xref: /netbsd-src/lib/libutil/passwd.c (revision 23c8222edbfb0f0932d88a8351d3a0cf817dfb9e) 
1 /*	$NetBSD: passwd.c,v 1.36 2004/08/03 23:29:05 thorpej Exp $	*/
2 
3 /*
4  * Copyright (c) 1987, 1993, 1994, 1995
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 #if defined(LIBC_SCCS) && !defined(lint)
34 __RCSID("$NetBSD: passwd.c,v 1.36 2004/08/03 23:29:05 thorpej Exp $");
35 #endif /* LIBC_SCCS and not lint */
36 
37 #include <sys/types.h>
38 #include <sys/param.h>
39 #include <sys/stat.h>
40 #include <sys/time.h>
41 #include <sys/resource.h>
42 #include <sys/wait.h>
43 
44 #include <assert.h>
45 #include <ctype.h>
46 #include <err.h>
47 #include <errno.h>
48 #include <fcntl.h>
49 #include <limits.h>
50 #include <paths.h>
51 #include <pwd.h>
52 #include <signal.h>
53 #include <stdio.h>
54 #include <stdlib.h>
55 #include <string.h>
56 #include <unistd.h>
57 #include <util.h>
58 
59 static const char      *pw_filename(const char *filename);
60 static void		pw_cont(int sig);
61 static int		pw_equal(char *buf, struct passwd *old_pw);
62 static const char      *pw_default(const char *option);
63 static int		read_line(FILE *fp, char *line, int max);
64 static void		trim_whitespace(char *line);
65 
66 static	char	pw_prefix[MAXPATHLEN];
67 
68 const char *
69 pw_getprefix(void)
70 {
71 
72 	return(pw_prefix);
73 }
74 
75 int
76 pw_setprefix(const char *new_prefix)
77 {
78 	size_t length;
79 
80 	_DIAGASSERT(new_prefix != NULL);
81 
82 	length = strlen(new_prefix);
83 	if (length < sizeof(pw_prefix)) {
84 		(void)strcpy(pw_prefix, new_prefix);
85 		while (length > 0 && pw_prefix[length - 1] == '/')
86 			pw_prefix[--length] = '\0';
87 		return(0);
88 	}
89 	errno = ENAMETOOLONG;
90 	return(-1);
91 }
92 
93 static const char *
94 pw_filename(const char *filename)
95 {
96 	static char newfilename[MAXPATHLEN];
97 
98 	_DIAGASSERT(filename != NULL);
99 
100 	if (pw_prefix[0] == '\0')
101 		return filename;
102 
103 	if (strlen(pw_prefix) + strlen(filename) < sizeof(newfilename))
104 		return strcat(strcpy(newfilename, pw_prefix), filename);
105 
106 	errno = ENAMETOOLONG;
107 	return(NULL);
108 }
109 
110 int
111 pw_lock(int retries)
112 {
113 	const char *filename;
114 	int i, fd;
115 	mode_t old_mode;
116 	int oerrno;
117 
118 	/* Acquire the lock file. */
119 	filename = pw_filename(_PATH_MASTERPASSWD_LOCK);
120 	if (filename == NULL)
121 		return(-1);
122 	old_mode = umask(0);
123 	fd = open(filename, O_WRONLY|O_CREAT|O_EXCL, 0600);
124 	for (i = 0; i < retries && fd < 0 && errno == EEXIST; i++) {
125 		sleep(1);
126 		fd = open(filename, O_WRONLY|O_CREAT|O_EXCL,
127 			  0600);
128 	}
129 	oerrno = errno;
130 	(void)umask(old_mode);
131 	errno = oerrno;
132 	return(fd);
133 }
134 
135 int
136 pw_mkdb(username, secureonly)
137 	const char *username;
138 	int secureonly;
139 {
140 	const char *args[9];
141 	int pstat, i;
142 	pid_t pid;
143 
144 	pid = vfork();
145 	if (pid == -1)
146 		return (-1);
147 
148 	if (pid == 0) {
149 		args[0] = "pwd_mkdb";
150 		args[1] = "-d";
151 		args[2] = pw_prefix;
152 		args[3] = "-p";
153 		i = 4;
154 
