pw/pw_group.c

   1 /*-
   2  * Copyright (C) 1996
   3  *      David L. Nugent.  All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  * 2. Redistributions in binary form must reproduce the above copyright
  11  *    notice, this list of conditions and the following disclaimer in the
  12  *    documentation and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
  15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  17  * ARE DISCLAIMED.  IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
  18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  24  * SUCH DAMAGE.
  25  */
  26
  27 #ifndef lint
  28 static const char rcsid[] =
  29   "$FreeBSD$";
  30 #endif /* not lint */
  31
  32 #include <ctype.h>
  33 #include <err.h>
  34 #include <termios.h>
  35 #include <stdbool.h>
  36 #include <unistd.h>
  37 #include <grp.h>
  38 #include <libutil.h>
  39
  40 #include "pw.h"
  41 #include "bitmap.h"
  42
  43
  44 static struct passwd *lookup_pwent(const char *user);
  45 static void     delete_members(char ***members, int *grmembers, int *i,
  46     struct carg *arg, struct group *grp);
  47 static int      print_group(struct group * grp);
  48 static gid_t    gr_gidpolicy(struct userconf * cnf, struct cargs * args);
  49
  50 int
  51 pw_group(int mode, char *name, long id, struct cargs * args)
  52 {
  53         int             rc;
  54         struct carg    *arg;
  55         struct group   *grp = NULL;
  56         int             grmembers = 0;
  57         char           **members = NULL;
  58         struct userconf *cnf = conf.userconf;
  59
  60         static struct group fakegroup =
  61         {
  62                 "nogroup",
  63                 "*",
  64                 -1,
  65                 NULL
  66         };
  67
  68         if (mode == M_LOCK || mode == M_UNLOCK)
  69                 errx(EX_USAGE, "'lock' command is not available for groups");
  70
  71         /*
  72          * With M_NEXT, we only need to return the
  73          * next gid to stdout
  74          */
  75         if (mode == M_NEXT) {
  76                 gid_t next = gr_gidpolicy(cnf, args);
  77                 if (getarg(args, 'q'))
  78                         return next;
  79                 printf("%u\n", next);
  80                 return EXIT_SUCCESS;
  81         }
  82
  83         if (mode == M_PRINT && getarg(args, 'a')) {
  84                 SETGRENT();
  85                 while ((grp = GETGRENT()) != NULL)
  86                         print_group(grp);
  87                 ENDGRENT();
  88                 return EXIT_SUCCESS;
  89         }
  90         if (id < 0 && name == NULL)
  91                 errx(EX_DATAERR, "group name or id required");
  92
  93         grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id);
  94
  95         if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) {
  96                 if (name == NULL && grp == NULL)        /* Try harder */
  97                         grp = GETGRGID(id);
  98
  99                 if (grp == NULL) {
 100                         if (mode == M_PRINT && getarg(args, 'F')) {
 101                                 char    *fmems[1];
 102                                 fmems[0] = NULL;
 103                                 fakegroup.gr_name = name ? name : "nogroup";
 104                                 fakegroup.gr_gid = (gid_t) id;
 105                                 fakegroup.gr_mem = fmems;
 106                                 return print_group(&fakegroup);
 107                         }
 108                         if (name == NULL)
 109                                 errx(EX_DATAERR, "unknown group `%s'", name);
 110                         else
 111                                 errx(EX_DATAERR, "unknown group `%ld'", id);
 112                 }
 113                 if (name == NULL)       /* Needed later */
 114                         name = grp->gr_name;
 115
 116                 /*
 117                  * Handle deletions now
 118                  */
 119                 if (mode == M_DELETE) {
 120                         rc = delgrent(grp);
 121                         if (rc == -1)
 122                                 err(EX_IOERR, "group '%s' not available (NIS?)",
 123                                     name);
 124                         else if (rc != 0) {
 125                                 err(EX_IOERR, "group update");
 126                         }
 127                         pw_log(cnf, mode, W_GROUP, "%s(%ld) removed", name, id);
 128                         return EXIT_SUCCESS;
 129                 } else if (mode == M_PRINT)
 130                         return print_group(grp);
 131
 132                 if (id > 0)
 133                         grp->gr_gid = (gid_t) id;
 134
 135                 if (conf.newname != NULL)
 136                         grp->gr_name = pw_checkname(conf.newname, 0);
 137         } else {
 138                 if (name == NULL)       /* Required */
 139                         errx(EX_DATAERR, "group name required");
 140                 else if (grp != NULL)   /* Exists */
 141                         errx(EX_DATAERR, "group name `%s' already exists", name);
 142
 143                 extendarray(&members, &grmembers, 200);
 144                 members[0] = NULL;
 145                 grp = &fakegroup;
 146                 grp->gr_name = pw_checkname(name, 0);
 147                 grp->gr_passwd = "*";
 148                 grp->gr_gid = gr_gidpolicy(cnf, args);
 149                 grp->gr_mem = members;
 150         }
 151
 152         /*
 153          * This allows us to set a group password Group passwords is an
 154          * antique idea, rarely used and insecure (no secure database) Should
 155          * be discouraged, but it is apparently still supported by some
 156          * software.
