]>
git.cameronkatri.com Git - pw-darwin.git/blob - pw/pw_group.c
3 * David L. Nugent. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 static const char rcsid
[] =
44 static struct passwd
*lookup_pwent(const char *user
);
45 static void delete_members(char ***members
, int *grmembers
, int *i
,
46 struct carg
*arg
, struct group
*grp
);
47 static int print_group(struct group
* grp
);
48 static gid_t
gr_gidpolicy(struct userconf
* cnf
, struct cargs
* args
);
51 pw_group(int mode
, char *name
, long id
, struct cargs
* args
)
54 struct carg
*a_newname
= getarg(args
, 'l');
56 struct group
*grp
= NULL
;
58 char **members
= NULL
;
59 struct userconf
*cnf
= conf
.userconf
;
61 static struct group fakegroup
=
69 if (mode
== M_LOCK
|| mode
== M_UNLOCK
)
70 errx(EX_USAGE
, "'lock' command is not available for groups");
73 * With M_NEXT, we only need to return the
77 gid_t next
= gr_gidpolicy(cnf
, args
);
78 if (getarg(args
, 'q'))
84 if (mode
== M_PRINT
&& getarg(args
, 'a')) {
86 while ((grp
= GETGRENT()) != NULL
)
91 if (id
< 0 && name
== NULL
)
92 errx(EX_DATAERR
, "group name or id required");
94 grp
= (name
!= NULL
) ? GETGRNAM(name
) : GETGRGID(id
);
96 if (mode
== M_UPDATE
|| mode
== M_DELETE
|| mode
== M_PRINT
) {
97 if (name
== NULL
&& grp
== NULL
) /* Try harder */
101 if (mode
== M_PRINT
&& getarg(args
, 'F')) {
104 fakegroup
.gr_name
= name
? name
: "nogroup";
105 fakegroup
.gr_gid
= (gid_t
) id
;
106 fakegroup
.gr_mem
= fmems
;
107 return print_group(&fakegroup
);
110 errx(EX_DATAERR
, "unknown group `%s'", name
);
112 errx(EX_DATAERR
, "unknown group `%ld'", id
);
114 if (name
== NULL
) /* Needed later */
118 * Handle deletions now
120 if (mode
== M_DELETE
) {
123 err(EX_IOERR
, "group '%s' not available (NIS?)",
126 err(EX_IOERR
, "group update");
128 pw_log(cnf
, mode
, W_GROUP
, "%s(%ld) removed", name
, id
);
130 } else if (mode
== M_PRINT
)
131 return print_group(grp
);
134 grp
->gr_gid
= (gid_t
) id
;
136 if (a_newname
!= NULL
)
137 grp
->gr_name
= pw_checkname(a_newname
->val
, 0);
139 if (name
== NULL
) /* Required */
140 errx(EX_DATAERR
, "group name required");
141 else if (grp
!= NULL
) /* Exists */
142 errx(EX_DATAERR
, "group name `%s' already exists", name
);
144 extendarray(&members
, &grmembers
, 200);
147 grp
->gr_name
= pw_checkname(name
, 0);
148 grp
->gr_passwd
= "*";
149 grp
->gr_gid
= gr_gidpolicy(cnf
, args
);
150 grp
->gr_mem
= members
;
154 * This allows us to set a group password Group passwords is an
155 * antique idea, rarely used and insecure (no secure database) Should
156 * be discouraged, but it is apparently still supported by some
160 if ((arg
= getarg(args
, 'h')) != NULL
||
161 (arg
= getarg(args
, 'H')) != NULL
) {
162 if (strcmp(arg
->val
, "-") == 0)
163 grp
->gr_passwd
= "*"; /* No access */
165 int fd
= atoi(arg
->val
);
166 int precrypt
= (arg
->ch
== 'H');
168 int istty
= isatty(fd
);
173 if (tcgetattr(fd
, &t
) == -1)
176 struct termios n
= t
;
179 n
.c_lflag
&= ~(ECHO
);
180 tcsetattr(fd
, TCSANOW
, &n
);
181 printf("%sassword for group %s:", (mode
== M_UPDATE
) ? "New p" : "P", grp
->gr_name
);
185 b
= read(fd
, line
, sizeof(line
) - 1);
186 if (istty
) { /* Restore state */
187 tcsetattr(fd
, TCSANOW
, &t
);
192 err(EX_OSERR
, "-h file descriptor");
194 if ((p
= strpbrk(line
, " \t\r\n")) != NULL
)
197 errx(EX_DATAERR
, "empty password read on file descriptor %d", fd
);
199 if (strchr(line
, ':') != NULL
)
201 grp
->gr_passwd
= line
;
203 grp
->gr_passwd
= pw_pwcrypt(line
);
207 if (((arg
= getarg(args
, 'M')) != NULL
||
208 (arg
= getarg(args
, 'd')) != NULL
||
209 (arg
= getarg(args
, 'm')) != NULL
) && arg
->val
) {
214 /* Make sure this is not stay NULL with -M "" */
215 extendarray(&members
, &grmembers
, 200);
217 delete_members(&members
