From 50568f27d680f3a286fdcfaebb5e4f361c4c7e8b Mon Sep 17 00:00:00 2001 From: Marcel Moolenaar Date: Wed, 10 Mar 2010 02:16:04 +0000 Subject: Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD. --- adduser/Makefile | 6 - adduser/adduser.8 | 480 ------------------ adduser/adduser.conf.5 | 221 --------- adduser/adduser.sh | 1050 --------------------------------------- adduser/rmuser.8 | 210 -------- adduser/rmuser.sh | 361 -------------- chpass/Makefile | 49 -- chpass/chpass.1 | 492 ------------------- chpass/chpass.c | 302 ------------ chpass/chpass.h | 79 --- chpass/edit.c | 296 ----------- chpass/field.c | 261 ---------- chpass/table.c | 69 --- chpass/util.c | 182 ------- libc/gen/pw_scan.c | 212 -------- libc/gen/pw_scan.h | 36 -- libc/stdlib/strtonum.c | 68 --- libutil/_secure_path.c | 74 --- libutil/flopen.c | 105 ---- libutil/gr_util.c | 250 ---------- libutil/libutil.h | 212 -------- libutil/login_cap.c | 819 ------------------------------- libutil/login_cap.h | 166 ------- libutil/login_crypt.c | 50 -- libutil/pw_util.c | 621 ----------------------- pw/Makefile | 14 - pw/README | 22 - pw/bitmap.c | 132 ----- pw/bitmap.h | 50 -- pw/cpdir.c | 130 ----- pw/edgroup.c | 229 --------- pw/fileupd.c | 203 -------- pw/grupd.c | 171 ------- pw/psdate.c | 295 ----------- pw/psdate.h | 40 -- pw/pw.8 | 1001 ------------------------------------- pw/pw.c | 456 ----------------- pw/pw.conf.5 | 318 ------------ pw/pw.h | 132 ----- pw/pw_conf.c | 516 -------------------- pw/pw_group.c | 423 ---------------- pw/pw_log.c | 68 --- pw/pw_nis.c | 72 --- pw/pw_user.c | 1274 ------------------------------------------------ pw/pw_vpw.c | 316 ------------ pw/pwupd.c | 213 -------- pw/pwupd.h | 160 ------ pw/rm_r.c | 75 --- 48 files changed, 12981 deletions(-) delete mode 100644 adduser/Makefile delete mode 100644 adduser/adduser.8 delete mode 100644 adduser/adduser.conf.5 delete mode 100644 adduser/adduser.sh delete mode 100644 adduser/rmuser.8 delete mode 100644 adduser/rmuser.sh delete mode 100644 chpass/Makefile delete mode 100644 chpass/chpass.1 delete mode 100644 chpass/chpass.c delete mode 100644 chpass/chpass.h delete mode 100644 chpass/edit.c delete mode 100644 chpass/field.c delete mode 100644 chpass/table.c delete mode 100644 chpass/util.c delete mode 100644 libc/gen/pw_scan.c delete mode 100644 libc/gen/pw_scan.h delete mode 100644 libc/stdlib/strtonum.c delete mode 100644 libutil/_secure_path.c delete mode 100644 libutil/flopen.c delete mode 100644 libutil/gr_util.c delete mode 100644 libutil/libutil.h delete mode 100644 libutil/login_cap.c delete mode 100644 libutil/login_cap.h delete mode 100644 libutil/login_crypt.c delete mode 100644 libutil/pw_util.c delete mode 100644 pw/Makefile delete mode 100644 pw/README delete mode 100644 pw/bitmap.c delete mode 100644 pw/bitmap.h delete mode 100644 pw/cpdir.c delete mode 100644 pw/edgroup.c delete mode 100644 pw/fileupd.c delete mode 100644 pw/grupd.c delete mode 100644 pw/psdate.c delete mode 100644 pw/psdate.h delete mode 100644 pw/pw.8 delete mode 100644 pw/pw.c delete mode 100644 pw/pw.conf.5 delete mode 100644 pw/pw.h delete mode 100644 pw/pw_conf.c delete mode 100644 pw/pw_group.c delete mode 100644 pw/pw_log.c delete mode 100644 pw/pw_nis.c delete mode 100644 pw/pw_user.c delete mode 100644 pw/pw_vpw.c delete mode 100644 pw/pwupd.c delete mode 100644 pw/pwupd.h delete mode 100644 pw/rm_r.c diff --git a/adduser/Makefile b/adduser/Makefile deleted file mode 100644 index 0ca2dae..0000000 --- a/adduser/Makefile +++ /dev/null @@ -1,6 +0,0 @@ -# $FreeBSD$ - -SCRIPTS=adduser.sh rmuser.sh -MAN= adduser.conf.5 adduser.8 rmuser.8 - -.include diff --git a/adduser/adduser.8 b/adduser/adduser.8 deleted file mode 100644 index 03f7e34..0000000 --- a/adduser/adduser.8 +++ /dev/null @@ -1,480 +0,0 @@ -.\" Copyright (c) 1995-1996 Wolfram Schneider . Berlin. -.\" All rights reserved. -.\" Copyright (c) 2002-2004 Michael Telahun Makonnen -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd March 16, 2008 -.Dt ADDUSER 8 -.Os -.Sh NAME -.Nm adduser -.Nd command for adding new users -.Sh SYNOPSIS -.Nm -.Op Fl CDENShq -.Op Fl G Ar groups -.Op Fl L Ar login_class -.Op Fl M Ar mode -.Op Fl d Ar partition -.Op Fl f Ar file -.Op Fl g Ar login_group -.Op Fl k Ar dotdir -.Op Fl m Ar message_file -.Op Fl s Ar shell -.Op Fl u Ar uid_start -.Op Fl w Ar type -.Sh DESCRIPTION -The -.Nm -utility is a shell script, implemented around the -.Xr pw 8 -command, for adding new users. -It creates passwd/group entries, a home directory, -copies dotfiles and sends the new user a welcome message. -It supports two modes of operation. -It may be used interactively -at the command line to add one user at a time, or it may be directed -to get the list of new users from a file and operate in batch mode -without requiring any user interaction. -.Sh RESTRICTIONS -.Bl -tag -width indent -.It username -Login name. -The user name is restricted to whatever -.Xr pw 8 -will accept. -Generally this means it -may contain only lowercase characters or digits but cannot begin with the -.Ql - -character. -Maximum length -is 16 characters. -The reasons for this limit are historical. -Given that people have traditionally wanted to break this -limit for aesthetic reasons, it has never been of great importance to break -such a basic fundamental parameter in -.Ux . -You can change -.Dv UT_NAMESIZE -in -.In utmp.h -and recompile the -world; people have done this and it works, but you will have problems -with any precompiled programs, or source that assumes the 8-character -name limit, such as NIS. -The NIS protocol mandates an 8-character username. -If you need a longer login name for e-mail addresses, -you can define an alias in -.Pa /etc/mail/aliases . -.It "full name" -This is typically known as the gecos field and usually contains -the user's full name. -Additionally, it may contain a comma separated -list of values such as office number and work and home phones. -If the -name contains an ampersand it will be replaced by the capitalized -login name when displayed by other programs. -The -.Ql \&: -character is not allowed. -.It shell -Unless the -.Fl S -argument is supplied only valid shells from the shell database -.Pq Pa /etc/shells -are allowed. -In addition, -either the base name or the full path of the shell may be supplied. -.It UID -Automatically generated or your choice. -It must be less than 32000. -.It "GID/login group" -Automatically generated or your choice. -It must be less than 32000. -.It password -You may choose an empty password, disable the password, use a -randomly generated password or specify your own plaintext password, -which will be encrypted before being stored in the user database. -.El -.Sh UNIQUE GROUPS -Perhaps you are missing what -.Em can -be done with this scheme that falls apart -with most other schemes. -With each user in their own group, -they can safely run with a umask of 002 instead of the usual 022 -and create files in their home directory -without worrying about others being able to change them. -.Pp -For a shared area you create a separate UID/GID (like cvs or ncvs on freefall), -you place each person that should be able to access this area into that new -group. -.Pp -This model of UID/GID administration allows far greater flexibility than lumping -users into groups and having to muck with the umask when working in a shared -area. -.Pp -I have been using this model for almost 10 years and found that it works -for most situations, and has never gotten in the way. -(Rod Grimes) -.Sh CONFIGURATION -The -.Nm -utility reads its configuration information from -.Pa /etc/adduser.conf . -If this file does not exist, it will use predefined defaults. -While this file may be edited by hand, -the safer option is to use the -.Fl C -command line argument. -With this argument, -.Nm -will start interactive input, save the answers to its prompts in -.Pa /etc/adduser.conf , -and promptly exit without modifying the user -database. -Options specified on the command line will take precedence over -any values saved in this file. -.Sh OPTIONS -.Bl -tag -width indent -.It Fl C -Create new configuration file and exit. -This option is mutually exclusive with the -.Fl f -option. -.It Fl d Ar partition -Home partition. -Default partition, under which all user directories -will be located. -The -.Pa /nonexistent -partition is considered special. -The -.Nm -script will not create and populate a home directory by that name. -Otherwise, -by default it attempts to create a home directory. -.It Fl D -Do not attempt to create the home directory. -.It Fl E -Disable the account. -This option will lock the account by prepending the string -.Dq Li *LOCKED* -to the password field. -The account may be unlocked -by the super-user with the -.Xr pw 8 -command: -.Pp -.D1 Nm pw Cm unlock Op Ar name | uid -.It Fl f Ar file -Get the list of accounts to create from -.Ar file . -If -.Ar file -is -.Dq Fl , -then get the list from standard input. -If this option is specified, -.Nm -will operate in batch mode and will not seek any user input. -If an error is encountered while processing an account, it will write a -message to standard error and move to the next account. -The format -of the input file is described below. -.It Fl g Ar login_group -Normally, -if no login group is specified, -it is assumed to be the same as the username. -This option makes -.Ar login_group -the default. -.It Fl G Ar groups -Space-separated list of additional groups. -This option allows the user to specify additional groups to add users to. -The user is a member of these groups in addition to their login group. -.It Fl h -Print a summary of options and exit. -.It Fl k Ar directory -Copy files from -.Ar directory -into the home -directory of new users; -.Pa dot.foo -will be renamed to -.Pa .foo . -.It Fl L Ar login_class -Set default login class. -.It Fl m Ar file -Send new users a welcome message from -.Ar file . -Specifying a value of -.Cm no -for -.Ar file -causes no message to be sent to new users. -Please note that the message -file can reference the internal variables of the -.Nm -script. -.It Fl M Ar mode -Create the home directory with permissions set to -.Ar mode . -.It Fl N -Do not read the default configuration file. -.It Fl q -Minimal user feedback. -In particular, the random password will not be echoed to -standard output. -.It Fl s Ar shell -Default shell for new users. -The -.Ar shell -argument may be the base name of the shell or the full path. -Unless the -.Fl S -argument is supplied the shell must exist in -.Pa /etc/shells -or be the special shell -.Em nologin -to be considered a valid shell. -.It Fl S -The existence or validity of the specified shell will not be checked. -.It Fl u Ar uid -Use UIDs from -.Ar uid -on up. -.It Fl w Ar type -Password type. -The -.Nm -utility allows the user to specify what type of password to create. -The -.Ar type -argument may have one of the following values: -.Bl -tag -width ".Cm random" -.It Cm no -Disable the password. -Instead of an encrypted string, the password field will contain a single -.Ql * -character. -The user may not log in until the super-user -manually enables the password. -.It Cm none -Use an empty string as the password. -.It Cm yes -Use a user-supplied string as the password. -In interactive mode, -the user will be prompted for the password. -In batch mode, the -last (10th) field in the line is assumed to be the password. -.It Cm random -Generate a random string and use it as a password. -The password will be echoed to standard output. -In addition, it will be available for inclusion in the message file in the -.Va randompass -variable. -.El -.El -.Sh FORMAT -When the -.Fl f -option is used, the account information must be stored in a specific -format. -All empty lines or lines beginning with a -.Ql # -will be ignored. -All other lines must contain ten colon -.Pq Ql \&: -separated fields as described below. -Command line options do not take precedence -over values in the fields. -Only the password field may contain a -.Ql \&: -character as part of the string. -.Pp -.Sm off -.D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password -.Sm on -.Bl -tag -width ".Ar password" -.It Ar name -Login name. -This field may not be empty. -.It Ar uid -Numeric login user ID. -If this field is left empty, it will be automatically generated. -.It Ar gid -Numeric primary group ID. -If this field is left empty, a group with the -same name as the user name will be created and its GID will be used -instead. -.It Ar class -Login class. -This field may be left empty. -.It Ar change -Password ageing. -This field denotes the password change date for the account. -The format of this field is the same as the format of the -.Fl p -argument to -.Xr pw 8 . -It may be -.Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy , -where -.Ar dd -is for the day, -.Ar mmm -is for the month in numeric or alphabetical format: -.Dq Li 10 -or -.Dq Li Oct , -and -.Ar yy Ns Op Ar yy -is the four or two digit year. -To denote a time relative to the current date the format is: -.No + Ns Ar n Ns Op Ar mhdwoy , -where -.Ar n -denotes a number, followed by the minutes, hours, days, weeks, -months or years after which the password must be changed. -This field may be left empty to turn it off. -.It Ar expire -Account expiration. -This field denotes the expiry date of the account. -The account may not be used after the specified date. -The format of this field is the same as that for password ageing. -This field may be left empty to turn it off. -.It Ar gecos -Full name and other extra information about the user. -.It Ar home_dir -Home directory. -If this field is left empty, it will be automatically -created by appending the username to the home partition. -The -.Pa /nonexistent -home directory is considered special and -is understood to mean that no home directory is to be -created for the user. -.It Ar shell -Login shell. -This field should contain either the base name or -the full path to a valid login shell. -.It Ar password -User password. -This field should contain a plaintext string, which will -be encrypted before being placed in the user database. -If the password type is -.Cm yes -and this field is empty, it is assumed the account will have an empty password. -If the password type is -.Cm random -and this field is -.Em not -empty, its contents will be used -as a password. -This field will be ignored if the -.Fl w -option is used with a -.Cm no -or -.Cm none -argument. -Be careful not to terminate this field with a closing -.Ql \&: -because it will be treated as part of the password. -.El -.Sh FILES -.Bl -tag -width ".Pa /etc/adduser.message" -compact -.It Pa /etc/master.passwd -user database -.It Pa /etc/group -group database -.It Pa /etc/shells -shell database -.It Pa /etc/login.conf -login classes database -.It Pa /etc/adduser.conf -configuration file for -.Nm -.It Pa /etc/adduser.message -message file for -.Nm -.It Pa /usr/share/skel -skeletal login directory -.It Pa /var/log/adduser -logfile for -.Nm -.El -.Sh SEE ALSO -.Xr chpass 1 , -.Xr passwd 1 , -.Xr adduser.conf 5 , -.Xr aliases 5 , -.Xr group 5 , -.Xr login.conf 5 , -.Xr passwd 5 , -.Xr shells 5 , -.Xr adding_user 8 , -.Xr pw 8 , -.Xr pwd_mkdb 8 , -.Xr rmuser 8 , -.Xr vipw 8 , -.Xr yp 8 -.Sh HISTORY -The -.Nm -command appeared in -.Fx 2.1 . -.Sh AUTHORS -.An -nosplit -This manual page and the original script, in Perl, was written by -.An Wolfram Schneider Aq wosch@FreeBSD.org . -The replacement script, written as a Bourne -shell script with some enhancements, and the man page modification that -came with it were done by -.An Mike Makonnen Aq mtm@identd.net . -.Sh BUGS -In order for -.Nm -to correctly expand variables such as -.Va $username -and -.Va $randompass -in the message sent to new users, it must let the shell evaluate -each line of the message file. -This means that shell commands can also be embedded in the message file. -The -.Nm -utility attempts to mitigate the possibility of an attacker using this -feature by refusing to evaluate the file if it is not owned and writable -only by the root user. -In addition, shell special characters and operators will have to be -escaped when used in the message file. -.Pp -Also, password ageing and account expiry times are currently settable -only in batch mode or when specified in -.Pa /etc/adduser.conf . -The user should be able to set them in interactive mode as well. diff --git a/adduser/adduser.conf.5 b/adduser/adduser.conf.5 deleted file mode 100644 index a78aeea..0000000 --- a/adduser/adduser.conf.5 +++ /dev/null @@ -1,221 +0,0 @@ -.