Annotation of src/usr.bin/chpass/chpass.c, Revision 1.17
1.17 ! millert 1: /* $OpenBSD: chpass.c,v 1.16 2000/11/26 01:29:43 millert Exp $ */
1.2 deraadt 2: /* $NetBSD: chpass.c,v 1.8 1996/05/15 21:50:43 jtc Exp $ */
1.1 deraadt 3:
4: /*-
5: * Copyright (c) 1988, 1993, 1994
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. All advertising materials mentioning features or use of this software
17: * must display the following acknowledgement:
18: * This product includes software developed by the University of
19: * California, Berkeley and its contributors.
20: * 4. Neither the name of the University nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34: * SUCH DAMAGE.
35: */
36:
37: #ifndef lint
38: static char copyright[] =
39: "@(#) Copyright (c) 1988, 1993, 1994\n\
40: The Regents of the University of California. All rights reserved.\n";
41: #endif /* not lint */
42:
43: #ifndef lint
44: #if 0
45: static char sccsid[] = "@(#)chpass.c 8.4 (Berkeley) 4/2/94";
46: #else
1.17 ! millert 47: static char rcsid[] = "$OpenBSD: chpass.c,v 1.16 2000/11/26 01:29:43 millert Exp $";
1.1 deraadt 48: #endif
49: #endif /* not lint */
50:
51: #include <sys/param.h>
1.17 ! millert 52: #include <sys/resource.h>
1.1 deraadt 53: #include <sys/stat.h>
54: #include <sys/time.h>
1.17 ! millert 55: #include <sys/uio.h>
1.1 deraadt 56:
57: #include <ctype.h>
58: #include <err.h>
59: #include <errno.h>
60: #include <fcntl.h>
61: #include <pwd.h>
1.17 ! millert 62: #include <signal.h>
1.1 deraadt 63: #include <stdio.h>
64: #include <stdlib.h>
65: #include <string.h>
66: #include <unistd.h>
1.2 deraadt 67: #include <util.h>
1.1 deraadt 68:
69: #include "chpass.h"
70: #include "pathnames.h"
71:
1.14 millert 72: char tempname[] = __CONCAT(_PATH_VARTMP,"pw.XXXXXXXX");
1.17 ! millert 73: enum { NEWSH, LOADENTRY, EDITENTRY } op;
1.1 deraadt 74: uid_t uid;
75:
1.13 millert 76: extern char *__progname;
77:
1.1 deraadt 78: #ifdef YP
79: int use_yp;
80: int force_yp = 0;
81: extern struct passwd *ypgetpwnam(), *ypgetpwuid();
1.10 deraadt 82: int _yp_check __P((char **));
83: int pw_yp __P((struct passwd *, uid_t));
1.1 deraadt 84: #endif
85:
86: void baduser __P((void));
1.14 millert 87: void tempcleanup __P((void));
1.17 ! millert 88: void kbintr __P((int));
1.1 deraadt 89: void usage __P((void));
90:
91: int
92: main(argc, argv)
93: int argc;
94: char **argv;
95: {
96: struct passwd *pw, lpw;
1.2 deraadt 97: int ch, pfd, tfd, dfd;
1.14 millert 98: char *arg;
1.17 ! millert 99: char *s = NULL;
! 100: sigset_t fullset;
1.1 deraadt 101:
102: #ifdef YP
103: use_yp = _yp_check(NULL);
104: #endif
105:
106: op = EDITENTRY;
1.7 millert 107: while ((ch = getopt(argc, argv, "a:s:ly")) != -1)
1.1 deraadt 108: switch(ch) {
109: case 'a':
110: op = LOADENTRY;
111: arg = optarg;
112: break;
113: case 's':
114: op = NEWSH;
115: arg = optarg;
116: break;
117: #ifdef YP
118: case 'l':
119: use_yp = 0;
120: break;
121: case 'y':
122: if (!use_yp) {
123: warnx("YP not in use.");
124: usage();
125: }
126: force_yp = 1;
127: break;
128: #endif
129: case '?':
130: default:
131: usage();
132: }
133: argc -= optind;
134: argv += optind;
135:
136: #ifdef YP
137: if (op == LOADENTRY && use_yp)
138: errx(1, "cannot load entry using NIS.\n\tUse the -l flag to load local.");
139: #endif
140: uid = getuid();
141:
142: if (op == EDITENTRY || op == NEWSH)
143: switch(argc) {
144: case 0:
145: pw = getpwuid(uid);
146: #ifdef YP
147: if (pw && !force_yp)
148: use_yp = 0;
149: else if (use_yp)
150: pw = ypgetpwuid(uid);
151: #endif /* YP */
152: if (!pw)
153: errx(1, "unknown user: uid %u\n", uid);
154: break;
155: case 1:
156: pw = getpwnam(*argv);
157: #ifdef YP
158: if (pw && !force_yp)
159: use_yp = 0;
160: else if (use_yp)
161: pw = ypgetpwnam(*argv);
162: #endif /* YP */
163: if (!pw)
164: errx(1, "unknown user: %s", *argv);
165: if (uid && uid != pw->pw_uid)
166: baduser();
167: break;
168: default:
169: usage();
170: }
171:
172: if (op == NEWSH) {
