search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
etc/services - sync with NetBSD-8
[minix.git] / usr.sbin / user / user.c
blob47236a5971786dcc7da4a99e46d0aae143a25687
1 /* $NetBSD: user.c,v 1.131 2012/11/28 11:31:27 blymn Exp $ */
2
3 /*
4 * Copyright (c) 1999 Alistair G. Crooks. All rights reserved.
5 * Copyright (c) 2005 Liam J. Foy. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote
16 * products derived from this software without specific prior written
17 * permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
20 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
25 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31 #include <sys/cdefs.h>
32
33 #ifndef lint
34 __COPYRIGHT("@(#) Copyright (c) 1999\
35 The NetBSD Foundation, Inc. All rights reserved.");
36 __RCSID("$NetBSD: user.c,v 1.131 2012/11/28 11:31:27 blymn Exp $");
37 #endif
38
39 #include <sys/types.h>
40 #include <sys/param.h>
41 #include <sys/stat.h>
42 #include <sys/wait.h>
43
44 #include <ctype.h>
45 #include <dirent.h>
46 #include <err.h>
47 #include <fcntl.h>
48 #include <grp.h>
49 #ifdef EXTENSIONS
50 #include <login_cap.h>
51 #endif
52 #include <pwd.h>
53 #include <regex.h>
54 #include <stdarg.h>
55 #include <stdio.h>
56 #include <stdlib.h>
57 #include <string.h>
58 #include <syslog.h>
59 #include <time.h>
60 #include <unistd.h>
61 #include <util.h>
62 #include <errno.h>
63
64 #include "pathnames.h"
65 #include "defs.h"
66 #include "usermgmt.h"
67
68
69 /* this struct describes a uid range */
70 typedef struct range_t {
71 int r_from; /* low uid */
72 int r_to; /* high uid */
73 } range_t;
74
75 typedef struct rangelist_t {
76 unsigned rl_rsize; /* size of range array */
77 unsigned rl_rc; /* # of ranges */
78 range_t *rl_rv; /* the ranges */
79 unsigned rl_defrc; /* # of ranges in defaults */
80 } rangelist_t;
81
82 /* this struct encapsulates the user and group information */
83 typedef struct user_t {
84 int u_flags; /* see below */
85 int u_uid; /* uid of user */
86 char *u_password; /* encrypted password */
87 char *u_comment; /* comment field */
88 char *u_home; /* home directory */
89 mode_t u_homeperm; /* permissions of home dir */
90 char *u_primgrp; /* primary group */
91 int u_groupc; /* # of secondary groups */
92 const char *u_groupv[NGROUPS_MAX]; /* secondary groups */
93 char *u_shell; /* user's shell */
94 char *u_basedir; /* base directory for home */
95 char *u_expire; /* when password will expire */
96 char *u_inactive; /* when account will expire */
97 char *u_skeldir; /* directory for startup files */
98 char *u_class; /* login class */
99 rangelist_t u_r; /* list of ranges */
100 unsigned u_defrc; /* # of ranges in defaults */
101 int u_preserve; /* preserve uids on deletion */
102 int u_allow_samba; /* allow trailing '$' for samba login names */
103 int u_locked; /* user account lock */
104 } user_t;
105 #define u_rsize u_r.rl_rsize
106 #define u_rc u_r.rl_rc
107 #define u_rv u_r.rl_rv
108 #define u_defrc u_r.rl_defrc
109
110 /* this struct encapsulates the user and group information */
111 typedef struct group_t {
112 rangelist_t g_r; /* list of ranges */
113 } group_t;
114 #define g_rsize g_r.rl_rsize
115 #define g_rc g_r.rl_rc
116 #define g_rv g_r.rl_rv
117 #define g_defrc g_r.rl_defrc
118
119 typedef struct def_t {
120 user_t user;
121 group_t group;
122 } def_t;
123
124 /* flags for which fields of the user_t replace the passwd entry */
125 enum {
126 F_COMMENT = 0x0001,
127 F_DUPUID = 0x0002,
128 F_EXPIRE = 0x0004,
129 F_GROUP = 0x0008,
130 F_HOMEDIR = 0x0010,
131 F_MKDIR = 0x0020,
132 F_INACTIVE = 0x0040,
133 F_PASSWORD = 0x0080,
134 F_SECGROUP = 0x0100,
135 F_SHELL = 0x0200,
136 F_UID = 0x0400,
137 F_USERNAME = 0x0800,
138 F_CLASS = 0x1000
139 };
140
141 #define UNLOCK 0
142 #define LOCK 1
143 #define LOCKED "*LOCKED*"
144
145 #ifndef DEF_GROUP
146 #define DEF_GROUP "users"
147 #endif
148
149 #ifndef DEF_BASEDIR
150 #define DEF_BASEDIR "/home"
151 #endif
152
153 #ifndef DEF_SKELDIR
154 #define DEF_SKELDIR "/etc/skel"
155 #endif
156
157 #ifndef DEF_SHELL
158 #define DEF_SHELL _PATH_BSHELL
159 #endif
160
161 #ifndef DEF_COMMENT
162 #define DEF_COMMENT ""
163 #endif
164
165 #ifndef DEF_LOWUID
166 #define DEF_LOWUID 1000
167 #endif
168
169 #ifndef DEF_HIGHUID
170 #define DEF_HIGHUID 60000
171 #endif
172
173 #ifndef DEF_INACTIVE
174 #define DEF_INACTIVE 0
175 #endif
176
177 #ifndef DEF_EXPIRE
178 #define DEF_EXPIRE NULL
179 #endif
180
181 #ifndef DEF_CLASS
182 #define DEF_CLASS ""
183 #endif
184
185 #ifndef WAITSECS
186 #define WAITSECS 10
187 #endif
188
189 #ifndef NOBODY_UID
190 #define NOBODY_UID 32767
191 #endif
192
193 #ifndef DEF_HOMEPERM
194 #define DEF_HOMEPERM 0755
195 #endif
196
197 /* some useful constants */
198 enum {
199 MaxShellNameLen = 256,
200 MaxFileNameLen = MAXPATHLEN,
201 MaxUserNameLen = LOGIN_NAME_MAX - 1,
202 MaxCommandLen = 2048,
203 MaxEntryLen = 2048,
204 PasswordLength = 2048,
205
206 DES_Len = 13,
207 };
208
209 #define UNSET_INACTIVE "Null (unset)"
210 #define UNSET_EXPIRY "Null (unset)"
211
212 static int asystem(const char *fmt, ...) __printflike(1, 2);
213 static int is_number(const char *);
214 static struct group *find_group_info(const char *);
215 static int verbose;
216
217 static char *
218 skipspace(char *s)
219 {
220 for (; *s && isspace((unsigned char)*s) ; s++) {
221 }
222 return s;
223 }
224
225 static int
226 check_numeric(const char *val, const char *name)
227 {
228 if (!is_number(val)) {
229 errx(EXIT_FAILURE, "When using [-%c %s], "
230 "the %s must be numeric", *name, name, name);
231 }
232 return atoi(val);
233 }
234
235 /* resize *cpp appropriately then assign `n' chars of `s' to it */
236 static void
237 memsave(char **cpp, const char *s, size_t n)
238 {
239 RENEW(char, *cpp, n + 1, exit(1));
240 (void)memcpy(*cpp, s, n);
241 (*cpp)[n] = '\0';
242 }
243
244 /* a replacement for system(3) */
245 static int
246 asystem(const char *fmt, ...)
247 {
248 va_list vp;
249 char buf[MaxCommandLen];
250 int ret;
251
252 va_start(vp, fmt);
253 (void)vsnprintf(buf, sizeof(buf), fmt, vp);
254 va_end(vp);
255 if (verbose) {
256 (void)printf("Command: %s\n", buf);
257 }
258 ret = system(buf);
259 if (ret == -1) {
260 warn("Error running `%s'", buf);
261 } else if (WIFSIGNALED(ret)) {
262 warnx("Error running `%s': Signal %d", buf, WTERMSIG(ret));
263 } else if (WIFEXITED(ret) && WEXITSTATUS(ret) != 0) {
264 warnx("Error running `%s': Exit %d", buf, WEXITSTATUS(ret));
265 }
266 return ret;
267 }
268
269 /* remove a users home directory, returning 1 for success (ie, no problems encountered) */
270 static int
271 removehomedir(struct passwd *pwp)
272 {
273 struct stat st;
274
275 /* userid not root? */
276 if (pwp->pw_uid == 0) {
277 warnx("Not deleting home directory `%s'; userid is 0", pwp->pw_dir);
278 return 0;
279 }
280
281 /* directory exists (and is a directory!) */
282 if (stat(pwp->pw_dir, &st) < 0) {
283 warn("Cannot access home directory `%s'", pwp->pw_dir);
284 return 0;
285 }
286 if (!S_ISDIR(st.st_mode)) {
287 warnx("Home directory `%s' is not a directory", pwp->pw_dir);
288 return 0;
289 }
290
291 /* userid matches directory owner? */
292 if (st.st_uid != pwp->pw_uid) {
293 warnx("User `%s' doesn't own directory `%s', not removed",
294 pwp->pw_name, pwp->pw_dir);
295 return 0;
296 }
297
298 (void)seteuid(pwp->pw_uid);
299 /* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */
300 (void)asystem("%s -rf %s > /dev/null 2>&1 || true", _PATH_RM,
301 pwp->pw_dir);
302 (void)seteuid(0);
303 if (rmdir(pwp->pw_dir) < 0) {
304 warn("Unable to remove all files in `%s'", pwp->pw_dir);
305 return 0;
306 }
307 return 1;
308 }
309
310 /* return 1 if all of `s' is numeric */
311 static int
312 is_number(const char *s)
313 {
314 for ( ; *s ; s++) {
315 if (!isdigit((unsigned char) *s)) {
316 return 0;
317 }
318 }
319 return 1;
320 }
321
322 /*
323 * check that the effective uid is 0 - called from funcs which will
324 * modify data and config files.