\" -.\" Copyright (c) 2004 Tom Rhodes -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd April 12, 2007 -.Dt ADDUSER.CONF 5 -.Os -.Sh NAME -.Nm adduser.conf -.Nd -.Xr adduser 8 -configuration file -.Sh DESCRIPTION -The -.Pa /etc/adduser.conf -file is automatically generated by the -.Xr adduser 8 -utility when invoked with the -.Fl C -command-line option. -It is not meant to be edited by hand. -.Pp -The -.Pa /etc/adduser.conf -file is used to pre-set certain configuration options for -the -.Xr adduser 8 -utility. -When -.Xr adduser 8 -is invoked, it will check to see if this file exists, and -if so, the configuration will be used or offered as the -default settings. -The -.Nm -file offers three types of configuration: -.Bl -bullet -.It -Default settings offered by -.Xr adduser 8 . -These options are specified in the configuration file and offered -as the default during every invocation of the -.Xr adduser 8 -utility. -.It -Configuration options which can be set in -.Nm , -but overridden by passing a flag to -.Xr adduser 8 . -.It -Configuration supported by -.Xr adduser 8 -but not offered by a flag or during initial invocation. -.El -.Pp -In the first case, these options can be set in -.Nm -but will still be offered when -.Xr adduser 8 -is invoked. -In the second case, -.Xr adduser 8 -will read the configuration data unless a flag -has been passed to override it. -For example, the -.Va defaultshell -option. -In the third case, the configuration will be utilized, but the -user will never be prompted to modify the default setting by -either a flag or an -.Xr adduser 8 -prompt. -For example, the -.Va upwexpire -setting. -.Pp -The following configuration options can be set in -.Nm : -.Bl -tag -width ".Va defaultgroups" -offset indent -.It Va defaultLgroup -The default group new users will be added to. -.It Va defaultclass -The default class to place users in as described in -.Xr login.conf 5 . -.It Va defaultgroups -This option is used to specify what other groups the new account -should be added to. -.It Va passwdtype -May be one of -.Cm no , none , random , -or -.Cm yes , -as described in -.Xr adduser 8 . -As such, the text is not duplicated here and may be -read in -.Xr adduser 8 . -.It Va homeprefix -The default home directory prefix, usually -.Pa /home . -.It Va defaultshell -The user's default shell which may be any of the shells listed in -.Xr shells 5 . -.It Va udotdir -Defines the location of the default shell and environment -configuration files. -.It Va msgfile -Location of the default new user message file. -This message will be sent to all new users if specified -here or at the -.Xr adduser 8 -prompt. -.It Va disableflag -The default message enclosed in brackets for the -lock account prompt. -.It Va upwexpire -The default password expiration time. -Format of the date is either a -.Ux -time in decimal, or a date in -.Sm off -.Ar dd No - Ar mmm No - Ar yy Op Ar yy -.Sm on -format, where -.Ar dd -is the day, -.Ar mmm -is the month in either numeric or -alphabetic format, and -.Ar yy Ns Op Ar yy -is either a two or four digit year. -This option also accepts a relative date in the form of -.Sm off -.Ar n Op Ar m h d w o y -.Sm on -where -.Ar n -is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit -followed by the number of Minutes, Hours, Days, Weeks, Months or -Years from the current date at -which the expiration time is to be set. -.It Va uexpire -The default account expire time. -The format is similar to the -.Va upwexpire -option. -.It Va ugecos -The default information to be held in the GECOS field of -.Pa /etc/master.passwd . -.It Va uidstart -The default user ID setting. -This must be a number above 1000 and fewer than 65534. -.El -.Sh EXAMPLES -The following is an example -.Nm -file created with the -.Fl C -.Xr adduser 8 -flag and modified. -.Bd -literal -offset indent -# Configuration file for adduser(8). -# NOTE: only *some* variables are saved. -# Last Modified on Fri Mar 30 14:04:05 EST 2004. - -defaultLgroup= -defaultclass= -defaultgroups= -passwdtype=yes -homeprefix=/home -defaultshell=/bin/csh -udotdir=/usr/share/skel -msgfile=/etc/adduser.msg -disableflag= -upwexpire=91d # Expire passwords 91 days after creation. -.Ed -.Sh SEE ALSO -.Xr group 5 , -.Xr passwd 5 , -.Xr adduser 8 , -.Xr pw 8 , -.Xr rmuser 8 -.Sh HISTORY -The -.Nm -manual page first appeared in -.Fx 5.3 . -.Sh BUGS -The internal variables documented here may change without notice. -Do not rely on them. -To modify this file invoke -.Xr adduser 8 -with the -.Fl C -option instead. -.Sh AUTHORS -This manual page was written by -.An Tom Rhodes Aq trhodes@FreeBSD.org . diff --git a/adduser/adduser.sh b/adduser/adduser.sh deleted file mode 100644 index 8e05f33..0000000 --- a/adduser/adduser.sh +++ /dev/null @@ -1,1050 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2002-2004 Michael Telahun Makonnen. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# Email: Mike Makonnen -# -# $FreeBSD$ -# - -# err msg -# Display $msg on stderr, unless we're being quiet. -# -err() { - if [ -z "$quietflag" ]; then - echo 1>&2 ${THISCMD}: ERROR: $* - fi -} - -# info msg -# Display $msg on stdout, unless we're being quiet. -# -info() { - if [ -z "$quietflag" ]; then - echo ${THISCMD}: INFO: $* - fi -} - -# get_nextuid -# Output the value of $_uid if it is available for use. If it -# is not, output the value of the next higher uid that is available. -# If a uid is not specified, output the first available uid, as indicated -# by pw(8). -# -get_nextuid () { - _uid=$1 - _nextuid= - - if [ -z "$_uid" ]; then - _nextuid="`${PWCMD} usernext | cut -f1 -d:`" - else - while : ; do - ${PWCMD} usershow $_uid > /dev/null 2>&1 - if [ ! "$?" -eq 0 ]; then - _nextuid=$_uid - break - fi - _uid=$(($_uid + 1)) - done - fi - echo $_nextuid -} - -# show_usage -# Display usage information for this utility. -# -show_usage() { - echo "usage: ${THISCMD} [options]" - echo " options may include:" - echo " -C save to the configuration file only" - echo " -D do not attempt to create the home directory" - echo " -E disable this account after creation" - echo " -G additional groups to add accounts to" - echo " -L login class of the user" - echo " -M file permission for home directory" - echo " -N do not read configuration file" - echo " -S a nonexistent shell is not an error" - echo " -d home directory" - echo " -f file from which input will be received" - echo " -g default login group" - echo " -h display this usage message" - echo " -k path to skeleton home directory" - echo " -m user welcome message file" - echo " -q absolute minimal user feedback" - echo " -s shell" - echo " -u uid to start at" - echo " -w password type: no, none, yes or random" -} - -# valid_shells -# Outputs a list of valid shells from /etc/shells. Only the -# basename of the shell is output. -# -valid_shells() { - _prefix= - cat ${ETCSHELLS} | - while read _path _junk ; do - case $_path in - \#*|'') - ;; - *) - echo -n "${_prefix}`basename $_path`" - _prefix=' ' - ;; - esac - done - - # /usr/sbin/nologin is a special case - [ -x "${NOLOGIN_PATH}" ] && echo -n " ${NOLOGIN}" -} - -# fullpath_from_shell shell -# Given $shell, which is either the full path to a shell or -# the basename component of a valid shell, get the -# full path to the shell from the /etc/shells file. -# -fullpath_from_shell() { - _shell=$1 - [ -z "$_shell" ] && return 1 - - # /usr/sbin/nologin is a special case; it needs to be handled - # before the cat | while loop, since a 'return' from within - # a subshell will not terminate the function's execution, and - # the path to the nologin shell might be printed out twice. - # - if [ "$_shell" = "${NOLOGIN}" -o \ - "$_shell" = "${NOLOGIN_PATH}" ]; then - echo ${NOLOGIN_PATH} - return 0; - fi - - cat ${ETCSHELLS} | - while read _path _junk ; do - case "$_path" in - \#*|'') - ;; - *) - if [ "$_path" = "$_shell" -o \ - "`basename $_path`" = "$_shell" ]; then - echo $_path - return 0 - fi - ;; - esac - done - - return 1 -} - -# shell_exists shell -# If the given shell is listed in ${ETCSHELLS} or it is -# the nologin shell this function will return 0. -# Otherwise, it will return 1. If shell is valid but -# the path is invalid or it is not executable it -# will emit an informational message saying so. -# -shell_exists() { - _sh="$1" - _shellchk="${GREPCMD} '^$_sh$' ${ETCSHELLS} > /dev/null 2>&1" - - if ! eval $_shellchk; then - # The nologin shell is not listed in /etc/shells. - if [ "$_sh" != "${NOLOGIN_PATH}" ]; then - err "Invalid shell ($_sh) for user $username." - return 1 - fi - fi - ! [ -x "$_sh" ] && - info "The shell ($_sh) does not exist or is not executable." - - return 0 -} - -# save_config -# Save some variables to a configuration file. -# Note: not all script variables are saved, only those that -# it makes sense to save. -# -save_config() { - echo "# Configuration file for adduser(8)." > ${ADDUSERCONF} - echo "# NOTE: only *some* variables are saved." >> ${ADDUSERCONF} - echo "# Last Modified on `${DATECMD}`." >> ${ADDUSERCONF} - echo '' >> ${ADDUSERCONF} - echo "defaultHomePerm=$uhomeperm" >> ${ADDUSERCONF} - echo "defaultLgroup=$ulogingroup" >> ${ADDUSERCONF} - echo "defaultclass=$uclass" >> ${ADDUSERCONF} - echo "defaultgroups=$ugroups" >> ${ADDUSERCONF} - echo "passwdtype=$passwdtype" >> ${ADDUSERCONF} - echo "homeprefix=$homeprefix" >> ${ADDUSERCONF} - echo "defaultshell=$ushell" >> ${ADDUSERCONF} - echo "udotdir=$udotdir" >> ${ADDUSERCONF} - echo "msgfile=$msgfile" >> ${ADDUSERCONF} - echo "disableflag=$disableflag" >> ${ADDUSERCONF} - echo "uidstart=$uidstart" >> ${ADDUSERCONF} -} - -# add_user -# Add a user to the user database. If the user chose to send a welcome -# message or lock the account, do so. -# -add_user() { - - # Is this a configuration run? If so, don't modify user database. - # - if [ -n "$configflag" ]; then - save_config - return - fi - - _uid= - _name= - _comment= - _gecos= - _home= - _group= - _grouplist= - _shell= - _class= - _dotdir= - _expire= - _pwexpire= - _passwd= - _upasswd= - _passwdmethod= - - _name="-n '$username'" - [ -n "$uuid" ] && _uid='-u "$uuid"' - [ -n "$ulogingroup" ] && _group='-g "$ulogingroup"' - [ -n "$ugroups" ] && _grouplist='-G "$ugroups"' - [ -n "$ushell" ] && _shell='-s "$ushell"' - [ -n "$uclass" ] && _class='-L "$uclass"' - [ -n "$ugecos" ] && _comment='-c "$ugecos"' - [ -n "$udotdir" ] && _dotdir='-k "$udotdir"' - [ -n "$uexpire" ] && _expire='-e "$uexpire"' - [ -n "$upwexpire" ] && _pwexpire='-p "$upwexpire"' - if [ -z "$Dflag" -a -n "$uhome" ]; then - # The /nonexistent home directory is special. It - # means the user has no home directory. - if [ "$uhome" = "$NOHOME" ]; then - _home='-d "$uhome"' - else - # Use home directory permissions if specified - if [ -n "$uhomeperm" ]; then - _home='-m -d "$uhome" -M "$uhomeperm"' - else - _home='-m -d "$uhome"' - fi - fi - elif [ -n "$Dflag" -a -n "$uhome" ]; then - _home='-d "$uhome"' - fi - case $passwdtype in - no) - _passwdmethod="-w no" - _passwd="-h -" - ;; - yes) - # Note on processing the password: The outer double quotes - # make literal everything except ` and \ and $. - # The outer single quotes make literal ` and $. - # We can ensure the \ isn't treated specially by specifying - # the -r switch to the read command used to obtain the input. - # - _passwdmethod="-w yes" - _passwd="-h 0" - _upasswd='echo "$upass" |' - ;; - none) - _passwdmethod="-w none" - ;; - random) - _passwdmethod="-w random" - ;; - esac - - _pwcmd="$_upasswd ${PWCMD} useradd $_uid $_name $_group $_grouplist $_comment" - _pwcmd="$_pwcmd $_shell $_class $_home $_dotdir $_passwdmethod $_passwd" - _pwcmd="$_pwcmd $_expire $_pwexpire" - - if ! _output=`eval $_pwcmd` ; then - err "There was an error adding user ($username)." - return 1 - else - info "Successfully added ($username) to the user database." - if [ "random" = "$passwdtype" ]; then - randompass="$_output" - info "Password for ($username) is: $randompass" - fi - fi - - if [ -n "$disableflag" ]; then - if ${PWCMD} lock $username ; then - info "Account ($username) is locked." - else - info "Account ($username) could NOT be locked." - fi - fi - - _line= - _owner= - _perms= - if [ -n "$msgflag" ]; then - [ -r "$msgfile" ] && { - # We're evaluating the contents of an external file. - # Let's not open ourselves up for attack. _perms will - # be empty if it's writeable only by the owner. _owner - # will *NOT* be empty if the file is owned by root. - # - _dir="`dirname $msgfile`" - _file="`basename $msgfile`" - _perms=`/usr/bin/find $_dir -name $_file -perm +07022 -prune` - _owner=`/usr/bin/find $_dir -name $_file -user 0 -prune` - if [ -z "$_owner" -o -n "$_perms" ]; then - err "The message file ($msgfile) may be writeable only by root." - return 1 - fi - cat "$msgfile" | - while read _line ; do - eval echo "$_line" - done | ${MAILCMD} -s"Welcome" ${username} - info "Sent welcome message to ($username)." - } - fi -} - -# get_user -# Reads username of the account from standard input or from a global -# variable containing an account line from a file. The username is -# required. If this is an interactive session it will prompt in -# a loop until a username is entered. If it is batch processing from -# a file it will output an error message and return to the caller. -# -get_user() { - _input= - - # No need to take down user names if this is a configuration saving run. - [ -n "$configflag" ] && return - - while : ; do - if [ -z "$fflag" ]; then - echo -n "Username: " - read _input - else - _input="`echo "$fileline" | cut -f1 -d:`" - fi - - # There *must* be a username, and it must not exist. If - # this is an interactive session give the user an - # opportunity to retry. - # - if [ -z "$_input" ]; then - err "You must enter a username!" - [ -z "$fflag" ] && continue - fi - ${PWCMD} usershow $_input > /dev/null 2>&1 - if [ "$?" -eq 0 ]; then - err "User exists!" - [ -z "$fflag" ] && continue - fi - break - done - username="$_input" -} - -# get_gecos -# Reads extra information about the user. Can be used both in interactive -# and batch (from file) mode. -# -get_gecos() { - _input= - - # No need to take down additional user information for a configuration run. - [ -n "$configflag" ] && return - - if [ -z "$fflag" ]; then - echo -n "Full name: " - read _input - else - _input="`echo "$fileline" | cut -f7 -d:`" - fi - ugecos="$_input" -} - -# get_shell -# Get the account's shell. Works in interactive and batch mode. It -# accepts either the base name of the shell or the full path. -# If an invalid shell is entered it will simply use the default shell. -# -get_shell() { - _input= - _fullpath= - ushell="$defaultshell" - - # Make sure the current value of the shell is a valid one - if [ -z "$Sflag" ]; then - if ! shell_exists $ushell ; then - info "Using default shell ${defaultshell}." - ushell="$defaultshell" - fi - fi - - if [ -z "$fflag" ]; then - echo -n "Shell ($shells) [`basename $ushell`]: " - read _input - else - _input="`echo "$fileline" | cut -f9 -d:`" - fi - if [ -n "$_input" ]; then - if [ -n "$Sflag" ]; then - ushell="$_input" - else - _fullpath=`fullpath_from_shell $_input` - if [ -n "$_fullpath" ]; then - ushell="$_fullpath" - else - err "Invalid shell ($_input) for