![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to chpass.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / chpass|
Return to chpass.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / chpass |
1.1 root 1: /*-
2: * Copyright (c) 1988 The Regents of the University of California.
3: * All rights reserved.
4: *
5: * Redistribution and use in source and binary forms are permitted provided
6: * that: (1) source distributions retain this entire copyright notice and
7: * comment, and (2) distributions including binaries display the following
8: * acknowledgement: ``This product includes software developed by the
9: * University of California, Berkeley and its contributors'' in the
10: * documentation or other materials provided with the distribution and in
11: * all advertising materials mentioning features or use of this software.
12: * Neither the name of the University nor the names of its contributors may
13: * be used to endorse or promote products derived from this software without
14: * specific prior written permission.
15: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
16: * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
17: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
18: */
19:
20: #ifndef lint
21: char copyright[] =
22: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
23: All rights reserved.\n";
24: #endif /* not lint */
25:
26: #ifndef lint
27: static char sccsid[] = "@(#)chpass.c 5.15 (Berkeley) 6/29/90";
28: #endif /* not lint */
29:
30: #include <sys/param.h>
31: #include <sys/file.h>
32: #include <sys/stat.h>
33: #include <sys/signal.h>
34: #include <sys/time.h>
35: #include <sys/resource.h>
36: #include <pwd.h>
37: #include <errno.h>
38: #include <stdio.h>
39: #include <ctype.h>
40: #include <string.h>
41: #include "chpass.h"
42: #include "pathnames.h"
43:
44: char e1[] = ": ";
45: char e2[] = ":,";
46:
47: int p_change(), p_class(), p_expire(), p_gecos(), p_gid(), p_hdir();
48: int p_login(), p_passwd(), p_shell(), p_uid();
49:
50: struct entry list[] = {
51: { "Login", p_login, 1, 5, e1, },
52: { "Password", p_passwd, 1, 8, e1, },
53: { "Uid", p_uid, 1, 3, e1, },
54: { "Gid", p_gid, 1, 3, e1, },
55: { "Class", p_class, 1, 5, e1, },
56: { "Change", p_change, 1, 6, NULL, },
57: { "Expire", p_expire, 1, 6, NULL, },
58: #define E_NAME 7
59: { "Full Name", p_gecos, 0, 9, e2, },
60: #define E_BPHONE 8
61: { "Office Phone", p_gecos, 0, 12, e2, },
62: #define E_HPHONE 9
63: { "Home Phone", p_gecos, 0, 10, e2, },
64: #define E_LOCATE 10
65: { "Location", p_gecos, 0, 8, e2, },
66: { "Home directory", p_hdir, 1, 14, e1, },
67: #define E_SHELL 12
68: { "Shell", p_shell, 0, 5, e1, },
69: { NULL, 0, },
70: };
71:
72: uid_t uid;
73:
74: main(argc, argv)
75: int argc;
76: char **argv;
77: {
78: extern int errno, optind;
79: extern char *optarg;
80: register char *p;
81: struct passwd lpw, *pw;
82: struct rlimit rlim;
83: FILE *temp_fp;
84: int aflag, ch, fd;
85: char *fend, *newsh, *passwd, *temp, *tend;
86: char from[MAXPATHLEN], to[MAXPATHLEN];
87: char *getusershell();
88:
89: uid = getuid();
90: aflag = 0;
91: newsh = NULL;
92: while ((ch = getopt(argc, argv, "a:s:")) != EOF)
93: switch(ch) {
94: case 'a':
95: if (uid)
96: baduser();
97: loadpw(optarg, pw = &lpw);
98: aflag = 1;
99: break;
100: case 's':
101: newsh = optarg;
102: /* protect p_field -- it thinks NULL is /bin/sh */
103: if (!*newsh)
104: usage();
105: break;
106: case '?':
107: default:
108: usage();
109: }
110: argc -= optind;
111: argv += optind;
112:
113: if (!aflag)
114: switch(argc) {
115: case 0:
116: if (!(pw = getpwuid(uid))) {
117: (void)fprintf(stderr,
118: "chpass: unknown user: uid %u\n", uid);