325 */
326 static void
327 checkeuid(void)
328 {
329 if (geteuid() != 0) {
330 errx(EXIT_FAILURE, "Program must be run as root");
331 }
332 }
333
334 /* copy any dot files into the user's home directory */
335 static int
336 copydotfiles(char *skeldir, int uid, int gid, char *dir, mode_t homeperm)
337 {
338 struct dirent *dp;
339 DIR *dirp;
340 int n;
341
342 if ((dirp = opendir(skeldir)) == NULL) {
343 warn("Can't open source . files dir `%s'", skeldir);
344 return 0;
345 }
346 for (n = 0; (dp = readdir(dirp)) != NULL && n == 0 ; ) {
347 if (strcmp(dp->d_name, ".") == 0 ||
348 strcmp(dp->d_name, "..") == 0) {
349 continue;
350 }
351 n = 1;
352 }
353 (void)closedir(dirp);
354 if (n == 0) {
355 warnx("No \"dot\" initialisation files found");
356 } else {
357 (void)asystem("cd %s && %s -rw -pe %s . %s",
358 skeldir, _PATH_PAX, (verbose) ? "-v" : "", dir);
359 }
360 (void)asystem("%s -R -h %d:%d %s", _PATH_CHOWN, uid, gid, dir);
361 (void)asystem("%s -R u+w %s", _PATH_CHMOD, dir);
362 #ifdef EXTENSIONS
363 (void)asystem("%s 0%o %s", _PATH_CHMOD, homeperm, dir);
364 #endif
365 return n;
366 }
367
368 /* create a group entry with gid `gid' */
369 static int
370 creategid(char *group, int gid, const char *name)
371 {
372 struct stat st;
373 FILE *from;
374 FILE *to;
375 char buf[MaxEntryLen];
376 char f[MaxFileNameLen];
377 int fd;
378 int cc;
379
380 if (getgrnam(group) != NULL) {
381 warnx("Can't create group `%s': already exists", group);
382 return 0;
383 }
384 #if defined(__minix)
385 /* LSC: Minix flock implementation is a wrapper around fctl, which
386 * requires writeable fds for LOCK_EX to succeed. */
387 if ((from = fopen(_PATH_GROUP, "r+")) == NULL) {
388 #else
389 if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
390 #endif /* defined(__minix) */
391 warn("Can't create group `%s': can't open `%s'", name,
392 _PATH_GROUP);
393 return 0;
394 }
395 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) {
396 warn("Can't lock `%s'", _PATH_GROUP);
397 (void)fclose(from);
398 return 0;
399 }
400 (void)fstat(fileno(from), &st);
401 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP);
402 if ((fd = mkstemp(f)) < 0) {
403 warn("Can't create group `%s': mkstemp failed", group);
404 (void)fclose(from);
405 return 0;
406 }
407 if ((to = fdopen(fd, "w")) == NULL) {
408 warn("Can't create group `%s': fdopen `%s' failed",
409 group, f);
410 (void)fclose(from);
411 (void)close(fd);
412 (void)unlink(f);
413 return 0;
414 }
415 while ((cc = fread(buf, sizeof(char), sizeof(buf), from)) > 0) {
416 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) {
417 warn("Can't create group `%s': short write to `%s'",
418 group, f);
419 (void)fclose(from);
420 (void)close(fd);
421 (void)unlink(f);
422 return 0;
423 }
424 }
425 (void)fprintf(to, "%s:*:%d:%s\n", group, gid, name);
426 (void)fclose(from);
427 (void)fclose(to);
428 if (rename(f, _PATH_GROUP) < 0) {
429 warn("Can't create group `%s': can't rename `%s' to `%s'",
430 group, f, _PATH_GROUP);
431 (void)unlink(f);
432 return 0;
433 }
434 (void)chmod(_PATH_GROUP, st.st_mode & 07777);
435 syslog(LOG_INFO, "New group added: name=%s, gid=%d", group, gid);
436 return 1;
437 }
438
439 /* modify the group entry with name `group' to be newent */
440 static int
441 modify_gid(char *group, char *newent)
442 {
443 struct stat st;
444 FILE *from;
445 FILE *to;
446 char buf[MaxEntryLen];
447 char f[MaxFileNameLen];
448 char *colon;
449 int groupc;
450 int entc;
451 int fd;
452 int cc;
453
454 #if defined(__minix)
455 /* LSC: Minix flock implementation is a wrapper around fctl, which
456 * requires writeable fds for LOCK_EX to succeed. */
457 if ((from = fopen(_PATH_GROUP, "r+")) == NULL) {
458 #else
459 if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
460 #endif /* defined(__minix) */
461 warn("Can't modify group `%s': can't open `%s'",
462 group, _PATH_GROUP);
463 return 0;
464 }
465 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) {
466 warn("Can't modify group `%s': can't lock `%s'",
467 group, _PATH_GROUP);
468 (void)fclose(from);
469 return 0;
470 }
471 (void)fstat(fileno(from), &st);
472 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP);
473 if ((fd = mkstemp(f)) < 0) {
474 warn("Can't modify group `%s': mkstemp failed", group);
475 (void)fclose(from);
476 return 0;
477 }
478 if ((to = fdopen(fd, "w")) == NULL) {
479 warn("Can't modify group `%s': fdopen `%s' failed", group, f);
480 (void)fclose(from);
481 (void)close(fd);
482 (void)unlink(f);
483 return 0;
484 }
485 groupc = strlen(group);
486 while (fgets(buf, sizeof(buf), from) != NULL) {
487 cc = strlen(buf);
488 if ((colon = strchr(buf, ':')) == NULL) {
489 warnx("Badly formed entry `%s'", buf);
490 continue;
491 }
492 entc = (int)(colon - buf);
493 if (entc == groupc &&
494 strncmp(group, buf, (unsigned) entc) == 0) {
495 if (newent == NULL) {
496 struct group *grp_rm;
497 struct passwd *user_pwd;
498
499 /*
500 * Check that the group being removed
501 * isn't any user's Primary group. Just
502 * warn if it is. This could cause problems
503 * if the group GID was reused for a
504 * different purpose.
505 */
506
507 grp_rm = find_group_info(group);
508 while ((user_pwd = getpwent()) != NULL) {
509 if (user_pwd->pw_gid == grp_rm->gr_gid) {
510 warnx("Warning: group `%s'(%d)"
511 " is the primary group of"
512 " `%s'. Use caution if you"
513 " later add this GID.",
514 grp_rm->gr_name,
515 grp_rm->gr_gid, user_pwd->pw_name);
516 }
517 }
518 endpwent();
519 continue;
520 } else {
521 cc = strlen(newent);
522 (void)strlcpy(buf, newent, sizeof(buf));
523 }
524 }
525 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) {
526 warn("Can't modify group `%s': short write to `%s'",
527 group, f);
528 (void)fclose(from);
529 (void)close(fd);
530 (void)unlink(f);
531 return 0;
532 }
533 }
534 (void)fclose(from);
535 (void)fclose(to);
536 if (rename(f, _PATH_GROUP) < 0) {
537 warn("Can't modify group `%s': can't rename `%s' to `%s'",
538 group, f, _PATH_GROUP);
539 (void)unlink(f);
540 return 0;
541 }
542 (void)chmod(_PATH_GROUP, st.st_mode & 07777);
543 if (newent == NULL) {
544 syslog(LOG_INFO, "group deleted: name=%s", group);
545 } else {
546 syslog(LOG_INFO, "group information modified: name=%s", group);
547 }
548 return 1;
549 }
550
551 /* modify the group entries for all `groups', by adding `user' */
552 static int
553 append_group(char *user, int ngroups, const char **groups)
554 {
555 struct group *grp;
556 struct stat st;
557 FILE *from;
558 FILE *to;
559 char buf[MaxEntryLen];
560 char f[MaxFileNameLen];
561 char *colon;
562 int groupc;
563 int entc;
564 int fd;
565 int nc;
566 int cc;
567 int i;
568 int j;
569
570 for (i = 0 ; i < ngroups ; i++) {
571 if ((grp = getgrnam(groups[i])) == NULL) {
572 warnx("Can't append group `%s' for user `%s'",
573 groups[i], user);
574 } else {
575 for (j = 0 ; grp->gr_mem[j] ; j++) {
576 if (strcmp(user, grp->gr_mem[j]) == 0) {
577 /* already in it */
578 groups[i] = "";
579 }
580 }
581 }
582 }
583 #if defined(__minix)
584 /* LSC: Minix flock implementation is a wrapper around fctl, which
585 * requires writeable fds for LOCK_EX to succeed. */
586 if ((from = fopen(_PATH_GROUP, "r+")) == NULL) {
587 #else
588 if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
589 #endif /* defined(__minix) */
590 warn("Can't append group(s) for `%s': can't open `%s'",
591 user, _PATH_GROUP);
592 return 0;
593 }
594 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) {
595 warn("Can't append group(s) for `%s': can't lock `%s'",
596 user, _PATH_GROUP);
597 (void)fclose(from);
598 return 0;
599 }
600 (void)fstat(fileno(from), &st);
601 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP);
602 if ((fd = mkstemp(f)) < 0) {
603 warn("Can't append group(s) for `%s': mkstemp failed",
604 user);
605 (void)fclose(from);
606 return 0;
607 }
608 if ((to = fdopen(fd, "w")) == NULL) {
609 warn("Can't append group(s) for `%s': fdopen `%s' failed",
610 user, f);
611 (void)fclose(from);
612 (void)close(fd);
613 (void)unlink(f);
614 return 0;
615 }
616 while (fgets(buf, sizeof(buf), from) != NULL) {
617 cc = strlen(buf);
618 if ((colon = strchr(buf, ':')) == NULL) {
619 warnx("Badly formed entry `%s'", buf);
620 continue;
621 }
622 entc = (int)(colon - buf);
623 for (i = 0 ; i < ngroups ; i++) {
624 if ((groupc = strlen(groups[i])) == 0) {
625 continue;
626 }
627 if (entc == groupc &&
628 strncmp(groups[i], buf, (unsigned) entc) == 0) {
629 if ((nc = snprintf(&buf[cc - 1],
630 sizeof(buf) - cc + 1, "%s%s\n",
631 (buf[cc - 2] == ':') ? "" : ",", user)) < 0) {
632 warnx("Warning: group `%s' "
633 "entry too long", groups[i]);
634 }
635 cc += nc - 1;
636 }
637 }
638 if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) {
639 warn("Can't append group(s) for `%s':"
640 " short write to `%s'", user, f);
641 (void)fclose(from);
642 (void)close(fd);
643 (void)unlink(f);
644 return 0;
645 }
646 }
647 (void)fclose(from);
648 (void)fclose(to);
649 if (rename(f, _PATH_GROUP) < 0) {
650 warn("Can't append group(s) for `%s': "
651 "can't rename `%s' to `%s'", user, f, _PATH_GROUP);
652 (void)unlink(f);
653 return 0;
654 }
655 (void)chmod(_PATH_GROUP, st.st_mode & 07777);
656 return 1;
657 }
658
659 /* the valid characters for login and group names */
660 #define VALID_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '_' || (c) == '-')
661
662 /* return 1 if `login' is a valid login name */
663 static int
664 valid_login(char *login_name, int allow_samba)
665 {
666 unsigned char *cp;
667
668 /* First character of a login name cannot be '-'. */
669 if (*login_name == '-') {
670 return 0;
671 }
672 if (strlen(login_name) >= LOGIN_NAME_MAX) {
673 return 0;
674 }
675 for (cp = (unsigned char *)login_name ; *cp ; cp++) {
676 if (!VALID_CHAR(*cp)) {
677 #ifdef EXTENSIONS
678 /* check for a trailing '$' in a Samba user name */
679 if (allow_samba && *cp == '$' && *(cp + 1) == 0x0) {
680 return 1;
681 }
682 #endif
683 return 0;
684 }
685 }
686 return 1;
687 }
688
689 /* return 1 if `group' is a valid group name */
690 static int
691 valid_group(char *group)
692 {
693 unsigned char *cp;
694
695 for (cp = (unsigned char *)group; *cp; cp++) {
696 if (!VALID_CHAR(*cp)) {
697 return 0;
698 }
699 }
700 return 1;
701 }
702
703 /* find the next gid in the range lo .. hi */
704 static int
705 getnextgid(int *gidp, int lo, int hi)
706 {
707 for (*gidp = lo ; *gidp < hi ; *gidp += 1) {
708 if (getgrgid((gid_t)*gidp) == NULL) {
709 return 1;
710 }
711 }
712 return 0;
713 }
714
715 #ifdef EXTENSIONS
716 /* save a range of uids */
717 static int
718 save_range(rangelist_t *rlp, char *cp)
719 {
720 int from;
721 int to;
722 int i;
723
724 if (rlp->rl_rsize == 0) {
725 rlp->rl_rsize = 32;
726 NEWARRAY(range_t, rlp->rl_rv, rlp->rl_rsize, return(0));
727 } else if (rlp->rl_rc == rlp->rl_rsize) {
728 rlp->rl_rsize *= 2;
729 RENEW(range_t, rlp->rl_rv, rlp->rl_rsize, return(0));
730 }
731 if (rlp->rl_rv && sscanf(cp, "%d..%d", &from, &to) == 2) {
732 for (i = rlp->rl_defrc ; i < rlp->rl_rc ; i++) {
733 if (rlp->rl_rv[i].r_from == from &&
734 rlp->rl_rv[i].r_to == to) {
735 break;
736 }
737 }
738 if (i == rlp->rl_rc) {
739 rlp->rl_rv[rlp->rl_rc].r_from = from;
740 rlp->rl_rv[rlp->rl_rc].r_to = to;
741 rlp->rl_rc += 1;
742 }
743 } else {
744 warnx("Bad range `%s'", cp);
745 return 0;
746 }
747 return 1;
748 }
749 #endif
750
751 /* set the defaults in the defaults file */
752 static int
753 setdefaults(user_t *up)
754 {
755 char template[MaxFileNameLen];
756 FILE *fp;
757 int ret;
758 int fd;
759 #ifdef EXTENSIONS
760 int i;
761 #endif
762
763 (void)snprintf(template, sizeof(template), "%s.XXXXXX",
764 _PATH_USERMGMT_CONF);
765 if ((fd = mkstemp(template)) < 0) {
766 warn("Can't set defaults: can't mkstemp `%s' for writing",
767 _PATH_USERMGMT_CONF);
768 return 0;
769 }
770 if ((fp = fdopen(fd, "w")) == NULL) {
771 warn("Can't set defaults: can't fdopen `%s' for writing",
772 _PATH_USERMGMT_CONF);
773 return 0;
774 }
775 ret = 1;
776 if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 ||
777 fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 ||
778 fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 ||
779 fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 ||
780 #ifdef EXTENSIONS
781 fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 ||
782 fprintf(fp, "homeperm\t0%o\n", up->u_homeperm) <= 0 ||
783 #endif
784 fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL) ?
