user.c revision 1.127
1 /* $NetBSD: user.c,v 1.127 2011/12/01 00:15:32 dholland Exp $ */ 2 3 /* 4 * Copyright (c) 1999 Alistair G. Crooks. All rights reserved. 5 * Copyright (c) 2005 Liam J. Foy. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote 16 * products derived from this software without specific prior written 17 * permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 20 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 25 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 #include <sys/cdefs.h> 32 33 #ifndef lint 34 __COPYRIGHT("@(#) Copyright (c) 1999\ 35 The NetBSD Foundation, Inc. All rights reserved."); 36 __RCSID("$NetBSD: user.c,v 1.127 2011/12/01 00:15:32 dholland Exp $"); 37 #endif 38 39 #include <sys/types.h> 40 #include <sys/param.h> 41 #include <sys/stat.h> 42 43 #include <ctype.h> 44 #include <dirent.h> 45 #include <err.h> 46 #include <fcntl.h> 47 #include <grp.h> 48 #ifdef EXTENSIONS 49 #include <login_cap.h> 50 #endif 51 #include <paths.h> 52 #include <pwd.h> 53 #include <regex.h> 54 #include <stdarg.h> 55 #include <stdio.h> 56 #include <stdlib.h> 57 #include <string.h> 58 #include <syslog.h> 59 #include <time.h> 60 #include <unistd.h> 61 #include <util.h> 62 #include <errno.h> 63 64 #include "defs.h" 65 #include "usermgmt.h" 66 67 68 /* this struct describes a uid range */ 69 typedef struct range_t { 70 int r_from; /* low uid */ 71 int r_to; /* high uid */ 72 } range_t; 73 74 typedef struct rangelist_t { 75 unsigned rl_rsize; /* size of range array */ 76 unsigned rl_rc; /* # of ranges */ 77 range_t *rl_rv; /* the ranges */ 78 unsigned rl_defrc; /* # of ranges in defaults */ 79 } rangelist_t; 80 81 /* this struct encapsulates the user and group information */ 82 typedef struct user_t { 83 int u_flags; /* see below */ 84 int u_uid; /* uid of user */ 85 char *u_password; /* encrypted password */ 86 char *u_comment; /* comment field */ 87 char *u_home; /* home directory */ 88 mode_t u_homeperm; /* permissions of home dir */ 89 char *u_primgrp; /* primary group */ 90 int u_groupc; /* # of secondary groups */ 91 const char *u_groupv[NGROUPS_MAX]; /* secondary groups */ 92 char *u_shell; /* user's shell */ 93 char *u_basedir; /* base directory for home */ 94 char *u_expire; /* when password will expire */ 95 char *u_inactive; /* when account will expire */ 96 char *u_skeldir; /* directory for startup files */ 97 char *u_class; /* login class */ 98 rangelist_t u_r; /* list of ranges */ 99 unsigned u_defrc; /* # of ranges in defaults */ 100 int u_preserve; /* preserve uids on deletion */ 101 int u_allow_samba; /* allow trailing '$' for samba login names */ 102 int u_locked; /* user account lock */ 103 } user_t; 104 #define u_rsize u_r.rl_rsize 105 #define u_rc u_r.rl_rc 106 #define u_rv u_r.rl_rv 107 #define u_defrc u_r.rl_defrc 108 109 /* this struct encapsulates the user and group information */ 110 typedef struct group_t { 111 rangelist_t g_r; /* list of ranges */ 112 } group_t; 113 #define g_rsize g_r.rl_rsize 114 #define g_rc g_r.rl_rc 115 #define g_rv g_r.rl_rv 116 #define g_defrc g_r.rl_defrc 117 118 typedef struct def_t { 119 user_t user; 120 group_t group; 121 } def_t; 122 123 /* flags for which fields of the user_t replace the passwd entry */ 124 enum { 125 F_COMMENT = 0x0001, 126 F_DUPUID = 0x0002, 127 F_EXPIRE = 0x0004, 128 F_GROUP = 0x0008, 129 F_HOMEDIR = 0x0010, 130 F_MKDIR = 0x0020, 131 F_INACTIVE = 0x0040, 132 F_PASSWORD = 0x0080, 133 F_SECGROUP = 0x0100, 134 F_SHELL = 0x0200, 135 F_UID = 0x0400, 136 F_USERNAME = 0x0800, 137 F_CLASS = 0x1000 138 }; 139 140 #define UNLOCK 0 141 #define LOCK 1 142 #define LOCKED "*LOCKED*" 143 144 #define PATH_LOGINCONF "/etc/login.conf" 145 146 #ifndef DEF_GROUP 147 #define DEF_GROUP "users" 148 #endif 149 150 #ifndef DEF_BASEDIR 151 #define DEF_BASEDIR "/home" 152 #endif 153 154 #ifndef DEF_SKELDIR 155 #define DEF_SKELDIR "/etc/skel" 156 #endif 157 158 #ifndef DEF_SHELL 159 #define DEF_SHELL _PATH_BSHELL 160 #endif 161 162 #ifndef DEF_COMMENT 163 #define DEF_COMMENT "" 164 #endif 165 166 #ifndef DEF_LOWUID 167 #define DEF_LOWUID 1000 168 #endif 169 170 #ifndef DEF_HIGHUID 171 #define DEF_HIGHUID 60000 172 #endif 173 174 #ifndef DEF_INACTIVE 175 #define DEF_INACTIVE 0 176 #endif 177 178 #ifndef DEF_EXPIRE 179 #define DEF_EXPIRE NULL 180 #endif 181 182 #ifndef DEF_CLASS 183 #define DEF_CLASS "" 184 #endif 185 186 #ifndef WAITSECS 187 #define WAITSECS 10 188 #endif 189 190 #ifndef NOBODY_UID 191 #define NOBODY_UID 32767 192 #endif 193 194 #ifndef DEF_HOMEPERM 195 #define DEF_HOMEPERM 0755 196 #endif 197 198 /* some useful constants */ 199 enum { 200 MaxShellNameLen = 256, 201 MaxFileNameLen = MAXPATHLEN, 202 MaxUserNameLen = LOGIN_NAME_MAX - 1, 203 MaxCommandLen = 2048, 204 MaxEntryLen = 2048, 205 PasswordLength = 2048, 206 207 DES_Len = 13, 208 }; 209 210 /* Full paths of programs used here */ 211 #define CHMOD "/bin/chmod" 212 #define CHOWN "/usr/sbin/chown" 213 #define MKDIR "/bin/mkdir" 214 #define MV "/bin/mv" 215 #define NOLOGIN "/sbin/nologin" 216 #define PAX "/bin/pax" 217 #define RM "/bin/rm" 218 219 #define UNSET_INACTIVE "Null (unset)" 220 #define UNSET_EXPIRY "Null (unset)" 221 222 static int asystem(const char *fmt, ...) __printflike(1, 2); 223 static int is_number(const char *); 224 static struct group *find_group_info(const char *); 225 static int verbose; 226 227 static char * 228 skipspace(char *s) 229 { 230 for (; *s && isspace((unsigned char)*s) ; s++) { 231 } 232 return s; 233 } 234 235 static int 236 check_numeric(const char *val, const char *name) 237 { 238 if (!is_number(val)) { 239 errx(EXIT_FAILURE, "When using [-%c %s], " 240 "the %s must be numeric", *name, name, name); 241 } 242 return atoi(val); 243 } 244 245 /* resize *cpp appropriately then assign `n' chars of `s' to it */ 246 static void 247 memsave(char **cpp, const char *s, size_t n) 248 { 249 RENEW(char, *cpp, n + 1, exit(1)); 250 (void)memcpy(*cpp, s, n); 251 (*cpp)[n] = '\0'; 252 } 253 254 /* a replacement for system(3) */ 255 static int 256 asystem(const char *fmt, ...) 257 { 258 va_list vp; 259 char buf[MaxCommandLen]; 260 int ret; 261 262 va_start(vp, fmt); 263 (void)vsnprintf(buf, sizeof(buf), fmt, vp); 264 va_end(vp); 265 if (verbose) { 266 (void)printf("Command: %s\n", buf); 267 } 268 if ((ret = system(buf)) != 0) { 269 warn("Error running `%s'", buf); 270 } 271 return ret; 272 } 273 274 /* remove a users home directory, returning 1 for success (ie, no problems encountered) */ 275 static int 276 removehomedir(struct passwd *pwp) 277 { 278 struct stat st; 279 280 /* userid not root? */ 281 if (pwp->pw_uid == 0) { 282 warnx("Not deleting home directory `%s'; userid is 0", pwp->pw_dir); 283 return 0; 284 } 285 286 /* directory exists (and is a directory!) */ 287 if (stat(pwp->pw_dir, &st) < 0) { 288 warn("Cannot access home directory `%s'", pwp->pw_dir); 289 return 0; 290 } 291 if (!S_ISDIR(st.st_mode)) { 292 warnx("Home directory `%s' is not a directory", pwp->pw_dir); 293 return 0; 294 } 295 296 /* userid matches directory owner? */ 297 if (st.st_uid != pwp->pw_uid) { 298 warnx("User `%s' doesn't own directory `%s', not removed", 299 pwp->pw_name, pwp->pw_dir); 300 return 0; 301 } 302 303 (void)seteuid(pwp->pw_uid); 304 /* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */ 305 (void)asystem("%s -rf %s > /dev/null 2>&1 || true", RM, pwp->pw_dir); 306 (void)seteuid(0); 307 if (rmdir(pwp->pw_dir) < 0) { 308 warn("Unable to remove all files in `%s'", pwp->pw_dir); 309 return 0; 310 } 311 return 1; 312 } 313 314 /* return 1 if all of `s' is numeric */ 315 static int 316 is_number(const char *s) 317 { 318 for ( ; *s ; s++) { 319 if (!isdigit((unsigned char) *s)) { 320 return 0; 321 } 322 } 323 return 1; 324 } 325 326 /* 327 * check that the effective uid is 0 - called from funcs which will 328 * modify data and config files. 