user.c revision 1.92
1 /* $NetBSD: user.c,v 1.92 2005/09/18 14:15:53 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1999 Alistair G. Crooks. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. All advertising materials mentioning features or use of this software 15 * must display the following acknowledgement: 16 * This product includes software developed by Alistair G. Crooks. 17 * 4. The name of the author may not be used to endorse or promote 18 * products derived from this software without specific prior written 19 * permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 22 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 23 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 25 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 27 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 #include <sys/cdefs.h> 34 35 #ifndef lint 36 __COPYRIGHT("@(#) Copyright (c) 1999 \ 37 The NetBSD Foundation, Inc. All rights reserved."); 38 __RCSID("$NetBSD: user.c,v 1.92 2005/09/18 14:15:53 christos Exp $"); 39 #endif 40 41 #include <sys/types.h> 42 #include <sys/param.h> 43 #include <sys/stat.h> 44 45 #include <ctype.h> 46 #include <dirent.h> 47 #include <err.h> 48 #include <fcntl.h> 49 #include <grp.h> 50 #ifdef EXTENSIONS 51 #include <login_cap.h> 52 #endif 53 #include <paths.h> 54 #include <pwd.h> 55 #include <regex.h> 56 #include <stdarg.h> 57 #include <stdio.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #include <syslog.h> 61 #include <time.h> 62 #include <unistd.h> 63 #include <util.h> 64 #include <errno.h> 65 66 #include "defs.h" 67 #include "usermgmt.h" 68 69 70 /* this struct describes a uid range */ 71 typedef struct range_t { 72 int r_from; /* low uid */ 73 int r_to; /* high uid */ 74 } range_t; 75 76 /* this struct encapsulates the user information */ 77 typedef struct user_t { 78 int u_flags; /* see below */ 79 int u_uid; /* uid of user */ 80 char *u_password; /* encrypted password */ 81 char *u_comment; /* comment field */ 82 char *u_home; /* home directory */ 83 char *u_primgrp; /* primary group */ 84 int u_groupc; /* # of secondary groups */ 85 const char *u_groupv[NGROUPS_MAX]; /* secondary groups */ 86 char *u_shell; /* user's shell */ 87 char *u_basedir; /* base directory for home */ 88 char *u_expire; /* when password will expire */ 89 char *u_inactive; /* when account will expire */ 90 char *u_skeldir; /* directory for startup files */ 91 char *u_class; /* login class */ 92 unsigned u_rsize; /* size of range array */ 93 unsigned u_rc; /* # of ranges */ 94 range_t *u_rv; /* the ranges */ 95 unsigned u_defrc; /* # of ranges in defaults */ 96 int u_preserve; /* preserve uids on deletion */ 97 int u_allow_samba; /* allow trailing '$' for samba login names */ 98 int u_locked; /* user account lock */ 99 } user_t; 100 101 /* flags for which fields of the user_t replace the passwd entry */ 102 enum { 103 F_COMMENT = 0x0001, 104 F_DUPUID = 0x0002, 105 F_EXPIRE = 0x0004, 106 F_GROUP = 0x0008, 107 F_HOMEDIR = 0x0010, 108 F_MKDIR = 0x0020, 109 F_INACTIVE = 0x0040, 110 F_PASSWORD = 0x0080, 111 F_SECGROUP = 0x0100, 112 F_SHELL = 0x0200, 113 F_UID = 0x0400, 114 F_USERNAME = 0x0800, 115 F_CLASS = 0x1000 116 }; 117 118 #define UNLOCK 0 119 #define LOCK 1 120 #define LOCKED "*LOCKED*" 121 122 #define CONFFILE "/etc/usermgmt.conf" 123 #define PATH_LOGINCONF "/etc/login.conf" 124 125 #ifndef DEF_GROUP 126 #define DEF_GROUP "users" 127 #endif 128 129 #ifndef DEF_BASEDIR 130 #define DEF_BASEDIR "/home" 131 #endif 132 133 #ifndef DEF_SKELDIR 134 #define DEF_SKELDIR "/etc/skel" 135 #endif 136 137 #ifndef DEF_SHELL 138 #define DEF_SHELL _PATH_CSHELL 139 #endif 140 141 #ifndef DEF_COMMENT 142 #define DEF_COMMENT "" 143 #endif 144 145 #ifndef DEF_LOWUID 146 #define DEF_LOWUID 1000 147 #endif 148 149 #ifndef DEF_HIGHUID 150 #define DEF_HIGHUID 60000 151 #endif 152 153 #ifndef DEF_INACTIVE 154 #define DEF_INACTIVE 0 155 #endif 156 157 #ifndef DEF_EXPIRE 158 #define DEF_EXPIRE NULL 159 #endif 160 161 #ifndef DEF_CLASS 162 #define DEF_CLASS "" 163 #endif 164 165 #ifndef WAITSECS 166 #define WAITSECS 10 167 #endif 168 169 #ifndef NOBODY_UID 170 #define NOBODY_UID 32767 171 #endif 172 173 /* some useful constants */ 174 enum { 175 MaxShellNameLen = 256, 176 MaxFileNameLen = MAXPATHLEN, 177 MaxUserNameLen = LOGIN_NAME_MAX - 1, 178 MaxCommandLen = 2048, 179 MaxEntryLen = 2048, 180 PasswordLength = 2048, 181 182 DES_Len = 13, 183 184 LowGid = DEF_LOWUID, 185 HighGid = DEF_HIGHUID 186 }; 187 188 /* Full paths of programs used here */ 189 #define CHMOD "/bin/chmod" 190 #define CHOWN "/usr/sbin/chown" 191 #define MKDIR "/bin/mkdir" 192 #define MV "/bin/mv" 193 #define NOLOGIN "/sbin/nologin" 194 #define PAX "/bin/pax" 195 #define RM "/bin/rm" 196 197 #define UNSET_INACTIVE "Null (unset)" 198 #define UNSET_EXPIRY "Null (unset)" 199 200 static int asystem(const char *fmt, ...) 201 __attribute__((__format__(__printf__, 1, 2))); 202 static int is_number(const char *); 203 static struct group *find_group_info(const char *); 204 static int verbose; 205 206 static char * 207 skipspace(char *s) 208 { 209 for (; *s && isspace((unsigned char)*s) ; s++) 210 continue; 211 return s; 212 } 213 214 static int 215 check_numeric(const char *val, const char *name) 216 { 217 if (!is_number(val)) 218 errx(EXIT_FAILURE, "When using [-%c %s], " 219 "the %s must be numeric", *name, name, name); 220 return atoi(val); 221 } 222 223 /* if *cpp is non-null, free it, then assign `n' chars of `s' to it */ 224 static void 225 memsave(char **cpp, const char *s, size_t n) 226 { 227 if (*cpp != NULL) { 228 FREE(*cpp); 229 } 230 NEWARRAY(char, *cpp, n + 1, exit(1)); 231 (void)memcpy(*cpp, s, n); 232 (*cpp)[n] = '\0'; 233 } 234 235 /* a replacement for system(3) */ 236 static int 237 asystem(const char *fmt, ...) 238 { 239 va_list vp; 240 char buf[MaxCommandLen]; 241 int ret; 242 243 va_start(vp, fmt); 244 (void)vsnprintf(buf, sizeof(buf), fmt, vp); 245 va_end(vp); 246 if (verbose) { 247 (void)printf("Command: %s\n", buf); 248 } 249 if ((ret = system(buf)) != 0) { 250 warn("Error running `%s'", buf); 251 } 252 return ret; 253 } 254 255 /* remove a users home directory, returning 1 for success (ie, no problems encountered) */ 256 static int 257 removehomedir(const char *user, uid_t uid, const char *dir) 258 { 259 struct stat st; 260 261 /* userid not root? */ 262 if (uid == 0) { 263 warnx("Not deleting home directory `%s'; userid is 0", dir); 264 return 0; 265 } 266 267 /* directory exists (and is a directory!) */ 268 if (stat(dir, &st) < 0) { 269 warn("Cannot access home directory `%s'", dir); 270 return 0; 271 } 272 if (!S_ISDIR(st.st_mode)) { 273 warnx("Home directory `%s' is not a directory", dir); 274 return 0; 275 } 276 277 /* userid matches directory owner? */ 278 if (st.st_uid != uid) { 279 warnx("User `%s' doesn't own directory `%s', not removed", 280 user, dir); 281 return 0; 282 } 283 284 (void)seteuid(uid); 285 /* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */ 286 (void)asystem("%s -rf %s > /dev/null 2>&1 || true", RM, dir); 287 (void)seteuid(0); 288 if (rmdir(dir) < 0) { 289 warn("Unable to remove all files in `%s'", dir); 290 return 0; 291 } 292 return 1; 293 } 294 295 #define NetBSD_1_4_K 104110000 296 297 #if defined(__NetBSD_Version__) && (__NetBSD_Version__ < NetBSD_1_4_K) 298 /* bounds checking strncpy */ 299 static int 300 strlcpy(char *to, char *from, size_t tosize) 301 { 302 size_t n; 303 int fromsize; 304 305 fromsize = strlen(from); 306 n = MIN(tosize - 1, fromsize); 307 (void)memcpy(to, from, n); 308 to[n] = '\0'; 309 return fromsize; 310 } 311 #endif /* NetBSD < 1.4K */ 312 313 /* 314 * Copyright (c) 1997 Todd C. Miller <Todd.Miller (at) courtesan.com> 315 * All rights reserved. 316 * 317 * Redistribution and use in source and binary forms, with or without 318 * modification, are permitted provided that the following conditions 319 * are met: 320 * 1. Redistributions of source code must retain the above copyright 321 * notice, this list of conditions and the following disclaimer. 322 * 2. Redistributions in binary form must reproduce the above copyright 323 * notice, this list of conditions and the following disclaimer in the 324 * documentation and/or other materials provided with the distribution. 