785 UNSET_INACTIVE : up->u_inactive) <= 0 ||
786 fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL) ?
787 UNSET_EXPIRY : up->u_expire) <= 0 ||
788 fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ?
789 "false" : "true") <= 0) {
790 warn("Can't write to `%s'", _PATH_USERMGMT_CONF);
791 ret = 0;
792 }
793 #ifdef EXTENSIONS
794 for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0;
795 i < up->u_rc ; i++) {
796 if (fprintf(fp, "range\t\t%d..%d\n", up->u_rv[i].r_from,
797 up->u_rv[i].r_to) <= 0) {
798 warn("Can't set defaults: can't write to `%s'",
799 _PATH_USERMGMT_CONF);
800 ret = 0;
801 }
802 }
803 #endif
804 (void)fclose(fp);
805 if (ret) {
806 ret = ((rename(template, _PATH_USERMGMT_CONF) == 0) &&
807 (chmod(_PATH_USERMGMT_CONF, 0644) == 0));
808 }
809 return ret;
810 }
811
812 /* read the defaults file */
813 static void
814 read_defaults(def_t *dp)
815 {
816 struct stat st;
817 size_t lineno;
818 size_t len;
819 FILE *fp;
820 char *cp;
821 char *s;
822 user_t *up = &dp->user;
823 group_t *gp = &dp->group;
824
825 (void)memset(dp, 0, sizeof(*dp));
826
827 memsave(&up->u_primgrp, DEF_GROUP, strlen(DEF_GROUP));
828 memsave(&up->u_basedir, DEF_BASEDIR, strlen(DEF_BASEDIR));
829 memsave(&up->u_skeldir, DEF_SKELDIR, strlen(DEF_SKELDIR));
830 memsave(&up->u_shell, DEF_SHELL, strlen(DEF_SHELL));
831 memsave(&up->u_comment, DEF_COMMENT, strlen(DEF_COMMENT));
832 #ifdef EXTENSIONS
833 memsave(&up->u_class, DEF_CLASS, strlen(DEF_CLASS));
834 #endif
835 up->u_rsize = 16;
836 up->u_defrc = 0;
837 NEWARRAY(range_t, up->u_rv, up->u_rsize, exit(1));
838 up->u_inactive = DEF_INACTIVE;
839 up->u_expire = DEF_EXPIRE;
840 gp->g_rsize = 16;
841 gp->g_defrc = 0;
842 NEWARRAY(range_t, gp->g_rv, gp->g_rsize, exit(1));
843 if ((fp = fopen(_PATH_USERMGMT_CONF, "r")) == NULL) {
844 if (stat(_PATH_USERMGMT_CONF, &st) < 0 && !setdefaults(up)) {
845 warn("Can't create `%s' defaults file",
846 _PATH_USERMGMT_CONF);
847 }
848 fp = fopen(_PATH_USERMGMT_CONF, "r");
849 }
850 if (fp != NULL) {
851 while ((s = fparseln(fp, &len, &lineno, NULL, 0)) != NULL) {
852 if (strncmp(s, "group", 5) == 0) {
853 cp = skipspace(s + 5);
854 memsave(&up->u_primgrp, (char *)cp, strlen(cp));
855 } else if (strncmp(s, "base_dir", 8) == 0) {
856 cp = skipspace(s + 8);
857 memsave(&up->u_basedir, (char *)cp, strlen(cp));
858 } else if (strncmp(s, "skel_dir", 8) == 0) {
859 cp = skipspace(s + 8);
860 memsave(&up->u_skeldir, (char *)cp, strlen(cp));
861 } else if (strncmp(s, "shell", 5) == 0) {
862 cp = skipspace(s + 5);
863 memsave(&up->u_shell, cp, strlen(cp));
864 #ifdef EXTENSIONS
865 } else if (strncmp((char *)s, "class", 5) == 0) {
866 cp = skipspace(s + 5);
867 memsave(&up->u_class, cp, strlen(cp));
868 #endif
869 #ifdef EXTENSIONS
870 } else if (strncmp(s, "homeperm", 8) == 0) {
871 for (cp = s + 8; *cp &&
872 isspace((unsigned char)*cp); cp++)
873 ;
874 up->u_homeperm = strtoul(cp, NULL, 8);
875 #endif
876 } else if (strncmp(s, "inactive", 8) == 0) {
877 cp = skipspace(s + 8);
878 if (strcmp(cp, UNSET_INACTIVE) == 0) {
879 if (up->u_inactive) {
880 FREE(up->u_inactive);
881 }
882 up->u_inactive = NULL;
883 } else {
884 memsave(&up->u_inactive, cp, strlen(cp));
885 }
886 #ifdef EXTENSIONS
887 } else if (strncmp(s, "range", 5) == 0) {
888 cp = skipspace(s + 5);
889 (void)save_range(&up->u_r, cp);
890 #endif
891 #ifdef EXTENSIONS
892 } else if (strncmp(s, "preserve", 8) == 0) {
893 cp = skipspace(s + 8);
894 up->u_preserve =
895 (strncmp(cp, "true", 4) == 0) ? 1 :
896 (strncmp(cp, "yes", 3) == 0) ? 1 : atoi(cp);
897 #endif
898 } else if (strncmp(s, "expire", 6) == 0) {
899 cp = skipspace(s + 6);
900 if (strcmp(cp, UNSET_EXPIRY) == 0) {
901 if (up->u_expire) {
902 FREE(up->u_expire);
903 }
904 up->u_expire = NULL;
905 } else {
906 memsave(&up->u_expire, cp, strlen(cp));
907 }
908 #ifdef EXTENSIONS
909 } else if (strncmp(s, "gid_range", 9) == 0) {
910 cp = skipspace(s + 9);
911 (void)save_range(&gp->g_r, cp);
912 #endif
913 }
914 (void)free(s);
915 }
916 (void)fclose(fp);
917 }
918 if (up->u_rc == 0) {
919 up->u_rv[up->u_rc].r_from = DEF_LOWUID;
920 up->u_rv[up->u_rc].r_to = DEF_HIGHUID;
921 up->u_rc += 1;
922 }
923 up->u_defrc = up->u_rc;
924 up->u_homeperm = DEF_HOMEPERM;
925 }
926
927 /* return the next valid unused uid */
928 static int
929 getnextuid(int sync_uid_gid, int *uid, int low_uid, int high_uid)
930 {
931 for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) {
932 if (getpwuid((uid_t)(*uid)) == NULL && *uid != NOBODY_UID) {
933 if (sync_uid_gid) {
934 if (getgrgid((gid_t)(*uid)) == NULL) {
935 return 1;
936 }
937 } else {
938 return 1;
939 }
940 }
941 }
942 return 0;
943 }
944
945 /* structure which defines a password type */
946 typedef struct passwd_type_t {
947 const char *type; /* optional type descriptor */
948 size_t desc_length; /* length of type descriptor */
949 size_t length; /* length of password */
950 const char *regex; /* regexp to output the password */
951 size_t re_sub; /* subscript of regexp to use */
952 } passwd_type_t;
953
954 static passwd_type_t passwd_types[] = {
955 { "$sha1", 5, 28, "\\$[^$]+\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* SHA1 */
956 { "$2a", 3, 53, "\\$[^$]+\\$[^$]+\\$(.*)", 1 }, /* Blowfish */
957 { "$1", 2, 34, NULL, 0 }, /* MD5 */
958 { "", 0, DES_Len,NULL, 0 }, /* standard DES */
959 { NULL, (size_t)~0, (size_t)~0, NULL, 0 }
960 /* none - terminate search */
961 };
962
963 /* return non-zero if it's a valid password - check length for cipher type */
964 static int
965 valid_password_length(char *newpasswd)
966 {
967 passwd_type_t *pwtp;
968 regmatch_t matchv[10];
969 regex_t r;
970
971 for (pwtp = passwd_types; pwtp->desc_length != (size_t)~0; pwtp++) {
972 if (strncmp(newpasswd, pwtp->type, pwtp->desc_length) == 0) {
973 if (pwtp->regex == NULL) {
974 return strlen(newpasswd) == pwtp->length;
975 }
976 (void)regcomp(&r, pwtp->regex, REG_EXTENDED);
977 if (regexec(&r, newpasswd, 10, matchv, 0) == 0) {
978 regfree(&r);
979 return (int)(matchv[pwtp->re_sub].rm_eo -
980 matchv[pwtp->re_sub].rm_so) ==
981 pwtp->length;
982 }
983 regfree(&r);
984 }
985 }
986 return 0;
987 }
988
989 #ifdef EXTENSIONS
990 /* return 1 if `class' is a valid login class */
991 static int
992 valid_class(char *class)
993 {
994 login_cap_t *lc;
995
996 if (class == NULL || *class == '\0') {
997 return 1;
998 }
999 /*
1000 * Check if /etc/login.conf exists. login_getclass() will
1001 * return 1 due to it not existing, so not informing the
1002 * user the actual login class does not exist.
