* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
#include <sys/stat.h>
#include <sys/wait.h>
-#include <err.h>
#include <ctype.h>
+#include <err.h>
#include <fcntl.h>
#include <inttypes.h>
-#include <libgen.h>
#include <paths.h>
#include <pwd.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
-#include <libutil.h>
+#include "libutil.h"
static pid_t editpid = -1;
static int lockfd = -1;
static char tempname[PATH_MAX];
static int initialized;
+#if 0
void
pw_cont(int sig)
{
if (editpid != -1)
kill(editpid, sig);
}
+#endif
/*
* Initialize statics and set limits, signals & umask to try to avoid
if (dir == NULL) {
strcpy(passwd_dir, _PATH_ETC);
} else {
- if (strlen(dir) >= sizeof passwd_dir) {
+ if (strlen(dir) >= sizeof(passwd_dir)) {
errno = ENAMETOOLONG;
return (-1);
}
if (master == NULL) {
if (dir == NULL) {
strcpy(masterpasswd, _PATH_MASTERPASSWD);
- } else if (snprintf(masterpasswd, sizeof masterpasswd, "%s/%s",
- passwd_dir, _MASTERPASSWD) > sizeof masterpasswd) {
+ } else if (snprintf(masterpasswd, sizeof(masterpasswd), "%s/%s",
+ passwd_dir, _MASTERPASSWD) > (int)sizeof(masterpasswd)) {
errno = ENAMETOOLONG;
return (-1);
}
} else {
- if (strlen(master) >= sizeof masterpasswd) {
+ if (strlen(master) >= sizeof(masterpasswd)) {
errno = ENAMETOOLONG;
return (-1);
}
for (;;) {
struct stat st;
- lockfd = open(masterpasswd, O_RDONLY, 0);
- if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1)
- err(1, "%s", masterpasswd);
- /* XXX vulnerable to race conditions */
- if (flock(lockfd, LOCK_EX|LOCK_NB))
- errx(1, "the password db file is busy");
+ lockfd = flopen(masterpasswd, O_RDONLY|O_NONBLOCK|O_CLOEXEC, 0);
+ if (lockfd == -1) {
+ if (errno == EWOULDBLOCK) {
+ errx(1, "the password db file is busy");
+ } else {
+ err(1, "could not lock the passwd file: ");
+ }
+ }
/*
* If the password file was replaced while we were trying to
* get the lock, our hardlink count will be 0 and we have to
* close and retry.
*/
- if (fstat(lockfd, &st) < 0)
- errx(1, "fstat() failed");
+ if (fstat(lockfd, &st) == -1)
+ err(1, "fstat() failed: ");
if (st.st_nlink != 0)
break;
close(lockfd);
pw_tmp(int mfd)
{
char buf[8192];
- ssize_t nr, nw;
+ ssize_t nr;
const char *p;
int tfd;
++p;
else
p = masterpasswd;
- if (snprintf(tempname, sizeof tempname, "%.*spw.XXXXXX",
- (int)(p - masterpasswd), masterpasswd) >= sizeof tempname) {
+ if (snprintf(tempname, sizeof(tempname), "%.*spw.XXXXXX",
+ (int)(p - masterpasswd), masterpasswd) >= (int)sizeof(tempname)) {
errno = ENAMETOOLONG;
return (-1);
}
- if ((tfd = mkstemp(tempname)) == -1)
+ if ((tfd = mkostemp(tempname, O_SYNC)) == -1)
return (-1);
if (mfd != -1) {
- while ((nr = read(mfd, buf, sizeof buf)) > 0)
- if ((nw = write(tfd, buf, nr)) != nr)
+ while ((nr = read(mfd, buf, sizeof(buf))) > 0)
+ if (write(tfd, buf, (size_t)nr) != nr)
break;
if (nr != 0) {
unlink(tempname);
/* child */
if (user == NULL)
execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p",
- "-d", passwd_dir, tempname, NULL);