329 */ 330 static void 331 checkeuid(void) 332 { 333 if (geteuid() != 0) { 334 errx(EXIT_FAILURE, "Program must be run as root"); 335 } 336 } 337 338 /* copy any dot files into the user's home directory */ 339 static int 340 copydotfiles(char *skeldir, int uid, int gid, char *dir, mode_t homeperm) 341 { 342 struct dirent *dp; 343 DIR *dirp; 344 int n; 345 346 if ((dirp = opendir(skeldir)) == NULL) { 347 warn("Can't open source . files dir `%s'", skeldir); 348 return 0; 349 } 350 for (n = 0; (dp = readdir(dirp)) != NULL && n == 0 ; ) { 351 if (strcmp(dp->d_name, ".") == 0 || 352 strcmp(dp->d_name, "..") == 0) { 353 continue; 354 } 355 n = 1; 356 } 357 (void)closedir(dirp); 358 if (n == 0) { 359 warnx("No \"dot\" initialisation files found"); 360 } else { 361 (void)asystem("cd %s && %s -rw -pe %s . %s", 362 skeldir, PAX, (verbose) ? "-v" : "", dir); 363 } 364 (void)asystem("%s -R -h %d:%d %s", CHOWN, uid, gid, dir); 365 (void)asystem("%s -R u+w %s", CHMOD, dir); 366 #ifdef EXTENSIONS 367 (void)asystem("%s 0%o %s", CHMOD, homeperm, dir); 368 #endif 369 return n; 370 } 371 372 /* create a group entry with gid `gid' */ 373 static int 374 creategid(char *group, int gid, const char *name) 375 { 376 struct stat st; 377 FILE *from; 378 FILE *to; 379 char buf[MaxEntryLen]; 380 char f[MaxFileNameLen]; 381 int fd; 382 int cc; 383 384 if (getgrnam(group) != NULL) { 385 warnx("Can't create group `%s': already exists", group); 386 return 0; 387 } 388 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 389 warn("Can't create group `%s': can't open `%s'", name, 390 _PATH_GROUP); 391 return 0; 392 } 393 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 394 warn("Can't lock `%s'", _PATH_GROUP); 395 (void)fclose(from); 396 return 0; 397 } 398 (void)fstat(fileno(from), &st); 399 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 400 if ((fd = mkstemp(f)) < 0) { 401 warn("Can't create group `%s': mkstemp failed", group); 402 (void)fclose(from); 403 return 0; 404 } 405 if ((to = fdopen(fd, "w")) == NULL) { 406 warn("Can't create group `%s': fdopen `%s' failed", 407 group, f); 408 (void)fclose(from); 409 (void)close(fd); 410 (void)unlink(f); 411 return 0; 412 } 413 while ((cc = fread(buf, sizeof(char), sizeof(buf), from)) > 0) { 414 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 415 warn("Can't create group `%s': short write to `%s'", 416 group, f); 417 (void)fclose(from); 418 (void)close(fd); 419 (void)unlink(f); 420 return 0; 421 } 422 } 423 (void)fprintf(to, "%s:*:%d:%s\n", group, gid, name); 424 (void)fclose(from); 425 (void)fclose(to); 426 if (rename(f, _PATH_GROUP) < 0) { 427 warn("Can't create group `%s': can't rename `%s' to `%s'", 428 group, f, _PATH_GROUP); 429 (void)unlink(f); 430 return 0; 431 } 432 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 433 syslog(LOG_INFO, "New group added: name=%s, gid=%d", group, gid); 434 return 1; 435 } 436 437 /* modify the group entry with name `group' to be newent */ 438 static int 439 modify_gid(char *group, char *newent) 440 { 441 struct stat st; 442 FILE *from; 443 FILE *to; 444 char buf[MaxEntryLen]; 445 char f[MaxFileNameLen]; 446 char *colon; 447 int groupc; 448 int entc; 449 int fd; 450 int cc; 451 452 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 453 warn("Can't modify group `%s': can't open `%s'", 454 group, _PATH_GROUP); 455 return 0; 456 } 457 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 458 warn("Can't modify group `%s': can't lock `%s'", 459 group, _PATH_GROUP); 460 (void)fclose(from); 461 return 0; 462 } 463 (void)fstat(fileno(from), &st); 464 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 465 if ((fd = mkstemp(f)) < 0) { 466 warn("Can't modify group `%s': mkstemp failed", group); 467 (void)fclose(from); 468 return 0; 469 } 470 if ((to = fdopen(fd, "w")) == NULL) { 471 warn("Can't modify group `%s': fdopen `%s' failed", group, f); 472 (void)fclose(from); 473 (void)close(fd); 474 (void)unlink(f); 475 return 0; 476 } 477 groupc = strlen(group); 478 while (fgets(buf, sizeof(buf), from) != NULL) { 479 cc = strlen(buf); 480 if ((colon = strchr(buf, ':')) == NULL) { 481 warnx("Badly formed entry `%s'", buf); 482 continue; 483 } 484 entc = (int)(colon - buf); 485 if (entc == groupc && 486 strncmp(group, buf, (unsigned) entc) == 0) { 487 if (newent == NULL) { 488 struct group *grp_rm; 489 struct passwd *user_pwd; 490 491 /* 492 * Check that the group being removed 493 * isn't any user's Primary group. Just 494 * warn if it is. This could cause problems 495 * if the group GID was reused for a 496 * different purpose. 497 */ 498 499 grp_rm = find_group_info(group); 500 while ((user_pwd = getpwent()) != NULL) { 501 if (user_pwd->pw_gid == grp_rm->gr_gid) { 502 warnx("Warning: group `%s'(%d)" 503 " is the primary group of" 504 " `%s'. Use caution if you" 505 " later add this GID.", 506 grp_rm->gr_name, 507 grp_rm->gr_gid, user_pwd->pw_name); 508 } 509 } 510 endpwent(); 511 continue; 512 } else { 513 cc = strlen(newent); 514 (void)strlcpy(buf, newent, sizeof(buf)); 515 } 516 } 517 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 518 warn("Can't modify group `%s': short write to `%s'", 519 group, f); 520 (void)fclose(from); 521 (void)close(fd); 522 (void)unlink(f); 523 return 0; 524 } 525 } 526 (void)fclose(from); 527 (void)fclose(to); 528 if (rename(f, _PATH_GROUP) < 0) { 529 warn("Can't modify group `%s': can't rename `%s' to `%s'", 530 group, f, _PATH_GROUP); 531 (void)unlink(f); 532 return 0; 533 } 534 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 535 if (newent == NULL) { 536 syslog(LOG_INFO, "group deleted: name=%s", group); 537 } else { 538 syslog(LOG_INFO, "group information modified: name=%s", group); 539 } 540 return 1; 541 } 542 543 /* modify the group entries for all `groups', by adding `user' */ 544 static int 545 append_group(char *user, int ngroups, const char **groups) 546 { 547 struct group *grp; 548 struct stat st; 549 FILE *from; 550 FILE *to; 551 char buf[MaxEntryLen]; 552 char f[MaxFileNameLen]; 553 char *colon; 554 int groupc; 555 int entc; 556 int fd; 557 int nc; 558 int cc; 559 int i; 560 int j; 561 562 for (i = 0 ; i < ngroups ; i++) { 563 if ((grp = getgrnam(groups[i])) == NULL) { 564 warnx("Can't append group `%s' for user `%s'", 565 groups[i], user); 566 } else { 567 for (j = 0 ; grp->gr_mem[j] ; j++) { 568 if (strcmp(user, grp->gr_mem[j]) == 0) { 569 /* already in it */ 570 groups[i] = ""; 571 } 572 } 573 } 574 } 575 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 576 warn("Can't append group(s) for `%s': can't open `%s'", 577 user, _PATH_GROUP); 578 return 0; 579 } 580 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 581 warn("Can't append group(s) for `%s': can't lock `%s'", 582 user, _PATH_GROUP); 583 (void)fclose(from); 584 return 0; 585 } 586 (void)fstat(fileno(from), &st); 587 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 588 if ((fd = mkstemp(f)) < 0) { 589 warn("Can't append group(s) for `%s': mkstemp failed", 590 user); 591 (void)fclose(from); 592 return 0; 593 } 594 if ((to = fdopen(fd, "w")) == NULL) { 595 warn("Can't append group(s) for `%s': fdopen `%s' failed", 596 user, f); 597 (void)fclose(from); 598 (void)close(fd); 599 (void)unlink(f); 600 return 0; 601 } 602 while (fgets(buf, sizeof(buf), from) != NULL) { 603 cc = strlen(buf); 604 if ((colon = strchr(buf, ':')) == NULL) { 605 warnx("Badly formed entry `%s'", buf); 606 continue; 607 } 608 entc = (int)(colon - buf); 609 for (i = 0 ; i < ngroups ; i++) { 610 if ((groupc = strlen(groups[i])) == 0) { 611 continue; 612 } 613 if (entc == groupc && 614 strncmp(groups[i], buf, (unsigned) entc) == 0) { 615 if ((nc = snprintf(&buf[cc - 1], 616 sizeof(buf) - cc + 1, "%s%s\n", 617 (buf[cc - 2] == ':') ? "" : ",", user)) < 0) { 618 warnx("Warning: group `%s' " 619 "entry too long", groups[i]); 620 } 621 cc += nc - 1; 622 } 623 } 624 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 625 warn("Can't append group(s) for `%s':" 626 " short write to `%s'", user, f); 627 (void)fclose(from); 628 (void)close(fd); 629 (void)unlink(f); 630 return 0; 631 } 632 } 633 (void)fclose(from); 634 (void)fclose(to); 635 if (rename(f, _PATH_GROUP) < 0) { 636 warn("Can't append group(s) for `%s': " 637 "can't rename `%s' to `%s'", user, f, _PATH_GROUP); 638 (void)unlink(f); 639 return 0; 640 } 641 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 642 return 1; 643 } 644 645 /* the valid characters for login and group names */ 646 #define VALID_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '_' || (c) == '-') 647 648 /* return 1 if `login' is a valid login name */ 649 static int 650 valid_login(char *login_name, int allow_samba) 651 { 652 unsigned char *cp; 653 654 /* First character of a login name cannot be '-'. */ 655 if (*login_name == '-') { 656 return 0; 657 } 658 if (strlen(login_name) >= LOGIN_NAME_MAX) { 659 return 0; 660 } 661 for (cp = (unsigned char *)login_name ; *cp ; cp++) { 662 if (!VALID_CHAR(*cp)) { 663 #ifdef EXTENSIONS 664 /* check for a trailing '$' in a Samba user name */ 665 if (allow_samba && *cp == '$' && *(cp + 1) == 0x0) { 666 return 1; 667 } 668 #endif 669 return 0; 670 } 671 } 672 return 1; 673 } 674 675 /* return 1 if `group' is a valid group name */ 676 static int 677 valid_group(char *group) 678 { 679 unsigned char *cp; 680 681 for (cp = (unsigned char *)group; *cp; cp++) { 682 if (!VALID_CHAR(*cp)) { 683 return 0; 684 } 685 } 686 return 1; 687 } 688 689 /* find the next gid in the range lo .. hi */ 690 static int 691 getnextgid(int *gidp, int lo, int hi) 692 { 693 for (*gidp = lo ; *gidp < hi ; *gidp += 1) { 694 if (getgrgid((gid_t)*gidp) == NULL) { 695 return 1; 696 } 697 } 698 return 0; 699 } 700 701 #ifdef EXTENSIONS 702 /* save a range of uids */ 703 static int 704 save_range(rangelist_t *rlp, char *cp) 705 { 706 int from; 707 int to; 708 int i; 709 710 if (rlp->rl_rsize == 0) { 711 rlp->rl_rsize = 32; 712 NEWARRAY(range_t, rlp->rl_rv, rlp->rl_rsize, return(0)); 713 } else if (rlp->rl_rc == rlp->rl_rsize) { 714 rlp->rl_rsize *= 2; 715 RENEW(range_t, rlp->rl_rv, rlp->rl_rsize, return(0)); 716 } 717 if (rlp->rl_rv && sscanf(cp, "%d..