325 * 3. The name of the author may not be used to endorse or promote products 326 * derived from this software without specific prior written permission. 327 * 328 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 329 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 330 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 331 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 332 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 333 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 334 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 335 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 336 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 337 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 338 */ 339 340 /* 341 * research has shown that NetBSD 1.3H was the first version of -current 342 * with asprintf in libc. agc 343 */ 344 #define NetBSD_1_3_H 103080000 345 346 #if defined(__NetBSD_Version__) && (__NetBSD_Version__ < NetBSD_1_3_H) 347 348 int 349 asprintf(char **str, char const *fmt, ...) 350 { 351 int ret; 352 va_list ap; 353 FILE f; 354 unsigned char *_base; 355 356 f._flags = __SWR | __SSTR | __SALC; 357 f._bf._base = f._p = (unsigned char *)malloc(128); 358 if (f._bf._base == NULL) 359 goto err; 360 f._bf._size = f._w = 127; /* Leave room for the NUL */ 361 va_start(ap, fmt); 362 ret = vfprintf(&f, fmt, ap); 363 va_end(ap); 364 if (ret == -1) 365 goto err; 366 *f._p = '\0'; 367 _base = realloc(f._bf._base, (size_t)(ret + 1)); 368 if (_base == NULL) 369 goto err; 370 *str = (char *)_base; 371 return (ret); 372 373 err: 374 if (f._bf._base) 375 free(f._bf._base); 376 *str = NULL; 377 return (-1); 378 } 379 #endif /* NetBSD < 1.3H */ 380 381 /* return 1 if all of `s' is numeric */ 382 static int 383 is_number(const char *s) 384 { 385 for ( ; *s ; s++) { 386 if (!isdigit((unsigned char) *s)) { 387 return 0; 388 } 389 } 390 return 1; 391 } 392 393 /* 394 * check that the effective uid is 0 - called from funcs which will 395 * modify data and config files. 396 */ 397 static void 398 checkeuid(void) 399 { 400 if (geteuid() != 0) { 401 errx(EXIT_FAILURE, "Program must be run as root"); 402 } 403 } 404 405 /* copy any dot files into the user's home directory */ 406 static int 407 copydotfiles(char *skeldir, int uid, int gid, char *dir) 408 { 409 struct dirent *dp; 410 DIR *dirp; 411 int n; 412 413 if ((dirp = opendir(skeldir)) == NULL) { 414 warn("Can't open source . files dir `%s'", skeldir); 415 return 0; 416 } 417 for (n = 0; (dp = readdir(dirp)) != NULL && n == 0 ; ) { 418 if (strcmp(dp->d_name, ".") == 0 || 419 strcmp(dp->d_name, "..") == 0) { 420 continue; 421 } 422 n = 1; 423 } 424 (void)closedir(dirp); 425 if (n == 0) { 426 warnx("No \"dot\" initialisation files found"); 427 } else { 428 (void)asystem("cd %s && %s -rw -pe %s . %s", 429 skeldir, PAX, (verbose) ? "-v" : "", dir); 430 } 431 (void)asystem("%s -R -h %d:%d %s", CHOWN, uid, gid, dir); 432 (void)asystem("%s -R u+w %s", CHMOD, dir); 433 return n; 434 } 435 436 /* create a group entry with gid `gid' */ 437 static int 438 creategid(char *group, int gid, const char *name) 439 { 440 struct stat st; 441 FILE *from; 442 FILE *to; 443 char buf[MaxEntryLen]; 444 char f[MaxFileNameLen]; 445 int fd; 446 int cc; 447 448 if (getgrnam(group) != NULL) { 449 warnx("Group `%s' already exists", group); 450 return 0; 451 } 452 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 453 warn("Can't create gid for `%s': can't open `%s'", name, 454 _PATH_GROUP); 455 return 0; 456 } 457 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 458 warn("Can't lock `%s'", _PATH_GROUP); 459 } 460 (void)fstat(fileno(from), &st); 461 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 462 if ((fd = mkstemp(f)) < 0) { 463 warn("Can't create gid: mkstemp failed"); 464 (void)fclose(from); 465 return 0; 466 } 467 if ((to = fdopen(fd, "w")) == NULL) { 468 warn("Can't create gid: fdopen `%s' failed", f); 469 (void)fclose(from); 470 (void)close(fd); 471 (void)unlink(f); 472 return 0; 473 } 474 while ((cc = fread(buf, sizeof(char), sizeof(buf), from)) > 0) { 475 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 476 warn("Can't create gid: short write to `%s'", f); 477 (void)fclose(from); 478 (void)close(fd); 479 (void)unlink(f); 480 return 0; 481 } 482 } 483 (void)fprintf(to, "%s:*:%d:%s\n", group, gid, name); 484 (void)fclose(from); 485 (void)fclose(to); 486 if (rename(f, _PATH_GROUP) < 0) { 487 warn("Can't create gid: can't rename `%s' to `%s'", f, 488 _PATH_GROUP); 489 (void)unlink(f); 490 return 0; 491 } 492 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 493 syslog(LOG_INFO, "New group added: name=%s, gid=%d", group, gid); 494 return 1; 495 } 496 497 /* modify the group entry with name `group' to be newent */ 498 static int 499 modify_gid(char *group, char *newent) 500 { 501 struct stat st; 502 FILE *from; 503 FILE *to; 504 char buf[MaxEntryLen]; 505 char f[MaxFileNameLen]; 506 char *colon; 507 int groupc; 508 int entc; 509 int fd; 510 int cc; 511 512 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 513 warn("Can't create gid for `%s': can't open `%s'", 514 group, _PATH_GROUP); 515 return 0; 516 } 517 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 518 warn("Can't lock `%s'", _PATH_GROUP); 519 } 520 (void)fstat(fileno(from), &st); 521 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 522 if ((fd = mkstemp(f)) < 0) { 523 warn("Can't create gid: mkstemp failed"); 524 (void)fclose(from); 525 return 0; 526 } 527 if ((to = fdopen(fd, "w")) == NULL) { 528 warn("Can't create gid: fdopen `%s' failed", f); 529 (void)fclose(from); 530 (void)close(fd); 531 (void)unlink(f); 532 return 0; 533 } 534 groupc = strlen(group); 535 while (fgets(buf, sizeof(buf), from) != NULL) { 536 cc = strlen(buf); 537 if ((colon = strchr(buf, ':')) == NULL) { 538 warnx("Badly formed entry `%s'", buf); 539 continue; 540 } 541 entc = (int)(colon - buf); 542 if (entc == groupc && 543 strncmp(group, buf, (unsigned) entc) == 0) { 544 if (newent == NULL) { 545 struct group *grp_rm; 546 struct passwd *user_pwd; 547 548 /* 549 * Check that the group being removed 550 * isn't any user's Primary group. Just 551 * warn if it is. This could cause problems 552 * if the group GID was reused for a 553 * different purpose. 554 */ 555 556 grp_rm = find_group_info(group); 557 while ((user_pwd = getpwent()) != NULL) { 558 if (user_pwd->pw_gid == grp_rm->gr_gid) { 559 warnx("Warning: group `%s'(%d)" 560 " is the primary group of" 561 " `%s'. Use caution if you" 562 " later add this GID.", 563 grp_rm->gr_name, 564 grp_rm->gr_gid, user_pwd->pw_name); 565 } 566 } 567 endpwent(); 568 continue; 569 } else { 570 cc = strlen(newent); 571 (void)strlcpy(buf, newent, sizeof(buf)); 572 } 573 } 574 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 575 warn("Can't create gid: short write to `%s'", f); 576 (void)fclose(from); 577 (void)close(fd); 578 (void)unlink(f); 579 return 0; 580 } 581 } 582 (void)fclose(from); 583 (void)fclose(to); 584 if (rename(f, _PATH_GROUP) < 0) { 585 warn("Can't create gid: can't rename `%s' to `%s'", f, 586 _PATH_GROUP); 587 (void)unlink(f); 588 return 0; 589 } 590 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 591 if (newent == NULL) { 592 syslog(LOG_INFO, "group deleted: name=%s", group); 593 } else { 594 syslog(LOG_INFO, "group information modified: name=%s", group); 595 } 596 return 1; 597 } 598 599 /* modify the group entries for all `groups', by adding `user' */ 600 static int 601 append_group(char *user, int ngroups, const char **groups) 602 { 603 struct group *grp; 604 struct stat st; 605 FILE *from; 606 FILE *to; 607 char buf[MaxEntryLen]; 608 char f[MaxFileNameLen]; 609 char *colon; 610 int groupc; 611 int entc; 612 int fd; 613 int nc; 614 int cc; 615 int i; 616 int j; 617 618 for (i = 0 ; i < ngroups ; i++) { 619 if ((grp = getgrnam(groups[i])) == NULL) { 620 warnx("Can't append group `%s' for user `%s'", 621 groups[i], user); 622 } else { 623 for (j = 0 ; grp->gr_mem[j] ; j++) { 624 if (strcmp(user, grp->gr_mem[j]) == 0) { 625 /* already in it */ 626 groups[i] = ""; 627 } 628 } 629 } 630 } 631 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 