1 /* $NetBSD: chpass.c,v 1.35 2011/08/31 16:24:57 plunky Exp $ */ 2 3 /*- 4 * Copyright (c) 1988, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 #ifndef lint 34 __COPYRIGHT("@(#) Copyright (c) 1988, 1993, 1994\ 35 The Regents of the University of California. All rights reserved."); 36 #endif /* not lint */ 37 38 #ifndef lint 39 #if 0 40 static char sccsid[] = "@(#)chpass.c 8.4 (Berkeley) 4/2/94"; 41 #else 42 __RCSID("$NetBSD: chpass.c,v 1.35 2011/08/31 16:24:57 plunky Exp $"); 43 #endif 44 #endif /* not lint */ 45 46 #include <sys/param.h> 47 #include <sys/stat.h> 48 #include <sys/time.h> 49 #include <sys/resource.h> 50 51 #include <ctype.h> 52 #include <err.h> 53 #include <errno.h> 54 #include <fcntl.h> 55 #include <pwd.h> 56 #include <stdio.h> 57 #include <stdlib.h> 58 #include <string.h> 59 #include <unistd.h> 60 #include <util.h> 61 #include <libgen.h> 62 63 #include "chpass.h" 64 #include "pathnames.h" 65 66 static char tempname[] = "/tmp/pw.XXXXXX"; 67 uid_t uid; 68 int use_yp; 69 70 void (*Pw_error)(const char *, int, int); 71 72 #ifdef YP 73 extern int _yp_check(char **); /* buried deep inside libc */ 74 #endif 75 76 __dead static void baduser(void); 77 static void cleanup(void); 78 __dead static void usage(void); 79 80 int 81 main(int argc, char **argv) 82 { 83 enum { NEWSH, LOADENTRY, EDITENTRY } op; 84 struct passwd *pw, lpw, old_pw; 85 int ch, dfd, pfd, tfd; 86 #ifdef YP 87 int yflag = 0; 88 #endif 89 char *arg, *username = NULL; 90 91 #ifdef __GNUC__ 92 pw = NULL; /* XXX gcc -Wuninitialized */ 93 arg = NULL; 94 #endif 95 #ifdef YP 96 use_yp = _yp_check(NULL); 97 #endif 98 99 op = EDITENTRY; 100 while ((ch = getopt(argc, argv, "a:s:ly")) != -1) 101 switch (ch) { 102 case 'a': 103 op = LOADENTRY; 104 arg = optarg; 105 break; 106 case 's': 107 op = NEWSH; 108 arg = optarg; 109 break; 110 case 'l': 111 use_yp = 0; 112 break; 113 case 'y': 114 #ifdef YP 115 if (!use_yp) 116 errx(1, "YP not in use."); 117 yflag = 1; 118 #else 119 errx(1, "YP support not compiled in."); 120 #endif 121 break; 122 default: 123 usage(); 124 } 125 argc -= optind; 126 argv += optind; 127 128 uid = getuid(); 129 switch (argc) { 130 case 0: 131 /* nothing */ 132 break; 133 134 case 1: 135 username = argv[0]; 136 break; 137 138 default: 139 usage(); 140 } 141 142 #ifdef YP 143 /* 144 * We need to determine if we _really_ want to use YP. 145 * If we defaulted to YP (i.e. were not given the -y flag), 146 * and the master is not running rpc.yppasswdd, we check 147 * to see if the user exists in the local passwd database. 148 * If so, we use it, otherwise we error out. 149 */ 150 if (use_yp && yflag == 0) { 151 if (check_yppasswdd()) { 152 /* 153 * We weren't able to contact rpc.yppasswdd. 154 * Check to see if we're in the local 155 * password database. If we are, use it. 156 */ 157 if (username != NULL) 158 pw = getpwnam(username); 159 else 160 pw = getpwuid(uid); 161 if (pw != NULL) 162 use_yp = 0; 163 else { 164 warnx("master YP server not running yppasswd" 165 " daemon."); 166 errx(1, "Can't change password."); 167 } 168 } 169 } 170 #endif 171 172 #ifdef YP 173 if (use_yp) 174 Pw_error = yppw_error; 175 else 176 #endif 177 Pw_error = pw_error; 178 179 #ifdef YP 180 if (op == LOADENTRY && use_yp) 181 errx(1, "cannot load entry using YP.