/* $OpenBSD: user.c,v 1.128 2019/10/17 21:54:29 millert Exp $ */ /* $NetBSD: user.c,v 1.69 2003/04/14 17:40:07 agc Exp $ */ /* * Copyright (c) 1999 Alistair G. Crooks. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "usermgmt.h" /* this struct describes a uid range */ typedef struct range_t { uid_t r_from; /* low uid */ uid_t r_to; /* high uid */ } range_t; /* this struct encapsulates the user information */ typedef struct user_t { int u_flags; /* see below */ uid_t u_uid; /* uid of user */ char *u_password; /* encrypted password */ char *u_comment; /* comment field */ char *u_home; /* home directory */ char *u_primgrp; /* primary group */ int u_groupc; /* # of secondary groups */ const char *u_groupv[NGROUPS_MAX]; /* secondary groups */ char *u_shell; /* user's shell */ char *u_basedir; /* base directory for home */ char *u_expire; /* when account will expire */ char *u_inactive; /* when password will expire */ char *u_skeldir; /* directory for startup files */ char *u_class; /* login class */ unsigned int u_rsize; /* size of range array */ unsigned int u_rc; /* # of ranges */ range_t *u_rv; /* the ranges */ unsigned int u_defrc; /* # of ranges in defaults */ int u_preserve; /* preserve uids on deletion */ } user_t; /* flags for which fields of the user_t replace the passwd entry */ enum { F_COMMENT = 0x0001, F_DUPUID = 0x0002, F_EXPIRE = 0x0004, F_GROUP = 0x0008, F_HOMEDIR = 0x0010, F_MKDIR = 0x0020, F_INACTIVE = 0x0040, F_PASSWORD = 0x0080, F_SECGROUP = 0x0100, F_SHELL = 0x0200, F_UID = 0x0400, F_USERNAME = 0x0800, F_CLASS = 0x1000, F_SETSECGROUP = 0x4000, F_ACCTLOCK = 0x8000, F_ACCTUNLOCK = 0x10000 }; #define CONFFILE "/etc/usermgmt.conf" #define _PATH_NONEXISTENT "/nonexistent" #ifndef DEF_GROUP #define DEF_GROUP "=uid" #endif #ifndef DEF_BASEDIR #define DEF_BASEDIR "/home" #endif #ifndef DEF_SKELDIR #define DEF_SKELDIR "/etc/skel" #endif #ifndef DEF_SHELL #define DEF_SHELL _PATH_KSHELL #endif #ifndef DEF_COMMENT #define DEF_COMMENT "" #endif #ifndef DEF_LOWUID #define DEF_LOWUID 1000 #endif #ifndef DEF_HIGHUID #define DEF_HIGHUID 60000 #endif #ifndef DEF_INACTIVE #define DEF_INACTIVE 0 #endif #ifndef DEF_EXPIRE #define DEF_EXPIRE NULL #endif #ifndef DEF_CLASS #define DEF_CLASS "" #endif #ifndef WAITSECS #define WAITSECS 10 #endif #ifndef NOBODY_UID #define NOBODY_UID 32767 #endif /* some useful constants */ enum { MaxShellNameLen = 256, MaxFileNameLen = PATH_MAX, MaxUserNameLen = _PW_NAME_LEN, MaxCommandLen = 2048, PasswordLength = _PASSWORD_LEN, LowGid = DEF_LOWUID, HighGid = DEF_HIGHUID }; /* Full paths of programs used here */ #define CHMOD "/bin/chmod" #define CHOWN "/sbin/chown" #define MKDIR "/bin/mkdir" #define MV "/bin/mv" #define NOLOGIN "/sbin/nologin" #define PAX "/bin/pax" #define RM "/bin/rm" #define UNSET_INACTIVE "Null (unset)" #define UNSET_EXPIRY "Null (unset)" static int adduser(char *, user_t *); static int append_group(char *, int, const char **); static int asystem(const char *, ...) __attribute__((__format__(__printf__, 1, 2))); static int copydotfiles(char *, char *); static int creategid(char *, gid_t, const char *); static int getnextgid(uid_t *, uid_t, uid_t); static int getnextuid(int, uid_t *, uid_t, uid_t); static int is_local(char *, const char *); static int modify_gid(char *, char *); static int moduser(char *, char *, user_t *); static int removehomedir(const char *, uid_t, const char *); static int rm_user_from_groups(char *); static int save_range(user_t *, char *); static int scantime(time_t *, char *); static int setdefaults(user_t *); static int valid_class(char *); static int valid_group(char *); static int valid_login(char *); static size_t expand_len(const char *, const char *); static struct group *find_group_info(const char *); static struct passwd *find_user_info(const char *); static void checkeuid(void); static void memsave(char **, const char *, size_t); static void read_defaults(user_t *); static int verbose; /* if *cpp is non-null, free it, then assign `n' chars of `s' to it */ static void memsave(char **cpp, const char *s, size_t n) { free(*cpp); if ((*cpp = calloc (n + 1, sizeof(char))) == NULL) err(1, NULL); memcpy(*cpp, s, n); (*cpp)[n] = '\0'; } /* a replacement for system(3) */ static int asystem(const char *fmt, ...) { va_list vp; char buf[MaxCommandLen]; int ret; va_start(vp, fmt); (void) vsnprintf(buf, sizeof(buf), fmt, vp); va_end(vp); if (verbose) { printf("Command: %s\n", buf); } if ((ret = system(buf)) != 0) { warnx("[Warning] can't system `%s'", buf); } return ret; } /* remove a users home directory, returning 1 for success (ie, no problems encountered) */ static int removehomedir(const char *user, uid_t uid, const char *dir) { struct stat st; /* userid not root? */ if (uid == 0) { warnx("Not deleting home directory `%s'; userid is 0", dir); return 0; } /* directory exists (and is a directory!) */ if (stat(dir, &st) == -1) { warnx("Home directory `%s' doesn't exist", dir); return 0; } if (!S_ISDIR(st.st_mode)) { warnx("Home directory `%s' is not a directory", dir); return 0; } /* userid matches directory owner? */ if (st.st_uid != uid) { warnx("User `%s' doesn't own directory `%s', not removed", user, dir); return 0; } (void) seteuid(uid); /* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */ (void) asystem("%s -rf %s > /dev/null 2>&1 || true", RM, dir); (void) seteuid(0); if (rmdir(dir) == -1) { warnx("Unable to remove all files in `%s'", dir); return 0; } return 1; } /* * check that the effective uid is 0 - called from funcs which will * modify data and config files. */ static void checkeuid(void) { if (geteuid() != 0) { errx(EXIT_FAILURE, "Program must be run as root"); } } /* copy any dot files into the user's home directory */ static int copydotfiles(char *skeldir, char *dir) { struct dirent *dp; DIR *dirp; int n; if (*skeldir == '\0') return 0; if ((dirp = opendir(skeldir)) == NULL) { warn("can't open source . files dir `%s'", skeldir); return 0; } for (n = 0; (dp = readdir(dirp)) != NULL && n == 0 ; ) { if (strcmp(dp->d_name, ".") == 0 || strcmp(dp->d_name, "..") == 0) { continue; } n = 1; } (void) closedir(dirp); if (n == 0) { warnx("No \"dot\" initialisation files found"); } else { (void) asystem("cd %s && %s -rw -pe %s . %s", skeldir, PAX, (verbose) ? "-v" : "", dir); } return n; } /* returns 1 if the specified gid exists in the group file, else 0 */ static int gid_exists(gid_t gid) { return group_from_gid(gid, 1) != NULL; } /* return 1 if the specified group exists in the group file, else 0 */ static int group_exists(const char *group) { gid_t gid; return gid_from_group(group, &gid) != -1; } /* create a group entry with gid `gid' */ static int creategid(char *group, gid_t gid, const char *name) { struct stat st; FILE *from; FILE *to; char *buf; char f[MaxFileNameLen]; int fd, ret; int wroteit = 0; size_t len; if (group_exists(group)) { warnx("group `%s' already exists", group); return 0; } if ((from = fopen(_PATH_GROUP, "r")) == NULL) { warn("can't create gid for `%s': can't open `%s'", group, _PATH_GROUP); return 0; } if (flock(fileno(from), LOCK_EX | LOCK_NB) == -1) { warn("can't lock `%s'", _PATH_GROUP); } (void) fstat(fileno(from), &st); (void) snprintf(f, sizeof(f), "%s.XXXXXXXX", _PATH_GROUP); if ((fd = mkstemp(f)) == -1) { warn("can't create gid: mkstemp failed"); fclose(from); return 0; } if ((to = fdopen(fd, "w")) == NULL) { warn("can't create gid: fdopen `%s' failed", f); fclose(from); close(fd); unlink(f); return 0; } while ((buf = fgetln(from, &len)) != NULL && len > 0) { ret = 0; if (buf[0] == '+' && wroteit == 0) { ret = fprintf(to, "%s:*:%u:%s\n", group, gid, name); wroteit = 1; } if (ret == -1 || fprintf(to, "%*.