7 |
* /etc/shadow) for a given user and password. |
* /etc/shadow) for a given user and password. |
8 |
* |
* |
9 |
* Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org> |
* Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org> |
10 |
|
* |
11 |
|
* Modified to be able to add or delete users, groups and users to/from groups |
12 |
|
* by Tito Ragusa <farmatito@tiscali.it> |
13 |
|
* |
14 |
|
* Licensed under GPLv2, see file LICENSE in this tarball for details. |
15 |
*/ |
*/ |
|
|
|
16 |
#include "libbb.h" |
#include "libbb.h" |
17 |
|
|
18 |
#if ENABLE_SELINUX |
#if ENABLE_SELINUX |
37 |
freecon(context); |
freecon(context); |
38 |
} |
} |
39 |
#else |
#else |
40 |
#define check_selinux_update_passwd(username) ((void)0) |
# define check_selinux_update_passwd(username) ((void)0) |
41 |
#endif |
#endif |
42 |
|
|
43 |
int FAST_FUNC update_passwd(const char *filename, const char *username, |
/* |
44 |
const char *new_pw) |
1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL) |
45 |
|
only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser |
46 |
|
|
47 |
|
2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL) |
48 |
|
only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup |
49 |
|
|
50 |
|
3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER) |
51 |
|
only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a' |
52 |
|
like in addgroup and member != NULL |
53 |
|
|
54 |
|
4) delete a user: update_passwd(FILE, USER, NULL, NULL) |
55 |
|
|
56 |
|
5) delete a group: update_passwd(FILE, GROUP, NULL, NULL) |
57 |
|
|
58 |
|
6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER) |
59 |
|
only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL |
60 |
|
|
61 |
|
7) change user's passord: update_passwd(FILE, USER, NEW_PASSWD, NULL) |
62 |
|
only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd |
63 |
|
or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd |
64 |
|
|
65 |
|
This function does not validate the arguments fed to it |
66 |
|
so the calling program should take care of that. |
67 |
|
|
68 |
|
Returns number of lines changed, or -1 on error. |
69 |
|
*/ |
70 |
|
int FAST_FUNC update_passwd(const char *filename, |
71 |
|
const char *name, |
72 |
|
const char *new_passwd, |
73 |
|
const char *member) |
74 |
{ |
{ |
75 |
|
#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP) |
76 |
|
#define member NULL |
77 |
|
#endif |
78 |
struct stat sb; |
struct stat sb; |
79 |
struct flock lock; |
struct flock lock; |
80 |
FILE *old_fp; |
FILE *old_fp; |
81 |
FILE *new_fp; |
FILE *new_fp; |
82 |
char *fnamesfx; |
char *fnamesfx; |
83 |
char *sfx_char; |
char *sfx_char; |
84 |
|
char *name_colon; |
85 |
unsigned user_len; |
unsigned user_len; |
86 |
int old_fd; |
int old_fd; |
87 |
int new_fd; |
int new_fd; |
88 |
int i; |
int i; |
89 |
int cnt = 0; |
int changed_lines; |
90 |
int ret = -1; /* failure */ |
int ret = -1; /* failure */ |
91 |
|
/* used as a bool: "are we modifying /etc/shadow?" */ |
92 |
|
#if ENABLE_FEATURE_SHADOWPASSWDS |
93 |
|
const char *shadow = strstr(filename, "shadow"); |
94 |
|
#else |
95 |
|
# define shadow NULL |
96 |
|
#endif |
97 |
|
|
98 |
filename = xmalloc_follow_symlinks(filename); |
filename = xmalloc_follow_symlinks(filename); |
99 |
if (filename == NULL) |
if (filename == NULL) |
100 |
return -1; |
return ret; |
101 |
|
|
102 |
check_selinux_update_passwd(username); |
check_selinux_update_passwd(name); |
103 |
|
|
104 |
/* New passwd file, "/etc/passwd+" for now */ |
/* New passwd file, "/etc/passwd+" for now */ |
105 |
fnamesfx = xasprintf("%s+", filename); |
fnamesfx = xasprintf("%s+", filename); |
106 |
sfx_char = &fnamesfx[strlen(fnamesfx)-1]; |
sfx_char = &fnamesfx[strlen(fnamesfx)-1]; |
107 |