632 warn("Can't append group for `%s': can't open `%s'", 633 user, _PATH_GROUP); 634 return 0; 635 } 636 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 637 warn("Can't lock `%s'", _PATH_GROUP); 638 } 639 (void)fstat(fileno(from), &st); 640 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 641 if ((fd = mkstemp(f)) < 0) { 642 warn("Can't create gid: mkstemp failed"); 643 (void)fclose(from); 644 return 0; 645 } 646 if ((to = fdopen(fd, "w")) == NULL) { 647 warn("Can't create gid: fdopen `%s' failed", f); 648 (void)fclose(from); 649 (void)close(fd); 650 (void)unlink(f); 651 return 0; 652 } 653 while (fgets(buf, sizeof(buf), from) != NULL) { 654 cc = strlen(buf); 655 if ((colon = strchr(buf, ':')) == NULL) { 656 warnx("Badly formed entry `%s'", buf); 657 continue; 658 } 659 entc = (int)(colon - buf); 660 for (i = 0 ; i < ngroups ; i++) { 661 if ((groupc = strlen(groups[i])) == 0) { 662 continue; 663 } 664 if (entc == groupc && 665 strncmp(groups[i], buf, (unsigned) entc) == 0) { 666 if ((nc = snprintf(&buf[cc - 1], 667 sizeof(buf) - cc + 1, "%s%s\n", 668 (buf[cc - 2] == ':') ? "" : ",", user)) < 0) 669 warnx("Warning: group `%s' " 670 "entry too long", groups[i]); 671 cc += nc - 1; 672 } 673 } 674 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 675 warn("Can't create gid: short write to `%s'", f); 676 (void)fclose(from); 677 (void)close(fd); 678 (void)unlink(f); 679 return 0; 680 } 681 } 682 (void)fclose(from); 683 (void)fclose(to); 684 if (rename(f, _PATH_GROUP) < 0) { 685 warn("Can't create gid: can't rename `%s' to `%s'", 686 f, _PATH_GROUP); 687 (void)unlink(f); 688 return 0; 689 } 690 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 691 return 1; 692 } 693 694 /* the valid characters for login and group names */ 695 #define VALID_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '_' || (c) == '-') 696 697 /* return 1 if `login' is a valid login name */ 698 static int 699 valid_login(char *login_name, int allow_samba) 700 { 701 unsigned char *cp; 702 703 /* First character of a login name cannot be '-'. */ 704 if (*login_name == '-') 705 return 0; 706 707 if (strlen(login_name) >= LOGIN_NAME_MAX) { 708 return 0; 709 } 710 for (cp = (unsigned char *)login_name ; *cp ; cp++) { 711 if (!VALID_CHAR(*cp)) { 712 #ifdef EXTENSIONS 713 /* check for a trailing '$' in a Samba user name */ 714 if (allow_samba && *cp == '$' && *(cp + 1) == 0x0) { 715 return 1; 716 } 717 #endif 718 return 0; 719 } 720 } 721 return 1; 722 } 723 724 /* return 1 if `group' is a valid group name */ 725 static int 726 valid_group(char *group) 727 { 728 unsigned char *cp; 729 730 for (cp = (unsigned char *)group; *cp; cp++) { 731 if (!VALID_CHAR(*cp)) { 732 return 0; 733 } 734 } 735 return 1; 736 } 737 738 /* find the next gid in the range lo .. hi */ 739 static int 740 getnextgid(int *gidp, int lo, int hi) 741 { 742 for (*gidp = lo ; *gidp < hi ; *gidp += 1) { 743 if (getgrgid((gid_t)*gidp) == NULL) { 744 return 1; 745 } 746 } 747 return 0; 748 } 749 750 #ifdef EXTENSIONS 751 /* save a range of uids */ 752 static int 753 save_range(user_t *up, char *cp) 754 { 755 int from; 756 int to; 757 int i; 758 759 if (up->u_rsize == 0) { 760 up->u_rsize = 32; 761 NEWARRAY(range_t, up->u_rv, up->u_rsize, return(0)); 762 } else if (up->u_rc == up->u_rsize) { 763 up->u_rsize *= 2; 764 RENEW(range_t, up->u_rv, up->u_rsize, return(0)); 765 } 766 if (up->u_rv && sscanf(cp, "%d..%d", &from, &to) == 2) { 767 for (i = up->u_defrc ; i < up->u_rc ; i++) { 768 if (up->u_rv[i].r_from == from && 769 up->u_rv[i].r_to == to) { 770 break; 771 } 772 } 773 if (i == up->u_rc) { 774 up->u_rv[up->u_rc].r_from = from; 775 up->u_rv[up->u_rc].r_to = to; 776 up->u_rc += 1; 777 } 778 } else { 779 warnx("Bad range `%s'", cp); 780 return 0; 781 } 782 return 1; 783 } 784 #endif 785 786 /* set the defaults in the defaults file */ 787 static int 788 setdefaults(user_t *up) 789 { 790 char template[MaxFileNameLen]; 791 FILE *fp; 792 int ret; 793 int fd; 794 #ifdef EXTENSIONS 795 int i; 796 #endif 797 798 (void)snprintf(template, sizeof(template), "%s.XXXXXX", CONFFILE); 799 if ((fd = mkstemp(template)) < 0) { 800 warnx("Can't mkstemp `%s' for writing", CONFFILE); 801 return 0; 802 } 803 if ((fp = fdopen(fd, "w")) == NULL) { 804 warn("Can't fdopen `%s' for writing", CONFFILE); 805 return 0; 806 } 807 ret = 1; 808 if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 || 809 fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 || 810 fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 || 811 fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 || 812 #ifdef EXTENSIONS 813 fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 || 814 #endif 815 fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL) ? 816 UNSET_INACTIVE : up->u_inactive) <= 0 || 817 fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL) ? 818 UNSET_EXPIRY : up->u_expire) <= 0 || 819 fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ? 820 "false" : "true") <= 0) { 821 warn("Can't write to `%s'", CONFFILE); 822 ret = 0; 823 } 824 #ifdef EXTENSIONS 825 for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0; 826 i < up->u_rc ; i++) { 827 if (fprintf(fp, "range\t\t%d..%d\n", up->u_rv[i].r_from, 828 up->u_rv[i].r_to) <= 0) { 829 warn("Can't write to `%s'", CONFFILE); 830 ret = 0; 831 } 832 } 833 #endif 834 (void)fclose(fp); 835 if (ret) { 836 ret = ((rename(template, CONFFILE) == 0) && 837 (chmod(CONFFILE, 0644) == 0)); 838 } 839 return ret; 840 } 841 842 /* read the defaults file */ 843 static void 844 read_defaults(user_t *up) 845 { 846 struct stat st; 847 size_t lineno; 848 size_t len; 849 FILE *fp; 850 char *cp; 851 char *s; 852 853 memsave(&up->u_primgrp, DEF_GROUP, strlen(DEF_GROUP)); 854 memsave(&up->u_basedir, DEF_BASEDIR, strlen(DEF_BASEDIR)); 855 memsave(&up->u_skeldir, DEF_SKELDIR, strlen(DEF_SKELDIR)); 856 memsave(&up->u_shell, DEF_SHELL, strlen(DEF_SHELL)); 857 memsave(&up->u_comment, DEF_COMMENT, strlen(DEF_COMMENT)); 858 #ifdef EXTENSIONS 859 memsave(&up->u_class, DEF_CLASS, strlen(DEF_CLASS)); 860 #endif 861 up->u_rsize = 16; 862 up->u_defrc = 0; 863 NEWARRAY(range_t, up->u_rv, up->u_rsize, exit(1)); 864 up->u_inactive = DEF_INACTIVE; 865 up->u_expire = DEF_EXPIRE; 866 if ((fp = fopen(CONFFILE, "r")) == NULL) { 867 if (stat(CONFFILE, &st) < 0 && !setdefaults(up)) { 868 warn("Can't create `%s' defaults file", CONFFILE); 869 } 870 fp = fopen(CONFFILE, "r"); 871 } 872 if (fp != NULL) { 873 while ((s = fparseln(fp, &len, &lineno, NULL, 0)) != NULL) { 874 if (strncmp(s, "group", 5) == 0) { 875 cp = skipspace(s + 5); 876 memsave(&up->u_primgrp, (char *)cp, strlen(cp)); 877 } else if (strncmp(s, "base_dir", 8) == 0) { 878 cp = skipspace(s + 8); 879 memsave(&up->u_basedir, (char *)cp, strlen(cp)); 880 } else if (strncmp(s, "skel_dir", 8) == 0) { 881 cp = skipspace(s + 8); 882 memsave(&up->u_skeldir, (char *)cp, strlen(cp)); 883 } else if (strncmp(s, "shell", 5) == 0) { 884 cp = skipspace(s + 5); 885 memsave(&up->u_shell, cp, strlen(cp)); 886 #ifdef EXTENSIONS 887 } else if (strncmp((char *)s, "class", 5) == 0) { 888 cp = skipspace(s + 5); 889 memsave(&up->u_class, cp, strlen(cp)); 890 #endif 891 } else if (strncmp(s, "inactive", 8) == 0) { 892 cp = skipspace(s + 8); 893 if (strcmp(cp, UNSET_INACTIVE) == 0) { 894 if (up->u_inactive) { 895 FREE(up->u_inactive); 896 } 897 up->u_inactive = NULL; 898 } else { 899 memsave(&up->u_inactive, cp, strlen(cp)); 900 } 901 #ifdef EXTENSIONS 902 } else if (strncmp(s, "range", 5) == 0) { 903 cp = skipspace(s + 5); 904 (void)save_range(up, cp); 905 #endif 906 #ifdef EXTENSIONS 907 } else if (strncmp(s, "preserve", 8) == 0) { 908 cp = skipspace(s + 8); 909 up->u_preserve = 910 (strncmp(cp, "true", 4) == 0) ? 1 : 911 (strncmp(cp, "yes", 3) == 0) ? 