*s", (int)len, (int)len, buf) != len) { warn("can't create gid: short write to `%s'", f); fclose(from); fclose(to); unlink(f); return 0; } } ret = 0; if (wroteit == 0) ret = fprintf(to, "%s:*:%u:%s\n", group, gid, name); fclose(from); if (fclose(to) == EOF || ret == -1) { warn("can't create gid: short write to `%s'", f); unlink(f); return 0; } if (rename(f, _PATH_GROUP) == -1) { warn("can't create gid: can't rename `%s' to `%s'", f, _PATH_GROUP); unlink(f); return 0; } (void) chmod(_PATH_GROUP, st.st_mode & 0777); syslog(LOG_INFO, "new group added: name=%s, gid=%u", group, gid); return 1; } /* modify the group entry with name `group' to be newent */ static int modify_gid(char *group, char *newent) { struct stat st; FILE *from; FILE *to; char buf[LINE_MAX]; char f[MaxFileNameLen]; char *colon; int groupc; int entc; int fd; int cc; if ((from = fopen(_PATH_GROUP, "r")) == NULL) { warn("can't modify gid for `%s': can't open `%s'", group, _PATH_GROUP); return 0; } if (flock(fileno(from), LOCK_EX | LOCK_NB) == -1) { warn("can't lock `%s'", _PATH_GROUP); } (void) fstat(fileno(from), &st); (void) snprintf(f, sizeof(f), "%s.XXXXXXXX", _PATH_GROUP); if ((fd = mkstemp(f)) == -1) { warn("can't modify gid: mkstemp failed"); fclose(from); return 0; } if ((to = fdopen(fd, "w")) == NULL) { warn("can't modify gid: fdopen `%s' failed", f); fclose(from); close(fd); unlink(f); return 0; } groupc = strlen(group); while (fgets(buf, sizeof(buf), from) != NULL) { cc = strlen(buf); if (cc > 0 && buf[cc - 1] != '\n' && !feof(from)) { while (fgetc(from) != '\n' && !feof(from)) cc++; warnx("%s: line `%s' too long (%d bytes), skipping", _PATH_GROUP, buf, cc); continue; } if ((colon = strchr(buf, ':')) == NULL) { /* * The only valid entry with no column is the all-YP * line. */ if (strcmp(buf, "+\n") != 0) { warnx("badly formed entry `%.*s'", cc - 1, buf); continue; } } else { entc = (int)(colon - buf); if (entc == groupc && strncmp(group, buf, entc) == 0) { if (newent == NULL) { continue; } else { cc = strlcpy(buf, newent, sizeof(buf)); if (cc >= sizeof(buf)) { warnx("group `%s' entry too long", newent); fclose(from); fclose(to); unlink(f); return (0); } } } } if (fwrite(buf, cc, 1, to) != 1) { warn("can't modify gid: short write to `%s'", f); fclose(from); fclose(to); unlink(f); return 0; } } fclose(from); if (fclose(to) == EOF) { warn("can't modify gid: short write to `%s'", f); unlink(f); return 0; } if (rename(f, _PATH_GROUP) == -1) { warn("can't modify gid: can't rename `%s' to `%s'", f, _PATH_GROUP); unlink(f); return 0; } (void) chmod(_PATH_GROUP, st.st_mode & 0777); if (newent == NULL) { syslog(LOG_INFO, "group deleted: name=%s", group); } else { syslog(LOG_INFO, "group information modified: name=%s", group); } return 1; } /* modify the group entries for all `groups', by adding `user' */ static int append_group(char *user, int ngroups, const char **groups) { struct group *grp; struct passwd *pwp; struct stat st; FILE *from; FILE *to; char buf[LINE_MAX]; char f[MaxFileNameLen]; char *colon; const char *ugid = NULL; int fd; int cc; int i; int j; if ((pwp = getpwnam(user))) { if ((ugid = group_from_gid(pwp->pw_gid, 1)) == NULL) { warnx("can't get primary group for user `%s'", user); return 0; } } for (i = 0 ; i < ngroups ; i++) { if ((grp = getgrnam(groups[i])) == NULL) { warnx("can't append group `%s' for user `%s'", groups[i], user); } else { for (j = 0 ; grp->gr_mem[j] ; j++) { if (strcmp(user, grp->gr_mem[j]) == 0) { /* already in it */ groups[i] = ""; } } } } if ((from = fopen(_PATH_GROUP, "r")) == NULL) { warn("can't append group for `%s': can't open `%s'", user, _PATH_GROUP); return 0; } if (flock(fileno(from), LOCK_EX | LOCK_NB) == -1) { warn("can't lock `%s'", _PATH_GROUP); } (void) fstat(fileno(from), &st); (void) snprintf(f, sizeof(f), "%s.XXXXXXXX", _PATH_GROUP); if ((fd = mkstemp(f)) == -1) { warn("can't append group: mkstemp failed"); fclose(from); return 0; } if ((to = fdopen(fd, "w")) == NULL) { warn("can't append group: fdopen `%s' failed", f); fclose(from); close(fd); unlink(f); return 0; } while (fgets(buf, sizeof(buf), from) != NULL) { cc = strlen(buf); if (cc > 0 && buf[cc - 1] != '\n' && !feof(from)) { while (fgetc(from) != '\n' && !feof(from)) cc++; warnx("%s: line `%s' too long (%d bytes), skipping", _PATH_GROUP, buf, cc); continue; } if ((colon = strchr(buf, ':')) == NULL) { warnx("badly formed entry `%s'", buf); continue; } for (i = 0 ; i < ngroups ; i++) { j = (int)(colon - buf); if (ugid) { if (strcmp(ugid, groups[i]) == 0) { /* user's primary group, no need to append */ groups[i] = ""; } } if (strncmp(groups[i], buf, j) == 0 && groups[i][j] == '\0') { while (isspace((unsigned char)buf[cc - 1])) cc--; buf[(j = cc)] = '\0'; if (buf[strlen(buf) - 1] != ':') strlcat(buf, ",", sizeof(buf)); cc = strlcat(buf, user, sizeof(buf)) + 1; if (cc >= sizeof(buf)) { warnx("Warning: group `%s' would " "become too long, not modifying", groups[i]); cc = j + 1; } buf[cc - 1] = '\n'; buf[cc] = '\0'; } } if (fwrite(buf, cc, 1, to) != 1) { warn("can't append group: short write to `%s'", f); fclose(from); fclose(to); unlink(f); return 0; } } fclose(from); if (fclose(to) == EOF) { warn("can't append group: short write to `%s'", f); unlink(f); return 0; } if (rename(f, _PATH_GROUP) == -1) { warn("can't append group: can't rename `%s' to `%s'", f, _PATH_GROUP); unlink(f); return 0; } (void) chmod(_PATH_GROUP, st.st_mode & 0777); return 1; } /* return 1 if `login' is a valid login name */ static int valid_login(char *login_name) { unsigned char *cp; /* The first character cannot be a hyphen */ if (*login_name == '-') return 0; for (cp = login_name ; *cp ; cp++) { /* We allow '$' as the last character for samba */ if (!isalnum((unsigned char)*cp) && *cp != '.' && *cp != '_' && *cp != '-' && !