | | 1035 | { |
1036 | struct group *grp; | | 1036 | struct group *grp; |
1037 | struct stat st; | | 1037 | struct stat st; |
1038 | time_t expire; | | 1038 | time_t expire; |
1039 | time_t inactive; | | 1039 | time_t inactive; |
1040 | char password[PasswordLength + 1]; | | 1040 | char password[PasswordLength + 1]; |
1041 | char home[MaxFileNameLen]; | | 1041 | char home[MaxFileNameLen]; |
1042 | char buf[MaxFileNameLen]; | | 1042 | char buf[MaxFileNameLen]; |
1043 | int sync_uid_gid; | | 1043 | int sync_uid_gid; |
1044 | int masterfd; | | 1044 | int masterfd; |
1045 | int ptmpfd; | | 1045 | int ptmpfd; |
1046 | int gid; | | 1046 | int gid; |
1047 | int cc; | | 1047 | int cc; |
1048 | int i; | | 1048 | int i; |
1049 | | | 1049 | |
1050 | if (!valid_login(login_name, up->u_allow_samba)) { | | 1050 | if (!valid_login(login_name, up->u_allow_samba)) { |
1051 | errx(EXIT_FAILURE, "Can't add user `%s': invalid login name", login_name); | | 1051 | errx(EXIT_FAILURE, "Can't add user `%s': invalid login name", login_name); |
1052 | } | | 1052 | } |
1053 | #ifdef EXTENSIONS | | 1053 | #ifdef EXTENSIONS |
1054 | if (!valid_class(up->u_class)) { | | 1054 | if (!valid_class(up->u_class)) { |
1055 | errx(EXIT_FAILURE, "Can't add user `%s': no such login class `%s'", | | 1055 | errx(EXIT_FAILURE, "Can't add user `%s': no such login class `%s'", |
1056 | login_name, up->u_class); | | 1056 | login_name, up->u_class); |
1057 | } | | 1057 | } |
1058 | #endif | | 1058 | #endif |
1059 | if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { | | 1059 | if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { |
1060 | err(EXIT_FAILURE, "Can't add user `%s': can't open `%s'", | | 1060 | err(EXIT_FAILURE, "Can't add user `%s': can't open `%s'", |
1061 | login_name, _PATH_MASTERPASSWD); | | 1061 | login_name, _PATH_MASTERPASSWD); |
1062 | } | | 1062 | } |
1063 | if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { | | 1063 | if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { |
1064 | err(EXIT_FAILURE, "Can't add user `%s': can't lock `%s'", | | 1064 | err(EXIT_FAILURE, "Can't add user `%s': can't lock `%s'", |
1065 | login_name, _PATH_MASTERPASSWD); | | 1065 | login_name, _PATH_MASTERPASSWD); |
1066 | } | | 1066 | } |
1067 | pw_init(); | | 1067 | pw_init(); |
1068 | if ((ptmpfd = pw_lock(WAITSECS)) < 0) { | | 1068 | if ((ptmpfd = pw_lock(WAITSECS)) < 0) { |
1069 | int serrno = errno; | | 1069 | int serrno = errno; |
1070 | (void)close(masterfd); | | 1070 | (void)close(masterfd); |
1071 | errno = serrno; | | 1071 | errno = serrno; |
1072 | err(EXIT_FAILURE, "Can't add user `%s': can't obtain pw_lock", | | 1072 | err(EXIT_FAILURE, "Can't add user `%s': can't obtain pw_lock", |
1073 | login_name); | | 1073 | login_name); |
1074 | } | | 1074 | } |
1075 | while ((cc = read(masterfd, buf, sizeof(buf))) > 0) { | | 1075 | while ((cc = read(masterfd, buf, sizeof(buf))) > 0) { |
1076 | if (write(ptmpfd, buf, (size_t)(cc)) != cc) { | | 1076 | if (write(ptmpfd, buf, (size_t)(cc)) != cc) { |
1077 | int serrno = errno; | | 1077 | int serrno = errno; |
1078 | (void)close(masterfd); | | 1078 | (void)close(masterfd); |
1079 | (void)close(ptmpfd); | | 1079 | (void)close(ptmpfd); |
1080 | (void)pw_abort(); | | 1080 | (void)pw_abort(); |
1081 | errno = serrno; | | 1081 | errno = serrno; |
1082 | err(EXIT_FAILURE, "Can't add user `%s': " | | 1082 | err(EXIT_FAILURE, "Can't add user `%s': " |
1083 | "short write to /etc/ptmp", login_name); | | 1083 | "short write to /etc/ptmp", login_name); |
1084 | } | | 1084 | } |
1085 | } | | 1085 | } |
1086 | /* if no uid was specified, get next one in [low_uid..high_uid] range */ | | 1086 | /* if no uid was specified, get next one in [low_uid..high_uid] range */ |
1087 | sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0); | | 1087 | sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0); |
1088 | if (up->u_uid == -1) { | | 1088 | if (up->u_uid == -1) { |
1089 | int got_id = 0; | | 1089 | int got_id = 0; |
1090 | | | 1090 | |
1091 | /* | | 1091 | /* |
1092 | * Look for a free UID in the command line ranges (if any). | | 1092 | * Look for a free UID in the command line ranges (if any). |
1093 | * These start after the ranges specified in the config file. | | 1093 | * These start after the ranges specified in the config file. |
1094 | */ | | 1094 | */ |
1095 | for (i = up->u_defrc; !got_id && i < up->u_rc ; i++) { | | 1095 | for (i = up->u_defrc; !got_id && i < up->u_rc ; i++) { |
1096 | got_id = getnextuid(sync_uid_gid, &up->u_uid, | | 1096 | got_id = getnextuid(sync_uid_gid, &up->u_uid, |
1097 | up->u_rv[i].r_from, up->u_rv[i].r_to); | | 1097 | up->u_rv[i].r_from, up->u_rv[i].r_to); |
1098 | } | | 1098 | } |
1099 | /* | | 1099 | /* |
1100 | * If there were no free UIDs in the command line ranges, | | 1100 | * If there were no free UIDs in the command line ranges, |
1101 | * try the ranges from the config file (there will always | | 1101 | * try the ranges from the config file (there will always |
1102 | * be at least one default). | | 1102 | * be at least one default). |
1103 | */ | | 1103 | */ |
1104 | for (i = 0; !got_id && i < up->u_defrc; i++) { | | 1104 | for (i = 0; !got_id && i < up->u_defrc; i++) { |
1105 | got_id = getnextuid(sync_uid_gid, &up->u_uid, | | 1105 | got_id = getnextuid(sync_uid_gid, &up->u_uid, |
1106 | up->u_rv[i].r_from, up->u_rv[i].r_to); | | 1106 | up->u_rv[i].r_from, up->u_rv[i].r_to); |
1107 | } | | 1107 | } |
1108 | if (!got_id) { | | 1108 | if (!got_id) { |
1109 | (void)close(ptmpfd); | | 1109 | (void)close(ptmpfd); |
1110 | (void)pw_abort(); | | 1110 | (void)pw_abort(); |
1111 | errx(EXIT_FAILURE, "Can't add user `%s': " | | 1111 | errx(EXIT_FAILURE, "Can't add user `%s': " |
1112 | "can't get next uid for %d", login_name, | | 1112 | "can't get next uid for %d", login_name, |
1113 | up->u_uid); | | 1113 | up->u_uid); |
1114 | } | | 1114 | } |
1115 | } | | 1115 | } |
1116 | /* check uid isn't already allocated */ | | 1116 | /* check uid isn't already allocated */ |
1117 | if (!(up->u_flags & F_DUPUID) && getpwuid((uid_t)(up->u_uid)) != NULL) { | | 1117 | if (!(up->u_flags & F_DUPUID) && getpwuid((uid_t)(up->u_uid)) != NULL) { |
1118 | (void)close(ptmpfd); | | 1118 | (void)close(ptmpfd); |
1119 | (void)pw_abort(); | | 1119 | (void)pw_abort(); |
1120 | errx(EXIT_FAILURE, "Can't add user `%s': " | | 1120 | errx(EXIT_FAILURE, "Can't add user `%s': " |
1121 | "uid %d is already in use", login_name, up->u_uid); | | 1121 | "uid %d is already in use", login_name, up->u_uid); |
1122 | } | | 1122 | } |
1123 | /* if -g=uid was specified, check gid is unused */ | | 1123 | /* if -g=uid was specified, check gid is unused */ |
1124 | if (sync_uid_gid) { | | 1124 | if (sync_uid_gid) { |
1125 | if (getgrgid((gid_t)(up->u_uid)) != NULL) { | | 1125 | if (getgrgid((gid_t)(up->u_uid)) != NULL) { |
1126 | (void)close(ptmpfd); | | 1126 | (void)close(ptmpfd); |
1127 | (void)pw_abort(); | | 1127 | (void)pw_abort(); |
1128 | errx(EXIT_FAILURE, "Can't add user `%s': " | | 1128 | errx(EXIT_FAILURE, "Can't add user `%s': " |
1129 | "gid %d is already in use", login_name, | | 1129 | "gid %d is already in use", login_name, |
1130 | up->u_uid); | | 1130 | up->u_uid); |
1131 | } | | 1131 | } |
1132 | gid = up->u_uid; | | 1132 | gid = up->u_uid; |
1133 | } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { | | 1133 | } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { |
1134 | gid = grp->gr_gid; | | 1134 | gid = grp->gr_gid; |
1135 | } else if (is_number(up->u_primgrp) && | | 1135 | } else if (is_number(up->u_primgrp) && |
1136 | (grp = getgrgid((gid_t)atoi(up->u_primgrp))) != NULL) { | | 1136 | (grp = getgrgid((gid_t)atoi(up->u_primgrp))) != NULL) { |
1137 | gid = grp->gr_gid; | | 1137 | gid = grp->gr_gid; |
1138 | } else { | | 1138 | } else { |
1139 | (void)close(ptmpfd); | | 1139 | (void)close(ptmpfd); |
1140 | (void)pw_abort(); | | 1140 | (void)pw_abort(); |
1141 | errx(EXIT_FAILURE, "Can't add user `%s': group %s not found", | | 1141 | errx(EXIT_FAILURE, "Can't add user `%s': group %s not found", |
1142 | login_name, up->u_primgrp); | | 1142 | login_name, up->u_primgrp); |
1143 | } | | 1143 | } |
1144 | /* check name isn't already in use */ | | 1144 | /* check name isn't already in use */ |
1145 | if (!(up->u_flags & F_DUPUID) && getpwnam(login_name) != NULL) { | | 1145 | if (!(up->u_flags & F_DUPUID) && getpwnam(login_name) != NULL) { |
1146 | (void)close(ptmpfd); | | 1146 | (void)close(ptmpfd); |
1147 | (void)pw_abort(); | | 1147 | (void)pw_abort(); |
1148 | errx(EXIT_FAILURE, "Can't add user `%s': " | | 1148 | errx(EXIT_FAILURE, "Can't add user `%s': " |
1149 | "`%s' is already a user", login_name, login_name); | | 1149 | "`%s' is already a user", login_name, login_name); |
1150 | } | | 1150 | } |
1151 | if (up->u_flags & F_HOMEDIR) { | | 1151 | if (up->u_flags & F_HOMEDIR) { |
1152 | (void)strlcpy(home, up->u_home, sizeof(home)); | | 1152 | (void)strlcpy(home, up->u_home, sizeof(home)); |
1153 | } else { | | 1153 | } else { |
1154 | /* if home directory hasn't been given, make it up */ | | 1154 | /* if home directory hasn't been given, make it up */ |
1155 | (void)snprintf(home, sizeof(home), "%s/%s", up->u_basedir, | | 1155 | (void)snprintf(home, sizeof(home), "%s/%s", up->u_basedir, |
1156 | login_name); | | 1156 | login_name); |
1157 | } | | 1157 | } |
1158 | if (up->u_flags & F_SHELL) { | | 1158 | if (up->u_flags & F_SHELL) { |
1159 | #ifdef EXTENSIONS | | 1159 | #ifdef EXTENSIONS |
1160 | if (!valid_shell(up->u_shell)) { | | 1160 | if (!valid_shell(up->u_shell)) { |
1161 | int oerrno = errno; | | 1161 | int oerrno = errno; |
1162 | (void)close(ptmpfd); | | 1162 | (void)close(ptmpfd); |
1163 | (void)pw_abort(); | | 1163 | (void)pw_abort(); |
1164 | errno = oerrno; | | 1164 | errno = oerrno; |
1165 | errx(EXIT_FAILURE, "Can't add user `%s': " | | 1165 | errx(EXIT_FAILURE, "Can't add user `%s': " |
1166 | "Cannot access shell `%s'", | | 1166 | "Cannot access shell `%s'", |
1167 | login_name, up->u_shell); | | 1167 | login_name, up->u_shell); |
1168 | } | | 1168 | } |
1169 | #endif | | 1169 | #endif |
1170 | } | | 1170 | } |
1171 | | | 1171 | |
1172 | if (!scantime(&inactive, up->u_inactive)) { | | 1172 | if (!scantime(&inactive, up->u_inactive)) { |
1173 | warnx("Warning: inactive time `%s' invalid, password expiry off", | | 1173 | warnx("Warning: inactive time `%s' invalid, password expiry off", |
1174 | up->u_inactive); | | 1174 | up->u_inactive); |
1175 | } | | 1175 | } |
1176 | if (!scantime(&expire, up->u_expire) || expire == -1) { | | 1176 | if (!scantime(&expire, up->u_expire) || expire == -1) { |
1177 | warnx("Warning: expire time `%s' invalid, account expiry off", | | 1177 | warnx("Warning: expire time `%s' invalid, account expiry off", |
1178 | up->u_expire); | | 1178 | up->u_expire); |
1179 | expire = 0; /* Just in case. */ | | 1179 | expire = 0; /* Just in case. */ |
1180 | } | | 1180 | } |
1181 | if (lstat(home, &st) < 0 && !(up->u_flags & F_MKDIR)) { | | 1181 | if (lstat(home, &st) < 0 && !(up->u_flags & F_MKDIR)) { |
1182 | warnx("Warning: home directory `%s' doesn't exist, " | | 1182 | warnx("Warning: home directory `%s' doesn't exist, " |
