diff options
author | 2021-05-09 14:20:58 -0400 | |
---|---|---|
committer | 2021-05-09 14:20:58 -0400 | |
commit | 5fd83771641d15c418f747bd343ba6738d3875f7 (patch) | |
tree | 5abf0f78f680d9837dbd93d4d4c3933bb7509599 /system_cmds/pwd_mkdb.tproj | |
download | apple_cmds-5fd83771641d15c418f747bd343ba6738d3875f7.tar.gz apple_cmds-5fd83771641d15c418f747bd343ba6738d3875f7.tar.zst apple_cmds-5fd83771641d15c418f747bd343ba6738d3875f7.zip |
Import macOS userland
adv_cmds-176
basic_cmds-55
bootstrap_cmds-116.100.1
developer_cmds-66
diskdev_cmds-667.40.1
doc_cmds-53.60.1
file_cmds-321.40.3
mail_cmds-35
misc_cmds-34
network_cmds-606.40.1
patch_cmds-17
remote_cmds-63
shell_cmds-216.60.1
system_cmds-880.60.2
text_cmds-106
Diffstat (limited to 'system_cmds/pwd_mkdb.tproj')
-rw-r--r-- | system_cmds/pwd_mkdb.tproj/pw_scan.c | 160 | ||||
-rw-r--r-- | system_cmds/pwd_mkdb.tproj/pw_scan.h | 59 | ||||
-rw-r--r-- | system_cmds/pwd_mkdb.tproj/pwd_mkdb.8 | 177 | ||||
-rw-r--r-- | system_cmds/pwd_mkdb.tproj/pwd_mkdb.c | 625 |
4 files changed, 1021 insertions, 0 deletions
diff --git a/system_cmds/pwd_mkdb.tproj/pw_scan.c b/system_cmds/pwd_mkdb.tproj/pw_scan.c new file mode 100644 index 0000000..2bd8409 --- /dev/null +++ b/system_cmds/pwd_mkdb.tproj/pw_scan.c @@ -0,0 +1,160 @@ +/* $OpenBSD: passwd.c,v 1.42 2003/06/26 16:34:42 deraadt Exp $ */ + +/* + * Copyright (c) 1987, 1993, 1994, 1995 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static const char rcsid[] = "$OpenBSD: passwd.c,v 1.42 2003/06/26 16:34:42 deraadt Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <sys/wait.h> + +#include <fcntl.h> +#include <unistd.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <ctype.h> +#include <pwd.h> +#include <err.h> +#include <errno.h> +#include <paths.h> +#include <signal.h> +#include <limits.h> + +#include "util.h" +#include "pw_scan.h" + +int +pw_scan(char *bp, struct passwd *pw, int *flags) +{ + u_long id; + int root; + char *p, *sh, *p2; + + if (flags != (int *)NULL) + *flags = 0; + +#ifdef __APPLE__ + if (bp[0] == '#') { + pw->pw_name = NULL; + return(1); + } +#endif + + if (!(p = strsep(&bp, ":")) || *p == '\0') /* login */ + goto fmt; + pw->pw_name = p; + root = !strcmp(pw->pw_name, "root"); + + if (!(pw->pw_passwd = strsep(&bp, ":"))) /* passwd */ + goto fmt; + + if (!(p = strsep(&bp, ":"))) /* uid */ + goto fmt; + id = strtoul(p, &p2, 10); + if (root && id) { + warnx("root uid should be 0"); + return (0); + } + if (*p2 != '\0') { + warnx("illegal uid field"); + return (0); + } +#ifndef __APPLE__ + /* Apple's UID_MAX is too small (sizeof signed) 3091256 */ + if (id > UID_MAX) { + /* errno is set to ERANGE by strtoul(3) */ + warnx("uid greater than %u", UID_MAX-1); + return (0); + } +#endif + pw->pw_uid = (uid_t)id; + if ((*p == '\0') && (flags != (int *)NULL)) + *flags |= _PASSWORD_NOUID; + + if (!(p = strsep(&bp, ":"))) /* gid */ + goto fmt; + id = strtoul(p, &p2, 10); + if (*p2 != '\0') { + warnx("illegal gid field"); + return (0); + } +#ifndef __APPLE__ + /* Apple's UID_MAX is too small (sizeof signed) 3091256 */ + if (id > UID_MAX) { + /* errno is set to ERANGE by strtoul(3) */ + warnx("gid greater than %u", UID_MAX-1); + return (0); + } +#endif + pw->pw_gid = (gid_t)id; + if ((*p == '\0') && (flags != (int *)NULL)) + *flags |= _PASSWORD_NOGID; + + pw->pw_class = strsep(&bp, ":"); /* class */ + if (!(p = strsep(&bp, ":"))) /* change */ + goto fmt; + pw->pw_change = atol(p); + if ((*p == '\0') && (flags != (int *)NULL)) + *flags |= _PASSWORD_NOCHG; + if (!