[Midnightbsd-cvs] src [10357] trunk/usr.sbin/pw: sync with freebsd 10 stable
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Jun 3 19:00:24 EDT 2018
Revision: 10357
http://svnweb.midnightbsd.org/src/?rev=10357
Author: laffer1
Date: 2018-06-03 19:00:23 -0400 (Sun, 03 Jun 2018)
Log Message:
-----------
sync with freebsd 10 stable
Modified Paths:
--------------
trunk/usr.sbin/pw/Makefile
trunk/usr.sbin/pw/cpdir.c
trunk/usr.sbin/pw/grupd.c
trunk/usr.sbin/pw/psdate.c
trunk/usr.sbin/pw/psdate.h
trunk/usr.sbin/pw/pw.8
trunk/usr.sbin/pw/pw.c
trunk/usr.sbin/pw/pw.conf.5
trunk/usr.sbin/pw/pw.h
trunk/usr.sbin/pw/pw_conf.c
trunk/usr.sbin/pw/pw_group.c
trunk/usr.sbin/pw/pw_log.c
trunk/usr.sbin/pw/pw_nis.c
trunk/usr.sbin/pw/pw_user.c
trunk/usr.sbin/pw/pw_vpw.c
trunk/usr.sbin/pw/pwupd.c
trunk/usr.sbin/pw/pwupd.h
trunk/usr.sbin/pw/rm_r.c
Property Changed:
----------------
trunk/usr.sbin/pw/README
trunk/usr.sbin/pw/pw.8
trunk/usr.sbin/pw/pw.conf.5
Modified: trunk/usr.sbin/pw/Makefile
===================================================================
--- trunk/usr.sbin/pw/Makefile 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/Makefile 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,14 +1,21 @@
# $MidnightBSD$
+# $FreeBSD: stable/10/usr.sbin/pw/Makefile 287084 2015-08-23 21:42:27Z bapt $
+.include <bsd.own.mk>
+
PROG= pw
MAN= pw.conf.5 pw.8
SRCS= pw.c pw_conf.c pw_user.c pw_group.c pw_log.c pw_nis.c pw_vpw.c \
- grupd.c pwupd.c fileupd.c edgroup.c psdate.c \
- bitmap.c cpdir.c rm_r.c
+ grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c strtounum.c \
+ pw_utils.c
-WARNS?= 1
+WARNS?= 3
-DPADD= ${LIBCRYPT} ${LIBUTIL}
-LDADD= -lcrypt -lutil
+DPADD= ${LIBCRYPT} ${LIBUTIL} ${LIBSBUF}
+LDADD= -lcrypt -lutil -lsbuf
+.if ${MK_TESTS} != "no"
+SUBDIR+= tests
+.endif
+
.include <bsd.prog.mk>
Index: trunk/usr.sbin/pw/README
===================================================================
--- trunk/usr.sbin/pw/README 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/README 2018-06-03 23:00:23 UTC (rev 10357)
Property changes on: trunk/usr.sbin/pw/README
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/usr.sbin/pw/cpdir.c
===================================================================
--- trunk/usr.sbin/pw/cpdir.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/cpdir.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,106 +27,99 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/cpdir.c 287084 2015-08-23 21:42:27Z bapt $";
#endif /* not lint */
+#include <dirent.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
-#include <stdio.h>
#include <string.h>
-#include <stdlib.h>
#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <dirent.h>
#include "pw.h"
#include "pwupd.h"
void
-copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid)
+copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid,
+ gid_t gid, int flags)
{
- char src[MAXPATHLEN];
- char dst[MAXPATHLEN];
- char lnk[MAXPATHLEN];
- int len;
+ char *p, lnk[MAXPATHLEN], copybuf[4096];
+ int len, homefd, srcfd, destfd;
+ ssize_t sz;
+ struct stat st;
+ struct dirent *e;
+ DIR *d;
- if (mkdir(dir, mode) != 0 && errno != EEXIST) {
+ if (*dir == '/')
+ dir++;
+
+ if (mkdirat(rootfd, dir, mode) != 0 && errno != EEXIST) {
warn("mkdir(%s)", dir);
- } else {
- int infd, outfd;
- struct stat st;
+ return;
+ }
+ fchownat(rootfd, dir, uid, gid, AT_SYMLINK_NOFOLLOW);
+ if (flags > 0)
+ chflagsat(rootfd, dir, flags, AT_SYMLINK_NOFOLLOW);
- static char counter = 0;
- static char *copybuf = NULL;
+ if (skelfd == -1)
+ return;
- ++counter;
- chown(dir, uid, gid);
- if (skel != NULL && *skel != '\0') {
- DIR *d = opendir(skel);
+ homefd = openat(rootfd, dir, O_DIRECTORY);
+ if ((d = fdopendir(skelfd)) == NULL) {
+ close(skelfd);
+ close(homefd);
+ return;
+ }
- if (d != NULL) {
- struct dirent *e;
+ while ((e = readdir(d)) != NULL) {
+ if (strcmp(e->d_name, ".") == 0 || strcmp(e->d_name, "..") == 0)
+ continue;
- while ((e = readdir(d)) != NULL) {
- char *p = e->d_name;
+ p = e->d_name;
+ if (fstatat(skelfd, p, &st, AT_SYMLINK_NOFOLLOW) == -1)
+ continue;
- if (snprintf(src, sizeof(src), "%s/%s", skel, p) >= (int)sizeof(src))
- warn("warning: pathname too long '%s/%s' (skel not copied)", skel, p);
- else if (lstat(src, &st) == 0) {
- if (strncmp(p, "dot.", 4) == 0) /* Conversion */
- p += 3;
- if (snprintf(dst, sizeof(dst), "%s/%s", dir, p) >= (int)sizeof(dst))
- warn("warning: path too long '%s/%s' (skel file skipped)", dir, p);
- else {
- if (S_ISDIR(st.st_mode)) { /* Recurse for this */
- if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0)
- copymkdir(dst, src, st.st_mode & _DEF_DIRMODE, uid, gid);
- chflags(dst, st.st_flags); /* propogate flags */
- } else if (S_ISLNK(st.st_mode) && (len = readlink(src, lnk, sizeof(lnk))) != -1) {
- lnk[len] = '\0';
- symlink(lnk, dst);
- lchown(dst, uid, gid);
- /*
- * Note: don't propogate special attributes
- * but do propogate file flags
- */
- } else if (S_ISREG(st.st_mode) && (outfd = open(dst, O_RDWR | O_CREAT | O_EXCL, st.st_mode)) != -1) {
- if ((infd = open(src, O_RDONLY)) == -1) {
- close(outfd);
- remove(dst);
- } else {
- int b;
+ if (strncmp(p, "dot.", 4) == 0) /* Conversion */
+ p += 3;
- /*
- * Allocate our copy buffer if we need to
- */
- if (copybuf == NULL)
- copybuf = malloc(4096);
- while ((b = read(infd, copybuf, 4096)) > 0)
- write(outfd, copybuf, b);
- close(infd);
- /*
- * Propogate special filesystem flags
- */
- fchown(outfd, uid, gid);
- fchflags(outfd, st.st_flags);
- close(outfd);
- chown(dst, uid, gid);
- }
- }
- }
- }
- }
- closedir(d);
- }
+ if (S_ISDIR(st.st_mode)) {
+ copymkdir(homefd, p, openat(skelfd, e->d_name, O_DIRECTORY),
+ st.st_mode & _DEF_DIRMODE, uid, gid, st.st_flags);
+ continue;
}
- if (--counter == 0 && copybuf != NULL) {
- free(copybuf);
- copybuf = NULL;
+
+ if (S_ISLNK(st.st_mode) &&
+ (len = readlinkat(skelfd, e->d_name, lnk, sizeof(lnk) -1))
+ != -1) {
+ lnk[len] = '\0';
+ symlinkat(lnk, homefd, p);
+ fchownat(homefd, p, uid, gid, AT_SYMLINK_NOFOLLOW);
+ continue;
}
+
+ if (!S_ISREG(st.st_mode))
+ continue;
+
+ if ((srcfd = openat(skelfd, e->d_name, O_RDONLY)) == -1)
+ continue;
+ destfd = openat(homefd, p, O_RDWR | O_CREAT | O_EXCL,
+ st.st_mode);
+ if (destfd == -1) {
+ close(srcfd);
+ continue;
+ }
+
+ while ((sz = read(srcfd, copybuf, sizeof(copybuf))) > 0)
+ write(destfd, copybuf, sz);
+
+ close(srcfd);
+ /*
+ * Propagate special filesystem flags
+ */
+ fchown(destfd, uid, gid);
+ fchflags(destfd, st.st_flags);
+ close(destfd);
}
+ closedir(d);
}
-
Modified: trunk/usr.sbin/pw/grupd.c
===================================================================
--- trunk/usr.sbin/pw/grupd.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/grupd.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,129 +27,66 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/grupd.c 310173 2016-12-16 20:10:55Z asomers $";
#endif /* not lint */
+#include <err.h>
+#include <grp.h>
+#include <libutil.h>
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
#include <unistd.h>
-#include <stdarg.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
#include "pwupd.h"
-static char * grpath = _PATH_PWD;
-
-int
-setgrdir(const char * dir)
-{
- if (dir == NULL)
- return -1;
- else {
- char * d = malloc(strlen(dir)+1);
- if (d == NULL)
- return -1;
- grpath = strcpy(d, dir);
- }
- return 0;
-}
-
char *
getgrpath(const char * file)
{
static char pathbuf[MAXPATHLEN];
- snprintf(pathbuf, sizeof pathbuf, "%s/%s", grpath, file);
- return pathbuf;
-}
+ snprintf(pathbuf, sizeof pathbuf, "%s/%s", conf.etcpath, file);
-int
-grdb(char *arg,...)
-{
- /*
- * This is a stub for now, but maybe eventually be functional
- * if ever an indexed version of /etc/groups is implemented.
- */
- arg=arg;
- return 0;
+ return (pathbuf);
}
-int
-fmtgrentry(char **buf, int * buflen, struct group * grp, int type)
+static int
+gr_update(struct group * grp, char const * group)
{
- int i, l;
+ int pfd, tfd;
+ struct group *gr = NULL;
+ struct group *old_gr = NULL;
- /*
- * Since a group line is of arbitrary length,
- * we need to calculate up-front just how long
- * it will need to be...
- */
- /* groupname : password : gid : */
- l = strlen(grp->gr_name) + 1 + strlen(grp->gr_passwd) + 1 + 5 + 1;
- /* group members + comma separator */
- for (i = 0; grp->gr_mem[i] != NULL; i++) {
- l += strlen(grp->gr_mem[i]) + 1;
- }
- l += 2; /* For newline & NUL */
- if (extendline(buf, buflen, l) == -1)
- l = -1;
- else{
- /*
- * Now we can safely format
- */
- if (type == PWF_STANDARD)
- l = sprintf(*buf, "%s:*:%ld:", grp->gr_name, (long) grp->gr_gid);
- else
- l = sprintf(*buf, "%s:%s:%ld:", grp->gr_name, grp->gr_passwd, (long) grp->gr_gid);
+ if (grp != NULL)
+ gr = gr_dup(grp);
- /*
- * List members
- */
- for (i = 0; grp->gr_mem[i] != NULL; i++) {
- l += sprintf(*buf + l, "%s%s", i ? "," : "", grp->gr_mem[i]);
- }
+ if (group != NULL)
+ old_gr = GETGRNAM(group);
- (*buf)[l++] = '\n';
- (*buf)[l] = '\0';
- }
- return l;
-}
+ if (gr_init(conf.etcpath, NULL))
+ err(1, "gr_init()");
-
-int
-fmtgrent(char **buf, int * buflen, struct group * grp)
-{
- return fmtgrentry(buf, buflen, grp, PWF_STANDARD);
-}
-
-
-static int
-gr_update(struct group * grp, char const * group, int mode)
-{
- int l;
- char pfx[64];
- int grbuflen = 0;
- char *grbuf = NULL;
-
- ENDGRENT();
- l = snprintf(pfx, sizeof pfx, "%s:", group);
-
- /*
- * Update the group file
- */
- if (grp != NULL && fmtgrentry(&grbuf, &grbuflen, grp, PWF_PASSWD) == -1)
- l = -1;
- else {
- l = fileupdate(getgrpath(_GROUP), 0644, grbuf, pfx, l, mode);
- if (l == 0)
- l = grdb(NULL);
+ if ((pfd = gr_lock()) == -1) {
+ gr_fini();
+ err(1, "gr_lock()");
}
- if (grbuf != NULL)
- free(grbuf);
- return l;
+ if ((tfd = gr_tmp(-1)) == -1) {
+ gr_fini();
+ err(1, "gr_tmp()");
+ }
+ if (gr_copy(pfd, tfd, gr, old_gr) == -1) {
+ gr_fini();
+ close(tfd);
+ err(1, "gr_copy()");
+ }
+ fsync(tfd);
+ close(tfd);
+ if (gr_mkdb() == -1) {
+ gr_fini();
+ err(1, "gr_mkdb()");
+ }
+ free(gr);
+ gr_fini();
+ return 0;
}
@@ -155,17 +93,18 @@
int
addgrent(struct group * grp)
{
- return gr_update(grp, grp->gr_name, UPD_CREATE);
+ return gr_update(grp, NULL);
}
int
chggrent(char const * login, struct group * grp)
{
- return gr_update(grp, login, UPD_REPLACE);
+ return gr_update(grp, login);
}
int
delgrent(struct group * grp)
{
- return gr_update(NULL, grp->gr_name, UPD_DELETE);
+
+ return (gr_update(NULL, grp->gr_name));
}
Modified: trunk/usr.sbin/pw/psdate.c
===================================================================
--- trunk/usr.sbin/pw/psdate.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/psdate.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,41 +27,23 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/psdate.c 326849 2017-12-14 13:10:22Z eugen $";
#endif /* not lint */
-#include <stdio.h>
+#include <ctype.h>
+#include <err.h>
#include <stdlib.h>
#include <string.h>
-#include <ctype.h>
+#include <xlocale.h>
#include "psdate.h"
-static int
-a2i(char const ** str)
-{
- int i = 0;
- char const *s = *str;
-
- if (isdigit((unsigned char)*s)) {
- i = atoi(s);
- while (isdigit((unsigned char)*s))
- ++s;
- *str = s;
- }
- return i;
-}
-
-static int
+int
numerics(char const * str)
{
- int rc = isdigit((unsigned char)*str);
- if (rc)
- while (isdigit((unsigned char)*str) || *str == 'x')
- ++str;
- return rc && !*str;
+ return (str[strspn(str, "0123456789x")] == '\0');
}
static int
@@ -95,61 +78,73 @@
return aindex(days, str, 3);
}
-static int
-month(char const ** str)
+static void
+parse_datesub(char const * str, struct tm *t)
{
- static char const *months[] =
- {"jan", "feb", "mar", "apr", "may", "jun", "jul",
- "aug", "sep", "oct", "nov", "dec", NULL};
+ struct tm tm;
+ locale_t l;
+ int i;
+ char *ret;
+ const char *valid_formats[] = {
+ "%d-%b-%y",
+ "%d-%b-%Y",
+ "%d-%m-%y",
+ "%d-%m-%Y",
+ "%H:%M %d-%b-%y",
+ "%H:%M %d-%b-%Y",
+ "%H:%M %d-%m-%y",
+ "%H:%M %d-%m-%Y",
+ "%H:%M:%S %d-%b-%y",
+ "%H:%M:%S %d-%b-%Y",
+ "%H:%M:%S %d-%m-%y",
+ "%H:%M:%S %d-%m-%Y",
+ "%d-%b-%y %H:%M",
+ "%d-%b-%Y %H:%M",
+ "%d-%m-%y %H:%M",
+ "%d-%m-%Y %H:%M",
+ "%d-%b-%y %H:%M:%S",
+ "%d-%b-%Y %H:%M:%S",
+ "%d-%m-%y %H:%M:%S",
+ "%d-%m-%Y %H:%M:%S",
+ "%H:%M\t%d-%b-%y",
+ "%H:%M\t%d-%b-%Y",
+ "%H:%M\t%d-%m-%y",
+ "%H:%M\t%d-%m-%Y",
+ "%H:%M\t%S %d-%b-%y",
+ "%H:%M\t%S %d-%b-%Y",
+ "%H:%M\t%S %d-%m-%y",
+ "%H:%M\t%S %d-%m-%Y",
+ "%d-%b-%y\t%H:%M",
+ "%d-%b-%Y\t%H:%M",
+ "%d-%m-%y\t%H:%M",
+ "%d-%m-%Y\t%H:%M",
+ "%d-%b-%y\t%H:%M:%S",
+ "%d-%b-%Y\t%H:%M:%S",
+ "%d-%m-%y\t%H:%M:%S",
+ "%d-%m-%Y\t%H:%M:%S",
+ NULL,
+ };
- return aindex(months, str, 3);
-}
+ l = newlocale(LC_ALL_MASK, "C", NULL);
-static void
-parse_time(char const * str, int *hour, int *min, int *sec)
-{
- *hour = a2i(&str);
- if ((str = strchr(str, ':')) == NULL)
- *min = *sec = 0;
- else {
- ++str;
- *min = a2i(&str);
- *sec = ((str = strchr(str, ':')) == NULL) ? 0 : atoi(++str);
+ memset(&tm, 0, sizeof(tm));
+ for (i=0; valid_formats[i] != NULL; i++) {
+ ret = strptime_l(str, valid_formats[i], &tm, l);
+ if (ret && *ret == '\0') {
+ t->tm_mday = tm.tm_mday;
+ t->tm_mon = tm.tm_mon;
+ t->tm_year = tm.tm_year;
+ t->tm_hour = tm.tm_hour;
+ t->tm_min = tm.tm_min;
+ t->tm_sec = tm.tm_sec;
+ freelocale(l);
+ return;
+ }
}
-}
+ freelocale(l);
-static void
-parse_datesub(char const * str, int *day, int *mon, int *year)
-{
- int i;
-
- static char const nchrs[] = "0123456789 \t,/-.";
-
- if ((i = month(&str)) != -1) {
- *mon = i;
- if ((i = a2i(&str)) != 0)
- *day = i;
- } else if ((i = a2i(&str)) != 0) {
- *day = i;
- while (*str && strchr(nchrs + 10, *str) != NULL)
- ++str;
- if ((i = month(&str)) != -1)
- *mon = i;
- else if ((i = a2i(&str)) != 0)
- *mon = i - 1;
- } else
- return;
-
- while (*str && strchr(nchrs + 10, *str) != NULL)
- ++str;
- if (isdigit((unsigned char)*str)) {
- *year = atoi(str);
- if (*year > 1900)
- *year -= 1900;
- else if (*year < 32)
- *year += 100;
- }
+ errx(EXIT_FAILURE, "Invalid date");
}
@@ -256,39 +251,7 @@
}
}
- /*
- * See if there is a time hh:mm[:ss]
- */
- if ((p = strchr(tmp, ':')) == NULL) {
-
- /*
- * No time string involved
- */
- T->tm_hour = T->tm_min = T->tm_sec = 0;
- parse_datesub(tmp, &T->tm_mday, &T->tm_mon, &T->tm_year);
- } else {
- char datestr[64], timestr[64];
-
- /*
- * Let's chip off the time string
- */
- if ((q = strpbrk(p, " \t")) != NULL) { /* Time first? */
- int l = q - str;
-
- strlcpy(timestr, str, l + 1);
- strlcpy(datestr, q + 1, sizeof(datestr));
- parse_time(timestr, &T->tm_hour, &T->tm_min, &T->tm_sec);
- parse_datesub(datestr, &T->tm_mday, &T->tm_mon, &T->tm_year);
- } else if ((q = strrchr(tmp, ' ')) != NULL) { /* Time last */
- int l = q - tmp;
-
- strlcpy(timestr, q + 1, sizeof(timestr));
- strlcpy(datestr, tmp, l + 1);
- } else /* Bail out */
- return dt;
- parse_time(timestr, &T->tm_hour, &T->tm_min, &T->tm_sec);
- parse_datesub(datestr, &T->tm_mday, &T->tm_mon, &T->tm_year);
- }
+ parse_datesub(tmp, T);
dt = mktime(T);
}
return dt;
Modified: trunk/usr.sbin/pw/psdate.h
===================================================================
--- trunk/usr.sbin/pw/psdate.h 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/psdate.h 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -23,7 +24,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $MidnightBSD$
+ * $FreeBSD: stable/10/usr.sbin/pw/psdate.h 326849 2017-12-14 13:10:22Z eugen $
*/
#ifndef _PSDATE_H_
@@ -33,6 +34,7 @@
#include <sys/cdefs.h>
__BEGIN_DECLS
+int numerics(char const * str);
time_t parse_date(time_t dt, char const * str);
void print_date(char *buf, time_t t, int dotime);
__END_DECLS
Modified: trunk/usr.sbin/pw/pw.8
===================================================================
--- trunk/usr.sbin/pw/pw.8 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw.8 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+.\" $MidnightBSD$
.\" Copyright (C) 1996
.\" David L. Nugent. All rights reserved.
.\"
@@ -22,9 +23,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $MidnightBSD$
+.\" $FreeBSD: stable/10/usr.sbin/pw/pw.8 326849 2017-12-14 13:10:22Z eugen $
.\"
-.Dd December 21, 2011
+.Dd December 10, 2017
.Dt PW 8
.Os
.Sh NAME
@@ -32,13 +33,12 @@
.Nd create, remove, modify & display system users and groups
.Sh SYNOPSIS
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar useradd
-.Op name|uid
+.Oo Fl n Oc name Oo Fl u Ar uid Oc
.Op Fl C Ar config
.Op Fl q
-.Op Fl n Ar name
-.Op Fl u Ar uid
.Op Fl c Ar comment
.Op Fl d Ar dir
.Op Fl e Ar date
@@ -57,9 +57,9 @@
.Op Fl P
.Op Fl Y
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar useradd
-.Op name|uid
.Fl D
.Op Fl C Ar config
.Op Fl q
@@ -76,21 +76,19 @@
.Op Fl s Ar shell
.Op Fl y Ar path
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar userdel
-.Op name|uid
-.Op Fl n Ar name
-.Op Fl u Ar uid
+.Oo Fl n Oc name|uid | Fl u Ar uid
.Op Fl r
.Op Fl Y
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar usermod
-.Op name|uid
+.Oo Fl n Oc name|uid Oo Fl u Ar newuid Oc | Fl u Ar uid
.Op Fl C Ar config
.Op Fl q
-.Op Fl n Ar name
-.Op Fl u Ar uid
.Op Fl c Ar comment
.Op Fl d Ar dir
.Op Fl e Ar date
@@ -97,7 +95,7 @@
.Op Fl p Ar date
.Op Fl g Ar group
.Op Fl G Ar grouplist
-.Op Fl l Ar name
+.Op Fl l Ar newname
.Op Fl m
.Op Fl M Ar mode
.Op Fl k Ar dir
@@ -109,28 +107,27 @@
.Op Fl P
.Op Fl Y
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar usershow
-.Op name|uid
-.Op Fl n Ar name
-.Op Fl u Ar uid
+.Oo Fl n Oc name|uid | Fl u Ar uid
.Op Fl F
.Op Fl P
.Op Fl 7
.Op Fl a
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar usernext
.Op Fl C Ar config
.Op Fl q
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupadd
-.Op group|gid
+.Oo Fl n Oc name Oo Fl g Ar gid Oc
.Op Fl C Ar config
.Op Fl q
-.Op Fl n Ar group
-.Op Fl g Ar gid
.Op Fl M Ar members
.Op Fl o
.Op Fl h Ar fd | Fl H Ar fd
@@ -138,21 +135,19 @@
.Op Fl P
.Op Fl Y
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupdel
-.Op group|gid
-.Op Fl n Ar name
-.Op Fl g Ar gid
+.Oo Fl n Oc name|gid | Fl g Ar gid
.Op Fl Y
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupmod
-.Op group|gid
+.Oo Fl n Oc name|gid Oo Fl g Ar newgid Oc | Fl g Ar gid
.Op Fl C Ar config
.Op Fl q
-.Op Fl n Ar name
-.Op Fl g Ar gid
-.Op Fl l Ar name
+.Op Fl l Ar newname
.Op Fl M Ar members
.Op Fl m Ar newmembers
.Op Fl d Ar oldmembers
@@ -161,29 +156,31 @@
.Op Fl P
.Op Fl Y
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupshow
-.Op group|gid
-.Op Fl n Ar name
-.Op Fl g Ar gid
+.Oo Fl n Oc name|gid | Fl g Ar gid
.Op Fl F
.Op Fl P
.Op Fl a
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupnext
.Op Fl C Ar config
.Op Fl q
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar lock
-.Op name|uid
+.Oo Fl n Oc name|uid | Fl u Ar uid
.Op Fl C Ar config
.Op Fl q
.Nm
+.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar unlock
-.Op name|uid
+.Oo Fl n Oc name|uid | Fl u Ar uid
.Op Fl C Ar config
.Op Fl q
.Sh DESCRIPTION
@@ -237,8 +234,9 @@
This flexibility is useful for interactive scripts calling
.Nm
for user and group database manipulation.
-Following these keywords, you may optionally specify the user or group name or numeric
-id as an alternative to using the
+Following these keywords,
+the user or group name or numeric id may be optionally specified as an
+alternative to using the
.Fl n Ar name ,
.Fl u Ar uid ,
.Fl g Ar gid
@@ -246,13 +244,20 @@
.Pp
The following flags are common to most or all modes of operation:
.Bl -tag -width "-G grouplist"
+.It Fl R Ar rootdir
+Specifies an alternate root directory within which
+.Nm
+will operate.
+Any paths specified will be relative to
+.Va rootdir .
.It Fl V Ar etcdir
-This flag sets an alternate location for the password, group and configuration files,
-and may be used to maintain a user/group database in an alternate location.
+Set an alternate location for the password, group, and configuration files.
+Can be used to maintain a user/group database in an alternate location.
If this switch is specified, the system
.Pa /etc/pw.conf
-will not be sourced for default configuration data, but the file pw.conf in the
-specified directory will be used instead (or none, if it does not exist).
+will not be sourced for default configuration data,
+but the file pw.conf in the specified directory will be used instead
+.Pq or none, if it does not exist .
The
.Fl C
flag may be used to override this behaviour.
@@ -259,7 +264,7 @@
As an exception to the general rule where options must follow the operation
type, the
.Fl V
-flag may be used on the command line before the operation keyword.
+flag must be used on the command line before the operation keyword.
.It Fl C Ar config
By default,
.Nm
@@ -275,7 +280,8 @@
.It Fl q
Use of this option causes
.Nm
-to suppress error messages, which may be useful in interactive environments where it
+to suppress error messages,
+which may be useful in interactive environments where it
is preferable to interpret status codes returned by
.Nm
rather than messing up a carefully formatted display.
@@ -319,27 +325,40 @@
.Ar usermod
commands:
.Bl -tag -width "-G grouplist"
-.It Fl n Ar name
+.It Oo Fl n Oc Ar name
+Required unless
+.Fl u Ar uid
+is given.
Specify the user/account name.
+In the case of
+.Ar usermod
+can be a uid.
.It Fl u Ar uid
+Required if
+.Ar name
+is not given.
Specify the user/account numeric id.
+In the case of
+.Ar usermod
+if paired with
+.Ar name ,
+changes the numeric id of the named user/account.
.Pp
-Usually, you only need to provide one or the other of these options, as the account
-name will imply the uid, or vice versa.
-However, there are times when you need to provide both.
+Usually, only one of these options is required,
+as the account name will imply the uid, or vice versa.
+However, there are times when both are needed.
For example, when changing the uid of an existing user with
.Ar usermod ,
-or overriding the default uid when creating a new account.
-If you wish
-.Nm
-to automatically allocate the uid to a new user with
+or overriding the default uid when creating a new account with
+.Ar useradd .
+To automatically allocate the uid to a new user with
.Ar useradd ,
-then you should
+then do
.Em not
use the
.Fl u
option.