155 		if (secureonly)
156 			args[i++] = "-s";
157 		if (username != NULL) {
158 			args[i++] = "-u";
159 			args[i++] = username;
160 		}
161 
162 		args[i++] = pw_filename(_PATH_MASTERPASSWD_LOCK);
163 		args[i] = NULL;
164 		execv(_PATH_PWD_MKDB, (char * const *)args);
165 		_exit(1);
166 	}
167 	pid = waitpid(pid, &pstat, 0);
168 	if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0)
169 		return(-1);
170 	return(0);
171 }
172 
173 int
174 pw_abort(void)
175 {
176 	const char *filename;
177 
178 	filename = pw_filename(_PATH_MASTERPASSWD_LOCK);
179 	return((filename == NULL) ? -1 : unlink(filename));
180 }
181 
182 /* Everything below this point is intended for the convenience of programs
183  * which allow a user to interactively edit the passwd file.  Errors in the
184  * routines below will cause the process to abort. */
185 
186 static pid_t editpid = -1;
187 
188 static void
189 pw_cont(int sig)
190 {
191 
192 	if (editpid != -1)
193 		kill(editpid, sig);
194 }
195 
196 void
197 pw_init(void)
198 {
199 	struct rlimit rlim;
200 
201 	/* Unlimited resource limits. */
202 	rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
203 	(void)setrlimit(RLIMIT_CPU, &rlim);
204 	(void)setrlimit(RLIMIT_FSIZE, &rlim);
205 	(void)setrlimit(RLIMIT_STACK, &rlim);
206 	(void)setrlimit(RLIMIT_DATA, &rlim);
207 	(void)setrlimit(RLIMIT_RSS, &rlim);
208 
209 	/* Don't drop core (not really necessary, but GP's). */
210 	rlim.rlim_cur = rlim.rlim_max = 0;
211 	(void)setrlimit(RLIMIT_CORE, &rlim);
212 
213 	/* Turn off signals. */
214 	(void)signal(SIGALRM, SIG_IGN);
215 	(void)signal(SIGHUP, SIG_IGN);
216 	(void)signal(SIGINT, SIG_IGN);
217 	(void)signal(SIGPIPE, SIG_IGN);
218 	(void)signal(SIGQUIT, SIG_IGN);
219 	(void)signal(SIGTERM, SIG_IGN);
220 	(void)signal(SIGCONT, pw_cont);
221 }
222 
223 void
224 pw_edit(int notsetuid, const char *filename)
225 {
226 	int pstat;
227 	char *p, *editor;
228 	char *argp[] = { "sh", "-c", NULL, NULL };
229 
230 #ifdef __GNUC__
231 	(void) &editor;
232 #endif
233 
234 	if (filename == NULL)
235 		filename = _PATH_MASTERPASSWD_LOCK;
236 
237 	filename = pw_filename(filename);
238 	if (filename == NULL)
239 		return;
240 
241 	if ((editor = getenv("EDITOR")) == NULL)
242 		editor = _PATH_VI;
243 
244 	p = malloc(strlen(editor) + 1 + strlen(filename) + 1);
245 	if (p == NULL)
246 		return;
247 
248 	sprintf(p, "%s %s", editor, filename);
249 	argp[2] = p;
250 
251 	switch(editpid = vfork()) {
252 	case -1:
253 		free(p);
254 		return;
255 	case 0:
256 		if (notsetuid) {
257 			setgid(getgid());
258 			setuid(getuid());
259 		}
260 		execvp(_PATH_BSHELL, argp);
261 		_exit(1);
262 	}
263 
264 	free(p);
265 
266 	for (;;) {
267 		editpid = waitpid(editpid, (int *)&pstat, WUNTRACED);
268 		if (editpid == -1)
269 			pw_error(editor, 1, 1);
270 		else if (WIFSTOPPED(pstat))
271 			raise(WSTOPSIG(pstat));
272 		else if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0)
273 			break;
274 		else
275 			pw_error(editor, 1, 1);
276 	}
277 	editpid = -1;
278 }
279 
280 void
281 pw_prompt(void)
282 {
283 	int c;
284 
