diff options
Diffstat (limited to 'usr.sbin/user')
-rw-r--r-- | usr.sbin/user/user.c | 149 | ||||
-rw-r--r-- | usr.sbin/user/useradd.8 | 8 | ||||
-rw-r--r-- | usr.sbin/user/usermod.8 | 10 |
3 files changed, 153 insertions, 14 deletions
diff --git a/usr.sbin/user/user.c b/usr.sbin/user/user.c index 6650c5a0bcf..eb4f7ac387c 100644 --- a/usr.sbin/user/user.c +++ b/usr.sbin/user/user.c @@ -1,4 +1,4 @@ -/* $OpenBSD: user.c,v 1.11 2000/05/05 12:33:51 jakob Exp $ */ +/* $OpenBSD: user.c,v 1.12 2000/05/05 23:22:39 ho Exp $ */ /* $NetBSD: user.c,v 1.17 2000/04/14 06:26:55 simonb Exp $ */ /* @@ -369,6 +369,108 @@ modify_gid(char *group, char *newent) return 1; } +/* (Re)write secondary groups */ +static int +modify_groups (char *login, char *newlogin, user_t *up, char *primgrp) +{ + struct stat st; + FILE *from, *to; + char *colon, *p; + char buf[MaxEntryLen], tmpf[MaxFileNameLen]; + int fd, cc, g; + + /* XXX This function, and modify_gid() above could possibly be */ + /* combined into one function. */ + + if ((from = fopen(_PATH_GROUP, "r")) == (FILE *) NULL) { + warn("can't create/modify groups for login %s: can't open %s", + login, _PATH_GROUP); + return 0; + } + if (flock(fileno(from), LOCK_EX | LOCK_NB) < 0) { + warn("can't lock `%s'", _PATH_GROUP); + } + (void) fstat(fileno(from), &st); + (void) snprintf(tmpf, sizeof (tmpf), "%s.XXXXXX", _PATH_GROUP); + if ((fd = mkstemp (tmpf)) < 0) { + (void) fclose(from); + warn("can't modify secondary groups: mkstemp failed"); + return 0; + } + if ((to = fdopen(fd, "w")) == (FILE *) NULL) { + (void) fclose(from); + (void) close(fd); + (void) unlink(tmpf); + warn("can't create gid: fdopen `%s' failed", tmpf); + return 0; + } + + while (fgets (buf, sizeof(buf), from) != NULL) { + if ((colon = strchr (buf, ':')) == NULL) { + warn ("badly formed entry `%s'", buf); + continue; + } + + /* Does the user exist in this group? */ + cc = strlen (buf); + g = strlen (login); + p = colon; + while (p < (buf + cc) && (p = strstr (p, login)) != NULL && + *(p + g) != ',' && *(p + g) != '\n') + p += g; + if (p && p < (buf + cc)) { + /* Remove. XXX Un-obfuscate. */ + bcopy (*(p + g) == ',' ? (p + g + 1) : (p + g), + *(p - 1) == ',' && *(p + g) != ',' ? p - 1 : p, + strlen (p + g) + 1); + } + + /* Should the user exist in this group? */ + cc = strlen (primgrp); + for (g = 0; g < up->u_groupc; g++) { + if (!up->u_groupv[g] || + !strncmp (up->u_groupv[g], primgrp, + MAX (strlen (up->u_groupv[g]), cc))) + continue; + if ((int)(colon - buf) == strlen (up->u_groupv[g]) && + !strncmp (up->u_groupv[g], buf, + (int)(colon - buf))) { + /* Add user. */ + p = buf + strlen(buf) - 1; /* No '\n' */ + snprintf (p, sizeof (buf), "%s%s\n", + (*(p-1) == ':' ? "" : ",") , + (newlogin ? newlogin : login)); + up->u_groupv[g] = '\0'; /* Mark used. */ + g = up->u_groupc; /* Break loop. */ + } + } + + cc = strlen (buf); + if (fwrite (buf, sizeof (char), cc, to) != cc) { + (void) fclose (from); + (void) close (fd); + (void) unlink (tmpf); + warn ("can't update secondary groups: " + "short write to `%s'", tmpf); + return 0; + } + } + (void) fclose (from); + (void) fclose (to); + if (rename (tmpf, _PATH_GROUP) < 0) { + warn("can't create gid: can't rename `%s' to `%s'", tmpf, + _PATH_GROUP); + return 0; + } + (void) chmod(_PATH_GROUP, st.st_mode & 07777); + /* Warn about unselected groups. */ + for (g = 0; g < up->u_groupc; g++) + if (up->u_groupv[g]) + warnx("extraneous group `%s' not added", + up->u_groupv[g]); + return 1; +} + /* return 1 if `login' is a valid login name */ static int valid_login(char *login) @@ -742,6 +844,15 @@ adduser(char *login, user_t *up) (void) pw_abort(); err(EXIT_FAILURE, "can't create gid %d for login name %s", gid, login); } + /* Modify secondary groups */ + if (up->u_groupc != 0 && + !modify_groups (login, NULL, up, + (sync_uid_gid ? login : up->u_primgrp))) { + (void) close(ptmpfd); + (void) pw_abort(); + err(EXIT_FAILURE, + "failed to modify secondary groups for login %s", login); + } (void) close(ptmpfd); if (pw_mkdb() < 0) { err(EXIT_FAILURE, "pw_mkdb failed"); @@ -838,7 +949,7 @@ moduser(char *login, char *newlogin, user_t *up) } } if (up->u_password != NULL && - strlen(up->u_password) == PasswordLength) { + strlen(up->u_password) <= PasswordLength) { (void) strlcpy(password, up->u_password, sizeof(password)); } else { (void) strlcpy(password, pwp->pw_passwd, sizeof(password)); @@ -882,6 +993,17 @@ moduser(char *login, char *newlogin, user_t *up) (void) pw_abort(); err(EXIT_FAILURE, "can't add `%s'", buf); } + /* Modify secondary groups */ + grp = getgrgid (gid); + if (up->u_groupc != 0 || + strcmp (login, newlogin)) + if (!modify_groups (login, NULL, up, grp ? grp->gr_name : newlogin)) { + (void) close(ptmpfd); + (void) pw_abort(); + err(EXIT_FAILURE, + "failed to modify secondary groups for login %s", + login); + } } } else if (write(ptmpfd, buf, (size_t)(cc)) != cc) { (void) close(masterfd); @@ -1003,6 +1125,7 @@ useradd(int argc, char **argv) int bigD; int c; int i; + char buf[MaxEntryLen], *s, *p; (void) memset(&u, 0, sizeof(u)); read_defaults(&u); @@ -1014,7 +1137,14 @@ useradd(int argc, char **argv) bigD = 1; break; case 'G': - memsave(&u.u_groupv[u.u_groupc++], optarg, strlen(optarg)); + strlcpy (buf, optarg, strlen (optarg) + 1); + p = buf; + while ((s = strsep (&p, ",")) != NULL && + u.u_groupc < NGROUPS_MAX - 2) + memsave (&u.u_groupv[u.u_groupc++], s, + strlen(s)); + if (p != NULL) + errx(EXIT_FAILURE, "too many groups for -G"); break; case 'b': defaultfield = 1; @@ -1114,6 +1244,7 @@ usermod(int argc, char **argv) char newuser[MaxUserNameLen + 1]; int have_new_user; int c; + char buf[MaxEntryLen], *s, *p; (void) memset(&u, 0, sizeof(u)); (void) memset(newuser, 0, sizeof(newuser)); @@ -1123,7 +1254,14 @@ usermod(int argc, char **argv) while ((c = getopt(argc, argv, "G:c:d:e:f:g:l:mos:u:" MOD_OPT_EXTENSIONS)) != -1) { switch(c) { case 'G': - memsave(&u.u_groupv[u.u_groupc++], optarg, strlen(optarg)); + strlcpy (buf, optarg, strlen (optarg) + 1); + p = buf; + while ((s = strsep (&p, ",")) != NULL && + u.u_groupc < NGROUPS_MAX - 2) + memsave (&u.u_groupv[u.u_groupc++], s, + strlen(s)); + if (p != NULL) + errx(EXIT_FAILURE, "too many groups for -G"); break; case 'c': memsave(&u.u_comment, optarg, strlen(optarg)); @@ -1176,7 +1314,8 @@ usermod(int argc, char **argv) usermgmt_usage("usermod"); } checkeuid(); - return moduser(argv[optind], (have_new_user) ? newuser : argv[optind], &u) ? EXIT_SUCCESS : EXIT_FAILURE; + return moduser(argv[optind], (have_new_user) ? newuser : argv[optind], + &u) ? EXIT_SUCCESS : EXIT_FAILURE; } #ifdef EXTENSIONS diff --git a/usr.sbin/user/useradd.8 b/usr.sbin/user/useradd.8 index 229a14121ab..f463b26be16 100644 --- a/usr.sbin/user/useradd.8 +++ b/usr.sbin/user/useradd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: useradd.8,v 1.7 2000/04/25 20:58:30 jakob Exp $ */ +.\" $OpenBSD: useradd.8,v 1.8 2000/05/05 23:22:39 ho Exp $ */ .\" $NetBSD: useradd.8,v 1.5 2000/02/28 05:10:57 enami Exp $ */ .\" .\" @@ -47,7 +47,7 @@ .Op Fl g Ar gid/name/=uid .Op Fl r Ar low..high .Nm useradd -.Op Fl G Ar secondary-group +.Op Fl G Ar secondary-group[,group,...] .Op Fl b Ar base-dir .Op Fl c Ar comment .Op Fl d Ar home-dir @@ -114,8 +114,8 @@ In the second form of the command, after setting any defaults, and then values from that file, the command line options are processed: .Bl -tag -width Ds -.It Fl G Ar secondary-group -is the secondary group to which the user will be added in the +.It Fl G Ar secondary-group[,group,...] +is the secondary groups to which the user will be added in the .Pa /etc/group file. .It Fl b Ar base-directory diff --git a/usr.sbin/user/usermod.8 b/usr.sbin/user/usermod.8 index 5cd97404f69..3323ebb3e3c 100644 --- a/usr.sbin/user/usermod.8 +++ b/usr.sbin/user/usermod.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: usermod.8,v 1.6 2000/04/25 20:58:30 jakob Exp $ */ +.\" $OpenBSD: usermod.8,v 1.7 2000/05/05 23:22:39 ho Exp $ */ .\" $NetBSD: usermod.8,v 1.4 2000/02/28 05:10:57 enami Exp $ */ .\" .\" @@ -40,7 +40,7 @@ .Nd modify user login information .Sh SYNOPSIS .Nm -.Op Fl G Ar secondary-group +.Op Fl G Ar secondary-group[,group,...] .Op Fl c Ar comment .Op Fl d Ar home-dir .Op Fl e Ar expiry-time @@ -66,10 +66,10 @@ file. After setting any defaults, and then values from that file, the command line options are processed: .Bl -tag -width Ds -.It Fl G Ar secondary-group -is the secondary group to which the user will be added in the +.It Fl G Ar secondary-group[,group,...] +are the secondary groups the user will be a member of in the .Pa /etc/group -file. +file. This list of groups will replace any old group memberships. .It Fl c Ar comment is the comment field (also, for historical reasons known as the GECOS field) which will be added for the user, and typically will include |