]> git.cameronkatri.com Git - pw-darwin.git/blobdiff - pw/pw_user.c
git.ckatri.com / pw-darwin.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Partially revert r367756 (chpass(1) synopsis changes)
[pw-darwin.git] / pw / pw_user.c
diff --git a/pw/pw_user.c b/pw/pw_user.c
index 1af8f814deea96a33cc8be47d35c381d09cda4d2..2eec317b5e5b55253d00fb0e887ce6b9ca743048 100644 (file)
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -1,4 +1,6 @@
 /*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
  * Copyright (C) 1996
  *     David L. Nugent.  All rights reserved.
  *
@@ -31,10 +33,9 @@ static const char rcsid[] =
 #endif /* not lint */
 
 #include <sys/param.h>
-#include <sys/resource.h>
-#include <sys/time.h>
 #include <sys/types.h>
 
+#include <assert.h>
 #include <ctype.h>
 #include <dirent.h>
 #include <err.h>
@@ -107,8 +108,10 @@ mkdir_home_parents(int dfd, const char *dir)
                errx(EX_UNAVAILABLE, "out of memory");
 
        tmp = strrchr(dirs, '/');
-       if (tmp == NULL)
+       if (tmp == NULL) {
+               free(dirs);
                return;
+       }
        tmp[0] = '\0';
 
        /*
@@ -272,7 +275,7 @@ pw_userlock(char *arg1, int mode)
        char *passtmp = NULL;
        char *name;
        bool locked = false;
-       uid_t id;
+       uid_t id = (uid_t)-1;
 
        if (geteuid() != 0)
                errx(EX_NOPERM, "you must be root");
@@ -280,15 +283,19 @@ pw_userlock(char *arg1, int mode)
        if (arg1 == NULL)
                errx(EX_DATAERR, "username or id required");
 
-       if (arg1[strspn(arg1, "0123456789")] == '\0')
-               id = pw_checkid(arg1, UID_MAX);
-       else
-               name = arg1;
+       name = arg1;
+       if (arg1[strspn(name, "0123456789")] == '\0')
+               id = pw_checkid(name, UID_MAX);
 
-       pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);
+       pwd = GETPWNAM(pw_checkname(name, 0));
+       if (pwd == NULL && id != (uid_t)-1) {
+               pwd = GETPWUID(id);
+               if (pwd != NULL)
+                       name = pwd->pw_name;
+       }
        if (pwd == NULL) {
-               if (name == NULL)
-                       errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id);
+               if (id == (uid_t)-1)
+                       errx(EX_NOUSER, "no such name or uid `%ju'", (uintmax_t) id);
                errx(EX_NOUSER, "no such user `%s'", name);
        }
 
@@ -486,6 +493,7 @@ pw_pwcrypt(char *password)
        char            salt[SALTSIZE + 1];
        char            *cryptpw;
        static char     buf[256];
+       size_t          pwlen;
 
        /*
         * Calculate a salt value
@@ -497,7 +505,9 @@ pw_pwcrypt(char *password)
        cryptpw = crypt(password, salt);
        if (cryptpw == NULL)
                errx(EX_CONFIG, "crypt(3) failure");
-       return strcpy(buf, cryptpw);
+       pwlen = strlcpy(buf, cryptpw, sizeof(buf));
+       assert(pwlen < sizeof(buf));
+       return (buf);
 }
 
 static char *
@@ -507,7 +517,9 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun)
        char            pwbuf[32];
 