(p = strsep(&bp, ":"))) /* expire */ + goto fmt; + pw->pw_expire = atol(p); + if ((*p == '\0') && (flags != (int *)NULL)) + *flags |= _PASSWORD_NOEXP; + pw->pw_gecos = strsep(&bp, ":"); /* gecos */ + pw->pw_dir = strsep(&bp, ":"); /* directory */ + if (!(pw->pw_shell = strsep(&bp, ":"))) /* shell */ + goto fmt; + + p = pw->pw_shell; + if (root && *p) { /* empty == /bin/sh */ + for (setusershell();;) { + if (!(sh = getusershell())) { + warnx("warning, unknown root shell"); + break; + } + if (!strcmp(p, sh)) + break; + } + endusershell(); + } + + if ((p = strsep(&bp, ":"))) { /* too many */ +fmt: warnx("corrupted entry"); + return (0); + } + + return (1); +} diff --git a/system_cmds/pwd_mkdb.tproj/pw_scan.h b/system_cmds/pwd_mkdb.tproj/pw_scan.h new file mode 100644 index 0000000..357226a --- /dev/null +++ b/system_cmds/pwd_mkdb.tproj/pw_scan.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1999-2016 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * "Portions Copyright (c) 1999 Apple Computer, Inc. All Rights + * Reserved. This file contains Original Code and/or Modifications of + * Original Code as defined in and that are subject to the Apple Public + * Source License Version 1.0 (the 'License'). You may not use this file + * except in compliance with the License. Please obtain a copy of the + * License at http://www.apple.com/publicsource and read it before using + * this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the + * License for the specific language governing rights and limitations + * under the License." + * + * @APPLE_LICENSE_HEADER_END@ + */ +/*- + * Copyright (c) 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)pw_scan.h 8.1 (Berkeley) 4/1/94 + */ + +extern int pw_scan __P((char *, struct passwd *, int *)); diff --git a/system_cmds/pwd_mkdb.tproj/pwd_mkdb.8 b/system_cmds/pwd_mkdb.tproj/pwd_mkdb.8 new file mode 100644 index 0000000..1d26952 --- /dev/null +++ b/system_cmds/pwd_mkdb.tproj/pwd_mkdb.8 @@ -0,0 +1,177 @@ +.\" $OpenBSD: pwd_mkdb.8,v 1.17 2003/06/12 12:59:52 jmc Exp $ +.\" +.\" Copyright (c) 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)pwd_mkdb.8 8.1 (Berkeley) 6/6/93 +.\" +.Dd June 6, 1993 +.Dt PWD_MKDB 8 +.Os +.Sh NAME +.Nm pwd_mkdb +.Nd generate the password databases +.Sh SYNOPSIS +.Nm pwd_mkdb +.Op Fl c +.Op Fl p | Fl s +.Op Fl d Ar directory +.Op Fl u Ar username +.Ar file +.Sh DESCRIPTION +.Nm pwd_mkdb +creates +.Xr db 3 +style secure and insecure databases for the specified file. +These databases are then installed into +.Pa /etc/spwd.db +and +.Pa /etc/pwd.db , +respectively. +The file is installed into +.Pa /etc/master.passwd . +The file must be in the correct format (see +.Xr passwd 5 ) . +It is important to note that the format used in this system is +different from the historic Version 7 style format. +.Pp +The options are as follows: +.Bl -tag -width Ds +.\" ========== +.It Fl c +Check if the password file is in the correct format. +Do not change, add, or remove any files. +.\" ========== +.It Fl d Ar directory +Operate in a base directory other than the default of +.Pa /etc . +All absolute paths (including +.Ar file ) +will be made relative to +.Ar directory . +Any directories specified as a part of +.Ar file +will be stripped off. +This option is used to create password databases in directories +other than +.Pa etc ; +for instance in a +.Xr chroot 8 +jail. +.\" ========== +.It Fl p +Create a Version 7 style password file and install it into +.Pa /etc/passwd . +.