1 : atoi(cp); 912 #endif 913 } else if (strncmp(s, "expire", 6) == 0) { 914 cp = skipspace(s + 6); 915 if (strcmp(cp, UNSET_EXPIRY) == 0) { 916 if (up->u_expire) { 917 FREE(up->u_expire); 918 } 919 up->u_expire = NULL; 920 } else { 921 memsave(&up->u_expire, cp, strlen(cp)); 922 } 923 } 924 (void)free(s); 925 } 926 (void)fclose(fp); 927 } 928 if (up->u_rc == 0) { 929 up->u_rv[up->u_rc].r_from = DEF_LOWUID; 930 up->u_rv[up->u_rc].r_to = DEF_HIGHUID; 931 up->u_rc += 1; 932 } 933 up->u_defrc = up->u_rc; 934 } 935 936 /* return the next valid unused uid */ 937 static int 938 getnextuid(int sync_uid_gid, int *uid, int low_uid, int high_uid) 939 { 940 for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) { 941 if (getpwuid((uid_t)(*uid)) == NULL && *uid != NOBODY_UID) { 942 if (sync_uid_gid) { 943 if (getgrgid((gid_t)(*uid)) == NULL) { 944 return 1; 945 } 946 } else { 947 return 1; 948 } 949 } 950 } 951 return 0; 952 } 953 954 /* structure which defines a password type */ 955 typedef struct passwd_type_t { 956 const char *type; /* optional type descriptor */ 957 size_t desc_length; /* length of type descriptor */ 958 size_t length; /* length of password */ 959 const char *regex; /* regexp to output the password */ 960 size_t re_sub; /* subscript of regexp to use */ 961 } passwd_type_t; 962 963 static passwd_type_t passwd_types[] = { 964 { "$sha1", 5, 28, "\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* SHA1 */ 965 { "$2a", 3, 54, "\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* Blowfish */ 966 { "$1", 2, 34, NULL, 0 }, /* MD5 */ 967 { "", 0, DES_Len,NULL, 0 }, /* standard DES */ 968 { NULL, (size_t)~0, (size_t)~0, NULL, 0 } 969 /* none - terminate search */ 970 }; 971 972 /* return non-zero if it's a valid password - check length for cipher type */ 973 static int 974 valid_password_length(char *newpasswd) 975 { 976 passwd_type_t *pwtp; 977 regmatch_t matchv[10]; 978 regex_t r; 979 980 for (pwtp = passwd_types; pwtp->desc_length != (size_t)~0; pwtp++) { 981 if (strncmp(newpasswd, pwtp->type, pwtp->desc_length) == 0) { 982 if (pwtp->regex == NULL) { 983 return strlen(newpasswd) == pwtp->length; 984 } 985 (void)regcomp(&r, pwtp->regex, REG_EXTENDED); 986 if (regexec(&r, newpasswd, 10, matchv, 0) == 0) { 987 regfree(&r); 988 return (int)(matchv[pwtp->re_sub].rm_eo - 989 matchv[pwtp->re_sub].rm_so + 1) == 990 pwtp->length; 991 } 992 regfree(&r); 993 } 994 } 995 return 0; 996 } 997 998 #ifdef EXTENSIONS 999 static int 1000 valid_class(char *class) 1001 { 1002 login_cap_t *lc; 1003 1004 if (class == NULL || *class == '\0') 1005 return 1; 1006 /* 1007 * Check if /etc/login.conf exists. login_getclass() will 1008 * return 1 due to it not existing, so not informing the 1009 * user the actual login class does not exist. 1010 */ 1011 1012 if (access(PATH_LOGINCONF, R_OK) == -1) { 1013 warn("Access failed for `%s'; will not validate class `%s'", 1014 PATH_LOGINCONF, class); 1015 return 1; 1016 } 1017 1018 if ((lc = login_getclass(class)) != NULL) { 1019 login_close(lc); 1020 return 1; 1021 } 1022 return 0; 1023 } 1024 #endif 1025 1026 /* look for a valid time, return 0 if it was specified but bad */ 1027 static int 1028 scantime(time_t *tp, char *s) 1029 { 1030 struct tm tm; 1031 char *ep; 1032 long val; 1033 1034 *tp = 0; 1035 if (s != NULL) { 1036 (void)memset(&tm, 0, sizeof(tm)); 1037 if (strptime(s, "%c", &tm) != NULL) { 1038 *tp = mktime(&tm); 1039 if (*tp == -1) 1040 return 0; 1041 return 1; 1042 } else if (strptime(s, "%B %d %Y", &tm) != NULL) { 1043 *tp = mktime(&tm); 1044 if (*tp == -1) 1045 return 0; 1046 return 1; 1047 } else { 1048 errno = 0; 1049 *tp = val = strtol(s, &ep, 10); 1050 if (*ep != '\0' || *tp < -1 || errno == ERANGE) { 1051 *tp = 0; 1052 return 0; 1053 } 1054 if (*tp != val) 1055 return 0; 1056 } 1057 } 1058 return 1; 1059 } 1060 1061 /* add a user */ 1062 static int 1063 adduser(char *login_name, user_t *up) 1064 { 1065 struct group *grp; 1066 struct stat st; 1067 time_t expire; 1068 time_t inactive; 1069 char password[PasswordLength + 1]; 1070 char home[MaxFileNameLen]; 1071 char buf[MaxFileNameLen]; 1072 int sync_uid_gid; 1073 int masterfd; 1074 int ptmpfd; 1075 int gid; 1076 int cc; 1077 int i; 1078 1079 if (!valid_login(login_name, up->u_allow_samba)) { 1080 errx(EXIT_FAILURE, "`%s' is not a valid login name", login_name); 1081 } 1082 #ifdef EXTENSIONS 1083 if (!valid_class(up->u_class)) { 1084 errx(EXIT_FAILURE, "No such login class `%s'", up->u_class); 1085 } 1086 #endif 1087 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { 1088 err(EXIT_FAILURE, "Can't open `%s'", _PATH_MASTERPASSWD); 1089 } 1090 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { 1091 err(EXIT_FAILURE, "Can't lock `%s'", _PATH_MASTERPASSWD); 1092 } 1093 pw_init(); 1094 if ((ptmpfd = pw_lock(WAITSECS)) < 0) { 1095 int serrno = errno; 1096 (void)close(masterfd); 1097 errno = serrno; 1098 err(EXIT_FAILURE, "Can't obtain pw_lock"); 1099 } 1100 while ((cc = read(masterfd, buf, sizeof(buf))) > 0) { 1101 if (write(ptmpfd, buf, (size_t)(cc)) != cc) { 1102 int serrno = errno; 1103 (void)close(masterfd); 1104 (void)close(ptmpfd); 1105 (void)pw_abort(); 1106 errno = serrno; 1107 err(EXIT_FAILURE, "Short write to /etc/ptmp " 1108 "(not %d chars)", cc); 1109 } 1110 } 1111 /* if no uid was specified, get next one in [low_uid..high_uid] range */ 1112 sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0); 1113 if (up->u_uid == -1) { 1114 int got_id = 0; 1115 1116 /* 1117 * Look for a free UID in the command line ranges (if any). 1118 * These start after the ranges specified in the config file. 1119 */ 1120 for (i = up->u_defrc; !got_id && i < up->u_rc ; i++) { 1121 got_id = getnextuid(sync_uid_gid, &up->u_uid, 1122 up->u_rv[i].r_from, up->u_rv[i].r_to); 1123 } 1124 /* 1125 * If there were no free UIDs in the command line ranges, 1126 * try the ranges from the config file (there will always 1127 * be at least one default). 1128 */ 1129 for (i = 0; !got_id && i < up->u_defrc; i++) { 1130 got_id = getnextuid(sync_uid_gid, &up->u_uid, 1131 up->u_rv[i].r_from, up->u_rv[i].r_to); 1132 } 1133 if (!got_id) { 1134 (void)close(ptmpfd); 1135 (void)pw_abort(); 1136 errx(EXIT_FAILURE, "can't get next uid for %d", 1137 up->u_uid); 1138 } 1139 } 1140 /* check uid isn't already allocated */ 1141 if (!(up->u_flags & F_DUPUID) && getpwuid((uid_t)(up->u_uid)) != NULL) { 1142 (void)close(ptmpfd); 1143 (void)pw_abort(); 1144 errx(EXIT_FAILURE, "uid %d is already in use", up->u_uid); 1145 } 1146 /* if -g=uid was specified, check gid is unused */ 1147 if (sync_uid_gid) { 1148 if (getgrgid((gid_t)(up->u_uid)) != NULL) { 1149 (void)close(ptmpfd); 1150 (void)pw_abort(); 1151 errx(EXIT_FAILURE, "gid %d is already in use", 1152 up->u_uid); 1153 } 1154 gid = up->u_uid; 1155 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { 1156 gid = grp->gr_gid; 1157 } else if (is_number(up->u_primgrp) && 1158 (grp = getgrgid((gid_t)atoi(up->u_primgrp))) != NULL) { 1159 gid = grp->gr_gid; 1160 } else { 1161 (void)close(ptmpfd); 1162 (void)pw_abort(); 1163 errx(EXIT_FAILURE, "group %s not found", up->u_primgrp); 1164 } 1165 /* check name isn't already in use */ 1166 if (!(up->u_flags & F_DUPUID) && getpwnam(login_name) != NULL) { 1167 (void)close(ptmpfd); 1168 (void)pw_abort(); 1169 errx(EXIT_FAILURE, "already a `%s' user", login_name); 1170 } 1171 if (up->u_flags & F_HOMEDIR) { 1172 (void)strlcpy(home, up->u_home, sizeof(home)); 1173 } else { 1174 /* if home directory hasn't been given, make it up */ 1175 (void)snprintf(home, sizeof(home), "%s/%s", up->u_basedir, 1176 login_name); 1177 } 1178 if (!scantime(&inactive, up->u_inactive)) { 1179 warnx("Warning: inactive time `%s' invalid, password expiry off", 1180 up->u_inactive); 1181 } 1182 if (!scantime(&expire, up->u_expire) || expire == -1) { 1183 warnx("Warning: expire time `%s' invalid, account expiry off", 1184 up->u_expire); 1185 expire = 0; /* Just in case. */ 1186 } 1187 if (lstat(home, &st) < 0 && !