1003 */
1004
1005 if (access(_PATH_LOGINCONF, R_OK) == -1) {
1006 warn("Access failed for `%s'; will not validate class `%s'",
1007 _PATH_LOGINCONF, class);
1008 return 1;
1009 }
1010
1011 if ((lc = login_getclass(class)) != NULL) {
1012 login_close(lc);
1013 return 1;
1014 }
1015 return 0;
1016 }
1017
1018 /* return 1 if the `shellname' is a valid user shell */
1019 static int
1020 valid_shell(const char *shellname)
1021 {
1022 char *shellp;
1023
1024 if (access(_PATH_SHELLS, R_OK) == -1) {
1025 /* Don't exit */
1026 warn("Access failed for `%s'; will not validate shell `%s'",
1027 _PATH_SHELLS, shellname);
1028 return 1;
1029 }
1030
1031 /* if nologin is used as a shell, consider it a valid shell */
1032 if (strcmp(shellname, _PATH_SBIN_NOLOGIN) == 0)
1033 return 1;
1034
1035 while ((shellp = getusershell()) != NULL)
1036 if (strcmp(shellp, shellname) == 0)
1037 return 1;
1038
1039 warnx("Shell `%s' not found in `%s'", shellname, _PATH_SHELLS);
1040
1041 return access(shellname, X_OK) != -1;
1042 }
1043 #endif
1044
1045 /* look for a valid time, return 0 if it was specified but bad */
1046 static int
1047 scantime(time_t *tp, char *s)
1048 {
1049 struct tm tm;
1050 char *ep;
1051 long val;
1052
1053 *tp = 0;
1054 if (s != NULL) {
1055 (void)memset(&tm, 0, sizeof(tm));
1056 if (strptime(s, "%c", &tm) != NULL) {
1057 *tp = mktime(&tm);
1058 return (*tp == -1) ? 0 : 1;
1059 } else if (strptime(s, "%B %d %Y", &tm) != NULL) {
1060 *tp = mktime(&tm);
1061 return (*tp == -1) ? 0 : 1;
1062 } else {
1063 errno = 0;
1064 *tp = val = strtol(s, &ep, 10);
1065 if (*ep != '\0' || *tp < -1 || errno == ERANGE) {
1066 *tp = 0;
1067 return 0;
1068 }
1069 if (*tp != val) {
1070 return 0;
1071 }
1072 }
1073 }
1074 return 1;
1075 }
1076
1077 /* add a user */
1078 static int
1079 adduser(char *login_name, user_t *up)
1080 {
1081 struct group *grp;
1082 struct stat st;
1083 time_t expire;
1084 time_t inactive;
1085 char password[PasswordLength + 1];
1086 char home[MaxFileNameLen];
1087 char buf[MaxFileNameLen];
1088 int sync_uid_gid;
1089 int masterfd;
1090 int ptmpfd;
1091 int gid;
1092 int cc;
1093 int i;
1094
1095 if (!valid_login(login_name, up->u_allow_samba)) {
1096 errx(EXIT_FAILURE, "Can't add user `%s': invalid login name", login_name);
1097 }
1098 #ifdef EXTENSIONS
1099 if (!valid_class(up->u_class)) {
1100 errx(EXIT_FAILURE, "Can't add user `%s': no such login class `%s'",
1101 login_name, up->u_class);
1102 }
1103 #endif
1104 #if defined(__minix)
1105 /* LSC: Minix flock implementation is a wrapper around fctl, which
1106 * requires writeable fds for LOCK_EX to succeed. */
1107 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDWR)) < 0) {
1108 #else
1109 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) {
1110 #endif /* defined(__minix) */
1111 err(EXIT_FAILURE, "Can't add user `%s': can't open `%s'",
1112 login_name, _PATH_MASTERPASSWD);
1113 }
1114 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) {
1115 err(EXIT_FAILURE, "Can't add user `%s': can't lock `%s'",
1116 login_name, _PATH_MASTERPASSWD);
1117 }
1118 pw_init();
1119 if ((ptmpfd = pw_lock(WAITSECS)) < 0) {
1120 int serrno = errno;
1121 (void)close(masterfd);
1122 errno = serrno;
1123 err(EXIT_FAILURE, "Can't add user `%s': can't obtain pw_lock",
1124 login_name);
1125 }
1126 while ((cc = read(masterfd, buf, sizeof(buf))) > 0) {
1127 if (write(ptmpfd, buf, (size_t)(cc)) != cc) {
1128 int serrno = errno;
1129 (void)close(masterfd);
1130 (void)close(ptmpfd);
1131 (void)pw_abort();
1132 errno = serrno;
1133 err(EXIT_FAILURE, "Can't add user `%s': "
1134 "short write to /etc/ptmp", login_name);
1135 }
1136 }
1137 (void)close(masterfd);
1138 /* if no uid was specified, get next one in [low_uid..high_uid] range */
1139 sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0);
1140 if (up->u_uid == -1) {
1141 int got_id = 0;
1142
1143 /*
1144 * Look for a free UID in the command line ranges (if any).
1145 * These start after the ranges specified in the config file.
1146 */
1147 for (i = up->u_defrc; !got_id && i < up->u_rc ; i++) {
1148 got_id = getnextuid(sync_uid_gid, &up->u_uid,
1149 up->u_rv[i].r_from, up->u_rv[i].r_to);
1150 }
1151 /*
1152 * If there were no free UIDs in the command line ranges,
1153 * try the ranges from the config file (there will always
1154 * be at least one default).
1155 */
1156 for (i = 0; !got_id && i < up->u_defrc; i++) {
1157 got_id = getnextuid(sync_uid_gid, &up->u_uid,
1158 up->u_rv[i].r_from, up->u_rv[i].r_to);
1159 }
1160 if (!got_id) {
1161 (void)close(ptmpfd);
1162 (void)pw_abort();
1163 errx(EXIT_FAILURE, "Can't add user `%s': "
1164 "can't get next uid for %d", login_name,
1165 up->u_uid);
1166 }
1167 }
1168 /* check uid isn't already allocated */
1169 if (!(up->u_flags & F_DUPUID) && getpwuid((uid_t)(up->u_uid)) != NULL) {
1170 (void)close(ptmpfd);
1171 (void)pw_abort();
1172 errx(EXIT_FAILURE, "Can't add user `%s': "
1173 "uid %d is already in use", login_name, up->u_uid);
1174 }
1175 /* if -g=uid was specified, check gid is unused */
1176 if (sync_uid_gid) {
1177 if (getgrgid((gid_t)(up->u_uid)) != NULL) {
1178 (void)close(ptmpfd);
1179 (void)pw_abort();
1180 errx(EXIT_FAILURE, "Can't add user `%s': "
1181 "gid %d is already in use", login_name,
1182 up->u_uid);
1183 }
1184 gid = up->u_uid;
1185 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) {
1186 gid = grp->gr_gid;
1187 } else if (is_number(up->u_primgrp) &&
1188 (grp = getgrgid((gid_t)atoi(up->u_primgrp))) != NULL) {
1189 gid = grp->gr_gid;
1190 } else {
1191 (void)close(ptmpfd);
1192 (void)pw_abort();
1193 errx(EXIT_FAILURE, "Can't add user `%s': group %s not found",
1194 login_name, up->u_primgrp);
1195 }
1196 /* check name isn't already in use */
1197 if (!(up->u_flags & F_DUPUID) && getpwnam(login_name) != NULL) {
1198 (void)close(ptmpfd);
1199 (void)pw_abort();
1200 errx(EXIT_FAILURE, "Can't add user `%s': "
1201 "`%s' is already a user", login_name, login_name);
1202 }
1203 if (up->u_flags & F_HOMEDIR) {
1204 (void)strlcpy(home, up->u_home, sizeof(home));
1205 } else {
1206 /* if home directory hasn't been given, make it up */
1207 (void)snprintf(home, sizeof(home), "%s/%s", up->u_basedir,
1208 login_name);
1209 }
1210 if (up->u_flags & F_SHELL) {
1211 #ifdef EXTENSIONS
1212 if (!valid_shell(up->u_shell)) {
1213 int oerrno = errno;
1214 (void)close(ptmpfd);
1215 (void)pw_abort();
1216 errno = oerrno;
1217 errx(EXIT_FAILURE, "Can't add user `%s': "
1218 "Cannot access shell `%s'",
1219 login_name, up->u_shell);
1220 }
1221 #endif
1222 }
1223
1224 if (!scantime(&inactive, up->u_inactive)) {
1225 warnx("Warning: inactive time `%s' invalid, password expiry off",
1226 up->u_inactive);
1227 }
1228 if (!scantime(&expire, up->u_expire) || expire == -1) {
1229 warnx("Warning: expire time `%s' invalid, account expiry off",
1230 up->u_expire);
1231 expire = 0; /* Just in case. */
1232 }
1233 if (lstat(home, &st) < 0 && !(up->u_flags & F_MKDIR)) {
1234 warnx("Warning: home directory `%s' doesn't exist, "
1235 "and -m was not specified", home);
1236 }
1237 password[sizeof(password) - 1] = '\0';
1238 if (up->u_password != NULL && valid_password_length(up->u_password)) {
1239 (void)strlcpy(password, up->u_password, sizeof(password));
1240 } else {
1241 (void)memset(password, '*', DES_Len);
1242 password[DES_Len] = 0;
1243 if (up->u_password != NULL) {
1244 warnx("Password `%s' is invalid: setting it to `%s'",
1245 up->u_password, password);
1246 }
1247 }
1248 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
1249 login_name,
1250 password,
1251 up->u_uid,
1252 gid,
1253 #ifdef EXTENSIONS
1254 up->u_class,
1255 #else
1256 "",
1257 #endif
1258 (long) inactive,
1259 (long) expire,
1260 up->u_comment,
1261 home,
1262 up->u_shell);
1263 if (write(ptmpfd, buf, (size_t) cc) != cc) {
1264 int serrno = errno;
1265 (void)close(ptmpfd);
1266 (void)pw_abort();
1267 errno = serrno;
1268 err(EXIT_FAILURE, "Can't add user `%s': write failed",
1269 login_name);
1270 }
1271 if (up->u_flags & F_MKDIR) {
1272 if (lstat(home, &st) == 0) {
1273 (void)close(ptmpfd);
1274 (void)pw_abort();
1275 errx(EXIT_FAILURE,
1276 "Can't add user `%s': home directory `%s' "
1277 "already exists", login_name, home);
1278 } else {
1279 if (asystem("%s -p %s", _PATH_MKDIR, home) != 0) {
1280 (void)close(ptmpfd);
1281 (void)pw_abort();
1282 errx(EXIT_FAILURE, "Can't add user `%s': "
1283 "can't mkdir `%s'", login_name, home);
1284 }
1285 (void)copydotfiles(up->u_skeldir, up->u_uid, gid, home,
1286 up->u_homeperm);
1287 }
1288 }
1289 if (strcmp(up->u_primgrp, "=uid") == 0 &&
1290 getgrnam(login_name) == NULL &&
1291 !creategid(login_name, gid, login_name)) {
1292 (void)close(ptmpfd);
1293 (void)pw_abort();
1294 errx(EXIT_FAILURE, "Can't add user `%s': can't create gid %d ",
1295 login_name, gid);
1296 }
1297 if (up->u_groupc > 0 &&
1298 !append_group(login_name, up->u_groupc, up->u_groupv)) {
1299 (void)close(ptmpfd);