\" ========== +.It Fl s +Only update the secure version of the database. +This is most commonly used in conjunction with the +.Fl u +flag during a password change. +Because the insecure database doesn't contain the password there +is no reason to update it if the only change is in the password field. +Cannot be used in conjunction with the +.Fl p +flag. +.\" ========== +.It Fl u Ar username +Only update the record for the specified user. +Utilities that operate on a single user can use this option to avoid the +overhead of rebuilding the entire database. +This option must never be used if the line number of the user's record in +.Pa /etc/master.passwd +has changed. +.\" ========== +.It Ar file +The absolute path to a file in +.Ar master.passwd +format, as described in +.Xr passwd 5 . +.El +.Pp +The two databases differ in that the secure version contains the user's +encrypted password and the insecure version has an asterisk +.Pq Sq \&* . +.Pp +The databases are used by the C library password routines (see +.Xr getpwent 3 ) . +.Pp +.Nm pwd_mkdb +exits zero on success, non-zero on failure. +.Sh FILES +.Bl -tag -width /etc/master.passwd -compact +.It Pa /etc/master.passwd +current password file +.It Pa /etc/passwd +a Version 7 format password file +.It Pa /etc/pwd.db +insecure password database file +.It Pa /etc/pwd.db.tmp +temporary file +.It Pa /etc/spwd.db +secure password database file +.It Pa /etc/spwd.db.tmp +temporary file +.El +.Sh SEE ALSO +.Xr chpass 1 , +.Xr passwd 1 , +.Xr db 3 , +.Xr getpwent 3 , +.Xr passwd 5 , +.Xr vipw 8 +.Sh STANDARDS +Previous versions of the system had a program similar to +.Nm pwd_mkdb , +.Xr mkpasswd , +which built +.Xr dbm 3 +style databases for the password file but depended on the calling programs +to install them. +The program was renamed in order that previous users of the program +not be surprised by the changes in functionality. +.Sh BUGS +Because of the necessity for atomic update of the password files, +.Nm pwd_mkdb +uses +.Xr rename 2 +to install them. +This, however, requires that the file specified on the command line live +on the same file system as the +.Pa /etc +directory. +.Pp +There are the obvious races with multiple people running +.Nm pwd_mkdb +on different password files at the same time. +The front-ends to +.Nm pwd_mkdb , +.Xr chpass 1 , +.Xr passwd 1 , +and +.Xr vipw 8 +handle the locking necessary to avoid this problem. diff --git a/system_cmds/pwd_mkdb.tproj/pwd_mkdb.c b/system_cmds/pwd_mkdb.tproj/pwd_mkdb.c new file mode 100644 index 0000000..7d02422 --- /dev/null +++ b/system_cmds/pwd_mkdb.tproj/pwd_mkdb.c @@ -0,0 +1,625 @@ +/* $OpenBSD: pwd_mkdb.c,v 1.36 2003/06/08 21:14:55 millert Exp $ */ + +/*- + * Copyright (c) 1991, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * Portions Copyright (c) 1994, Jason Downs. All rights reserved. + * Portions Copyright (c) 1998, Todd C. Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +#ifndef lint +__unused static const char copyright[] = +"@(#) Copyright (c) 1991, 1993, 1994\n\ + The Regents of the University of California. All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +#if 0 +static const char sccsid[] = "from: @(#)pwd_mkdb.c 8.5 (Berkeley) 4/20/94"; +#else +__unused static const char rcsid[] = "$OpenBSD: pwd_mkdb.c,v 1.36 2003/06/08 21:14:55 millert Exp $"; +#endif +#endif /* not lint */ + +#include <sys/param.h> +#include <sys/stat.h> + +#include <db.h> +#include <err.h> +#include <errno.h> +#include <fcntl.h> +#include <grp.h> +#include <limits.h> +#include <pwd.h> +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <util.h> +#include <sys/param.h> +#include "pw_scan.h" + +#define INSECURE 1 +#define SECURE 2 +#define PERM_INSECURE (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) +#define PERM_SECURE (S_IRUSR|S_IWUSR) + +#define FILE_SECURE 0x01 +#define FILE_INSECURE 0x02 +#define FILE_ORIG 0x04 + +#define SHADOW_GROUP "wheel" + +HASHINFO openinfo = { + .bsize = 4096, + .ffactor = 32, + .nelem = 256, + .cachesize = 2048 * 1024, + .hash = NULL, + .lorder = 0 +}; + +static char *pname; /* password file name */ +static char *basedir; /* dir holding master.passwd */ +static int clean; /* what to remove on cleanup */ +static int hasyp; /* are we running YP? */ + +void cleanup(void); +void error(char *); +void errorx(char *); +void cp(char *, char *, mode_t); +void mv(char *, char *); +int scan(FILE *, struct passwd *, int *); +void usage(void); +char *changedir(char *path, char *dir); +void db_store(FILE *, FILE *, DB *, DB *,struct passwd *, int, char *, uid_t); + +int +main(int argc, char **argv) +{ + DB *dp, *edp; + DBT data, key; + FILE *fp, *oldfp = NULL; + struct stat st; + struct passwd pwd; + struct group *grp; + sigset_t set; + uid_t olduid = UID_MAX; + gid_t shadow; + int ch, tfd, makeold, secureonly, flags, checkonly; + char *username, buf[MAX(MAXPATHLEN, LINE_MAX * 2)]; + + flags = checkonly = makeold = secureonly = 0; + username = NULL; + while ((ch = getopt(argc, argv, "cd:psu:v")) != -1) + switch (ch) { + case 'c': /* verify only */ + checkonly = 1; + break; + case 'd': + basedir = optarg; + if (strlen(basedir) > MAXPATHLEN - 40) + errx(1, "basedir too long"); + break; + case 'p': /* create V7 "file.orig" */ + makeold = 1; + break; + case 's': /* only update spwd.db */ + secureonly = 1; + break; + case 'u': /* only update this record */ + username = optarg; + if (strlen(username) > _PW_NAME_LEN) + errx(1, "username too long"); + break; + case 'v': /* backward compatible */ + break; + case '?': + default: + usage(); + } + argc -= optind; + argv += optind; + + if (argc != 1 || (makeold && secureonly) || + (username && (*username == '+' || *username == '-'))) + usage(); + + if ((grp = getgrnam(SHADOW_GROUP)) == NULL) + errx(1, "cannot find `%s' in the group database, aborting", + SHADOW_GROUP); + shadow = grp->gr_gid; + + /* + * This could be changed to allow the user to interrupt. + * Probably not worth the effort. + */ + sigemptyset(&set); + sigaddset(&set, SIGTSTP); + sigaddset(&set, SIGHUP); + sigaddset(&set, SIGINT); + sigaddset(&set, SIGQUIT); + sigaddset(&set, SIGTERM); + (void)sigprocmask(SIG_BLOCK, &set, (sigset_t *)NULL); + + /* We don't care what the user wants. */ + (void)umask(0); + + if (**argv != '/' && basedir == NULL) + errx(1, "%s must be specified as an absolute path", *argv); + + if ((pname = strdup(changedir(*argv, basedir))) == NULL) + err(1, NULL); + /* Open the original password file */ + if (!(fp = fopen(pname, "r"))) + error(pname); + + /* Check only if password database is valid */ + if (checkonly) { + u_int cnt; + + for (cnt = 1; scan(fp, &pwd, &flags); ++cnt) + ; + exit(0); + } + + if (fstat(fileno(fp), &st) == -1) + error(pname); + + /* Tweak openinfo values for large passwd files. */ + if (st.st_size > (off_t)100*1024) + openinfo.cachesize = (u_int)MIN(st.st_size * 20, (off_t)12*1024*1024); + if (st.st_size / 128 > openinfo.nelem) + openinfo.nelem = (u_int)(st.st_size / 128); + + /* If only updating a single record, stash the old uid */ + if (username) { + dp = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL); + if (dp == NULL) + error(_PATH_MP_DB); + buf[0] = _PW_KEYBYNAME; + strlcpy(buf + 1, username, sizeof(buf) - 1); + key.data = (u_char *)buf; + key.size = strlen(buf + 1) + 1; + if ((dp->get)(dp, &key, &data, 0) == 0) { + char *p = (char *)data.data; + /* Skip to uid field */ + while (*p++ != '\0') + ; + while (*p++ != '\0') + ; + memcpy(&olduid, p, sizeof(olduid)); + } else + olduid = UID_MAX; + (dp->close)(dp); + } + + /* Open the temporary encrypted password database. */ + (void)snprintf(buf, sizeof(buf), "%s.tmp", + changedir(_PATH_SMP_DB, basedir)); + if (username) { + cp(changedir(_PATH_SMP_DB, basedir), buf, PERM_SECURE); + edp = dbopen(buf, + O_RDWR, PERM_SECURE, DB_HASH, &openinfo); + } else { + edp = dbopen(buf, + O_RDWR|O_CREAT|O_EXCL, PERM_SECURE, DB_HASH, &openinfo); + } + if (!edp) + error(buf); + if (fchown(edp->fd(edp), (uid_t)-1, shadow) != 0) + warn("%s: unable to set group to %s", _PATH_SMP_DB, + SHADOW_GROUP); + else if (fchmod(edp->fd(edp), PERM_SECURE|S_IRGRP) != 0) + warn("%s: unable to make group readable", _PATH_SMP_DB); + clean |= FILE_SECURE; + + /* Open the temporary insecure password database. */ + if (!secureonly) { + (void)snprintf(buf, sizeof(buf), "%s.tmp", + changedir(_PATH_MP_DB, basedir)); + if (username) { + cp(changedir(_PATH_MP_DB, basedir), buf, PERM_INSECURE); + dp = dbopen(buf, O_RDWR, PERM_INSECURE, DB_HASH, + &openinfo); + } else { + dp = dbopen(buf, O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE, + DB_HASH, &openinfo); + } + if (dp == NULL) + error(buf); + clean |= FILE_INSECURE; + } else + dp = NULL; + + /* + * Open file for old password file. Minor trickiness -- don't want to + * chance the file already existing, since someone (stupidly) might + * still be using this for permission checking. So, open it first and + * fdopen the resulting fd. The resulting file should be readable by + * everyone. + */ + if (makeold) { + (void)snprintf(buf, sizeof(buf), "%s.orig", pname); + if ((tfd = open(buf, + O_WRONLY|O_CREAT|O_EXCL, PERM_INSECURE)) < 0) + error(buf); + if ((oldfp = fdopen(tfd, "w")) == NULL) + error(buf); + clean |= FILE_ORIG; + } + + /* + * The databases actually contain three copies of the original data. + * Each password file entry is converted into a rough approximation + * of a ``struct passwd'', with the strings placed inline. This + * object is then stored as the data for three separate keys. The + * first key * is the pw_name field prepended by the _PW_KEYBYNAME + * character. The second key is the pw_uid field prepended by the + * _PW_KEYBYUID character. The third key is the line number in the + * original file prepended by the _PW_KEYBYNUM character. (The special + * characters are prepended to ensure that the keys do not collide.) + * + * If we see something go by that looks like YP, we save a special + * pointer record, which if YP is enabled in the C lib, will speed + * things up. + */ + + /* + * Write the .db files. + * We do this three times, one per key type (for getpw{nam,uid,ent}). + * The first time through we also check for YP, issue warnings + * and save the V7 format passwd file if necessary. + */ + db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYNAME, username, olduid); + db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYUID, username, olduid); + db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYNUM, username, olduid); + + /* Store YP token, if needed. */ + if (hasyp && !username) { + key.data = (u_char *)_PW_YPTOKEN; + key.size = strlen(_PW_YPTOKEN); + data.data = (u_char *)NULL; + data.size = 0; + + if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1) + error("put"); + + if (dp && (dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1) + error("put"); + } + + if ((edp->close)(edp)) + error("close edp"); + if (dp && (dp->close)(dp)) + error("close dp"); + if (makeold) { + if (fclose(oldfp) == EOF) + error("close old"); + } + + /* Set master.passwd permissions, in case caller forgot. */ + (void)fchmod(fileno(fp), S_IRUSR|S_IWUSR); + if (fclose(fp) != 0) + error("fclose"); + + /* Install as the real password files. */ + if (!secureonly) { + (void)snprintf(buf, sizeof(buf), "%s.tmp", + changedir(_PATH_MP_DB, basedir)); + mv(buf, changedir(_PATH_MP_DB, basedir)); + } + (void)snprintf(buf, sizeof(buf), "%s.tmp", + changedir(_PATH_SMP_DB, basedir)); + mv(buf, changedir(_PATH_SMP_DB, basedir)); + if (makeold) { + (void)snprintf(buf, sizeof(buf), "%s.orig", pname); + mv(buf, changedir(_PATH_PASSWD, basedir)); + } + + /* + * Move the master password LAST -- chpass(1), passwd(1) and vipw(8) + * all use flock(2) on it to block other incarnations of themselves. + * The rename means that everything is unlocked, as the original file + * can no longer be accessed. + */ + mv(pname, changedir(_PATH_MASTERPASSWD, basedir)); + exit(0); +} + +int +scan(FILE *fp, struct passwd *pw, int *flags) +{ + static int lcnt; + static char line[LINE_MAX]; + char *p; + + if (fgets(line, sizeof(line), fp) == NULL) + return (0); + ++lcnt; + /* + * ``... if I swallow anything evil, put your fingers down my + * throat...'' + * -- The Who + */ + p = line; + if (*p != '\0' && *(p += strlen(line) - 1) != '\n') { + warnx("line too long"); + goto fmt; + } + *p = '\0'; + *flags = 0; + if (!pw_scan(line, pw, flags)) { + warnx("at line #%d", lcnt); +fmt: errno = EFTYPE; /* XXX */ + error(pname); + } + + return (1); +} + +void +cp(char *from, char *to, mode_t mode) +{ + static char buf[MAXBSIZE]; + int from_fd, to_fd; + ssize_t rcount, wcount; + + if ((from_fd = open(from, O_RDONLY, 0)) < 0) + error(from); + if ((to_fd = open(to, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) + error(to); + while ((rcount = read(from_fd, buf, MAXBSIZE)) > 0) { + wcount = write(to_fd, buf, rcount); + if (rcount != wcount || wcount == -1) { + int sverrno = errno; + + (void)snprintf(buf, sizeof(buf), "%s to %s", from, to); + errno = sverrno; + error(buf); + } + } + if (rcount < 0) { + int sverrno = errno; + + (void)snprintf(buf, sizeof(buf), "%s to %s", from, to); + errno = sverrno; + error(buf); + } +} + +void +mv(char *from, char *to) +{ + char buf[MAXPATHLEN * 2]; + + if (rename(from, to)) { + int sverrno = errno; + + (void)snprintf(buf, sizeof(buf), "%s to %s", from, to); + errno = sverrno; + error(buf); + } +} + +void +error(char *name) +{ + warn("%s", name); + cleanup(); + exit(1); +} + +void +errorx(char *name) +{ + warnx("%s", name); + cleanup(); + exit(1); +} + +void +cleanup(void) +{ + char buf[MAXPATHLEN]; + + if (clean & FILE_ORIG) { + (void)snprintf(buf, sizeof(buf), "%s.orig", pname); + (void)unlink(buf); + } + if (clean & FILE_SECURE) { + (void)snprintf(buf, sizeof(buf), "%s.tmp", + changedir(_PATH_SMP_DB, basedir)); + (void)unlink(buf); + } + if (clean & FILE_INSECURE) { + (void)snprintf(buf, sizeof(buf), "%s.tmp", + changedir(_PATH_MP_DB, basedir)); + (void)unlink(buf); + } +} + +void +usage(void) +{ + (void)fprintf(stderr, + "usage: pwd_mkdb [-c] [-p | -s] [-d basedir] [-u username] file\n"); + exit(1); +} + +char * +changedir(char *path, char *dir) +{ + static char fixed[MAXPATHLEN]; + char *p; + + if (!dir) + return (path); + + if ((p = strrchr(path, '/')) != NULL) + path = p + 1; + snprintf(fixed, sizeof(fixed), "%s/%s", dir, path); + return (fixed); +} + +void +db_store(FILE *fp, FILE *oldfp, DB *edp, DB *dp, struct passwd *pw, + int keytype, char *username, uid_t olduid) +{ + int flags = 0; + int dbmode, found = 0; + u_int cnt; + char *p, *t, buf[LINE_MAX * 2], tbuf[1024]; + DBT data, key; + size_t len; + static int firsttime = 1; + + /* If given a username just add that record to the existing db. */ + dbmode = username ? 