user $username." - info "Using default shell ${defaultshell}." - ushell="$defaultshell" - fi - fi - fi -} - -# get_homedir -# Reads the account's home directory. Used both with interactive input -# and batch input. -# -get_homedir() { - _input= - if [ -z "$fflag" ]; then - echo -n "Home directory [${homeprefix}/${username}]: " - read _input - else - _input="`echo "$fileline" | cut -f8 -d:`" - fi - - if [ -n "$_input" ]; then - uhome="$_input" - # if this is a configuration run, then user input is the home - # directory prefix. Otherwise it is understood to - # be $prefix/$user - # - [ -z "$configflag" ] && homeprefix="`dirname $uhome`" || homeprefix="$uhome" - else - uhome="${homeprefix}/${username}" - fi -} - -# get_homeperm -# Reads the account's home directory permissions. -# -get_homeperm() { - uhomeperm=$defaultHomePerm - _input= - _prompt= - - if [ -n "$uhomeperm" ]; then - _prompt="Home directory permissions [${uhomeperm}]: " - else - _prompt="Home directory permissions (Leave empty for default): " - fi - if [ -z "$fflag" ]; then - echo -n "$_prompt" - read _input - fi - - if [ -n "$_input" ]; then - uhomeperm="$_input" - fi -} - -# get_uid -# Reads a numeric userid in an interactive or batch session. Automatically -# allocates one if it is not specified. -# -get_uid() { - uuid=${uidstart} - _input= - _prompt= - - if [ -n "$uuid" ]; then - _prompt="Uid [$uuid]: " - else - _prompt="Uid (Leave empty for default): " - fi - if [ -z "$fflag" ]; then - echo -n "$_prompt" - read _input - else - _input="`echo "$fileline" | cut -f2 -d:`" - fi - - [ -n "$_input" ] && uuid=$_input - uuid=`get_nextuid $uuid` - uidstart=$uuid -} - -# get_class -# Reads login class of account. Can be used in interactive or batch mode. -# -get_class() { - uclass="$defaultclass" - _input= - _class=${uclass:-"default"} - - if [ -z "$fflag" ]; then - echo -n "Login class [$_class]: " - read _input - else - _input="`echo "$fileline" | cut -f4 -d:`" - fi - - [ -n "$_input" ] && uclass="$_input" -} - -# get_logingroup -# Reads user's login group. Can be used in both interactive and batch -# modes. The specified value can be a group name or its numeric id. -# This routine leaves the field blank if nothing is provided and -# a default login group has not been set. The pw(8) command -# will then provide a login group with the same name as the username. -# -get_logingroup() { - ulogingroup="$defaultLgroup" - _input= - - if [ -z "$fflag" ]; then - echo -n "Login group [${ulogingroup:-$username}]: " - read _input - else - _input="`echo "$fileline" | cut -f3 -d:`" - fi - - # Pw(8) will use the username as login group if it's left empty - [ -n "$_input" ] && ulogingroup="$_input" -} - -# get_groups -# Read additional groups for the user. It can be used in both interactive -# and batch modes. -# -get_groups() { - ugroups="$defaultgroups" - _input= - _group=${ulogingroup:-"${username}"} - - if [ -z "$configflag" ]; then - [ -z "$fflag" ] && echo -n "Login group is $_group. Invite $username" - [ -z "$fflag" ] && echo -n " into other groups? [$ugroups]: " - else - [ -z "$fflag" ] && echo -n "Enter additional groups [$ugroups]: " - fi - read _input - - [ -n "$_input" ] && ugroups="$_input" -} - -# get_expire_dates -# Read expiry information for the account and also for the password. This -# routine is used only from batch processing mode. -# -get_expire_dates() { - upwexpire="`echo "$fileline" | cut -f5 -d:`" - uexpire="`echo "$fileline" | cut -f6 -d:`" -} - -# get_password -# Read the password in batch processing mode. The password field matters -# only when the password type is "yes" or "random". If the field is empty and the -# password type is "yes", then it assumes the account has an empty passsword -# and changes the password type accordingly. If the password type is "random" -# and the password field is NOT empty, then it assumes the account will NOT -# have a random password and set passwdtype to "yes." -# -get_password() { - # We may temporarily change a password type. Make sure it's changed - # back to whatever it was before we process the next account. - # - [ -n "$savedpwtype" ] && { - passwdtype=$savedpwtype - savedpwtype= - } - - # There may be a ':' in the password - upass=${fileline#*:*:*:*:*:*:*:*:*:} - - if [ -z "$upass" ]; then - case $passwdtype in - yes) - # if it's empty, assume an empty password - passwdtype=none - savedpwtype=yes - ;; - esac - else - case $passwdtype in - random) - passwdtype=yes - savedpwtype=random - ;; - esac - fi -} - -# input_from_file -# Reads a line of account information from standard input and -# adds it to the user database. -# -input_from_file() { - _field= - - while read -r fileline ; do - case "$fileline" in - \#*|'') - ;; - *) - get_user || continue - get_gecos - get_uid - get_logingroup - get_class - get_shell - get_homedir - get_homeperm - get_password - get_expire_dates - ugroups="$defaultgroups" - - add_user - ;; - esac - done -} - -# input_interactive -# Prompts for user information interactively, and commits to -# the user database. -# -input_interactive() { - _disable= - _pass= - _passconfirm= - _random="no" - _emptypass="no" - _usepass="yes" - _logingroup_ok="no" - _groups_ok="no" - case $passwdtype in - none) - _emptypass="yes" - _usepass="yes" - ;; - no) - _usepass="no" - ;; - random) - _random="yes" - ;; - esac - - get_user - get_gecos - get_uid - - # The case where group = user is handled elsewhere, so - # validate any other groups the user is invited to. - until [ "$_logingroup_ok" = yes ]; do - get_logingroup - _logingroup_ok=yes - if [ -n "$ulogingroup" -a "$username" != "$ulogingroup" ]; then - if ! ${PWCMD} show group $ulogingroup > /dev/null 2>&1; then - echo "Group $ulogingroup does not exist!" - _logingroup_ok=no - fi - fi - done - until [ "$_groups_ok" = yes ]; do - get_groups - _groups_ok=yes - for i in $ugroups; do - if [ "$username" != "$i" ]; then - if ! ${PWCMD} show group $i > /dev/null 2>&1; then - echo "Group $i does not exist!" - _groups_ok=no - fi - fi - done - done - - get_class - get_shell - get_homedir - get_homeperm - - while : ; do - echo -n "Use password-based authentication? [$_usepass]: " - read _input - [ -z "$_input" ] && _input=$_usepass - case $_input in - [Nn][Oo]|[Nn]) - passwdtype="no" - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - while : ; do - echo -n "Use an empty password? (yes/no) [$_emptypass]: " - read _input - [ -n "$_input" ] && _emptypass=$_input - case $_emptypass in - [Nn][Oo]|[Nn]) - echo -n "Use a random password? (yes/no) [$_random]: " - read _input - [ -n "$_input" ] && _random="$_input" - case $_random in - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - passwdtype="random" - break - ;; - esac - passwdtype="yes" - [ -n "$configflag" ] && break - trap 'stty echo; exit' 0 1 2 3 15 - stty -echo - echo -n "Enter password: " - read -r upass - echo'' - echo -n "Enter password again: " - read -r _passconfirm - echo '' - stty echo - # if user entered a blank password - # explicitly ask again. - [ -z "$upass" -a -z "$_passconfirm" ] \ - && continue - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - passwdtype="none" - break; - ;; - *) - # invalid answer; repeat the loop - continue - ;; - esac - if [ "$upass" != "$_passconfirm" ]; then - echo "Passwords did not match!" - continue - fi - break - done - ;; - *) - # invalid answer; repeat loop - continue - ;; - esac - break; - done - _disable=${disableflag:-"no"} - while : ; do - echo -n "Lock out the account after creation? [$_disable]: " - read _input - [ -z "$_input" ] && _input=$_disable - case $_input in - [Nn][Oo]|[Nn]) - disableflag= - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - disableflag=yes - ;; - *) - # invalid answer; repeat loop - continue - ;; - esac - break - done - - # Display the information we have so far and prompt to - # commit it. - # - _disable=${disableflag:-"no"} - [ -z "$configflag" ] && printf "%-10s : %s\n" Username $username - case $passwdtype in - yes) - _pass='*****' - ;; - no) - _pass='' - ;; - none) - _pass='' - ;; - random) - _pass='' - ;; - esac - [ -z "$configflag" ] && printf "%-10s : %s\n" "Password" "$_pass" - [ -n "$configflag" ] && printf "%-10s : %s\n" "Pass Type" "$passwdtype" - [ -z "$configflag" ] && printf "%-10s : %s\n" "Full Name" "$ugecos" - [ -z "$configflag" ] && printf "%-10s : %s\n" "Uid" "$uuid" - printf "%-10s : %s\n" "Class" "$uclass" - printf "%-10s : %s %s\n" "Groups" "${ulogingroup:-$username}" "$ugroups" - printf "%-10s : %s\n" "Home" "$uhome" - printf "%-10s : %s\n" "Home Mode" "$uhomeperm" - printf "%-10s : %s\n" "Shell" "$ushell" - printf "%-10s : %s\n" "Locked" "$_disable" - while : ; do - echo -n "OK? (yes/no): " - read _input - case $_input in - [Nn][Oo]|[Nn]) - return 1 - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - add_user - ;; - *) - continue - ;; - esac - break - done - return 0 -} - -#### END SUBROUTINE DEFINITION #### - -THISCMD=`/usr/bin/basename $0` -DEFAULTSHELL=/bin/sh -ADDUSERCONF="${ADDUSERCONF:-/etc/adduser.conf}" -PWCMD="${PWCMD:-/usr/sbin/pw}" -MAILCMD="${MAILCMD:-mail}" -ETCSHELLS="${ETCSHELLS:-/etc/shells}" -NOHOME="/nonexistent" -NOLOGIN="nologin" -NOLOGIN_PATH="/usr/sbin/nologin" -GREPCMD="/usr/bin/grep" -DATECMD="/bin/date" - -# Set default values -# -username= -uuid= -uidstart= -ugecos= -ulogingroup= -uclass= -uhome= -uhomeperm= -upass= -ushell= -udotdir=/usr/share/skel -ugroups= -uexpire= -upwexpire= -shells="`valid_shells`" -passwdtype="yes" -msgfile=/etc/adduser.msg -msgflag= -quietflag= -configflag= -fflag= -infile= -disableflag= -Dflag= -Sflag= -readconfig="yes" -homeprefix="/home" -randompass= -fileline= -savedpwtype= -defaultclass= -defaultLgroup= -defaultgroups= -defaultshell="${DEFAULTSHELL}" -defaultHomePerm= - -# Make sure the user running this program is root. This isn't a security -# measure as much as it is a useful method of reminding the user to -# 'su -' before he/she wastes time entering data that won't be saved. -# -procowner=${procowner:-`/usr/bin/id -u`} -if [ "$procowner" != "0" ]; then - err 'you must be the super-user (uid 0) to use this utility.' - exit 1 -fi - -# Overide from our conf file -# Quickly go through the commandline line to see if we should read -# from our configuration file. The actual parsing of the commandline -# arguments happens after we read in our configuration file (commandline -# should override configuration file). -# -for _i in $* ; do - if [ "$_i" = "-N" ]; then - readconfig= - break; - fi -done -if [ -n "$readconfig" ]; then - # On a long-lived system, the first time this script is run it - # will barf upon reading the configuration file for its perl predecessor. - if ( . ${ADDUSERCONF} > /dev/null 2>&1 ); then - [ -r ${ADDUSERCONF} ] && . ${ADDUSERCONF} > /dev/null 2>&1 - fi -fi - -# Proccess command-line options -# -for _switch ; do - case $_switch in - -L) - defaultclass="$2" - shift; shift - ;; - -C) - configflag=yes - shift - ;; - -D) - Dflag=yes - shift - ;; - -E) - disableflag=yes - shift - ;; - -k) - udotdir="$2" - shift; shift - ;; - -f) - [ "$2" != "-" ] && infile="$2" - fflag=yes - shift; shift - ;; - -g) - defaultLgroup="$2" - shift; shift - ;; - -G) - defaultgroups="$2" - shift; shift - ;; - -h) - show_usage - exit 0 - ;; - -d) - homeprefix="$2" - shift; shift - ;; - -m) - case "$2" in - [Nn][Oo]) - msgflag= - ;; - *) - msgflag=yes - msgfile="$2" - ;; - esac - shift; shift - ;; - -M) - defaultHomePerm=$2 - shift; shift - ;; - -N) - readconfig= - shift - ;; - -w) - case "$2" in - no|none|random|yes) - passwdtype=$2 - ;; - *) - show_usage - exit 1 - ;; - esac - shift; shift - ;; - -q) - quietflag=yes - shift - ;; - -s) - defaultshell="`fullpath_from_shell $2`" - shift; shift - ;; - -S) - Sflag=yes - shift - ;; - -u) - uidstart=$2 - shift; shift - ;; - esac -done - -# If the -f switch was used, get input from a file. Otherwise, -# this is an interactive session. -# -if [ -n "$fflag" ]; then - if [ -z "$infile" ]; then - input_from_file - elif [ -n "$infile" ]; then - if [ -r "$infile" ]; then - input_from_file < $infile - else - err "File ($infile) is unreadable or does not exist." - fi - fi -else - input_interactive - while : ; do - if [ -z "$configflag" ]; then - echo -n "Add another user? (yes/no): " - else - echo -n "Re-edit the default configuration? (yes/no): " - fi - read _input - case $_input in - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - uidstart=`get_nextuid $uidstart` - input_interactive - continue - ;; - [Nn][Oo]|[Nn]) - echo "Goodbye!" - ;; - *) - continue - ;; - esac - break - done -fi diff --git a/adduser/rmuser.8 b/adduser/rmuser.8 deleted file mode 100644 index 68a99b5..0000000 --- a/adduser/rmuser.8 +++ /dev/null @@ -1,210 +0,0 @@ -.\" Copyright 1995, 1996, 1997 -.\" Guy Helmer, Ames, Iowa 50014. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer as -.\" the first lines of this file unmodified. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY GUY HELMER ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL GUY HELMER BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd May 10, 2002 -.Dt RMUSER 8 -.Os -.Sh NAME -.Nm rmuser -.Nd remove users from the system -.Sh SYNOPSIS -.Nm -.Op Fl yv -.Op Fl f Ar file -.Op Ar username ... -.Sh DESCRIPTION -The -.Nm -utility removes one or more users submitted on the command line -or from a file. -In removing a user from the system, this utility: -.Bl -enum -.It -Removes the user's -.Xr crontab 1 -entry (if any). -.It -Removes any -.Xr at 1 -jobs belonging to the user. -.It -Sends a -.Dv SIGKILL -signal to all processes owned by the user. -.It -Removes the user from the system's local password file. -.It -Removes the user's home directory (if it is owned by the user), -including handling of symbolic links in the path to the actual home -directory. -.It -Removes the incoming mail and POP daemon mail files belonging to the -user from -.Pa /var/mail . -.It -Removes all files owned by the user from -.Pa /tmp , /var/tmp , -and -.Pa /var/tmp/vi.recover . -.It -Removes the username from all groups to which it belongs in -.Pa /etc/group . -(If a group becomes empty and the group name is the same as the username, -the group is removed; this complements -.Xr adduser 8 Ns 's -per-user unique groups.) -.It -Removes all message queues, shared memory segments and -semaphores owned by the user. -.El -.Pp -The -.Nm -utility refuses to remove users whose UID is 0 (typically root), since -certain actions (namely, killing all the user's processes, and perhaps -removing the user's home directory) would cause damage to a running system. -If it is necessary to remove a user whose UID is 0, see -.Xr vipw 8 -for information on directly editing the password file. -.Pp -If -.Nm -was not invoked with the -.Fl y -option, it will -show the selected user's password file entry and ask for confirmation -that the user be removed. -It will then ask for confirmation to delete -the user's home directory. -If the answer is in the affirmative, the home -directory and any files and subdirectories under it will be deleted only if -they are owned by the user. -See -.Xr pw 8 -for more details. -.Pp -As -.Nm -operates, it informs the user regarding the current activity. -If any -errors occur, they are posted to standard error and, if it is possible for -.Nm -to continue, it will. -.Pp -The options are as follows: -.Bl -tag -width ".Ar username" -.It Fl f Ar file -The -.Nm -utility will get a list of users to be removed from -.Ar file , -which will contain one user per line. -Anything following a hash mark -.Pq Ql # , -including the hash mark itself, is considered a comment and will not -be processed. -If the file is owned by anyone other than a user with -UID 0, or is writable by anyone other than the owner, -.Nm -will refuse to continue. -.It Fl y -Implicitly answer -.Dq Li yes -to any and all prompts. -Currently, this includes -prompts on whether to remove the specified user and whether to remove -the home directory. -This option requires that either the -.Fl f -option be used, or one or more user names be given as command line -arguments. -.It Fl v -Enable verbose mode. -Normally, -the output includes one line per removed user; -however, -with this option -.Nm -will be much more chatty about the steps taken. -.It Ar username -Identifies one or more users to be removed; if not present, -.Nm -interactively asks for one or more users to be removed. -.El -.Sh FILES -.Bl -tag -compact -.It Pa /etc/master.passwd -.It Pa /etc/passwd -.It Pa /etc/group -.It Pa /etc/spwd.db -.It Pa /etc/pwd.db -.El -.Sh SEE ALSO -.Xr at 1 , -.Xr chpass 1 , -.Xr crontab 1 , -.Xr finger 1 , -.Xr passwd 1 , -.Xr group 5 , -.Xr passwd 5 , -.Xr adduser 8 , -.Xr pw 8 , -.Xr pwd_mkdb 8 , -.Xr vipw 8 -.Sh HISTORY -The -.Nm -utility appeared in -.Fx 2.2 . -.Sh BUGS -The -.Nm -utility does not comprehensively search the file system for all files -owned by the removed user and remove them; to do so on a system -of any size is prohibitively slow and I/O intensive. -It is also unable to remove symbolic links that were created by the -user in -.Pa /tmp -or -.Pa /var/tmp , -as symbolic links on -.Bx 4.4 -file systems do not contain information -as to who created them. -Also, there may be other files created in -.Pa /var/mail -other than -.Pa /var/mail/ Ns Ar username -and -.Pa /var/mail/.pop. Ns Ar username -that are not owned by the removed user but should be removed. -.Pp -The -.Nm -utility has no knowledge of YP/NIS, and it operates only on the -local password file. diff --git a/adduser/rmuser.sh b/adduser/rmuser.sh deleted file mode 100644 index 6b09225..0000000 --- a/adduser/rmuser.sh +++ /dev/null @@ -1,361 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2002, 2003 Michael Telahun Makonnen. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# Email: Mike Makonnen -# -# $FreeBSD$ -# - -ATJOBDIR="/var/at/jobs" -CRONJOBDIR="/var/cron/tabs" -MAILSPOOL="/var/mail" -SIGKILL="-KILL" -TEMPDIRS="/tmp /var/tmp" -THISCMD=`/usr/bin/basename $0` -PWCMD="${PWCMD:-/usr/sbin/pw}" - -# err msg -# Display $msg on stderr. -# -err() { - echo 1>&2 ${THISCMD}: $* -} - -# verbose -# Returns 0 if verbose mode is set, 1 if it is not. -# -verbose() { - [ -n "$vflag" ] && return 0 || return 1 -} - -# rm_files login -# Removes files or empty directories belonging to $login from various -# temporary directories. -# -rm_files() { - # The argument is required - [ -n $1 ] && login=$1 || return - - totalcount=0 - for _dir in ${TEMPDIRS} ; do - filecount=0 - if [ ! -d $_dir ]; then - err "$_dir is not a valid directory." - continue - fi - verbose && echo -n "Removing files owned by ($login) in $_dir:" - filecount=`find 2>/dev/null "$_dir" -user "$login" -delete -print | - wc -l | sed 's/ *//'` - verbose && echo " $filecount removed." - totalcount=$(($totalcount + $filecount)) - done - ! verbose && [ $totalcount -ne 0 ] && echo -n " files($totalcount)" -} - -# rm_mail login -# Removes unix mail and pop daemon files belonging to the user -# specified in the $login argument. -# -rm_mail() { - # The argument is required - [ -n $1 ] && login=$1 || return - - verbose && echo -n "Removing mail spool(s) for ($login):" - if [ -f ${MAILSPOOL}/$login ]; then - verbose && echo -n " ${MAILSPOOL}/$login" || - echo -n " mailspool" - rm ${MAILSPOOL}/$login - fi - if [ -f ${MAILSPOOL}/.${login}.pop ]; then - verbose && echo -n " ${MAILSPOOL}/.${login}.pop" || - echo -n " pop3" - rm ${MAILSPOOL}/.${login}.pop - fi - verbose && echo '.' -} - -# kill_procs login -# Send a SIGKILL to all processes owned by $login. -# -kill_procs() { - # The argument is required - [ -n $1 ] && login=$1 || return - - verbose && echo -n "Terminating all processes owned by ($login):" - killcount=0 - proclist=`ps 2>/dev/null -U $login | grep -v '^\ *PID' | awk '{print $1}'` - for _pid in $proclist ; do - kill 2>/dev/null ${SIGKILL} $_pid - killcount=$(($killcount + 1)) - done - verbose && echo " ${SIGKILL} signal sent to $killcount processes." - ! verbose && [ $killcount -ne 0 ] && echo -n " processes(${killcount})" -} - -# rm_at_jobs login -# Remove at (1) jobs belonging to $login. -# -rm_at_jobs() { - # The argument is required - [ -n $1 ] && login=$1 || return - - atjoblist=`find 2>/dev/null ${ATJOBDIR} -maxdepth 1 -user $login -print` - jobcount=0 - verbose && echo -n "Removing at(1) jobs owned by ($login):" - for _atjob in $atjoblist ; do - rm -f $_atjob - jobcount=$(($jobcount + 1)) - done - verbose && echo " $jobcount removed." - ! verbose && [ $jobcount -ne 0 ] && echo -n " at($jobcount)" -} - -# rm_crontab login -# Removes crontab file belonging to user $login. -# -rm_crontab() { - # The argument is required - [ -n $1 ] && login=$1 || return - - verbose && echo -n "Removing crontab for ($login):" - if [ -f ${CRONJOBDIR}/$login ]; then - verbose && echo -n " ${CRONJOBDIR}/$login" || echo -n " crontab" - rm -f ${CRONJOBDIR}/$login - fi - verbose && echo '.' -} - -# rm_ipc login -# Remove all IPC mechanisms which are owned by $login. -# -rm_ipc() { - verbose && echo -n "Removing IPC mechanisms" - for i in s m q; do - ipcs -$i | - awk -v i=$i -v login=$1 '$1 == i && $5 == login { print $2 }' | - xargs -n 1 ipcrm -$i - done - verbose && echo '.' -} - -# rm_user login -# Remove user $login from the system. This subroutine makes use -# of the pw(8) command to remove a user from the system. The pw(8) -# command will remove the specified user from the user database -# and group file and remove any crontabs. His home -# directory will be removed if it is owned by him and contains no -# files or subdirectories owned by other users. Mail spool files will -# also be removed. -# -rm_user() { - # The argument is required - [ -n $1 ] && login=$1 || return - - verbose && echo -n "Removing user ($login)" - [ -n "$pw_rswitch" ] && { - verbose && echo -n " (including home directory)" - ! verbose && echo -n " home" - } - ! verbose && echo -n " passwd" - verbose && echo -n " from the system:" - ${PWCMD} userdel -n $login $pw_rswitch - verbose && echo ' Done.' -} - -# prompt_yesno msg -# Prompts the user with a $msg. The answer is expected to be -# yes, no, or some variation thereof. This subroutine returns 0 -# if the answer was yes, 1 if it was not. -# -prompt_yesno() { - # The argument is required - [ -n "$1" ] && msg="$1" || return - - while : ; do - echo -n "$msg" - read _ans - case $_ans in - [Nn][Oo]|[Nn]) - return 1 - ;; - [Yy][Ee][Ss]|[Yy][Ee]|[Yy]) - return 0 - ;; - *) - ;; - esac - done -} - -# show_usage -# (no arguments) -# Display usage message. -# -show_usage() { - echo "usage: ${THISCMD} [-yv] [-f file] [user ...]" - echo " if the -y switch is used, either the -f switch or" - echo " one or more user names must be given" -} - -#### END SUBROUTINE DEFENITION #### - -ffile= -fflag= -procowner= -pw_rswitch= -userlist= -yflag= -vflag= - -procowner=`/usr/bin/id -u` -if [ "$procowner" != "0" ]; then - err 'you must be root (0) to use this utility.' - exit 1 -fi - -args=`getopt 2>/dev/null yvf: $*` -if [ "$?" != "0" ]; then - show_usage - exit 1 -fi -set -- $args -for _switch ; do - case $_switch in - -y) - yflag=1 - shift - ;; - -v) - vflag=1 - shift - ;; - -f) - fflag=1 - ffile="$2" - shift; shift - ;; - --) - shift - break - ;; - esac -done - -# Get user names from a file if the -f switch was used. Otherwise, -# get them from the commandline arguments. If we're getting it -# from a file, the file must be owned by and writable only by root. -# -if [ $fflag ]; then - _insecure=`find $ffile ! -user 0 -or -perm +0022` - if [ -n "$_insecure" ]; then - err "file ($ffile) must be owned by and writeable only by root." - exit 1 - fi - if [ -r "$ffile" ]; then - userlist=`cat $ffile | while read _user _junk ; do - case $_user in - \#*|'') - ;; - *) - echo -n "$userlist $_user" - ;; - esac - done` - fi -else - while [ $1 ] ; do - userlist="$userlist $1" - shift - done -fi - -# If the -y or -f switch has been used and the list of users to remove -# is empty it is a fatal error. Otherwise, prompt the user for a list -# of one or more user names. -# -if [ ! "$userlist" ]; then - if [ $fflag ]; then - err "($ffile) does not exist or does not contain any user names." - exit 1 - elif [ $yflag ]; then - show_usage - exit 1 - else - echo -n "Please enter one or more usernames: " - read userlist - fi -fi - -_user= -_uid= -for _user in $userlist ; do - # Make sure the name exists in the passwd database and that it - # does not have a uid of 0 - # - userrec=`pw 2>/dev/null usershow -n $_user` - if [ "$?" != "0" ]; then - err "user ($_user) does not exist in the password database." - continue - fi - _uid=`echo $userrec | awk -F: '{print $3}'` - if [ "$_uid" = "0" ]; then - err "user ($_user) has uid 0. You may not remove this user." - continue - fi - - # If the -y switch was not used ask for confirmation to remove the - # user and home directory. - # - if [ -z "$yflag" ]; then - echo "Matching password entry:" - echo - echo $userrec - echo - if ! prompt_yesno "Is this the entry you wish to remove? " ; then - continue - fi - _homedir=`echo $userrec | awk -F: '{print $9}'` - if prompt_yesno "Remove user's home directory ($_homedir)? "; then - pw_rswitch="-r" - fi - else - pw_rswitch="-r" - fi - - # Disable any further attempts to log into this account - ${PWCMD} 2>/dev/null lock $_user - - # Remove crontab, mail spool, etc. Then obliterate the user from - # the passwd and group database. - # - ! verbose && echo -n "Removing user ($_user):" - rm_crontab $_user - rm_at_jobs $_user - rm_ipc $_user - kill_procs $_user - rm_files $_user - rm_mail $_user - rm_user $_user - ! verbose && echo "." -done diff --git a/chpass/Makefile b/chpass/Makefile deleted file mode 100644 index a5571d7..0000000 --- a/chpass/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -# @(#)Makefile 8.2 (Berkeley) 4/2/94 -# $FreeBSD$ - -.include - -.PATH: ${.CURDIR}/../../usr.sbin/pwd_mkdb ${.CURDIR}/../../lib/libc/gen - -PROG= chpass -SRCS= chpass.c edit.c field.c pw_scan.c table.c util.c -BINOWN= root -BINMODE=4555 -.if ${MK_NIS} != "no" -CFLAGS+= -DYP -.endif -#Some people need this, uncomment to activate -#CFLAGS+=-DRESTRICT_FULLNAME_CHANGE -CFLAGS+=-I${.CURDIR}/../../usr.sbin/pwd_mkdb -I${.CURDIR}/../../lib/libc/gen -I. - -DPADD= ${LIBCRYPT} ${LIBUTIL} -LDADD= -lcrypt -lutil -.if ${MK_NIS} != "no" -DPADD+= ${LIBYPCLNT} -LDADD+= -lypclnt -.endif - -LINKS= ${BINDIR}/chpass ${BINDIR}/chfn -LINKS+= ${BINDIR}/chpass ${BINDIR}/chsh -.if ${MK_NIS} != "no" -LINKS+= ${BINDIR}/chpass ${BINDIR}/ypchpass -LINKS+= ${BINDIR}/chpass ${BINDIR}/ypchfn -LINKS+= ${BINDIR}/chpass ${BINDIR}/ypchsh -.endif - -MLINKS= chpass.1 chfn.1 chpass.1 chsh.1 -.if ${MK_NIS} != "no" -MLINKS+= chpass.1 ypchpass.1 chpass.1 ypchfn.1 chpass.1 ypchsh.1 -.endif - -beforeinstall: -.for i in chpass chfn chsh ypchpass ypchfn ypchsh - -chflags noschg ${DESTDIR}${BINDIR}/$i -.endfor - -.if !defined(NO_FSCHG) -afterinstall: - -chflags schg ${DESTDIR}${BINDIR}/chpass -.endif - -.include diff --git a/chpass/chpass.1 b/chpass/chpass.1 deleted file mode 100644 index a926607..0000000 --- a/chpass/chpass.1 +++ /dev/null @@ -1,492 +0,0 @@ -.\" Copyright (c) 1988, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)chpass.1 8.2 (Berkeley) 12/30/93 -.\" $FreeBSD$ -.\" -.Dd December 30, 1993 -.Dt CHPASS 1 -.Os -.Sh NAME -.Nm chpass , -.Nm chfn , -.Nm chsh , -.Nm ypchpass , -.Nm ypchfn , -.Nm ypchsh -.Nd add or change user database information -.Sh SYNOPSIS -.Nm -.Op Fl a Ar list -.Op Fl p Ar encpass -.Op Fl e Ar expiretime -.Op Fl s Ar newshell -.Op user -.Nm -.Op Fl oly -.Op Fl a Ar list -.Op Fl p Ar encpass -.Op Fl e Ar expiretime -.Op Fl s Ar newshell -.Op Fl d Ar domain -.Op Fl h Ar host -.Op user -.Sh DESCRIPTION -The -.Nm -utility -allows editing of the user database information associated -with -.Ar user -or, by default, the current user. -.Pp -The -.Nm chfn , -.Nm chsh , -.Nm ypchpass , -.Nm ypchfn -and -.Nm ypchsh -utilities behave identically to -.Nm . -(There is only one program.) -.Pp -The information is formatted and supplied to an editor for changes. -.Pp -Only the information that the user is allowed to change is displayed. -.Pp -The options are as follows: -.Bl -tag -width indent -.It Fl a -The super-user is allowed to directly supply a user database -entry, in the format specified by -.Xr passwd 5 , -as an argument. -This argument must be a colon -.Pq Dq \&: -separated list of all the -user database fields, although they may be empty. -.It Fl p -The super-user is allowed to directly supply an encrypted password field, -in the format used by -.Xr crypt 3 , -as an argument. -.It Fl e Ar expiretime -Change the account expire time. -This option is used to set the expire time -from a script as if it was done in the interactive editor. -.It Fl s Ar newshell -Attempt to change the user's shell to -.Ar newshell . -.El -.Pp -Possible display items are as follows: -.Pp -.Bl -tag -width "Other Information:" -compact -offset indent -.It Login: -user's login name -.It Password: -user's encrypted password -.It Uid: -user's login -.It Gid: -user's login group -.It Class: -user's general classification -.It Change: -password change time -.It Expire: -account expiration time -.It Full Name: -user's real name -.It Office Location: -user's office location (1) -.It Office Phone: -user's office phone (1) -.It Home Phone: -user's home phone (1) -.It Other Information: -any locally defined parameters for user (1) -.It Home Directory: -user's home directory -.It Shell: -user's login shell -.Pp -.It NOTE(1) - -In the actual master.passwd file, these fields are comma-delimited -fields embedded in the FullName field. -.El -.Pp -The -.Ar login -field is the user name used to access the computer account. -.Pp -The -.Ar password -field contains the encrypted form of the user's password. -.Pp -The -.Ar uid -field is the number associated with the -.Ar login -field. -Both of these fields should be unique across the system (and often -across a group of systems) as they control file access. -.Pp -While it is possible to have multiple entries with identical login names -and/or identical user id's, it is usually a mistake to do so. -Routines -that manipulate these files will often return only one of the multiple -entries, and that one by random selection. -.Pp -The -.Ar gid -field is the group that the user will be placed in at login. -Since -.Bx -supports multiple groups (see -.Xr groups 1 ) -this field currently has little special meaning. -This field may be filled in with either a number or a group name (see -.Xr group 5 ) . -.Pp -The -.Ar class -field references class descriptions in -.Pa /etc/login.conf -and is typically used to initialize the user's system resource limits -when they login. -.Pp -The -.Ar change -field is the date by which the password must be changed. -.Pp -The -.Ar expire -field is the date on which the account expires. -.Pp -Both the -.Ar change -and -.Ar expire -fields should be entered in the form -.Dq month day year -where -.Ar month -is the month name (the first three characters are sufficient), -.Ar day -is the day of the month, and -.Ar year -is the year. -.Pp -Five fields are available for storing the user's -.Ar full name , office location , -.Ar work -and -.Ar home telephone -numbers and finally -.Ar other information -which is a single comma delimited string to represent any additional -gecos fields (typically used for site specific user information). -Note that -.Xr finger 1 -will display the office location and office phone together under the -heading -.Ar Office: . -.Pp -The user's -.Ar home directory -is the full -.Ux -path name where the user -will be placed at login. -.Pp -The -.Ar shell -field is the command interpreter the user prefers. -If the -.Ar shell -field is empty, the Bourne shell, -.Pa /bin/sh , -is assumed. -When altering a login shell, and not the super-user, the user -may not change from a non-standard shell or