X-Git-Url: https://git.cameronkatri.com/pw-darwin.git/blobdiff_plain/c3a9c71d1da3d5ff0359720aa43aa8c3d74327b9..f3dab068fce37270e5e4e1a00e5a44e30f00baf7:/libutil/pw_util.c?ds=sidebyside diff --git a/libutil/pw_util.c b/libutil/pw_util.c index 444140d..ad2b36a 100644 --- a/libutil/pw_util.c +++ b/libutil/pw_util.c @@ -1,4 +1,6 @@ -/*- +/*-- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 1990, 1993, 1994 * The Regents of the University of California. All rights reserved. * Copyright (c) 2002 Networks Associates Technology, Inc. @@ -17,11 +19,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -38,13 +36,9 @@ * SUCH DAMAGE. */ -#ifndef lint -#if 0 -static const char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; -#endif -static const char rcsid[] = - "$FreeBSD$"; -#endif /* not lint */ +#include +__FBSDID("$FreeBSD$"); +__SCCSID("@(#)pw_util.c 8.3 (Berkeley) 4/2/94"); /* * This file is used by all the "password" programs; vipw(8), chpass(1), @@ -58,11 +52,10 @@ static const char rcsid[] = #include #include -#include #include +#include #include #include -#include #include #include #include @@ -71,7 +64,11 @@ static const char rcsid[] = #include #include -#include +#include +API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0)) +void * reallocarray(void * in_ptr, size_t nmemb, size_t size) __DARWIN_EXTSN(reallocarray) __result_use_check; + +#include "libutil.h" static pid_t editpid = -1; static int lockfd = -1; @@ -80,6 +77,7 @@ static char passwd_dir[PATH_MAX]; static char tempname[PATH_MAX]; static int initialized; +#if 0 void pw_cont(int sig) { @@ -87,6 +85,7 @@ pw_cont(int sig) if (editpid != -1) kill(editpid, sig); } +#endif /* * Initialize statics and set limits, signals & umask to try to avoid @@ -100,9 +99,9 @@ pw_init(const char *dir, const char *master) #endif if (dir == NULL) { - strcpy(passwd_dir, _PATH_ETC); + strcpy(passwd_dir, _PATH_PWD); } else { - if (strlen(dir) >= sizeof passwd_dir) { + if (strlen(dir) >= sizeof(passwd_dir)) { errno = ENAMETOOLONG; return (-1); } @@ -112,13 +111,13 @@ pw_init(const char *dir, const char *master) if (master == NULL) { if (dir == NULL) { strcpy(masterpasswd, _PATH_MASTERPASSWD); - } else if (snprintf(masterpasswd, sizeof masterpasswd, "%s/%s", - passwd_dir, _MASTERPASSWD) > sizeof masterpasswd) { + } else if (snprintf(masterpasswd, sizeof(masterpasswd), "%s/%s", + passwd_dir, _MASTERPASSWD) > (int)sizeof(masterpasswd)) { errno = ENAMETOOLONG; return (-1); } } else { - if (strlen(master) >= sizeof masterpasswd) { + if (strlen(master) >= sizeof(masterpasswd)) { errno = ENAMETOOLONG; return (-1); } @@ -181,15 +180,12 @@ pw_lock(void) for (;;) { struct stat st; - lockfd = open(masterpasswd, O_RDONLY, 0); - if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) - err(1, "%s", masterpasswd); - /* XXX vulnerable to race conditions */ - if (flock(lockfd, LOCK_EX|LOCK_NB) == -1) { + lockfd = flopen(masterpasswd, O_RDONLY|O_NONBLOCK|O_CLOEXEC, 0); + if (lockfd == -1) { if (errno == EWOULDBLOCK) { errx(1, "the password db file is busy"); } else { - err(1, "could not lock the passwd file: "); + err(1, "could not lock the passwd file"); } } @@ -199,7 +195,7 @@ pw_lock(void) * close and retry. */ if (fstat(lockfd, &st) == -1) - err(1, "fstat() failed: "); + err(1, "fstat() failed"); if (st.st_nlink != 0) break; close(lockfd); @@ -216,7 +212,7 @@ int pw_tmp(int mfd) { char buf[8192]; - ssize_t nr, nw; + ssize_t nr; const char *p; int tfd; @@ -226,16 +222,16 @@ pw_tmp(int mfd) ++p; else p = masterpasswd; - if (snprintf(tempname, sizeof tempname, "%.