From 87935c4d727d66c9400c299c2b69fff91e0183e7 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 2 Jul 2015 17:30:59 +0000 Subject: When passwd or group information is changed (by pw, vipw, chpass, ...) temporary file is created and then a rename() call move it to official file. This operation didn't have any check to make sure data was written to disk and if a power cycle happens system could end up with a 0 length passwd or group database. There is a pfSense bug with more infor about it: https://redmine.pfsense.org/issues/4523 The following changes were made to protect passwd and group operations: * lib/libutil/gr_util.c: - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file - After rename(), fsync() call on directory for faster result * lib/libutil/pw_util.c - Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file * usr.sbin/pwd_mkdb/pwd_mkdb.c - Added O_SYNC flag on dbopen() calls - After rename(), fsync() call on directory for faster result * lib/libutil/pw_util.3 - pw_lock() returns a file descriptor to master password file on success Differential Revision: https://reviews.freebsd.org/D2978 Approved by: bapt Sponsored by: Netgate --- libutil/gr_util.c | 22 ++++++++++++++++++++-- libutil/pw_util.c | 2 +- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/libutil/gr_util.c b/libutil/gr_util.c index b0b0b36..93b3eb2 100644 --- a/libutil/gr_util.c +++ b/libutil/gr_util.c @@ -141,7 +141,7 @@ gr_tmp(int mfd) errno = ENAMETOOLONG; return (-1); } - if ((tfd = mkstemp(tempname)) == -1) + if ((tfd = mkostemp(tempname, O_SYNC)) == -1) return (-1); if (mfd != -1) { while ((nr = read(mfd, buf, sizeof(buf))) > 0) @@ -318,10 +318,28 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr) int gr_mkdb(void) { + int fd; + if (chmod(tempname, 0644) != 0) return (-1); - return (rename(tempname, group_file)); + if (rename(tempname, group_file) != 0) + return (-1); + + /* + * Make sure new group file is safe on disk. To improve performance we + * will call fsync() to the directory where file lies + */ + if ((fd = open(group_dir, O_RDONLY|O_DIRECTORY)) == -1) + return (-1); + + if (fsync(fd) != 0) { + close(fd); + return (-1); + } + + close(fd); + return(0); } /* diff --git a/libutil/pw_util.c b/libutil/pw_util.c index befd1fb..af749d5 100644 --- a/libutil/pw_util.c +++ b/libutil/pw_util.c @@ -226,7 +226,7 @@ pw_tmp(int mfd) errno = ENAMETOOLONG; return (-1); } - if ((tfd = mkstemp(tempname)) == -1) + if ((tfd = mkostemp(tempname, O_SYNC)) == -1) return (-1); if (mfd != -1) { while ((nr = read(mfd, buf, sizeof(buf))) > 0) -- cgit v1.2.3-56-ge451 From 0bf424496ff707551a96e09d08d43fa6415d14c9 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 4 Jul 2015 15:27:04 +0000 Subject: Validate input of pw usermod -h and pwusermod -H Push the code that set the password into a separate function to improve readability Add regression tests about pw usermod -h and pw usermod -H --- pw/pw.c | 30 +++++++++++++++ pw/pw_user.c | 123 ++++++++++++++++++++++++++++++----------------------------- pw/pwupd.h | 2 + 3 files changed, 95 insertions(+), 60 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 30fb55b..b9bd9d0 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -137,6 +137,7 @@ main(int argc, char *argv[]) relocated = nis = false; memset(&conf, 0, sizeof(conf)); strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath)); + conf.fd = -1; LIST_INIT(&arglist); @@ -280,6 +281,35 @@ main(int argc, char *argv[]) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); break; + case 'H': + if (conf.fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + conf.precrypted = true; + if (strspn(optarg, "0123456789") != strlen(optarg)) + errx(EX_USAGE, "'-H' expects a file descriptor"); + + conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "Bad file descriptor '%s': %s", + optarg, errstr); + break; + case 'h': + if (conf.fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + + if (strcmp(optarg, "-") == 0) + conf.fd = '-'; + else if (strspn(optarg, "0123456789") == strlen(optarg)) { + conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "'-h' expects a " + "file descriptor or '-'"); + } else + errx(EX_USAGE, "'-h' expects a file " + "descriptor or '-'"); + break; case 'o': conf.checkduplicate = true; break; diff --git a/pw/pw_user.c b/pw/pw_user.c index c3b2751..f1dbadc 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -86,6 +86,67 @@ create_and_populate_homedir(int mode, struct passwd *pwd) pwd->pw_uid, pwd->pw_dir); } +static int +set_passwd(struct passwd *pwd, struct carg *arg, bool update) +{ + int b, istty; + struct termios t, n; + login_cap_t *lc; + char line[_PASSWORD_LEN+1]; + char *p; + + if (conf.fd == '-') { + if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { + pwd->pw_passwd = "*"; /* No access */ + return (1); + } + return (0); + } + + if ((istty = isatty(conf.fd))) { + if (tcgetattr(conf.fd, &t) == -1) + istty = 0; + else { + n.c_lflag &= ~(ECHO); + tcsetattr(conf.fd, TCSANOW, &n); + printf("%s%spassword for user %s:", + update ? "new " : "", + conf.precrypted ? "encrypted " : "", + pwd->pw_name); + fflush(stdout); + } + } + b = read(conf.fd, line, sizeof(line) - 1); + if (istty) { /* Restore state */ + tcsetattr(conf.fd, TCSANOW, &t); + fputc('\n', stdout); + fflush(stdout); + } + + if (b < 0) + err(EX_IOERR, "-%c file descriptor", + conf.precrypted ? 'H' : 'h'); + line[b] = '\0'; + if ((p = strpbrk(line, "\r\n")) != NULL) + *p = '\0'; + if (!*line) + errx(EX_DATAERR, "empty password read on file descriptor %d", + conf.fd); + if (conf.precrypted) { + if (strchr(line, ':') != NULL) + return EX_DATAERR; + pwd->pw_passwd = line; + } else { + lc = login_getpwclass(pwd); + if (lc == NULL || + login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_pwcrypt(line); + } + return (1); +} + /*- * -C config configuration file * -q quiet operation @@ -529,66 +590,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) } } - if ((arg = getarg(args, 'h')) != NULL || - (arg = getarg(args, 'H')) != NULL) { - if (strcmp(arg->val, "-") == 0) { - if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { - pwd->pw_passwd = "*"; /* No access */ - edited = 1; - } - } else { - int fd = atoi(arg->val); - int precrypt = (arg->ch == 'H'); - int b; - int istty = isatty(fd); - struct termios t; - login_cap_t *lc; - - if (istty) { - if (tcgetattr(fd, &t) == -1) - istty = 0; - else { - struct termios n = t; - - /* Disable echo */ - n.c_lflag &= ~(ECHO); - tcsetattr(fd, TCSANOW, &n); - printf("%s%spassword for user %s:", - (mode == M_UPDATE) ? "new " : "", - precrypt ? "encrypted " : "", - pwd->pw_name); - fflush(stdout); - } - } - b = read(fd, line, sizeof(line) - 1); - if (istty) { /* Restore state */ - tcsetattr(fd, TCSANOW, &t); - fputc('\n', stdout); - fflush(stdout); - } - if (b < 0) - err(EX_IOERR, "-%c file descriptor", - precrypt ? 'H' : 'h'); - line[b] = '\0'; - if ((p = strpbrk(line, "\r\n")) != NULL) - *p = '\0'; - if (!*line) - errx(EX_DATAERR, "empty password read on file descriptor %d", fd); - if (precrypt) { - if (strchr(line, ':') != NULL) - return EX_DATAERR; - pwd->pw_passwd = line; - } else { - lc = login_getpwclass(pwd); - if (lc == NULL || - login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_pwcrypt(line); - } - edited = 1; - } - } + if (conf.fd != -1) + edited = set_passwd(pwd, arg, mode == M_UPDATE); /* * Special case: -N only displays & exits diff --git a/pw/pwupd.h b/pw/pwupd.h index 8f46e7d..c6ed32e 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -85,10 +85,12 @@ struct pwconf { char etcpath[MAXPATHLEN]; char *newname; char *config; + int fd; bool dryrun; bool pretty; bool v7; bool checkduplicate; + bool precrypted; struct userconf *userconf; }; -- cgit v1.2.3-56-ge451 From 00aae8b2ecd6a99d8b3ce7d7351a69731b47e687 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 4 Jul 2015 15:54:11 +0000 Subject: Also validate inputs of pw groupmod -h and groupmod -H --- pw/pw_group.c | 92 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index b9cce0d..2a90ff2 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -47,6 +47,50 @@ static void delete_members(char ***members, int *grmembers, int *i, static int print_group(struct group * grp); static gid_t gr_gidpolicy(struct userconf * cnf, long id); +static void +set_passwd(struct group *grp, bool update) +{ + int b; + int istty; + struct termios t, n; + char *p, line[256]; + + if (conf.fd == '-') { + grp->gr_passwd = "*"; /* No access */ + return; + } + + if ((istty = isatty(conf.fd))) { + n = t; + /* Disable echo */ + n.c_lflag &= ~(ECHO); + tcsetattr(conf.fd, TCSANOW, &n); + printf("%sassword for group %s:", update ? "New p" : "P", + grp->gr_name); + fflush(stdout); + } + b = read(conf.fd, line, sizeof(line) - 1); + if (istty) { /* Restore state */ + tcsetattr(conf.fd, TCSANOW, &t); + fputc('\n', stdout); + fflush(stdout); + } + if (b < 0) + err(EX_OSERR, "-h file descriptor"); + line[b] = '\0'; + if ((p = strpbrk(line, " \t\r\n")) != NULL) + *p = '\0'; + if (!*line) + errx(EX_DATAERR, "empty password read on file descriptor %d", + conf.fd); + if (conf.precrypted) { + if (strchr(line, ':') != 0) + errx(EX_DATAERR, "wrong encrypted passwrd"); + grp->gr_passwd = line; + } else + grp->gr_passwd = pw_pwcrypt(line); +} + int pw_group(int mode, char *name, long id, struct cargs * args) { @@ -156,52 +200,8 @@ pw_group(int mode, char *name, long id, struct cargs * args) * software. */ - if ((arg = getarg(args, 'h')) != NULL || - (arg = getarg(args, 'H')) != NULL) { - if (strcmp(arg->val, "-") == 0) - grp->gr_passwd = "*"; /* No access */ - else { - int fd = atoi(arg->val); - int precrypt = (arg->ch == 'H'); - int b; - int istty = isatty(fd); - struct termios t; - char *p, line[256]; - - if (istty) { - if (tcgetattr(fd, &t) == -1) - istty = 0; - else { - struct termios n = t; - - /* Disable echo */ - n.c_lflag &= ~(ECHO); - tcsetattr(fd, TCSANOW, &n); - printf("%sassword for group %s:", (mode == M_UPDATE) ? "New p" : "P", grp->gr_name); - fflush(stdout); - } - } - b = read(fd, line, sizeof(line) - 1); - if (istty) { /* Restore state */ - tcsetattr(fd, TCSANOW, &t); - fputc('\n', stdout); - fflush(stdout); - } - if (b < 0) - err(EX_OSERR, "-h file descriptor"); - line[b] = '\0'; - if ((p = strpbrk(line, " \t\r\n")) != NULL) - *p = '\0'; - if (!*line) - errx(EX_DATAERR, "empty password read on file descriptor %d", fd); - if (precrypt) { - if (strchr(line, ':') != NULL) - return EX_DATAERR; - grp->gr_passwd = line; - } else - grp->gr_passwd = pw_pwcrypt(line); - } - } + if (conf.fd != -1) + set_passwd(grp, mode == M_UPDATE); if (((arg = getarg(args, 'M')) != NULL || (arg = getarg(args, 'd')) != NULL || -- cgit v1.2.3-56-ge451 From 78b3b8ddb79f739e2e5a1caa74dcc4e3bf453de2 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 4 Jul 2015 15:56:59 +0000 Subject: Fix validation of crypted password Small cleanups --- pw/pw_user.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index f1dbadc..e123786 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -87,7 +87,7 @@ create_and_populate_homedir(int mode, struct passwd *pwd) } static int -set_passwd(struct passwd *pwd, struct carg *arg, bool update) +set_passwd(struct passwd *pwd, bool update) { int b, istty; struct termios t, n; @@ -107,6 +107,7 @@ set_passwd(struct passwd *pwd, struct carg *arg, bool update) if (tcgetattr(conf.fd, &t) == -1) istty = 0; else { + n = t; n.c_lflag &= ~(ECHO); tcsetattr(conf.fd, TCSANOW, &n); printf("%s%spassword for user %s:", @@ -134,7 +135,7 @@ set_passwd(struct passwd *pwd, struct carg *arg, bool update) conf.fd); if (conf.precrypted) { if (strchr(line, ':') != NULL) - return EX_DATAERR; + errx(EX_DATAERR, "bad encrypted password"); pwd->pw_passwd = line; } else { lc = login_getpwclass(pwd); @@ -531,8 +532,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) warnx("WARNING: home `%s' is not a directory", pwd->pw_dir); } - if ((arg = getarg(args, 'w')) != NULL && - getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) { + if ((arg = getarg(args, 'w')) != NULL && conf.fd == -1) { login_cap_t *lc; lc = login_getpwclass(pwd); @@ -591,7 +591,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) } if (conf.fd != -1) - edited = set_passwd(pwd, arg, mode == M_UPDATE); + edited = set_passwd(pwd, mode == M_UPDATE); /* * Special case: -N only displays & exits @@ -1004,8 +1004,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user) /* * We give this information back to the user */ - if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL && - !conf.dryrun) { + if (conf.fd == -1 && !conf.dryrun) { if (isatty(STDOUT_FILENO)) printf("Password for '%s' is: ", user); printf("%s\n", pwbuf); -- cgit v1.2.3-56-ge451 From 72b29044863b5fd9ba066641f288a63f0d23b334 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 5 Jul 2015 09:48:03 +0000 Subject: Validate expiration dates Use strptime_l(3) to validate the dates provided in input --- pw/psdate.c | 288 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 288 insertions(+) create mode 100644 pw/psdate.c diff --git a/pw/psdate.c b/pw/psdate.c new file mode 100644 index 0000000..b43315b --- /dev/null +++ b/pw/psdate.c @@ -0,0 +1,288 @@ +/*- + * Copyright (C) 1996 + * David L. Nugent. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static const char rcsid[] = + "$FreeBSD$"; +#endif /* not lint */ + +#include +#include +#include +#include +#include +#include + +#include "psdate.h" + + +static int +a2i(char const ** str) +{ + int i = 0; + char const *s = *str; + + if (isdigit((unsigned char)*s)) { + i = atoi(s); + while (isdigit((unsigned char)*s)) + ++s; + *str = s; + } + return i; +} + +static int +numerics(char const * str) +{ + int rc = isdigit((unsigned char)*str); + + if (rc) + while (isdigit((unsigned char)*str) || *str == 'x') + ++str; + return rc && !*str; +} + +static int +aindex(char const * arr[], char const ** str, int len) +{ + int l, i; + char mystr[32]; + + mystr[len] = '\0'; + l = strlen(strncpy(mystr, *str, len)); + for (i = 0; i < l; i++) + mystr[i] = (char) tolower((unsigned char)mystr[i]); + for (i = 0; arr[i] && strcmp(mystr, arr[i]) != 0; i++); + if (arr[i] == NULL) + i = -1; + else { /* Skip past it */ + while (**str && isalpha((unsigned char)**str)) + ++(*str); + /* And any following whitespace */ + while (**str && (**str == ',' || isspace((unsigned char)**str))) + ++(*str); + } /* Return index */ + return i; +} + +static int +weekday(char const ** str) +{ + static char const *days[] = + {"sun", "mon", "tue", "wed", "thu", "fri", "sat", NULL}; + + return aindex(days, str, 3); +} + +static void +parse_time(char const * str, int *hour, int *min, int *sec) +{ + *hour = a2i(&str); + if ((str = strchr(str, ':')) == NULL) + *min = *sec = 0; + else { + ++str; + *min = a2i(&str); + *sec = ((str = strchr(str, ':')) == NULL) ? 0 : atoi(++str); + } +} + + +static void +parse_datesub(char const * str, int *day, int *mon, int *year) +{ + struct tm tm; + locale_t l; + int i; + char *ret; + const char *valid_formats[] = { + "%d-%b-%y", + "%d-%b-%Y", + "%d-%m-%y", + "%d-%m-%Y", + NULL, + }; + + l = newlocale(LC_ALL_MASK, "C", NULL); + + memset(&tm, 0, sizeof(tm)); + for (i=0; valid_formats[i] != NULL; i++) { + ret = strptime_l(str, valid_formats[i], &tm, l); + if (ret && *ret == '\0') { + *day = tm.tm_mday; + *mon = tm.tm_mon; + *year = tm.tm_year; + freelocale(l); + return; + } + } + + freelocale(l); + + errx(EXIT_FAILURE, "Invalid date"); +} + + +/*- + * Parse time must be flexible, it handles the following formats: + * nnnnnnnnnnn UNIX timestamp (all numeric), 0 = now + * 0xnnnnnnnn UNIX timestamp in hexadecimal + * 0nnnnnnnnn UNIX timestamp in octal + * 0 Given time + * +nnnn[smhdwoy] Given time + nnnn hours, mins, days, weeks, months or years + * -nnnn[smhdwoy] Given time - nnnn hours, mins, days, weeks, months or years + * dd[ ./-]mmm[ ./-]yy Date } + * hh:mm:ss Time } May be combined + */ + +time_t +parse_date(time_t dt, char const * str) +{ + char *p; + int i; + long val; + struct tm *T; + + if (dt == 0) + dt = time(NULL); + + while (*str && isspace((unsigned char)*str)) + ++str; + + if (numerics(str)) { + dt = strtol(str, &p, 0); + } else if (*str == '+' || *str == '-') { + val = strtol(str, &p, 0); + switch (*p) { + case 'h': + case 'H': /* hours */ + dt += (val * 3600L); + break; + case '\0': + case 'm': + case 'M': /* minutes */ + dt += (val * 60L); + break; + case 's': + case 'S': /* seconds */ + dt += val; + break; + case 'd': + case 'D': /* days */ + dt += (val * 86400L); + break; + case 'w': + case 'W': /* weeks */ + dt += (val * 604800L); + break; + case 'o': + case 'O': /* months */ + T = localtime(&dt); + T->tm_mon += (int) val; + i = T->tm_mday; + goto fixday; + case 'y': + case 'Y': /* years */ + T = localtime(&dt); + T->tm_year += (int) val; + i = T->tm_mday; + fixday: + dt = mktime(T); + T = localtime(&dt); + if (T->tm_mday != i) { + T->tm_mday = 1; + dt = mktime(T); + dt -= (time_t) 86400L; + } + default: /* unknown */ + break; /* leave untouched */ + } + } else { + char *q, tmp[64]; + + /* + * Skip past any weekday prefix + */ + weekday(&str); + strlcpy(tmp, str, sizeof(tmp)); + str = tmp; + T = localtime(&dt); + + /* + * See if we can break off any timezone + */ + while ((q = strrchr(tmp, ' ')) != NULL) { + if (strchr("(+-", q[1]) != NULL) + *q = '\0'; + else { + int j = 1; + + while (q[j] && isupper((unsigned char)q[j])) + ++j; + if (q[j] == '\0') + *q = '\0'; + else + break; + } + } + + /* + * See if there is a time hh:mm[:ss] + */ + if ((p = strchr(tmp, ':')) == NULL) { + + /* + * No time string involved + */ + T->tm_hour = T->tm_min = T->tm_sec = 0; + parse_datesub(tmp, &T->tm_mday, &T->tm_mon, &T->tm_year); + } else { + char datestr[64], timestr[64]; + + /* + * Let's chip off the time string + */ + if ((q = strpbrk(p, " \t")) != NULL) { /* Time first? */ + int l = q - str; + + strlcpy(timestr, str, l + 1); + strlcpy(datestr, q + 1, sizeof(datestr)); + parse_time(timestr, &T->tm_hour, &T->tm_min, &T->tm_sec); + parse_datesub(datestr, &T->tm_mday, &T->tm_mon, &T->tm_year); + } else if ((q = strrchr(tmp, ' ')) != NULL) { /* Time last */ + int l = q - tmp; + + strlcpy(timestr, q + 1, sizeof(timestr)); + strlcpy(datestr, tmp, l + 1); + } else /* Bail out */ + return dt; + parse_time(timestr, &T->tm_hour, &T->tm_min, &T->tm_sec); + parse_datesub(datestr, &T->tm_mday, &T->tm_mon, &T->tm_year); + } + dt = mktime(T); + } + return dt; +} -- cgit v1.2.3-56-ge451 From f0402b90bba7ad658ac2e331b530ca1a4d40e3e6 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 5 Jul 2015 10:11:35 +0000 Subject: Also validate hours via strptime_l(3) Simplify the code, by only using one parser, ensure the dates (hours and dates) are valid --- pw/psdate.c | 91 +++++++++++++++++++++++++++---------------------------------- 1 file changed, 40 insertions(+), 51 deletions(-) diff --git a/pw/psdate.c b/pw/psdate.c index b43315b..537861b 100644 --- a/pw/psdate.c +++ b/pw/psdate.c @@ -98,21 +98,7 @@ weekday(char const ** str) } static void -parse_time(char const * str, int *hour, int *min, int *sec) -{ - *hour = a2i(&str); - if ((str = strchr(str, ':')) == NULL) - *min = *sec = 0; - else { - ++str; - *min = a2i(&str); - *sec = ((str = strchr(str, ':')) == NULL) ? 0 : atoi(++str); - } -} - - -static void -parse_datesub(char const * str, int *day, int *mon, int *year) +parse_datesub(char const * str, struct tm *t) { struct tm tm; locale_t l; @@ -123,6 +109,38 @@ parse_datesub(char const * str, int *day, int *mon, int *year) "%d-%b-%Y", "%d-%m-%y", "%d-%m-%Y", + "%H:%M %d-%b-%y", + "%H:%M %d-%b-%Y", + "%H:%M %d-%m-%y", + "%H:%M %d-%m-%Y", + "%H:%M:%S %d-%b-%y", + "%H:%M:%S %d-%b-%Y", + "%H:%M:%S %d-%m-%y", + "%H:%M:%S %d-%m-%Y", + "%d-%b-%y %H:%M", + "%d-%b-%Y %H:%M", + "%d-%m-%y %H:%M", + "%d-%m-%Y %H:%M", + "%d-%b-%y %H:%M:%S", + "%d-%b-%Y %H:%M:%S", + "%d-%m-%y %H:%M:%S", + "%d-%m-%Y %H:%M:%S", + "%H:%M\t%d-%b-%y", + "%H:%M\t%d-%b-%Y", + "%H:%M\t%d-%m-%y", + "%H:%M\t%d-%m-%Y", + "%H:%M\t%S %d-%b-%y", + "%H:%M\t%S %d-%b-%Y", + "%H:%M\t%S %d-%m-%y", + "%H:%M\t%S %d-%m-%Y", + "%d-%b-%y\t%H:%M", + "%d-%b-%Y\t%H:%M", + "%d-%m-%y\t%H:%M", + "%d-%m-%Y\t%H:%M", + "%d-%b-%y\t%H:%M:%S", + "%d-%b-%Y\t%H:%M:%S", + "%d-%m-%y\t%H:%M:%S", + "%d-%m-%Y\t%H:%M:%S", NULL, }; @@ -132,9 +150,12 @@ parse_datesub(char const * str, int *day, int *mon, int *year) for (i=0; valid_formats[i] != NULL; i++) { ret = strptime_l(str, valid_formats[i], &tm, l); if (ret && *ret == '\0') { - *day = tm.tm_mday; - *mon = tm.tm_mon; - *year = tm.tm_year; + t->tm_mday = tm.tm_mday; + t->tm_mon = tm.tm_mon; + t->tm_year = tm.tm_year; + t->tm_hour = tm.tm_hour; + t->tm_min = tm.tm_min; + t->tm_sec = tm.tm_sec; freelocale(l); return; } @@ -249,39 +270,7 @@ parse_date(time_t dt, char const * str) } } - /* - * See if there is a time hh:mm[:ss] - */ - if ((p = strchr(tmp, ':')) == NULL) { - - /* - * No time string involved - */ - T->tm_hour = T->tm_min = T->tm_sec = 0; - parse_datesub(tmp, &T->tm_mday, &T->tm_mon, &T->tm_year); - } else { - char datestr[64], timestr[64]; - - /* - * Let's chip off the time string - */ - if ((q = strpbrk(p, " \t")) != NULL) { /* Time first? */ - int l = q - str; - - strlcpy(timestr, str, l + 1); - strlcpy(datestr, q + 1, sizeof(datestr)); - parse_time(timestr, &T->tm_hour, &T->tm_min, &T->tm_sec); - parse_datesub(datestr, &T->tm_mday, &T->tm_mon, &T->tm_year); - } else if ((q = strrchr(tmp, ' ')) != NULL) { /* Time last */ - int l = q - tmp; - - strlcpy(timestr, q + 1, sizeof(timestr)); - strlcpy(datestr, tmp, l + 1); - } else /* Bail out */ - return dt; - parse_time(timestr, &T->tm_hour, &T->tm_min, &T->tm_sec); - parse_datesub(datestr, &T->tm_mday, &T->tm_mon, &T->tm_year); - } + parse_datesub(tmp, T); dt = mktime(T); } return dt; -- cgit v1.2.3-56-ge451 From 27580503640f7987dd56af3698673426edb79e63 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 5 Jul 2015 10:14:34 +0000 Subject: Remove dead code --- pw/psdate.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/pw/psdate.c b/pw/psdate.c index 537861b..8e3a951 100644 --- a/pw/psdate.c +++ b/pw/psdate.c @@ -39,21 +39,6 @@ static const char rcsid[] = #include "psdate.h" -static int -a2i(char const ** str) -{ - int i = 0; - char const *s = *str; - - if (isdigit((unsigned char)*s)) { - i = atoi(s); - while (isdigit((unsigned char)*s)) - ++s; - *str = s; - } - return i; -} - static int numerics(char const * str) { -- cgit v1.2.3-56-ge451 From 129c2913052c8f3fef59a58e2b508ea0eff14d7a Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 7 Jul 2015 21:05:20 +0000 Subject: pw: fail if an invalid entry is found while parsing master.passwd and group PR: 198554 Reported by: diaran MFC after: 2 days --- pw/pw_vpw.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pw/pw_vpw.c b/pw/pw_vpw.c index 99663be..a23c66e 100644 --- a/pw/pw_vpw.c +++ b/pw/pw_vpw.c @@ -38,6 +38,7 @@ static const char rcsid[] = #include #include #include +#include #include "pwupd.h" @@ -80,6 +81,9 @@ vnextpwent(char const *nam, uid_t uid, int doclose) if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; pw = pw_scan(line, PWSCAN_MASTER); + if (pw == NULL) + errx(EXIT_FAILURE, "Invalid user entry in '%s':" + " '%s'", getpwpath(_MASTERPASSWD), line); if (uid != (uid_t)-1) { if (uid == pw->pw_uid) break; @@ -160,6 +164,9 @@ vnextgrent(char const *nam, gid_t gid, int doclose) if (line[linelen - 1 ] == '\n') line[linelen - 1] = '\0'; gr = gr_scan(line); + if (gr == NULL) + errx(EXIT_FAILURE, "Invalid group entry in '%s':" + " '%s'", getgrpath(_GROUP), line); if (gid != (gid_t)-1) { if (gid == gr->gr_gid) break; -- cgit v1.2.3-56-ge451 From b1002b3c03d08cb2ba07261fcb5363561004a077 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Thu, 9 Jul 2015 14:14:44 +0000 Subject: Do not try to set password on group if the group is added as a consequence of of creating a user (regression from r285136) Reported by: Fabian Keil --- pw/pw.c | 1 + pw/pw_group.c | 2 +- pw/pwupd.h | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pw/pw.c b/pw/pw.c index b9bd9d0..6769738 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -215,6 +215,7 @@ main(int argc, char *argv[]) if (mode == -1 || which == -1) cmdhelp(mode, which); + conf.which = which; /* * We know which mode we're in and what we're about to do, so now * let's dispatch the remaining command line args in a genric way. diff --git a/pw/pw_group.c b/pw/pw_group.c index 2a90ff2..c664ef5 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -200,7 +200,7 @@ pw_group(int mode, char *name, long id, struct cargs * args) * software. */ - if (conf.fd != -1) + if (conf.which == W_GROUP && conf.fd != -1) set_passwd(grp, mode == M_UPDATE); if (((arg = getarg(args, 'M')) != NULL || diff --git a/pw/pwupd.h b/pw/pwupd.h index c6ed32e..37303de 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -86,6 +86,7 @@ struct pwconf { char *newname; char *config; int fd; + int which; bool dryrun; bool pretty; bool v7; -- cgit v1.2.3-56-ge451 From bc539790827cbc69585a6ec393f04705e5825eff Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 16:58:47 +0000 Subject: Separate usernext/groupnext from the main functions --- pw/pw.h | 2 ++ pw/pw_group.c | 27 +++++++++++++++------------ pw/pw_user.c | 34 +++++++++++++++++----------------- 3 files changed, 34 insertions(+), 29 deletions(-) diff --git a/pw/pw.h b/pw/pw.h index 6239004..ed3b715 100644 --- a/pw/pw.h +++ b/pw/pw.h @@ -83,7 +83,9 @@ struct carg *addarg(struct cargs * _args, int ch, char *argstr); struct carg *getarg(struct cargs * _args, int ch); int pw_user(int mode, char *name, long id, struct cargs * _args); +int pw_usernext(struct userconf *cnf, bool quiet); int pw_group(int mode, char *name, long id, struct cargs * _args); +int pw_groupnext(struct userconf *cnf, bool quiet); char *pw_checkname(char *name, int gecos); int addnispwent(const char *path, struct passwd *pwd); diff --git a/pw/pw_group.c b/pw/pw_group.c index c664ef5..28a7c94 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -91,6 +91,18 @@ set_passwd(struct group *grp, bool update) grp->gr_passwd = pw_pwcrypt(line); } +int +pw_groupnext(struct userconf *cnf, bool quiet) +{ + gid_t next = gr_gidpolicy(cnf, -1); + + if (quiet) + return (next); + printf("%u\n", next); + + return (EXIT_SUCCESS); +} + int pw_group(int mode, char *name, long id, struct cargs * args) { @@ -109,21 +121,12 @@ pw_group(int mode, char *name, long id, struct cargs * args) NULL }; + if (mode == M_NEXT) + return (pw_groupnext(cnf, getarg(args, 'q') != NULL)); + if (mode == M_LOCK || mode == M_UNLOCK) errx(EX_USAGE, "'lock' command is not available for groups"); - /* - * With M_NEXT, we only need to return the - * next gid to stdout - */ - if (mode == M_NEXT) { - gid_t next = gr_gidpolicy(cnf, id); - if (getarg(args, 'q')) - return next; - printf("%u\n", next); - return EXIT_SUCCESS; - } - if (mode == M_PRINT && getarg(args, 'a')) { SETGRENT(); while ((grp = GETGRENT()) != NULL) diff --git a/pw/pw_user.c b/pw/pw_user.c index e123786..298aeab 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -148,6 +148,20 @@ set_passwd(struct passwd *pwd, bool update) return (1); } +int +pw_usernext(struct userconf *cnf, bool quiet) +{ + uid_t next = pw_uidpolicy(cnf, -1); + + if (quiet) + return (next); + + printf("%u:", next); + pw_groupnext(cnf, quiet); + + return (EXIT_SUCCESS); +} + /*- * -C config configuration file * -q quiet operation @@ -216,19 +230,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) cnf = conf.userconf; - /* - * With M_NEXT, we only need to return the - * next uid to stdout - */ if (mode == M_NEXT) - { - uid_t next = pw_uidpolicy(cnf, id); - if (getarg(args, 'q')) - return next; - printf("%u:", next); - pw_group(mode, name, -1, args); - return EXIT_SUCCESS; - } + return (pw_usernext(cnf, getarg(args, 'q') != NULL)); /* * We can do all of the common legwork here @@ -845,11 +848,8 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) addarg(&grpargs, 'g', tmp); } if (conf.dryrun) { - addarg(&grpargs, 'q', NULL); - gid = pw_group(M_NEXT, nam, -1, &grpargs); - } - else - { + gid = pw_groupnext(cnf, true); + } else { pw_group(M_ADD, nam, -1, &grpargs); if ((grp = GETGRNAM(nam)) != NULL) gid = grp->gr_gid; -- cgit v1.2.3-56-ge451 From ecf012ac29ba3e82e8b5e497ee1b80629ae5624f Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 17:01:08 +0000 Subject: Move the quiet flag into the configuration structure --- pw/pw.c | 5 ++++- pw/pw_group.c | 2 +- pw/pw_user.c | 2 +- pw/pwupd.h | 1 + 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 6769738..951abc6 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -314,6 +314,9 @@ main(int argc, char *argv[]) case 'o': conf.checkduplicate = true; break; + case 'q': + conf.quiet = true; + break; default: addarg(&arglist, ch, optarg); break; @@ -334,7 +337,7 @@ main(int argc, char *argv[]) * We should immediately look for the -q 'quiet' switch so that we * don't bother with extraneous errors */ - if (getarg(&arglist, 'q') != NULL) + if (conf.quiet) freopen(_PATH_DEVNULL, "w", stderr); /* diff --git a/pw/pw_group.c b/pw/pw_group.c index 28a7c94..61f0a21 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -122,7 +122,7 @@ pw_group(int mode, char *name, long id, struct cargs * args) }; if (mode == M_NEXT) - return (pw_groupnext(cnf, getarg(args, 'q') != NULL)); + return (pw_groupnext(cnf, conf.quiet)); if (mode == M_LOCK || mode == M_UNLOCK) errx(EX_USAGE, "'lock' command is not available for groups"); diff --git a/pw/pw_user.c b/pw/pw_user.c index 298aeab..dc9827a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -231,7 +231,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) cnf = conf.userconf; if (mode == M_NEXT) - return (pw_usernext(cnf, getarg(args, 'q') != NULL)); + return (pw_usernext(cnf, conf.quiet)); /* * We can do all of the common legwork here diff --git a/pw/pwupd.h b/pw/pwupd.h index 37303de..be126c5 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -87,6 +87,7 @@ struct pwconf { char *config; int fd; int which; + bool quiet; bool dryrun; bool pretty; bool v7; -- cgit v1.2.3-56-ge451 From cc424f0d3468b75718e420a691cb5e3b238804b6 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 18:09:27 +0000 Subject: Make separate functions to show users and groups --- pw/pw.c | 6 ++++++ pw/pw_group.c | 51 +++++++++++++++++++++++++++++++++++---------------- pw/pw_user.c | 52 +++++++++++++++++++++++++++++++++++----------------- pw/pwupd.h | 2 ++ 4 files changed, 78 insertions(+), 33 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 951abc6..56e4103 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -234,6 +234,9 @@ main(int argc, char *argv[]) conf.config = optarg; config = conf.config; break; + case 'F': + conf.force = true; + break; case 'N': conf.dryrun = true; break; @@ -248,6 +251,9 @@ main(int argc, char *argv[]) case 'Y': nis = true; break; + case 'a': + conf.all = true; + break; case 'g': if (which == 0) { /* for user* */ addarg(&arglist, 'g', optarg); diff --git a/pw/pw_group.c b/pw/pw_group.c index 61f0a21..d87c8cc 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -103,6 +103,37 @@ pw_groupnext(struct userconf *cnf, bool quiet) return (EXIT_SUCCESS); } +static int +pw_groupshow(const