(up->u_flags & F_MKDIR)) { 1188 warnx("Warning: home directory `%s' doesn't exist, " 1189 "and -m was not specified", home); 1190 } 1191 password[sizeof(password) - 1] = '\0'; 1192 if (up->u_password != NULL && valid_password_length(up->u_password)) { 1193 (void)strlcpy(password, up->u_password, sizeof(password)); 1194 } else { 1195 (void)memset(password, '*', DES_Len); 1196 password[DES_Len] = 0; 1197 if (up->u_password != NULL) { 1198 warnx("Password `%s' is invalid: setting it to `%s'", 1199 up->u_password, password); 1200 } 1201 } 1202 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n", 1203 login_name, 1204 password, 1205 up->u_uid, 1206 gid, 1207 #ifdef EXTENSIONS 1208 up->u_class, 1209 #else 1210 "", 1211 #endif 1212 (long) inactive, 1213 (long) expire, 1214 up->u_comment, 1215 home, 1216 up->u_shell); 1217 if (write(ptmpfd, buf, (size_t) cc) != cc) { 1218 int serrno = errno; 1219 (void)close(ptmpfd); 1220 (void)pw_abort(); 1221 errno = serrno; 1222 err(EXIT_FAILURE, "Can't add `%s'", buf); 1223 } 1224 if (up->u_flags & F_MKDIR) { 1225 if (lstat(home, &st) == 0) { 1226 (void)close(ptmpfd); 1227 (void)pw_abort(); 1228 errx(EXIT_FAILURE, 1229 "Home directory `%s' already exists", home); 1230 } else { 1231 if (asystem("%s -p %s", MKDIR, home) != 0) { 1232 int serrno = errno; 1233 (void)close(ptmpfd); 1234 (void)pw_abort(); 1235 errno = serrno; 1236 err(EXIT_FAILURE, "Can't mkdir `%s'", home); 1237 } 1238 (void)copydotfiles(up->u_skeldir, up->u_uid, gid, home); 1239 } 1240 } 1241 if (strcmp(up->u_primgrp, "=uid") == 0 && 1242 getgrnam(login_name) == NULL && 1243 !creategid(login_name, gid, login_name)) { 1244 (void)close(ptmpfd); 1245 (void)pw_abort(); 1246 errx(EXIT_FAILURE, "Can't create gid %d for login name %s", 1247 gid, login_name); 1248 } 1249 if (up->u_groupc > 0 && 1250 !append_group(login_name, up->u_groupc, up->u_groupv)) { 1251 (void)close(ptmpfd); 1252 (void)pw_abort(); 1253 errx(EXIT_FAILURE, "Can't append `%s' to new groups", 1254 login_name); 1255 } 1256 (void)close(ptmpfd); 1257 #if PW_MKDB_ARGC == 2 1258 if (pw_mkdb(login_name, 0) < 0) 1259 #else 1260 if (pw_mkdb() < 0) 1261 #endif 1262 { 1263 (void)pw_abort(); 1264 errx(EXIT_FAILURE, "pw_mkdb failed"); 1265 } 1266 syslog(LOG_INFO, "New user added: name=%s, uid=%d, gid=%d, home=%s, " 1267 "shell=%s", login_name, up->u_uid, gid, home, up->u_shell); 1268 return 1; 1269 } 1270 1271 /* remove a user from the groups file */ 1272 static int 1273 rm_user_from_groups(char *login_name) 1274 { 1275 struct stat st; 1276 regmatch_t matchv[10]; 1277 regex_t r; 1278 FILE *from; 1279 FILE *to; 1280 char line[MaxEntryLen]; 1281 char buf[MaxEntryLen]; 1282 char f[MaxFileNameLen]; 1283 int fd; 1284 int cc; 1285 int sc; 1286 1287 (void)snprintf(line, sizeof(line), "(:|,)(%s)(,|$)", login_name); 1288 if ((sc = regcomp(&r, line, REG_EXTENDED|REG_NEWLINE)) != 0) { 1289 (void)regerror(sc, &r, buf, sizeof(buf)); 1290 warnx("Can't compile regular expression `%s' (%s)", line, 1291 buf); 1292 return 0; 1293 } 1294 if ((from = fopen(_PATH_GROUP, "r")) == NULL) { 1295 warn("Can't remove gid for `%s': can't open `%s'", 1296 login_name, _PATH_GROUP); 1297 return 0; 1298 } 1299 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { 1300 warn("can't lock `%s'", _PATH_GROUP); 1301 } 1302 (void)fstat(fileno(from), &st); 1303 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP); 1304 if ((fd = mkstemp(f)) < 0) { 1305 warn("Can't create gid: mkstemp failed"); 1306 (void)fclose(from); 1307 return 0; 1308 } 1309 if ((to = fdopen(fd, "w")) == NULL) { 1310 warn("Can't create gid: fdopen `%s' failed", f); 1311 (void)fclose(from); 1312 (void)close(fd); 1313 (void)unlink(f); 1314 return 0; 1315 } 1316 while (fgets(buf, sizeof(buf), from) != NULL) { 1317 cc = strlen(buf); 1318 if (regexec(&r, buf, 10, matchv, 0) == 0) { 1319 if (buf[(int)matchv[1].rm_so] == ',') { 1320 matchv[2].rm_so = matchv[1].rm_so; 1321 } else if (matchv[2].rm_eo != matchv[3].rm_eo) { 1322 matchv[2].rm_eo = matchv[3].rm_eo; 1323 } 1324 cc -= (int) matchv[2].rm_eo; 1325 sc = (int) matchv[2].rm_so; 1326 if (fwrite(buf, sizeof(char), (size_t)sc, to) != sc || 1327 fwrite(&buf[(int)matchv[2].rm_eo], sizeof(char), 1328 (size_t)cc, to) != cc) { 1329 warn("Can't create gid: short write to `%s'", 1330 f); 1331 (void)fclose(from); 1332 (void)close(fd); 1333 (void)unlink(f); 1334 return 0; 1335 } 1336 } else if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) { 1337 warn("Can't create gid: short write to `%s'", f); 1338 (void)fclose(from); 1339 (void)close(fd); 1340 (void)unlink(f); 1341 return 0; 1342 } 1343 } 1344 (void)fclose(from); 1345 (void)fclose(to); 1346 if (rename(f, _PATH_GROUP) < 0) { 1347 warn("Can't create gid: can't rename `%s' to `%s'", 1348 f, _PATH_GROUP); 1349 (void)unlink(f); 1350 return 0; 1351 } 1352 (void)chmod(_PATH_GROUP, st.st_mode & 07777); 1353 return 1; 1354 } 1355 1356 /* check that the user or group is local, not from YP/NIS */ 1357 static int 1358 is_local(char *name, const char *file) 1359 { 1360 FILE *fp; 1361 char buf[MaxEntryLen]; 1362 size_t len; 1363 int ret; 1364 1365 if ((fp = fopen(file, "r")) == NULL) { 1366 err(EXIT_FAILURE, "Can't open `%s'", file); 1367 } 1368 len = strlen(name); 1369 for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL ; ) { 1370 if (strncmp(buf, name, len) == 0 && buf[len] == ':') { 1371 ret = 1; 1372 break; 1373 } 1374 } 1375 (void)fclose(fp); 1376 return ret; 1377 } 1378 1379 /* modify a user */ 1380 static int 1381 moduser(char *login_name, char *newlogin, user_t *up, int allow_samba) 1382 { 1383 struct passwd *pwp; 1384 struct group *grp; 1385 const char *homedir; 1386 char *locked_pwd; 1387 size_t colonc; 1388 size_t loginc; 1389 size_t len; 1390 size_t cc; 1391 FILE *master; 1392 char newdir[MaxFileNameLen]; 1393 char buf[MaxEntryLen]; 1394 char *colon; 1395 int masterfd; 1396 int ptmpfd; 1397 int error; 1398 1399 if (!valid_login(newlogin, allow_samba)) { 1400 errx(EXIT_FAILURE, "`%s' is not a valid login name", 1401 login_name); 1402 } 1403 if ((pwp = getpwnam(login_name)) == NULL) { 1404 errx(EXIT_FAILURE, "No such user `%s'", login_name); 1405 } 1406 if (!is_local(login_name, _PATH_MASTERPASSWD)) { 1407 errx(EXIT_FAILURE, "User `%s' must be a local user", 1408 login_name); 1409 } 1410 /* keep dir name in case we need it for '-m' */ 1411 homedir = pwp->pw_dir; 1412 1413 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) { 1414 err(EXIT_FAILURE, "Can't open `%s'", _PATH_MASTERPASSWD); 1415 } 1416 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) { 1417 err(EXIT_FAILURE, "Can't lock `%s'", _PATH_MASTERPASSWD); 1418 } 1419 pw_init(); 1420 if ((ptmpfd = pw_lock(WAITSECS)) < 0) { 1421 int serrno = errno; 1422 (void)close(masterfd); 1423 errno = serrno; 1424 err(EXIT_FAILURE, "Can't obtain pw_lock"); 1425 } 1426 if ((master = fdopen(masterfd, "r")) == NULL) { 1427 int serrno = errno; 1428 (void)close(masterfd); 1429 (void)close(ptmpfd); 1430 (void)pw_abort(); 1431 errno = serrno; 1432 err(EXIT_FAILURE, "Can't fdopen fd for %s", _PATH_MASTERPASSWD); 1433 } 1434 if (up != NULL) { 1435 if (up->u_flags & F_USERNAME) { 1436 /* 1437 * If changing name, 1438 * check new name isn't already in use 1439 */ 1440 if (strcmp(login_name, newlogin) != 0 && 1441 getpwnam(newlogin) != NULL) { 1442 (void)close(ptmpfd); 1443 (void)pw_abort(); 1444 errx(EXIT_FAILURE, "Already a `%s' user", 1445 newlogin); 1446 } 1447 pwp->pw_name = newlogin; 1448 1449 /* 1450 * Provide a new directory name in case the 1451 * home directory is to be moved. 1452 */ 1453 if (up->u_flags & F_MKDIR) { 1454 (void)snprintf(newdir, sizeof(newdir), "%s/%s", 1455 up->u_basedir, newlogin); 1456 pwp->pw_dir = newdir; 1457 } 1458 } 1459 if (up->u_flags & F_PASSWORD) { 1460 if (up->u_password != NULL) { 1461 if (!valid_password_length(up->u_password)) { 1462 (void)close(ptmpfd); 1463 (void)pw_abort(); 1464 errx(EXIT_FAILURE, 1465 "Invalid password: `%s'", 1466 up->u_password); 1467 } 1468 if ((locked_pwd = 1469 strstr(pwp->pw_passwd, LOCKED)) != NULL) { 1470 /* 1471 * account is locked - keep it locked 1472 * and just change the password. 1473 */ 1474 if (asprintf(&locked_pwd, "%s%s", 1475 LOCKED, up->u_password) == -1) 1476 err(EXIT_FAILURE, 1477 "asprintf failed"); 1478 pwp->pw_passwd = locked_pwd; 1479 } else 1480 pwp->pw_passwd = up->u_password; 1481 } 1482 } 1483 1484 /* check whether we should lock the account. */ 1485 if (up->u_locked == LOCK) { 1486 /* check to see account if already locked. */ 1487 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) 1488 != NULL) 1489 warnx("Account is already locked"); 1490 else { 1491 if (asprintf(&locked_pwd, "%s%s", LOCKED, 1492 pwp->pw_passwd) == -1) 1493 err(EXIT_FAILURE, "asprintf failed"); 1494 pwp->pw_passwd = locked_pwd; 1495 } 1496 } else if (up->u_locked == UNLOCK) { 1497 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED)) 1498 == NULL) 1499 warnx("Account '%s' is not locked", login_name); 1500 else 1501 pwp->pw_passwd = locked_pwd + strlen(LOCKED); 1502 } 1503 1504 if (up->u_flags & F_UID) { 1505 /* check uid isn't already allocated */ 1506 if (!