-You may also provide either the account or userid immediately after the
+Either the account or userid can also be provided immediately after the
.Ar useradd ,
.Ar userdel ,
.Ar usermod
@@ -353,21 +372,23 @@
.El
.Bl -tag -width "-G grouplist"
.It Fl c Ar comment
-This field sets the contents of the passwd GECOS field, which normally contains up
-to four comma-separated fields containing the user's full name, office or location,
+This field sets the contents of the passwd GECOS field,
+which normally contains up to four comma-separated fields containing the
+user's full name, office or location,
and work and home phone numbers.
These sub-fields are used by convention only, however, and are optional.
-If this field is to contain spaces, you need to quote the comment itself with double
-quotes
+If this field is to contain spaces,
+the comment must be enclosed in double quotes
.Ql \&" .
-Avoid using commas in this field as these are used as sub-field separators, and the
-colon
+Avoid using commas in this field as these are used as sub-field separators,
+and the colon
.Ql \&:
character also cannot be used as this is the field separator for the passwd
file itself.
.It Fl d Ar dir
This option sets the account's home directory.
-Normally, you will only use this if the home directory is to be different from the
+Normally,
+this is only used if the home directory is to be different from the
default determined from
.Pa /etc/pw.conf
- normally
@@ -377,13 +398,15 @@
Set the account's expiration date.
Format of the date is either a UNIX time in decimal, or a date in
.Ql dd-mmm-yy[yy]
-format, where dd is the day, mmm is the month, either in numeric or alphabetic format
+format, where dd is the day,
+mmm is the month, either in numeric or alphabetic format
('Jan', 'Feb', etc) and year is either a two or four digit year.
This option also accepts a relative date in the form
.Ql \&+n[mhdwoy]
where
.Ql \&n
-is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit followed by the
+is a decimal,
+octal (leading 0) or hexadecimal (leading 0x) digit followed by the
number of Minutes, Hours, Days, Weeks, Months or Years from the current date at
which the expiration date is to be set.
.It Fl p Ar date
@@ -398,18 +421,16 @@
.Ar group
may be defined by either its name or group number.
.It Fl G Ar grouplist
-Set additional group memberships for an account.
+Set secondary group memberships for an account.
.Ar grouplist
-is a comma, space or tab-separated list of group names or group numbers.
-The user's name is added to the group lists in
-.Pa /etc/group ,
-and
-removed from any groups not specified in
+is a comma, space, or tab-separated list of group names or group numbers.
+The user is added to the groups specified in
+.Ar grouplist ,
+and removed from all groups not specified.
+The current login session is not affected by group membership changes,
+which only take effect when the user reconnects.
+Note: do not add a user to their primary group with
.Ar grouplist .
-Note: a user should not be added to their primary group with
-.Ar grouplist .
-Also, group membership changes do not take effect for current user login
-sessions, requiring the user to reconnect to be affected by the changes.
.It Fl L Ar class
This option sets the login class for the user being created.
See
@@ -423,8 +444,8 @@
to attempt to create the user's home directory.
While primarily useful when adding a new account with
.Ar useradd ,
-this may also be of use when moving an existing user's home directory elsewhere on
-the file system.
+this may also be of use when moving an existing user's home directory elsewhere
+on the file system.
The new home directory is populated with the contents of the
.Ar skeleton
directory, which typically contains a set of shell configuration files that the
@@ -442,7 +463,8 @@
.Em not
overwritten from the skeleton files.
.Pp
-When a user's home directory is created, it will by default be a subdirectory of the
+When a user's home directory is created,
+it will by default be a subdirectory of the
.Ar basehome
directory as specified by the
.Fl b
@@ -580,13 +602,24 @@
but it may be set elsewhere as desired.
.It Fl e Ar days
Set the default account expiration period in days.
-Unlike use without
-.Fl D ,
-the argument must be numeric, which specifies the number of days after creation when
-the account is to expire.
+When
+.Fl D
+is used, the
+.Ar days
+argument is interpreted differently.
+It must be numeric and represents the number of days after creation
+that the account expires.
A value of 0 suppresses automatic calculation of the expiry date.
.It Fl p Ar days
Set the default password expiration period in days.
+When
+.Fl D
+is used, the
+.Ar days
+argument is interpreted differently.
+It must be numeric and represents the number of days after creation
+that the account expires.
+A value of 0 suppresses automatic calculation of the expiry date.
.It Fl g Ar group
Set the default group for new users.
If a blank group is specified using
@@ -596,8 +629,8 @@
If a group is supplied, either its name or uid may be given as an argument.
.It Fl G Ar grouplist
Set the default groups in which new users are granted membership.
-This is a separate set of groups from the primary group, and you should avoid
-nominating the same group as both primary and extra groups.
+This is a separate set of groups from the primary group.
+Avoid nominating the same group as both primary and extra groups.
In other words, these extra groups determine membership in groups
.Em other than
the primary group.
@@ -611,7 +644,8 @@
.It Fl k Ar dir
Set the default
.Em skeleton
-directory, from which prototype shell and other initialization files are copied when
+directory,
+from which prototype shell and other initialization files are copied when
.Nm
creates a user's home directory.
See description of
@@ -621,22 +655,24 @@
.Fl u Ar min , Ns Ar max ,
.Fl i Ar min , Ns Ar max
.Xc
-These options set the minimum and maximum user and group ids allocated for new accounts
-and groups created by
+Set the minimum and maximum user and group ids allocated for new
+accounts and groups created by
.Nm .
The default values for each is 1000 minimum and 32000 maximum.
.Ar min
and
.Ar max
-are both numbers, where max must be greater than min, and both must be between 0
-and 32767.
-In general, user and group ids less than 100 are reserved for use by the system,
-and numbers greater than 32000 may also be reserved for special purposes (used by
-some system daemons).
+are both numbers, where max must be greater than min,
+and both must be between 0 and 32767.
+In general,
+user and group ids less than 100 are reserved for use by the system,
+and numbers greater than 32000 may also be reserved for special purposes
+.Pq used by some system daemons .
.It Fl w Ar method
The
.Fl w
-option sets the default method used to set passwords for newly created user accounts.
+option selects the default method used to set passwords for newly created user
+accounts.
.Ar method
is one of:
.Pp
@@ -657,9 +693,11 @@
.Ql \&no
methods are the most secure; in the former case,
.Nm
-generates a password and prints it to stdout, which is suitable where you issue
-users with passwords to access their accounts rather than having the user nominate
-their own (possibly poorly chosen) password.
+generates a password and prints it to stdout,
+which is suitable when users are issued passwords rather than being allowed
+to select their own
+.Pq possibly poorly chosen
+password.
The
.Ql \&no
method requires that the superuser use
@@ -680,7 +718,7 @@
.Pp
The
.Ar userdel
-command has only three valid options.
+command has three distinct options.
The
.Fl n Ar name
and
@@ -695,7 +733,8 @@
The
.Nm
utility errs on the side of caution when removing files from the system.
-Firstly, it will not do so if the uid of the account being removed is also used by
+Firstly,
+it will not do so if the uid of the account being removed is also used by
another account on the system, and the 'home' directory in the password file is
a valid path that commences with the character
.Ql \&/ .
@@ -706,20 +745,20 @@
If any additional cleanup work is required, this is left to the administrator.
.El
.Pp
-Mail spool files and crontabs are always removed when an account is deleted as these
-are unconditionally attached to the user name.
+Mail spool files and crontabs are always removed when an account is deleted as
+these are unconditionally attached to the user name.
Jobs queued for processing by
.Ar at
-are also removed if the user's uid is unique and not also used by another account on the
-system.
+are also removed if the user's uid is unique and not also used by another
+account on the system.
.Pp
The
.Ar usermod
command adds one additional option:
.Bl -tag -width "-G grouplist"
-.It Fl l Ar name
+.It Fl l Ar newname
This option allows changing of an existing account name to
-.Ql \&name .
+.Ql \&newname .
The new name must not already exist, and any attempt to duplicate an
existing account name will be rejected.
.El
@@ -763,10 +802,24 @@
with the group manipulation commands.
Other common options to all group-related commands are:
.Bl -tag -width "-m newmembers"
-.It Fl n Ar name
+.It Oo Fl n Oc Ar name
+Required unless
+.Fl g Ar gid
+is given.
Specify the group name.
+In the case of
+.Ar groupmod
+can be a gid.
.It Fl g Ar gid
+Required if
+.Ar name
+is not given.
Specify the group numeric id.
+In the case of
+.Ar groupmod
+if paired with
+.Ar name ,
+changes the numeric id of the named group.
.Pp
As with the account name and id fields, you will usually only need
to supply one of these, as the group name implies the uid and vice
@@ -803,8 +856,8 @@
also has a
.Fl o
option that allows allocation of an existing group id to a new group.
-The default action is to reject an attempt to add a group, and this option overrides
-the check for duplicate group ids.
+The default action is to reject an attempt to add a group,
+and this option overrides the check for duplicate group ids.
There is rarely any need to duplicate a group id.
.Pp
The
@@ -811,10 +864,11 @@
.Ar groupmod
command adds one additional option:
.Bl -tag -width "-m newmembers"
-.It Fl l Ar name
+.It Fl l Ar newname
This option allows changing of an existing group name to
-.Ql \&name .
-The new name must not already exist, and any attempt to duplicate an existing group
+.Ql \&newname .
+The new name must not already exist,
+and any attempt to duplicate an existing group
name will be rejected.
.El
.Pp
@@ -904,17 +958,23 @@
The user capabilities database
.It Pa /etc/group
The group database
-.It Pa /etc/master.passwd.new
-Temporary copy of the master password file
-.It Pa /etc/passwd.new
-Temporary copy of the Version 7 password file
-.It Pa /etc/group.new
-Temporary copy of the group file
.It Pa /etc/pw.conf
Pw default options file
.It Pa /var/log/userlog
User/group modification logfile
.El
+.Sh EXAMPLES
+Add new user Glurmo Smith (gsmith).
+A gsmith login group is created if not already present.
+The login shell is set to
+.Xr csh 1 .
+A new home directory at
+.Pa /home/gsmith
+is created if it does not already exist.
+Finally, a random password is generated and displayed:
+.Bd -literal -offset indent
+pw useradd -n gsmith -c "Glurmo Smith" -s /bin/csh -m -w random
+.Ed
.Sh EXIT STATUS
The
.Nm
Property changes on: trunk/usr.sbin/pw/pw.8
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/usr.sbin/pw/pw.c
===================================================================
--- trunk/usr.sbin/pw/pw.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,19 +27,18 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/pw.c 289436 2015-10-17 02:49:19Z wblock $";
#endif /* not lint */
#include <err.h>
#include <fcntl.h>
#include <locale.h>
-#include <paths.h>
-#include <sys/wait.h>
+#include <string.h>
+#include <sysexits.h>
+#include <unistd.h>
+
#include "pw.h"
-#if !defined(_PATH_YP)
-#define _PATH_YP "/var/yp/"
-#endif
const char *Modes[] = {
"add", "del", "mod", "show", "next",
NULL};
@@ -56,102 +56,112 @@
struct pwf PWF =
{
- 0,
+ PWF_REGULAR,
setpwent,
endpwent,
getpwent,
getpwuid,
getpwnam,
- pwdb,
setgrent,
endgrent,
getgrent,
getgrgid,
getgrnam,
- grdb
};
struct pwf VPWF =
{
- 1,
+ PWF_ALT,
vsetpwent,
vendpwent,
vgetpwent,
vgetpwuid,
vgetpwnam,
- vpwdb,
vsetgrent,
vendgrent,
vgetgrent,
vgetgrgid,
vgetgrnam,
- vgrdb
};
-static struct cargs arglist;
+static int (*cmdfunc[W_NUM][M_NUM])(int argc, char **argv, char *_name) = {
+ { /* user */
+ pw_user_add,
+ pw_user_del,
+ pw_user_mod,
+ pw_user_show,
+ pw_user_next,
+ pw_user_lock,
+ pw_user_unlock,
+ },
+ { /* group */
+ pw_group_add,
+ pw_group_del,
+ pw_group_mod,
+ pw_group_show,
+ pw_group_next,
+ }
+};
-static int getindex(const char *words[], const char *word);
-static void cmdhelp(int mode, int which);
+struct pwconf conf;
+static int getindex(const char *words[], const char *word);
+static void cmdhelp(int mode, int which);
int
main(int argc, char *argv[])
{
- int ch;
- int mode = -1;
- int which = -1;
- char *config = NULL;
- struct userconf *cnf;
+ int mode = -1, which = -1, tmp;
+ struct stat st;
+ char arg, *arg1;
+ bool relocated, nis;
- static const char *opts[W_NUM][M_NUM] =
- {
- { /* user */
- "V:C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y",
- "V:C:qn:u:rY",
- "V:C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:FNPY",
- "V:C:qn:u:FPa7",
- "V:C:q",
- "V:C:q",
- "V:C:q"
- },
- { /* grp */
- "V:C:qn:g:h:H:M:opNPY",
- "V:C:qn:g:Y",
- "V:C:qn:d:g:l:h:H:FM:m:NPY",
- "V:C:qn:g:FPa",
- "V:C:q"
- }
- };
+ arg1 = NULL;
+ relocated = nis = false;
+ memset(&conf, 0, sizeof(conf));
+ strlcpy(conf.rootdir, "/", sizeof(conf.rootdir));
+ strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath));
+ conf.checkduplicate = true;
+ conf.fd = -1;
- static int (*funcs[W_NUM]) (struct userconf * _cnf, int _mode, struct cargs * _args) =
- { /* Request handlers */
- pw_user,
- pw_group
- };
+ setlocale(LC_ALL, "");
- LIST_INIT(&arglist);
-
- (void)setlocale(LC_ALL, "");
-
/*
* Break off the first couple of words to determine what exactly
* we're being asked to do
*/
while (argc > 1) {
- int tmp;
-
if (*argv[1] == '-') {
/*
* Special case, allow pw -V<dir> <operation> [args] for scripts etc.
*/
- if (argv[1][1] == 'V') {
+ arg = argv[1][1];
+ if (arg == 'V' || arg == 'R') {
+ if (relocated)
+ errx(EXIT_FAILURE, "Both '-R' and '-V' "
+ "specified, only one accepted");
+ relocated = true;
optarg = &argv[1][2];
if (*optarg == '\0') {
+ if (stat(argv[2], &st) != 0)
+ errx(EX_OSFILE, \
+ "no such directory `%s'",
+ argv[2]);
+ if (!S_ISDIR(st.st_mode))
+ errx(EX_OSFILE, "`%s' not a "
+ "directory", argv[2]);
optarg = argv[2];
++argv;
--argc;
}
- addarg(&arglist, 'V', optarg);
+ memcpy(&PWF, &VPWF, sizeof PWF);
+ if (arg == 'R') {
+ strlcpy(conf.rootdir, optarg,
+ sizeof(conf.rootdir));
+ PWF._altdir = PWF_ROOTDIR;
+ }
+ snprintf(conf.etcpath, sizeof(conf.etcpath),
+ "%s%s", optarg, arg == 'R' ? "/etc" : "");
} else
break;
}
@@ -167,7 +177,7 @@
} else if (strcmp(argv[1], "help") == 0 && argv[2] == NULL)
cmdhelp(mode, which);
else if (which != -1 && mode != -1)
- addarg(&arglist, 'n', argv[1]);
+ arg1 = argv[1];
else
errx(EX_USAGE, "unknown keyword `%s'", argv[1]);
++argv;
@@ -180,85 +190,11 @@
if (mode == -1 || which == -1)
cmdhelp(mode, which);
- /*
- * We know which mode we're in and what we're about to do, so now
- * let's dispatch the remaining command line args in a genric way.
- */
- optarg = NULL;
+ conf.rootfd = open(conf.rootdir, O_DIRECTORY|O_CLOEXEC);
+ if (conf.rootfd == -1)
+ errx(EXIT_FAILURE, "Unable to open '%s'", conf.rootdir);
- while ((ch = getopt(argc, argv, opts[which][mode])) != -1) {
- if (ch == '?')
- errx(EX_USAGE, "unknown switch");
- else
- addarg(&arglist, ch, optarg);
- optarg = NULL;
- }
-
- /*
- * Must be root to attempt an update
- */
- if (geteuid() != 0 && mode != M_PRINT && mode != M_NEXT && getarg(&arglist, 'N')==NULL)
- errx(EX_NOPERM, "you must be root to run this program");
-
- /*
- * We should immediately look for the -q 'quiet' switch so that we
- * don't bother with extraneous errors
- */
- if (getarg(&arglist, 'q') != NULL)
- freopen(_PATH_DEVNULL, "w", stderr);
-
- /*
- * Set our base working path if not overridden
- */
-
- config = getarg(&arglist, 'C') ? getarg(&arglist, 'C')->val : NULL;
-
- if (getarg(&arglist, 'V') != NULL) {
- char * etcpath = getarg(&arglist, 'V')->val;
- if (*etcpath) {
- if (config == NULL) { /* Only override config location if -C not specified */
- config = malloc(MAXPATHLEN);
- snprintf(config, MAXPATHLEN, "%s/pw.conf", etcpath);
- }
- memcpy(&PWF, &VPWF, sizeof PWF);
- setpwdir(etcpath);
- setgrdir(etcpath);
- }
- }
-
- /*
- * Now, let's do the common initialisation
- */
- cnf = read_userconfig(config);
-
- ch = funcs[which] (cnf, mode, &arglist);
-
- /*
- * If everything went ok, and we've been asked to update
- * the NIS maps, then do it now
- */
- if (ch == EXIT_SUCCESS && getarg(&arglist, 'Y') != NULL) {
- pid_t pid;
-
- fflush(NULL);
- if (chdir(_PATH_YP) == -1)
- warn("chdir(" _PATH_YP ")");
- else if ((pid = fork()) == -1)
- warn("fork()");
- else if (pid == 0) {
- /* Is make anywhere else? */
- execlp("/usr/bin/make", "make", (char *)NULL);
- _exit(1);
- } else {
- int i;
- waitpid(pid, &i, 0);
- if ((i = WEXITSTATUS(i)) != 0)
- errx(ch, "make exited with status %d", i);
- else
- pw_log(cnf, mode, which, "NIS maps updated");
- }
- }
- return ch;
+ return (cmdfunc[which][mode](argc, argv, arg1));
}
@@ -265,14 +201,14 @@
static int
getindex(const char *words[], const char *word)
{
- int i = 0;
+ int i = 0;
while (words[i]) {
if (strcmp(words[i], word) == 0)
- return i;
+ return (i);
i++;
}
- return -1;
+ return (-1);
}
@@ -298,6 +234,7 @@
{
"usage: pw useradd [name] [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-C config configuration file\n"
"\t-q quiet operation\n"
" Adding users:\n"
@@ -320,7 +257,8 @@
"\t-N no update\n"
" Setting defaults:\n"
"\t-V etcdir alternate /etc location\n"
- "\t-D set user defaults\n"
+ "\t-R rootdir alternate root directory\n"
+ "\t-D set user defaults\n"
"\t-b dir default home root dir\n"
"\t-e period default expiry period\n"
"\t-p period default password change period\n"
@@ -336,12 +274,15 @@
"\t-y path set NIS passwd file path\n",
"usage: pw userdel [uid|name] [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-n name login name\n"
"\t-u uid user id\n"
"\t-Y update NIS maps\n"
+ "\t-y path set NIS passwd file path\n"
"\t-r remove home & contents\n",
"usage: pw usermod [uid|name] [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-C config configuration file\n"
"\t-q quiet operation\n"
"\t-F force add if no user\n"
@@ -362,9 +303,11 @@
"\t-h fd read password on fd\n"
"\t-H fd read encrypted password on fd\n"
"\t-Y update NIS maps\n"
+ "\t-y path set NIS passwd file path\n"
"\t-N no update\n",
"usage: pw usershow [uid|name] [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-n name login name\n"
"\t-u uid user id\n"
"\t-F force print\n"
@@ -373,6 +316,7 @@
"\t-7 print in v7 format\n",
"usage: pw usernext [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-C config configuration file\n"
"\t-q quiet operation\n",
"usage pw: lock [switches]\n"
@@ -387,6 +331,7 @@
{
"usage: pw groupadd [group|gid] [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-C config configuration file\n"
"\t-q quiet operation\n"
"\t-n group group name\n"
@@ -397,11 +342,13 @@
"\t-N no update\n",
"usage: pw groupdel [group|gid] [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-n name group name\n"
"\t-g gid group id\n"
"\t-Y update NIS maps\n",
"usage: pw groupmod [group|gid] [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-C config configuration file\n"
"\t-q quiet operation\n"
"\t-F force add if not exists\n"
@@ -415,6 +362,7 @@
"\t-N no update\n",
"usage: pw groupshow [group|gid] [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-n name group name\n"
"\t-g gid group id\n"
"\t-F force print\n"
@@ -422,6 +370,7 @@
"\t-a print all accounting groups\n",
"usage: pw groupnext [switches]\n"
"\t-V etcdir alternate /etc location\n"
+ "\t-R rootdir alternate root directory\n"
"\t-C config configuration file\n"
"\t-q quiet operation\n"
}
@@ -431,26 +380,3 @@
}
exit(EXIT_FAILURE);
}
-
-struct carg *
-getarg(struct cargs * _args, int ch)
-{
- struct carg *c = LIST_FIRST(_args);
-
- while (c != NULL && c->ch != ch)
- c = LIST_NEXT(c, list);
- return c;
-}
-
-struct carg *
-addarg(struct cargs * _args, int ch, char *argstr)
-{
- struct carg *ca = malloc(sizeof(struct carg));
-
- if (ca == NULL)
- errx(EX_OSERR, "out of memory");
- ca->ch = ch;
- ca->val = argstr;
- LIST_INSERT_HEAD(_args, ca, list);
- return ca;
-}
Modified: trunk/usr.sbin/pw/pw.conf.5
===================================================================
--- trunk/usr.sbin/pw/pw.conf.5 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw.conf.5 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+.\" $MidnightBSD$
.\" Copyright (C) 1996
.\" David L. Nugent. All rights reserved.
.\"
@@ -22,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $MidnightBSD$
+.\" $FreeBSD: stable/10/usr.sbin/pw/pw.conf.5 250604 2013-05-13 18:13:50Z joel $
.\"
.Dd March 30, 2007
.Dt PW.CONF 5
@@ -32,7 +33,7 @@
.Nd format of the pw.conf configuration file
.Sh DESCRIPTION
The file
-.In /etc/pw.conf
+.Pa /etc/pw.conf
contains configuration data for the
.Xr pw 8
utility.