119: exit(1);
120: }
121: break;
122: case 1:
123: if (!(pw = getpwnam(*argv))) {
124: (void)fprintf(stderr,
125: "chpass: unknown user %s.\n", *argv);
126: exit(1);
127: }
128: if (uid && uid != pw->pw_uid)
129: baduser();
130: break;
131: default:
132: usage();
133: }
134:
135: (void)signal(SIGHUP, SIG_IGN);
136: (void)signal(SIGINT, SIG_IGN);
137: (void)signal(SIGQUIT, SIG_IGN);
138: (void)signal(SIGTSTP, SIG_IGN);
139:
140: rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
141: (void)setrlimit(RLIMIT_CPU, &rlim);
142: (void)setrlimit(RLIMIT_FSIZE, &rlim);
143:
144: (void)umask(0);
145:
146: temp = _PATH_PTMP;
147: if ((fd = open(temp, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0) {
148: if (errno == EEXIST) {
149: (void)fprintf(stderr,
150: "chpass: password file busy -- try again later.\n");
151: exit(1);
152: }
153: (void)fprintf(stderr, "chpass: %s: %s; ",
154: temp, strerror(errno));
155: goto bad;
156: }
157: if (!(temp_fp = fdopen(fd, "w"))) {
158: (void)fprintf(stderr, "chpass: can't write %s; ", temp);
159: goto bad;
160: }
161:
162: if (newsh) {
163: if (p_shell(newsh, pw, (struct entry *)NULL))
164: goto bad;
165: }
166: else if (!aflag && !info(pw))
167: goto bad;
168:
169: /* root should have a 0 uid and a reasonable shell */
170: if (!strcmp(pw->pw_name, "root")) {
171: if (pw->pw_uid) {
172: (void)fprintf(stderr, "chpass: root uid should be 0.");
173: exit(1);
174: }
175: setusershell();
176: for (;;)
177: if (!(p = getusershell())) {
178: (void)fprintf(stderr,
179: "chpass: warning, unknown root shell.");
180: break;
181: }
182: else if (!strcmp(pw->pw_shell, p))
183: break;
184: }
185:
186: passwd = _PATH_MASTERPASSWD;
187: if (!freopen(passwd, "r", stdin)) {
188: (void)fprintf(stderr, "chpass: can't read %s; ", passwd);
189: goto bad;
190: }
191: if (!copy(pw, temp_fp))
192: goto bad;
193:
194: (void)fclose(temp_fp);
195: (void)fclose(stdin);
196:
197: switch(fork()) {
198: case 0:
199: break;
200: case -1:
201: (void)fprintf(stderr, "chpass: can't fork; ");
202: goto bad;
203: /* NOTREACHED */
204: default:
205: exit(0);
206: /* NOTREACHED */
207: }
208:
209: if (makedb(temp)) {
210: (void)fprintf(stderr, "chpass: mkpasswd failed; ");
211: bad: (void)fprintf(stderr, "%s unchanged.\n", _PATH_MASTERPASSWD);
212: (void)unlink(temp);
213: exit(1);
214: }
215:
216: /*
217: * possible race; have to rename four files, and someone could slip
218: * in between them. LOCK_EX and rename the ``passwd.dir'' file first
219: * so that getpwent(3) can't slip in; the lock should never fail and
220: * it's unclear what to do if it does. Rename ``ptmp'' last so that
221: * passwd/vipw/chpass can't slip in.
222: */
223: (void)setpriority(PRIO_PROCESS, 0, -20);
224: fend = strcpy(from, temp) + strlen(temp);
225: tend = strcpy(to, _PATH_PASSWD) + strlen(_PATH_PASSWD);
226: bcopy(".dir", fend, 5);
227: bcopy(".dir", tend, 5);
228: if ((fd = open(from, O_RDONLY, 0)) >= 0)
229: (void)flock(fd, LOCK_EX);
230: /* here we go... */
231: (void)rename(from, to);
232: bcopy(".pag", fend, 5);
233: bcopy(".pag", tend, 5);
234: (void)rename(from, to);
235: bcopy(".orig", fend, 6);
236: (void)rename(from, _PATH_PASSWD);
237: (void)rename(temp, passwd);
238: /* done! */
239: exit(0);
240: }
241:
242: info(pw)
243: struct passwd *pw;
244: {
245: struct stat begin, end;
246: FILE *fp;
247: int fd, rval;
248: char *tfile;
249:
250: tfile = _PATH_TMP;
251: if ((fd = mkstemp(tfile)) == -1 || !(fp = fdopen(fd, "w+"))) {
252: (void)fprintf(stderr, "chpass: no temporary file");
253: return(0);
254: }
255:
256: /*
257: * if print doesn't print out a shell field, make it restricted.