username = xasprintf("%s:", username); |
name_colon = xasprintf("%s:", name); |
108 |
user_len = strlen(username); |
user_len = strlen(name_colon); |
109 |
|
|
110 |
old_fp = fopen(filename, "r+"); |
if (shadow) |
111 |
if (!old_fp) |
old_fp = fopen(filename, "r+"); |
112 |
|
else |
113 |
|
old_fp = fopen_or_warn(filename, "r+"); |
114 |
|
if (!old_fp) { |
115 |
|
if (shadow) |
116 |
|
ret = 0; /* missing shadow is not an error */ |
117 |
goto free_mem; |
goto free_mem; |
118 |
|
} |
119 |
old_fd = fileno(old_fp); |
old_fd = fileno(old_fp); |
120 |
|
|
121 |
selinux_preserve_fcontext(old_fd); |
selinux_preserve_fcontext(old_fd); |
129 |
if (errno != EEXIST) break; |
if (errno != EEXIST) break; |
130 |
usleep(100000); /* 0.1 sec */ |
usleep(100000); /* 0.1 sec */ |
131 |
} while (--i); |
} while (--i); |
132 |
bb_perror_msg("cannot create '%s'", fnamesfx); |
bb_perror_msg("can't create '%s'", fnamesfx); |
133 |
goto close_old_fp; |
goto close_old_fp; |
134 |
|
|
135 |
created: |
created: |
137 |
fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */ |
fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */ |
138 |
fchown(new_fd, sb.st_uid, sb.st_gid); |
fchown(new_fd, sb.st_uid, sb.st_gid); |
139 |
} |
} |
140 |
new_fp = fdopen(new_fd, "w"); |
errno = 0; |
141 |
if (!new_fp) { |
new_fp = xfdopen_for_write(new_fd); |
|
close(new_fd); |
|
|
goto unlink_new; |
|
|
} |
|
142 |
|
|
143 |
/* Backup file is "/etc/passwd-" */ |
/* Backup file is "/etc/passwd-" */ |
144 |
*sfx_char = '-'; |
*sfx_char = '-'; |
146 |
i = (unlink(fnamesfx) && errno != ENOENT); |
i = (unlink(fnamesfx) && errno != ENOENT); |
147 |
/* Create backup as a hardlink to current */ |
/* Create backup as a hardlink to current */ |
148 |
if (i || link(filename, fnamesfx)) |
if (i || link(filename, fnamesfx)) |
149 |
bb_perror_msg("warning: cannot create backup copy '%s'", fnamesfx); |
bb_perror_msg("warning: can't create backup copy '%s'", |
150 |
|
fnamesfx); |
151 |
*sfx_char = '+'; |
*sfx_char = '+'; |
152 |
|
|
153 |
/* Lock the password file before updating */ |
/* Lock the password file before updating */ |
156 |
lock.l_start = 0; |
lock.l_start = 0; |
157 |
lock.l_len = 0; |
lock.l_len = 0; |
158 |
if (fcntl(old_fd, F_SETLK, &lock) < 0) |
if (fcntl(old_fd, F_SETLK, &lock) < 0) |
159 |
bb_perror_msg("warning: cannot lock '%s'", filename); |
bb_perror_msg("warning: can't lock '%s'", filename); |
160 |
lock.l_type = F_UNLCK; |
lock.l_type = F_UNLCK; |
161 |
|
|
162 |
/* Read current password file, write updated /etc/passwd+ */ |
/* Read current password file, write updated /etc/passwd+ */ |
163 |
|
changed_lines = 0; |
164 |
while (1) { |
while (1) { |
165 |
char *line = xmalloc_fgets(old_fp); |
char *cp, *line; |
166 |
if (!line) break; /* EOF/error */ |
|
167 |
if (strncmp(username, line, user_len) == 0) { |
line = xmalloc_fgetline(old_fp); |
168 |
/* we have a match with "username:"... */ |
if (!line) /* EOF/error */ |
169 |
const char *cp = line + user_len; |
break; |
170 |
/* now cp -> old passwd, skip it: */ |
if (strncmp(name_colon, line, user_len) != 0) { |
171 |
cp = strchrnul(cp, ':'); |
fprintf(new_fp, "%s\n", line); |
172 |
/* now cp -> ':' after old passwd or -> "" */ |
goto next; |
173 |
fprintf(new_fp, "%s%s%s", username, new_pw, cp); |
} |
174 |
cnt++; |
|
175 |
|
/* We have a match with "name:"... */ |
176 |
|
cp = line + user_len; /* move past name: */ |
177 |
|
|
178 |
|
#if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP |
179 |
|
if (member) { |
180 |
|
/* It's actually /etc/group+, not /etc/passwd+ */ |
181 |
|
if (ENABLE_FEATURE_ADDUSER_TO_GROUP |
182 |
|
&& applet_name[0] == 'a' |
183 |
|
) { |
184 |
|
/* Add user to group */ |
185 |
|
fprintf(new_fp, "%s%s%s\n", line, |
186 |
|