1300 (void)pw_abort();
1301 errx(EXIT_FAILURE, "Can't add user `%s': can't append "
1302 "to new groups", login_name);
1303 }
1304 (void)close(ptmpfd);
1305 #if PW_MKDB_ARGC == 2
1306 if (pw_mkdb(login_name, 0) < 0)
1307 #else
1308 if (pw_mkdb() < 0)
1309 #endif
1310 {
1311 (void)pw_abort();
1312 errx(EXIT_FAILURE, "Can't add user `%s': pw_mkdb failed",
1313 login_name);
1314 }
1315 syslog(LOG_INFO, "New user added: name=%s, uid=%d, gid=%d, home=%s, "
1316 "shell=%s", login_name, up->u_uid, gid, home, up->u_shell);
1317 return 1;
1318 }
1319
1320 /* remove a user from the groups file */
1321 static int
1322 rm_user_from_groups(char *login_name)
1323 {
1324 struct stat st;
1325 regmatch_t matchv[10];
1326 regex_t r;
1327 FILE *from;
1328 FILE *to;
1329 char line[MaxEntryLen];
1330 char buf[MaxEntryLen];
1331 char f[MaxFileNameLen];
1332 int fd;
1333 int cc;
1334 int sc;
1335
1336 (void)snprintf(line, sizeof(line), "(:|,)(%s)(,|$)", login_name);
1337 if ((sc = regcomp(&r, line, REG_EXTENDED|REG_NEWLINE)) != 0) {
1338 (void)regerror(sc, &r, buf, sizeof(buf));
1339 warnx("Can't compile regular expression `%s' (%s)", line,
1340 buf);
1341 return 0;
1342 }
1343 #if defined(__minix)
1344 /* LSC: Minix flock implementation is a wrapper around fctl, which
1345 * requires writeable fds for LOCK_EX to succeed. */
1346 if ((from = fopen(_PATH_GROUP, "r+")) == NULL) {
1347 #else
1348 if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
1349 #endif /* defined(__minix) */
1350 warn("Can't remove user `%s' from `%s': can't open `%s'",
1351 login_name, _PATH_GROUP, _PATH_GROUP);
1352 return 0;
1353 }
1354 if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) {
1355 warn("Can't remove user `%s' from `%s': can't lock `%s'",
1356 login_name, _PATH_GROUP, _PATH_GROUP);
1357 (void)fclose(from);
1358 return 0;
1359 }
1360 (void)fstat(fileno(from), &st);
1361 (void)snprintf(f, sizeof(f), "%s.XXXXXX", _PATH_GROUP);
1362 if ((fd = mkstemp(f)) < 0) {
1363 warn("Can't remove user `%s' from `%s': mkstemp failed",
1364 login_name, _PATH_GROUP);
1365 (void)fclose(from);
1366 return 0;
1367 }
1368 if ((to = fdopen(fd, "w")) == NULL) {
1369 warn("Can't remove user `%s' from `%s': fdopen `%s' failed",
1370 login_name, _PATH_GROUP, f);
1371 (void)fclose(from);
1372 (void)close(fd);
1373 (void)unlink(f);
1374 return 0;
1375 }
1376 while (fgets(buf, sizeof(buf), from) != NULL) {
1377 cc = strlen(buf);
1378 if (regexec(&r, buf, 10, matchv, 0) == 0) {
1379 if (buf[(int)matchv[1].rm_so] == ',') {
1380 matchv[2].rm_so = matchv[1].rm_so;
1381 } else if (matchv[2].rm_eo != matchv[3].rm_eo) {
1382 matchv[2].rm_eo = matchv[3].rm_eo;
1383 }
1384 cc -= (int) matchv[2].rm_eo;
1385 sc = (int) matchv[2].rm_so;
1386 if (fwrite(buf, sizeof(char), (size_t)sc, to) != sc ||
1387 fwrite(&buf[(int)matchv[2].rm_eo], sizeof(char),
1388 (size_t)cc, to) != cc) {
1389 warn("Can't remove user `%s' from `%s': "
1390 "short write to `%s'", login_name,
1391 _PATH_GROUP, f);
1392 (void)fclose(from);
1393 (void)close(fd);
1394 (void)unlink(f);
1395 return 0;
1396 }
1397 } else if (fwrite(buf, sizeof(char), (unsigned) cc, to) != cc) {
1398 warn("Can't remove user `%s' from `%s': "
1399 "short write to `%s'", login_name, _PATH_GROUP, f);
1400 (void)fclose(from);
1401 (void)close(fd);
1402 (void)unlink(f);
1403 return 0;
1404 }
1405 }
1406 (void)fclose(from);
1407 (void)fclose(to);
1408 if (rename(f, _PATH_GROUP) < 0) {
1409 warn("Can't remove user `%s' from `%s': "
1410 "can't rename `%s' to `%s'",
1411 login_name, _PATH_GROUP, f, _PATH_GROUP);
1412 (void)unlink(f);
1413 return 0;
1414 }
1415 (void)chmod(_PATH_GROUP, st.st_mode & 07777);
1416 return 1;
1417 }
1418
1419 /* check that the user or group is local, not from YP/NIS */
1420 static int
1421 is_local(char *name, const char *file)
1422 {
1423 FILE *fp;
1424 char buf[MaxEntryLen];
1425 size_t len;
1426 int ret;
1427
1428 if ((fp = fopen(file, "r")) == NULL) {
1429 err(EXIT_FAILURE, "Can't open `%s'", file);
1430 }
1431 len = strlen(name);
1432 for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL ; ) {
1433 if (strncmp(buf, name, len) == 0 && buf[len] == ':') {
1434 ret = 1;
1435 break;
1436 }
1437 }
1438 (void)fclose(fp);
1439 return ret;
1440 }
1441
1442 /* modify a user */
1443 static int
1444 moduser(char *login_name, char *newlogin, user_t *up, int allow_samba)
1445 {
1446 struct passwd *pwp, pw;
1447 struct group *grp;
1448 const char *homedir;
1449 char *locked_pwd;
1450 size_t colonc;
1451 size_t loginc;
1452 size_t len;
1453 FILE *master;
1454 char newdir[MaxFileNameLen];
1455 char buf[MaxEntryLen];
1456 char pwbuf[MaxEntryLen];
1457 char *colon;
1458 int masterfd;
1459 int ptmpfd;
1460 int error;
1461
1462 if (!valid_login(newlogin, allow_samba)) {
1463 errx(EXIT_FAILURE, "Can't modify user `%s': invalid login name",
1464 login_name);
1465 }
1466 if (getpwnam_r(login_name, &pw, pwbuf, sizeof(pwbuf), &pwp) != 0
1467 || pwp == NULL) {
1468 errx(EXIT_FAILURE, "Can't modify user `%s': no such user",
1469 login_name);
1470 }
1471 if (!is_local(login_name, _PATH_MASTERPASSWD)) {
1472 errx(EXIT_FAILURE, "Can't modify user `%s': must be a local user",
1473 login_name);
1474 }
1475 /* keep dir name in case we need it for '-m' */
1476 homedir = pwp->pw_dir;
1477
1478 #if defined(__minix)
1479 /* LSC: Minix flock implementation is a wrapper around fctl, which
1480 * requires writeable fds for LOCK_EX to succeed. */
1481 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDWR)) < 0) {
1482 #else
1483 if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) {
1484 #endif /* defined(__minix) */
1485 err(EXIT_FAILURE, "Can't modify user `%s': can't open `%s'",
1486 login_name, _PATH_MASTERPASSWD);
1487 }
1488 if (flock(masterfd, LOCK_EX | LOCK_NB) < 0) {
1489 err(EXIT_FAILURE, "Can't modify user `%s': can't lock `%s'",
1490 login_name, _PATH_MASTERPASSWD);
1491 }
1492 pw_init();
1493 if ((ptmpfd = pw_lock(WAITSECS)) < 0) {
1494 int serrno = errno;
1495 (void)close(masterfd);
1496 errno = serrno;
1497 err(EXIT_FAILURE, "Can't modify user `%s': "
1498 "can't obtain pw_lock", login_name);
1499 }
1500 if ((master = fdopen(masterfd, "r")) == NULL) {
1501 int serrno = errno;
1502 (void)close(masterfd);
1503 (void)close(ptmpfd);
1504 (void)pw_abort();
1505 errno = serrno;
1506 err(EXIT_FAILURE, "Can't modify user `%s': "
1507 "fdopen fd for %s", login_name, _PATH_MASTERPASSWD);
1508 }
1509 if (up != NULL) {
1510 if (up->u_flags & F_USERNAME) {
1511 /*
1512 * If changing name,
1513 * check new name isn't already in use
1514 */
1515 if (strcmp(login_name, newlogin) != 0 &&
1516 getpwnam(newlogin) != NULL) {
1517 (void)close(ptmpfd);
1518 (void)pw_abort();
1519 errx(EXIT_FAILURE, "Can't modify user `%s': "
1520 "`%s' is already a user", login_name,
1521 newlogin);
1522 }
1523 pwp->pw_name = newlogin;
1524
1525 /*
1526 * Provide a new directory name in case the
1527 * home directory is to be moved.
1528 */
1529 if (up->u_flags & F_MKDIR) {
1530 (void)snprintf(newdir, sizeof(newdir), "%s/%s",
1531 up->u_basedir, newlogin);
1532 pwp->pw_dir = newdir;
1533 }
1534 }
1535 if (up->u_flags & F_PASSWORD) {
1536 if (up->u_password != NULL) {
1537 if (!valid_password_length(up->u_password)) {
1538 (void)close(ptmpfd);
1539 (void)pw_abort();
1540 errx(EXIT_FAILURE,
1541 "Can't modify user `%s': "
1542 "invalid password: `%s'",
1543 login_name, up->u_password);
1544 }
1545 if ((locked_pwd =
1546 strstr(pwp->pw_passwd, LOCKED)) != NULL) {
1547 /*
1548 * account is locked - keep it locked
1549 * and just change the password.
1550 */
1551 if (asprintf(&locked_pwd, "%s%s",
1552 LOCKED, up->u_password) == -1) {
1553 (void)close(ptmpfd);
1554 (void)pw_abort();
1555 err(EXIT_FAILURE,
1556 "Can't modify user `%s': "
1557 "asprintf failed",
1558 login_name);
1559 }
1560 pwp->pw_passwd = locked_pwd;
1561 } else {
1562 pwp->pw_passwd = up->u_password;
1563 }
1564 }
1565 }
1566
1567 /* check whether we should lock the account. */
1568 if (up->u_locked == LOCK) {
1569 /* check to see account if already locked. */
1570 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED))
1571 != NULL) {
1572 warnx("Account is already locked");
1573 } else {
1574 if (asprintf(&locked_pwd, "%s%s", LOCKED,
1575 pwp->pw_passwd) == -1) {
1576 (void)close(ptmpfd);
1577 (void)pw_abort();
1578 err(EXIT_FAILURE,
1579 "Can't modify user `%s': "
1580 "asprintf failed", login_name);
1581 }
1582 pwp->pw_passwd = locked_pwd;
1583 }
1584 } else if (up->u_locked == UNLOCK) {
1585 if ((locked_pwd = strstr(pwp->pw_passwd, LOCKED))
1586 == NULL) {
1587 warnx("Can't modify user `%s': "
1588 "account is not locked", login_name);
1589 } else {
1590 pwp->pw_passwd = locked_pwd + strlen(LOCKED);
1591 }
1592 }
1593
1594 if (up->u_flags & F_UID) {
1595 /* check uid isn't already allocated */
1596 if (!(up->u_flags & F_DUPUID) &&
1597 getpwuid((uid_t)(up->u_uid)) != NULL) {
1598 (void)close(ptmpfd);
1599 (void)pw_abort();