char *name, long id, struct group *fakegroup) +{ + struct group *grp = NULL; + + if (id < 0 && name == NULL && !conf.all) + errx(EX_DATAERR, "groupname or id or '-a' required"); + + if (conf.all) { + SETGRENT(); + while ((grp = GETGRENT()) != NULL) + print_group(grp); + ENDGRENT(); + + return (EXIT_SUCCESS); + } + + grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); + if (grp == NULL) { + if (conf.force) { + grp = fakegroup; + } else { + if (name == NULL) + errx(EX_DATAERR, "unknown gid `%ld'", id); + errx(EX_DATAERR, "unknown group `%s'", name); + } + } + + return (print_group(grp)); +} + int pw_group(int mode, char *name, long id, struct cargs * args) { @@ -124,34 +155,22 @@ pw_group(int mode, char *name, long id, struct cargs * args) if (mode == M_NEXT) return (pw_groupnext(cnf, conf.quiet)); + if (mode == M_PRINT) + return (pw_groupshow(name, id, &fakegroup)); + if (mode == M_LOCK || mode == M_UNLOCK) errx(EX_USAGE, "'lock' command is not available for groups"); - if (mode == M_PRINT && getarg(args, 'a')) { - SETGRENT(); - while ((grp = GETGRENT()) != NULL) - print_group(grp); - ENDGRENT(); - return EXIT_SUCCESS; - } if (id < 0 && name == NULL) errx(EX_DATAERR, "group name or id required"); grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); - if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) { + if (mode == M_UPDATE || mode == M_DELETE) { if (name == NULL && grp == NULL) /* Try harder */ grp = GETGRGID(id); if (grp == NULL) { - if (mode == M_PRINT && getarg(args, 'F')) { - char *fmems[1]; - fmems[0] = NULL; - fakegroup.gr_name = name ? name : "nogroup"; - fakegroup.gr_gid = (gid_t) id; - fakegroup.gr_mem = fmems; - return print_group(&fakegroup); - } if (name == NULL) errx(EX_DATAERR, "unknown group `%s'", name); else diff --git a/pw/pw_user.c b/pw/pw_user.c index dc9827a..153bc43 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -162,6 +162,36 @@ pw_usernext(struct userconf *cnf, bool quiet) return (EXIT_SUCCESS); } +static int +pw_usershow(char *name, long id, struct passwd *fakeuser) +{ + struct passwd *pwd = NULL; + + if (id < 0 && name == NULL && !conf.all) + errx(EX_DATAERR, "username or id or '-a' required"); + + if (conf.all) { + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + print_user(pwd); + ENDPWENT(); + return (EXIT_SUCCESS); + } + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (conf.force) { + pwd = fakeuser; + } else { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + } + + return (print_user(pwd)); +} + /*- * -C config configuration file * -q quiet operation @@ -213,7 +243,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) static struct passwd fakeuser = { - NULL, + "nouser", "*", -1, -1, @@ -233,6 +263,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (mode == M_NEXT) return (pw_usernext(cnf, conf.quiet)); + if (mode == M_PRINT) + return (pw_usershow(name, id, &fakeuser)); + /* * We can do all of the common legwork here */ @@ -377,14 +410,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) err(EX_IOERR, "config udpate"); } - if (mode == M_PRINT && getarg(args, 'a')) { - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - print_user(pwd); - ENDPWENT(); - return EXIT_SUCCESS; - } - if (name != NULL) pwd = GETPWNAM(pw_checkname(name, 0)); @@ -395,17 +420,12 @@ pw_user(int mode, char *name, long id, struct cargs * args) * Update, delete & print require that the user exists */ if (mode == M_UPDATE || mode == M_DELETE || - mode == M_PRINT || mode == M_LOCK || mode == M_UNLOCK) { + mode == M_LOCK || mode == M_UNLOCK) { if (name == NULL && pwd == NULL) /* Try harder */ pwd = GETPWUID(id); if (pwd == NULL) { - if (mode == M_PRINT && getarg(args, 'F')) { - fakeuser.pw_name = name ? name : "nouser"; - fakeuser.pw_uid = (uid_t) id; - return print_user(&fakeuser); - } if (name == NULL) errx(EX_NOUSER, "no such uid `%ld'", id); errx(EX_NOUSER, "no such user `%s'", name); @@ -440,8 +460,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) } else if (mode == M_DELETE) return (delete_user(cnf, pwd, name, getarg(args, 'r') != NULL, mode)); - else if (mode == M_PRINT) - return print_user(pwd); /* * The rest is edit code diff --git a/pw/pwupd.h b/pw/pwupd.h index be126c5..97e18f5 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -88,6 +88,8 @@ struct pwconf { int fd; int which; bool quiet; + bool force; + bool all; bool dryrun; bool pretty; bool v7; -- cgit v1.2.3-56-ge451 From dc338df23912779d9d051efb40fdf73ad6289ea0 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 19:07:47 +0000 Subject: Make a separate groupdel/userdel from the main function --- pw/pw.c | 3 +++ pw/pw_group.c | 44 +++++++++++++++++++++++++++----------------- pw/pw_user.c | 48 +++++++++++++++++++++++++++++++----------------- pw/pwupd.h | 1 + 4 files changed, 62 insertions(+), 34 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 56e4103..112b1f0 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -323,6 +323,9 @@ main(int argc, char *argv[]) case 'q': conf.quiet = true; break; + case 'r': + conf.deletehome = true; + break; default: addarg(&arglist, ch, optarg); break; diff --git a/pw/pw_group.c b/pw/pw_group.c index d87c8cc..a3fa595 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -134,6 +134,29 @@ pw_groupshow(const char *name, long id, struct group *fakegroup) return (print_group(grp)); } +static int +pw_groupdel(const char *name, long id) +{ + struct group *grp = NULL; + int rc; + + grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); + if (grp == NULL) { + if (name == NULL) + errx(EX_DATAERR, "unknown gid `%ld'", id); + errx(EX_DATAERR, "unknown group `%s'", name); + } + + rc = delgrent(grp); + if (rc == -1) + err(EX_IOERR, "group '%s' not available (NIS?)", name); + else if (rc != 0) + err(EX_IOERR, "group update"); + pw_log(conf.userconf, M_DELETE, W_GROUP, "%s(%ld) removed", name, id); + + return (EXIT_SUCCESS); +} + int pw_group(int mode, char *name, long id, struct cargs * args) { @@ -158,6 +181,9 @@ pw_group(int mode, char *name, long id, struct cargs * args) if (mode == M_PRINT) return (pw_groupshow(name, id, &fakegroup)); + if (mode == M_DELETE) + return (pw_groupdel(name, id)); + if (mode == M_LOCK || mode == M_UNLOCK) errx(EX_USAGE, "'lock' command is not available for groups"); @@ -166,7 +192,7 @@ pw_group(int mode, char *name, long id, struct cargs * args) grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); - if (mode == M_UPDATE || mode == M_DELETE) { + if (mode == M_UPDATE) { if (name == NULL && grp == NULL) /* Try harder */ grp = GETGRGID(id); @@ -179,22 +205,6 @@ pw_group(int mode, char *name, long id, struct cargs * args) if (name == NULL) /* Needed later */ name = grp->gr_name; - /* - * Handle deletions now - */ - if (mode == M_DELETE) { - rc = delgrent(grp); - if (rc == -1) - err(EX_IOERR, "group '%s' not available (NIS?)", - name); - else if (rc != 0) { - err(EX_IOERR, "group update"); - } - pw_log(cnf, mode, W_GROUP, "%s(%ld) removed", name, id); - return EXIT_SUCCESS; - } else if (mode == M_PRINT) - return print_group(grp); - if (id > 0) grp->gr_gid = (gid_t) id; diff --git a/pw/pw_user.c b/pw/pw_user.c index 153bc43..1c01d6a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -51,8 +51,7 @@ static const char rcsid[] = static char locked_str[] = "*LOCKED*"; -static int delete_user(struct userconf *cnf, struct passwd *pwd, - char *name, int delete, int mode); +static int pw_userdel(char *name, long id); static int print_user(struct passwd * pwd); static uid_t pw_uidpolicy(struct userconf * cnf, long id); static uid_t pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer); @@ -266,6 +265,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (mode == M_PRINT) return (pw_usershow(name, id, &fakeuser)); + if (mode == M_DELETE) + return (pw_userdel(name, id)); + /* * We can do all of the common legwork here */ @@ -417,10 +419,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_DATAERR, "user name or id required"); /* - * Update, delete & print require that the user exists + * Update require that the user exists */ - if (mode == M_UPDATE || mode == M_DELETE || - mode == M_LOCK || mode == M_UNLOCK) { + if (mode == M_UPDATE || mode == M_LOCK || mode == M_UNLOCK) { if (name == NULL && pwd == NULL) /* Try harder */ pwd = GETPWUID(id); @@ -457,9 +458,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name); pwd->pw_passwd += sizeof(locked_str)-1; edited = 1; - } else if (mode == M_DELETE) - return (delete_user(cnf, pwd, name, - getarg(args, 'r') != NULL, mode)); + } /* * The rest is edit code @@ -1045,17 +1044,30 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user) } static int -delete_user(struct userconf *cnf, struct passwd *pwd, char *name, - int delete, int mode) +pw_userdel(char *name, long id) { + struct passwd *pwd = NULL; char file[MAXPATHLEN]; char home[MAXPATHLEN]; - uid_t uid = pwd->pw_uid; + uid_t uid; struct group *gr, *grp; char grname[LOGNAMESIZE]; int rc; struct stat st; + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + uid = pwd->pw_uid; + if (name == NULL) + name = pwd->pw_name; + if (strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "cannot remove user 'root'"); @@ -1093,10 +1105,11 @@ delete_user(struct userconf *cnf, struct passwd *pwd, char *name, else if (rc != 0) err(EX_IOERR, "passwd update"); - if (cnf->nispasswd && *cnf->nispasswd=='/') { - rc = delnispwent(cnf->nispasswd, name); + if (conf.userconf->nispasswd && *conf.userconf->nispasswd=='/') { + rc = delnispwent(conf.userconf->nispasswd, name); if (rc == -1) - warnx("WARNING: user '%s' does not exist in NIS passwd", pwd->pw_name); + warnx("WARNING: user '%s' does not exist in NIS passwd", + pwd->pw_name); else if (rc != 0) warn("WARNING: NIS passwd update"); /* non-fatal */ @@ -1126,7 +1139,8 @@ delete_user(struct userconf *cnf, struct passwd *pwd, char *name, } ENDGRENT(); - pw_log(cnf, mode, W_USER, "%s(%u) account removed", name, uid); + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) account removed", name, + uid); if (!PWALTDIR()) { /* @@ -1143,10 +1157,10 @@ delete_user(struct userconf *cnf, struct passwd *pwd, char *name, /* * Remove home directory and contents */ - if (delete && *home == '/' && getpwuid(uid) == NULL && + if (conf.deletehome && *home == '/' && getpwuid(uid) == NULL && stat(home, &st) != -1) { rm_r(home, uid); - pw_log(cnf, mode, W_USER, "%s(%u) home '%s' %sremoved", + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %sremoved", name, uid, home, stat(home, &st) == -1 ? "" : "not completely "); } diff --git a/pw/pwupd.h b/pw/pwupd.h index 97e18f5..669cbb1 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -94,6 +94,7 @@ struct pwconf { bool pretty; bool v7; bool checkduplicate; + bool deletehome; bool precrypted; struct userconf *userconf; }; -- cgit v1.2.3-56-ge451 From 683b41dc1f073509df3f14d35d3e1541ae41498a Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 19:14:09 +0000 Subject: homedir can only be populate during useradd --- pw/pw_user.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 1c01d6a..a375b31 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -65,7 +65,7 @@ static void rmat(uid_t uid); static void rmopie(char const * name); static void -create_and_populate_homedir(int mode, struct passwd *pwd) +create_and_populate_homedir(struct passwd *pwd) { char *homedir, *dotdir; struct userconf *cnf = conf.userconf; @@ -81,7 +81,7 @@ create_and_populate_homedir(int mode, struct passwd *pwd) copymkdir(homedir ? homedir : pwd->pw_dir, dotdir ? dotdir: cnf->dotdir, cnf->homemode, pwd->pw_uid, pwd->pw_gid); - pw_log(cnf, mode, W_USER, "%s(%u) home %s made", pwd->pw_name, + pw_log(cnf, M_ADD, W_USER, "%s(%u) home %s made", pwd->pw_name, pwd->pw_uid, pwd->pw_dir); } @@ -735,7 +735,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (PWALTDIR() != PWF_ALT && getarg(args, 'm') != NULL && pwd->pw_dir && *pwd->pw_dir == '/' && pwd->pw_dir[1]) - create_and_populate_homedir(mode, pwd); + create_and_populate_homedir(pwd); /* * Finally, send mail to the new user as well, if we are asked to -- cgit v1.2.3-56-ge451 From 634a65911ad1db9a99207754a1f65de7083e3543 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 20:10:12 +0000 Subject: Isolate pw lock/unlock into a separate function --- pw/pw_user.c | 122 ++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 78 insertions(+), 44 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index a375b31..b9d01a8 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -191,6 +191,78 @@ pw_usershow(char *name, long id, struct passwd *fakeuser) return (print_user(pwd)); } +static void +perform_chgpwent(const char *name, struct passwd *pwd) +{ + int rc; + + rc = chgpwent(name, pwd); + if (rc == -1) + errx(EX_IOERR, "user '%s' does not exist (NIS?)", pwd->pw_name); + else if (rc != 0) + err(EX_IOERR, "passwd file update"); + + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') { + rc = chgnispwent(conf.userconf->nispasswd, name, pwd); + if (rc == -1) + warn("User '%s' not found in NIS passwd", pwd->pw_name); + else + warn("NIS passwd update"); + /* NOTE: NIS-only update errors are not fatal */ + } +} + +/* + * The M_LOCK and M_UNLOCK functions simply add or remove + * a "*LOCKED*" prefix from in front of the password to + * prevent it decoding correctly, and therefore prevents + * access. Of course, this only prevents access via + * password authentication (not ssh, kerberos or any + * other method that does not use the UNIX password) but + * that is a known limitation. + */ +static int +pw_userlock(char *name, long id, int mode) +{ + struct passwd *pwd = NULL; + char *passtmp = NULL; + bool locked = false; + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + + if (name == NULL) + name = pwd->pw_name; + + if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str) -1) == 0) + locked = true; + if (mode == M_LOCK && locked) + errx(EX_DATAERR, "user '%s' is already locked", pwd->pw_name); + if (mode == M_UNLOCK && !locked) + errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name); + + if (mode == M_LOCK) { + asprintf(&passtmp, "%s%s", locked_str, pwd->pw_passwd); + if (passtmp == NULL) /* disaster */ + errx(EX_UNAVAILABLE, "out of memory"); + pwd->pw_passwd = passtmp; + } else { + pwd->pw_passwd += sizeof(locked_str)-1; + } + + perform_chgpwent(name, pwd); + free(passtmp); + + return (EXIT_SUCCESS); +} + /*- * -C config configuration file * -q quiet operation @@ -228,7 +300,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) { int rc, edited = 0; char *p = NULL; - char *passtmp; struct carg *arg; struct passwd *pwd = NULL; struct group *grp; @@ -268,6 +339,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (mode == M_DELETE) return (pw_userdel(name, id)); + if (mode == M_LOCK || mode == M_UNLOCK) + return (pw_userlock(name, id, mode)); + /* * We can do all of the common legwork here */ @@ -421,7 +495,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) /* * Update require that the user exists */ - if (mode == M_UPDATE || mode == M_LOCK || mode == M_UNLOCK) { + if (mode == M_UPDATE) { if (name == NULL && pwd == NULL) /* Try harder */ pwd = GETPWUID(id); @@ -435,31 +509,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (name == NULL) name = pwd->pw_name; - /* - * The M_LOCK and M_UNLOCK functions simply add or remove - * a "*LOCKED*" prefix from in front of the password to - * prevent it decoding correctly, and therefore prevents - * access. Of course, this only prevents access via - * password authentication (not ssh, kerberos or any - * other method that does not use the UNIX password) but - * that is a known limitation. - */ - - if (mode == M_LOCK) { - if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) == 0) - errx(EX_DATAERR, "user '%s' is already locked", pwd->pw_name); - asprintf(&passtmp, "%s%s", locked_str, pwd->pw_passwd); - if (passtmp == NULL) /* disaster */ - errx(EX_UNAVAILABLE, "out of memory"); - pwd->pw_passwd = passtmp; - edited = 1; - } else if (mode == M_UNLOCK) { - if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) != 0) - errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name); - pwd->pw_passwd += sizeof(locked_str)-1; - edited = 1; - } - /* * The rest is edit code */ @@ -635,23 +684,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) warn("NIS passwd update"); /* NOTE: we treat NIS-only update errors as non-fatal */ } - } else if (mode == M_UPDATE || mode == M_LOCK || mode == M_UNLOCK) { - if (edited) { /* Only updated this if required */ - rc = chgpwent(name, pwd); - if (rc == -1) - errx(EX_IOERR, "user '%s' does not exist (NIS?)", pwd->pw_name); - else if (rc != 0) - err(EX_IOERR, "passwd file update"); - if ( cnf->nispasswd && *cnf->nispasswd=='/') { - rc = chgnispwent(cnf->nispasswd, name, pwd); - if (rc == -1) - warn("User '%s' not found in NIS passwd", pwd->pw_name); - else - warn("NIS passwd update"); - /* NOTE: NIS-only update errors are not fatal */ - } - } - } + } else if (mode == M_UPDATE && edited) /* Only updated this if required */ + perform_chgpwent(name, pwd); /* * Ok, user is created or changed - now edit group file -- cgit v1.2.3-56-ge451 From b1134e75ce7b8f0deb1b1880f35c42f2a09ddb4e Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 20:18:34 +0000 Subject: Remove useless use of goto --- pw/pw_user.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index b9d01a8..7e8534e 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -400,7 +400,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) *p = '\0'; if (stat(dbuf, &st) == -1) { if (mkdir(dbuf, _DEF_DIRMODE) == -1) - goto direrr; + err(EX_OSFILE, "mkdir '%s'", dbuf); chown(dbuf, 0, 0); } else if (!S_ISDIR(st.st_mode)) errx(EX_OSFILE, "'%s' (root home parent) is not a directory", dbuf); @@ -408,9 +408,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) } } if (stat(dbuf, &st) == -1) { - if (mkdir(dbuf, _DEF_DIRMODE) == -1) { - direrr: err(EX_OSFILE, "mkdir '%s'", dbuf); - } + if (mkdir(dbuf, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "mkdir '%s'", dbuf); chown(dbuf, 0, 0); } } else if (!S_ISDIR(st.st_mode)) -- cgit v1.2.3-56-ge451 From 13824e6c6765b7a1d67b0ffaab60aa0612bee252 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 21:09:50 +0000 Subject: check the gecos format early: at the moment the -c option is parsed --- pw/pw.c | 3 +++ pw/pw_user.c | 7 +++---- pw/pwupd.h | 1 + 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 112b1f0..3d4fcf2 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -254,6 +254,9 @@ main(int argc, char *argv[]) case 'a': conf.all = true; break; + case 'c': + conf.gecos = pw_checkname(optarg, 1); + break; case 'g': if (which == 0) { /* for user* */ addarg(&arglist, 'g', optarg); diff --git a/pw/pw_user.c b/pw/pw_user.c index 7e8534e..9e16793 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -650,10 +650,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) /* * Shared add/edit code */ - if ((arg = getarg(args, 'c')) != NULL) { - char *gecos = pw_checkname(arg->val, 1); - if (strcmp(pwd->pw_gecos, gecos) != 0) { - pwd->pw_gecos = gecos; + if (conf.gecos != NULL) { + if (strcmp(pwd->pw_gecos, conf.gecos) != 0) { + pwd->pw_gecos = conf.gecos; edited = 1; } } diff --git a/pw/pwupd.h b/pw/pwupd.h index 669cbb1..7a0cd2d 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -85,6 +85,7 @@ struct pwconf { char etcpath[MAXPATHLEN]; char *newname; char *config; + char *gecos; int fd; int which; bool quiet; -- cgit v1.2.3-56-ge451 From bf1da69192dfd6c10ac6dbae522d0ed40ebecf3a Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 21:12:28 +0000 Subject: Remove unused argument from pm_passwd --- pw/pw_user.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 9e16793..6aa0c47 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -59,7 +59,7 @@ static time_t pw_pwdpolicy(struct userconf * cnf, struct cargs * args); static time_t pw_exppolicy(struct userconf * cnf, struct cargs * args); static char *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user); static char *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell); -static char *pw_password(struct userconf * cnf, struct cargs * args, char const * user); +static char *pw_password(struct userconf * cnf, char const * user); static char *shell_path(char const * path, char *shells[], char *sh); static void rmat(uid_t uid); static void rmopie(char const * name); @@ -608,7 +608,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); - pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name); edited = 1; } @@ -640,7 +640,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); - pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name); edited = 1; if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) @@ -1038,7 +1038,7 @@ pw_pwcrypt(char *password) static char * -pw_password(struct userconf * cnf, struct cargs * args, char const * user) +pw_password(struct userconf * cnf, char const * user) { int i, l; char pwbuf[32]; -- cgit v1.2.3-56-ge451 From ffa872f6d718f788860c825c902727e81fa0ebca Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 22:35:07 +0000 Subject: Rework groupmod modification: Use gr_add(3) when possible to avoid code duplication. Use a simpler logic to delete members of a group --- pw/pw_group.c | 90 +++++++++++++++++++---------------------------------------- 1 file changed, 29 insertions(+), 61 deletions(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index a3fa595..156ab3d 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -42,8 +42,7 @@ static const char rcsid[] = static struct passwd *lookup_pwent(const char *user); -static void delete_members(char ***members, int *grmembers, int *i, - struct carg *arg, struct group *grp); +static void delete_members(struct group *grp, char *list); static int print_group(struct group * grp); static gid_t gr_gidpolicy(struct userconf * cnf, long id); @@ -163,7 +162,6 @@ pw_group(int mode, char *name, long id, struct cargs * args) int rc; struct carg *arg; struct group *grp = NULL; - int grmembers = 0; char **members = NULL; struct userconf *cnf = conf.userconf; @@ -216,13 +214,11 @@ pw_group(int mode, char *name, long id, struct cargs * args) else if (grp != NULL) /* Exists */ errx(EX_DATAERR, "group name `%s' already exists", name); - extendarray(&members, &grmembers, 200); - members[0] = NULL; grp = &fakegroup; grp->gr_name = pw_checkname(name, 0); grp->gr_passwd = "*"; grp->gr_gid = gr_gidpolicy(cnf, id); - grp->gr_mem = members; + grp->gr_mem = NULL; } /* @@ -238,42 +234,31 @@ pw_group(int mode, char *name, long id, struct cargs * args) if (((arg = getarg(args, 'M')) != NULL || (arg = getarg(args, 'd')) != NULL || (arg = getarg(args, 'm')) != NULL) && arg->val) { - int i = 0; char *p; struct passwd *pwd; /* Make sure this is not stay NULL with -M "" */ - extendarray(&members, &grmembers, 200); if (arg->ch == 'd') - delete_members(&members, &grmembers, &i, arg, grp); - else if (arg->ch == 'm') { - int k = 0; - - if (grp->gr_mem != NULL) { - while (grp->gr_mem[k] != NULL) { - if (extendarray(&members, &grmembers, i + 2) != -1) - members[i++] = grp->gr_mem[k]; - k++; - } + delete_members(grp, arg->val); + else if (arg->ch == 'M') + grp->gr_mem = NULL; + + for (p = strtok(arg->val, ", \t"); arg->ch != 'd' && p != NULL; + p = strtok(NULL, ", \t")) { + int j; + + /* + * Check for duplicates + */ + pwd = lookup_pwent(p); + for (j = 0; grp->gr_mem != NULL && grp->gr_mem[j] != NULL; j++) { + if (strcmp(grp->gr_mem[j], pwd->pw_name) == 0) + break; } + if (grp->gr_mem != NULL && grp->gr_mem[j] != NULL) + continue; + grp = gr_add(grp, pwd->pw_name); } - - if (arg->ch != 'd') - for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { - int j; - - /* - * Check for duplicates - */ - pwd = lookup_pwent(p); - for (j = 0; j < i && strcmp(members[j], pwd->pw_name) != 0; j++) - ; - if (j == i && extendarray(&members, &grmembers, i + 2) != -1) - members[i++] = newstr(pwd->pw_name); - } - while (i < grmembers) - members[i++] = NULL; - grp->gr_mem = members; } if (conf.dryrun) @@ -328,42 +313,25 @@ lookup_pwent(const char *user) * Delete requested members from a group. */ static void -delete_members(char ***members, int *grmembers, int *i, struct carg *arg, - struct group *grp) +delete_members(struct group *grp, char *list) { - bool matchFound; - char *user; - char *valueCopy; - char *valuePtr; + char *p; int k; - struct passwd *pwd; if (grp->gr_mem == NULL) return; - k = 0; - while (grp->gr_mem[k] != NULL) { - matchFound = false; - if ((valueCopy = strdup(arg->val)) == NULL) - errx(EX_UNAVAILABLE, "out of memory"); - valuePtr = valueCopy; - while ((user = strsep(&valuePtr, ", \t")) != NULL) { - pwd = lookup_pwent(user); - if (strcmp(grp->gr_mem[k], pwd->pw_name) == 0) { - matchFound = true; + for (p = strtok(list, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { + for (k = 0; grp->gr_mem[k] != NULL; k++) { + if (strcmp(grp->gr_mem[k], p) == 0) break; - } } - free(valueCopy); - - if (!matchFound && - extendarray(members, grmembers, *i + 2) != -1) - (*members)[(*i)++] = grp->gr_mem[k]; + if (grp->gr_mem[k] == NULL) /* No match */ + continue; - k++; + for (; grp->gr_mem[k] != NULL; k++) + grp->gr_mem[k] = grp->gr_mem[k+1]; } - - return; } -- cgit v1.2.3-56-ge451 From 37cf831c25d3fbcc63a8548fc4ed7ead82562c5b Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 23:07:17 +0000 Subject: Replace custom string array with stringlist(3) --- pw/Makefile | 3 +-- pw/fileupd.c | 47 ----------------------------------------------- pw/pw_conf.c | 23 ++++++++--------------- pw/pw_user.c | 16 ++++++---------- pw/pwupd.h | 41 ++++++++++++++++++++--------------------- 5 files changed, 35 insertions(+), 95 deletions(-) delete mode 100644 pw/fileupd.c diff --git a/pw/Makefile b/pw/Makefile index 4bcf691..c265399 100644 --- a/pw/Makefile +++ b/pw/Makefile @@ -3,8 +3,7 @@ PROG= pw MAN= pw.conf.5 pw.8 SRCS= pw.c pw_conf.c pw_user.c pw_group.c pw_log.c pw_nis.c pw_vpw.c \ - grupd.c pwupd.c fileupd.c psdate.c \ - bitmap.c cpdir.c rm_r.c + grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c WARNS?= 3 diff --git a/pw/fileupd.c b/pw/fileupd.c deleted file mode 100644 index dc32712..0000000 --- a/pw/fileupd.c +++ /dev/null @@ -1,47 +0,0 @@ -/*- - * Copyright (C) 1996 - * David L. Nugent. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -static const char rcsid[] = - "$FreeBSD$"; -#endif /* not lint */ - -#include - -#include "pwupd.h" - -int -extendarray(char ***buf, int * buflen, int needed) -{ - if (needed > *buflen) { - char **tmp = realloc(*buf, needed * sizeof(char *)); - if (tmp == NULL) - return -1; - *buf = tmp; - *buflen = needed; - } - return *buflen; -} diff --git a/pw/pw_conf.c b/pw/pw_conf.c index 24c0650..33bb6b3 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -104,8 +104,7 @@ static struct userconf config = 1000, 32000, /* Allowed range of uids */ 1000, 32000, /* Allowed range of gids */ 0, /* Days until account expires */ - 0, /* Days until password expires */ - 0 /* size of default_group array */ + 0 /* Days until password expires */ }; static char const *comments[_UC_FIELDS] = @@ -234,10 +233,9 @@ read_userconfig(char const * file) buf = NULL; linecap = 0; - config.numgroups = 200; - config.groups = calloc(config.numgroups, sizeof(char *)); + config.groups = sl_init(); if (config.groups == NULL) - err(1, "calloc()"); + err(1, "sl_init()"); if (file == NULL) file = _PATH_PW_CONF; @@ -316,13 +314,8 @@ read_userconfig(char const * file) ? NULL : newstr(q); break; case _UC_EXTRAGROUPS: - for (i = 0; q != NULL; q = strtok(NULL, toks)) { - if (extendarray(&config.groups, &config.numgroups, i + 2) != -1) - config.groups[i++] = newstr(q); - } - if (i > 0) - while (i < config.numgroups) - config.groups[i++] = NULL; + for (i = 0; q != NULL; q = strtok(NULL, toks)) + sl_add(config.groups, newstr(q)); break; case _UC_DEFAULTCLASS: config.default_class = (q == NULL || !boolean_val(q, 1)) @@ -442,10 +435,10 @@ write_userconfig(char const * file) config.default_group : ""); break; case _UC_EXTRAGROUPS: - for (j = 0; j < config.numgroups && - config.groups[j] != NULL; j++) + for (j = 0; config.groups != NULL && + j < (int)config.groups->sl_cur; j++) sbuf_printf(buf, "%s\"%s\"", j ? - "," : "", config.groups[j]); + "," : "", config.groups->sl_str[j]); quote = 0; break; case _UC_DEFAULTCLASS: diff --git a/pw/pw_user.c b/pw/pw_user.c index 6aa0c47..f1dae74 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -440,18 +440,13 @@ pw_user(int mode, char *name, long id, struct cargs * args) cnf->default_class = pw_checkname(arg->val, 0); if ((arg = getarg(args, 'G')) != NULL && arg->val) { - int i = 0; - for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { if ((grp = GETGRNAM(p)) == NULL) { if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) errx(EX_NOUSER, "group `%s' does not exist", p); } - if (extendarray(&cnf->groups, &cnf->numgroups, i + 2) != -1) - cnf->groups[i++] = newstr(grp->gr_name); + sl_add(cnf->groups, newstr(grp->gr_name)); } - while (i < cnf->numgroups) - cnf->groups[i++] = NULL; } if ((arg = getarg(args, 'k')) != NULL) { @@ -690,7 +685,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (mode == M_ADD || getarg(args, 'G') != NULL) { - int i, j; + int j; + size_t i; /* First remove the user from all group */ SETGRENT(); while ((grp = GETGRENT()) != NULL) { @@ -709,8 +705,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) ENDGRENT(); /* now add to group where needed */ - for (i = 0; cnf->groups[i] != NULL; i++) { - grp = GETGRNAM(cnf->groups[i]); + for (i = 0; i < cnf->groups->sl_cur; i++) { + grp = GETGRNAM(cnf->groups->sl_str[i]); grp = gr_add(grp, pwd->pw_name); /* * grp can only be NULL in 2 cases: @@ -720,7 +716,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (grp == NULL) continue; - chggrent(cnf->groups[i], grp); + chggrent(grp->gr_name, grp); free(grp); } } diff --git a/pw/pwupd.h b/pw/pwupd.h index 7a0cd2d..92e5548 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -36,6 +36,7 @@ #include #include #include +#include #if defined(__FreeBSD__) #define RET_SETGRENT int @@ -58,26 +59,25 @@ struct pwf { }; struct userconf { - int default_password; /* Default password for new users? */ - int reuse_uids; /* Reuse uids? */ - int reuse_gids; /* Reuse gids? */ - char *nispasswd; /* Path to NIS version of the passwd file */ - char *dotdir; /* Where to obtain skeleton files */ - char *newmail; /* Mail to send to new accounts */ - char *logfile; /* Where to log changes */ - char *home; /* Where to create home directory */ - mode_t homemode; /* Home directory permissions */ - char *shelldir; /* Where shells are located */ - char **shells; /* List of shells */ - char *shell_default; /* Default shell */ - char *default_group; /* Default group number */ - char **groups; /* Default (additional) groups */ - char *default_class; /* Default user class */ - uid_t min_uid, max_uid; /* Allowed range of uids */ - gid_t min_gid, max_gid; /* Allowed range of gids */ - int expire_days; /* Days to expiry */ - int password_days; /* Days to password expiry */ - int numgroups; /* (internal) size of default_group array */ + int default_password; /* Default password for new users? */ + int reuse_uids; /* Reuse uids? */ + int reuse_gids; /* Reuse gids? */ + char *nispasswd; /* Path to NIS version of the passwd file */ + char *dotdir; /* Where to obtain skeleton files */ + char *newmail; /* Mail to send to new accounts */ + char *logfile; /* Where to log changes */ + char *home; /* Where to create home directory */ + mode_t homemode; /* Home directory permissions */ + char *shelldir; /* Where shells are located */ + char **shells; /* List of shells */ + char *shell_default; /* Default shell */ + char *default_group; /* Default group number */ + StringList *groups; /* Default (additional) groups */ + char *default_class; /* Default user class */ + uid_t min_uid, max_uid; /* Allowed range of uids */ + gid_t min_gid, max_gid; /* Allowed range of gids */ + int expire_days; /* Days to expiry */ + int password_days; /* Days to password expiry */ }; struct pwconf { @@ -158,7 +158,6 @@ void vendgrent(void); void copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid); void rm_r(char const * dir, uid_t uid); -int extendarray(char ***buf, int *buflen, int needed); __END_DECLS #endif /* !