1183 | "and -m was not specified", home); | | 1183 | "and -m was not specified", home); |
1184 | } | | 1184 | } |
1185 | password[sizeof(password) - 1] = '\0'; | | 1185 | password[sizeof(password) - 1] = '\0'; |
1186 | if (up->u_password != NULL && valid_password_length(up->u_password)) { | | 1186 | if (up->u_password != NULL && valid_password_length(up->u_password)) { |
1187 | (void)strlcpy(password, up->u_password, sizeof(password)); | | 1187 | (void)strlcpy(password, up->u_password, sizeof(password)); |
1188 | } else { | | 1188 | } else { |
1189 | (void)memset(password, '*', DES_Len); | | 1189 | (void)memset(password, '*', DES_Len); |
1190 | password[DES_Len] = 0; | | 1190 | password[DES_Len] = 0; |
1191 | if (up->u_password != NULL) { | | 1191 | if (up->u_password != NULL) { |
1192 | warnx("Password `%s' is invalid: setting it to `%s'", | | 1192 | warnx("Password `%s' is invalid: setting it to `%s'", |
1193 | up->u_password, password); | | 1193 | up->u_password, password); |
1194 | } | | 1194 | } |
1195 | } | | 1195 | } |
1196 | cc = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n", | | 1196 | cc = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n", |
1197 | login_name, | | 1197 | login_name, |
1198 | password, | | 1198 | password, |
1199 | up->u_uid, | | 1199 | up->u_uid, |
1200 | gid, | | 1200 | gid, |
1201 | #ifdef EXTENSIONS | | 1201 | #ifdef EXTENSIONS |
1202 | up->u_class, | | 1202 | up->u_class, |
1203 | #else | | 1203 | #else |
1204 | "", | | 1204 | "", |
1205 | #endif | | 1205 | #endif |
1206 | (long) inactive, | | 1206 | (long) inactive, |
1207 | (long) expire, | | 1207 | (long) expire, |
1208 | up->u_comment, | | 1208 | up->u_comment, |
1209 | home, | | 1209 | home, |
1210 | up->u_shell); | | 1210 | up->u_shell); |
1211 | if (write(ptmpfd, buf, (size_t) cc) != cc) { | | 1211 | if (write(ptmpfd, buf, (size_t) cc) != cc) { |
1212 | int serrno = errno; | | 1212 | int serrno = errno; |
1213 | (void)close(ptmpfd); | | 1213 | (void)close(ptmpfd); |
1214 | (void)pw_abort(); | | 1214 | (void)pw_abort(); |
1215 | errno = serrno; | | 1215 | errno = serrno; |
1216 | err(EXIT_FAILURE, "Can't add user `%s': write failed", | | 1216 | err(EXIT_FAILURE, "Can't add user `%s': write failed", |
1217 | login_name); | | 1217 | login_name); |
1218 | } | | 1218 | } |
1219 | if (up->u_flags & F_MKDIR) { | | 1219 | if (up->u_flags & F_MKDIR) { |
1220 | if (lstat(home, &st) == 0) { | | 1220 | if (lstat(home, &st) == 0) { |
1221 | (void)close(ptmpfd); | | 1221 | (void)close(ptmpfd); |
1222 | (void)pw_abort(); | | 1222 | (void)pw_abort(); |
1223 | errx(EXIT_FAILURE, | | 1223 | errx(EXIT_FAILURE, |
1224 | "Can't add user `%s': home directory `%s' " | | 1224 | "Can't add user `%s': home directory `%s' " |
1225 | "already exists", login_name, home); | | 1225 | "already exists", login_name, home); |
1226 | } else { | | 1226 | } else { |
1227 | if (asystem("%s -p %s", MKDIR, home) != 0) { | | 1227 | if (asystem("%s -p %s", MKDIR, home) != 0) { |
1228 | (void)close(ptmpfd); | | 1228 | (void)close(ptmpfd); |
1229 | (void)pw_abort(); | | 1229 | (void)pw_abort(); |
1230 | errx(EXIT_FAILURE, "Can't add user `%s': " | | 1230 | errx(EXIT_FAILURE, "Can't add user `%s': " |
1231 | "can't mkdir `%s'", login_name, home); | | 1231 | "can't mkdir `%s'", login_name, home); |
1232 | } | | 1232 | } |
1233 | (void)copydotfiles(up->u_skeldir, up->u_uid, gid, home, | | 1233 | (void)copydotfiles(up->u_skeldir, up->u_uid, gid, home, |
1234 | up->u_homeperm); | | 1234 | up->u_homeperm); |
1235 | } | | 1235 | } |
1236 | } | | 1236 | } |
1237 | if (strcmp(up->u_primgrp, "=uid") == 0 && | | 1237 | if (strcmp(up->u_primgrp, "=uid") == 0 && |
1238 | getgrnam(login_name) == NULL && | | 1238 | getgrnam(login_name) == NULL && |
1239 | !creategid(login_name, gid, login_name)) { | | 1239 | !creategid(login_name, gid, login_name)) { |
1240 | (void)close(ptmpfd); | | 1240 | (void)close(ptmpfd); |
1241 | (void)pw_abort(); | | 1241 | (void)pw_abort(); |
1242 | errx(EXIT_FAILURE, "Can't add user `%s': can't create gid %d ", | | 1242 | errx(EXIT_FAILURE, "Can't add user `%s': can't create gid %d ", |
1243 | login_name, gid); | | 1243 | login_name, gid); |
1244 | } | | 1244 | } |
1245 | if (up->u_groupc > 0 && | | 1245 | if (up->u_groupc > 0 && |
1246 | !append_group(login_name, up->u_groupc, up->u_groupv)) { | | 1246 | !append_group(login_name, up->u_groupc, up->u_groupv)) { |
1247 | (void)close(ptmpfd); | | 1247 | (void)close(ptmpfd); |
1248 | (void)pw_abort(); | | 1248 | (void)pw_abort(); |
1249 | errx(EXIT_FAILURE, "Can't add user `%s': can't append " | | 1249 | errx(EXIT_FAILURE, "Can't add user `%s': can't append " |
1250 | "to new groups", login_name); | | 1250 | "to new groups", login_name); |
1251 | } | | 1251 | } |
1252 | (void)close(ptmpfd); | | 1252 | (void)close(ptmpfd); |
1253 | #if PW_MKDB_ARGC == 2 | | 1253 | #if PW_MKDB_ARGC == 2 |
1254 | if (pw_mkdb(login_name, 0) < 0) | | 1254 | if (pw_mkdb(login_name, 0) < 0) |
1255 | #else | | 1255 | #else |
1256 | if (pw_mkdb() < 0) | | 1256 | if (pw_mkdb() < 0) |
1257 | #endif | | 1257 | #endif |
1258 | { | | 1258 | { |
1259 | (void)pw_abort(); | | 1259 | (void)pw_abort(); |
1260 | errx(EXIT_FAILURE, "Can't add user `%s': pw_mkdb failed", | | 1260 | errx(EXIT_FAILURE, "Can't add user `%s': pw_mkdb failed", |
1261 | login_name); | | 1261 | login_name); |
1262 | } | | 1262 | } |
1263 | syslog(LOG_INFO, "New user added: name=%s, uid=%d, gid=%d, home=%s, " | | 1263 | syslog(LOG_INFO, "New user added: name=%s, uid=%d, gid=%d, home=%s, " |
1264 | "shell=%s", login_name, up->u_uid, gid, home, up->u_shell); | | 1264 | "shell=%s", login_name, up->u_uid, gid, home, up->u_shell); |
1265 | return 1; | | 1265 | return 1; |
1266 | } | | 1266 | } |
1267 | | | 1267 | |
1268 | /* remove a user from the groups file */ | | 1268 | /* remove a user from the groups file */ |
1269 | static int | | 1269 | static int |
1270 | rm_user_from_groups(char *login_name) | | 1270 | rm_user_from_groups(char *login_name) |
1271 | { | | 1271 | { |
1272 | struct stat st; | | 1272 | struct stat st; |
1273 | regmatch_t matchv[10]; | | 1273 | regmatch_t matchv[10]; |
1274 | regex_t r; | | 1274 | regex_t r; |
1275 | FILE *from; | | 1275 | FILE *from; |
1276 | FILE *to; | | 1276 | FILE *to; |
1277 | char line[MaxEntryLen]; | | 1277 | char line[MaxEntryLen]; |
1278 | char buf[MaxEntryLen]; | | 1278 | char buf[MaxEntryLen]; |
1279 | char f[MaxFileNameLen]; | | 1279 | char f[MaxFileNameLen]; |
1280 | int fd; | | 1280 | int fd; |
1281 | int cc; | | 1281 | int cc; |
1282 | int sc; | | 1282 | int sc; |
1283 | | | 1283 | |
1284 | (void)snprintf(line, sizeof(line), "(:|,)(%s)(,|$)", login_name); | | 1284 | (void)snprintf(line, sizeof(line), "(:|,)(%s)(,|$)", login_name); |
1285 | if ((sc = regcomp(&r, line, REG_EXTENDED|REG_NEWLINE)) != 0) { | | 1285 | if ((sc = regcomp(&r, line, REG_EXTENDED|REG_NEWLINE)) != 0) { |
1286 | (void)regerror(sc, &r, buf, sizeof(buf)); | | 1286 | (void)regerror(sc, &r, buf, sizeof(buf)); |
1287 | warnx("Can't compile regular expression `%s' (%s)", line, | | 1287 | warnx("Can't compile regular expression `%s' (%s)", line, |
1288 | buf); | | 1288 | buf); |
1289 | return 0; | | 1289 | return 0; |
1290 | } | | 1290 | } |
1291 | if ((from = fopen(_PATH_GROUP, "r")) == NULL) { | | 1291 | if ((from = fopen(_PATH_GROUP, "r")) == NULL) { |
1292 | warn("Can't remove user `%s' from `%s': can't open `%s'", | | 1292 | warn("Can't remove user `%s' from `%s': can't open `%s'", |
1293 | login_name, _PATH_GROUP, _PATH_GROUP); | | 1293 | login_name, _PATH_GROUP, _PATH_GROUP); |
1294 | return 0; | | 1294 | return 0; |
1295 | } | | 1295 | } |
1296 | if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { | | 1296 | if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { |
1297 | warn("Can't remove user `%s' from `%s': can't lock `%s'", | | 1297 | warn("Can't remove user `%s' from `%s': can't lock `%s'", |
1298 | login_name, _PATH_GROUP, _PATH_GROUP); | | 1298 | login_name, _PATH_GROUP, _PATH_GROUP); |
1299 | (void)fclose(from); | | 1299 | (void)fclose(from); |
1300 | return 0; | | 1300 | return 0; |
1301 | } | | 1301 | } |
1302 | (void)fstat(fileno(from), &st); | | 1302 | (void)fstat(fileno(from), &st); |
1303 | (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); | | 1303 | (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); |
1304 | if ((fd = mkstemp(f)) < 0) { | | 1304 | if ((fd = mkstemp(f)) < 0) { |
1305 | warn("Can't remove user `%s' from `%s': mkstemp failed", | | 1305 | warn("Can't remove user `%s' from `%s': mkstemp failed", |
1306 | login_name, _PATH_GROUP); | | 1306 | login_name, _PATH_GROUP); |
1307 | (void)fclose(from); | | 1307 | (void)fclose(from); |
1308 | return 0; | | 1308 | return 0; |
1309 | } | | 1309 | } |
1310 | if ((to = fdopen(fd, "w")) == NULL) { | | 1310 | if ((to = fdopen(fd, "w")) == NULL) { |
1311 | warn("Can't remove user `%s' from `%s': fdopen `%s' failed", | | 1311 | warn("Can't remove user `%s' from `%s': fdopen `%s' failed", |
1312 | login_name, _PATH_GROUP, f); | | 1312 | login_name, _PATH_GROUP, f); |
1313 | (void)fclose(from); | | 1313 | (void)fclose(from); |
1314 | (void)close(fd); | | 1314 | (void)close(fd); |
1315 | (void)unlink(f); | | 1315 | (void)unlink(f); |
1316 | return 0; | | 1316 | return 0; |
1317 | } | | 1317 | } |
1318 | while (fgets(buf, sizeof(buf), from) != NULL) { | | 1318 | while (fgets(buf, sizeof(buf), from) != NULL) { |
1319 | cc = strlen(buf); | | 1319 | cc = strlen(buf); |
1320 | if (regexec(&r, buf, 10, matchv, 0) == 0) { | | 1320 | if (regexec(&r, buf, 10, matchv, 0) == 0) { |
1321 | if (buf[(int)matchv[1].rm_so] == ',') { | | 1321 | if (buf[(int)matchv[1].rm_so] == ',') { |
1322 | matchv[2].rm_so = matchv[1].rm_so; | | 1322 | matchv[2].rm_so = matchv[1].rm_so; |
1323 | } else if (matchv[2].rm_eo != matchv[3].rm_eo) { | | 1323 | } else if (matchv[2].rm_eo != matchv[3].rm_eo) { |
1324 | matchv[2].rm_eo = matchv[3].rm_eo; | | 1324 | matchv[2].rm_eo = matchv[3].rm_eo; |
1325 | } | | 1325 | } |
1326 | cc -= (int) matchv[2].rm_eo; | | 1326 | cc -= (int) matchv[2].rm_eo; |
1327 | sc = (int) matchv[2].rm_so; | | 1327 | sc = (int) matchv[2].rm_so; |
1328 | if (fwrite(buf, sizeof(char), (size_t)sc, to) != sc || | | 1328 | if (fwrite(buf, sizeof(char), (size_t)sc, to) != sc || |
1329 | fwrite(&buf[(int)matchv[2].rm_eo], sizeof(char), | | 1329 | fwrite(&buf[(int)matchv[2].rm_eo], sizeof(char), |
1330 | (size_t)cc, to) != cc) { | | 1330 | (size_t)cc, to) != cc) { |
1331 | warn("Can't remove user `%s' from `%s': " | | 1331 | warn("Can't remove user `%s' from `%s': " |
1332 | "short write to `%s'", login_name, | | 1332 | "short write to `%s'", login_name, |
1333 | _PATH_GROUP, f); | | 1333 | _PATH_GROUP, f); |
1334 | (void)fclose(from); | | 1334 | (void)fclose(from); |
1335 | (void)close(fd); | | 1335 | (void)close(fd); |
1336 | (void)unlink(f); | | 1336 | (void)unlink(f); |
1337 | return 0; | | 1337 | return 0; |
1338 | } | | 1338 | } |
1339 | } else if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { | | 1339 | } else if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { |
1340 | warn("Can't remove user `%s' from `%s': " | | 1340 | warn("Can't remove user `%s' from `%s': " |
1341 | "short write to `%s'", login_name, _PATH_GROUP, f); | | 1341 | "short write to `%s'", login_name, _PATH_GROUP, f); |
1342 | (void)fclose(from); | | 1342 | (void)fclose(from); |
1343 | (void)close(fd); | | 1343 | (void)close(fd); |
1344 | (void)unlink(f); | | 1344 | (void)unlink(f); |
1345 | return 0; | | 1345 | return 0; |
1346 | } | | 1346 | } |
1347 | } | | 1347 | } |
1348 | (void)fclose(from); | | 1348 | (void)fclose(from); |
1349 | (void)fclose(to); | | 1349 | (void)fclose(to); |
1350 | if (rename(f, _PATH_GROUP) < 0) { | | 1350 | if (rename(f, _PATH_GROUP) < 0) { |
1351 | warn("Can't remove user `%s' from `%s': " | | 1351 | warn("Can't remove user `%s' from `%s': " |
1352 | "can't rename `%s' to `%s'", | | 1352 | "can't rename `%s' to `%s'", |
1353 | login_name, _PATH_GROUP, f, _PATH_GROUP); | | 1353 | login_name, _PATH_GROUP, f, _PATH_GROUP); |
1354 | (void)unlink(f); | | 1354 | (void)unlink(f); |
1355 | return 0; | | 1355 | return 0; |
1356 | } | | 1356 | } |
1357 | (void)chmod(_PATH_GROUP, st.st_mode & 07777); | | 1357 | (void)chmod(_PATH_GROUP, st.st_mode & 07777); |
1358 | return 1; | | 1358 | return 1; |
1359 | } | | 1359 | } |
1360 | | | 1360 | |
1361 | /* check that the user or group is local, not from YP/NIS */ | | 1361 | /* check that the user or group is local, not from YP/NIS */ |
1362 | static int | | 1362 | static int |
1363 | is_local(char *name, const char *file) | | 1363 | is_local(char *name, const char *file) |
1364 | { | | 1364 | { |
1365 | FILE *fp; | | 1365 | FILE *fp; |
1366 | char buf[MaxEntryLen]; | | 1366 | char buf[MaxEntryLen]; |
1367 | size_t len; | | 1367 | size_t len; |
1368 | int ret; | | 1368 | int ret; |
1369 | | | 1369 | |
1370 | if ((fp = fopen(file, "r")) == NULL) { | | 1370 | if ((fp = fopen(file, "r")) == NULL) { |
1371 | err(EXIT_FAILURE, "Can't open `%s'", file); | | 1371 | err(EXIT_FAILURE, "Can't open `%s'", file); |
1372 | } | | 1372 | } |
1373 | len = strlen(name); | | 1373 | len = strlen(name); |
1374 | for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL ; ) { | | 1374 | for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL ; ) { |
1375 | if (strncmp(buf, name, len) == 0 && buf[len] == ':') { | | 1375 | if (strncmp(buf, name, len) == 0 && buf[len] == ':') { |
1376 | ret = 1; | | 1376 | ret = 1; |
1377 | break; | | 1377 | break; |
1378 | } | | 1378 | } |
1379 | } | | 1379 | } |
1380 | (void)fclose(fp); | | 1380 | (void)fclose(fp); |
1381 | return ret; | | 1381 | return ret; |
1382 | } | | 1382 | } |
1383 | | | 1383 | |
1384 | /* modify a user */ | | 1384 | /* modify a user */ |
1385 | static int | | 1385 | static int |
1386 | moduser(char *login_name, char *newlogin, user_t *up, int allow_samba) | | 1386 | moduser(char *login_name, char *newlogin, user_t *up, int allow_samba) |
1387 | { | | 1387 | { |
1388 | struct passwd *pwp; | | 1388 | struct passwd *pwp, pw; |
1389 | struct group *grp; | | 1389 | struct group *grp; |
1390 | const char *homedir; | | 1390 | const char *homedir; |
1391 | char *locked_pwd; | | 1391 | char *locked_pwd; |
1392 | size_t colonc; | | 1392 | size_t colonc; |
1393 | size_t loginc; | | 1393 | size_t loginc; |
1394 | size_t len; | | 1394 | size_t len; |
1395 | FILE *master; | | 1395 | FILE *master; |
1396 | char newdir[MaxFileNameLen]; | | 1396 | char newdir[MaxFileNameLen]; |
1397 | char buf[MaxEntryLen]; | | 1397 | char buf[MaxEntryLen]; |
| | | 1398 | char pwbuf[MaxEntryLen]; |
1398 | char *colon; | | 1399 | char *colon; |
1399 | int masterfd; | | 1400 | int masterfd; |
1400 | int ptmpfd; | | 1401 | int ptmpfd; |
1401 | int error; | | 1402 | int error; |
1402 | | | 1403 | |
1403 | if (!valid_login(newlogin, allow_samba)) { | | 1404 | if (!valid_login(newlogin, allow_samba)) { |
1404 | errx(EXIT_FAILURE, "Can't modify user `%s': invalid login name", | | 1405 | errx(EXIT_FAILURE, "Can't modify user `%s': invalid login name", |
1405 | login_name); | | 1406 | login_name); |
1406 | } | | 1407 | } |
1407 | if ((pwp = getpwnam(login_name)) == NULL) { | | 1408 | if (getpwnam_r(login_name, &pw, pwbuf, sizeof(pwbuf), &pwp) != 0 |
| | | 1409 | || pwp == NULL) { |
1408 | errx(EXIT_FAILURE, "Can't modify user `%s': no such user", | | 1410 | errx(EXIT_FAILURE, "Can't modify user `%s': no such user", |
1409 | login_name); | | 1411 | login_name); |
1410 | } | | 1412 | } |
1411 | if (!is_local(login_name, _PATH_MASTERPASSWD)) { | | 1413 | if (!is_local(login_name, _PATH_MASTERPASSWD)) { |
1412 | errx(EXIT_FAILURE, "Can't modify user `%s': must be a local user", | | 1414 | errx(EXIT_FAILURE, "Can't modify user `%s': must be a local user", |
1413 | login_name); | | 1415 | login_name); |
1414 | } | | 1416 | } |
1415 | /* keep dir name in case we need it for '-m' */ | | 1417 | /* keep dir name in case we need it for '-m' */ |
1416 | homedir = pwp->pw_dir; | | 1418 | homedir = pwp->pw_dir; |
1417 | | | 1419 | |
1418 | if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { | | 1420 | if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { |
1419 | err(EXIT_FAILURE, "Can't modify user `%s': can't open `%s'", | | 1421 | err(EXIT_FAILURE, "Can't modify user `%s': can't open `%s'", |
1420 | login_name, _PATH_MASTERPASSWD); | | 1422 | login_name, _PATH_MASTERPASSWD); |
1421 | } | | 1423 | } |
1422 | if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { | | 1424 | if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { |
1423 | err(EXIT_FAILURE, "Can't modify user `%s': can't lock `%s'", | | 1425 | err(EXIT_FAILURE, "Can't modify user `%s': can't lock `%s'", |
1424 | login_name, _PATH_MASTERPASSWD); | | 1426 | login_name, _PATH_MASTERPASSWD); |
1425 | } | | 1427 | } |
1426 | pw_init(); | | 1428 | pw_init(); |
1427 | if ((ptmpfd = pw_lock(WAITSECS)) < 0) { | | 1429 | if ((ptmpfd = pw_lock(WAITSECS)) < 0) { |
1428 | int serrno = errno; | | 1430 | int serrno = errno; |
1429 | (void)close(masterfd); | | 1431 | (void)close(masterfd); |
1430 | errno = serrno; | | 1432 | errno = serrno; |
1431 | err(EXIT_FAILURE, "Can't modify user `%s': " | | 1433 | err(EXIT_FAILURE, "Can't modify user `%s': " |
1432 | "can't obtain pw_lock", login_name); | | 1434 | "can't obtain pw_lock", login_name); |
1433 | } | | 1435 | } |
1434 | if ((master = fdopen(masterfd, "r")) == NULL) { | | 1436 | if ((master = fdopen(masterfd, "r")) == NULL) { |
1435 | int serrno = errno; | | 1437 | int serrno = errno; |
1436 | (void)close(masterfd); | | 1438 | (void)close(masterfd); |
1437 | (void)close(ptmpfd); | | 1439 | (void)close(ptmpfd); |
1438 | (void)pw_abort(); | | 1440 | (void)pw_abort(); |
1439 | errno = serrno; | | 1441 | errno = serrno; |
1440 | err(EXIT_FAILURE, "Can't modify user `%s': " | | 1442 | err(EXIT_FAILURE, "Can't modify user `%s': " |
1441 | "fdopen fd for %s", login_name, _PATH_MASTERPASSWD); | | 1443 | "fdopen fd for %s", login_name, _PATH_MASTERPASSWD); |
1442 | } | | 1444 | } |
1443 | if (up != NULL) { | | 1445 | if (up != NULL) { |
1444 | if (up->u_flags & F_USERNAME) { | | 1446 | if (up->u_flags & F_USERNAME) { |
1445 | /* | | 1447 | /* |
1446 | * If changing name, | | 1448 | * If changing name, |
1447 | * check new name isn't already in use | | 1449 | * check new name isn't already in use |
1448 | */ | | 1450 | */ |
1449 | if (strcmp(login_name, newlogin) != 0 && | | 1451 | if (strcmp(login_name, newlogin) != 0 && |
1450 | getpwnam(newlogin) != NULL) { | | 1452 | getpwnam(newlogin) != NULL) { |
1451 | (void)close(ptmpfd); | | 1453 | (void)close(ptmpfd); |
1452 | (void)pw_abort(); | | 1454 | (void)pw_abort(); |
1453 | errx(EXIT_FAILURE, "Can't modify user `%s': " | | 1455 | errx(EXIT_FAILURE, "Can't modify user `%s': " |
1454 | "`%s' is already a user", login_name, | | 1456 | "`%s' is already a user", login_name, |
1455 | newlogin); | | 1457 | newlogin); |
1456 | } | | 1458 | } |
1457 | pwp->pw_name = newlogin; | | 1459 | pwp->pw_name = newlogin; |
1458 | | | 1460 | |
1459 | /* | | 1461 | /* |
1460 | * Provide a new directory name in case the | | 1462 | * Provide a new directory name in case the |
1461 | * home directory is to be moved. | | 1463 | * home directory is to be moved. |
1462 | */ | | 1464 | */ |
1463 | if (up->u_flags & F_MKDIR) { | | 1465 | if (up->u_flags & F_MKDIR) { |
1464 | (void)snprintf(newdir, sizeof(newdir), "%s/%s", | | 1466 | (void)snprintf(newdir, sizeof(newdir), "%s/%s", |
1465 | up->u_basedir, newlogin); | | 1467 | up->u_basedir, newlogin); |
1466 | pwp->pw_dir = newdir; | | 1468 | pwp->pw_dir = newdir; |
1467 | } | | 1469 | } |
1468 | } | | 1470 | } |
1469 | if (up->u_flags & F_PASSWORD) { | | 1471 | if (up->u_flags & F_PASSWORD) { |
1470 | if (up->u_password != NULL) { | | 1472 | if (up->u_password != NULL) { |
1471 | if (!valid_password_length(up->u_password)) { | | 1473 | if (!valid_password_length(up->u_password)) { |
1472 | (void)close(ptmpfd); | | 1474 | (void)close(ptmpfd); |
1473 | (void)pw_abort(); | | 1475 | (void)pw_abort(); |
1474 | errx(EXIT_FAILURE, | | 1476 | errx(EXIT_FAILURE, |
1475 | "Can't modify user `%s': " | | 1477 | "Can't modify user `%s': " |
1476 | "invalid password: `%s'", | | 1478 | "invalid password: `%s'", |
1477 | login_name, up->u_password); | | 1479 | login_name, up->u_password); |
1478 | } | | 1480 | } |
1479 | if ((locked_pwd = | | 1481 | if ((locked_pwd = |
1480 | strstr(pwp->pw_passwd, LOCKED)) != NULL) { | | 1482 | strstr(pwp->pw_passwd, LOCKED)) != NULL) { |
1481 | /* | | 1483 | /* |
1482 | * account is locked - keep it locked | | 1484 | * account is locked - keep it locked |
1483 | * and just change the password. | | 1485 | * and just change the password. |
1484 | */ | | 1486 | */ |
1485 | if (asprintf(&locked_pwd, "%s%s", | | 1487 | if (asprintf(&locked_pwd, "%s%s", |
1486 | LOCKED, up->u_password) == -1) { | | 1488 | LOCKED, up->u_password) == -1) { |
1487 | (void)close(ptmpfd); | | 1489 | (void)close(ptmpfd); |
1488 | (void)pw_abort(); | | 1490 | (void)pw_abort(); |
1489 | err(EXIT_FAILURE, | | 1491 | err(EXIT_FAILURE, |
1490 | "Can't modify user `%s': " | | 1492 | "Can't modify user `%s': " |
1491 | "asprintf failed", | | 1493 | "asprintf failed", |
1492 | login_name); | | 1494 | login_name); |
1493 | } | | 1495 | } |
1494 | pwp->pw_passwd = locked_pwd; | | 1496 | pwp->pw_passwd = locked_pwd; |
1495 | } else { | | 1497 | } else { |
1496 | pwp->pw_passwd = up->u_password; | | 1498 | pwp->pw_passwd = up->u_password; |
1497 | } | | 1499 | } |
1498 | } | | 1500 | } |
1499 | } | | 1501 | } |
1500 | | | 1502 | |
1501 | /* check whether we should lock the account. */ | | 1503 | /* check whether we should lock the account. */ |
1502 | if (up->u_locked == LOCK) { | | 1504 | if (up->u_locked == LOCK) { |
1503 | /* check to see account if already locked. */ | | 1505 | /* check to see account if already locked. */ |
1504 | if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) | | 1506 | if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) |
1505 | != NULL) { | | 1507 | != NULL) { |
1506 | warnx("Account is already locked"); | | 1508 | warnx("Account is already locked"); |