(*cp == '$' && *(cp + 1) == '\0')) { return 0; } } if ((char *)cp - login_name > MaxUserNameLen) return 0; return 1; } /* return 1 if `group' is a valid group name */ static int valid_group(char *group) { unsigned char *cp; for (cp = group ; *cp ; cp++) { if (!isalnum((unsigned char)*cp) && *cp != '.' && *cp != '_' && *cp != '-') { return 0; } } if ((char *)cp - group > MaxUserNameLen) return 0; return 1; } /* return 1 if `class' exists */ static int valid_class(char *class) { login_cap_t *lc; if ((lc = login_getclass(class)) != NULL) login_close(lc); return lc != NULL; } /* find the next gid in the range lo .. hi */ static int getnextgid(uid_t *gidp, uid_t lo, uid_t hi) { for (*gidp = lo ; *gidp < hi ; *gidp += 1) { if (!gid_exists((gid_t)*gidp)) { return 1; } } return 0; } /* save a range of uids */ static int save_range(user_t *up, char *cp) { uid_t from; uid_t to; int i; if (up->u_rc == up->u_rsize) { up->u_rsize *= 2; if ((up->u_rv = reallocarray(up->u_rv, up->u_rsize, sizeof(range_t))) == NULL) { warn(NULL); return 0; } } if (up->u_rv && sscanf(cp, "%u..%u", &from, &to) == 2) { for (i = up->u_defrc ; i < up->u_rc ; i++) { if (up->u_rv[i].r_from == from && up->u_rv[i].r_to == to) { break; } } if (i == up->u_rc) { up->u_rv[up->u_rc].r_from = from; up->u_rv[up->u_rc].r_to = to; up->u_rc += 1; } } else { warnx("Bad uid range `%s'", cp); return 0; } return 1; } /* set the defaults in the defaults file */ static int setdefaults(user_t *up) { char template[MaxFileNameLen]; FILE *fp; int ret; int fd; int i; (void) snprintf(template, sizeof(template), "%s.XXXXXXXX", CONFFILE); if ((fd = mkstemp(template)) == -1) { warnx("can't mkstemp `%s' for writing", CONFFILE); return 0; } if ((fp = fdopen(fd, "w")) == NULL) { warn("can't fdopen `%s' for writing", CONFFILE); return 0; } ret = 1; if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 || fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 || fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 || fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 || fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 || fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL) ? UNSET_INACTIVE : up->u_inactive) <= 0 || fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL) ? UNSET_EXPIRY : up->u_expire) <= 0 || fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ? "false" : "true") <= 0) { warn("can't write to `%s'", CONFFILE); ret = 0; } for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0 ; i < up->u_rc ; i++) { if (fprintf(fp, "range\t\t%u..%u\n", up->u_rv[i].r_from, up->u_rv[i].r_to) <= 0) { warn("can't write to `%s'", CONFFILE); ret = 0; } } if (fclose(fp) == EOF) { warn("can't write to `%s'", CONFFILE); ret = 0; } if (ret) { ret = ((rename(template, CONFFILE) == 0) && (chmod(CONFFILE, 0644) == 0)); } return ret; } /* read the defaults file */ static void read_defaults(user_t *up) { struct stat st; size_t lineno; size_t len; FILE *fp; unsigned char *cp; unsigned char *s; memsave(&up->u_primgrp, DEF_GROUP, strlen(DEF_GROUP)); memsave(&up->u_basedir, DEF_BASEDIR, strlen(DEF_BASEDIR)); memsave(&up->u_skeldir, DEF_SKELDIR, strlen(DEF_SKELDIR)); memsave(&up->u_shell, DEF_SHELL, strlen(DEF_SHELL)); memsave(&up->u_comment, DEF_COMMENT, strlen(DEF_COMMENT)); memsave(&up->u_class, DEF_CLASS, strlen(DEF_CLASS)); up->u_rsize = 16; up->u_defrc = 0; if ((up->u_rv = calloc(up->u_rsize, sizeof(range_t))) == NULL) err(1, NULL); up->u_inactive = DEF_INACTIVE; up->u_expire = DEF_EXPIRE; if ((fp = fopen(CONFFILE, "r")) == NULL) { if (stat(CONFFILE, &st) == -1 && !setdefaults(up)) { warn("can't create `%s' defaults file", CONFFILE); } fp = fopen(CONFFILE, "r"); } if (fp != NULL) { while ((s = fparseln(fp, &len, &lineno, NULL, 0)) != NULL) { if (strncmp(s, "group", 5) == 0) { for (cp = s + 5 ; isspace((unsigned char)*cp); cp++) { } memsave(&up->u_primgrp, cp, strlen(cp)); } else if (strncmp(s, "base_dir", 8) == 0) { for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { } memsave(&up->u_basedir, cp, strlen(cp)); } else if (strncmp(s, "skel_dir", 8) == 0) { for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { } memsave(&up->u_skeldir, cp, strlen(cp)); } else if (strncmp(s, "shell", 5) == 0) { for (cp = s + 5 ; isspace((unsigned char)*cp); cp++) { } memsave(&up->u_shell, cp, strlen(cp)); } else if (strncmp(s, "password", 8) == 0) { for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { } memsave(&up->u_password, cp, strlen(cp)); } else if (strncmp(s, "class", 5) == 0) { for (cp = s + 5 ; isspace((unsigned char)*cp); cp++) { } memsave(&up->u_class, cp, strlen(cp)); } else if (strncmp(s, "inactive", 8) == 0) { for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { } if (strcmp(cp, UNSET_INACTIVE) == 0) { free(up->u_inactive); up->u_inactive = NULL; } else { memsave(&up->u_inactive, cp, strlen(cp)); } } else if (strncmp(s, "range", 5) == 0) { for (cp = s + 5 ; isspace((unsigned char)*cp); cp++) { } (void) save_range(up, cp); } else if (strncmp(s, "preserve", 8) == 0) { for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { } up->u_preserve = (strncmp(cp, "true", 4) == 0) ? 1 : (strncmp(cp, "yes", 3) == 0) ? 1 : strtonum(cp, INT_MIN, INT_MAX, NULL); } else if (strncmp(s, "expire", 6) == 0) { for (cp = s + 6 ; isspace((unsigned char)*cp); cp++) { } if (strcmp(cp, UNSET_EXPIRY) == 0) { free(up->u_expire); up->u_expire = NULL; } else { memsave(&up->u_expire, cp, strlen(cp)); } } free(s); } fclose(fp); } if (up->u_rc == 0) { up->u_rv[up->u_rc].r_from = DEF_LOWUID; up->u_rv[up->u_rc].r_to = DEF_HIGHUID; up->u_rc += 1; } up->u_defrc = up->u_rc; } /* return 1 if the specified uid exists in the passwd file, else 0 */ static int uid_exists(uid_t uid) { return user_from_uid(uid, 1) != NULL; } /* return 1 if the specified user exists in the passwd file, else 0 */ static int user_exists(const char *user) { uid_t uid; return uid_from_user(user, &uid) != -1; } /* return the next valid unused uid */ static int getnextuid(int sync_uid_gid, uid_t *uid, uid_t low_uid, uid_t high_uid) { for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) { if (!uid_exists((uid_t)*uid) && *uid != NOBODY_UID) { if (sync_uid_gid) { if (!gid_exists((gid_t)*uid)) { return 1; } } else { return 1; } } } return 0; } /* look for a valid time, return 0 if it was specified but bad */ static int scantime(time_t *tp, char *s) { struct tm tm; *tp = 0; if (s != NULL) { memset(&tm, 0, sizeof(tm)); tm.tm_isdst = -1; if (strptime(s, "%c", &tm) != NULL) { *tp = mktime(&tm); } else if (strptime(s, "%B %d %Y", &tm) != NULL) { *tp = mktime(&tm); } else if (isdigit((unsigned char) s[0]) != 0) { *tp = (time_t)atoll(s); } else { return 0; } } return 1; } /* compute the extra length '&' expansion consumes */ static size_t expand_len(const char *p, const char *username) { size_t alen; size_t ulen; ulen = strlen(username); for (alen = 0; *p != '\0'; p++) if (*p == '&') alen += ulen - 1; return alen; } /* see