*spw.XXXXXX", - (int)(p - masterpasswd), masterpasswd) >= sizeof tempname) { + if (snprintf(tempname, sizeof(tempname), "%.*spw.XXXXXX", + (int)(p - masterpasswd), masterpasswd) >= (int)sizeof(tempname)) { errno = ENAMETOOLONG; return (-1); } - if ((tfd = mkstemp(tempname)) == -1) + if ((tfd = mkostemp(tempname, 0)) == -1) return (-1); if (mfd != -1) { - while ((nr = read(mfd, buf, sizeof buf)) > 0) - if ((nw = write(tfd, buf, nr)) != nr) + while ((nr = read(mfd, buf, sizeof(buf))) > 0) + if (write(tfd, buf, (size_t)nr) != nr) break; if (nr != 0) { unlink(tempname); @@ -264,11 +260,13 @@ pw_mkdb(const char *user) /* child */ if (user == NULL) execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", - "-d", passwd_dir, tempname, NULL); + "-d", passwd_dir, tempname, (char *)NULL); else execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", - "-d", passwd_dir, "-u", user, tempname, NULL); + "-d", passwd_dir, "-u", user, tempname, + (char *)NULL); _exit(1); + /* NOTREACHED */ default: /* parent */ break; @@ -288,6 +286,8 @@ pw_mkdb(const char *user) int pw_edit(int notsetuid) { + struct sigaction sa, sa_int, sa_quit; + sigset_t oldsigset, nsigset; struct stat st1, st2; const char *editor; int pstat; @@ -296,42 +296,60 @@ pw_edit(int notsetuid) editor = _PATH_VI; if (stat(tempname, &st1) == -1) return (-1); + sa.sa_handler = SIG_IGN; + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sigaction(SIGINT, &sa, &sa_int); + sigaction(SIGQUIT, &sa, &sa_quit); + sigemptyset(&nsigset); + sigaddset(&nsigset, SIGCHLD); + sigprocmask(SIG_BLOCK, &nsigset, &oldsigset); switch ((editpid = fork())) { case -1: return (-1); case 0: - /* child */ + sigaction(SIGINT, &sa_int, NULL); + sigaction(SIGQUIT, &sa_quit, NULL); + sigprocmask(SIG_SETMASK, &oldsigset, NULL); if (notsetuid) { - (void)setgid(getgid()); - (void)setuid(getuid()); + if (setgid(getgid()) == -1) + err(1, "setgid"); + if (setuid(getuid()) == -1) + err(1, "setuid"); } - errno = 0; - execlp(editor, basename(editor), tempname, NULL); - _exit(errno); + execlp(editor, editor, tempname, (char *)NULL); + err(1, "%s", editor); default: /* parent */ break; } for (;;) { - editpid = waitpid(editpid, &pstat, WUNTRACED); - if (editpid == -1) { + if (waitpid(editpid, &pstat, WUNTRACED) == -1) { + if (errno == EINTR) + continue; unlink(tempname); - return (-1); + editpid = -1; + break; } else if (WIFSTOPPED(pstat)) { raise(WSTOPSIG(pstat)); - } else if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0) { + } else if (WIFEXITED(pstat)) { + if (WEXITSTATUS(pstat) != 0) + errx(1, "\"%s\" exited with status %d", editor, WEXITSTATUS(pstat)); editpid = -1; break; } else { unlink(tempname); - *tempname = '\0'; editpid = -1; - return (-1); + break; } } + sigaction(SIGINT, &sa_int, NULL); + sigaction(SIGQUIT, &sa_quit, NULL); + sigprocmask(SIG_SETMASK, &oldsigset, NULL); if (stat(tempname, &st2) == -1) return (-1); - return (st1.st_mtime != st2.st_mtime); + return (st1.st_mtimespec.tv_sec != st2.st_mtimespec.tv_sec || + st1.st_mtimespec.tv_nsec != st2.st_mtimespec.tv_nsec); } /* @@ -365,7 +383,7 @@ pw_fini(void) * Compares two struct pwds. */ int -pw_equal(struct passwd *pw1, struct passwd *pw2) +pw_equal(const struct passwd *pw1, const struct passwd *pw2) { return (strcmp(pw1->pw_name, pw2->pw_name) == 0 && pw1->pw_uid == pw2->pw_uid && @@ -382,7 +400,7 @@ pw_equal(struct passwd *pw1, struct passwd *pw2) * Make a passwd line out of a struct passwd. */ char * -pw_make(struct passwd *pw) +pw_make(const struct passwd *pw) { char *line; @@ -390,23 +408,56 @@ pw_make(struct