libbb/update_passwd.c - busybox - Git at Google

 /* vi: set sw=4 ts=4: */
 /*
  * update_passwd
  *
  * update_passwd is a common function for passwd and chpasswd applets;
  * it is responsible for updating password file (i.e. /etc/passwd or
  * /etc/shadow) for a given user and password.
  *
  * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
  */

 #include "libbb.h"

 #if ENABLE_SELINUX
 static void check_selinux_update_passwd(const char *username)
 {
 	security_context_t context;
 	char *seuser;

 	if (getuid() != (uid_t)0 || is_selinux_enabled() == 0)
 		return;		/* No need to check */

 	if (getprevcon_raw(&context) < 0)
 		bb_perror_msg_and_die("getprevcon failed");
 	seuser = strtok(context, ":");
 	if (!seuser)
 		bb_error_msg_and_die("invalid context '%s'", context);
 	if (strcmp(seuser, username) != 0) {
 		if (checkPasswdAccess(PASSWD__PASSWD) != 0)
 			bb_error_msg_and_die("SELinux: access denied");
 	}
 	if (ENABLE_FEATURE_CLEAN_UP)
 		freecon(context);
 }
 #else
 #define check_selinux_update_passwd(username) ((void)0)
 #endif

 int update_passwd(const char *filename, const char *username,
 			const char *new_pw)
 {
 	struct stat sb;
 	struct flock lock;
 	FILE *old_fp;
 	FILE *new_fp;
 	char *fnamesfx;
 	char *sfx_char;
 	unsigned user_len;
 	int old_fd;
 	int new_fd;
 	int i;
 	int cnt = 0;
 	int ret = -1; /* failure */

 	filename = xmalloc_follow_symlinks(filename);
 	if (filename == NULL)
 		return -1;

 	check_selinux_update_passwd(username);

 	/* New passwd file, "/etc/passwd+" for now */
 	fnamesfx = xasprintf("%s+", filename);
 	sfx_char = &fnamesfx[strlen(fnamesfx)-1];
 	username = xasprintf("%s:", username);
 	user_len = strlen(username);

 	old_fp = fopen(filename, "r+");
 	if (!old_fp)
 		goto free_mem;
 	old_fd = fileno(old_fp);

 	selinux_preserve_fcontext(old_fd);

 	/* Try to create "/etc/passwd+". Wait if it exists. */
 	i = 30;
 	do {
 		// FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
 		new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600);
 		if (new_fd >= 0) goto created;
 		if (errno != EEXIST) break;
 		usleep(100000); /* 0.1 sec */
 	} while (--i);
 	bb_perror_msg("cannot create '%s'", fnamesfx);
 	goto close_old_fp;

  created:
 	if (!fstat(old_fd, &sb)) {
 		fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
 		fchown(new_fd, sb.st_uid, sb.st_gid);
 	}
 	new_fp = fdopen(new_fd, "w");
 	if (!new_fp) {
 		close(new_fd);
 		goto unlink_new;
 	}

 	/* Backup file is "/etc/passwd-" */
 	*sfx_char = '-';
 	/* Delete old backup */
 	i = (unlink(fnamesfx) && errno != ENOENT);
 	/* Create backup as a hardlink to current */
 	if (i || link(filename, fnamesfx))
 		bb_perror_msg("warning: cannot create backup copy '%s'", fnamesfx);
 	*sfx_char = '+';

 	/* Lock the password file before updating */
 	lock.l_type = F_WRLCK;
 	lock.l_whence = SEEK_SET;
 	lock.l_start = 0;
 	lock.l_len = 0;
 	if (fcntl(old_fd, F_SETLK, &lock) < 0)
 		bb_perror_msg("warning: cannot lock '%s'", filename);
 	lock.l_type = F_UNLCK;

 	/* Read current password file, write updated /etc/passwd+ */
 	while (1) {
 		char *line = xmalloc_fgets(old_fp);
 		if (!line) break; /* EOF/error */
 		if (strncmp(username, line, user_len) == 0) {
 			/* we have a match with "username:"... */
 			const char *cp = line + user_len;
 			/* now cp -> old passwd, skip it: */
 			cp = strchrnul(cp, ':');
 			/* now cp -> ':' after old passwd or -> "" */
 			fprintf(new_fp, "%s%s%s", username, new_pw, cp);
 			cnt++;
 		} else
 			fputs(line, new_fp);
 		free(line);
 	}
 	fcntl(old_fd, F_SETLK, &lock);

 	/* We do want all of them to execute, thus | instead of || */
 	if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
 	 || rename(fnamesfx, filename)
 	) {
 		/* At least one of those failed */
 		goto unlink_new;
 	}
 	ret = cnt; /* whee, success! */

  unlink_new:
 	if (ret < 0) unlink(fnamesfx);

  close_old_fp:
 	fclose(old_fp);

  free_mem:
 	free(fnamesfx);
 	free((char *)filename);
 	free((char *)username);
 	return ret;
 }
	/* vi: set sw=4 ts=4: */
	/*
	* update_passwd
	*
	* update_passwd is a common function for passwd and chpasswd applets;
	* it is responsible for updating password file (i.e. /etc/passwd or
	* /etc/shadow) for a given user and password.
	*
	* Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
	*/

