diff options
author | Baptiste Daroussin <bapt@FreeBSD.org> | 2015-09-12 11:41:31 +0000 |
---|---|---|
committer | Baptiste Daroussin <bapt@FreeBSD.org> | 2015-09-12 11:41:31 +0000 |
commit | dfac825697674070ff717c02263d3aab9c9d62bd (patch) | |
tree | d0a9241fb6cc89559109f7e769218add7566865b | |
parent | cdfbaf3700b5e6732bc50f13b3e65ef7c576086c (diff) | |
parent | 9c04af5e0b95f4cebcc065c168ec58a4851b4764 (diff) | |
download | pw-darwin-dfac825697674070ff717c02263d3aab9c9d62bd.tar.gz pw-darwin-dfac825697674070ff717c02263d3aab9c9d62bd.tar.zst pw-darwin-dfac825697674070ff717c02263d3aab9c9d62bd.zip |
Merge from head
-rw-r--r-- | libutil/gr_util.c | 22 | ||||
-rw-r--r-- | libutil/pw_util.c | 2 | ||||
-rw-r--r-- | pw/Makefile | 3 | ||||
-rw-r--r-- | pw/cpdir.c | 152 | ||||
-rw-r--r-- | pw/fileupd.c | 47 | ||||
-rw-r--r-- | pw/psdate.c | 262 | ||||
-rw-r--r-- | pw/pw.c | 62 | ||||
-rw-r--r-- | pw/pw.h | 2 | ||||
-rw-r--r-- | pw/pw_conf.c | 23 | ||||
-rw-r--r-- | pw/pw_group.c | 305 | ||||
-rw-r--r-- | pw/pw_user.c | 576 | ||||
-rw-r--r-- | pw/pw_vpw.c | 7 | ||||
-rw-r--r-- | pw/pwupd.h | 55 | ||||
-rw-r--r-- | pw/rm_r.c | 52 |
14 files changed, 956 insertions, 614 deletions
diff --git a/libutil/gr_util.c b/libutil/gr_util.c index b0b0b36..93b3eb2 100644 --- a/libutil/gr_util.c +++ b/libutil/gr_util.c @@ -141,7 +141,7 @@ gr_tmp(int mfd) errno = ENAMETOOLONG; return (-1); } - if ((tfd = mkstemp(tempname)) == -1) + if ((tfd = mkostemp(tempname, O_SYNC)) == -1) return (-1); if (mfd != -1) { while ((nr = read(mfd, buf, sizeof(buf))) > 0) @@ -318,10 +318,28 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) int gr_mkdb(void) { + int fd; + if (chmod(tempname, 0644) != 0) return (-1); - return (rename(tempname, group_file)); + if (rename(tempname, group_file) != 0) + return (-1); + + /* + * Make sure new group file is safe on disk. To improve performance we + * will call fsync() to the directory where file lies + */ + if ((fd = open(group_dir, O_RDONLY|O_DIRECTORY)) == -1) + return (-1); + + if (fsync(fd) != 0) { + close(fd); + return (-1); + } + + close(fd); + return(0); } /* diff --git a/libutil/pw_util.c b/libutil/pw_util.c index befd1fb..af749d5 100644 --- a/libutil/pw_util.c +++ b/libutil/pw_util.c @@ -226,7 +226,7 @@ pw_tmp(int mfd) errno = ENAMETOOLONG; return (-1); } - if ((tfd = mkstemp(tempname)) == -1) + if ((tfd = mkostemp(tempname, O_SYNC)) == -1) return (-1); if (mfd != -1) { while ((nr = read(mfd, buf, sizeof(buf))) > 0) diff --git a/pw/Makefile b/pw/Makefile index 4bcf691..c265399 100644 --- a/pw/Makefile +++ b/pw/Makefile @@ -3,8 +3,7 @@ PROG= pw MAN= pw.conf.5 pw.8 SRCS= pw.c pw_conf.c pw_user.c pw_group.c pw_log.c pw_nis.c pw_vpw.c \ - grupd.c pwupd.c fileupd.c psdate.c \ - bitmap.c cpdir.c rm_r.c + grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c WARNS?= 3 @@ -45,87 +45,85 @@ static const char rcsid[] = #include "pwupd.h" void -copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid) +copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid, + gid_t gid, int flags) { - char src[MAXPATHLEN]; - char dst[MAXPATHLEN]; - char lnk[MAXPATHLEN]; - int len; + char *p, lnk[MAXPATHLEN], copybuf[4096]; + int len, homefd, srcfd, destfd; + ssize_t sz; + struct stat st; + struct dirent *e; + DIR *d; - if (mkdir(dir, mode) != 0 && errno != EEXIST) { + if (*dir == '/') + dir++; + + if (mkdirat(rootfd, dir, mode) != 0 && errno != EEXIST) { warn("mkdir(%s)", dir); - } else { - int infd, outfd; - struct stat st; - - static char counter = 0; - static char *copybuf = NULL; - - ++counter; - chown(dir, uid, gid); - if (skel != NULL && *skel != '\0') { - DIR *d = opendir(skel); - - if (d != NULL) { - struct dirent *e; - - while ((e = readdir(d)) != NULL) { - char *p = e->d_name; - - if (snprintf(src, sizeof(src), "%s/%s", skel, p) >= (int)sizeof(src)) - warn("warning: pathname too long '%s/%s' (skel not copied)", skel, p); - else if (lstat(src, &st) == 0) { - if (strncmp(p, "dot.", 4) == 0) /* Conversion */ - p += 3; - if (snprintf(dst, sizeof(dst), "%s/%s", dir, p) >= (int)sizeof(dst)) - warn("warning: path too long '%s/%s' (skel file skipped)", dir, p); - else { - if (S_ISDIR(st.st_mode)) { /* Recurse for this */ - if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0) - copymkdir(dst, src, st.st_mode & _DEF_DIRMODE, uid, gid); - chflags(dst, st.st_flags); /* propagate flags */ - } else if (S_ISLNK(st.st_mode) && (len = readlink(src, lnk, sizeof(lnk) - 1)) != -1) { - lnk[len] = '\0'; - symlink(lnk, dst); - lchown(dst, uid, gid); - /* - * Note: don't propagate special attributes - * but do propagate file flags - */ - } else if (S_ISREG(st.st_mode) && (outfd = open(dst, O_RDWR | O_CREAT | O_EXCL, st.st_mode)) != -1) { - if ((infd = open(src, O_RDONLY)) == -1) { - close(outfd); - remove(dst); - } else { - int b; - - /* - * Allocate our copy buffer if we need to - */ - if (copybuf == NULL) - copybuf = malloc(4096); - while ((b = read(infd, copybuf, 4096)) > 0) - write(outfd, copybuf, b); - close(infd); - /* - * Propagate special filesystem flags - */ - fchown(outfd, uid, gid); - fchflags(outfd, st.st_flags); - close(outfd); - chown(dst, uid, gid); - } - } - } - } - } - closedir(d); - } + return; + } + fchownat(rootfd, dir, uid, gid, AT_SYMLINK_NOFOLLOW); + if (flags > 0) + chflagsat(rootfd, dir, flags, AT_SYMLINK_NOFOLLOW); + + if (skelfd == -1) + return; + + homefd = openat(rootfd, dir, O_DIRECTORY); + if ((d = fdopendir(skelfd)) == NULL) { + close(skelfd); + close(homefd); + return; + } + + while ((e = readdir(d)) != NULL) { + if (strcmp(e->d_name, ".") == 0 || strcmp(e->d_name, "..") == 0) + continue; + + p = e->d_name; + if (fstatat(skelfd, p, &st, AT_SYMLINK_NOFOLLOW) == -1) + continue; + + if (strncmp(p, "dot.", 4) == 0) /* Conversion */ + p += 3; + + if (S_ISDIR(st.st_mode)) { + copymkdir(homefd, p, openat(skelfd, e->d_name, O_DIRECTORY), + st.st_mode & _DEF_DIRMODE, uid, gid, st.st_flags); + continue; + } + + if (S_ISLNK(st.st_mode) && + (len = readlinkat(skelfd, e->d_name, lnk, sizeof(lnk) -1)) + != -1) { + lnk[len] = '\0'; + symlinkat(lnk, homefd, p); + fchownat(homefd, p, uid, gid, AT_SYMLINK_NOFOLLOW); + continue; } - if (--counter == 0 && copybuf != NULL) { - free(copybuf); - copybuf = NULL; + + if (!S_ISREG(st.st_mode)) + continue; + + if ((srcfd = openat(skelfd, e->d_name, O_RDONLY)) == -1) + continue; + destfd = openat(homefd, p, O_RDWR | O_CREAT | O_EXCL, + st.st_mode); + if (destfd == -1) { + close(srcfd); + continue; } + + while ((sz = read(srcfd, copybuf, sizeof(copybuf))) > 0) + write(destfd, copybuf, sz); + + close(srcfd); + /* + * Propagate special filesystem flags + */ + fchown(destfd, uid, gid); + fchflags(destfd, st.st_flags); + close(destfd); } + closedir(d); } - diff --git a/pw/fileupd.c b/pw/fileupd.c deleted file mode 100644 index dc32712..0000000 --- a/pw/fileupd.c +++ /dev/null @@ -1,47 +0,0 @@ -/*- - * Copyright (C) 1996 - * David L. Nugent. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -static const char rcsid[] = - "$FreeBSD$"; -#endif /* not lint */ - -#include <stdlib.h> - -#include "pwupd.h" - -int -extendarray(char ***buf, int * buflen, int needed) -{ - if (needed > *buflen) { - char **tmp = realloc(*buf, needed * sizeof(char *)); - if (tmp == NULL) - return -1; - *buf = tmp; - *buflen = needed; - } - return *buflen; -} diff --git a/pw/psdate.c b/pw/psdate.c new file mode 100644 index 0000000..8e3a951 --- /dev/null +++ b/pw/psdate.c @@ -0,0 +1,262 @@ +/*- + * Copyright (C) 1996 + * David L. Nugent. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static const char rcsid[] = + "$FreeBSD$"; +#endif /* not lint */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <xlocale.h> +#include <err.h> + +#include "psdate.h" + + +static int +numerics(char const * str) +{ + int rc = isdigit((unsigned char)*str); + + if (rc) + while (isdigit((unsigned char)*str) || *str == 'x') + ++str; + return rc && !*str; +} + +static int +aindex(char const * arr[], char const ** str, int len) +{ + int l, i; + char mystr[32]; + + mystr[len] = '\0'; + l = strlen(strncpy(mystr, *str, len)); + for (i = 0; i < l; i++) + mystr[i] = (char) tolower((unsigned char)mystr[i]); + for (i = 0; arr[i] && strcmp(mystr, arr[i]) != 0; i++); + if (arr[i] == NULL) + i = -1; + else { /* Skip past it */ + while (**str && isalpha((unsigned char)**str)) + ++(*str); + /* And any following whitespace */ + while (**str && (**str == ',' || isspace((unsigned char)**str))) + ++(*str); + } /* Return index */ + return i; +} + +static int +weekday(char const ** str) +{ + static char const *days[] = + {"sun", "mon", "tue", "wed", "thu", "fri", "sat", NULL}; + + return aindex(days, str, 3); +} + +static void +parse_datesub(char const * str, struct tm *t) +{ + struct tm tm; + locale_t l; + int i; + char *ret; + const char *valid_formats[] = { + "%d-%b-%y", + "%d-%b-%Y", + "%d-%m-%y", + "%d-%m-%Y", + "%H:%M %d-%b-%y", + "%H:%M %d-%b-%Y", + "%H:%M %d-%m-%y", + "%H:%M %d-%m-%Y", + "%H:%M:%S %d-%b-%y", + "%H:%M:%S %d-%b-%Y", + "%H:%M:%S %d-%m-%y", + "%H:%M:%S %d-%m-%Y", + "%d-%b-%y %H:%M", + "%d-%b-%Y %H:%M", + "%d-%m-%y %H:%M", + "%d-%m-%Y %H:%M", + "%d-%b-%y %H:%M:%S", + "%d-%b-%Y %H:%M:%S", + "%d-%m-%y %H:%M:%S", + "%d-%m-%Y %H:%M:%S", + "%H:%M\t%d-%b-%y", + "%H:%M\t%d-%b-%Y", + "%H:%M\t%d-%m-%y", + "%H:%M\t%d-%m-%Y", + "%H:%M\t%S %d-%b-%y", + "%H:%M\t%S %d-%b-%Y", + "%H:%M\t%S %d-%m-%y", + "%H:%M\t%S %d-%m-%Y", + "%d-%b-%y\t%H:%M", + "%d-%b-%Y\t%H:%M", + "%d-%m-%y\t%H:%M", + "%d-%m-%Y\t%H:%M", + "%d-%b-%y\t%H:%M:%S", + "%d-%b-%Y\t%H:%M:%S", + "%d-%m-%y\t%H:%M:%S", + "%d-%m-%Y\t%H:%M:%S", + NULL, + }; + + l = newlocale(LC_ALL_MASK, "C", NULL); + + memset(&tm, 0, sizeof(tm)); + for (i=0; valid_formats[i] != NULL; i++) { + ret = strptime_l(str, valid_formats[i], &tm, l); + if (ret && *ret == '\0') { + t->tm_mday = tm.tm_mday; + t->tm_mon = tm.tm_mon; + t->tm_year = tm.tm_year; + t->tm_hour = tm.tm_hour; + t->tm_min = tm.tm_min; + t->tm_sec = tm.tm_sec; + freelocale(l); + return; + } + } + + freelocale(l); + + errx(EXIT_FAILURE, "Invalid date"); +} + + +/*- + * Parse time must be flexible, it handles the following formats: + * nnnnnnnnnnn UNIX timestamp (all numeric), 0 = now + * 0xnnnnnnnn UNIX timestamp in hexadecimal + * 0nnnnnnnnn UNIX timestamp in octal + * 0 Given time + * +nnnn[smhdwoy] Given time + nnnn hours, mins, days, weeks, months or years + * -nnnn[smhdwoy] Given time - nnnn hours, mins, days, weeks, months or years + * dd[ ./-]mmm[ ./-]yy Date } + * hh:mm:ss Time } May be combined + */ + +time_t +parse_date(time_t dt, char const * str) +{ + char *p; + int i; + long val; + struct tm *T; + + if (dt == 0) + dt = time(NULL); + + while (*str && isspace((unsigned char)*str)) + ++str; + + if (numerics(str)) { + dt = strtol(str, &p, 0); + } else if (*str == '+' || *str == '-') { + val = strtol(str, &p, 0); + switch (*p) { + case 'h': + case 'H': /* hours */ + dt += (val * 3600L); + break; + case '\0': + case 'm': + case 'M': /* minutes */ + dt += (val * 60L); + break; + case 's': + case 'S': /* seconds */ + dt += val; + break; + case 'd': + case 'D': /* days */ + dt += (val * 86400L); + break; + case 'w': + case 'W': /* weeks */ + dt += (val * 604800L); + break; + case 'o': + case 'O': /* months */ + T = localtime(&dt); + T->tm_mon += (int) val; + i = T->tm_mday; + goto fixday; + case 'y': + case 'Y': /* years */ + T = localtime(&dt); + T->tm_year += (int) val; + i = T->tm_mday; + fixday: + dt = mktime(T); + T = localtime(&dt); + if (T->tm_mday != i) { + T->tm_mday = 1; + dt = mktime(T); + dt -= (time_t) 86400L; + } + default: /* unknown */ + break; /* leave untouched */ + } + } else { + char *q, tmp[64]; + + /* + * Skip past any weekday prefix + */ + weekday(&str); + strlcpy(tmp, str, sizeof(tmp)); + str = tmp; + T = localtime(&dt); + + /* + * See if we can break off any timezone + */ + while ((q = strrchr(tmp, ' ')) != NULL) { + if (strchr("(+-", q[1]) != NULL) + *q = '\0'; + else { + int j = 1; + + while (q[j] && isupper((unsigned char)q[j])) + ++j; + if (q[j] == '\0') + *q = '\0'; + else + break; + } + } + + parse_datesub(tmp, T); + dt = mktime(T); + } + return dt; +} @@ -136,7 +136,10 @@ main(int argc, char *argv[]) name = NULL; relocated = nis = false; memset(&conf, 0, sizeof(conf)); + strlcpy(conf.rootdir, "/", sizeof(conf.rootdir)); strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath)); + conf.fd = -1; + conf.checkduplicate = true; LIST_INIT(&arglist); @@ -214,6 +217,10 @@ main(int argc, char *argv[]) if (mode == -1 || which == -1) cmdhelp(mode, which); + conf.rootfd = open(conf.rootdir, O_DIRECTORY|O_CLOEXEC); + if (conf.rootfd == -1) + errx(EXIT_FAILURE, "Unable to open '%s'", conf.rootdir); + conf.which = which; /* * We know which mode we're in and what we're about to do, so now * let's dispatch the remaining command line args in a genric way. @@ -232,6 +239,9 @@ main(int argc, char *argv[]) conf.config = optarg; config = conf.config; break; + case 'F': + conf.force = true; + break; case 'N': conf.dryrun = true; break; @@ -246,6 +256,12 @@ main(int argc, char *argv[]) case 'Y': nis = true; break; + case 'a': + conf.all = true; + break; + case 'c': + conf.gecos = pw_checkname(optarg, 1); + break; case 'g': if (which == 0) { /* for user* */ addarg(&arglist, 'g', optarg); @@ -280,8 +296,43 @@ main(int argc, char *argv[]) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); break; + case 'H': + if (conf.fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + conf.precrypted = true; + if (strspn(optarg, "0123456789") != strlen(optarg)) + errx(EX_USAGE, "'-H' expects a file descriptor"); + + conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "Bad file descriptor '%s': %s", + optarg, errstr); + break; + case 'h': + if (conf.fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + + if (strcmp(optarg, "-") == 0) + conf.fd = '-'; + else if (strspn(optarg, "0123456789") == strlen(optarg)) { + conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "'-h' expects a " + "file descriptor or '-'"); + } else + errx(EX_USAGE, "'-h' expects a file " + "descriptor or '-'"); + break; case 'o': - conf.checkduplicate = true; + conf.checkduplicate = false; + break; + case 'q': + conf.quiet = true; + break; + case 'r': + conf.deletehome = true; break; default: addarg(&arglist, ch, optarg); @@ -303,7 +354,7 @@ main(int argc, char *argv[]) * We should immediately look for the -q 'quiet' switch so that we * don't bother with extraneous errors */ - if (getarg(&arglist, 'q') != NULL) + if (conf.quiet) freopen(_PATH_DEVNULL, "w", stderr); /* @@ -536,7 +587,12 @@ cmdhelp(int mode, int which) struct carg * getarg(struct cargs * _args, int ch) { - struct carg *c = LIST_FIRST(_args); + struct carg *c; + + if (_args == NULL) + return (NULL); + + c = LIST_FIRST(_args); while (c != NULL && c->ch != ch) c = LIST_NEXT(c, list); @@ -83,7 +83,9 @@ struct carg *addarg(struct cargs * _args, int ch, char *argstr); struct carg *getarg(struct cargs * _args, int ch); int pw_user(int mode, char *name, long id, struct cargs * _args); +int pw_usernext(struct userconf *cnf, bool quiet); int pw_group(int mode, char *name, long id, struct cargs * _args); +int pw_groupnext(struct userconf *cnf, bool quiet); char *pw_checkname(char *name, int gecos); int addnispwent(const char *path, struct passwd *pwd); diff --git a/pw/pw_conf.c b/pw/pw_conf.c index 24c0650..33bb6b3 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -104,8 +104,7 @@ static struct userconf config = 1000, 32000, /* Allowed range of uids */ 1000, 32000, /* Allowed range of gids */ 0, /* Days until account expires */ - 0, /* Days until password expires */ - 0 /* size of default_group array */ + 0 /* Days until password expires */ }; static char const *comments[_UC_FIELDS] = @@ -234,10 +233,9 @@ read_userconfig(char const * file) buf = NULL; linecap = 0; - config.numgroups = 200; - config.groups = calloc(config.numgroups, sizeof(char *)); + config.groups = sl_init(); if (config.groups == NULL) - err(1, "calloc()"); + err(1, "sl_init()"); if (file == NULL) file = _PATH_PW_CONF; @@ -316,13 +314,8 @@ read_userconfig(char const * file) ? NULL : newstr(q); break; case _UC_EXTRAGROUPS: - for (i = 0; q != NULL; q = strtok(NULL, toks)) { - if (extendarray(&config.groups, &config.numgroups, i + 2) != -1) - config.groups[i++] = newstr(q); - } - if (i > 0) - while (i < config.numgroups) - config.groups[i++] = NULL; + for (i = 0; q != NULL; q = strtok(NULL, toks)) + sl_add(config.groups, newstr(q)); break; case _UC_DEFAULTCLASS: config.default_class = (q == NULL || !boolean_val(q, 1)) @@ -442,10 +435,10 @@ write_userconfig(char const * file) config.default_group : ""); break; case _UC_EXTRAGROUPS: - for (j = 0; j < config.numgroups && - config.groups[j] != NULL; j++) + for (j = 0; config.groups != NULL && + j < (int)config.groups->sl_cur; j++) sbuf_printf(buf, "%s\"%s\"", j ? - "," : "", config.groups[j]); + "," : "", config.groups->sl_str[j]); quote = 0; break; case _UC_DEFAULTCLASS: diff --git a/pw/pw_group.c b/pw/pw_group.c index b9cce0d..b0db3cf 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -42,19 +42,126 @@ static const char rcsid[] = static struct passwd *lookup_pwent(const char *user); -static void delete_members(char ***members, int *grmembers, int *i, - struct carg *arg, struct group *grp); +static void delete_members(struct group *grp, char *list); static int print_group(struct group * grp); static gid_t gr_gidpolicy(struct userconf * cnf, long id); +static void +set_passwd(struct group *grp, bool update) +{ + int b; + int istty; + struct termios t, n; + char *p, line[256]; + + if (conf.fd == '-') { + grp->gr_passwd = "*"; /* No access */ + return; + } + + if ((istty = isatty(conf.fd))) { + n = t; + /* Disable echo */ + n.c_lflag &= ~(ECHO); + tcsetattr(conf.fd, TCSANOW, &n); + printf("%sassword for group %s:", update ? "New p" : "P", + grp->gr_name); + fflush(stdout); + } + b = read(conf.fd, line, sizeof(line) - 1); + if (istty) { /* Restore state */ + tcsetattr(conf.fd, TCSANOW, &t); + fputc('\n', stdout); + fflush(stdout); + } + if (b < 0) + err(EX_OSERR, "-h file descriptor"); + line[b] = '\0'; + if ((p = strpbrk(line, " \t\r\n")) != NULL) + *p = '\0'; + if (!*line) + errx(EX_DATAERR, "empty password read on file descriptor %d", + conf.fd); + if (conf.precrypted) { + if (strchr(line, ':') != 0) + errx(EX_DATAERR, "wrong encrypted passwrd"); + grp->gr_passwd = line; + } else + grp->gr_passwd = pw_pwcrypt(line); +} + +int +pw_groupnext(struct userconf *cnf, bool quiet) +{ + gid_t next = gr_gidpolicy(cnf, -1); + + if (quiet) + return (next); + printf("%u\n", next); + + return (EXIT_SUCCESS); +} + +static int +pw_groupshow(const char *name, long id, struct group *fakegroup) +{ + struct group *grp = NULL; + + if (id < 0 && name == NULL && !conf.all) + errx(EX_DATAERR, "groupname or id or '-a' required"); + + if (conf.all) { + SETGRENT(); + while ((grp = GETGRENT()) != NULL) + print_group(grp); + ENDGRENT(); + + return (EXIT_SUCCESS); + } + + grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); + if (grp == NULL) { + if (conf.force) { + grp = fakegroup; + } else { + if (name == NULL) + errx(EX_DATAERR, "unknown gid `%ld'", id); + errx(EX_DATAERR, "unknown group `%s'", name); + } + } + + return (print_group(grp)); +} + +static int +pw_groupdel(const char *name, long id) +{ + struct group *grp = NULL; + int rc; + + grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); + if (grp == NULL) { + if (name == NULL) + errx(EX_DATAERR, "unknown gid `%ld'", id); + errx(EX_DATAERR, "unknown group `%s'", name); + } + + rc = delgrent(grp); + if (rc == -1) + err(EX_IOERR, "group '%s' not available (NIS?)", name); + else if (rc != 0) + err(EX_IOERR, "group update"); + pw_log(conf.userconf, M_DELETE, W_GROUP, "%s(%ld) removed", name, id); + + return (EXIT_SUCCESS); +} + int pw_group(int mode, char *name, long id, struct cargs * args) { int rc; struct carg *arg; struct group *grp = NULL; - int grmembers = 0; - char **members = NULL; struct userconf *cnf = conf.userconf; static struct group fakegroup = @@ -65,46 +172,28 @@ pw_group(int mode, char *name, long id, struct cargs * args) NULL }; + if (mode == M_NEXT) + return (pw_groupnext(cnf, conf.quiet)); + + if (mode == M_PRINT) + return (pw_groupshow(name, id, &fakegroup)); + + if (mode == M_DELETE) + return (pw_groupdel(name, id)); + if (mode == M_LOCK || mode == M_UNLOCK) errx(EX_USAGE, "'lock' command is not available for groups"); - /* - * With M_NEXT, we only need to return the - * next gid to stdout - */ - if (mode == M_NEXT) { - gid_t next = gr_gidpolicy(cnf, id); - if (getarg(args, 'q')) - return next; - printf("%u\n", next); - return EXIT_SUCCESS; - } - - if (mode == M_PRINT && getarg(args, 'a')) { - SETGRENT(); - while ((grp = GETGRENT()) != NULL) - print_group(grp); - ENDGRENT(); - return EXIT_SUCCESS; - } if (id < 0 && name == NULL) errx(EX_DATAERR, "group name or id required"); grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); - if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) { + if (mode == M_UPDATE) { if (name == NULL && grp == NULL) /* Try harder */ grp = GETGRGID(id); if (grp == NULL) { - if (mode == M_PRINT && getarg(args, 'F')) { - char *fmems[1]; - fmems[0] = NULL; - fakegroup.gr_name = name ? name : "nogroup"; - fakegroup.gr_gid = (gid_t) id; - fakegroup.gr_mem = fmems; - return print_group(&fakegroup); - } if (name == NULL) errx(EX_DATAERR, "unknown group `%s'", name); else @@ -113,22 +202,6 @@ pw_group(int mode, char *name, long id, struct cargs * args) if (name == NULL) /* Needed later */ name = grp->gr_name; - /* - * Handle deletions now - */ - if (mode == M_DELETE) { - rc = delgrent(grp); - if (rc == -1) - err(EX_IOERR, "group '%s' not available (NIS?)", - name); - else if (rc != 0) { - err(EX_IOERR, "group update"); - } - pw_log(cnf, mode, W_GROUP, "%s(%ld) removed", name, id); - return EXIT_SUCCESS; - } else if (mode == M_PRINT) - return print_group(grp); - if (id > 0) grp->gr_gid = (gid_t) id; @@ -140,13 +213,11 @@ pw_group(int mode, char *name, long id, struct cargs * args) else if (grp != NULL) /* Exists */ errx(EX_DATAERR, "group name `%s' already exists", name); - extendarray(&members, &grmembers, 200); - members[0] = NULL; grp = &fakegroup; grp->gr_name = pw_checkname(name, 0); grp->gr_passwd = "*"; grp->gr_gid = gr_gidpolicy(cnf, id); - grp->gr_mem = members; + grp->gr_mem = NULL; } /* @@ -156,92 +227,37 @@ pw_group(int mode, char *name, long id, struct cargs * args) * software. */ - if ((arg = getarg(args, 'h')) != NULL || - (arg = getarg(args, 'H')) != NULL) { - if (strcmp(arg->val, "-") == 0) - grp->gr_passwd = "*"; /* No access */ - else { - int fd = atoi(arg->val); - int precrypt = (arg->ch == 'H'); - int b; - int istty = isatty(fd); - struct termios t; - char *p, line[256]; - - if (istty) { - if (tcgetattr(fd, &t) == -1) - istty = 0; - else { - struct termios n = t; - - /* Disable echo */ - n.c_lflag &= ~(ECHO); - tcsetattr(fd, TCSANOW, &n); - printf("%sassword for group %s:", (mode == M_UPDATE) ? "New p" : "P", grp->gr_name); - fflush(stdout); - } - } - b = read(fd, line, sizeof(line) - 1); - if (istty) { /* Restore state */ - tcsetattr(fd, TCSANOW, &t); - fputc('\n', stdout); - fflush(stdout); - } - if (b < 0) - err(EX_OSERR, "-h file descriptor"); - line[b] = '\0'; - if ((p = strpbrk(line, " \t\r\n")) != NULL) - *p = '\0'; - if (!*line) - errx(EX_DATAERR, "empty password read on file descriptor %d", fd); - if (precrypt) { - if (strchr(line, ':') != NULL) - return EX_DATAERR; - grp->gr_passwd = line; - } else - grp->gr_passwd = pw_pwcrypt(line); - } - } + if (conf.which == W_GROUP && conf.fd != -1) + set_passwd(grp, mode == M_UPDATE); if (((arg = getarg(args, 'M')) != NULL || (arg = getarg(args, 'd')) != NULL || (arg = getarg(args, 'm')) != NULL) && arg->val) { - int i = 0; char *p; struct passwd *pwd; /* Make sure this is not stay NULL with -M "" */ - extendarray(&members, &grmembers, 200); if (arg->ch == 'd') - delete_members(&members, &grmembers, &i, arg, grp); - else if (arg->ch == 'm') { - int k = 0; - - if (grp->gr_mem != NULL) { - while (grp->gr_mem[k] != NULL) { - if (extendarray(&members, &grmembers, i + 2) != -1) - members[i++] = grp->gr_mem[k]; - k++; - } + delete_members(grp, arg->val); + else if (arg->ch == 'M') + grp->gr_mem = NULL; + + for (p = strtok(arg->val, ", \t"); arg->ch != 'd' && p != NULL; + p = strtok(NULL, ", \t")) { + int j; + + /* + * Check for duplicates + */ + pwd = lookup_pwent(p); + for (j = 0; grp->gr_mem != NULL && grp->gr_mem[j] != NULL; j++) { + if (strcmp(grp->gr_mem[j], pwd->pw_name) == 0) + break; } + if (grp->gr_mem != NULL && grp->gr_mem[j] != NULL) + continue; + grp = gr_add(grp, pwd->pw_name); } - - if (arg->ch != 'd') - for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { - int j; - - /* - * Check for duplicates - */ - pwd = lookup_pwent(p); - for (j = 0; j < i && strcmp(members[j], pwd->pw_name) != 0; j++) - ; - if (j == i && extendarray(&members, &grmembers, i + 2) != -1) - members[i++] = newstr(pwd->pw_name); - } - while (i < grmembers) - members[i++] = NULL; - grp->gr_mem = members; } if (conf.dryrun) @@ -269,8 +285,6 @@ pw_group(int mode, char *name, long id, struct cargs * args) pw_log(cnf, mode, W_GROUP, "%s(%u)", grp->gr_name, grp->gr_gid); - free(members); - return EXIT_SUCCESS; } @@ -296,42 +310,25 @@ lookup_pwent(const char *user) * Delete requested members from a group. */ static void -delete_members(char ***members, int *grmembers, int *i, struct carg *arg, - struct group *grp) +delete_members(struct group *grp, char *list) { - bool matchFound; - char *user; - char *valueCopy; - char *valuePtr; + char *p; int k; - struct passwd *pwd; if (grp->gr_mem == NULL) return; - k = 0; - while (grp->gr_mem[k] != NULL) { - matchFound = false; - if ((valueCopy = strdup(arg->val)) == NULL) - errx(EX_UNAVAILABLE, "out of memory"); - valuePtr = valueCopy; - while ((user = strsep(&valuePtr, ", \t")) != NULL) { - pwd = lookup_pwent(user); - if (strcmp(grp->gr_mem[k], pwd->pw_name) == 0) { - matchFound = true; + for (p = strtok(list, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { + for (k = 0; grp->gr_mem[k] != NULL; k++) { + if (strcmp(grp->gr_mem[k], p) == 0) break; - } } - free(valueCopy); + if (grp->gr_mem[k] == NULL) /* No match */ + continue; - if (!matchFound && - extendarray(members, grmembers, *i + 2) != -1) - (*members)[(*i)++] = grp->gr_mem[k]; - - k++; + for (; grp->gr_mem[k] != NULL; k++) + grp->gr_mem[k] = grp->gr_mem[k+1]; } - - return; } diff --git a/pw/pw_user.c b/pw/pw_user.c index c3b2751..d6dad3f 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -51,8 +51,7 @@ static const char rcsid[] = static char locked_str[] = "*LOCKED*"; -static int delete_user(struct userconf *cnf, struct passwd *pwd, - char *name, int delete, int mode); +static int pw_userdel(char *name, long id); static int print_user(struct passwd * pwd); static uid_t