to a non-standard -shell. -Non-standard is defined as a shell not found in -.Pa /etc/shells . -.Pp -Once the information has been verified, -.Nm -uses -.Xr pwd_mkdb 8 -to update the user database. -.Sh ENVIRONMENT -The -.Xr vi 1 -editor will be used unless the environment variable -.Ev EDITOR -is set to -an alternate editor. -When the editor terminates, the information is re-read and used to -update the user database itself. -Only the user, or the super-user, may edit the information associated -with the user. -.Pp -See -.Xr pwd_mkdb 8 -for an explanation of the impact of setting the -.Ev PW_SCAN_BIG_IDS -environment variable. -.Sh NIS INTERACTION -The -.Nm -utility can also be used in conjunction with NIS, however some restrictions -apply. -Currently, -.Nm -can only make changes to the NIS passwd maps through -.Xr rpc.yppasswdd 8 , -which normally only permits changes to a user's password, shell and GECOS -fields. -Except when invoked by the super-user on the NIS master server, -.Nm -(and, similarly, -.Xr passwd 1 ) -cannot use the -.Xr rpc.yppasswdd 8 -server to change other user information or -add new records to the NIS passwd maps. -Furthermore, -.Xr rpc.yppasswdd 8 -requires password authentication before it will make any -changes. -The only user allowed to submit changes without supplying -a password is the super-user on the NIS master server; all other users, -including those with root privileges on NIS clients (and NIS slave -servers) must enter a password. -(The super-user on the NIS master is allowed to bypass these restrictions -largely for convenience: a user with root access -to the NIS master server already has the privileges required to make -updates to the NIS maps, but editing the map source files by hand can -be cumbersome. -.Pp -Note: these exceptions only apply when the NIS master server is a -.Fx -system). -.Pp -Consequently, except where noted, the following restrictions apply when -.Nm -is used with NIS: -.Bl -enum -offset indent -.It -.Em "Only the shell and GECOS information may be changed" . -All other -fields are restricted, even when -.Nm -is invoked by the super-user. -While support for -changing other fields could be added, this would lead to -compatibility problems with other NIS-capable systems. -Even though the super-user may supply data for other fields -while editing an entry, the extra information (other than the -password -- see below) will be silently discarded. -.Pp -Exception: the super-user on the NIS master server is permitted to -change any field. -.Pp -.It -.Em "Password authentication is required" . -The -.Nm -utility will prompt for the user's NIS password before effecting -any changes. -If the password is invalid, all changes will be -discarded. -.Pp -Exception: the super-user on the NIS master server is allowed to -submit changes without supplying a password. -(The super-user may -choose to turn off this feature using the -.Fl o -flag, described below.) -.It -.Em "Adding new records to the local password database is discouraged" . -The -.Nm -utility will allow the administrator to add new records to the -local password database while NIS is enabled, but this can lead to -some confusion since the new records are appended to the end of -the master password file, usually after the special NIS '+' entries. -The administrator should use -.Xr vipw 8 -to modify the local password -file when NIS is running. -.Pp -The super-user on the NIS master server is permitted to add new records -to the NIS password maps, provided the -.Xr rpc.yppasswdd 8 -server has been started with the -.Fl a -flag to permitted additions (it refuses them by default). -The -.Nm -utility tries to update the local password database by default; to update the -NIS maps instead, invoke chpass with the -.Fl y -flag. -.It -.Em "Password changes are not permitted". -Users should use -.Xr passwd 1 -or -.Xr yppasswd 1 -to change their NIS passwords. -The super-user is allowed to specify -a new password (even though the -.Dq Password: -field does not show -up in the editor template, the super-user may add it back by hand), -but even the super-user must supply the user's original password -otherwise -.Xr rpc.yppasswdd 8 -will refuse to update the NIS maps. -.Pp -Exception: the super-user on the NIS master server is permitted to -change a user's NIS password with -.Nm . -.El -.Pp -There are also a few extra option flags that are available when -.Nm -is compiled with NIS support: -.Bl -tag -width indent -.It Fl l -Force -.Nm -to modify the local copy of a user's password -information in the event that a user exists in both -the local and NIS databases. -.It Fl y -Opposite effect of -.Fl l . -This flag is largely redundant since -.Nm -operates on NIS entries by default if NIS is enabled. -.It Fl d Ar domain -Specify a particular NIS domain. -The -.Nm -utility uses the system domain name by default, as set by the -.Xr domainname 1 -utility. -The -.Fl d -option can be used to override a default, or to specify a domain -when the system domain name is not set. -.It Fl h Ar host -Specify the name or address of an NIS server to query. -Normally, -.Nm -will communicate with the NIS master host specified in the -.Pa master.passwd -or -.Pa passwd -maps. -On hosts that have not been configured as NIS clients, there is -no way for the program to determine this information unless the user -provides the hostname of a server. -Note that the specified hostname need -not be that of the NIS master server; the name of any server, master or -slave, in a given NIS domain will do. -.Pp -When using the -.Fl d -option, the hostname defaults to -.Dq localhost . -The -.Fl h -option can be used in conjunction with the -.Fl d -option, in which case the user-specified hostname will override -the default. -.Pp -.It Fl o -Force the use of RPC-based updates when communicating with -.Xr rpc.yppasswdd 8 -.Pq Dq old-mode . -When invoked by the super-user on the NIS master server, -.Nm -allows unrestricted changes to the NIS passwd maps using dedicated, -non-RPC-based mechanism (in this case, a -.Ux -domain socket). -The -.Fl o -flag can be used to force -.Nm -to use the standard update mechanism instead. -This option is provided -mainly for testing purposes. -.El -.Sh FILES -.Bl -tag -width /etc/master.passwd -compact -.It Pa /etc/master.passwd -the user database -.It Pa /etc/passwd -a Version 7 format password file -.It Pa /etc/chpass.XXXXXX -temporary copy of the password file -.It Pa /etc/shells -the list of approved shells -.El -.Sh SEE ALSO -.Xr finger 1 , -.Xr login 1 , -.Xr passwd 1 , -.Xr getusershell 3 , -.Xr login.conf 5 , -.Xr passwd 5 , -.Xr pw 8 , -.Xr pwd_mkdb 8 , -.Xr vipw 8 -.Rs -.%A Robert Morris -and -.%A Ken Thompson -.%T "UNIX Password security" -.Re -.Sh HISTORY -The -.Nm -utility appeared in -.Bx 4.3 Reno . -.Sh BUGS -User information should (and eventually will) be stored elsewhere. diff --git a/chpass/chpass.c b/chpass/chpass.c deleted file mode 100644 index 2504e68..0000000 --- a/chpass/chpass.c +++ /dev/null @@ -1,302 +0,0 @@ -/*- - * Copyright (c) 1988, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static const char copyright[] = -"@(#) Copyright (c) 1988, 1993, 1994\n\ - The Regents of the University of California. All rights reserved.\n"; -#endif /* not lint */ - -#ifndef lint -static char sccsid[] = "@(#)chpass.c 8.4 (Berkeley) 4/2/94"; -#endif /* not lint */ -#endif -#include -__FBSDID("$FreeBSD$"); - -#include - -#include -#include -#include -#include -#include -#include -#include -#ifdef YP -#include -#endif - -#include -#include - -#include "chpass.h" - -int master_mode; - -static void baduser(void); -static void usage(void); - -int -main(int argc, char *argv[]) -{ - enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW, NEWEXP } op; - struct passwd lpw, *old_pw, *pw; - int ch, pfd, tfd; - const char *password; - char *arg = NULL; - uid_t uid; -#ifdef YP - struct ypclnt *ypclnt; - const char *yp_domain = NULL, *yp_host = NULL; -#endif - - pw = old_pw = NULL; - op = EDITENTRY; -#ifdef YP - while ((ch = getopt(argc, argv, "a:p:s:e:d:h:loy")) != -1) -#else - while ((ch = getopt(argc, argv, "a:p:s:e:")) != -1) -#endif - switch (ch) { - case 'a': - op = LOADENTRY; - arg = optarg; - break; - case 's': - op = NEWSH; - arg = optarg; - break; - case 'p': - op = NEWPW; - arg = optarg; - break; - case 'e': - op = NEWEXP; - arg = optarg; - break; -#ifdef YP - case 'd': - yp_domain = optarg; - break; - case 'h': - yp_host = optarg; - break; - case 'l': - case 'o': - case 'y': - /* compatibility */ - break; -#endif - case '?': - default: - usage(); - } - - argc -= optind; - argv += optind; - - if (argc > 1) - usage(); - - uid = getuid(); - - if (op == EDITENTRY || op == NEWSH || op == NEWPW || op == NEWEXP) { - if (argc == 0) { - if ((pw = getpwuid(uid)) == NULL) - errx(1, "unknown user: uid %lu", - (unsigned long)uid); - } else { - if ((pw = getpwnam(*argv)) == NULL) - errx(1, "unknown user: %s", *argv); - if (uid != 0 && uid != pw->pw_uid) - baduser(); - } - - /* Make a copy for later verification */ - if ((pw = pw_dup(pw)) == NULL || - (old_pw = pw_dup(pw)) == NULL) - err(1, "pw_dup"); - } - -#ifdef YP - if (pw != NULL && (pw->pw_fields & _PWF_SOURCE) == _PWF_NIS) { - ypclnt = ypclnt_new(yp_domain, "passwd.byname", yp_host); - master_mode = (ypclnt != NULL && - ypclnt_connect(ypclnt) != -1 && - ypclnt_havepasswdd(ypclnt) == 1); - ypclnt_free(ypclnt); - } else -#endif - master_mode = (uid == 0); - - if (op == NEWSH) { - /* protect p_shell -- it thinks NULL is /bin/sh */ - if (!arg[0]) - usage(); - if (p_shell(arg, pw, (ENTRY *)NULL) == -1) - exit(1); - } - - if (op == NEWEXP) { - if (uid) /* only root can change expire */ - baduser(); - if (p_expire(arg, pw, (ENTRY *)NULL) == -1) - exit(1); - } - - if (op == LOADENTRY) { - if (uid) - baduser(); - pw = &lpw; - old_pw = NULL; - if (!__pw_scan(arg, pw, _PWSCAN_WARN|_PWSCAN_MASTER)) - exit(1); - } - - if (op == NEWPW) { - if (uid) - baduser(); - - if (strchr(arg, ':')) - errx(1, "invalid format for password"); - pw->pw_passwd = arg; - } - - if (op == EDITENTRY) { - /* - * We don't really need pw_*() here, but pw_edit() (used - * by edit()) is just too useful... - */ - if (pw_init(NULL, NULL)) - err(1, "pw_init()"); - if ((tfd = pw_tmp(-1)) == -1) { - pw_fini(); - err(1, "pw_tmp()"); - } - free(pw); - pw = edit(pw_tempname(), old_pw); - pw_fini(); - if (pw == NULL) - err(1, "edit()"); - /* - * pw_equal does not check for crypted passwords, so we - * should do it explicitly - */ - if (pw_equal(old_pw, pw) && - strcmp(old_pw->pw_passwd, pw->pw_passwd) == 0) - errx(0, "user information unchanged"); - } - - if (old_pw && !master_mode) { - password = getpass("Password: "); - if (strcmp(crypt(password, old_pw->pw_passwd), - old_pw->pw_passwd) != 0) - baduser(); - } else { - password = ""; - } - - if (old_pw != NULL) - pw->pw_fields |= (old_pw->pw_fields & _PWF_SOURCE); - switch (pw->pw_fields & _PWF_SOURCE) { -#ifdef YP - case _PWF_NIS: - ypclnt = ypclnt_new(yp_domain, "passwd.byname", yp_host); - if (ypclnt == NULL || - ypclnt_connect(ypclnt) == -1 || - ypclnt_passwd(ypclnt, pw, password) == -1) { - warnx("%s", ypclnt->error); - ypclnt_free(ypclnt); - exit(1); - } - ypclnt_free(ypclnt); - errx(0, "NIS user information updated"); -#endif /* YP */ - case 0: - case _PWF_FILES: - if (pw_init(NULL, NULL)) - err(1, "pw_init()"); - if ((pfd = pw_lock()) == -1) { - pw_fini(); - err(1, "pw_lock()"); - } - if ((tfd = pw_tmp(-1)) == -1) { - pw_fini(); - err(1, "pw_tmp()"); - } - if (pw_copy(pfd, tfd, pw, old_pw) == -1) { - pw_fini(); - err(1, "pw_copy"); - } - if (pw_mkdb(pw->pw_name) == -1) { - pw_fini(); - err(1, "pw_mkdb()"); - } - pw_fini(); - errx(0, "user information updated"); - break; - default: - errx(1, "unsupported passwd source"); - } -} - -static void -baduser(void) -{ - - errx(1, "%s", strerror(EACCES)); -} - -static void -usage(void) -{ - - (void)fprintf(stderr, - "usage: chpass%s %s [user]\n", -#ifdef YP - " [-d domain] [-h host]", -#else - "", -#endif - "[-a list] [-p encpass] [-s shell] [-e mmm dd yy]"); - exit(1); -} diff --git a/chpass/chpass.h b/chpass/chpass.h deleted file mode 100644 index ed1a586..0000000 --- a/chpass/chpass.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 1988, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)chpass.h 8.4 (Berkeley) 4/2/94 - * $FreeBSD$ - */ - -struct passwd; - -typedef struct _entry { - const char *prompt; - int (*func)(char *, struct passwd *, struct _entry *); - int restricted; - size_t len; - char *except, *save; -} ENTRY; - -/* Field numbers. */ -#define E_BPHONE 8 -#define E_HPHONE 9 -#define E_LOCATE 10 -#define E_NAME 7 -#define E_OTHER 11 -#define E_SHELL 13 - -extern ENTRY list[]; -extern int master_mode; - -int atot(char *, time_t *); -struct passwd *edit(const char *, struct passwd *); -int ok_shell(char *); -char *dup_shell(char *); -int p_change(char *, struct passwd *, ENTRY *); -int p_class(char *, struct passwd *, ENTRY *); -int p_expire(char *, struct passwd *, ENTRY *); -int p_gecos(char *, struct passwd *, ENTRY *); -int p_gid(char *, struct passwd *, ENTRY *); -int p_hdir(char *, struct passwd *, ENTRY *); -int p_login(char *, struct passwd *, ENTRY *); -int p_passwd(char *, struct passwd *, ENTRY *); -int p_shell(char *, struct passwd *, ENTRY *); -int p_uid(char *, struct passwd *, ENTRY *); -char *ttoa(time_t); diff --git a/chpass/edit.c b/chpass/edit.c deleted file mode 100644 index ce82f8e..0000000 --- a/chpass/edit.c +++ /dev/null @@ -1,296 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static char sccsid[] = "@(#)edit.c 8.3 (Berkeley) 4/2/94"; -#endif /* not lint */ -#endif - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "chpass.h" - -static int display(const char *tfn, struct passwd *pw); -static struct passwd *verify(const char *tfn, struct passwd *pw); - -struct passwd * -edit(const char *tfn, struct passwd *pw) -{ - struct passwd *npw; - char *line; - size_t len; - - if (display(tfn, pw) == -1) - return (NULL); - for (;;) { - switch (pw_edit(1)) { - case -1: - return (NULL); - case 0: - return (pw_dup(pw)); - default: - break; - } - if ((npw = verify(tfn, pw)) != NULL) - return (npw); - free(npw); - printf("re-edit the password file? "); - fflush(stdout); - if ((line = fgetln(stdin, &len)) == NULL) { - warn("fgetln()"); - return (NULL); - } - if (len > 0 && (*line == 'N' || *line == 'n')) - return (NULL); - } -} - -/* - * display -- - * print out the file for the user to edit; strange side-effect: - * set conditional flag if the user gets to edit the shell. - */ -static int -display(const char *tfn, struct passwd *pw) -{ - FILE *fp; - char *bp, *gecos, *p; - - if ((fp = fopen(tfn, "w")) == NULL) { - warn("%s", tfn); - return (-1); - } - - (void)fprintf(fp, - "#Changing user information for %s.