1507 | } else { | | 1509 | } else { |
1508 | if (asprintf(&locked_pwd, "%s%s", LOCKED, | | 1510 | if (asprintf(&locked_pwd, "%s%s", LOCKED, |
1509 | pwp->pw_passwd) == -1) { | | 1511 | pwp->pw_passwd) == -1) { |
1510 | (void)close(ptmpfd); | | 1512 | (void)close(ptmpfd); |
1511 | (void)pw_abort(); | | 1513 | (void)pw_abort(); |
1512 | err(EXIT_FAILURE, | | 1514 | err(EXIT_FAILURE, |
1513 | "Can't modify user `%s': " | | 1515 | "Can't modify user `%s': " |
1514 | "asprintf failed", login_name); | | 1516 | "asprintf failed", login_name); |
1515 | } | | 1517 | } |
1516 | pwp->pw_passwd = locked_pwd; | | 1518 | pwp->pw_passwd = locked_pwd; |
1517 | } | | 1519 | } |
1518 | } else if (up->u_locked == UNLOCK) { | | 1520 | } else if (up->u_locked == UNLOCK) { |
1519 | if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) | | 1521 | if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) |
1520 | == NULL) { | | 1522 | == NULL) { |
1521 | warnx("Can't modify user `%s': " | | 1523 | warnx("Can't modify user `%s': " |
1522 | "account is not locked", login_name); | | 1524 | "account is not locked", login_name); |
1523 | } else { | | 1525 | } else { |
1524 | pwp->pw_passwd = locked_pwd + strlen(LOCKED); | | 1526 | pwp->pw_passwd = locked_pwd + strlen(LOCKED); |
1525 | } | | 1527 | } |
1526 | } | | 1528 | } |
1527 | | | 1529 | |
1528 | if (up->u_flags & F_UID) { | | 1530 | if (up->u_flags & F_UID) { |
1529 | /* check uid isn't already allocated */ | | 1531 | /* check uid isn't already allocated */ |
1530 | if (!(up->u_flags & F_DUPUID) && | | 1532 | if (!(up->u_flags & F_DUPUID) && |
1531 | getpwuid((uid_t)(up->u_uid)) != NULL) { | | 1533 | getpwuid((uid_t)(up->u_uid)) != NULL) { |
1532 | (void)close(ptmpfd); | | 1534 | (void)close(ptmpfd); |
1533 | (void)pw_abort(); | | 1535 | (void)pw_abort(); |
1534 | errx(EXIT_FAILURE, "Can't modify user `%s': " | | 1536 | errx(EXIT_FAILURE, "Can't modify user `%s': " |
1535 | "uid `%d' is already in use", login_name, | | 1537 | "uid `%d' is already in use", login_name, |
1536 | up->u_uid); | | 1538 | up->u_uid); |
1537 | } | | 1539 | } |
1538 | pwp->pw_uid = up->u_uid; | | 1540 | pwp->pw_uid = up->u_uid; |
1539 | } | | 1541 | } |
1540 | if (up->u_flags & F_GROUP) { | | 1542 | if (up->u_flags & F_GROUP) { |
1541 | /* if -g=uid was specified, check gid is unused */ | | 1543 | /* if -g=uid was specified, check gid is unused */ |
1542 | if (strcmp(up->u_primgrp, "=uid") == 0) { | | 1544 | if (strcmp(up->u_primgrp, "=uid") == 0) { |
1543 | if (getgrgid((gid_t)(up->u_uid)) != NULL) { | | 1545 | if (getgrgid((gid_t)(up->u_uid)) != NULL) { |
1544 | (void)close(ptmpfd); | | 1546 | (void)close(ptmpfd); |
1545 | (void)pw_abort(); | | 1547 | (void)pw_abort(); |
1546 | errx(EXIT_FAILURE, | | 1548 | errx(EXIT_FAILURE, |
1547 | "Can't modify user `%s': " | | 1549 | "Can't modify user `%s': " |
1548 | "gid %d is already in use", | | 1550 | "gid %d is already in use", |
1549 | login_name, up->u_uid); | | 1551 | login_name, up->u_uid); |
1550 | } | | 1552 | } |
1551 | pwp->pw_gid = up->u_uid; | | 1553 | pwp->pw_gid = up->u_uid; |
1552 | } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { | | 1554 | } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { |
1553 | pwp->pw_gid = grp->gr_gid; | | 1555 | pwp->pw_gid = grp->gr_gid; |
1554 | } else if (is_number(up->u_primgrp) && | | 1556 | } else if (is_number(up->u_primgrp) && |
1555 | (grp = getgrgid( | | 1557 | (grp = getgrgid( |
1556 | (gid_t)atoi(up->u_primgrp))) != NULL) { | | 1558 | (gid_t)atoi(up->u_primgrp))) != NULL) { |
1557 | pwp->pw_gid = grp->gr_gid; | | 1559 | pwp->pw_gid = grp->gr_gid; |
1558 | } else { | | 1560 | } else { |
1559 | (void)close(ptmpfd); | | 1561 | (void)close(ptmpfd); |
1560 | (void)pw_abort(); | | 1562 | (void)pw_abort(); |
1561 | errx(EXIT_FAILURE, "Can't modify user `%s': " | | 1563 | errx(EXIT_FAILURE, "Can't modify user `%s': " |
1562 | "group %s not found", login_name, | | 1564 | "group %s not found", login_name, |
1563 | up->u_primgrp); | | 1565 | up->u_primgrp); |
1564 | } | | 1566 | } |
1565 | } | | 1567 | } |
1566 | if (up->u_flags & F_INACTIVE) { | | 1568 | if (up->u_flags & F_INACTIVE) { |
1567 | if (!scantime(&pwp->pw_change, up->u_inactive)) { | | 1569 | if (!scantime(&pwp->pw_change, up->u_inactive)) { |
1568 | warnx("Warning: inactive time `%s' invalid, " | | 1570 | warnx("Warning: inactive time `%s' invalid, " |
1569 | "password expiry off", | | 1571 | "password expiry off", |
1570 | up->u_inactive); | | 1572 | up->u_inactive); |
1571 | } | | 1573 | } |
1572 | } | | 1574 | } |
1573 | if (up->u_flags & F_EXPIRE) { | | 1575 | if (up->u_flags & F_EXPIRE) { |
1574 | if (!scantime(&pwp->pw_expire, up->u_expire) || | | 1576 | if (!scantime(&pwp->pw_expire, up->u_expire) || |
1575 | pwp->pw_expire == -1) { | | 1577 | pwp->pw_expire == -1) { |
1576 | warnx("Warning: expire time `%s' invalid, " | | 1578 | warnx("Warning: expire time `%s' invalid, " |
1577 | "account expiry off", | | 1579 | "account expiry off", |
1578 | up->u_expire); | | 1580 | up->u_expire); |
1579 | pwp->pw_expire = 0; | | 1581 | pwp->pw_expire = 0; |
1580 | } | | 1582 | } |
1581 | } | | 1583 | } |
1582 | if (up->u_flags & F_COMMENT) { | | 1584 | if (up->u_flags & F_COMMENT) { |
1583 | pwp->pw_gecos = up->u_comment; | | 1585 | pwp->pw_gecos = up->u_comment; |
1584 | } | | 1586 | } |
1585 | if (up->u_flags & F_HOMEDIR) { | | 1587 | if (up->u_flags & F_HOMEDIR) { |
1586 | pwp->pw_dir = up->u_home; | | 1588 | pwp->pw_dir = up->u_home; |
1587 | } | | 1589 | } |
1588 | if (up->u_flags & F_SHELL) { | | 1590 | if (up->u_flags & F_SHELL) { |
1589 | #ifdef EXTENSIONS | | 1591 | #ifdef EXTENSIONS |
1590 | if (!valid_shell(up->u_shell)) { | | 1592 | if (!valid_shell(up->u_shell)) { |
1591 | int oerrno = errno; | | 1593 | int oerrno = errno; |
1592 | (void)close(ptmpfd); | | 1594 | (void)close(ptmpfd); |
1593 | (void)pw_abort(); | | 1595 | (void)pw_abort(); |
1594 | errno = oerrno; | | 1596 | errno = oerrno; |
1595 | errx(EXIT_FAILURE, "Can't modify user `%s': " | | 1597 | errx(EXIT_FAILURE, "Can't modify user `%s': " |
1596 | "Cannot access shell `%s'", | | 1598 | "Cannot access shell `%s'", |
1597 | login_name, up->u_shell); | | 1599 | login_name, up->u_shell); |
1598 | } | | 1600 | } |
1599 | pwp->pw_shell = up->u_shell; | | 1601 | pwp->pw_shell = up->u_shell; |
1600 | #else | | 1602 | #else |
1601 | pwp->pw_shell = up->u_shell; | | 1603 | pwp->pw_shell = up->u_shell; |
1602 | #endif | | 1604 | #endif |
1603 | } | | 1605 | } |
1604 | #ifdef EXTENSIONS | | 1606 | #ifdef EXTENSIONS |
1605 | if (up->u_flags & F_CLASS) { | | 1607 | if (up->u_flags & F_CLASS) { |
1606 | if (!valid_class(up->u_class)) { | | 1608 | if (!valid_class(up->u_class)) { |
1607 | (void)close(ptmpfd); | | 1609 | (void)close(ptmpfd); |
1608 | (void)pw_abort(); | | 1610 | (void)pw_abort(); |
1609 | errx(EXIT_FAILURE, "Can't modify user `%s': " | | 1611 | errx(EXIT_FAILURE, "Can't modify user `%s': " |
1610 | "no such login class `%s'", login_name, | | 1612 | "no such login class `%s'", login_name, |
1611 | up->u_class); | | 1613 | up->u_class); |
1612 | } | | 1614 | } |
1613 | pwp->pw_class = up->u_class; | | 1615 | pwp->pw_class = up->u_class; |
1614 | } | | 1616 | } |
1615 | #endif | | 1617 | #endif |
1616 | } | | 1618 | } |
1617 | loginc = strlen(login_name); | | 1619 | loginc = strlen(login_name); |
1618 | while (fgets(buf, sizeof(buf), master) != NULL) { | | 1620 | while (fgets(buf, sizeof(buf), master) != NULL) { |
1619 | if ((colon = strchr(buf, ':')) == NULL) { | | 1621 | if ((colon = strchr(buf, ':')) == NULL) { |
1620 | warnx("Malformed entry `%s'. Skipping", buf); | | 1622 | warnx("Malformed entry `%s'. Skipping", buf); |
1621 | continue; | | 1623 | continue; |
1622 | } | | 1624 | } |
1623 | colonc = (size_t)(colon - buf); | | 1625 | colonc = (size_t)(colon - buf); |
1624 | if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) { | | 1626 | if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) { |
1625 | if (up != NULL) { | | 1627 | if (up != NULL) { |
1626 | len = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:" | | 1628 | len = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:" |
1627 | #ifdef EXTENSIONS | | 1629 | #ifdef EXTENSIONS |
1628 | "%s" | | 1630 | "%s" |
1629 | #endif | | 1631 | #endif |
1630 | ":%ld:%ld:%s:%s:%s\n", | | 1632 | ":%ld:%ld:%s:%s:%s\n", |
1631 | newlogin, | | 1633 | newlogin, |
1632 | pwp->pw_passwd, | | 1634 | pwp->pw_passwd, |
1633 | pwp->pw_uid, | | 1635 | pwp->pw_uid, |
1634 | pwp->pw_gid, | | 1636 | pwp->pw_gid, |
1635 | #ifdef EXTENSIONS | | 1637 | #ifdef EXTENSIONS |
1636 | pwp->pw_class, | | 1638 | pwp->pw_class, |
1637 | #endif | | 1639 | #endif |
1638 | (long)pwp->pw_change, | | 1640 | (long)pwp->pw_change, |
1639 | (long)pwp->pw_expire, | | 1641 | (long)pwp->pw_expire, |
1640 | pwp->pw_gecos, | | 1642 | pwp->pw_gecos, |
1641 | pwp->pw_dir, | | 1643 | pwp->pw_dir, |
1642 | pwp->pw_shell); | | 1644 | pwp->pw_shell); |
1643 | if (write(ptmpfd, buf, len) != len) { | | 1645 | if (write(ptmpfd, buf, len) != len) { |
1644 | int serrno = errno; | | 1646 | int serrno = errno; |
1645 | (void)close(ptmpfd); | | 1647 | (void)close(ptmpfd); |
1646 | (void)pw_abort(); | | 1648 | (void)pw_abort(); |
1647 | errno = serrno; | | 1649 | errno = serrno; |
1648 | err(EXIT_FAILURE, "Can't modify user " | | 1650 | err(EXIT_FAILURE, "Can't modify user " |
1649 | "`%s': write", login_name); | | 1651 | "`%s': write", login_name); |
1650 | } | | 1652 | } |
1651 | } | | 1653 | } |
1652 | } else { | | 1654 | } else { |
1653 | len = strlen(buf); | | 1655 | len = strlen(buf); |
1654 | if (write(ptmpfd, buf, len) != len) { | | 1656 | if (write(ptmpfd, buf, len) != len) { |
1655 | int serrno = errno; | | 1657 | int serrno = errno; |
1656 | (void)close(masterfd); | | 1658 | (void)close(masterfd); |
1657 | (void)close(ptmpfd); | | 1659 | (void)close(ptmpfd); |
1658 | (void)pw_abort(); | | 1660 | (void)pw_abort(); |
1659 | errno = serrno; | | 1661 | errno = serrno; |
1660 | err(EXIT_FAILURE, "Can't modify `%s': " | | 1662 | err(EXIT_FAILURE, "Can't modify `%s': " |
1661 | "write", login_name); | | 1663 | "write", login_name); |
1662 | } | | 1664 | } |
1663 | } | | 1665 | } |
1664 | } | | 1666 | } |
1665 | if (up != NULL) { | | 1667 | if (up != NULL) { |
1666 | if ((up->u_flags & F_MKDIR) && | | 1668 | if ((up->u_flags & F_MKDIR) && |
1667 | asystem("%s %s %s", MV, homedir, pwp->pw_dir) != 0) { | | 1669 | asystem("%s %s %s", MV, homedir, pwp->pw_dir) != 0) { |
1668 | (void)close(ptmpfd); | | 1670 | (void)close(ptmpfd); |
1669 | (void)pw_abort(); | | 1671 | (void)pw_abort(); |
1670 | errx(EXIT_FAILURE, "Can't modify user `%s': " | | 1672 | errx(EXIT_FAILURE, "Can't modify user `%s': " |
1671 | "can't move `%s' to `%s'", | | 1673 | "can't move `%s' to `%s'", |
1672 | login_name, homedir, pwp->pw_dir); | | 1674 | login_name, homedir, pwp->pw_dir); |
1673 | } | | 1675 | } |
1674 | if (up->u_groupc > 0 && | | 1676 | if (up->u_groupc > 0 && |
1675 | !append_group(newlogin, up->u_groupc, up->u_groupv)) { | | 1677 | !append_group(newlogin, up->u_groupc, up->u_groupv)) { |