        switch (cnf->default_password) {
-       case -1:                /* Random password */
+       case P_NONE:            /* No password at all! */
+               return "";
+       case P_RANDOM:                  /* Random password */
                l = (arc4random() % 8 + 8);     /* 8 - 16 chars */
                for (i = 0; i < l; i++)
                        pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)];
@@ -523,17 +535,13 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun)
                        fflush(stdout);
                }
                break;
-
-       case -2:                /* No password at all! */
-               return "";
-
-       case 0:         /* No login - default */
-       default:
-               return "*";
-
-       case 1:         /* user's name */
+       case P_YES:             /* user's name */
                strlcpy(pwbuf, user, sizeof(pwbuf));
                break;
+       case P_NO:              /* No login - default */
+                               /* FALLTHROUGH */
+       default:
+               return "*";
        }
        return pw_pwcrypt(pwbuf);
 }
@@ -581,7 +589,7 @@ print_user(struct passwd * pwd, bool pretty, bool v7)
        }
        if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL)
                strftime(acexpire, sizeof acexpire, "%c", tptr);
-               if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL)
+       if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL)
                strftime(pwexpire, sizeof pwexpire, "%c", tptr);
        printf("Login Name: %-15s   #%-12ju Group: %-15s   #%ju\n"
               " Full Name: %s\n"
@@ -624,7 +632,7 @@ pw_checkname(char *name, int gecos)
        reject = 0;
        if (gecos) {
                /* See if the name is valid as a gecos (comment) field. */
-               badchars = ":!@";
+               badchars = ":";
                showtype = "gecos field";
        } else {
                /* See if the name is valid as a userid or group. */
@@ -636,7 +644,8 @@ pw_checkname(char *name, int gecos)
        }
        if (!reject) {
                while (*ch) {
-                       if (strchr(badchars, *ch) != NULL || *ch < ' ' ||
+                       if (strchr(badchars, *ch) != NULL ||
+                           (!gecos && *ch < ' ') ||
                            *ch == 127) {
                                reject = 1;
                                break;
@@ -703,24 +712,24 @@ rmopie(char const * name)
 {
        char tmp[1014];
        FILE *fp;
-       int fd;
        size_t len;
-       off_t   atofs = 0;
-       
+       long atofs;
+       int fd;
+
        if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1)
                return;
 
        fp = fdopen(fd, "r+");
        len = strlen(name);
 
-       while (fgets(tmp, sizeof(tmp), fp) != NULL) {
+       for (atofs = 0; fgets(tmp, sizeof(tmp), fp) != NULL && atofs >= 0;
+           atofs = ftell(fp)) {
                if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') {
                        /* Comment username out */
                        if (fseek(fp, atofs, SEEK_SET) == 0)
                                fwrite("#", 1, 1, fp);
                        break;
                }
-               atofs = ftell(fp);
        }
        /*
         * If we got an error of any sort, don't update!
@@ -737,7 +746,7 @@ pw_user_next(int argc, char **argv, char *name __unused)
        bool quiet = false;
        uid_t next;
 
-       while ((ch = getopt(argc, argv, "Cq")) != -1) {
+       while ((ch = getopt(argc, argv, "C:q")) != -1) {
                switch (ch) {
                case 'C':
                        cfg = optarg;
@@ -1078,10 +1087,10 @@ split_groups(StringList **groups, char *groupsstr)
        char *p;
        char tok[] = ", \t";
 
+       if (*groups == NULL)
+               *groups = sl_init();
        for (p = strtok(groupsstr, tok); p != NULL; p = strtok(NULL, tok)) {
                grp = group_from_name_or_id(p);
-               if (*groups == NULL)
-                       *groups = sl_init();
                sl_add(*groups, newstr(grp->gr_name));
        }
 }
@@ -1113,11 +1122,20 @@ validate_mode(char *mode)
        return (m);
 }
 
+static long
+validate_expire(char *str, int opt)
+{
+       if (!numerics(str))
+               errx(EX_DATAERR, "-%c argument must be numeric "
+                    "when setting defaults: %s", (char)opt, str);
+       return strtol(str, NULL, 0);
+}
+
 static void
 mix_config(struct userconf *cmdcnf, struct userconf *cfg)
 {
 
-       if (cmdcnf->default_password == 0)
+       if (cmdcnf->default_password < 0)
                cmdcnf->default_password = cfg->default_password;
        if (cmdcnf->reuse_uids == 0)
                cmdcnf->reuse_uids = cfg->reuse_uids;
@@ -1155,9 +1173,9 @@ mix_config(struct userconf *cmdcnf, struct userconf *cfg)
                cmdcnf->min_gid = cfg->min_gid;
        if (cmdcnf->max_gid == 0)
                cmdcnf->max_gid = cfg->max_gid;
-       if (cmdcnf->expire_days == 0)
+       if (cmdcnf->expire_days < 0)
                cmdcnf->expire_days = cfg->expire_days;
-       if (cmdcnf->password_days == 0)
+       if (cmdcnf->password_days < 0)
                cmdcnf->password_days = cfg->password_days;
 }
 