%d", &from, &to) == 2) { 718 for (i = rlp->rl_defrc ; i < rlp->rl_rc ; i++) { 719 if (rlp->rl_rv[i].r_from == from && 720 rlp->rl_rv[i].r_to == to) { 721 break; 722 } 723 } 724 if (i == rlp->rl_rc) { 725 rlp->rl_rv[rlp->rl_rc].r_from = from; 726 rlp->rl_rv[rlp->rl_rc].r_to = to; 727 rlp->rl_rc += 1; 728 } 729 } else { 730 warnx("Bad range `%s'", cp); 731 return 0; 732 } 733 return 1; 734 } 735 #endif 736 737 /* set the defaults in the defaults file */ 738 static int 739 setdefaults(user_t *up) 740 { 741 char template[MaxFileNameLen]; 742 FILE *fp; 743 int ret; 744 int fd; 745 #ifdef EXTENSIONS 746 int i; 747 #endif 748 749 (void)snprintf(template, sizeof(template), "%s.XXXXXX", 750 _PATH_USERMGMT_CONF); 751 if ((fd = mkstemp(template)) < 0) { 752 warn("Can't set defaults: can't mkstemp `%s' for writing", 753 _PATH_USERMGMT_CONF); 754 return 0; 755 } 756 if ((fp = fdopen(fd, "w")) == NULL) { 757 warn("Can't set defaults: can't fdopen `%s' for writing", 758 _PATH_USERMGMT_CONF); 759 return 0; 760 } 761 ret = 1; 762 if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 || 763 fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 || 764 fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 || 765 fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 || 766 #ifdef EXTENSIONS 767 fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 || 768 fprintf(fp, "homeperm\t0%o\n", up->u_homeperm) <= 0 || 769 #endif 770 fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL) ? 771 UNSET_INACTIVE : up->u_inactive) <= 0 || 772 fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL) ? 773 UNSET_EXPIRY : up->u_expire) <= 0 || 774 fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ? 775 "false" : "true") <= 0) { 776 warn("Can't write to `%s'", _PATH_USERMGMT_CONF); 777 ret = 0; 778 } 779 #ifdef EXTENSIONS 780 for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0; 781 i < up->u_rc ; i++) { 782 if (fprintf(fp, "range\t\t%d..%d\n", up->u_rv[i].r_from, 783 up->u_rv[i].r_to) <= 0) { 784 warn("Can't set defaults: can't write to `%s'", 785 _PATH_USERMGMT_CONF); 786 ret = 0; 787 } 788 } 789 #endif 790 (void)fclose(fp); 791 if (ret) { 792 ret = ((rename(template, _PATH_USERMGMT_CONF) == 0) && 793 (chmod(_PATH_USERMGMT_CONF, 0644) == 0)); 794 } 795 return ret; 796 } 797 798 /* read the defaults file */ 799 static void 800 read_defaults(def_t *dp) 801 { 802 struct stat st; 803 size_t lineno; 804 size_t len; 805 FILE *fp; 806 char *cp; 807 char *s; 808 user_t *up = &dp->user; 809 group_t *gp = &dp->group; 810 811 (void)memset(dp, 0, sizeof(*dp)); 812 813 memsave(&up->u_primgrp, DEF_GROUP, strlen(DEF_GROUP)); 814 memsave(&up->u_basedir, DEF_BASEDIR, strlen(DEF_BASEDIR)); 815 memsave(&up->u_skeldir, DEF_SKELDIR, strlen(DEF_SKELDIR)); 816 memsave(&up->u_shell, DEF_SHELL, strlen(DEF_SHELL)); 817 memsave(&up->u_comment, DEF_COMMENT, strlen(DEF_COMMENT)); 818 #ifdef EXTENSIONS 819 memsave(&up->u_class, DEF_CLASS, strlen(DEF_CLASS)); 820 #endif 821 up->u_rsize = 16; 822 up->u_defrc = 0; 823 NEWARRAY(range_t, up->u_rv, up->u_rsize, exit(1)); 824 up->u_inactive = DEF_INACTIVE; 825 up->u_expire = DEF_EXPIRE; 826 gp->g_rsize = 16; 827 gp->g_defrc = 0; 828 NEWARRAY(range_t, gp->g_rv, gp->g_rsize, exit(1)); 829 if ((fp = fopen(_PATH_USERMGMT_CONF, "r")) == NULL) { 830 if (stat(_PATH_USERMGMT_CONF, &st) < 0 && !setdefaults(up)) { 831 warn("Can't create `%s' defaults file", 832 _PATH_USERMGMT_CONF); 833 } 834 fp = fopen(_PATH_USERMGMT_CONF, "r"); 835 } 836 if (fp != NULL) { 837 while ((s = fparseln(fp, &len, &lineno, NULL, 0)) != NULL) { 838 if (strncmp(s, "group", 5) == 0) { 839 cp = skipspace(s + 5); 840 memsave(&up->u_primgrp, (char *)cp, strlen(cp)); 841 } else if (strncmp(s, "base_dir", 8) == 0) { 842 cp = skipspace(s + 8); 843 memsave(&up->u_basedir, (char *)cp, strlen(cp)); 844 } else if (strncmp(s, "skel_dir", 8) == 0) { 845 cp = skipspace(s + 8); 846 memsave(&up->u_skeldir, (char *)cp, strlen(cp)); 847 } else if (strncmp(s, "shell", 5) == 0) { 848 cp = skipspace(s + 5); 849 memsave(&up->u_shell, cp, strlen(cp)); 850 #ifdef EXTENSIONS 851 } else if (strncmp((char *)s, "class", 5) == 0) { 852 cp = skipspace(s + 5); 853 memsave(&up->u_class, cp, strlen(cp)); 854 #endif 855 #ifdef EXTENSIONS 856 } else if (strncmp(s, "homeperm", 8) == 0) { 857 for (cp = s + 8; *cp && 858 isspace((unsigned char)*cp); cp++) 859 ; 860 up->u_homeperm = strtoul(cp, NULL, 8); 861 #endif 862 } else if (strncmp(s, "inactive", 8) == 0) { 863 cp = skipspace(s + 8); 864 if (strcmp(cp, UNSET_INACTIVE) == 0) { 865 if (up->u_inactive) { 866 FREE(up->u_inactive); 867 } 868 up->u_inactive = NULL; 869 } else { 870 memsave(&up->u_inactive, cp, strlen(cp)); 871 } 872 #ifdef EXTENSIONS 873 } else if (strncmp(s, "range", 5) == 0) { 874 cp = skipspace(s + 5); 875 (void)save_range(&up->u_r, cp); 876 #endif 877 #ifdef EXTENSIONS 878 } else if (strncmp(s, "preserve", 8) == 0) { 879 cp = skipspace(s + 8); 880 up->u_preserve = 881 (strncmp(cp, "true", 4) == 0) ? 1 : 882 (strncmp(cp, "yes", 3) == 0) ? 1 : atoi(cp); 883 #endif 884 } else if (strncmp(s, "expire", 6) == 0) { 885 cp = skipspace(s + 6); 886 if (strcmp(cp, UNSET_EXPIRY) == 0) { 887 if (up->u_expire) { 888 FREE(up->u_expire); 889 } 890 up->u_expire = NULL; 891 } else { 892 memsave(&up->u_expire, cp, strlen(cp)); 893 } 894 #ifdef EXTENSIONS 895 } else if (strncmp(s, "gid_range", 9) == 0) { 896 cp = skipspace(s + 9); 897 (void)save_range(&gp->g_r, cp); 898 #endif 899 } 900 (void)free(s); 901 } 902 (void)fclose(fp); 903 } 904 if (up->u_rc == 0) { 905 up->u_rv[up->u_rc].r_from = DEF_LOWUID; 906 up->u_rv[up->u_rc].r_to = DEF_HIGHUID; 907 up->u_rc += 1; 908 } 909 up->u_defrc = up->u_rc; 910 up->u_homeperm = DEF_HOMEPERM; 911 } 912 913 /* return the next valid unused uid */ 914 static int 915 getnextuid(int sync_uid_gid, int *uid, int low_uid, int high_uid) 916 { 917 for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) { 918 if (getpwuid((uid_t)(*uid)) == NULL && *uid != NOBODY_UID) { 919 if (sync_uid_gid) { 920 if (getgrgid((gid_t)(*uid)) == NULL) { 921 return 1; 922 } 923 } else { 924 return 1; 925 } 926 } 927 } 928 return 0; 929 } 930 931 /* structure which defines a password type */ 932 typedef struct passwd_type_t { 933 const char *type; /* optional type descriptor */ 934 size_t desc_length; /* length of type descriptor */ 935 size_t length; /* length of password */ 936 const char *regex; /* regexp to output the password */ 937 size_t re_sub; /* subscript of regexp to use */ 938 } passwd_type_t; 939 940 static passwd_type_t passwd_types[] = { 941 { "$sha1", 5, 28, "\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* SHA1 */ 942 { "$2a", 3, 53, "\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* Blowfish */ 943 { "$1", 2, 34, NULL, 0 }, /* MD5 */ 944 { "", 0, DES_Len,NULL, 0 }, /* standard DES */ 945 { NULL, (size_t)~0, (size_t)~0, NULL, 0 } 946 /* none - terminate search */ 947 }; 948 949 /* return non-zero if it's a valid password - check length for cipher type */ 950 static int 951 valid_password_length(char *newpasswd) 952 { 953 passwd_type_t *pwtp; 954 regmatch_t matchv[10]; 955 regex_t r; 956 957 for (pwtp = passwd_types; pwtp->desc_length != (size_t)~0; pwtp++) { 958 if (strncmp(newpasswd, pwtp->type, pwtp->desc_length) == 0) { 959 if (pwtp->regex == NULL) { 960 return strlen(newpasswd) == pwtp->length; 961 } 962 (void)regcomp(&r, pwtp->regex, REG_EXTENDED); 963 if (regexec(&r, newpasswd, 10, matchv, 0) == 0) { 964 regfree(&r); 965 return (int)(matchv[pwtp->re_sub].rm_eo - 966 matchv[pwtp->re_sub].rm_so) == 967 pwtp->length; 968 } 969 regfree(&r); 970 } 971 } 972 return 0; 973 } 974 975 #ifdef EXTENSIONS 976 /* return 1 if `class' is a valid login class */ 977 static int 978 valid_class(char *class) 979 { 980 login_cap_t *lc; 981 982 if (class == NULL || *class == '\0') { 983 return 1; 984 } 985 /* 986 * Check if /etc/login.conf exists. login_getclass() will 987 * return 1 due to it not existing, so not informing the 988 * user the actual login class does not exist. 