if we can find out the user struct */ static struct passwd * find_user_info(const char *name) { struct passwd *pwp; const char *errstr; uid_t uid; if ((pwp = getpwnam(name)) == NULL) { uid = strtonum(name, -1, UID_MAX, &errstr); if (errstr == NULL) pwp = getpwuid(uid); } return pwp; } /* see if we can find out the group struct */ static struct group * find_group_info(const char *name) { struct group *grp; const char *errstr; gid_t gid; if ((grp = getgrnam(name)) == NULL) { gid = strtonum(name, -1, GID_MAX, &errstr); if (errstr == NULL) grp = getgrgid(gid); } return grp; } /* add a user */ static int adduser(char *login_name, user_t *up) { struct group *grp; struct stat st; time_t expire; time_t inactive; char password[PasswordLength + 1]; char home[MaxFileNameLen]; char buf[LINE_MAX]; int sync_uid_gid; int masterfd; int ptmpfd; gid_t gid; int cc; int i, yp = 0; FILE *fp; if (!valid_login(login_name)) { errx(EXIT_FAILURE, "`%s' is not a valid login name", login_name); } if (!valid_class(up->u_class)) { errx(EXIT_FAILURE, "No such login class `%s'", up->u_class); } if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) == -1) { err(EXIT_FAILURE, "can't open `%s'", _PATH_MASTERPASSWD); } if (flock(masterfd, LOCK_EX | LOCK_NB) == -1) { err(EXIT_FAILURE, "can't lock `%s'", _PATH_MASTERPASSWD); } pw_init(); if ((ptmpfd = pw_lock(WAITSECS)) == -1) { int saved_errno = errno; close(masterfd); errc(EXIT_FAILURE, saved_errno, "can't obtain pw_lock"); } if ((fp = fdopen(masterfd, "r")) == NULL) { int saved_errno = errno; close(masterfd); close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "can't fdopen `%s' for reading", _PATH_MASTERPASSWD); } while (fgets(buf, sizeof(buf), fp) != NULL) { cc = strlen(buf); /* * Stop copying the file at the yp entry; we want to * put the new user before it, and preserve entries * after the yp entry. */ if (cc > 1 && buf[0] == '+' && buf[1] == ':') { yp = 1; break; } if (write(ptmpfd, buf, (size_t)(cc)) != cc) { int saved_errno = errno; fclose(fp); close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "short write to /etc/ptmp (not %d chars)", cc); } } if (ferror(fp)) { int saved_errno = errno; fclose(fp); close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "read error on %s", _PATH_MASTERPASSWD); } /* if no uid was specified, get next one in [low_uid..high_uid] range */ sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0); if (up->u_uid == -1) { int got_id = 0; /* * Look for a free UID in the command line ranges (if any). * These start after the ranges specified in the config file. */ for (i = up->u_defrc; got_id == 0 && i < up->u_rc ; i++) { got_id = getnextuid(sync_uid_gid, &up->u_uid, up->u_rv[i].r_from, up->u_rv[i].r_to); } /* * If there were no free UIDs in the command line ranges, * try the ranges from the config file (there will always * be at least one default). */ if (got_id == 0) { for (i = 0; got_id == 0 && i < up->u_defrc; i++) { got_id = getnextuid(sync_uid_gid, &up->u_uid, up->u_rv[i].r_from, up->u_rv[i].r_to); } } if (got_id == 0) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't get next uid for %u", up->u_uid); } } /* check uid isn't already allocated */ if (!(up->u_flags & F_DUPUID) && uid_exists((uid_t)up->u_uid)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "uid %u is already in use", up->u_uid); } /* if -g=uid was specified, check gid is unused */ if (sync_uid_gid) { if (gid_exists((gid_t)up->u_uid)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "gid %u is already in use", up->u_uid); } gid = up->u_uid; } else { if ((grp = find_group_info(up->u_primgrp)) == NULL) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "group %s not found", up->u_primgrp); } gid = grp->gr_gid; } /* check name isn't already in use */ if (!(up->u_flags & F_DUPUID) && user_exists(login_name)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "already a `%s' user", login_name); } if (up->u_flags & F_HOMEDIR) { if (strlcpy(home, up->u_home, sizeof(home)) >= sizeof(home)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "home directory `%s' too long", up->u_home); } } else { /* if home directory hasn't been given, make it up */ if (snprintf(home, sizeof(home), "%s/%s", up->u_basedir, login_name) >= sizeof(home)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "home directory `%s/%s' too long", up->u_basedir, login_name); } } if (!scantime(&inactive, up->u_inactive)) { warnx("Warning: inactive time `%s' invalid, password expiry off", up->u_inactive); } if (!scantime(&expire, up->u_expire)) { warnx("Warning: expire time `%s' invalid, account expiry off", up->u_expire); } if (lstat(home, &st) == -1 && !(up->u_flags & F_MKDIR) && strcmp(home, _PATH_NONEXISTENT) != 0) { warnx("Warning: home directory `%s' doesn't exist, and -m was" " not specified", home); } (void) strlcpy(password, up->u_password ? up->u_password : "*", sizeof(password)); cc = snprintf(buf, sizeof(buf), "%s:%s:%u:%u:%s:%lld:%lld:%s:%s:%s\n", login_name, password, up->u_uid, gid, up->u_class, (long long) inactive, (long long) expire, up->u_comment, home, up->u_shell); if (cc >= sizeof(buf) || cc < 0 || cc + expand_len(up->u_comment, login_name) >= 1023) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't add `%s', line too long", buf); } if (write(ptmpfd, buf, (size_t) cc) != cc) { int saved_errno = errno; close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "can't add `%s'", buf); } if (yp) { /* put back the + line */ cc = snprintf(buf, sizeof(buf), "+:*::::::::\n"); if (cc < 0 || cc >= sizeof(buf)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't add `%s', line too long", buf); } if (write(ptmpfd, buf, (size_t) cc) != cc) { int saved_errno = errno; close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "can't add `%s'", buf); } /* copy the entries following it, if any */ while (fgets(buf, sizeof(buf), fp) != NULL) { cc = strlen(buf); if (write(ptmpfd, buf, (size_t)(cc)) != cc) { int saved_errno = errno; fclose(fp); close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "short write to /etc/ptmp (not %d chars)", cc); } } if (ferror(fp)) { int saved_errno = errno; fclose(fp); close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "read error on %s", _PATH_MASTERPASSWD); } } if (up->u_flags & F_MKDIR) { if (lstat(home, &st) == 0) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "home directory `%s' already exists", home); } else { if (asystem("%s -p %s", MKDIR, home) != 0) { int saved_errno = errno; close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "can't mkdir `%s'", home); } (void) copydotfiles(up->u_skeldir, home); (void) asystem("%s -R -P %u:%u %s", CHOWN, up->u_uid, gid, home); (void) asystem("%s -R u+w %s", CHMOD, home); } } if (strcmp(up->u_primgrp, "=uid") == 0 && !group_exists(login_name) && !creategid(login_name, gid, "")) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't create gid %u for login name %s", gid, login_name); } if (up->u_groupc > 0 && !append_group(login_name, up->u_groupc, up->u_groupv)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't append `%s' to new groups", login_name); } fclose(fp); close(ptmpfd); if (pw_mkdb(yp ? NULL : login_name, 0) == -1) { pw_abort(); err(EXIT_FAILURE, "pw_mkdb failed"); } syslog(LOG_INFO, "new user added: name=%s, uid=%u, gid=%u, home=%s, shell=%s", login_name, up->u_uid, gid, home, up->u_shell); return 1; } /* remove a user from the groups file */ static int rm_user_from_groups(char *login_name) { struct stat st; size_t login_len; FILE *from; FILE *to; char buf[LINE_MAX]; char f[MaxFileNameLen]; char *cp, *ep; int fd; int cc; login_len = strlen(login_name); if ((from = fopen(_PATH_GROUP, "r")) == NULL) { warn("can't remove gid for `%s': can't open `%s'", login_name, _PATH_GROUP); return 0; } if (flock(fileno(from), LOCK_EX | LOCK_NB) == -1) { warn("can't lock `%s'", _PATH_GROUP); } (void) fstat(fileno(from), &st); (void) snprintf(f, sizeof(f), "%s.XXXXXXXX", _PATH_GROUP); if ((fd = mkstemp(f)) == -1) { warn("can't remove gid for `%s': mkstemp failed", login_name); fclose(from); return 0; } if ((to = fdopen(fd, "w")) == NULL) { warn("can't remove gid for `%s': fdopen `%s' failed", login_name, f); fclose(from); close(fd); unlink(f); return 0; } while (fgets(buf, sizeof(buf), from) != NULL) { cc = strlen(buf); if (cc > 0 && buf[cc - 1] != '\n' && !feof(from)) { while (fgetc(from) != '\n' && !feof(from)) cc++; warnx("%s: line `%s' too long (%d bytes), skipping", _PATH_GROUP, buf, cc); continue; } /* Break out the group list. */ for (cp = buf, cc = 0; *cp != '\0' && cc < 3; cp++) { if (*cp == ':') cc++; } if (cc != 3) { buf[strcspn(buf, "\n")] = '\0'; warnx("Malformed entry `%s'. Skipping", buf); continue; } while ((cp = strstr(cp, login_name)) != NULL) { if ((cp[-1] == ':' || cp[-1] == ',') && (cp[login_len] == ',' || cp[login_len] == '\n')) { ep = cp + login_len; if (cp[login_len] == ',') ep++; else if (cp[-1] == ',') cp--; memmove(cp, ep, strlen(ep) + 1); } else { if ((cp = strchr(cp, ',')) == NULL) break; cp++; } } if (fwrite(buf, strlen(buf), 1, to) != 1) { warn("can't remove gid for `%s': short write to `%s'", login_name, f); fclose(from); fclose(to); unlink(f); return 0; } } (void) fchmod(fileno(to), st.st_mode & 0777); fclose(from); if (fclose(to) == EOF) { warn("can't remove gid for `%s': short write to `%s'", login_name, f); unlink(f); return 0; } if (rename(f, _PATH_GROUP) == -1) { warn("can't remove gid for `%s': can't rename `%s' to `%s'", login_name, f, _PATH_GROUP); unlink(f); return 0; } return 1; } /* check that the user or group is local, not from YP/NIS */ static int is_local(char *name, const char *file) { FILE *fp; char buf[LINE_MAX]; size_t len; int ret; int cc; if ((fp = fopen(file, "r")) == NULL) { err(EXIT_FAILURE, "can't open `%s'", file); } len = strlen(name); for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL ; ) { cc = strlen(buf); if (cc > 0 && buf[cc - 1] != '\n' && !feof(fp)) { while (fgetc(fp) != '\n' && !feof(fp)) cc++; warnx("%s: line `%s' too long (%d bytes), skipping", file, buf, cc); continue; } if (strncmp(buf, name, len) == 0 && buf[len] == ':') { ret = 1; break; } } fclose(fp); return ret; } /* modify a user */ static int moduser(char *login_name, char *newlogin, user_t *up) { struct passwd *pwp = NULL; struct group *grp; const char *homedir; char buf[LINE_MAX]; char acctlock_str[] = "-"; char pwlock_str[] = "*"; char pw_len[PasswordLength + 1]; char shell_len[MaxShellNameLen]; char *shell_last_char; size_t colonc, loginc; size_t cc; size_t shell_buf; FILE *master; char newdir[MaxFileNameLen]; char *colon; char *pw_tmp = NULL; char *shell_tmp = NULL; int len; int locked = 0; int unlocked = 0; int masterfd; int ptmpfd; int rval; int i; if (!valid_login(newlogin)) { errx(EXIT_FAILURE, "`%s' is not a valid login name", login_name); } if ((pwp = getpwnam_shadow(login_name)) == NULL) { errx(EXIT_FAILURE, "No such user `%s'", login_name); } if (up != NULL) { if ((*pwp->pw_passwd != '\0') && (up->u_flags & F_PASSWORD) == 0) { up->u_flags |= F_PASSWORD; memsave(&up->u_password, pwp->pw_passwd, strlen(pwp->pw_passwd)); explicit_bzero(pwp->pw_passwd, strlen(pwp->pw_passwd)); } } endpwent(); if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", NULL) == -1) err(1, "pledge"); if (!is_local(login_name, _PATH_MASTERPASSWD)) { errx(EXIT_FAILURE, "User `%s' must be a local user", login_name); } if (up != NULL) { if ((up->u_flags & (F_ACCTLOCK | F_ACCTUNLOCK)) && (pwp->pw_uid < 1000)) errx(EXIT_FAILURE, "(un)locking is not supported for the `%s' account", pwp->pw_name); } /* keep dir name in case we need it for '-m' */ homedir = pwp->pw_dir; /* get the last char of the shell in case we need it for '-U' or '-Z' */ shell_last_char = pwp->pw_shell+strlen(pwp->pw_shell) - 1; if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) == -1) { err(EXIT_FAILURE, "can't open `%s'", _PATH_MASTERPASSWD); } if (flock(masterfd, LOCK_EX | LOCK_NB) == -1) { err(EXIT_FAILURE, "can't lock `%s'", _PATH_MASTERPASSWD); } pw_init(); if ((ptmpfd = pw_lock(WAITSECS)) == -1) { int saved_errno = errno; close(masterfd); errc(EXIT_FAILURE, saved_errno, "can't obtain pw_lock"); } if ((master = fdopen(masterfd, "r")) == NULL) { int saved_errno = errno; close(masterfd); close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "can't fdopen fd for %s", _PATH_MASTERPASSWD); } if (up != NULL) { if (up->u_flags & F_USERNAME) { /* if changing name, check new name isn't already in use */ if (strcmp(login_name, newlogin) != 0 && user_exists(newlogin)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "already a `%s' user", newlogin); } pwp->pw_name = newlogin; /* * Provide a new directory name in case the * home directory is to be moved. */ if (up->u_flags & F_MKDIR) { (void) snprintf(newdir, sizeof(newdir), "%s/%s", up->u_basedir, newlogin); pwp->pw_dir = newdir; } } if (up->u_flags & F_PASSWORD) { if (up->u_password != NULL) pwp->pw_passwd = up->u_password; } if (up->u_flags & F_ACCTLOCK) { /* lock the account */ if (*shell_last_char != *acctlock_str) { shell_tmp = malloc(strlen(pwp->pw_shell) + sizeof(acctlock_str)); if (shell_tmp == NULL) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "account lock: cannot allocate memory"); } strlcpy(shell_tmp, pwp->pw_shell, sizeof(shell_len)); strlcat(shell_tmp, acctlock_str, sizeof(shell_len)); pwp->pw_shell = shell_tmp; } else { locked++; } /* lock the password */ if (strncmp(pwp->pw_passwd, pwlock_str, sizeof(pwlock_str)-1) != 0) { pw_tmp = malloc(strlen(pwp->pw_passwd) + sizeof(pwlock_str)); if (pw_tmp == NULL) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "password lock: cannot allocate memory"); } strlcpy(pw_tmp, pwlock_str, sizeof(pw_len)); strlcat(pw_tmp, pwp->pw_passwd, sizeof(pw_len)); pwp->pw_passwd = pw_tmp; } else { locked++; } if (locked > 1) warnx("account `%s' is already locked", pwp->pw_name); } if (up->u_flags & F_ACCTUNLOCK) { /* unlock the password */ if (strcmp(pwp->pw_passwd, pwlock_str) != 0 && strcmp(pwp->pw_passwd, "*************") != 0) { if (strncmp(pwp->pw_passwd, pwlock_str, sizeof(pwlock_str)-1) == 0) { pwp->pw_passwd += sizeof(pwlock_str)-1; } else { unlocked++; } } else { warnx("account `%s' has no password: cannot fully unlock", pwp->pw_name); } /* unlock the account */ if (*shell_last_char == *acctlock_str) { shell_buf = strlen(pwp->pw_shell) + 2 - sizeof(acctlock_str); shell_tmp = malloc(shell_buf); if (shell_tmp == NULL) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "unlock: cannot allocate memory"); } strlcpy(shell_tmp, pwp->pw_shell, shell_buf); pwp->pw_shell = shell_tmp; } else { unlocked++; } if (unlocked > 1) warnx("account `%s' is not locked", pwp->pw_name); } if (up->u_flags & F_UID) { /* check uid isn't already allocated */ if (!(up->u_flags & F_DUPUID) && uid_exists((uid_t)up->u_uid)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "uid %u is already in use", up->u_uid); } pwp->pw_uid = up->u_uid; } if (up->u_flags & F_GROUP) { /* if -g=uid was specified, check gid is unused */ if (strcmp(up->u_primgrp, "=uid") == 0) { if (gid_exists((gid_t)pwp->pw_uid)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "gid %u is already " "in use", pwp->pw_uid); } pwp->pw_gid = pwp->pw_uid; if (!creategid(newlogin, pwp->pw_gid, "")) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "could not create " "group %s with gid %u", newlogin, pwp->pw_gid); } } else { if ((grp = find_group_info(up->u_primgrp)) == NULL) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "group %s not found", up->u_primgrp); } pwp->pw_gid = grp->gr_gid; } } if (up->u_flags & F_INACTIVE) { if (!scantime(&pwp->pw_change, up->u_inactive)) { warnx("Warning: inactive time `%s' invalid, password expiry off", up->u_inactive); } } if (up->u_flags & F_EXPIRE) { if (!scantime(&pwp->pw_expire, up->u_expire)) { warnx("Warning: expire time `%s' invalid, account expiry off", up->u_expire); } } if (up->u_flags & F_COMMENT) pwp->pw_gecos = up->u_comment; if (up->u_flags & F_HOMEDIR) pwp->pw_dir = up->u_home; if (up->u_flags & F_SHELL) pwp->pw_shell = up->u_shell; if (up->u_flags & F_CLASS) { if (!valid_class(up->u_class)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "No such login class `%s'", up->u_class); } pwp->pw_class = up->u_class; } } loginc = strlen(login_name); while (fgets(buf, sizeof(buf), master) != NULL) { if ((colon = strchr(buf, ':')) == NULL) { warnx("Malformed entry `%s'. Skipping", buf); continue; } colonc = (size_t)(colon - buf); if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) { if (up != NULL) { if ((len = snprintf(buf, sizeof(buf), "%s:%s:%u:%u:%s:%lld:%lld:%s:%s:%s\n", newlogin, pwp->pw_passwd, pwp->pw_uid, pwp->pw_gid, pwp->pw_class, (long long)pwp->pw_change, (long long)pwp->pw_expire, pwp->pw_gecos, pwp->pw_dir, pwp->pw_shell)) >= sizeof(buf) || len < 0 || len + expand_len(pwp->pw_gecos, newlogin) >= 1023) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't add `%s', " "line too long (%zu bytes)", buf, len + expand_len(pwp->pw_gecos, newlogin)); } if (write(ptmpfd, buf, len) != len) { int saved_errno = errno; close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "can't add `%s'", buf); } } } else { len = strlen(buf); if ((cc = write(ptmpfd, buf, len)) != len) { int saved_errno = errno; close(masterfd); close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "short write to /etc/ptmp (%lld not %lld chars)", (long long)cc, (long long)len); } } } if (up != NULL) { if ((up->u_flags & F_MKDIR) && asystem("%s %s %s", MV, homedir, pwp->pw_dir) != 0) { int saved_errno = errno; close(ptmpfd); pw_abort(); errc(EXIT_FAILURE, saved_errno, "can't move `%s' to `%s'", homedir, pwp->pw_dir); } if (up->u_flags & F_SETSECGROUP) { for (i = 0 ; i < up->u_groupc ; i++) { if (!group_exists(up->u_groupv[i])) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "aborting, group `%s' does not exist", up->u_groupv[i]); } } if (!rm_user_from_groups(newlogin)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't reset groups for `%s'", newlogin); } } if (up->u_groupc > 0) { if (!append_group(newlogin, up->u_groupc, up->u_groupv)) { close(ptmpfd); pw_abort(); errx(EXIT_FAILURE, "can't append `%s' to new groups", newlogin); } } } fclose(master); close(ptmpfd); free(pw_tmp); free(shell_tmp); if (up != NULL && strcmp(login_name, newlogin) == 0) rval = pw_mkdb(login_name, 0); else rval = pw_mkdb(NULL, 0); if (rval == -1) { pw_abort(); err(EXIT_FAILURE, "pw_mkdb failed"); } if (up == NULL) { syslog(LOG_INFO, "user removed: name=%s", login_name); } else if (strcmp(login_name, newlogin) == 0) { syslog(LOG_INFO, "user information modified: name=%s, uid=%u, gid=%u, home=%s, shell=%s", login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, pwp->pw_shell); } else { syslog(LOG_INFO, "user information modified: name=%s, new name=%s, uid=%u, gid=%u, home=%s, shell=%s", login_name, newlogin, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, pwp->pw_shell); } return 1; } /* print out usage message, and then exit */ void usermgmt_usage(const char *prog) { if (strcmp(prog, "useradd") == 0) { fprintf(stderr, "usage: %s -D [-b base-directory] " "[-e expiry-time] [-f inactive-time]\n" " [-g gid | name | =uid] [-k skel-directory] " "[-L login-class]\n" " [-r low..high] [-s shell]\n", prog); fprintf(stderr, " %s [-mov] [-b base-directory] " "[-c comment] [-d home-directory]\n" " [-e expiry-time] [-f inactive-time]\n" " [-G secondary-group[,group,...]] " "[-g gid | name | =uid]\n" " [-k skel-directory] [-L login-class] " "[-p password] [-r low..high]\n" " [-s shell] [-u uid] user\n", prog); } else if (strcmp(prog, "usermod") == 0) { fprintf(stderr, "usage: %s [-moUvZ] " "[-c comment] [-d home-directory] [-e expiry-time]\n" " [-f inactive-time] " "[-G secondary-group[,group,...]]\n" " [-g gid | name | =uid] [-L login-class] " "[-l new-login]\n" " [-p password] " "[-S secondary-group[,group,...]]\n" " [-s shell] [-u uid] user\n", prog); } else if (strcmp(prog, "userdel") == 0) { fprintf(stderr, "usage: %s -D [-p preserve-value]\n", prog); fprintf(stderr, " %s [-rv] [-p preserve-value] " "user\n", prog); } else if (strcmp(prog, "userinfo") == 0) { fprintf(stderr, "usage: %s [-e] user\n", prog); } else if (strcmp(prog, "groupadd") == 0) { fprintf(stderr, "usage: %s [-ov] [-g gid] group\n", prog); } else if (strcmp(prog, "groupdel") == 0) { fprintf(stderr, "usage: %s [-v] group\n", prog); } else if (strcmp(prog, "groupmod") == 0) { fprintf(stderr, "usage: %s [-ov] [-g gid] [-n newname] " "group\n", prog); } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) { fprintf(stderr, "usage: %s [add | del | mod" " | info" "] ...