chpass.c revision 16876
1/*- 2 * Copyright (c) 1988, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#ifndef lint 35static char copyright[] = 36"@(#) Copyright (c) 1988, 1993, 1994\n\ 37 The Regents of the University of California. All rights reserved.\n"; 38#endif /* not lint */ 39 40#ifndef lint 41static char sccsid[] = "From: @(#)chpass.c 8.4 (Berkeley) 4/2/94"; 42static char rcsid[] = 43 "$Id: chpass.c,v 1.8 1996/05/25 01:05:17 wpaul Exp $"; 44#endif /* not lint */ 45 46#include <sys/param.h> 47#include <sys/stat.h> 48#include <sys/signal.h> 49#include <sys/time.h> 50#include <sys/resource.h> 51 52#include <ctype.h> 53#include <err.h> 54#include <errno.h> 55#include <fcntl.h> 56#include <pwd.h> 57#include <stdio.h> 58#include <stdlib.h> 59#include <string.h> 60#include <unistd.h> 61 62#include <pw_scan.h> 63#include <pw_util.h> 64#include "pw_copy.h" 65#ifdef YP 66#include <rpcsvc/yp.h> 67int yp_errno = YP_TRUE; 68#include "pw_yp.h" 69#endif 70 71#include "chpass.h" 72#include "pathnames.h" 73 74char *tempname; 75uid_t uid; 76 77void baduser __P((void)); 78void usage __P((void)); 79 80int 81main(argc, argv) 82 int argc; 83 char **argv; 84{ 85 enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW } op; 86 struct passwd *pw, lpw; 87 char *username; 88 int ch, pfd, tfd; 89 char *arg; 90#ifdef YP 91 int force_local = 0; 92 int force_yp = 0; 93#endif 94 95 op = EDITENTRY; 96#ifdef YP 97 while ((ch = getopt(argc, argv, "a:p:s:d:h:oly")) != EOF) 98#else 99 while ((ch = getopt(argc, argv, "a:p:s:")) != EOF) 100#endif 101 switch(ch) { 102 case 'a': 103 op = LOADENTRY; 104 arg = optarg; 105 break; 106 case 's': 107 op = NEWSH; 108 arg = optarg; 109 break; 110 case 'p': 111 op = NEWPW; 112 arg = optarg; 113 break; 114#ifdef YP 115 case 'h': 116#ifdef PARANOID 117 if (getuid()) { 118 warnx("Only the superuser can use the -h flag"); 119 } else { 120#endif 121 yp_server = optarg; 122#ifdef PARANOID 123 } 124#endif 125 break; 126 case 'd': 127#ifdef PARANOID 128 if (getuid()) { 129 warnx("Only the superuser can use the -d flag"); 130 } else { 131#endif 132 yp_domain = optarg; 133 if (yp_server == NULL) 134 yp_server = "localhost"; 135#ifdef PARANOID 136 } 137#endif 138 break; 139 case 'l': 140 _use_yp = 0; 141 force_local = 1; 142 break; 143 case 'y': 144 _use_yp = force_yp = 1; 145 break; 146 case 'o': 147 force_old++; 148 break; 149#endif 150 case '?': 151 default: 152 usage(); 153 } 154 argc -= optind; 155 argv += optind; 156 157 uid = getuid(); 158 159 if (op == EDITENTRY || op == NEWSH || op == NEWPW) 160 switch(argc) { 161#ifdef YP 162 case 0: 163 GETPWUID(uid) 164 get_yp_master(1); /* XXX just to set the suser flag */ 165 break; 166 case 1: 167 GETPWNAM(*argv) 168 get_yp_master(1); /* XXX just to set the suser flag */ 169#else 170 case 0: 171 if (!(pw = getpwuid(uid))) 172 errx(1, "unknown user: uid %u", uid); 173 break; 174 case 1: 175 if (!(pw = getpwnam(*argv))) 176 errx(1, "unknown user: %s", *argv); 177#endif 178 if (uid && uid != pw->pw_uid) 179 baduser(); 180 break; 181 default: 182 usage(); 183 } 184 username = pw->pw_name; 185 if (op == NEWSH) { 186 /* protect p_shell -- it thinks NULL is /bin/sh */ 187 if (!arg[0]) 188 usage(); 189 if (p_shell(arg, pw, (ENTRY *)NULL)) 190 pw_error((char *)NULL, 0, 1); 191 } 192 193 if (op == LOADENTRY) { 194 if (uid) 195 baduser(); 196 pw = &lpw; 197 if (!pw_scan(arg, pw)) 198 exit(1); 199 } 200 201 if (op == NEWPW) { 202 if (uid) 203 baduser(); 204 205 if(strchr(arg, ':')) { 206 errx(1, "invalid format for password"); 207 } 208 pw->pw_passwd = arg; 209 } 210 211 /* 212 * The temporary file/file descriptor usage is a little tricky here. 213 * 1: We start off with two fd's, one for the master password 214 * file (used to lock everything), and one for a temporary file. 215 * 2: Display() gets an fp for the temporary file, and copies the 216 * user's information into it. It then gives the temporary file 217 * to the user and closes the fp, closing the underlying fd. 218 * 3: The user edits the temporary file some number of times. 219 * 4: Verify() gets an fp for the temporary file, and verifies the 220 * contents. It can't use an fp derived from the step #2 fd, 221 * because the user's editor may have created a new instance of 222 * the file. Once the file is verified, its contents are stored 223 * in a password structure. The verify routine closes the fp, 224 * closing the underlying fd. 225 * 5: Delete the temporary file. 226 * 6: Get a new temporary file/fd. Pw_copy() gets an fp for it 227 * file and copies the master password file into it, replacing 228 * the user record with a new one. We can't use the first 229 * temporary file for this because it was owned by the user. 230 * Pw_copy() closes its fp, flushing the data and closing the 231 * underlying file descriptor. We can't close the master 232 * password fp, or we'd lose the lock. 233 * 7: Call pw_mkdb() (which renames the temporary file) and exit. 234 * The exit closes the master passwd fp/fd. 235 */ 236 pw_init(); 237 pfd = pw_lock(); 238 tfd = pw_tmp(); 239 240 if (op == EDITENTRY) { 241 display(tfd, pw); 242 edit(pw); 243 (void)unlink(tempname); 244 tfd = pw_tmp(); 245 } 246 247#ifdef YP 248 if (_use_yp) { 249 yp_submit(pw); 250 (void)unlink(tempname); 251 } else { 252#endif /* YP */ 253 pw_copy(pfd, tfd, pw); 254 255 if (!pw_mkdb(username)) 256 pw_error((char *)NULL, 0, 1); 257#ifdef YP 258 } 259#endif /* YP */ 260 exit(0); 261} 262 263void 264baduser() 265{ 266 errx(1, "%s", strerror(EACCES)); 267} 268 269void 270usage() 271{ 272 273 (void)fprintf(stderr, 274#ifdef YP 275 "usage: chpass [-l] [-y] [-d domain [-h host]] [-a list] [-p encpass] [-s shell] [user]\n"); 276#else 277 "usage: chpass [-a list] [-p encpass] [-s shell] [user]\n"); 278#endif 279 exit(1); 280} 281