989 */ 990 991 if (access(PATH_LOGINCONF, R_OK) == -1) { 992 warn("Access failed for `%s'; will not validate class `%s'", 993 PATH_LOGINCONF, class); 994 return 1; 995 } 996 997 if ((lc = login_getclass(class)) != NULL) { 998 login_close(lc); 999 return 1; 1000 } 1001 return 0; 1002 } 1003 1004 /* return 1 if the `shellname' is a valid user shell */ 1005 static int 1006 valid_shell(const char *shellname) 1007 { 1008 char *shellp; 1009 1010 if (access(_PATH_SHELLS, R_OK) == -1) { 1011 /* Don't exit */ 1012 warn("Access failed for `%s'; will not validate shell `%s'", 1013 _PATH_SHELLS, shellname); 1014 return 1; 1015 } 1016 1017 /* if nologin is used as a shell, consider it a valid shell */ 1018 if (strcmp(shellname, NOLOGIN) == 0) 1019 return 1; 1020 1021 while ((shellp = getusershell()) != NULL) 1022 if (strcmp(shellp, shellname) == 0) 1023 return 1; 1024 1025 warnx("Shell `%s' not found in `%s'", shellname, _PATH_SHELLS); 1026 1027 return access(shellname, X_OK) != -1; 1028 } 1029 #endif 1030 1031 /* look for a valid time, return 0 if it was specified but bad */ 1032 static int 1033 scantime(time_t *tp, char *s) 1034 { 1035 struct tm tm; 1036 char *ep; 1037 long val; 1038 1039 *tp = 0; 1040 if (s != NULL) { 1041 (void)memset(&tm, 0, sizeof(tm)); 1042 if (strptime(s, "%c", &tm) != NULL) { 1043 *tp = mktime(&tm); 1044 return (*tp == -1) ? 0 : 1; 1045 } else if (strptime(s, "%B %d %Y", &tm) != NULL) { 1046 *tp = mktime(&tm); 1047 return (*tp == -1) ? 0 : 1; 1048 } else { 1049 errno = 0; 1050 *tp = val = strtol(s, &ep, 10); 1051 if (*ep != '\0' || *tp < -1 || errno == ERANGE) { 1052 *tp = 0; 1053 return 0; 1054 } 1055 if (*tp != val) { 1056 return 0; 1057 } 1058 } 1059 } 1060 return 1; 1061 } 1062 1063 /* add a user */ 1064 static int 1065 adduser(char *login_name, user_t *up) 1066 { 1067 struct group *grp; 1068 struct stat st; 1069 time_t expire; 1070 time_t inactive; 1071 char password[PasswordLength + 1]; 1072 char home[MaxFileNameLen]; 1073 char buf[MaxFileNameLen]; 1074 int sync_uid_gid; 1075 int masterfd; 1076 int ptmpfd; 1077 int gid; 1078 int cc; 1079 int i; 1080 1081 if (!valid_login(login_name, up->u_allow_samba)) { 1082 errx(EXIT_FAILURE, "Can't add user `%s': invalid login name", login_name); 1083 } 1084 #ifdef EXTENSIONS 1085 if (!valid_class(up->u_class)) { 1086 errx(EXIT_FAILURE, "Can't add user `%s': no such login class `%s'", 1087 login_name, up->u_class); 1088 } 1089 #endif 1090 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { 1091 err(EXIT_FAILURE, "Can't add user `%s': can't open `%s'", 1092 login_name, _PATH_MASTERPASSWD); 1093 } 1094 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { 1095 err(EXIT_FAILURE, "Can't add user `%s': can't lock `%s'", 1096 login_name, _PATH_MASTERPASSWD); 1097 } 1098 pw_init(); 1099 if ((ptmpfd = pw_lock(WAITSECS)) < 0) { 1100 int serrno = errno; 1101 (void)close(masterfd); 1102 errno = serrno; 1103 err(EXIT_FAILURE, "Can't add user `%s': can't obtain pw_lock", 1104 login_name); 1105 } 1106 while ((cc = read(masterfd, buf, sizeof(buf))) > 0) { 1107 if (write(ptmpfd, buf, (size_t)(cc)) != cc) { 1108 int serrno = errno; 1109 (void)close(masterfd); 1110 (void)close(ptmpfd); 1111 (void)pw_abort(); 1112 errno = serrno; 1113 err(EXIT_FAILURE, "Can't add user `%s': " 1114 "short write to /etc/ptmp", login_name); 1115 } 1116 } 1117 (void)close(masterfd); 1118 /* if no uid was specified, get next one in [low_uid..high_uid] range */ 1119 sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0); 1120 if (up->u_uid == -1) { 1121 int got_id = 0; 1122 1123 /* 1124 * Look for a free UID in the command line ranges (if any). 1125 * These start after the ranges specified in the config file. 1126 */ 1127 for (i = up->u_defrc; !got_id && i < up->u_rc ; i++) { 1128 got_id = getnextuid(sync_uid_gid, &up->u_uid, 1129 up->u_rv[i].r_from, up->u_rv[i].r_to); 1130 } 1131 /* 1132 * If there were no free UIDs in the command line ranges, 1133 * try the ranges from the config file (there will always 1134 * be at least one default). 1135 */ 1136 for (i = 0; !got_id && i < up->u_defrc; i++) { 1137 got_id = getnextuid(sync_uid_gid, &up->u_uid, 1138 up->u_rv[i].r_from, up->u_rv[i].r_to); 1139 } 1140 if (!got_id) { 1141 (void)close(ptmpfd); 1142 (void)pw_abort(); 1143 errx(EXIT_FAILURE, "Can't add user `%s': " 1144 "can't get next uid for %d", login_name, 1145 up->u_uid); 1146 } 1147 } 1148 /* check uid isn't already allocated */ 1149 if (!(up->u_flags & F_DUPUID) && getpwuid((uid_t)(up->u_uid)) != NULL) { 1150 (void)close(ptmpfd); 1151 (void)pw_abort(); 1152 errx(EXIT_FAILURE, "Can't add user `%s': " 1153 "uid %d is already in use", login_name, up->u_uid); 1154 } 1155 /* if -g=uid was specified, check gid is unused */ 1156 if (sync_uid_gid) { 1157 if (getgrgid((gid_t)(up->u_uid)) != NULL) { 1158 (void)close(ptmpfd); 1159 (void)pw_abort(); 1160 errx(EXIT_FAILURE, "Can't add user `%s': " 1161 "gid %d is already in use", login_name, 1162 up->u_uid); 1163 } 1164 gid = up->u_uid; 1165 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { 1166 gid = grp->gr_gid; 1167 } else if (is_number(up->u_primgrp) && 1168 (grp = getgrgid((gid_t)atoi(up->u_primgrp))) != NULL) { 1169 gid = grp->gr_gid; 1170 } else { 1171 (void)close(ptmpfd); 1172 (void)pw_abort(); 1173 errx(EXIT_FAILURE, "Can't add user `%s': group %s not found", 1174 login_name, up->u_primgrp); 1175 } 1176 /* check name isn't already in use */ 1177 if (!(up->u_flags & F_DUPUID) && getpwnam(login_name) != NULL) { 1178 (void)close(ptmpfd); 1179 (void)pw_abort(); 1180 errx(EXIT_FAILURE, "Can't add user `%s': " 1181 "`%s' is already a user", login_name, login_name); 1182 } 1183 if (up->u_flags & F_HOMEDIR) { 1184 (void)strlcpy(home, up->u_home, sizeof(home)); 1185 } else { 1186 /* if home directory hasn't been given, make it up */ 1187 (void)snprintf(home, sizeof(home), "%s/%s", up->u_basedir, 1188 login_name); 1189 } 1190 if (up->u_flags & F_SHELL) { 1191 #ifdef EXTENSIONS 1192 if (!valid_shell(up->u_shell)) { 1193 int oerrno = errno; 1194 (void)close(ptmpfd); 1195 (void)pw_abort(); 1196 errno = oerrno; 1197 errx(EXIT_FAILURE, "Can't add user `%s': " 1198 "Cannot access shell `%s'", 1199 login_name, up->u_shell); 1200 } 1201 #endif 1202 } 1203 1204 if (!scantime(&inactive, up->u_inactive)) { 1205 warnx("Warning: inactive time `%s' invalid, password expiry off", 1206 up->u_inactive); 1207 } 1208 if (!scantime(&expire, up->u_expire) || expire == -1) { 1209 warnx("Warning: expire time `%s' invalid, account expiry off", 1210 up->u_expire); 1211 expire = 0; /* Just in case. */ 1212 } 1213 if (lstat(home, &st) < 0 && !(up->u_flags & F_MKDIR)) { 1214 warnx("Warning: home directory `%s' doesn't exist, " 1215 "and -m was not specified", home); 1216 } 1217 password[sizeof(password) - 1] = '\0'; 1218 if (up->u_password != NULL && valid_password_length(up->u_password)) { 1219 (void)strlcpy(password, up->u_password, sizeof(password)); 1220 } else { 1221 (void)memset(password, '*', DES_Len); 1222 password[DES_Len] = 0; 1223 if (up->u_password != NULL) { 1224 warnx("Password `%s' is invalid: setting it to `%s'", 1225 up->u_password, password); 1226 } 1227 } 1228 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n", 1229 login_name, 1230 password, 1231 up->u_uid, 1232 gid, 1233 #ifdef EXTENSIONS 1234 up->u_class, 1235 #else 1236 "", 1237 #endif 1238 (long) inactive, 1239 (long) expire, 1240 up->u_comment, 1241 home, 1242 up->u_shell); 1243 if (write(ptmpfd, buf, (size_t) cc) != cc) { 1244 int serrno = errno; 1245 (void)close(ptmpfd); 1246 (void)pw_abort(); 1247 errno = serrno; 1248 err(EXIT_FAILURE, "Can't add user `%s': write failed", 1249 login_name); 1250 } 1251 if (up->u_flags & F_MKDIR) { 1252 if (lstat(home, &st) == 0) { 1253 (void)close(ptmpfd); 1254 (void)pw_abort(); 1255 errx(EXIT_FAILURE, 1256 "Can't add user `%s': home directory `%s' " 1257 "already exists", login_name, home); 1258 } else { 1259 if (asystem("%s -p %s", MKDIR, home) != 0) { 1260 (void)close(ptmpfd); 1261 (void)pw_abort(); 1262 errx(EXIT_FAILURE, "Can't add user `%s': " 1263 "can't mkdir `%s'", login_name, home); 1264 } 1265 (void)copydotfiles(up->u_skeldir, up->u_uid, gid, home, 1266 up->u_homeperm); 1267 } 1268 } 1269 if (strcmp(up->u_primgrp, "=uid") == 0 && 1270 getgrnam(login_name) == NULL && 1271 !creategid(login_name, gid, login_name)) { 1272 (void)close(ptmpfd); 1273 (void)pw_abort(); 1274 errx(EXIT_FAILURE, "Can't add user `%s': can't create gid %d ", 1275 login_name, gid); 1276 } 1277 if (up->u_groupc > 0 && 1278 !append_group(login_name, up->u_groupc, up->u_groupv)) { 1279 (void)close(ptmpfd); 1280 (void)pw_abort(); 1281 errx(EXIT_FAILURE, "Can't add user `%s': can't append " 1282 "to new groups", login_name); 1283 } 1284 (void)close(ptmpfd); 1285 #if PW_MKDB_ARGC == 2 1286 if (pw_mkdb(login_name, 0) < 0) 1287 #else 1288 if (pw_mkdb() < 0) 1289 #endif 1290 { 1291 (void)pw_abort(); 1292 errx(EXIT_FAILURE, "Can't add user `%s': pw_mkdb failed", 1293 login_name); 1294 } 1295 syslog(LOG_INFO, "New user added: name=%s, uid=%d, gid=%d, home=%s, " 1296 "shell=%s", login_name, up->u_uid, gid, home, up->u_shell); 1297 return 1; 1298 } 1299 1300 /* remove a user from the groups file */ 1301 static int 1302 rm_user_from_groups(char *login_name) 1303 { 1304 struct stat st; 1305 regmatch_t matchv[10]; 1306 regex_t r; 1307 FILE *from; 1308 FILE *to; 1309 char line[MaxEntryLen]; 1310 char buf[MaxEntryLen]; 1311 char f[MaxFileNameLen]; 1312 int fd; 1313 int cc; 1314 int sc; 1315 1316 (void)snprintf(line, sizeof(line), "(:|,)(%s)(,|$)", login_name); 1317 if ((sc = regcomp(&r, line, REG_EXTENDED|REG_NEWLINE)) != 0) { 1318 (void)regerror(sc, &r, buf, sizeof(buf)); 1319 warnx("Can't compile regular expression `%s' (%s)", line, 1320 buf); 1321 return 0; 1322 } 1323 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 1324 warn("Can't remove user `%s' from `%s': can't open `%s'", 1325 login_name, _PATH_GROUP, _PATH_GROUP); 1326 return 0; 1327 } 1328 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 1329 warn("Can't remove user `%s' from `%s': can't lock `%s'", 1330 login_name, _PATH_GROUP, _PATH_GROUP); 1331 (void)fclose(from); 1332 return 0; 1333 } 1334 (void)fstat(fileno(from), &st); 1335 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 1336 if ((fd = mkstemp(f)) < 0) { 1337 warn("Can't remove user `%s' from `%s': mkstemp failed", 1338 login_name, _PATH_GROUP); 1339 (void)fclose(from); 1340 return 0; 1341 } 1342 if ((to = fdopen(fd, "w")) == NULL) { 1343 warn("Can't remove user `%s' from `%s': fdopen `%s' failed", 1344 login_name, _PATH_GROUP, f); 1345 (void)fclose(from); 1346 (void)close(fd); 1347 (void)unlink(f); 1348 return 0; 1349 } 1350 while (fgets(buf, sizeof(buf), from) != NULL) { 1351 cc = strlen(buf); 1352 if (regexec(&r, buf, 10, matchv, 0) == 0) { 1353 if (buf[(int)matchv[1].rm_so] == ',') { 1354 matchv[2].rm_so = matchv[1].rm_so; 1355 } else if (matchv[2].rm_eo != matchv[3].rm_eo) { 1356 matchv[2].rm_eo = matchv[3].rm_eo; 1357 } 1358 cc -= (int) matchv[2].rm_eo; 1359 sc = (int) matchv[2].rm_so; 1360 if (fwrite(buf, sizeof(char), (size_t)sc, to) != sc || 1361 fwrite(&buf[(int)matchv[2].rm_eo], sizeof(char), 1362 (size_t)cc, to) != cc) { 1363 warn("Can't remove user `%s' from `%s': " 1364 "short write to `%s'", login_name, 1365 _PATH_GROUP, f); 1366 (void)fclose(from); 1367 (void)close(fd); 1368 (void)unlink(f); 1369 return 0; 1370 } 1371 } else if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 1372 warn("Can't remove user `%s' from `%s': " 1373 "short write to `%s'", login_name, _PATH_GROUP, f); 1374 (void)fclose(from); 1375 (void)close(fd); 1376 (void)unlink(f); 1377 return 0; 1378 } 1379 } 1380 (void)fclose(from); 1381 (void)fclose(to); 1382 if (rename(f, _PATH_GROUP) < 0) { 1383 warn("Can't remove user `%s' from `%s': " 1384 "can't rename `%s' to `%s'", 1385 login_name, _PATH_GROUP, f, _PATH_GROUP); 1386 (void)unlink(f); 1387 return 0; 1388 } 1389 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 1390 return 1; 1391 } 1392 1393 /* check that the user or group is local, not from YP/NIS */ 1394 static int 1395 is_local(char *name, const char *file) 1396 { 1397 FILE *fp; 1398 char buf[MaxEntryLen]; 1399 size_t len; 1400 int ret; 1401 1402 if ((fp = fopen(file, "r")) == NULL) { 1403 err(EXIT_FAILURE, "Can't open `%s'", file); 1404 } 1405 len = strlen(name); 1406 for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL ; ) { 1407 if (strncmp(buf, name, len) == 0 && buf[len] == ':') { 1408 ret = 1; 1409 break; 1410 } 1411 } 1412 (void)fclose(fp); 1413 return ret; 1414 } 1415 1416 /* modify a user */ 1417 static int 1418 moduser(char *login_name, char *newlogin, user_t *up, int allow_samba) 1419 { 1420 struct passwd *pwp, pw; 1421 struct group *grp; 1422 const char *homedir; 1423 char *locked_pwd; 1424 size_t colonc; 1425 size_t loginc; 1426 size_t len; 1427 FILE *master; 1428 char newdir[MaxFileNameLen]; 1429 char buf[MaxEntryLen]; 1430 char pwbuf[MaxEntryLen]; 1431 char *colon; 1432 int masterfd; 1433 int ptmpfd; 1434 int error; 1435 1436 if (!valid_login(newlogin, allow_samba)) { 1437 errx(EXIT_FAILURE, "Can't modify user `%s': invalid login name", 1438 login_name); 1439 } 1440 if (getpwnam_r(login_name, &pw, pwbuf, sizeof(pwbuf), &pwp) != 0 1441 || pwp == NULL) { 1442 errx(EXIT_FAILURE, "Can't modify user `%s': no such user", 1443 login_name); 1444 } 1445 if (!is_local(login_name, _PATH_MASTERPASSWD)) { 1446 errx(EXIT_FAILURE, "Can't modify user `%s': must be a local user", 1447 login_name); 1448 } 1449 /* keep dir name in case we need it for '-m' */ 1450 homedir = pwp->pw_dir; 1451 1452 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { 1453 err(EXIT_FAILURE, "Can't modify user `%s': can't open `%s'", 1454 login_name, _PATH_MASTERPASSWD); 1455 } 1456 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { 1457 err(EXIT_FAILURE, "Can't modify user `%s': can't lock `%s'", 1458 login_name, _PATH_MASTERPASSWD); 1459 } 1460 pw_init(); 1461 if ((ptmpfd = pw_lock(WAITSECS)) < 0) { 1462 int serrno = errno; 1463 (void)close(masterfd); 1464 errno = serrno; 1465 err(EXIT_FAILURE, "Can't modify user `%s': " 1466 "can't obtain pw_lock", login_name); 1467 } 1468 if ((master = fdopen(masterfd, "r")) == NULL) { 1469 int serrno = errno; 1470 (void)close(masterfd); 1471 (void)close(ptmpfd); 1472 (void)pw_abort(); 1473 errno = serrno; 1474 err(EXIT_FAILURE, "Can't modify user `%s': " 1475 "fdopen fd for %s", login_name, _PATH_MASTERPASSWD); 1476 } 1477 if (up != NULL) { 1478 if (up->u_flags & F_USERNAME) { 1479 /* 1480 * If changing name, 1481 * check new name isn't already in use 1482 */ 1483 if (strcmp(login_name, newlogin) != 0 && 1484 getpwnam(newlogin) != NULL) { 1485 (void)close(ptmpfd); 1486 (void)pw_abort(); 1487 errx(EXIT_FAILURE, "Can't modify user `%s': " 1488 "`%s' is already a user", login_name, 1489 newlogin); 1490 } 1491 pwp->pw_name = newlogin; 1492 1493 /* 1494 * Provide a new directory name in case the 1495 * home directory is to be moved. 1496 */ 1497 if (up->u_flags & F_MKDIR) { 1498 (void)snprintf(newdir, sizeof(newdir), "%s/%s", 1499 up->u_basedir, newlogin); 1500 pwp->pw_dir = newdir; 1501 } 1502 } 1503 if (up->u_flags & F_PASSWORD) { 1504 if (up->u_password != NULL) { 1505 if (!valid_password_length(up->u_password)) { 1506 (void)close(ptmpfd); 1507 (void)pw_abort(); 1508 errx(EXIT_FAILURE, 1509 "Can't modify user `%s': " 1510 "invalid password: `%s'", 1511 login_name, up->u_password); 1512 } 1513 if ((locked_pwd = 1514 strstr(pwp->pw_passwd, LOCKED)) != NULL) { 1515 /* 1516 * account is locked - keep it locked 1517 * and just change the password. 1518 */ 1519 if (asprintf(&locked_pwd, "%s%s", 1520 LOCKED, up->u_password) == -1) { 1521 (void)close(ptmpfd); 1522 (void)pw_abort(); 1523 err(EXIT_FAILURE, 1524 "Can't modify user `%s': " 1525 "asprintf failed", 1526 login_name); 1527 } 1528 pwp->pw_passwd = locked_pwd; 1529 } else { 1530 pwp->pw_passwd = up->u_password; 1531 } 1532 } 1533 } 1534 1535 /* check whether we should lock the account. */ 1536 if (up->u_locked == LOCK) { 1537 /* check to see account if already locked. */ 1538 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) 1539 != NULL) { 1540 warnx("Account is already locked"); 1541 } else { 1542 if (asprintf(&locked_pwd, "%s%s", LOCKED, 1543 pwp->pw_passwd) == -1) { 1544 (void)close(ptmpfd); 1545 (void)pw_abort(); 1546 err(EXIT_FAILURE, 1547 "Can't modify user `%s': " 1548 "asprintf failed", login_name); 1549 } 1550 pwp->pw_passwd = locked_pwd; 1551 } 1552 } else if (up->u_locked == UNLOCK) { 1553 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) 1554 == NULL) { 1555 warnx("Can't modify user `%s': " 1556 "account is not locked", login_name); 1557 } else { 1558 pwp->pw_passwd = locked_pwd + strlen(LOCKED); 1559 } 1560 } 1561 1562 if (up->u_flags & F_UID) { 1563 /* check uid isn't already allocated */ 1564 if (!