(up->u_flags & F_DUPUID) && 1507 getpwuid((uid_t)(up->u_uid)) != NULL) { 1508 (void)close(ptmpfd); 1509 (void)pw_abort(); 1510 errx(EXIT_FAILURE, "Uid %d is already in use", 1511 up->u_uid); 1512 } 1513 pwp->pw_uid = up->u_uid; 1514 } 1515 if (up->u_flags & F_GROUP) { 1516 /* if -g=uid was specified, check gid is unused */ 1517 if (strcmp(up->u_primgrp, "=uid") == 0) { 1518 if (getgrgid((gid_t)(up->u_uid)) != NULL) { 1519 (void)close(ptmpfd); 1520 (void)pw_abort(); 1521 errx(EXIT_FAILURE, 1522 "Gid %d is already in use", 1523 up->u_uid); 1524 } 1525 pwp->pw_gid = up->u_uid; 1526 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) { 1527 pwp->pw_gid = grp->gr_gid; 1528 } else if (is_number(up->u_primgrp) && 1529 (grp = getgrgid( 1530 (gid_t)atoi(up->u_primgrp))) != NULL) { 1531 pwp->pw_gid = grp->gr_gid; 1532 } else { 1533 (void)close(ptmpfd); 1534 (void)pw_abort(); 1535 errx(EXIT_FAILURE, "Group %s not found", 1536 up->u_primgrp); 1537 } 1538 } 1539 if (up->u_flags & F_INACTIVE) { 1540 if (!scantime(&pwp->pw_change, up->u_inactive)) { 1541 warnx("Warning: inactive time `%s' invalid, " 1542 "password expiry off", 1543 up->u_inactive); 1544 } 1545 } 1546 if (up->u_flags & F_EXPIRE) { 1547 if (!scantime(&pwp->pw_expire, up->u_expire) || 1548 pwp->pw_expire == -1) { 1549 warnx("Warning: expire time `%s' invalid, " 1550 "account expiry off", 1551 up->u_expire); 1552 pwp->pw_expire = 0; 1553 } 1554 } 1555 if (up->u_flags & F_COMMENT) 1556 pwp->pw_gecos = up->u_comment; 1557 if (up->u_flags & F_HOMEDIR) 1558 pwp->pw_dir = up->u_home; 1559 if (up->u_flags & F_SHELL) 1560 pwp->pw_shell = up->u_shell; 1561 #ifdef EXTENSIONS 1562 if (up->u_flags & F_CLASS) { 1563 if (!valid_class(up->u_class)) { 1564 (void)close(ptmpfd); 1565 (void)pw_abort(); 1566 errx(EXIT_FAILURE, "No such login class `%s'", 1567 up->u_class); 1568 } 1569 pwp->pw_class = up->u_class; 1570 } 1571 #endif 1572 } 1573 loginc = strlen(login_name); 1574 while (fgets(buf, sizeof(buf), master) != NULL) { 1575 if ((colon = strchr(buf, ':')) == NULL) { 1576 warnx("Malformed entry `%s'. Skipping", buf); 1577 continue; 1578 } 1579 colonc = (size_t)(colon - buf); 1580 if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) { 1581 if (up != NULL) { 1582 len = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:" 1583 #ifdef EXTENSIONS 1584 "%s" 1585 #endif 1586 ":%ld:%ld:%s:%s:%s\n", 1587 newlogin, 1588 pwp->pw_passwd, 1589 pwp->pw_uid, 1590 pwp->pw_gid, 1591 #ifdef EXTENSIONS 1592 pwp->pw_class, 1593 #endif 1594 (long)pwp->pw_change, 1595 (long)pwp->pw_expire, 1596 pwp->pw_gecos, 1597 pwp->pw_dir, 1598 pwp->pw_shell); 1599 if (write(ptmpfd, buf, len) != len) { 1600 int serrno = errno; 1601 (void)close(ptmpfd); 1602 (void)pw_abort(); 1603 errno = serrno; 1604 err(EXIT_FAILURE, "Can't add `%s'", 1605 buf); 1606 } 1607 } 1608 } else { 1609 len = strlen(buf); 1610 if ((cc = write(ptmpfd, buf, len)) != len) { 1611 int serrno = errno; 1612 (void)close(masterfd); 1613 (void)close(ptmpfd); 1614 (void)pw_abort(); 1615 errno = serrno; 1616 err(EXIT_FAILURE, "Short write to /etc/ptmp " 1617 "(%ld not %ld chars)", 1618 (unsigned long)cc, 1619 (unsigned long)len); 1620 } 1621 } 1622 } 1623 if (up != NULL) { 1624 if ((up->u_flags & F_MKDIR) && 1625 asystem("%s %s %s", MV, homedir, pwp->pw_dir) != 0) { 1626 int serrno = errno; 1627 (void)close(ptmpfd); 1628 (void)pw_abort(); 1629 errno = serrno; 1630 err(EXIT_FAILURE, "Can't move `%s' to `%s'", 1631 homedir, pwp->pw_dir); 1632 } 1633 if (up->u_groupc > 0 && 1634 !append_group(newlogin, up->u_groupc, up->u_groupv)) { 1635 (void)close(ptmpfd); 1636 (void)pw_abort(); 1637 errx(EXIT_FAILURE, "Can't append `%s' to new groups", 1638 newlogin); 1639 } 1640 } 1641 (void)close(ptmpfd); 1642 #if PW_MKDB_ARGC == 2 1643 if (up != NULL && strcmp(login_name, newlogin) == 0) { 1644 error = pw_mkdb(login_name, 0); 1645 } else { 1646 error = pw_mkdb(NULL, 0); 1647 } 1648 #else 1649 error = pw_mkdb(); 1650 #endif 1651 if (error < 0) { 1652 (void)pw_abort(); 1653 errx(EXIT_FAILURE, "pw_mkdb failed"); 1654 } 1655 if (up == NULL) { 1656 syslog(LOG_INFO, "User removed: name=%s", login_name); 1657 } else if (strcmp(login_name, newlogin) == 0) { 1658 syslog(LOG_INFO, "User information modified: name=%s, uid=%d, " 1659 "gid=%d, home=%s, shell=%s", 1660 login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, 1661 pwp->pw_shell); 1662 } else { 1663 syslog(LOG_INFO, "User information modified: name=%s, " 1664 "new name=%s, uid=%d, gid=%d, home=%s, shell=%s", 1665 login_name, newlogin, pwp->pw_uid, pwp->pw_gid, 1666 pwp->pw_dir, pwp->pw_shell); 1667 } 1668 return 1; 1669 } 1670 1671 #ifdef EXTENSIONS 1672 /* see if we can find out the user struct */ 1673 static struct passwd * 1674 find_user_info(const char *name) 1675 { 1676 struct passwd *pwp; 1677 1678 if ((pwp = getpwnam(name)) != NULL) { 1679 return pwp; 1680 } 1681 if (is_number(name) && (pwp = getpwuid((uid_t)atoi(name))) != NULL) { 1682 return pwp; 1683 } 1684 return NULL; 1685 } 1686 #endif 1687 1688 /* see if we can find out the group struct */ 1689 static struct group * 1690 find_group_info(const char *name) 1691 { 1692 struct group *grp; 1693 1694 if ((grp = getgrnam(name)) != NULL) { 1695 return grp; 1696 } 1697 if (is_number(name) && (grp = getgrgid((gid_t)atoi(name))) != NULL) { 1698 return grp; 1699 } 1700 return NULL; 1701 } 1702 1703 /* print out usage message, and then exit */ 1704 void 1705 usermgmt_usage(const char *prog) 1706 { 1707 if (strcmp(prog, "useradd") == 0) { 1708 (void)fprintf(stderr, "usage: %s -D [-F] [-b base-dir] " 1709 "[-e expiry-time] [-f inactive-time]\n" 1710 "\t[-g gid | name | =uid] [-k skel-dir] [-L login-class]\n" 1711 "\t[-r lowuid..highuid] [-s shell]\n", prog); 1712 (void)fprintf(stderr, "usage: %s [-moSv] [-b base-dir] " 1713 "[-c comment] [-d home-dir] [-e expiry-time]\n" 1714 "\t[-f inactive-time] [-G secondary-group] " 1715 "[-g gid | name | =uid]\n" 1716 "\t[-k skeletondir] [-L login-class] [-p password]" 1717 "[-r lowuid..highuid]\n" 1718 "\t[-s shell] [-u uid] user\n", 1719 prog); 1720 } else if (strcmp(prog, "usermod") == 0) { 1721 (void)fprintf(stderr, "usage: %s [-FmoSv] [-C yes/no] " 1722 "[-c comment] [-d home-dir] [-e expiry-time]\n" 1723 "\t[-f inactive] [-G secondary-group] " 1724 "[-g gid | name | =uid]\n" 1725 "\t[-L login-class] [-l new-login] [-p password] " 1726 "[-s shell] [-u uid]\n" 1727 "\tuser\n", prog); 1728 } else if (strcmp(prog, "userdel") == 0) { 1729 (void)fprintf(stderr, "usage: %s -D [-p preserve-value]\n", prog); 1730 (void)fprintf(stderr, 1731 "usage: %s [-rSv] [-p preserve-value] user\n", prog); 1732 #ifdef EXTENSIONS 1733 } else if (strcmp(prog, "userinfo") == 0) { 1734 (void)fprintf(stderr, "usage: %s [-ev] user\n", prog); 1735 #endif 1736 } else if (strcmp(prog, "groupadd") == 0) { 1737 (void)fprintf(stderr, "usage: %s [-ov] [-g gid]" 1738 " [-r lowgid..highgid] group\n", prog); 1739 } else if (strcmp(prog, "groupdel") == 0) { 1740 (void)fprintf(stderr, "usage: %s [-v] group\n", prog); 1741 } else if (strcmp(prog, "groupmod") == 0) { 1742 (void)fprintf(stderr, 1743 "usage: %s [-ov] [-g gid] [-n newname] group\n", prog); 1744 } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) { 1745 (void)fprintf(stderr, 1746 "usage: %s ( add | del | mod | info ) ...\n", prog); 1747 #ifdef EXTENSIONS 1748 } else if (strcmp(prog, "groupinfo") == 0) { 1749 (void)fprintf(stderr, "usage: %s [-ev] group\n", prog); 1750 #endif 1751 } 1752 exit(EXIT_FAILURE); 1753 /* NOTREACHED */ 1754 } 1755 1756 #ifdef EXTENSIONS 1757 #define ADD_OPT_EXTENSIONS "p:r:vL:S" 1758 #else 1759 #define ADD_OPT_EXTENSIONS 1760 #endif 1761 1762 int 1763 useradd(int argc, char **argv) 1764 { 1765 user_t u; 1766 int defaultfield; 1767 int bigD; 1768 int c; 1769 #ifdef EXTENSIONS 1770 int i; 1771 #endif 1772 1773 (void)memset(&u, 0, sizeof(u)); 1774 read_defaults(&u); 1775 u.u_uid = -1; 1776 defaultfield = bigD = 0; 1777 while ((c = getopt(argc, argv, "DFG:b:c:d:e:f:g:k:mou:s:" 1778 ADD_OPT_EXTENSIONS)) != -1) { 1779 switch(c) { 1780 case 'D': 1781 bigD = 1; 1782 break; 1783 case 'F': 1784 /* 1785 * Setting -1 will force the new user to 1786 * change their password as soon as they 1787 * next log in - passwd(5). 