@@ -1172,7 +1190,7 @@ pw_user_add(int argc, char **argv, char *arg1)
        char line[_PASSWORD_LEN+1], path[MAXPATHLEN];
        char *gecos, *homedir, *skel, *walk, *userid, *groupid, *grname;
        char *default_passwd, *name, *p;
-       const char *cfg;
+       const char *cfg = NULL;
        login_cap_t *lc;
        FILE *pfp, *fp;
        intmax_t id = -1;
@@ -1189,11 +1207,14 @@ pw_user_add(int argc, char **argv, char *arg1)
        if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL)
                err(EXIT_FAILURE, "calloc()");
 
+       cmdcnf->default_password = cmdcnf->expire_days = cmdcnf->password_days = -1; 
+       now = time(NULL);
+
        if (arg1 != NULL) {
                if (arg1[strspn(arg1, "0123456789")] == '\0')
                        id = pw_checkid(arg1, UID_MAX);
                else
-                       name = arg1;
+                       name = pw_checkname(arg1, 0);
        }
 
        while ((ch = getopt(argc, argv, args)) != -1) {
@@ -1205,7 +1226,7 @@ pw_user_add(int argc, char **argv, char *arg1)
                        quiet = true;
                        break;
                case 'n':
-                       name = optarg;
+                       name = pw_checkname(optarg, 0);
                        break;
                case 'u':
                        userid = optarg;
@@ -1217,12 +1238,16 @@ pw_user_add(int argc, char **argv, char *arg1)
                        homedir = optarg;
                        break;
                case 'e':
-                       now = time(NULL);
-                       cmdcnf->expire_days = parse_date(now, optarg);
+                       if (genconf)
+                           cmdcnf->expire_days = validate_expire(optarg, ch);
+                       else
+                           cmdcnf->expire_days = parse_date(now, optarg);
                        break;
                case 'p':
-                       now = time(NULL);
-                       cmdcnf->password_days = parse_date(now, optarg);
+                       if (genconf)
+                           cmdcnf->password_days = validate_expire(optarg, ch);
+                       else
+                           cmdcnf->password_days = parse_date(now, optarg);
                        break;
                case 'g':
                        validate_grname(cmdcnf, optarg);
@@ -1310,7 +1335,7 @@ pw_user_add(int argc, char **argv, char *arg1)
 
        mix_config(cmdcnf, cnf);
        if (default_passwd)
-               cmdcnf->default_password = boolean_val(default_passwd,
+               cmdcnf->default_password = passwd_val(default_passwd,
                    cnf->default_password);
        if (genconf) {
                if (name != NULL)
@@ -1351,14 +1376,22 @@ pw_user_add(int argc, char **argv, char *arg1)
        if (GETPWNAM(name) != NULL)
                errx(EX_DATAERR, "login name `%s' already exists", name);
 
