2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* Copyright 1990 - 1993, Julianne Frances Haugh
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
2007-10-07 17:14:59 +05:30
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
2007-10-07 17:14:02 +05:30
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* newusers - create users from a batch file
|
|
|
|
*
|
|
|
|
* newusers creates a collection of entries in /etc/passwd
|
|
|
|
* and related files by reading a passwd-format file and
|
|
|
|
* adding entries in the related directories.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2007-11-11 05:16:11 +05:30
|
|
|
#ident "$Id$"
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <grp.h>
|
|
|
|
#include <fcntl.h>
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
2007-10-07 17:17:11 +05:30
|
|
|
#include "pam_defs.h"
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* USE_PAM */
|
2007-10-07 17:17:01 +05:30
|
|
|
#include "prototypes.h"
|
|
|
|
#include "defines.h"
|
2007-10-07 17:14:02 +05:30
|
|
|
#include "getdef.h"
|
|
|
|
#include "groupio.h"
|
2007-10-07 17:17:22 +05:30
|
|
|
#include "nscd.h"
|
|
|
|
#include "pwio.h"
|
2007-10-07 17:14:02 +05:30
|
|
|
#include "shadowio.h"
|
2007-10-07 17:17:01 +05:30
|
|
|
/*
|
|
|
|
* Global variables
|
|
|
|
*/
|
|
|
|
static char *Prog;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
static int is_shadow;
|
|
|
|
|
|
|
|
/* local function prototypes */
|
2007-10-07 17:14:59 +05:30
|
|
|
static void usage (void);
|
|
|
|
static int add_group (const char *, const char *, gid_t *);
|
|
|
|
static int add_user (const char *, const char *, uid_t *, gid_t);
|
|
|
|
static void update_passwd (struct passwd *, const char *);
|
|
|
|
static int add_passwd (struct passwd *, const char *);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* usage - display usage message and exit
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
static void usage (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr, _("Usage: %s [input]\n"), Prog);
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* add_group - create a new group or add a user to an existing group
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
static int add_group (const char *name, const char *gid, gid_t * ngid)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
|
|
|
const struct passwd *pwd;
|
|
|
|
const struct group *grp;
|
2007-10-07 17:14:59 +05:30
|
|
|
struct group grent;
|
|
|
|
char *members[2];
|
|
|
|
int i;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Start by seeing if the named group already exists. This will be
|
|
|
|
* very easy to deal with if it does.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if ((grp = gr_locate (gid))) {
|
2007-10-07 17:14:59 +05:30
|
|
|
add_member:
|
2007-10-07 17:14:02 +05:30
|
|
|
grent = *grp;
|
|
|
|
*ngid = grent.gr_gid;
|
2007-10-07 17:14:59 +05:30
|
|
|
for (i = 0; grent.gr_mem[i] != (char *) 0; i++)
|
2007-10-07 17:14:02 +05:30
|
|
|
if (strcmp (grent.gr_mem[i], name) == 0)
|
|
|
|
return 0;
|
|
|
|
|
2007-10-07 17:16:07 +05:30
|
|
|
grent.gr_mem = (char **) xmalloc (sizeof (char *) * (i + 2));
|
|
|
|
memcpy (grent.gr_mem, grp->gr_mem, sizeof (char *) * (i + 2));
|
2007-10-07 17:14:02 +05:30
|
|
|
grent.gr_mem[i] = xstrdup (name);
|
|
|
|
grent.gr_mem[i + 1] = (char *) 0;
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
return !gr_update (&grent);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* The group did not exist, so I try to figure out what the GID is
|
|
|
|
* going to be. The gid parameter is probably "", meaning I figure
|
|
|
|
* out the GID from the password file. I want the UID and GID to
|
|
|
|
* match, unless the GID is already used.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if (gid[0] == '\0') {
|
|
|
|
i = 100;
|
2007-10-07 17:14:59 +05:30
|
|
|
for (pw_rewind (); (pwd = pw_next ());) {
|
2007-11-20 01:55:36 +05:30
|
|
|
if (pwd->pw_uid >= (unsigned int)i)
|
2007-10-07 17:14:02 +05:30
|
|
|
i = pwd->pw_uid + 1;
|
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
for (gr_rewind (); (grp = gr_next ());) {
|
2007-11-20 01:55:36 +05:30
|
|
|
if (grp->gr_gid == (unsigned int)i) {
|
2007-10-07 17:14:02 +05:30
|
|
|
i = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if (gid[0] >= '0' && gid[0] <= '9') {
|
2007-10-07 17:14:59 +05:30
|
|
|
/*
|
|
|
|
* The GID is a number, which means either this is a brand
|
|
|
|
* new group, or an existing group. For existing groups I
|
|
|
|
* just add myself as a member, just like I did earlier.