\n", pw->pw_name); - if (master_mode) { - (void)fprintf(fp, "Login: %s\n", pw->pw_name); - (void)fprintf(fp, "Password: %s\n", pw->pw_passwd); - (void)fprintf(fp, "Uid [#]: %lu\n", (unsigned long)pw->pw_uid); - (void)fprintf(fp, "Gid [# or name]: %lu\n", - (unsigned long)pw->pw_gid); - (void)fprintf(fp, "Change [month day year]: %s\n", - ttoa(pw->pw_change)); - (void)fprintf(fp, "Expire [month day year]: %s\n", - ttoa(pw->pw_expire)); - (void)fprintf(fp, "Class: %s\n", pw->pw_class); - (void)fprintf(fp, "Home directory: %s\n", pw->pw_dir); - (void)fprintf(fp, "Shell: %s\n", - *pw->pw_shell ? pw->pw_shell : _PATH_BSHELL); - } - /* Only admin can change "restricted" shells. */ -#if 0 - else if (ok_shell(pw->pw_shell)) - /* - * Make shell a restricted field. Ugly with a - * necklace, but there's not much else to do. - */ -#else - else if ((!list[E_SHELL].restricted && ok_shell(pw->pw_shell)) || - master_mode) - /* - * If change not restrict (table.c) and standard shell - * OR if root, then allow editing of shell. - */ -#endif - (void)fprintf(fp, "Shell: %s\n", - *pw->pw_shell ? pw->pw_shell : _PATH_BSHELL); - else - list[E_SHELL].restricted = 1; - - if ((bp = gecos = strdup(pw->pw_gecos)) == NULL) { - warn(NULL); - fclose(fp); - return (-1); - } - - p = strsep(&bp, ","); - p = strdup(p ? p : ""); - list[E_NAME].save = p; - if (!list[E_NAME].restricted || master_mode) - (void)fprintf(fp, "Full Name: %s\n", p); - - p = strsep(&bp, ","); - p = strdup(p ? p : ""); - list[E_LOCATE].save = p; - if (!list[E_LOCATE].restricted || master_mode) - (void)fprintf(fp, "Office Location: %s\n", p); - - p = strsep(&bp, ","); - p = strdup(p ? p : ""); - list[E_BPHONE].save = p; - if (!list[E_BPHONE].restricted || master_mode) - (void)fprintf(fp, "Office Phone: %s\n", p); - - p = strsep(&bp, ","); - p = strdup(p ? p : ""); - list[E_HPHONE].save = p; - if (!list[E_HPHONE].restricted || master_mode) - (void)fprintf(fp, "Home Phone: %s\n", p); - - bp = strdup(bp ? bp : ""); - list[E_OTHER].save = bp; - if (!list[E_OTHER].restricted || master_mode) - (void)fprintf(fp, "Other information: %s\n", bp); - - free(gecos); - - (void)fchown(fileno(fp), getuid(), getgid()); - (void)fclose(fp); - return (0); -} - -static struct passwd * -verify(const char *tfn, struct passwd *pw) -{ - struct passwd *npw; - ENTRY *ep; - char *buf, *p, *val; - struct stat sb; - FILE *fp; - int line; - size_t len; - - if ((pw = pw_dup(pw)) == NULL) - return (NULL); - if ((fp = fopen(tfn, "r")) == NULL || - fstat(fileno(fp), &sb) == -1) { - warn("%s", tfn); - free(pw); - return (NULL); - } - if (sb.st_size == 0) { - warnx("corrupted temporary file"); - fclose(fp); - free(pw); - return (NULL); - } - val = NULL; - for (line = 1; (buf = fgetln(fp, &len)) != NULL; ++line) { - if (*buf == '\0' || *buf == '#') - continue; - while (len > 0 && isspace(buf[len - 1])) - --len; - for (ep = list;; ++ep) { - if (!ep->prompt) { - warnx("%s: unrecognized field on line %d", - tfn, line); - goto bad; - } - if (ep->len > len) - continue; - if (strncasecmp(buf, ep->prompt, ep->len) != 0) - continue; - if (ep->restricted && !master_mode) { - warnx("%s: you may not change the %s field", - tfn, ep->prompt); - goto bad; - } - for (p = buf; p < buf + len && *p != ':'; ++p) - /* nothing */ ; - if (*p != ':') { - warnx("%s: line %d corrupted", tfn, line); - goto bad; - } - while (++p < buf + len && isspace(*p)) - /* nothing */ ; - free(val); - asprintf(&val, "%.*s", (int)(buf + len - p), p); - if (val == NULL) - goto bad; - if (ep->except && strpbrk(val, ep->except)) { - warnx("%s: invalid character in \"%s\" field '%s'", - tfn, ep->prompt, val); - goto bad; - } - if ((ep->func)(val, pw, ep)) - goto bad; - break; - } - } - free(val); - fclose(fp); - - /* Build the gecos field. */ - len = asprintf(&p, "%s,%s,%s,%s,%s", list[E_NAME].save, - list[E_LOCATE].save, list[E_BPHONE].save, - list[E_HPHONE].save, list[E_OTHER].save); - if (p == NULL) { - warn("asprintf()"); - free(pw); - return (NULL); - } - while (len > 0 && p[len - 1] == ',') - p[--len] = '\0'; - pw->pw_gecos = p; - buf = pw_make(pw); - free(pw); - free(p); - if (buf == NULL) { - warn("pw_make()"); - return (NULL); - } - npw = pw_scan(buf, PWSCAN_WARN|PWSCAN_MASTER); - free(buf); - return (npw); -bad: - free(pw); - free(val); - fclose(fp); - return (NULL); -} diff --git a/chpass/field.c b/chpass/field.c deleted file mode 100644 index eac5561..0000000 --- a/chpass/field.c +++ /dev/null @@ -1,261 +0,0 @@ -/* - * Copyright (c) 1988, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static char sccsid[] = "@(#)field.c 8.4 (Berkeley) 4/2/94"; -#endif /* not lint */ -#endif - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "chpass.h" - -/* ARGSUSED */ -int -p_login(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - if (!*p) { - warnx("empty login field"); - return (-1); - } - if (*p == '-') { - warnx("login names may not begin with a hyphen"); - return (-1); - } - if (!(pw->pw_name = strdup(p))) { - warnx("can't save entry"); - return (-1); - } - if (strchr(p, '.')) - warnx("\'.\' is dangerous in a login name"); - for (; *p; ++p) - if (isupper(*p)) { - warnx("upper-case letters are dangerous in a login name"); - break; - } - return (0); -} - -/* ARGSUSED */ -int -p_passwd(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - if (!(pw->pw_passwd = strdup(p))) { - warnx("can't save password entry"); - return (-1); - } - - return (0); -} - -/* ARGSUSED */ -int -p_uid(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - uid_t id; - char *np; - - if (!*p) { - warnx("empty uid field"); - return (-1); - } - if (!isdigit(*p)) { - warnx("illegal uid"); - return (-1); - } - errno = 0; - id = strtoul(p, &np, 10); - if (*np || (id == (uid_t)ULONG_MAX && errno == ERANGE)) { - warnx("illegal uid"); - return (-1); - } - pw->pw_uid = id; - return (0); -} - -/* ARGSUSED */ -int -p_gid(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - struct group *gr; - gid_t id; - char *np; - - if (!*p) { - warnx("empty gid field"); - return (-1); - } - if (!isdigit(*p)) { - if (!(gr = getgrnam(p))) { - warnx("unknown group %s", p); - return (-1); - } - pw->pw_gid = gr->gr_gid; - return (0); - } - errno = 0; - id = strtoul(p, &np, 10); - if (*np || (id == (uid_t)ULONG_MAX && errno == ERANGE)) { - warnx("illegal gid"); - return (-1); - } - pw->pw_gid = id; - return (0); -} - -/* ARGSUSED */ -int -p_class(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - if (!(pw->pw_class = strdup(p))) { - warnx("can't save entry"); - return (-1); - } - - return (0); -} - -/* ARGSUSED */ -int -p_change(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - if (!atot(p, &pw->pw_change)) - return (0); - warnx("illegal date for change field"); - return (-1); -} - -/* ARGSUSED */ -int -p_expire(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - if (!atot(p, &pw->pw_expire)) - return (0); - warnx("illegal date for expire field"); - return (-1); -} - -/* ARGSUSED */ -int -p_gecos(char *p, struct passwd *pw __unused, ENTRY *ep) -{ - if (!(ep->save = strdup(p))) { - warnx("can't save entry"); - return (-1); - } - return (0); -} - -/* ARGSUSED */ -int -p_hdir(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - if (!*p) { - warnx("empty home directory field"); - return (-1); - } - if (!(pw->pw_dir = strdup(p))) { - warnx("can't save entry"); - return (-1); - } - return (0); -} - -/* ARGSUSED */ -int -p_shell(char *p, struct passwd *pw, ENTRY *ep __unused) -{ - struct stat sbuf; - - if (!*p) { - pw->pw_shell = strdup(_PATH_BSHELL); - return (0); - } - /* only admin can change from or to "restricted" shells */ - if (!master_mode && pw->pw_shell && !ok_shell(pw->pw_shell)) { - warnx("%s: current shell non-standard", pw->pw_shell); - return (-1); - } - if (!ok_shell(p)) { - if (!master_mode) { - warnx("%s: non-standard shell", p); - return (-1); - } - pw->pw_shell = strdup(p); - } - else - pw->pw_shell = dup_shell(p); - if (!pw->pw_shell) { - warnx("can't save entry"); - return (-1); - } - if (stat(pw->pw_shell, &sbuf) < 0) { - if (errno == ENOENT) - warnx("WARNING: shell '%s' does not exist", - pw->pw_shell); - else - warn("WARNING: can't stat shell '%s'", pw->pw_shell); - return (0); - } - if (!S_ISREG(sbuf.st_mode)) { - warnx("WARNING: shell '%s' is not a regular file", - pw->pw_shell); - return (0); - } - if ((sbuf.st_mode & (S_IXOTH | S_IXGRP | S_IXUSR)) == 0) { - warnx("WARNING: shell '%s' is not executable", pw->pw_shell); - return (0); - } - return (0); -} diff --git a/chpass/table.c b/chpass/table.c deleted file mode 100644 index 19f1a99..0000000 --- a/chpass/table.c +++ /dev/null @@ -1,69 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static const char sccsid[] = "@(#)table.c 8.3 (Berkeley) 4/2/94"; -#endif /* not lint */ -#endif -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include "chpass.h" - -char e1[] = ": "; -char e2[] = ":,"; - -ENTRY list[] = { - { "login", p_login, 1, 5, e1, NULL }, - { "password", p_passwd, 1, 8, e1, NULL }, - { "uid", p_uid, 1, 3, e1, NULL }, - { "gid", p_gid, 1, 3, e1, NULL }, - { "class", p_class, 1, 5, e1, NULL }, - { "change", p_change, 1, 6, NULL, NULL }, - { "expire", p_expire, 1, 6, NULL, NULL }, -#ifdef RESTRICT_FULLNAME_CHANGE /* do not allow fullname changes */ - { "full name", p_gecos, 1, 9, e2, NULL }, -#else - { "full name", p_gecos, 0, 9, e2, NULL }, -#endif - { "office phone", p_gecos, 0, 12, e2, NULL }, - { "home phone", p_gecos, 0, 10, e2, NULL }, - { "office location", p_gecos, 0, 15, e2, NULL }, - { "other information", p_gecos, 0, 11, e1, NULL }, - { "home directory", p_hdir, 1, 14, e1, NULL }, - { "shell", p_shell, 0, 5, e1, NULL }, - { NULL, NULL, 0, 0, NULL, NULL }, -}; diff --git a/chpass/util.c b/chpass/util.c deleted file mode 100644 index 07d96e2..0000000 --- a/chpass/util.c +++ /dev/null @@ -1,182 +0,0 @@ -/*- - * Copyright (c) 1988, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -#if 0 -static char sccsid[] = "@(#)util.c 8.4 (Berkeley) 4/2/94"; -#endif -#endif /* not lint */ -#include -__FBSDID("$FreeBSD$"); - -#include - -#include -#include -#include -#include -#include -#include - -#include "chpass.h" - -static const char *months[] = - { "January", "February", "March", "April", "May", "June", - "July", "August", "September", "October", "November", - "December", NULL }; - -char * -ttoa(time_t tval) -{ - struct tm *tp; - static char tbuf[50]; - - if (tval) { - tp = localtime(&tval); - (void)sprintf(tbuf, "%s %d, %d", months[tp->tm_mon], - tp->tm_mday, tp->tm_year + 1900); - } - else - *tbuf = '\0'; - return (tbuf); -} - -int -atot(char *p, time_t *store) -{ - static struct tm *lt; - char *t; - const char **mp; - time_t tval; - int day, month, year; - - if (!*p) { - *store = 0; - return (0); - } - if (!lt) { - unsetenv("TZ"); - (void)time(&tval); - lt = localtime(&tval); - } - if (!(t = strtok(p, " \t"))) - goto bad; - if (isdigit(*t)) { - month = atoi(t); - } else { - for (mp = months;; ++mp) { - if (!*mp) - goto bad; - if (!strncasecmp(*mp, t, 3)) { - month = mp - months + 1; - break; - } - } - } - if (!(t = strtok((char *)NULL, " \t,")) || !isdigit(*t)) - goto bad; - day = atoi(t); - if (!(t = strtok((char *)NULL, " \t,")) || !isdigit(*t)) - goto bad; - year = atoi(t); - if (day < 1 || day > 31 || month < 1 || month > 12) - goto bad; - /* Allow two digit years 1969-2068 */ - if (year < 69) - year += 2000; - else if (year < 100) - year += 1900; - if (year < 1969) -bad: return (1); - lt->tm_year = year - 1900; - lt->tm_mon = month - 1; - lt->tm_mday = day; - lt->tm_hour = 0; - lt->tm_min = 0; - lt->tm_sec = 0; - lt->tm_isdst = -1; - if ((tval = mktime(lt)) < 0) - return (1); - *store = tval; - return (0); -} - -int -ok_shell(char *name) -{ - char *p, *sh; - - setusershell(); - while ((sh = getusershell())) { - if (!strcmp(name, sh)) { - endusershell(); - return (1); - } - /* allow just shell name, but use "real" path */ - if ((p = strrchr(sh, '/')) && strcmp(name, p + 1) == 0) { - endusershell(); - return (1); - } - } - endusershell(); - return (0); -} - -char * -dup_shell(char *name) -{ - char *p, *sh, *ret; - - setusershell(); - while ((sh = getusershell())) { - if (!strcmp(name, sh)) { - endusershell(); - return (strdup(name)); - } - /* allow just shell name, but use "real" path */ - if ((p = strrchr(sh, '/')) && strcmp(name, p + 1) == 0) { - ret = strdup(sh); - endusershell(); - return (ret); - } - } - endusershell(); - return (NULL); -} diff --git a/libc/gen/pw_scan.c b/libc/gen/pw_scan.c deleted file mode 100644 index 24e8225..0000000 --- a/libc/gen/pw_scan.c +++ /dev/null @@ -1,212 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)pw_scan.c 8.3 (Berkeley) 4/2/94"; -#endif /* LIBC_SCCS and not lint */ -#include -__FBSDID("$FreeBSD$"); - -/* - * This module is used to "verify" password entries by chpass(1) and - * pwd_mkdb(8). - */ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "pw_scan.h" - -/* - * Some software assumes that IDs are short. We should emit warnings - * for id's which cannot be stored in a short, but we are more liberal - * by default, warning for IDs greater than USHRT_MAX. - * - * If pw_big_ids_warning is -1 on entry to pw_scan(), it will be set based - * on the existence of PW_SCAN_BIG_IDS in the environment. - * - * It is believed all baseline system software that can not handle the - * normal ID sizes is now gone so pw_big_ids_warning is disabled for now. - * But the code has been left in place in case end-users want to re-enable - * it and/or for the next time the ID sizes get bigger but pieces of the - * system lag behind. - */ -static int pw_big_ids_warning = 0; - -int -__pw_scan(char *bp, struct passwd *pw, int flags) -{ - uid_t id; - int root; - char *ep, *p, *sh; - unsigned long temp; - - if (pw_big_ids_warning == -1) - pw_big_ids_warning = getenv("PW_SCAN_BIG_IDS") == NULL ? 1 : 0; - - pw->pw_fields = 0; - if (!(pw->pw_name = strsep(&bp, ":"))) /* login */ - goto fmt; - root = !strcmp(pw->pw_name, "root"); - if (pw->pw_name[0] && (pw->pw_name[0] != '+' || pw->pw_name[1] == '\0')) - pw->pw_fields |= _PWF_NAME; - - if (!(pw->pw_passwd = strsep(&bp, ":"))) /* passwd */ - goto fmt; - if (pw->pw_passwd[0]) - pw->pw_fields |= _PWF_PASSWD; - - if (!(p = strsep(&bp, ":"))) /* uid */ - goto fmt; - if (p[0]) - pw->pw_fields |= _PWF_UID; - else { - if (pw->pw_name[0] != '+' && pw->pw_name[0] != '-') { - if (flags & _PWSCAN_WARN) - warnx("no uid for user %s", pw->pw_name); - return (0); - } - } - errno = 0; - temp = strtoul(p, &ep, 10); - if ((temp == ULONG_MAX && errno == ERANGE) || temp > UID_MAX) { - if (flags & _PWSCAN_WARN) - warnx("%s > max uid value (%u)", p, UID_MAX); - return (0); - } - id = temp; - if (*ep != '\0') { - if (flags & _PWSCAN_WARN) - warnx("%s uid is incorrect", p); - return (0); - } - if (root && id) { - if (flags & _PWSCAN_WARN) - warnx("root uid should be 0"); - return (0); - } - if (flags & _PWSCAN_WARN && pw_big_ids_warning && id > USHRT_MAX) { - warnx("%s > recommended max uid value (%u)", p, USHRT_MAX); - /*return (0);*/ /* THIS SHOULD NOT BE FATAL! */ - } - pw->pw_uid = id; - - if (!(p = strsep(&bp, ":"))) /* gid */ - goto fmt; - if (p[0]) - pw->pw_fields |= _PWF_GID; - else { - if (pw->pw_name[0] != '+' && pw->pw_name[0] != '-') { - if (flags & _PWSCAN_WARN) - warnx("no gid for user %s", pw->pw_name); - return (0); - } - } - errno = 0; - temp = strtoul(p, &ep, 10); - if ((temp == ULONG_MAX && errno == ERANGE) || temp > GID_MAX) { - if (flags & _PWSCAN_WARN) - warnx("%s > max gid value (%u)", p, GID_MAX); - return (0); - } - id = temp; - if (*ep != '\0') { - if (flags & _PWSCAN_WARN) - warnx("%s gid is incorrect", p); - return (0); - } - if (flags & _PWSCAN_WARN && pw_big_ids_warning && id > USHRT_MAX) { - warnx("%s > recommended max gid value (%u)", p, USHRT_MAX); - /* return (0); This should not be fatal! */ - } - pw->pw_gid = id; - - if (flags & _PWSCAN_MASTER ) { - if (!(pw->pw_class = strsep(&bp, ":"))) /* class */ - goto fmt; - if (pw->pw_class[0]) - pw->pw_fields |= _PWF_CLASS; - - if (!(p = strsep(&bp, ":"))) /* change */ - goto fmt; - if (p[0]) - pw->pw_fields |= _PWF_CHANGE; - pw->pw_change = atol(p); - - if (!(p = strsep(&bp, ":"))) /* expire */ - goto fmt; - if (p[0]) - pw->pw_fields |= _PWF_EXPIRE; - pw->pw_expire = atol(p); - } - if (!(pw->pw_gecos = strsep(&bp, ":"))) /* gecos */ - goto fmt; - if (pw->pw_gecos[0]) - pw->pw_fields |= _PWF_GECOS; - - if (!(pw->pw_dir = strsep(&bp, ":"))) /* directory */ - goto fmt; - if (pw->pw_dir[0]) - pw->pw_fields |= _PWF_DIR; - - if (!(pw->pw_shell = strsep(&bp, ":"))) /* shell */ - goto fmt; - - p = pw->pw_shell; - if (root && *p) { /* empty == /bin/sh */ - for (setusershell();;) { - if (!