(up->u_flags & F_DUPUID) && 1565 getpwuid((uid_t)(up->u_uid)) != NULL) { 1566 (void)close(ptmpfd); 1567 (void)pw_abort(); 1568 errx(EXIT_FAILURE, "Can't modify user `%s': " 1569 "uid `%d' is already in use", login_name, 1570 up->u_uid); 1571 } 1572 pwp->pw_uid = up->u_uid; 1573 } 1574 if (up->u_flags & F_GROUP) { 1575 /* if -g=uid was specified, check gid is unused */ 1576 if (strcmp(up->u_primgrp, "=uid") == 0) { 1577 if (getgrgid((gid_t)(pwp->pw_uid)) != NULL) { 1578 (void)close(ptmpfd); 1579 (void)pw_abort(); 1580 errx(EXIT_FAILURE, 1581 "Can't modify user `%s': " 1582 "gid %d is already in use", 1583 login_name, up->u_uid); 1584 } 1585 pwp->pw_gid = pwp->pw_uid; 1586 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { 1587 pwp->pw_gid = grp->gr_gid; 1588 } else if (is_number(up->u_primgrp) && 1589 (grp = getgrgid( 1590 (gid_t)atoi(up->u_primgrp))) != NULL) { 1591 pwp->pw_gid = grp->gr_gid; 1592 } else { 1593 (void)close(ptmpfd); 1594 (void)pw_abort(); 1595 errx(EXIT_FAILURE, "Can't modify user `%s': " 1596 "group %s not found", login_name, 1597 up->u_primgrp); 1598 } 1599 } 1600 if (up->u_flags & F_INACTIVE) { 1601 if (!scantime(&pwp->pw_change, up->u_inactive)) { 1602 warnx("Warning: inactive time `%s' invalid, " 1603 "password expiry off", 1604 up->u_inactive); 1605 } 1606 } 1607 if (up->u_flags & F_EXPIRE) { 1608 if (!scantime(&pwp->pw_expire, up->u_expire) || 1609 pwp->pw_expire == -1) { 1610 warnx("Warning: expire time `%s' invalid, " 1611 "account expiry off", 1612 up->u_expire); 1613 pwp->pw_expire = 0; 1614 } 1615 } 1616 if (up->u_flags & F_COMMENT) { 1617 pwp->pw_gecos = up->u_comment; 1618 } 1619 if (up->u_flags & F_HOMEDIR) { 1620 pwp->pw_dir = up->u_home; 1621 } 1622 if (up->u_flags & F_SHELL) { 1623 #ifdef EXTENSIONS 1624 if (!valid_shell(up->u_shell)) { 1625 int oerrno = errno; 1626 (void)close(ptmpfd); 1627 (void)pw_abort(); 1628 errno = oerrno; 1629 errx(EXIT_FAILURE, "Can't modify user `%s': " 1630 "Cannot access shell `%s'", 1631 login_name, up->u_shell); 1632 } 1633 pwp->pw_shell = up->u_shell; 1634 #else 1635 pwp->pw_shell = up->u_shell; 1636 #endif 1637 } 1638 #ifdef EXTENSIONS 1639 if (up->u_flags & F_CLASS) { 1640 if (!valid_class(up->u_class)) { 1641 (void)close(ptmpfd); 1642 (void)pw_abort(); 1643 errx(EXIT_FAILURE, "Can't modify user `%s': " 1644 "no such login class `%s'", login_name, 1645 up->u_class); 1646 } 1647 pwp->pw_class = up->u_class; 1648 } 1649 #endif 1650 } 1651 loginc = strlen(login_name); 1652 while (fgets(buf, sizeof(buf), master) != NULL) { 1653 if ((colon = strchr(buf, ':')) == NULL) { 1654 warnx("Malformed entry `%s'. Skipping", buf); 1655 continue; 1656 } 1657 colonc = (size_t)(colon - buf); 1658 if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) { 1659 if (up != NULL) { 1660 len = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:" 1661 #ifdef EXTENSIONS 1662 "%s" 1663 #endif 1664 ":%ld:%ld:%s:%s:%s\n", 1665 newlogin, 1666 pwp->pw_passwd, 1667 pwp->pw_uid, 1668 pwp->pw_gid, 1669 #ifdef EXTENSIONS 1670 pwp->pw_class, 1671 #endif 1672 (long)pwp->pw_change, 1673 (long)pwp->pw_expire, 1674 pwp->pw_gecos, 1675 pwp->pw_dir, 1676 pwp->pw_shell); 1677 if (write(ptmpfd, buf, len) != len) { 1678 int serrno = errno; 1679 (void)close(ptmpfd); 1680 (void)pw_abort(); 1681 errno = serrno; 1682 err(EXIT_FAILURE, "Can't modify user " 1683 "`%s': write", login_name); 1684 } 1685 } 1686 } else { 1687 len = strlen(buf); 1688 if (write(ptmpfd, buf, len) != len) { 1689 int serrno = errno; 1690 (void)close(masterfd); 1691 (void)close(ptmpfd); 1692 (void)pw_abort(); 1693 errno = serrno; 1694 err(EXIT_FAILURE, "Can't modify `%s': " 1695 "write", login_name); 1696 } 1697 } 1698 } 1699 if (up != NULL) { 1700 if ((up->u_flags & F_MKDIR) && 1701 asystem("%s %s %s", MV, homedir, pwp->pw_dir) != 0) { 1702 (void)close(ptmpfd); 1703 (void)pw_abort(); 1704 errx(EXIT_FAILURE, "Can't modify user `%s': " 1705 "can't move `%s' to `%s'", 1706 login_name, homedir, pwp->pw_dir); 1707 } 1708 if (up->u_groupc > 0 && 1709 !append_group(newlogin, up->u_groupc, up->u_groupv)) { 1710 (void)close(ptmpfd); 1711 (void)pw_abort(); 1712 errx(EXIT_FAILURE, "Can't modify user `%s': " 1713 "can't append `%s' to new groups", 1714 login_name, newlogin); 1715 } 1716 } 1717 (void)close(ptmpfd); 1718 (void)fclose(master); 1719 #if PW_MKDB_ARGC == 2 1720 if (up != NULL && strcmp(login_name, newlogin) == 0) { 1721 error = pw_mkdb(login_name, 0); 1722 } else { 1723 error = pw_mkdb(NULL, 0); 1724 } 1725 #else 1726 error = pw_mkdb(); 1727 #endif 1728 if (error < 0) { 1729 (void)pw_abort(); 1730 errx(EXIT_FAILURE, "Can't modify user `%s': pw_mkdb failed", 1731 login_name); 1732 } 1733 if (up == NULL) { 1734 syslog(LOG_INFO, "User removed: name=%s", login_name); 1735 } else if (strcmp(login_name, newlogin) == 0) { 1736 syslog(LOG_INFO, "User information modified: name=%s, uid=%d, " 1737 "gid=%d, home=%s, shell=%s", 1738 login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, 1739 pwp->pw_shell); 1740 } else { 1741 syslog(LOG_INFO, "User information modified: name=%s, " 1742 "new name=%s, uid=%d, gid=%d, home=%s, shell=%s", 1743 login_name, newlogin, pwp->pw_uid, pwp->pw_gid, 1744 pwp->pw_dir, pwp->pw_shell); 1745 } 1746 return 1; 1747 } 1748 1749 #ifdef EXTENSIONS 1750 /* see if we can find out the user struct */ 1751 static struct passwd * 1752 find_user_info(const char *name) 1753 { 1754 struct passwd *pwp; 1755 1756 if ((pwp = getpwnam(name)) != NULL) { 1757 return pwp; 1758 } 1759 if (is_number(name) && (pwp = getpwuid((uid_t)atoi(name))) != NULL) { 1760 return pwp; 1761 } 1762 return NULL; 1763 } 1764 #endif 1765 1766 /* see if we can find out the group struct */ 1767 static struct group * 1768 find_group_info(const char *name) 1769 { 1770 struct group *grp; 1771 1772 if ((grp = getgrnam(name)) != NULL) { 1773 return grp; 1774 } 1775 if (is_number(name) && (grp = getgrgid((gid_t)atoi(name))) != NULL) { 1776 return grp; 1777 } 1778 return NULL; 1779 } 1780 1781 /* print out usage message, and then exit */ 1782 void 1783 usermgmt_usage(const char *prog) 1784 { 1785 if (strcmp(prog, "useradd") == 0) { 1786 (void)fprintf(stderr, "usage: %s -D [-F] [-b base-dir] " 1787 "[-e expiry-time] [-f inactive-time]\n" 1788 "\t[-g gid | name | =uid] [-k skel-dir] [-L login-class]\n" 1789 "\t[-M homeperm] [-r lowuid..highuid] [-s shell]\n", prog); 1790 (void)fprintf(stderr, "usage: %s [-moSv] [-b base-dir] " 1791 "[-c comment] [-d home-dir] [-e expiry-time]\n" 1792 "\t[-f inactive-time] [-G secondary-group] " 1793 "[-g gid | name | =uid]\n" 1794 "\t[-k skeletondir] [-L login-class] [-M homeperm] " 1795 "[-p password]\n" 1796 "\t[-r lowuid..highuid] [-s shell] [-u uid] user\n", 1797 prog); 1798 } else if (strcmp(prog, "usermod") == 0) { 1799 (void)fprintf(stderr, "usage: %s [-FmoSv] [-C yes/no] " 1800 "[-c comment] [-d home-dir] [-e expiry-time]\n" 1801 "\t[-f inactive] [-G secondary-group] " 1802 "[-g gid | name | =uid]\n" 1803 "\t[-L login-class] [-l new-login] [-p password] " 1804 "[-s shell] [-u uid]\n" 1805 "\tuser\n", prog); 1806 } else if (strcmp(prog, "userdel") == 0) { 1807 (void)fprintf(stderr, "usage: %s -D [-p preserve-value]\n", prog); 1808 (void)fprintf(stderr, 1809 "usage: %s [-rSv] [-p preserve-value] user\n", prog); 1810 #ifdef EXTENSIONS 1811 } else if (strcmp(prog, "userinfo") == 0) { 1812 (void)fprintf(stderr, "usage: %s [-e] user\n", prog); 1813 #endif 1814 } else if (strcmp(prog, "groupadd") == 0) { 1815 (void)fprintf(stderr, "usage: %s [-ov] [-g gid]" 1816 " [-r lowgid..highgid] group\n", prog); 1817 } else if (strcmp(prog, "groupdel") == 0) { 1818 (void)fprintf(stderr, "usage: %s [-v] group\n", prog); 1819 } else if (strcmp(prog, "groupmod") == 0) { 1820 (void)fprintf(stderr, 1821 "usage: %s [-ov] [-g gid] [-n newname] group\n", prog); 1822 } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) { 1823 (void)fprintf(stderr, 1824 "usage: %s ( add | del | mod | info ) ...\n", prog); 1825 #ifdef EXTENSIONS 1826 } else if (strcmp(prog, "groupinfo") == 0) { 1827 (void)fprintf(stderr, "usage: %s [-ev] group\n", prog); 1828 #endif 1829 } 1830 exit(EXIT_FAILURE); 1831 /* NOTREACHED */ 1832 } 1833 1834 #ifdef EXTENSIONS 1835 #define ADD_OPT_EXTENSIONS "M:p:r:vL:S" 1836 #else 1837 #define ADD_OPT_EXTENSIONS 1838 #endif 1839 1840 int 1841 useradd(int argc, char **argv) 1842 { 1843 def_t def; 1844 user_t *up = &def.user; 1845 int defaultfield; 1846 int bigD; 1847 int c; 1848 #ifdef EXTENSIONS 1849 int i; 1850 #endif 1851 1852 read_defaults(&def); 1853 up->u_uid = -1; 1854 defaultfield = bigD = 0; 1855 while ((c = getopt(argc, argv, "DFG:b:c:d:e:f:g:k:mou:s:" 1856 ADD_OPT_EXTENSIONS)) != -1) { 1857 switch(c) { 1858 case 'D': 1859 bigD = 1; 1860 break; 1861 case 'F': 1862 /* 1863 * Setting -1 will force the new user to 1864 * change their password as soon as they 1865 * next log in - passwd(5). 