+ "-d", passwd_dir, tempname, (char *)NULL);
else
execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p",
- "-d", passwd_dir, "-u", user, tempname, NULL);
+ "-d", passwd_dir, "-u", user, tempname,
+ (char *)NULL);
_exit(1);
+ /* NOTREACHED */
default:
/* parent */
break;
int
pw_edit(int notsetuid)
{
+ struct sigaction sa, sa_int, sa_quit;
+ sigset_t oldsigset, nsigset;
struct stat st1, st2;
const char *editor;
int pstat;
editor = _PATH_VI;
if (stat(tempname, &st1) == -1)
return (-1);
+ sa.sa_handler = SIG_IGN;
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = 0;
+ sigaction(SIGINT, &sa, &sa_int);
+ sigaction(SIGQUIT, &sa, &sa_quit);
+ sigemptyset(&nsigset);
+ sigaddset(&nsigset, SIGCHLD);
+ sigprocmask(SIG_BLOCK, &nsigset, &oldsigset);
switch ((editpid = fork())) {
case -1:
return (-1);
case 0:
- /* child */
+ sigaction(SIGINT, &sa_int, NULL);
+ sigaction(SIGQUIT, &sa_quit, NULL);
+ sigprocmask(SIG_SETMASK, &oldsigset, NULL);
if (notsetuid) {
(void)setgid(getgid());
(void)setuid(getuid());
}
errno = 0;
- execlp(editor, basename(editor), tempname, NULL);
+ execlp(editor, editor, tempname, (char *)NULL);
_exit(errno);
default:
/* parent */
break;
}
for (;;) {
- editpid = waitpid(editpid, &pstat, WUNTRACED);
- if (editpid == -1) {
+ if (waitpid(editpid, &pstat, WUNTRACED) == -1) {
+ if (errno == EINTR)
+ continue;
unlink(tempname);
- return (-1);
+ editpid = -1;
+ break;
} else if (WIFSTOPPED(pstat)) {
raise(WSTOPSIG(pstat));
} else if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0) {
break;
} else {
unlink(tempname);
- *tempname = '\0';
editpid = -1;
- return (-1);
+ break;
}
}
+ sigaction(SIGINT, &sa_int, NULL);
+ sigaction(SIGQUIT, &sa_quit, NULL);
+ sigprocmask(SIG_SETMASK, &oldsigset, NULL);
if (stat(tempname, &st2) == -1)
return (-1);
- return (st1.st_mtime != st2.st_mtime);
+ return (st1.st_mtim.tv_sec != st2.st_mtim.tv_sec ||
+ st1.st_mtim.tv_nsec != st2.st_mtim.tv_nsec);
}
/*
* Compares two struct pwds.
*/
int
-pw_equal(struct passwd *pw1, struct passwd *pw2)
+pw_equal(const struct passwd *pw1, const struct passwd *pw2)
{
return (strcmp(pw1->pw_name, pw2->pw_name) == 0 &&
pw1->pw_uid == pw2->pw_uid &&
* Make a passwd line out of a struct passwd.
*/
char *
-pw_make(struct passwd *pw)
+pw_make(const struct passwd *pw)
{
char *line;
pw->pw_passwd, (uintmax_t)pw->pw_uid, (uintmax_t)pw->pw_gid,
pw->pw_class, (uintmax_t)pw->pw_change, (uintmax_t)pw->pw_expire,
pw->pw_gecos, pw->pw_dir, pw->pw_shell);
- return line;
+ return (line);
}
/*
- * Copy password file from one descriptor to another, replacing or adding
- * a single record on the way.
+ * Make a passwd line (in v7 format) out of a struct passwd
+ */
+char *
+pw_make_v7(const struct passwd *pw)
+{
+ char *line;
+
+ asprintf(&line, "%s:*:%ju:%ju:%s:%s:%s", pw->pw_name,
+ (uintmax_t)pw->pw_uid, (uintmax_t)pw->pw_gid,
+ pw->pw_gecos, pw->pw_dir, pw->pw_shell);
+ return (line);
+}
+
+/*
+ * Copy password file from one descriptor to another, replacing, deleting
+ * or adding a single record on the way.