(sh = getusershell())) { - if (flags & _PWSCAN_WARN) - warnx("warning, unknown root shell"); - break; - } - if (!strcmp(p, sh)) - break; - } - endusershell(); - } - if (p[0]) - pw->pw_fields |= _PWF_SHELL; - - if ((p = strsep(&bp, ":"))) { /* too many */ -fmt: - if (flags & _PWSCAN_WARN) - warnx("corrupted entry"); - return (0); - } - return (1); -} diff --git a/libc/gen/pw_scan.h b/libc/gen/pw_scan.h deleted file mode 100644 index 468096c..0000000 --- a/libc/gen/pw_scan.h +++ /dev/null @@ -1,36 +0,0 @@ -/*- - * Copyright (c) 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)pw_scan.h 8.1 (Berkeley) 4/1/94 - * $FreeBSD$ - */ - -#define _PWSCAN_MASTER 0x01 -#define _PWSCAN_WARN 0x02 - -extern int __pw_scan(char *, struct passwd *, int); diff --git a/libc/stdlib/strtonum.c b/libc/stdlib/strtonum.c deleted file mode 100644 index 6dccd97..0000000 --- a/libc/stdlib/strtonum.c +++ /dev/null @@ -1,68 +0,0 @@ -/*- - * Copyright (c) 2004 Ted Unangst and Todd Miller - * All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include - -#define INVALID 1 -#define TOOSMALL 2 -#define TOOLARGE 3 - -long long -strtonum(const char *numstr, long long minval, long long maxval, - const char **errstrp) -{ - long long ll = 0; - char *ep; - int error = 0; - struct errval { - const char *errstr; - int err; - } ev[4] = { - { NULL, 0 }, - { "invalid", EINVAL }, - { "too small", ERANGE }, - { "too large", ERANGE }, - }; - - ev[0].err = errno; - errno = 0; - if (minval > maxval) - error = INVALID; - else { - ll = strtoll(numstr, &ep, 10); - if (errno == EINVAL || numstr == ep || *ep != '\0') - error = INVALID; - else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) - error = TOOSMALL; - else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) - error = TOOLARGE; - } - if (errstrp != NULL) - *errstrp = ev[error].errstr; - errno = ev[error].err; - if (error) - ll = 0; - - return (ll); -} diff --git a/libutil/_secure_path.c b/libutil/_secure_path.c deleted file mode 100644 index 363378b..0000000 --- a/libutil/_secure_path.c +++ /dev/null @@ -1,74 +0,0 @@ -/*- - * Based on code copyright (c) 1995,1997 by - * Berkeley Software Design, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -#include -#include -#include -#include - -/* - * Check for common security problems on a given path - * It must be: - * 1. A regular file, and exists - * 2. Owned and writable only by root (or given owner) - * 3. Group ownership is given group or is non-group writable - * - * Returns: -2 if file does not exist, - * -1 if security test failure - * 0 otherwise - */ - -int -_secure_path(const char *path, uid_t uid, gid_t gid) -{ - int r = -1; - struct stat sb; - const char *msg = NULL; - - if (lstat(path, &sb) < 0) { - if (errno == ENOENT) /* special case */ - r = -2; /* if it is just missing, skip the log entry */ - else - msg = "%s: cannot stat %s: %m"; - } - else if (!S_ISREG(sb.st_mode)) - msg = "%s: %s is not a regular file"; - else if (sb.st_mode & S_IWOTH) - msg = "%s: %s is world writable"; - else if ((int)uid != -1 && sb.st_uid != uid && sb.st_uid != 0) { - if (uid == 0) - msg = "%s: %s is not owned by root"; - else - msg = "%s: %s is not owned by uid %d"; - } else if ((int)gid != -1 && sb.st_gid != gid && (sb.st_mode & S_IWGRP)) - msg = "%s: %s is group writeable by non-authorised groups"; - else - r = 0; - if (msg != NULL) - syslog(LOG_ERR, msg, "_secure_path", path, uid); - return r; -} diff --git a/libutil/flopen.c b/libutil/flopen.c deleted file mode 100644 index 754c9c0..0000000 --- a/libutil/flopen.c +++ /dev/null @@ -1,105 +0,0 @@ -/*- - * Copyright (c) 2007 Dag-Erling Coïdan Smørgrav - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer - * in this position and unchanged. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -#include -#include -#include - -#include - -int -flopen(const char *path, int flags, ...) -{ - int fd, operation, serrno, trunc; - struct stat sb, fsb; - mode_t mode; - -#ifdef O_EXLOCK - flags &= ~O_EXLOCK; -#endif - - mode = 0; - if (flags & O_CREAT) { - va_list ap; - - va_start(ap, flags); - mode = (mode_t)va_arg(ap, int); /* mode_t promoted to int */ - va_end(ap); - } - - operation = LOCK_EX; - if (flags & O_NONBLOCK) - operation |= LOCK_NB; - - trunc = (flags & O_TRUNC); - flags &= ~O_TRUNC; - - for (;;) { - if ((fd = open(path, flags, mode)) == -1) - /* non-existent or no access */ - return (-1); - if (flock(fd, operation) == -1) { - /* unsupported or interrupted */ - serrno = errno; - (void)close(fd); - errno = serrno; - return (-1); - } - if (stat(path, &sb) == -1) { - /* disappeared from under our feet */ - (void)close(fd); - continue; - } - if (fstat(fd, &fsb) == -1) { - /* can't happen [tm] */ - serrno = errno; - (void)close(fd); - errno = serrno; - return (-1); - } - if (sb.st_dev != fsb.st_dev || - sb.st_ino != fsb.st_ino) { - /* changed under our feet */ - (void)close(fd); - continue; - } - if (trunc && ftruncate(fd, 0) != 0) { - /* can't happen [tm] */ - serrno = errno; - (void)close(fd); - errno = serrno; - return (-1); - } - return (fd); - } -} diff --git a/libutil/gr_util.c b/libutil/gr_util.c deleted file mode 100644 index 633f435..0000000 --- a/libutil/gr_util.c +++ /dev/null @@ -1,250 +0,0 @@ -/*- - * Copyright (c) 2008 Sean C. Farley - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer, - * without modification, immediately at the beginning of the file. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include - -#include -#include -#include -#include -#include -#include -#include - -struct group_storage { - struct group gr; - char *members[]; -}; - -static const char group_line_format[] = "%s:%s:%ju:"; - -/* - * Compares two struct group's. - */ -int -gr_equal(const struct group *gr1, const struct group *gr2) -{ - int gr1_ndx; - int gr2_ndx; - bool found; - - /* Check that the non-member information is the same. */ - if (gr1->gr_name == NULL || gr2->gr_name == NULL) { - if (gr1->gr_name != gr2->gr_name) - return (false); - } else if (strcmp(gr1->gr_name, gr2->gr_name) != 0) - return (false); - if (gr1->gr_passwd == NULL || gr2->gr_passwd == NULL) { - if (gr1->gr_passwd != gr2->gr_passwd) - return (false); - } else if (strcmp(gr1->gr_passwd, gr2->gr_passwd) != 0) - return (false); - if (gr1->gr_gid != gr2->gr_gid) - return (false); - - /* Check all members in both groups. */ - if (gr1->gr_mem == NULL || gr2->gr_mem == NULL) { - if (gr1->gr_mem != gr2->gr_mem) - return (false); - } else { - for (found = false, gr1_ndx = 0; gr1->gr_mem[gr1_ndx] != NULL; - gr1_ndx++) { - for (gr2_ndx = 0; gr2->gr_mem[gr2_ndx] != NULL; - gr2_ndx++) - if (strcmp(gr1->gr_mem[gr1_ndx], - gr2->gr_mem[gr2_ndx]) == 0) { - found = true; - break; - } - if (!found) - return (false); - } - - /* Check that group2 does not have more members than group1. */ - if (gr2->gr_mem[gr1_ndx] != NULL) - return (false); - } - - return (true); -} - -/* - * Make a group line out of a struct group. - */ -char * -gr_make(const struct group *gr) -{ - char *line; - size_t line_size; - int ndx; - - /* Calculate the length of the group line. */ - line_size = snprintf(NULL, 0, group_line_format, gr->gr_name, - gr->gr_passwd, (uintmax_t)gr->gr_gid) + 1; - if (gr->gr_mem != NULL) { - for (ndx = 0; gr->gr_mem[ndx] != NULL; ndx++) - line_size += strlen(gr->gr_mem[ndx]) + 1; - if (ndx > 0) - line_size--; - } - - /* Create the group line and fill it. */ - if ((line = malloc(line_size)) == NULL) - return (NULL); - snprintf(line, line_size, group_line_format, gr->gr_name, gr->gr_passwd, - (uintmax_t)gr->gr_gid); - if (gr->gr_mem != NULL) - for (ndx = 0; gr->gr_mem[ndx] != NULL; ndx++) { - strcat(line, gr->gr_mem[ndx]); - if (gr->gr_mem[ndx + 1] != NULL) - strcat(line, ","); - } - - return (line); -} - -/* - * Duplicate a struct group. - */ -struct group * -gr_dup(const struct group *gr) -{ - char *dst; - size_t len; - struct group_storage *gs; - int ndx; - int num_mem; - - /* Calculate size of the group. */ - len = sizeof(*gs); - if (gr->gr_name != NULL) - len += strlen(gr->gr_name) + 1; - if (gr->gr_passwd != NULL) - len += strlen(gr->gr_passwd) + 1; - if (gr->gr_mem != NULL) { - for (num_mem = 0; gr->gr_mem[num_mem] != NULL; num_mem++) - len += strlen(gr->gr_mem[num_mem]) + 1; - len += (num_mem + 1) * sizeof(*gr->gr_mem); - } else - num_mem = -1; - - /* Create new group and copy old group into it. */ - if ((gs = calloc(1, len)) == NULL) - return (NULL); - dst = (char *)&gs->members[num_mem + 1]; - if (gr->gr_name != NULL) { - gs->gr.gr_name = dst; - dst = stpcpy(gs->gr.gr_name, gr->gr_name) + 1; - } - if (gr->gr_passwd != NULL) { - gs->gr.gr_passwd = dst; - dst = stpcpy(gs->gr.gr_passwd, gr->gr_passwd) + 1; - } - gs->gr.gr_gid = gr->gr_gid; - if (gr->gr_mem != NULL) { - gs->gr.gr_mem = gs->members; - for (ndx = 0; ndx < num_mem; ndx++) { - gs->gr.gr_mem[ndx] = dst; - dst = stpcpy(gs->gr.gr_mem[ndx], gr->gr_mem[ndx]) + 1; - } - gs->gr.gr_mem[ndx] = NULL; - } - - return (&gs->gr); -} - -/* - * Scan a line and place it into a group structure. - */ -static bool -__gr_scan(char *line, struct group *gr) -{ - char *loc; - int ndx; - - /* Assign non-member information to structure. */ - gr->gr_name = line; - if ((loc = strchr(line, ':')) == NULL) - return (false); - *loc = '\0'; - gr->gr_passwd = loc + 1; - if (*gr->gr_passwd == ':') - *gr->gr_passwd = '\0'; - else { - if ((loc = strchr(loc + 1, ':')) == NULL) - return (false); - *loc = '\0'; - } - if (sscanf(loc + 1, "%u", &gr->gr_gid) != 1) - return (false); - - /* Assign member information to structure. */ - if ((loc = strchr(loc + 1, ':')) == NULL) - return (false); - line = loc + 1; - gr->gr_mem = NULL; - ndx = 0; - do { - gr->gr_mem = reallocf(gr->gr_mem, sizeof(*gr->gr_mem) * - (ndx + 1)); - if (gr->gr_mem == NULL) - return (false); - - /* Skip locations without members (i.e., empty string). */ - do { - gr->gr_mem[ndx] = strsep(&line, ","); - } while (gr->gr_mem[ndx] != NULL && *gr->gr_mem[ndx] == '\0'); - } while (gr->gr_mem[ndx++] != NULL); - - return (true); -} - -/* - * Create a struct group from a line. - */ -struct group * -gr_scan(const char *line) -{ - struct group gr; - char *line_copy; - struct group *new_gr; - - if ((line_copy = strdup(line)) == NULL) - return (NULL); - if (!__gr_scan(line_copy, &gr)) { - free(line_copy); - return (NULL); - } - new_gr = gr_dup(&gr); - free(line_copy); - if (gr.gr_mem != NULL) - free(gr.gr_mem); - - return (new_gr); -} diff --git a/libutil/libutil.h b/libutil/libutil.h deleted file mode 100644 index 4c2ee3b..0000000 --- a/libutil/libutil.h +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright (c) 1996 Peter Wemm . - * All rights reserved. - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * Portions of this software were developed for the FreeBSD Project by - * ThinkSec AS and NAI Labs, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 - * ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#ifndef _LIBUTIL_H_ -#define _LIBUTIL_H_ - -#include -#include - -#ifndef _GID_T_DECLARED -typedef __gid_t gid_t; -#define _GID_T_DECLARED -#endif - -#ifndef _INT64_T_DECLARED -typedef __int64_t int64_t; -#define _INT64_T_DECLARED -#endif - -#ifndef _PID_T_DECLARED -typedef __pid_t pid_t; -#define _PID_T_DECLARED -#endif - -#ifndef _SIZE_T_DECLARED -typedef __size_t size_t; -#define _SIZE_T_DECLARED -#endif - -#ifndef _UID_T_DECLARED -typedef __uid_t uid_t; -#define _UID_T_DECLARED -#endif - -#define PROPERTY_MAX_NAME 64 -#define PROPERTY_MAX_VALUE 512 - -/* for properties.c */ -typedef struct _property { - struct _property *next; - char *name; - char *value; -} *properties; - -#ifdef _SYS_PARAM_H_ -/* for pidfile.c */ -struct pidfh { - int pf_fd; - char pf_path[MAXPATHLEN + 1]; - __dev_t pf_dev; - ino_t pf_ino; -}; -#endif - -/* Avoid pulling in all the include files for no need */ -struct termios; -struct winsize; -struct in_addr; -struct kinfo_file; -struct kinfo_vmentry; - -__BEGIN_DECLS -void clean_environment(const char * const *_white, - const char * const *_more_white); -int extattr_namespace_to_string(int _attrnamespace, char **_string); -int extattr_string_to_namespace(const char *_string, int *_attrnamespace); -int flopen(const char *_path, int _flags, ...); -void hexdump(const void *ptr, int length, const char *hdr, int flags); -int login_tty(int _fd); -void trimdomain(char *_fullhost, int _hostsize); -int openpty(int *_amaster, int *_aslave, char *_name, - struct termios *_termp, struct winsize *_winp); -int forkpty(int *_amaster, char *_name, - struct termios *_termp, struct winsize *_winp); -int humanize_number(char *_buf, size_t _len, int64_t _number, - const char *_suffix, int _scale, int _flags); -int expand_number(const char *_buf, int64_t *_num); -const char *uu_lockerr(int _uu_lockresult); -int uu_lock(const char *_ttyname); -int uu_unlock(const char *_ttyname); -int uu_lock_txfr(const char *_ttyname, pid_t _pid); -int _secure_path(const char *_path, uid_t _uid, gid_t _gid); -properties properties_read(int fd); -void properties_free(properties list); -char *property_find(properties list, const char *name); -char *auth_getval(const char *name); -int realhostname(char *host, size_t hsize, const struct in_addr *ip); -struct sockaddr; -int realhostname_sa(char *host, size_t hsize, struct sockaddr *addr, - int addrlen); - -int kld_isloaded(const char *name); -int kld_load(const char *name); -struct kinfo_file * - kinfo_getfile(pid_t _pid, int *_cntp); -struct kinfo_vmentry * - kinfo_getvmmap(pid_t _pid, int *_cntp); - -#ifdef _STDIO_H_ /* avoid adding new includes */ -char *fparseln(FILE *, size_t *, size_t *, const char[3], int); -#endif - -#ifdef _PWD_H_ -int pw_copy(int _ffd, int _tfd, const struct passwd *_pw, struct passwd *_old_pw); -struct passwd *pw_dup(const struct passwd *_pw); -int pw_edit(int _notsetuid); -int pw_equal(const struct passwd *_pw1, const struct passwd *_pw2); -void pw_fini(void); -int pw_init(const char *_dir, const char *_master); -char *pw_make(const struct passwd *_pw); -int pw_mkdb(const char *_user); -int pw_lock(void); -struct passwd *pw_scan(const char *_line, int _flags); -const char *pw_tempname(void); -int pw_tmp(int _mfd); -#endif - -#ifdef _GRP_H_ -int gr_equal(const struct group *gr1, const struct group *gr2); -char *gr_make(const struct group *gr); -struct group *gr_dup(const struct group *gr); -struct group *gr_scan(const char *line); -#endif - -#ifdef _SYS_PARAM_H_ -struct pidfh *pidfile_open(const char *path, mode_t mode, pid_t *pidptr); -int pidfile_write(struct pidfh *pfh); -int pidfile_close(struct pidfh *pfh); -int pidfile_remove(struct pidfh *pfh); -#endif - -__END_DECLS - -#define UU_LOCK_INUSE (1) -#define UU_LOCK_OK (0) -#define UU_LOCK_OPEN_ERR (-1) -#define UU_LOCK_READ_ERR (-2) -#define UU_LOCK_CREAT_ERR (-3) -#define UU_LOCK_WRITE_ERR (-4) -#define UU_LOCK_LINK_ERR (-5) -#define UU_LOCK_TRY_ERR (-6) -#define UU_LOCK_OWNER_ERR (-7) - -/* return values from realhostname() */ -#define HOSTNAME_FOUND (0) -#define HOSTNAME_INCORRECTNAME (1) -#define HOSTNAME_INVALIDADDR (2) -#define HOSTNAME_INVALIDNAME (3) - -/* fparseln(3) */ -#define FPARSELN_UNESCESC 0x01 -#define FPARSELN_UNESCCONT 0x02 -#define FPARSELN_UNESCCOMM 0x04 -#define FPARSELN_UNESCREST 0x08 -#define FPARSELN_UNESCALL 0x0f - -/* pw_scan() */ -#define PWSCAN_MASTER 0x01 -#define PWSCAN_WARN 0x02 - -/* humanize_number(3) */ -#define HN_DECIMAL 0x01 -#define HN_NOSPACE 0x02 -#define HN_B 0x04 -#define HN_DIVISOR_1000 0x08 - -#define HN_GETSCALE 0x10 -#define HN_AUTOSCALE 0x20 - -/* hexdump(3) */ -#define HD_COLUMN_MASK 0xff -#define HD_DELIM_MASK 0xff00 -#define HD_OMIT_COUNT (1 << 16) -#define HD_OMIT_HEX (1 << 17) -#define HD_OMIT_CHARS (1 << 18) - -#endif /* !