/*-
* Copyright (c) 1988, 1993, 1994
* The Regents of the University of California. All rights reserved.
+ * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * Portions of this software were developed for the FreeBSD Project by
+ * ThinkSec AS and NAI Labs, the Security Research Division of Network
+ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* SUCH DAMAGE.
*/
+#if 0
#ifndef lint
-static char copyright[] =
+static const char copyright[] =
"@(#) Copyright (c) 1988, 1993, 1994\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#ifndef lint
-static char sccsid[] = "From: @(#)chpass.c 8.4 (Berkeley) 4/2/94";
-static char rcsid[] =
- "$Id: chpass.c,v 1.5 1996/02/23 14:33:05 wpaul Exp $";
+static char sccsid[] = "@(#)chpass.c 8.4 (Berkeley) 4/2/94";
#endif /* not lint */
+#endif
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/signal.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <ctype.h>
#include <err.h>
#include <errno.h>
-#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-
-#include <pw_scan.h>
-#include <pw_util.h>
-#include "pw_copy.h"
#ifdef YP
-#include <rpcsvc/yp.h>
-int yp_errno = YP_TRUE;
-#include "pw_yp.h"
+#include <ypclnt.h>
#endif
+#include <pw_scan.h>
+#include <libutil.h>
+
#include "chpass.h"
-#include "pathnames.h"
-char *tempname;
-uid_t uid;
+int master_mode;
-void baduser __P((void));
-void usage __P((void));
+static void baduser(void);
+static void usage(void);
int
-main(argc, argv)
- int argc;
- char **argv;
+main(int argc, char *argv[])
{
- enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW } op;
- struct passwd *pw, lpw;
+ enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW, NEWEXP } op;
+ struct passwd lpw, *old_pw, *pw;
int ch, pfd, tfd;
- char *arg;
+ const char *password;
+ char *arg = NULL;
+ uid_t uid;
#ifdef YP
- int force_local = 0;
- int force_yp = 0;
+ struct ypclnt *ypclnt;
+ const char *yp_domain = NULL, *yp_host = NULL;
#endif
+ pw = old_pw = NULL;
op = EDITENTRY;
#ifdef YP
- while ((ch = getopt(argc, argv, "a:p:s:d:h:oly")) != EOF)
+ while ((ch = getopt(argc, argv, "a:p:s:e:d:h:loy")) != -1)
#else
- while ((ch = getopt(argc, argv, "a:p:s:")) != EOF)
+ while ((ch = getopt(argc, argv, "a:p:s:e:")) != -1)
#endif
- switch(ch) {
+ switch (ch) {
case 'a':
op = LOADENTRY;
arg = optarg;
op = NEWPW;
arg = optarg;
break;
-#ifdef YP
- case 'h':
-#ifdef PARAMOID
- if (getuid()) {
- warnx("Only the superuser can use the -d flag");
- } else {
-#endif
- yp_server = optarg;
-#ifdef PARANOID
- }
-#endif
+ case 'e':
+ op = NEWEXP;
+ arg = optarg;
break;
+#ifdef YP
case 'd':
-#ifdef PARANOID
- if (getuid()) {
- warnx("Only the superuser can use the -d flag");
- } else {
-#endif
- yp_domain = optarg;
- if (yp_server == NULL)
- yp_server = "localhost";
-#ifdef PARANOID
- }
-#endif
- break;
- case 'l':
- if (getuid()) {
- warnx("Only the superuser can use the -h flag");
- } else {
- force_local = 1;
- }
+ yp_domain = optarg;
break;
- case 'y':
- _use_yp = force_yp = 1;
+ case 'h':
+ yp_host = optarg;
break;
+ case 'l':
case 'o':
- force_old++;
+ case 'y':
+ /* compatibility */
break;
#endif
case '?':
default:
usage();
}
+
argc -= optind;
argv += optind;
+ if (argc > 1)
+ usage();
+
uid = getuid();