*/
int
-pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw)
+pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
{
char buf[8192], *end, *line, *p, *q, *r, t;
struct passwd *fpw;
- ssize_t len;
- int eof;
+ const struct passwd *spw;
+ size_t len;
+ int eof, readlen;
- if ((line = pw_make(pw)) == NULL)
- return (-1);
+ if (old_pw == NULL && pw == NULL)
+ return (-1);
+
+ spw = old_pw;
+ /* deleting a user */
+ if (pw == NULL) {
+ line = NULL;
+ } else {
+ if ((line = pw_make(pw)) == NULL)
+ return (-1);
+ }
+
+ /* adding a user */
+ if (spw == NULL)
+ spw = pw;
eof = 0;
len = 0;
if (q >= end) {
if (eof)
break;
- if (q - p >= sizeof buf) {
+ if ((size_t)(q - p) >= sizeof(buf)) {
warnx("passwd line too long");
errno = EINVAL; /* hack */
goto err;
} else {
p = q = end = buf;
}
- len = read(ffd, end, sizeof buf - (end - buf));
- if (len == -1)
+ readlen = read(ffd, end, sizeof(buf) - (end - buf));
+ if (readlen == -1)
goto err;
+ else
+ len = (size_t)readlen;
if (len == 0 && p == buf)
break;
end += len;
len = end - buf;
- if (len < sizeof buf) {
+ if (len < (ssize_t)sizeof(buf)) {
eof = 1;
if (len > 0 && buf[len - 1] != '\n')
++len, *end++ = '\n';
}
/* is it the one we're looking for? */
+
t = *q;
*q = '\0';
+
fpw = pw_scan(r, PWSCAN_MASTER);
+
+ /*
+ * fpw is either the struct passwd for the current line,
+ * or NULL if the line is malformed.
+ */
+
*q = t;
- if (old_pw == NULL || !pw_equal(pw, old_pw)) {
+ if (fpw == NULL || strcmp(fpw->pw_name, spw->pw_name) != 0) {
/* nope */
- free(fpw);
+ if (fpw != NULL)
+ free(fpw);
if (write(tfd, p, q - p + 1) != q - p + 1)
goto err;
++q;
continue;
}
- free(fpw);
-
- /* it is, replace it */
- len = strlen(line);
- if (write(tfd, line, len) != len)
+ if (old_pw && !pw_equal(fpw, old_pw)) {
+ warnx("entry inconsistent");
+ free(fpw);
+ errno = EINVAL; /* hack */
goto err;
+ }
+ free(fpw);
+ /* it is, replace or remove it */
+ if (line != NULL) {
+ len = strlen(line);
+ if (write(tfd, line, len) != (int)len)
+ goto err;
+ } else {
+ /* when removed, avoid the \n */
+ q++;
+ }
/* we're done, just copy the rest over */
for (;;) {
if (write(tfd, q, end - q) != end - q)
goto err;
q = buf;
- len = read(ffd, buf, sizeof buf);
- if (len == 0)
+ readlen = read(ffd, buf, sizeof(buf));
+ if (readlen == 0)
break;
- if (len == -1)
+ else
+ len = (size_t)readlen;
+ if (readlen == -1)
goto err;
end = buf + len;
}
goto done;
}
- /* if we got here, we have a new entry */
+ /* if we got here, we didn't find the old entry */
+ if (line == NULL) {
+ errno = ENOENT;
+ goto err;
+ }
len = strlen(line);
- if (write(tfd, line, len) != len)
+ if ((size_t)write(tfd, line, len) != len ||
+ write(tfd, "\n", 1) != 1)
goto err;
done:
- free(line);
+ if (line != NULL)
+ free(line);
return (0);
err:
- free(line);
+ if (line != NULL)
+ free(line);
return (-1);
}
* Duplicate a struct passwd.