173: /* protect p_shell -- it thinks NULL is /bin/sh */
174: if (!arg[0])
175: usage();
1.9 kstailey 176: if (p_shell(arg, pw, NULL))
177: pw_error(NULL, 0, 1);
1.1 deraadt 178: }
179:
180: if (op == LOADENTRY) {
181: if (uid)
182: baduser();
183: pw = &lpw;
1.9 kstailey 184: if (!pw_scan(arg, pw, NULL))
1.1 deraadt 185: exit(1);
186: }
187:
1.2 deraadt 188: /* Edit the user passwd information if requested. */
1.1 deraadt 189: if (op == EDITENTRY) {
1.2 deraadt 190: dfd = mkstemp(tempname);
1.12 millert 191: if (dfd == -1 || fcntl(dfd, F_SETFD, 1) == -1)
1.2 deraadt 192: pw_error(tempname, 1, 1);
1.14 millert 193: atexit(tempcleanup);
1.2 deraadt 194: display(tempname, dfd, pw);
195: edit(tempname, pw);
1.1 deraadt 196: }
1.2 deraadt 197:
1.17 ! millert 198: /* Drop user's real uid and block all signals to avoid a DoS. */
! 199: setuid(0);
! 200: sigfillset(&fullset);
! 201: sigdelset(&fullset, SIGINT);
! 202: sigprocmask(SIG_BLOCK, &fullset, NULL);
! 203:
! 204: /* Get the passwd lock file and open the passwd file for reading. */
! 205: pw_init();
! 206: for (;;) {
! 207: int i, c, d;
! 208:
! 209: (void)fputs("Please wait", stderr);
! 210: for (i = 0; i < (s ? 64 : 8) && (tfd = pw_lock(0)) == -1; i++) {
! 211: (void)signal(SIGINT, kbintr);
! 212: fputc('.', stderr);
! 213: usleep(250000);
! 214: (void)signal(SIGINT, SIG_IGN);
! 215: }
! 216: fputc('\n', stderr);
! 217: if (tfd != -1)
! 218: break;
! 219:
! 220: /* Unable to lock passwd file, let the user decide. */
! 221: if (errno == EEXIST) {
! 222: if (s == NULL)
! 223: s = "The passwd file is busy,";
! 224: else
! 225: s = "The passwd file is still busy,";
! 226: } else
! 227: s = "Unable to open passwd temp file,";
! 228: (void)fprintf(stderr,
! 229: "%s do you want to wait until it is available? [y/n] ", s);
! 230: (void)signal(SIGINT, kbintr);
! 231: c = getchar();
! 232: (void)signal(SIGINT, SIG_IGN);
! 233: if (c != '\n')
! 234: while ((d = getchar()) != '\n' && d != EOF)
! 235: ;
! 236: if (tolower(c) != 'y')
! 237: pw_error(NULL, 0, 1);
! 238: }
! 239: pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
! 240: if (pfd == -1 || fcntl(pfd, F_SETFD, 1) == -1)
! 241: pw_error(_PATH_MASTERPASSWD, 1, 1);
! 242:
1.1 deraadt 243: #ifdef YP
244: if (use_yp) {
1.17 ! millert 245: if (pw_yp(pw, uid))
1.9 kstailey 246: pw_error(NULL, 0, 1);
1.17 ! millert 247: else {
1.5 deraadt 248: pw_abort();
1.1 deraadt 249: exit(0);
1.5 deraadt 250: }
1.4 deraadt 251: } else
1.1 deraadt 252: #endif /* YP */
1.8 deraadt 253: {
254: /* Copy the passwd file to the lock file, updating pw. */
255: pw_copy(pfd, tfd, pw);
1.2 deraadt 256:
1.8 deraadt 257: /* Now finish the passwd file update. */
1.16 millert 258: if (pw_mkdb(pw->pw_name) == -1)
1.9 kstailey 259: pw_error(NULL, 0, 1);
1.8 deraadt 260: }
1.1 deraadt 261:
262: exit(0);
263: }
264:
265: void
266: baduser()
267: {
268:
269: errx(1, "%s", strerror(EACCES));
1.14 millert 270: }
271:
272: void
273: tempcleanup()
274: {
275:
276: unlink(tempname);
1.17 ! millert 277: }
! 278:
! 279: void
! 280: kbintr(signo)
! 281: int signo;
! 282: {
! 283: struct iovec iv[5];
! 284:
! 285: iv[0].iov_base = "\n";
! 286: iv[0].iov_len = 1;
! 287: iv[1].iov_base = __progname;
! 288: iv[1].iov_len = strlen(__progname);
! 289: iv[2].iov_base = ": ";
! 290: iv[2].iov_len = 2;
! 291: iv[3].iov_base = _PATH_MASTERPASSWD;
! 292: iv[3].iov_len = sizeof(_PATH_MASTERPASSWD) - 1;
! 293: iv[4].iov_base = " unchanged\n";
! 294: iv[4].iov_len = 11;
! 295: writev(STDERR_FILENO, iv, 5);
! 296:
! 297: if (op == EDITENTRY)
! 298: unlink(tempname);
! 299:
! 300: _exit(1);
1.1 deraadt 301: }
302:
303: void
304: usage()
305: {
306:
307: #ifdef YP
1.15 aaron 308: (void)fprintf(stderr,
309: "usage: %s [-l%s] [-a list] [-s newshell] [user]\n",
310: __progname, use_yp ? "y" : "");
1.1 deraadt 311: #else
1.15 aaron 312: (void)fprintf(stderr, "usage: %s [-a list] [-s newshell] [user]\n",
1.13 millert 313: __progname);
1.1 deraadt 314: #endif
315: exit(1);
316: }