pw_group.c revision 20679 
1/*-
2 * Copyright (C) 1996
3 *	David L. Nugent.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 *	$Id: pw_group.c,v 1.1.1.3 1996/12/10 23:59:01 joerg Exp $
27 */
28
29#include <unistd.h>
30#include <ctype.h>
31#include <termios.h>
32
33#include "pw.h"
34#include "bitmap.h"
35
36
37static int      print_group(struct group * grp, int pretty);
38static gid_t    gr_gidpolicy(struct userconf * cnf, struct cargs * args);
39
40int
41pw_group(struct userconf * cnf, int mode, struct cargs * args)
42{
43	struct carg    *a_name = getarg(args, 'n');
44	struct carg    *a_gid = getarg(args, 'g');
45	struct carg    *arg;
46	struct group   *grp = NULL;
47	char           *members[_UC_MAXGROUPS];
48
49	static struct group fakegroup =
50	{
51		"nogroup",
52		"*",
53		-1,
54		NULL
55	};
56
57	/*
58	 * With M_NEXT, we only need to return the
59	 * next gid to stdout
60	 */
61	if (mode == M_NEXT)
62	{
63		gid_t next = gr_gidpolicy(cnf, args);
64		if (getarg(args, 'q'))
65			return next;
66		printf("%ld\n", (long)next);
67		return EXIT_SUCCESS;
68	}
69
70	if (mode == M_PRINT && getarg(args, 'a')) {
71		int             pretty = getarg(args, 'P') != NULL;
72
73		setgrent();
74		while ((grp = getgrent()) != NULL)
75			print_group(grp, pretty);
76		endgrent();
77		return EXIT_SUCCESS;
78	}
79	if (a_gid == NULL) {
80		if (a_name == NULL)
81			cmderr(EX_DATAERR, "group name or id required\n");
82
83		if (mode != M_ADD && grp == NULL && isdigit(*a_name->val)) {
84			(a_gid = a_name)->ch = 'g';
85			a_name = NULL;
86		}
87	}
88	grp = (a_name != NULL) ? getgrnam(a_name->val) : getgrgid((gid_t) atoi(a_gid->val));
89
90	if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) {
91		if (a_name == NULL && grp == NULL)	/* Try harder */
92			grp = getgrgid(atoi(a_gid->val));
93
94		if (grp == NULL) {
95			if (mode == M_PRINT && getarg(args, 'F')) {
96				fakegroup.gr_name = a_name ? a_name->val : "nogroup";
97				fakegroup.gr_gid = a_gid ? (gid_t) atol(a_gid->val) : -1;
98				return print_group(&fakegroup, getarg(args, 'P') != NULL);
99			}
100			cmderr(EX_DATAERR, "unknown group `%s'\n", a_name ? a_name->val : a_gid->val);
101		}
102		if (a_name == NULL)	/* Needed later */
103			a_name = addarg(args, 'n', grp->gr_name);
104
105		/*
106		 * Handle deletions now
107		 */
108		if (mode == M_DELETE) {
109			gid_t           gid = grp->gr_gid;
110
111			if (delgrent(grp) == -1)
112				cmderr(EX_IOERR, "Error updating group file: %s\n", strerror(errno));
113			pw_log(cnf, mode, W_GROUP, "%s(%ld) removed", a_name->val, (long) gid);
114			return EXIT_SUCCESS;
115		} else if (mode == M_PRINT)
116			return print_group(grp, getarg(args, 'P') != NULL);
117
118		if (a_gid)
119			grp->gr_gid = (gid_t) atoi(a_gid->val);
120
121		if ((arg = getarg(args, 'l')) != NULL)
122			grp->gr_name = pw_checkname((u_char *)arg->val, 0);
123	} else {
124		if (a_name == NULL)	/* Required */
125			cmderr(EX_DATAERR, "group name required\n");
126		else if (grp != NULL)	/* Exists */
127			cmderr(EX_DATAERR, "group name `%s' already exists\n", a_name->val);
128
129		memset(members, 0, sizeof members);
130		grp = &fakegroup;
131		grp->gr_name = pw_checkname((u_char *)a_name->val, 0);
132		grp->gr_passwd = "*";
133		grp->gr_gid = gr_gidpolicy(cnf, args);
134		grp->gr_mem = members;
135	}
136
137	/*
138	 * This allows us to set a group password Group passwords is an
139	 * antique idea, rarely used and insecure (no secure database) Should
140	 * be discouraged, but it is apparently still supported by some
141	 * software.