Property changes on: trunk/usr.sbin/pw/pw.conf.5
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/usr.sbin/pw/pw.h
===================================================================
--- trunk/usr.sbin/pw/pw.h 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw.h 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -23,24 +24,16 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $MidnightBSD$
+ * $FreeBSD: stable/10/usr.sbin/pw/pw.h 326849 2017-12-14 13:10:22Z eugen $
*/
+#include <sys/stat.h>
+
+#define _WITH_GETLINE
+#include <inttypes.h>
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdarg.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sys/queue.h>
-#include <sysexits.h>
-#include "psdate.h"
#include "pwupd.h"
enum _mode
@@ -55,6 +48,14 @@
M_NUM
};
+enum _passmode
+{
+ P_NO,
+ P_NONE,
+ P_RANDOM,
+ P_YES
+};
+
enum _which
{
W_USER,
@@ -62,67 +63,46 @@
W_NUM
};
-struct carg
-{
- int ch;
- char *val;
- LIST_ENTRY(carg) list;
-};
-
-LIST_HEAD(cargs, carg);
-
-struct userconf
-{
- int default_password; /* Default password for new users? */
- int reuse_uids; /* Reuse uids? */
- int reuse_gids; /* Reuse gids? */
- char *nispasswd; /* Path to NIS version of the passwd file */
- char *dotdir; /* Where to obtain skeleton files */
- char *newmail; /* Mail to send to new accounts */
- char *logfile; /* Where to log changes */
- char *home; /* Where to create home directory */
- mode_t homemode; /* Home directory permissions */
- char *shelldir; /* Where shells are located */
- char **shells; /* List of shells */
- char *shell_default; /* Default shell */
- char *default_group; /* Default group number */
- char **groups; /* Default (additional) groups */
- char *default_class; /* Default user class */
- uid_t min_uid, max_uid; /* Allowed range of uids */
- gid_t min_gid, max_gid; /* Allowed range of gids */
- int expire_days; /* Days to expiry */
- int password_days; /* Days to password expiry */
- int numgroups; /* (internal) size of default_group array */
-};
-
#define _DEF_DIRMODE (S_IRWXU | S_IRWXG | S_IRWXO)
#define _PATH_PW_CONF "/etc/pw.conf"
#define _UC_MAXLINE 1024
#define _UC_MAXSHELLS 32
+struct userconf *get_userconfig(const char *cfg);
struct userconf *read_userconfig(char const * file);
-int write_userconfig(char const * file);
-struct carg *addarg(struct cargs * _args, int ch, char *argstr);
-struct carg *getarg(struct cargs * _args, int ch);
+int write_userconfig(struct userconf *cnf, char const * file);
-int pw_user(struct userconf * cnf, int mode, struct cargs * _args);
-int pw_group(struct userconf * cnf, int mode, struct cargs * _args);
-char *pw_checkname(u_char *name, int gecos);
+int pw_group_add(int argc, char **argv, char *name);
+int pw_group_del(int argc, char **argv, char *name);
+int pw_group_mod(int argc, char **argv, char *name);
+int pw_group_next(int argc, char **argv, char *name);
+int pw_group_show(int argc, char **argv, char *name);
+int pw_user_add(int argc, char **argv, char *name);
+int pw_user_add(int argc, char **argv, char *name);
+int pw_user_add(int argc, char **argv, char *name);
+int pw_user_add(int argc, char **argv, char *name);
+int pw_user_del(int argc, char **argv, char *name);
+int pw_user_lock(int argc, char **argv, char *name);
+int pw_user_mod(int argc, char **argv, char *name);
+int pw_user_next(int argc, char **argv, char *name);
+int pw_user_show(int argc, char **argv, char *name);
+int pw_user_unlock(int argc, char **argv, char *name);
+int pw_groupnext(struct userconf *cnf, bool quiet);
+char *pw_checkname(char *name, int gecos);
+uintmax_t pw_checkid(char *nptr, uintmax_t maxval);
+int pw_checkfd(char *nptr);
-int addpwent(struct passwd * pwd);
-int delpwent(struct passwd * pwd);
-int chgpwent(char const * login, struct passwd * pwd);
-int fmtpwent(char *buf, struct passwd * pwd);
-
int addnispwent(const char *path, struct passwd *pwd);
int delnispwent(const char *path, const char *login);
int chgnispwent(const char *path, const char *login, struct passwd *pwd);
-int addgrent(struct group * grp);
-int delgrent(struct group * grp);
-int chggrent(char const * login, struct group * grp);
+int groupadd(struct userconf *, char *name, gid_t id, char *members, int fd,
+ bool dryrun, bool pretty, bool precrypted);
+int nis_update(void);
+
int boolean_val(char const * str, int dflt);
+int passwd_val(char const * str, int dflt);
char const *boolean_str(int val);
char *newstr(char const * p);
@@ -131,3 +111,6 @@
extern const char *Modes[];
extern const char *Which[];
+
+uintmax_t strtounum(const char * __restrict, uintmax_t, uintmax_t,
+ const char ** __restrict);
Modified: trunk/usr.sbin/pw/pw_conf.c
===================================================================
--- trunk/usr.sbin/pw/pw_conf.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw_conf.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,12 +27,16 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/pw_conf.c 326849 2017-12-14 13:10:22Z eugen $";
#endif /* not lint */
+#include <sys/types.h>
+#include <sys/sbuf.h>
+
+#include <err.h>
+#include <fcntl.h>
#include <string.h>
-#include <ctype.h>
-#include <fcntl.h>
+#include <unistd.h>
#include "pw.h"
@@ -101,8 +106,7 @@
1000, 32000, /* Allowed range of uids */
1000, 32000, /* Allowed range of gids */
0, /* Days until account expires */
- 0, /* Days until password expires */
- 0 /* size of default_group array */
+ 0 /* Days until password expires */
};
static char const *comments[_UC_FIELDS] =
@@ -183,14 +187,32 @@
for (i = 0; boolfalse[i]; i++)
if (strcmp(str, boolfalse[i]) == 0)
return 0;
+ }
+ return dflt;
+}
+int
+passwd_val(char const * str, int dflt)
+{
+ if ((str = unquote(str)) != NULL) {
+ int i;
+
+ for (i = 0; booltrue[i]; i++)
+ if (strcmp(str, booltrue[i]) == 0)
+ return P_YES;
+ for (i = 0; boolfalse[i]; i++)
+ if (strcmp(str, boolfalse[i]) == 0)
+ return P_NO;
+
/*
* Special cases for defaultpassword
*/
if (strcmp(str, "random") == 0)
- return -1;
+ return P_RANDOM;
if (strcmp(str, "none") == 0)
- return -2;
+ return P_NONE;
+
+ errx(1, "Invalid value for default password");
}
return dflt;
}
@@ -209,308 +231,313 @@
char *
newstr(char const * p)
{
- char *q = NULL;
+ char *q;
- if ((p = unquote(p)) != NULL) {
- int l = strlen(p) + 1;
+ if ((p = unquote(p)) == NULL)
+ return (NULL);
- if ((q = malloc(l)) != NULL)
- memcpy(q, p, l);
- }
- return q;
+ if ((q = strdup(p)) == NULL)
+ err(1, "strdup()");
+
+ return (q);
}
-#define LNBUFSZ 1024
-
-
struct userconf *
read_userconfig(char const * file)
{
- FILE *fp;
+ FILE *fp;
+ char *buf, *p;
+ const char *errstr;
+ size_t linecap;
+ ssize_t linelen;
- extendarray(&config.groups, &config.numgroups, 200);
- memset(config.groups, 0, config.numgroups * sizeof(char *));
+ buf = NULL;
+ linecap = 0;
+
if (file == NULL)
file = _PATH_PW_CONF;
- if ((fp = fopen(file, "r")) != NULL) {
- int buflen = LNBUFSZ;
- char *buf = malloc(buflen);
- nextline:
- while (fgets(buf, buflen, fp) != NULL) {
- char *p;
+ if ((fp = fopen(file, "r")) == NULL)
+ return (&config);
- while ((p = strchr(buf, '\n')) == NULL) {
- int l;
- if (extendline(&buf, &buflen, buflen + LNBUFSZ) == -1) {
- int ch;
- while ((ch = fgetc(fp)) != '\n' && ch != EOF);
- goto nextline; /* Ignore it */
- }
- l = strlen(buf);
- if (fgets(buf + l, buflen - l, fp) == NULL)
- break; /* Unterminated last line */
- }
+ while ((linelen = getline(&buf, &linecap, fp)) > 0) {
+ if (*buf && (p = strtok(buf, " \t\r\n=")) != NULL && *p != '#') {
+ static char const toks[] = " \t\r\n,=";
+ char *q = strtok(NULL, toks);
+ int i = 0;
+ mode_t *modeset;
- if (p != NULL)
- *p = '\0';
-
- if (*buf && (p = strtok(buf, " \t\r\n=")) != NULL && *p != '#') {
- static char const toks[] = " \t\r\n,=";
- char *q = strtok(NULL, toks);
- int i = 0;
- mode_t *modeset;
-
- while (i < _UC_FIELDS && strcmp(p, kwds[i]) != 0)
- ++i;
+ while (i < _UC_FIELDS && strcmp(p, kwds[i]) != 0)
+ ++i;
#if debugging
- if (i == _UC_FIELDS)
- printf("Got unknown kwd `%s' val=`%s'\n", p, q ? q : "");
- else
- printf("Got kwd[%s]=%s\n", p, q);
+ if (i == _UC_FIELDS)
+ printf("Got unknown kwd `%s' val=`%s'\n", p, q ? q : "");
+ else
+ printf("Got kwd[%s]=%s\n", p, q);
#endif
- switch (i) {
- case _UC_DEFAULTPWD:
- config.default_password = boolean_val(q, 1);
- break;
- case _UC_REUSEUID:
- config.reuse_uids = boolean_val(q, 0);
- break;
- case _UC_REUSEGID:
- config.reuse_gids = boolean_val(q, 0);
- break;
- case _UC_NISPASSWD:
- config.nispasswd = (q == NULL || !boolean_val(q, 1))
- ? NULL : newstr(q);
- break;
- case _UC_DOTDIR:
- config.dotdir = (q == NULL || !boolean_val(q, 1))
- ? NULL : newstr(q);
- break;
+ switch (i) {
+ case _UC_DEFAULTPWD:
+ config.default_password = passwd_val(q, 1);
+ break;
+ case _UC_REUSEUID:
+ config.reuse_uids = boolean_val(q, 0);
+ break;
+ case _UC_REUSEGID:
+ config.reuse_gids = boolean_val(q, 0);
+ break;
+ case _UC_NISPASSWD:
+ config.nispasswd = (q == NULL || !boolean_val(q, 1))
+ ? NULL : newstr(q);
+ break;
+ case _UC_DOTDIR:
+ config.dotdir = (q == NULL || !boolean_val(q, 1))
+ ? NULL : newstr(q);
+ break;
case _UC_NEWMAIL:
- config.newmail = (q == NULL || !boolean_val(q, 1))
- ? NULL : newstr(q);
- break;
- case _UC_LOGFILE:
- config.logfile = (q == NULL || !boolean_val(q, 1))
- ? NULL : newstr(q);
- break;
- case _UC_HOMEROOT:
- config.home = (q == NULL || !boolean_val(q, 1))
- ? "/home" : newstr(q);
- break;
- case _UC_HOMEMODE:
- modeset = setmode(q);
- config.homemode = (q == NULL || !boolean_val(q, 1))
- ? _DEF_DIRMODE : getmode(modeset, _DEF_DIRMODE);
- free(modeset);
- break;
- case _UC_SHELLPATH:
- config.shelldir = (q == NULL || !boolean_val(q, 1))
- ? "/bin" : newstr(q);
- break;
- case _UC_SHELLS:
- for (i = 0; i < _UC_MAXSHELLS && q != NULL; i++, q = strtok(NULL, toks))
- system_shells[i] = newstr(q);
- if (i > 0)
- while (i < _UC_MAXSHELLS)
- system_shells[i++] = NULL;
- break;
- case _UC_DEFAULTSHELL:
- config.shell_default = (q == NULL || !boolean_val(q, 1))
- ? (char *) bourne_shell : newstr(q);
- break;
- case _UC_DEFAULTGROUP:
- q = unquote(q);
- config.default_group = (q == NULL || !boolean_val(q, 1) || GETGRNAM(q) == NULL)
- ? NULL : newstr(q);
- break;
- case _UC_EXTRAGROUPS:
- for (i = 0; q != NULL; q = strtok(NULL, toks)) {
- if (extendarray(&config.groups, &config.numgroups, i + 2) != -1)
- config.groups[i++] = newstr(q);
- }
- if (i > 0)
- while (i < config.numgroups)
- config.groups[i++] = NULL;
- break;
- case _UC_DEFAULTCLASS:
- config.default_class = (q == NULL || !boolean_val(q, 1))
- ? NULL : newstr(q);
- break;
- case _UC_MINUID:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.min_uid = (uid_t) atol(q);
- break;
- case _UC_MAXUID:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.max_uid = (uid_t) atol(q);
- break;
- case _UC_MINGID:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.min_gid = (gid_t) atol(q);
- break;
- case _UC_MAXGID:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.max_gid = (gid_t) atol(q);
- break;
- case _UC_EXPIRE:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.expire_days = atoi(q);
- break;
- case _UC_PASSWORD:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.password_days = atoi(q);
- break;
- case _UC_FIELDS:
- case _UC_NONE:
- break;
+ config.newmail = (q == NULL || !boolean_val(q, 1))
+ ? NULL : newstr(q);
+ break;
+ case _UC_LOGFILE:
+ config.logfile = (q == NULL || !boolean_val(q, 1))
+ ? NULL : newstr(q);
+ break;
+ case _UC_HOMEROOT:
+ config.home = (q == NULL || !boolean_val(q, 1))
+ ? "/home" : newstr(q);
+ break;
+ case _UC_HOMEMODE:
+ modeset = setmode(q);
+ config.homemode = (q == NULL || !boolean_val(q, 1))
+ ? _DEF_DIRMODE : getmode(modeset, _DEF_DIRMODE);
+ free(modeset);
+ break;
+ case _UC_SHELLPATH:
+ config.shelldir = (q == NULL || !boolean_val(q, 1))
+ ? "/bin" : newstr(q);
+ break;
+ case _UC_SHELLS:
+ for (i = 0; i < _UC_MAXSHELLS && q != NULL; i++, q = strtok(NULL, toks))
+ system_shells[i] = newstr(q);
+ if (i > 0)
+ while (i < _UC_MAXSHELLS)
+ system_shells[i++] = NULL;
+ break;
+ case _UC_DEFAULTSHELL:
+ config.shell_default = (q == NULL || !boolean_val(q, 1))
+ ? (char *) bourne_shell : newstr(q);
+ break;
+ case _UC_DEFAULTGROUP:
+ q = unquote(q);
+ config.default_group = (q == NULL || !boolean_val(q, 1) || GETGRNAM(q) == NULL)
+ ? NULL : newstr(q);
+ break;
+ case _UC_EXTRAGROUPS:
+ while ((q = strtok(NULL, toks)) != NULL) {
+ if (config.groups == NULL)
+ config.groups = sl_init();
+ sl_add(config.groups, newstr(q));
}
+ break;
+ case _UC_DEFAULTCLASS:
+ config.default_class = (q == NULL || !boolean_val(q, 1))
+ ? NULL : newstr(q);
+ break;
+ case _UC_MINUID:
+ if ((q = unquote(q)) != NULL) {
+ config.min_uid = strtounum(q, 0,
+ UID_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid min_uid: '%s';"
+ " ignoring", q);
+ }
+ break;
+ case _UC_MAXUID:
+ if ((q = unquote(q)) != NULL) {
+ config.max_uid = strtounum(q, 0,
+ UID_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid max_uid: '%s';"
+ " ignoring", q);
+ }
+ break;
+ case _UC_MINGID:
+ if ((q = unquote(q)) != NULL) {
+ config.min_gid = strtounum(q, 0,
+ GID_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid min_gid: '%s';"
+ " ignoring", q);
+ }
+ break;
+ case _UC_MAXGID:
+ if ((q = unquote(q)) != NULL) {
+ config.max_gid = strtounum(q, 0,
+ GID_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid max_gid: '%s';"
+ " ignoring", q);
+ }
+ break;
+ case _UC_EXPIRE:
+ if ((q = unquote(q)) != NULL) {
+ config.expire_days = strtonum(q, 0,
+ INT_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid expire days:"
+ " '%s'; ignoring", q);
+ }
+ break;
+ case _UC_PASSWORD:
+ if ((q = unquote(q)) != NULL) {
+ config.password_days = strtonum(q, 0,
+ INT_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid password days:"
+ " '%s'; ignoring", q);
+ }
+ break;
+ case _UC_FIELDS:
+ case _UC_NONE:
+ break;
}
}
- free(buf);
- fclose(fp);
}
- return &config;
+ free(buf);
+ fclose(fp);
+
+ return (&config);
}
int
-write_userconfig(char const * file)
+write_userconfig(struct userconf *cnf, const char *file)
{
int fd;
+ int i, j;
+ struct sbuf *buf;
+ FILE *fp;
if (file == NULL)
file = _PATH_PW_CONF;
- if ((fd = open(file, O_CREAT | O_RDWR | O_TRUNC | O_EXLOCK, 0644)) != -1) {
- FILE *fp;
+ if ((fd = open(file, O_CREAT|O_RDWR|O_TRUNC|O_EXLOCK, 0644)) == -1)
+ return (0);
- if ((fp = fdopen(fd, "w")) == NULL)
- close(fd);
- else {
- int i, j, k;
- int len = LNBUFSZ;
- char *buf = malloc(len);
+ if ((fp = fdopen(fd, "w")) == NULL) {
+ close(fd);
+ return (0);
+ }
+
+ buf = sbuf_new_auto();
+ for (i = _UC_NONE; i < _UC_FIELDS; i++) {
+ int quote = 1;
- for (i = _UC_NONE; i < _UC_FIELDS; i++) {
- int quote = 1;
- char const *val = buf;
+ sbuf_clear(buf);
+ switch (i) {
+ case _UC_DEFAULTPWD:
+ sbuf_cat(buf, boolean_str(cnf->default_password));
+ break;
+ case _UC_REUSEUID:
+ sbuf_cat(buf, boolean_str(cnf->reuse_uids));
+ break;
+ case _UC_REUSEGID:
+ sbuf_cat(buf, boolean_str(cnf->reuse_gids));
+ break;
+ case _UC_NISPASSWD:
+ sbuf_cat(buf, cnf->nispasswd ? cnf->nispasswd : "");
+ quote = 0;
+ break;
+ case _UC_DOTDIR:
+ sbuf_cat(buf, cnf->dotdir ? cnf->dotdir :
+ boolean_str(0));
+ break;
+ case _UC_NEWMAIL:
+ sbuf_cat(buf, cnf->newmail ? cnf->newmail :
+ boolean_str(0));
+ break;
+ case _UC_LOGFILE:
+ sbuf_cat(buf, cnf->logfile ? cnf->logfile :
+ boolean_str(0));
+ break;
+ case _UC_HOMEROOT:
+ sbuf_cat(buf, cnf->home);
+ break;
+ case _UC_HOMEMODE:
+ sbuf_printf(buf, "%04o", cnf->homemode);
+ quote = 0;
+ break;
+ case _UC_SHELLPATH:
+ sbuf_cat(buf, cnf->shelldir);
+ break;
+ case _UC_SHELLS:
+ for (j = 0; j < _UC_MAXSHELLS &&
+ system_shells[j] != NULL; j++)
+ sbuf_printf(buf, "%s\"%s\"", j ?
+ "," : "", system_shells[j]);
+ quote = 0;
+ break;
+ case _UC_DEFAULTSHELL:
+ sbuf_cat(buf, cnf->shell_default ?
+ cnf->shell_default : bourne_shell);
+ break;
+ case _UC_DEFAULTGROUP:
+ sbuf_cat(buf, cnf->default_group ?
+ cnf->default_group : "");
+ break;
+ case _UC_EXTRAGROUPS:
+ for (j = 0; cnf->groups != NULL &&
+ j < (int)cnf->groups->sl_cur; j++)
+ sbuf_printf(buf, "%s\"%s\"", j ?
+ "," : "", cnf->groups->sl_str[j]);
+ quote = 0;
+ break;
+ case _UC_DEFAULTCLASS:
+ sbuf_cat(buf, cnf->default_class ?
+ cnf->default_class : "");
+ break;
+ case _UC_MINUID:
+ sbuf_printf(buf, "%ju", (uintmax_t)cnf->min_uid);
+ quote = 0;
+ break;
+ case _UC_MAXUID:
+ sbuf_printf(buf, "%ju", (uintmax_t)cnf->max_uid);
+ quote = 0;
+ break;
+ case _UC_MINGID:
+ sbuf_printf(buf, "%ju", (uintmax_t)cnf->min_gid);
+ quote = 0;
+ break;
+ case _UC_MAXGID:
+ sbuf_printf(buf, "%ju", (uintmax_t)cnf->max_gid);
+ quote = 0;
+ break;
+ case _UC_EXPIRE:
+ sbuf_printf(buf, "%jd", (intmax_t)cnf->expire_days);
+ quote = 0;
+ break;
+ case _UC_PASSWORD:
+ sbuf_printf(buf, "%jd", (intmax_t)cnf->password_days);
+ quote = 0;
+ break;
+ case _UC_NONE:
+ break;
+ }
+ sbuf_finish(buf);
- *buf = '\0';
- switch (i) {
- case _UC_DEFAULTPWD:
- val = boolean_str(config.default_password);
- break;
- case _UC_REUSEUID:
- val = boolean_str(config.reuse_uids);
- break;
- case _UC_REUSEGID:
- val = boolean_str(config.reuse_gids);
- break;
- case _UC_NISPASSWD:
- val = config.nispasswd ? config.nispasswd : "";
- quote = 0;
- break;
- case _UC_DOTDIR:
- val = config.dotdir ? config.dotdir : boolean_str(0);
- break;
- case _UC_NEWMAIL:
- val = config.newmail ? config.newmail : boolean_str(0);
- break;
- case _UC_LOGFILE:
- val = config.logfile ? config.logfile : boolean_str(0);
- break;
- case _UC_HOMEROOT:
- val = config.home;
- break;
- case _UC_HOMEMODE:
- sprintf(buf, "%04o", config.homemode);
- quote = 0;
- break;
- case _UC_SHELLPATH:
- val = config.shelldir;
- break;
- case _UC_SHELLS:
- for (j = k = 0; j < _UC_MAXSHELLS && system_shells[j] != NULL; j++) {
- char lbuf[64];
- int l = snprintf(lbuf, sizeof lbuf, "%s\"%s\"", k ? "," : "", system_shells[j]);
- if (l < 0)
- l = 0;
- if (l + k + 1 < len || extendline(&buf, &len, len + LNBUFSZ) != -1) {
- strcpy(buf + k, lbuf);
- k += l;
- }
- }
- quote = 0;
- break;
- case _UC_DEFAULTSHELL:
- val = config.shell_default ? config.shell_default : bourne_shell;
- break;
- case _UC_DEFAULTGROUP:
- val = config.default_group ? config.default_group : "";
- break;
- case _UC_EXTRAGROUPS:
- extendarray(&config.groups, &config.numgroups, 200);
- for (j = k = 0; j < config.numgroups && config.groups[j] != NULL; j++) {
- char lbuf[64];
- int l = snprintf(lbuf, sizeof lbuf, "%s\"%s\"", k ? "," : "", config.groups[j]);
- if (l < 0)
- l = 0;
- if (l + k + 1 < len || extendline(&buf, &len, len + 1024) != -1) {
- strcpy(buf + k, lbuf);
- k += l;
- }
- }
- quote = 0;
- break;
- case _UC_DEFAULTCLASS:
- val = config.default_class ? config.default_class : "";
- break;
- case _UC_MINUID:
- sprintf(buf, "%lu", (unsigned long) config.min_uid);
- quote = 0;
- break;
- case _UC_MAXUID:
- sprintf(buf, "%lu", (unsigned long) config.max_uid);
- quote = 0;
- break;
- case _UC_MINGID:
- sprintf(buf, "%lu", (unsigned long) config.min_gid);
- quote = 0;
- break;
- case _UC_MAXGID:
- sprintf(buf, "%lu", (unsigned long) config.max_gid);
- quote = 0;
- break;
- case _UC_EXPIRE:
- sprintf(buf, "%d", config.expire_days);
- quote = 0;
- break;
- case _UC_PASSWORD:
- sprintf(buf, "%d", config.password_days);
- quote = 0;
- break;
- case _UC_NONE:
- break;
- }
+ if (comments[i])
+ fputs(comments[i], fp);
- if (comments[i])
- fputs(comments[i], fp);
-
- if (*kwds[i]) {
- if (quote)
- fprintf(fp, "%s = \"%s\"\n", kwds[i], val);
- else
- fprintf(fp, "%s = %s\n", kwds[i], val);
+ if (*kwds[i]) {
+ if (quote)
+ fprintf(fp, "%s = \"%s\"\n", kwds[i],
+ sbuf_data(buf));
+ else
+ fprintf(fp, "%s = %s\n", kwds[i], sbuf_data(buf));
#if debugging
- printf("WROTE: %s = %s\n", kwds[i], val);
+ printf("WROTE: %s = %s\n", kwds[i], sbuf_data(buf));
#endif
- }
- }
- free(buf);
- return fclose(fp) != EOF;
}
}
- return 0;
+ sbuf_delete(buf);
+ return (fclose(fp) != EOF);
}
Modified: trunk/usr.sbin/pw/pw_group.c
===================================================================
--- trunk/usr.sbin/pw/pw_group.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw_group.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,397 +27,669 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/pw_group.c 309881 2016-12-12 07:03:10Z bapt $";
#endif /* not lint */
#include <ctype.h>
#include <err.h>
+#include <grp.h>
+#include <libutil.h>
+#include <paths.h>
+#include <string.h>
+#include <sysexits.h>
#include <termios.h>
-#include <stdbool.h>
#include <unistd.h>
#include "pw.h"
#include "bitmap.h"
-
static struct passwd *lookup_pwent(const char *user);
-static void delete_members(char ***members, int *grmembers, int *i,
- struct carg *arg, struct group *grp);
-static int print_group(struct group * grp, int pretty);
-static gid_t gr_gidpolicy(struct userconf * cnf, struct cargs * args);
+static void delete_members(struct group *grp, char *list);
+static int print_group(struct group * grp, bool pretty);
+static gid_t gr_gidpolicy(struct userconf * cnf, intmax_t id);
+static void
+grp_set_passwd(struct group *grp, bool update, int fd, bool precrypted)
+{
+ int b;
+ int istty;
+ struct termios t, n;
+ char *p, line[256];
+
+ if (fd == -1)
+ return;
+
+ if (fd == '-') {
+ grp->gr_passwd = "*"; /* No access */
+ return;
+ }
+
+ if ((istty = isatty(fd))) {
+ n = t;
+ /* Disable echo */
+ n.c_lflag &= ~(ECHO);
+ tcsetattr(fd, TCSANOW, &n);
+ printf("%sassword for group %s:", update ? "New p" : "P",
+ grp->gr_name);
+ fflush(stdout);
+ }
+ b = read(fd, line, sizeof(line) - 1);
+ if (istty) { /* Restore state */
+ tcsetattr(fd, TCSANOW, &t);
+ fputc('\n', stdout);
+ fflush(stdout);
+ }
+ if (b < 0)
+ err(EX_OSERR, "-h file descriptor");
+ line[b] = '\0';
+ if ((p = strpbrk(line, " \t\r\n")) != NULL)
+ *p = '\0';
+ if (!*line)
+ errx(EX_DATAERR, "empty password read on file descriptor %d",
+ conf.fd);
+ if (precrypted) {
+ if (strchr(line, ':') != 0)
+ errx(EX_DATAERR, "wrong encrypted passwrd");
+ grp->gr_passwd = line;
+ } else
+ grp->gr_passwd = pw_pwcrypt(line);
+}
+
int
-pw_group(struct userconf * cnf, int mode, struct cargs * args)
+pw_groupnext(struct userconf *cnf, bool quiet)
{
- int rc;
- struct carg *a_name = getarg(args, 'n');
- struct carg *a_gid = getarg(args, 'g');
- struct carg *arg;
- struct group *grp = NULL;
- int grmembers = 0;
- char **members = NULL;
+ gid_t next = gr_gidpolicy(cnf, -1);
- static struct group fakegroup =
- {
- "nogroup",
- "*",
- -1,
- NULL
- };
+ if (quiet)
+ return (next);
+ printf("%ju\n", (uintmax_t)next);
- if (mode == M_LOCK || mode == M_UNLOCK)
- errx(EX_USAGE, "'lock' command is not available for groups");
+ return (EXIT_SUCCESS);
+}
- /*
- * With M_NEXT, we only need to return the
- * next gid to stdout
- */
- if (mode == M_NEXT) {
- gid_t next = gr_gidpolicy(cnf, args);
- if (getarg(args, 'q'))
- return next;
- printf("%ld\n", (long)next);
- return EXIT_SUCCESS;
+static struct group *
+getgroup(char *name, intmax_t id, bool fatal)
+{
+ struct group *grp;
+
+ if (id < 0 && name == NULL)
+ errx(EX_DATAERR, "groupname or id required");
+ grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id);
+ if (grp == NULL) {
+ if (!fatal)
+ return (NULL);
+ if (name == NULL)
+ errx(EX_DATAERR, "unknown gid `%ju'", id);
+ errx(EX_DATAERR, "unknown group `%s'", name);
}
+ return (grp);
+}
- if (mode == M_PRINT && getarg(args, 'a')) {
- int pretty = getarg(args, 'P') != NULL;
+/*
+ * Lookup a passwd entry using a name or UID.
+ */
+static struct passwd *
+lookup_pwent(const char *user)
+{
+ struct passwd *pwd;
- SETGRENT();
- while ((grp = GETGRENT()) != NULL)
- print_group(grp, pretty);
- ENDGRENT();
- return EXIT_SUCCESS;
- }
- if (a_gid == NULL) {
- if (a_name == NULL)
- errx(EX_DATAERR, "group name or id required");
+ if ((pwd = GETPWNAM(user)) == NULL &&
+ (!isdigit((unsigned char)*user) ||
+ (pwd = getpwuid((uid_t) atoi(user))) == NULL))
+ errx(EX_NOUSER, "user `%s' does not exist", user);
- if (mode != M_ADD && grp == NULL && isdigit((unsigned char)*a_name->val)) {
- (a_gid = a_name)->ch = 'g';
- a_name = NULL;
- }
- }
- grp = (a_name != NULL) ? GETGRNAM(a_name->val) : GETGRGID((gid_t) atoi(a_gid->val));
+ return (pwd);
+}
- if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) {
- if (a_name == NULL && grp == NULL) /* Try harder */
- grp = GETGRGID(atoi(a_gid->val));
- if (grp == NULL) {
- if (mode == M_PRINT && getarg(args, 'F')) {
- char *fmems[1];
- fmems[0] = NULL;
- fakegroup.gr_name = a_name ? a_name->val : "nogroup";
- fakegroup.gr_gid = a_gid ? (gid_t) atol(a_gid->val) : -1;
- fakegroup.gr_mem = fmems;
- return print_group(&fakegroup, getarg(args, 'P') != NULL);
- }
- errx(EX_DATAERR, "unknown group `%s'", a_name ? a_name->val : a_gid->val);
+/*
+ * Delete requested members from a group.
+ */
+static void
+delete_members(struct group *grp, char *list)
+{
+ char *p;
+ int k;
+
+ if (grp->gr_mem == NULL)
+ return;
+
+ for (p = strtok(list, ", \t"); p != NULL; p = strtok(NULL, ", \t")) {
+ for (k = 0; grp->gr_mem[k] != NULL; k++) {
+ if (strcmp(grp->gr_mem[k], p) == 0)
+ break;
}
- if (a_name == NULL) /* Needed later */
- a_name = addarg(args, 'n', grp->gr_name);
+ if (grp->gr_mem[k] == NULL) /* No match */
+ continue;
- /*
- * Handle deletions now
- */
- if (mode == M_DELETE) {
- gid_t gid = grp->gr_gid;
+ for (; grp->gr_mem[k] != NULL; k++)
+ grp->gr_mem[k] = grp->gr_mem[k+1];
+ }
+}
- rc = delgrent(grp);
- if (rc == -1)
- err(EX_IOERR, "group '%s' not available (NIS?)", grp->gr_name);
- else if (rc != 0) {
- warn("group update");
- return EX_IOERR;
- }
- pw_log(cnf, mode, W_GROUP, "%s(%ld) removed", a_name->val, (long) gid);
- return EXIT_SUCCESS;
- } else if (mode == M_PRINT)
- return print_group(grp, getarg(args, 'P') != NULL);
+static gid_t
+gr_gidpolicy(struct userconf * cnf, intmax_t id)
+{
+ struct group *grp;
+ struct bitmap bm;
+ gid_t gid = (gid_t) - 1;
- if (a_gid)
- grp->gr_gid = (gid_t) atoi(a_gid->val);
+ /*
+ * Check the given gid, if any
+ */
+ if (id > 0) {
+ gid = (gid_t) id;
- if ((arg = getarg(args, 'l')) != NULL)
- grp->gr_name = pw_checkname((u_char *)arg->val, 0);
- } else {
- if (a_name == NULL) /* Required */
- errx(EX_DATAERR, "group name required");
- else if (grp != NULL) /* Exists */
- errx(EX_DATAERR, "group name `%s' already exists", a_name->val);
+ if ((grp = GETGRGID(gid)) != NULL && conf.checkduplicate)
+ errx(EX_DATAERR, "gid `%ju' has already been allocated",
+ (uintmax_t)grp->gr_gid);
+ return (gid);
+ }
- extendarray(&members, &grmembers, 200);
- members[0] = NULL;
- grp = &fakegroup;
- grp->gr_name = pw_checkname((u_char *)a_name->val, 0);
- grp->gr_passwd = "*";
- grp->gr_gid = gr_gidpolicy(cnf, args);
- grp->gr_mem = members;
+ /*
+ * We need to allocate the next available gid under one of
+ * two policies a) Grab the first unused gid b) Grab the
+ * highest possible unused gid
+ */
+ if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */
+ cnf->min_gid = 1000;
+ cnf->max_gid = 32000;
}
+ bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1);
/*
- * This allows us to set a group password Group passwords is an
- * antique idea, rarely used and insecure (no secure database) Should
- * be discouraged, but it is apparently still supported by some
- * software.