1600 errx(EXIT_FAILURE, "Can't modify user `%s': "
1601 "uid `%d' is already in use", login_name,
1602 up->u_uid);
1603 }
1604 pwp->pw_uid = up->u_uid;
1605 }
1606 if (up->u_flags & F_GROUP) {
1607 /* if -g=uid was specified, check gid is unused */
1608 if (strcmp(up->u_primgrp, "=uid") == 0) {
1609 if (getgrgid((gid_t)(pwp->pw_uid)) != NULL) {
1610 (void)close(ptmpfd);
1611 (void)pw_abort();
1612 errx(EXIT_FAILURE,
1613 "Can't modify user `%s': "
1614 "gid %d is already in use",
1615 login_name, pwp->pw_uid);
1616 }
1617 pwp->pw_gid = pwp->pw_uid;
1618 if (!creategid(newlogin, pwp->pw_uid, "")) {
1619 errx(EXIT_FAILURE,
1620 "Could not create group %s "
1621 "with uid %d", newlogin,
1622 up->u_uid);
1623 }
1624 } else if ((grp = getgrnam(up->u_primgrp)) != NULL) {
1625 pwp->pw_gid = grp->gr_gid;
1626 } else if (is_number(up->u_primgrp) &&
1627 (grp = getgrgid(
1628 (gid_t)atoi(up->u_primgrp))) != NULL) {
1629 pwp->pw_gid = grp->gr_gid;
1630 } else {
1631 (void)close(ptmpfd);
1632 (void)pw_abort();
1633 errx(EXIT_FAILURE, "Can't modify user `%s': "
1634 "group %s not found", login_name,
1635 up->u_primgrp);
1636 }
1637 }
1638 if (up->u_flags & F_INACTIVE) {
1639 if (!scantime(&pwp->pw_change, up->u_inactive)) {
1640 warnx("Warning: inactive time `%s' invalid, "
1641 "password expiry off",
1642 up->u_inactive);
1643 }
1644 }
1645 if (up->u_flags & F_EXPIRE) {
1646 if (!scantime(&pwp->pw_expire, up->u_expire) ||
1647 pwp->pw_expire == -1) {
1648 warnx("Warning: expire time `%s' invalid, "
1649 "account expiry off",
1650 up->u_expire);
1651 pwp->pw_expire = 0;
1652 }
1653 }
1654 if (up->u_flags & F_COMMENT) {
1655 pwp->pw_gecos = up->u_comment;
1656 }
1657 if (up->u_flags & F_HOMEDIR) {
1658 pwp->pw_dir = up->u_home;
1659 }
1660 if (up->u_flags & F_SHELL) {
1661 #ifdef EXTENSIONS
1662 if (!valid_shell(up->u_shell)) {
1663 int oerrno = errno;
1664 (void)close(ptmpfd);
1665 (void)pw_abort();
1666 errno = oerrno;
1667 errx(EXIT_FAILURE, "Can't modify user `%s': "
1668 "Cannot access shell `%s'",
1669 login_name, up->u_shell);
1670 }
1671 pwp->pw_shell = up->u_shell;
1672 #else
1673 pwp->pw_shell = up->u_shell;
1674 #endif
1675 }
1676 #ifdef EXTENSIONS
1677 if (up->u_flags & F_CLASS) {
1678 if (!valid_class(up->u_class)) {
1679 (void)close(ptmpfd);
1680 (void)pw_abort();
1681 errx(EXIT_FAILURE, "Can't modify user `%s': "
1682 "no such login class `%s'", login_name,
1683 up->u_class);
1684 }
1685 pwp->pw_class = up->u_class;
1686 }
1687 #endif
1688 }
1689 loginc = strlen(login_name);
1690 while (fgets(buf, sizeof(buf), master) != NULL) {
1691 if ((colon = strchr(buf, ':')) == NULL) {
1692 warnx("Malformed entry `%s'. Skipping", buf);
1693 continue;
1694 }
1695 colonc = (size_t)(colon - buf);
1696 if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) {
1697 if (up != NULL) {
1698 len = snprintf(buf, sizeof(buf), "%s:%s:%d:%d:"
1699 #ifdef EXTENSIONS
1700 "%s"
1701 #endif
1702 ":%ld:%ld:%s:%s:%s\n",
1703 newlogin,
1704 pwp->pw_passwd,
1705 pwp->pw_uid,
1706 pwp->pw_gid,
1707 #ifdef EXTENSIONS
1708 pwp->pw_class,
1709 #endif
1710 (long)pwp->pw_change,
1711 (long)pwp->pw_expire,
1712 pwp->pw_gecos,
1713 pwp->pw_dir,
1714 pwp->pw_shell);
1715 if (write(ptmpfd, buf, len) != len) {
1716 int serrno = errno;
1717 (void)close(ptmpfd);
1718 (void)pw_abort();
1719 errno = serrno;
1720 err(EXIT_FAILURE, "Can't modify user "
1721 "`%s': write", login_name);
1722 }
1723 }
1724 } else {
1725 len = strlen(buf);
1726 if (write(ptmpfd, buf, len) != len) {
1727 int serrno = errno;
1728 (void)close(masterfd);
1729 (void)close(ptmpfd);
1730 (void)pw_abort();
1731 errno = serrno;
1732 err(EXIT_FAILURE, "Can't modify `%s': "
1733 "write", login_name);
1734 }
1735 }
1736 }
1737 if (up != NULL) {
1738 if ((up->u_flags & F_MKDIR) &&
1739 asystem("%s %s %s", _PATH_MV, homedir, pwp->pw_dir) != 0) {
1740 (void)close(ptmpfd);
1741 (void)pw_abort();
1742 errx(EXIT_FAILURE, "Can't modify user `%s': "
1743 "can't move `%s' to `%s'",
1744 login_name, homedir, pwp->pw_dir);
1745 }
1746 if (up->u_groupc > 0 &&
1747 !append_group(newlogin, up->u_groupc, up->u_groupv)) {
1748 (void)close(ptmpfd);
1749 (void)pw_abort();
1750 errx(EXIT_FAILURE, "Can't modify user `%s': "
1751 "can't append `%s' to new groups",
1752 login_name, newlogin);
1753 }
1754 }
1755 (void)close(ptmpfd);
1756 (void)fclose(master);
1757 #if PW_MKDB_ARGC == 2
1758 if (up != NULL && strcmp(login_name, newlogin) == 0) {
1759 error = pw_mkdb(login_name, 0);
1760 } else {
1761 error = pw_mkdb(NULL, 0);
1762 }
1763 #else
1764 error = pw_mkdb();
1765 #endif
1766 if (error < 0) {
1767 (void)pw_abort();
1768 errx(EXIT_FAILURE, "Can't modify user `%s': pw_mkdb failed",
1769 login_name);
1770 }
1771 if (up == NULL) {
1772 syslog(LOG_INFO, "User removed: name=%s", login_name);
1773 } else if (strcmp(login_name, newlogin) == 0) {
1774 syslog(LOG_INFO, "User information modified: name=%s, uid=%d, "
1775 "gid=%d, home=%s, shell=%s",
1776 login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir,
1777 pwp->pw_shell);
1778 } else {
1779 syslog(LOG_INFO, "User information modified: name=%s, "
1780 "new name=%s, uid=%d, gid=%d, home=%s, shell=%s",
1781 login_name, newlogin, pwp->pw_uid, pwp->pw_gid,
1782 pwp->pw_dir, pwp->pw_shell);
1783 }
1784 return 1;
1785 }
1786
1787 #ifdef EXTENSIONS
1788 /* see if we can find out the user struct */
1789 static struct passwd *
1790 find_user_info(const char *name)
1791 {
1792 struct passwd *pwp;
1793
1794 if ((pwp = getpwnam(name)) != NULL) {
1795 return pwp;
1796 }
1797 if (is_number(name) && (pwp = getpwuid((uid_t)atoi(name))) != NULL) {
1798 return pwp;
1799 }
1800 return NULL;
1801 }
1802 #endif
1803
1804 /* see if we can find out the group struct */
1805 static struct group *
1806 find_group_info(const char *name)
1807 {
1808 struct group *grp;
1809
1810 if ((grp = getgrnam(name)) != NULL) {
1811 return grp;
1812 }
1813 if (is_number(name) && (grp = getgrgid((gid_t)atoi(name))) != NULL) {
1814 return grp;
1815 }
1816 return NULL;
1817 }
1818
1819 /* print out usage message, and then exit */
1820 void
1821 usermgmt_usage(const char *prog)
1822 {
1823 if (strcmp(prog, "useradd") == 0) {
1824 (void)fprintf(stderr, "usage: %s -D [-F] [-b base-dir] "
1825 "[-e expiry-time] [-f inactive-time]\n"
1826 "\t[-g gid | name | =uid] [-k skel-dir] [-L login-class]\n"
1827 "\t[-M homeperm] [-r lowuid..highuid] [-s shell]\n", prog);
1828 (void)fprintf(stderr, "usage: %s [-moSv] [-b base-dir] "
1829 "[-c comment] [-d home-dir] [-e expiry-time]\n"
1830 "\t[-f inactive-time] [-G secondary-group] "
1831 "[-g gid | name | =uid]\n"
1832 "\t[-k skeletondir] [-L login-class] [-M homeperm] "
1833 "[-p password]\n"
1834 "\t[-r lowuid..highuid] [-s shell] [-u uid] user\n",
1835 prog);
1836 } else if (strcmp(prog, "usermod") == 0) {
1837 (void)fprintf(stderr, "usage: %s [-FmoSv] [-C yes/no] "
1838 "[-c comment] [-d home-dir] [-e expiry-time]\n"
1839 "\t[-f inactive] [-G secondary-group] "
1840 "[-g gid | name | =uid]\n"
1841 "\t[-L login-class] [-l new-login] [-p password] "
1842 "[-s shell] [-u uid]\n"
1843 "\tuser\n", prog);
1844 } else if (strcmp(prog, "userdel") == 0) {
1845 (void)fprintf(stderr, "usage: %s -D [-p preserve-value]\n", prog);
1846 (void)fprintf(stderr,
1847 "usage: %s [-rSv] [-p preserve-value] user\n", prog);
1848 #ifdef EXTENSIONS
1849 } else if (strcmp(prog, "userinfo") == 0) {
1850 (void)fprintf(stderr, "usage: %s [-e] user\n", prog);
1851 #endif
1852 } else if (strcmp(prog, "groupadd") == 0) {
1853 (void)fprintf(stderr, "usage: %s [-ov] [-g gid]"
1854 " [-r lowgid..highgid] group\n", prog);
1855 } else if (strcmp(prog, "groupdel") == 0) {
1856 (void)fprintf(stderr, "usage: %s [-v] group\n", prog);
1857 } else if (strcmp(prog, "groupmod") == 0) {
1858 (void)fprintf(stderr,
1859 "usage: %s [-ov] [-g gid] [-n newname] group\n", prog);
1860 } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) {
1861 (void)fprintf(stderr,
1862 "usage: %s ( add | del | mod | info ) ...\n", prog);
1863 #ifdef EXTENSIONS
1864 } else if (strcmp(prog, "groupinfo") == 0) {
1865 (void)fprintf(stderr, "usage: %s [-ev] group\n", prog);
1866 #endif
1867 }
1868 exit(EXIT_FAILURE);
1869 /* NOTREACHED */
1870 }
1871
1872 #ifdef EXTENSIONS
1873 #define ADD_OPT_EXTENSIONS "M:p:r:vL:S"
1874 #else
1875 #define ADD_OPT_EXTENSIONS
1876 #endif
1877
1878 int
1879 useradd(int argc, char **argv)
1880 {
1881 def_t def;
1882 user_t *up = &def.user;
1883 int defaultfield;
1884 int bigD;
1885 int c;
1886 #ifdef EXTENSIONS
1887 int i;
1888 #endif
1889
1890 read_defaults(&def);
1891 up->u_uid = -1;
1892 defaultfield = bigD = 0;
1893 while ((c = getopt(argc, argv, "DFG:b:c:d:e:f:g:k:mou:s:"
1894 ADD_OPT_EXTENSIONS)) != -1) {
1895 switch(c) {
1896 case 'D':
1897 bigD = 1;
1898 break;
1899 case 'F':
1900 /*
1901 * Setting -1 will force the new user to
1902 * change their password as soon as they
1903 * next log in - passwd(5).