|
|
|
|
*/
|
2007-10-07 17:14:02 +05:30
|
|
|
i = atoi (gid);
|
2007-10-07 17:14:59 +05:30
|
|
|
for (gr_rewind (); (grp = gr_next ());)
|
2007-11-20 01:55:36 +05:30
|
|
|
if (grp->gr_gid == (unsigned int)i)
|
2007-10-07 17:14:02 +05:30
|
|
|
goto add_member;
|
|
|
|
} else
|
2007-10-07 17:14:59 +05:30
|
|
|
/*
|
|
|
|
* The last alternative is that the GID is a name which is
|
|
|
|
* not already the name of an existing group, and I need to
|
|
|
|
* figure out what group ID that group name is going to
|
|
|
|
* have.
|
|
|
|
*/
|
2007-10-07 17:14:02 +05:30
|
|
|
i = -1;
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* If I don't have a group ID by now, I'll go get the next one.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if (i == -1) {
|
2007-10-07 17:14:59 +05:30
|
|
|
for (i = 100, gr_rewind (); (grp = gr_next ());)
|
2007-11-20 01:55:36 +05:30
|
|
|
if (grp->gr_gid >= (unsigned int)i)
|
2007-10-07 17:14:02 +05:30
|
|
|
i = grp->gr_gid + 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Now I have all of the fields required to create the new group.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if (gid[0] && (gid[0] <= '0' || gid[0] >= '9'))
|
2007-10-07 17:14:59 +05:30
|
|
|
grent.gr_name = xstrdup (gid);
|
2007-10-07 17:14:02 +05:30
|
|
|
else
|
2007-10-07 17:14:59 +05:30
|
|
|
grent.gr_name = xstrdup (name);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
grent.gr_passwd = "x"; /* XXX warning: const */
|
2007-10-07 17:14:02 +05:30
|
|
|
grent.gr_gid = i;
|
2007-10-07 17:14:59 +05:30
|
|
|
members[0] = xstrdup (name);
|
2007-10-07 17:14:02 +05:30
|
|
|
members[1] = (char *) 0;
|
|
|
|
grent.gr_mem = members;
|
|
|
|
|
|
|
|
*ngid = grent.gr_gid;
|
2007-10-07 17:14:59 +05:30
|
|
|
return !gr_update (&grent);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* add_user - create a new user ID
|
|
|
|
*/
|
2007-10-07 17:16:07 +05:30
|
|
|
static int add_user (const char *name, const char *uid, uid_t * nuid, gid_t gid)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
|
|
|
const struct passwd *pwd;
|
2007-10-07 17:14:59 +05:30
|
|
|
struct passwd pwent;
|
|
|
|
uid_t i;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* The first guess for the UID is either the numerical UID that the
|
|
|
|
* caller provided, or the next available UID.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if (uid[0] >= '0' && uid[0] <= '9') {
|
|
|
|
i = atoi (uid);
|
|
|
|
} else if (uid[0] && (pwd = pw_locate (uid))) {
|
|
|
|
i = pwd->pw_uid;
|
|
|
|
} else {
|
|
|
|
i = 100;
|
2007-10-07 17:14:59 +05:30
|
|
|
for (pw_rewind (); (pwd = pw_next ());)
|
2007-10-07 17:14:02 +05:30
|
|
|
if (pwd->pw_uid >= i)
|
|
|
|
i = pwd->pw_uid + 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* I don't want to fill in the entire password structure members
|
|
|
|
* JUST YET, since there is still more data to be added. So, I fill
|
|
|
|
* in the parts that I have.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
pwent.pw_name = xstrdup (name);
|
|
|
|
pwent.pw_passwd = "x"; /* XXX warning: const */
|
2007-10-07 17:14:02 +05:30
|
|
|
pwent.pw_uid = i;
|
|
|
|
pwent.pw_gid = gid;
|
2007-10-07 17:14:59 +05:30
|
|
|
pwent.pw_gecos = ""; /* XXX warning: const */
|
|
|
|
pwent.pw_dir = ""; /* XXX warning: const */
|
|
|
|
pwent.pw_shell = ""; /* XXX warning: const */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
*nuid = i;
|
2007-10-07 17:14:59 +05:30
|
|
|
return !pw_update (&pwent);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
static void update_passwd (struct passwd *pwd, const char *passwd)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:14:59 +05:30
|
|
|
pwd->pw_passwd = pw_encrypt (passwd, crypt_make_salt ());
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* add_passwd - add or update the encrypted password
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
static int add_passwd (struct passwd *pwd, const char *passwd)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
|
|
|
const struct spwd *sp;
|
2007-10-07 17:14:59 +05:30
|
|
|
struct spwd spent;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* In the case of regular password files, this is real easy - pwd
|
|
|
|
* points to the entry in the password file. Shadow files are
|
|
|
|
* harder since there are zillions of things to do ...
