| /* vi: set sw=4 ts=4: */ |
| /* |
| * update_passwd |
| * |
| * update_passwd is a common function for passwd and chpasswd applets; |
| * it is responsible for updating password file (i.e. /etc/passwd or |
| * /etc/shadow) for a given user and password. |
| * |
| * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org> |
| * |
| * Modified to be able to add or delete users, groups and users to/from groups |
| * by Tito Ragusa <farmatito@tiscali.it> |
| * |
| * Licensed under GPLv2, see file LICENSE in this source tree. |
| */ |
| #include "libbb.h" |
| |
| #if ENABLE_SELINUX |
| static void check_selinux_update_passwd(const char *username) |
| { |
| security_context_t context; |
| char *seuser; |
| |
| if (getuid() != (uid_t)0 || is_selinux_enabled() == 0) |
| return; /* No need to check */ |
| |
| if (getprevcon_raw(&context) < 0) |
| bb_simple_perror_msg_and_die("getprevcon failed"); |
| seuser = strtok(context, ":"); |
| if (!seuser) |
| bb_error_msg_and_die("invalid context '%s'", context); |
| if (strcmp(seuser, username) != 0) { |
| security_class_t tclass; |
| access_vector_t av; |
| |
| tclass = string_to_security_class("passwd"); |
| if (tclass == 0) |
| goto die; |
| av = string_to_av_perm(tclass, "passwd"); |
| if (av == 0) |
| goto die; |
| |
| if (selinux_check_passwd_access(av) != 0) |
| die: |
| bb_simple_error_msg_and_die("SELinux: access denied"); |
| } |
| if (ENABLE_FEATURE_CLEAN_UP) |
| freecon(context); |
| } |
| #else |
| # define check_selinux_update_passwd(username) ((void)0) |
| #endif |
| |
| /* |
| 1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL) |
| only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser |
| |
| 2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL) |
| only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup |
| |
| 3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER) |
| only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a' |
| like in addgroup and member != NULL |
| |
| 4) delete a user: update_passwd(FILE, USER, NULL, NULL) |
| |
| 5) delete a group: update_passwd(FILE, GROUP, NULL, NULL) |
| |
| 6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER) |
| only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL |
| |
| 7) change user's password: update_passwd(FILE, USER, NEW_PASSWD, NULL) |
| only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd |
| or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd |
| |
| 8) delete a user from all groups: update_passwd(FILE, NULL, NULL, MEMBER) |
| |
| This function does not validate the arguments fed to it |
| so the calling program should take care of that. |
| |
| Returns number of lines changed, or -1 on error. |
| */ |
| int FAST_FUNC update_passwd(const char *filename, |
| const char *name, |
| const char *new_passwd, |
| const char *member) |
| { |
| #if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP) |
| #define member NULL |
| #endif |
| struct stat sb; |
| struct flock lock; |
| FILE *old_fp; |
| FILE *new_fp; |
| char *fnamesfx; |
| char *sfx_char; |
| char *name_colon; |
| int old_fd; |
| int new_fd; |
| int i; |
| int changed_lines; |
| int ret = -1; /* failure */ |
| /* used as a bool: "are we modifying /etc/shadow?" */ |
| #if ENABLE_FEATURE_SHADOWPASSWDS |
| const char *shadow = strstr(filename, "shadow"); |
| #else |
| # define shadow NULL |
| #endif |
| |
| filename = xmalloc_follow_symlinks(filename); |
| if (filename == NULL) |
| return ret; |
| |
| if (name) |
| check_selinux_update_passwd(name); |
| |
| /* New passwd file, "/etc/passwd+" for now */ |
| fnamesfx = xasprintf("%s+", filename); |
| sfx_char = &fnamesfx[strlen(fnamesfx)-1]; |
| name_colon = xasprintf("%s:", name ? name : ""); |
| |
| if (shadow) |
| old_fp = fopen(filename, "r+"); |
| else |
| old_fp = fopen_or_warn(filename, "r+"); |
| if (!old_fp) { |
| if (shadow) |
| ret = 0; /* missing shadow is not an error */ |
| goto free_mem; |
| } |
| old_fd = fileno(old_fp); |
| |
| selinux_preserve_fcontext(old_fd); |
| |
| /* Try to create "/etc/passwd+". Wait if it exists. */ |
| i = 30; |
| do { |
| // FIXME: on last iteration try w/o O_EXCL but with O_TRUNC? |
| new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600); |
| if (new_fd >= 0) goto created; |
| if (errno != EEXIST) break; |
| usleep(100000); /* 0.1 sec */ |
| } while (--i); |
| bb_perror_msg("can't create '%s'", fnamesfx); |
| goto close_old_fp; |
| |
| created: |
| if (fstat(old_fd, &sb) == 0) { |
| fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */ |
| fchown(new_fd, sb.st_uid, sb.st_gid); |
| } |
| errno = 0; |
| new_fp = xfdopen_for_write(new_fd); |
| |
| /* Backup file is "/etc/passwd-" */ |
| *sfx_char = '-'; |
| /* Delete old backup */ |
| i = (unlink(fnamesfx) && errno != ENOENT); |