+ * Now, let's fill the bitmap from the password file
*/
+ SETGRENT();
+ while ((grp = GETGRENT()) != NULL)
+ if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid &&
+ (gid_t)grp->gr_gid <= (gid_t)cnf->max_gid)
+ bm_setbit(&bm, grp->gr_gid - cnf->min_gid);
+ ENDGRENT();
- if ((arg = getarg(args, 'h')) != NULL ||
- (arg = getarg(args, 'H')) != NULL) {
- if (strcmp(arg->val, "-") == 0)
- grp->gr_passwd = "*"; /* No access */
- else {
- int fd = atoi(arg->val);
- int precrypt = (arg->ch == 'H');
- int b;
- int istty = isatty(fd);
- struct termios t;
- char *p, line[256];
+ /*
+ * Then apply the policy, with fallback to reuse if necessary
+ */
+ if (cnf->reuse_gids)
+ gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
+ else {
+ gid = (gid_t) (bm_lastset(&bm) + 1);
+ if (!bm_isset(&bm, gid))
+ gid += cnf->min_gid;
+ else
+ gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
+ }
- if (istty) {
- if (tcgetattr(fd, &t) == -1)
- istty = 0;
- else {
- struct termios n = t;
+ /*
+ * Another sanity check
+ */
+ if (gid < cnf->min_gid || gid > cnf->max_gid)
+ errx(EX_SOFTWARE, "unable to allocate a new gid - range fully "
+ "used");
+ bm_dealloc(&bm);
+ return (gid);
+}
- /* Disable echo */
- n.c_lflag &= ~(ECHO);
- tcsetattr(fd, TCSANOW, &n);
- printf("%sassword for group %s:", (mode == M_UPDATE) ? "New p" : "P", grp->gr_name);
- fflush(stdout);
- }
- }
- b = read(fd, line, sizeof(line) - 1);
- if (istty) { /* Restore state */
- tcsetattr(fd, TCSANOW, &t);
- fputc('\n', stdout);
- fflush(stdout);
- }
- if (b < 0) {
- warn("-h file descriptor");
- return EX_OSERR;
- }
- line[b] = '\0';
- if ((p = strpbrk(line, " \t\r\n")) != NULL)
- *p = '\0';
- if (!*line)
- errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
- if (precrypt) {
- if (strchr(line, ':') != NULL)
- return EX_DATAERR;
- grp->gr_passwd = line;
- } else
- grp->gr_passwd = pw_pwcrypt(line);
+static int
+print_group(struct group * grp, bool pretty)
+{
+ char *buf = NULL;
+ int i;
+
+ if (pretty) {
+ printf("Group Name: %-15s #%lu\n"
+ " Members: ",
+ grp->gr_name, (long) grp->gr_gid);
+ if (grp->gr_mem != NULL) {
+ for (i = 0; grp->gr_mem[i]; i++)
+ printf("%s%s", i ? "," : "", grp->gr_mem[i]);
}
+ fputs("\n\n", stdout);
+ return (EXIT_SUCCESS);
}
- if (((arg = getarg(args, 'M')) != NULL ||
- (arg = getarg(args, 'd')) != NULL ||
- (arg = getarg(args, 'm')) != NULL) && arg->val) {
- int i = 0;
- char *p;
- struct passwd *pwd;
+ buf = gr_make(grp);
+ printf("%s\n", buf);
+ free(buf);
+ return (EXIT_SUCCESS);
+}
- /* Make sure this is not stay NULL with -M "" */
- extendarray(&members, &grmembers, 200);
- if (arg->ch == 'd')
- delete_members(&members, &grmembers, &i, arg, grp);
- else if (arg->ch == 'm') {
- int k = 0;
+int
+pw_group_next(int argc, char **argv, char *arg1 __unused)
+{
+ struct userconf *cnf;
+ const char *cfg = NULL;
+ int ch;
+ bool quiet = false;
- while (grp->gr_mem[k] != NULL) {
- if (extendarray(&members, &grmembers, i + 2) != -1)
- members[i++] = grp->gr_mem[k];
- k++;
- }
+ while ((ch = getopt(argc, argv, "Cq")) != -1) {
+ switch (ch) {
+ case 'C':
+ cfg = optarg;
+ break;
+ case 'q':
+ quiet = true;
+ break;
}
+ }
- if (arg->ch != 'd')
- for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) {
- int j;
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+ cnf = get_userconfig(cfg);
+ return (pw_groupnext(cnf, quiet));
+}
- /*
- * Check for duplicates
- */
- pwd = lookup_pwent(p);
- for (j = 0; j < i && strcmp(members[j], pwd->pw_name) != 0; j++)
- ;
- if (j == i && extendarray(&members, &grmembers, i + 2) != -1)
- members[i++] = newstr(pwd->pw_name);
- }
- while (i < grmembers)
- members[i++] = NULL;
- grp->gr_mem = members;
- }
+int
+pw_group_show(int argc, char **argv, char *arg1)
+{
+ struct group *grp = NULL;
+ char *name = NULL;
+ intmax_t id = -1;
+ int ch;
+ bool all, force, quiet, pretty;
- if (getarg(args, 'N') != NULL)
- return print_group(grp, getarg(args, 'P') != NULL);
+ all = force = quiet = pretty = false;
- if (mode == M_ADD && (rc = addgrent(grp)) != 0) {
- if (rc == -1)
- warnx("group '%s' already exists", grp->gr_name);
+ struct group fakegroup = {
+ "nogroup",
+ "*",
+ -1,
+ NULL
+ };
+
+ if (arg1 != NULL) {
+ if (arg1[strspn(arg1, "0123456789")] == '\0')
+ id = pw_checkid(arg1, GID_MAX);
else
- warn("group update");
- return EX_IOERR;
- } else if (mode == M_UPDATE && (rc = chggrent(a_name->val, grp)) != 0) {
- if (rc == -1)
- warnx("group '%s' not available (NIS?)", grp->gr_name);
- else
- warn("group update");
- return EX_IOERR;
+ name = arg1;
}
- /* grp may have been invalidated */
- if ((grp = GETGRNAM(a_name->val)) == NULL)
- errx(EX_SOFTWARE, "group disappeared during update");
- pw_log(cnf, mode, W_GROUP, "%s(%ld)", grp->gr_name, (long) grp->gr_gid);
+ while ((ch = getopt(argc, argv, "C:qn:g:FPa")) != -1) {
+ switch (ch) {
+ case 'C':
+ /* ignore compatibility */
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'n':
+ name = optarg;
+ break;
+ case 'g':
+ id = pw_checkid(optarg, GID_MAX);
+ break;
+ case 'F':
+ force = true;
+ break;
+ case 'P':
+ pretty = true;
+ break;
+ case 'a':
+ all = true;
+ break;
+ }
+ }
- free(members);
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
- return EXIT_SUCCESS;
+ if (all) {
+ SETGRENT();
+ while ((grp = GETGRENT()) != NULL)
+ print_group(grp, pretty);
+ ENDGRENT();
+ return (EXIT_SUCCESS);
+ }
+
+ grp = getgroup(name, id, !force);
+ if (grp == NULL)
+ grp = &fakegroup;
+
+ return (print_group(grp, pretty));
}
-
-/*
- * Lookup a passwd entry using a name or UID.
- */
-static struct passwd *
-lookup_pwent(const char *user)
+int
+pw_group_del(int argc, char **argv, char *arg1)
{
- struct passwd *pwd;
+ struct userconf *cnf = NULL;
+ struct group *grp = NULL;
+ char *name;
+ const char *cfg = NULL;
+ intmax_t id = -1;
+ int ch, rc;
+ bool quiet = false;
+ bool nis = false;
- if ((pwd = GETPWNAM(user)) == NULL &&
- (!isdigit((unsigned char)*user) ||
- (pwd = getpwuid((uid_t) atoi(user))) == NULL))
- errx(EX_NOUSER, "user `%s' does not exist", user);
+ if (arg1 != NULL) {
+ if (arg1[strspn(arg1, "0123456789")] == '\0')
+ id = pw_checkid(arg1, GID_MAX);
+ else
+ name = arg1;
+ }
- return (pwd);
+ while ((ch = getopt(argc, argv, "C:qn:g:Y")) != -1) {
+ switch (ch) {
+ case 'C':
+ cfg = optarg;
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'n':
+ name = optarg;
+ break;
+ case 'g':
+ id = pw_checkid(optarg, GID_MAX);
+ break;
+ case 'Y':
+ nis = true;
+ break;
+ }
+ }
+
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+ grp = getgroup(name, id, true);
+ cnf = get_userconfig(cfg);
+ rc = delgrent(grp);
+ if (rc == -1)
+ err(EX_IOERR, "group '%s' not available (NIS?)", name);
+ else if (rc != 0)
+ err(EX_IOERR, "group update");
+ pw_log(cnf, M_DELETE, W_GROUP, "%s(%ju) removed", name,
+ (uintmax_t)id);
+
+ if (nis && nis_update() == 0)
+ pw_log(cnf, M_DELETE, W_GROUP, "NIS maps updated");
+
+ return (EXIT_SUCCESS);
}
+static bool
+grp_has_member(struct group *grp, const char *name)
+{
+ int j;
-/*
- * Delete requested members from a group.
- */
+ for (j = 0; grp->gr_mem != NULL && grp->gr_mem[j] != NULL; j++)
+ if (strcmp(grp->gr_mem[j], name) == 0)
+ return (true);
+ return (false);
+}
+
static void
-delete_members(char ***members, int *grmembers, int *i, struct carg *arg,
- struct group *grp)
+grp_add_members(struct group **grp, char *members)
{
- bool matchFound;
- char *user;
- char *valueCopy;
- char *valuePtr;
- int k;
struct passwd *pwd;
+ char *p;
+ char tok[] = ", \t";
- k = 0;
- while (grp->gr_mem[k] != NULL) {
- matchFound = false;
- if ((valueCopy = strdup(arg->val)) == NULL)
- errx(EX_UNAVAILABLE, "out of memory");
- valuePtr = valueCopy;
- while ((user = strsep(&valuePtr, ", \t")) != NULL) {
- pwd = lookup_pwent(user);
- if (strcmp(grp->gr_mem[k], pwd->pw_name) == 0) {
- matchFound = true;
- break;
- }
- }
- free(valueCopy);
+ if (members == NULL)
+ return;
+ for (p = strtok(members, tok); p != NULL; p = strtok(NULL, tok)) {
+ pwd = lookup_pwent(p);
+ if (grp_has_member(*grp, pwd->pw_name))
+ continue;
+ *grp = gr_add(*grp, pwd->pw_name);
+ }
+}
- if (!matchFound &&
- extendarray(members, grmembers, *i + 2) != -1)
- (*members)[(*i)++] = grp->gr_mem[k];
+int
+groupadd(struct userconf *cnf, char *name, gid_t id, char *members, int fd,
+ bool dryrun, bool pretty, bool precrypted)
+{
+ struct group *grp;
+ int rc;
- k++;
+ struct group fakegroup = {
+ "nogroup",
+ "*",
+ -1,
+ NULL
+ };
+
+ grp = &fakegroup;
+ grp->gr_name = pw_checkname(name, 0);
+ grp->gr_passwd = "*";
+ grp->gr_gid = gr_gidpolicy(cnf, id);
+ grp->gr_mem = NULL;
+
+ /*
+ * This allows us to set a group password Group passwords is an
+ * antique idea, rarely used and insecure (no secure database) Should
+ * be discouraged, but it is apparently still supported by some
+ * software.
+ */
+ grp_set_passwd(grp, false, fd, precrypted);
+ grp_add_members(&grp, members);
+ if (dryrun)
+ return (print_group(grp, pretty));
+
+ if ((rc = addgrent(grp)) != 0) {
+ if (rc == -1)
+ errx(EX_IOERR, "group '%s' already exists",
+ grp->gr_name);
+ else
+ err(EX_IOERR, "group update");
}
- return;
+ pw_log(cnf, M_ADD, W_GROUP, "%s(%ju)", grp->gr_name,
+ (uintmax_t)grp->gr_gid);
+
+ return (EXIT_SUCCESS);
}
-
-static gid_t
-gr_gidpolicy(struct userconf * cnf, struct cargs * args)
+int
+pw_group_add(int argc, char **argv, char *arg1)
{
- struct group *grp;
- gid_t gid = (gid_t) - 1;
- struct carg *a_gid = getarg(args, 'g');
+ struct userconf *cnf = NULL;
+ char *name = NULL;
+ char *members = NULL;
+ const char *cfg = NULL;
+ intmax_t id = -1;
+ int ch, rc, fd = -1;
+ bool quiet, precrypted, dryrun, pretty, nis;
- /*
- * Check the given gid, if any
- */
- if (a_gid != NULL) {
- gid = (gid_t) atol(a_gid->val);
+ quiet = precrypted = dryrun = pretty = nis = false;
- if ((grp = GETGRGID(gid)) != NULL && getarg(args, 'o') == NULL)
- errx(EX_DATAERR, "gid `%ld' has already been allocated", (long) grp->gr_gid);
- } else {
- struct bitmap bm;
+ if (arg1 != NULL) {
+ if (arg1[strspn(arg1, "0123456789")] == '\0')
+ id = pw_checkid(arg1, GID_MAX);
+ else
+ name = arg1;
+ }
- /*
- * We need to allocate the next available gid under one of
- * two policies a) Grab the first unused gid b) Grab the
- * highest possible unused gid
- */
- if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */
- cnf->min_gid = 1000;
- cnf->max_gid = 32000;
+ while ((ch = getopt(argc, argv, "C:qn:g:h:H:M:oNPY")) != -1) {
+ switch (ch) {
+ case 'C':
+ cfg = optarg;
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'n':
+ name = optarg;
+ break;
+ case 'g':
+ id = pw_checkid(optarg, GID_MAX);
+ break;
+ case 'H':
+ if (fd != -1)
+ errx(EX_USAGE, "'-h' and '-H' are mutually "
+ "exclusive options");
+ fd = pw_checkfd(optarg);
+ precrypted = true;
+ if (fd == '-')
+ errx(EX_USAGE, "-H expects a file descriptor");
+ break;
+ case 'h':
+ if (fd != -1)
+ errx(EX_USAGE, "'-h' and '-H' are mutually "
+ "exclusive options");
+ fd = pw_checkfd(optarg);
+ break;
+ case 'M':
+ members = optarg;
+ break;
+ case 'o':
+ conf.checkduplicate = false;
+ break;
+ case 'N':
+ dryrun = true;
+ break;
+ case 'P':
+ pretty = true;
+ break;
+ case 'Y':
+ nis = true;
+ break;
}
- bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1);
+ }
- /*
- * Now, let's fill the bitmap from the password file
- */
- SETGRENT();
- while ((grp = GETGRENT()) != NULL)
- if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid &&
- (gid_t)grp->gr_gid <= (gid_t)cnf->max_gid)
- bm_setbit(&bm, grp->gr_gid - cnf->min_gid);
- ENDGRENT();
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+ if (name == NULL)
+ errx(EX_DATAERR, "group name required");
+ if (GETGRNAM(name) != NULL)
+ errx(EX_DATAERR, "group name `%s' already exists", name);
+ cnf = get_userconfig(cfg);
+ rc = groupadd(cnf, name, gr_gidpolicy(cnf, id), members, fd, dryrun,
+ pretty, precrypted);
+ if (nis && rc == EXIT_SUCCESS && nis_update() == 0)
+ pw_log(cnf, M_ADD, W_GROUP, "NIS maps updated");
- /*
- * Then apply the policy, with fallback to reuse if necessary
- */
- if (cnf->reuse_gids)
- gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
- else {
- gid = (gid_t) (bm_lastset(&bm) + 1);
- if (!bm_isset(&bm, gid))
- gid += cnf->min_gid;
- else
- gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
+ return (rc);
+}
+
+int
+pw_group_mod(int argc, char **argv, char *arg1)
+{
+ struct userconf *cnf;
+ struct group *grp = NULL;
+ const char *cfg = NULL;
+ char *oldmembers = NULL;
+ char *members = NULL;
+ char *newmembers = NULL;
+ char *newname = NULL;
+ char *name = NULL;
+ intmax_t id = -1;
+ int ch, rc, fd = -1;
+ bool quiet, pretty, dryrun, nis, precrypted;
+
+ quiet = pretty = dryrun = nis = precrypted = false;
+
+ if (arg1 != NULL) {
+ if (arg1[strspn(arg1, "0123456789")] == '\0')
+ id = pw_checkid(arg1, GID_MAX);
+ else
+ name = arg1;
+ }
+
+ while ((ch = getopt(argc, argv, "C:qn:d:g:l:h:H:M:m:NPY")) != -1) {
+ switch (ch) {
+ case 'C':
+ cfg = optarg;
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'n':
+ name = optarg;
+ break;
+ case 'g':
+ id = pw_checkid(optarg, GID_MAX);
+ break;
+ case 'd':
+ oldmembers = optarg;
+ break;
+ case 'l':
+ newname = optarg;
+ break;
+ case 'H':
+ if (fd != -1)
+ errx(EX_USAGE, "'-h' and '-H' are mutually "
+ "exclusive options");
+ fd = pw_checkfd(optarg);
+ precrypted = true;
+ if (fd == '-')
+ errx(EX_USAGE, "-H expects a file descriptor");
+ break;
+ case 'h':
+ if (fd != -1)
+ errx(EX_USAGE, "'-h' and '-H' are mutually "
+ "exclusive options");
+ fd = pw_checkfd(optarg);
+ break;
+ case 'M':
+ members = optarg;
+ break;
+ case 'm':
+ newmembers = optarg;
+ break;
+ case 'N':
+ dryrun = true;
+ break;
+ case 'P':
+ pretty = true;
+ break;
+ case 'Y':
+ nis = true;
+ break;
}
+ }
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+ cnf = get_userconfig(cfg);
+ grp = getgroup(name, id, true);
+ if (name == NULL)
+ name = grp->gr_name;
+ if (id > 0)
+ grp->gr_gid = id;
- /*
- * Another sanity check
- */
- if (gid < cnf->min_gid || gid > cnf->max_gid)
- errx(EX_SOFTWARE, "unable to allocate a new gid - range fully used");
- bm_dealloc(&bm);
+ if (newname != NULL)
+ grp->gr_name = pw_checkname(newname, 0);
+
+ grp_set_passwd(grp, true, fd, precrypted);
+ /*
+ * Keep the same logic as old code for now:
+ * if -M is passed, -d and -m are ignored
+ * then id -d, -m is ignored
+ * last is -m
+ */
+
+ if (members) {
+ grp->gr_mem = NULL;
+ grp_add_members(&grp, members);
+ } else if (oldmembers) {
+ delete_members(grp, oldmembers);
+ } else if (newmembers) {
+ grp_add_members(&grp, newmembers);
}
- return gid;
-}
+ if (dryrun) {
+ print_group(grp, pretty);
+ return (EXIT_SUCCESS);
+ }
-static int
-print_group(struct group * grp, int pretty)
-{
- if (!pretty) {
- int buflen = 0;
- char *buf = NULL;
+ if ((rc = chggrent(name, grp)) != 0) {
+ if (rc == -1)
+ errx(EX_IOERR, "group '%s' not available (NIS?)",
+ grp->gr_name);
+ else
+ err(EX_IOERR, "group update");
+ }
- fmtgrent(&buf, &buflen, grp);
- fputs(buf, stdout);
- free(buf);
- } else {
- int i;
+ if (newname)
+ name = newname;
- printf("Group Name: %-15s #%lu\n"
- " Members: ",
- grp->gr_name, (long) grp->gr_gid);
- for (i = 0; grp->gr_mem[i]; i++)
- printf("%s%s", i ? "," : "", grp->gr_mem[i]);
- fputs("\n\n", stdout);
- }
- return EXIT_SUCCESS;
+ /* grp may have been invalidated */
+ if ((grp = GETGRNAM(name)) == NULL)
+ errx(EX_SOFTWARE, "group disappeared during update");
+
+ pw_log(cnf, M_UPDATE, W_GROUP, "%s(%ju)", grp->gr_name,
+ (uintmax_t)grp->gr_gid);
+
+ if (nis && nis_update() == 0)
+ pw_log(cnf, M_UPDATE, W_GROUP, "NIS maps updated");
+
+ return (EXIT_SUCCESS);
}
Modified: trunk/usr.sbin/pw/pw_log.c
===================================================================
--- trunk/usr.sbin/pw/pw_log.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw_log.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,43 +27,93 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/pw_log.c 301557 2016-06-07 16:56:15Z truckman $";
#endif /* not lint */
+#include <ctype.h>
+#include <err.h>
#include <fcntl.h>
+#include <string.h>
+#include <stdarg.h>
#include "pw.h"
-static FILE *logfile = NULL;
+static FILE *logfile = NULL;
void
pw_log(struct userconf * cnf, int mode, int which, char const * fmt,...)
{
- if (cnf->logfile && *cnf->logfile) {
- if (logfile == NULL) { /* With umask==0 we need to control file access modes on create */
- int fd = open(cnf->logfile, O_WRONLY | O_CREAT | O_APPEND, 0600);
+ va_list argp;
+ time_t now;
+ const char *cp, *name;
+ struct tm *t;
+ int fd, i, rlen;
+ char nfmt[256], sname[32];
- if (fd != -1)
- logfile = fdopen(fd, "a");
+ if (cnf->logfile == NULL || cnf->logfile[0] == '\0') {
+ return;
+ }
+
+ if (logfile == NULL) {
+ /* With umask==0 we need to control file access modes on create */
+ fd = open(cnf->logfile, O_WRONLY | O_CREAT | O_APPEND, 0600);
+ if (fd == -1) {
+ return;
}
- if (logfile != NULL) {
- va_list argp;
- int l;
- time_t now = time(NULL);
- struct tm *t = localtime(&now);
- char nfmt[256];
- char *name;
+ logfile = fdopen(fd, "a");
+ if (logfile == NULL) {
+ return;
+ }
+ }
- if ((name = getenv("LOGNAME")) == NULL && (name = getenv("USER")) == NULL)
- name = "unknown";
- /* ISO 8601 International Standard Date format */
- strftime(nfmt, sizeof nfmt, "%Y-%m-%d %T ", t);
- l = strlen(nfmt);
- sprintf(nfmt + strlen(nfmt), "[%s:%s%s] %s\n", name, Which[which], Modes[mode], fmt);
- va_start(argp, fmt);
- vfprintf(logfile, nfmt, argp);
- va_end(argp);
- fflush(logfile);
+ if ((name = getenv("LOGNAME")) == NULL &&
+ (name = getenv("USER")) == NULL) {
+ strcpy(sname, "unknown");
+ } else {
+ /*
+ * Since "name" will be embedded in a printf-like format,
+ * we must sanitize it:
+ *
+ * Limit its length so other information in the message
+ * is not truncated
+ *
+ * Squeeze out embedded whitespace for the benefit of
+ * log file parsers
+ *
+ * Escape embedded % characters with another %
+ */
+ for (i = 0, cp = name;
+ *cp != '\0' && i < (int)sizeof(sname) - 1; cp++) {
+ if (*cp == '%') {
+ if (i < (int)sizeof(sname) - 2) {
+ sname[i++] = '%';
+ sname[i++] = '%';
+ } else {
+ break;
+ }
+ } else if (!isspace(*cp)) {
+ sname[i++] = *cp;
+ } /* else do nothing */
}
+ if (i == 0) {
+ strcpy(sname, "unknown");
+ } else {
+ sname[i] = '\0';
+ }
}
+ now = time(NULL);
+ t = localtime(&now);
+ /* ISO 8601 International Standard Date format */
+ strftime(nfmt, sizeof nfmt, "%Y-%m-%d %T ", t);
+ rlen = sizeof(nfmt) - strlen(nfmt);
+ if (rlen <= 0 || snprintf(nfmt + strlen(nfmt), rlen,
+ "[%s:%s%s] %s\n", sname, Which[which], Modes[mode],
+ fmt) >= rlen) {
+ warnx("log format overflow, user name=%s", sname);
+ } else {
+ va_start(argp, fmt);
+ vfprintf(logfile, nfmt, argp);
+ va_end(argp);
+ fflush(logfile);
+ }
}
Modified: trunk/usr.sbin/pw/pw_nis.c
===================================================================
--- trunk/usr.sbin/pw/pw_nis.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw_nis.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,47 +27,74 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/pw_nis.c 310173 2016-12-16 20:10:55Z asomers $";
#endif /* not lint */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
#include <sys/types.h>
+#include <err.h>
+#include <pwd.h>
+#include <libutil.h>
+#include <unistd.h>
+
#include "pw.h"
static int
-pw_nisupdate(const char * path, struct passwd * pwd, char const * user, int mode)
+pw_nisupdate(const char * path, struct passwd * pwd, char const * user)
{
- char pfx[32];
- char pwbuf[PWBUFSZ];
- int l = sprintf(pfx, "%s:", user);
+ int pfd, tfd;
+ struct passwd *pw = NULL;
+ struct passwd *old_pw = NULL;
- /*
- * Update the passwd file first
- */
- if (pwd == NULL)
- *pwbuf = '\0';
- else
- fmtpwentry(pwbuf, pwd, PWF_MASTER);
- return fileupdate(path, 0600, pwbuf, pfx, l, mode) != 0;
+ printf("===> %s\n", path);
+ if (pwd != NULL)
+ pw = pw_dup(pwd);
+
+ if (user != NULL)
+ old_pw = GETPWNAM(user);
+
+ if (pw_init(NULL, path))
+ err(1,"pw_init()");
+ if ((pfd = pw_lock()) == -1) {
+ pw_fini();
+ err(1, "pw_lock()");
+ }
+ if ((tfd = pw_tmp(-1)) == -1) {
+ pw_fini();
+ err(1, "pw_tmp()");
+ }
+ if (pw_copy(pfd, tfd, pw, old_pw) == -1) {
+ pw_fini();
+ close(tfd);
+ err(1, "pw_copy()");
+ }
+ fsync(tfd);
+ close(tfd);
+ if (chmod(pw_tempname(), 0644) == -1)
+ err(1, "chmod()");
+ if (rename(pw_tempname(), path) == -1)
+ err(1, "rename()");
+
+ free(pw);
+ pw_fini();
+
+ return (0);
}
int
addnispwent(const char *path, struct passwd * pwd)
{
- return pw_nisupdate(path, pwd, pwd->pw_name, UPD_CREATE);
+ return pw_nisupdate(path, pwd, NULL);
}
int
chgnispwent(const char *path, char const * login, struct passwd * pwd)
{
- return pw_nisupdate(path, pwd, login, UPD_REPLACE);
+ return pw_nisupdate(path, pwd, login);
}
int
delnispwent(const char *path, const char *login)
{
- return pw_nisupdate(path, NULL, login, UPD_DELETE);
+ return pw_nisupdate(path, NULL, login);
}
Modified: trunk/usr.sbin/pw/pw_user.c
===================================================================
--- trunk/usr.sbin/pw/pw_user.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw_user.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -27,865 +28,379 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/pw_user.c 330695 2018-03-09 14:45:47Z dab $";
#endif /* not lint */
+#include <sys/param.h>
+#include <sys/resource.h>
+#include <sys/time.h>
+#include <sys/types.h>
+
+#include <assert.h>
#include <ctype.h>
+#include <dirent.h>
#include <err.h>
+#include <errno.h>
#include <fcntl.h>
-#include <sys/param.h>
-#include <dirent.h>
+#include <grp.h>
+#include <pwd.h>
+#include <libutil.h>
+#include <login_cap.h>
#include <paths.h>
+#include <string.h>
+#include <sysexits.h>
#include <termios.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
#include <unistd.h>
-#include <login_cap.h>
+
#include "pw.h"
#include "bitmap.h"
+#include "psdate.h"
#define LOGNAMESIZE (MAXLOGNAME-1)
static char locked_str[] = "*LOCKED*";
-static int print_user(struct passwd * pwd, int pretty, int v7);
-static uid_t pw_uidpolicy(struct userconf * cnf, struct cargs * args);
-static uid_t pw_gidpolicy(struct userconf * cnf, struct cargs * args, char *nam, gid_t prefer);
-static time_t pw_pwdpolicy(struct userconf * cnf, struct cargs * args);
-static time_t pw_exppolicy(struct userconf * cnf, struct cargs * args);
-static char *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user);
-static char *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell);
-static char *pw_password(struct userconf * cnf, struct cargs * args, char const * user);
-static char *shell_path(char const * path, char *shells[], char *sh);
-static void rmat(uid_t uid);
-static void rmopie(char const * name);
+static struct passwd fakeuser = {
+ "nouser",
+ "*",
+ -1,
+ -1,
+ 0,
+ "",
+ "User &",
+ "/nonexistent",
+ "/bin/sh",
+ 0,
+ 0
+};
-/*-
- * -C config configuration file
- * -q quiet operation
- * -n name login name
- * -u uid user id
- * -c comment user name/comment
- * -d directory home directory
- * -e date account expiry date
- * -p date password expiry date
- * -g grp primary group
- * -G grp1,grp2 additional groups
- * -m [ -k dir ] create and set up home
- * -s shell name of login shell
- * -o duplicate uid ok
- * -L class user class
- * -l name new login name
- * -h fd password filehandle
- * -H fd encrypted password filehandle
- * -F force print or add
- * Setting defaults:
- * -D set user defaults
- * -b dir default home root dir
- * -e period default expiry period
- * -p period default password change period
- * -g group default group
- * -G grp1,grp2.. default additional groups
- * -L class default login class
- * -k dir default home skeleton
- * -s shell default shell
- * -w method default password method
- */
+static int print_user(struct passwd *pwd, bool pretty, bool v7);
+static uid_t pw_uidpolicy(struct userconf *cnf, intmax_t id);
+static uid_t pw_gidpolicy(struct userconf *cnf, char *grname, char *nam,
+ gid_t prefer, bool dryrun);
+static char *pw_homepolicy(struct userconf * cnf, char *homedir,
+ const char *user);
+static char *pw_shellpolicy(struct userconf * cnf);
+static char *pw_password(struct userconf * cnf, char const * user,
+ bool dryrun);
+static char *shell_path(char const * path, char *shells[], char *sh);
+static void rmat(uid_t uid);
+static void rmopie(char const * name);
-int
-pw_user(struct userconf * cnf, int mode, struct cargs * args)
+static void
+mkdir_home_parents(int dfd, const char *dir)
{
- int rc, edited = 0;
- char *p = NULL;
- char *passtmp;
- struct carg *a_name;
- struct carg *a_uid;
- struct carg *arg;
- struct passwd *pwd = NULL;
- struct group *grp;
- struct stat st;
- char line[_PASSWORD_LEN+1];
- FILE *fp;
- char *dmode_c;
- void *set = NULL;
+ struct stat st;
+ char *dirs, *tmp;
- static struct passwd fakeuser =
- {
- NULL,
- "*",
- -1,
- -1,
- 0,
- "",
- "User &",
- "/nonexistent",
- "/bin/sh",
- 0
-#if defined(__FreeBSD__)
- ,0
-#endif
- };
+ if (*dir != '/')
+ errx(EX_DATAERR, "invalid base directory for home '%s'", dir);
+ dir++;
- /*
- * With M_NEXT, we only need to return the
- * next uid to stdout
- */
- if (mode == M_NEXT)
- {
- uid_t next = pw_uidpolicy(cnf, args);
- if (getarg(args, 'q'))
- return next;
- printf("%ld:", (long)next);
- pw_group(cnf, mode, args);
- return EXIT_SUCCESS;
+ if (fstatat(dfd, dir, &st, 0) != -1) {
+ if (S_ISDIR(st.st_mode))
+ return;
+ errx(EX_OSFILE, "root home `/%s' is not a directory", dir);
}
- /*
- * We can do all of the common legwork here
- */
+ dirs = strdup(dir);
+ if (dirs == NULL)
+ errx(EX_UNAVAILABLE, "out of memory");
- if ((arg = getarg(args, 'b')) != NULL) {
- cnf->home = arg->val;
+ tmp = strrchr(dirs, '/');
+ if (tmp == NULL) {
+ free(dirs);
+ return;
}
+ tmp[0] = '\0';
- if ((arg = getarg(args, 'M')) != NULL) {
- dmode_c = arg->val;
- if ((set = setmode(dmode_c)) == NULL)
- errx(EX_DATAERR, "invalid directory creation mode '%s'",
- dmode_c);
- cnf->homemode = getmode(set, _DEF_DIRMODE);
- free(set);
- }
-
/*
- * If we'll need to use it or we're updating it,
- * then create the base home directory if necessary
+ * This is a kludge especially for Joerg :)
+ * If the home directory would be created in the root partition, then
+ * we really create it under /usr which is likely to have more space.