*/
struct passwd *
-pw_dup(struct passwd *pw)
+pw_dup(const struct passwd *pw)
{
+ char *dst;
struct passwd *npw;
- size_t len;
+ ssize_t len;
- len = sizeof *npw +
- (pw->pw_name ? strlen(pw->pw_name) + 1 : 0) +
- (pw->pw_passwd ? strlen(pw->pw_passwd) + 1 : 0) +
- (pw->pw_class ? strlen(pw->pw_class) + 1 : 0) +
- (pw->pw_gecos ? strlen(pw->pw_gecos) + 1 : 0) +
- (pw->pw_dir ? strlen(pw->pw_dir) + 1 : 0) +
- (pw->pw_shell ? strlen(pw->pw_shell) + 1 : 0);
- if ((npw = malloc(len)) == NULL)
+ len = sizeof(*npw);
+ if (pw->pw_name != NULL)
+ len += strlen(pw->pw_name) + 1;
+ if (pw->pw_passwd != NULL)
+ len += strlen(pw->pw_passwd) + 1;
+ if (pw->pw_class != NULL)
+ len += strlen(pw->pw_class) + 1;
+ if (pw->pw_gecos != NULL)
+ len += strlen(pw->pw_gecos) + 1;
+ if (pw->pw_dir != NULL)
+ len += strlen(pw->pw_dir) + 1;
+ if (pw->pw_shell != NULL)
+ len += strlen(pw->pw_shell) + 1;
+ if ((npw = malloc((size_t)len)) == NULL)
return (NULL);
- memcpy(npw, pw, sizeof *npw);
- len = sizeof *npw;
- if (pw->pw_name) {
- npw->pw_name = ((char *)npw) + len;
- len += sprintf(npw->pw_name, "%s", pw->pw_name) + 1;
+ memcpy(npw, pw, sizeof(*npw));
+ dst = (char *)npw + sizeof(*npw);
+ if (pw->pw_name != NULL) {
+ npw->pw_name = dst;
+ dst = stpcpy(npw->pw_name, pw->pw_name) + 1;
}
- if (pw->pw_passwd) {
- npw->pw_passwd = ((char *)npw) + len;
- len += sprintf(npw->pw_passwd, "%s", pw->pw_passwd) + 1;
+ if (pw->pw_passwd != NULL) {
+ npw->pw_passwd = dst;
+ dst = stpcpy(npw->pw_passwd, pw->pw_passwd) + 1;
}
- if (pw->pw_class) {
- npw->pw_class = ((char *)npw) + len;
- len += sprintf(npw->pw_class, "%s", pw->pw_class) + 1;
+ if (pw->pw_class != NULL) {
+ npw->pw_class = dst;
+ dst = stpcpy(npw->pw_class, pw->pw_class) + 1;
}
- if (pw->pw_gecos) {
- npw->pw_gecos = ((char *)npw) + len;
- len += sprintf(npw->pw_gecos, "%s", pw->pw_gecos) + 1;
+ if (pw->pw_gecos != NULL) {
+ npw->pw_gecos = dst;
+ dst = stpcpy(npw->pw_gecos, pw->pw_gecos) + 1;
}
- if (pw->pw_dir) {
- npw->pw_dir = ((char *)npw) + len;
- len += sprintf(npw->pw_dir, "%s", pw->pw_dir) + 1;
+ if (pw->pw_dir != NULL) {
+ npw->pw_dir = dst;
+ dst = stpcpy(npw->pw_dir, pw->pw_dir) + 1;
}
- if (pw->pw_shell) {
- npw->pw_shell = ((char *)npw) + len;
- len += sprintf(npw->pw_shell, "%s", pw->pw_shell) + 1;
+ if (pw->pw_shell != NULL) {
+ npw->pw_shell = dst;
+ dst = stpcpy(npw->pw_shell, pw->pw_shell) + 1;
}
return (npw);
}
git.ckatri.com / pw-darwin.git / blobdiff