1676 | (void)close(ptmpfd); | | 1678 | (void)close(ptmpfd); |
1677 | (void)pw_abort(); | | 1679 | (void)pw_abort(); |
1678 | errx(EXIT_FAILURE, "Can't modify user `%s': " | | 1680 | errx(EXIT_FAILURE, "Can't modify user `%s': " |
1679 | "can't append `%s' to new groups", | | 1681 | "can't append `%s' to new groups", |
1680 | login_name, newlogin); | | 1682 | login_name, newlogin); |
1681 | } | | 1683 | } |
1682 | } | | 1684 | } |
1683 | (void)close(ptmpfd); | | 1685 | (void)close(ptmpfd); |
1684 | (void)fclose(master); | | 1686 | (void)fclose(master); |
1685 | #if PW_MKDB_ARGC == 2 | | 1687 | #if PW_MKDB_ARGC == 2 |
1686 | if (up != NULL && strcmp(login_name, newlogin) == 0) { | | 1688 | if (up != NULL && strcmp(login_name, newlogin) == 0) { |
1687 | error = pw_mkdb(login_name, 0); | | 1689 | error = pw_mkdb(login_name, 0); |
1688 | } else { | | 1690 | } else { |
1689 | error = pw_mkdb(NULL, 0); | | 1691 | error = pw_mkdb(NULL, 0); |
1690 | } | | 1692 | } |
1691 | #else | | 1693 | #else |
1692 | error = pw_mkdb(); | | 1694 | error = pw_mkdb(); |
1693 | #endif | | 1695 | #endif |
1694 | if (error < 0) { | | 1696 | if (error < 0) { |
1695 | (void)pw_abort(); | | 1697 | (void)pw_abort(); |
1696 | errx(EXIT_FAILURE, "Can't modify user `%s': pw_mkdb failed", | | 1698 | errx(EXIT_FAILURE, "Can't modify user `%s': pw_mkdb failed", |
1697 | login_name); | | 1699 | login_name); |
1698 | } | | 1700 | } |
1699 | if (up == NULL) { | | 1701 | if (up == NULL) { |
1700 | syslog(LOG_INFO, "User removed: name=%s", login_name); | | 1702 | syslog(LOG_INFO, "User removed: name=%s", login_name); |
1701 | } else if (strcmp(login_name, newlogin) == 0) { | | 1703 | } else if (strcmp(login_name, newlogin) == 0) { |
1702 | syslog(LOG_INFO, "User information modified: name=%s, uid=%d, " | | 1704 | syslog(LOG_INFO, "User information modified: name=%s, uid=%d, " |
1703 | "gid=%d, home=%s, shell=%s", | | 1705 | "gid=%d, home=%s, shell=%s", |
1704 | login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, | | 1706 | login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, |
1705 | pwp->pw_shell); | | 1707 | pwp->pw_shell); |
1706 | } else { | | 1708 | } else { |
1707 | syslog(LOG_INFO, "User information modified: name=%s, " | | 1709 | syslog(LOG_INFO, "User information modified: name=%s, " |
1708 | "new name=%s, uid=%d, gid=%d, home=%s, shell=%s", | | 1710 | "new name=%s, uid=%d, gid=%d, home=%s, shell=%s", |
1709 | login_name, newlogin, pwp->pw_uid, pwp->pw_gid, | | 1711 | login_name, newlogin, pwp->pw_uid, pwp->pw_gid, |
1710 | pwp->pw_dir, pwp->pw_shell); | | 1712 | pwp->pw_dir, pwp->pw_shell); |
1711 | } | | 1713 | } |
1712 | return 1; | | 1714 | return 1; |
1713 | } | | 1715 | } |
1714 | | | 1716 | |
1715 | #ifdef EXTENSIONS | | 1717 | #ifdef EXTENSIONS |
1716 | /* see if we can find out the user struct */ | | 1718 | /* see if we can find out the user struct */ |
1717 | static struct passwd * | | 1719 | static struct passwd * |
1718 | find_user_info(const char *name) | | 1720 | find_user_info(const char *name) |
1719 | { | | 1721 | { |
1720 | struct passwd *pwp; | | 1722 | struct passwd *pwp; |
1721 | | | 1723 | |
1722 | if ((pwp = getpwnam(name)) != NULL) { | | 1724 | if ((pwp = getpwnam(name)) != NULL) { |
1723 | return pwp; | | 1725 | return pwp; |
1724 | } | | 1726 | } |
1725 | if (is_number(name) && (pwp = getpwuid((uid_t)atoi(name))) != NULL) { | | 1727 | if (is_number(name) && (pwp = getpwuid((uid_t)atoi(name))) != NULL) { |
1726 | return pwp; | | 1728 | return pwp; |
1727 | } | | 1729 | } |
1728 | return NULL; | | 1730 | return NULL; |
1729 | } | | 1731 | } |
1730 | #endif | | 1732 | #endif |
1731 | | | 1733 | |
1732 | /* see if we can find out the group struct */ | | 1734 | /* see if we can find out the group struct */ |
1733 | static struct group * | | 1735 | static struct group * |
1734 | find_group_info(const char *name) | | 1736 | find_group_info(const char *name) |
1735 | { | | 1737 | { |
1736 | struct group *grp; | | 1738 | struct group *grp; |
1737 | | | 1739 | |
1738 | if ((grp = getgrnam(name)) != NULL) { | | 1740 | if ((grp = getgrnam(name)) != NULL) { |
1739 | return grp; | | 1741 | return grp; |
1740 | } | | 1742 | } |
1741 | if (is_number(name) && (grp = getgrgid((gid_t)atoi(name))) != NULL) { | | 1743 | if (is_number(name) && (grp = getgrgid((gid_t)atoi(name))) != NULL) { |
1742 | return grp; | | 1744 | return grp; |
1743 | } | | 1745 | } |
1744 | return NULL; | | 1746 | return NULL; |
1745 | } | | 1747 | } |
1746 | | | 1748 | |
1747 | /* print out usage message, and then exit */ | | 1749 | /* print out usage message, and then exit */ |
1748 | void | | 1750 | void |
1749 | usermgmt_usage(const char *prog) | | 1751 | usermgmt_usage(const char *prog) |
1750 | { | | 1752 | { |
1751 | if (strcmp(prog, "useradd") == 0) { | | 1753 | if (strcmp(prog, "useradd") == 0) { |
1752 | (void)fprintf(stderr, "usage: %s -D [-F] [-b base-dir] " | | 1754 | (void)fprintf(stderr, "usage: %s -D [-F] [-b base-dir] " |
1753 | "[-e expiry-time] [-f inactive-time]\n" | | 1755 | "[-e expiry-time] [-f inactive-time]\n" |
1754 | "\t[-g gid | name | =uid] [-k skel-dir] [-L login-class]\n" | | 1756 | "\t[-g gid | name | =uid] [-k skel-dir] [-L login-class]\n" |
1755 | "\t[-M homeperm] [-r lowuid..highuid] [-s shell]\n", prog); | | 1757 | "\t[-M homeperm] [-r lowuid..highuid] [-s shell]\n", prog); |
1756 | (void)fprintf(stderr, "usage: %s [-moSv] [-b base-dir] " | | 1758 | (void)fprintf(stderr, "usage: %s [-moSv] [-b base-dir] " |
1757 | "[-c comment] [-d home-dir] [-e expiry-time]\n" | | 1759 | "[-c comment] [-d home-dir] [-e expiry-time]\n" |
1758 | "\t[-f inactive-time] [-G secondary-group] " | | 1760 | "\t[-f inactive-time] [-G secondary-group] " |
1759 | "[-g gid | name | =uid]\n" | | 1761 | "[-g gid | name | =uid]\n" |
1760 | "\t[-k skeletondir] [-L login-class] [-M homeperm] " | | 1762 | "\t[-k skeletondir] [-L login-class] [-M homeperm] " |
1761 | "[-p password]\n" | | 1763 | "[-p password]\n" |
1762 | "\t[-r lowuid..highuid] [-s shell] [-u uid] user\n", | | 1764 | "\t[-r lowuid..highuid] [-s shell] [-u uid] user\n", |
1763 | prog); | | 1765 | prog); |
1764 | } else if (strcmp(prog, "usermod") == 0) { | | 1766 | } else if (strcmp(prog, "usermod") == 0) { |
1765 | (void)fprintf(stderr, "usage: %s [-FmoSv] [-C yes/no] " | | 1767 | (void)fprintf(stderr, "usage: %s [-FmoSv] [-C yes/no] " |
1766 | "[-c comment] [-d home-dir] [-e expiry-time]\n" | | 1768 | "[-c comment] [-d home-dir] [-e expiry-time]\n" |
1767 | "\t[-f inactive] [-G secondary-group] " | | 1769 | "\t[-f inactive] [-G secondary-group] " |
1768 | "[-g gid | name | =uid]\n" | | 1770 | "[-g gid | name | =uid]\n" |
1769 | "\t[-L login-class] [-l new-login] [-p password] " | | 1771 | "\t[-L login-class] [-l new-login] [-p password] " |
1770 | "[-s shell] [-u uid]\n" | | 1772 | "[-s shell] [-u uid]\n" |
1771 | "\tuser\n", prog); | | 1773 | "\tuser\n", prog); |
1772 | } else if (strcmp(prog, "userdel") == 0) { | | 1774 | } else if (strcmp(prog, "userdel") == 0) { |
1773 | (void)fprintf(stderr, "usage: %s -D [-p preserve-value]\n", prog); | | 1775 | (void)fprintf(stderr, "usage: %s -D [-p preserve-value]\n", prog); |
1774 | (void)fprintf(stderr, | | 1776 | (void)fprintf(stderr, |
1775 | "usage: %s [-rSv] [-p preserve-value] user\n", prog); | | 1777 | "usage: %s [-rSv] [-p preserve-value] user\n", prog); |
1776 | #ifdef EXTENSIONS | | 1778 | #ifdef EXTENSIONS |
1777 | } else if (strcmp(prog, "userinfo") == 0) { | | 1779 | } else if (strcmp(prog, "userinfo") == 0) { |
1778 | (void)fprintf(stderr, "usage: %s [-e] user\n", prog); | | 1780 | (void)fprintf(stderr, "usage: %s [-e] user\n", prog); |
1779 | #endif | | 1781 | #endif |
1780 | } else if (strcmp(prog, "groupadd") == 0) { | | 1782 | } else if (strcmp(prog, "groupadd") == 0) { |
1781 | (void)fprintf(stderr, "usage: %s [-ov] [-g gid]" | | 1783 | (void)fprintf(stderr, "usage: %s [-ov] [-g gid]" |
1782 | " [-r lowgid..highgid] group\n", prog); | | 1784 | " [-r lowgid..highgid] group\n", prog); |
1783 | } else if (strcmp(prog, "groupdel") == 0) { | | 1785 | } else if (strcmp(prog, "groupdel") == 0) { |
1784 | (void)fprintf(stderr, "usage: %s [-v] group\n", prog); | | 1786 | (void)fprintf(stderr, "usage: %s [-v] group\n", prog); |
1785 | } else if (strcmp(prog, "groupmod") == 0) { | | 1787 | } else if (strcmp(prog, "groupmod") == 0) { |
1786 | (void)fprintf(stderr, | | 1788 | (void)fprintf(stderr, |
1787 | "usage: %s [-ov] [-g gid] [-n newname] group\n", prog); | | 1789 | "usage: %s [-ov] [-g gid] [-n newname] group\n", prog); |
1788 | } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) { | | 1790 | } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) { |
1789 | (void)fprintf(stderr, | | 1791 | (void)fprintf(stderr, |
1790 | "usage: %s ( add | del | mod | info ) ...\n", prog); | | 1792 | "usage: %s ( add | del | mod | info ) ...\n", prog); |
1791 | #ifdef EXTENSIONS | | 1793 | #ifdef EXTENSIONS |
1792 | } else if (strcmp(prog, "groupinfo") == 0) { | | 1794 | } else if (strcmp(prog, "groupinfo") == 0) { |
1793 | (void)fprintf(stderr, "usage: %s [-ev] group\n", prog); | | 1795 | (void)fprintf(stderr, "usage: %s [-ev] group\n", prog); |
1794 | #endif | | 1796 | #endif |
1795 | } | | 1797 | } |
1796 | exit(EXIT_FAILURE); | | 1798 | exit(EXIT_FAILURE); |
1797 | /* NOTREACHED */ | | 1799 | /* NOTREACHED */ |
1798 | } | | 1800 | } |
1799 | | | 1801 | |
1800 | #ifdef EXTENSIONS | | 1802 | #ifdef EXTENSIONS |
1801 | #define ADD_OPT_EXTENSIONS "M:p:r:vL:S" | | 1803 | #define ADD_OPT_EXTENSIONS "M:p:r:vL:S" |
1802 | #else | | 1804 | #else |
1803 | #define ADD_OPT_EXTENSIONS | | 1805 | #define ADD_OPT_EXTENSIONS |
1804 | #endif | | 1806 | #endif |
1805 | | | 1807 | |
1806 | int | | 1808 | int |
1807 | useradd(int argc, char **argv) | | 1809 | useradd(int argc, char **argv) |
1808 | { | | 1810 | { |
1809 | user_t u; | | 1811 | user_t u; |
1810 | int defaultfield; | | 1812 | int defaultfield; |
1811 | int bigD; | | 1813 | int bigD; |
1812 | int c; | | 1814 | int c; |
1813 | #ifdef EXTENSIONS | | 1815 | #ifdef EXTENSIONS |
1814 | int i; | | 1816 | int i; |
1815 | #endif | | 1817 | #endif |
1816 | | | 1818 | |
1817 | (void)memset(&u, 0, sizeof(u)); | | 1819 | (void)memset(&u, 0, sizeof(u)); |
1818 | read_defaults(&u); | | 1820 | read_defaults(&u); |
1819 | u.u_uid = -1; | | 1821 | u.u_uid = -1; |
1820 | defaultfield = bigD = 0; | | 1822 | defaultfield = bigD = 0; |
1821 | while ((c = getopt(argc, argv, "DFG:b:c:d:e:f:g:k:mou:s:" | | 1823 | while ((c = getopt(argc, argv, "DFG:b:c:d:e:f:g:k:mou:s:" |
1822 | ADD_OPT_EXTENSIONS)) != -1) { | | 1824 | ADD_OPT_EXTENSIONS)) != -1) { |
1823 | switch(c) { | | 1825 | switch(c) { |
1824 | case 'D': | | 1826 | case 'D': |
1825 | bigD = 1; | | 1827 | bigD = 1; |
1826 | break; | | 1828 | break; |
1827 | case 'F': | | 1829 | case 'F': |
1828 | /* | | 1830 | /* |
1829 | * Setting -1 will force the new user to | | 1831 | * Setting -1 will force the new user to |
1830 | * change their password as soon as they | | 1832 | * change their password as soon as they |
1831 | * next log in - passwd(5). | | 1833 | * next log in - passwd(5). |