1788 */ 1789 defaultfield = 1; 1790 memsave(&u.u_inactive, "-1", strlen("-1")); 1791 break; 1792 case 'G': 1793 while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL && 1794 u.u_groupc < NGROUPS_MAX) { 1795 if (u.u_groupv[u.u_groupc][0] != 0) { 1796 u.u_groupc++; 1797 } 1798 } 1799 if (optarg != NULL) { 1800 warnx("Truncated list of secondary groups " 1801 "to %d entries", NGROUPS_MAX); 1802 } 1803 break; 1804 #ifdef EXTENSIONS 1805 case 'S': 1806 u.u_allow_samba = 1; 1807 break; 1808 #endif 1809 case 'b': 1810 defaultfield = 1; 1811 memsave(&u.u_basedir, optarg, strlen(optarg)); 1812 break; 1813 case 'c': 1814 memsave(&u.u_comment, optarg, strlen(optarg)); 1815 break; 1816 case 'd': 1817 memsave(&u.u_home, optarg, strlen(optarg)); 1818 u.u_flags |= F_HOMEDIR; 1819 break; 1820 case 'e': 1821 defaultfield = 1; 1822 memsave(&u.u_expire, optarg, strlen(optarg)); 1823 break; 1824 case 'f': 1825 defaultfield = 1; 1826 memsave(&u.u_inactive, optarg, strlen(optarg)); 1827 break; 1828 case 'g': 1829 defaultfield = 1; 1830 memsave(&u.u_primgrp, optarg, strlen(optarg)); 1831 break; 1832 case 'k': 1833 defaultfield = 1; 1834 memsave(&u.u_skeldir, optarg, strlen(optarg)); 1835 break; 1836 #ifdef EXTENSIONS 1837 case 'L': 1838 defaultfield = 1; 1839 memsave(&u.u_class, optarg, strlen(optarg)); 1840 break; 1841 #endif 1842 case 'm': 1843 u.u_flags |= F_MKDIR; 1844 break; 1845 case 'o': 1846 u.u_flags |= F_DUPUID; 1847 break; 1848 #ifdef EXTENSIONS 1849 case 'p': 1850 memsave(&u.u_password, optarg, strlen(optarg)); 1851 break; 1852 #endif 1853 #ifdef EXTENSIONS 1854 case 'r': 1855 defaultfield = 1; 1856 (void)save_range(&u, optarg); 1857 break; 1858 #endif 1859 case 's': 1860 defaultfield = 1; 1861 memsave(&u.u_shell, optarg, strlen(optarg)); 1862 break; 1863 case 'u': 1864 u.u_uid = check_numeric(optarg, "uid"); 1865 break; 1866 #ifdef EXTENSIONS 1867 case 'v': 1868 verbose = 1; 1869 break; 1870 #endif 1871 default: 1872 usermgmt_usage("useradd"); 1873 /* NOTREACHED */ 1874 } 1875 } 1876 if (bigD) { 1877 if (defaultfield) { 1878 checkeuid(); 1879 return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; 1880 } 1881 (void)printf("group\t\t%s\n", u.u_primgrp); 1882 (void)printf("base_dir\t%s\n", u.u_basedir); 1883 (void)printf("skel_dir\t%s\n", u.u_skeldir); 1884 (void)printf("shell\t\t%s\n", u.u_shell); 1885 #ifdef EXTENSIONS 1886 (void)printf("class\t\t%s\n", u.u_class); 1887 #endif 1888 (void)printf("inactive\t%s\n", (u.u_inactive == NULL) ? 1889 UNSET_INACTIVE : u.u_inactive); 1890 (void)printf("expire\t\t%s\n", (u.u_expire == NULL) ? 1891 UNSET_EXPIRY : u.u_expire); 1892 #ifdef EXTENSIONS 1893 for (i = 0 ; i < u.u_rc ; i++) { 1894 (void)printf("range\t\t%d..%d\n", 1895 u.u_rv[i].r_from, u.u_rv[i].r_to); 1896 } 1897 #endif 1898 return EXIT_SUCCESS; 1899 } 1900 argc -= optind; 1901 argv += optind; 1902 if (argc != 1) { 1903 usermgmt_usage("useradd"); 1904 } 1905 checkeuid(); 1906 openlog("useradd", LOG_PID, LOG_USER); 1907 return adduser(*argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE; 1908 } 1909 1910 #ifdef EXTENSIONS 1911 #define MOD_OPT_EXTENSIONS "p:vL:S" 1912 #else 1913 #define MOD_OPT_EXTENSIONS 1914 #endif 1915 1916 int 1917 usermod(int argc, char **argv) 1918 { 1919 user_t u; 1920 char newuser[MaxUserNameLen + 1]; 1921 int c, have_new_user; 1922 1923 (void)memset(&u, 0, sizeof(u)); 1924 (void)memset(newuser, 0, sizeof(newuser)); 1925 read_defaults(&u); 1926 have_new_user = 0; 1927 u.u_locked = -1; 1928 while ((c = getopt(argc, argv, "C:FG:c:d:e:f:g:l:mos:u:" 1929 MOD_OPT_EXTENSIONS)) != -1) { 1930 switch(c) { 1931 case 'G': 1932 while ((u.u_groupv[u.u_groupc] = 1933 strsep(&optarg, ",")) != NULL && 1934 u.u_groupc < NGROUPS_MAX) { 1935 if (u.u_groupv[u.u_groupc][0] != 0) { 1936 u.u_groupc++; 1937 } 1938 } 1939 if (optarg != NULL) { 1940 warnx("Truncated list of secondary groups " 1941 "to %d entries", NGROUPS_MAX); 1942 } 1943 u.u_flags |= F_SECGROUP; 1944 break; 1945 #ifdef EXTENSIONS 1946 case 'S': 1947 u.u_allow_samba = 1; 1948 break; 1949 #endif 1950 case 'c': 1951 memsave(&u.u_comment, optarg, strlen(optarg)); 1952 u.u_flags |= F_COMMENT; 1953 break; 1954 case 'C': 1955 if (strcasecmp(optarg, "yes") == 0) 1956 u.u_locked = LOCK; 1957 else if (strcasecmp(optarg, "no") == 0) 1958 u.u_locked = UNLOCK; 1959 else 1960 /* No idea. */ 1961 errx(1, "Please type 'yes' or 'no'"); 1962 1963 break; 1964 case 'F': 1965 memsave(&u.u_inactive, "-1", strlen("-1")); 1966 u.u_flags |= F_INACTIVE; 1967 break; 1968 case 'd': 1969 memsave(&u.u_home, optarg, strlen(optarg)); 1970 u.u_flags |= F_HOMEDIR; 1971 break; 1972 case 'e': 1973 memsave(&u.u_expire, optarg, strlen(optarg)); 1974 u.u_flags |= F_EXPIRE; 1975 break; 1976 case 'f': 1977 memsave(&u.u_inactive, optarg, strlen(optarg)); 1978 u.u_flags |= F_INACTIVE; 1979 break; 1980 case 'g': 1981 memsave(&u.u_primgrp, optarg, strlen(optarg)); 1982 u.u_flags |= F_GROUP; 1983 break; 1984 case 'l': 1985 (void)strlcpy(newuser, optarg, sizeof(newuser)); 1986 have_new_user = 1; 1987 u.u_flags |= F_USERNAME; 1988 break; 1989 #ifdef EXTENSIONS 1990 case 'L': 1991 memsave(&u.u_class, optarg, strlen(optarg)); 1992 u.u_flags |= F_CLASS; 1993 break; 1994 #endif 1995 case 'm': 1996 u.u_flags |= F_MKDIR; 1997 break; 1998 case 'o': 1999 u.u_flags |= F_DUPUID; 2000 break; 2001 #ifdef EXTENSIONS 2002 case 'p': 2003 memsave(&u.u_password, optarg, strlen(optarg)); 2004 u.u_flags |= F_PASSWORD; 2005 break; 2006 #endif 2007 case 's': 2008 memsave(&u.u_shell, optarg, strlen(optarg)); 2009 u.u_flags |= F_SHELL; 2010 break; 2011 case 'u': 2012 u.u_uid = check_numeric(optarg, "uid"); 2013 u.u_flags |= F_UID; 2014 break; 2015 #ifdef EXTENSIONS 2016 case 'v': 2017 verbose = 1; 2018 break; 2019 #endif 2020 default: 2021 usermgmt_usage("usermod"); 2022 /* NOTREACHED */ 2023 } 2024 } 2025 if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) && 2026 !(u.u_flags & F_USERNAME)) { 2027 warnx("Option 'm' useless without 'd' or 'l' -- ignored"); 2028 u.u_flags &= ~F_MKDIR; 2029 } 2030 argc -= optind; 2031 argv += optind; 2032 if (argc != 1) { 2033 usermgmt_usage("usermod"); 2034 } 2035 checkeuid(); 2036 openlog("usermod", LOG_PID, LOG_USER); 2037 return moduser(*argv, (have_new_user) ? newuser : *argv, &u, 2038 u.u_allow_samba) ? EXIT_SUCCESS : EXIT_FAILURE; 2039 } 2040 2041 #ifdef EXTENSIONS 2042 #define DEL_OPT_EXTENSIONS "Dp:vS" 2043 #else 2044 #define DEL_OPT_EXTENSIONS 2045 #endif 2046 2047 int 2048 userdel(int argc, char **argv) 2049 { 2050 struct passwd *pwp; 2051 user_t u; 2052 char password[PasswordLength + 1]; 2053 int defaultfield; 2054 int rmhome; 2055 int bigD; 2056 int c; 2057 2058 (void)memset(&u, 0, sizeof(u)); 2059 read_defaults(&u); 2060 defaultfield = bigD = rmhome = 0; 2061 while ((c = getopt(argc, argv, "r" DEL_OPT_EXTENSIONS)) != -1) { 2062 switch(c) { 2063 #ifdef EXTENSIONS 2064 case 'D': 2065 bigD = 1; 2066 break; 2067 #endif 2068 #ifdef EXTENSIONS 2069 case 'S': 2070 u.u_allow_samba = 1; 2071 break; 2072 #endif 2073 #ifdef EXTENSIONS 2074 case 'p': 2075 defaultfield = 1; 2076 u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 : 2077 (strcmp(optarg, "yes") == 0) ? 1 : 2078 atoi(optarg); 2079 break; 2080 #endif 2081 case 'r': 2082 rmhome = 1; 2083 break; 2084 #ifdef EXTENSIONS 2085 case 'v': 2086 verbose = 1; 2087 break; 2088 #endif 2089 default: 2090 usermgmt_usage("userdel"); 2091 /* NOTREACHED */ 2092 } 2093 } 2094 #ifdef EXTENSIONS 2095 if (bigD) { 2096 if (defaultfield) { 2097 checkeuid(); 2098 return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; 2099 } 2100 (void)printf("preserve\t%s\n", (u.u_preserve) ? "true" : 2101 "false"); 2102 return EXIT_SUCCESS; 2103 } 2104 #endif 2105 argc -= optind; 2106 argv += optind; 2107 if (argc != 1) { 2108 usermgmt_usage("userdel"); 2109 } 2110 checkeuid(); 2111 if ((pwp = getpwnam(*argv)) == NULL) { 2112 warnx("No such user `%s'", *argv); 2113 return EXIT_FAILURE; 2114 } 2115 if (rmhome) 2116 (void)removehomedir(pwp->pw_name, pwp->pw_uid, pwp->pw_dir); 2117 if (u.u_preserve) { 2118 u.u_flags |= F_SHELL; 2119 memsave(&u.u_shell, NOLOGIN, strlen(NOLOGIN)); 2120 (void)memset(password, '*', DES_Len); 2121 password[DES_Len] = 0; 2122 memsave(&u.u_password, password, strlen(password)); 2123 u.u_flags |= F_PASSWORD; 2124 openlog("userdel", LOG_PID, LOG_USER); 2125 return moduser(*argv, *argv, &u, u.u_allow_samba) ? 