142	 */
143
144	if ((arg = getarg(args, 'h')) != NULL) {
145		if (strcmp(arg->val, "-") == 0)
146			grp->gr_passwd = "*";	/* No access */
147		else {
148			int             fd = atoi(arg->val);
149			int             b;
150			int             istty = isatty(fd);
151			struct termios  t;
152			char           *p, line[256];
153
154			if (istty) {
155				if (tcgetattr(fd, &t) == -1)
156					istty = 0;
157				else {
158					struct termios  n = t;
159
160					/* Disable echo */
161					n.c_lflag &= ~(ECHO);
162					tcsetattr(fd, TCSANOW, &n);
163					printf("%sassword for group %s:", (mode == M_UPDATE) ? "New p" : "P", grp->gr_name);
164					fflush(stdout);
165				}
166			}
167			b = read(fd, line, sizeof(line) - 1);
168			if (istty) {	/* Restore state */
169				tcsetattr(fd, TCSANOW, &t);
170				fputc('\n', stdout);
171				fflush(stdout);
172			}
173			if (b < 0) {
174				perror("-h file descriptor");
175				return EX_OSERR;
176			}
177			line[b] = '\0';
178			if ((p = strpbrk(line, " \t\r\n")) != NULL)
179				*p = '\0';
180			if (!*line)
181				cmderr(EX_DATAERR, "empty password read on file descriptor %d\n", fd);
182			grp->gr_passwd = pw_pwcrypt(line);
183		}
184	}
185
186	if (((arg = getarg(args, 'M')) != NULL || (arg = getarg(args, 'm')) != NULL) && arg->val) {
187		int	i = 0;
188		char   *p;
189		struct passwd	*pwd;
190
191		if (arg->ch == 'm') {
192			while (i < _UC_MAXGROUPS && grp->gr_mem[i] != NULL) {
193				members[i] = grp->gr_mem[i];
194				i++;
195			}
196		}
197		for (p = strtok(arg->val, ", \t"); i < _UC_MAXGROUPS && p != NULL; p = strtok(NULL, ", \t")) {
198			int     j;
199			if ((pwd = getpwnam(p)) == NULL) {
200				if (!isdigit(*p) || (pwd = getpwuid((uid_t) atoi(p))) == NULL)
201					cmderr(EX_NOUSER, "user `%s' does not exist\n", p);
202			}
203			/*
204			 * Check for duplicates
205			 */
206			for (j = 0; j < i && strcmp(members[j], pwd->pw_name)!=0; j++)
207				;
208			if (j == i)
209				members[i++] = newstr(pwd->pw_name);
210		}
211		while (i < _UC_MAXGROUPS)
212			members[i++] = NULL;
213		grp->gr_mem = members;
214	}
215
216	if (getarg(args, 'N') != NULL)
217		return print_group(grp, getarg(args, 'P') != NULL);
218
219	if ((mode == M_ADD && !addgrent(grp)) || (mode == M_UPDATE && !chggrent(a_name->val, grp))) {
220		perror("group update");
221		return EX_IOERR;
222	}
223	/* grp may have been invalidated */
224	if ((grp = getgrnam(a_name->val)) == NULL)
225		cmderr(EX_SOFTWARE, "group disappeared during update\n");
226
227	pw_log(cnf, mode, W_GROUP, "%s(%ld)", grp->gr_name, (long) grp->gr_gid);
228
229	return EXIT_SUCCESS;
230}
231
232
233static          gid_t
234gr_gidpolicy(struct userconf * cnf, struct cargs * args)
235{
236	struct group   *grp;
237	gid_t           gid = (gid_t) - 1;
238	struct carg    *a_gid = getarg(args, 'g');
239
240	/*
241	 * Check the given gid, if any
242	 */
243	if (a_gid != NULL) {
244		gid = (gid_t) atol(a_gid->val);
245
246		if ((grp = getgrgid(gid)) != NULL && getarg(args, 'o') == NULL)
247			cmderr(EX_DATAERR, "gid `%ld' has already been allocated\n", (long) grp->gr_gid);
248	} else {
249		struct bitmap   bm;
250
251		/*
252		 * We need to allocate the next available gid under one of
253		 * two policies a) Grab the first unused gid b) Grab the
254		 * highest possible unused gid
255		 */
256		if (cnf->min_gid >= cnf->max_gid) {	/* Sanity claus^H^H^H^Hheck */
257			cnf->min_gid = 1000;
258			cnf->max_gid = 32000;
259		}
260		bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1);
261
262		/*
263		 * Now, let's fill the bitmap from the password file
264		 */
265		setgrent();
266		while ((grp = getgrent()) != NULL)
267			if (grp->gr_gid >= (int) cnf->min_gid && grp->gr_gid <= (int) cnf->max_gid)
268				bm_setbit(&bm, grp->gr_gid - cnf->min_gid);
269		endgrent();
270
271		/*
272		 * Then apply the policy, with fallback to reuse if necessary
273		 */
274		if (cnf->reuse_gids)
275			gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
276		else {
277			gid = (gid_t) (bm_lastset(&bm) + 1);
278			if (!bm_isset(&bm, gid))
279				gid += cnf->min_gid;
280			else
281				gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
282		}
283
284		/*
285		 * Another sanity check
286		 */
287		if (gid < cnf->min_gid || gid > cnf->max_gid)
288			cmderr(EX_SOFTWARE, "unable to allocate a new gid - range fully used\n");
289		bm_dealloc(&bm);
290	}
291	return gid;
292}
293
294
295static int
296print_group(struct group * grp, int pretty)
297{
298	if (!pretty) {
299		char            buf[_UC_MAXLINE];
300
301		fmtgrent(buf, grp);
302		fputs(buf, stdout);
303	} else {
304		int             i;
305
306		printf("Group Name : %-10s   #%lu\n"
307		       "   Members : ",
308		       grp->gr_name, (long) grp->gr_gid);
309		for (i = 0; i < _UC_MAXGROUPS && grp->gr_mem[i]; i++)
310			printf("%s%s", i ? "," : "", grp->gr_mem[i]);
311		fputs("\n\n", stdout);
312	}
313	return EXIT_SUCCESS;
314}
315