pw_uidpolicy(struct userconf * cnf, long id); static uid_t pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer); @@ -60,32 +59,210 @@ static time_t pw_pwdpolicy(struct userconf * cnf, struct cargs * args); static time_t pw_exppolicy(struct userconf * cnf, struct cargs * args); static char *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user); static char *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell); -static char *pw_password(struct userconf * cnf, struct cargs * args, char const * user); +static char *pw_password(struct userconf * cnf, char const * user); static char *shell_path(char const * path, char *shells[], char *sh); static void rmat(uid_t uid); static void rmopie(char const * name); static void -create_and_populate_homedir(int mode, struct passwd *pwd) +create_and_populate_homedir(struct passwd *pwd) { - char *homedir, *dotdir; struct userconf *cnf = conf.userconf; + const char *skeldir; + int skelfd = -1; - homedir = dotdir = NULL; + skeldir = cnf->dotdir; - if (conf.rootdir[0] != '\0') { - asprintf(&homedir, "%s/%s", conf.rootdir, pwd->pw_dir); - if (homedir == NULL) - errx(EX_OSERR, "out of memory"); - asprintf(&dotdir, "%s/%s", conf.rootdir, cnf->dotdir); + if (skeldir != NULL && *skeldir != '\0') { + if (*skeldir == '/') + skeldir++; + skelfd = openat(conf.rootfd, skeldir, O_DIRECTORY|O_CLOEXEC); } - copymkdir(homedir ? homedir : pwd->pw_dir, dotdir ? dotdir: cnf->dotdir, - cnf->homemode, pwd->pw_uid, pwd->pw_gid); - pw_log(cnf, mode, W_USER, "%s(%u) home %s made", pwd->pw_name, + copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, + pwd->pw_gid, 0); + pw_log(cnf, M_ADD, W_USER, "%s(%u) home %s made", pwd->pw_name, pwd->pw_uid, pwd->pw_dir); } +static int +set_passwd(struct passwd *pwd, bool update) +{ + int b, istty; + struct termios t, n; + login_cap_t *lc; + char line[_PASSWORD_LEN+1]; + char *p; + + if (conf.fd == '-') { + if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { + pwd->pw_passwd = "*"; /* No access */ + return (1); + } + return (0); + } + + if ((istty = isatty(conf.fd))) { + if (tcgetattr(conf.fd, &t) == -1) + istty = 0; + else { + n = t; + n.c_lflag &= ~(ECHO); + tcsetattr(conf.fd, TCSANOW, &n); + printf("%s%spassword for user %s:", + update ? "new " : "", + conf.precrypted ? "encrypted " : "", + pwd->pw_name); + fflush(stdout); + } + } + b = read(conf.fd, line, sizeof(line) - 1); + if (istty) { /* Restore state */ + tcsetattr(conf.fd, TCSANOW, &t); + fputc('\n', stdout); + fflush(stdout); + } + + if (b < 0) + err(EX_IOERR, "-%c file descriptor", + conf.precrypted ? 'H' : 'h'); + line[b] = '\0'; + if ((p = strpbrk(line, "\r\n")) != NULL) + *p = '\0'; + if (!*line) + errx(EX_DATAERR, "empty password read on file descriptor %d", + conf.fd); + if (conf.precrypted) { + if (strchr(line, ':') != NULL) + errx(EX_DATAERR, "bad encrypted password"); + pwd->pw_passwd = line; + } else { + lc = login_getpwclass(pwd); + if (lc == NULL || + login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_pwcrypt(line); + } + return (1); +} + +int +pw_usernext(struct userconf *cnf, bool quiet) +{ + uid_t next = pw_uidpolicy(cnf, -1); + + if (quiet) + return (next); + + printf("%u:", next); + pw_groupnext(cnf, quiet); + + return (EXIT_SUCCESS); +} + +static int +pw_usershow(char *name, long id, struct passwd *fakeuser) +{ + struct passwd *pwd = NULL; + + if (id < 0 && name == NULL && !conf.all) + errx(EX_DATAERR, "username or id or '-a' required"); + + if (conf.all) { + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + print_user(pwd); + ENDPWENT(); + return (EXIT_SUCCESS); + } + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (conf.force) { + pwd = fakeuser; + } else { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + } + + return (print_user(pwd)); +} + +static void +perform_chgpwent(const char *name, struct passwd *pwd) +{ + int rc; + + rc = chgpwent(name, pwd); + if (rc == -1) + errx(EX_IOERR, "user '%s' does not exist (NIS?)", pwd->pw_name); + else if (rc != 0) + err(EX_IOERR, "passwd file update"); + + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') { + rc = chgnispwent(conf.userconf->nispasswd, name, pwd); + if (rc == -1) + warn("User '%s' not found in NIS passwd", pwd->pw_name); + else + warn("NIS passwd update"); + /* NOTE: NIS-only update errors are not fatal */ + } +} + +/* + * The M_LOCK and M_UNLOCK functions simply add or remove + * a "*LOCKED*" prefix from in front of the password to + * prevent it decoding correctly, and therefore prevents + * access. Of course, this only prevents access via + * password authentication (not ssh, kerberos or any + * other method that does not use the UNIX password) but + * that is a known limitation. + */ +static int +pw_userlock(char *name, long id, int mode) +{ + struct passwd *pwd = NULL; + char *passtmp = NULL; + bool locked = false; + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + + if (name == NULL) + name = pwd->pw_name; + + if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str) -1) == 0) + locked = true; + if (mode == M_LOCK && locked) + errx(EX_DATAERR, "user '%s' is already locked", pwd->pw_name); + if (mode == M_UNLOCK && !locked) + errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name); + + if (mode == M_LOCK) { + asprintf(&passtmp, "%s%s", locked_str, pwd->pw_passwd); + if (passtmp == NULL) /* disaster */ + errx(EX_UNAVAILABLE, "out of memory"); + pwd->pw_passwd = passtmp; + } else { + pwd->pw_passwd += sizeof(locked_str)-1; + } + + perform_chgpwent(name, pwd); + free(passtmp); + + return (EXIT_SUCCESS); +} + /*- * -C config configuration file * -q quiet operation @@ -123,7 +300,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) { int rc, edited = 0; char *p = NULL; - char *passtmp; struct carg *arg; struct passwd *pwd = NULL; struct group *grp; @@ -137,7 +313,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) static struct passwd fakeuser = { - NULL, + "nouser", "*", -1, -1, @@ -154,19 +330,17 @@ pw_user(int mode, char *name, long id, struct cargs * args) cnf = conf.userconf; - /* - * With M_NEXT, we only need to return the - * next uid to stdout - */ if (mode == M_NEXT) - { - uid_t next = pw_uidpolicy(cnf, id); - if (getarg(args, 'q')) - return next; - printf("%u:", next); - pw_group(mode, name, -1, args); - return EXIT_SUCCESS; - } + return (pw_usernext(cnf, conf.quiet)); + + if (mode == M_PRINT) + return (pw_usershow(name, id, &fakeuser)); + + if (mode == M_DELETE) + return (pw_userdel(name, id)); + + if (mode == M_LOCK || mode == M_UNLOCK) + return (pw_userlock(name, id, mode)); /* * We can do all of the common legwork here @@ -226,7 +400,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) *p = '\0'; if (stat(dbuf, &st) == -1) { if (mkdir(dbuf, _DEF_DIRMODE) == -1) - goto direrr; + err(EX_OSFILE, "mkdir '%s'", dbuf); chown(dbuf, 0, 0); } else if (!S_ISDIR(st.st_mode)) errx(EX_OSFILE, "'%s' (root home parent) is not a directory", dbuf); @@ -234,9 +408,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) } } if (stat(dbuf, &st) == -1) { - if (mkdir(dbuf, _DEF_DIRMODE) == -1) { - direrr: err(EX_OSFILE, "mkdir '%s'", dbuf); - } + if (mkdir(dbuf, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "mkdir '%s'", dbuf); chown(dbuf, 0, 0); } } else if (!S_ISDIR(st.st_mode)) @@ -267,23 +440,23 @@ pw_user(int mode, char *name, long id, struct cargs * args) cnf->default_class = pw_checkname(arg->val, 0); if ((arg = getarg(args, 'G')) != NULL && arg->val) { - int i = 0; - for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { if ((grp = GETGRNAM(p)) == NULL) { if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) errx(EX_NOUSER, "group `%s' does not exist", p); } - if (extendarray(&cnf->groups, &cnf->numgroups, i + 2) != -1) - cnf->groups[i++] = newstr(grp->gr_name); + sl_add(cnf->groups, newstr(grp->gr_name)); } - while (i < cnf->numgroups) - cnf->groups[i++] = NULL; } if ((arg = getarg(args, 'k')) != NULL) { - if (stat(cnf->dotdir = arg->val, &st) == -1 || !S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "skeleton `%s' is not a directory or does not exist", cnf->dotdir); + char *tmp = cnf->dotdir = arg->val; + if (*tmp == '/') + tmp++; + if ((fstatat(conf.rootfd, tmp, &st, 0) == -1) || + !S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "skeleton `%s' is not a directory or " + "does not exist", cnf->dotdir); } if ((arg = getarg(args, 's')) != NULL) @@ -312,14 +485,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) err(EX_IOERR, "config udpate"); } - if (mode == M_PRINT && getarg(args, 'a')) { - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - print_user(pwd); - ENDPWENT(); - return EXIT_SUCCESS; - } - if (name != NULL) pwd = GETPWNAM(pw_checkname(name, 0)); @@ -327,20 +492,14 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_DATAERR, "user name or id required"); /* - * Update, delete & print require that the user exists + * Update require that the user exists */ - if (mode == M_UPDATE || mode == M_DELETE || - mode == M_PRINT || mode == M_LOCK || mode == M_UNLOCK) { + if (mode == M_UPDATE) { if (name == NULL && pwd == NULL) /* Try harder */ pwd = GETPWUID(id); if (pwd == NULL) { - if (mode == M_PRINT && getarg(args, 'F')) { - fakeuser.pw_name = name ? name : "nouser"; - fakeuser.pw_uid = (uid_t) id; - return print_user(&fakeuser); - } if (name == NULL) errx(EX_NOUSER, "no such uid `%ld'", id); errx(EX_NOUSER, "no such user `%s'", name); @@ -350,35 +509,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) name = pwd->pw_name; /* - * The M_LOCK and M_UNLOCK functions simply add or remove - * a "*LOCKED*" prefix from in front of the password to - * prevent it decoding correctly, and therefore prevents - * access. Of course, this only prevents access via - * password authentication (not ssh, kerberos or any - * other method that does not use the UNIX password) but - * that is a known limitation. - */ - - if (mode == M_LOCK) { - if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) == 0) - errx(EX_DATAERR, "user '%s' is already locked", pwd->pw_name); - asprintf(&passtmp, "%s%s", locked_str, pwd->pw_passwd); - if (passtmp == NULL) /* disaster */ - errx(EX_UNAVAILABLE, "out of memory"); - pwd->pw_passwd = passtmp; - edited = 1; - } else if (mode == M_UNLOCK) { - if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) != 0) - errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name); - pwd->pw_passwd += sizeof(locked_str)-1; - edited = 1; - } else if (mode == M_DELETE) - return (delete_user(cnf, pwd, name, - getarg(args, 'r') != NULL, mode)); - else if (mode == M_PRINT) - return print_user(pwd); - - /* * The rest is edit code */ if (conf.newname != NULL) { @@ -470,8 +600,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) warnx("WARNING: home `%s' is not a directory", pwd->pw_dir); } - if ((arg = getarg(args, 'w')) != NULL && - getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) { + if ((arg = getarg(args, 'w')) != NULL && conf.fd == -1) { login_cap_t *lc; lc = login_getpwclass(pwd); @@ -479,7 +608,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); - pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name); edited = 1; } @@ -511,7 +640,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); - pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name); edited = 1; if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) @@ -521,74 +650,15 @@ pw_user(int mode, char *name, long id, struct cargs * args) /* * Shared add/edit code */ - if ((arg = getarg(args, 'c')) != NULL) { - char *gecos = pw_checkname(arg->val, 1); - if (strcmp(pwd->pw_gecos, gecos) != 0) { - pwd->pw_gecos = gecos; + if (conf.gecos != NULL) { + if (strcmp(pwd->pw_gecos, conf.gecos) != 0) { + pwd->pw_gecos = conf.gecos; edited = 1; } } - if ((arg = getarg(args, 'h')) != NULL || - (arg = getarg(args, 'H')) != NULL) { - if (strcmp(arg->val, "-") == 0) { - if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { - pwd->pw_passwd = "*"; /* No access */ - edited = 1; - } - } else { - int fd = atoi(arg->val); - int precrypt = (arg->ch == 'H'); - int b; - int istty = isatty(fd); - struct termios t; - login_cap_t *lc; - - if (istty) { - if (tcgetattr(fd, &t) == -1) - istty = 0; - else { - struct termios n = t; - - /* Disable echo */ - n.c_lflag &= ~(ECHO); - tcsetattr(fd, TCSANOW, &n); - printf("%s%spassword for user %s:", - (mode == M_UPDATE) ? "new " : "", - precrypt ? "encrypted " : "", - pwd->pw_name); - fflush(stdout); - } - } - b = read(fd, line, sizeof(line) - 1); - if (istty) { /* Restore state */ - tcsetattr(fd, TCSANOW, &t); - fputc('\n', stdout); - fflush(stdout); - } - if (b < 0) - err(EX_IOERR, "-%c file descriptor", - precrypt ? 'H' : 'h'); - line[b] = '\0'; - if ((p = strpbrk(line, "\r\n")) != NULL) - *p = '\0'; - if (!