+ * But we create a symlink from cnf->home -> "/usr" -> cnf->home
*/
- if (arg != NULL || getarg(args, 'm') != NULL) {
- int l = strlen(cnf->home);
-
- if (l > 1 && cnf->home[l-1] == '/') /* Shave off any trailing path delimiter */
- cnf->home[--l] = '\0';
-
- if (l < 2 || *cnf->home != '/') /* Check for absolute path name */
- errx(EX_DATAERR, "invalid base directory for home '%s'", cnf->home);
-
- if (stat(cnf->home, &st) == -1) {
- char dbuf[MAXPATHLEN];
-
- /*
- * This is a kludge especially for Joerg :)
- * If the home directory would be created in the root partition, then
- * we really create it under /usr which is likely to have more space.
- * But we create a symlink from cnf->home -> "/usr" -> cnf->home
- */
- if (strchr(cnf->home+1, '/') == NULL) {
- strcpy(dbuf, "/usr");
- strncat(dbuf, cnf->home, MAXPATHLEN-5);
- if (mkdir(dbuf, _DEF_DIRMODE) != -1 || errno == EEXIST) {
- chown(dbuf, 0, 0);
- /*
- * Skip first "/" and create symlink:
- * /home -> usr/home
- */
- symlink(dbuf+1, cnf->home);
- }
- /* If this falls, fall back to old method */
- }
- strlcpy(dbuf, cnf->home, sizeof(dbuf));
- p = dbuf;
- if (stat(dbuf, &st) == -1) {
- while ((p = strchr(++p, '/')) != NULL) {
- *p = '\0';
- if (stat(dbuf, &st) == -1) {
- if (mkdir(dbuf, _DEF_DIRMODE) == -1)
- goto direrr;
- chown(dbuf, 0, 0);
- } else if (!S_ISDIR(st.st_mode))
- errx(EX_OSFILE, "'%s' (root home parent) is not a directory", dbuf);
- *p = '/';
- }
- }
- if (stat(dbuf, &st) == -1) {
- if (mkdir(dbuf, _DEF_DIRMODE) == -1) {
- direrr: err(EX_OSFILE, "mkdir '%s'", dbuf);
- }
- chown(dbuf, 0, 0);
- }
- } else if (!S_ISDIR(st.st_mode))
- errx(EX_OSFILE, "root home `%s' is not a directory", cnf->home);
- }
-
- if ((arg = getarg(args, 'e')) != NULL)
- cnf->expire_days = atoi(arg->val);
-
- if ((arg = getarg(args, 'y')) != NULL)
- cnf->nispasswd = arg->val;
-
- if ((arg = getarg(args, 'p')) != NULL && arg->val)
- cnf->password_days = atoi(arg->val);
-
- if ((arg = getarg(args, 'g')) != NULL) {
- if (!*(p = arg->val)) /* Handle empty group list specially */
- cnf->default_group = "";
- else {
- if ((grp = GETGRNAM(p)) == NULL) {
- if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL)
- errx(EX_NOUSER, "group `%s' does not exist", p);
- }
- cnf->default_group = newstr(grp->gr_name);
+ if (strchr(dirs, '/') == NULL) {
+ asprintf(&tmp, "usr/%s", dirs);
+ if (tmp == NULL)
+ errx(EX_UNAVAILABLE, "out of memory");
+ if (mkdirat(dfd, tmp, _DEF_DIRMODE) != -1 || errno == EEXIST) {
+ fchownat(dfd, tmp, 0, 0, 0);
+ symlinkat(tmp, dfd, dirs);
}
+ free(tmp);
}
- if ((arg = getarg(args, 'L')) != NULL)
- cnf->default_class = pw_checkname((u_char *)arg->val, 0);
-
- if ((arg = getarg(args, 'G')) != NULL && arg->val) {
- int i = 0;
-
- for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) {
- if ((grp = GETGRNAM(p)) == NULL) {
- if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL)
- errx(EX_NOUSER, "group `%s' does not exist", p);
+ tmp = dirs;
+ if (fstatat(dfd, dirs, &st, 0) == -1) {
+ while ((tmp = strchr(tmp + 1, '/')) != NULL) {
+ *tmp = '\0';
+ if (fstatat(dfd, dirs, &st, 0) == -1) {
+ if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1)
+ err(EX_OSFILE, "'%s' (root home parent) is not a directory", dirs);
}
- if (extendarray(&cnf->groups, &cnf->numgroups, i + 2) != -1)
- cnf->groups[i++] = newstr(grp->gr_name);
+ *tmp = '/';
}
- while (i < cnf->numgroups)
- cnf->groups[i++] = NULL;
}
-
- if ((arg = getarg(args, 'k')) != NULL) {
- if (stat(cnf->dotdir = arg->val, &st) == -1 || !S_ISDIR(st.st_mode))
- errx(EX_OSFILE, "skeleton `%s' is not a directory or does not exist", cnf->dotdir);
+ if (fstatat(dfd, dirs, &st, 0) == -1) {
+ if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1)
+ err(EX_OSFILE, "'%s' (root home parent) is not a directory", dirs);
+ fchownat(dfd, dirs, 0, 0, 0);
}
- if ((arg = getarg(args, 's')) != NULL)
- cnf->shell_default = arg->val;
+ free(dirs);
+}
- if ((arg = getarg(args, 'w')) != NULL)
- cnf->default_password = boolean_val(arg->val, cnf->default_password);
- if (mode == M_ADD && getarg(args, 'D')) {
- if (getarg(args, 'n') != NULL)
- errx(EX_DATAERR, "can't combine `-D' with `-n name'");
- if ((arg = getarg(args, 'u')) != NULL && (p = strtok(arg->val, ", \t")) != NULL) {
- if ((cnf->min_uid = (uid_t) atoi(p)) == 0)
- cnf->min_uid = 1000;
- if ((p = strtok(NULL, " ,\t")) == NULL || (cnf->max_uid = (uid_t) atoi(p)) < cnf->min_uid)
- cnf->max_uid = 32000;
- }
- if ((arg = getarg(args, 'i')) != NULL && (p = strtok(arg->val, ", \t")) != NULL) {
- if ((cnf->min_gid = (gid_t) atoi(p)) == 0)
- cnf->min_gid = 1000;
- if ((p = strtok(NULL, " ,\t")) == NULL || (cnf->max_gid = (gid_t) atoi(p)) < cnf->min_gid)
- cnf->max_gid = 32000;
- }
+static void
+create_and_populate_homedir(struct userconf *cnf, struct passwd *pwd,
+ const char *skeldir, mode_t homemode, bool update)
+{
+ int skelfd = -1;
- arg = getarg(args, 'C');
- if (write_userconfig(arg ? arg->val : NULL))
- return EXIT_SUCCESS;
- warn("config update");
- return EX_IOERR;
- }
+ /* Create home parents directories */
+ mkdir_home_parents(conf.rootfd, pwd->pw_dir);
- if (mode == M_PRINT && getarg(args, 'a')) {
- int pretty = getarg(args, 'P') != NULL;
- int v7 = getarg(args, '7') != NULL;
-
- SETPWENT();
- while ((pwd = GETPWENT()) != NULL)
- print_user(pwd, pretty, v7);
- ENDPWENT();
- return EXIT_SUCCESS;
+ if (skeldir != NULL && *skeldir != '\0') {
+ if (*skeldir == '/')
+ skeldir++;
+ skelfd = openat(conf.rootfd, skeldir, O_DIRECTORY|O_CLOEXEC);
}
- if ((a_name = getarg(args, 'n')) != NULL)
- pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, 0));
- a_uid = getarg(args, 'u');
+ copymkdir(conf.rootfd, pwd->pw_dir, skelfd, homemode, pwd->pw_uid,
+ pwd->pw_gid, 0);
+ pw_log(cnf, update ? M_UPDATE : M_ADD, W_USER, "%s(%ju) home %s made",
+ pwd->pw_name, (uintmax_t)pwd->pw_uid, pwd->pw_dir);
+}
- if (a_uid == NULL) {
- if (a_name == NULL)
- errx(EX_DATAERR, "user name or id required");
+static int
+pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update)
+{
+ int b, istty;
+ struct termios t, n;
+ login_cap_t *lc;
+ char line[_PASSWORD_LEN+1];
+ char *p;
- /*
- * Determine whether 'n' switch is name or uid - we don't
- * really don't really care which we have, but we need to
- * know.
- */
- if (mode != M_ADD && pwd == NULL
- && strspn(a_name->val, "0123456789") == strlen(a_name->val)
- && *a_name->val) {
- (a_uid = a_name)->ch = 'u';
- a_name = NULL;
+ if (fd == '-') {
+ if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
+ pwd->pw_passwd = "*"; /* No access */
+ return (1);
}
+ return (0);
}
- /*
- * Update, delete & print require that the user exists
- */
- if (mode == M_UPDATE || mode == M_DELETE ||
- mode == M_PRINT || mode == M_LOCK || mode == M_UNLOCK) {
-
- if (a_name == NULL && pwd == NULL) /* Try harder */
- pwd = GETPWUID(atoi(a_uid->val));
-
- if (pwd == NULL) {
- if (mode == M_PRINT && getarg(args, 'F')) {
- fakeuser.pw_name = a_name ? a_name->val : "nouser";
- fakeuser.pw_uid = a_uid ? (uid_t) atol(a_uid->val) : -1;
- return print_user(&fakeuser,
- getarg(args, 'P') != NULL,
- getarg(args, '7') != NULL);
- }
- if (a_name == NULL)
- errx(EX_NOUSER, "no such uid `%s'", a_uid->val);
- errx(EX_NOUSER, "no such user `%s'", a_name->val);
+ if ((istty = isatty(fd))) {
+ if (tcgetattr(fd, &t) == -1)
+ istty = 0;
+ else {
+ n = t;
+ n.c_lflag &= ~(ECHO);
+ tcsetattr(fd, TCSANOW, &n);
+ printf("%s%spassword for user %s:",
+ update ? "new " : "",
+ precrypted ? "encrypted " : "",
+ pwd->pw_name);
+ fflush(stdout);
}
+ }
+ b = read(fd, line, sizeof(line) - 1);
+ if (istty) { /* Restore state */
+ tcsetattr(fd, TCSANOW, &t);
+ fputc('\n', stdout);
+ fflush(stdout);
+ }
- if (a_name == NULL) /* May be needed later */
- a_name = addarg(args, 'n', newstr(pwd->pw_name));
-
- /*
- * The M_LOCK and M_UNLOCK functions simply add or remove
- * a "*LOCKED*" prefix from in front of the password to
- * prevent it decoding correctly, and therefore prevents
- * access. Of course, this only prevents access via
- * password authentication (not ssh, kerberos or any
- * other method that does not use the UNIX password) but
- * that is a known limitation.
- */
-
- if (mode == M_LOCK) {
- if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) == 0)
- errx(EX_DATAERR, "user '%s' is already locked", pwd->pw_name);
- passtmp = malloc(strlen(pwd->pw_passwd) + sizeof(locked_str));
- if (passtmp == NULL) /* disaster */
- errx(EX_UNAVAILABLE, "out of memory");
- strcpy(passtmp, locked_str);
- strcat(passtmp, pwd->pw_passwd);
- pwd->pw_passwd = passtmp;
- edited = 1;
- } else if (mode == M_UNLOCK) {
- if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) != 0)
- errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name);
- pwd->pw_passwd += sizeof(locked_str)-1;
- edited = 1;
- } else if (mode == M_DELETE) {
- /*
- * Handle deletions now
- */
- char file[MAXPATHLEN];
- char home[MAXPATHLEN];
- uid_t uid = pwd->pw_uid;
-
- if (strcmp(pwd->pw_name, "root") == 0)
- errx(EX_DATAERR, "cannot remove user 'root'");
-
- if (!PWALTDIR()) {
- /*
- * Remove opie record from /etc/opiekeys
- */
-
- rmopie(pwd->pw_name);
-
- /*
- * Remove crontabs
- */
- sprintf(file, "/var/cron/tabs/%s", pwd->pw_name);
- if (access(file, F_OK) == 0) {
- sprintf(file, "crontab -u %s -r", pwd->pw_name);
- system(file);
- }
- }
- /*
- * Save these for later, since contents of pwd may be
- * invalidated by deletion
- */
- sprintf(file, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
- strlcpy(home, pwd->pw_dir, sizeof(home));
-
- rc = delpwent(pwd);
- if (rc == -1)
- err(EX_IOERR, "user '%s' does not exist", pwd->pw_name);
- else if (rc != 0) {
- warn("passwd update");
- return EX_IOERR;
- }
-
- if (cnf->nispasswd && *cnf->nispasswd=='/') {
- rc = delnispwent(cnf->nispasswd, a_name->val);
- if (rc == -1)
- warnx("WARNING: user '%s' does not exist in NIS passwd", pwd->pw_name);
- else if (rc != 0)
- warn("WARNING: NIS passwd update");
- /* non-fatal */
- }
-
- editgroups(a_name->val, NULL);
-
- pw_log(cnf, mode, W_USER, "%s(%ld) account removed", a_name->val, (long) uid);
-
- if (!PWALTDIR()) {
- /*
- * Remove mail file
- */
- remove(file);
-
- /*
- * Remove at jobs
- */
- if (getpwuid(uid) == NULL)
- rmat(uid);
-
- /*
- * Remove home directory and contents
- */
- if (getarg(args, 'r') != NULL && *home == '/' && getpwuid(uid) == NULL) {
- if (stat(home, &st) != -1) {
- rm_r(home, uid);
- pw_log(cnf, mode, W_USER, "%s(%ld) home '%s' %sremoved",
- a_name->val, (long) uid, home,
- stat(home, &st) == -1 ? "" : "not completely ");
- }
- }
- }
- return EXIT_SUCCESS;
- } else if (mode == M_PRINT)
- return print_user(pwd,
- getarg(args, 'P') != NULL,
- getarg(args, '7') != NULL);
-
- /*
- * The rest is edit code
- */
- if ((arg = getarg(args, 'l')) != NULL) {
- if (strcmp(pwd->pw_name, "root") == 0)
- errx(EX_DATAERR, "can't rename `root' account");
- pwd->pw_name = pw_checkname((u_char *)arg->val, 0);
- edited = 1;
- }
-
- if ((arg = getarg(args, 'u')) != NULL && isdigit((unsigned char)*arg->val)) {
- pwd->pw_uid = (uid_t) atol(arg->val);
- edited = 1;
- if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0)
- errx(EX_DATAERR, "can't change uid of `root' account");
- if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
- warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name);
- }
-
- if ((arg = getarg(args, 'g')) != NULL && pwd->pw_uid != 0) { /* Already checked this */
- gid_t newgid = (gid_t) GETGRNAM(cnf->default_group)->gr_gid;
- if (newgid != pwd->pw_gid) {
- edited = 1;
- pwd->pw_gid = newgid;
- }
- }
-
- if ((arg = getarg(args, 'p')) != NULL) {
- if (*arg->val == '\0' || strcmp(arg->val, "0") == 0) {
- if (pwd->pw_change != 0) {
- pwd->pw_change = 0;
- edited = 1;
- }
- }
- else {
- time_t now = time(NULL);
- time_t expire = parse_date(now, arg->val);
-
- if (now == expire)
- errx(EX_DATAERR, "invalid password change date `%s'", arg->val);
- if (pwd->pw_change != expire) {
- pwd->pw_change = expire;
- edited = 1;
- }
- }
- }
-
- if ((arg = getarg(args, 'e')) != NULL) {
- if (*arg->val == '\0' || strcmp(arg->val, "0") == 0) {
- if (pwd->pw_expire != 0) {
- pwd->pw_expire = 0;
- edited = 1;
- }
- }
- else {
- time_t now = time(NULL);
- time_t expire = parse_date(now, arg->val);
-
- if (now == expire)
- errx(EX_DATAERR, "invalid account expiry date `%s'", arg->val);
- if (pwd->pw_expire != expire) {
- pwd->pw_expire = expire;
- edited = 1;
- }
- }
- }
-
- if ((arg = getarg(args, 's')) != NULL) {
- char *shell = shell_path(cnf->shelldir, cnf->shells, arg->val);
- if (shell == NULL)
- shell = "";
- if (strcmp(shell, pwd->pw_shell) != 0) {
- pwd->pw_shell = shell;
- edited = 1;
- }
- }
-
- if (getarg(args, 'L')) {
- if (cnf->default_class == NULL)
- cnf->default_class = "";
- if (strcmp(pwd->pw_class, cnf->default_class) != 0) {
- pwd->pw_class = cnf->default_class;
- edited = 1;
- }
- }
-
- if ((arg = getarg(args, 'd')) != NULL) {
- if (strcmp(pwd->pw_dir, arg->val))
- edited = 1;
- if (stat(pwd->pw_dir = arg->val, &st) == -1) {
- if (getarg(args, 'm') == NULL && strcmp(pwd->pw_dir, "/nonexistent") != 0)
- warnx("WARNING: home `%s' does not exist", pwd->pw_dir);
- } else if (!S_ISDIR(st.st_mode))
- warnx("WARNING: home `%s' is not a directory", pwd->pw_dir);
- }
-
- if ((arg = getarg(args, 'w')) != NULL &&
- getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) {
- login_cap_t *lc;
-
- lc = login_getpwclass(pwd);
- if (lc == NULL ||
- login_setcryptfmt(lc, "md5", NULL) == NULL)
- warn("setting crypt(3) format");
- login_close(lc);
- pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name);
- edited = 1;
- }
-
+ if (b < 0)
+ err(EX_IOERR, "-%c file descriptor",
+ precrypted ? 'H' : 'h');
+ line[b] = '\0';
+ if ((p = strpbrk(line, "\r\n")) != NULL)
+ *p = '\0';
+ if (!*line)
+ errx(EX_DATAERR, "empty password read on file descriptor %d",
+ fd);
+ if (precrypted) {
+ if (strchr(line, ':') != NULL)
+ errx(EX_DATAERR, "bad encrypted password");
+ pwd->pw_passwd = strdup(line);
} else {
- login_cap_t *lc;
-
- /*
- * Add code
- */
-
- if (a_name == NULL) /* Required */
- errx(EX_DATAERR, "login name required");
- else if ((pwd = GETPWNAM(a_name->val)) != NULL) /* Exists */
- errx(EX_DATAERR, "login name `%s' already exists", a_name->val);
-
- /*
- * Now, set up defaults for a new user
- */
- pwd = &fakeuser;
- pwd->pw_name = a_name->val;
- pwd->pw_class = cnf->default_class ? cnf->default_class : "";
- pwd->pw_uid = pw_uidpolicy(cnf, args);
- pwd->pw_gid = pw_gidpolicy(cnf, args, pwd->pw_name, (gid_t) pwd->pw_uid);
- pwd->pw_change = pw_pwdpolicy(cnf, args);
- pwd->pw_expire = pw_exppolicy(cnf, args);
- pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name);
- pwd->pw_shell = pw_shellpolicy(cnf, args, NULL);
lc = login_getpwclass(pwd);
- if (lc == NULL || login_setcryptfmt(lc, "md5", NULL) == NULL)
+ if (lc == NULL ||
+ login_setcryptfmt(lc, "sha512", NULL) == NULL)
warn("setting crypt(3) format");
login_close(lc);
- pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name);
- edited = 1;
-
- if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
- warnx("WARNING: new account `%s' has a uid of 0 (superuser access!)", pwd->pw_name);
+ pwd->pw_passwd = pw_pwcrypt(line);
}
+ return (1);
+}
- /*
- * Shared add/edit code
- */
- if ((arg = getarg(args, 'c')) != NULL) {
- char *gecos = pw_checkname((u_char *)arg->val, 1);
- if (strcmp(pwd->pw_gecos, gecos) != 0) {
- pwd->pw_gecos = gecos;
- edited = 1;
- }
- }
+static void
+perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd)
+{
+ int rc;
+ struct passwd *nispwd;
- if ((arg = getarg(args, 'h')) != NULL ||
- (arg = getarg(args, 'H')) != NULL) {
- if (strcmp(arg->val, "-") == 0) {
- if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
- pwd->pw_passwd = "*"; /* No access */
- edited = 1;
- }
- } else {
- int fd = atoi(arg->val);
- int precrypt = (arg->ch == 'H');
- int b;
- int istty = isatty(fd);
- struct termios t;
- login_cap_t *lc;
+ /* duplicate for nis so that chgpwent is not modifying before NIS */
+ if (nispasswd && *nispasswd == '/')
+ nispwd = pw_dup(pwd);
- if (istty) {
- if (tcgetattr(fd, &t) == -1)
- istty = 0;
- else {
- struct termios n = t;
+ rc = chgpwent(name, pwd);
+ if (rc == -1)
+ errx(EX_IOERR, "user '%s' does not exist (NIS?)", pwd->pw_name);
+ else if (rc != 0)
+ err(EX_IOERR, "passwd file update");
- /* Disable echo */
- n.c_lflag &= ~(ECHO);
- tcsetattr(fd, TCSANOW, &n);
- printf("%s%spassword for user %s:",
- (mode == M_UPDATE) ? "new " : "",
- precrypt ? "encrypted " : "",
- pwd->pw_name);
- fflush(stdout);
- }
- }
- b = read(fd, line, sizeof(line) - 1);
- if (istty) { /* Restore state */
- tcsetattr(fd, TCSANOW, &t);
- fputc('\n', stdout);
- fflush(stdout);
- }
- if (b < 0) {
- warn("-%c file descriptor", precrypt ? 'H' :
- 'h');
- return EX_IOERR;
- }
- line[b] = '\0';
- if ((p = strpbrk(line, "\r\n")) != NULL)
- *p = '\0';
- if (!*line)
- errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
- if (precrypt) {
- if (strchr(line, ':') != NULL)
- return EX_DATAERR;
- pwd->pw_passwd = line;
- } else {
- lc = login_getpwclass(pwd);
- if (lc == NULL ||
- login_setcryptfmt(lc, "md5", NULL) == NULL)
- warn("setting crypt(3) format");
- login_close(lc);
- pwd->pw_passwd = pw_pwcrypt(line);
- }
- edited = 1;
- }
+ if (nispasswd && *nispasswd == '/') {
+ rc = chgnispwent(nispasswd, name, nispwd);
+ if (rc == -1)
+ warn("User '%s' not found in NIS passwd", pwd->pw_name);
+ else if (rc != 0)
+ warn("NIS passwd update");
+ /* NOTE: NIS-only update errors are not fatal */
}
+}
- /*
- * Special case: -N only displays & exits
- */
- if (getarg(args, 'N') != NULL)
- return print_user(pwd,
- getarg(args, 'P') != NULL,
- getarg(args, '7') != NULL);
+/*
+ * The M_LOCK and M_UNLOCK functions simply add or remove
+ * a "*LOCKED*" prefix from in front of the password to
+ * prevent it decoding correctly, and therefore prevents
+ * access. Of course, this only prevents access via
+ * password authentication (not ssh, kerberos or any
+ * other method that does not use the UNIX password) but
+ * that is a known limitation.