1832 | */ | | 1834 | */ |
1833 | defaultfield = 1; | | 1835 | defaultfield = 1; |
1834 | memsave(&u.u_inactive, "-1", strlen("-1")); | | 1836 | memsave(&u.u_inactive, "-1", strlen("-1")); |
1835 | break; | | 1837 | break; |
1836 | case 'G': | | 1838 | case 'G': |
1837 | while (u.u_groupc < NGROUPS_MAX && | | 1839 | while (u.u_groupc < NGROUPS_MAX && |
1838 | (u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL) { | | 1840 | (u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL) { |
1839 | if (u.u_groupv[u.u_groupc][0] != 0) { | | 1841 | if (u.u_groupv[u.u_groupc][0] != 0) { |
1840 | u.u_groupc++; | | 1842 | u.u_groupc++; |
1841 | } | | 1843 | } |
1842 | } | | 1844 | } |
1843 | if (optarg != NULL) { | | 1845 | if (optarg != NULL) { |
1844 | warnx("Truncated list of secondary groups " | | 1846 | warnx("Truncated list of secondary groups " |
1845 | "to %d entries", NGROUPS_MAX); | | 1847 | "to %d entries", NGROUPS_MAX); |
1846 | } | | 1848 | } |
1847 | break; | | 1849 | break; |
1848 | #ifdef EXTENSIONS | | 1850 | #ifdef EXTENSIONS |
1849 | case 'S': | | 1851 | case 'S': |
1850 | u.u_allow_samba = 1; | | 1852 | u.u_allow_samba = 1; |
1851 | break; | | 1853 | break; |
1852 | #endif | | 1854 | #endif |
1853 | case 'b': | | 1855 | case 'b': |
1854 | defaultfield = 1; | | 1856 | defaultfield = 1; |
1855 | memsave(&u.u_basedir, optarg, strlen(optarg)); | | 1857 | memsave(&u.u_basedir, optarg, strlen(optarg)); |
1856 | break; | | 1858 | break; |
1857 | case 'c': | | 1859 | case 'c': |
1858 | memsave(&u.u_comment, optarg, strlen(optarg)); | | 1860 | memsave(&u.u_comment, optarg, strlen(optarg)); |
1859 | break; | | 1861 | break; |
1860 | case 'd': | | 1862 | case 'd': |
1861 | memsave(&u.u_home, optarg, strlen(optarg)); | | 1863 | memsave(&u.u_home, optarg, strlen(optarg)); |
1862 | u.u_flags |= F_HOMEDIR; | | 1864 | u.u_flags |= F_HOMEDIR; |
1863 | break; | | 1865 | break; |
1864 | case 'e': | | 1866 | case 'e': |
1865 | defaultfield = 1; | | 1867 | defaultfield = 1; |
1866 | memsave(&u.u_expire, optarg, strlen(optarg)); | | 1868 | memsave(&u.u_expire, optarg, strlen(optarg)); |
1867 | break; | | 1869 | break; |
1868 | case 'f': | | 1870 | case 'f': |
1869 | defaultfield = 1; | | 1871 | defaultfield = 1; |
1870 | memsave(&u.u_inactive, optarg, strlen(optarg)); | | 1872 | memsave(&u.u_inactive, optarg, strlen(optarg)); |
1871 | break; | | 1873 | break; |
1872 | case 'g': | | 1874 | case 'g': |
1873 | defaultfield = 1; | | 1875 | defaultfield = 1; |
1874 | memsave(&u.u_primgrp, optarg, strlen(optarg)); | | 1876 | memsave(&u.u_primgrp, optarg, strlen(optarg)); |
1875 | break; | | 1877 | break; |
1876 | case 'k': | | 1878 | case 'k': |
1877 | defaultfield = 1; | | 1879 | defaultfield = 1; |
1878 | memsave(&u.u_skeldir, optarg, strlen(optarg)); | | 1880 | memsave(&u.u_skeldir, optarg, strlen(optarg)); |
1879 | break; | | 1881 | break; |
1880 | #ifdef EXTENSIONS | | 1882 | #ifdef EXTENSIONS |
1881 | case 'L': | | 1883 | case 'L': |
1882 | defaultfield = 1; | | 1884 | defaultfield = 1; |
1883 | memsave(&u.u_class, optarg, strlen(optarg)); | | 1885 | memsave(&u.u_class, optarg, strlen(optarg)); |
1884 | break; | | 1886 | break; |
1885 | #endif | | 1887 | #endif |
1886 | case 'm': | | 1888 | case 'm': |
1887 | u.u_flags |= F_MKDIR; | | 1889 | u.u_flags |= F_MKDIR; |
1888 | break; | | 1890 | break; |
1889 | #ifdef EXTENSIONS | | 1891 | #ifdef EXTENSIONS |
1890 | case 'M': | | 1892 | case 'M': |
1891 | defaultfield = 1; | | 1893 | defaultfield = 1; |
1892 | u.u_homeperm = strtoul(optarg, NULL, 8); | | 1894 | u.u_homeperm = strtoul(optarg, NULL, 8); |
1893 | break; | | 1895 | break; |
1894 | #endif | | 1896 | #endif |
1895 | case 'o': | | 1897 | case 'o': |
1896 | u.u_flags |= F_DUPUID; | | 1898 | u.u_flags |= F_DUPUID; |
1897 | break; | | 1899 | break; |
1898 | #ifdef EXTENSIONS | | 1900 | #ifdef EXTENSIONS |
1899 | case 'p': | | 1901 | case 'p': |
1900 | memsave(&u.u_password, optarg, strlen(optarg)); | | 1902 | memsave(&u.u_password, optarg, strlen(optarg)); |
1901 | break; | | 1903 | break; |
1902 | #endif | | 1904 | #endif |
1903 | #ifdef EXTENSIONS | | 1905 | #ifdef EXTENSIONS |
1904 | case 'r': | | 1906 | case 'r': |
1905 | defaultfield = 1; | | 1907 | defaultfield = 1; |
1906 | (void)save_range(&u, optarg); | | 1908 | (void)save_range(&u, optarg); |
1907 | break; | | 1909 | break; |
1908 | #endif | | 1910 | #endif |
1909 | case 's': | | 1911 | case 's': |
1910 | u.u_flags |= F_SHELL; | | 1912 | u.u_flags |= F_SHELL; |
1911 | defaultfield = 1; | | 1913 | defaultfield = 1; |
1912 | memsave(&u.u_shell, optarg, strlen(optarg)); | | 1914 | memsave(&u.u_shell, optarg, strlen(optarg)); |
1913 | break; | | 1915 | break; |
1914 | case 'u': | | 1916 | case 'u': |
1915 | u.u_uid = check_numeric(optarg, "uid"); | | 1917 | u.u_uid = check_numeric(optarg, "uid"); |
1916 | break; | | 1918 | break; |
1917 | #ifdef EXTENSIONS | | 1919 | #ifdef EXTENSIONS |
1918 | case 'v': | | 1920 | case 'v': |
1919 | verbose = 1; | | 1921 | verbose = 1; |
1920 | break; | | 1922 | break; |
1921 | #endif | | 1923 | #endif |
1922 | default: | | 1924 | default: |
1923 | usermgmt_usage("useradd"); | | 1925 | usermgmt_usage("useradd"); |
1924 | /* NOTREACHED */ | | 1926 | /* NOTREACHED */ |
1925 | } | | 1927 | } |
1926 | } | | 1928 | } |
1927 | if (bigD) { | | 1929 | if (bigD) { |
1928 | if (defaultfield) { | | 1930 | if (defaultfield) { |
1929 | checkeuid(); | | 1931 | checkeuid(); |
1930 | return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; | | 1932 | return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; |
1931 | } | | 1933 | } |
1932 | (void)printf("group\t\t%s\n", u.u_primgrp); | | 1934 | (void)printf("group\t\t%s\n", u.u_primgrp); |
1933 | (void)printf("base_dir\t%s\n", u.u_basedir); | | 1935 | (void)printf("base_dir\t%s\n", u.u_basedir); |
1934 | (void)printf("skel_dir\t%s\n", u.u_skeldir); | | 1936 | (void)printf("skel_dir\t%s\n", u.u_skeldir); |
1935 | (void)printf("shell\t\t%s\n", u.u_shell); | | 1937 | (void)printf("shell\t\t%s\n", u.u_shell); |
1936 | #ifdef EXTENSIONS | | 1938 | #ifdef EXTENSIONS |
1937 | (void)printf("class\t\t%s\n", u.u_class); | | 1939 | (void)printf("class\t\t%s\n", u.u_class); |
1938 | (void)printf("homeperm\t0%o\n", u.u_homeperm); | | 1940 | (void)printf("homeperm\t0%o\n", u.u_homeperm); |
1939 | #endif | | 1941 | #endif |
1940 | (void)printf("inactive\t%s\n", (u.u_inactive == NULL) ? | | 1942 | (void)printf("inactive\t%s\n", (u.u_inactive == NULL) ? |
1941 | UNSET_INACTIVE : u.u_inactive); | | 1943 | UNSET_INACTIVE : u.u_inactive); |
1942 | (void)printf("expire\t\t%s\n", (u.u_expire == NULL) ? | | 1944 | (void)printf("expire\t\t%s\n", (u.u_expire == NULL) ? |
1943 | UNSET_EXPIRY : u.u_expire); | | 1945 | UNSET_EXPIRY : u.u_expire); |
1944 | #ifdef EXTENSIONS | | 1946 | #ifdef EXTENSIONS |
1945 | for (i = 0 ; i < u.u_rc ; i++) { | | 1947 | for (i = 0 ; i < u.u_rc ; i++) { |
1946 | (void)printf("range\t\t%d..%d\n", | | 1948 | (void)printf("range\t\t%d..%d\n", |
1947 | u.u_rv[i].r_from, u.u_rv[i].r_to); | | 1949 | u.u_rv[i].r_from, u.u_rv[i].r_to); |
1948 | } | | 1950 | } |
1949 | #endif | | 1951 | #endif |
1950 | return EXIT_SUCCESS; | | 1952 | return EXIT_SUCCESS; |
1951 | } | | 1953 | } |
1952 | argc -= optind; | | 1954 | argc -= optind; |
1953 | argv += optind; | | 1955 | argv += optind; |
1954 | if (argc != 1) { | | 1956 | if (argc != 1) { |
1955 | usermgmt_usage("useradd"); | | 1957 | usermgmt_usage("useradd"); |
1956 | } | | 1958 | } |
1957 | checkeuid(); | | 1959 | checkeuid(); |
1958 | openlog("useradd", LOG_PID, LOG_USER); | | 1960 | openlog("useradd", LOG_PID, LOG_USER); |
1959 | return adduser(*argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE; | | 1961 | return adduser(*argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE; |
1960 | } | | 1962 | } |
1961 | | | 1963 | |
1962 | #ifdef EXTENSIONS | | 1964 | #ifdef EXTENSIONS |
1963 | #define MOD_OPT_EXTENSIONS "p:vL:S" | | 1965 | #define MOD_OPT_EXTENSIONS "p:vL:S" |
1964 | #else | | 1966 | #else |
1965 | #define MOD_OPT_EXTENSIONS | | 1967 | #define MOD_OPT_EXTENSIONS |
1966 | #endif | | 1968 | #endif |
1967 | | | 1969 | |
1968 | int | | 1970 | int |
1969 | usermod(int argc, char **argv) | | 1971 | usermod(int argc, char **argv) |
1970 | { | | 1972 | { |
1971 | user_t u; | | 1973 | user_t u; |
1972 | char newuser[MaxUserNameLen + 1]; | | 1974 | char newuser[MaxUserNameLen + 1]; |
1973 | int c, have_new_user; | | 1975 | int c, have_new_user; |
1974 | | | 1976 | |
1975 | (void)memset(&u, 0, sizeof(u)); | | 1977 | (void)memset(&u, 0, sizeof(u)); |
1976 | (void)memset(newuser, 0, sizeof(newuser)); | | 1978 | (void)memset(newuser, 0, sizeof(newuser)); |
1977 | read_defaults(&u); | | 1979 | read_defaults(&u); |
1978 | have_new_user = 0; | | 1980 | have_new_user = 0; |
1979 | u.u_locked = -1; | | 1981 | u.u_locked = -1; |
1980 | while ((c = getopt(argc, argv, "C:FG:c:d:e:f:g:l:mos:u:" | | 1982 | while ((c = getopt(argc, argv, "C:FG:c:d:e:f:g:l:mos:u:" |
1981 | MOD_OPT_EXTENSIONS)) != -1) { | | 1983 | MOD_OPT_EXTENSIONS)) != -1) { |
1982 | switch(c) { | | 1984 | switch(c) { |
1983 | case 'G': | | 1985 | case 'G': |
1984 | while (u.u_groupc < NGROUPS_MAX && | | 1986 | while (u.u_groupc < NGROUPS_MAX && |
1985 | (u.u_groupv[u.u_groupc] = | | 1987 | (u.u_groupv[u.u_groupc] = |
1986 | strsep(&optarg, ",")) != NULL) { | | 1988 | strsep(&optarg, ",")) != NULL) { |
1987 | if (u.u_groupv[u.u_groupc][0] != 0) { | | 1989 | if (u.u_groupv[u.u_groupc][0] != 0) { |
1988 | u.u_groupc++; | | 1990 | u.u_groupc++; |
1989 | } | | 1991 | } |
1990 | } | | 1992 | } |
1991 | if (optarg != NULL) { | | 1993 | if (optarg != NULL) { |
1992 | warnx("Truncated list of secondary groups " | | 1994 | warnx("Truncated list of secondary groups " |
1993 | "to %d entries", NGROUPS_MAX); | | 1995 | "to %d entries", NGROUPS_MAX); |
1994 | } | | 1996 | } |
1995 | u.u_flags |= F_SECGROUP; | | 1997 | u.u_flags |= F_SECGROUP; |
1996 | break; | | 1998 | break; |
1997 | #ifdef EXTENSIONS | | 1999 | #ifdef EXTENSIONS |
1998 | case 'S': | | 2000 | case 'S': |
1999 | u.u_allow_samba = 1; | | 2001 | u.u_allow_samba = 1; |
2000 | break; | | 2002 | break; |
2001 | #endif | | 2003 | #endif |
2002 | case 'c': | | 2004 | case 'c': |
2003 | memsave(&u.u_comment, optarg, strlen(optarg)); | | 2005 | memsave(&u.u_comment, optarg, strlen(optarg)); |
2004 | u.u_flags |= F_COMMENT; | | 2006 | u.u_flags |= F_COMMENT; |
2005 | break; | | 2007 | break; |
2006 | case 'C': | | 2008 | case 'C': |
2007 | if (strcasecmp(optarg, "yes") == 0) { | | 2009 | if (strcasecmp(optarg, "yes") == 0) { |
2008 | u.u_locked = LOCK; | | 2010 | u.u_locked = LOCK; |
2009 | } else if (strcasecmp(optarg, "no") == 0) { | | 2011 | } else if (strcasecmp(optarg, "no") == 0) { |
2010 | u.u_locked = UNLOCK; | | 2012 | u.u_locked = UNLOCK; |
2011 | } else { | | 2013 | } else { |
2012 | /* No idea. */ | | 2014 | /* No idea. */ |
2013 | errx(EXIT_FAILURE, | | 2015 | errx(EXIT_FAILURE, |
2014 | "Please type 'yes' or 'no'"); | | 2016 | "Please type 'yes' or 'no'"); |
2015 | } | | 2017 | } |
2016 | break; | | 2018 | break; |
2017 | case 'F': | | 2019 | case 'F': |
