chpass.c revision 14212
1/*- 2 * Copyright (c) 1988, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#ifndef lint 35static char copyright[] = 36"@(#) Copyright (c) 1988, 1993, 1994\n\ 37 The Regents of the University of California. All rights reserved.\n"; 38#endif /* not lint */ 39 40#ifndef lint 41static char sccsid[] = "From: @(#)chpass.c 8.4 (Berkeley) 4/2/94"; 42static char rcsid[] = 43 "$Id: chpass.c,v 1.5 1996/02/23 14:33:05 wpaul Exp $"; 44#endif /* not lint */ 45 46#include <sys/param.h> 47#include <sys/stat.h> 48#include <sys/signal.h> 49#include <sys/time.h> 50#include <sys/resource.h> 51 52#include <ctype.h> 53#include <err.h> 54#include <errno.h> 55#include <fcntl.h> 56#include <pwd.h> 57#include <stdio.h> 58#include <stdlib.h> 59#include <string.h> 60#include <unistd.h> 61 62#include <pw_scan.h> 63#include <pw_util.h> 64#include "pw_copy.h" 65#ifdef YP 66#include <rpcsvc/yp.h> 67int yp_errno = YP_TRUE; 68#include "pw_yp.h" 69#endif 70 71#include "chpass.h" 72#include "pathnames.h" 73 74char *tempname; 75uid_t uid; 76 77void baduser __P((void)); 78void usage __P((void)); 79 80int 81main(argc, argv) 82 int argc; 83 char **argv; 84{ 85 enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW } op; 86 struct passwd *pw, lpw; 87 int ch, pfd, tfd; 88 char *arg; 89#ifdef YP 90 int force_local = 0; 91 int force_yp = 0; 92#endif 93 94 op = EDITENTRY; 95#ifdef YP 96 while ((ch = getopt(argc, argv, "a:p:s:d:h:oly")) != EOF) 97#else 98 while ((ch = getopt(argc, argv, "a:p:s:")) != EOF) 99#endif 100 switch(ch) { 101 case 'a': 102 op = LOADENTRY; 103 arg = optarg; 104 break; 105 case 's': 106 op = NEWSH; 107 arg = optarg; 108 break; 109 case 'p': 110 op = NEWPW; 111 arg = optarg; 112 break; 113#ifdef YP 114 case 'h': 115#ifdef PARAMOID 116 if (getuid()) { 117 warnx("Only the superuser can use the -d flag"); 118 } else { 119#endif 120 yp_server = optarg; 121#ifdef PARANOID 122 } 123#endif 124 break; 125 case 'd': 126#ifdef PARANOID 127 if (getuid()) { 128 warnx("Only the superuser can use the -d flag"); 129 } else { 130#endif 131 yp_domain = optarg; 132 if (yp_server == NULL) 133 yp_server = "localhost"; 134#ifdef PARANOID 135 } 136#endif 137 break; 138 case 'l': 139 if (getuid()) { 140 warnx("Only the superuser can use the -h flag"); 141 } else { 142 force_local = 1; 143 } 144 break; 145 case 'y': 146 _use_yp = force_yp = 1; 147 break; 148 case 'o': 149 force_old++; 150 break; 151#endif 152 case '?': 153 default: 154 usage(); 155 } 156 argc -= optind; 157 argv += optind; 158 159 uid = getuid(); 160 161 if (op == EDITENTRY || op == NEWSH || op == NEWPW) 162 switch(argc) { 163#ifdef YP 164 case 0: 165 GETPWUID(uid) 166 get_yp_master(1); /* XXX just to set the suser flag */ 167 break; 168 case 1: 169 GETPWNAM(*argv) 170 get_yp_master(1); /* XXX just to set the suser flag */ 171#else 172 case 0: 173 if (!(pw = getpwuid(uid))) 174 errx(1, "unknown user: uid %u", uid); 175 break; 176 case 1: 177 if (!(pw = getpwnam(*argv))) 178 errx(1, "unknown user: %s", *argv); 179#endif 180 if (uid && uid != pw->pw_uid) 181 baduser(); 182 break; 183 default: 184 usage(); 185 } 186 if (op == NEWSH) { 187 /* protect p_shell -- it thinks NULL is /bin/sh */ 188 if (!arg[0]) 189 usage(); 190 if (p_shell(arg, pw, (ENTRY *)NULL)) 191 pw_error((char *)NULL, 0, 1); 192 } 193 194 if (op == LOADENTRY) { 195 if (uid) 196 baduser(); 197 pw = &lpw; 198 if (!pw_scan(arg, pw)) 199 exit(1); 200 } 201 202 if (op == NEWPW) { 203 if (uid) 204 baduser(); 205 206 if(strchr(arg, ':')) { 207 errx(1, "invalid format for password"); 208 } 209 pw->pw_passwd = arg; 210 } 211 212 /* 213 * The temporary file/file descriptor usage is a little tricky here. 214 * 1: We start off with two fd's, one for the master password 215 * file (used to lock everything), and one for a temporary file. 216 * 2: Display() gets an fp for the temporary file, and copies the 217 * user's information into it. It then gives the temporary file 218 * to the user and closes the fp, closing the underlying fd. 219 * 3: The user edits the temporary file some number of times. 220 * 4: Verify() gets an fp for the temporary file, and verifies the 221 * contents. It can't use an fp derived from the step #2 fd, 222 * because the user's editor may have created a new instance of 223 * the file. Once the file is verified, its contents are stored 224 * in a password structure. The verify routine closes the fp, 225 * closing the underlying fd. 226 * 5: Delete the temporary file. 227 * 6: Get a new temporary file/fd. Pw_copy() gets an fp for it 228 * file and copies the master password file into it, replacing 229 * the user record with a new one. We can't use the first 230 * temporary file for this because it was owned by the user. 231 * Pw_copy() closes its fp, flushing the data and closing the 232 * underlying file descriptor. We can't close the master 233 * password fp, or we'd lose the lock. 234 * 7: Call pw_mkdb() (which renames the temporary file) and exit. 235 * The exit closes the master passwd fp/fd. 236 */ 237 pw_init(); 238 pfd = pw_lock(); 239 tfd = pw_tmp(); 240 241 if (op == EDITENTRY) { 242 display(tfd, pw); 243 edit(pw); 244 (void)unlink(tempname); 245 tfd = pw_tmp(); 246 } 247 248#ifdef YP 249 if (_use_yp) { 250 yp_submit(pw); 251 (void)unlink(tempname); 252 } else { 253#endif /* YP */ 254 pw_copy(pfd, tfd, pw); 255 256 if (!pw_mkdb()) 257 pw_error((char *)NULL, 0, 1); 258#ifdef YP 259 } 260#endif /* YP */ 261 exit(0); 262} 263 264void 265baduser() 266{ 267 errx(1, "%s", strerror(EACCES)); 268} 269 270void 271usage() 272{ 273 274 (void)fprintf(stderr, 275#ifdef YP 276 "usage: chpass [-l] [-y] [-d domain [-h host]] [-a list] [-p encpass] [-s shell] [user]\n"); 277#else 278 "usage: chpass [-a list] [-p encpass] [-s shell] [user]\n"); 279#endif 280 exit(1); 281} 282