_PWUPD_H */ -- cgit v1.2.3-56-ge451 From a715bff28feb804ba62f2da0e310734d377e6f78 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 23:17:13 +0000 Subject: Remove now unused variable --- pw/pw_group.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index 156ab3d..b0db3cf 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -162,7 +162,6 @@ pw_group(int mode, char *name, long id, struct cargs * args) int rc; struct carg *arg; struct group *grp = NULL; - char **members = NULL; struct userconf *cnf = conf.userconf; static struct group fakegroup = @@ -286,8 +285,6 @@ pw_group(int mode, char *name, long id, struct cargs * args) pw_log(cnf, mode, W_GROUP, "%s(%u)", grp->gr_name, grp->gr_gid); - free(members); - return EXIT_SUCCESS; } -- cgit v1.2.3-56-ge451 From 53d815d2b67ba1daf3d088e6049c75e9134228d2 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 23:56:55 +0000 Subject: Fix regression: ensure when try to create the group and the user with the same id if possible and nothing in particular was specified --- pw/pw_user.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index f1dae74..315af39 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -875,7 +875,7 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) gid = grp->gr_gid; /* Already created? Use it anyway... */ } else { struct cargs grpargs; - char tmp[32]; + gid_t grid = -1; LIST_INIT(&grpargs); @@ -888,23 +888,15 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) * user's name dups an existing group, then the group add * function will happily handle that case for us and exit. */ - if (GETGRGID(prefer) == NULL) { - snprintf(tmp, sizeof(tmp), "%u", prefer); - addarg(&grpargs, 'g', tmp); - } + if (GETGRGID(prefer) == NULL) + grid = prefer; if (conf.dryrun) { gid = pw_groupnext(cnf, true); } else { - pw_group(M_ADD, nam, -1, &grpargs); + pw_group(M_ADD, nam, grid, &grpargs); if ((grp = GETGRNAM(nam)) != NULL) gid = grp->gr_gid; } - a_gid = LIST_FIRST(&grpargs); - while (a_gid != NULL) { - struct carg *t = LIST_NEXT(a_gid, list); - LIST_REMOVE(a_gid, list); - a_gid = t; - } } ENDGRENT(); return gid; -- cgit v1.2.3-56-ge451 From 5c8793faf0c3ceee6ca534d0f69b417a3759f7af Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 12 Jul 2015 00:02:43 +0000 Subject: Make getarg return NULL if args is NULL --- pw/pw.c | 7 ++++++- pw/pw_user.c | 5 +---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 3d4fcf2..532d77b 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -582,7 +582,12 @@ cmdhelp(int mode, int which) struct carg * getarg(struct cargs * _args, int ch) { - struct carg *c = LIST_FIRST(_args); + struct carg *c; + + if (_args == NULL) + return (NULL); + + c = LIST_FIRST(_args); while (c != NULL && c->ch != ch) c = LIST_NEXT(c, list); diff --git a/pw/pw_user.c b/pw/pw_user.c index 315af39..16b2ac8 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -874,11 +874,8 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { gid = grp->gr_gid; /* Already created? Use it anyway... */ } else { - struct cargs grpargs; gid_t grid = -1; - LIST_INIT(&grpargs); - /* * We need to auto-create a group with the user's name. We * can send all the appropriate output to our sister routine @@ -893,7 +890,7 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) if (conf.dryrun) { gid = pw_groupnext(cnf, true); } else { - pw_group(M_ADD, nam, grid, &grpargs); + pw_group(M_ADD, nam, grid, NULL); if ((grp = GETGRNAM(nam)) != NULL) gid = grp->gr_gid; } -- cgit v1.2.3-56-ge451 From f6975773c5ebf939f9e3f22b2b600d2c821604bc Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 12 Jul 2015 20:29:51 +0000 Subject: Rework the home directory creation and copy or the skel content to use *at functions This allows to simplify the code a bit for -R by not having to keep modifying path and also prepare the code to improve support -R in userdel While here, add regression tests for the functionality --- pw/cpdir.c | 152 +++++++++++++++++++++++++++++------------------------------ pw/pw.c | 4 ++ pw/pw_user.c | 17 ++++--- pw/pwupd.h | 4 +- 4 files changed, 90 insertions(+), 87 deletions(-) diff --git a/pw/cpdir.c b/pw/cpdir.c index 0fd671b..e84d0f3 100644 --- a/pw/cpdir.c +++ b/pw/cpdir.c @@ -45,87 +45,85 @@ static const char rcsid[] = #include "pwupd.h" void -copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid) +copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid, + gid_t gid, int flags) { - char src[MAXPATHLEN]; - char dst[MAXPATHLEN]; - char lnk[MAXPATHLEN]; - int len; + char *p, lnk[MAXPATHLEN], copybuf[4096]; + int len, homefd, srcfd, destfd; + ssize_t sz; + struct stat st; + struct dirent *e; + DIR *d; - if (mkdir(dir, mode) != 0 && errno != EEXIST) { + if (*dir == '/') + dir++; + + if (mkdirat(rootfd, dir, mode) != 0 && errno != EEXIST) { warn("mkdir(%s)", dir); - } else { - int infd, outfd; - struct stat st; - - static char counter = 0; - static char *copybuf = NULL; - - ++counter; - chown(dir, uid, gid); - if (skel != NULL && *skel != '\0') { - DIR *d = opendir(skel); - - if (d != NULL) { - struct dirent *e; - - while ((e = readdir(d)) != NULL) { - char *p = e->d_name; - - if (snprintf(src, sizeof(src), "%s/%s", skel, p) >= (int)sizeof(src)) - warn("warning: pathname too long '%s/%s' (skel not copied)", skel, p); - else if (lstat(src, &st) == 0) { - if (strncmp(p, "dot.", 4) == 0) /* Conversion */ - p += 3; - if (snprintf(dst, sizeof(dst), "%s/%s", dir, p) >= (int)sizeof(dst)) - warn("warning: path too long '%s/%s' (skel file skipped)", dir, p); - else { - if (S_ISDIR(st.st_mode)) { /* Recurse for this */ - if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0) - copymkdir(dst, src, st.st_mode & _DEF_DIRMODE, uid, gid); - chflags(dst, st.st_flags); /* propagate flags */ - } else if (S_ISLNK(st.st_mode) && (len = readlink(src, lnk, sizeof(lnk) - 1)) != -1) { - lnk[len] = '\0'; - symlink(lnk, dst); - lchown(dst, uid, gid); - /* - * Note: don't propagate special attributes - * but do propagate file flags - */ - } else if (S_ISREG(st.st_mode) && (outfd = open(dst, O_RDWR | O_CREAT | O_EXCL, st.st_mode)) != -1) { - if ((infd = open(src, O_RDONLY)) == -1) { - close(outfd); - remove(dst); - } else { - int b; - - /* - * Allocate our copy buffer if we need to - */ - if (copybuf == NULL) - copybuf = malloc(4096); - while ((b = read(infd, copybuf, 4096)) > 0) - write(outfd, copybuf, b); - close(infd); - /* - * Propagate special filesystem flags - */ - fchown(outfd, uid, gid); - fchflags(outfd, st.st_flags); - close(outfd); - chown(dst, uid, gid); - } - } - } - } - } - closedir(d); - } + return; + } + fchownat(rootfd, dir, uid, gid, AT_SYMLINK_NOFOLLOW); + if (flags > 0) + chflagsat(rootfd, dir, flags, AT_SYMLINK_NOFOLLOW); + + if (skelfd == -1) + return; + + homefd = openat(rootfd, dir, O_DIRECTORY); + if ((d = fdopendir(skelfd)) == NULL) { + close(skelfd); + close(homefd); + return; + } + + while ((e = readdir(d)) != NULL) { + if (strcmp(e->d_name, ".") == 0 || strcmp(e->d_name, "..") == 0) + continue; + + p = e->d_name; + if (fstatat(skelfd, p, &st, AT_SYMLINK_NOFOLLOW) == -1) + continue; + + if (strncmp(p, "dot.", 4) == 0) /* Conversion */ + p += 3; + + if (S_ISDIR(st.st_mode)) { + copymkdir(homefd, p, openat(skelfd, e->d_name, O_DIRECTORY), + st.st_mode & _DEF_DIRMODE, uid, gid, st.st_flags); + continue; + } + + if (S_ISLNK(st.st_mode) && + (len = readlinkat(skelfd, e->d_name, lnk, sizeof(lnk) -1)) + != -1) { + lnk[len] = '\0'; + symlinkat(lnk, homefd, p); + fchownat(homefd, p, uid, gid, AT_SYMLINK_NOFOLLOW); + continue; } - if (--counter == 0 && copybuf != NULL) { - free(copybuf); - copybuf = NULL; + + if (!S_ISREG(st.st_mode)) + continue; + + if ((srcfd = openat(skelfd, e->d_name, O_RDONLY)) == -1) + continue; + destfd = openat(homefd, p, O_RDWR | O_CREAT | O_EXCL, + st.st_mode); + if (destfd == -1) { + close(srcfd); + continue; } + + while ((sz = read(srcfd, copybuf, sizeof(copybuf))) > 0) + write(destfd, copybuf, sz); + + close(srcfd); + /* + * Propagate special filesystem flags + */ + fchown(destfd, uid, gid); + fchflags(destfd, st.st_flags); + close(destfd); } + closedir(d); } - diff --git a/pw/pw.c b/pw/pw.c index 532d77b..d81cfb0 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -136,6 +136,7 @@ main(int argc, char *argv[]) name = NULL; relocated = nis = false; memset(&conf, 0, sizeof(conf)); + strlcpy(conf.rootdir, "/", sizeof(conf.rootdir)); strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath)); conf.fd = -1; @@ -215,6 +216,9 @@ main(int argc, char *argv[]) if (mode == -1 || which == -1) cmdhelp(mode, which); + conf.rootfd = open(conf.rootdir, O_DIRECTORY|O_CLOEXEC); + if (conf.rootfd == -1) + errx(EXIT_FAILURE, "Unable to open '%s'", conf.rootdir); conf.which = which; /* * We know which mode we're in and what we're about to do, so now diff --git a/pw/pw_user.c b/pw/pw_user.c index 16b2ac8..afc163f 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -67,20 +67,19 @@ static void rmopie(char const * name); static void create_and_populate_homedir(struct passwd *pwd) { - char *homedir, *dotdir; struct userconf *cnf = conf.userconf; + const char *skeldir; + int skelfd = -1; - homedir = dotdir = NULL; + skeldir = cnf->dotdir; - if (conf.rootdir[0] != '\0') { - asprintf(&homedir, "%s/%s", conf.rootdir, pwd->pw_dir); - if (homedir == NULL) - errx(EX_OSERR, "out of memory"); - asprintf(&dotdir, "%s/%s", conf.rootdir, cnf->dotdir); + if (skeldir != NULL && *skeldir != '\0') { + skelfd = openat(conf.rootfd, cnf->dotdir, + O_DIRECTORY|O_CLOEXEC); } - copymkdir(homedir ? homedir : pwd->pw_dir, dotdir ? dotdir: cnf->dotdir, - cnf->homemode, pwd->pw_uid, pwd->pw_gid); + copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, + pwd->pw_gid, 0); pw_log(cnf, M_ADD, W_USER, "%s(%u) home %s made", pwd->pw_name, pwd->pw_uid, pwd->pw_dir); } diff --git a/pw/pwupd.h b/pw/pwupd.h index 92e5548..f08d2c7 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -87,6 +87,7 @@ struct pwconf { char *config; char *gecos; int fd; + int rootfd; int which; bool quiet; bool force; @@ -156,7 +157,8 @@ struct group * vgetgrnam(const char * nam); RET_SETGRENT vsetgrent(void); void vendgrent(void); -void copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid); +void copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid, + gid_t gid, int flags); void rm_r(char const * dir, uid_t uid); __END_DECLS -- cgit v1.2.3-56-ge451 From d6d7189c26aa1c3f1bb8ac622e5daf43b8485c30 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 12 Jul 2015 21:43:57 +0000 Subject: pw -R userdel can now cleanup installation Rewrite rm_r to use *at function, allowing to remove home directories along with users. only crontabs and at(1) installation are not removed Relnotes: yes --- pw/pw_user.c | 106 ++++++++++++++++++++++++++++------------------------------- pw/pwupd.h | 2 +- pw/rm_r.c | 52 ++++++++++++++--------------- 3 files changed, 76 insertions(+), 84 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index afc163f..fd2c80a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -746,12 +746,12 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (mode == M_ADD) { if (PWALTDIR() != PWF_ALT) { - arg = getarg(args, 'R'); - snprintf(path, sizeof(path), "%s%s/%s", - arg ? arg->val : "", _PATH_MAILDIR, pwd->pw_name); - close(open(path, O_RDWR | O_CREAT, 0600)); /* Preserve contents & - * mtime */ - chown(path, pwd->pw_uid, pwd->pw_gid); + snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, + pwd->pw_name); + close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, + 0600)); /* Preserve contents & mtime */ + fchownat(conf.rootfd, path + 1, pwd->pw_uid, + pwd->pw_gid, AT_SYMLINK_NOFOLLOW); } } @@ -1087,16 +1087,13 @@ pw_userdel(char *name, long id) if (strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "cannot remove user 'root'"); - if (!PWALTDIR()) { - /* - * Remove opie record from /etc/opiekeys - */ + /* Remove opie record from /etc/opiekeys */ + if (PWALTDIR() != PWF_ALT) rmopie(pwd->pw_name); - /* - * Remove crontabs - */ + if (!PWALTDIR()) { + /* Remove crontabs */ snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); if (access(file, F_OK) == 0) { snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); @@ -1158,28 +1155,23 @@ pw_userdel(char *name, long id) pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) account removed", name, uid); - if (!PWALTDIR()) { - /* - * Remove mail file - */ - remove(file); - - /* - * Remove at jobs - */ - if (getpwuid(uid) == NULL) - rmat(uid); - - /* - * Remove home directory and contents - */ - if (conf.deletehome && *home == '/' && getpwuid(uid) == NULL && - stat(home, &st) != -1) { - rm_r(home, uid); - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %sremoved", - name, uid, home, - stat(home, &st) == -1 ? "" : "not completely "); - } + /* Remove mail file */ + if (PWALTDIR() != PWF_ALT) + unlinkat(conf.rootfd, file + 1, 0); + + /* Remove at jobs */ + if (!PWALTDIR() && getpwuid(uid) == NULL) + rmat(uid); + + /* Remove home directory and contents */ + if (PWALTDIR() != PWF_ALT && conf.deletehome && *home == '/' && + getpwuid(uid) == NULL && + fstatat(conf.rootfd, home + 1, &st, 0) != -1) { + rm_r(conf.rootfd, home, uid); + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %s" + "removed", name, uid, home, + fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " + "completely "); } return (EXIT_SUCCESS); @@ -1353,27 +1345,29 @@ rmat(uid_t uid) static void rmopie(char const * name) { - static const char etcopie[] = "/etc/opiekeys"; - FILE *fp = fopen(etcopie, "r+"); - - if (fp != NULL) { - char tmp[1024]; - off_t atofs = 0; - int length = strlen(name); - - while (fgets(tmp, sizeof tmp, fp) != NULL) { - if (strncmp(name, tmp, length) == 0 && tmp[length]==' ') { - if (fseek(fp, atofs, SEEK_SET) == 0) { - fwrite("#", 1, 1, fp); /* Comment username out */ - } - break; - } - atofs = ftell(fp); + char tmp[1014]; + FILE *fp; + int fd; + size_t len; + off_t atofs = 0; + + if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1) + return; + + fp = fdopen(fd, "r+"); + len = strlen(name); + + while (fgets(tmp, sizeof(tmp), fp) != NULL) { + if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') { + /* Comment username out */ + if (fseek(fp, atofs, SEEK_SET) == 0) + fwrite("#", 1, 1, fp); + break; } - /* - * If we got an error of any sort, don't update! - */ - fclose(fp); + atofs = ftell(fp); } + /* + * If we got an error of any sort, don't update! + */ + fclose(fp); } - diff --git a/pw/pwupd.h b/pw/pwupd.h index f08d2c7..054c5a5 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -159,7 +159,7 @@ void vendgrent(void); void copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid, gid_t gid, int flags); -void rm_r(char const * dir, uid_t uid); +void rm_r(int rootfd, char const * dir, uid_t uid); __END_DECLS #endif /* !_PWUPD_H */ diff --git a/pw/rm_r.c b/pw/rm_r.c index 797ca9d..65a63e6 100644 --- a/pw/rm_r.c +++ b/pw/rm_r.c @@ -37,39 +37,37 @@ static const char rcsid[] = #include #include #include +#include #include "pwupd.h" void -rm_r(char const * dir, uid_t uid) +rm_r(int rootfd, const char *path, uid_t uid) { - DIR *d = opendir(dir); + int dirfd; + DIR *d; + struct dirent *e; + struct stat st; - if (d != NULL) { - struct dirent *e; - struct stat st; - char file[MAXPATHLEN]; + if (*path == '/') + path++; - while ((e = readdir(d)) != NULL) { - if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0) { - snprintf(file, sizeof(file), "%s/%s", dir, e->d_name); - if (lstat(file, &st) == 0) { /* Need symlinks, not - * linked file */ - if (S_ISDIR(st.st_mode)) /* Directory - recurse */ - rm_r(file, uid); - else { - if (S_ISLNK(st.st_mode) || st.st_uid == uid) - remove(file); - } - } - } - } - closedir(d); - if (lstat(dir, &st) == 0) { - if (S_ISLNK(st.st_mode)) - remove(dir); - else if (st.st_uid == uid) - rmdir(dir); - } + dirfd = openat(rootfd, path, O_DIRECTORY); + + d = fdopendir(dirfd); + while ((e = readdir(d)) != NULL) { + if (strcmp(e->d_name, ".") == 0 || strcmp(e->d_name, "..") == 0) + continue; + + if (fstatat(dirfd, e->d_name, &st, AT_SYMLINK_NOFOLLOW) != 0) + continue; + if (S_ISDIR(st.st_mode)) + rm_r(dirfd, e->d_name, uid); + else if (S_ISLNK(st.st_mode) || st.st_uid == uid) + unlinkat(dirfd, e->d_name, 0); } + closedir(d); + if (fstatat(rootfd, path, &st, AT_SYMLINK_NOFOLLOW) != 0) + return; + unlinkat(rootfd, path, S_ISDIR(st.st_mode) ? AT_REMOVEDIR : 0); } -- cgit v1.2.3-56-ge451 From 2d773bd7573e856c732b3fc1b827b288ea3beebf Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 12 Jul 2015 22:08:58 +0000 Subject: Ensure skeldir is abolute path (relatively to the rootdir) --- pw/pw_user.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index fd2c80a..8ba2807 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -74,8 +74,9 @@ create_and_populate_homedir(struct passwd *pwd) skeldir = cnf->dotdir; if (skeldir != NULL && *skeldir != '\0') { - skelfd = openat(conf.rootfd, cnf->dotdir, - O_DIRECTORY|O_CLOEXEC); + if (*skeldir == '/') + skeldir++; + skelfd = openat(conf.rootfd, skeldir, O_DIRECTORY|O_CLOEXEC); } copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, @@ -449,8 +450,13 @@ pw_user(int mode, char *name, long id, struct cargs * args) } if ((arg = getarg(args, 'k')) != NULL) { - if (stat(cnf->dotdir = arg->val, &st) == -1 || !S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "skeleton `%s' is not a directory or does not exist", cnf->dotdir); + char *tmp = cnf->dotdir = arg->val; + if (*tmp == '/') + tmp++; + if ((fstatat(conf.rootfd, tmp, &st, 0) == -1) || + !S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "skeleton `%s' is not a directory or " + "does not exist", cnf->dotdir); } if ((arg = getarg(args, 's')) != NULL) -- cgit v1.2.3-56-ge451 From 1e6401def38868bd9621db64c744d1788b51170d Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 13 Jul 2015 09:07:38 +0000 Subject: Fix logic of check duplicates that has been inverted --- pw/pw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pw/pw.c b/pw/pw.c index d81cfb0..c5427b4 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -139,6 +139,7 @@ main(int argc, char *argv[]) strlcpy(conf.rootdir, "/", sizeof(conf.rootdir)); strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath)); conf.fd = -1; + conf.checkduplicate = false; LIST_INIT(&arglist); @@ -325,7 +326,7 @@ main(int argc, char *argv[]) "descriptor or '-'"); break; case 'o': - conf.checkduplicate = true; + conf.checkduplicate = false; break; case 'q': conf.quiet = true; -- cgit v1.2.3-56-ge451 From 0318aba2a76b3131e3b36d0171ae00f776765bd9 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 13 Jul 2015 09:08:27 +0000 Subject: Regression fix: allow to create users with uid0 Reported by: Jan Mikkelsen --- pw/pw_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 8ba2807..d6dad3f 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -804,7 +804,7 @@ pw_uidpolicy(struct userconf * cnf, long id) /* * Check the given uid, if any */ - if (id > 0) { + if (id >= 0) { uid = (uid_t) id; if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) -- cgit v1.2.3-56-ge451 From a8e235f6926f727fd30a1fc881bda8f39c16ac1b Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 13 Jul 2015 09:12:05 +0000 Subject: Really fix -o --- pw/pw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw.c b/pw/pw.c index c5427b4..5ad2511 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -139,7 +139,7 @@ main(int argc, char *argv[]) strlcpy(conf.rootdir, "/", sizeof(conf.rootdir)); strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath)); conf.fd = -1; - conf.checkduplicate = false; + conf.checkduplicate = true; LIST_INIT(&arglist); -- cgit v1.2.3-56-ge451 From d2d684f5597f30a1cc8efa767281ed1c7c9eff45 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 28 Jul 2015 12:20:57 +0000 Subject: when -n is passed to any pw subcommand it is always expected to be considered as a name so do not try to convert it to an id if it is a numeric value PR: 31933 Reported by: ted@impulse.net Sponsored by: gandi.net --- pw/pw.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 5ad2511..3db427a 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -287,14 +287,7 @@ main(int argc, char *argv[]) errstr); break; case 'n': - if (strspn(optarg, "0123456789") != strlen(optarg)) { - name = optarg; - break; - } - id = strtonum(optarg, 0, LONG_MAX, &errstr); - if (errstr != NULL) - errx(EX_USAGE, "Bad id '%s': %s", optarg, - errstr); + name = optarg; break; case 'H': if (conf.fd != -1) -- cgit v1.2.3-56-ge451 From 43b633f69fb3ebcb515312aae6a8df74e26097d9 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 28 Jul 2015 20:52:10 +0000 Subject: Fix wrong warning printed after changing or updating NIS users PR: 37672 Submitted by: chris+freebsd@chrullrich.de --- pw/pw_user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index d6dad3f..aecc90a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -206,7 +206,7 @@ perform_chgpwent(const char *name, struct passwd *pwd) rc = chgnispwent(conf.userconf->nispasswd, name, pwd); if (rc == -1) warn("User '%s' not found in NIS passwd", pwd->pw_name); - else + else if (rc != 0) warn("NIS passwd update"); /* NOTE: NIS-only update errors are not fatal */ } @@ -678,7 +678,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) rc = addnispwent(cnf->nispasswd, pwd); if (rc == -1) warnx("User '%s' already exists in NIS passwd", pwd->pw_name); - else + else if (rc != 0) warn("NIS passwd update"); /* NOTE: we treat NIS-only update errors as non-fatal */ } -- cgit v1.2.3-56-ge451 From 7fe27302ca1b955d97360f508b462470b593b0db Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 28 Jul 2015 21:10:58 +0000 Subject: Check uid/gid used when creating a user/group are not larger than UID_MAX/GID_MAX PR: 173977 Reported by: nvass@gmx.com --- pw/pw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 3db427a..c1d9cd3 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -269,7 +269,7 @@ main(int argc, char *argv[]) } if (strspn(optarg, "0123456789") != strlen(optarg)) errx(EX_USAGE, "-g expects a number"); - id = strtonum(optarg, 0, LONG_MAX, &errstr); + id = strtonum(optarg, 0, GID_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); @@ -281,7 +281,7 @@ main(int argc, char *argv[]) addarg(&arglist, 'u', optarg); break; } - id = strtonum(optarg, 0, LONG_MAX, &errstr); + id = strtonum(optarg, 0, UID_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); -- cgit v1.2.3-56-ge451 From 8b5f16fbd8d18aa47074a93c215947b3401257e7 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 28 Jul 2015 21:49:38 +0000 Subject: Reject usermod and userdel if the user concerned is not on the user database supposed to be manipulated This prevent pw usermod creating a new local user when requesting to usermod on a username is defined in LDAP. This issue only happens when modifying the local user database (not inpacting commands when -V or -R are used). PR: 187653 Submitted by: tmwalaszek@gmail.com --- pw/pw_user.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/pw/pw_user.c b/pw/pw_user.c index aecc90a..cd9c23c 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -310,6 +310,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) FILE *fp; char *dmode_c; void *set = NULL; + int valid_type = _PWF_FILES; static struct passwd fakeuser = { @@ -505,6 +506,14 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_NOUSER, "no such user `%s'", name); } + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') + valid_type = _PWF_NIS; + + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) + errx(EX_NOUSER, "no such %s user `%s'", + valid_type == _PWF_FILES ? "local" : "NIS" , name); + if (name == NULL) name = pwd->pw_name; @@ -1076,6 +1085,7 @@ pw_userdel(char *name, long id) char grname[LOGNAMESIZE]; int rc; struct stat st; + int valid_type = _PWF_FILES; if (id < 0 && name == NULL) errx(EX_DATAERR, "username or id required"); @@ -1086,6 +1096,15 @@ pw_userdel(char *name, long id) errx(EX_NOUSER, "no such uid `%ld'", id); errx(EX_NOUSER, "no such user `%s'", name); } + + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') + valid_type = _PWF_NIS; + + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) + errx(EX_NOUSER, "no such %s user `%s'", + valid_type == _PWF_FILES ? "local" : "NIS" , name); + uid = pwd->pw_uid; if (name == NULL) name = pwd->pw_name; -- cgit v1.2.3-56-ge451 From 00e5987be5ae3b7c108866ac1dba4403cc4306d5 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Wed, 29 Jul 2015 06:22:41 +0000 Subject: Create a strtounum function using the same API as strtonum This function returns uintmax_t Use this function to convert to gid_t/uid_t --- pw/Makefile | 2 +- pw/pw.c | 6 +++--- pw/pw.h | 4 ++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/pw/Makefile b/pw/Makefile index c265399..87bb5f6 100644 --- a/pw/Makefile +++ b/pw/Makefile @@ -3,7 +3,7 @@ PROG= pw MAN= pw.conf.5 pw.8 SRCS= pw.c pw_conf.c pw_user.c pw_group.c pw_log.c pw_nis.c pw_vpw.c \ - grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c + grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c strtounum.c WARNS?= 3 diff --git a/pw/pw.c b/pw/pw.c index c1d9cd3..88c83db 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -199,7 +199,7 @@ main(int argc, char *argv[]) cmdhelp(mode, which); else if (which != -1 && mode != -1) { if (strspn(argv[1], "0123456789") == strlen(argv[1])) { - id = strtonum(argv[1], 0, LONG_MAX, &errstr); + id = strtounum(argv[1], 0, UID_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", argv[1], errstr); @@ -269,7 +269,7 @@ main(int argc, char *argv[]) } if (strspn(optarg, "0123456789") != strlen(optarg)) errx(EX_USAGE, "-g expects a number"); - id = strtonum(optarg, 0, GID_MAX, &errstr); + id = strtounum(optarg, 0, GID_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); @@ -281,7 +281,7 @@ main(int argc, char *argv[]) addarg(&arglist, 'u', optarg); break; } - id = strtonum(optarg, 0, UID_MAX, &errstr); + id = strtounum(optarg, 0, UID_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); diff --git a/pw/pw.h b/pw/pw.h index ed3b715..3ab3c74 100644 --- a/pw/pw.h +++ b/pw/pw.h @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -101,3 +102,6 @@ char *pw_pwcrypt(char *password); extern const char *Modes[]; extern const char *Which[]; + +uintmax_t strtounum(const char *numstr, uintmax_t minval, uintmax_t maxval, + const char **errmsg); -- cgit v1.2.3-56-ge451 From aeb10dd06c2ccd5644afbdc9b5ba9a065d427bd1 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Wed, 29 Jul 2015 06:23:06 +0000 Subject: Actually add the new code --- pw/strtounum.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 pw/strtounum.c diff --git a/pw/strtounum.c b/pw/strtounum.c new file mode 100644 index 0000000..9687795 --- /dev/null +++ b/pw/strtounum.c @@ -0,0 +1,73 @@ +/*- + * Copyright (C) Baptiste Daroussin + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include + +#include "pw.h" + +#define INVALID "invalid" +#define TOOSMALL "too small" +#define TOOLARGE "too large" + +uintmax_t +strtounum(const char *numstr, uintmax_t minval, uintmax_t maxval, + const char **errstrp) +{ + uintmax_t ret = 0; + char *ep; + + if (minval > maxval) { + errno = EINVAL; + if (errstrp != NULL) + *errstrp = INVALID; + return (0); + } + + ret = strtoumax(numstr, &ep, 10); + if (errno == EINVAL || numstr == ep || *ep != '\0') { + errno = EINVAL; + if (errstrp != NULL) + *errstrp = INVALID; + return (0); + } else if ((ret == 0 && errno == ERANGE) || ret < minval) { + errno = ERANGE; + if (errstrp != NULL) + *errstrp = TOOSMALL; + return (0); + } else if ((ret == UINTMAX_MAX && errno == ERANGE) || ret > maxval) { + errno = ERANGE; + if (errstrp != NULL) + *errstrp = TOOLARGE; + return (0); + } + + return (ret); +} -- cgit v1.2.3-56-ge451 From f787555bf762838367d02c9254ea022edb11cb94 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Wed, 29 Jul 2015 22:51:54 +0000 Subject: Actually set the proper license Reported by: trasz --- pw/strtounum.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/pw/strtounum.c b/pw/strtounum.c index 9687795..b394486 100644 --- a/pw/strtounum.c +++ b/pw/strtounum.c @@ -1,26 +1,27 @@ /*- * Copyright (C) Baptiste Daroussin + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include -- cgit v1.2.3-56-ge451 From def310326d4348f6b6e91e3f4323245d3e9f0ae9 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Wed, 29 Jul 2015 23:26:14 +0000 Subject: Cleanup includes --- pw/rm_r.