0 : R_NOOVERWRITE; + + rewind(fp); + data.data = (u_char *)buf; + key.data = (u_char *)tbuf; + for (cnt = 1; scan(fp, pw, &flags); ++cnt) { + +#ifdef __APPLE__ + if (pw->pw_name == NULL) + continue; +#endif + + if (firsttime) { + /* Look like YP? */ + if ((pw->pw_name[0] == '+') || (pw->pw_name[0] == '-')) + hasyp++; + + /* Warn about potentially unsafe uid/gid overrides. */ + if (pw->pw_name[0] == '+') { + if (!(flags & _PASSWORD_NOUID) && !pw->pw_uid) + warnx("line %d: superuser override in " + "YP inclusion", cnt); + if (!(flags & _PASSWORD_NOGID) && !pw->pw_gid) + warnx("line %d: wheel override in " + "YP inclusion", cnt); + } + + /* Create V7 format password file entry. */ + if (oldfp != NULL) + if (fprintf(oldfp, "%s:*:%u:%u:%s:%s:%s\n", + pw->pw_name, pw->pw_uid, pw->pw_gid, + pw->pw_gecos, pw->pw_dir, pw->pw_shell) + == EOF) + error("write old"); + } + + /* Are we updating a specific record? */ + if (username) { + if (strcmp(username, pw->pw_name) != 0) + continue; + found = 1; + /* If the uid changed, remove the old record by uid. */ + if (olduid != UID_MAX && olduid != pw->pw_uid) { + tbuf[0] = _PW_KEYBYUID; + memcpy(tbuf + 1, &olduid, sizeof(olduid)); + key.size = sizeof(olduid) + 1; + (edp->del)(edp, &key, 0); + if (dp) + (dp->del)(dp, &key, 0); + } + /* XXX - should check to see if line number changed. */ + } + + /* Build the key. */ + tbuf[0] = keytype; + switch (keytype) { + case _PW_KEYBYNUM: + memmove(tbuf + 1, &cnt, sizeof(cnt)); + key.size = sizeof(cnt) + 1; + break; + + case _PW_KEYBYNAME: + len = strlen(pw->pw_name); + memmove(tbuf + 1, pw->pw_name, len); + key.size = len + 1; + break; + + case _PW_KEYBYUID: + memmove(tbuf + 1, &pw->pw_uid, sizeof(pw->pw_uid)); + key.size = sizeof(pw->pw_uid) + 1; + break; + } + +#define COMPACT(e) t = e; while ((*p++ = *t++)); + /* Create the secure record. */ + p = buf; + COMPACT(pw->pw_name); + COMPACT(pw->pw_passwd); + memmove(p, &pw->pw_uid, sizeof(uid_t)); + p += sizeof(uid_t); + memmove(p, &pw->pw_gid, sizeof(gid_t)); + p += sizeof(gid_t); + memmove(p, &pw->pw_change, sizeof(time_t)); + p += sizeof(time_t); + COMPACT(pw->pw_class); + COMPACT(pw->pw_gecos); + COMPACT(pw->pw_dir); + COMPACT(pw->pw_shell); + memmove(p, &pw->pw_expire, sizeof(time_t)); + p += sizeof(time_t); + memmove(p, &flags, sizeof(int)); + p += sizeof(int); + data.size = p - buf; + + /* Write the secure record. */ + if ((edp->put)(edp, &key, &data, dbmode) == -1) + error("put"); + + if (dp == NULL) + continue; + + /* Star out password to make insecure record. */ + p = buf + strlen(pw->pw_name) + 1; /* skip pw_name */ + len = strlen(pw->pw_passwd); + memset(p, 0, len); /* zero pw_passwd */ + t = p + len + 1; /* skip pw_passwd */ + if (len != 0) + *p++ = '*'; + *p++ = '\0'; + memmove(p, t, data.size - (t - buf)); + data.size -= len - 1; + + /* Write the insecure record. */ + if ((dp->put)(dp, &key, &data, dbmode) == -1) + error("put"); + } + if (firsttime) { + firsttime = 0; + if (username && !found && olduid != UID_MAX) + errorx("can't find user in master.passwd"); + } +} |