\n", prog); } else if (strcmp(prog, "groupinfo") == 0) { fprintf(stderr, "usage: %s [-e] group\n", prog); } else { fprintf(stderr, "This program must be called as {user,group}{add,del,mod,info},\n%s is not an understood name.\n", prog); } exit(EXIT_FAILURE); } int useradd(int argc, char **argv) { user_t u; const char *errstr; int defaultfield; int bigD; int c; int i; memset(&u, 0, sizeof(u)); read_defaults(&u); u.u_uid = -1; defaultfield = bigD = 0; while ((c = getopt(argc, argv, "DG:L:b:c:d:e:f:g:k:mop:r:s:u:v")) != -1) { switch(c) { case 'D': bigD = 1; break; case 'G': while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL && u.u_groupc < NGROUPS_MAX - 2) { if (u.u_groupv[u.u_groupc][0] != 0) { u.u_groupc++; } } if (optarg != NULL) { warnx("Truncated list of secondary groups to %d entries", NGROUPS_MAX - 2); } break; case 'b': defaultfield = 1; memsave(&u.u_basedir, optarg, strlen(optarg)); break; case 'c': memsave(&u.u_comment, optarg, strlen(optarg)); break; case 'd': memsave(&u.u_home, optarg, strlen(optarg)); u.u_flags |= F_HOMEDIR; break; case 'e': defaultfield = 1; memsave(&u.u_expire, optarg, strlen(optarg)); break; case 'f': defaultfield = 1; memsave(&u.u_inactive, optarg, strlen(optarg)); break; case 'g': defaultfield = 1; memsave(&u.u_primgrp, optarg, strlen(optarg)); break; case 'k': defaultfield = 1; memsave(&u.u_skeldir, optarg, strlen(optarg)); break; case 'L': defaultfield = 1; memsave(&u.u_class, optarg, strlen(optarg)); break; case 'm': u.u_flags |= F_MKDIR; break; case 'o': u.u_flags |= F_DUPUID; break; case 'p': memsave(&u.u_password, optarg, strlen(optarg)); explicit_bzero(optarg, strlen(optarg)); break; case 'r': defaultfield = 1; if (!save_range(&u, optarg)) exit(EXIT_FAILURE); break; case 's': defaultfield = 1; memsave(&u.u_shell, optarg, strlen(optarg)); break; case 'u': u.u_uid = strtonum(optarg, -1, UID_MAX, &errstr); if (errstr != NULL) { errx(EXIT_FAILURE, "When using [-u uid], the uid must be numeric"); } break; case 'v': verbose = 1; break; default: usermgmt_usage("useradd"); } } if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", NULL) == -1) err(1, "pledge"); if (bigD) { if (defaultfield) { checkeuid(); return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; } printf("group\t\t%s\n", u.u_primgrp); printf("base_dir\t%s\n", u.u_basedir); printf("skel_dir\t%s\n", u.u_skeldir); printf("shell\t\t%s\n", u.u_shell); printf("class\t\t%s\n", u.u_class); printf("inactive\t%s\n", (u.u_inactive == NULL) ? UNSET_INACTIVE : u.u_inactive); printf("expire\t\t%s\n", (u.u_expire == NULL) ? UNSET_EXPIRY : u.u_expire); for (i = 0 ; i < u.u_rc ; i++) { printf("range\t\t%u..%u\n", u.u_rv[i].r_from, u.u_rv[i].r_to); } return EXIT_SUCCESS; } argc -= optind; argv += optind; if (argc != 1) { usermgmt_usage("useradd"); } checkeuid(); openlog("useradd", LOG_PID, LOG_USER); return adduser(*argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE; } int usermod(int argc, char **argv) { user_t u; char newuser[MaxUserNameLen + 1]; int c, have_new_user; const char *errstr; memset(&u, 0, sizeof(u)); memset(newuser, 0, sizeof(newuser)); read_defaults(&u); free(u.u_primgrp); u.u_primgrp = NULL; have_new_user = 0; while ((c = getopt(argc, argv, "G:L:S:UZc:d:e:f:g:l:mop:s:u:v")) != -1) { switch(c) { case 'G': while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL && u.u_groupc < NGROUPS_MAX - 2) { if (u.u_groupv[u.u_groupc][0] != 0) { u.u_groupc++; } } if (optarg != NULL) { warnx("Truncated list of secondary groups to %d entries", NGROUPS_MAX - 2); } u.u_flags |= F_SECGROUP; break; case 'S': while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL && u.u_groupc < NGROUPS_MAX - 2) { if (u.u_groupv[u.u_groupc][0] != 0) { u.u_groupc++; } } if (optarg != NULL) { warnx("Truncated list of secondary groups to %d entries", NGROUPS_MAX - 2); } u.u_flags |= F_SETSECGROUP; break; case 'U': u.u_flags |= F_ACCTUNLOCK; break; case 'Z': u.u_flags |= F_ACCTLOCK; break; case 'c': memsave(&u.u_comment, optarg, strlen(optarg)); u.u_flags |= F_COMMENT; break; case 'd': memsave(&u.u_home, optarg, strlen(optarg)); u.u_flags |= F_HOMEDIR; break; case 'e': memsave(&u.u_expire, optarg, strlen(optarg)); u.u_flags |= F_EXPIRE; break; case 'f': memsave(&u.u_inactive, optarg, strlen(optarg)); u.u_flags |= F_INACTIVE; break; case 'g': memsave(&u.u_primgrp, optarg, strlen(optarg)); u.u_flags |= F_GROUP; break; case 'l': if (strlcpy(newuser, optarg, sizeof(newuser)) >= sizeof(newuser)) errx(EXIT_FAILURE, "username `%s' too long", optarg); have_new_user = 1; u.u_flags |= F_USERNAME; break; case 'L': memsave(&u.u_class, optarg, strlen(optarg)); u.u_flags |= F_CLASS; break; case 'm': u.u_flags |= F_MKDIR; break; case 'o': u.u_flags |= F_DUPUID; break; case 'p': memsave(&u.u_password, optarg, strlen(optarg)); explicit_bzero(optarg, strlen(optarg)); u.u_flags |= F_PASSWORD; break; case 's': memsave(&u.u_shell, optarg, strlen(optarg)); u.u_flags |= F_SHELL; break; case 'u': u.u_uid = strtonum(optarg, -1, UID_MAX, &errstr); u.u_flags |= F_UID; if (errstr != NULL) { errx(EXIT_FAILURE, "When using [-u uid], the uid must be numeric"); } break; case 'v': verbose = 1; break; default: usermgmt_usage("usermod"); } } if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) && !(u.u_flags & F_USERNAME)) { warnx("option 'm' useless without 'd' or 'l' -- ignored"); u.u_flags &= ~F_MKDIR; } if ((u.u_flags & F_SECGROUP) && (u.u_flags & F_SETSECGROUP)) errx(EXIT_FAILURE, "options 'G' and 'S' are mutually exclusive"); if ((u.u_flags & F_ACCTLOCK) && (u.u_flags & F_ACCTUNLOCK)) errx(EXIT_FAILURE, "options 'U' and 'Z' are mutually exclusive"); if ((u.u_flags & F_PASSWORD) && (u.u_flags & (F_ACCTLOCK | F_ACCTUNLOCK))) errx(EXIT_FAILURE, "options 'U' or 'Z' with 'p' are mutually exclusive"); argc -= optind; argv += optind; if (argc != 1) { usermgmt_usage("usermod"); } checkeuid(); openlog("usermod", LOG_PID, LOG_USER); return moduser(*argv, (have_new_user) ? newuser : *argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE; } int userdel(int argc, char **argv) { struct passwd *pwp; user_t u; int defaultfield; int rmhome; int bigD; int c; memset(&u, 0, sizeof(u)); read_defaults(&u); defaultfield = bigD = rmhome = 0; while ((c = getopt(argc, argv, "Dp:rv")) != -1) { switch(c) { case 'D': bigD = 1; break; case 'p': defaultfield = 1; u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 : (strcmp(optarg, "yes") == 0) ? 