2018 | memsave(&u.u_inactive, "-1", strlen("-1")); | | 2020 | memsave(&u.u_inactive, "-1", strlen("-1")); |
2019 | u.u_flags |= F_INACTIVE; | | 2021 | u.u_flags |= F_INACTIVE; |
2020 | break; | | 2022 | break; |
2021 | case 'd': | | 2023 | case 'd': |
2022 | memsave(&u.u_home, optarg, strlen(optarg)); | | 2024 | memsave(&u.u_home, optarg, strlen(optarg)); |
2023 | u.u_flags |= F_HOMEDIR; | | 2025 | u.u_flags |= F_HOMEDIR; |
2024 | break; | | 2026 | break; |
2025 | case 'e': | | 2027 | case 'e': |
2026 | memsave(&u.u_expire, optarg, strlen(optarg)); | | 2028 | memsave(&u.u_expire, optarg, strlen(optarg)); |
2027 | u.u_flags |= F_EXPIRE; | | 2029 | u.u_flags |= F_EXPIRE; |
2028 | break; | | 2030 | break; |
2029 | case 'f': | | 2031 | case 'f': |
2030 | memsave(&u.u_inactive, optarg, strlen(optarg)); | | 2032 | memsave(&u.u_inactive, optarg, strlen(optarg)); |
2031 | u.u_flags |= F_INACTIVE; | | 2033 | u.u_flags |= F_INACTIVE; |
2032 | break; | | 2034 | break; |
2033 | case 'g': | | 2035 | case 'g': |
2034 | memsave(&u.u_primgrp, optarg, strlen(optarg)); | | 2036 | memsave(&u.u_primgrp, optarg, strlen(optarg)); |
2035 | u.u_flags |= F_GROUP; | | 2037 | u.u_flags |= F_GROUP; |
2036 | break; | | 2038 | break; |
2037 | case 'l': | | 2039 | case 'l': |
2038 | (void)strlcpy(newuser, optarg, sizeof(newuser)); | | 2040 | (void)strlcpy(newuser, optarg, sizeof(newuser)); |
2039 | have_new_user = 1; | | 2041 | have_new_user = 1; |
2040 | u.u_flags |= F_USERNAME; | | 2042 | u.u_flags |= F_USERNAME; |
2041 | break; | | 2043 | break; |
2042 | #ifdef EXTENSIONS | | 2044 | #ifdef EXTENSIONS |
2043 | case 'L': | | 2045 | case 'L': |
2044 | memsave(&u.u_class, optarg, strlen(optarg)); | | 2046 | memsave(&u.u_class, optarg, strlen(optarg)); |
2045 | u.u_flags |= F_CLASS; | | 2047 | u.u_flags |= F_CLASS; |
2046 | break; | | 2048 | break; |
2047 | #endif | | 2049 | #endif |
2048 | case 'm': | | 2050 | case 'm': |
2049 | u.u_flags |= F_MKDIR; | | 2051 | u.u_flags |= F_MKDIR; |
2050 | break; | | 2052 | break; |
2051 | case 'o': | | 2053 | case 'o': |
2052 | u.u_flags |= F_DUPUID; | | 2054 | u.u_flags |= F_DUPUID; |
2053 | break; | | 2055 | break; |
2054 | #ifdef EXTENSIONS | | 2056 | #ifdef EXTENSIONS |
2055 | case 'p': | | 2057 | case 'p': |
2056 | memsave(&u.u_password, optarg, strlen(optarg)); | | 2058 | memsave(&u.u_password, optarg, strlen(optarg)); |
2057 | u.u_flags |= F_PASSWORD; | | 2059 | u.u_flags |= F_PASSWORD; |
2058 | break; | | 2060 | break; |
2059 | #endif | | 2061 | #endif |
2060 | case 's': | | 2062 | case 's': |
2061 | memsave(&u.u_shell, optarg, strlen(optarg)); | | 2063 | memsave(&u.u_shell, optarg, strlen(optarg)); |
2062 | u.u_flags |= F_SHELL; | | 2064 | u.u_flags |= F_SHELL; |
2063 | break; | | 2065 | break; |
2064 | case 'u': | | 2066 | case 'u': |
2065 | u.u_uid = check_numeric(optarg, "uid"); | | 2067 | u.u_uid = check_numeric(optarg, "uid"); |
2066 | u.u_flags |= F_UID; | | 2068 | u.u_flags |= F_UID; |
2067 | break; | | 2069 | break; |
2068 | #ifdef EXTENSIONS | | 2070 | #ifdef EXTENSIONS |
2069 | case 'v': | | 2071 | case 'v': |
2070 | verbose = 1; | | 2072 | verbose = 1; |
2071 | break; | | 2073 | break; |
2072 | #endif | | 2074 | #endif |
2073 | default: | | 2075 | default: |
2074 | usermgmt_usage("usermod"); | | 2076 | usermgmt_usage("usermod"); |
2075 | /* NOTREACHED */ | | 2077 | /* NOTREACHED */ |
2076 | } | | 2078 | } |
2077 | } | | 2079 | } |
2078 | if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) && | | 2080 | if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) && |
2079 | !(u.u_flags & F_USERNAME)) { | | 2081 | !(u.u_flags & F_USERNAME)) { |
2080 | warnx("Option 'm' useless without 'd' or 'l' -- ignored"); | | 2082 | warnx("Option 'm' useless without 'd' or 'l' -- ignored"); |
2081 | u.u_flags &= ~F_MKDIR; | | 2083 | u.u_flags &= ~F_MKDIR; |
2082 | } | | 2084 | } |
2083 | argc -= optind; | | 2085 | argc -= optind; |
2084 | argv += optind; | | 2086 | argv += optind; |
2085 | if (argc != 1) { | | 2087 | if (argc != 1) { |
2086 | usermgmt_usage("usermod"); | | 2088 | usermgmt_usage("usermod"); |
2087 | } | | 2089 | } |
2088 | checkeuid(); | | 2090 | checkeuid(); |
2089 | openlog("usermod", LOG_PID, LOG_USER); | | 2091 | openlog("usermod", LOG_PID, LOG_USER); |
2090 | return moduser(*argv, (have_new_user) ? newuser : *argv, &u, | | 2092 | return moduser(*argv, (have_new_user) ? newuser : *argv, &u, |
2091 | u.u_allow_samba) ? EXIT_SUCCESS : EXIT_FAILURE; | | 2093 | u.u_allow_samba) ? EXIT_SUCCESS : EXIT_FAILURE; |
2092 | } | | 2094 | } |
2093 | | | 2095 | |
2094 | #ifdef EXTENSIONS | | 2096 | #ifdef EXTENSIONS |
2095 | #define DEL_OPT_EXTENSIONS "Dp:vS" | | 2097 | #define DEL_OPT_EXTENSIONS "Dp:vS" |
2096 | #else | | 2098 | #else |
2097 | #define DEL_OPT_EXTENSIONS | | 2099 | #define DEL_OPT_EXTENSIONS |
2098 | #endif | | 2100 | #endif |
2099 | | | 2101 | |
2100 | int | | 2102 | int |
2101 | userdel(int argc, char **argv) | | 2103 | userdel(int argc, char **argv) |
2102 | { | | 2104 | { |
2103 | struct passwd *pwp; | | 2105 | struct passwd *pwp; |
2104 | user_t u; | | 2106 | user_t u; |
2105 | char password[PasswordLength + 1]; | | 2107 | char password[PasswordLength + 1]; |
2106 | int defaultfield; | | 2108 | int defaultfield; |
2107 | int rmhome; | | 2109 | int rmhome; |
2108 | int bigD; | | 2110 | int bigD; |
2109 | int c; | | 2111 | int c; |
2110 | | | 2112 | |
2111 | (void)memset(&u, 0, sizeof(u)); | | 2113 | (void)memset(&u, 0, sizeof(u)); |
2112 | read_defaults(&u); | | 2114 | read_defaults(&u); |
2113 | defaultfield = bigD = rmhome = 0; | | 2115 | defaultfield = bigD = rmhome = 0; |
2114 | while ((c = getopt(argc, argv, "r" DEL_OPT_EXTENSIONS)) != -1) { | | 2116 | while ((c = getopt(argc, argv, "r" DEL_OPT_EXTENSIONS)) != -1) { |
2115 | switch(c) { | | 2117 | switch(c) { |
2116 | #ifdef EXTENSIONS | | 2118 | #ifdef EXTENSIONS |
2117 | case 'D': | | 2119 | case 'D': |
2118 | bigD = 1; | | 2120 | bigD = 1; |
2119 | break; | | 2121 | break; |
2120 | #endif | | 2122 | #endif |
2121 | #ifdef EXTENSIONS | | 2123 | #ifdef EXTENSIONS |
2122 | case 'S': | | 2124 | case 'S': |
2123 | u.u_allow_samba = 1; | | 2125 | u.u_allow_samba = 1; |
2124 | break; | | 2126 | break; |
2125 | #endif | | 2127 | #endif |
2126 | #ifdef EXTENSIONS | | 2128 | #ifdef EXTENSIONS |
2127 | case 'p': | | 2129 | case 'p': |
2128 | defaultfield = 1; | | 2130 | defaultfield = 1; |
2129 | u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 : | | 2131 | u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 : |
2130 | (strcmp(optarg, "yes") == 0) ? 1 : | | 2132 | (strcmp(optarg, "yes") == 0) ? 1 : |
2131 | atoi(optarg); | | 2133 | atoi(optarg); |
2132 | break; | | 2134 | break; |
2133 | #endif | | 2135 | #endif |
2134 | case 'r': | | 2136 | case 'r': |
2135 | rmhome = 1; | | 2137 | rmhome = 1; |
2136 | break; | | 2138 | break; |
2137 | #ifdef EXTENSIONS | | 2139 | #ifdef EXTENSIONS |
2138 | case 'v': | | 2140 | case 'v': |
2139 | verbose = 1; | | 2141 | verbose = 1; |
2140 | break; | | 2142 | break; |
2141 | #endif | | 2143 | #endif |
2142 | default: | | 2144 | default: |
2143 | usermgmt_usage("userdel"); | | 2145 | usermgmt_usage("userdel"); |
2144 | /* NOTREACHED */ | | 2146 | /* NOTREACHED */ |
2145 | } | | 2147 | } |
2146 | } | | 2148 | } |
2147 | #ifdef EXTENSIONS | | 2149 | #ifdef EXTENSIONS |
2148 | if (bigD) { | | 2150 | if (bigD) { |
2149 | if (defaultfield) { | | 2151 | if (defaultfield) { |
2150 | checkeuid(); | | 2152 | checkeuid(); |
2151 | return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; | | 2153 | return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; |
2152 | } | | 2154 | } |
2153 | (void)printf("preserve\t%s\n", (u.u_preserve) ? "true" : | | 2155 | (void)printf("preserve\t%s\n", (u.u_preserve) ? "true" : |
2154 | "false"); | | 2156 | "false"); |
2155 | return EXIT_SUCCESS; | | 2157 | return EXIT_SUCCESS; |
2156 | } | | 2158 | } |
2157 | #endif | | 2159 | #endif |
2158 | argc -= optind; | | 2160 | argc -= optind; |
2159 | argv += optind; | | 2161 | argv += optind; |
2160 | if (argc != 1) { | | 2162 | if (argc != 1) { |
2161 | usermgmt_usage("userdel"); | | 2163 | usermgmt_usage("userdel"); |
2162 | } | | 2164 | } |
2163 | checkeuid(); | | 2165 | checkeuid(); |
2164 | if ((pwp = getpwnam(*argv)) == NULL) { | | 2166 | if ((pwp = getpwnam(*argv)) == NULL) { |
2165 | warnx("No such user `%s'", *argv); | | 2167 | warnx("No such user `%s'", *argv); |
2166 | return EXIT_FAILURE; | | 2168 | return EXIT_FAILURE; |
2167 | } | | 2169 | } |
2168 | if (rmhome) { | | 2170 | if (rmhome) { |
2169 | (void)removehomedir(pwp); | | 2171 | (void)removehomedir(pwp); |
2170 | } | | 2172 | } |
2171 | if (u.u_preserve) { | | 2173 | if (u.u_preserve) { |
2172 | u.u_flags |= F_SHELL; | | 2174 | u.u_flags |= F_SHELL; |
2173 | memsave(&u.u_shell, NOLOGIN, strlen(NOLOGIN)); | | 2175 | memsave(&u.u_shell, NOLOGIN, strlen(NOLOGIN)); |
2174 | (void)memset(password, '*', DES_Len); | | 2176 | (void)memset(password, '*', DES_Len); |
2175 | password[DES_Len] = 0; | | 2177 | password[DES_Len] = 0; |
2176 | memsave(&u.u_password, password, strlen(password)); | | 2178 | memsave(&u.u_password, password, strlen(password)); |
2177 | u.u_flags |= F_PASSWORD; | | 2179 | u.u_flags |= F_PASSWORD; |
2178 | openlog("userdel", LOG_PID, LOG_USER); | | 2180 | openlog("userdel", LOG_PID, LOG_USER); |
2179 | return moduser(*argv, *argv, &u, u.u_allow_samba) ? | | 2181 | return moduser(*argv, *argv, &u, u.u_allow_samba) ? |
2180 | EXIT_SUCCESS : EXIT_FAILURE; | | 2182 | EXIT_SUCCESS : EXIT_FAILURE; |
2181 | } | | 2183 | } |
2182 | if (!rm_user_from_groups(*argv)) { | | 2184 | if (!rm_user_from_groups(*argv)) { |
2183 | return 0; | | 2185 | return 0; |
2184 | } | | 2186 | } |
2185 | openlog("userdel", LOG_PID, LOG_USER); | | 2187 | openlog("userdel", LOG_PID, LOG_USER); |
2186 | return moduser(*argv, *argv, NULL, u.u_allow_samba) ? | | 2188 | return moduser(*argv, *argv, NULL, u.u_allow_samba) ? |
2187 | EXIT_SUCCESS : EXIT_FAILURE; | | 2189 | EXIT_SUCCESS : EXIT_FAILURE; |
2188 | } | | 2190 | } |
2189 | | | 2191 | |
2190 | #ifdef EXTENSIONS | | 2192 | #ifdef EXTENSIONS |
2191 | #define GROUP_ADD_OPT_EXTENSIONS "r:v" | | 2193 | #define GROUP_ADD_OPT_EXTENSIONS "r:v" |
2192 | #else | | 2194 | #else |
2193 | #define GROUP_ADD_OPT_EXTENSIONS | | 2195 | #define GROUP_ADD_OPT_EXTENSIONS |
2194 | #endif | | 2196 | #endif |
2195 | | | 2197 | |
2196 | /* add a group */ | | 2198 | /* add a group */ |
2197 | int | | 2199 | int |
2198 | groupadd(int argc, char **argv) | | 2200 | groupadd(int argc, char **argv) |
2199 | { | | 2201 | { |
2200 | int dupgid; | | 2202 | int dupgid; |
2201 | int gid; | | 2203 | int gid; |
2202 | int c; | | 2204 | int c; |
2203 | int lowgid; | | 2205 | int lowgid; |
2204 | int highgid; | | 2206 | int highgid; |
2205 | | | 2207 | |
2206 | gid = -1; | | 2208 | gid = -1; |
2207 | dupgid = 0; | | 2209 | dupgid = 0; |
2208 | lowgid = LowGid; | | 2210 | lowgid = LowGid; |
2209 | highgid = HighGid; | | 2211 | highgid = HighGid; |
2210 | while ((c = getopt(argc, argv, "g:o" GROUP_ADD_OPT_EXTENSIONS)) != -1) { | | 2212 | while ((c = getopt(argc, argv, "g:o" GROUP_ADD_OPT_EXTENSIONS)) != -1) { |