- if (op == EDITENTRY || op == NEWSH || op == NEWPW)
- switch(argc) {
-#ifdef YP
- case 0:
- GETPWUID(uid)
- get_yp_master(1); /* XXX just to set the suser flag */
- break;
- case 1:
- GETPWNAM(*argv)
- get_yp_master(1); /* XXX just to set the suser flag */
-#else
- case 0:
- if (!(pw = getpwuid(uid)))
- errx(1, "unknown user: uid %u", uid);
- break;
- case 1:
- if (!(pw = getpwnam(*argv)))
+ if (op == EDITENTRY || op == NEWSH || op == NEWPW || op == NEWEXP) {
+ if (argc == 0) {
+ if ((pw = getpwuid(uid)) == NULL)
+ errx(1, "unknown user: uid %lu",
+ (unsigned long)uid);
+ } else {
+ if ((pw = getpwnam(*argv)) == NULL)
errx(1, "unknown user: %s", *argv);
-#endif
- if (uid && uid != pw->pw_uid)
+ if (uid != 0 && uid != pw->pw_uid)
baduser();
- break;
- default:
- usage();
}
+
+ /* Make a copy for later verification */
+ if ((pw = pw_dup(pw)) == NULL ||
+ (old_pw = pw_dup(pw)) == NULL)
+ err(1, "pw_dup");
+ }
+
+#ifdef YP
+ if (pw != NULL && (pw->pw_fields & _PWF_SOURCE) == _PWF_NIS) {
+ ypclnt = ypclnt_new(yp_domain, "passwd.byname", yp_host);
+ master_mode = (ypclnt != NULL &&
+ ypclnt_connect(ypclnt) != -1 &&
+ ypclnt_havepasswdd(ypclnt) == 1);
+ ypclnt_free(ypclnt);
+ } else
+#endif
+ master_mode = (uid == 0);
+
if (op == NEWSH) {
/* protect p_shell -- it thinks NULL is /bin/sh */
if (!arg[0])
usage();
- if (p_shell(arg, pw, (ENTRY *)NULL))
- pw_error((char *)NULL, 0, 1);
+ if (p_shell(arg, pw, (ENTRY *)NULL) == -1)
+ exit(1);
+ }
+
+ if (op == NEWEXP) {
+ if (uid) /* only root can change expire */
+ baduser();
+ if (p_expire(arg, pw, (ENTRY *)NULL) == -1)
+ exit(1);
}
if (op == LOADENTRY) {
if (uid)
baduser();
pw = &lpw;
- if (!pw_scan(arg, pw))
+ old_pw = NULL;
+ if (!__pw_scan(arg, pw, _PWSCAN_WARN|_PWSCAN_MASTER))
exit(1);
}
if (uid)
baduser();
- if(strchr(arg, ':')) {
+ if (strchr(arg, ':'))
errx(1, "invalid format for password");
- }
pw->pw_passwd = arg;
}
- /*
- * The temporary file/file descriptor usage is a little tricky here.
- * 1: We start off with two fd's, one for the master password
- * file (used to lock everything), and one for a temporary file.
- * 2: Display() gets an fp for the temporary file, and copies the
- * user's information into it. It then gives the temporary file
- * to the user and closes the fp, closing the underlying fd.
- * 3: The user edits the temporary file some number of times.
- * 4: Verify() gets an fp for the temporary file, and verifies the
- * contents. It can't use an fp derived from the step #2 fd,
- * because the user's editor may have created a new instance of
- * the file. Once the file is verified, its contents are stored
- * in a password structure. The verify routine closes the fp,
- * closing the underlying fd.
- * 5: Delete the temporary file.
- * 6: Get a new temporary file/fd. Pw_copy() gets an fp for it
- * file and copies the master password file into it, replacing
- * the user record with a new one. We can't use the first
- * temporary file for this because it was owned by the user.
- * Pw_copy() closes its fp, flushing the data and closing the
- * underlying file descriptor. We can't close the master
- * password fp, or we'd lose the lock.
- * 7: Call pw_mkdb() (which renames the temporary file) and exit.