1904 */
1905 defaultfield = 1;
1906 memsave(&up->u_inactive, "-1", strlen("-1"));
1907 break;
1908 case 'G':
1909 while (up->u_groupc < NGROUPS_MAX &&
1910 (up->u_groupv[up->u_groupc] = strsep(&optarg, ",")) != NULL) {
1911 if (up->u_groupv[up->u_groupc][0] != 0) {
1912 up->u_groupc++;
1913 }
1914 }
1915 if (optarg != NULL) {
1916 warnx("Truncated list of secondary groups "
1917 "to %d entries", NGROUPS_MAX);
1918 }
1919 break;
1920 #ifdef EXTENSIONS
1921 case 'S':
1922 up->u_allow_samba = 1;
1923 break;
1924 #endif
1925 case 'b':
1926 defaultfield = 1;
1927 memsave(&up->u_basedir, optarg, strlen(optarg));
1928 break;
1929 case 'c':
1930 memsave(&up->u_comment, optarg, strlen(optarg));
1931 break;
1932 case 'd':
1933 memsave(&up->u_home, optarg, strlen(optarg));
1934 up->u_flags |= F_HOMEDIR;
1935 break;
1936 case 'e':
1937 defaultfield = 1;
1938 memsave(&up->u_expire, optarg, strlen(optarg));
1939 break;
1940 case 'f':
1941 defaultfield = 1;
1942 memsave(&up->u_inactive, optarg, strlen(optarg));
1943 break;
1944 case 'g':
1945 defaultfield = 1;
1946 memsave(&up->u_primgrp, optarg, strlen(optarg));
1947 break;
1948 case 'k':
1949 defaultfield = 1;
1950 memsave(&up->u_skeldir, optarg, strlen(optarg));
1951 break;
1952 #ifdef EXTENSIONS
1953 case 'L':
1954 defaultfield = 1;
1955 memsave(&up->u_class, optarg, strlen(optarg));
1956 break;
1957 #endif
1958 case 'm':
1959 up->u_flags |= F_MKDIR;
1960 break;
1961 #ifdef EXTENSIONS
1962 case 'M':
1963 defaultfield = 1;
1964 up->u_homeperm = strtoul(optarg, NULL, 8);
1965 break;
1966 #endif
1967 case 'o':
1968 up->u_flags |= F_DUPUID;
1969 break;
1970 #ifdef EXTENSIONS
1971 case 'p':
1972 memsave(&up->u_password, optarg, strlen(optarg));
1973 break;
1974 #endif
1975 #ifdef EXTENSIONS
1976 case 'r':
1977 defaultfield = 1;
1978 (void)save_range(&up->u_r, optarg);
1979 break;
1980 #endif
1981 case 's':
1982 up->u_flags |= F_SHELL;
1983 defaultfield = 1;
1984 memsave(&up->u_shell, optarg, strlen(optarg));
1985 break;
1986 case 'u':
1987 up->u_uid = check_numeric(optarg, "uid");
1988 break;
1989 #ifdef EXTENSIONS
1990 case 'v':
1991 verbose = 1;
1992 break;
1993 #endif
1994 default:
1995 usermgmt_usage("useradd");
1996 /* NOTREACHED */
1997 }
1998 }
1999 if (bigD) {
2000 if (defaultfield) {
2001 checkeuid();
2002 return setdefaults(up) ? EXIT_SUCCESS : EXIT_FAILURE;
2003 }
2004 (void)printf("group\t\t%s\n", up->u_primgrp);
2005 (void)printf("base_dir\t%s\n", up->u_basedir);
2006 (void)printf("skel_dir\t%s\n", up->u_skeldir);
2007 (void)printf("shell\t\t%s\n", up->u_shell);
2008 #ifdef EXTENSIONS
2009 (void)printf("class\t\t%s\n", up->u_class);
2010 (void)printf("homeperm\t0%o\n", up->u_homeperm);
2011 #endif
2012 (void)printf("inactive\t%s\n", (up->u_inactive == NULL) ?
2013 UNSET_INACTIVE : up->u_inactive);
2014 (void)printf("expire\t\t%s\n", (up->u_expire == NULL) ?
2015 UNSET_EXPIRY : up->u_expire);
2016 #ifdef EXTENSIONS
2017 for (i = 0 ; i < up->u_rc ; i++) {
2018 (void)printf("range\t\t%d..%d\n",
2019 up->u_rv[i].r_from, up->u_rv[i].r_to);
2020 }
2021 #endif
2022 return EXIT_SUCCESS;
2023 }
2024 argc -= optind;
2025 argv += optind;
2026 if (argc != 1) {
2027 usermgmt_usage("useradd");
2028 }
2029 checkeuid();
2030 openlog("useradd", LOG_PID, LOG_USER);
2031 return adduser(*argv, up) ? EXIT_SUCCESS : EXIT_FAILURE;
2032 }
2033
2034 #ifdef EXTENSIONS
2035 #define MOD_OPT_EXTENSIONS "p:vL:S"
2036 #else
2037 #define MOD_OPT_EXTENSIONS
2038 #endif
2039
2040 int
2041 usermod(int argc, char **argv)
2042 {
2043 def_t def;
2044 user_t *up = &def.user;
2045 char newuser[MaxUserNameLen + 1];
2046 int c, have_new_user;
2047
2048 (void)memset(newuser, 0, sizeof(newuser));
2049 read_defaults(&def);
2050 have_new_user = 0;
2051 up->u_locked = -1;
2052 while ((c = getopt(argc, argv, "C:FG:c:d:e:f:g:l:mos:u:"
2053 MOD_OPT_EXTENSIONS)) != -1) {
2054 switch(c) {
2055 case 'G':
2056 while (up->u_groupc < NGROUPS_MAX &&
2057 (up->u_groupv[up->u_groupc] =
2058 strsep(&optarg, ",")) != NULL) {
2059 if (up->u_groupv[up->u_groupc][0] != 0) {
2060 up->u_groupc++;
2061 }
2062 }
2063 if (optarg != NULL) {
2064 warnx("Truncated list of secondary groups "
2065 "to %d entries", NGROUPS_MAX);
2066 }
2067 up->u_flags |= F_SECGROUP;
2068 break;
2069 #ifdef EXTENSIONS
2070 case 'S':
2071 up->u_allow_samba = 1;
2072 break;
2073 #endif
2074 case 'c':
2075 memsave(&up->u_comment, optarg, strlen(optarg));
2076 up->u_flags |= F_COMMENT;
2077 break;
2078 case 'C':
2079 if (strcasecmp(optarg, "yes") == 0) {
2080 up->u_locked = LOCK;
2081 } else if (strcasecmp(optarg, "no") == 0) {
2082 up->u_locked = UNLOCK;
2083 } else {
2084 /* No idea. */
2085 errx(EXIT_FAILURE,
2086 "Please type 'yes' or 'no'");
2087 }
2088 break;
2089 case 'F':
2090 memsave(&up->u_inactive, "-1", strlen("-1"));
2091 up->u_flags |= F_INACTIVE;
2092 break;
2093 case 'd':
2094 memsave(&up->u_home, optarg, strlen(optarg));
2095 up->u_flags |= F_HOMEDIR;
2096 break;
2097 case 'e':
2098 memsave(&up->u_expire, optarg, strlen(optarg));
2099 up->u_flags |= F_EXPIRE;
2100 break;
2101 case 'f':
2102 memsave(&up->u_inactive, optarg, strlen(optarg));
2103 up->u_flags |= F_INACTIVE;
2104 break;
2105 case 'g':
2106 memsave(&up->u_primgrp, optarg, strlen(optarg));
2107 up->u_flags |= F_GROUP;
2108 break;
2109 case 'l':
2110 (void)strlcpy(newuser, optarg, sizeof(newuser));
2111 have_new_user = 1;
2112 up->u_flags |= F_USERNAME;
2113 break;
2114 #ifdef EXTENSIONS
2115 case 'L':
2116 memsave(&up->u_class, optarg, strlen(optarg));
2117 up->u_flags |= F_CLASS;
2118 break;
2119 #endif
2120 case 'm':
2121 up->u_flags |= F_MKDIR;
2122 break;
2123 case 'o':
2124 up->u_flags |= F_DUPUID;
2125 break;
2126 #ifdef EXTENSIONS
2127 case 'p':
2128 memsave(&up->u_password, optarg, strlen(optarg));
2129 up->u_flags |= F_PASSWORD;
2130 break;
2131 #endif
2132 case 's':
2133 memsave(&up->u_shell, optarg, strlen(optarg));
2134 up->u_flags |= F_SHELL;
2135 break;
2136 case 'u':
2137 up->u_uid = check_numeric(optarg, "uid");
2138 up->u_flags |= F_UID;
2139 break;
2140 #ifdef EXTENSIONS
2141 case 'v':
2142 verbose = 1;
2143 break;
2144 #endif
2145 default:
2146 usermgmt_usage("usermod");
2147 /* NOTREACHED */
2148 }
2149 }
2150 if ((up->u_flags & F_MKDIR) && !(up->u_flags & F_HOMEDIR) &&
2151 !(up->u_flags & F_USERNAME)) {
2152 warnx("Option 'm' useless without 'd' or 'l' -- ignored");
2153 up->u_flags &= ~F_MKDIR;
2154 }
2155 argc -= optind;
2156 argv += optind;
2157 if (argc != 1) {
2158 usermgmt_usage("usermod");
2159 }
2160 checkeuid();
2161 openlog("usermod", LOG_PID, LOG_USER);
2162 return moduser(*argv, (have_new_user) ? newuser : *argv, up,
2163 up->u_allow_samba) ? EXIT_SUCCESS : EXIT_FAILURE;
2164 }
2165
2166 #ifdef EXTENSIONS
2167 #define DEL_OPT_EXTENSIONS "Dp:vS"
2168 #else
2169 #define DEL_OPT_EXTENSIONS
2170 #endif
2171
2172 int
2173 userdel(int argc, char **argv)
2174 {
2175 struct passwd *pwp;
2176 def_t def;
2177 user_t *up = &def.user;
2178 char password[PasswordLength + 1];
2179 int defaultfield;
2180 int rmhome;
2181 int bigD;
2182 int c;
2183
2184 read_defaults(&def);
2185 defaultfield = bigD = rmhome = 0;
2186 while ((c = getopt(argc, argv, "r" DEL_OPT_EXTENSIONS)) != -1) {
2187 switch(c) {
2188 #ifdef EXTENSIONS
2189 case 'D':
2190 bigD = 1;
2191 break;
2192 #endif
2193 #ifdef EXTENSIONS
2194 case 'S':
2195 up->u_allow_samba = 1;
2196 break;
2197 #endif
2198 #ifdef EXTENSIONS
2199 case 'p':
2200 defaultfield = 1;
2201 up->u_preserve = (strcmp(optarg, "true") == 0) ? 1 :
2202 (strcmp(optarg, "yes") == 0) ? 1 :
2203 atoi(optarg);
2204 break;
2205 #endif
2206 case 'r':
2207 rmhome = 1;
2208 break;
2209 #ifdef EXTENSIONS
2210 case 'v':
2211 verbose = 1;
2212 break;
2213 #endif
2214 default:
2215 usermgmt_usage("userdel");
2216 /* NOTREACHED */
2217 }
2218 }
2219 #ifdef EXTENSIONS
2220 if (bigD) {
2221 if (defaultfield) {
2222 checkeuid();
2223 return setdefaults(up) ? EXIT_SUCCESS : EXIT_FAILURE;
2224 }
2225 (void)printf("preserve\t%s\n", (up->u_preserve) ? "true" :
2226 "false");
2227 return EXIT_SUCCESS;
2228 }
2229 #endif
2230 argc -= optind;
2231 argv += optind;
2232 if (argc != 1) {
2233 usermgmt_usage("userdel");
2234 }
2235 checkeuid();
2236 if ((pwp = getpwnam(*argv)) == NULL) {
2237 warnx("No such user `%s'", *argv);
2238 return EXIT_FAILURE;
2239 }
2240 if (rmhome) {
2241 (void)removehomedir(pwp);
2242 }
2243 if (up->u_preserve) {
2244 up->u_flags |= F_SHELL;
2245 memsave(&up->u_shell, _PATH_SBIN_NOLOGIN,
2246 strlen(_PATH_SBIN_NOLOGIN));
2247 (void)memset(password, '*', DES_Len);
2248 password[DES_Len] = 0;
2249 memsave(&up->u_password, password, strlen(password));
2250 up->u_flags |= F_PASSWORD;
2251 openlog("userdel", LOG_PID, LOG_USER);
2252 return moduser(*argv, *argv, up, up->u_allow_samba) ?
2253 EXIT_SUCCESS : EXIT_FAILURE;
2254 }
2255 if (!rm_user_from_groups(*argv)) {
2256 return 0;
2257 }
2258 openlog("userdel", LOG_PID, LOG_USER);
2259 return moduser(*argv, *argv, NULL, up->u_allow_samba) ?