+ */
+static int
+pw_userlock(char *arg1, int mode)
+{
+ struct passwd *pwd = NULL;
+ char *passtmp = NULL;
+ char *name;
+ bool locked = false;
+ uid_t id = (uid_t)-1;
- if (mode == M_ADD) {
- edited = 1; /* Always */
- rc = addpwent(pwd);
- if (rc == -1) {
- warnx("user '%s' already exists", pwd->pw_name);
- return EX_IOERR;
- } else if (rc != 0) {
- warn("passwd file update");
- return EX_IOERR;
- }
- if (cnf->nispasswd && *cnf->nispasswd=='/') {
- rc = addnispwent(cnf->nispasswd, pwd);
- if (rc == -1)
- warnx("User '%s' already exists in NIS passwd", pwd->pw_name);
- else
- warn("NIS passwd update");
- /* NOTE: we treat NIS-only update errors as non-fatal */
- }
- } else if (mode == M_UPDATE || mode == M_LOCK || mode == M_UNLOCK) {
- if (edited) { /* Only updated this if required */
- rc = chgpwent(a_name->val, pwd);
- if (rc == -1) {
- warnx("user '%s' does not exist (NIS?)", pwd->pw_name);
- return EX_IOERR;
- } else if (rc != 0) {
- warn("passwd file update");
- return EX_IOERR;
- }
- if ( cnf->nispasswd && *cnf->nispasswd=='/') {
- rc = chgnispwent(cnf->nispasswd, a_name->val, pwd);
- if (rc == -1)
- warn("User '%s' not found in NIS passwd", pwd->pw_name);
- else
- warn("NIS passwd update");
- /* NOTE: NIS-only update errors are not fatal */
- }
- }
- }
+ if (geteuid() != 0)
+ errx(EX_NOPERM, "you must be root");
- /*
- * Ok, user is created or changed - now edit group file
- */
+ if (arg1 == NULL)
+ errx(EX_DATAERR, "username or id required");
- if (mode == M_ADD || getarg(args, 'G') != NULL)
- editgroups(pwd->pw_name, cnf->groups);
+ name = arg1;
+ if (arg1[strspn(name, "0123456789")] == '\0')
+ id = pw_checkid(name, UID_MAX);
- /* go get a current version of pwd */
- pwd = GETPWNAM(a_name->val);
+ pwd = GETPWNAM(pw_checkname(name, 0));
+ if (pwd == NULL && id != (uid_t)-1) {
+ pwd = GETPWUID(id);
+ if (pwd != NULL)
+ name = pwd->pw_name;
+ }
if (pwd == NULL) {
- /* This will fail when we rename, so special case that */
- if (mode == M_UPDATE && (arg = getarg(args, 'l')) != NULL) {
- a_name->val = arg->val; /* update new name */
- pwd = GETPWNAM(a_name->val); /* refetch renamed rec */
- }
+ if (id == (uid_t)-1)
+ errx(EX_NOUSER, "no such name or uid `%ju'", (uintmax_t) id);
+ errx(EX_NOUSER, "no such user `%s'", name);
}
- if (pwd == NULL) /* can't go on without this */
- errx(EX_NOUSER, "user '%s' disappeared during update", a_name->val);
- grp = GETGRGID(pwd->pw_gid);
- pw_log(cnf, mode, W_USER, "%s(%ld):%s(%ld):%s:%s:%s",
- pwd->pw_name, (long) pwd->pw_uid,
- grp ? grp->gr_name : "unknown", (long) (grp ? grp->gr_gid : -1),
- pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell);
+ if (name == NULL)
+ name = pwd->pw_name;
- /*
- * If adding, let's touch and chown the user's mail file. This is not
- * strictly necessary under BSD with a 0755 maildir but it also
- * doesn't hurt anything to create the empty mailfile
- */
- if (mode == M_ADD) {
- if (!PWALTDIR()) {
- sprintf(line, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
- close(open(line, O_RDWR | O_CREAT, 0600)); /* Preserve contents &
- * mtime */
- chown(line, pwd->pw_uid, pwd->pw_gid);
- }
- }
+ if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str) -1) == 0)
+ locked = true;
+ if (mode == M_LOCK && locked)
+ errx(EX_DATAERR, "user '%s' is already locked", pwd->pw_name);
+ if (mode == M_UNLOCK && !locked)
+ errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name);
- /*
- * Let's create and populate the user's home directory. Note
- * that this also `works' for editing users if -m is used, but
- * existing files will *not* be overwritten.
- */
- if (!PWALTDIR() && getarg(args, 'm') != NULL && pwd->pw_dir && *pwd->pw_dir == '/' && pwd->pw_dir[1]) {
- copymkdir(pwd->pw_dir, cnf->dotdir, cnf->homemode, pwd->pw_uid, pwd->pw_gid);
- pw_log(cnf, mode, W_USER, "%s(%ld) home %s made",
- pwd->pw_name, (long) pwd->pw_uid, pwd->pw_dir);
+ if (mode == M_LOCK) {
+ asprintf(&passtmp, "%s%s", locked_str, pwd->pw_passwd);
+ if (passtmp == NULL) /* disaster */
+ errx(EX_UNAVAILABLE, "out of memory");
+ pwd->pw_passwd = passtmp;
+ } else {
+ pwd->pw_passwd += sizeof(locked_str)-1;
}
+ perform_chgpwent(name, pwd, NULL);
+ free(passtmp);
- /*
- * Finally, send mail to the new user as well, if we are asked to
- */
- if (mode == M_ADD && !PWALTDIR() && cnf->newmail && *cnf->newmail && (fp = fopen(cnf->newmail, "r")) != NULL) {
- FILE *pfp = popen(_PATH_SENDMAIL " -t", "w");
-
- if (pfp == NULL)
- warn("sendmail");
- else {
- fprintf(pfp, "From: root\n" "To: %s\n" "Subject: Welcome!\n\n", pwd->pw_name);
- while (fgets(line, sizeof(line), fp) != NULL) {
- /* Do substitutions? */
- fputs(line, pfp);
- }
- pclose(pfp);
- pw_log(cnf, mode, W_USER, "%s(%ld) new user mail sent",
- pwd->pw_name, (long) pwd->pw_uid);
- }
- fclose(fp);
- }
-
- return EXIT_SUCCESS;
+ return (EXIT_SUCCESS);
}
-
-static uid_t
-pw_uidpolicy(struct userconf * cnf, struct cargs * args)
+static uid_t
+pw_uidpolicy(struct userconf * cnf, intmax_t id)
{
struct passwd *pwd;
+ struct bitmap bm;
uid_t uid = (uid_t) - 1;
- struct carg *a_uid = getarg(args, 'u');
/*
* Check the given uid, if any
*/
- if (a_uid != NULL) {
- uid = (uid_t) atol(a_uid->val);
+ if (id >= 0) {
+ uid = (uid_t) id;
- if ((pwd = GETPWUID(uid)) != NULL && getarg(args, 'o') == NULL)
- errx(EX_DATAERR, "uid `%ld' has already been allocated", (long) pwd->pw_uid);
- } else {
- struct bitmap bm;
+ if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate)
+ errx(EX_DATAERR, "uid `%ju' has already been allocated",
+ (uintmax_t)pwd->pw_uid);
+ return (uid);
+ }
+ /*
+ * We need to allocate the next available uid under one of
+ * two policies a) Grab the first unused uid b) Grab the
+ * highest possible unused uid
+ */
+ if (cnf->min_uid >= cnf->max_uid) { /* Sanity
+ * claus^H^H^H^Hheck */
+ cnf->min_uid = 1000;
+ cnf->max_uid = 32000;
+ }
+ bm = bm_alloc(cnf->max_uid - cnf->min_uid + 1);
- /*
- * We need to allocate the next available uid under one of
- * two policies a) Grab the first unused uid b) Grab the
- * highest possible unused uid
- */
- if (cnf->min_uid >= cnf->max_uid) { /* Sanity
- * claus^H^H^H^Hheck */
- cnf->min_uid = 1000;
- cnf->max_uid = 32000;
- }
- bm = bm_alloc(cnf->max_uid - cnf->min_uid + 1);
+ /*
+ * Now, let's fill the bitmap from the password file
+ */
+ SETPWENT();
+ while ((pwd = GETPWENT()) != NULL)
+ if (pwd->pw_uid >= (uid_t) cnf->min_uid && pwd->pw_uid <= (uid_t) cnf->max_uid)
+ bm_setbit(&bm, pwd->pw_uid - cnf->min_uid);
+ ENDPWENT();
- /*
- * Now, let's fill the bitmap from the password file
- */
- SETPWENT();
- while ((pwd = GETPWENT()) != NULL)
- if (pwd->pw_uid >= (uid_t) cnf->min_uid && pwd->pw_uid <= (uid_t) cnf->max_uid)
- bm_setbit(&bm, pwd->pw_uid - cnf->min_uid);
- ENDPWENT();
+ /*
+ * Then apply the policy, with fallback to reuse if necessary
+ */
+ if (cnf->reuse_uids || (uid = (uid_t) (bm_lastset(&bm) + cnf->min_uid + 1)) > cnf->max_uid)
+ uid = (uid_t) (bm_firstunset(&bm) + cnf->min_uid);
- /*
- * Then apply the policy, with fallback to reuse if necessary
- */
- if (cnf->reuse_uids || (uid = (uid_t) (bm_lastset(&bm) + cnf->min_uid + 1)) > cnf->max_uid)
- uid = (uid_t) (bm_firstunset(&bm) + cnf->min_uid);
-
- /*
- * Another sanity check
- */
- if (uid < cnf->min_uid || uid > cnf->max_uid)
- errx(EX_SOFTWARE, "unable to allocate a new uid - range fully used");
- bm_dealloc(&bm);
- }
- return uid;
+ /*
+ * Another sanity check
+ */
+ if (uid < cnf->min_uid || uid > cnf->max_uid)
+ errx(EX_SOFTWARE, "unable to allocate a new uid - range fully used");
+ bm_dealloc(&bm);
+ return (uid);
}
-
-static uid_t
-pw_gidpolicy(struct userconf * cnf, struct cargs * args, char *nam, gid_t prefer)
+static uid_t
+pw_gidpolicy(struct userconf *cnf, char *grname, char *nam, gid_t prefer, bool dryrun)
{
struct group *grp;
gid_t gid = (uid_t) - 1;
- struct carg *a_gid = getarg(args, 'g');
/*
- * If no arg given, see if default can help out
- */
- if (a_gid == NULL && cnf->default_group && *cnf->default_group)
- a_gid = addarg(args, 'g', cnf->default_group);
-
- /*
* Check the given gid, if any
*/
SETGRENT();
- if (a_gid != NULL) {
- if ((grp = GETGRNAM(a_gid->val)) == NULL) {
- gid = (gid_t) atol(a_gid->val);
- if ((gid == 0 && !isdigit((unsigned char)*a_gid->val)) || (grp = GETGRGID(gid)) == NULL)
- errx(EX_NOUSER, "group `%s' is not defined", a_gid->val);
+ if (grname) {
+ if ((grp = GETGRNAM(grname)) == NULL) {
+ gid = pw_checkid(grname, GID_MAX);
+ grp = GETGRGID(gid);
}
gid = grp->gr_gid;
- } else if ((grp = GETGRNAM(nam)) != NULL && grp->gr_mem[0] == NULL) {
+ } else if ((grp = GETGRNAM(nam)) != NULL &&
+ (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) {
gid = grp->gr_gid; /* Already created? Use it anyway... */
} else {
- struct cargs grpargs;
- char tmp[32];
+ intmax_t grid = -1;
- LIST_INIT(&grpargs);
- addarg(&grpargs, 'n', nam);
-
/*
* We need to auto-create a group with the user's name. We
* can send all the appropriate output to our sister routine
@@ -895,84 +410,38 @@
* user's name dups an existing group, then the group add
* function will happily handle that case for us and exit.
*/
- if (GETGRGID(prefer) == NULL) {
- sprintf(tmp, "%lu", (unsigned long) prefer);
- addarg(&grpargs, 'g', tmp);
- }
- if (getarg(args, 'N'))
- {
- addarg(&grpargs, 'N', NULL);
- addarg(&grpargs, 'q', NULL);
- gid = pw_group(cnf, M_NEXT, &grpargs);
- }
- else
- {
- pw_group(cnf, M_ADD, &grpargs);
+ if (GETGRGID(prefer) == NULL)
+ grid = prefer;
+ if (dryrun) {
+ gid = pw_groupnext(cnf, true);
+ } else {
+ if (grid == -1)
+ grid = pw_groupnext(cnf, true);
+ groupadd(cnf, nam, grid, NULL, -1, false, false, false);
if ((grp = GETGRNAM(nam)) != NULL)
gid = grp->gr_gid;
}
- a_gid = LIST_FIRST(&grpargs);
- while (a_gid != NULL) {
- struct carg *t = LIST_NEXT(a_gid, list);
- LIST_REMOVE(a_gid, list);
- a_gid = t;
- }
}
ENDGRENT();
- return gid;
+ return (gid);
}
-
-static time_t
-pw_pwdpolicy(struct userconf * cnf, struct cargs * args)
+static char *
+pw_homepolicy(struct userconf * cnf, char *homedir, const char *user)
{
- time_t result = 0;
- time_t now = time(NULL);
- struct carg *arg = getarg(args, 'p');
+ static char home[128];
- if (arg != NULL) {
- if ((result = parse_date(now, arg->val)) == now)
- errx(EX_DATAERR, "invalid date/time `%s'", arg->val);
- } else if (cnf->password_days > 0)
- result = now + ((long) cnf->password_days * 86400L);
- return result;
-}
+ if (homedir)
+ return (homedir);
+ if (cnf->home == NULL || *cnf->home == '\0')
+ errx(EX_CONFIG, "no base home directory set");
+ snprintf(home, sizeof(home), "%s/%s", cnf->home, user);
-static time_t
-pw_exppolicy(struct userconf * cnf, struct cargs * args)
-{
- time_t result = 0;
- time_t now = time(NULL);
- struct carg *arg = getarg(args, 'e');
-
- if (arg != NULL) {
- if ((result = parse_date(now, arg->val)) == now)
- errx(EX_DATAERR, "invalid date/time `%s'", arg->val);
- } else if (cnf->expire_days > 0)
- result = now + ((long) cnf->expire_days * 86400L);
- return result;
+ return (home);
}
-
-static char *
-pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user)
-{
- struct carg *arg = getarg(args, 'd');
-
- if (arg)
- return arg->val;
- else {
- static char home[128];
-
- if (cnf->home == NULL || *cnf->home == '\0')
- errx(EX_CONFIG, "no base home directory set");
- sprintf(home, "%s/%s", cnf->home, user);
- return home;
- }
-}
-
-static char *
+static char *
shell_path(char const * path, char *shells[], char *sh)
{
if (sh != NULL && (*sh == '/' || *sh == '\0'))
@@ -990,12 +459,12 @@
static char shellpath[256];
if (sh != NULL) {
- sprintf(shellpath, "%s/%s", p, sh);
+ snprintf(shellpath, sizeof(shellpath), "%s/%s", p, sh);
if (access(shellpath, X_OK) == 0)
return shellpath;
} else
for (i = 0; i < _UC_MAXSHELLS && shells[i] != NULL; i++) {
- sprintf(shellpath, "%s/%s", p, shells[i]);
+ snprintf(shellpath, sizeof(shellpath), "%s/%s", p, shells[i]);
if (access(shellpath, X_OK) == 0)
return shellpath;
}
@@ -1007,16 +476,11 @@
}
}
-
-static char *
-pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell)
+static char *
+pw_shellpolicy(struct userconf * cnf)
{
- char *sh = newshell;
- struct carg *arg = getarg(args, 's');
- if (newshell == NULL && arg != NULL)
- sh = arg->val;
- return shell_path(cnf->shelldir, cnf->shells, sh ? sh : cnf->shell_default);
+ return shell_path(cnf->shelldir, cnf->shells, cnf->shell_default);
}
#define SALTSIZE 32
@@ -1023,13 +487,14 @@
static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./";
-char *
+char *
pw_pwcrypt(char *password)
{
int i;
char salt[SALTSIZE + 1];
-
+ char *cryptpw;
static char buf[256];
+ size_t pwlen;
/*
* Calculate a salt value
@@ -1038,18 +503,24 @@
salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)];
salt[SALTSIZE] = '\0';
- return strcpy(buf, crypt(password, salt));
+ cryptpw = crypt(password, salt);
+ if (cryptpw == NULL)
+ errx(EX_CONFIG, "crypt(3) failure");
+ pwlen = strlcpy(buf, cryptpw, sizeof(buf));
+ assert(pwlen < sizeof(buf));
+ return (buf);
}
-
-static char *
-pw_password(struct userconf * cnf, struct cargs * args, char const * user)
+static char *
+pw_password(struct userconf * cnf, char const * user, bool dryrun)
{
int i, l;
char pwbuf[32];
switch (cnf->default_password) {
- case -1: /* Random password */
+ case P_NONE: /* No password at all! */
+ return "";
+ case P_RANDOM: /* Random password */
l = (arc4random() % 8 + 8); /* 8 - 16 chars */
for (i = 0; i < l; i++)
pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)];
@@ -1058,8 +529,7 @@
/*
* We give this information back to the user
*/
- if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL &&
- getarg(args, 'N') == NULL) {
+ if (conf.fd == -1 && !dryrun) {
if (isatty(STDOUT_FILENO))
printf("Password for '%s' is: ", user);
printf("%s\n", pwbuf);
@@ -1066,87 +536,80 @@
fflush(stdout);
}
break;
-
- case -2: /* No password at all! */
- return "";
-
- case 0: /* No login - default */
+ case P_YES: /* user's name */
+ strlcpy(pwbuf, user, sizeof(pwbuf));
+ break;
+ case P_NO: /* No login - default */
+ /* FALLTHROUGH */
default:
return "*";
-
- case 1: /* user's name */
- strlcpy(pwbuf, user, sizeof(pwbuf));
- break;
}
return pw_pwcrypt(pwbuf);
}
-
static int
-print_user(struct passwd * pwd, int pretty, int v7)
+print_user(struct passwd * pwd, bool pretty, bool v7)
{
+ int j;
+ char *p;
+ struct group *grp = GETGRGID(pwd->pw_gid);
+ char uname[60] = "User &", office[60] = "[None]",
+ wphone[60] = "[None]", hphone[60] = "[None]";
+ char acexpire[32] = "[None]", pwexpire[32] = "[None]";
+ struct tm * tptr;
+
if (!pretty) {
- char buf[_UC_MAXLINE];
+ p = v7 ? pw_make_v7(pwd) : pw_make(pwd);
+ printf("%s\n", p);
+ free(p);
+ return (EXIT_SUCCESS);
+ }
- fmtpwentry(buf, pwd, v7 ? PWF_PASSWD : PWF_STANDARD);
- fputs(buf, stdout);
- } else {
- int j;
- char *p;
- struct group *grp = GETGRGID(pwd->pw_gid);
- char uname[60] = "User &", office[60] = "[None]",
- wphone[60] = "[None]", hphone[60] = "[None]";
- char acexpire[32] = "[None]", pwexpire[32] = "[None]";
- struct tm * tptr;
-
- if ((p = strtok(pwd->pw_gecos, ",")) != NULL) {
- strlcpy(uname, p, sizeof(uname));
+ if ((p = strtok(pwd->pw_gecos, ",")) != NULL) {
+ strlcpy(uname, p, sizeof(uname));
+ if ((p = strtok(NULL, ",")) != NULL) {
+ strlcpy(office, p, sizeof(office));
if ((p = strtok(NULL, ",")) != NULL) {
- strlcpy(office, p, sizeof(office));
- if ((p = strtok(NULL, ",")) != NULL) {
- strlcpy(wphone, p, sizeof(wphone));
- if ((p = strtok(NULL, "")) != NULL) {
- strlcpy(hphone, p,
- sizeof(hphone));
- }
+ strlcpy(wphone, p, sizeof(wphone));
+ if ((p = strtok(NULL, "")) != NULL) {
+ strlcpy(hphone, p, sizeof(hphone));
}
}
}
- /*
- * Handle '&' in gecos field
- */
- if ((p = strchr(uname, '&')) != NULL) {
- int l = strlen(pwd->pw_name);
- int m = strlen(p);
+ }
+ /*
+ * Handle '&' in gecos field
+ */
+ if ((p = strchr(uname, '&')) != NULL) {
+ int l = strlen(pwd->pw_name);
+ int m = strlen(p);
- memmove(p + l, p + 1, m);
- memmove(p, pwd->pw_name, l);
- *p = (char) toupper((unsigned char)*p);
- }
- if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL)
- strftime(acexpire, sizeof acexpire, "%c", tptr);
+ memmove(p + l, p + 1, m);
+ memmove(p, pwd->pw_name, l);
+ *p = (char) toupper((unsigned char)*p);
+ }
+ if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL)
+ strftime(acexpire, sizeof acexpire, "%c", tptr);
if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL)
- strftime(pwexpire, sizeof pwexpire, "%c", tptr);
- printf("Login Name: %-15s #%-12ld Group: %-15s #%ld\n"
- " Full Name: %s\n"
- " Home: %-26.26s Class: %s\n"
- " Shell: %-26.26s Office: %s\n"
- "Work Phone: %-26.26s Home Phone: %s\n"
- "Acc Expire: %-26.26s Pwd Expire: %s\n",
- pwd->pw_name, (long) pwd->pw_uid,
- grp ? grp->gr_name : "(invalid)", (long) pwd->pw_gid,
- uname, pwd->pw_dir, pwd->pw_class,
- pwd->pw_shell, office, wphone, hphone,
- acexpire, pwexpire);
- SETGRENT();
- j = 0;
- while ((grp=GETGRENT()) != NULL)
- {
- int i = 0;
- while (grp->gr_mem[i] != NULL)
- {
- if (strcmp(grp->gr_mem[i], pwd->pw_name)==0)
- {
+ strftime(pwexpire, sizeof pwexpire, "%c", tptr);
+ printf("Login Name: %-15s #%-12ju Group: %-15s #%ju\n"
+ " Full Name: %s\n"
+ " Home: %-26.26s Class: %s\n"
+ " Shell: %-26.26s Office: %s\n"
+ "Work Phone: %-26.26s Home Phone: %s\n"
+ "Acc Expire: %-26.26s Pwd Expire: %s\n",
+ pwd->pw_name, (uintmax_t)pwd->pw_uid,
+ grp ? grp->gr_name : "(invalid)", (uintmax_t)pwd->pw_gid,
+ uname, pwd->pw_dir, pwd->pw_class,
+ pwd->pw_shell, office, wphone, hphone,
+ acexpire, pwexpire);
+ SETGRENT();
+ j = 0;
+ while ((grp=GETGRENT()) != NULL) {
+ int i = 0;
+ if (grp->gr_mem != NULL) {
+ while (grp->gr_mem[i] != NULL) {
+ if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) {
printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name);
break;
}
@@ -1153,17 +616,17 @@
++i;
}
}
- ENDGRENT();
- printf("%s", j ? "\n" : "");
}
- return EXIT_SUCCESS;
+ ENDGRENT();
+ printf("%s", j ? "\n" : "");
+ return (EXIT_SUCCESS);
}
-char *
-pw_checkname(u_char *name, int gecos)
+char *
+pw_checkname(char *name, int gecos)
{
char showch[8];
- u_char const *badchars, *ch, *showtype;
+ const char *badchars, *ch, *showtype;
int reject;
ch = name;
@@ -1170,7 +633,7 @@
reject = 0;
if (gecos) {
/* See if the name is valid as a gecos (comment) field. */
- badchars = ":!@";
+ badchars = ":";
showtype = "gecos field";
} else {
/* See if the name is valid as a userid or group. */
@@ -1182,7 +645,8 @@
}
if (!reject) {
while (*ch) {
- if (strchr(badchars, *ch) != NULL || *ch < ' ' ||
+ if (strchr(badchars, *ch) != NULL ||
+ (!gecos && *ch < ' ') ||
*ch == 127) {
reject = 1;
break;
@@ -1212,12 +676,12 @@
showch, (ch - name), showtype);
}
if (!gecos && (ch - name) > LOGNAMESIZE)
- errx(EX_DATAERR, "name too long `%s' (max is %d)", name,
+ errx(EX_USAGE, "name too long `%s' (max is %d)", name,
LOGNAMESIZE);
- return (char *)name;
+
+ return (name);
}
-
static void
rmat(uid_t uid)
{
@@ -1235,7 +699,8 @@
st.st_uid == uid) {
char tmp[MAXPATHLEN];
- sprintf(tmp, "/usr/bin/atrm %s", e->d_name);
+ snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s",
+ e->d_name);
system(tmp);
}
}
@@ -1246,27 +711,1130 @@
static void
rmopie(char const * name)
{
- static const char etcopie[] = "/etc/opiekeys";
- FILE *fp = fopen(etcopie, "r+");
+ char tmp[1014];
+ FILE *fp;
+ int fd;
+ size_t len;
+ off_t atofs = 0;
+
+ if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1)
+ return;
- if (fp != NULL) {
- char tmp[1024];
- off_t atofs = 0;
- int length = strlen(name);
+ fp = fdopen(fd, "r+");
+ len = strlen(name);
- while (fgets(tmp, sizeof tmp, fp) != NULL) {
- if (strncmp(name, tmp, length) == 0 && tmp[length]==' ') {
- if (fseek(fp, atofs, SEEK_SET) == 0) {
- fwrite("#", 1, 1, fp); /* Comment username out */
- }
- break;
+ while (fgets(tmp, sizeof(tmp), fp) != NULL) {
+ if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') {
+ /* Comment username out */
+ if (fseek(fp, atofs, SEEK_SET) == 0)
+ fwrite("#", 1, 1, fp);
+ break;
+ }
+ atofs = ftell(fp);
+ }
+ /*
+ * If we got an error of any sort, don't update!