	#include "libbb.h"

	#if ENABLE_SELINUX
	static void check_selinux_update_passwd(const char *username)
	{
	security_context_t context;
	char *seuser;

	if (getuid() != (uid_t)0 \|\| is_selinux_enabled() == 0)
	return; /* No need to check */

	if (getprevcon_raw(&context) < 0)
	bb_perror_msg_and_die("getprevcon failed");
	seuser = strtok(context, ":");
	if (!seuser)
	bb_error_msg_and_die("invalid context '%s'", context);
	if (strcmp(seuser, username) != 0) {
	if (checkPasswdAccess(PASSWD__PASSWD) != 0)
	bb_error_msg_and_die("SELinux: access denied");
	}
	if (ENABLE_FEATURE_CLEAN_UP)
	freecon(context);
	}
	#else
	#define check_selinux_update_passwd(username) ((void)0)
	#endif

	int update_passwd(const char filename, const char username,
	const char *new_pw)
	{
	struct stat sb;
	struct flock lock;
	FILE *old_fp;
	FILE *new_fp;
	char *fnamesfx;
	char *sfx_char;
	unsigned user_len;
	int old_fd;
	int new_fd;
	int i;
	int cnt = 0;
	int ret = -1; /* failure */

	filename = xmalloc_follow_symlinks(filename);
	if (filename == NULL)
	return -1;

	check_selinux_update_passwd(username);

	/* New passwd file, "/etc/passwd+" for now */
	fnamesfx = xasprintf("%s+", filename);
	sfx_char = &fnamesfx[strlen(fnamesfx)-1];
	username = xasprintf("%s:", username);
	user_len = strlen(username);

	old_fp = fopen(filename, "r+");
	if (!old_fp)
	goto free_mem;
	old_fd = fileno(old_fp);

	selinux_preserve_fcontext(old_fd);

	/* Try to create "/etc/passwd+". Wait if it exists. */
	i = 30;
	do {
	// FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
	new_fd = open(fnamesfx, O_WRONLY\|O_CREAT\|O_EXCL, 0600);
	if (new_fd >= 0) goto created;
	if (errno != EEXIST) break;
	usleep(100000); /* 0.1 sec */
	} while (--i);
	bb_perror_msg("cannot create '%s'", fnamesfx);
	goto close_old_fp;

	created:
	if (!fstat(old_fd, &sb)) {
	fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
	fchown(new_fd, sb.st_uid, sb.st_gid);
	}
	new_fp = fdopen(new_fd, "w");
	if (!new_fp) {
	close(new_fd);
	goto unlink_new;
	}

	/* Backup file is "/etc/passwd-" */
	*sfx_char = '-';
	/* Delete old backup */
	i = (unlink(fnamesfx) && errno != ENOENT);
	/* Create backup as a hardlink to current */
	if (i \|\| link(filename, fnamesfx))
	bb_perror_msg("warning: cannot create backup copy '%s'", fnamesfx);
	*sfx_char = '+';

	/* Lock the password file before updating */
	lock.l_type = F_WRLCK;
	lock.l_whence = SEEK_SET;
	lock.l_start = 0;
	lock.l_len = 0;
	if (fcntl(old_fd, F_SETLK, &lock) < 0)
	bb_perror_msg("warning: cannot lock '%s'", filename);
	lock.l_type = F_UNLCK;

	/* Read current password file, write updated /etc/passwd+ */
	while (1) {
	char *line = xmalloc_fgets(old_fp);
	if (!line) break; /* EOF/error */
	if (strncmp(username, line, user_len) == 0) {
	/* we have a match with "username:"... */
	const char *cp = line + user_len;
	/* now cp -> old passwd, skip it: */
	cp = strchrnul(cp, ':');
	/* now cp -> ':' after old passwd or -> "" */
	fprintf(new_fp, "%s%s%s", username, new_pw, cp);
	cnt++;
	} else
	fputs(line, new_fp);
	free(line);
	}
	fcntl(old_fd, F_SETLK, &lock);

	/* We do want all of them to execute, thus \| instead of \|\| */
	if ((ferror(old_fp) \| fflush(new_fp) \| fsync(new_fd) \| fclose(new_fp))
	\|\| rename(fnamesfx, filename)
	) {
	/* At least one of those failed */
	goto unlink_new;
	}
	ret = cnt; /* whee, success! */

	unlink_new:
	if (ret < 0) unlink(fnamesfx);

	close_old_fp:
	fclose(old_fp);

	free_mem:
	free(fnamesfx);
	free((char *)filename);
	free((char *)username);
	return ret;
	}