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pw/rm_r.c b/pw/rm_r.c index 65a63e6..172c7b0 100644 --- a/pw/rm_r.c +++ b/pw/rm_r.c @@ -29,15 +29,12 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ -#include -#include -#include -#include #include -#include -#include + #include #include +#include +#include #include "pwupd.h" -- cgit v1.2.3-56-ge451 From 118a862383488360f366603cc32994fd65718474 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Thu, 30 Jul 2015 06:14:47 +0000 Subject: Improve strtounum Fix many style bugs Better variable naming Use C99 'restrict' were apropriate Fix potential errno race Submitted by: bde --- pw/pw.h | 4 ++-- pw/strtounum.c | 41 +++++++++++++++++++---------------------- 2 files changed, 21 insertions(+), 24 deletions(-) diff --git a/pw/pw.h b/pw/pw.h index 3ab3c74..a22572e 100644 --- a/pw/pw.h +++ b/pw/pw.h @@ -103,5 +103,5 @@ char *pw_pwcrypt(char *password); extern const char *Modes[]; extern const char *Which[]; -uintmax_t strtounum(const char *numstr, uintmax_t minval, uintmax_t maxval, - const char **errmsg); +uintmax_t strtounum(const char * __restrict, uintmax_t, uintmax_t, + const char ** __restrict); diff --git a/pw/strtounum.c b/pw/strtounum.c index b394486..8d83470 100644 --- a/pw/strtounum.c +++ b/pw/strtounum.c @@ -34,41 +34,38 @@ __FBSDID("$FreeBSD$"); #include "pw.h" -#define INVALID "invalid" -#define TOOSMALL "too small" -#define TOOLARGE "too large" - uintmax_t -strtounum(const char *numstr, uintmax_t minval, uintmax_t maxval, - const char **errstrp) +strtounum(const char * __restrict np, uintmax_t minval, uintmax_t maxval, + const char ** __restrict errpp) { - uintmax_t ret = 0; - char *ep; + char *endp; + uintmax_t ret; if (minval > maxval) { errno = EINVAL; - if (errstrp != NULL) - *errstrp = INVALID; + if (errpp != NULL) + *errpp = "invalid"; return (0); } - - ret = strtoumax(numstr, &ep, 10); - if (errno == EINVAL || numstr == ep || *ep != '\0') { + errno = 0; + ret = strtoumax(np, &endp, 10); + if (endp == np || *endp != '\0') { errno = EINVAL; - if (errstrp != NULL) - *errstrp = INVALID; + if (errpp != NULL) + *errpp = "invalid"; return (0); - } else if ((ret == 0 && errno == ERANGE) || ret < minval) { + } + if (ret < minval) { errno = ERANGE; - if (errstrp != NULL) - *errstrp = TOOSMALL; + if (errpp != NULL) + *errpp = "too small"; return (0); - } else if ((ret == UINTMAX_MAX && errno == ERANGE) || ret > maxval) { + } + if (errno == ERANGE || ret > maxval) { errno = ERANGE; - if (errstrp != NULL) - *errstrp = TOOLARGE; + if (errpp != NULL) + *errpp = "too large"; return (0); } - return (ret); } -- cgit v1.2.3-56-ge451 From 2d1b974f3a71544c2aa9e4e648a3acad80ed7aaa Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 09:55:47 +0000 Subject: Cast uid/git to uintmax_t when using printf-like functions so the size of uid/gid size remains a implementation detail --- pw/pw_conf.c | 9 +++++---- pw/pw_group.c | 7 ++++--- pw/pw_user.c | 34 ++++++++++++++++++---------------- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index 33bb6b3..d351a8f 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -31,6 +31,7 @@ static const char rcsid[] = #include #include +#include #include #include #include @@ -446,19 +447,19 @@ write_userconfig(char const * file) config.default_class : ""); break; case _UC_MINUID: - sbuf_printf(buf, "%u", config.min_uid); + sbuf_printf(buf, "%ju", (uintmax_t)config.min_uid); quote = 0; break; case _UC_MAXUID: - sbuf_printf(buf, "%u", config.max_uid); + sbuf_printf(buf, "%ju", (uintmax_t)config.max_uid); quote = 0; break; case _UC_MINGID: - sbuf_printf(buf, "%u", config.min_gid); + sbuf_printf(buf, "%ju", (uintmax_t)config.min_gid); quote = 0; break; case _UC_MAXGID: - sbuf_printf(buf, "%u", config.max_gid); + sbuf_printf(buf, "%ju", (uintmax_t)config.max_gid); quote = 0; break; case _UC_EXPIRE: diff --git a/pw/pw_group.c b/pw/pw_group.c index b0db3cf..3d5e70a 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -31,6 +31,7 @@ static const char rcsid[] = #include #include +#include #include #include #include @@ -97,7 +98,7 @@ pw_groupnext(struct userconf *cnf, bool quiet) if (quiet) return (next); - printf("%u\n", next); + printf("%ju\n", (uintmax_t)next); return (EXIT_SUCCESS); } @@ -283,7 +284,7 @@ pw_group(int mode, char *name, long id, struct cargs * args) if ((grp = GETGRNAM(name)) == NULL) errx(EX_SOFTWARE, "group disappeared during update"); - pw_log(cnf, mode, W_GROUP, "%s(%u)", grp->gr_name, grp->gr_gid); + pw_log(cnf, mode, W_GROUP, "%s(%ju)", grp->gr_name, (uintmax_t)grp->gr_gid); return EXIT_SUCCESS; } @@ -345,7 +346,7 @@ gr_gidpolicy(struct userconf * cnf, long id) gid = (gid_t) id; if ((grp = GETGRGID(gid)) != NULL && conf.checkduplicate) - errx(EX_DATAERR, "gid `%u' has already been allocated", grp->gr_gid); + errx(EX_DATAERR, "gid `%ju' has already been allocated", (uintmax_t)grp->gr_gid); } else { struct bitmap bm; diff --git a/pw/pw_user.c b/pw/pw_user.c index cd9c23c..eca8235 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -33,6 +33,7 @@ static const char rcsid[] = #include #include #include +#include #include #include #include @@ -81,8 +82,8 @@ create_and_populate_homedir(struct passwd *pwd) copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, pwd->pw_gid, 0); - pw_log(cnf, M_ADD, W_USER, "%s(%u) home %s made", pwd->pw_name, - pwd->pw_uid, pwd->pw_dir); + pw_log(cnf, M_ADD, W_USER, "%s(%ju) home %s made", pwd->pw_name, + (uintmax_t)pwd->pw_uid, pwd->pw_dir); } static int @@ -155,7 +156,7 @@ pw_usernext(struct userconf *cnf, bool quiet) if (quiet) return (next); - printf("%u:", next); + printf("%ju:", (uintmax_t)next); pw_groupnext(cnf, quiet); return (EXIT_SUCCESS); @@ -749,9 +750,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_NOUSER, "user '%s' disappeared during update", name); grp = GETGRGID(pwd->pw_gid); - pw_log(cnf, mode, W_USER, "%s(%u):%s(%u):%s:%s:%s", - pwd->pw_name, pwd->pw_uid, - grp ? grp->gr_name : "unknown", (grp ? grp->gr_gid : (uid_t)-1), + pw_log(cnf, mode, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", + pwd->pw_name, (uintmax_t)pwd->pw_uid, + grp ? grp->gr_name : "unknown", (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); /* @@ -794,8 +795,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) fputs(line, pfp); } pclose(pfp); - pw_log(cnf, mode, W_USER, "%s(%u) new user mail sent", - pwd->pw_name, pwd->pw_uid); + pw_log(cnf, mode, W_USER, "%s(%ju) new user mail sent", + pwd->pw_name, (uintmax_t)pwd->pw_uid); } fclose(fp); } @@ -817,7 +818,8 @@ pw_uidpolicy(struct userconf * cnf, long id) uid = (uid_t) id; if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) - errx(EX_DATAERR, "uid `%u' has already been allocated", pwd->pw_uid); + errx(EX_DATAERR, "uid `%ju' has already been allocated", + (uintmax_t)pwd->pw_uid); } else { struct bitmap bm; @@ -1177,8 +1179,8 @@ pw_userdel(char *name, long id) } ENDGRENT(); - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) account removed", name, - uid); + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%ju) account removed", name, + (uintmax_t)uid); /* Remove mail file */ if (PWALTDIR() != PWF_ALT) @@ -1193,8 +1195,8 @@ pw_userdel(char *name, long id) getpwuid(uid) == NULL && fstatat(conf.rootfd, home + 1, &st, 0) != -1) { rm_r(conf.rootfd, home, uid); - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %s" - "removed", name, uid, home, + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%ju) home '%s' %s" + "removed", name, (uintmax_t)uid, home, fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " "completely "); } @@ -1248,14 +1250,14 @@ print_user(struct passwd * pwd) strftime(acexpire, sizeof acexpire, "%c", tptr); if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL) strftime(pwexpire, sizeof pwexpire, "%c", tptr); - printf("Login Name: %-15s #%-12u Group: %-15s #%u\n" + printf("Login Name: %-15s #%-12ju Group: %-15s #%ju\n" " Full Name: %s\n" " Home: %-26.26s Class: %s\n" " Shell: %-26.26s Office: %s\n" "Work Phone: %-26.26s Home Phone: %s\n" "Acc Expire: %-26.26s Pwd Expire: %s\n", - pwd->pw_name, pwd->pw_uid, - grp ? grp->gr_name : "(invalid)", pwd->pw_gid, + pwd->pw_name, (uintmax_t)pwd->pw_uid, + grp ? grp->gr_name : "(invalid)", (uintmax_t)pwd->pw_gid, uname, pwd->pw_dir, pwd->pw_class, pwd->pw_shell, office, wphone, hphone, acexpire, pwexpire); -- cgit v1.2.3-56-ge451 From 8ce0155157b2698e849ebd4aede2567cbc9986ee Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 10:10:13 +0000 Subject: Validate the max_uid/max_gid boundaries and entry type in pw.conf --- pw/pw_conf.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index d351a8f..c6a86b7 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -230,6 +230,7 @@ read_userconfig(char const * file) char *buf, *p; size_t linecap; ssize_t linelen; + const char *errstr; buf = NULL; linecap = 0; @@ -323,20 +324,35 @@ read_userconfig(char const * file) ? NULL : newstr(q); break; case _UC_MINUID: - if ((q = unquote(q)) != NULL && isdigit(*q)) - config.min_uid = (uid_t) atol(q); + if ((q = unquote(q)) != NULL) { + errstr = NULL; + config.min_uid = strtounum(q, 0, UID_MAX, &errstr); + if (errstr) + warnx("Invalid min_uid: '%s', ignoring", q); + } break; case _UC_MAXUID: - if ((q = unquote(q)) != NULL && isdigit(*q)) - config.max_uid = (uid_t) atol(q); + if ((q = unquote(q)) != NULL) { + errstr = NULL; + config.max_uid = strtounum(q, 0, UID_MAX, &errstr); + if (errstr) + warnx("Invalid max_uid: '%s', ignoring", q); + } break; case _UC_MINGID: if ((q = unquote(q)) != NULL && isdigit(*q)) - config.min_gid = (gid_t) atol(q); + errstr = NULL; + config.min_gid = strtounum(q, 0, GID_MAX, &errstr); + if (errstr) + warnx("Invalid min_gid: '%s', ignoring", q); break; case _UC_MAXGID: - if ((q = unquote(q)) != NULL && isdigit(*q)) - config.max_gid = (gid_t) atol(q); + if ((q = unquote(q)) != NULL) { + errstr = NULL; + config.max_gid = strtounum(q, 0, GID_MAX, &errstr); + if (errstr) + warnx("Invalid max_gid: '%s', ignoring", q); + } break; case _UC_EXPIRE: if ((q = unquote(q)) != NULL && isdigit(*q)) -- cgit v1.2.3-56-ge451 From a25394718fcec2b1422b872e24e54ad5c7ae69af Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 10:25:55 +0000 Subject: Validate expiration days and password days from commmand line and pw.conf --- pw/pw.c | 10 ++++++++++ pw/pw_conf.c | 16 ++++++++++++---- pw/pw_user.c | 8 ++++---- pw/pwupd.h | 2 ++ 4 files changed, 28 insertions(+), 8 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index 88c83db..bca6715 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -262,6 +262,11 @@ main(int argc, char *argv[]) case 'c': conf.gecos = pw_checkname(optarg, 1); break; + case 'e': + conf.expire_days = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(EX_USAGE, "Invalid expired days: %s", optarg); + break; case 'g': if (which == 0) { /* for user* */ addarg(&arglist, 'g', optarg); @@ -321,6 +326,11 @@ main(int argc, char *argv[]) case 'o': conf.checkduplicate = false; break; + case 'p': + conf.password_days = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(EX_USAGE, "Invalid password days: %s", optarg); + break; case 'q': conf.quiet = true; break; diff --git a/pw/pw_conf.c b/pw/pw_conf.c index c6a86b7..c1b5b33 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -355,12 +355,20 @@ read_userconfig(char const * file) } break; case _UC_EXPIRE: - if ((q = unquote(q)) != NULL && isdigit(*q)) - config.expire_days = atoi(q); + if ((q = unquote(q)) != NULL) { + errstr = NULL; + config.expire_days = strtonum(q, 0, INT_MAX, &errstr); + if (errstr) + warnx("Invalid expire days: '%s', ignoring", q); + } break; case _UC_PASSWORD: - if ((q = unquote(q)) != NULL && isdigit(*q)) - config.password_days = atoi(q); + if ((q = unquote(q)) != NULL) { + errstr = NULL; + config.password_days = strtonum(q, 0, INT_MAX, &errstr); + if (errstr) + warnx("Invalid password days: '%s', ignoring", q); + } break; case _UC_FIELDS: case _UC_NONE: diff --git a/pw/pw_user.c b/pw/pw_user.c index eca8235..6e07f1f 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -418,14 +418,14 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_OSFILE, "root home `%s' is not a directory", cnf->home); } - if ((arg = getarg(args, 'e')) != NULL) - cnf->expire_days = atoi(arg->val); + if (conf.expire_days > 0) + cnf->expire_days = conf.expire_days; if ((arg = getarg(args, 'y')) != NULL) cnf->nispasswd = arg->val; - if ((arg = getarg(args, 'p')) != NULL && arg->val) - cnf->password_days = atoi(arg->val); + if (conf.password_days > 0) + cnf->password_days = conf.password_days; if ((arg = getarg(args, 'g')) != NULL) { if (!*(p = arg->val)) /* Handle empty group list specially */ diff --git a/pw/pwupd.h b/pw/pwupd.h index 054c5a5..9685bea 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -86,6 +86,8 @@ struct pwconf { char *newname; char *config; char *gecos; + int expire_days; + int password_days; int fd; int rootfd; int which; -- cgit v1.2.3-56-ge451 From e672bd2533afdd7c7b9be669d3b7bd60f71a84c6 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 11:31:59 +0000 Subject: Fix formatting of new code Fix sorting or errstr Remove useless initialisation or errstr Reported by: bde --- pw/pw_conf.c | 46 ++++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index c1b5b33..10ded5c 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -228,9 +228,9 @@ read_userconfig(char const * file) { FILE *fp; char *buf, *p; + const char *errstr; size_t linecap; ssize_t linelen; - const char *errstr; buf = NULL; linecap = 0; @@ -325,49 +325,55 @@ read_userconfig(char const * file) break; case _UC_MINUID: if ((q = unquote(q)) != NULL) { - errstr = NULL; - config.min_uid = strtounum(q, 0, UID_MAX, &errstr); + config.min_uid = strtounum(q, 0, + UID_MAX, &errstr); if (errstr) - warnx("Invalid min_uid: '%s', ignoring", q); + warnx("Invalid min_uid: '%s';" + " ignoring", q); } break; case _UC_MAXUID: if ((q = unquote(q)) != NULL) { - errstr = NULL; - config.max_uid = strtounum(q, 0, UID_MAX, &errstr); + config.max_uid = strtounum(q, 0, + UID_MAX, &errstr); if (errstr) - warnx("Invalid max_uid: '%s', ignoring", q); + warnx("Invalid max_uid: '%s';" + " ignoring", q); } break; case _UC_MINGID: - if ((q = unquote(q)) != NULL && isdigit(*q)) - errstr = NULL; - config.min_gid = strtounum(q, 0, GID_MAX, &errstr); + if ((q = unquote(q)) != NULL) { + config.min_gid = strtounum(q, 0, + GID_MAX, &errstr); if (errstr) - warnx("Invalid min_gid: '%s', ignoring", q); + warnx("Invalid min_gid: '%s';" + " ignoring", q); break; case _UC_MAXGID: if ((q = unquote(q)) != NULL) { - errstr = NULL; - config.max_gid = strtounum(q, 0, GID_MAX, &errstr); + config.max_gid = strtounum(q, 0, + GID_MAX, &errstr); if (errstr) - warnx("Invalid max_gid: '%s', ignoring", q); + warnx("Invalid max_gid: '%s';" + " ignoring", q); } break; case _UC_EXPIRE: if ((q = unquote(q)) != NULL) { - errstr = NULL; - config.expire_days = strtonum(q, 0, INT_MAX, &errstr); + config.expire_days = strtonum(q, 0, + INT_MAX, &errstr); if (errstr) - warnx("Invalid expire days: '%s', ignoring", q); + warnx("Invalid expire days:" + " '%s'; ignoring", q); } break; case _UC_PASSWORD: if ((q = unquote(q)) != NULL) { - errstr = NULL; - config.password_days = strtonum(q, 0, INT_MAX, &errstr); + config.password_days = strtonum(q, 0, + INT_MAX, &errstr); if (errstr) - warnx("Invalid password days: '%s', ignoring", q); + warnx("Invalid password days:" + " '%s'; ignoring", q); } break; case _UC_FIELDS: -- cgit v1.2.3-56-ge451 From 99c28d09467b167abaa8b517679f480b4e21d40b Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 11:52:48 +0000 Subject: Fix build --- pw/pw_conf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index 10ded5c..b723c31 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -348,6 +348,7 @@ read_userconfig(char const * file) if (errstr) warnx("Invalid min_gid: '%s';" " ignoring", q); + } break; case _UC_MAXGID: if ((q = unquote(q)) != NULL) { -- cgit v1.2.3-56-ge451 From 5bb254a38fa9e233bcdb24956e1f8ccf2b19182b Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 12:18:48 +0000 Subject: Partial revert of r286152 More work needed on the cli validation --- pw/pw.c | 10 ---------- pw/pw_conf.c | 2 ++ pw/pw_user.c | 8 ++++---- pw/pwupd.h | 2 -- 4 files changed, 6 insertions(+), 16 deletions(-) diff --git a/pw/pw.c b/pw/pw.c index bca6715..88c83db 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -262,11 +262,6 @@ main(int argc, char *argv[]) case 'c': conf.gecos = pw_checkname(optarg, 1); break; - case 'e': - conf.expire_days = strtonum(optarg, 0, INT_MAX, &errstr); - if (errstr) - errx(EX_USAGE, "Invalid expired days: %s", optarg); - break; case 'g': if (which == 0) { /* for user* */ addarg(&arglist, 'g', optarg); @@ -326,11 +321,6 @@ main(int argc, char *argv[]) case 'o': conf.checkduplicate = false; break; - case 'p': - conf.password_days = strtonum(optarg, 0, INT_MAX, &errstr); - if (errstr) - errx(EX_USAGE, "Invalid password days: %s", optarg); - break; case 'q': conf.quiet = true; break; diff --git a/pw/pw_conf.c b/pw/pw_conf.c index b723c31..8ba8c07 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -367,6 +367,8 @@ read_userconfig(char const * file) warnx("Invalid expire days:" " '%s'; ignoring", q); } + if ((q = unquote(q)) != NULL && isdigit(*q)) + config.expire_days = atoi(q); break; case _UC_PASSWORD: if ((q = unquote(q)) != NULL) { diff --git a/pw/pw_user.c b/pw/pw_user.c index 6e07f1f..eca8235 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -418,14 +418,14 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_OSFILE, "root home `%s' is not a directory", cnf->home); } - if (conf.expire_days > 0) - cnf->expire_days = conf.expire_days; + if ((arg = getarg(args, 'e')) != NULL) + cnf->expire_days = atoi(arg->val); if ((arg = getarg(args, 'y')) != NULL) cnf->nispasswd = arg->val; - if (conf.password_days > 0) - cnf->password_days = conf.password_days; + if ((arg = getarg(args, 'p')) != NULL && arg->val) + cnf->password_days = atoi(arg->val); if ((arg = getarg(args, 'g')) != NULL) { if (!*(p = arg->val)) /* Handle empty group list specially */ diff --git a/pw/pwupd.h b/pw/pwupd.h index 9685bea..054c5a5 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -86,8 +86,6 @@ struct pwconf { char *newname; char *config; char *gecos; - int expire_days; - int password_days; int fd; int rootfd; int which; -- cgit v1.2.3-56-ge451 From cc2167793425c49a88da118a7b6b48bdb4ad9b81 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 12:20:55 +0000 Subject: Remove things that crept in after badly checked revert --- pw/pw_conf.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index 8ba8c07..b723c31 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -367,8 +367,6 @@ read_userconfig(char const * file) warnx("Invalid expire days:" " '%s'; ignoring", q); } - if ((q = unquote(q)) != NULL && isdigit(*q)) - config.expire_days = atoi(q); break; case _UC_PASSWORD: if ((q = unquote(q)) != NULL) { -- cgit v1.2.3-56-ge451 From e773096e9049d4fb494d9ea86a862cd89d62bdfc Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 12:47:50 +0000 Subject: Rewrite parsing subcommands arguments of pw(8) Now each subcommands checks its arguments in a dedicated functions. This helps improving input validation, code readability/maintainability While here: - Add a -y option to pw userdel/usermod so it can maintain NIS servers if nispasswd is not defined in pw.conf(5) - Allow pw -r to remove directory with userdel -r - Fix bug when renaming a user which was not renaming the user name it groups it is a member of. - Only parse pw.conf(5) when needed. --- pw/Makefile | 3 +- pw/pw.c | 296 +------ pw/pw.h | 28 +- pw/pw_conf.c | 61 +- pw/pw_group.c | 757 ++++++++++++------ pw/pw_nis.c | 1 + pw/pw_user.c | 2431 ++++++++++++++++++++++++++++++++------------------------ pw/pw_utils.c | 97 +++ pw/pwupd.h | 17 +- pw/strtounum.c | 2 +- 10 files changed, 2081 insertions(+), 1612 deletions(-) create mode 100644 pw/pw_utils.c diff --git a/pw/Makefile b/pw/Makefile index 87bb5f6..f26c9de 100644 --- a/pw/Makefile +++ b/pw/Makefile @@ -3,7 +3,8 @@ PROG= pw MAN= pw.conf.5 pw.8 SRCS= pw.c pw_conf.c pw_user.c pw_group.c pw_log.c pw_nis.c pw_vpw.c \ - grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c strtounum.c + grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c strtounum.c \ + pw_utils.c WARNS?= 3 diff --git a/pw/pw.c b/pw/pw.c index 88c83db..b13db70 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -37,9 +37,6 @@ static const char rcsid[] = #include #include "pw.h" -#if !defined(_PATH_YP) -#define _PATH_YP "/var/yp/" -#endif const char *Modes[] = { "add", "del", "mod", "show", "next", NULL}; @@ -85,55 +82,39 @@ struct pwf VPWF = vgetgrnam, }; -struct pwconf conf; - -static struct cargs arglist; +static int (*cmdfunc[W_NUM][M_NUM])(int argc, char **argv, char *_name) = { + { /* user */ + pw_user_add, + pw_user_del, + pw_user_mod, + pw_user_show, + pw_user_next, + pw_user_lock, + pw_user_unlock, + }, + { /* group */ + pw_group_add, + pw_group_del, + pw_group_mod, + pw_group_show, + pw_group_next, + } +}; -static int getindex(const char *words[], const char *word); -static void cmdhelp(int mode, int which); +struct pwconf conf; +static int getindex(const char *words[], const char *word); +static void cmdhelp(int mode, int which); int main(int argc, char *argv[]) { - int ch; - int mode = -1; - int which = -1; - long id = -1; - char *config = NULL; + int mode = -1, which = -1, tmp; struct stat st; - const char *errstr; - char arg, *name; + char arg, *arg1; bool relocated, nis; - static const char *opts[W_NUM][M_NUM] = - { - { /* user */ - "R:V:C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y", - "R:V:C:qn:u:rY", - "R:V:C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:FNPY", - "R:V:C:qn:u:FPa7", - "R:V:C:q", - "R:V:C:q", - "R:V:C:q" - }, - { /* grp */ - "R:V:C:qn:g:h:H:M:opNPY", - "R:V:C:qn:g:Y", - "R:V:C:qn:d:g:l:h:H:FM:m:NPY", - "R:V:C:qn:g:FPa", - "R:V:C:q" - } - }; - - static int (*funcs[W_NUM]) (int _mode, char *_name, long _id, - struct cargs * _args) = - { /* Request handlers */ - pw_user, - pw_group - }; - - name = NULL; + arg1 = NULL; relocated = nis = false; memset(&conf, 0, sizeof(conf)); strlcpy(conf.rootdir, "/", sizeof(conf.rootdir)); @@ -141,17 +122,13 @@ main(int argc, char *argv[]) conf.fd = -1; conf.checkduplicate = true; - LIST_INIT(&arglist); - - (void)setlocale(LC_ALL, ""); + setlocale(LC_ALL, ""); /* * Break off the first couple of words to determine what exactly * we're being asked to do */ while (argc > 1) { - int tmp; - if (*argv[1] == '-') { /* * Special case, allow pw -V [args] for scripts etc. @@ -197,15 +174,9 @@ main(int argc, char *argv[]) mode = tmp % M_NUM; } else if (strcmp(argv[1], "help") == 0 && argv[2] == NULL) cmdhelp(mode, which); - else if (which != -1 && mode != -1) { - if (strspn(argv[1], "0123456789") == strlen(argv[1])) { - id = strtounum(argv[1], 0, UID_MAX, &errstr); - if (errstr != NULL) - errx(EX_USAGE, "Bad id '%s': %s", - argv[1], errstr); - } else - name = argv[1]; - } else + else if (which != -1 && mode != -1) + arg1 = argv[1]; + else errx(EX_USAGE, "unknown keyword `%s'", argv[1]); ++argv; --argc; @@ -220,193 +191,22 @@ main(int argc, char *argv[]) conf.rootfd = open(conf.rootdir, O_DIRECTORY|O_CLOEXEC); if (conf.rootfd == -1) errx(EXIT_FAILURE, "Unable to open '%s'", conf.rootdir); - conf.which = which; - /* - * We know which mode we're in and what we're about to do, so now - * let's dispatch the remaining command line args in a genric way. - */ - optarg = NULL; - - while ((ch = getopt(argc, argv, opts[which][mode])) != -1) { - switch (ch) { - case '?': - errx(EX_USAGE, "unknown switch"); - break; - case '7': - conf.v7 = true; - break; - case 'C': - conf.config = optarg; - config = conf.config; - break; - case 'F': - conf.force = true; - break; - case 'N': - conf.dryrun = true; - break; - case 'l': - if (strlen(optarg) >= MAXLOGNAME) - errx(EX_USAGE, "new name too long: %s", optarg); - conf.newname = optarg; - break; - case 'P': - conf.pretty = true; - break; - case 'Y': - nis = true; - break; - case 'a': - conf.all = true; - break; - case 'c': - conf.gecos = pw_checkname(optarg, 1); - break; - case 'g': - if (which == 0) { /* for user* */ - addarg(&arglist, 'g', optarg); - break; - } - if (strspn(optarg, "0123456789") != strlen(optarg)) - errx(EX_USAGE, "-g expects a number"); - id = strtounum(optarg, 0, GID_MAX, &errstr); - if (errstr != NULL) - errx(EX_USAGE, "Bad id '%s': %s", optarg, - errstr); - break; - case 'u': - if (strspn(optarg, "0123456789,") != strlen(optarg)) - errx(EX_USAGE, "-u expects a number"); - if (strchr(optarg, ',') != NULL) { - addarg(&arglist, 'u', optarg); - break; - } - id = strtounum(optarg, 0, UID_MAX, &errstr); - if (errstr != NULL) - errx(EX_USAGE, "Bad id '%s': %s", optarg, - errstr); - break; - case 'n': - name = optarg; - break; - case 'H': - if (conf.fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - conf.precrypted = true; - if (strspn(optarg, "0123456789") != strlen(optarg)) - errx(EX_USAGE, "'-H' expects a file descriptor"); - - conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); - if (errstr != NULL) - errx(EX_USAGE, "Bad file descriptor '%s': %s", - optarg, errstr); - break; - case 'h': - if (conf.fd != -1) - errx(EX_USAGE, "'-h' and '-H' are mutually " - "exclusive options"); - - if (strcmp(optarg, "-") == 0) - conf.fd = '-'; - else if (strspn(optarg, "0123456789") == strlen(optarg)) { - conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); - if (errstr != NULL) - errx(EX_USAGE, "'-h' expects a " - "file descriptor or '-'"); - } else - errx(EX_USAGE, "'-h' expects a file " - "descriptor or '-'"); - break; - case 'o': - conf.checkduplicate = false; - break; - case 'q': - conf.quiet = true; - break; - case 'r': - conf.deletehome = true; - break; - default: - addarg(&arglist, ch, optarg); - break; - } - optarg = NULL; - } - - if (name != NULL && strlen(name) >= MAXLOGNAME) - errx(EX_USAGE, "name too long: %s", name); - - /* - * Must be root to attempt an update - */ - if (geteuid() != 0 && mode != M_PRINT && mode != M_NEXT && !conf.dryrun) - errx(EX_NOPERM, "you must be root to run this program"); - /* - * We should immediately look for the -q 'quiet' switch so that we - * don't bother with extraneous errors - */ - if (conf.quiet) - freopen(_PATH_DEVNULL, "w", stderr); - - /* - * Set our base working path if not overridden - */ - - if (config == NULL) { /* Only override config location if -C not specified */ - asprintf(&config, "%s/pw.conf", conf.etcpath); - if (config == NULL) - errx(EX_OSERR, "out of memory"); - } - - /* - * Now, let's do the common initialisation - */ - conf.userconf = read_userconfig(config); - - ch = funcs[which] (mode, name, id, &arglist); - - /* - * If everything went ok, and we've been asked to update - * the NIS maps, then do it now - */ - if (ch == EXIT_SUCCESS && nis) { - pid_t pid; - - fflush(NULL); - if (chdir(_PATH_YP) == -1) - warn("chdir(" _PATH_YP ")"); - else if ((pid = fork()) == -1) - warn("fork()"); - else if (pid == 0) { - /* Is make anywhere else? */ - execlp("/usr/bin/make", "make", (char *)NULL); - _exit(1); - } else { - int i; - waitpid(pid, &i, 0); - if ((i = WEXITSTATUS(i)) != 0) - errx(ch, "make exited with status %d", i); - else - pw_log(conf.userconf, mode, which, "NIS maps updated"); - } - } - return ch; + return (cmdfunc[which][mode](argc, argv, arg1)); } static int getindex(const char *words[], const char *word) { - int i = 0; + int i = 0; while (words[i]) { if (strcmp(words[i], word) == 0) - return i; + return (i); i++; } - return -1; + return (-1); } @@ -456,7 +256,7 @@ cmdhelp(int mode, int which) " Setting defaults:\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" - "\t-D set user defaults\n" + "\t-D set user defaults\n" "\t-b dir default home root dir\n" "\t-e period default expiry period\n" "\t-p period default password change period\n" @@ -476,6 +276,7 @@ cmdhelp(int mode, int which) "\t-n name login name\n" "\t-u uid user id\n" "\t-Y update NIS maps\n" + "\t-y path set NIS passwd file path\n" "\t-r remove home & contents\n", "usage: pw usermod [uid|name] [switches]\n" "\t-V etcdir alternate /etc location\n" @@ -500,6 +301,7 @@ cmdhelp(int mode, int which) "\t-h fd read password on fd\n" "\t-H fd read encrypted password on fd\n" "\t-Y update NIS maps\n" + "\t-y path set NIS passwd file path\n" "\t-N no update\n", "usage: pw usershow [uid|name] [switches]\n" "\t-V etcdir alternate /etc location\n" @@ -576,31 +378,3 @@ cmdhelp(int mode, int which) } exit(EXIT_FAILURE); } - -struct carg * -getarg(struct cargs * _args, int ch) -{ - struct carg *c; - - if (_args == NULL) - return (NULL); - - c = LIST_FIRST(_args); - - while (c != NULL && c->ch != ch) - c = LIST_NEXT(c, list); - return c; -} - -struct carg * -addarg(struct cargs * _args, int ch, char *argstr) -{ - struct carg *ca = malloc(sizeof(struct carg)); - - if (ca == NULL) - errx(EX_OSERR, "out of memory"); - ca->ch = ch; - ca->val = argstr; - LIST_INSERT_HEAD(_args, ca, list); - return ca; -} diff --git a/pw/pw.h b/pw/pw.h index a22572e..b6e2ccf 100644 --- a/pw/pw.h +++ b/pw/pw.h @@ -78,21 +78,41 @@ LIST_HEAD(cargs, carg); #define _UC_MAXLINE 1024 #define _UC_MAXSHELLS 32 +struct userconf *get_userconfig(const char *cfg); struct userconf *read_userconfig(char const * file); -int write_userconfig(char const * file); +int write_userconfig(struct userconf *cnf, char const * file); struct carg *addarg(struct cargs * _args, int ch, char *argstr); struct carg *getarg(struct cargs * _args, int ch); -int pw_user(int mode, char *name, long id, struct cargs * _args); -int pw_usernext(struct userconf *cnf, bool quiet); -int pw_group(int mode, char *name, long id, struct cargs * _args); +int pw_group_add(int argc, char **argv, char *name); +int pw_group_del(int argc, char **argv, char *name); +int pw_group_mod(int argc, char **argv, char *name); +int pw_group_next(int argc, char **argv, char *name); +int pw_group_show(int argc, char **argv, char *name); +int pw_user_add(int argc, char **argv, char *name); +int pw_user_add(int argc, char **argv, char *name); +int pw_user_add(int argc, char **argv, char *name); +int pw_user_add(int argc, char **argv, char *name); +int pw_user_del(int argc, char **argv, char *name); +int pw_user_lock(int argc, char **argv, char *name); +int pw_user_mod(int argc, char **argv, char *name); +int pw_user_next(int argc, char **argv, char *name); +int pw_user_show(int argc, char **argv, char *name); +int pw_user_unlock(int argc, char **argv, char *name); int pw_groupnext(struct userconf *cnf, bool quiet); char *pw_checkname(char *name, int gecos); +uintmax_t pw_checkid(char *nptr, uintmax_t maxval); +int pw_checkfd(char *nptr); int addnispwent(const char *path, struct passwd *pwd); int delnispwent(const char *path, const char *login); int chgnispwent(const char *path, const char *login, struct passwd *pwd); +int groupadd(struct userconf *, char *name, gid_t id, char *members, int fd, + bool dryrun, bool pretty, bool precrypted); + +int nis_update(void); + int boolean_val(char const * str, int dflt); char const *boolean_str(int val); char *newstr(char const * p); diff --git a/pw/pw_conf.c b/pw/pw_conf.c index b723c31..41ab79b 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -235,9 +235,6 @@ read_userconfig(char const * file) buf = NULL; linecap = 0; - config.groups = sl_init(); - if (config.groups == NULL) - err(1, "sl_init()"); if (file == NULL) file = _PATH_PW_CONF; @@ -316,8 +313,11 @@ read_userconfig(char const * file) ? NULL : newstr(q); break; case _UC_EXTRAGROUPS: - for (i = 0; q != NULL; q = strtok(NULL, toks)) + for (i = 0; q != NULL; q = strtok(NULL, toks)) { + if (config.groups == NULL) + config.groups = sl_init(); sl_add(config.groups, newstr(q)); + } break; case _UC_DEFAULTCLASS: config.default_class = (q == NULL || !boolean_val(q, 1)) @@ -391,7 +391,7 @@ read_userconfig(char const * file) int -write_userconfig(char const * file) +write_userconfig(struct userconf *cnf, const char *file) { int fd; int i, j; @@ -416,40 +416,39 @@ write_userconfig(char const * file) sbuf_clear(buf); switch (i) { case _UC_DEFAULTPWD: - sbuf_cat(buf, boolean_str(config.default_password)); + sbuf_cat(buf, boolean_str(cnf->default_password)); break; case _UC_REUSEUID: - sbuf_cat(buf, boolean_str(config.reuse_uids)); + sbuf_cat(buf, boolean_str(cnf->reuse_uids)); break; case _UC_REUSEGID: - sbuf_cat(buf, boolean_str(config.reuse_gids)); + sbuf_cat(buf, boolean_str(cnf->reuse_gids)); break; case _UC_NISPASSWD: - sbuf_cat(buf, config.nispasswd ? config.nispasswd : - ""); + sbuf_cat(buf, cnf->nispasswd ? cnf->nispasswd : ""); quote = 0; break; case _UC_DOTDIR: - sbuf_cat(buf, config.dotdir ? config.dotdir : + sbuf_cat(buf, cnf->dotdir ? cnf->dotdir : boolean_str(0)); break; case _UC_NEWMAIL: - sbuf_cat(buf, config.newmail ? config.newmail : + sbuf_cat(buf, cnf->newmail ? cnf->newmail : boolean_str(0)); break; case _UC_LOGFILE: - sbuf_cat(buf, config.logfile ? config.logfile : + sbuf_cat(buf, cnf->logfile ? cnf->logfile : boolean_str(0)); break; case _UC_HOMEROOT: - sbuf_cat(buf, config.home); + sbuf_cat(buf, cnf->home); break; case _UC_HOMEMODE: - sbuf_printf(buf, "%04o", config.homemode); + sbuf_printf(buf, "%04o", cnf->homemode); quote = 0; break; case _UC_SHELLPATH: - sbuf_cat(buf, config.shelldir); + sbuf_cat(buf, cnf->shelldir); break; case _UC_SHELLS: for (j = 0; j < _UC_MAXSHELLS && @@ -459,46 +458,46 @@ write_userconfig(char const * file) quote = 0; break; case _UC_DEFAULTSHELL: - sbuf_cat(buf, config.shell_default ? - config.shell_default : bourne_shell); + sbuf_cat(buf, cnf->shell_default ? + cnf->shell_default : bourne_shell); break; case _UC_DEFAULTGROUP: - sbuf_cat(buf, config.default_group ? - config.default_group : ""); + sbuf_cat(buf, cnf->default_group ? + cnf->default_group : ""); break; case _UC_EXTRAGROUPS: - for (j = 0; config.groups != NULL && - j < (int)config.groups->sl_cur; j++) + for (j = 0; cnf->groups != NULL && + j < (int)cnf->groups->sl_cur; j++) sbuf_printf(buf, "%s\"%s\"", j ? - "," : "", config.groups->sl_str[j]); + "," : "", cnf->groups->sl_str[j]); quote = 0; break; case _UC_DEFAULTCLASS: - sbuf_cat(buf, config.default_class ? - config.default_class : ""); + sbuf_cat(buf, cnf->default_class ? + cnf->default_class : ""); break; case _UC_MINUID: - sbuf_printf(buf, "%ju", (uintmax_t)config.min_uid); + sbuf_printf(buf, "%ju", (uintmax_t)cnf->min_uid); quote = 0; break; case _UC_MAXUID: - sbuf_printf(buf, "%ju", (uintmax_t)config.max_uid); + sbuf_printf(buf, "%ju", (uintmax_t)cnf->max_uid); quote = 0; break; case _UC_MINGID: - sbuf_printf(buf, "%ju", (uintmax_t)config.min_gid); + sbuf_printf(buf, "%ju", (uintmax_t)cnf->min_gid); quote = 0; break; case _UC_MAXGID: - sbuf_printf(buf, "%ju", (uintmax_t)config.max_gid); + sbuf_printf(buf, "%ju", (uintmax_t)cnf->max_gid); quote = 0; break; case _UC_EXPIRE: - sbuf_printf(buf, "%d", config.expire_days); + sbuf_printf(buf, "%ld", cnf->expire_days); quote = 0; break; case _UC_PASSWORD: - sbuf_printf(buf, "%d", config.password_days); + sbuf_printf(buf, "%ld", cnf->password_days); quote = 0; break; case _UC_NONE: diff --git a/pw/pw_group.c b/pw/pw_group.c index 3d5e70a..5ba5e39 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -31,47 +31,50 @@ static const char rcsid[] = #include #include +#include #include -#include +#include +#include #include +#include #include -#include -#include #include "pw.h" #include "bitmap.h" - static struct passwd *lookup_pwent(const char *user); static void delete_members(struct group *grp, char *list); -static int print_group(struct group * grp); -static gid_t gr_gidpolicy(struct userconf * cnf, long id); +static int print_group(struct group * grp, bool pretty); +static gid_t gr_gidpolicy(struct userconf * cnf, intmax_t id); static void -set_passwd(struct group *grp, bool update) +grp_set_passwd(struct group *grp, bool update, int fd, bool precrypted) { int b; int istty; struct termios t, n; char *p, line[256]; - if (conf.fd == '-') { + if (fd == -1) + return; + + if (fd == '-') { grp->gr_passwd = "*"; /* No access */ return; } - if ((istty = isatty(conf.fd))) { + if ((istty = isatty(fd))) { n = t; /* Disable echo */ n.c_lflag &= ~(ECHO); - tcsetattr(conf.fd, TCSANOW, &n); + tcsetattr(fd, TCSANOW, &n); printf("%sassword for group %s:", update ? "New p" : "P", grp->gr_name); fflush(stdout); } - b = read(conf.fd, line, sizeof(line) - 1); + b = read(fd, line, sizeof(line) - 1); if (istty) { /* Restore state */ - tcsetattr(conf.fd, TCSANOW, &t); + tcsetattr(fd, TCSANOW, &t); fputc('\n', stdout); fflush(stdout); } @@ -83,7 +86,7 @@ set_passwd(struct group *grp, bool update) if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", conf.fd); - if (conf.precrypted) { + if (precrypted) { if (strchr(line, ':') != 0) errx(EX_DATAERR, "wrong encrypted passwrd"); grp->gr_passwd = line; @@ -103,193 +106,24 @@ pw_groupnext(struct userconf *cnf, bool quiet) return (EXIT_SUCCESS); } -static int -pw_groupshow(const char *name, long id, struct group *fakegroup) -{ - struct group *grp = NULL; - - if (id < 0 && name == NULL && !conf.all) - errx(EX_DATAERR, "groupname or id or '-a' required"); - - if (conf.all) { - SETGRENT(); - while ((grp = GETGRENT()) != NULL) - print_group(grp); - ENDGRENT(); - - return (EXIT_SUCCESS); - } - - grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); - if (grp == NULL) { - if (conf.force) { - grp = fakegroup; - } else { - if (name == NULL) - errx(EX_DATAERR, "unknown gid `%ld'", id); - errx(EX_DATAERR, "unknown group `%s'", name); - } - } - - return (print_group(grp)); -} - -static int -pw_groupdel(const char *name, long id) +static struct group * +getgroup(char *name, intmax_t id, bool fatal) { - struct group *grp = NULL; - int rc; + struct group *grp; + if (id < 0 && name == NULL) + errx(EX_DATAERR, "groupname or id required"); grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); if (grp == NULL) { + if (!fatal) + return (NULL); if (name == NULL) - errx(EX_DATAERR, "unknown gid `%ld'", id); + errx(EX_DATAERR, "unknown gid `%ju'", id); errx(EX_DATAERR, "unknown group `%s'", name); } - - rc = delgrent(grp); - if (rc == -1) - err(EX_IOERR, "group '%s' not available (NIS?)", name); - else if (rc != 0) - err(EX_IOERR, "group update"); - pw_log(conf.userconf, M_DELETE, W_GROUP, "%s(%ld) removed", name, id); - - return (EXIT_SUCCESS); + return (grp); } -int -pw_group(int mode, char *name, long id, struct cargs * args) -{ - int rc; - struct carg *arg; - struct group *grp = NULL; - struct userconf *cnf = conf.userconf; - - static struct group fakegroup = - { - "nogroup", - "*", - -1, - NULL - }; - - if (mode == M_NEXT) - return (pw_groupnext(cnf, conf.quiet)); - - if (mode == M_PRINT) - return (pw_groupshow(name, id, &fakegroup)); - - if (mode == M_DELETE) - return (pw_groupdel(name, id)); - - if (mode == M_LOCK || mode == M_UNLOCK) - errx(EX_USAGE, "'lock' command is not available for groups"); - - if (id < 0 && name == NULL) - errx(EX_DATAERR, "group name or id required"); - - grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); - - if (mode == M_UPDATE) { - if (name == NULL && grp == NULL) /* Try harder */ - grp = GETGRGID(id); - - if (grp == NULL) { - if (name == NULL) - errx(EX_DATAERR, "unknown group `%s'", name); - else - errx(EX_DATAERR, "unknown group `%ld'", id); - } - if (name == NULL) /* Needed later */ - name = grp->gr_name; - - if (id > 0) - grp->gr_gid = (gid_t) id; - - if (conf.newname != NULL) - grp->gr_name = pw_checkname(conf.newname, 0); - } else { - if (name == NULL) /* Required */ - errx(EX_DATAERR, "group name required"); - else if (grp != NULL) /* Exists */ - errx(EX_DATAERR, "group name `%s' already exists", name); - - grp = &fakegroup; - grp->gr_name = pw_checkname(name, 0); - grp->gr_passwd = "*"; - grp->gr_gid = gr_gidpolicy(cnf, id); - grp->gr_mem = NULL; - } - - /* - * This allows us to set a group password Group passwords is an - * antique idea, rarely used and insecure (no secure database) Should - * be discouraged, but it is apparently still supported by some - * software. - */ - - if (conf.which == W_GROUP && conf.fd != -1) - set_passwd(grp, mode == M_UPDATE); - - if (((arg = getarg(args, 'M')) != NULL || - (arg = getarg(args, 'd')) != NULL || - (arg = getarg(args, 'm')) != NULL) && arg->val) { - char *p; - struct passwd *pwd; - - /* Make sure this is not stay NULL with -M "" */ - if (arg->ch == 'd') - delete_members(grp, arg->val); - else if (arg->ch == 'M') - grp->gr_mem = NULL; - - for (p = strtok(arg->val, ", \t"); arg->ch != 'd' && p != NULL; - p = strtok(NULL, ", \t")) { - int j; - - /* - * Check for duplicates - */ - pwd = lookup_pwent(p); - for (j = 0; grp->gr_mem != NULL && grp->gr_mem[j] != NULL; j++) { - if (strcmp(grp->gr_mem[j], pwd->pw_name) == 0) - break; - } - if (grp->gr_mem != NULL && grp->gr_mem[j] != NULL) - continue; - grp = gr_add(grp, pwd->pw_name); - } - } - - if (conf.dryrun) - return print_group(grp); - - if (mode == M_ADD && (rc = addgrent(grp)) != 0) { - if (rc == -1) - errx(EX_IOERR, "group '%s' already exists", - grp->gr_name); - else - err(EX_IOERR, "group update"); - } else if (mode == M_UPDATE && (rc = chggrent(name, grp)) != 0) { - if (rc == -1) - errx(EX_IOERR, "group '%s' not available (NIS?)", - grp->gr_name); - else - err(EX_IOERR, "group update"); - } - - if (conf.newname != NULL) - name = conf.newname; - /* grp may have been invalidated */ - if ((grp = GETGRNAM(name)) == NULL) - errx(EX_SOFTWARE, "group disappeared during update"); - - pw_log(cnf, mode, W_GROUP, "%s(%ju)", grp->gr_name, (uintmax_t)grp->gr_gid); - - return EXIT_SUCCESS; -} - - /* * Lookup a passwd entry using a name or UID. */ @@ -332,11 +166,11 @@ delete_members(struct group *grp, char *list) } } - -static gid_t -gr_gidpolicy(struct userconf * cnf, long id) +static gid_t +gr_gidpolicy(struct userconf * cnf, intmax_t id) { struct group *grp; + struct bitmap bm; gid_t gid = (gid_t) - 1; /* @@ -347,66 +181,59 @@ gr_gidpolicy(struct userconf * cnf, long id) if ((grp = GETGRGID(gid)) != NULL && conf.checkduplicate) errx(EX_DATAERR, "gid `%ju' has already been allocated", (uintmax_t)grp->gr_gid); - } else { - struct bitmap bm; - - /* - * We need to allocate the next available gid under one of - * two policies a) Grab the first unused gid b) Grab the - * highest possible unused gid - */ - if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */ - cnf->min_gid = 1000; - cnf->max_gid = 32000; - } - bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1); + return (gid); + } - /* - * Now, let's fill the bitmap from the password file - */ - SETGRENT(); - while ((grp = GETGRENT()) != NULL) - if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid && - (gid_t)grp->gr_gid <= (gid_t)cnf->max_gid) - bm_setbit(&bm, grp->gr_gid - cnf->min_gid); - ENDGRENT(); + /* + * We need to allocate the next available gid under one of + * two policies a) Grab the first unused gid b) Grab the + * highest possible unused gid + */ + if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */ + cnf->min_gid = 1000; + cnf->max_gid = 32000; + } + bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1); - /* - * Then apply the policy, with fallback to reuse if necessary - */ - if (cnf->reuse_gids) - gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); - else { - gid = (gid_t) (bm_lastset(&bm) + 1); - if (!bm_isset(&bm, gid)) - gid += cnf->min_gid; - else - gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); - } + /* + * Now, let's fill the bitmap from the password file + */ + SETGRENT(); + while ((grp = GETGRENT()) != NULL) + if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid && + (gid_t)grp->gr_gid <= (gid_t)cnf->max_gid) + bm_setbit(&bm, grp->gr_gid - cnf->min_gid); + ENDGRENT(); - /* - * Another sanity check - */ - if (gid < cnf->min_gid || gid > cnf->max_gid) - errx(EX_SOFTWARE, "unable to allocate a new gid - range fully used"); - bm_dealloc(&bm); + /* + * Then apply the policy, with fallback to reuse if necessary + */ + if (cnf->reuse_gids) + gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); + else { + gid = (gid_t) (bm_lastset(&bm) + 1); + if (!bm_isset(&bm, gid)) + gid += cnf->min_gid; + else + gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); } - return gid; -} + /* + * Another sanity check + */ + if (gid < cnf->min_gid || gid > cnf->max_gid) + errx(EX_SOFTWARE, "unable to allocate a new gid - range fully used"); + bm_dealloc(&bm); + return (gid); +} static int -print_group(struct group * grp) +print_group(struct group * grp, bool pretty) { - if (!conf.pretty) { - char *buf = NULL; - - buf = gr_make(grp); - printf("%s\n", buf); - free(buf); - } else { - int i; + char *buf = NULL; + int i; + if (pretty) { printf("Group Name: %-15s #%lu\n" " Members: ", grp->gr_name, (long) grp->gr_gid); @@ -415,6 +242,444 @@ print_group(struct group * grp) printf("%s%s", i ? "," : "", grp->gr_mem[i]); } fputs("\n\n", stdout); + return (EXIT_SUCCESS); + } + + buf = gr_make(grp); + printf("%s\n", buf); + free(buf); + return (EXIT_SUCCESS); +} + +int +pw_group_next(int argc, char **argv, char *arg1 __unused) +{ + struct userconf *cnf; + const char *cfg = NULL; + int ch; + bool quiet; + + while ((ch = getopt(argc, argv, "Cq")) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + } } - return EXIT_SUCCESS; + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + cnf = get_userconfig(cfg); + return (pw_groupnext(cnf, quiet)); +} + +int +pw_group_show(int argc, char **argv, char *arg1) +{ + struct group *grp = NULL; + char *name; + intmax_t id = -1; + int ch; + bool all, force, quiet, pretty; + + all = force = quiet = pretty = false; + + struct group fakegroup = { + "nogroup", + "*", + -1, + NULL + }; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, GID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, "C:qn:g:FPa")) != -1) { + switch (ch) { + case 'C': + /* ignore compatibility */ + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'g': + id = pw_checkid(optarg, GID_MAX); + break; + case 'F': + force = true; + break; + case 'P': + pretty = true; + break; + case 'a': + all = true; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + if (all) { + SETGRENT(); + while ((grp = GETGRENT()) != NULL) + print_group(grp, pretty); + ENDGRENT(); + return (EXIT_SUCCESS); + } + + grp = getgroup(name, id, !force); + if (grp == NULL) + grp = &fakegroup; + + return (print_group(grp, pretty)); +} + +int +pw_group_del(int argc, char **argv, char *arg1) +{ + struct userconf *cnf = NULL; + struct group *grp = NULL; + char *name; + const char *cfg = NULL; + intmax_t id = -1; + int ch, rc; + bool quiet = false; + bool nis = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, GID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, "C:qn:g:Y")) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'g': + id = pw_checkid(optarg, GID_MAX); + break; + case 'Y': + nis = true; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + grp = getgroup(name, id, true); + cnf = get_userconfig(cfg); + rc = delgrent(grp); + if (rc == -1) + err(EX_IOERR, "group '%s' not available (NIS?)", name); + else if (rc != 0) + err(EX_IOERR, "group update"); + pw_log(cnf, M_DELETE, W_GROUP, "%s(%ju) removed", name, + (uintmax_t)id); + + if (nis && nis_update() == 0) + pw_log(cnf, M_DELETE, W_GROUP, "NIS maps updated"); + + return (EXIT_SUCCESS); +} + +static bool +grp_has_member(struct group *grp, const char *name) +{ + int j; + + for (j = 0; grp->gr_mem != NULL && grp->gr_mem[j] != NULL; j++) + if (strcmp(grp->gr_mem[j], name) == 0) + return (true); + return (false); +} + +static void +grp_add_members(struct group **grp, char *members) +{ + struct passwd *pwd; + char *p; + char tok[] = ", \t"; + + if (members == NULL) + return; + for (p = strtok(members, tok); p != NULL; p = strtok(NULL, tok)) { + pwd = lookup_pwent(p); + if (grp_has_member(*grp, pwd->pw_name)) + continue; + *grp = gr_add(*grp, pwd->pw_name); + } +} + +int +groupadd(struct userconf *cnf, char *name, gid_t id, char *members, int fd, + bool dryrun, bool pretty, bool precrypted) +{ + struct group *grp; + int rc; + + struct group fakegroup = { + "nogroup", + "*", + -1, + NULL + }; + + grp = &fakegroup; + grp->gr_name = pw_checkname(name, 0); + grp->gr_passwd = "*"; + grp->gr_gid = gr_gidpolicy(cnf, id); + grp->gr_mem = NULL; + + /* + * This allows us to set a group password Group passwords is an + * antique idea, rarely used and insecure (no secure database) Should + * be discouraged, but it is apparently still supported by some + * software. + */ + grp_set_passwd(grp, false, fd, precrypted); + grp_add_members(&grp, members); + if (dryrun) + return (print_group(grp, pretty)); + + if ((rc = addgrent(grp)) != 0) { + if (rc == -1) + errx(EX_IOERR, "group '%s' already exists", + grp->gr_name); + else + err(EX_IOERR, "group update"); + } + + pw_log(cnf, M_ADD, W_GROUP, "%s(%ju)", grp->gr_name, + (uintmax_t)grp->gr_gid); + + return (EXIT_SUCCESS); +} + +int +pw_group_add(int argc, char **argv, char *arg1) +{ + struct userconf *cnf = NULL; + char *name = NULL; + char *members = NULL; + const char *cfg = NULL; + intmax_t id = -1; + int ch, rc, fd = -1; + bool quiet, precrypted, dryrun, pretty, nis; + + quiet = precrypted = dryrun = pretty = nis = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, GID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, "C:qn:g:h:H:M:oNPY")) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'g': + id = pw_checkid(optarg, GID_MAX); + break; + case 'H': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + precrypted = true; + if (fd == '-') + errx(EX_USAGE, "-H expects a file descriptor"); + break; + case 'h': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + break; + case 'M': + members = optarg; + break; + case 'o': + conf.checkduplicate = false; + break; + case 'N': + dryrun = true; + break; + case 'P': + pretty = true; + break; + case 'Y': + nis = true; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + if (name == NULL) + errx(EX_DATAERR, "group name required"); + cnf = get_userconfig(cfg); + rc = groupadd(cnf, name, gr_gidpolicy(cnf, id), members, fd, dryrun, + pretty, precrypted); + if (nis && rc == EXIT_SUCCESS && nis_update() == 0) + pw_log(cnf, M_ADD, W_GROUP, "NIS maps updated"); + + return (rc); +} + +int +pw_group_mod(int argc, char **argv, char *arg1) +{ + struct userconf *cnf; + struct group *grp = NULL; + const char *cfg = NULL; + char *oldmembers = NULL; + char *members = NULL; + char *newmembers = NULL; + char *newname = NULL; + char *name = NULL; + intmax_t id = -1; + int ch, rc, fd = -1; + bool quiet, pretty, dryrun, nis, precrypted; + + quiet = pretty = dryrun = nis = precrypted = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, GID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, "C:qn:d:g:l:h:H:M:m:NPY")) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'g': + id = pw_checkid(optarg, GID_MAX); + break; + case 'd': + oldmembers = optarg; + break; + case 'l': + newname = optarg; + break; + case 'H': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + precrypted = true; + if (fd == '-') + errx(EX_USAGE, "-H expects a file descriptor"); + break; + case 'h': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + break; + case 'M': + members = optarg; + break; + case 'm': + newmembers = optarg; + break; + case 'N': + dryrun = true; + break; + case 'P': + pretty = true; + break; + case 'Y': + nis = true; + break; + } + } + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + cnf = get_userconfig(cfg); + grp = getgroup(name, id, true); + if (name == NULL) + name = grp->gr_name; + if (id > 0) + grp->gr_gid = id; + + if (newname != NULL) + grp->gr_name = pw_checkname(newname, 0); + + grp_set_passwd(grp, true, fd, precrypted); + /* + * Keep the same logic as old code for now: + * if -M is passed, -d and -m are ignored + * then id -d, -m is ignored + * last is -m + */ + + if (members) { + grp->gr_mem = NULL; + grp_add_members(&grp, members); + } else if (oldmembers) { + delete_members(grp, oldmembers); + } else if (newmembers) { + grp_add_members(&grp, newmembers); + } + + if ((rc = chggrent(name, grp)) != 0) { + if (rc == -1) + errx(EX_IOERR, "group '%s' not available (NIS?)", + grp->gr_name); + else + err(EX_IOERR, "group update"); + } + + if (newname) + name = newname; + + /* grp may have been invalidated */ + if ((grp = GETGRNAM(name)) == NULL) + errx(EX_SOFTWARE, "group disappeared during update"); + + pw_log(cnf, M_UPDATE, W_GROUP, "%s(%ju)", grp->gr_name, + (uintmax_t)grp->gr_gid); + + if (nis && nis_update() == 0) + pw_log(cnf, M_UPDATE, W_GROUP, "NIS maps updated"); + + return (EXIT_SUCCESS); } diff --git a/pw/pw_nis.c b/pw/pw_nis.c index c786cc7..6697835 100644 --- a/pw/pw_nis.c +++ b/pw/pw_nis.c @@ -43,6 +43,7 @@ pw_nisupdate(const char * path, struct passwd * pwd, char const * user) struct passwd *pw = NULL; struct passwd *old_pw = NULL; + printf("===> %s\n", path); if (pwd != NULL) pw = pw_dup(pwd); diff --git a/pw/pw_user.c b/pw/pw_user.c index eca8235..8ff4159 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -52,42 +52,53 @@ static const char rcsid[] = static char locked_str[] = "*LOCKED*"; -static int pw_userdel(char *name, long id); -static int print_user(struct passwd * pwd); -static uid_t pw_uidpolicy(struct userconf * cnf, long id); -static uid_t pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer); -static time_t pw_pwdpolicy(struct userconf * cnf, struct cargs * args); -static time_t pw_exppolicy(struct userconf * cnf, struct cargs * args); -static char *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user); -static char *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell); -static char *pw_password(struct userconf * cnf, char const * user); -static char *shell_path(char const * path, char *shells[], char *sh); -static void rmat(uid_t uid); -static void rmopie(char const * name); +static struct passwd fakeuser = { + "nouser", + "*", + -1, + -1, + 0, + "", + "User &", + "/nonexistent", + "/bin/sh", + 0, + 0 +}; + +static int print_user(struct passwd *pwd, bool pretty, bool v7); +static uid_t pw_uidpolicy(struct userconf *cnf, intmax_t id); +static uid_t pw_gidpolicy(struct userconf *cnf, char *grname, char *nam, + gid_t prefer, bool dryrun); +static char *pw_homepolicy(struct userconf * cnf, char *homedir, + const char *user); +static char *pw_shellpolicy(struct userconf * cnf); +static char *pw_password(struct userconf * cnf, char const * user, + bool dryrun); +static char *shell_path(char const * path, char *shells[], char *sh); +static void rmat(uid_t uid); +static void rmopie(char const * name); static void -create_and_populate_homedir(struct passwd *pwd) +create_and_populate_homedir(struct userconf *cnf, struct passwd *pwd, + const char *skeldir, mode_t homemode, bool update) { - struct userconf *cnf = conf.userconf; - const char *skeldir; int skelfd = -1; - skeldir = cnf->dotdir; - if (skeldir != NULL && *skeldir != '\0') { if (*skeldir == '/') skeldir++; skelfd = openat(conf.rootfd, skeldir, O_DIRECTORY|O_CLOEXEC); } - copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, + copymkdir(conf.rootfd, pwd->pw_dir, skelfd, homemode, pwd->pw_uid, pwd->pw_gid, 0); - pw_log(cnf, M_ADD, W_USER, "%s(%ju) home %s made", pwd->pw_name, - (uintmax_t)pwd->pw_uid, pwd->pw_dir); + pw_log(cnf, update ? M_UPDATE : M_ADD, W_USER, "%s(%ju) home %s made", + pwd->pw_name, (uintmax_t)pwd->pw_uid, pwd->pw_dir); } static int -set_passwd(struct passwd *pwd, bool update) +pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update) { int b, istty; struct termios t, n; @@ -95,7 +106,7 @@ set_passwd(struct passwd *pwd, bool update) char line[_PASSWORD_LEN+1]; char *p; - if (conf.fd == '-') { + if (fd == '-') { if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { pwd->pw_passwd = "*"; /* No access */ return (1); @@ -103,40 +114,40 @@ set_passwd(struct passwd *pwd, bool update) return (0); } - if ((istty = isatty(conf.fd))) { - if (tcgetattr(conf.fd, &t) == -1) + if ((istty = isatty(fd))) { + if (tcgetattr(fd, &t) == -1) istty = 0; else { n = t; n.c_lflag &= ~(ECHO); - tcsetattr(conf.fd, TCSANOW, &n); + tcsetattr(fd, TCSANOW, &n); printf("%s%spassword for user %s:", update ? "new " : "", - conf.precrypted ? "encrypted " : "", + precrypted ? "encrypted " : "", pwd->pw_name); fflush(stdout); } } - b = read(conf.fd, line, sizeof(line) - 1); + b = read(fd, line, sizeof(line) - 1); if (istty) { /* Restore state */ - tcsetattr(conf.fd, TCSANOW, &t); + tcsetattr(fd, TCSANOW, &t); fputc('\n', stdout); fflush(stdout); } if (b < 0) err(EX_IOERR, "-%c file descriptor", - conf.precrypted ? 'H' : 'h'); + precrypted ? 'H' : 'h'); line[b] = '\0'; if ((p = strpbrk(line, "\r\n")) != NULL) *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", - conf.fd); - if (conf.precrypted) { + fd); + if (precrypted) { if (strchr(line, ':') != NULL) errx(EX_DATAERR, "bad encrypted password"); - pwd->pw_passwd = line; + pwd->pw_passwd = strdup(line); } else { lc = login_getpwclass(pwd); if (lc == NULL || @@ -148,54 +159,15 @@ set_passwd(struct passwd *pwd, bool update) return (1); } -int -pw_usernext(struct userconf *cnf, bool quiet) -{ - uid_t next = pw_uidpolicy(cnf, -1); - - if (quiet) - return (next); - - printf("%ju:", (uintmax_t)next); - pw_groupnext(cnf, quiet); - - return (EXIT_SUCCESS); -} - -static int -pw_usershow(char *name, long id, struct passwd *fakeuser) -{ - struct passwd *pwd = NULL; - - if (id < 0 && name == NULL && !conf.all) - errx(EX_DATAERR, "username or id or '-a' required"); - - if (conf.all) { - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - print_user(pwd); - ENDPWENT(); - return (EXIT_SUCCESS); - } - - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); - if (pwd == NULL) { - if (conf.force) { - pwd = fakeuser; - } else { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ld'", id); - errx(EX_NOUSER, "no such user `%s'", name); - } - } - - return (print_user(pwd)); -} - static void -perform_chgpwent(const char *name, struct passwd *pwd) +perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd) { int rc; + struct passwd *nispwd; + + /* duplicate for nis so that chgpwent is not modifying before NIS */ + if (nispasswd && *nispasswd == '/') + nispwd = pw_dup(pwd); rc = chgpwent(name, pwd); if (rc == -1) @@ -203,8 +175,8 @@ perform_chgpwent(const char *name, struct passwd *pwd) else if (rc != 0) err(EX_IOERR, "passwd file update"); - if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') { - rc = chgnispwent(conf.userconf->nispasswd, name, pwd); + if (nispasswd && *nispasswd == '/') { + rc = chgnispwent(nispasswd, name, nispwd); if (rc == -1) warn("User '%s' not found in NIS passwd", pwd->pw_name); else if (rc != 0) @@ -223,19 +195,29 @@ perform_chgpwent(const char *name, struct passwd *pwd) * that is a known limitation. */ static int -pw_userlock(char *name, long id, int mode) +pw_userlock(char *arg1, int mode) { struct passwd *pwd = NULL; char *passtmp = NULL; + char *name; bool locked = false; + uid_t id; - if (id < 0 && name == NULL) + if (geteuid() != 0) + errx(EX_NOPERM, "you must be root"); + + if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); if (pwd == NULL) { if (name == NULL) - errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); errx(EX_NOUSER, "no such user `%s'", name); } @@ -258,470 +240,1088 @@ pw_userlock(char *name, long id, int mode) pwd->pw_passwd += sizeof(locked_str)-1; } - perform_chgpwent(name, pwd); + perform_chgpwent(name, pwd, NULL); free(passtmp); return (EXIT_SUCCESS); } -/*- - * -C config configuration file - * -q quiet operation - * -n name login name - * -u uid user id - * -c comment user name/comment - * -d directory home directory - * -e date account expiry date - * -p date password expiry date - * -g grp primary group - * -G grp1,grp2 additional groups - * -m [ -k dir ] create and set up home - * -s shell name of login shell - * -o duplicate uid ok - * -L class user class - * -l name new login name - * -h fd password filehandle - * -H fd encrypted password filehandle - * -F force print or add - * Setting defaults: - * -D set user defaults - * -b dir default home root dir - * -e period default expiry period - * -p period default password change period - * -g group default group - * -G grp1,grp2.. default additional groups - * -L class default login class - * -k dir default home skeleton - * -s shell default shell - * -w method default password method - */ - -int -pw_user(int mode, char *name, long id, struct cargs * args) +static uid_t +pw_uidpolicy(struct userconf * cnf, intmax_t id) { - int rc, edited = 0; - char *p = NULL; - struct carg *arg; - struct passwd *pwd = NULL; - struct group *grp; - struct stat st; - struct userconf *cnf; - char line[_PASSWORD_LEN+1]; - char path[MAXPATHLEN]; - FILE *fp; - char *dmode_c; - void *set = NULL; - int valid_type = _PWF_FILES; - - static struct passwd fakeuser = - { - "nouser", - "*", - -1, - -1, - 0, - "", - "User &", - "/nonexistent", - "/bin/sh", - 0 -#if defined(__FreeBSD__) - ,0 -#endif - }; - - cnf = conf.userconf; - - if (mode == M_NEXT) - return (pw_usernext(cnf, conf.quiet)); - - if (mode == M_PRINT) - return (pw_usershow(name, id, &fakeuser)); - - if (mode == M_DELETE) - return (pw_userdel(name, id)); - - if (mode == M_LOCK || mode == M_UNLOCK) - return (pw_userlock(name, id, mode)); + struct passwd *pwd; + struct bitmap bm; + uid_t uid = (uid_t) - 1; /* - * We can do all of the common legwork here + * Check the given uid, if any */ + if (id >= 0) { + uid = (uid_t) id; - if ((arg = getarg(args, 'b')) != NULL) { - cnf->home = arg->val; + if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) + errx(EX_DATAERR, "uid `%ju' has already been allocated", + (uintmax_t)pwd->pw_uid); + return (uid); } - - if ((arg = getarg(args, 'M')) != NULL) { - dmode_c = arg->val; - if ((set = setmode(dmode_c)) == NULL) - errx(EX_DATAERR, "invalid directory creation mode '%s'", - dmode_c); - cnf->homemode = getmode(set, _DEF_DIRMODE); - free(set); + /* + * We need to allocate the next available uid under one of + * two policies a) Grab the first unused uid b) Grab the + * highest possible unused uid + */ + if (cnf->min_uid >= cnf->max_uid) { /* Sanity + * claus^H^H^H^Hheck */ + cnf->min_uid = 1000; + cnf->max_uid = 32000; } + bm = bm_alloc(cnf->max_uid - cnf->min_uid + 1); /* - * If we'll need to use it or we're updating it, - * then create the base home directory if necessary + * Now, let's fill the bitmap from the password file */ - if (arg != NULL || getarg(args, 'm') != NULL) { - int l = strlen(cnf->home); + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + if (pwd->pw_uid >= (uid_t) cnf->min_uid && pwd->pw_uid <= (uid_t) cnf->max_uid) + bm_setbit(&bm, pwd->pw_uid - cnf->min_uid); + ENDPWENT(); - if (l > 1 && cnf->home[l-1] == '/') /* Shave off any trailing path delimiter */ - cnf->home[--l] = '\0'; + /* + * Then apply the policy, with fallback to reuse if necessary + */ + if (cnf->reuse_uids || (uid = (uid_t) (bm_lastset(&bm) + cnf->min_uid + 1)) > cnf->max_uid) + uid = (uid_t) (bm_firstunset(&bm) + cnf->min_uid); - if (l < 2 || *cnf->home != '/') /* Check for absolute path name */ - errx(EX_DATAERR, "invalid base directory for home '%s'", cnf->home); + /* + * Another sanity check + */ + if (uid < cnf->min_uid || uid > cnf->max_uid) + errx(EX_SOFTWARE, "unable to allocate a new uid - range fully used"); + bm_dealloc(&bm); + return (uid); +} - if (stat(cnf->home, &st) == -1) { - char dbuf[MAXPATHLEN]; +static uid_t +pw_gidpolicy(struct userconf *cnf, char *grname, char *nam, gid_t prefer, bool dryrun) +{ + struct group *grp; + gid_t gid = (uid_t) - 1; - /* - * This is a kludge especially for Joerg :) - * If the home directory would be created in the root partition, then - * we really create it under /usr which is likely to have more space. - * But we create a symlink from cnf->home -> "/usr" -> cnf->home - */ - if (strchr(cnf->home+1, '/') == NULL) { - snprintf(dbuf, MAXPATHLEN, "/usr%s", cnf->home); - if (mkdir(dbuf, _DEF_DIRMODE) != -1 || errno == EEXIST) { - chown(dbuf, 0, 0); - /* - * Skip first "/" and create symlink: - * /home -> usr/home - */ - symlink(dbuf+1, cnf->home); - } - /* If this falls, fall back to old method */ - } - strlcpy(dbuf, cnf->home, sizeof(dbuf)); - p = dbuf; - if (stat(dbuf, &st) == -1) { - while ((p = strchr(p + 1, '/')) != NULL) { - *p = '\0'; - if (stat(dbuf, &st) == -1) { - if (mkdir(dbuf, _DEF_DIRMODE) == -1) - err(EX_OSFILE, "mkdir '%s'", dbuf); - chown(dbuf, 0, 0); - } else if (!S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "'%s' (root home parent) is not a directory", dbuf); - *p = '/'; - } - } - if (stat(dbuf, &st) == -1) { - if (mkdir(dbuf, _DEF_DIRMODE) == -1) - err(EX_OSFILE, "mkdir '%s'", dbuf); - chown(dbuf, 0, 0); - } - } else if (!S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "root home `%s' is not a directory", cnf->home); + /* + * Check the given gid, if any + */ + SETGRENT(); + if (grname) { + if ((grp = GETGRNAM(grname)) == NULL) { + gid = pw_checkid(grname, GID_MAX); + grp = GETGRGID(gid); + } + gid = grp->gr_gid; + } else if ((grp = GETGRNAM(nam)) != NULL && + (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { + gid = grp->gr_gid; /* Already created? Use it anyway... */ + } else { + intmax_t grid = -1; + + /* + * We need to auto-create a group with the user's name. We + * can send all the appropriate output to our sister routine + * bit first see if we can create a group with gid==uid so we + * can keep the user and group ids in sync. We purposely do + * NOT check the gid range if we can force the sync. If the + * user's name dups an existing group, then the group add + * function will happily handle that case for us and exit. + */ + if (GETGRGID(prefer) == NULL) + grid = prefer; + if (dryrun) { + gid = pw_groupnext(cnf, true); + } else { + if (grid == -1) + grid = pw_groupnext(cnf, true); + groupadd(cnf, nam, grid, NULL, -1, false, false, false); + if ((grp = GETGRNAM(nam)) != NULL) + gid = grp->gr_gid; + } } + ENDGRENT(); + return (gid); +} - if ((arg = getarg(args, 'e')) != NULL) - cnf->expire_days = atoi(arg->val); +static char * +pw_homepolicy(struct userconf * cnf, char *homedir, const char *user) +{ + static char home[128]; - if ((arg = getarg(args, 'y')) != NULL) - cnf->nispasswd = arg->val; + if (homedir) + return (homedir); - if ((arg = getarg(args, 'p')) != NULL && arg->val) - cnf->password_days = atoi(arg->val); + if (cnf->home == NULL || *cnf->home == '\0') + errx(EX_CONFIG, "no base home directory set"); + snprintf(home, sizeof(home), "%s/%s", cnf->home, user); - if ((arg = getarg(args, 'g')) != NULL) { - if (!