\n" 182 "\tUse the -l flag to load local."); 183 #endif 184 185 if (op == EDITENTRY || op == NEWSH) { 186 if (username != NULL) { 187 pw = getpwnam(username); 188 if (pw == NULL) 189 errx(1, "unknown user: %s", username); 190 if (uid && uid != pw->pw_uid) 191 baduser(); 192 } else { 193 pw = getpwuid(uid); 194 if (pw == NULL) 195 errx(1, "unknown user: uid %u", uid); 196 } 197 198 /* Make a copy for later verification */ 199 old_pw = *pw; 200 old_pw.pw_gecos = strdup(old_pw.pw_gecos); 201 if (!old_pw.pw_gecos) { 202 err(1, "strdup"); 203 /*NOTREACHED*/ 204 } 205 } 206 207 if (op == NEWSH) { 208 /* protect p_shell -- it thinks NULL is /bin/sh */ 209 if (!arg[0]) 210 usage(); 211 if (p_shell(arg, pw, NULL)) 212 (*Pw_error)(NULL, 0, 1); 213 } 214 215 if (op == LOADENTRY) { 216 if (uid) 217 baduser(); 218 pw = &lpw; 219 if (!pw_scan(arg, pw, NULL)) 220 exit(1); 221 } 222 223 /* Edit the user passwd information if requested. */ 224 if (op == EDITENTRY) { 225 struct stat sb; 226 227 dfd = mkstemp(tempname); 228 if (dfd < 0 || fcntl(dfd, F_SETFD, 1) < 0) 229 (*Pw_error)(tempname, 1, 1); 230 if (atexit(cleanup)) { 231 cleanup(); 232 errx(1, "couldn't register cleanup"); 233 } 234 if (stat(dirname(tempname), &sb) == -1) 235 err(1, "couldn't stat `%s'", dirname(tempname)); 236 if (!(sb.st_mode & S_ISTXT)) 237 errx(1, "temporary directory `%s' is not sticky", 238 dirname(tempname)); 239 240 display(tempname, dfd, pw); 241 edit(tempname, pw); 242 } 243 244 #ifdef YP 245 if (use_yp) { 246 if (pw_yp(pw, uid)) 247 yppw_error(NULL, 0, 1); 248 else 249 exit(0); 250 /* Will not exit from this if. */ 251 } 252 #endif /* YP */ 253 254 255 /* 256 * Get the passwd lock file and open the passwd file for 257 * reading. 258 */ 259 pw_init(); 260 tfd = pw_lock(0); 261 if (tfd < 0) { 262 if (errno != EEXIST) 263 err(1, "%s", _PATH_MASTERPASSWD_LOCK); 264 warnx("The passwd file is busy, waiting..."); 265 tfd = pw_lock(10); 266 if (tfd < 0) { 267 if (errno != EEXIST) 268 err(1, "%s", _PATH_MASTERPASSWD_LOCK); 269 errx(1, "The passwd file is still busy, " 270 "try again later."); 271 } 272 } 273 if (fcntl(tfd, F_SETFD, 1) < 0) 274 pw_error(_PATH_MASTERPASSWD_LOCK, 1, 1); 275 276 pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0); 277 if (pfd < 0 || fcntl(pfd, F_SETFD, 1) < 0) 278 pw_error(_PATH_MASTERPASSWD, 1, 1); 279 280 /* Copy the passwd file to the lock file, updating pw. */ 281 pw_copy(pfd, tfd, pw, (op == LOADENTRY) ? NULL : &old_pw); 282 283 close(pfd); 284 close(tfd); 285 286 /* Now finish the passwd file update. */ 287 if (pw_mkdb(username, 0) < 0) 288 pw_error(NULL, 0, 1); 289 290 exit(0); 291 } 292 293 static void 294 baduser(void) 295 { 296 297 errx(1, "%s", strerror(EACCES)); 298 } 299 300 static void 301 usage(void) 302 { 303 304 (void)fprintf(stderr, 305 "usage: %s [-a list] [-s shell] [-l] [user]\n" 306 " %s [-a list] [-s shell] [-y] [user]\n", 307 getprogname(), getprogname()); 308 exit(1); 309 } 310 311 static void 312 cleanup(void) 313 { 314 315 (void)unlink(tempname); 316 } 317