2126 EXIT_SUCCESS : EXIT_FAILURE; 2127 } 2128 if (!rm_user_from_groups(*argv)) { 2129 return 0; 2130 } 2131 openlog("userdel", LOG_PID, LOG_USER); 2132 return moduser(*argv, *argv, NULL, u.u_allow_samba) ? 2133 EXIT_SUCCESS : EXIT_FAILURE; 2134 } 2135 2136 #ifdef EXTENSIONS 2137 #define GROUP_ADD_OPT_EXTENSIONS "r:v" 2138 #else 2139 #define GROUP_ADD_OPT_EXTENSIONS 2140 #endif 2141 2142 /* add a group */ 2143 int 2144 groupadd(int argc, char **argv) 2145 { 2146 int dupgid; 2147 int gid; 2148 int c; 2149 int lowgid; 2150 int highgid; 2151 2152 gid = -1; 2153 dupgid = 0; 2154 lowgid = LowGid; 2155 highgid = HighGid; 2156 while ((c = getopt(argc, argv, "g:o" GROUP_ADD_OPT_EXTENSIONS)) != -1) { 2157 switch(c) { 2158 case 'g': 2159 gid = check_numeric(optarg, "gid"); 2160 break; 2161 case 'o': 2162 dupgid = 1; 2163 break; 2164 #ifdef EXTENSIONS 2165 case 'r': 2166 if (sscanf(optarg, "%d..%d", &lowgid, &highgid) != 2) { 2167 errx(EXIT_FAILURE, "Bad range `%s'", optarg); 2168 } 2169 break; 2170 case 'v': 2171 verbose = 1; 2172 break; 2173 #endif 2174 default: 2175 usermgmt_usage("groupadd"); 2176 /* NOTREACHED */ 2177 } 2178 } 2179 argc -= optind; 2180 argv += optind; 2181 if (argc != 1) { 2182 usermgmt_usage("groupadd"); 2183 } 2184 checkeuid(); 2185 if (gid < 0 && !getnextgid(&gid, lowgid, highgid)) { 2186 err(EXIT_FAILURE, "Can't add group: can't get next gid"); 2187 } 2188 if (!dupgid && getgrgid((gid_t) gid) != NULL) { 2189 errx(EXIT_FAILURE, "Can't add group: gid %d is a duplicate", 2190 gid); 2191 } 2192 if (!valid_group(*argv)) { 2193 warnx("Invalid group name `%s'", *argv); 2194 } 2195 openlog("groupadd", LOG_PID, LOG_USER); 2196 if (!creategid(*argv, gid, "")) { 2197 errx(EXIT_FAILURE, "Can't add group: problems with %s file", 2198 _PATH_GROUP); 2199 } 2200 return EXIT_SUCCESS; 2201 } 2202 2203 #ifdef EXTENSIONS 2204 #define GROUP_DEL_OPT_EXTENSIONS "v" 2205 #else 2206 #define GROUP_DEL_OPT_EXTENSIONS 2207 #endif 2208 2209 /* remove a group */ 2210 int 2211 groupdel(int argc, char **argv) 2212 { 2213 int c; 2214 2215 while ((c = getopt(argc, argv, "" GROUP_DEL_OPT_EXTENSIONS)) != -1) { 2216 switch(c) { 2217 #ifdef EXTENSIONS 2218 case 'v': 2219 verbose = 1; 2220 break; 2221 #endif 2222 default: 2223 usermgmt_usage("groupdel"); 2224 /* NOTREACHED */ 2225 } 2226 } 2227 argc -= optind; 2228 argv += optind; 2229 if (argc != 1) { 2230 usermgmt_usage("groupdel"); 2231 } 2232 if (getgrnam(*argv) == NULL) { 2233 errx(EXIT_FAILURE, "No such group `%s'", *argv); 2234 } 2235 checkeuid(); 2236 openlog("groupdel", LOG_PID, LOG_USER); 2237 if (!modify_gid(*argv, NULL)) { 2238 errx(EXIT_FAILURE, "Can't change `%s' file", _PATH_GROUP); 2239 } 2240 return EXIT_SUCCESS; 2241 } 2242 2243 #ifdef EXTENSIONS 2244 #define GROUP_MOD_OPT_EXTENSIONS "v" 2245 #else 2246 #define GROUP_MOD_OPT_EXTENSIONS 2247 #endif 2248 2249 /* modify a group */ 2250 int 2251 groupmod(int argc, char **argv) 2252 { 2253 struct group *grp; 2254 char buf[MaxEntryLen]; 2255 char *newname; 2256 char **cpp; 2257 int dupgid; 2258 int gid; 2259 int cc; 2260 int c; 2261 2262 gid = -1; 2263 dupgid = 0; 2264 newname = NULL; 2265 while ((c = getopt(argc, argv, "g:on:" GROUP_MOD_OPT_EXTENSIONS)) != -1) { 2266 switch(c) { 2267 case 'g': 2268 gid = check_numeric(optarg, "gid"); 2269 break; 2270 case 'o': 2271 dupgid = 1; 2272 break; 2273 case 'n': 2274 memsave(&newname, optarg, strlen(optarg)); 2275 break; 2276 #ifdef EXTENSIONS 2277 case 'v': 2278 verbose = 1; 2279 break; 2280 #endif 2281 default: 2282 usermgmt_usage("groupmod"); 2283 /* NOTREACHED */ 2284 } 2285 } 2286 argc -= optind; 2287 argv += optind; 2288 if (argc != 1) { 2289 usermgmt_usage("groupmod"); 2290 } 2291 checkeuid(); 2292 if (gid < 0 && newname == NULL) { 2293 errx(EXIT_FAILURE, "Nothing to change"); 2294 } 2295 if (dupgid && gid < 0) { 2296 errx(EXIT_FAILURE, "Duplicate which gid?"); 2297 } 2298 if ((grp = find_group_info(*argv)) == NULL) { 2299 errx(EXIT_FAILURE, "Can't find group `%s' to modify", *argv); 2300 } 2301 if (!is_local(*argv, _PATH_GROUP)) { 2302 errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv); 2303 } 2304 if (newname != NULL && !valid_group(newname)) { 2305 warnx("Invalid group name `%s'", newname); 2306 } 2307 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:", 2308 (newname) ? newname : grp->gr_name, 2309 grp->gr_passwd, 2310 (gid < 0) ? grp->gr_gid : gid); 2311 for (cpp = grp->gr_mem ; *cpp && cc < sizeof(buf) ; cpp++) { 2312 cc += snprintf(&buf[cc], sizeof(buf) - cc, "%s%s", *cpp, 2313 (cpp[1] == NULL) ? "" : ","); 2314 } 2315 cc += snprintf(&buf[cc], sizeof(buf) - cc, "\n"); 2316 openlog("groupmod", LOG_PID, LOG_USER); 2317 if (!modify_gid(*argv, buf)) { 2318 errx(EXIT_FAILURE, "Can't change %s file", _PATH_GROUP); 2319 } 2320 return EXIT_SUCCESS; 2321 } 2322 2323 #ifdef EXTENSIONS 2324 /* display user information */ 2325 int 2326 userinfo(int argc, char **argv) 2327 { 2328 struct passwd *pwp; 2329 struct group *grp; 2330 char buf[MaxEntryLen]; 2331 char **cpp; 2332 int exists; 2333 int cc; 2334 int i; 2335 2336 exists = 0; 2337 while ((i = getopt(argc, argv, "ev")) != -1) { 2338 switch(i) { 2339 case 'e': 2340 exists = 1; 2341 break; 2342 case 'v': 2343 verbose = 1; 2344 break; 2345 default: 2346 usermgmt_usage("userinfo"); 2347 /* NOTREACHED */ 2348 } 2349 } 2350 argc -= optind; 2351 argv += optind; 2352 if (argc != 1) { 2353 usermgmt_usage("userinfo"); 2354 } 2355 pwp = find_user_info(*argv); 2356 if (exists) { 2357 exit((pwp) ? EXIT_SUCCESS : EXIT_FAILURE); 2358 } 2359 if (pwp == NULL) { 2360 errx(EXIT_FAILURE, "Can't find user `%s'", *argv); 2361 } 2362 (void)printf("login\t%s\n", pwp->pw_name); 2363 (void)printf("passwd\t%s\n", pwp->pw_passwd); 2364 (void)printf("uid\t%d\n", pwp->pw_uid); 2365 for (cc = 0 ; (grp = getgrent()) != NULL ; ) { 2366 for (cpp = grp->gr_mem ; *cpp ; cpp++) { 2367 if (strcmp(*cpp, *argv) == 0 && 2368 grp->gr_gid != pwp->pw_gid) { 2369 cc += snprintf(&buf[cc], sizeof(buf) - cc, 2370 "%s ", grp->gr_name); 2371 } 2372 } 2373 } 2374 if ((grp = getgrgid(pwp->pw_gid)) == NULL) { 2375 (void)printf("groups\t%d %s\n", pwp->pw_gid, buf); 2376 } else { 2377 (void)printf("groups\t%s %s\n", grp->gr_name, buf); 2378 } 2379 (void)printf("change\t%s", pwp->pw_change > 0 ? 2380 ctime(&pwp->pw_change) : pwp->pw_change == -1 ? 2381 "NEXT LOGIN\n" : "NEVER\n"); 2382 (void)printf("class\t%s\n", pwp->pw_class); 2383 (void)printf("gecos\t%s\n", pwp->pw_gecos); 2384 (void)printf("dir\t%s\n", pwp->pw_dir); 2385 (void)printf("shell\t%s\n", pwp->pw_shell); 2386 (void)printf("expire\t%s", pwp->pw_expire ? 2387 ctime(&pwp->pw_expire) : "NEVER\n"); 2388 return EXIT_SUCCESS; 2389 } 2390 #endif 2391 2392 #ifdef EXTENSIONS 2393 /* display user information */ 2394 int 2395 groupinfo(int argc, char **argv) 2396 { 2397 struct group *grp; 2398 char **cpp; 2399 int exists; 2400 int i; 2401 2402 exists = 0; 2403 while ((i = getopt(argc, argv, "ev")) != -1) { 2404 switch(i) { 2405 case 'e': 2406 exists = 1; 2407 break; 2408 case 'v': 2409 verbose = 1; 2410 break; 2411 default: 2412 usermgmt_usage("groupinfo"); 2413 /* NOTREACHED */ 2414 } 2415 } 2416 argc -= optind; 2417 argv += optind; 2418 if (argc != 1) { 2419 usermgmt_usage("groupinfo"); 2420 } 2421 grp = find_group_info(*argv); 2422 if (exists) { 2423 exit((grp) ? EXIT_SUCCESS : EXIT_FAILURE); 2424 } 2425 if (grp == NULL) { 2426 errx(EXIT_FAILURE, "Can't find group `%s'", *argv); 2427 } 2428 (void)printf("name\t%s\n", grp->gr_name); 2429 (void)printf("passwd\t%s\n", grp->gr_passwd); 2430 (void)printf("gid\t%d\n", grp->gr_gid); 2431 (void)printf("members\t"); 2432 for (cpp = grp->gr_mem ; *cpp ; cpp++) { 2433 (void)printf("%s", *cpp); 2434 if (*(cpp + 1)) 2435 (void) printf(", "); 2436 } 2437 (void)fputc('\n', stdout); 2438 return EXIT_SUCCESS; 2439 } 2440 #endif 2441
Indexes created Sat Sep 27 14:09:57 GMT 2025