last_char_is(line, ':') ? "" : ",", |
187 |
|
member); |
188 |
|
changed_lines++; |
189 |
|
} else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP |
190 |
|
/* && applet_name[0] == 'd' */ |
191 |
|
) { |
192 |
|
/* Delete user from group */ |
193 |
|
char *tmp; |
194 |
|
const char *fmt = "%s"; |
195 |
|
|
196 |
|
/* find the start of the member list: last ':' */ |
197 |
|
cp = strrchr(line, ':'); |
198 |
|
/* cut it */ |
199 |
|
*cp++ = '\0'; |
200 |
|
/* write the cut line name:passwd:gid: |
201 |
|
* or name:!:: */ |
202 |
|
fprintf(new_fp, "%s:", line); |
203 |
|
/* parse the tokens of the member list */ |
204 |
|
tmp = cp; |
205 |
|
while ((cp = strsep(&tmp, ",")) != NULL) { |
206 |
|
if (strcmp(member, cp) != 0) { |
207 |
|
fprintf(new_fp, fmt, cp); |
208 |
|
fmt = ",%s"; |
209 |
|
} else { |
210 |
|
/* found member, skip it */ |
211 |
|
changed_lines++; |
212 |
|
} |
213 |
|
} |
214 |
|
fprintf(new_fp, "\n"); |
215 |
|
} |
216 |
} else |
} else |
217 |
fputs(line, new_fp); |
#endif |
218 |
|
if ((ENABLE_PASSWD && applet_name[0] == 'p') |
219 |
|
|| (ENABLE_CHPASSWD && applet_name[0] == 'c') |
220 |
|
) { |
221 |
|
/* Change passwd */ |
222 |
|
cp = strchrnul(cp, ':'); /* move past old passwd */ |
223 |
|
|
224 |
|
if (shadow && *cp == ':') { |
225 |
|
/* /etc/shadow's field 3 (passwd change date) needs updating */ |
226 |
|
/* move past old change date */ |
227 |
|
cp = strchrnul(cp + 1, ':'); |
228 |
|
/* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */ |
229 |
|
fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd, |
230 |
|
(unsigned)(time(NULL)) / (24*60*60), cp); |
231 |
|
} else { |
232 |
|
/* "name:" + "new_passwd" + ":rest of line" */ |
233 |
|
fprintf(new_fp, "%s%s%s\n", name_colon, new_passwd, cp); |
234 |
|
} |
235 |
|
changed_lines++; |
236 |
|
} /* else delete user or group: skip the line */ |
237 |
|
next: |
238 |
free(line); |
free(line); |
239 |
} |
} |
240 |
|
|
241 |
|
if (changed_lines == 0) { |
242 |
|
#if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP |
243 |
|
if (member) { |
244 |
|
if (ENABLE_ADDGROUP && applet_name[0] == 'a') |
245 |
|
bb_error_msg("can't find %s in %s", name, filename); |
246 |
|
if (ENABLE_DELGROUP && applet_name[0] == 'd') |
247 |
|
bb_error_msg("can't find %s in %s", member, filename); |
248 |
|
} |
249 |
|
#endif |
250 |
|
if ((ENABLE_ADDUSER || ENABLE_ADDGROUP) |
251 |
|
&& applet_name[0] == 'a' && !member |
252 |
|
) { |
253 |
|
/* add user or group */ |
254 |
|
fprintf(new_fp, "%s%s\n", name_colon, new_passwd); |
255 |
|
changed_lines++; |
256 |
|
} |
257 |
|
} |
258 |
|
|
259 |
fcntl(old_fd, F_SETLK, &lock); |
fcntl(old_fd, F_SETLK, &lock); |
260 |
|
|
261 |
/* We do want all of them to execute, thus | instead of || */ |
/* We do want all of them to execute, thus | instead of || */ |
262 |
|
errno = 0; |
263 |
if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp)) |
if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp)) |
264 |
|| rename(fnamesfx, filename) |
|| rename(fnamesfx, filename) |
265 |
) { |
) { |
266 |
/* At least one of those failed */ |
/* At least one of those failed */ |
267 |
|
bb_perror_nomsg(); |
268 |
goto unlink_new; |
goto unlink_new; |
269 |
} |
} |
270 |
ret = cnt; /* whee, success! */ |
/* Success: ret >= 0 */ |
271 |
|
ret = changed_lines; |
272 |
|
|
273 |
unlink_new: |
unlink_new: |
274 |
if (ret < 0) unlink(fnamesfx); |
if (ret < 0) |
275 |
|
unlink(fnamesfx); |
276 |
|
|
277 |
close_old_fp: |
close_old_fp: |
278 |
fclose(old_fp); |
fclose(old_fp); |
280 |
free_mem: |
free_mem: |
281 |
free(fnamesfx); |
free(fnamesfx); |
282 |
free((char *)filename); |
free((char *)filename); |
283 |
free((char *)username); |
free(name_colon); |
284 |
return ret; |
return ret; |
285 |
} |
} |