- * The exit closes the master passwd fp/fd.
- */
- pw_init();
- pfd = pw_lock();
- tfd = pw_tmp();
-
if (op == EDITENTRY) {
- display(tfd, pw);
- edit(pw);
- (void)unlink(tempname);
- tfd = pw_tmp();
+ /*
+ * We don't really need pw_*() here, but pw_edit() (used
+ * by edit()) is just too useful...
+ */
+ if (pw_init(NULL, NULL))
+ err(1, "pw_init()");
+ if ((tfd = pw_tmp(-1)) == -1) {
+ pw_fini();
+ err(1, "pw_tmp()");
+ }
+ free(pw);
+ pw = edit(pw_tempname(), old_pw);
+ pw_fini();
+ if (pw == NULL)
+ err(1, "edit()");
+ /*
+ * pw_equal does not check for crypted passwords, so we
+ * should do it explicitly
+ */
+ if (pw_equal(old_pw, pw) &&
+ strcmp(old_pw->pw_passwd, pw->pw_passwd) == 0)
+ errx(0, "user information unchanged");
}
-#ifdef YP
- if (_use_yp) {
- yp_submit(pw);
- (void)unlink(tempname);
+ if (old_pw && !master_mode) {
+ password = getpass("Password: ");
+ if (strcmp(crypt(password, old_pw->pw_passwd),
+ old_pw->pw_passwd) != 0)
+ baduser();
} else {
-#endif /* YP */
- pw_copy(pfd, tfd, pw);
+ password = "";
+ }
- if (!pw_mkdb())
- pw_error((char *)NULL, 0, 1);
+ if (old_pw != NULL)
+ pw->pw_fields |= (old_pw->pw_fields & _PWF_SOURCE);
+ switch (pw->pw_fields & _PWF_SOURCE) {
#ifdef YP
- }
+ case _PWF_NIS:
+ ypclnt = ypclnt_new(yp_domain, "passwd.byname", yp_host);
+ if (ypclnt == NULL) {
+ warnx("ypclnt_new failed");
+ exit(1);
+ }
+ if (ypclnt_connect(ypclnt) == -1 ||
+ ypclnt_passwd(ypclnt, pw, password) == -1) {
+ warnx("%s", ypclnt->error);
+ ypclnt_free(ypclnt);
+ exit(1);
+ }
+ ypclnt_free(ypclnt);
+ errx(0, "NIS user information updated");
#endif /* YP */
- exit(0);
+ case 0:
+ case _PWF_FILES:
+ if (pw_init(NULL, NULL))
+ err(1, "pw_init()");
+ if ((pfd = pw_lock()) == -1) {
+ pw_fini();
+ err(1, "pw_lock()");
+ }
+ if ((tfd = pw_tmp(-1)) == -1) {
+ pw_fini();
+ err(1, "pw_tmp()");
+ }
+ if (pw_copy(pfd, tfd, pw, old_pw) == -1) {
+ pw_fini();
+ err(1, "pw_copy");
+ }
+ if (pw_mkdb(pw->pw_name) == -1) {
+ pw_fini();
+ err(1, "pw_mkdb()");
+ }
+ pw_fini();
+ errx(0, "user information updated");
+ break;
+ default:
+ errx(1, "unsupported passwd source");
+ }
}
-void
-baduser()
+static void
+baduser(void)
{
+
errx(1, "%s", strerror(EACCES));
}
-void
-usage()
+static void
+usage(void)
{
(void)fprintf(stderr,
+ "usage: chpass%s %s [user]\n",
#ifdef YP
- "usage: chpass [-l] [-y] [-d domain [-h host]] [-a list] [-p encpass] [-s shell] [user]\n");
+ " [-d domain] [-h host]",
#else
- "usage: chpass [-a list] [-p encpass] [-s shell] [user]\n");
+ "",
#endif
+ "[-a list] [-p encpass] [-s shell] [-e mmm dd yy]");
exit(1);
}
git.ckatri.com / pw-darwin.git / blobdiff