258: * Not particularly pretty, but print is the routine that checks
259: * to see if the user can change their shell.
260: */
261: if (!print(fp, pw))
262: list[E_SHELL].restricted = 1;
263: (void)fflush(fp);
264:
265: /*
266: * give the file to the real user; setuid permissions
267: * are discarded in edit()
268: */
269: (void)fchown(fd, getuid(), getgid());
270:
271: for (rval = 0;;) {
272: (void)fstat(fd, &begin);
273: if (edit(tfile)) {
274: (void)fprintf(stderr, "chpass: edit failed; ");
275: break;
276: }
277: (void)fstat(fd, &end);
278: if (begin.st_mtime == end.st_mtime) {
279: (void)fprintf(stderr, "chpass: no changes made; ");
280: break;
281: }
282: (void)rewind(fp);
283: if (check(fp, pw)) {
284: rval = 1;
285: break;
286: }
287: (void)fflush(stderr);
288: if (prompt())
289: break;
290: }
291: (void)fclose(fp);
292: (void)unlink(tfile);
293: return(rval);
294: }
295:
296: check(fp, pw)
297: FILE *fp;
298: struct passwd *pw;
299: {
300: register struct entry *ep;
301: register char *p;
302: static char buf[1024];
303:
304: while (fgets(buf, sizeof(buf), fp)) {
305: if (!buf[0] || buf[0] == '#')
306: continue;
307: if (!(p = index(buf, '\n'))) {
308: (void)fprintf(stderr, "chpass: line too long.\n");
309: return(0);
310: }
311: *p = '\0';
312: for (ep = list;; ++ep) {
313: if (!ep->prompt) {
314: (void)fprintf(stderr,
315: "chpass: unrecognized field.\n");
316: return(0);
317: }
318: if (!strncasecmp(buf, ep->prompt, ep->len)) {
319: if (ep->restricted && uid) {
320: (void)fprintf(stderr,
321: "chpass: you may not change the %s field.\n",
322: ep->prompt);
323: return(0);
324: }
325: if (!(p = index(buf, ':'))) {
326: (void)fprintf(stderr,
327: "chpass: line corrupted.\n");
328: return(0);
329: }
330: while (isspace(*++p));
331: if (ep->except && strpbrk(p, ep->except)) {
332: (void)fprintf(stderr,
333: "chpass: illegal character in the \"%s\" field.\n",
334: ep->prompt);
335: return(0);
336: }
337: if ((ep->func)(p, pw, ep))
338: return(0);
339: break;
340: }
341: }
342: }
343: /*
344: * special checks...
345: *
346: * there has to be a limit on the size of the gecos fields,
347: * otherwise getpwent(3) can choke.
348: * ``if I swallow anything evil, put your fingers down my throat...''