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if (!is_shadow) {
|
2007-10-07 17:14:59 +05:30
|
|
|
update_passwd (pwd, passwd);
|
2007-10-07 17:14:02 +05:30
|
|
|
return 0;
|
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Do the first and easiest shadow file case. The user already
|
|
|
|
* exists in the shadow password file.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if ((sp = spw_locate (pwd->pw_name))) {
|
|
|
|
spent = *sp;
|
2007-10-07 17:14:59 +05:30
|
|
|
spent.sp_pwdp = pw_encrypt (passwd, crypt_make_salt ());
|
|
|
|
return !spw_update (&spent);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Pick the next easiest case - the user has an encrypted password
|
|
|
|
* which isn't equal to "x". The password was set to "x" earlier
|
|
|
|
* when the entry was created, so this user would have to have had
|
|
|
|
* the password set someplace else.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if (strcmp (pwd->pw_passwd, "x") != 0) {
|
2007-10-07 17:14:59 +05:30
|
|
|
update_passwd (pwd, passwd);
|
2007-10-07 17:14:02 +05:30
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Now the really hard case - I need to create an entirely new
|
|
|
|
* shadow password file entry.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
spent.sp_namp = pwd->pw_name;
|
2007-10-07 17:14:59 +05:30
|
|
|
spent.sp_pwdp = pw_encrypt (passwd, crypt_make_salt ());
|
|
|
|
spent.sp_lstchg = time ((time_t *) 0) / SCALE;
|
|
|
|
spent.sp_min = getdef_num ("PASS_MIN_DAYS", 0);
|
|
|
|
/* 10000 is infinity this week */
|
|
|
|
spent.sp_max = getdef_num ("PASS_MAX_DAYS", 10000);
|
|
|
|
spent.sp_warn = getdef_num ("PASS_WARN_AGE", -1);
|
2007-10-07 17:14:02 +05:30
|
|
|
spent.sp_inact = -1;
|
|
|
|
spent.sp_expire = -1;
|
|
|
|
spent.sp_flag = -1;
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
return !spw_update (&spent);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
int main (int argc, char **argv)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:14:59 +05:30
|
|
|
char buf[BUFSIZ];
|
|
|
|
char *fields[8];
|
|
|
|
int nfields;
|
|
|
|
char *cp;
|
2007-10-07 17:14:02 +05:30
|
|
|
const struct passwd *pw;
|
2007-10-07 17:14:59 +05:30
|
|
|
struct passwd newpw;
|
|
|
|
int errors = 0;
|
|
|
|
int line = 0;
|
|
|
|
uid_t uid;
|
|
|
|
gid_t gid;
|
|
|
|
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
|
|
|
pam_handle_t *pamh = NULL;
|
|
|
|
int retval;
|
|
|
|
#endif
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
Prog = Basename (argv[0]);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
setlocale (LC_ALL, "");
|
|
|
|
bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
|
textdomain (PACKAGE);
|
2007-10-07 17:14:38 +05:30
|
|
|
|
2007-10-07 17:15:40 +05:30
|
|
|
if (argc > 1 && argv[1][0] == '-')
|
|
|
|
usage ();
|
|
|
|
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
|
|
|
retval = PAM_SUCCESS;
|
|
|
|
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
{
|
|
|
|
struct passwd *pampw;
|
|
|
|
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
|
|
|
|
if (pampw == NULL) {
|
|
|
|
retval = PAM_USER_UNKNOWN;
|
|
|
|
}
|
2007-10-07 17:14:38 +05:30
|
|
|
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
if (retval == PAM_SUCCESS) {
|
|
|
|
retval = pam_start ("newusers", pampw->pw_name,
|
|
|
|
&conv, &pamh);
|
|
|
|
}
|
2007-10-07 17:14:38 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
if (retval == PAM_SUCCESS) {
|
2007-10-07 17:14:59 +05:30
|
|
|
retval = pam_authenticate (pamh, 0);
|
2007-10-07 17:14:38 +05:30
|
|
|
if (retval != PAM_SUCCESS) {
|
2007-10-07 17:14:59 +05:30
|
|
|
pam_end (pamh, retval);
|
2007-10-07 17:14:38 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (retval == PAM_SUCCESS) {
|
2007-10-07 17:14:59 +05:30
|
|
|
retval = pam_acct_mgmt (pamh, 0);
|
2007-10-07 17:14:38 +05:30
|
|
|
if (retval != PAM_SUCCESS) {
|
2007-10-07 17:14:59 +05:30
|
|
|
pam_end (pamh, retval);
|
2007-10-07 17:14:38 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (retval != PAM_SUCCESS) {
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
2007-10-07 17:14:38 +05:30
|
|
|
exit (1);
|
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* USE_PAM */
|
2007-10-07 17:14:38 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
if (argc == 2) {
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!freopen (argv[1], "r", stdin)) {
|
2007-10-07 17:16:07 +05:30
|
|
|
snprintf (buf, sizeof buf, "%s: %s", Prog, argv[1]);
|
2007-10-07 17:14:02 +05:30
|
|
|
perror (buf);