+ */
+ fclose(fp);
+}
+
+int
+pw_user_next(int argc, char **argv, char *name __unused)
+{
+ struct userconf *cnf = NULL;
+ const char *cfg = NULL;
+ int ch;
+ bool quiet = false;
+ uid_t next;
+
+ while ((ch = getopt(argc, argv, "Cq")) != -1) {
+ switch (ch) {
+ case 'C':
+ cfg = optarg;
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ }
+ }
+
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+
+ cnf = get_userconfig(cfg);
+
+ next = pw_uidpolicy(cnf, -1);
+
+ printf("%ju:", (uintmax_t)next);
+ pw_groupnext(cnf, quiet);
+
+ return (EXIT_SUCCESS);
+}
+
+int
+pw_user_show(int argc, char **argv, char *arg1)
+{
+ struct passwd *pwd = NULL;
+ char *name = NULL;
+ intmax_t id = -1;
+ int ch;
+ bool all = false;
+ bool pretty = false;
+ bool force = false;
+ bool v7 = false;
+ bool quiet = false;
+
+ if (arg1 != NULL) {
+ if (arg1[strspn(arg1, "0123456789")] == '\0')
+ id = pw_checkid(arg1, UID_MAX);
+ else
+ name = arg1;
+ }
+
+ while ((ch = getopt(argc, argv, "C:qn:u:FPa7")) != -1) {
+ switch (ch) {
+ case 'C':
+ /* ignore compatibility */
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'n':
+ name = optarg;
+ break;
+ case 'u':
+ id = pw_checkid(optarg, UID_MAX);
+ break;
+ case 'F':
+ force = true;
+ break;
+ case 'P':
+ pretty = true;
+ break;
+ case 'a':
+ all = true;
+ break;
+ case '7':
+ v7 = true;
+ break;
+ }
+ }
+
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+
+ if (all) {
+ SETPWENT();
+ while ((pwd = GETPWENT()) != NULL)
+ print_user(pwd, pretty, v7);
+ ENDPWENT();
+ return (EXIT_SUCCESS);
+ }
+
+ if (id < 0 && name == NULL)
+ errx(EX_DATAERR, "username or id required");
+
+ pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);
+ if (pwd == NULL) {
+ if (force) {
+ pwd = &fakeuser;
+ } else {
+ if (name == NULL)
+ errx(EX_NOUSER, "no such uid `%ju'",
+ (uintmax_t) id);
+ errx(EX_NOUSER, "no such user `%s'", name);
+ }
+ }
+
+ return (print_user(pwd, pretty, v7));
+}
+
+int
+pw_user_del(int argc, char **argv, char *arg1)
+{
+ struct userconf *cnf = NULL;
+ struct passwd *pwd = NULL;
+ struct group *gr, *grp;
+ char *name = NULL;
+ char grname[MAXLOGNAME];
+ char *nispasswd = NULL;
+ char file[MAXPATHLEN];
+ char home[MAXPATHLEN];
+ const char *cfg = NULL;
+ struct stat st;
+ intmax_t id = -1;
+ int ch, rc;
+ bool nis = false;
+ bool deletehome = false;
+ bool quiet = false;
+
+ if (arg1 != NULL) {
+ if (arg1[strspn(arg1, "0123456789")] == '\0')
+ id = pw_checkid(arg1, UID_MAX);
+ else
+ name = arg1;
+ }
+
+ while ((ch = getopt(argc, argv, "C:qn:u:rYy:")) != -1) {
+ switch (ch) {
+ case 'C':
+ cfg = optarg;
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'n':
+ name = optarg;
+ break;
+ case 'u':
+ id = pw_checkid(optarg, UID_MAX);
+ break;
+ case 'r':
+ deletehome = true;
+ break;
+ case 'y':
+ nispasswd = optarg;
+ break;
+ case 'Y':
+ nis = true;
+ break;
+ }
+ }
+
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+
+ if (id < 0 && name == NULL)
+ errx(EX_DATAERR, "username or id required");
+
+ cnf = get_userconfig(cfg);
+
+ if (nispasswd == NULL)
+ nispasswd = cnf->nispasswd;
+
+ pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);
+ if (pwd == NULL) {
+ if (name == NULL)
+ errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id);
+ errx(EX_NOUSER, "no such user `%s'", name);
+ }
+
+ if (PWF._altdir == PWF_REGULAR &&
+ ((pwd->pw_fields & _PWF_SOURCE) != _PWF_FILES)) {
+ if ((pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) {
+ if (!nis && nispasswd && *nispasswd != '/')
+ errx(EX_NOUSER, "Cannot remove NIS user `%s'",
+ name);
+ } else {
+ errx(EX_NOUSER, "Cannot remove non local user `%s'",
+ name);
+ }
+ }
+
+ id = pwd->pw_uid;
+ if (name == NULL)
+ name = pwd->pw_name;
+
+ if (strcmp(pwd->pw_name, "root") == 0)
+ errx(EX_DATAERR, "cannot remove user 'root'");
+
+ /* Remove opie record from /etc/opiekeys */
+ if (PWALTDIR() != PWF_ALT)
+ rmopie(pwd->pw_name);
+
+ if (!PWALTDIR()) {
+ /* Remove crontabs */
+ snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name);
+ if (access(file, F_OK) == 0) {
+ snprintf(file, sizeof(file), "crontab -u %s -r",
+ pwd->pw_name);
+ system(file);
+ }
+ }
+
+ /*
+ * Save these for later, since contents of pwd may be
+ * invalidated by deletion
+ */
+ snprintf(file, sizeof(file), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
+ strlcpy(home, pwd->pw_dir, sizeof(home));
+ gr = GETGRGID(pwd->pw_gid);
+ if (gr != NULL)
+ strlcpy(grname, gr->gr_name, LOGNAMESIZE);
+ else
+ grname[0] = '\0';
+
+ rc = delpwent(pwd);
+ if (rc == -1)
+ err(EX_IOERR, "user '%s' does not exist", pwd->pw_name);
+ else if (rc != 0)
+ err(EX_IOERR, "passwd update");
+
+ if (nis && nispasswd && *nispasswd=='/') {
+ rc = delnispwent(nispasswd, name);
+ if (rc == -1)
+ warnx("WARNING: user '%s' does not exist in NIS passwd",
+ pwd->pw_name);
+ else if (rc != 0)
+ warn("WARNING: NIS passwd update");
+ }
+
+ grp = GETGRNAM(name);
+ if (grp != NULL &&
+ (grp->gr_mem == NULL || *grp->gr_mem == NULL) &&
+ strcmp(name, grname) == 0)
+ delgrent(GETGRNAM(name));
+ SETGRENT();
+ while ((grp = GETGRENT()) != NULL) {
+ int i, j;
+ char group[MAXLOGNAME];
+ if (grp->gr_mem == NULL)
+ continue;
+
+ for (i = 0; grp->gr_mem[i] != NULL; i++) {
+ if (strcmp(grp->gr_mem[i], name) != 0)
+ continue;
+
+ for (j = i; grp->gr_mem[j] != NULL; j++)
+ grp->gr_mem[j] = grp->gr_mem[j+1];
+ strlcpy(group, grp->gr_name, MAXLOGNAME);
+ chggrent(group, grp);
+ }
+ }
+ ENDGRENT();
+
+ pw_log(cnf, M_DELETE, W_USER, "%s(%ju) account removed", name,
+ (uintmax_t)id);
+
+ /* Remove mail file */
+ if (PWALTDIR() != PWF_ALT)
+ unlinkat(conf.rootfd, file + 1, 0);
+
+ /* Remove at jobs */
+ if (!PWALTDIR() && getpwuid(id) == NULL)
+ rmat(id);
+
+ /* Remove home directory and contents */
+ if (PWALTDIR() != PWF_ALT && deletehome && *home == '/' &&
+ GETPWUID(id) == NULL &&
+ fstatat(conf.rootfd, home + 1, &st, 0) != -1) {
+ rm_r(conf.rootfd, home, id);
+ pw_log(cnf, M_DELETE, W_USER, "%s(%ju) home '%s' %s"
+ "removed", name, (uintmax_t)id, home,
+ fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not "
+ "completely ");
+ }
+
+ return (EXIT_SUCCESS);
+}
+
+int
+pw_user_lock(int argc, char **argv, char *arg1)
+{
+ int ch;
+
+ while ((ch = getopt(argc, argv, "Cq")) != -1) {
+ switch (ch) {
+ case 'C':
+ case 'q':
+ /* compatibility */
+ break;
+ }
+ }
+
+ return (pw_userlock(arg1, M_LOCK));
+}
+
+int
+pw_user_unlock(int argc, char **argv, char *arg1)
+{
+ int ch;
+
+ while ((ch = getopt(argc, argv, "Cq")) != -1) {
+ switch (ch) {
+ case 'C':
+ case 'q':
+ /* compatibility */
+ break;
+ }
+ }
+
+ return (pw_userlock(arg1, M_UNLOCK));
+}
+
+static struct group *
+group_from_name_or_id(char *name)
+{
+ const char *errstr = NULL;
+ struct group *grp;
+ uintmax_t id;
+
+ if ((grp = GETGRNAM(name)) == NULL) {
+ id = strtounum(name, 0, GID_MAX, &errstr);
+ if (errstr)
+ errx(EX_NOUSER, "group `%s' does not exist", name);
+ grp = GETGRGID(id);
+ if (grp == NULL)
+ errx(EX_NOUSER, "group `%s' does not exist", name);
+ }
+
+ return (grp);
+}
+
+static void
+split_groups(StringList **groups, char *groupsstr)
+{
+ struct group *grp;
+ char *p;
+ char tok[] = ", \t";
+
+ if (*groups == NULL)
+ *groups = sl_init();
+ for (p = strtok(groupsstr, tok); p != NULL; p = strtok(NULL, tok)) {
+ grp = group_from_name_or_id(p);
+ sl_add(*groups, newstr(grp->gr_name));
+ }
+}
+
+static void
+validate_grname(struct userconf *cnf, char *group)
+{
+ struct group *grp;
+
+ if (group == NULL || *group == '\0') {
+ cnf->default_group = "";
+ return;
+ }
+ grp = group_from_name_or_id(group);
+ cnf->default_group = newstr(grp->gr_name);
+}
+
+static mode_t
+validate_mode(char *mode)
+{
+ mode_t m;
+ void *set;
+
+ if ((set = setmode(mode)) == NULL)
+ errx(EX_DATAERR, "invalid directory creation mode '%s'", mode);
+
+ m = getmode(set, _DEF_DIRMODE);
+ free(set);
+ return (m);
+}
+
+static long
+validate_expire(char *str, int opt)
+{
+ if (!numerics(str))
+ errx(EX_DATAERR, "-%c argument must be numeric "
+ "when setting defaults: %s", (char)opt, str);
+ return strtol(str, NULL, 0);
+}
+
+static void
+mix_config(struct userconf *cmdcnf, struct userconf *cfg)
+{
+
+ if (cmdcnf->default_password < 0)
+ cmdcnf->default_password = cfg->default_password;
+ if (cmdcnf->reuse_uids == 0)
+ cmdcnf->reuse_uids = cfg->reuse_uids;
+ if (cmdcnf->reuse_gids == 0)
+ cmdcnf->reuse_gids = cfg->reuse_gids;
+ if (cmdcnf->nispasswd == NULL)
+ cmdcnf->nispasswd = cfg->nispasswd;
+ if (cmdcnf->dotdir == NULL)
+ cmdcnf->dotdir = cfg->dotdir;
+ if (cmdcnf->newmail == NULL)
+ cmdcnf->newmail = cfg->newmail;
+ if (cmdcnf->logfile == NULL)
+ cmdcnf->logfile = cfg->logfile;
+ if (cmdcnf->home == NULL)
+ cmdcnf->home = cfg->home;
+ if (cmdcnf->homemode == 0)
+ cmdcnf->homemode = cfg->homemode;
+ if (cmdcnf->shelldir == NULL)
+ cmdcnf->shelldir = cfg->shelldir;
+ if (cmdcnf->shells == NULL)
+ cmdcnf->shells = cfg->shells;
+ if (cmdcnf->shell_default == NULL)
+ cmdcnf->shell_default = cfg->shell_default;
+ if (cmdcnf->default_group == NULL)
+ cmdcnf->default_group = cfg->default_group;
+ if (cmdcnf->groups == NULL)
+ cmdcnf->groups = cfg->groups;
+ if (cmdcnf->default_class == NULL)
+ cmdcnf->default_class = cfg->default_class;
+ if (cmdcnf->min_uid == 0)
+ cmdcnf->min_uid = cfg->min_uid;
+ if (cmdcnf->max_uid == 0)
+ cmdcnf->max_uid = cfg->max_uid;
+ if (cmdcnf->min_gid == 0)
+ cmdcnf->min_gid = cfg->min_gid;
+ if (cmdcnf->max_gid == 0)
+ cmdcnf->max_gid = cfg->max_gid;
+ if (cmdcnf->expire_days < 0)
+ cmdcnf->expire_days = cfg->expire_days;
+ if (cmdcnf->password_days < 0)
+ cmdcnf->password_days = cfg->password_days;
+}
+
+int
+pw_user_add(int argc, char **argv, char *arg1)
+{
+ struct userconf *cnf, *cmdcnf;
+ struct passwd *pwd;
+ struct group *grp;
+ struct stat st;
+ char args[] = "C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y";
+ char line[_PASSWORD_LEN+1], path[MAXPATHLEN];
+ char *gecos, *homedir, *skel, *walk, *userid, *groupid, *grname;
+ char *default_passwd, *name, *p;
+ const char *cfg = NULL;
+ login_cap_t *lc;
+ FILE *pfp, *fp;
+ intmax_t id = -1;
+ time_t now;
+ int rc, ch, fd = -1;
+ size_t i;
+ bool dryrun, nis, pretty, quiet, createhome, precrypted, genconf;
+
+ dryrun = nis = pretty = quiet = createhome = precrypted = false;
+ genconf = false;
+ gecos = homedir = skel = userid = groupid = default_passwd = NULL;
+ grname = name = NULL;
+
+ if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL)
+ err(EXIT_FAILURE, "calloc()");
+
+ cmdcnf->default_password = cmdcnf->expire_days = cmdcnf->password_days = -1;
+ now = time(NULL);
+
+ if (arg1 != NULL) {
+ if (arg1[strspn(arg1, "0123456789")] == '\0')
+ id = pw_checkid(arg1, UID_MAX);
+ else
+ name = pw_checkname(arg1, 0);
+ }
+
+ while ((ch = getopt(argc, argv, args)) != -1) {
+ switch (ch) {
+ case 'C':
+ cfg = optarg;
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'n':
+ name = pw_checkname(optarg, 0);
+ break;
+ case 'u':
+ userid = optarg;
+ break;
+ case 'c':
+ gecos = pw_checkname(optarg, 1);
+ break;
+ case 'd':
+ homedir = optarg;
+ break;
+ case 'e':
+ if (genconf)
+ cmdcnf->expire_days = validate_expire(optarg, ch);
+ else
+ cmdcnf->expire_days = parse_date(now, optarg);
+ break;
+ case 'p':
+ if (genconf)
+ cmdcnf->password_days = validate_expire(optarg, ch);
+ else
+ cmdcnf->password_days = parse_date(now, optarg);
+ break;
+ case 'g':
+ validate_grname(cmdcnf, optarg);
+ grname = optarg;
+ break;
+ case 'G':
+ split_groups(&cmdcnf->groups, optarg);
+ break;
+ case 'm':
+ createhome = true;
+ break;
+ case 'M':
+ cmdcnf->homemode = validate_mode(optarg);
+ break;
+ case 'k':
+ walk = skel = optarg;
+ if (*walk == '/')
+ walk++;
+ if (fstatat(conf.rootfd, walk, &st, 0) == -1)
+ errx(EX_OSFILE, "skeleton `%s' does not "
+ "exists", skel);
+ if (!S_ISDIR(st.st_mode))
+ errx(EX_OSFILE, "skeleton `%s' is not a "
+ "directory", skel);
+ cmdcnf->dotdir = skel;
+ break;
+ case 's':
+ cmdcnf->shell_default = optarg;
+ break;
+ case 'o':
+ conf.checkduplicate = false;
+ break;
+ case 'L':
+ cmdcnf->default_class = pw_checkname(optarg, 0);
+ break;
+ case 'i':
+ groupid = optarg;
+ break;
+ case 'w':
+ default_passwd = optarg;
+ break;
+ case 'H':
+ if (fd != -1)
+ errx(EX_USAGE, "'-h' and '-H' are mutually "
+ "exclusive options");
+ fd = pw_checkfd(optarg);
+ precrypted = true;
+ if (fd == '-')
+ errx(EX_USAGE, "-H expects a file descriptor");
+ break;
+ case 'h':
+ if (fd != -1)
+ errx(EX_USAGE, "'-h' and '-H' are mutually "
+ "exclusive options");
+ fd = pw_checkfd(optarg);
+ break;
+ case 'D':
+ genconf = true;
+ break;
+ case 'b':
+ cmdcnf->home = optarg;
+ break;
+ case 'N':
+ dryrun = true;
+ break;
+ case 'P':
+ pretty = true;
+ break;
+ case 'y':
+ cmdcnf->nispasswd = optarg;
+ break;
+ case 'Y':
+ nis = true;
+ break;
+ }
+ }
+
+ if (geteuid() != 0 && ! dryrun)
+ errx(EX_NOPERM, "you must be root");
+
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+
+ cnf = get_userconfig(cfg);
+
+ mix_config(cmdcnf, cnf);
+ if (default_passwd)
+ cmdcnf->default_password = passwd_val(default_passwd,
+ cnf->default_password);
+ if (genconf) {
+ if (name != NULL)
+ errx(EX_DATAERR, "can't combine `-D' with `-n name'");
+ if (userid != NULL) {
+ if ((p = strtok(userid, ", \t")) != NULL)
+ cmdcnf->min_uid = pw_checkid(p, UID_MAX);
+ if (cmdcnf->min_uid == 0)
+ cmdcnf->min_uid = 1000;
+ if ((p = strtok(NULL, " ,\t")) != NULL)
+ cmdcnf->max_uid = pw_checkid(p, UID_MAX);
+ if (cmdcnf->max_uid == 0)
+ cmdcnf->max_uid = 32000;
+ }
+ if (groupid != NULL) {
+ if ((p = strtok(groupid, ", \t")) != NULL)
+ cmdcnf->min_gid = pw_checkid(p, GID_MAX);
+ if (cmdcnf->min_gid == 0)
+ cmdcnf->min_gid = 1000;
+ if ((p = strtok(NULL, " ,\t")) != NULL)
+ cmdcnf->max_gid = pw_checkid(p, GID_MAX);
+ if (cmdcnf->max_gid == 0)
+ cmdcnf->max_gid = 32000;
+ }
+ if (write_userconfig(cmdcnf, cfg))
+ return (EXIT_SUCCESS);
+ err(EX_IOERR, "config update");
+ }
+
+ if (userid)
+ id = pw_checkid(userid, UID_MAX);
+ if (id < 0 && name == NULL)
+ errx(EX_DATAERR, "user name or id required");
+
+ if (name == NULL)
+ errx(EX_DATAERR, "login name required");
+
+ if (GETPWNAM(name) != NULL)
+ errx(EX_DATAERR, "login name `%s' already exists", name);
+
+ if (!grname)
+ grname = cmdcnf->default_group;
+
+ pwd = &fakeuser;
+ pwd->pw_name = name;
+ pwd->pw_class = cmdcnf->default_class ? cmdcnf->default_class : "";
+ pwd->pw_uid = pw_uidpolicy(cmdcnf, id);
+ pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name,
+ (gid_t) pwd->pw_uid, dryrun);
+
+ /* cmdcnf->password_days and cmdcnf->expire_days hold unixtime here */
+ if (cmdcnf->password_days > 0)
+ pwd->pw_change = cmdcnf->password_days;
+ if (cmdcnf->expire_days > 0)
+ pwd->pw_expire = cmdcnf->expire_days;
+
+ pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name);
+ pwd->pw_shell = pw_shellpolicy(cmdcnf);
+ lc = login_getpwclass(pwd);
+ if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
+ warn("setting crypt(3) format");
+ login_close(lc);
+ pwd->pw_passwd = pw_password(cmdcnf, pwd->pw_name, dryrun);
+ if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
+ warnx("WARNING: new account `%s' has a uid of 0 "
+ "(superuser access!)", pwd->pw_name);
+ if (gecos)
+ pwd->pw_gecos = gecos;
+
+ if (fd != -1)
+ pw_set_passwd(pwd, fd, precrypted, false);
+
+ if (dryrun)
+ return (print_user(pwd, pretty, false));
+
+ if ((rc = addpwent(pwd)) != 0) {
+ if (rc == -1)
+ errx(EX_IOERR, "user '%s' already exists",
+ pwd->pw_name);
+ else if (rc != 0)
+ err(EX_IOERR, "passwd file update");
+ }
+ if (nis && cmdcnf->nispasswd && *cmdcnf->nispasswd == '/') {
+ printf("%s\n", cmdcnf->nispasswd);
+ rc = addnispwent(cmdcnf->nispasswd, pwd);
+ if (rc == -1)
+ warnx("User '%s' already exists in NIS passwd",
+ pwd->pw_name);
+ else if (rc != 0)
+ warn("NIS passwd update");
+ /* NOTE: we treat NIS-only update errors as non-fatal */
+ }
+
+ if (cmdcnf->groups != NULL) {
+ for (i = 0; i < cmdcnf->groups->sl_cur; i++) {
+ grp = GETGRNAM(cmdcnf->groups->sl_str[i]);
+ grp = gr_add(grp, pwd->pw_name);
+ /*
+ * grp can only be NULL in 2 cases:
+ * - the new member is already a member
+ * - a problem with memory occurs
+ * in both cases we want to skip now.
+ */
+ if (grp == NULL)
+ continue;
+ chggrent(grp->gr_name, grp);
+ free(grp);
+ }
+ }
+
+ pwd = GETPWNAM(name);
+ if (pwd == NULL)
+ errx(EX_NOUSER, "user '%s' disappeared during update", name);
+
+ grp = GETGRGID(pwd->pw_gid);
+ pw_log(cnf, M_ADD, W_USER, "%s(%ju):%s(%ju):%s:%s:%s",
+ pwd->pw_name, (uintmax_t)pwd->pw_uid,
+ grp ? grp->gr_name : "unknown",
+ (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1),
+ pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell);
+
+ /*
+ * let's touch and chown the user's mail file. This is not
+ * strictly necessary under BSD with a 0755 maildir but it also
+ * doesn't hurt anything to create the empty mailfile
+ */
+ if (PWALTDIR() != PWF_ALT) {
+ snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR,
+ pwd->pw_name);
+ /* Preserve contents & mtime */
+ close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, 0600));
+ fchownat(conf.rootfd, path + 1, pwd->pw_uid, pwd->pw_gid,
+ AT_SYMLINK_NOFOLLOW);
+ }
+
+ /*
+ * Let's create and populate the user's home directory. Note
+ * that this also `works' for editing users if -m is used, but
+ * existing files will *not* be overwritten.
+ */
+ if (PWALTDIR() != PWF_ALT && createhome && pwd->pw_dir &&
+ *pwd->pw_dir == '/' && pwd->pw_dir[1])
+ create_and_populate_homedir(cmdcnf, pwd, cmdcnf->dotdir,
+ cmdcnf->homemode, false);
+
+ if (!PWALTDIR() && cmdcnf->newmail && *cmdcnf->newmail &&
+ (fp = fopen(cnf->newmail, "r")) != NULL) {
+ if ((pfp = popen(_PATH_SENDMAIL " -t", "w")) == NULL)
+ warn("sendmail");
+ else {
+ fprintf(pfp, "From: root\n" "To: %s\n"
+ "Subject: Welcome!\n\n", pwd->pw_name);
+ while (fgets(line, sizeof(line), fp) != NULL) {
+ /* Do substitutions? */
+ fputs(line, pfp);
}
- atofs = ftell(fp);
+ pclose(pfp);
+ pw_log(cnf, M_ADD, W_USER, "%s(%ju) new user mail sent",
+ pwd->pw_name, (uintmax_t)pwd->pw_uid);
}
- /*
- * If we got an error of any sort, don't update!
- */
fclose(fp);
}
+
+ if (nis && nis_update() == 0)
+ pw_log(cnf, M_ADD, W_USER, "NIS maps updated");
+
+ return (EXIT_SUCCESS);
}
+int
+pw_user_mod(int argc, char **argv, char *arg1)
+{
+ struct userconf *cnf;
+ struct passwd *pwd;
+ struct group *grp;
+ StringList *groups = NULL;
+ char args[] = "C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:NPYy:";
+ const char *cfg = NULL;
+ char *gecos, *homedir, *grname, *name, *newname, *walk, *skel, *shell;
+ char *passwd, *class, *nispasswd;
+ login_cap_t *lc;
+ struct stat st;
+ intmax_t id = -1;
+ int ch, fd = -1;
+ size_t i, j;
+ bool quiet, createhome, pretty, dryrun, nis, edited;
+ bool precrypted;
+ mode_t homemode = 0;
+ time_t expire_time, password_time, now;
+
+ expire_time = password_time = -1;
+ gecos = homedir = grname = name = newname = skel = shell =NULL;
+ passwd = NULL;
+ class = nispasswd = NULL;
+ quiet = createhome = pretty = dryrun = nis = precrypted = false;
+ edited = false;
+ now = time(NULL);
+
+ if (arg1 != NULL) {
+ if (arg1[strspn(arg1, "0123456789")] == '\0')
+ id = pw_checkid(arg1, UID_MAX);
+ else
+ name = arg1;
+ }
+
+ while ((ch = getopt(argc, argv, args)) != -1) {
+ switch (ch) {
+ case 'C':
+ cfg = optarg;
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'n':
+ name = optarg;
+ break;
+ case 'u':
+ id = pw_checkid(optarg, UID_MAX);
+ break;
+ case 'c':
+ gecos = pw_checkname(optarg, 1);
+ break;
+ case 'd':
+ homedir = optarg;
+ break;
+ case 'e':
+ expire_time = parse_date(now, optarg);
+ break;
+ case 'p':
+ password_time = parse_date(now, optarg);
+ break;
+ case 'g':
+ group_from_name_or_id(optarg);
+ grname = optarg;
+ break;
+ case 'G':
+ split_groups(&groups, optarg);
+ break;
+ case 'm':
+ createhome = true;
+ break;
+ case 'M':
+ homemode = validate_mode(optarg);
+ break;
+ case 'l':
+ newname = optarg;
+ break;
+ case 'k':
+ walk = skel = optarg;
+ if (*walk == '/')
+ walk++;
+ if (fstatat(conf.rootfd, walk, &st, 0) == -1)
+ errx(EX_OSFILE, "skeleton `%s' does not "
+ "exists", skel);
+ if (!S_ISDIR(st.st_mode))
+ errx(EX_OSFILE, "skeleton `%s' is not a "
+ "directory", skel);
+ break;
+ case 's':
+ shell = optarg;
+ break;
+ case 'w':
+ passwd = optarg;
+ break;
+ case 'L':
+ class = pw_checkname(optarg, 0);
+ break;
+ case 'H':
+ if (fd != -1)
+ errx(EX_USAGE, "'-h' and '-H' are mutually "
+ "exclusive options");
+ fd = pw_checkfd(optarg);
+ precrypted = true;
+ if (fd == '-')
+ errx(EX_USAGE, "-H expects a file descriptor");
+ break;
+ case 'h':
+ if (fd != -1)
+ errx(EX_USAGE, "'-h' and '-H' are mutually "
+ "exclusive options");
+ fd = pw_checkfd(optarg);
+ break;
+ case 'N':
+ dryrun = true;
+ break;
+ case 'P':
+ pretty = true;
+ break;
+ case 'y':
+ nispasswd = optarg;
+ break;
+ case 'Y':
+ nis = true;
+ break;
+ }
+ }
+
+ if (geteuid() != 0 && ! dryrun)
+ errx(EX_NOPERM, "you must be root");
+
+ if (quiet)
+ freopen(_PATH_DEVNULL, "w", stderr);
+
+ cnf = get_userconfig(cfg);
+
+ if (id < 0 && name == NULL)
+ errx(EX_DATAERR, "username or id required");
+
+ pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id);
+ if (pwd == NULL) {
+ if (name == NULL)
+ errx(EX_NOUSER, "no such uid `%ju'",
+ (uintmax_t) id);
+ errx(EX_NOUSER, "no such user `%s'", name);
+ }
+
+ if (name == NULL)
+ name = pwd->pw_name;
+
+ if (nis && nispasswd == NULL)
+ nispasswd = cnf->nispasswd;
+
+ if (PWF._altdir == PWF_REGULAR &&
+ ((pwd->pw_fields & _PWF_SOURCE) != _PWF_FILES)) {
+ if ((pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) {
+ if (!nis && nispasswd && *nispasswd != '/')
+ errx(EX_NOUSER, "Cannot modify NIS user `%s'",
+ name);
+ } else {
+ errx(EX_NOUSER, "Cannot modify non local user `%s'",
+ name);
+ }
+ }
+
+ if (newname) {
+ if (strcmp(pwd->pw_name, "root") == 0)
+ errx(EX_DATAERR, "can't rename `root' account");
+ if (strcmp(pwd->pw_name, newname) != 0) {
+ pwd->pw_name = pw_checkname(newname, 0);
+ edited = true;
+ }
+ }
+
+ if (id >= 0 && pwd->pw_uid != id) {
+ pwd->pw_uid = id;
+ edited = true;
+ if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0)
+ errx(EX_DATAERR, "can't change uid of `root' account");
+ if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
+ warnx("WARNING: account `%s' will have a uid of 0 "
+ "(superuser access!)", pwd->pw_name);
+ }
+
+ if (grname && pwd->pw_uid != 0) {
+ grp = GETGRNAM(grname);
+ if (grp == NULL)
+ grp = GETGRGID(pw_checkid(grname, GID_MAX));
+ if (grp->gr_gid != pwd->pw_gid) {
+ pwd->pw_gid = grp->gr_gid;
+ edited = true;
+ }
+ }
+
+
+ if (password_time >= 0 && pwd->pw_change != password_time) {
+ pwd->pw_change = password_time;
+ edited = true;
+ }
+
+ if (expire_time >= 0 && pwd->pw_expire != expire_time) {
+ pwd->pw_expire = expire_time;
+ edited = true;
+ }
+
+ if (shell) {
+ shell = shell_path(cnf->shelldir, cnf->shells, shell);
+ if (shell == NULL)
+ shell = "";
+ if (strcmp(shell, pwd->pw_shell) != 0) {
+ pwd->pw_shell = shell;
+ edited = true;
+ }
+ }
+
+ if (class && strcmp(pwd->pw_class, class) != 0) {
+ pwd->pw_class = class;
+ edited = true;
+ }
+
+ if (homedir && strcmp(pwd->pw_dir, homedir) != 0) {
+ pwd->pw_dir = homedir;
+ edited = true;
+ if (fstatat(conf.rootfd, pwd->pw_dir, &st, 0) == -1) {
+ if (!createhome)
+ warnx("WARNING: home `%s' does not exist",
+ pwd->pw_dir);
+ } else if (!S_ISDIR(st.st_mode)) {
+ warnx("WARNING: home `%s' is not a directory",
+ pwd->pw_dir);
+ }
+ }
+
+ if (passwd && conf.fd == -1) {
+ lc = login_getpwclass(pwd);
+ if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
+ warn("setting crypt(3) format");
+ login_close(lc);
+ cnf->default_password = passwd_val(passwd,
+ cnf->default_password);
+ pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun);
+ edited = true;
+ }
+
+ if (gecos && strcmp(pwd->pw_gecos, gecos) != 0) {
+ pwd->pw_gecos = gecos;
+ edited = true;
+ }
+
+ if (fd != -1)
+ edited = pw_set_passwd(pwd, fd, precrypted, true);
+
+ if (dryrun)
+ return (print_user(pwd, pretty, false));
+
+ if (edited) /* Only updated this if required */
+ perform_chgpwent(name, pwd, nis ? nispasswd : NULL);
+ /* Now perform the needed changes concern groups */
+ if (groups != NULL) {
+ /* Delete User from groups using old name */
+ SETGRENT();
+ while ((grp = GETGRENT()) != NULL) {
+ if (grp->gr_mem == NULL)
+ continue;
+ for (i = 0; grp->gr_mem[i] != NULL; i++) {
+ if (strcmp(grp->gr_mem[i] , name) != 0)
+ continue;
+ for (j = i; grp->gr_mem[j] != NULL ; j++)
+ grp->gr_mem[j] = grp->gr_mem[j+1];
+ chggrent(grp->gr_name, grp);
+ break;
+ }
+ }
+ ENDGRENT();
+ /* Add the user to the needed groups */
+ for (i = 0; i < groups->sl_cur; i++) {
+ grp = GETGRNAM(groups->sl_str[i]);
+ grp = gr_add(grp, pwd->pw_name);
+ if (grp == NULL)
+ continue;
+ chggrent(grp->gr_name, grp);
+ free(grp);
+ }
+ }
+ /* In case of rename we need to walk over the different groups */
+ if (newname) {
+ SETGRENT();
+ while ((grp = GETGRENT()) != NULL) {
+ if (grp->gr_mem == NULL)
+ continue;
+ for (i = 0; grp->gr_mem[i] != NULL; i++) {
+ if (strcmp(grp->gr_mem[i], name) != 0)
+ continue;
+ grp->gr_mem[i] = newname;
+ chggrent(grp->gr_name, grp);
+ break;
+ }
+ }
+ }
+
+ /* go get a current version of pwd */
+ if (newname)
+ name = newname;
+ pwd = GETPWNAM(name);
+ if (pwd == NULL)
+ errx(EX_NOUSER, "user '%s' disappeared during update", name);
+ grp = GETGRGID(pwd->pw_gid);
+ pw_log(cnf, M_UPDATE, W_USER, "%s(%ju):%s(%ju):%s:%s:%s",
+ pwd->pw_name, (uintmax_t)pwd->pw_uid,
+ grp ? grp->gr_name : "unknown",
+ (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1),
+ pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell);
+
+ /*
+ * Let's create and populate the user's home directory. Note
+ * that this also `works' for editing users if -m is used, but
+ * existing files will *not* be overwritten.