 157          */
 158
 159         if ((arg = getarg(args, 'h')) != NULL ||
 160             (arg = getarg(args, 'H')) != NULL) {
 161                 if (strcmp(arg->val, "-") == 0)
 162                         grp->gr_passwd = "*";   /* No access */
 163                 else {
 164                         int             fd = atoi(arg->val);
 165                         int             precrypt = (arg->ch == 'H');
 166                         int             b;
 167                         int             istty = isatty(fd);
 168                         struct termios  t;
 169                         char           *p, line[256];
 170
 171                         if (istty) {
 172                                 if (tcgetattr(fd, &t) == -1)
 173                                         istty = 0;
 174                                 else {
 175                                         struct termios  n = t;
 176
 177                                         /* Disable echo */
 178                                         n.c_lflag &= ~(ECHO);
 179                                         tcsetattr(fd, TCSANOW, &n);
 180                                         printf("%sassword for group %s:", (mode == M_UPDATE) ? "New p" : "P", grp->gr_name);
 181                                         fflush(stdout);
 182                                 }
 183                         }
 184                         b = read(fd, line, sizeof(line) - 1);
 185                         if (istty) {    /* Restore state */
 186                                 tcsetattr(fd, TCSANOW, &t);
 187                                 fputc('\n', stdout);
 188                                 fflush(stdout);
 189                         }
 190                         if (b < 0)
 191                                 err(EX_OSERR, "-h file descriptor");
 192                         line[b] = '\0';
 193                         if ((p = strpbrk(line, " \t\r\n")) != NULL)
 194                                 *p = '\0';
 195                         if (!*line)
 196                                 errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
 197                         if (precrypt) {
 198                                 if (strchr(line, ':') != NULL)
 199                                         return EX_DATAERR;
 200                                 grp->gr_passwd = line;
 201                         } else
 202                                 grp->gr_passwd = pw_pwcrypt(line);
 203                 }
 204         }
 205
 206         if (((arg = getarg(args, 'M')) != NULL ||
 207             (arg = getarg(args, 'd')) != NULL ||
 208             (arg = getarg(args, 'm')) != NULL) && arg->val) {
 209                 int     i = 0;
 210                 char   *p;
 211                 struct passwd   *pwd;
 212
 213                 /* Make sure this is not stay NULL with -M "" */
 214                 extendarray(&members, &grmembers, 200);
 215                 if (arg->ch == 'd')
 216                         delete_members(&members, &grmembers, &i, arg, grp);
 217                 else if (arg->ch == 'm') {
 218                         int     k = 0;
 219
 220                         if (grp->gr_mem != NULL) {
 221                                 while (grp->gr_mem[k] != NULL) {
 222                                         if (extendarray(&members, &grmembers, i + 2) != -1)
 223                                                 members[i++] = grp->gr_mem[k];
 224                                         k++;
 225                                 }
 226                         }
 227                 }
 228
 229                 if (arg->ch != 'd')
 230                         for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) {
 231                                 int     j;
 232
 233                                 /*
 234                                  * Check for duplicates
 235                                  */
 236                                 pwd = lookup_pwent(p);
 237                                 for (j = 0; j < i && strcmp(members[j], pwd->pw_name) != 0; j++)
 238                                         ;
 239                                 if (j == i && extendarray(&members, &grmembers, i + 2) != -1)
 240                                         members[i++] = newstr(pwd->pw_name);
 241                         }
 242                 while (i < grmembers)
 243                         members[i++] = NULL;
 244                 grp->gr_mem = members;
 245         }
 246
 247         if (conf.dryrun)
 248                 return print_group(grp);
 249
 250         if (mode == M_ADD && (rc = addgrent(grp)) != 0) {
 251                 if (rc == -1)
 252                         errx(EX_IOERR, "group '%s' already exists",
 253                             grp->gr_name);
 254                 else
 255                         err(EX_IOERR, "group update");
 256         } else if (mode == M_UPDATE && (rc = chggrent(name, grp)) != 0) {
 257                 if (rc == -1)
 258                         errx(EX_IOERR, "group '%s' not available (NIS?)",
 259                             grp->gr_name);
 260                 else
 261                         err(EX_IOERR, "group update");
 262         }
 263
 264         if (conf.newname != NULL)
 265                 name = conf.newname;
 266         /* grp may have been invalidated */
 267         if ((grp = GETGRNAM(name)) == NULL)
 268                 errx(EX_SOFTWARE, "group disappeared during update");
 269
 270         pw_log(cnf, mode, W_GROUP, "%s(%u)", grp->gr_name, grp->gr_gid);
 271
 272         free(members);
 273
 274         return EXIT_SUCCESS;
 275 }
 276
 277
 278 /*
 279  * Lookup a passwd entry using a name or UID.