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Lock the password files and open them for update. This will bring
|
|
|
|
* all of the entries into memory where they may be searched for an
|
|
|
|
* modified, or new entries added. The password file is the key - if
|
|
|
|
* it gets locked, assume the others can be locked right away.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!pw_lock ()) {
|
2007-10-07 17:14:02 +05:30
|
|
|
fprintf (stderr, _("%s: can't lock /etc/passwd.\n"), Prog);
|
|
|
|
exit (1);
|
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
is_shadow = spw_file_present ();
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:16:25 +05:30
|
|
|
if ((is_shadow && !spw_lock ()) || !gr_lock ()) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
2007-10-07 17:16:07 +05:30
|
|
|
_("%s: can't lock files, try again later\n"), Prog);
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) pw_unlock ();
|
|
|
|
if (is_shadow)
|
2007-10-07 17:14:59 +05:30
|
|
|
spw_unlock ();
|
2007-10-07 17:14:02 +05:30
|
|
|
exit (1);
|
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!pw_open (O_RDWR) || (is_shadow && !spw_open (O_RDWR))
|
2007-10-07 17:16:25 +05:30
|
|
|
|| !gr_open (O_RDWR)) {
|
2007-10-07 17:14:02 +05:30
|
|
|
fprintf (stderr, _("%s: can't open files\n"), Prog);
|
|
|
|
(void) pw_unlock ();
|
|
|
|
if (is_shadow)
|
2007-10-07 17:14:59 +05:30
|
|
|
spw_unlock ();
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) gr_unlock ();
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Read each line. The line has the same format as a password file
|
|
|
|
* entry, except that certain fields are not contrained to be
|
|
|
|
* numerical values. If a group ID is entered which does not already
|
|
|
|
* exist, an attempt is made to allocate the same group ID as the
|
|
|
|
* numerical user ID. Should that fail, the next available group ID
|
|
|
|
* over 100 is allocated. The pw_gid field will be updated with that
|
|
|
|
* value.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
while (fgets (buf, sizeof buf, stdin) != (char *) 0) {
|
|
|
|
line++;
|
|
|
|
if ((cp = strrchr (buf, '\n'))) {
|
|
|
|
*cp = '\0';
|
|
|
|
} else {
|
|
|
|
fprintf (stderr, _("%s: line %d: line too long\n"),
|
2007-10-07 17:14:59 +05:30
|
|
|
Prog, line);
|
2007-10-07 17:14:02 +05:30
|
|
|
errors++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Break the string into fields and screw around with them.
|
|
|
|
* There MUST be 7 colon separated fields, although the
|
|
|
|
* values aren't that particular.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
for (cp = buf, nfields = 0; nfields < 7; nfields++) {
|
2007-10-07 17:14:02 +05:30
|
|
|
fields[nfields] = cp;
|
|
|
|
if ((cp = strchr (cp, ':')))
|
|
|
|
*cp++ = '\0';
|
|
|
|
else
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (nfields != 6) {
|
|
|
|
fprintf (stderr, _("%s: line %d: invalid line\n"),
|
2007-10-07 17:14:59 +05:30
|
|
|
Prog, line);
|
2007-10-07 17:14:02 +05:30
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Now the fields are processed one by one. The first field
|
|
|
|
* to be processed is the group name. A new group will be
|
|
|
|
* created if the group name is non-numeric and does not
|
|
|
|
* already exist. The named user will be the only member. If
|
|
|
|
* there is no named group to be a member of, the UID will
|
|
|
|
* be figured out and that value will be a candidate for a
|
|
|
|
* new group, if that group ID exists, a whole new group ID
|
|
|
|
* will be made up.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!(pw = pw_locate (fields[0])) &&
|
|
|
|
add_group (fields[0], fields[3], &gid)) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: line %d: can't create GID\n"),
|
|
|
|
Prog, line);
|
2007-10-07 17:14:02 +05:30
|
|
|
errors++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Now we work on the user ID. It has to be specified either
|
|
|
|
* as a numerical value, or left blank. If it is a numerical
|
|
|
|
* value, that value will be used, otherwise the next
|
|
|
|
* available user ID is computed and used. After this there
|
|
|
|
* will at least be a (struct passwd) for the user.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!pw && add_user (fields[0], fields[2], &uid, gid)) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: line %d: can't create UID\n"),
|
|
|
|
Prog, line);
|
2007-10-07 17:14:02 +05:30
|
|
|
errors++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The password, gecos field, directory, and shell fields
|
|
|
|
* all come next.