*(p = arg->val)) /* Handle empty group list specially */ - cnf->default_group = ""; - else { - if ((grp = GETGRNAM(p)) == NULL) { - if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) - errx(EX_NOUSER, "group `%s' does not exist", p); - } - cnf->default_group = newstr(grp->gr_name); - } - } - if ((arg = getarg(args, 'L')) != NULL) - cnf->default_class = pw_checkname(arg->val, 0); + return (home); +} - if ((arg = getarg(args, 'G')) != NULL && arg->val) { - for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { - if ((grp = GETGRNAM(p)) == NULL) { - if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) - errx(EX_NOUSER, "group `%s' does not exist", p); - } - sl_add(cnf->groups, newstr(grp->gr_name)); - } - } +static char * +shell_path(char const * path, char *shells[], char *sh) +{ + if (sh != NULL && (*sh == '/' || *sh == '\0')) + return sh; /* specified full path or forced none */ + else { + char *p; + char paths[_UC_MAXLINE]; + + /* + * We need to search paths + */ + strlcpy(paths, path, sizeof(paths)); + for (p = strtok(paths, ": \t\r\n"); p != NULL; p = strtok(NULL, ": \t\r\n")) { + int i; + static char shellpath[256]; - if ((arg = getarg(args, 'k')) != NULL) { - char *tmp = cnf->dotdir = arg->val; - if (*tmp == '/') - tmp++; - if ((fstatat(conf.rootfd, tmp, &st, 0) == -1) || - !S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "skeleton `%s' is not a directory or " - "does not exist", cnf->dotdir); + if (sh != NULL) { + snprintf(shellpath, sizeof(shellpath), "%s/%s", p, sh); + if (access(shellpath, X_OK) == 0) + return shellpath; + } else + for (i = 0; i < _UC_MAXSHELLS && shells[i] != NULL; i++) { + snprintf(shellpath, sizeof(shellpath), "%s/%s", p, shells[i]); + if (access(shellpath, X_OK) == 0) + return shellpath; + } + } + if (sh == NULL) + errx(EX_OSFILE, "can't find shell `%s' in shell paths", sh); + errx(EX_CONFIG, "no default shell available or defined"); + return NULL; } +} - if ((arg = getarg(args, 's')) != NULL) - cnf->shell_default = arg->val; +static char * +pw_shellpolicy(struct userconf * cnf) +{ - if ((arg = getarg(args, 'w')) != NULL) - cnf->default_password = boolean_val(arg->val, cnf->default_password); - if (mode == M_ADD && getarg(args, 'D')) { - if (name != NULL) - errx(EX_DATAERR, "can't combine `-D' with `-n name'"); - if ((arg = getarg(args, 'u')) != NULL && (p = strtok(arg->val, ", \t")) != NULL) { - if ((cnf->min_uid = (uid_t) atoi(p)) == 0) - cnf->min_uid = 1000; - if ((p = strtok(NULL, " ,\t")) == NULL || (cnf->max_uid = (uid_t) atoi(p)) < cnf->min_uid) - cnf->max_uid = 32000; - } - if ((arg = getarg(args, 'i')) != NULL && (p = strtok(arg->val, ", \t")) != NULL) { - if ((cnf->min_gid = (gid_t) atoi(p)) == 0) - cnf->min_gid = 1000; - if ((p = strtok(NULL, " ,\t")) == NULL || (cnf->max_gid = (gid_t) atoi(p)) < cnf->min_gid) - cnf->max_gid = 32000; - } + return shell_path(cnf->shelldir, cnf->shells, cnf->shell_default); +} - if (write_userconfig(conf.config)) - return (EXIT_SUCCESS); - err(EX_IOERR, "config udpate"); - } +#define SALTSIZE 32 - if (name != NULL) - pwd = GETPWNAM(pw_checkname(name, 0)); +static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"; - if (id < 0 && name == NULL) - errx(EX_DATAERR, "user name or id required"); +char * +pw_pwcrypt(char *password) +{ + int i; + char salt[SALTSIZE + 1]; + char *cryptpw; + static char buf[256]; /* - * Update require that the user exists + * Calculate a salt value */ - if (mode == M_UPDATE) { - - if (name == NULL && pwd == NULL) /* Try harder */ - pwd = GETPWUID(id); - - if (pwd == NULL) { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ld'", id); - errx(EX_NOUSER, "no such user `%s'", name); - } + for (i = 0; i < SALTSIZE; i++) + salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)]; + salt[SALTSIZE] = '\0'; - if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') - valid_type = _PWF_NIS; + cryptpw = crypt(password, salt); + if (cryptpw == NULL) + errx(EX_CONFIG, "crypt(3) failure"); + return strcpy(buf, cryptpw); +} - if (PWF._altdir == PWF_REGULAR && - ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) - errx(EX_NOUSER, "no such %s user `%s'", - valid_type == _PWF_FILES ? "local" : "NIS" , name); +static char * +pw_password(struct userconf * cnf, char const * user, bool dryrun) +{ + int i, l; + char pwbuf[32]; - if (name == NULL) - name = pwd->pw_name; + switch (cnf->default_password) { + case -1: /* Random password */ + l = (arc4random() % 8 + 8); /* 8 - 16 chars */ + for (i = 0; i < l; i++) + pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)]; + pwbuf[i] = '\0'; /* - * The rest is edit code + * We give this information back to the user */ - if (conf.newname != NULL) { - if (strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "can't rename `root' account"); - pwd->pw_name = pw_checkname(conf.newname, 0); - edited = 1; - } - - if (id > 0 && isdigit((unsigned char)*arg->val)) { - pwd->pw_uid = (uid_t)id; - edited = 1; - if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "can't change uid of `root' account"); - if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) - warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name); + if (conf.fd == -1 && !dryrun) { + if (isatty(STDOUT_FILENO)) + printf("Password for '%s' is: ", user); + printf("%s\n", pwbuf); + fflush(stdout); } + break; - if ((arg = getarg(args, 'g')) != NULL && pwd->pw_uid != 0) { /* Already checked this */ - gid_t newgid = (gid_t) GETGRNAM(cnf->default_group)->gr_gid; - if (newgid != pwd->pw_gid) { - edited = 1; - pwd->pw_gid = newgid; - } - } + case -2: /* No password at all! */ + return ""; - if ((arg = getarg(args, 'p')) != NULL) { - if (*arg->val == '\0' || strcmp(arg->val, "0") == 0) { - if (pwd->pw_change != 0) { - pwd->pw_change = 0; - edited = 1; - } - } - else { - time_t now = time(NULL); - time_t expire = parse_date(now, arg->val); + case 0: /* No login - default */ + default: + return "*"; - if (pwd->pw_change != expire) { - pwd->pw_change = expire; - edited = 1; - } - } - } + case 1: /* user's name */ + strlcpy(pwbuf, user, sizeof(pwbuf)); + break; + } + return pw_pwcrypt(pwbuf); +} - if ((arg = getarg(args, 'e')) != NULL) { - if (*arg->val == '\0' || strcmp(arg->val, "0") == 0) { - if (pwd->pw_expire != 0) { - pwd->pw_expire = 0; - edited = 1; - } - } - else { - time_t now = time(NULL); - time_t expire = parse_date(now, arg->val); +static int +print_user(struct passwd * pwd, bool pretty, bool v7) +{ + int j; + char *p; + struct group *grp = GETGRGID(pwd->pw_gid); + char uname[60] = "User &", office[60] = "[None]", + wphone[60] = "[None]", hphone[60] = "[None]"; + char acexpire[32] = "[None]", pwexpire[32] = "[None]"; + struct tm * tptr; + + if (!pretty) { + p = v7 ? pw_make_v7(pwd) : pw_make(pwd); + printf("%s\n", p); + free(p); + return (EXIT_SUCCESS); + } - if (pwd->pw_expire != expire) { - pwd->pw_expire = expire; - edited = 1; + if ((p = strtok(pwd->pw_gecos, ",")) != NULL) { + strlcpy(uname, p, sizeof(uname)); + if ((p = strtok(NULL, ",")) != NULL) { + strlcpy(office, p, sizeof(office)); + if ((p = strtok(NULL, ",")) != NULL) { + strlcpy(wphone, p, sizeof(wphone)); + if ((p = strtok(NULL, "")) != NULL) { + strlcpy(hphone, p, sizeof(hphone)); } } } - - if ((arg = getarg(args, 's')) != NULL) { - char *shell = shell_path(cnf->shelldir, cnf->shells, arg->val); - if (shell == NULL) - shell = ""; - if (strcmp(shell, pwd->pw_shell) != 0) { - pwd->pw_shell = shell; - edited = 1; - } - } - - if (getarg(args, 'L')) { - if (cnf->default_class == NULL) - cnf->default_class = ""; - if (strcmp(pwd->pw_class, cnf->default_class) != 0) { - pwd->pw_class = cnf->default_class; - edited = 1; - } - } - - if ((arg = getarg(args, 'd')) != NULL) { - if (strcmp(pwd->pw_dir, arg->val)) - edited = 1; - if (stat(pwd->pw_dir = arg->val, &st) == -1) { - if (getarg(args, 'm') == NULL && strcmp(pwd->pw_dir, "/nonexistent") != 0) - warnx("WARNING: home `%s' does not exist", pwd->pw_dir); - } else if (!S_ISDIR(st.st_mode)) - warnx("WARNING: home `%s' is not a directory", pwd->pw_dir); - } - - if ((arg = getarg(args, 'w')) != NULL && conf.fd == -1) { - login_cap_t *lc; - - lc = login_getpwclass(pwd); - if (lc == NULL || - login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_password(cnf, pwd->pw_name); - edited = 1; - } - - } else { - login_cap_t *lc; - - /* - * Add code - */ - - if (name == NULL) /* Required */ - errx(EX_DATAERR, "login name required"); - else if ((pwd = GETPWNAM(name)) != NULL) /* Exists */ - errx(EX_DATAERR, "login name `%s' already exists", name); - - /* - * Now, set up defaults for a new user - */ - pwd = &fakeuser; - pwd->pw_name = name; - pwd->pw_class = cnf->default_class ? cnf->default_class : ""; - pwd->pw_uid = pw_uidpolicy(cnf, id); - pwd->pw_gid = pw_gidpolicy(args, pwd->pw_name, (gid_t) pwd->pw_uid); - pwd->pw_change = pw_pwdpolicy(cnf, args); - pwd->pw_expire = pw_exppolicy(cnf, args); - pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name); - pwd->pw_shell = pw_shellpolicy(cnf, args, NULL); - lc = login_getpwclass(pwd); - if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_password(cnf, pwd->pw_name); - edited = 1; - - if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) - warnx("WARNING: new account `%s' has a uid of 0 (superuser access!)", pwd->pw_name); } - /* - * Shared add/edit code + * Handle '&' in gecos field */ - if (conf.gecos != NULL) { - if (strcmp(pwd->pw_gecos, conf.gecos) != 0) { - pwd->pw_gecos = conf.gecos; - edited = 1; + if ((p = strchr(uname, '&')) != NULL) { + int l = strlen(pwd->pw_name); + int m = strlen(p); + + memmove(p + l, p + 1, m); + memmove(p, pwd->pw_name, l); + *p = (char) toupper((unsigned char)*p); + } + if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL) + strftime(acexpire, sizeof acexpire, "%c", tptr); + if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL) + strftime(pwexpire, sizeof pwexpire, "%c", tptr); + printf("Login Name: %-15s #%-12ju Group: %-15s #%ju\n" + " Full Name: %s\n" + " Home: %-26.26s Class: %s\n" + " Shell: %-26.26s Office: %s\n" + "Work Phone: %-26.26s Home Phone: %s\n" + "Acc Expire: %-26.26s Pwd Expire: %s\n", + pwd->pw_name, (uintmax_t)pwd->pw_uid, + grp ? grp->gr_name : "(invalid)", (uintmax_t)pwd->pw_gid, + uname, pwd->pw_dir, pwd->pw_class, + pwd->pw_shell, office, wphone, hphone, + acexpire, pwexpire); + SETGRENT(); + j = 0; + while ((grp=GETGRENT()) != NULL) { + int i = 0; + if (grp->gr_mem != NULL) { + while (grp->gr_mem[i] != NULL) { + if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) { + printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); + break; + } + ++i; + } } } + ENDGRENT(); + printf("%s", j ? "\n" : ""); + return (EXIT_SUCCESS); +} - if (conf.fd != -1) - edited = set_passwd(pwd, mode == M_UPDATE); - +char * +pw_checkname(char *name, int gecos) +{ + char showch[8]; + const char *badchars, *ch, *showtype; + int reject; + + ch = name; + reject = 0; + if (gecos) { + /* See if the name is valid as a gecos (comment) field. */ + badchars = ":!@"; + showtype = "gecos field"; + } else { + /* See if the name is valid as a userid or group. */ + badchars = " ,\t:+&#%$^()!@~*?<>=|\\/\""; + showtype = "userid/group name"; + /* Userids and groups can not have a leading '-'. */ + if (*ch == '-') + reject = 1; + } + if (!reject) { + while (*ch) { + if (strchr(badchars, *ch) != NULL || *ch < ' ' || + *ch == 127) { + reject = 1; + break; + } + /* 8-bit characters are only allowed in GECOS fields */ + if (!gecos && (*ch & 0x80)) { + reject = 1; + break; + } + ch++; + } + } + /* + * A `$' is allowed as the final character for userids and groups, + * mainly for the benefit of samba. + */ + if (reject && !gecos) { + if (*ch == '$' && *(ch + 1) == '\0') { + reject = 0; + ch++; + } + } + if (reject) { + snprintf(showch, sizeof(showch), (*ch >= ' ' && *ch < 127) + ? "`%c'" : "0x%02x", *ch); + errx(EX_DATAERR, "invalid character %s at position %td in %s", + showch, (ch - name), showtype); + } + if (!gecos && (ch - name) > LOGNAMESIZE) + errx(EX_USAGE, "name too long `%s' (max is %d)", name, + LOGNAMESIZE); + + return (name); +} + +static void +rmat(uid_t uid) +{ + DIR *d = opendir("/var/at/jobs"); + + if (d != NULL) { + struct dirent *e; + + while ((e = readdir(d)) != NULL) { + struct stat st; + + if (strncmp(e->d_name, ".lock", 5) != 0 && + stat(e->d_name, &st) == 0 && + !S_ISDIR(st.st_mode) && + st.st_uid == uid) { + char tmp[MAXPATHLEN]; + + snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", e->d_name); + system(tmp); + } + } + closedir(d); + } +} + +static void +rmopie(char const * name) +{ + char tmp[1014]; + FILE *fp; + int fd; + size_t len; + off_t atofs = 0; + + if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1) + return; + + fp = fdopen(fd, "r+"); + len = strlen(name); + + while (fgets(tmp, sizeof(tmp), fp) != NULL) { + if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') { + /* Comment username out */ + if (fseek(fp, atofs, SEEK_SET) == 0) + fwrite("#", 1, 1, fp); + break; + } + atofs = ftell(fp); + } /* - * Special case: -N only displays & exits + * If we got an error of any sort, don't update! */ - if (conf.dryrun) - return print_user(pwd); + fclose(fp); +} + +int +pw_user_next(int argc, char **argv, char *name __unused) +{ + struct userconf *cnf = NULL; + const char *cfg = NULL; + int ch; + bool quiet = false; + uid_t next; + + while ((ch = getopt(argc, argv, "Cq")) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + cnf = get_userconfig(cfg); + + next = pw_uidpolicy(cnf, -1); + + printf("%ju:", (uintmax_t)next); + pw_groupnext(cnf, quiet); + + return (EXIT_SUCCESS); +} + +int +pw_user_show(int argc, char **argv, char *arg1) +{ + struct passwd *pwd = NULL; + char *name = NULL; + uid_t id = -1; + int ch; + bool all = false; + bool pretty = false; + bool force = false; + bool v7 = false; + bool quiet = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, "C:qn:u:FPa7")) != -1) { + switch (ch) { + case 'C': + /* ignore compatibility */ + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'u': + id = pw_checkid(optarg, UID_MAX); + break; + case 'F': + force = true; + break; + case 'P': + pretty = true; + break; + case 'a': + all = true; + break; + case 7: + v7 = true; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + if (all) { + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + print_user(pwd, pretty, v7); + ENDPWENT(); + return (EXIT_SUCCESS); + } + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (force) { + pwd = &fakeuser; + } else { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ju'", + (uintmax_t) id); + errx(EX_NOUSER, "no such user `%s'", name); + } + } + + return (print_user(pwd, pretty, v7)); +} + +int +pw_user_del(int argc, char **argv, char *arg1) +{ + struct userconf *cnf = NULL; + struct passwd *pwd = NULL; + struct group *gr, *grp; + char *name = NULL; + char grname[MAXLOGNAME]; + char *nispasswd = NULL; + char file[MAXPATHLEN]; + char home[MAXPATHLEN]; + const char *cfg = NULL; + struct stat st; + uid_t id; + int ch, rc; + bool nis = false; + bool deletehome = false; + bool quiet = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, "C:qn:u:rYy:")) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'u': + id = pw_checkid(optarg, UID_MAX); + break; + case 'r': + deletehome = true; + break; + case 'y': + nispasswd = optarg; + break; + case 'Y': + nis = true; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + cnf = get_userconfig(cfg); + + if (nispasswd == NULL) + nispasswd = cnf->nispasswd; + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); + errx(EX_NOUSER, "no such user `%s'", name); + } + + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != _PWF_FILES)) { + if ((pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) { + if (!nis && nispasswd && *nispasswd != '/') + errx(EX_NOUSER, "Cannot remove NIS user `%s'", + name); + } else { + errx(EX_NOUSER, "Cannot remove non local user `%s'", + name); + } + } + + id = pwd->pw_uid; + if (name == NULL) + name = pwd->pw_name; + + if (strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "cannot remove user 'root'"); + + /* Remove opie record from /etc/opiekeys */ + if (PWALTDIR() != PWF_ALT) + rmopie(pwd->pw_name); + + if (!PWALTDIR()) { + /* Remove crontabs */ + snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); + if (access(file, F_OK) == 0) { + snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); + system(file); + } + } + + /* + * Save these for later, since contents of pwd may be + * invalidated by deletion + */ + snprintf(file, sizeof(file), "%s/%s", _PATH_MAILDIR, pwd->pw_name); + strlcpy(home, pwd->pw_dir, sizeof(home)); + gr = GETGRGID(pwd->pw_gid); + if (gr != NULL) + strlcpy(grname, gr->gr_name, LOGNAMESIZE); + else + grname[0] = '\0'; + + rc = delpwent(pwd); + if (rc == -1) + err(EX_IOERR, "user '%s' does not exist", pwd->pw_name); + else if (rc != 0) + err(EX_IOERR, "passwd update"); + + if (nis && nispasswd && *nispasswd=='/') { + rc = delnispwent(nispasswd, name); + if (rc == -1) + warnx("WARNING: user '%s' does not exist in NIS passwd", + pwd->pw_name); + else if (rc != 0) + warn("WARNING: NIS passwd update"); + } + + grp = GETGRNAM(name); + if (grp != NULL && + (grp->gr_mem == NULL || *grp->gr_mem == NULL) && + strcmp(name, grname) == 0) + delgrent(GETGRNAM(name)); + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + int i, j; + char group[MAXLOGNAME]; + if (grp->gr_mem == NULL) + continue; + + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i], name) != 0) + continue; + + for (j = i; grp->gr_mem[j] != NULL; j++) + grp->gr_mem[j] = grp->gr_mem[j+1]; + strlcpy(group, grp->gr_name, MAXLOGNAME); + chggrent(group, grp); + } + } + ENDGRENT(); + + pw_log(cnf, M_DELETE, W_USER, "%s(%ju) account removed", name, + (uintmax_t)id); + + /* Remove mail file */ + if (PWALTDIR() != PWF_ALT) + unlinkat(conf.rootfd, file + 1, 0); + + /* Remove at jobs */ + if (!PWALTDIR() && getpwuid(id) == NULL) + rmat(id); + + /* Remove home directory and contents */ + if (PWALTDIR() != PWF_ALT && deletehome && *home == '/' && + GETPWUID(id) == NULL && + fstatat(conf.rootfd, home + 1, &st, 0) != -1) { + rm_r(conf.rootfd, home, id); + pw_log(cnf, M_DELETE, W_USER, "%s(%ju) home '%s' %s" + "removed", name, (uintmax_t)id, home, + fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " + "completely "); + } + + return (EXIT_SUCCESS); +} + +int +pw_user_lock(int argc, char **argv, char *arg1) +{ + int ch; + + while ((ch = getopt(argc, argv, "Cq")) != -1) { + switch (ch) { + case 'C': + case 'q': + /* compatibility */ + break; + } + } + + return (pw_userlock(arg1, M_LOCK)); +} + +int +pw_user_unlock(int argc, char **argv, char *arg1) +{ + int ch; + + while ((ch = getopt(argc, argv, "Cq")) != -1) { + switch (ch) { + case 'C': + case 'q': + /* compatibility */ + break; + } + } + + return (pw_userlock(arg1, M_UNLOCK)); +} + +static struct group * +group_from_name_or_id(char *name) +{ + const char *errstr = NULL; + struct group *grp; + uintmax_t id; + + if ((grp = GETGRNAM(name)) == NULL) { + id = strtounum(name, 0, GID_MAX, &errstr); + if (errstr) + errx(EX_NOUSER, "group `%s' does not exist", name); + grp = GETGRGID(id); + if (grp == NULL) + errx(EX_NOUSER, "group `%s' does not exist", name); + } + + return (grp); +} + +static void +split_groups(StringList **groups, char *groupsstr) +{ + struct group *grp; + char *p; + char tok[] = ", \t"; + + for (p = strtok(groupsstr, tok); p != NULL; p = strtok(NULL, tok)) { + grp = group_from_name_or_id(p); + if (*groups == NULL) + *groups = sl_init(); + sl_add(*groups, newstr(grp->gr_name)); + } +} + +static void +validate_grname(struct userconf *cnf, char *group) +{ + struct group *grp; + + if (group == NULL || *group == '\0') { + cnf->default_group = ""; + return; + } + grp = group_from_name_or_id(group); + cnf->default_group = newstr(grp->gr_name); +} + +static mode_t +validate_mode(char *mode) +{ + mode_t m; + void *set; + + if ((set = setmode(mode)) == NULL) + errx(EX_DATAERR, "invalid directory creation mode '%s'", mode); + + m = getmode(set, _DEF_DIRMODE); + free(set); + return (m); +} + +static void +mix_config(struct userconf *cmdcnf, struct userconf *cfg) +{ + + if (cmdcnf->default_password == 0) + cmdcnf->default_password = cfg->default_password; + if (cmdcnf->reuse_uids == 0) + cmdcnf->reuse_uids = cfg->reuse_uids; + if (cmdcnf->reuse_gids == 0) + cmdcnf->reuse_gids = cfg->reuse_gids; + if (cmdcnf->nispasswd == NULL) + cmdcnf->nispasswd = cfg->nispasswd; + if (cmdcnf->dotdir == NULL) + cmdcnf->dotdir = cfg->dotdir; + if (cmdcnf->newmail == NULL) + cmdcnf->newmail = cfg->newmail; + if (cmdcnf->logfile == NULL) + cmdcnf->logfile = cfg->logfile; + if (cmdcnf->home == NULL) + cmdcnf->home = cfg->home; + if (cmdcnf->homemode == 0) + cmdcnf->homemode = cfg->homemode; + if (cmdcnf->shelldir == NULL) + cmdcnf->shelldir = cfg->shelldir; + if (cmdcnf->shells == NULL) + cmdcnf->shells = cfg->shells; + if (cmdcnf->shell_default == NULL) + cmdcnf->shell_default = cfg->shell_default; + if (cmdcnf->default_group == NULL) + cmdcnf->default_group = cfg->default_group; + if (cmdcnf->groups == NULL) + cmdcnf->groups = cfg->groups; + if (cmdcnf->default_class == NULL) + cmdcnf->default_class = cfg->default_class; + if (cmdcnf->min_uid == 0) + cmdcnf->min_uid = cfg->min_uid; + if (cmdcnf->max_uid == 0) + cmdcnf->max_uid = cfg->max_uid; + if (cmdcnf->min_gid == 0) + cmdcnf->min_gid = cfg->min_gid; + if (cmdcnf->max_gid == 0) + cmdcnf->max_gid = cfg->max_gid; + if (cmdcnf->expire_days == 0) + cmdcnf->expire_days = cfg->expire_days; + if (cmdcnf->password_days == 0) + cmdcnf->password_days = cfg->password_days; +} + +int +pw_user_add(int argc, char **argv, char *arg1) +{ + struct userconf *cnf, *cmdcnf; + struct passwd *pwd; + struct group *grp; + struct stat st; + char args[] = "C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y"; + char line[_PASSWORD_LEN+1], path[MAXPATHLEN]; + char *gecos, *homedir, *skel, *walk, *userid, *groupid, *grname; + char *default_passwd, *name, *p; + const char *cfg; + login_cap_t *lc; + FILE *pfp, *fp; + intmax_t id = -1; + time_t now; + int rc, ch, fd = -1; + size_t i; + bool dryrun, nis, pretty, quiet, createhome, precrypted, genconf; + + dryrun = nis = pretty = quiet = createhome = precrypted = false; + genconf = false; + gecos = homedir = skel = userid = groupid = default_passwd = NULL; + grname = name = NULL; + + if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL) + err(EXIT_FAILURE, "calloc()"); + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, args)) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'u': + userid = optarg; + break; + case 'c': + gecos = pw_checkname(optarg, 1); + break; + case 'd': + homedir = optarg; + break; + case 'e': + now = time(NULL); + cmdcnf->expire_days = parse_date(now, optarg); + break; + case 'p': + now = time(NULL); + cmdcnf->password_days = parse_date(now, optarg); + break; + case 'g': + validate_grname(cmdcnf, optarg); + grname = optarg; + break; + case 'G': + split_groups(&cmdcnf->groups, optarg); + break; + case 'm': + createhome = true; + break; + case 'M': + cmdcnf->homemode = validate_mode(optarg); + break; + case 'k': + walk = skel = optarg; + if (*walk == '/') + walk++; + if (fstatat(conf.rootfd, walk, &st, 0) == -1) + errx(EX_OSFILE, "skeleton `%s' does not " + "exists", skel); + if (!S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "skeleton `%s' is not a " + "directory", skel); + cmdcnf->dotdir = skel; + break; + case 's': + cmdcnf->shell_default = optarg; + break; + case 'o': + conf.checkduplicate = false; + break; + case 'L': + cmdcnf->default_class = pw_checkname(optarg, 0); + break; + case 'i': + groupid = optarg; + break; + case 'w': + default_passwd = optarg; + break; + case 'H': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + precrypted = true; + if (fd == '-') + errx(EX_USAGE, "-H expects a file descriptor"); + break; + case 'h': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + break; + case 'D': + genconf = true; + break; + case 'b': + cmdcnf->home = optarg; + break; + case 'N': + dryrun = true; + break; + case 'P': + pretty = true; + break; + case 'y': + cmdcnf->nispasswd = optarg; + break; + case 'Y': + nis = true; + break; + } + } + + if (geteuid() != 0 && ! dryrun) + errx(EX_NOPERM, "you must be root"); + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + cnf = get_userconfig(cfg); + + mix_config(cmdcnf, cnf); + if (default_passwd) + cmdcnf->default_password = boolean_val(default_passwd, + cnf->default_password); + if (genconf) { + if (name != NULL) + errx(EX_DATAERR, "can't combine `-D' with `-n name'"); + if (userid != NULL) { + if ((p = strtok(userid, ", \t")) != NULL) + cmdcnf->min_uid = pw_checkid(p, UID_MAX); + if (cmdcnf->min_uid == 0) + cmdcnf->min_uid = 1000; + if ((p = strtok(NULL, " ,\t")) != NULL) + cmdcnf->max_uid = pw_checkid(p, UID_MAX); + if (cmdcnf->max_uid == 0) + cmdcnf->max_uid = 32000; + } + if (groupid != NULL) { + if ((p = strtok(groupid, ", \t")) != NULL) + cmdcnf->min_gid = pw_checkid(p, GID_MAX); + if (cmdcnf->min_gid == 0) + cmdcnf->min_gid = 1000; + if ((p = strtok(NULL, " ,\t")) != NULL) + cmdcnf->max_gid = pw_checkid(p, GID_MAX); + if (cmdcnf->max_gid == 0) + cmdcnf->max_gid = 32000; + } + if (write_userconfig(cmdcnf, cfg)) + return (EXIT_SUCCESS); + err(EX_IOERR, "config update"); + } + + if (userid) + id = pw_checkid(userid, UID_MAX); + if (id < 0 && name == NULL) + errx(EX_DATAERR, "user name or id required"); - if (mode == M_ADD) { - edited = 1; /* Always */ - rc = addpwent(pwd); + if (name == NULL) + errx(EX_DATAERR, "login name required"); + + pwd = &fakeuser; + pwd->pw_name = name; + pwd->pw_class = cmdcnf->default_class ? cmdcnf->default_class : ""; + pwd->pw_uid = pw_uidpolicy(cmdcnf, id); + pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name, + (gid_t) pwd->pw_uid, dryrun); + pwd->pw_change = cmdcnf->password_days; + pwd->pw_expire = cmdcnf->expire_days; + pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name); + pwd->pw_shell = pw_shellpolicy(cmdcnf); + lc = login_getpwclass(pwd); + if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_password(cmdcnf, pwd->pw_name, dryrun); + if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) + warnx("WARNING: new account `%s' has a uid of 0 " + "(superuser access!)", pwd->pw_name); + if (gecos) + pwd->pw_gecos = gecos; + + if (fd != -1) + pw_set_passwd(pwd, fd, precrypted, false); + + if (dryrun) + return (print_user(pwd, pretty, false)); + + if ((rc = addpwent(pwd)) != 0) { if (rc == -1) errx(EX_IOERR, "user '%s' already exists", pwd->pw_name); else if (rc != 0) err(EX_IOERR, "passwd file update"); - if (cnf->nispasswd && *cnf->nispasswd=='/') { - rc = addnispwent(cnf->nispasswd, pwd); - if (rc == -1) - warnx("User '%s' already exists in NIS passwd", pwd->pw_name); - else if (rc != 0) - warn("NIS passwd update"); - /* NOTE: we treat NIS-only update errors as non-fatal */ - } - } else if (mode == M_UPDATE && edited) /* Only updated this if required */ - perform_chgpwent(name, pwd); - - /* - * Ok, user is created or changed - now edit group file - */ - - if (mode == M_ADD || getarg(args, 'G') != NULL) { - int j; - size_t i; - /* First remove the user from all group */ - SETGRENT(); - while ((grp = GETGRENT()) != NULL) { - char group[MAXLOGNAME]; - if (grp->gr_mem == NULL) - continue; - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (strcmp(grp->gr_mem[i] , pwd->pw_name) != 0) - continue; - for (j = i; grp->gr_mem[j] != NULL ; j++) - grp->gr_mem[j] = grp->gr_mem[j+1]; - strlcpy(group, grp->gr_name, MAXLOGNAME); - chggrent(group, grp); - } - } - ENDGRENT(); + } + if (nis && cmdcnf->nispasswd && *cmdcnf->nispasswd == '/') { + printf("%s\n", cmdcnf->nispasswd); + rc = addnispwent(cmdcnf->nispasswd, pwd); + if (rc == -1) + warnx("User '%s' already exists in NIS passwd", pwd->pw_name); + else if (rc != 0) + warn("NIS passwd update"); + /* NOTE: we treat NIS-only update errors as non-fatal */ + } - /* now add to group where needed */ - for (i = 0; i < cnf->groups->sl_cur; i++) { - grp = GETGRNAM(cnf->groups->sl_str[i]); + if (cmdcnf->groups != NULL) { + for (i = 0; i < cmdcnf->groups->sl_cur; i++) { + grp = GETGRNAM(cmdcnf->groups->sl_str[i]); grp = gr_add(grp, pwd->pw_name); /* * grp can only be NULL in 2 cases: @@ -736,39 +1336,28 @@ pw_user(int mode, char *name, long id, struct cargs * args) } } - - /* go get a current version of pwd */ pwd = GETPWNAM(name); - if (pwd == NULL) { - /* This will fail when we rename, so special case that */ - if (mode == M_UPDATE && conf.newname != NULL) { - name = conf.newname; /* update new name */ - pwd = GETPWNAM(name); /* refetch renamed rec */ - } - } - if (pwd == NULL) /* can't go on without this */ + if (pwd == NULL) errx(EX_NOUSER, "user '%s' disappeared during update", name); grp = GETGRGID(pwd->pw_gid); - pw_log(cnf, mode, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", + pw_log(cnf, M_ADD, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", pwd->pw_name, (uintmax_t)pwd->pw_uid, grp ? grp->gr_name : "unknown", (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); /* - * If adding, let's touch and chown the user's mail file. This is not + * let's touch and chown the user's mail file. This is not * strictly necessary under BSD with a 0755 maildir but it also * doesn't hurt anything to create the empty mailfile */ - if (mode == M_ADD) { - if (PWALTDIR() != PWF_ALT) { - snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, - pwd->pw_name); - close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, - 0600)); /* Preserve contents & mtime */ - fchownat(conf.rootfd, path + 1, pwd->pw_uid, - pwd->pw_gid, AT_SYMLINK_NOFOLLOW); - } + if (PWALTDIR() != PWF_ALT) { + snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, + pwd->pw_name); + /* Preserve contents & mtime */ + close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, 0600)); + fchownat(conf.rootfd, path + 1, pwd->pw_uid, pwd->pw_gid, + AT_SYMLINK_NOFOLLOW); } /* @@ -776,318 +1365,170 @@ pw_user(int mode, char *name, long id, struct cargs * args) * that this also `works' for editing users if -m is used, but * existing files will *not* be overwritten. */ - if (PWALTDIR() != PWF_ALT && getarg(args, 'm') != NULL && pwd->pw_dir && + if (PWALTDIR() != PWF_ALT && createhome && pwd->pw_dir && *pwd->pw_dir == '/' && pwd->pw_dir[1]) - create_and_populate_homedir(pwd); + create_and_populate_homedir(cmdcnf, pwd, cmdcnf->dotdir, + cmdcnf->homemode, false); - /* - * Finally, send mail to the new user as well, if we are asked to - */ - if (mode == M_ADD && !PWALTDIR() && cnf->newmail && *cnf->newmail && (fp = fopen(cnf->newmail, "r")) != NULL) { - FILE *pfp = popen(_PATH_SENDMAIL " -t", "w"); - - if (pfp == NULL) + if (!PWALTDIR() && cmdcnf->newmail && *cmdcnf->newmail && + (fp = fopen(cnf->newmail, "r")) != NULL) { + if ((pfp = popen(_PATH_SENDMAIL " -t", "w")) == NULL) warn("sendmail"); else { - fprintf(pfp, "From: root\n" "To: %s\n" "Subject: Welcome!