+       if (!grname)
+               grname = cmdcnf->default_group;
+
        pwd = &fakeuser;
        pwd->pw_name = name;
        pwd->pw_class = cmdcnf->default_class ? cmdcnf->default_class : "";
        pwd->pw_uid = pw_uidpolicy(cmdcnf, id);
        pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name,
            (gid_t) pwd->pw_uid, dryrun);
-       pwd->pw_change = cmdcnf->password_days;
-       pwd->pw_expire = cmdcnf->expire_days;
+
+       /* cmdcnf->password_days and cmdcnf->expire_days hold unixtime here */
+       if (cmdcnf->password_days > 0)
+               pwd->pw_change = cmdcnf->password_days;
+       if (cmdcnf->expire_days > 0)
+               pwd->pw_expire = cmdcnf->expire_days;
+
        pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name);
        pwd->pw_shell = pw_shellpolicy(cmdcnf);
        lc = login_getpwclass(pwd);
@@ -1480,7 +1513,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
        struct group *grp;
        StringList *groups = NULL;
        char args[] = "C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:NPYy:";
-       const char *cfg;
+       const char *cfg = NULL;
        char *gecos, *homedir, *grname, *name, *newname, *walk, *skel, *shell;
        char *passwd, *class, *nispasswd;
        login_cap_t *lc;
@@ -1488,17 +1521,18 @@ pw_user_mod(int argc, char **argv, char *arg1)
        intmax_t id = -1;
        int ch, fd = -1;
        size_t i, j;
-       bool quiet, createhome, pretty, dryrun, nis, edited, docreatehome;
+       bool quiet, createhome, pretty, dryrun, nis, edited;
        bool precrypted;
        mode_t homemode = 0;
-       time_t expire_days, password_days, now;
+       time_t expire_time, password_time, now;
 
-       expire_days = password_days = -1;
+       expire_time = password_time = -1;
        gecos = homedir = grname = name = newname = skel = shell =NULL;
        passwd = NULL;
        class = nispasswd = NULL;
        quiet = createhome = pretty = dryrun = nis = precrypted = false;
-       edited = docreatehome = false;
+       edited = false;
+       now = time(NULL);
 
        if (arg1 != NULL) {
                if (arg1[strspn(arg1, "0123456789")] == '\0')
@@ -1528,12 +1562,10 @@ pw_user_mod(int argc, char **argv, char *arg1)
                        homedir = optarg;
                        break;
                case 'e':
-                       now = time(NULL);
-                       expire_days = parse_date(now, optarg);
+                       expire_time = parse_date(now, optarg);
                        break;
                case 'p':
-                       now = time(NULL);
-                       password_days = parse_date(now, optarg);
+                       password_time = parse_date(now, optarg);
                        break;
                case 'g':
                        group_from_name_or_id(optarg);
@@ -1647,7 +1679,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
                }
        }
 
-       if (id > 0 && pwd->pw_uid != id) {
+       if (id >= 0 && pwd->pw_uid != id) {
                pwd->pw_uid = id;
                edited = true;
                if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0)
@@ -1667,13 +1699,14 @@ pw_user_mod(int argc, char **argv, char *arg1)
                }
        }
 
-       if (password_days >= 0 && pwd->pw_change != password_days) {
-               pwd->pw_change = password_days;
+
+       if (password_time >= 0 && pwd->pw_change != password_time) {
+               pwd->pw_change = password_time;
                edited = true;
        }
 
-       if (expire_days >= 0 && pwd->pw_expire != expire_days) {
-               pwd->pw_expire = expire_days;
+       if (expire_time >= 0 && pwd->pw_expire != expire_time) {
+               pwd->pw_expire = expire_time;
                edited = true;
        }
 
@@ -1699,8 +1732,6 @@ pw_user_mod(int argc, char **argv, char *arg1)
                        if (!createhome)
                                warnx("WARNING: home `%s' does not exist",
                                    pwd->pw_dir);
-                       else
-                               docreatehome = true;
                } else if (!S_ISDIR(st.st_mode)) {
                        warnx("WARNING: home `%s' is not a directory",
                            pwd->pw_dir);
@@ -1712,7 +1743,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
                if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
                        warn("setting crypt(3) format");
                login_close(lc);
-               cnf->default_password = boolean_val(passwd,
+               cnf->default_password = passwd_val(passwd,
                    cnf->default_password);
                pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun);
                edited = true;
@@ -1792,7 +1823,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
         * that this also `works' for editing users if -m is used, but
         * existing files will *not* be overwritten.
         */
-       if (PWALTDIR() != PWF_ALT && docreatehome && pwd->pw_dir &&
+       if (PWALTDIR() != PWF_ALT && createhome && pwd->pw_dir &&
            *pwd->pw_dir == '/' && pwd->pw_dir[1]) {
                if (!skel)
                        skel = cnf->dotdir;
A port of FreeBSDs pw for Darwin