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!(pw = pw_locate (fields[0]))) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: line %d: cannot find user %s\n"),
|
|
|
|
Prog, line, fields[0]);
|
2007-10-07 17:14:02 +05:30
|
|
|
errors++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
newpw = *pw;
|
|
|
|
|
|
|
|
if (add_passwd (&newpw, fields[1])) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: line %d: can't update password\n"),
|
|
|
|
Prog, line);
|
2007-10-07 17:14:02 +05:30
|
|
|
errors++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (fields[4][0])
|
|
|
|
newpw.pw_gecos = fields[4];
|
|
|
|
|
|
|
|
if (fields[5][0])
|
|
|
|
newpw.pw_dir = fields[5];
|
|
|
|
|
|
|
|
if (fields[6][0])
|
|
|
|
newpw.pw_shell = fields[6];
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (newpw.pw_dir[0] && access (newpw.pw_dir, F_OK)) {
|
2007-10-07 17:14:02 +05:30
|
|
|
if (mkdir (newpw.pw_dir,
|
2007-10-07 17:17:22 +05:30
|
|
|
0777 & ~getdef_num ("UMASK",
|
|
|
|
GETDEF_DEFAULT_UMASK)))
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
2007-10-07 17:17:22 +05:30
|
|
|
_("%s: line %d: mkdir failed\n"), Prog,
|
|
|
|
line);
|
2007-10-07 17:14:59 +05:30
|
|
|
else if (chown
|
2007-10-07 17:16:07 +05:30
|
|
|
(newpw.pw_dir, newpw.pw_uid, newpw.pw_gid))
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
2007-10-07 17:17:22 +05:30
|
|
|
_("%s: line %d: chown failed\n"), Prog,
|
|
|
|
line);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Update the password entry with the new changes made.
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!pw_update (&newpw)) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: line %d: can't update entry\n"),
|
|
|
|
Prog, line);
|
2007-10-07 17:14:02 +05:30
|
|
|
errors++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Any detected errors will cause the entire set of changes to be
|
|
|
|
* aborted. Unlocking the password file will cause all of the
|
|
|
|
* changes to be ignored. Otherwise the file is closed, causing the
|
|
|
|
* changes to be written out all at once, and then unlocked
|
|
|
|
* afterwards.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
if (errors) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: error detected, changes ignored\n"), Prog);
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) gr_unlock ();
|
|
|
|
if (is_shadow)
|
2007-10-07 17:14:59 +05:30
|
|
|
spw_unlock ();
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) pw_unlock ();
|
|
|
|
exit (1);
|
|
|
|
}
|
2007-10-07 17:16:25 +05:30
|
|
|
if (!pw_close () || (is_shadow && !spw_close ()) || !gr_close ()) {
|
2007-10-07 17:14:02 +05:30
|
|
|
fprintf (stderr, _("%s: error updating files\n"), Prog);
|
|
|
|
(void) gr_unlock ();
|
|
|
|
if (is_shadow)
|
2007-10-07 17:14:59 +05:30
|
|
|
spw_unlock ();
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) pw_unlock ();
|
|
|
|
exit (1);
|
|
|
|
}
|
2007-10-07 17:16:52 +05:30
|
|
|
|
|
|
|
nscd_flush_cache ("passwd");
|
|
|
|
nscd_flush_cache ("group");
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) gr_unlock ();
|
|
|
|
if (is_shadow)
|
2007-10-07 17:14:59 +05:30
|
|
|
spw_unlock ();
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) pw_unlock ();
|
|
|
|
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
|
|
|
if (retval == PAM_SUCCESS)
|
2007-10-07 17:14:59 +05:30
|
|
|
pam_end (pamh, PAM_SUCCESS);
|
|
|
|
#endif /* USE_PAM */
|
2007-10-07 17:14:38 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
exit (0);
|
2007-10-07 17:15:23 +05:30
|
|
|
/* NOT REACHED */
|
|
|
|
}
|