285 	(void)printf("re-edit the password file? [y]: ");
286 	(void)fflush(stdout);
287 	c = getchar();
288 	if (c != EOF && c != '\n')
289 		while (getchar() != '\n');
290 	if (c == 'n')
291 		pw_error(NULL, 0, 0);
292 }
293 
294 /* for use in pw_copy(). Compare a pw entry to a pw struct. */
295 static int
296 pw_equal(char *buf, struct passwd *pw)
297 {
298 	struct passwd buf_pw;
299 	int len;
300 
301 	_DIAGASSERT(buf != NULL);
302 	_DIAGASSERT(pw != NULL);
303 
304 	len = strlen (buf);
305 	if (buf[len-1] == '\n')
306 		buf[len-1] = '\0';
307 	if (!pw_scan(buf, &buf_pw, NULL))
308 		return 0;
309 	return !strcmp(pw->pw_name, buf_pw.pw_name)
310 		&& pw->pw_uid == buf_pw.pw_uid
311 		&& pw->pw_gid == buf_pw.pw_gid
312 		&& !strcmp(pw->pw_class, buf_pw.pw_class)
313 		&& (long)pw->pw_change == (long)buf_pw.pw_change
314 		&& (long)pw->pw_expire == (long)buf_pw.pw_expire
315 		&& !strcmp(pw->pw_gecos, buf_pw.pw_gecos)
316 		&& !strcmp(pw->pw_dir, buf_pw.pw_dir)
317 		&& !strcmp(pw->pw_shell, buf_pw.pw_shell);
318 }
319 
320 void
321 pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw)
322 {
323 	char errbuf[200];
324 	int rv;
325 
326 	rv = pw_copyx(ffd, tfd, pw, old_pw, errbuf, sizeof(errbuf));
327 	if (rv == 0) {
328 		warnx("%s", errbuf);
329 		pw_error(NULL, 0, 1);
330 	}
331 }
332 
333 int
334 pw_copyx(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw,
335     char *errbuf, size_t errbufsz)
336 {
337 	const char *filename;
338 	char mpwd[MAXPATHLEN], mpwdl[MAXPATHLEN], *p, buf[8192];
339 	FILE *from, *to;
340 	int done;
341 
342 	_DIAGASSERT(pw != NULL);
343 	_DIAGASSERT(errbuf != NULL);
344 	/* old_pw may be NULL */
345 
346 	if ((filename = pw_filename(_PATH_MASTERPASSWD)) == NULL) {
347 		snprintf(errbuf, errbufsz, "%s: %s", pw_prefix,
348 		    strerror(errno));
349 		return (0);
350 	}
351 	(void)strcpy(mpwd, filename);
352 	if ((filename = pw_filename(_PATH_MASTERPASSWD_LOCK)) == NULL) {
353 		snprintf(errbuf, errbufsz, "%s: %s", pw_prefix,
354 		    strerror(errno));
355 		return (0);
356 	}
357 	(void)strcpy(mpwdl, filename);
358 
359 	if (!(from = fdopen(ffd, "r"))) {
360 		snprintf(errbuf, errbufsz, "%s: %s", mpwd, strerror(errno));
361 		return (0);
362 	}
363 	if (!(to = fdopen(tfd, "w"))) {
364 		snprintf(errbuf, errbufsz, "%s: %s", mpwdl, strerror(errno));
365 		return (0);
366 	}
367 
368 	for (done = 0; fgets(buf, sizeof(buf), from);) {
369 		if (!strchr(buf, '\n')) {
370 			snprintf(errbuf, errbufsz, "%s: line too long", mpwd);
371 			return (0);
372 		}
373 		if (done) {
374 			(void)fprintf(to, "%s", buf);
375 			if (ferror(to)) {
376 				snprintf(errbuf, errbufsz, "%s",
377 				    strerror(errno));
378 				return (0);
379 			}
380 			continue;
381 		}
382 		if (!(p = strchr(buf, ':'))) {
383 			snprintf(errbuf, errbufsz, "%s: corrupted entry", mpwd);
384 			return (0);
385 		}
386 		*p = '\0';
387 		if (strcmp(buf, pw->pw_name)) {
388 			*p = ':';
389 			(void)fprintf(to, "%s", buf);
390 			if (ferror(to)) {
391 				snprintf(errbuf, errbufsz, "%s",
392 				    strerror(errno));
393 				return (0);
394 			}