+ */
+ if (PWALTDIR() != PWF_ALT && createhome && pwd->pw_dir &&
+ *pwd->pw_dir == '/' && pwd->pw_dir[1]) {
+ if (!skel)
+ skel = cnf->dotdir;
+ if (homemode == 0)
+ homemode = cnf->homemode;
+ create_and_populate_homedir(cnf, pwd, skel, homemode, true);
+ }
+
+ if (nis && nis_update() == 0)
+ pw_log(cnf, M_UPDATE, W_USER, "NIS maps updated");
+
+ return (EXIT_SUCCESS);
+}
Modified: trunk/usr.sbin/pw/pw_vpw.c
===================================================================
--- trunk/usr.sbin/pw/pw_vpw.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pw_vpw.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -27,13 +28,18 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/pw_vpw.c 292965 2015-12-30 23:25:45Z bapt $";
#endif /* not lint */
+#include <pwd.h>
+#include <grp.h>
+#include <libutil.h>
+#define _WITH_GETLINE
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/param.h>
+#include <err.h>
#include "pwupd.h"
@@ -55,101 +61,46 @@
}
static struct passwd *
-vnextpwent(char const * nam, uid_t uid, int doclose)
+vnextpwent(char const *nam, uid_t uid, int doclose)
{
- struct passwd * pw = NULL;
- static char pwtmp[1024];
+ struct passwd *pw;
+ char *line;
+ size_t linecap;
+ ssize_t linelen;
- strlcpy(pwtmp, getpwpath(_MASTERPASSWD), sizeof(pwtmp));
+ pw = NULL;
+ line = NULL;
+ linecap = 0;
- if (pwd_fp != NULL || (pwd_fp = fopen(pwtmp, "r")) != NULL) {
- int done = 0;
-
- static struct passwd pwd;
-
- while (!done && fgets(pwtmp, sizeof pwtmp, pwd_fp) != NULL)
- {
- int i, quickout = 0;
- char * q;
- char * p = strchr(pwtmp, '\n');
-
- if (p == NULL) {
- while (fgets(pwtmp, sizeof pwtmp, pwd_fp) != NULL && strchr(pwtmp, '\n')==NULL)
- ; /* Skip long lines */
- continue;
- }
-
- /* skip comments & empty lines */
- if (*pwtmp =='\n' || *pwtmp == '#')
+ if (pwd_fp != NULL || (pwd_fp = fopen(getpwpath(_MASTERPASSWD), "r")) != NULL) {
+ while ((linelen = getline(&line, &linecap, pwd_fp)) > 0) {
+ /* Skip comments and empty lines */
+ if (*line == '\n' || *line == '#')
continue;
-
- i = 0;
- q = p = pwtmp;
- bzero(&pwd, sizeof pwd);
- while (!quickout && (p = strsep(&q, ":\n")) != NULL) {
- switch (i++)
- {
- case 0: /* username */
- pwd.pw_name = p;
- if (nam) {
- if (strcmp(nam, p) == 0)
- done = 1;
- else
- quickout = 1;
- }
- break;
- case 1: /* password */
- pwd.pw_passwd = p;
- break;
- case 2: /* uid */
- pwd.pw_uid = atoi(p);
- if (uid != (uid_t)-1) {
- if (uid == pwd.pw_uid)
- done = 1;
- else
- quickout = 1;
- }
- break;
- case 3: /* gid */
- pwd.pw_gid = atoi(p);
- break;
- case 4: /* class */
- if (nam == NULL && uid == (uid_t)-1)
- done = 1;
- pwd.pw_class = p;
- break;
- case 5: /* change */
- pwd.pw_change = (time_t)atol(p);
- break;
- case 6: /* expire */
- pwd.pw_expire = (time_t)atol(p);
- break;
- case 7: /* gecos */
- pwd.pw_gecos = p;
- break;
- case 8: /* directory */
- pwd.pw_dir = p;
- break;
- case 9: /* shell */
- pwd.pw_shell = p;
- break;
- }
- }
- }
+ /* trim latest \n */
+ if (line[linelen - 1 ] == '\n')
+ line[linelen - 1] = '\0';
+ pw = pw_scan(line, PWSCAN_MASTER);
+ if (pw == NULL)
+ errx(EXIT_FAILURE, "Invalid user entry in '%s':"
+ " '%s'", getpwpath(_MASTERPASSWD), line);
+ if (uid != (uid_t)-1) {
+ if (uid == pw->pw_uid)
+ break;
+ } else if (nam != NULL) {
+ if (strcmp(nam, pw->pw_name) == 0)
+ break;
+ } else
+ break;
+ free(pw);
+ pw = NULL;
+ }
if (doclose)
vendpwent();
- if (done && pwd.pw_name) {
- pw = &pwd;
+ }
+ free(line);
- #define CKNULL(s) s = s ? s : ""
- CKNULL(pwd.pw_passwd);
- CKNULL(pwd.pw_class);
- CKNULL(pwd.pw_gecos);
- CKNULL(pwd.pw_dir);
- CKNULL(pwd.pw_shell);
- }
- }
- return pw;
+ return (pw);
}
struct passwd *
@@ -170,14 +121,7 @@
return vnextpwent(nam, -1, 1);
}
-int vpwdb(char *arg, ...)
-{
- arg=arg;
- return 0;
-}
-
-
static FILE * grp_fp = NULL;
void
@@ -199,93 +143,46 @@
}
static struct group *
-vnextgrent(char const * nam, gid_t gid, int doclose)
+vnextgrent(char const *nam, gid_t gid, int doclose)
{
- struct group * gr = NULL;
+ struct group *gr;
+ char *line;
+ size_t linecap;
+ ssize_t linelen;
- static char * grtmp = NULL;
- static int grlen = 0;
- static char ** mems = NULL;
- static int memlen = 0;
+ gr = NULL;
+ line = NULL;
+ linecap = 0;
- extendline(&grtmp, &grlen, MAXPATHLEN);
- strlcpy(grtmp, getgrpath(_GROUP), MAXPATHLEN);
-
- if (grp_fp != NULL || (grp_fp = fopen(grtmp, "r")) != NULL) {
- int done = 0;
-
- static struct group grp;
-
- while (!done && fgets(grtmp, grlen, grp_fp) != NULL)
- {
- int i, quickout = 0;
- int mno = 0;
- char * q, * p;
- char * sep = ":\n";
-
- if ((p = strchr(grtmp, '\n')) == NULL) {
- int l;
- extendline(&grtmp, &grlen, grlen + PWBUFSZ);
- l = strlen(grtmp);
- if (fgets(grtmp + l, grlen - l, grp_fp) == NULL)
- break; /* No newline terminator on last line */
- }
+ if (grp_fp != NULL || (grp_fp = fopen(getgrpath(_GROUP), "r")) != NULL) {
+ while ((linelen = getline(&line, &linecap, grp_fp)) > 0) {
/* Skip comments and empty lines */
- if (*grtmp == '\n' || *grtmp == '#')
+ if (*line == '\n' || *line == '#')
continue;
- i = 0;
- q = p = grtmp;
- bzero(&grp, sizeof grp);
- extendarray(&mems, &memlen, 200);
- while (!quickout && (p = strsep(&q, sep)) != NULL) {
- switch (i++)
- {
- case 0: /* groupname */
- grp.gr_name = p;
- if (nam) {
- if (strcmp(nam, p) == 0)
- done = 1;
- else
- quickout = 1;
- }
+ /* trim latest \n */
+ if (line[linelen - 1 ] == '\n')
+ line[linelen - 1] = '\0';
+ gr = gr_scan(line);
+ if (gr == NULL)
+ errx(EXIT_FAILURE, "Invalid group entry in '%s':"
+ " '%s'", getgrpath(_GROUP), line);
+ if (gid != (gid_t)-1) {
+ if (gid == gr->gr_gid)
break;
- case 1: /* password */
- grp.gr_passwd = p;
+ } else if (nam != NULL) {
+ if (strcmp(nam, gr->gr_name) == 0)
break;
- case 2: /* gid */
- grp.gr_gid = atoi(p);
- if (gid != (gid_t)-1) {
- if (gid == (gid_t)grp.gr_gid)
- done = 1;
- else
- quickout = 1;
- } else if (nam == NULL)
- done = 1;
- break;
- case 3:
- q = p;
- sep = ",\n";
- break;
- default:
- if (*p) {
- extendarray(&mems, &memlen, mno + 2);
- mems[mno++] = p;
- }
- break;
- }
- }
- grp.gr_mem = mems;
- mems[mno] = NULL;
- }
+ } else
+ break;
+ free(gr);
+ gr = NULL;
+ }
if (doclose)
vendgrent();
- if (done && grp.gr_name) {
- gr = &grp;
+ }
+ free(line);
- CKNULL(grp.gr_passwd);
- }
- }
- return gr;
+ return (gr);
}
struct group *
@@ -307,10 +204,3 @@
return vnextgrent(nam, -1, 1);
}
-int
-vgrdb(char *arg, ...)
-{
- arg=arg;
- return 0;
-}
-
Modified: trunk/usr.sbin/pw/pwupd.c
===================================================================
--- trunk/usr.sbin/pw/pwupd.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pwupd.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,66 +27,45 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/pwupd.c 310173 2016-12-16 20:10:55Z asomers $";
#endif /* not lint */
+#include <sys/wait.h>
+
+#include <err.h>
+#include <errno.h>
+#include <pwd.h>
+#include <libutil.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include <stdarg.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <sys/wait.h>
#include "pwupd.h"
-#define HAVE_PWDB_C 1
-#define HAVE_PWDB_U 1
-
-static char pathpwd[] = _PATH_PWD;
-static char * pwpath = pathpwd;
-
-int
-setpwdir(const char * dir)
-{
- if (dir == NULL)
- return -1;
- else
- pwpath = strdup(dir);
- if (pwpath == NULL)
- return -1;
- return 0;
-}
-
char *
getpwpath(char const * file)
{
static char pathbuf[MAXPATHLEN];
- snprintf(pathbuf, sizeof pathbuf, "%s/%s", pwpath, file);
- return pathbuf;
+ snprintf(pathbuf, sizeof pathbuf, "%s/%s", conf.etcpath, file);
+
+ return (pathbuf);
}
-int
-pwdb(char *arg,...)
+static int
+pwdb_check(void)
{
int i = 0;
pid_t pid;
- va_list ap;
char *args[10];
args[i++] = _PATH_PWD_MKDB;
- va_start(ap, arg);
- while (i < 6 && arg != NULL) {
- args[i++] = arg;
- arg = va_arg(ap, char *);
- }
- if (pwpath != pathpwd) {
+ args[i++] = "-C";
+
+ if (strcmp(conf.etcpath, _PATH_PWD) != 0) {
args[i++] = "-d";
- args[i++] = pwpath;
+ args[i++] = conf.etcpath;
}
args[i++] = getpwpath(_MASTERPASSWD);
args[i] = NULL;
@@ -100,112 +80,74 @@
if (WEXITSTATUS(i))
i = EIO;
}
- return i;
+
+ return (i);
}
-int
-fmtpwentry(char *buf, struct passwd * pwd, int type)
+static int
+pw_update(struct passwd * pwd, char const * user)
{
- int l;
- char *pw;
+ struct passwd *pw = NULL;
+ struct passwd *old_pw = NULL;
+ int rc, pfd, tfd;
- pw = (type == PWF_MASTER) ?
- ((pwd->pw_passwd == NULL) ? "" : pwd->pw_passwd) : "*";
+ if ((rc = pwdb_check()) != 0)
+ return (rc);
- if (type == PWF_PASSWD)
- l = sprintf(buf, "%s:*:%ld:%ld:%s:%s:%s\n",
- pwd->pw_name, (long) pwd->pw_uid, (long) pwd->pw_gid,
- pwd->pw_gecos ? pwd->pw_gecos : "User &",
- pwd->pw_dir, pwd->pw_shell);
- else
- l = sprintf(buf, "%s:%s:%ld:%ld:%s:%lu:%lu:%s:%s:%s\n",
- pwd->pw_name, pw, (long) pwd->pw_uid, (long) pwd->pw_gid,
- pwd->pw_class ? pwd->pw_class : "",
- (unsigned long) pwd->pw_change,
- (unsigned long) pwd->pw_expire,
- pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell);
- return l;
-}
+ if (pwd != NULL)
+ pw = pw_dup(pwd);
+ if (user != NULL)
+ old_pw = GETPWNAM(user);
-int
-fmtpwent(char *buf, struct passwd * pwd)
-{
- return fmtpwentry(buf, pwd, PWF_STANDARD);
-}
-
-static int
-pw_update(struct passwd * pwd, char const * user, int mode)
-{
- int rc = 0;
-
- ENDPWENT();
-
+ if (pw_init(conf.etcpath, NULL))
+ err(1, "pw_init()");
+ if ((pfd = pw_lock()) == -1) {
+ pw_fini();
+ err(1, "pw_lock()");
+ }
+ if ((tfd = pw_tmp(-1)) == -1) {
+ pw_fini();
+ err(1, "pw_tmp()");
+ }
+ if (pw_copy(pfd, tfd, pw, old_pw) == -1) {
+ pw_fini();
+ close(tfd);
+ err(1, "pw_copy()");
+ }
+ fsync(tfd);
+ close(tfd);
/*
- * First, let's check the see if the database is alright
- * Note: -C is only available in FreeBSD 2.2 and above
+ * in case of deletion of a user, the whole database
+ * needs to be regenerated
*/
-#ifdef HAVE_PWDB_C
- rc = pwdb("-C", (char *)NULL); /* Check only */
- if (rc == 0) {
-#else
- { /* No -C */
-#endif
- char pfx[PWBUFSZ];
- char pwbuf[PWBUFSZ];
- int l = snprintf(pfx, PWBUFSZ, "%s:", user);
-#ifdef HAVE_PWDB_U
- int isrename = pwd!=NULL && strcmp(user, pwd->pw_name);
-#endif
+ if (pw_mkdb(pw != NULL ? pw->pw_name : NULL) == -1) {
+ pw_fini();
+ err(1, "pw_mkdb()");
+ }
+ free(pw);
+ pw_fini();
- /*
- * Update the passwd file first
- */
- if (pwd == NULL)
- *pwbuf = '\0';
- else
- fmtpwentry(pwbuf, pwd, PWF_PASSWD);
-
- if (l < 0)
- l = 0;
- rc = fileupdate(getpwpath(_PASSWD), 0644, pwbuf, pfx, l, mode);
- if (rc == 0) {
-
- /*
- * Then the master.passwd file
- */
- if (pwd != NULL)
- fmtpwentry(pwbuf, pwd, PWF_MASTER);
- rc = fileupdate(getpwpath(_MASTERPASSWD), 0600, pwbuf, pfx, l, mode);
- if (rc == 0) {
-#ifdef HAVE_PWDB_U
- if (mode == UPD_DELETE || isrename)
-#endif
- rc = pwdb(NULL);
-#ifdef HAVE_PWDB_U
- else
- rc = pwdb("-u", user, (char *)NULL);
-#endif
- }
- }
- }
- return rc;
+ return (0);
}
int
addpwent(struct passwd * pwd)
{
- return pw_update(pwd, pwd->pw_name, UPD_CREATE);
+
+ return (pw_update(pwd, NULL));
}
int
chgpwent(char const * login, struct passwd * pwd)
{
- return pw_update(pwd, login, UPD_REPLACE);
+
+ return (pw_update(pwd, login));
}
int
delpwent(struct passwd * pwd)
{
- return pw_update(NULL, pwd->pw_name, UPD_DELETE);
+
+ return (pw_update(NULL, pwd->pw_name));
}
Modified: trunk/usr.sbin/pw/pwupd.h
===================================================================
--- trunk/usr.sbin/pw/pwupd.h 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/pwupd.h 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -23,18 +24,21 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $MidnightBSD$
+ * $FreeBSD: stable/10/usr.sbin/pw/pwupd.h 287084 2015-08-23 21:42:27Z bapt $
*/
#ifndef _PWUPD_H_
#define _PWUPD_H_
+#include <sys/cdefs.h>
+#include <sys/param.h>
#include <sys/types.h>
+
#include <pwd.h>
#include <grp.h>
+#include <stdbool.h>
+#include <stringlist.h>
-#include <sys/cdefs.h>
-
#if defined(__FreeBSD__)
#define RET_SETGRENT int
#else
@@ -41,27 +45,7 @@
#define RET_SETGRENT void
#endif
-enum updtype
-{
- UPD_DELETE = -1,
- UPD_CREATE = 0,
- UPD_REPLACE = 1
-};
-
-__BEGIN_DECLS
-int fileupdate(char const * fname, mode_t fm, char const * nline, char const * pfx, int pfxlen, int updmode);
-__END_DECLS
-
-enum pwdfmttype
-{
- PWF_STANDARD, /* MASTER format but with '*' as password */
- PWF_PASSWD, /* V7 format */
- PWF_GROUP = PWF_PASSWD,
- PWF_MASTER /* MASTER format with password */
-};
-
-struct pwf
-{
+struct pwf {
int _altdir;
void (*_setpwent)(void);
void (*_endpwent)(void);
@@ -68,17 +52,46 @@
struct passwd * (*_getpwent)(void);
struct passwd * (*_getpwuid)(uid_t uid);
struct passwd * (*_getpwnam)(const char * nam);
- int (*_pwdb)(char *arg, ...);
RET_SETGRENT (*_setgrent)(void);
void (*_endgrent)(void);
struct group * (*_getgrent)(void);
struct group * (*_getgrgid)(gid_t gid);
struct group * (*_getgrnam)(const char * nam);
- int (*_grdb)(char *arg, ...);
};
+struct userconf {
+ int default_password; /* Default password for new users? */
+ int reuse_uids; /* Reuse uids? */
+ int reuse_gids; /* Reuse gids? */
+ char *nispasswd; /* Path to NIS version of the passwd file */
+ char *dotdir; /* Where to obtain skeleton files */
+ char *newmail; /* Mail to send to new accounts */
+ char *logfile; /* Where to log changes */
+ char *home; /* Where to create home directory */
+ mode_t homemode; /* Home directory permissions */
+ char *shelldir; /* Where shells are located */
+ char **shells; /* List of shells */
+ char *shell_default; /* Default shell */
+ char *default_group; /* Default group number */
+ StringList *groups; /* Default (additional) groups */
+ char *default_class; /* Default user class */
+ uid_t min_uid, max_uid; /* Allowed range of uids */
+ gid_t min_gid, max_gid; /* Allowed range of gids */
+ time_t expire_days; /* Days to expiry */
+ time_t password_days; /* Days to password expiry */
+};
+
+struct pwconf {
+ char rootdir[MAXPATHLEN];
+ char etcpath[MAXPATHLEN];
+ int fd;
+ int rootfd;
+ bool checkduplicate;
+};
+
extern struct pwf PWF;
extern struct pwf VPWF;
+extern struct pwconf conf;
#define SETPWENT() PWF._setpwent()
#define ENDPWENT() PWF._endpwent()
@@ -85,7 +98,6 @@
#define GETPWENT() PWF._getpwent()
#define GETPWUID(uid) PWF._getpwuid(uid)
#define GETPWNAM(nam) PWF._getpwnam(nam)
-#define PWDB(args) PWF._pwdb(args)
#define SETGRENT() PWF._setgrent()
#define ENDGRENT() PWF._endgrent()
@@ -92,8 +104,11 @@
#define GETGRENT() PWF._getgrent()
#define GETGRGID(gid) PWF._getgrgid(gid)
#define GETGRNAM(nam) PWF._getgrnam(nam)
-#define GRDB(args) PWF._grdb(args)
+#define PWF_REGULAR 0
+#define PWF_ALT 1
+#define PWF_ROOTDIR 2
+
#define PWALTDIR() PWF._altdir
#ifndef _PATH_PWD
#define _PATH_PWD "/etc"
@@ -101,37 +116,22 @@
#ifndef _GROUP
#define _GROUP "group"
#endif
-#ifndef _PASSWD
-#define _PASSWD "passwd"
-#endif
#ifndef _MASTERPASSWD
#define _MASTERPASSWD "master.passwd"
#endif
-#ifndef _GROUP
-#define _GROUP "group"
-#endif
__BEGIN_DECLS
int addpwent(struct passwd * pwd);
int delpwent(struct passwd * pwd);
int chgpwent(char const * login, struct passwd * pwd);
-int fmtpwent(char *buf, struct passwd * pwd);
-int fmtpwentry(char *buf, struct passwd * pwd, int type);
-int setpwdir(const char * dir);
char * getpwpath(char const * file);
-int pwdb(char *arg, ...);
int addgrent(struct group * grp);
int delgrent(struct group * grp);
int chggrent(char const * name, struct group * grp);
-int fmtgrent(char **buf, int * buflen, struct group * grp);
-int fmtgrentry(char **buf, int * buflen, struct group * grp, int type);
-int editgroups(char *name, char **groups);
-int setgrdir(const char * dir);
char * getgrpath(const char *file);
-int grdb(char *arg, ...);
void vsetpwent(void);
void vendpwent(void);
@@ -138,23 +138,16 @@
struct passwd * vgetpwent(void);
struct passwd * vgetpwuid(uid_t uid);
struct passwd * vgetpwnam(const char * nam);
-struct passwd * vgetpwent(void);
-int vpwdb(char *arg, ...);
struct group * vgetgrent(void);
struct group * vgetgrgid(gid_t gid);
struct group * vgetgrnam(const char * nam);
-struct group * vgetgrent(void);
-int vgrdb(char *arg, ...);
RET_SETGRENT vsetgrent(void);
void vendgrent(void);
-void copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid);
-void rm_r(char const * dir, uid_t uid);
-int extendline(char **buf, int *buflen, int needed);
-int extendarray(char ***buf, int *buflen, int needed);
+void copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid,
+ gid_t gid, int flags);
+void rm_r(int rootfd, char const * dir, uid_t uid);
__END_DECLS
-#define PWBUFSZ 1024
-
#endif /* !_PWUPD_H */
Modified: trunk/usr.sbin/pw/rm_r.c
===================================================================
--- trunk/usr.sbin/pw/rm_r.c 2018-06-03 22:58:43 UTC (rev 10356)
+++ trunk/usr.sbin/pw/rm_r.c 2018-06-03 23:00:23 UTC (rev 10357)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
@@ -26,50 +27,48 @@
#ifndef lint
static const char rcsid[] =
- "$MidnightBSD$";
+ "$FreeBSD: stable/10/usr.sbin/pw/rm_r.c 303257 2016-07-24 08:21:21Z bapt $";
#endif /* not lint */
-#include <stdio.h>
-#include <stdlib.h>
+#include <sys/stat.h>
+
+#include <dirent.h>
+#include <fcntl.h>
#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
#include <unistd.h>
-#include <dirent.h>
#include "pwupd.h"
void
-rm_r(char const * dir, uid_t uid)
+rm_r(int rootfd, const char *path, uid_t uid)
{
- DIR *d = opendir(dir);
+ int dirfd;
+ DIR *d;
+ struct dirent *e;
+ struct stat st;
- if (d != NULL) {
- struct dirent *e;
- struct stat st;
- char file[MAXPATHLEN];
+ if (*path == '/')
+ path++;
- while ((e = readdir(d)) != NULL) {
- if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0) {
- sprintf(file, "%s/%s", dir, e->d_name);
- if (lstat(file, &st) == 0) { /* Need symlinks, not
- * linked file */
- if (S_ISDIR(st.st_mode)) /* Directory - recurse */
- rm_r(file, uid);
- else {
- if (S_ISLNK(st.st_mode) || st.st_uid == uid)
- remove(file);
- }
- }
- }
- }
- closedir(d);
- if (lstat(dir, &st) == 0) {
- if (S_ISLNK(st.st_mode))
- remove(dir);
- else if (st.st_uid == uid)
- rmdir(dir);
- }
+ dirfd = openat(rootfd, path, O_DIRECTORY);
+ if (dirfd == -1) {
+ return;
}
+
+ d = fdopendir(dirfd);
+ while ((e = readdir(d)) != NULL) {
+ if (strcmp(e->d_name, ".") == 0 || strcmp(e->d_name, "..") == 0)
+ continue;
+
+ if (fstatat(dirfd, e->d_name, &st, AT_SYMLINK_NOFOLLOW) != 0)
+ continue;
+ if (S_ISDIR(st.st_mode))
+ rm_r(dirfd, e->d_name, uid);
+ else if (S_ISLNK(st.st_mode) || st.st_uid == uid)
+ unlinkat(dirfd, e->d_name, 0);
+ }
+ closedir(d);
+ if (fstatat(rootfd, path, &st, AT_SYMLINK_NOFOLLOW) != 0)
+ return;
+ unlinkat(rootfd, path, S_ISDIR(st.st_mode) ? AT_REMOVEDIR : 0);
}
More information about the Midnightbsd-cvs
mailing list