\n\n", pwd->pw_name); + fprintf(pfp, "From: root\n" "To: %s\n" + "Subject: Welcome!\n\n", pwd->pw_name); while (fgets(line, sizeof(line), fp) != NULL) { /* Do substitutions? */ fputs(line, pfp); } pclose(pfp); - pw_log(cnf, mode, W_USER, "%s(%ju) new user mail sent", + pw_log(cnf, M_ADD, W_USER, "%s(%ju) new user mail sent", pwd->pw_name, (uintmax_t)pwd->pw_uid); } fclose(fp); } - return EXIT_SUCCESS; -} - - -static uid_t -pw_uidpolicy(struct userconf * cnf, long id) -{ - struct passwd *pwd; - uid_t uid = (uid_t) - 1; - - /* - * Check the given uid, if any - */ - if (id >= 0) { - uid = (uid_t) id; - - if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) - errx(EX_DATAERR, "uid `%ju' has already been allocated", - (uintmax_t)pwd->pw_uid); - } else { - struct bitmap bm; - - /* - * We need to allocate the next available uid under one of - * two policies a) Grab the first unused uid b) Grab the - * highest possible unused uid - */ - if (cnf->min_uid >= cnf->max_uid) { /* Sanity - * claus^H^H^H^Hheck */ - cnf->min_uid = 1000; - cnf->max_uid = 32000; - } - bm = bm_alloc(cnf->max_uid - cnf->min_uid + 1); - - /* - * Now, let's fill the bitmap from the password file - */ - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - if (pwd->pw_uid >= (uid_t) cnf->min_uid && pwd->pw_uid <= (uid_t) cnf->max_uid) - bm_setbit(&bm, pwd->pw_uid - cnf->min_uid); - ENDPWENT(); - - /* - * Then apply the policy, with fallback to reuse if necessary - */ - if (cnf->reuse_uids || (uid = (uid_t) (bm_lastset(&bm) + cnf->min_uid + 1)) > cnf->max_uid) - uid = (uid_t) (bm_firstunset(&bm) + cnf->min_uid); - - /* - * Another sanity check - */ - if (uid < cnf->min_uid || uid > cnf->max_uid) - errx(EX_SOFTWARE, "unable to allocate a new uid - range fully used"); - bm_dealloc(&bm); - } - return uid; -} - - -static uid_t -pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) -{ - struct group *grp; - gid_t gid = (uid_t) - 1; - struct carg *a_gid = getarg(args, 'g'); - struct userconf *cnf = conf.userconf; - - /* - * If no arg given, see if default can help out - */ - if (a_gid == NULL && cnf->default_group && *cnf->default_group) - a_gid = addarg(args, 'g', cnf->default_group); - - /* - * Check the given gid, if any - */ - SETGRENT(); - if (a_gid != NULL) { - if ((grp = GETGRNAM(a_gid->val)) == NULL) { - gid = (gid_t) atol(a_gid->val); - if ((gid == 0 && !isdigit((unsigned char)*a_gid->val)) || (grp = GETGRGID(gid)) == NULL) - errx(EX_NOUSER, "group `%s' is not defined", a_gid->val); - } - gid = grp->gr_gid; - } else if ((grp = GETGRNAM(nam)) != NULL && - (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { - gid = grp->gr_gid; /* Already created? Use it anyway... */ - } else { - gid_t grid = -1; - - /* - * We need to auto-create a group with the user's name. We - * can send all the appropriate output to our sister routine - * bit first see if we can create a group with gid==uid so we - * can keep the user and group ids in sync. We purposely do - * NOT check the gid range if we can force the sync. If the - * user's name dups an existing group, then the group add - * function will happily handle that case for us and exit. - */ - if (GETGRGID(prefer) == NULL) - grid = prefer; - if (conf.dryrun) { - gid = pw_groupnext(cnf, true); - } else { - pw_group(M_ADD, nam, grid, NULL); - if ((grp = GETGRNAM(nam)) != NULL) - gid = grp->gr_gid; - } - } - ENDGRENT(); - return gid; -} - - -static time_t -pw_pwdpolicy(struct userconf * cnf, struct cargs * args) -{ - time_t result = 0; - time_t now = time(NULL); - struct carg *arg = getarg(args, 'p'); - - if (arg != NULL) { - if ((result = parse_date(now, arg->val)) == now) - errx(EX_DATAERR, "invalid date/time `%s'", arg->val); - } else if (cnf->password_days > 0) - result = now + ((long) cnf->password_days * 86400L); - return result; -} - - -static time_t -pw_exppolicy(struct userconf * cnf, struct cargs * args) -{ - time_t result = 0; - time_t now = time(NULL); - struct carg *arg = getarg(args, 'e'); - - if (arg != NULL) { - if ((result = parse_date(now, arg->val)) == now) - errx(EX_DATAERR, "invalid date/time `%s'", arg->val); - } else if (cnf->expire_days > 0) - result = now + ((long) cnf->expire_days * 86400L); - return result; -} - - -static char * -pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user) -{ - struct carg *arg = getarg(args, 'd'); - static char home[128]; - - if (arg) - return (arg->val); - - if (cnf->home == NULL || *cnf->home == '\0') - errx(EX_CONFIG, "no base home directory set"); - snprintf(home, sizeof(home), "%s/%s", cnf->home, user); + if (nis && nis_update() == 0) + pw_log(cnf, M_ADD, W_USER, "NIS maps updated"); - return (home); + return (EXIT_SUCCESS); } -static char * -shell_path(char const * path, char *shells[], char *sh) +int +pw_user_mod(int argc, char **argv, char *arg1) { - if (sh != NULL && (*sh == '/' || *sh == '\0')) - return sh; /* specified full path or forced none */ - else { - char *p; - char paths[_UC_MAXLINE]; - - /* - * We need to search paths - */ - strlcpy(paths, path, sizeof(paths)); - for (p = strtok(paths, ": \t\r\n"); p != NULL; p = strtok(NULL, ": \t\r\n")) { - int i; - static char shellpath[256]; - - if (sh != NULL) { - snprintf(shellpath, sizeof(shellpath), "%s/%s", p, sh); - if (access(shellpath, X_OK) == 0) - return shellpath; - } else - for (i = 0; i < _UC_MAXSHELLS && shells[i] != NULL; i++) { - snprintf(shellpath, sizeof(shellpath), "%s/%s", p, shells[i]); - if (access(shellpath, X_OK) == 0) - return shellpath; - } - } - if (sh == NULL) - errx(EX_OSFILE, "can't find shell `%s' in shell paths", sh); - errx(EX_CONFIG, "no default shell available or defined"); - return NULL; + struct userconf *cnf; + struct passwd *pwd; + struct group *grp; + StringList *groups = NULL; + char args[] = "C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:NPYy:"; + const char *cfg; + char *gecos, *homedir, *grname, *name, *newname, *walk, *skel, *shell; + char *passwd, *class, *nispasswd; + login_cap_t *lc; + struct stat st; + intmax_t id = -1; + int ch, fd = -1; + size_t i, j; + bool quiet, createhome, pretty, dryrun, nis, edited, docreatehome; + mode_t homemode = 0; + time_t expire_days, password_days, now, precrypted; + + expire_days = password_days = -1; + gecos = homedir = grname = name = newname = skel = shell =NULL; + passwd = NULL; + class = nispasswd = NULL; + quiet = createhome = pretty = dryrun = nis = precrypted = false; + edited = docreatehome = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; } -} - -static char * -pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell) -{ - char *sh = newshell; - struct carg *arg = getarg(args, 's'); - - if (newshell == NULL && arg != NULL) - sh = arg->val; - return shell_path(cnf->shelldir, cnf->shells, sh ? sh : cnf->shell_default); -} - -#define SALTSIZE 32 - -static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"; - -char * -pw_pwcrypt(char *password) -{ - int i; - char salt[SALTSIZE + 1]; - char *cryptpw; - - static char buf[256]; - - /* - * Calculate a salt value - */ - for (i = 0; i < SALTSIZE; i++) - salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)]; - salt[SALTSIZE] = '\0'; - - cryptpw = crypt(password, salt); - if (cryptpw == NULL) - errx(EX_CONFIG, "crypt(3) failure"); - return strcpy(buf, cryptpw); -} - - -static char * -pw_password(struct userconf * cnf, char const * user) -{ - int i, l; - char pwbuf[32]; - - switch (cnf->default_password) { - case -1: /* Random password */ - l = (arc4random() % 8 + 8); /* 8 - 16 chars */ - for (i = 0; i < l; i++) - pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)]; - pwbuf[i] = '\0'; - - /* - * We give this information back to the user - */ - if (conf.fd == -1 && !conf.dryrun) { - if (isatty(STDOUT_FILENO)) - printf("Password for '%s' is: ", user); - printf("%s\n", pwbuf); - fflush(stdout); + while ((ch = getopt(argc, argv, args)) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'u': + id = pw_checkid(optarg, UID_MAX); + break; + case 'c': + gecos = pw_checkname(optarg, 1); + break; + case 'd': + homedir = optarg; + break; + case 'e': + now = time(NULL); + expire_days = parse_date(now, optarg); + break; + case 'p': + now = time(NULL); + password_days = parse_date(now, optarg); + break; + case 'g': + group_from_name_or_id(optarg); + grname = optarg; + break; + case 'G': + split_groups(&groups, optarg); + break; + case 'm': + createhome = true; + break; + case 'M': + homemode = validate_mode(optarg); + break; + case 'l': + newname = optarg; + break; + case 'k': + walk = skel = optarg; + if (*walk == '/') + walk++; + if (fstatat(conf.rootfd, walk, &st, 0) == -1) + errx(EX_OSFILE, "skeleton `%s' does not " + "exists", skel); + if (!S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "skeleton `%s' is not a " + "directory", skel); + break; + case 's': + shell = optarg; + break; + case 'w': + passwd = optarg; + break; + case 'L': + class = pw_checkname(optarg, 0); + break; + case 'H': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + precrypted = true; + if (fd == '-') + errx(EX_USAGE, "-H expects a file descriptor"); + break; + case 'h': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + break; + case 'N': + dryrun = true; + break; + case 'P': + pretty = true; + break; + case 'y': + nispasswd = optarg; + break; + case 'Y': + nis = true; + break; } - break; - - case -2: /* No password at all! */ - return ""; + } - case 0: /* No login - default */ - default: - return "*"; + if (geteuid() != 0 && ! dryrun) + errx(EX_NOPERM, "you must be root"); - case 1: /* user's name */ - strlcpy(pwbuf, user, sizeof(pwbuf)); - break; - } - return pw_pwcrypt(pwbuf); -} + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); -static int -pw_userdel(char *name, long id) -{ - struct passwd *pwd = NULL; - char file[MAXPATHLEN]; - char home[MAXPATHLEN]; - uid_t uid; - struct group *gr, *grp; - char grname[LOGNAMESIZE]; - int rc; - struct stat st; - int valid_type = _PWF_FILES; + cnf = get_userconfig(cfg); if (id < 0 && name == NULL) errx(EX_DATAERR, "username or id required"); @@ -1095,306 +1536,190 @@ pw_userdel(char *name, long id) pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); if (pwd == NULL) { if (name == NULL) - errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such uid `%ju'", + (uintmax_t) id); errx(EX_NOUSER, "no such user `%s'", name); } - if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') - valid_type = _PWF_NIS; - - if (PWF._altdir == PWF_REGULAR && - ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) - errx(EX_NOUSER, "no such %s user `%s'", - valid_type == _PWF_FILES ? "local" : "NIS" , name); - - uid = pwd->pw_uid; if (name == NULL) name = pwd->pw_name; - if (strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "cannot remove user 'root'"); - - /* Remove opie record from /etc/opiekeys */ + if (nis && nispasswd == NULL) + nispasswd = cnf->nispasswd; - if (PWALTDIR() != PWF_ALT) - rmopie(pwd->pw_name); + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != _PWF_FILES)) { + if ((pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) { + if (!nis && nispasswd && *nispasswd != '/') + errx(EX_NOUSER, "Cannot modify NIS user `%s'", + name); + } else { + errx(EX_NOUSER, "Cannot modify non local user `%s'", + name); + } + } - if (!PWALTDIR()) { - /* Remove crontabs */ - snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); - if (access(file, F_OK) == 0) { - snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); - system(file); + if (newname) { + if (strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "can't rename `root' account"); + if (strcmp(pwd->pw_name, newname) != 0) { + pwd->pw_name = pw_checkname(newname, 0); + edited = true; } } - /* - * Save these for later, since contents of pwd may be - * invalidated by deletion - */ - snprintf(file, sizeof(file), "%s/%s", _PATH_MAILDIR, pwd->pw_name); - strlcpy(home, pwd->pw_dir, sizeof(home)); - gr = GETGRGID(pwd->pw_gid); - if (gr != NULL) - strlcpy(grname, gr->gr_name, LOGNAMESIZE); - else - grname[0] = '\0'; - rc = delpwent(pwd); - if (rc == -1) - err(EX_IOERR, "user '%s' does not exist", pwd->pw_name); - else if (rc != 0) - err(EX_IOERR, "passwd update"); + if (id > 0 && pwd->pw_uid != id) { + pwd->pw_uid = id; + edited = true; + if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "can't change uid of `root' account"); + if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) + warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name); + } - if (conf.userconf->nispasswd && *conf.userconf->nispasswd=='/') { - rc = delnispwent(conf.userconf->nispasswd, name); - if (rc == -1) - warnx("WARNING: user '%s' does not exist in NIS passwd", - pwd->pw_name); - else if (rc != 0) - warn("WARNING: NIS passwd update"); - /* non-fatal */ + if (grname && pwd->pw_uid != 0) { + grp = GETGRNAM(grname); + if (grp == NULL) + grp = GETGRGID(pw_checkid(grname, GID_MAX)); + if (grp->gr_gid != pwd->pw_gid) { + pwd->pw_gid = grp->gr_gid; + edited = true; + } } - grp = GETGRNAM(name); - if (grp != NULL && - (grp->gr_mem == NULL || *grp->gr_mem == NULL) && - strcmp(name, grname) == 0) - delgrent(GETGRNAM(name)); - SETGRENT(); - while ((grp = GETGRENT()) != NULL) { - int i, j; - char group[MAXLOGNAME]; - if (grp->gr_mem == NULL) - continue; + if (password_days >= 0 && pwd->pw_change != password_days) { + pwd->pw_change = password_days; + edited = true; + } - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (strcmp(grp->gr_mem[i], name) != 0) - continue; + if (expire_days >= 0 && pwd->pw_expire != expire_days) { + pwd->pw_expire = expire_days; + edited = true; + } - for (j = i; grp->gr_mem[j] != NULL; j++) - grp->gr_mem[j] = grp->gr_mem[j+1]; - strlcpy(group, grp->gr_name, MAXLOGNAME); - chggrent(group, grp); + if (shell) { + shell = shell_path(cnf->shelldir, cnf->shells, shell); + if (shell == NULL) + shell = ""; + if (strcmp(shell, pwd->pw_shell) != 0) { + pwd->pw_shell = shell; + edited = true; } } - ENDGRENT(); - - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%ju) account removed", name, - (uintmax_t)uid); - /* Remove mail file */ - if (PWALTDIR() != PWF_ALT) - unlinkat(conf.rootfd, file + 1, 0); + if (class && strcmp(pwd->pw_class, class) != 0) { + pwd->pw_class = class; + edited = true; + } - /* Remove at jobs */ - if (!PWALTDIR() && getpwuid(uid) == NULL) - rmat(uid); + if (homedir && strcmp(pwd->pw_dir, homedir) != 0) { + pwd->pw_dir = homedir; + if (fstatat(conf.rootfd, pwd->pw_dir, &st, 0) == -1) { + if (!createhome) + warnx("WARNING: home `%s' does not exist", + pwd->pw_dir); + else + docreatehome = true; + } else if (!S_ISDIR(st.st_mode)) { + warnx("WARNING: home `%s' is not a directory", + pwd->pw_dir); + } + } - /* Remove home directory and contents */ - if (PWALTDIR() != PWF_ALT && conf.deletehome && *home == '/' && - getpwuid(uid) == NULL && - fstatat(conf.rootfd, home + 1, &st, 0) != -1) { - rm_r(conf.rootfd, home, uid); - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%ju) home '%s' %s" - "removed", name, (uintmax_t)uid, home, - fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " - "completely "); + if (passwd && conf.fd == -1) { + lc = login_getpwclass(pwd); + if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun); + edited = true; } - return (EXIT_SUCCESS); -} + if (gecos && strcmp(pwd->pw_gecos, gecos) != 0) { + pwd->pw_gecos = gecos; + edited = true; + } -static int -print_user(struct passwd * pwd) -{ - if (!conf.pretty) { - char *buf; + if (fd != -1) + edited = pw_set_passwd(pwd, fd, precrypted, true); - buf = conf.v7 ? pw_make_v7(pwd) : pw_make(pwd); - printf("%s\n", buf); - free(buf); - } else { - int j; - char *p; - struct group *grp = GETGRGID(pwd->pw_gid); - char uname[60] = "User &", office[60] = "[None]", - wphone[60] = "[None]", hphone[60] = "[None]"; - char acexpire[32] = "[None]", pwexpire[32] = "[None]"; - struct tm * tptr; - - if ((p = strtok(pwd->pw_gecos, ",")) != NULL) { - strlcpy(uname, p, sizeof(uname)); - if ((p = strtok(NULL, ",")) != NULL) { - strlcpy(office, p, sizeof(office)); - if ((p = strtok(NULL, ",")) != NULL) { - strlcpy(wphone, p, sizeof(wphone)); - if ((p = strtok(NULL, "")) != NULL) { - strlcpy(hphone, p, - sizeof(hphone)); - } - } - } - } - /* - * Handle '&' in gecos field - */ - if ((p = strchr(uname, '&')) != NULL) { - int l = strlen(pwd->pw_name); - int m = strlen(p); + if (dryrun) + return (print_user(pwd, pretty, false)); - memmove(p + l, p + 1, m); - memmove(p, pwd->pw_name, l); - *p = (char) toupper((unsigned char)*p); - } - if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL) - strftime(acexpire, sizeof acexpire, "%c", tptr); - if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL) - strftime(pwexpire, sizeof pwexpire, "%c", tptr); - printf("Login Name: %-15s #%-12ju Group: %-15s #%ju\n" - " Full Name: %s\n" - " Home: %-26.26s Class: %s\n" - " Shell: %-26.26s Office: %s\n" - "Work Phone: %-26.26s Home Phone: %s\n" - "Acc Expire: %-26.26s Pwd Expire: %s\n", - pwd->pw_name, (uintmax_t)pwd->pw_uid, - grp ? grp->gr_name : "(invalid)", (uintmax_t)pwd->pw_gid, - uname, pwd->pw_dir, pwd->pw_class, - pwd->pw_shell, office, wphone, hphone, - acexpire, pwexpire); - SETGRENT(); - j = 0; - while ((grp=GETGRENT()) != NULL) - { - int i = 0; - if (grp->gr_mem != NULL) { - while (grp->gr_mem[i] != NULL) - { - if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) - { - printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); - break; - } - ++i; - } + if (edited) /* Only updated this if required */ + perform_chgpwent(name, pwd, nis ? nispasswd : NULL); + /* Now perform the needed changes concern groups */ + if (groups != NULL) { + /* Delete User from groups using old name */ + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + if (grp->gr_mem == NULL) + continue; + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i] , name) != 0) + continue; + for (j = i; grp->gr_mem[j] != NULL ; j++) + grp->gr_mem[j] = grp->gr_mem[j+1]; + chggrent(grp->gr_name, grp); + break; } } ENDGRENT(); - printf("%s", j ? "\n" : ""); - } - return EXIT_SUCCESS; -} - -char * -pw_checkname(char *name, int gecos) -{ - char showch[8]; - const char *badchars, *ch, *showtype; - int reject; - - ch = name; - reject = 0; - if (gecos) { - /* See if the name is valid as a gecos (comment) field. */ - badchars = ":!@"; - showtype = "gecos field"; - } else { - /* See if the name is valid as a userid or group. */ - badchars = " ,\t:+&#%$^()!@~*?<>=|\\/\""; - showtype = "userid/group name"; - /* Userids and groups can not have a leading '-'. */ - if (*ch == '-') - reject = 1; + /* Add the user to the needed groups */ + for (i = 0; i < groups->sl_cur; i++) { + grp = GETGRNAM(groups->sl_str[i]); + grp = gr_add(grp, pwd->pw_name); + if (grp == NULL) + continue; + chggrent(grp->gr_name, grp); + free(grp); + } } - if (!reject) { - while (*ch) { - if (strchr(badchars, *ch) != NULL || *ch < ' ' || - *ch == 127) { - reject = 1; - break; - } - /* 8-bit characters are only allowed in GECOS fields */ - if (!gecos && (*ch & 0x80)) { - reject = 1; + /* In case of rename we need to walk over the different groups */ + if (newname) { + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + if (grp->gr_mem == NULL) + continue; + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i], name) != 0) + continue; + grp->gr_mem[i] = newname; + chggrent(grp->gr_name, grp); break; } - ch++; - } - } - /* - * A `$' is allowed as the final character for userids and groups, - * mainly for the benefit of samba. - */ - if (reject && !gecos) { - if (*ch == '$' && *(ch + 1) == '\0') { - reject = 0; - ch++; } } - if (reject) { - snprintf(showch, sizeof(showch), (*ch >= ' ' && *ch < 127) - ? "`%c'" : "0x%02x", *ch); - errx(EX_DATAERR, "invalid character %s at position %td in %s", - showch, (ch - name), showtype); - } - if (!gecos && (ch - name) > LOGNAMESIZE) - errx(EX_DATAERR, "name too long `%s' (max is %d)", name, - LOGNAMESIZE); - - return (name); -} - - -static void -rmat(uid_t uid) -{ - DIR *d = opendir("/var/at/jobs"); - - if (d != NULL) { - struct dirent *e; - - while ((e = readdir(d)) != NULL) { - struct stat st; - if (strncmp(e->d_name, ".lock", 5) != 0 && - stat(e->d_name, &st) == 0 && - !S_ISDIR(st.st_mode) && - st.st_uid == uid) { - char tmp[MAXPATHLEN]; + /* go get a current version of pwd */ + if (newname) + name = newname; + pwd = GETPWNAM(name); + if (pwd == NULL) + errx(EX_NOUSER, "user '%s' disappeared during update", name); + grp = GETGRGID(pwd->pw_gid); + pw_log(cnf, M_UPDATE, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", + pwd->pw_name, (uintmax_t)pwd->pw_uid, + grp ? grp->gr_name : "unknown", + (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), + pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); - snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", e->d_name); - system(tmp); - } - } - closedir(d); + /* + * Let's create and populate the user's home directory. Note + * that this also `works' for editing users if -m is used, but + * existing files will *not* be overwritten. + */ + if (PWALTDIR() != PWF_ALT && docreatehome && pwd->pw_dir && + *pwd->pw_dir == '/' && pwd->pw_dir[1]) { + if (!skel) + skel = cnf->dotdir; + if (homemode == 0) + homemode = cnf->homemode; + create_and_populate_homedir(cnf, pwd, skel, homemode, true); } -} - -static void -rmopie(char const * name) -{ - char tmp[1014]; - FILE *fp; - int fd; - size_t len; - off_t atofs = 0; - - if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1) - return; - fp = fdopen(fd, "r+"); - len = strlen(name); + if (nis && nis_update() == 0) + pw_log(cnf, M_UPDATE, W_USER, "NIS maps updated"); - while (fgets(tmp, sizeof(tmp), fp) != NULL) { - if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') { - /* Comment username out */ - if (fseek(fp, atofs, SEEK_SET) == 0) - fwrite("#", 1, 1, fp); - break; - } - atofs = ftell(fp); - } - /* - * If we got an error of any sort, don't update! - */ - fclose(fp); + return (EXIT_SUCCESS); } diff --git a/pw/pw_utils.c b/pw/pw_utils.c new file mode 100644 index 0000000..31b79c0 --- /dev/null +++ b/pw/pw_utils.c @@ -0,0 +1,97 @@ +/*- + * Copyright (C) 2015 Baptiste Daroussin + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include + +#include +#include +#include +#include +#include + +#include "pw.h" + +int +pw_checkfd(char *nptr) +{ + const char *errstr; + int fd = -1; + + if (strcmp(nptr, "-") == 0) + return '-'; + fd = strtonum(nptr, 0, INT_MAX, &errstr); + if (errstr != NULL) + errx(EX_USAGE, "Bad file descriptor '%s': %s", + nptr, errstr); + return (fd); +} + +uintmax_t +pw_checkid(char *nptr, uintmax_t maxval) +{ + const char *errstr = NULL; + uintmax_t id; + + id = strtounum(nptr, 0, maxval, &errstr); + if (errstr) + errx(EX_USAGE, "Bad id '%s': %s", nptr, errstr); + return (id); +} + +struct userconf * +get_userconfig(const char *config) +{ + char defaultcfg[MAXPATHLEN]; + + if (config != NULL) + return (read_userconfig(config)); + snprintf(defaultcfg, sizeof(defaultcfg), "%s/pw.conf", conf.etcpath); + return (read_userconfig(defaultcfg)); +} + +int +nis_update(void) { + pid_t pid; + int i; + + fflush(NULL); + if ((pid = fork()) == -1) { + warn("fork()"); + return (1); + } + if (pid == 0) { + execlp("/usr/bin/make", "make", "-C", "/var/yp/", (char*) NULL); + _exit(1); + } + waitpid(pid, &i, 0); + if ((i = WEXITSTATUS(i)) != 0) + errx(i, "make exited with status %d", i); + return (i); +} diff --git a/pw/pwupd.h b/pw/pwupd.h index 054c5a5..7fecffb 100644 --- a/pw/pwupd.h +++ b/pw/pwupd.h @@ -76,29 +76,16 @@ struct userconf { char *default_class; /* Default user class */ uid_t min_uid, max_uid; /* Allowed range of uids */ gid_t min_gid, max_gid; /* Allowed range of gids */ - int expire_days; /* Days to expiry */ - int password_days; /* Days to password expiry */ + time_t expire_days; /* Days to expiry */ + time_t password_days; /* Days to password expiry */ }; struct pwconf { char rootdir[MAXPATHLEN]; char etcpath[MAXPATHLEN]; - char *newname; - char *config; - char *gecos; int fd; int rootfd; - int which; - bool quiet; - bool force; - bool all; - bool dryrun; - bool pretty; - bool v7; bool checkduplicate; - bool deletehome; - bool precrypted; - struct userconf *userconf; }; extern struct pwf PWF; diff --git a/pw/strtounum.c b/pw/strtounum.c index 8d83470..be57276 100644 --- a/pw/strtounum.c +++ b/pw/strtounum.c @@ -1,5 +1,5 @@ /*- - * Copyright (C) Baptiste Daroussin + * Copyright (C) 2015 Baptiste Daroussin * All rights reserved. * * Redistribution and use in source and binary forms, with or without -- cgit v1.2.3-56-ge451 From 3bb519ecb05089cfdfebe8aeb2d0057b66ec8659 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 12:48:36 +0000 Subject: Remove dead code --- pw/pw.h | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/pw/pw.h b/pw/pw.h index b6e2ccf..e1a3949 100644 --- a/pw/pw.h +++ b/pw/pw.h @@ -64,15 +64,6 @@ enum _which W_NUM }; -struct carg -{ - int ch; - char *val; - LIST_ENTRY(carg) list; -}; - -LIST_HEAD(cargs, carg); - #define _DEF_DIRMODE (S_IRWXU | S_IRWXG | S_IRWXO) #define _PATH_PW_CONF "/etc/pw.conf" #define _UC_MAXLINE 1024 @@ -81,8 +72,6 @@ LIST_HEAD(cargs, carg); struct userconf *get_userconfig(const char *cfg); struct userconf *read_userconfig(char const * file); int write_userconfig(struct userconf *cnf, char const * file); -struct carg *addarg(struct cargs * _args, int ch, char *argstr); -struct carg *getarg(struct cargs * _args, int ch); int pw_group_add(int argc, char **argv, char *name); int pw_group_del(int argc, char **argv, char *name); -- cgit v1.2.3-56-ge451 From 87f0bee696c8913c0fcbdd80fa382f1dc2004cb8 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 12:54:15 +0000 Subject: Fix regression: report again if a username already exists when creating it --- pw/pw_user.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pw/pw_user.c b/pw/pw_user.c index 8ff4159..172e5ef 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -1275,6 +1275,9 @@ pw_user_add(int argc, char **argv, char *arg1) if (name == NULL) errx(EX_DATAERR, "login name required"); + if (GETPWNAM(name) != NULL) + errx(EX_DATAERR, "login name `%s' already exists", name); + pwd = &fakeuser; pwd->pw_name = name; pwd->pw_class = cmdcnf->default_class ? cmdcnf->default_class : ""; -- cgit v1.2.3-56-ge451 From e07217893e016b8c0d1adc04a1117c7a80719800 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 12:56:25 +0000 Subject: Fix regression: report if a group already exists when creating it --- pw/pw_group.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pw/pw_group.c b/pw/pw_group.c index 5ba5e39..22e80b0 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -546,6 +546,8 @@ pw_group_add(int argc, char **argv, char *arg1) freopen(_PATH_DEVNULL, "w", stderr); if (name == NULL) errx(EX_DATAERR, "group name required"); + if (GETGRNAM(name) != NULL) + errx(EX_DATAERR, "group name `%s' already exists", name); cnf = get_userconfig(cfg); rc = groupadd(cnf, name, gr_gidpolicy(cnf, id), members, fd, dryrun, pretty, precrypted); -- cgit v1.2.3-56-ge451 From 4573132fd44c8bd71211a975ed21e9acbb58ca45 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 13:22:46 +0000 Subject: Cleanup a bit includes --- pw/cpdir.c | 7 +------ pw/grupd.c | 4 +--- pw/psdate.c | 5 ++--- pw/pw.c | 7 ++++--- pw/pw.h | 16 +++------------- pw/pw_conf.c | 8 ++++---- pw/pw_group.c | 4 ++-- pw/pw_log.c | 2 ++ pw/pw_nis.c | 1 + pw/pw_user.c | 25 +++++++++++++++---------- pw/pw_utils.c | 2 ++ pw/pwupd.c | 14 ++++++-------- 12 files changed, 43 insertions(+), 52 deletions(-) diff --git a/pw/cpdir.c b/pw/cpdir.c index e84d0f3..334f789 100644 --- a/pw/cpdir.c +++ b/pw/cpdir.c @@ -29,17 +29,12 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ +#include #include #include #include -#include #include -#include #include -#include -#include -#include -#include #include "pw.h" #include "pwupd.h" diff --git a/pw/grupd.c b/pw/grupd.c index d52a345..9cbe0cb 100644 --- a/pw/grupd.c +++ b/pw/grupd.c @@ -29,13 +29,11 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ +#include #include #include -#include #include #include -#include -#include #include "pwupd.h" diff --git a/pw/psdate.c b/pw/psdate.c index 8e3a951..bd2aa15 100644 --- a/pw/psdate.c +++ b/pw/psdate.c @@ -29,12 +29,11 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ -#include +#include +#include #include #include -#include #include -#include #include "psdate.h" diff --git a/pw/pw.c b/pw/pw.c index b13db70..1f42101 100644 --- a/pw/pw.c +++ b/pw/pw.c @@ -32,9 +32,10 @@ static const char rcsid[] = #include #include #include -#include -#include -#include +#include +#include +#include + #include "pw.h" const char *Modes[] = { diff --git a/pw/pw.h b/pw/pw.h index e1a3949..b389f12 100644 --- a/pw/pw.h +++ b/pw/pw.h @@ -26,23 +26,13 @@ * $FreeBSD$ */ +#include + #define _WITH_GETLINE +#include #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "psdate.h" #include "pwupd.h" enum _mode diff --git a/pw/pw_conf.c b/pw/pw_conf.c index 41ab79b..087f48e 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -31,11 +31,11 @@ static const char rcsid[] = #include #include -#include -#include -#include -#include + #include +#include +#include +#include #include "pw.h" diff --git a/pw/pw_group.c b/pw/pw_group.c index 22e80b0..3f19e77 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -32,10 +32,10 @@ static const char rcsid[] = #include #include #include -#include #include #include -#include +#include +#include #include #include diff --git a/pw/pw_log.c b/pw/pw_log.c index b774423..29038d9 100644 --- a/pw/pw_log.c +++ b/pw/pw_log.c @@ -30,6 +30,8 @@ static const char rcsid[] = #endif /* not lint */ #include +#include +#include #include "pw.h" diff --git a/pw/pw_nis.c b/pw/pw_nis.c index 6697835..6cc361b 100644 --- a/pw/pw_nis.c +++ b/pw/pw_nis.c @@ -30,6 +30,7 @@ static const char rcsid[] = #endif /* not lint */ #include + #include #include #include diff --git a/pw/pw_user.c b/pw/pw_user.c index 172e5ef..b54cccb 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -30,23 +30,28 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ +#include +#include +#include +#include + #include +#include #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include +#include #include +#include +#include +#include +#include +#include +#include + #include "pw.h" #include "bitmap.h" +#include "psdate.h" #define LOGNAMESIZE (MAXLOGNAME-1) diff --git a/pw/pw_utils.c b/pw/pw_utils.c index 31b79c0..1a4f812 100644 --- a/pw/pw_utils.c +++ b/pw/pw_utils.c @@ -35,6 +35,8 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include +#include #include "pw.h" diff --git a/pw/pwupd.c b/pw/pwupd.c index f9e1959..ee23952 100644 --- a/pw/pwupd.c +++ b/pw/pwupd.c @@ -29,18 +29,16 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ +#include + +#include +#include +#include +#include #include #include #include #include -#include -#include -#include -#include -#include -#include -#include -#include #include "pwupd.h" -- cgit v1.2.3-56-ge451 From d13ab4fd48f03e64abf378665d5fe7e7cf53c379 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 13:32:23 +0000 Subject: Split some extra long lines --- pw/pw_user.