_LIBUTIL_H_ */ diff --git a/libutil/login_cap.c b/libutil/login_cap.c deleted file mode 100644 index 8fee760..0000000 --- a/libutil/login_cap.c +++ /dev/null @@ -1,819 +0,0 @@ -/*- - * Copyright (c) 1996 by - * Sean Eric Fagan - * David Nugent - * All rights reserved. - * - * Portions copyright (c) 1995,1997 - * Berkeley Software Design, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, is permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. This work was done expressly for inclusion into FreeBSD. Other use - * is permitted provided this notation is included. - * 4. Absolutely no warranty of function or purpose is made by the authors. - * 5. Modifications may be freely made to this file providing the above - * conditions are met. - * - * Low-level routines relating to the user capabilities database - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * allocstr() - * Manage a single static pointer for handling a local char* buffer, - * resizing as necessary to contain the string. - * - * allocarray() - * Manage a static array for handling a group of strings, resizing - * when necessary. - */ - -static int lc_object_count = 0; - -static size_t internal_stringsz = 0; -static char * internal_string = NULL; -static size_t internal_arraysz = 0; -static const char ** internal_array = NULL; - -static char path_login_conf[] = _PATH_LOGIN_CONF; - -static char * -allocstr(const char *str) -{ - char *p; - - size_t sz = strlen(str) + 1; /* realloc() only if necessary */ - if (sz <= internal_stringsz) - p = strcpy(internal_string, str); - else if ((p = realloc(internal_string, sz)) != NULL) { - internal_stringsz = sz; - internal_string = strcpy(p, str); - } - return p; -} - - -static const char ** -allocarray(size_t sz) -{ - static const char **p; - - if (sz <= internal_arraysz) - p = internal_array; - else if ((p = realloc(internal_array, sz * sizeof(char*))) != NULL) { - internal_arraysz = sz; - internal_array = p; - } - return p; -} - - -/* - * arrayize() - * Turn a simple string separated by any of - * the set of into an array. The last element - * of the array will be NULL, as is proper. - * Free using freearraystr() - */ - -static const char ** -arrayize(const char *str, const char *chars, int *size) -{ - int i; - char *ptr; - const char *cptr; - const char **res = NULL; - - /* count the sub-strings */ - for (i = 0, cptr = str; *cptr; i++) { - int count = strcspn(cptr, chars); - cptr += count; - if (*cptr) - ++cptr; - } - - /* alloc the array */ - if ((ptr = allocstr(str)) != NULL) { - if ((res = allocarray(++i)) == NULL) - free((void *)(uintptr_t)(const void *)str); - else { - /* now split the string */ - i = 0; - while (*ptr) { - int count = strcspn(ptr, chars); - res[i++] = ptr; - ptr += count; - if (*ptr) - *ptr++ = '\0'; - } - res[i] = NULL; - } - } - - if (size) - *size = i; - - return res; -} - - -/* - * login_close() - * Frees up all resources relating to a login class - * - */ - -void -login_close(login_cap_t * lc) -{ - if (lc) { - free(lc->lc_style); - free(lc->lc_class); - free(lc->lc_cap); - free(lc); - if (--lc_object_count == 0) { - free(internal_string); - free(internal_array); - internal_array = NULL; - internal_arraysz = 0; - internal_string = NULL; - internal_stringsz = 0; - cgetclose(); - } - } -} - - -/* - * login_getclassbyname() - * Get the login class by its name. - * If the name given is NULL or empty, the default class - * LOGIN_DEFCLASS (i.e., "default") is fetched. - * If the name given is LOGIN_MECLASS and - * 'pwd' argument is non-NULL and contains an non-NULL - * dir entry, then the file _FILE_LOGIN_CONF is picked - * up from that directory and used before the system - * login database. In that case the system login database - * is looked up using LOGIN_MECLASS, too, which is a bug. - * Return a filled-out login_cap_t structure, including - * class name, and the capability record buffer. - */ - -login_cap_t * -login_getclassbyname(char const *name, const struct passwd *pwd) -{ - login_cap_t *lc; - - if ((lc = malloc(sizeof(login_cap_t))) != NULL) { - int r, me, i = 0; - uid_t euid = 0; - gid_t egid = 0; - const char *msg = NULL; - const char *dir; - char userpath[MAXPATHLEN]; - - static char *login_dbarray[] = { NULL, NULL, NULL }; - - me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0); - dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir; - /* - * Switch to user mode before checking/reading its ~/.login_conf - * - some NFSes have root read access disabled. - * - * XXX: This fails to configure additional groups. - */ - if (dir) { - euid = geteuid(); - egid = getegid(); - (void)setegid(pwd->pw_gid); - (void)seteuid(pwd->pw_uid); - } - - if (dir && snprintf(userpath, MAXPATHLEN, "%s/%s", dir, - _FILE_LOGIN_CONF) < MAXPATHLEN) { - if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1) - login_dbarray[i++] = userpath; - } - /* - * XXX: Why to add the system database if the class is `me'? - */ - if (_secure_path(path_login_conf, 0, 0) != -1) - login_dbarray[i++] = path_login_conf; - login_dbarray[i] = NULL; - - memset(lc, 0, sizeof(login_cap_t)); - lc->lc_cap = lc->lc_class = lc->lc_style = NULL; - - if (name == NULL || *name == '\0') - name = LOGIN_DEFCLASS; - - switch (cgetent(&lc->lc_cap, login_dbarray, name)) { - case -1: /* Failed, entry does not exist */ - if (me) - break; /* Don't retry default on 'me' */ - if (i == 0) - r = -1; - else if ((r = open(login_dbarray[0], O_RDONLY)) >= 0) - close(r); - /* - * If there's at least one login class database, - * and we aren't searching for a default class - * then complain about a non-existent class. - */ - if (r >= 0 || strcmp(name, LOGIN_DEFCLASS) != 0) - syslog(LOG_ERR, "login_getclass: unknown class '%s'", name); - /* fall-back to default class */ - name = LOGIN_DEFCLASS; - msg = "%s: no default/fallback class '%s'"; - if (cgetent(&lc->lc_cap, login_dbarray, name) != 0 && r >= 0) - break; - /* FALLTHROUGH - just return system defaults */ - case 0: /* success! */ - if ((lc->lc_class = strdup(name)) != NULL) { - if (dir) { - (void)seteuid(euid); - (void)setegid(egid); - } - ++lc_object_count; - return lc; - } - msg = "%s: strdup: %m"; - break; - case -2: - msg = "%s: retrieving class information: %m"; - break; - case -3: - msg = "%s: 'tc=' reference loop '%s'"; - break; - case 1: - msg = "couldn't resolve 'tc=' reference in '%s'"; - break; - default: - msg = "%s: unexpected cgetent() error '%s': %m"; - break; - } - if (dir) { - (void)seteuid(euid); - (void)setegid(egid); - } - if (msg != NULL) - syslog(LOG_ERR, msg, "login_getclass", name); - free(lc); - } - - return NULL; -} - - - -/* - * login_getclass() - * Get the login class for the system (only) login class database. - * Return a filled-out login_cap_t structure, including - * class name, and the capability record buffer. - */ - -login_cap_t * -login_getclass(const char *cls) -{ - return login_getclassbyname(cls, NULL); -} - - -/* - * login_getpwclass() - * Get the login class for a given password entry from - * the system (only) login class database. - * If the password entry's class field is not set, or - * the class specified does not exist, then use the - * default of LOGIN_DEFCLASS (i.e., "default") for an unprivileged - * user or that of LOGIN_DEFROOTCLASS (i.e., "root") for a super-user. - * Return a filled-out login_cap_t structure, including - * class name, and the capability record buffer. - */ - -login_cap_t * -login_getpwclass(const struct passwd *pwd) -{ - const char *cls = NULL; - - if (pwd != NULL) { - cls = pwd->pw_class; - if (cls == NULL || *cls == '\0') - cls = (pwd->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS; - } - /* - * XXX: pwd should be unused by login_getclassbyname() unless cls is `me', - * so NULL can be passed instead of pwd for more safety. - */ - return login_getclassbyname(cls, pwd); -} - - -/* - * login_getuserclass() - * Get the `me' login class, allowing user overrides via ~/.login_conf. - * Note that user overrides are allowed only in the `me' class. - */ - -login_cap_t * -login_getuserclass(const struct passwd *pwd) -{ - return login_getclassbyname(LOGIN_MECLASS, pwd); -} - - -/* - * login_getcapstr() - * Given a login_cap entry, and a capability name, return the - * value defined for that capability, a default if not found, or - * an error string on error. - */ - -const char * -login_getcapstr(login_cap_t *lc, const char *cap, const char *def, const char *error) -{ - char *res; - int ret; - - if (lc == NULL || cap == NULL || lc->lc_cap == NULL || *cap == '\0') - return def; - - if ((ret = cgetstr(lc->lc_cap, cap, &res)) == -1) - return def; - return (ret >= 0) ? res : error; -} - - -/* - * login_getcaplist() - * Given a login_cap entry, and a capability name, return the - * value defined for that capability split into an array of - * strings. - */ - -const char ** -login_getcaplist(login_cap_t *lc, const char *cap, const char *chars) -{ - const char *lstring; - - if (chars == NULL) - chars = ", \t"; - if ((lstring = login_getcapstr(lc, cap, NULL, NULL)) != NULL) - return arrayize(lstring, chars, NULL); - return NULL; -} - - -/* - * login_getpath() - * From the login_cap_t , get the capability which is - * formatted as either a space or comma delimited list of paths - * and append them all into a string and separate by semicolons. - * If there is an error of any kind, return . - */ - -const char * -login_getpath(login_cap_t *lc, const char *cap, const char *error) -{ - const char *str; - char *ptr; - int count; - - str = login_getcapstr(lc, cap, NULL, NULL); - if (str == NULL) - return error; - ptr = __DECONST(char *, str); /* XXXX Yes, very dodgy */ - while (*ptr) { - count = strcspn(ptr, ", \t"); - ptr += count; - if (*ptr) - *ptr++ = ':'; - } - return str; -} - - -static int -isinfinite(const char *s) -{ - static const char *infs[] = { - "infinity", - "inf", - "unlimited", - "unlimit", - "-1", - NULL - }; - const char **i = &infs[0]; - - while (*i != NULL) { - if (strcasecmp(s, *i) == 0) - return 1; - ++i; - } - return 0; -} - - -static u_quad_t -rmultiply(u_quad_t n1, u_quad_t n2) -{ - u_quad_t m, r; - int b1, b2; - - static int bpw = 0; - - /* Handle simple cases */ - if (n1 == 0 || n2 == 0) - return 0; - if (n1 == 1) - return n2; - if (n2 == 1) - return n1; - - /* - * sizeof() returns number of bytes needed for storage. - * This may be different from the actual number of useful bits. - */ - if (!bpw) { - bpw = sizeof(u_quad_t) * 8; - while (((u_quad_t)1 << (bpw-1)) == 0) - --bpw; - } - - /* - * First check the magnitude of each number. If the sum of the - * magnatude is way to high, reject the number. (If this test - * is not done then the first multiply below may overflow.) - */ - for (b1 = bpw; (((u_quad_t)1 << (b1-1)) & n1) == 0; --b1) - ; - for (b2 = bpw; (((u_quad_t)1 << (b2-1)) & n2) == 0; --b2) - ; - if (b1 + b2 - 2 > bpw) { - errno = ERANGE; - return (UQUAD_MAX); - } - - /* - * Decompose the multiplication to be: - * h1 = n1 & ~1 - * h2 = n2 & ~1 - * l1 = n1 & 1 - * l2 = n2 & 1 - * (h1 + l1) * (h2 + l2) - * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2) - * - * Since h1 && h2 do not have the low bit set, we can then say: - * - * (h1>>1 * h2>>1 * 4) + ... - * - * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will - * overflow. - * - * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2) - * then adding in residual amout will cause an overflow. - */ - - m = (n1 >> 1) * (n2 >> 1); - if (m >= ((u_quad_t)1 << (bpw-2))) { - errno = ERANGE; - return (UQUAD_MAX); - } - m *= 4; - - r = (n1 & n2 & 1) - + (n2 & 1) * (n1 & ~(u_quad_t)1) - + (n1 & 1) * (n2 & ~(u_quad_t)1); - - if ((u_quad_t)(m + r) < m) { - errno = ERANGE; - return (UQUAD_MAX); - } - m += r; - - return (m); -} - - -/* - * login_getcaptime() - * From the login_cap_t , get the capability , which is - * formatted as a time (e.g., "=10h3m2s"). If is not - * present in , return ; if there is an error of some kind, - * return . - */ - -rlim_t -login_getcaptime(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error) -{ - char *res, *ep, *oval; - int r; - rlim_t tot; - - errno = 0; - if (lc == NULL || lc->lc_cap == NULL) - return def; - - /* - * Look for in lc_cap. - * If it's not there (-1), return . - * If there's an error, return . - */ - - if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1) - return def; - else if (r < 0) { - errno = ERANGE; - return error; - } - - /* "inf" and "infinity" are special cases */ - if (isinfinite(res)) - return RLIM_INFINITY; - - /* - * Now go through the string, turning something like 1h2m3s into - * an integral value. Whee. - */ - - errno = 0; - tot = 0; - oval = res; - while (*res) { - rlim_t tim = strtoq(res, &ep, 0); - rlim_t mult = 1; - - if (ep == NULL || ep == res || errno != 0) { - invalid: - syslog(LOG_WARNING, "login_getcaptime: class '%s' bad value %s=%s", - lc->lc_class, cap, oval); - errno = ERANGE; - return error; - } - /* Look for suffixes */ - switch (*ep++) { - case 0: - ep--; - break; /* end of string */ - case 's': case 'S': /* seconds */ - break; - case 'm': case 'M': /* minutes */ - mult = 60; - break; - case 'h': case 'H': /* hours */ - mult = 60L * 60L; - break; - case 'd': case 'D': /* days */ - mult = 60L * 60L * 24L; - break; - case 'w': case 'W': /* weeks */ - mult = 60L * 60L * 24L * 7L; - break; - case 'y': case 'Y': /* 365-day years */ - mult = 60L * 60L * 24L * 365L; - break; - default: - goto invalid; - } - res = ep; - tot += rmultiply(tim, mult); - if (errno) - goto invalid; - } - - return tot; -} - - -/* - * login_getcapnum() - * From the login_cap_t , extract the numerical value . - * If it is not present, return for a default, and return - * if there is an error. - * Like login_getcaptime(), only it only converts to a number, not - * to a time; "infinity" and "inf" are 'special.' - */ - -rlim_t -login_getcapnum(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error) -{ - char *ep, *res; - int r; - rlim_t val; - - if (lc == NULL || lc->lc_cap == NULL) - return def; - - /* - * For BSDI compatibility, try for the tag= first - */ - if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1) { - long lval; - /* string capability not present, so try for tag# as numeric */ - if ((r = cgetnum(lc->lc_cap, cap, &lval)) == -1) - return def; /* Not there, so return default */ - else if (r >= 0) - return (rlim_t)lval; - } - - if (r < 0) { - errno = ERANGE; - return error; - } - - if (isinfinite(res)) - return RLIM_INFINITY; - - errno = 0; - val = strtoq(res, &ep, 0); - if (ep == NULL || ep == res || errno != 0) { - syslog(LOG_WARNING, "login_getcapnum: class '%s' bad value %s=%s", - lc->lc_class, cap, res); - errno = ERANGE; - return error; - } - - return val; -} - - - -/* - * login_getcapsize() - * From the login_cap_t , extract the capability , which is - * formatted as a size (e.g., "=10M"); it can also be "infinity". - * If not present, return , or if there is an error of - * some sort. - */ - -rlim_t -login_getcapsize(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error) -{ - char *ep, *res, *oval; - int r; - rlim_t tot; - - if (lc == NULL || lc->lc_cap == NULL) - return def; - - if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1) - return def; - else if (r < 0) { - errno = ERANGE; - return error; - } - - if (isinfinite(res)) - return RLIM_INFINITY; - - errno = 0; - tot = 0; - oval = res; - while (*res) { - rlim_t siz = strtoq(res, &ep, 0); - rlim_t mult = 1; - - if (ep == NULL || ep == res || errno != 0) { - invalid: - syslog(LOG_WARNING, "login_getcapsize: class '%s' bad value %s=%s", - lc->lc_class, cap, oval); - errno = ERANGE; - return error; - } - switch (*ep++) { - case 0: /* end of string */ - ep--; - break; - case 'b': case 'B': /* 512-byte blocks */ - mult = 512; - break; - case 'k': case 'K': /* 1024-byte Kilobytes */ - mult = 1024; - break; - case 'm': case 'M': /* 1024-k kbytes */ - mult = 1024 * 1024; - break; - case 'g': case 'G': /* 1Gbyte */ - mult = 1024 * 1024 * 1024; - break; - case 't': case 'T': /* 1TBte */ - mult = 1024LL * 1024LL * 1024LL * 1024LL; - break; - default: - goto invalid; - } - res = ep; - tot += rmultiply(siz, mult); - if (errno) - goto invalid; - } - - return tot; -} - - -/* - * login_getcapbool() - * From the login_cap_t , check for the existance of the capability - * of . Return if ->lc_cap is NULL, otherwise return - * the whether or not exists there. - */ - -int -login_getcapbool(login_cap_t *lc, const char *cap, int def) -{ - if (lc == NULL || lc->lc_cap == NULL) - return def; - return (cgetcap(lc->lc_cap, cap, ':') != NULL); -} - - -/* - * login_getstyle() - * Given a login_cap entry , and optionally a type of auth , - * and optionally a style