1 : strtonum(optarg, INT_MIN, INT_MAX, NULL); break; case 'r': rmhome = 1; break; case 'v': verbose = 1; break; default: usermgmt_usage("userdel"); } } if (bigD) { if (defaultfield) { checkeuid(); return setdefaults(&u) ? EXIT_SUCCESS : EXIT_FAILURE; } printf("preserve\t%s\n", (u.u_preserve) ? "true" : "false"); return EXIT_SUCCESS; } argc -= optind; argv += optind; if (argc != 1) { usermgmt_usage("userdel"); } if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", NULL) == -1) err(1, "pledge"); checkeuid(); if ((pwp = getpwnam(*argv)) == NULL) { warnx("No such user `%s'", *argv); return EXIT_FAILURE; } if (rmhome) (void)removehomedir(pwp->pw_name, pwp->pw_uid, pwp->pw_dir); if (u.u_preserve) { u.u_flags |= F_SHELL; memsave(&u.u_shell, NOLOGIN, strlen(NOLOGIN)); memsave(&u.u_password, "*", strlen("*")); u.u_flags |= F_PASSWORD; openlog("userdel", LOG_PID, LOG_USER); return moduser(*argv, *argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE; } if (!rm_user_from_groups(*argv)) { return 0; } openlog("userdel", LOG_PID, LOG_USER); return moduser(*argv, *argv, NULL) ? EXIT_SUCCESS : EXIT_FAILURE; } /* add a group */ int groupadd(int argc, char **argv) { int dupgid; int gid; int c; const char *errstr; gid = -1; dupgid = 0; while ((c = getopt(argc, argv, "g:ov")) != -1) { switch(c) { case 'g': gid = strtonum(optarg, -1, GID_MAX, &errstr); if (errstr != NULL) { errx(EXIT_FAILURE, "When using [-g gid], the gid must be numeric"); } break; case 'o': dupgid = 1; break; case 'v': verbose = 1; break; default: usermgmt_usage("groupadd"); } } argc -= optind; argv += optind; if (argc != 1) { usermgmt_usage("groupadd"); } if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL) == -1) err(1, "pledge"); checkeuid(); if (!valid_group(*argv)) { errx(EXIT_FAILURE, "invalid group name `%s'", *argv); } if (gid < 0 && !getnextgid(&gid, LowGid, HighGid)) { errx(EXIT_FAILURE, "can't add group: can't get next gid"); } if (!dupgid && gid_exists((gid_t)gid)) { errx(EXIT_FAILURE, "can't add group: gid %d is a duplicate", gid); } openlog("groupadd", LOG_PID, LOG_USER); if (!creategid(*argv, gid, "")) { errx(EXIT_FAILURE, "can't add group: problems with %s file", _PATH_GROUP); } return EXIT_SUCCESS; } /* remove a group */ int groupdel(int argc, char **argv) { int c; while ((c = getopt(argc, argv, "v")) != -1) { switch(c) { case 'v': verbose = 1; break; default: usermgmt_usage("groupdel"); } } argc -= optind; argv += optind; if (argc != 1) { usermgmt_usage("groupdel"); } checkeuid(); openlog("groupdel", LOG_PID, LOG_USER); if (!group_exists(*argv)) { warnx("No such group: `%s'", *argv); return EXIT_FAILURE; } if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) err(1, "pledge"); if (!modify_gid(*argv, NULL)) { err(EXIT_FAILURE, "can't change %s file", _PATH_GROUP); } return EXIT_SUCCESS; } /* modify a group */ int groupmod(int argc, char **argv) { struct group *grp; const char *errstr; char buf[LINE_MAX]; char *newname; char **cpp; int dupgid; int gid; int cc; int c; gid = -1; dupgid = 0; newname = NULL; while ((c = getopt(argc, argv, "g:n:ov")) != -1) { switch(c) { case 'g': gid = strtonum(optarg, -1, GID_MAX, &errstr); if (errstr != NULL) { errx(EXIT_FAILURE, "When using [-g gid], the gid must be numeric"); } break; case 'o': dupgid = 1; break; case 'n': memsave(&newname, optarg, strlen(optarg)); break; case 'v': verbose = 1; break; default: usermgmt_usage("groupmod"); } } argc -= optind; argv += optind; if (argc != 1) { usermgmt_usage("groupmod"); } checkeuid(); if (gid < 0 && newname == NULL) { errx(EXIT_FAILURE, "Nothing to change"); } if (dupgid && gid < 0) { errx(EXIT_FAILURE, "Duplicate which gid?"); } if ((grp = getgrnam(*argv)) == NULL) { errx(EXIT_FAILURE, "can't find group `%s' to modify", *argv); } if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) err(1, "pledge"); if (!is_local(*argv, _PATH_GROUP)) { errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv); } if (newname != NULL && !valid_group(newname)) { errx(EXIT_FAILURE, "invalid group name `%s'", newname); } if ((cc = snprintf(buf, sizeof(buf), "%s:%s:%u:", (newname) ? newname : grp->gr_name, grp->gr_passwd, (gid < 0) ? grp->gr_gid : gid)) >= sizeof(buf) || cc < 0) errx(EXIT_FAILURE, "group `%s' entry too long", grp->gr_name); for (cpp = grp->gr_mem ; *cpp ; cpp++) { cc = strlcat(buf, *cpp, sizeof(buf)) + 1; if (cc >= sizeof(buf)) errx(EXIT_FAILURE, "group `%s' entry too long", grp->gr_name); if (cpp[1] != NULL) { buf[cc - 1] = ','; buf[cc] = '\0'; } } cc = strlcat(buf, "\n", sizeof(buf)); if (cc >= sizeof(buf)) errx(EXIT_FAILURE, "group `%s' entry too long", grp->gr_name); openlog("groupmod", LOG_PID, LOG_USER); if (!modify_gid(*argv, buf)) err(EXIT_FAILURE, "can't change %s file", _PATH_GROUP); return EXIT_SUCCESS; } /* display user information */ int userinfo(int argc, char **argv) { struct passwd *pwp; struct group *grp; char **cpp; int exists; int i; exists = 0; while ((i = getopt(argc, argv, "ev")) != -1) { switch(i) { case 'e': exists = 1; break; case 'v': verbose = 1; break; default: usermgmt_usage("userinfo"); } } argc -= optind; argv += optind; if (argc != 1) { usermgmt_usage("userinfo"); } if (pledge("stdio getpw", NULL) == -1) err(1, "pledge"); pwp = find_user_info(*argv); if (exists) { exit((pwp) ? EXIT_SUCCESS : EXIT_FAILURE); } if (pwp == NULL) { errx(EXIT_FAILURE, "can't find user `%s'", *argv); } printf("login\t%s\n", pwp->pw_name); printf("passwd\t%s\n", pwp->pw_passwd); printf("uid\t%u\n", pwp->pw_uid); if ((grp = getgrgid(pwp->pw_gid)) == NULL) printf("groups\t%u", pwp->pw_gid); else printf("groups\t%s", grp->gr_name); while ((grp = getgrent()) != NULL) { for (cpp = grp->gr_mem ; *cpp ; cpp++) { if (strcmp(*cpp, pwp->pw_name) == 0 && grp->gr_gid != pwp->pw_gid) printf(" %s", grp->gr_name); } } fputc('\n', stdout); printf("change\t%s", pwp->pw_change ? ctime(&pwp->pw_change) : "NEVER\n"); printf("class\t%s\n", pwp->pw_class); printf("gecos\t%s\n", pwp->pw_gecos); printf("dir\t%s\n", pwp->pw_dir); printf("shell\t%s\n", pwp->pw_shell); printf("expire\t%s", pwp->pw_expire ? ctime(&pwp->pw_expire) : "NEVER\n"); return EXIT_SUCCESS; } /* display user information */ int groupinfo(int argc, char **argv) { struct group *grp; char **cpp; int exists; int i; exists = 0; while ((i = getopt(argc, argv, "ev")) != -1) { switch(i) { case 'e': exists = 1; break; case 'v': verbose = 1; break; default: usermgmt_usage("groupinfo"); } } argc -= optind; argv += optind; if (argc != 1) { usermgmt_usage("groupinfo"); } if (pledge("stdio getpw", NULL) == -1) err(1, "pledge"); grp = find_group_info(*argv); if (exists) { exit((grp) ? EXIT_SUCCESS : EXIT_FAILURE); } if (grp == NULL) { errx(EXIT_FAILURE, "can't find group `%s'", *argv); } printf("name\t%s\n", grp->gr_name); printf("passwd\t%s\n", grp->gr_passwd); printf("gid\t%u\n", grp->gr_gid); printf("members\t"); for (cpp = grp->gr_mem ; *cpp ; cpp++) { printf("%s ", *cpp); } fputc('\n', stdout); return EXIT_SUCCESS; }