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index b54cccb..33968ee 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -623,7 +623,8 @@ rmat(uid_t uid) st.st_uid == uid) { char tmp[MAXPATHLEN]; - snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", e->d_name); + snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", + e->d_name); system(tmp); } } @@ -869,7 +870,8 @@ pw_user_del(int argc, char **argv, char *arg1) /* Remove crontabs */ snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); if (access(file, F_OK) == 0) { - snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); + snprintf(file, sizeof(file), "crontab -u %s -r", + pwd->pw_name); system(file); } } @@ -1321,7 +1323,8 @@ pw_user_add(int argc, char **argv, char *arg1) printf("%s\n", cmdcnf->nispasswd); rc = addnispwent(cmdcnf->nispasswd, pwd); if (rc == -1) - warnx("User '%s' already exists in NIS passwd", pwd->pw_name); + warnx("User '%s' already exists in NIS passwd", + pwd->pw_name); else if (rc != 0) warn("NIS passwd update"); /* NOTE: we treat NIS-only update errors as non-fatal */ @@ -1351,7 +1354,8 @@ pw_user_add(int argc, char **argv, char *arg1) grp = GETGRGID(pwd->pw_gid); pw_log(cnf, M_ADD, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", pwd->pw_name, (uintmax_t)pwd->pw_uid, - grp ? grp->gr_name : "unknown", (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), + grp ? grp->gr_name : "unknown", + (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); /* @@ -1582,7 +1586,8 @@ pw_user_mod(int argc, char **argv, char *arg1) if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "can't change uid of `root' account"); if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) - warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name); + warnx("WARNING: account `%s' will have a uid of 0 " + "(superuser access!)", pwd->pw_name); } if (grname && pwd->pw_uid != 0) { -- cgit v1.2.3-56-ge451 From d3fd4c928063a9eba830f906f9131de24eb284ef Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 13:33:17 +0000 Subject: Split some extra long lines --- pw/pw_group.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index 3f19e77..df2d76d 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -180,7 +180,8 @@ gr_gidpolicy(struct userconf * cnf, intmax_t id) gid = (gid_t) id; if ((grp = GETGRGID(gid)) != NULL && conf.checkduplicate) - errx(EX_DATAERR, "gid `%ju' has already been allocated", (uintmax_t)grp->gr_gid); + errx(EX_DATAERR, "gid `%ju' has already been allocated", + (uintmax_t)grp->gr_gid); return (gid); } @@ -222,7 +223,8 @@ gr_gidpolicy(struct userconf * cnf, intmax_t id) * Another sanity check */ if (gid < cnf->min_gid || gid > cnf->max_gid) - errx(EX_SOFTWARE, "unable to allocate a new gid - range fully used"); + errx(EX_SOFTWARE, "unable to allocate a new gid - range fully " + "used"); bm_dealloc(&bm); return (gid); } -- cgit v1.2.3-56-ge451 From d8b569c5d79b241766aa4c1e90780a2af8bd1e7b Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 13:50:11 +0000 Subject: Fix build on 32bits --- pw/pw_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index 087f48e..c79b60a 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -493,11 +493,11 @@ write_userconfig(struct userconf *cnf, const char *file) quote = 0; break; case _UC_EXPIRE: - sbuf_printf(buf, "%ld", cnf->expire_days); + sbuf_printf(buf, "%lld", (long long)cnf->expire_days); quote = 0; break; case _UC_PASSWORD: - sbuf_printf(buf, "%ld", cnf->password_days); + sbuf_printf(buf, "%lld", (long long)cnf->password_days); quote = 0; break; case _UC_NONE: -- cgit v1.2.3-56-ge451 From 3a5dfb13d7ae60d5d8669c118c1efa82ca51d5f5 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 19:49:24 +0000 Subject: Use intmax_t rather than long long --- pw/pw_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pw/pw_conf.c b/pw/pw_conf.c index c79b60a..e9606b4 100644 --- a/pw/pw_conf.c +++ b/pw/pw_conf.c @@ -493,11 +493,11 @@ write_userconfig(struct userconf *cnf, const char *file) quote = 0; break; case _UC_EXPIRE: - sbuf_printf(buf, "%lld", (long long)cnf->expire_days); + sbuf_printf(buf, "%jd", (intmax_t)cnf->expire_days); quote = 0; break; case _UC_PASSWORD: - sbuf_printf(buf, "%lld", (long long)cnf->password_days); + sbuf_printf(buf, "%jd", (intmax_t)cnf->password_days); quote = 0; break; case _UC_NONE: -- cgit v1.2.3-56-ge451 From 5f0399d80c7e24560dcf6762d37aaa6b149ea0e2 Mon Sep 17 00:00:00 2001 From: Adrian Chadd Date: Mon, 3 Aug 2015 05:59:30 +0000 Subject: Actually set quiet to something. /usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c: In function 'pw_user_next': /usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c:680: warning: statement with no effect --- pw/pw_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 33968ee..f1207e0 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -677,7 +677,7 @@ pw_user_next(int argc, char **argv, char *name __unused) cfg = optarg; break; case 'q': - quiet; + quiet = true; break; } } -- cgit v1.2.3-56-ge451 From e854cbea2a39ade7b1dc00a3143f699eee5cc9bb Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 3 Aug 2015 06:06:56 +0000 Subject: Fix bugs spotted by gcc Reported by: adrian --- pw/pw_user.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index f1207e0..b51a6cb 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -700,7 +700,7 @@ pw_user_show(int argc, char **argv, char *arg1) { struct passwd *pwd = NULL; char *name = NULL; - uid_t id = -1; + intmax_t id = -1; int ch; bool all = false; bool pretty = false; @@ -786,7 +786,7 @@ pw_user_del(int argc, char **argv, char *arg1) char home[MAXPATHLEN]; const char *cfg = NULL; struct stat st; - uid_t id; + intmax_t id = -1; int ch, rc; bool nis = false; bool deletehome = false; @@ -1423,8 +1423,9 @@ pw_user_mod(int argc, char **argv, char *arg1) int ch, fd = -1; size_t i, j; bool quiet, createhome, pretty, dryrun, nis, edited, docreatehome; + bool precrypted; mode_t homemode = 0; - time_t expire_days, password_days, now, precrypted; + time_t expire_days, password_days, now; expire_days = password_days = -1; gecos = homedir = grname = name = newname = skel = shell =NULL; -- cgit v1.2.3-56-ge451 From 2f565863d784036f425848047e89d4251f4939f3 Mon Sep 17 00:00:00 2001 From: Devin Teske Date: Mon, 3 Aug 2015 21:19:31 +0000 Subject: Clarify pw(8) manual w/respect to required arguments. Break long lines at punctuation while here. Differential Revision: https://reviews.freebsd.org/D2700 Reviewed by: wblock, bapt MFC after: 3 days X-MFC-to: stable/10 --- pw/pw.8 | 208 ++++++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 118 insertions(+), 90 deletions(-) diff --git a/pw/pw.8 b/pw/pw.8 index c29a8a9..3a9c0b0 100644 --- a/pw/pw.8 +++ b/pw/pw.8 @@ -35,11 +35,9 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar useradd -.Op name|uid +.Oo Fl n Oc name Oo Fl u Ar uid Oc .Op Fl C Ar config .Op Fl q -.Op Fl n Ar name -.Op Fl u Ar uid .Op Fl c Ar comment .Op Fl d Ar dir .Op Fl e Ar date @@ -61,7 +59,6 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar useradd -.Op name|uid .Fl D .Op Fl C Ar config .Op Fl q @@ -81,27 +78,23 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar userdel -.Op name|uid -.Op Fl n Ar name -.Op Fl u Ar uid +.Oo Fl n Oc name|uid | Fl u Ar uid .Op Fl r .Op Fl Y .Nm .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar usermod -.Op name|uid +.Oo Fl n Oc name|uid Oo Fl u Ar newuid Oc | Fl u Ar uid .Op Fl C Ar config .Op Fl q -.Op Fl n Ar name -.Op Fl u Ar uid .Op Fl c Ar comment .Op Fl d Ar dir .Op Fl e Ar date .Op Fl p Ar date .Op Fl g Ar group .Op Fl G Ar grouplist -.Op Fl l Ar name +.Op Fl l Ar newname .Op Fl m .Op Fl M Ar mode .Op Fl k Ar dir @@ -116,9 +109,7 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar usershow -.Op name|uid -.Op Fl n Ar name -.Op Fl u Ar uid +.Oo Fl n Oc name|uid | Fl u Ar uid .Op Fl F .Op Fl P .Op Fl 7 @@ -133,11 +124,9 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar groupadd -.Op group|gid +.Oo Fl n Oc name Oo Fl g Ar gid Oc .Op Fl C Ar config .Op Fl q -.Op Fl n Ar group -.Op Fl g Ar gid .Op Fl M Ar members .Op Fl o .Op Fl h Ar fd | Fl H Ar fd @@ -148,20 +137,16 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar groupdel -.Op group|gid -.Op Fl n Ar name -.Op Fl g Ar gid +.Oo Fl n Oc name|gid | Fl g Ar gid .Op Fl Y .Nm .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar groupmod -.Op group|gid +.Oo Fl n Oc name|gid Oo Fl g Ar newgid Oc | Fl g Ar gid .Op Fl C Ar config .Op Fl q -.Op Fl n Ar name -.Op Fl g Ar gid -.Op Fl l Ar name +.Op Fl l Ar newname .Op Fl M Ar members .Op Fl m Ar newmembers .Op Fl d Ar oldmembers @@ -173,9 +158,7 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar groupshow -.Op group|gid -.Op Fl n Ar name -.Op Fl g Ar gid +.Oo Fl n Oc name|gid | Fl g Ar gid .Op Fl F .Op Fl P .Op Fl a @@ -189,14 +172,14 @@ .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar lock -.Op name|uid +.Oo Fl n Oc name|uid | Fl u Ar uid .Op Fl C Ar config .Op Fl q .Nm .Op Fl R Ar rootdir .Op Fl V Ar etcdir .Ar unlock -.Op name|uid +.Oo Fl n Oc name|uid | Fl u Ar uid .Op Fl C Ar config .Op Fl q .Sh DESCRIPTION @@ -250,8 +233,9 @@ all mean the same thing.) This flexibility is useful for interactive scripts calling .Nm for user and group database manipulation. -Following these keywords, you may optionally specify the user or group name or numeric -id as an alternative to using the +Following these keywords, +the user or group name or numeric id may be optionally specified as an +alternative to using the .Fl n Ar name , .Fl u Ar uid , .Fl g Ar gid @@ -266,12 +250,13 @@ will operate. Any paths specified will be relative to .Va rootdir . .It Fl V Ar etcdir -This flag sets an alternate location for the password, group and configuration files, -and may be used to maintain a user/group database in an alternate location. +Set an alternate location for the password, group, and configuration files. +Can be used to maintain a user/group database in an alternate location. If this switch is specified, the system .Pa /etc/pw.conf -will not be sourced for default configuration data, but the file pw.conf in the -specified directory will be used instead (or none, if it does not exist). +will not be sourced for default configuration data, +but the file pw.conf in the specified directory will be used instead +.Pq or none, if it does not exist . The .Fl C flag may be used to override this behaviour. @@ -294,7 +279,8 @@ configuration file. .It Fl q Use of this option causes .Nm -to suppress error messages, which may be useful in interactive environments where it +to suppress error messages, +which may be useful in interactive environments where it is preferable to interpret status codes returned by .Nm rather than messing up a carefully formatted display. @@ -338,27 +324,40 @@ and .Ar usermod commands: .Bl -tag -width "-G grouplist" -.It Fl n Ar name +.It Oo Fl n Oc Ar name +Required unless +.Fl u Ar uid +is given. Specify the user/account name. +In the case of +.Ar usermod +can be a uid. .It Fl u Ar uid +Required if +.Ar name +is not given. Specify the user/account numeric id. +In the case of +.Ar usermod +if paired with +.Ar name , +changes the numeric id of the named user/account. .Pp -Usually, you only need to provide one or the other of these options, as the account -name will imply the uid, or vice versa. -However, there are times when you need to provide both. +Usually, only one of these options is required, +as the account name will imply the uid, or vice versa. +However, there are times when both are needed. For example, when changing the uid of an existing user with .Ar usermod , -or overriding the default uid when creating a new account. -If you wish -.Nm -to automatically allocate the uid to a new user with +or overriding the default uid when creating a new account with +.Ar useradd . +To automatically allocate the uid to a new user with .Ar useradd , -then you should +then do .Em not use the .Fl u option. -You may also provide either the account or userid immediately after the +Either the account or userid can also be provided immediately after the .Ar useradd , .Ar userdel , .Ar usermod @@ -372,21 +371,23 @@ options. .El .Bl -tag -width "-G grouplist" .It Fl c Ar comment -This field sets the contents of the passwd GECOS field, which normally contains up -to four comma-separated fields containing the user's full name, office or location, +This field sets the contents of the passwd GECOS field, +which normally contains up to four comma-separated fields containing the +user's full name, office or location, and work and home phone numbers. These sub-fields are used by convention only, however, and are optional. -If this field is to contain spaces, you need to quote the comment itself with double -quotes +If this field is to contain spaces, +the comment must be enclosed in double quotes .Ql \&" . -Avoid using commas in this field as these are used as sub-field separators, and the -colon +Avoid using commas in this field as these are used as sub-field separators, +and the colon .Ql \&: character also cannot be used as this is the field separator for the passwd file itself. .It Fl d Ar dir This option sets the account's home directory. -Normally, you will only use this if the home directory is to be different from the +Normally, +this is only used if the home directory is to be different from the default determined from .Pa /etc/pw.conf - normally @@ -396,13 +397,15 @@ with the account name as a subdirectory. Set the account's expiration date. Format of the date is either a UNIX time in decimal, or a date in .Ql dd-mmm-yy[yy] -format, where dd is the day, mmm is the month, either in numeric or alphabetic format +format, where dd is the day, +mmm is the month, either in numeric or alphabetic format ('Jan', 'Feb', etc) and year is either a two or four digit year. This option also accepts a relative date in the form .Ql \&+n[mhdwoy] where .Ql \&n -is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit followed by the +is a decimal, +octal (leading 0) or hexadecimal (leading 0x) digit followed by the number of Minutes, Hours, Days, Weeks, Months or Years from the current date at which the expiration date is to be set. .It Fl p Ar date @@ -442,8 +445,8 @@ This option instructs to attempt to create the user's home directory. While primarily useful when adding a new account with .Ar useradd , -this may also be of use when moving an existing user's home directory elsewhere on -the file system. +this may also be of use when moving an existing user's home directory elsewhere +on the file system. The new home directory is populated with the contents of the .Ar skeleton directory, which typically contains a set of shell configuration files that the @@ -461,7 +464,8 @@ existing configuration files in the user's home directory are .Em not overwritten from the skeleton files. .Pp -When a user's home directory is created, it will by default be a subdirectory of the +When a user's home directory is created, +it will by default be a subdirectory of the .Ar basehome directory as specified by the .Fl b @@ -599,10 +603,13 @@ The default value for this is but it may be set elsewhere as desired. .It Fl e Ar days Set the default account expiration period in days. -Unlike use without -.Fl D , -the argument must be numeric, which specifies the number of days after creation when -the account is to expire. +When +.Fl D +is used, the +.Ar days +argument is interpreted differently. +It must be numeric and represents the number of days after creation +that the account expires. A value of 0 suppresses automatic calculation of the expiry date. .It Fl p Ar days Set the default password expiration period in days. @@ -615,8 +622,8 @@ with the same name as their login name. If a group is supplied, either its name or uid may be given as an argument. .It Fl G Ar grouplist Set the default groups in which new users are granted membership. -This is a separate set of groups from the primary group, and you should avoid -nominating the same group as both primary and extra groups. +This is a separate set of groups from the primary group. +Avoid nominating the same group as both primary and extra groups. In other words, these extra groups determine membership in groups .Em other than the primary group. @@ -630,7 +637,8 @@ This option sets the default login class for new users. .It Fl k Ar dir Set the default .Em skeleton -directory, from which prototype shell and other initialization files are copied when +directory, +from which prototype shell and other initialization files are copied when .Nm creates a user's home directory. See description of @@ -640,22 +648,24 @@ for naming conventions of these files. .Fl u Ar min , Ns Ar max , .Fl i Ar min , Ns Ar max .Xc -These options set the minimum and maximum user and group ids allocated for new accounts -and groups created by +Set the minimum and maximum user and group ids allocated for new +accounts and groups created by .Nm . The default values for each is 1000 minimum and 32000 maximum. .Ar min and .Ar max -are both numbers, where max must be greater than min, and both must be between 0 -and 32767. -In general, user and group ids less than 100 are reserved for use by the system, -and numbers greater than 32000 may also be reserved for special purposes (used by -some system daemons). +are both numbers, where max must be greater than min, +and both must be between 0 and 32767. +In general, +user and group ids less than 100 are reserved for use by the system, +and numbers greater than 32000 may also be reserved for special purposes +.Pq used by some system daemons . .It Fl w Ar method The .Fl w -option sets the default method used to set passwords for newly created user accounts. +option selects the default method used to set passwords for newly created user +accounts. .Ar method is one of: .Pp @@ -676,9 +686,11 @@ or .Ql \&no methods are the most secure; in the former case, .Nm -generates a password and prints it to stdout, which is suitable where you issue -users with passwords to access their accounts rather than having the user nominate -their own (possibly poorly chosen) password. +generates a password and prints it to stdout, +which is suitable when users are issued passwords rather than being allowed +to select their own +.Pq possibly poorly chosen +password. The .Ql \&no method requires that the superuser use @@ -699,7 +711,7 @@ servers. .Pp The .Ar userdel -command has only three valid options. +command has three distinct options. The .Fl n Ar name and @@ -714,7 +726,8 @@ to remove the user's home directory and all of its contents. The .Nm utility errs on the side of caution when removing files from the system. -Firstly, it will not do so if the uid of the account being removed is also used by +Firstly, +it will not do so if the uid of the account being removed is also used by another account on the system, and the 'home' directory in the password file is a valid path that commences with the character .Ql \&/ . @@ -725,20 +738,20 @@ will be removed. If any additional cleanup work is required, this is left to the administrator. .El .Pp -Mail spool files and crontabs are always removed when an account is deleted as these -are unconditionally attached to the user name. +Mail spool files and crontabs are always removed when an account is deleted as +these are unconditionally attached to the user name. Jobs queued for processing by .Ar at -are also removed if the user's uid is unique and not also used by another account on the -system. +are also removed if the user's uid is unique and not also used by another +account on the system. .Pp The .Ar usermod command adds one additional option: .Bl -tag -width "-G grouplist" -.It Fl l Ar name +.It Fl l Ar newname This option allows changing of an existing account name to -.Ql \&name . +.Ql \&newname . The new name must not already exist, and any attempt to duplicate an existing account name will be rejected. .El @@ -782,10 +795,24 @@ options (explained at the start of the previous section) are available with the group manipulation commands. Other common options to all group-related commands are: .Bl -tag -width "-m newmembers" -.It Fl n Ar name +.It Oo Fl n Oc Ar name +Required unless +.Fl g Ar gid +is given. Specify the group name. +In the case of +.Ar groupmod +can be a gid. .It Fl g Ar gid +Required if +.Ar name +is not given. Specify the group numeric id. +In the case of +.Ar groupmod +if paired with +.Ar name , +changes the numeric id of the named group. .Pp As with the account name and id fields, you will usually only need to supply one of these, as the group name implies the uid and vice @@ -822,18 +849,19 @@ silently eliminated. also has a .Fl o option that allows allocation of an existing group id to a new group. -The default action is to reject an attempt to add a group, and this option overrides -the check for duplicate group ids. +The default action is to reject an attempt to add a group, +and this option overrides the check for duplicate group ids. There is rarely any need to duplicate a group id. .Pp The .Ar groupmod command adds one additional option: .Bl -tag -width "-m newmembers" -.It Fl l Ar name +.It Fl l Ar newname This option allows changing of an existing group name to -.Ql \&name . -The new name must not already exist, and any attempt to duplicate an existing group +.Ql \&newname . +The new name must not already exist, +and any attempt to duplicate an existing group name will be rejected. .El .Pp -- cgit v1.2.3-56-ge451 From 8d2c73dba6fca1999679ef33013d4c28784d71ba Mon Sep 17 00:00:00 2001 From: Ed Schouten Date: Mon, 3 Aug 2015 22:07:50 +0000 Subject: Avoid calling strlen() where we can use the strspn() return value. --- pw/pw_group.c | 8 ++++---- pw/pw_user.c | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index df2d76d..711ef68 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -297,7 +297,7 @@ pw_group_show(int argc, char **argv, char *arg1) }; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, GID_MAX); else name = arg1; @@ -360,7 +360,7 @@ pw_group_del(int argc, char **argv, char *arg1) bool nis = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, GID_MAX); else name = arg1; @@ -491,7 +491,7 @@ pw_group_add(int argc, char **argv, char *arg1) quiet = precrypted = dryrun = pretty = nis = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, GID_MAX); else name = arg1; @@ -577,7 +577,7 @@ pw_group_mod(int argc, char **argv, char *arg1) quiet = pretty = dryrun = nis = precrypted = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, GID_MAX); else name = arg1; diff --git a/pw/pw_user.c b/pw/pw_user.c index b51a6cb..d9bce87 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -214,7 +214,7 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; @@ -709,7 +709,7 @@ pw_user_show(int argc, char **argv, char *arg1) bool quiet = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; @@ -793,7 +793,7 @@ pw_user_del(int argc, char **argv, char *arg1) bool quiet = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; @@ -1124,7 +1124,7 @@ pw_user_add(int argc, char **argv, char *arg1) err(EXIT_FAILURE, "calloc()"); if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; @@ -1435,7 +1435,7 @@ pw_user_mod(int argc, char **argv, char *arg1) edited = docreatehome = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; -- cgit v1.2.3-56-ge451 From d22586d60e6708b9addf1139d8733bdadde64c15 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Fri, 14 Aug 2015 13:39:55 +0000 Subject: Regression: fix pw usermod -w xxx Reported by: gjb --- pw/pw_user.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pw/pw_user.c b/pw/pw_user.c index d9bce87..5ccbd53 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -1645,6 +1645,8 @@ pw_user_mod(int argc, char **argv, char *arg1) if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); + cnf->default_password = boolean_val(passwd, + cnf->default_password); pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun); edited = true; } -- cgit v1.2.3-56-ge451 From 0eb538dcc100241473d7bc507f83a1dd45683b8c Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Fri, 21 Aug 2015 07:09:53 +0000 Subject: Fix useradd regression: Readd the function to create the parents home directory if it does not exists. if it is only a directory at the top level of the hierarchy symlink it into /usr as it used to be done before. Reported by: kevlo, adrian --- pw/pw_user.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/pw/pw_user.c b/pw/pw_user.c index 5ccbd53..35eb1fb 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -38,6 +38,7 @@ static const char rcsid[] = #include #include #include +#include #include #include #include @@ -84,12 +85,77 @@ static char *shell_path(char const * path, char *shells[], char *sh); static void rmat(uid_t uid); static void rmopie(char const * name); +static void +mkdir_home_parents(int dfd, const char *dir) +{ + struct stat st; + char *dirs, *tmp; + + if (*dir != '/') + errx(EX_DATAERR, "invalid base directory for home '%s'", dir); + + dir++; + + if (fstatat(dfd, dir, &st, 0) != -1) { + if (S_ISDIR(st.st_mode)) + return; + errx(EX_OSFILE, "root home `/%s' is not a directory", dir); + } + + dirs = strdup(dir); + if (dirs == NULL) + errx(EX_UNAVAILABLE, "out of memory"); + + tmp = strrchr(dirs, '/'); + if (tmp == NULL) + return; + tmp[0] = '\0'; + + /* + * This is a kludge especially for Joerg :) + * If the home directory would be created in the root partition, then + * we really create it under /usr which is likely to have more space. + * But we create a symlink from cnf->home -> "/usr" -> cnf->home + */ + if (strchr(dirs, '/') == NULL) { + asprintf(&tmp, "usr/%s", dirs); + if (tmp == NULL) + errx(EX_UNAVAILABLE, "out of memory"); + if (mkdirat(dfd, tmp, _DEF_DIRMODE) != -1 || errno == EEXIST) { + fchownat(dfd, tmp, 0, 0, 0); + symlinkat(tmp, dfd, dirs + 1); + } + free(tmp); + } + tmp = dirs; + if (fstatat(dfd, dirs, &st, 0) == -1) { + while ((tmp = strchr(tmp + 1, '/')) != NULL) { + *tmp = '\0'; + if (fstatat(dfd, dirs, &st, 0) == -1) { + if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "'%s' (root home parent) is not a directory", dirs); + } + *tmp = '/'; + } + } + if (fstatat(dfd, dirs, &st, 0) == -1) { + if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "'%s' (root home parent) is not a directory", dirs); + fchownat(dfd, dirs, 0, 0, 0); + } + + free(dirs); +} + static void create_and_populate_homedir(struct userconf *cnf, struct passwd *pwd, const char *skeldir, mode_t homemode, bool update) { int skelfd = -1; + /* Create home parents directories */ + mkdir_home_parents(conf.rootfd, pwd->pw_dir); + if (skeldir != NULL && *skeldir != '\0') { if (*skeldir == '/') skeldir++; -- cgit v1.2.3-56-ge451 From 310937fee1f84f07d1175c78733da51de818f46e Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Fri, 21 Aug 2015 09:28:20 +0000 Subject: Fix /home symlink creation Add regression test about it --- pw/pw_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw_user.c b/pw/pw_user.c index 35eb1fb..61d468a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -123,7 +123,7 @@ mkdir_home_parents(int dfd, const char *dir) errx(EX_UNAVAILABLE, "out of memory"); if (mkdirat(dfd, tmp, _DEF_DIRMODE) != -1 || errno == EEXIST) { fchownat(dfd, tmp, 0, 0, 0); - symlinkat(tmp, dfd, dirs + 1); + symlinkat(tmp, dfd, dirs); } free(tmp); } -- cgit v1.2.3-56-ge451 From 88f0cfffc11ea9a3fa2d6ff0956b5ecadb3665f7 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Fri, 21 Aug 2015 14:28:14 +0000 Subject: Fix err pointer not initialized to NULL resulting Reported by: "O. Hartmann" --- pw/strtounum.c | 1 + 1 file changed, 1 insertion(+) diff --git a/pw/strtounum.c b/pw/strtounum.c index be57276..b2fefeb 100644 --- a/pw/strtounum.c +++ b/pw/strtounum.c @@ -41,6 +41,7 @@ strtounum(const char * __restrict np, uintmax_t minval, uintmax_t maxval, char *endp; uintmax_t ret; + *errpp = NULL; if (minval > maxval) { errno = EINVAL; if (errpp != NULL) -- cgit v1.2.3-56-ge451 From 9c04af5e0b95f4cebcc065c168ec58a4851b4764 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 12 Sep 2015 08:24:25 +0000 Subject: Regression: fix pw usermod -d Mark the user has having been edited if -d option is passed to usermod and so the request change of home directory actually happen PR: 203052 Reported by: lenzi.sergio@gmail.com MFC after: 2 days --- pw/pw_user.c | 1 + 1 file changed, 1 insertion(+) diff --git a/pw/pw_user.c b/pw/pw_user.c index 61d468a..f133147 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -1694,6 +1694,7 @@ pw_user_mod(int argc, char **argv, char *arg1) if (homedir && strcmp(pwd->pw_dir, homedir) != 0) { pwd->pw_dir = homedir; + edited = true; if (fstatat(conf.rootfd, pwd->pw_dir, &st, 0) == -1) { if (!createhome) warnx("WARNING: home `%s' does not exist", -- cgit v1.2.3-56-ge451