*line) - errx(EX_DATAERR, "empty password read on file descriptor %d", fd); - if (precrypt) { - if (strchr(line, ':') != NULL) - return EX_DATAERR; - pwd->pw_passwd = line; - } else { - lc = login_getpwclass(pwd); - if (lc == NULL || - login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_pwcrypt(line); - } - edited = 1; - } - } + if (conf.fd != -1) + edited = set_passwd(pwd, mode == M_UPDATE); /* * Special case: -N only displays & exits @@ -612,30 +682,16 @@ pw_user(int mode, char *name, long id, struct cargs * args) warn("NIS passwd update"); /* NOTE: we treat NIS-only update errors as non-fatal */ } - } else if (mode == M_UPDATE || mode == M_LOCK || mode == M_UNLOCK) { - if (edited) { /* Only updated this if required */ - rc = chgpwent(name, pwd); - if (rc == -1) - errx(EX_IOERR, "user '%s' does not exist (NIS?)", pwd->pw_name); - else if (rc != 0) - err(EX_IOERR, "passwd file update"); - if ( cnf->nispasswd && *cnf->nispasswd=='/') { - rc = chgnispwent(cnf->nispasswd, name, pwd); - if (rc == -1) - warn("User '%s' not found in NIS passwd", pwd->pw_name); - else - warn("NIS passwd update"); - /* NOTE: NIS-only update errors are not fatal */ - } - } - } + } else if (mode == M_UPDATE && edited) /* Only updated this if required */ + perform_chgpwent(name, pwd); /* * Ok, user is created or changed - now edit group file */ if (mode == M_ADD || getarg(args, 'G') != NULL) { - int i, j; + int j; + size_t i; /* First remove the user from all group */ SETGRENT(); while ((grp = GETGRENT()) != NULL) { @@ -654,8 +710,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) ENDGRENT(); /* now add to group where needed */ - for (i = 0; cnf->groups[i] != NULL; i++) { - grp = GETGRNAM(cnf->groups[i]); + for (i = 0; i < cnf->groups->sl_cur; i++) { + grp = GETGRNAM(cnf->groups->sl_str[i]); grp = gr_add(grp, pwd->pw_name); /* * grp can only be NULL in 2 cases: @@ -665,7 +721,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (grp == NULL) continue; - chggrent(cnf->groups[i], grp); + chggrent(grp->gr_name, grp); free(grp); } } @@ -696,12 +752,12 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (mode == M_ADD) { if (PWALTDIR() != PWF_ALT) { - arg = getarg(args, 'R'); - snprintf(path, sizeof(path), "%s%s/%s", - arg ? arg->val : "", _PATH_MAILDIR, pwd->pw_name); - close(open(path, O_RDWR | O_CREAT, 0600)); /* Preserve contents & - * mtime */ - chown(path, pwd->pw_uid, pwd->pw_gid); + snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, + pwd->pw_name); + close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, + 0600)); /* Preserve contents & mtime */ + fchownat(conf.rootfd, path + 1, pwd->pw_uid, + pwd->pw_gid, AT_SYMLINK_NOFOLLOW); } } @@ -712,7 +768,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (PWALTDIR() != PWF_ALT && getarg(args, 'm') != NULL && pwd->pw_dir && *pwd->pw_dir == '/' && pwd->pw_dir[1]) - create_and_populate_homedir(mode, pwd); + create_and_populate_homedir(pwd); /* * Finally, send mail to the new user as well, if we are asked to @@ -748,7 +804,7 @@ pw_uidpolicy(struct userconf * cnf, long id) /* * Check the given uid, if any */ - if (id > 0) { + if (id >= 0) { uid = (uid_t) id; if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) @@ -823,10 +879,7 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { gid = grp->gr_gid; /* Already created? Use it anyway... */ } else { - struct cargs grpargs; - char tmp[32]; - - LIST_INIT(&grpargs); + gid_t grid = -1; /* * We need to auto-create a group with the user's name. We @@ -837,26 +890,15 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) * user's name dups an existing group, then the group add * function will happily handle that case for us and exit. */ - if (GETGRGID(prefer) == NULL) { - snprintf(tmp, sizeof(tmp), "%u", prefer); - addarg(&grpargs, 'g', tmp); - } + if (GETGRGID(prefer) == NULL) + grid = prefer; if (conf.dryrun) { - addarg(&grpargs, 'q', NULL); - gid = pw_group(M_NEXT, nam, -1, &grpargs); - } - else - { - pw_group(M_ADD, nam, -1, &grpargs); + gid = pw_groupnext(cnf, true); + } else { + pw_group(M_ADD, nam, grid, NULL); if ((grp = GETGRNAM(nam)) != NULL) gid = grp->gr_gid; } - a_gid = LIST_FIRST(&grpargs); - while (a_gid != NULL) { - struct carg *t = LIST_NEXT(a_gid, list); - LIST_REMOVE(a_gid, list); - a_gid = t; - } } ENDGRENT(); return gid; @@ -986,7 +1028,7 @@ pw_pwcrypt(char *password) static char * -pw_password(struct userconf * cnf, struct cargs * args, char const * user) +pw_password(struct userconf * cnf, char const * user) { int i, l; char pwbuf[32]; @@ -1001,8 +1043,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user) /* * We give this information back to the user */ - if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL && - !conf.dryrun) { + if (conf.fd == -1 && !conf.dryrun) { if (isatty(STDOUT_FILENO)) printf("Password for '%s' is: ", user); printf("%s\n", pwbuf); @@ -1025,30 +1066,40 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user) } static int -delete_user(struct userconf *cnf, struct passwd *pwd, char *name, - int delete, int mode) +pw_userdel(char *name, long id) { + struct passwd *pwd = NULL; char file[MAXPATHLEN]; char home[MAXPATHLEN]; - uid_t uid = pwd->pw_uid; + uid_t uid; struct group *gr, *grp; char grname[LOGNAMESIZE]; int rc; struct stat st; + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + uid = pwd->pw_uid; + if (name == NULL) + name = pwd->pw_name; + if (strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "cannot remove user 'root'"); - if (!PWALTDIR()) { - /* - * Remove opie record from /etc/opiekeys - */ + /* Remove opie record from /etc/opiekeys */ + if (PWALTDIR() != PWF_ALT) rmopie(pwd->pw_name); - /* - * Remove crontabs - */ + if (!PWALTDIR()) { + /* Remove crontabs */ snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); if (access(file, F_OK) == 0) { snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); @@ -1073,10 +1124,11 @@ delete_user(struct userconf *cnf, struct passwd *pwd, char *name, else if (rc != 0) err(EX_IOERR, "passwd update"); - if (cnf->nispasswd && *cnf->nispasswd=='/') { - rc = delnispwent(cnf->nispasswd, name); + if (conf.userconf->nispasswd && *conf.userconf->nispasswd=='/') { + rc = delnispwent(conf.userconf->nispasswd, name); if (rc == -1) - warnx("WARNING: user '%s' does not exist in NIS passwd", pwd->pw_name); + warnx("WARNING: user '%s' does not exist in NIS passwd", + pwd->pw_name); else if (rc != 0) warn("WARNING: NIS passwd update"); /* non-fatal */ @@ -1106,30 +1158,26 @@ delete_user(struct userconf *cnf, struct passwd *pwd, char *name, } ENDGRENT(); - pw_log(cnf, mode, W_USER, "%s(%u) account removed", name, uid); - - if (!PWALTDIR()) { - /* - * Remove mail file - */ - remove(file); - - /* - * Remove at jobs - */ - if (getpwuid(uid) == NULL) - rmat(uid); - - /* - * Remove home directory and contents - */ - if (delete && *home == '/' && getpwuid(uid) == NULL && - stat(home, &st) != -1) { - rm_r(home, uid); - pw_log(cnf, mode, W_USER, "%s(%u) home '%s' %sremoved", - name, uid, home, - stat(home, &st) == -1 ? "" : "not completely "); - } + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) account removed", name, + uid); + + /* Remove mail file */ + if (PWALTDIR() != PWF_ALT) + unlinkat(conf.rootfd, file + 1, 0); + + /* Remove at jobs */ + if (!PWALTDIR() && getpwuid(uid) == NULL) + rmat(uid); + + /* Remove home directory and contents */ + if (PWALTDIR() != PWF_ALT && conf.deletehome && *home == '/' && + getpwuid(uid) == NULL && + fstatat(conf.rootfd, home + 1, &st, 0) != -1) { + rm_r(conf.rootfd, home, uid); + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %s" + "removed", name, uid, home, + fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " + "completely "); } return (EXIT_SUCCESS); @@ -1303,27 +1351,29 @@ rmat(uid_t uid) static void rmopie(char const * name) { - static const char etcopie[] = "/etc/opiekeys"; - FILE *fp = fopen(etcopie, "r+"); - - if (fp != NULL) { - char tmp[1024]; - off_t atofs = 0; - int length = strlen(name); - - while (fgets(tmp, sizeof tmp, fp) != NULL) { - if (strncmp(name, tmp, length) == 0 && tmp[length]==' ') { - if (fseek(fp, atofs, SEEK_SET) == 0) { - fwrite("#", 1, 1, fp); /* Comment username out */ - } - break; - } - atofs = ftell(fp); + char tmp[1014]; + FILE *fp; + int fd; + size_t len; + off_t atofs = 0; + + if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1) + return; + + fp = fdopen(fd, "r+"); + len = strlen(name); + + while (fgets(tmp, sizeof(tmp), fp) != NULL) { + if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') { + /* Comment username out */ + if (fseek(fp, atofs, SEEK_SET) == 0) + fwrite("#", 1, 1, fp); + break; } - /* - * If we got an error of any sort, don't update! - */ - fclose(fp); + atofs = ftell(fp); } + /* + * If we got an error of any sort, don't update! + */ + fclose(fp); } - diff --git a/pw/pw_vpw.c b/pw/pw_vpw.c index 99663be..a23c66e 100644 --- a/pw/pw_vpw.c +++ b/pw/pw_vpw.c @@ -38,6 +38,7 @@ static const char rcsid[] = #include <string.h> #include <stdlib.h> #include <sys/param.h> +#include <err.h> #include "pwupd.h" @@ -80,6 +81,9 @@ vnextpwent(char const *nam, uid_t uid, int doclose) if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; pw = pw_scan(line, PWSCAN_MASTER); + if (pw == NULL) + errx(EXIT_FAILURE, "Invalid user entry in '%s':" + " '%s'", getpwpath(_MASTERPASSWD), line); if (uid != (uid_t)-1) { if (uid == pw->pw_uid) break; @@ -160,6 +164,9 @@ vnextgrent(char const *nam, gid_t gid, int doclose) if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; gr = gr_scan(line); + if (gr == NULL) + errx(EXIT_FAILURE, "Invalid group entry in '%s':" + " '%s'", getgrpath(_GROUP), line); if (gid != (gid_t)-1) { if (gid == gr->gr_gid) break; @@ -36,6 +36,7 @@ #include <pwd.h> #include <grp.h> #include <stdbool.h> +#include <stringlist.h> #if defined(__FreeBSD__) #define RET_SETGRENT int @@ -58,26 +59,25 @@ struct pwf { }; struct userconf { - int default_password; /* Default password for new users? */ - int reuse_uids; /* Reuse uids? */ - int reuse_gids; /* Reuse gids? */ - char *nispasswd; /* Path to NIS version of the passwd file */ - char *dotdir; /* Where to obtain skeleton files */ - char *newmail; /* Mail to send to new accounts */ - char *logfile; /* Where to log changes */ - char *home; /* Where to create home directory */ - mode_t homemode; /* Home directory permissions */ - char *shelldir; /* Where shells are located */ - char **shells; /* List of shells */ - char *shell_default; /* Default shell */ - char *default_group; /* Default group number */ - char **groups; /* Default (additional) groups */ - char *default_class; /* Default user class */ - uid_t min_uid, max_uid; /* Allowed range of uids */ - gid_t min_gid, max_gid; /* Allowed range of gids */ - int expire_days; /* Days to expiry */ - int password_days; /* Days to password expiry */ - int numgroups; /* (internal) size of default_group array */ + int default_password; /* Default password for new users? */ + int reuse_uids; /* Reuse uids? */ + int reuse_gids; /* Reuse gids? */ + char *nispasswd; /* Path to NIS version of the passwd file */ + char *dotdir; /* Where to obtain skeleton files */ + char *newmail; /* Mail to send to new accounts */ + char *logfile; /* Where to log changes */ + char *home; /* Where to create home directory */ + mode_t homemode; /* Home directory permissions */ + char *shelldir; /* Where shells are located */ + char **shells; /* List of shells */ + char *shell_default; /* Default shell */ + char *default_group; /* Default group number */ + StringList *groups; /* Default (additional) groups */ + char *default_class; /* Default user class */ + uid_t min_uid, max_uid; /* Allowed range of uids */ + gid_t min_gid, max_gid; /* Allowed range of gids */ + int expire_days; /* Days to expiry */ + int password_days; /* Days to password expiry */ }; struct pwconf { @@ -85,10 +85,19 @@ struct pwconf { char etcpath[MAXPATHLEN]; char *newname; char *config; + char *gecos; + int fd; + int rootfd; + int which; + bool quiet; + bool force; + bool all; bool dryrun; bool pretty; bool v7; bool checkduplicate; + bool deletehome; + bool precrypted; struct userconf *userconf; }; @@ -148,9 +157,9 @@ struct group * vgetgrnam(const char * nam); RET_SETGRENT vsetgrent(void); void vendgrent(void); -void copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid); -void rm_r(char const * dir, uid_t uid); -int extendarray(char ***buf, int *buflen, int needed); +void copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid, + gid_t gid, int flags); +void rm_r(int rootfd, char const * dir, uid_t uid); __END_DECLS #endif /* !_PWUPD_H */ @@ -37,39 +37,37 @@ static const char rcsid[] = #include <sys/param.h> #include <unistd.h> #include <dirent.h> +#include <fcntl.h> #include "pwupd.h" void -rm_r(char const * dir, uid_t uid) +rm_r(int rootfd, const char *path, uid_t uid) { - DIR *d = opendir(dir); + int dirfd; + DIR *d; + struct dirent *e; + struct stat st; - if (d != NULL) { - struct dirent *e; - struct stat st; - char file[MAXPATHLEN]; + if (*path == '/') + path++; - while ((e = readdir(d)) != NULL) { - if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0) { - snprintf(file, sizeof(file), "%s/%s", dir, e->d_name); - if (lstat(file, &st) == 0) { /* Need symlinks, not - * linked file */ - if (S_ISDIR(st.st_mode)) /* Directory - recurse */ - rm_r(file, uid); - else { - if (S_ISLNK(st.st_mode) || st.st_uid == uid) - remove(file); - } - } - } - } - closedir(d); - if (lstat(dir, &st) == 0) { - if (S_ISLNK(st.st_mode)) - remove(dir); - else if (st.st_uid == uid) - rmdir(dir); - } + dirfd = openat(rootfd, path, O_DIRECTORY); + + d = fdopendir(dirfd); + while ((e = readdir(d)) != NULL) { + if (strcmp(e->d_name, ".") == 0 || strcmp(e->d_name, "..") == 0) + continue; + + if (fstatat(dirfd, e->d_name, &st, AT_SYMLINK_NOFOLLOW) != 0) + continue; + if (S_ISDIR(st.st_mode)) + rm_r(dirfd, e->d_name, uid); + else if (S_ISLNK(st.st_mode) || st.st_uid == uid) + unlinkat(dirfd, e->d_name, 0); } + closedir(d); + if (fstatat(rootfd, path, &st, AT_SYMLINK_NOFOLLOW) != 0) + return; + unlinkat(rootfd, path, S_ISDIR(st.st_mode) ? AT_REMOVEDIR : 0); } |