349: * -- The Who
350: */
351: if (strlen(list[E_NAME].save) + strlen(list[E_BPHONE].save) +
352: strlen(list[E_HPHONE].save) + strlen(list[E_LOCATE].save)
353: > 512) {
354: (void)fprintf(stderr, "chpass: gecos field too large.\n");
355: exit(1);
356: }
357: (void)sprintf(pw->pw_gecos = buf, "%s,%s,%s,%s",
358: list[E_NAME].save, list[E_LOCATE].save, list[E_BPHONE].save,
359: list[E_HPHONE].save);
360: return(1);
361: }
362:
363: copy(pw, fp)
364: struct passwd *pw;
365: FILE *fp;
366: {
367: register int done;
368: register char *p;
369: char buf[1024];
370:
371: for (done = 0; fgets(buf, sizeof(buf), stdin);) {
372: /* skip lines that are too big */
373: if (!index(buf, '\n')) {
374: (void)fprintf(stderr, "chpass: line too long; ");
375: return(0);
376: }
377: if (done) {
378: (void)fprintf(fp, "%s", buf);
379: continue;
380: }
381: if (!(p = index(buf, ':'))) {
382: (void)fprintf(stderr, "chpass: corrupted entry; ");
383: return(0);
384: }
385: *p = '\0';
386: if (strcmp(buf, pw->pw_name)) {
387: *p = ':';
388: (void)fprintf(fp, "%s", buf);
389: continue;
390: }
391: (void)fprintf(fp, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
392: pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
393: pw->pw_class, pw->pw_change, pw->pw_expire, pw->pw_gecos,
394: pw->pw_dir, pw->pw_shell);
395: done = 1;
396: }
397: if (!done)
398: (void)fprintf(fp, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
399: pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
400: pw->pw_class, pw->pw_change, pw->pw_expire, pw->pw_gecos,
401: pw->pw_dir, pw->pw_shell);
402: return(1);
403: }
404:
405: makedb(file)
406: char *file;
407: {
408: int status, pid, w;
409:
410: if (!(pid = vfork())) {
411: execl(_PATH_MKPASSWD, "mkpasswd", "-p", file, NULL);
412: (void)fprintf(stderr, "chpass: can't find \"mkpasswd\".\n");
413: _exit(127);
414: }
415: while ((w = wait(&status)) != pid && w != -1);
416: return(w == -1 || status);
417: }
418:
419: edit(file)
420: char *file;
421: {
422: int status, pid, w;
423: char *p, *editor, *getenv();
424:
425: if (editor = getenv("EDITOR")) {
426: if (p = rindex(editor, '/'))
427: ++p;
428: else
429: p = editor;
430: }
431: else
432: p = editor = "vi";
433: if (!(pid = vfork())) {
434: (void)setgid(getgid());
435: (void)setuid(getuid());
436: execlp(editor, p, file, NULL);
437: (void)fprintf(stderr, "chpass: can't find \"%s\".\n", editor);
438: _exit(127);
439: }
440: while ((w = wait(&status)) != pid && w != -1);
441: return(w == -1 || status);
442: }
443:
444: loadpw(arg, pw)
445: char *arg;
446: register struct passwd *pw;
447: {
448: register char *cp;
449: char *bp = arg;
450: long atol();
451: char *strsep();
452:
453: pw->pw_name = strsep(&bp, ":");
454: pw->pw_passwd = strsep(&bp, ":");
455: if (!(cp = strsep(&bp, ":")))
456: goto bad;
457: pw->pw_uid = atoi(cp);
458: if (!(cp = strsep(&bp, ":")))
459: goto bad;
460: pw->pw_gid = atoi(cp);
461: pw->pw_class = strsep(&bp, ":");
462: if (!(cp = strsep(&bp, ":")))
463: goto bad;
464: pw->pw_change = atol(cp);
465: if (!(cp = strsep(&bp, ":")))
466: goto bad;
467: pw->pw_expire = atol(cp);
468: pw->pw_gecos = strsep(&bp, ":");
469: pw->pw_dir = strsep(&bp, ":");
470: pw->pw_shell = strsep(&bp, ":");
471: if (!pw->pw_shell || strsep(&bp, ":")) {
472: bad: (void)fprintf(stderr, "chpass: bad password list.\n");
473: exit(1);
474: }
475: }
476:
477: prompt()
478: {
479: register int c;
480:
481: for (;;) {
482: (void)printf("re-edit the password file? [y]: ");
483: (void)fflush(stdout);
484: c = getchar();
485: if (c != EOF && c != (int)'\n')
486: while (getchar() != (int)'\n');
487: return(c == (int)'n');
488: }
489: /* NOTREACHED */
490: }
491:
492: baduser()
493: {
494: (void)fprintf(stderr, "chpass: %s\n", strerror(EACCES));
495: exit(1);
496: }
497:
498: usage()
499: {
500: (void)fprintf(stderr, "usage: chpass [-a list] [-s shell] [user]\n");
501: exit(1);
502: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.