2211 | switch(c) { | | 2213 | switch(c) { |
2212 | case 'g': | | 2214 | case 'g': |
2213 | gid = check_numeric(optarg, "gid"); | | 2215 | gid = check_numeric(optarg, "gid"); |
2214 | break; | | 2216 | break; |
2215 | case 'o': | | 2217 | case 'o': |
2216 | dupgid = 1; | | 2218 | dupgid = 1; |
2217 | break; | | 2219 | break; |
2218 | #ifdef EXTENSIONS | | 2220 | #ifdef EXTENSIONS |
2219 | case 'r': | | 2221 | case 'r': |
2220 | if (sscanf(optarg, "%d..%d", &lowgid, &highgid) != 2) { | | 2222 | if (sscanf(optarg, "%d..%d", &lowgid, &highgid) != 2) { |
2221 | errx(EXIT_FAILURE, "Bad range `%s'", optarg); | | 2223 | errx(EXIT_FAILURE, "Bad range `%s'", optarg); |
2222 | } | | 2224 | } |
2223 | break; | | 2225 | break; |
2224 | case 'v': | | 2226 | case 'v': |
2225 | verbose = 1; | | 2227 | verbose = 1; |
2226 | break; | | 2228 | break; |
2227 | #endif | | 2229 | #endif |
2228 | default: | | 2230 | default: |
2229 | usermgmt_usage("groupadd"); | | 2231 | usermgmt_usage("groupadd"); |
2230 | /* NOTREACHED */ | | 2232 | /* NOTREACHED */ |
2231 | } | | 2233 | } |
2232 | } | | 2234 | } |
2233 | argc -= optind; | | 2235 | argc -= optind; |
2234 | argv += optind; | | 2236 | argv += optind; |
2235 | if (argc != 1) { | | 2237 | if (argc != 1) { |
2236 | usermgmt_usage("groupadd"); | | 2238 | usermgmt_usage("groupadd"); |
2237 | } | | 2239 | } |
2238 | checkeuid(); | | 2240 | checkeuid(); |
2239 | if (gid < 0 && !getnextgid(&gid, lowgid, highgid)) { | | 2241 | if (gid < 0 && !getnextgid(&gid, lowgid, highgid)) { |
2240 | err(EXIT_FAILURE, "Can't add group: can't get next gid"); | | 2242 | err(EXIT_FAILURE, "Can't add group: can't get next gid"); |
2241 | } | | 2243 | } |
2242 | if (!dupgid && getgrgid((gid_t) gid) != NULL) { | | 2244 | if (!dupgid && getgrgid((gid_t) gid) != NULL) { |
2243 | errx(EXIT_FAILURE, "Can't add group: gid %d is a duplicate", | | 2245 | errx(EXIT_FAILURE, "Can't add group: gid %d is a duplicate", |
2244 | gid); | | 2246 | gid); |
2245 | } | | 2247 | } |
2246 | if (!valid_group(*argv)) { | | 2248 | if (!valid_group(*argv)) { |
2247 | warnx("Invalid group name `%s'", *argv); | | 2249 | warnx("Invalid group name `%s'", *argv); |
2248 | } | | 2250 | } |
2249 | openlog("groupadd", LOG_PID, LOG_USER); | | 2251 | openlog("groupadd", LOG_PID, LOG_USER); |
2250 | if (!creategid(*argv, gid, "")) | | 2252 | if (!creategid(*argv, gid, "")) |
2251 | exit(EXIT_FAILURE); | | 2253 | exit(EXIT_FAILURE); |
2252 | | | 2254 | |
2253 | return EXIT_SUCCESS; | | 2255 | return EXIT_SUCCESS; |
2254 | } | | 2256 | } |
2255 | | | 2257 | |
2256 | #ifdef EXTENSIONS | | 2258 | #ifdef EXTENSIONS |
2257 | #define GROUP_DEL_OPT_EXTENSIONS "v" | | 2259 | #define GROUP_DEL_OPT_EXTENSIONS "v" |
2258 | #else | | 2260 | #else |
2259 | #define GROUP_DEL_OPT_EXTENSIONS | | 2261 | #define GROUP_DEL_OPT_EXTENSIONS |
2260 | #endif | | 2262 | #endif |
2261 | | | 2263 | |
2262 | /* remove a group */ | | 2264 | /* remove a group */ |
2263 | int | | 2265 | int |
2264 | groupdel(int argc, char **argv) | | 2266 | groupdel(int argc, char **argv) |
2265 | { | | 2267 | { |
2266 | int c; | | 2268 | int c; |
2267 | | | 2269 | |
2268 | while ((c = getopt(argc, argv, "" GROUP_DEL_OPT_EXTENSIONS)) != -1) { | | 2270 | while ((c = getopt(argc, argv, "" GROUP_DEL_OPT_EXTENSIONS)) != -1) { |
2269 | switch(c) { | | 2271 | switch(c) { |
2270 | #ifdef EXTENSIONS | | 2272 | #ifdef EXTENSIONS |
2271 | case 'v': | | 2273 | case 'v': |
2272 | verbose = 1; | | 2274 | verbose = 1; |
2273 | break; | | 2275 | break; |
2274 | #endif | | 2276 | #endif |
2275 | default: | | 2277 | default: |
2276 | usermgmt_usage("groupdel"); | | 2278 | usermgmt_usage("groupdel"); |
2277 | /* NOTREACHED */ | | 2279 | /* NOTREACHED */ |
2278 | } | | 2280 | } |
2279 | } | | 2281 | } |
2280 | argc -= optind; | | 2282 | argc -= optind; |
2281 | argv += optind; | | 2283 | argv += optind; |
2282 | if (argc != 1) { | | 2284 | if (argc != 1) { |
2283 | usermgmt_usage("groupdel"); | | 2285 | usermgmt_usage("groupdel"); |
2284 | } | | 2286 | } |
2285 | if (getgrnam(*argv) == NULL) { | | 2287 | if (getgrnam(*argv) == NULL) { |
2286 | errx(EXIT_FAILURE, "No such group `%s'", *argv); | | 2288 | errx(EXIT_FAILURE, "No such group `%s'", *argv); |
2287 | } | | 2289 | } |
2288 | checkeuid(); | | 2290 | checkeuid(); |
2289 | openlog("groupdel", LOG_PID, LOG_USER); | | 2291 | openlog("groupdel", LOG_PID, LOG_USER); |
2290 | if (!modify_gid(*argv, NULL)) | | 2292 | if (!modify_gid(*argv, NULL)) |
2291 | exit(EXIT_FAILURE); | | 2293 | exit(EXIT_FAILURE); |
2292 | | | 2294 | |
2293 | return EXIT_SUCCESS; | | 2295 | return EXIT_SUCCESS; |
2294 | } | | 2296 | } |
2295 | | | 2297 | |
2296 | #ifdef EXTENSIONS | | 2298 | #ifdef EXTENSIONS |
2297 | #define GROUP_MOD_OPT_EXTENSIONS "v" | | 2299 | #define GROUP_MOD_OPT_EXTENSIONS "v" |
2298 | #else | | 2300 | #else |
2299 | #define GROUP_MOD_OPT_EXTENSIONS | | 2301 | #define GROUP_MOD_OPT_EXTENSIONS |
2300 | #endif | | 2302 | #endif |
2301 | | | 2303 | |
2302 | /* modify a group */ | | 2304 | /* modify a group */ |
2303 | int | | 2305 | int |
2304 | groupmod(int argc, char **argv) | | 2306 | groupmod(int argc, char **argv) |
2305 | { | | 2307 | { |
2306 | struct group *grp; | | 2308 | struct group *grp; |
2307 | char buf[MaxEntryLen]; | | 2309 | char buf[MaxEntryLen]; |
2308 | char *newname; | | 2310 | char *newname; |
2309 | char **cpp; | | 2311 | char **cpp; |
2310 | int dupgid; | | 2312 | int dupgid; |
2311 | int gid; | | 2313 | int gid; |
2312 | int cc; | | 2314 | int cc; |
2313 | int c; | | 2315 | int c; |
2314 | | | 2316 | |
2315 | gid = -1; | | 2317 | gid = -1; |
2316 | dupgid = 0; | | 2318 | dupgid = 0; |
2317 | newname = NULL; | | 2319 | newname = NULL; |
2318 | while ((c = getopt(argc, argv, "g:on:" GROUP_MOD_OPT_EXTENSIONS)) != -1) { | | 2320 | while ((c = getopt(argc, argv, "g:on:" GROUP_MOD_OPT_EXTENSIONS)) != -1) { |
2319 | switch(c) { | | 2321 | switch(c) { |
2320 | case 'g': | | 2322 | case 'g': |
2321 | gid = check_numeric(optarg, "gid"); | | 2323 | gid = check_numeric(optarg, "gid"); |
2322 | break; | | 2324 | break; |
2323 | case 'o': | | 2325 | case 'o': |
2324 | dupgid = 1; | | 2326 | dupgid = 1; |
2325 | break; | | 2327 | break; |
2326 | case 'n': | | 2328 | case 'n': |
2327 | memsave(&newname, optarg, strlen(optarg)); | | 2329 | memsave(&newname, optarg, strlen(optarg)); |
2328 | break; | | 2330 | break; |
2329 | #ifdef EXTENSIONS | | 2331 | #ifdef EXTENSIONS |
2330 | case 'v': | | 2332 | case 'v': |
2331 | verbose = 1; | | 2333 | verbose = 1; |
2332 | break; | | 2334 | break; |
2333 | #endif | | 2335 | #endif |
2334 | default: | | 2336 | default: |
2335 | usermgmt_usage("groupmod"); | | 2337 | usermgmt_usage("groupmod"); |
2336 | /* NOTREACHED */ | | 2338 | /* NOTREACHED */ |
2337 | } | | 2339 | } |
2338 | } | | 2340 | } |
2339 | argc -= optind; | | 2341 | argc -= optind; |
2340 | argv += optind; | | 2342 | argv += optind; |
2341 | if (argc != 1) { | | 2343 | if (argc != 1) { |
2342 | usermgmt_usage("groupmod"); | | 2344 | usermgmt_usage("groupmod"); |
2343 | } | | 2345 | } |
2344 | checkeuid(); | | 2346 | checkeuid(); |
2345 | if (gid < 0 && newname == NULL) { | | 2347 | if (gid < 0 && newname == NULL) { |
2346 | errx(EXIT_FAILURE, "Nothing to change"); | | 2348 | errx(EXIT_FAILURE, "Nothing to change"); |
2347 | } | | 2349 | } |
2348 | if (dupgid && gid < 0) { | | 2350 | if (dupgid && gid < 0) { |
2349 | errx(EXIT_FAILURE, "Duplicate which gid?"); | | 2351 | errx(EXIT_FAILURE, "Duplicate which gid?"); |
2350 | } | | 2352 | } |
2351 | if ((grp = find_group_info(*argv)) == NULL) { | | 2353 | if ((grp = find_group_info(*argv)) == NULL) { |
2352 | errx(EXIT_FAILURE, "Can't find group `%s' to modify", *argv); | | 2354 | errx(EXIT_FAILURE, "Can't find group `%s' to modify", *argv); |
2353 | } | | 2355 | } |
2354 | if (!is_local(*argv, _PATH_GROUP)) { | | 2356 | if (!is_local(*argv, _PATH_GROUP)) { |
2355 | errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv); | | 2357 | errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv); |
2356 | } | | 2358 | } |
2357 | if (newname != NULL && !valid_group(newname)) { | | 2359 | if (newname != NULL && !valid_group(newname)) { |
2358 | warnx("Invalid group name `%s'", newname); | | 2360 | warnx("Invalid group name `%s'", newname); |
2359 | } | | 2361 | } |
2360 | cc = snprintf(buf, sizeof(buf), "%s:%s:%d:", | | 2362 | cc = snprintf(buf, sizeof(buf), "%s:%s:%d:", |
2361 | (newname) ? newname : grp->gr_name, | | 2363 | (newname) ? newname : grp->gr_name, |
2362 | grp->gr_passwd, | | 2364 | grp->gr_passwd, |
2363 | (gid < 0) ? grp->gr_gid : gid); | | 2365 | (gid < 0) ? grp->gr_gid : gid); |
2364 | for (cpp = grp->gr_mem ; *cpp && cc < sizeof(buf) ; cpp++) { | | 2366 | for (cpp = grp->gr_mem ; *cpp && cc < sizeof(buf) ; cpp++) { |
2365 | cc += snprintf(&buf[cc], sizeof(buf) - cc, "%s%s", *cpp, | | 2367 | cc += snprintf(&buf[cc], sizeof(buf) - cc, "%s%s", *cpp, |
2366 | (cpp[1] == NULL) ? "" : ","); | | 2368 | (cpp[1] == NULL) ? "" : ","); |
2367 | } | | 2369 | } |
2368 | cc += snprintf(&buf[cc], sizeof(buf) - cc, "\n"); | | 2370 | cc += snprintf(&buf[cc], sizeof(buf) - cc, "\n"); |
2369 | if (newname != NULL) | | 2371 | if (newname != NULL) |
2370 | free(newname); | | 2372 | free(newname); |
2371 | openlog("groupmod", LOG_PID, LOG_USER); | | 2373 | openlog("groupmod", LOG_PID, LOG_USER); |
2372 | if (!modify_gid(*argv, buf)) | | 2374 | if (!modify_gid(*argv, buf)) |
2373 | exit(EXIT_FAILURE); | | 2375 | exit(EXIT_FAILURE); |
2374 | | | 2376 | |
2375 | return EXIT_SUCCESS; | | 2377 | return EXIT_SUCCESS; |
2376 | } | | 2378 | } |
2377 | | | 2379 | |
2378 | #ifdef EXTENSIONS | | 2380 | #ifdef EXTENSIONS |
2379 | /* display user information */ | | 2381 | /* display user information */ |
2380 | int | | 2382 | int |
2381 | userinfo(int argc, char **argv) | | 2383 | userinfo(int argc, char **argv) |
2382 | { | | 2384 | { |
2383 | struct passwd *pwp; | | 2385 | struct passwd *pwp; |
2384 | struct group *grp; | | 2386 | struct group *grp; |
2385 | char buf[MaxEntryLen]; | | 2387 | char buf[MaxEntryLen]; |
2386 | char **cpp; | | 2388 | char **cpp; |
2387 | int exists; | | 2389 | int exists; |
2388 | int cc; | | 2390 | int cc; |
2389 | int i; | | 2391 | int i; |
2390 | | | 2392 | |
2391 | exists = 0; | | 2393 | exists = 0; |
2392 | buf[0] = '\0'; | | 2394 | buf[0] = '\0'; |
2393 | while ((i = getopt(argc, argv, "e")) != -1) { | | 2395 | while ((i = getopt(argc, argv, "e")) != -1) { |
2394 | switch(i) { | | 2396 | switch(i) { |
2395 | case 'e': | | 2397 | case 'e': |
2396 | exists = 1; | | 2398 | exists = 1; |
2397 | break; | | 2399 | break; |
2398 | default: | | 2400 | default: |
2399 | usermgmt_usage("userinfo"); | | 2401 | usermgmt_usage("userinfo"); |
2400 | /* NOTREACHED */ | | 2402 | /* NOTREACHED */ |
2401 | } | | 2403 | } |
2402 | } | | 2404 | } |
2403 | argc -= optind; | | 2405 | argc -= optind; |
2404 | argv += optind; | | 2406 | argv += optind; |
2405 | if (argc != 1) { | | 2407 | if (argc != 1) { |
2406 | usermgmt_usage("userinfo"); | | 2408 | usermgmt_usage("userinfo"); |