| /* Create backup as a hardlink to current */ |
| if (i || link(filename, fnamesfx)) |
| bb_perror_msg("warning: can't create backup copy '%s'", |
| fnamesfx); |
| *sfx_char = '+'; |
| |
| /* Lock the password file before updating */ |
| lock.l_type = F_WRLCK; |
| lock.l_whence = SEEK_SET; |
| lock.l_start = 0; |
| lock.l_len = 0; |
| if (fcntl(old_fd, F_SETLK, &lock) < 0) |
| bb_perror_msg("warning: can't lock '%s'", filename); |
| lock.l_type = F_UNLCK; |
| |
| /* Read current password file, write updated /etc/passwd+ */ |
| changed_lines = 0; |
| while (1) { |
| char *cp, *line; |
| |
| line = xmalloc_fgetline(old_fp); |
| if (!line) /* EOF/error */ |
| break; |
| |
| #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP |
| if (!name && member) { |
| /* Delete member from all groups */ |
| /* line is "GROUP:PASSWD:[member1[,member2]...]" */ |
| unsigned member_len = strlen(member); |
| char *list = strrchr(line, ':'); |
| while (list) { |
| list++; |
| next_list_element: |
| if (is_prefixed_with(list, member)) { |
| char c; |
| changed_lines++; |
| c = list[member_len]; |
| if (c == '\0') { |
| if (list[-1] == ',') |
| list--; |
| *list = '\0'; |
| break; |
| } |
| if (c == ',') { |
| overlapping_strcpy(list, list + member_len + 1); |
| goto next_list_element; |
| } |
| changed_lines--; |
| } |
| list = strchr(list, ','); |
| } |
| fprintf(new_fp, "%s\n", line); |
| goto next; |
| } |
| #endif |
| |
| cp = is_prefixed_with(line, name_colon); |
| if (!cp) { |
| fprintf(new_fp, "%s\n", line); |
| goto next; |
| } |
| |
| /* We have a match with "name:"... */ |
| /* cp points past "name:" */ |
| |
| #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP |
| if (member) { |
| /* It's actually /etc/group+, not /etc/passwd+ */ |
| if (ENABLE_FEATURE_ADDUSER_TO_GROUP |
| && applet_name[0] == 'a' |
| ) { |
| /* Add user to group */ |
| fprintf(new_fp, "%s%s%s\n", line, |
| last_char_is(line, ':') ? "" : ",", |
| member); |
| changed_lines++; |
| } else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP |
| /* && applet_name[0] == 'd' */ |
| ) { |
| /* Delete user from group */ |
| char *tmp; |
| const char *fmt = "%s"; |
| |
| /* find the start of the member list: last ':' */ |
| cp = strrchr(line, ':'); |
| /* cut it */ |
| *cp++ = '\0'; |
| /* write the cut line name:passwd:gid: |
| * or name:!:: */ |
| fprintf(new_fp, "%s:", line); |
| /* parse the tokens of the member list */ |
| tmp = cp; |
| while ((cp = strsep(&tmp, ",")) != NULL) { |
| if (strcmp(member, cp) != 0) { |
| fprintf(new_fp, fmt, cp); |
| fmt = ",%s"; |
| } else { |
| /* found member, skip it */ |
| changed_lines++; |
| } |
| } |
| fprintf(new_fp, "\n"); |
| } |
| } else |
| #endif |
| if ((ENABLE_PASSWD && applet_name[0] == 'p') |
| || (ENABLE_CHPASSWD && applet_name[0] == 'c') |
| ) { |
| /* Change passwd */ |
| cp = strchrnul(cp, ':'); /* move past old passwd */ |
| |
| if (shadow && *cp == ':') { |
| /* /etc/shadow's field 3 (passwd change date) needs updating */ |
| /* move past old change date */ |
| unsigned time_days = (unsigned long)(time(NULL)) / (24*60*60); |
| |
| if (time_days == 0) { |
| /* 0 as change date has special meaning, avoid it */ |
| time_days = 1; |
| } |
| cp = strchrnul(cp + 1, ':'); |
| /* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */ |
| fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd, |
| time_days, cp); |
| } else { |
| /* "name:" + "new_passwd" + ":rest of line" */ |
| fprintf(new_fp, "%s%s%s\n", name_colon, new_passwd, cp); |
| } |
| changed_lines++; |
| } /* else delete user or group: skip the line */ |
| next: |
| free(line); |
| } |
| |
| if (changed_lines == 0) { |
| #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP |
| if (member) { |
| if (ENABLE_ADDGROUP && applet_name[0] == 'a') |
| bb_error_msg("can't find %s in %s", name, filename); |
| if (ENABLE_DELGROUP && applet_name[0] == 'd') |
| bb_error_msg("can't find %s in %s", member, filename); |
| } |
| #endif |
| if ((ENABLE_ADDUSER || ENABLE_ADDGROUP) |
| && applet_name[0] == 'a' && !member |
| ) { |
| /* add user or group */ |
| fprintf(new_fp, "%s%s\n", name_colon, new_passwd); |
| changed_lines++; |
| } |
| } |
| |
| fcntl(old_fd, F_SETLK, &lock); |
| |
| /* We do want all of them to execute, thus | instead of || */ |
| errno = 0; |
| if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp)) |
| || rename(fnamesfx, filename) |
| ) { |
| /* At least one of those failed */ |
| bb_perror_nomsg(); |
| goto unlink_new; |
| } |
| /* Success: ret >= 0 */ |
| ret = changed_lines; |
| |
| unlink_new: |
| if (ret < 0) |
| unlink(fnamesfx); |
| |
| close_old_fp: |
| fclose(old_fp); |
| |
| free_mem: |
| free(fnamesfx); |
| free((char *)filename); |
| free(name_colon); |
| return ret; |
| } |