 280  */
 281 static struct passwd *
 282 lookup_pwent(const char *user)
 283 {
 284         struct passwd *pwd;
 285
 286         if ((pwd = GETPWNAM(user)) == NULL &&
 287             (!isdigit((unsigned char)*user) ||
 288             (pwd = getpwuid((uid_t) atoi(user))) == NULL))
 289                 errx(EX_NOUSER, "user `%s' does not exist", user);
 290
 291         return (pwd);
 292 }
 293
 294
 295 /*
 296  * Delete requested members from a group.
 297  */
 298 static void
 299 delete_members(char ***members, int *grmembers, int *i, struct carg *arg,
 300     struct group *grp)
 301 {
 302         bool matchFound;
 303         char *user;
 304         char *valueCopy;
 305         char *valuePtr;
 306         int k;
 307         struct passwd *pwd;
 308
 309         if (grp->gr_mem == NULL)
 310                 return;
 311
 312         k = 0;
 313         while (grp->gr_mem[k] != NULL) {
 314                 matchFound = false;
 315                 if ((valueCopy = strdup(arg->val)) == NULL)
 316                         errx(EX_UNAVAILABLE, "out of memory");
 317                 valuePtr = valueCopy;
 318                 while ((user = strsep(&valuePtr, ", \t")) != NULL) {
 319                         pwd = lookup_pwent(user);
 320                         if (strcmp(grp->gr_mem[k], pwd->pw_name) == 0) {
 321                                 matchFound = true;
 322                                 break;
 323                         }
 324                 }
 325                 free(valueCopy);
 326
 327                 if (!matchFound &&
 328                     extendarray(members, grmembers, *i + 2) != -1)
 329                         (*members)[(*i)++] = grp->gr_mem[k];
 330
 331                 k++;
 332         }
 333
 334         return;
 335 }
 336
 337
 338 static          gid_t
 339 gr_gidpolicy(struct userconf * cnf, struct cargs * args)
 340 {
 341         struct group   *grp;
 342         gid_t           gid = (gid_t) - 1;
 343         struct carg    *a_gid = getarg(args, 'g');
 344
 345         /*
 346          * Check the given gid, if any
 347          */
 348         if (a_gid != NULL) {
 349                 gid = (gid_t) atol(a_gid->val);
 350
 351                 if ((grp = GETGRGID(gid)) != NULL && getarg(args, 'o') == NULL)
 352                         errx(EX_DATAERR, "gid `%u' has already been allocated", grp->gr_gid);
 353         } else {
 354                 struct bitmap   bm;
 355
 356                 /*
 357                  * We need to allocate the next available gid under one of
 358                  * two policies a) Grab the first unused gid b) Grab the
 359                  * highest possible unused gid
 360                  */
 361                 if (cnf->min_gid >= cnf->max_gid) {     /* Sanity claus^H^H^H^Hheck */
 362                         cnf->min_gid = 1000;
 363                         cnf->max_gid = 32000;
 364                 }
 365                 bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1);
 366
 367                 /*
 368                  * Now, let's fill the bitmap from the password file
 369                  */
 370                 SETGRENT();
 371                 while ((grp = GETGRENT()) != NULL)
 372                         if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid &&
 373                             (gid_t)grp->gr_gid <= (gid_t)cnf->max_gid)
 374                                 bm_setbit(&bm, grp->gr_gid - cnf->min_gid);
 375                 ENDGRENT();
 376
 377                 /*
 378                  * Then apply the policy, with fallback to reuse if necessary
 379                  */
 380                 if (cnf->reuse_gids)
 381                         gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
 382                 else {
 383                         gid = (gid_t) (bm_lastset(&bm) + 1);
 384                         if (!bm_isset(&bm, gid))
 385                                 gid += cnf->min_gid;
 386                         else
 387                                 gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
 388                 }
 389
 390                 /*
 391                  * Another sanity check
 392                  */
 393                 if (gid < cnf->min_gid || gid > cnf->max_gid)
 394                         errx(EX_SOFTWARE, "unable to allocate a new gid - range fully used");
 395                 bm_dealloc(&bm);
 396         }
 397         return gid;
 398 }
 399
 400
 401 static int
 402 print_group(struct group * grp)
 403 {
 404         if (!conf.pretty) {
 405                 char           *buf = NULL;
 406
 407                 buf = gr_make(grp);
 408                 printf("%s\n", buf);
 409                 free(buf);
 410         } else {
 411                 int             i;
 412
 413                 printf("Group Name: %-15s   #%lu\n"
 414                        "   Members: ",
 415                        grp->gr_name, (long) grp->gr_gid);
 416                 if (grp->gr_mem != NULL) {
 417                         for (i = 0; grp->gr_mem[i]; i++)
 418                                 printf("%s%s", i ? "," : "", grp->gr_mem[i]);
 419                 }
 420                 fputs("\n\n", stdout);
 421         }
 422         return EXIT_SUCCESS;
 423 }