1866 */ 1867 defaultfield = 1; 1868 memsave(&up->u_inactive, "-1", strlen("-1")); 1869 break; 1870 case 'G': 1871 while (up->u_groupc < NGROUPS_MAX && 1872 (up->u_groupv[up->u_groupc] = strsep(&optarg, ",")) != NULL) { 1873 if (up->u_groupv[up->u_groupc][0] != 0) { 1874 up->u_groupc++; 1875 } 1876 } 1877 if (optarg != NULL) { 1878 warnx("Truncated list of secondary groups " 1879 "to %d entries", NGROUPS_MAX); 1880 } 1881 break; 1882 #ifdef EXTENSIONS 1883 case 'S': 1884 up->u_allow_samba = 1; 1885 break; 1886 #endif 1887 case 'b': 1888 defaultfield = 1; 1889 memsave(&up->u_basedir, optarg, strlen(optarg)); 1890 break; 1891 case 'c': 1892 memsave(&up->u_comment, optarg, strlen(optarg)); 1893 break; 1894 case 'd': 1895 memsave(&up->u_home, optarg, strlen(optarg)); 1896 up->u_flags |= F_HOMEDIR; 1897 break; 1898 case 'e': 1899 defaultfield = 1; 1900 memsave(&up->u_expire, optarg, strlen(optarg)); 1901 break; 1902 case 'f': 1903 defaultfield = 1; 1904 memsave(&up->u_inactive, optarg, strlen(optarg)); 1905 break; 1906 case 'g': 1907 defaultfield = 1; 1908 memsave(&up->u_primgrp, optarg, strlen(optarg)); 1909 break; 1910 case 'k': 1911 defaultfield = 1; 1912 memsave(&up->u_skeldir, optarg, strlen(optarg)); 1913 break; 1914 #ifdef EXTENSIONS 1915 case 'L': 1916 defaultfield = 1; 1917 memsave(&up->u_class, optarg, strlen(optarg)); 1918 break; 1919 #endif 1920 case 'm': 1921 up->u_flags |= F_MKDIR; 1922 break; 1923 #ifdef EXTENSIONS 1924 case 'M': 1925 defaultfield = 1; 1926 up->u_homeperm = strtoul(optarg, NULL, 8); 1927 break; 1928 #endif 1929 case 'o': 1930 up->u_flags |= F_DUPUID; 1931 break; 1932 #ifdef EXTENSIONS 1933 case 'p': 1934 memsave(&up->u_password, optarg, strlen(optarg)); 1935 break; 1936 #endif 1937 #ifdef EXTENSIONS 1938 case 'r': 1939 defaultfield = 1; 1940 (void)save_range(&up->u_r, optarg); 1941 break; 1942 #endif 1943 case 's': 1944 up->u_flags |= F_SHELL; 1945 defaultfield = 1; 1946 memsave(&up->u_shell, optarg, strlen(optarg)); 1947 break; 1948 case 'u': 1949 up->u_uid = check_numeric(optarg, "uid"); 1950 break; 1951 #ifdef EXTENSIONS 1952 case 'v': 1953 verbose = 1; 1954 break; 1955 #endif 1956 default: 1957 usermgmt_usage("useradd"); 1958 /* NOTREACHED */ 1959 } 1960 } 1961 if (bigD) { 1962 if (defaultfield) { 1963 checkeuid(); 1964 return setdefaults(up) ? EXIT_SUCCESS : EXIT_FAILURE; 1965 } 1966 (void)printf("group\t\t%s\n", up->u_primgrp); 1967 (void)printf("base_dir\t%s\n", up->u_basedir); 1968 (void)printf("skel_dir\t%s\n", up->u_skeldir); 1969 (void)printf("shell\t\t%s\n", up->u_shell); 1970 #ifdef EXTENSIONS 1971 (void)printf("class\t\t%s\n", up->u_class); 1972 (void)printf("homeperm\t0%o\n", up->u_homeperm); 1973 #endif 1974 (void)printf("inactive\t%s\n", (up->u_inactive == NULL) ? 1975 UNSET_INACTIVE : up->u_inactive); 1976 (void)printf("expire\t\t%s\n", (up->u_expire == NULL) ? 1977 UNSET_EXPIRY : up->u_expire); 1978 #ifdef EXTENSIONS 1979 for (i = 0 ; i < up->u_rc ; i++) { 1980 (void)printf("range\t\t%d..%d\n", 1981 up->u_rv[i].r_from, up->u_rv[i].r_to); 1982 } 1983 #endif 1984 return EXIT_SUCCESS; 1985 } 1986 argc -= optind; 1987 argv += optind; 1988 if (argc != 1) { 1989 usermgmt_usage("useradd"); 1990 } 1991 checkeuid(); 1992 openlog("useradd", LOG_PID, LOG_USER); 1993 return adduser(*argv, up) ? EXIT_SUCCESS : EXIT_FAILURE; 1994 } 1995 1996 #ifdef EXTENSIONS 1997 #define MOD_OPT_EXTENSIONS "p:vL:S" 1998 #else 1999 #define MOD_OPT_EXTENSIONS 2000 #endif 2001 2002 int 2003 usermod(int argc, char **argv) 2004 { 2005 def_t def; 2006 user_t *up = &def.user; 2007 char newuser[MaxUserNameLen + 1]; 2008 int c, have_new_user; 2009 2010 (void)memset(newuser, 0, sizeof(newuser)); 2011 read_defaults(&def); 2012 have_new_user = 0; 2013 up->u_locked = -1; 2014 while ((c = getopt(argc, argv, "C:FG:c:d:e:f:g:l:mos:u:" 2015 MOD_OPT_EXTENSIONS)) != -1) { 2016 switch(c) { 2017 case 'G': 2018 while (up->u_groupc < NGROUPS_MAX && 2019 (up->u_groupv[up->u_groupc] = 2020 strsep(&optarg, ",")) != NULL) { 2021 if (up->u_groupv[up->u_groupc][0] != 0) { 2022 up->u_groupc++; 2023 } 2024 } 2025 if (optarg != NULL) { 2026 warnx("Truncated list of secondary groups " 2027 "to %d entries", NGROUPS_MAX); 2028 } 2029 up->u_flags |= F_SECGROUP; 2030 break; 2031 #ifdef EXTENSIONS 2032 case 'S': 2033 up->u_allow_samba = 1; 2034 break; 2035 #endif 2036 case 'c': 2037 memsave(&up->u_comment, optarg, strlen(optarg)); 2038 up->u_flags |= F_COMMENT; 2039 break; 2040 case 'C': 2041 if (strcasecmp(optarg, "yes") == 0) { 2042 up->u_locked = LOCK; 2043 } else if (strcasecmp(optarg, "no") == 0) { 2044 up->u_locked = UNLOCK; 2045 } else { 2046 /* No idea. */ 2047 errx(EXIT_FAILURE, 2048 "Please type 'yes' or 'no'"); 2049 } 2050 break; 2051 case 'F': 2052 memsave(&up->u_inactive, "-1", strlen("-1")); 2053 up->u_flags |= F_INACTIVE; 2054 break; 2055 case 'd': 2056 memsave(&up->u_home, optarg, strlen(optarg)); 2057 up->u_flags |= F_HOMEDIR; 2058 break; 2059 case 'e': 2060 memsave(&up->u_expire, optarg, strlen(optarg)); 2061 up->u_flags |= F_EXPIRE; 2062 break; 2063 case 'f': 2064 memsave(&up->u_inactive, optarg, strlen(optarg)); 2065 up->u_flags |= F_INACTIVE; 2066 break; 2067 case 'g': 2068 memsave(&up->u_primgrp, optarg, strlen(optarg)); 2069 up->u_flags |= F_GROUP; 2070 break; 2071 case 'l': 2072 (void)strlcpy(newuser, optarg, sizeof(newuser)); 2073 have_new_user = 1; 2074 up->u_flags |= F_USERNAME; 2075 break; 2076 #ifdef EXTENSIONS 2077 case 'L': 2078 memsave(&up->u_class, optarg, strlen(optarg)); 2079 up->u_flags |= F_CLASS; 2080 break; 2081 #endif 2082 case 'm': 2083 up->u_flags |= F_MKDIR; 2084 break; 2085 case 'o': 2086 up->u_flags |= F_DUPUID; 2087 break; 2088 #ifdef EXTENSIONS 2089 case 'p': 2090 memsave(&up->u_password, optarg, strlen(optarg)); 2091 up->u_flags |= F_PASSWORD; 2092 break; 2093 #endif 2094 case 's': 2095 memsave(&up->u_shell, optarg, strlen(optarg)); 2096 up->u_flags |= F_SHELL; 2097 break; 2098 case 'u': 2099 up->u_uid = check_numeric(optarg, "uid"); 2100 up->u_flags |= F_UID; 2101 break; 2102 #ifdef EXTENSIONS 2103 case 'v': 2104 verbose = 1; 2105 break; 2106 #endif 2107 default: 2108 usermgmt_usage("usermod"); 2109 /* NOTREACHED */ 2110 } 2111 } 2112 if ((up->u_flags & F_MKDIR) && !(up->u_flags & F_HOMEDIR) && 2113 !(up->u_flags & F_USERNAME)) { 2114 warnx("Option 'm' useless without 'd' or 'l' -- ignored"); 2115 up->u_flags &= ~F_MKDIR; 2116 } 2117 argc -= optind; 2118 argv += optind; 2119 if (argc != 1) { 2120 usermgmt_usage("usermod"); 2121 } 2122 checkeuid(); 2123 openlog("usermod", LOG_PID, LOG_USER); 2124 return moduser(*argv, (have_new_user) ? newuser : *argv, up, 2125 up->u_allow_samba) ? EXIT_SUCCESS : EXIT_FAILURE; 2126 } 2127 2128 #ifdef EXTENSIONS 2129 #define DEL_OPT_EXTENSIONS "Dp:vS" 2130 #else 2131 #define DEL_OPT_EXTENSIONS 2132 #endif 2133 2134 int 2135 userdel(int argc, char **argv) 2136 { 2137 struct passwd *pwp; 2138 def_t def; 2139 user_t *up = &def.user; 2140 char password[PasswordLength + 1]; 2141 int defaultfield; 2142 int rmhome; 2143 int bigD; 2144 int c; 2145 2146 read_defaults(&def); 2147 defaultfield = bigD = rmhome = 0; 2148 while ((c = getopt(argc, argv, "r" DEL_OPT_EXTENSIONS)) != -1) { 2149 switch(c) { 2150 #ifdef EXTENSIONS 2151 case 'D': 2152 bigD = 1; 2153 break; 2154 #endif 2155 #ifdef EXTENSIONS 2156 case 'S': 2157 up->u_allow_samba = 1; 2158 break; 2159 #endif 2160 #ifdef EXTENSIONS 2161 case 'p': 2162 defaultfield = 1; 2163 up->u_preserve = (strcmp(optarg, "true") == 0) ? 1 : 2164 (strcmp(optarg, "yes") == 0) ? 1 : 2165 atoi(optarg); 2166 break; 2167 #endif 2168 case 'r': 2169 rmhome = 1; 2170 break; 2171 #ifdef EXTENSIONS 2172 case 'v': 2173 verbose = 1; 2174 break; 2175 #endif 2176 default: 2177 usermgmt_usage("userdel"); 2178 /* NOTREACHED */ 2179 } 2180 } 2181 #ifdef EXTENSIONS 2182 if (bigD) { 2183 if (defaultfield) { 2184 checkeuid(); 2185 return setdefaults(up) ? EXIT_SUCCESS : EXIT_FAILURE; 2186 } 2187 (void)printf("preserve\t%s\n", (up->u_preserve) ? "true" : 2188 "false"); 2189 return EXIT_SUCCESS; 2190 } 2191 #endif 2192 argc -= optind; 2193 argv += optind; 2194 if (argc != 1) { 2195 usermgmt_usage("userdel"); 2196 } 2197 checkeuid(); 2198 if ((pwp = getpwnam(*argv)) == NULL) { 2199 warnx("No such user `%s'", *argv); 2200 return EXIT_FAILURE; 2201 } 2202 if (rmhome) { 2203 (void)removehomedir(pwp); 2204 } 2205 if (up->u_preserve) { 2206 up->u_flags |= F_SHELL; 2207 memsave(&up->u_shell, NOLOGIN, strlen(NOLOGIN)); 2208 (void)memset(password, '*', DES_Len); 2209 password[DES_Len] = 0; 2210 memsave(&up->u_password, password, strlen(password)); 2211 up->u_flags |= F_PASSWORD; 2212 openlog("userdel", LOG_PID, LOG_USER); 2213 return moduser(*argv, *argv, up, up->u_allow_samba) ? 