2260 EXIT_SUCCESS : EXIT_FAILURE;
2261 }
2262
2263 #ifdef EXTENSIONS
2264 #define GROUP_ADD_OPT_EXTENSIONS "r:v"
2265 #else
2266 #define GROUP_ADD_OPT_EXTENSIONS
2267 #endif
2268
2269 /* add a group */
2270 int
2271 groupadd(int argc, char **argv)
2272 {
2273 def_t def;
2274 group_t *gp = &def.group;
2275 int dupgid;
2276 int gid;
2277 int c;
2278
2279 gid = -1;
2280 dupgid = 0;
2281 read_defaults(&def);
2282 while ((c = getopt(argc, argv, "g:o" GROUP_ADD_OPT_EXTENSIONS)) != -1) {
2283 switch(c) {
2284 case 'g':
2285 gid = check_numeric(optarg, "gid");
2286 break;
2287 case 'o':
2288 dupgid = 1;
2289 break;
2290 #ifdef EXTENSIONS
2291 case 'r':
2292 (void)save_range(&gp->g_r, optarg);
2293 break;
2294 case 'v':
2295 verbose = 1;
2296 break;
2297 #endif
2298 default:
2299 usermgmt_usage("groupadd");
2300 /* NOTREACHED */
2301 }
2302 }
2303 argc -= optind;
2304 argv += optind;
2305 if (argc != 1) {
2306 usermgmt_usage("groupadd");
2307 }
2308 if (gp->g_rc == 0) {
2309 gp->g_rv[gp->g_rc].r_from = DEF_LOWUID;
2310 gp->g_rv[gp->g_rc].r_to = DEF_HIGHUID;
2311 gp->g_rc += 1;
2312 }
2313 gp->g_defrc = gp->g_rc;
2314 checkeuid();
2315 if (gid == -1) {
2316 int got_id = 0;
2317 int i;
2318
2319 /*
2320 * Look for a free GID in the command line ranges (if any).
2321 * These start after the ranges specified in the config file.
2322 */
2323 for (i = gp->g_defrc; !got_id && i < gp->g_rc ; i++) {
2324 got_id = getnextgid(&gid,
2325 gp->g_rv[i].r_from, gp->g_rv[i].r_to);
2326 }
2327 /*
2328 * If there were no free GIDs in the command line ranges,
2329 * try the ranges from the config file (there will always
2330 * be at least one default).
2331 */
2332 for (i = 0; !got_id && i < gp->g_defrc; i++) {
2333 got_id = getnextgid(&gid,
2334 gp->g_rv[i].r_from, gp->g_rv[i].r_to);
2335 }
2336 if (!got_id)
2337 errx(EXIT_FAILURE, "Can't add group: can't get next gid");
2338 }
2339 if (!dupgid && getgrgid((gid_t) gid) != NULL) {
2340 errx(EXIT_FAILURE, "Can't add group: gid %d is a duplicate",
2341 gid);
2342 }
2343 if (!valid_group(*argv)) {
2344 warnx("Invalid group name `%s'", *argv);
2345 }
2346 openlog("groupadd", LOG_PID, LOG_USER);
2347 if (!creategid(*argv, gid, ""))
2348 exit(EXIT_FAILURE);
2349
2350 return EXIT_SUCCESS;
2351 }
2352
2353 #ifdef EXTENSIONS
2354 #define GROUP_DEL_OPT_EXTENSIONS "v"
2355 #else
2356 #define GROUP_DEL_OPT_EXTENSIONS
2357 #endif
2358
2359 /* remove a group */
2360 int
2361 groupdel(int argc, char **argv)
2362 {
2363 int c;
2364
2365 while ((c = getopt(argc, argv, "" GROUP_DEL_OPT_EXTENSIONS)) != -1) {
2366 switch(c) {
2367 #ifdef EXTENSIONS
2368 case 'v':
2369 verbose = 1;
2370 break;
2371 #endif
2372 default:
2373 usermgmt_usage("groupdel");
2374 /* NOTREACHED */
2375 }
2376 }
2377 argc -= optind;
2378 argv += optind;
2379 if (argc != 1) {
2380 usermgmt_usage("groupdel");
2381 }
2382 if (getgrnam(*argv) == NULL) {
2383 errx(EXIT_FAILURE, "No such group `%s'", *argv);
2384 }
2385 checkeuid();
2386 openlog("groupdel", LOG_PID, LOG_USER);
2387 if (!modify_gid(*argv, NULL))
2388 exit(EXIT_FAILURE);
2389
2390 return EXIT_SUCCESS;
2391 }
2392
2393 #ifdef EXTENSIONS
2394 #define GROUP_MOD_OPT_EXTENSIONS "v"
2395 #else
2396 #define GROUP_MOD_OPT_EXTENSIONS
2397 #endif
2398
2399 /* modify a group */
2400 int
2401 groupmod(int argc, char **argv)
2402 {
2403 struct group *grp;
2404 char buf[MaxEntryLen];
2405 char *newname;
2406 char **cpp;
2407 int dupgid;
2408 int gid;
2409 int cc;
2410 int c;
2411
2412 gid = -1;
2413 dupgid = 0;
2414 newname = NULL;
2415 while ((c = getopt(argc, argv, "g:on:" GROUP_MOD_OPT_EXTENSIONS)) != -1) {
2416 switch(c) {
2417 case 'g':
2418 gid = check_numeric(optarg, "gid");
2419 break;
2420 case 'o':
2421 dupgid = 1;
2422 break;
2423 case 'n':
2424 memsave(&newname, optarg, strlen(optarg));
2425 break;
2426 #ifdef EXTENSIONS
2427 case 'v':
2428 verbose = 1;
2429 break;
2430 #endif
2431 default:
2432 usermgmt_usage("groupmod");
2433 /* NOTREACHED */
2434 }
2435 }
2436 argc -= optind;
2437 argv += optind;
2438 if (argc != 1) {
2439 usermgmt_usage("groupmod");
2440 }
2441 checkeuid();
2442 if (gid < 0 && newname == NULL) {
2443 errx(EXIT_FAILURE, "Nothing to change");
2444 }
2445 if (dupgid && gid < 0) {
2446 errx(EXIT_FAILURE, "Duplicate which gid?");
2447 }
2448 if (!dupgid && getgrgid((gid_t) gid) != NULL) {
2449 errx(EXIT_FAILURE, "Can't modify group: gid %d is a duplicate",
2450 gid);
2451 }
2452 if ((grp = find_group_info(*argv)) == NULL) {
2453 errx(EXIT_FAILURE, "Can't find group `%s' to modify", *argv);
2454 }
2455 if (!is_local(*argv, _PATH_GROUP)) {
2456 errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv);
2457 }
2458 if (newname != NULL && !valid_group(newname)) {
2459 warnx("Invalid group name `%s'", newname);
2460 }
2461 cc = snprintf(buf, sizeof(buf), "%s:%s:%d:",
2462 (newname) ? newname : grp->gr_name,
2463 grp->gr_passwd,
2464 (gid < 0) ? grp->gr_gid : gid);
2465 for (cpp = grp->gr_mem ; *cpp && cc < sizeof(buf) ; cpp++) {
2466 cc += snprintf(&buf[cc], sizeof(buf) - cc, "%s%s", *cpp,
2467 (cpp[1] == NULL) ? "" : ",");
2468 }
2469 cc += snprintf(&buf[cc], sizeof(buf) - cc, "\n");
2470 if (newname != NULL)
2471 free(newname);
2472 openlog("groupmod", LOG_PID, LOG_USER);
2473 if (!modify_gid(*argv, buf))
2474 exit(EXIT_FAILURE);
2475
2476 return EXIT_SUCCESS;
2477 }
2478
2479 #ifdef EXTENSIONS
2480 /* display user information */
2481 int
2482 userinfo(int argc, char **argv)
2483 {
2484 struct passwd *pwp;
2485 struct group *grp;
2486 char buf[MaxEntryLen];
2487 char **cpp;
2488 int exists;
2489 int cc;
2490 int i;
2491
2492 exists = 0;
2493 buf[0] = '\0';
2494 while ((i = getopt(argc, argv, "e")) != -1) {
2495 switch(i) {
2496 case 'e':
2497 exists = 1;
2498 break;
2499 default:
2500 usermgmt_usage("userinfo");
2501 /* NOTREACHED */
2502 }
2503 }
2504 argc -= optind;
2505 argv += optind;
2506 if (argc != 1) {
2507 usermgmt_usage("userinfo");
2508 }
2509 pwp = find_user_info(*argv);
2510 if (exists) {
2511 exit((pwp) ? EXIT_SUCCESS : EXIT_FAILURE);
2512 }
2513 if (pwp == NULL) {
2514 errx(EXIT_FAILURE, "Can't find user `%s'", *argv);
2515 }
2516 (void)printf("login\t%s\n", pwp->pw_name);
2517 (void)printf("passwd\t%s\n", pwp->pw_passwd);
2518 (void)printf("uid\t%d\n", pwp->pw_uid);
2519 for (cc = 0 ; (grp = getgrent()) != NULL ; ) {
2520 for (cpp = grp->gr_mem ; *cpp ; cpp++) {
2521 if (strcmp(*cpp, *argv) == 0 &&
2522 grp->gr_gid != pwp->pw_gid) {
2523 cc += snprintf(&buf[cc], sizeof(buf) - cc,
2524 "%s ", grp->gr_name);
2525 }
2526 }
2527 }
2528 if ((grp = getgrgid(pwp->pw_gid)) == NULL) {
2529 (void)printf("groups\t%d %s\n", pwp->pw_gid, buf);
2530 } else {
2531 (void)printf("groups\t%s %s\n", grp->gr_name, buf);
2532 }
2533 (void)printf("change\t%s", pwp->pw_change > 0 ?
2534 ctime(&pwp->pw_change) : pwp->pw_change == -1 ?
2535 "NEXT LOGIN\n" : "NEVER\n");
2536 (void)printf("class\t%s\n", pwp->pw_class);
2537 (void)printf("gecos\t%s\n", pwp->pw_gecos);
2538 (void)printf("dir\t%s\n", pwp->pw_dir);
2539 (void)printf("shell\t%s\n", pwp->pw_shell);
2540 (void)printf("expire\t%s", pwp->pw_expire ?
2541 ctime(&pwp->pw_expire) : "NEVER\n");
2542 return EXIT_SUCCESS;
2543 }
2544 #endif
2545
2546 #ifdef EXTENSIONS
2547 /* display user information */
2548 int
2549 groupinfo(int argc, char **argv)
2550 {
2551 struct group *grp;
2552 char **cpp;
2553 int exists;
2554 int i;
2555
2556 exists = 0;
2557 while ((i = getopt(argc, argv, "ev")) != -1) {
2558 switch(i) {
2559 case 'e':
2560 exists = 1;
2561 break;
2562 case 'v':
2563 verbose = 1;
2564 break;
2565 default:
2566 usermgmt_usage("groupinfo");
2567 /* NOTREACHED */
2568 }
2569 }
2570 argc -= optind;
2571 argv += optind;
2572 if (argc != 1) {
2573 usermgmt_usage("groupinfo");
2574 }
2575 grp = find_group_info(*argv);
2576 if (exists) {
2577 exit((grp) ? EXIT_SUCCESS : EXIT_FAILURE);
2578 }
2579 if (grp == NULL) {
2580 errx(EXIT_FAILURE, "Can't find group `%s'", *argv);
2581 }
2582 (void)printf("name\t%s\n", grp->gr_name);
2583 (void)printf("passwd\t%s\n", grp->gr_passwd);
2584 (void)printf("gid\t%d\n", grp->gr_gid);
2585 (void)printf("members\t");
2586 for (cpp = grp->gr_mem ; *cpp ; cpp++) {
2587 (void)printf("%s", *cpp);
2588 if (*(cpp + 1)) {
2589 (void) printf(", ");
2590 }
2591 }
2592 (void)fputc('\n', stdout);
2593 return EXIT_SUCCESS;
2594 }
2595 #endif
MINIX 3 (repo.or.cz mirror)