passwd *pw) pw->pw_passwd, (uintmax_t)pw->pw_uid, (uintmax_t)pw->pw_gid, pw->pw_class, (uintmax_t)pw->pw_change, (uintmax_t)pw->pw_expire, pw->pw_gecos, pw->pw_dir, pw->pw_shell); - return line; + return (line); } /* - * Copy password file from one descriptor to another, replacing or adding - * a single record on the way. + * Make a passwd line (in v7 format) out of a struct passwd + */ +char * +pw_make_v7(const struct passwd *pw) +{ + char *line; + + asprintf(&line, "%s:*:%ju:%ju:%s:%s:%s", pw->pw_name, + (uintmax_t)pw->pw_uid, (uintmax_t)pw->pw_gid, + pw->pw_gecos, pw->pw_dir, pw->pw_shell); + return (line); +} + +/* + * Copy password file from one descriptor to another, replacing, deleting + * or adding a single record on the way. */ int -pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw) +pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) { - char buf[8192], *end, *line, *p, *q, *r, t; + char *buf, *end, *line, *p, *q, *r, *tmp; struct passwd *fpw; - ssize_t len; - int eof; + const struct passwd *spw; + size_t len, size; + int eof, readlen; + char t; - if ((line = pw_make(pw)) == NULL) - return (-1); + if (old_pw == NULL && pw == NULL) + return (-1); + + spw = old_pw; + /* deleting a user */ + if (pw == NULL) { + line = NULL; + } else { + if ((line = pw_make(pw)) == NULL) + return (-1); + } + + /* adding a user */ + if (spw == NULL) + spw = pw; + + /* initialize the buffer */ + if ((buf = malloc(size = 1024)) == NULL) + goto err; eof = 0; len = 0; @@ -421,10 +472,16 @@ pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw) if (q >= end) { if (eof) break; - if (q - p >= sizeof buf) { - warnx("passwd line too long"); - errno = EINVAL; /* hack */ - goto err; + while ((size_t)(q - p) >= size) { + if ((tmp = reallocarray(buf, 2, size)) == NULL) { + warnx("passwd line too long"); + goto err; + } + p = tmp + (p - buf); + q = tmp + (q - buf); + end = tmp + (end - buf); + buf = tmp; + size = size * 2; } if (p < end) { q = memmove(buf, p, end - p); @@ -432,14 +489,16 @@ pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw) } else { p = q = end = buf; } - len = read(ffd, end, sizeof buf - (end - buf)); - if (len == -1) + readlen = read(ffd, end, size - (end - buf)); + if (readlen == -1) goto err; + else + len = (size_t)readlen; if (len == 0 && p == buf) break; end += len; len = end - buf; - if (len < sizeof buf) { + if (len < size) { eof = 1; if (len > 0 && buf[len - 1] != '\n') ++len, *end++ = '\n'; @@ -459,50 +518,77 @@ pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw) } /* is it the one we're looking for? */ + t = *q; *q = '\0'; + fpw = pw_scan(r, PWSCAN_MASTER); + + /* + * fpw is either the struct passwd for the current line, + * or NULL if the line is malformed. + */ + *q = t; - if ((old_pw && !pw_equal(fpw, old_pw)) || - (!old_pw && strcmp(fpw->pw_name, pw->pw_name))) { + if (fpw == NULL || strcmp(fpw->pw_name, spw->pw_name) != 0) { /* nope */ - free(fpw); + if (fpw != NULL) + free(fpw); if (write(tfd, p, q - p + 1) != q - p + 1) goto err; ++q; continue; } - free(fpw); - - /* it is, replace it */ - len = strlen(line); - if (write(tfd, line, len) != len) + if (old_pw && !pw_equal(fpw, old_pw)) { + warnx("entry inconsistent"); + free(fpw); + errno = EINVAL; /* hack */ goto err; + } + free(fpw); + /* it is, replace or remove it */ + if (line != NULL) { + len = strlen(line); + if (write(tfd, line, len) != (int)len) + goto err; + } else { + /* when removed, avoid the \n */ + q++; + } /* we're done, just copy the rest over */ for (;;) { if (write(tfd, q, end - q) != end - q) goto err; q = buf; - len = read(ffd, buf, sizeof buf); - if (len == 0) + readlen = read(ffd, buf, size); + if (readlen == 0) break; - if (len == -1) + else + len = (size_t)readlen; + if (readlen == -1) goto err; end = buf + len; } goto done; } - /* if we got here, we have a new entry */ + /* if we got here, we didn't find the old entry */ + if (line == NULL) { + errno = ENOENT; + goto err; + } len = strlen(line); - if (write(tfd, line, len) != len) + if ((size_t)write(tfd, line, len) != len || + write(tfd, "\n", 1) != 1) goto err; done: free(line); + free(buf); return (0); err: free(line); + free(buf); return (-1); } @@ -520,45 +606,52 @@ pw_tempname(void) * Duplicate a struct passwd. */ struct passwd * -pw_dup(struct passwd *pw) +pw_dup(const struct passwd *pw) { + char *dst; struct passwd *npw; - size_t len; - - len = sizeof *npw + - (pw->pw_name ? strlen(pw->pw_name) + 1 : 0) + - (pw->pw_passwd ? strlen(pw->pw_passwd) + 1 : 0) + - (pw->pw_class ? strlen(pw->pw_class) + 1 : 0) + - (pw->pw_gecos ? strlen(pw->pw_gecos) + 1 : 0) + - (pw->pw_dir ? strlen(pw->pw_dir) + 1 : 0) + - (pw->pw_shell ? strlen(pw->pw_shell) + 1 : 0); - if ((npw = malloc(len)) == NULL) + ssize_t len; + + len = sizeof(*npw); + if (pw->pw_name != NULL) + len += strlen(pw->pw_name) + 1; + if (pw->pw_passwd != NULL) + len += strlen(pw->pw_passwd) + 1; + if (pw->pw_class != NULL) + len += strlen(pw->pw_class) + 1; + if (pw->pw_gecos != NULL) + len += strlen(pw->pw_gecos) + 1; + if (pw->pw_dir != NULL) + len += strlen(pw->pw_dir) + 1; + if (pw->pw_shell != NULL) + len += strlen(pw->pw_shell) + 1; + if ((npw = malloc((size_t)len)) == NULL) return (NULL); - memcpy(npw, pw, sizeof *npw); - len = sizeof *npw; - if (pw->pw_name) { - npw->pw_name = ((char *)npw) + len; - len += sprintf(npw->pw_name, "%s", pw->pw_name) + 1; + memcpy(npw, pw, sizeof(*npw)); + dst = (char *)npw + sizeof(*npw); + if (pw->pw_name != NULL) { + npw->pw_name = dst; + dst = stpcpy(npw->pw_name, pw->pw_name) + 1; } - if (pw->pw_passwd) { - npw->pw_passwd = ((char *)npw) + len; - len += sprintf(npw->pw_passwd, "%s", pw->pw_passwd) + 1; + if (pw->pw_passwd != NULL) { + npw->pw_passwd = dst; + dst = stpcpy(npw->pw_passwd, pw->pw_passwd) + 1; } - if (pw->pw_class) { - npw->pw_class = ((char *)npw) + len; - len += sprintf(npw->pw_class, "%s", pw->pw_class) + 1; + if (pw->pw_class != NULL) { + npw->pw_class = dst; + dst = stpcpy(npw->pw_class, pw->pw_class) + 1; } - if (pw->pw_gecos) { - npw->pw_gecos = ((char *)npw) + len; - len += sprintf(npw->pw_gecos, "%s", pw->pw_gecos) + 1; + if (pw->pw_gecos != NULL) { + npw->pw_gecos = dst; + dst = stpcpy(npw->pw_gecos, pw->pw_gecos) + 1; } - if (pw->pw_dir) { - npw->pw_dir = ((char *)npw) + len; - len += sprintf(npw->pw_dir, "%s", pw->pw_dir) + 1; + if (pw->pw_dir != NULL) { + npw->pw_dir = dst; + dst = stpcpy(npw->pw_dir, pw->pw_dir) + 1; } - if (pw->pw_shell) { - npw->pw_shell = ((char *)npw) + len; - len += sprintf(npw->pw_shell, "%s", pw->pw_shell) + 1; + if (pw->pw_shell != NULL) { + npw->pw_shell = dst; + dst = stpcpy(npw->pw_shell, pw->pw_shell) + 1; } return (npw); } @@ -566,8 +659,16 @@ pw_dup(struct passwd *pw) #include "pw_scan.h" /* - * Wrapper around an internal libc function + * Wrapper around some internal libc functions. */ + +void +pw_initpwd(struct passwd *pw) +{ + + __pw_initpwd(pw); +} + struct passwd * pw_scan(const char *line, int flags) { @@ -576,6 +677,7 @@ pw_scan(const char *line, int flags) if ((bp = strdup(line)) == NULL) return (NULL); + __pw_initpwd(&pw); if (!__pw_scan(bp, &pw, flags)) { free(bp); return (NULL);