2214 EXIT_SUCCESS : EXIT_FAILURE; 2215 } 2216 if (!rm_user_from_groups(*argv)) { 2217 return 0; 2218 } 2219 openlog("userdel", LOG_PID, LOG_USER); 2220 return moduser(*argv, *argv, NULL, up->u_allow_samba) ? 2221 EXIT_SUCCESS : EXIT_FAILURE; 2222 } 2223 2224 #ifdef EXTENSIONS 2225 #define GROUP_ADD_OPT_EXTENSIONS "r:v" 2226 #else 2227 #define GROUP_ADD_OPT_EXTENSIONS 2228 #endif 2229 2230 /* add a group */ 2231 int 2232 groupadd(int argc, char **argv) 2233 { 2234 def_t def; 2235 group_t *gp = &def.group; 2236 int dupgid; 2237 int gid; 2238 int c; 2239 2240 gid = -1; 2241 dupgid = 0; 2242 read_defaults(&def); 2243 while ((c = getopt(argc, argv, "g:o" GROUP_ADD_OPT_EXTENSIONS)) != -1) { 2244 switch(c) { 2245 case 'g': 2246 gid = check_numeric(optarg, "gid"); 2247 break; 2248 case 'o': 2249 dupgid = 1; 2250 break; 2251 #ifdef EXTENSIONS 2252 case 'r': 2253 (void)save_range(&gp->g_r, optarg); 2254 break; 2255 case 'v': 2256 verbose = 1; 2257 break; 2258 #endif 2259 default: 2260 usermgmt_usage("groupadd"); 2261 /* NOTREACHED */ 2262 } 2263 } 2264 argc -= optind; 2265 argv += optind; 2266 if (argc != 1) { 2267 usermgmt_usage("groupadd"); 2268 } 2269 if (gp->g_rc == 0) { 2270 gp->g_rv[gp->g_rc].r_from = DEF_LOWUID; 2271 gp->g_rv[gp->g_rc].r_to = DEF_HIGHUID; 2272 gp->g_rc += 1; 2273 } 2274 gp->g_defrc = gp->g_rc; 2275 checkeuid(); 2276 if (gid == -1) { 2277 int got_id = 0; 2278 int i; 2279 2280 /* 2281 * Look for a free GID in the command line ranges (if any). 2282 * These start after the ranges specified in the config file. 2283 */ 2284 for (i = gp->g_defrc; !got_id && i < gp->g_rc ; i++) { 2285 got_id = getnextgid(&gid, 2286 gp->g_rv[i].r_from, gp->g_rv[i].r_to); 2287 } 2288 /* 2289 * If there were no free GIDs in the command line ranges, 2290 * try the ranges from the config file (there will always 2291 * be at least one default). 2292 */ 2293 for (i = 0; !got_id && i < gp->g_defrc; i++) { 2294 got_id = getnextgid(&gid, 2295 gp->g_rv[i].r_from, gp->g_rv[i].r_to); 2296 } 2297 if (!got_id) 2298 errx(EXIT_FAILURE, "Can't add group: can't get next gid"); 2299 } 2300 if (!dupgid && getgrgid((gid_t) gid) != NULL) { 2301 errx(EXIT_FAILURE, "Can't add group: gid %d is a duplicate", 2302 gid); 2303 } 2304 if (!valid_group(*argv)) { 2305 warnx("Invalid group name `%s'", *argv); 2306 } 2307 openlog("groupadd", LOG_PID, LOG_USER); 2308 if (!creategid(*argv, gid, "")) 2309 exit(EXIT_FAILURE); 2310 2311 return EXIT_SUCCESS; 2312 } 2313 2314 #ifdef EXTENSIONS 2315 #define GROUP_DEL_OPT_EXTENSIONS "v" 2316 #else 2317 #define GROUP_DEL_OPT_EXTENSIONS 2318 #endif 2319 2320 /* remove a group */ 2321 int 2322 groupdel(int argc, char **argv) 2323 { 2324 int c; 2325 2326 while ((c = getopt(argc, argv, "" GROUP_DEL_OPT_EXTENSIONS)) != -1) { 2327 switch(c) { 2328 #ifdef EXTENSIONS 2329 case 'v': 2330 verbose = 1; 2331 break; 2332 #endif 2333 default: 2334 usermgmt_usage("groupdel"); 2335 /* NOTREACHED */ 2336 } 2337 } 2338 argc -= optind; 2339 argv += optind; 2340 if (argc != 1) { 2341 usermgmt_usage("groupdel"); 2342 } 2343 if (getgrnam(*argv) == NULL) { 2344 errx(EXIT_FAILURE, "No such group `%s'", *argv); 2345 } 2346 checkeuid(); 2347 openlog("groupdel", LOG_PID, LOG_USER); 2348 if (!modify_gid(*argv, NULL)) 2349 exit(EXIT_FAILURE); 2350 2351 return EXIT_SUCCESS; 2352 } 2353 2354 #ifdef EXTENSIONS 2355 #define GROUP_MOD_OPT_EXTENSIONS "v" 2356 #else 2357 #define GROUP_MOD_OPT_EXTENSIONS 2358 #endif 2359 2360 /* modify a group */ 2361 int 2362 groupmod(int argc, char **argv) 2363 { 2364 struct group *grp; 2365 char buf[MaxEntryLen]; 2366 char *newname; 2367 char **cpp; 2368 int dupgid; 2369 int gid; 2370 int cc; 2371 int c; 2372 2373 gid = -1; 2374 dupgid = 0; 2375 newname = NULL; 2376 while ((c = getopt(argc, argv, "g:on:" GROUP_MOD_OPT_EXTENSIONS)) != -1) { 2377 switch(c) { 2378 case 'g': 2379 gid = check_numeric(optarg, "gid"); 2380 break; 2381 case 'o': 2382 dupgid = 1; 2383 break; 2384 case 'n': 2385 memsave(&newname, optarg, strlen(optarg)); 2386 break; 2387 #ifdef EXTENSIONS 2388 case 'v': 2389 verbose = 1; 2390 break; 2391 #endif 2392 default: 2393 usermgmt_usage("groupmod"); 2394 /* NOTREACHED */ 2395 } 2396 } 2397 argc -= optind; 2398 argv += optind; 2399 if (argc != 1) { 2400 usermgmt_usage("groupmod"); 2401 } 2402 checkeuid(); 2403 if (gid < 0 && newname == NULL) { 2404 errx(EXIT_FAILURE, "Nothing to change"); 2405 } 2406 if (dupgid && gid < 0) { 2407 errx(EXIT_FAILURE, "Duplicate which gid?"); 2408 } 2409 if (!dupgid && getgrgid((gid_t) gid) != NULL) { 2410 errx(EXIT_FAILURE, "Can't modify group: gid %d is a duplicate", 2411 gid); 2412 } 2413 if ((grp = find_group_info(*argv)) == NULL) { 2414 errx(EXIT_FAILURE, "Can't find group `%s' to modify", *argv); 2415 } 2416 if (!is_local(*argv, _PATH_GROUP)) { 2417 errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv); 2418 } 2419 if (newname != NULL && !valid_group(newname)) { 2420 warnx("Invalid group name `%s'", newname); 2421 } 2422 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:", 2423 (newname) ? newname : grp->gr_name, 2424 grp->gr_passwd, 2425 (gid < 0) ? grp->gr_gid : gid); 2426 for (cpp = grp->gr_mem ; *cpp && cc < sizeof(buf) ; cpp++) { 2427 cc += snprintf(&buf[cc], sizeof(buf) - cc, "%s%s", *cpp, 2428 (cpp[1] == NULL) ? "" : ","); 2429 } 2430 cc += snprintf(&buf[cc], sizeof(buf) - cc, "\n"); 2431 if (newname != NULL) 2432 free(newname); 2433 openlog("groupmod", LOG_PID, LOG_USER); 2434 if (!modify_gid(*argv, buf)) 2435 exit(EXIT_FAILURE); 2436 2437 return EXIT_SUCCESS; 2438 } 2439 2440 #ifdef EXTENSIONS 2441 /* display user information */ 2442 int 2443 userinfo(int argc, char **argv) 2444 { 2445 struct passwd *pwp; 2446 struct group *grp; 2447 char buf[MaxEntryLen]; 2448 char **cpp; 2449 int exists; 2450 int cc; 2451 int i; 2452 2453 exists = 0; 2454 buf[0] = '\0'; 2455 while ((i = getopt(argc, argv, "e")) != -1) { 2456 switch(i) { 2457 case 'e': 2458 exists = 1; 2459 break; 2460 default: 2461 usermgmt_usage("userinfo"); 2462 /* NOTREACHED */ 2463 } 2464 } 2465 argc -= optind; 2466 argv += optind; 2467 if (argc != 1) { 2468 usermgmt_usage("userinfo"); 2469 } 2470 pwp = find_user_info(*argv); 2471 if (exists) { 2472 exit((pwp) ? EXIT_SUCCESS : EXIT_FAILURE); 2473 } 2474 if (pwp == NULL) { 2475 errx(EXIT_FAILURE, "Can't find user `%s'", *argv); 2476 } 2477 (void)printf("login\t%s\n", pwp->pw_name); 2478 (void)printf("passwd\t%s\n", pwp->pw_passwd); 2479 (void)printf("uid\t%d\n", pwp->pw_uid); 2480 for (cc = 0 ; (grp = getgrent()) != NULL ; ) { 2481 for (cpp = grp->gr_mem ; *cpp ; cpp++) { 2482 if (strcmp(*cpp, *argv) == 0 && 2483 grp->gr_gid != pwp->pw_gid) { 2484 cc += snprintf(&buf[cc], sizeof(buf) - cc, 2485 "%s ", grp->gr_name); 2486 } 2487 } 2488 } 2489 if ((grp = getgrgid(pwp->pw_gid)) == NULL) { 2490 (void)printf("groups\t%d %s\n", pwp->pw_gid, buf); 2491 } else { 2492 (void)printf("groups\t%s %s\n", grp->gr_name, buf); 2493 } 2494 (void)printf("change\t%s", pwp->pw_change > 0 ? 2495 ctime(&pwp->pw_change) : pwp->pw_change == -1 ? 2496 "NEXT LOGIN\n" : "NEVER\n"); 2497 (void)printf("class\t%s\n", pwp->pw_class); 2498 (void)printf("gecos\t%s\n", pwp->pw_gecos); 2499 (void)printf("dir\t%s\n", pwp->pw_dir); 2500 (void)printf("shell\t%s\n", pwp->pw_shell); 2501 (void)printf("expire\t%s", pwp->pw_expire ? 2502 ctime(&pwp->pw_expire) : "NEVER\n"); 2503 return EXIT_SUCCESS; 2504 } 2505 #endif 2506 2507 #ifdef EXTENSIONS 2508 /* display user information */ 2509 int 2510 groupinfo(int argc, char **argv) 2511 { 2512 struct group *grp; 2513 char **cpp; 2514 int exists; 2515 int i; 2516 2517 exists = 0; 2518 while ((i = getopt(argc, argv, "ev")) != -1) { 2519 switch(i) { 2520 case 'e': 2521 exists = 1; 2522 break; 2523 case 'v': 2524 verbose = 1; 2525 break; 2526 default: 2527 usermgmt_usage("groupinfo"); 2528 /* NOTREACHED */ 2529 } 2530 } 2531 argc -= optind; 2532 argv += optind; 2533 if (argc != 1) { 2534 usermgmt_usage("groupinfo"); 2535 } 2536 grp = find_group_info(*argv); 2537 if (exists) { 2538 exit((grp) ? EXIT_SUCCESS : EXIT_FAILURE); 2539 } 2540 if (grp == NULL) { 2541 errx(EXIT_FAILURE, "Can't find group `%s'", *argv); 2542 } 2543 (void)printf("name\t%s\n", grp->gr_name); 2544 (void)printf("passwd\t%s\n", grp->gr_passwd); 2545 (void)printf("gid\t%d\n", grp->gr_gid); 2546 (void)printf("members\t"); 2547 for (cpp = grp->gr_mem ; *cpp ; cpp++) { 2548 (void)printf("%s", *cpp); 2549 if (*(cpp + 1)) { 2550 (void) printf(", "); 2551 } 2552 } 2553 (void)fputc('\n', stdout); 2554 return EXIT_SUCCESS; 2555 } 2556 #endif 2557
Indexes created Fri Sep 26 20:09:58 GMT 2025