, &grmembers
, &i
, arg
, grp
);
218 else if (arg
->ch
== 'm') {
221 if (grp
->gr_mem
!= NULL
) {
222 while (grp
->gr_mem
[k
] != NULL
) {
223 if (extendarray(&members
, &grmembers
, i
+ 2) != -1)
224 members
[i
++] = grp
->gr_mem
[k
];
231 for (p
= strtok(arg
->val
, ", \t"); p
!= NULL
; p
= strtok(NULL
, ", \t")) {
235 * Check for duplicates
237 pwd
= lookup_pwent(p
);
238 for (j
= 0; j
< i
&& strcmp(members
[j
], pwd
->pw_name
) != 0; j
++)
240 if (j
== i
&& extendarray(&members
, &grmembers
, i
+ 2) != -1)
241 members
[i
++] = newstr(pwd
->pw_name
);
243 while (i
< grmembers
)
245 grp
->gr_mem
= members
;
249 return print_group(grp
);
251 if (mode
== M_ADD
&& (rc
= addgrent(grp
)) != 0) {
253 errx(EX_IOERR
, "group '%s' already exists",
256 err(EX_IOERR
, "group update");
257 } else if (mode
== M_UPDATE
&& (rc
= chggrent(name
, grp
)) != 0) {
259 errx(EX_IOERR
, "group '%s' not available (NIS?)",
262 err(EX_IOERR
, "group update");
265 if (a_newname
!= NULL
)
266 name
= a_newname
->val
;
267 /* grp may have been invalidated */
268 if ((grp
= GETGRNAM(name
)) == NULL
)
269 errx(EX_SOFTWARE
, "group disappeared during update");
271 pw_log(cnf
, mode
, W_GROUP
, "%s(%u)", grp
->gr_name
, grp
->gr_gid
);
280 * Lookup a passwd entry using a name or UID.
282 static struct passwd
*
283 lookup_pwent(const char *user
)
287 if ((pwd
= GETPWNAM(user
)) == NULL
&&
288 (!isdigit((unsigned char)*user
) ||
289 (pwd
= getpwuid((uid_t
) atoi(user
))) == NULL
))
290 errx(EX_NOUSER
, "user `%s' does not exist", user
);
297 * Delete requested members from a group.
300 delete_members(char ***members
, int *grmembers
, int *i
, struct carg
*arg
,
310 if (grp
->gr_mem
== NULL
)
314 while (grp
->gr_mem
[k
] != NULL
) {
316 if ((valueCopy
= strdup(arg
->val
)) == NULL
)
317 errx(EX_UNAVAILABLE
, "out of memory");
318 valuePtr
= valueCopy
;
319 while ((user
= strsep(&valuePtr
, ", \t")) != NULL
) {
320 pwd
= lookup_pwent(user
);
321 if (strcmp(grp
->gr_mem
[k
], pwd
->pw_name
) == 0) {
329 extendarray(members
, grmembers
, *i
+ 2) != -1)
330 (*members
)[(*i
)++] = grp
->gr_mem
[k
];
340 gr_gidpolicy(struct userconf
* cnf
, struct cargs
* args
)
343 gid_t gid
= (gid_t
) - 1;
344 struct carg
*a_gid
= getarg(args
, 'g');
347 * Check the given gid, if any
350 gid
= (gid_t
) atol(a_gid
->val
);
352 if ((grp
= GETGRGID(gid
)) != NULL
&& getarg(args
, 'o') == NULL
)
353 errx(EX_DATAERR
, "gid `%u' has already been allocated", grp
->gr_gid
);
358 * We need to allocate the next available gid under one of
359 * two policies a) Grab the first unused gid b) Grab the
360 * highest possible unused gid
362 if (cnf
->min_gid
>= cnf
->max_gid
) { /* Sanity claus^H^H^H^Hheck */
364 cnf
->max_gid
= 32000;
366 bm
= bm_alloc(cnf
->max_gid
- cnf
->min_gid
+ 1);
369 * Now, let's fill the bitmap from the password file
372 while ((grp
= GETGRENT()) != NULL
)
373 if ((gid_t
)grp
->gr_gid
>= (gid_t
)cnf
->min_gid
&&
374 (gid_t
)grp
->gr_gid
<= (gid_t
)cnf
->max_gid
)
375 bm_setbit(&bm
, grp
->gr_gid
- cnf
->min_gid
);
379 * Then apply the policy, with fallback to reuse if necessary
382 gid
= (gid_t
) (bm_firstunset(&bm
) + cnf
->min_gid
);
384 gid
= (gid_t
) (bm_lastset(&bm
) + 1);
385 if (!bm_isset(&bm
, gid
))
388 gid
= (gid_t
) (bm_firstunset(&bm
) + cnf
->min_gid
);
392 * Another sanity check
394 if (gid
< cnf
->min_gid
|| gid
> cnf
->max_gid
)
395 errx(EX_SOFTWARE
, "unable to allocate a new gid - range fully used");
403 print_group(struct group
* grp
)
414 printf("Group Name: %-15s #%lu\n"
416 grp
->gr_name
, (long) grp
->gr_gid
);
417 if (grp
->gr_mem
!= NULL
) {
418 for (i
= 0; grp
->gr_mem
[i
]; i
++)
419 printf("%s%s", i
? "," : "", grp
->gr_mem
[i
]);
421 fputs("\n\n", stdout
);
git.ckatri.com / pw-darwin.git / blob