395 			continue;
396 		}
397 		*p = ':';
398 		if (old_pw && !pw_equal(buf, old_pw)) {
399 			snprintf(errbuf, errbufsz, "%s: entry inconsistent",
400 			    mpwd);
401 			return (0);
402 		}
403 		(void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
404 		    pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
405 		    pw->pw_class, (long)pw->pw_change, (long)pw->pw_expire,
406 		    pw->pw_gecos, pw->pw_dir, pw->pw_shell);
407 		done = 1;
408 		if (ferror(to)) {
409 			snprintf(errbuf, errbufsz, "%s", strerror(errno));
410 			return (0);
411 		}
412 	}
413 	/* Only append a new entry if real uid is root! */
414 	if (!done) {
415 		if (getuid() == 0) {
416 			(void)fprintf(to, "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s\n",
417 			    pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
418 			    pw->pw_class, (long)pw->pw_change,
419 			    (long)pw->pw_expire, pw->pw_gecos, pw->pw_dir,
420 			    pw->pw_shell);
421 			done = 1;
422 		} else {
423 			snprintf(errbuf, errbufsz,
424 			    "%s: changes not made, no such entry", mpwd);
425 		}
426 	}
427 
428 	if (ferror(to)) {
429 		snprintf(errbuf, errbufsz, "%s", strerror(errno));
430 		return (0);
431 	}
432 	(void)fclose(to);
433 
434 	return (done);
435 }
436 
437 void
438 pw_error(const char *name, int error, int eval)
439 {
440 
441 	if (error) {
442 		if (name)
443 			warn("%s", name);
444 		else
445 			warn(NULL);
446 	}
447 
448 	warnx("%s%s: unchanged", pw_prefix, _PATH_MASTERPASSWD);
449 	pw_abort();
450 	exit(eval);
451 }
452 
453 /* Removes head and/or tail spaces. */
454 static void
455 trim_whitespace(char *line)
456 {
457 	char *p;
458 
459 	_DIAGASSERT(line != NULL);
460 
461 	/* Remove leading spaces */
462 	p = line;
463 	while (isspace((unsigned char) *p))
464 		p++;
465 	memmove(line, p, strlen(p) + 1);
466 
467 	/* Remove trailing spaces */
468 	p = line + strlen(line) - 1;
469 	while (isspace((unsigned char) *p))
470 		p--;
471 	*(p + 1) = '\0';
472 }
473 
474 
475 /* Get one line, remove spaces from front and tail */
476 static int
477 read_line(FILE *fp, char *line, int max)
478 {
479 	char   *p;
480 
481 	_DIAGASSERT(fp != NULL);
482 	_DIAGASSERT(line != NULL);
483 
484 	/* Read one line of config */
485 	if (fgets(line, max, fp) == NULL)
486 		return (0);
487 
488 	if ((p = strchr(line, '\n')) == NULL) {
489 		warnx("line too long");
490 		return (0);
491 	}
492 	*p = '\0';
493 
494 	/* Remove comments */
495 	if ((p = strchr(line, '#')) != NULL)
496 		*p = '\0';
497 
498 	trim_whitespace(line);
499 	return (1);
500 }
501 
502 static const char *
503 pw_default(const char *option)
504 {
505 	static const char *options[][2] = {
506 		{ "localcipher",	"old" },
507 		{ "ypcipher",		"old" },
508 	};
509 	int i;
510 
511 	_DIAGASSERT(option != NULL);
512 	for (i = 0; i < sizeof(options) / sizeof(options[0]); i++)
513 		if (strcmp(options[i][0], option) == 0)
514 			return (options[i][1]);
515 
516 	return (NULL);
517 }
518 
519 /*
520  * Retrieve password information from the /etc/passwd.conf file, at the
521  * moment this is only for choosing the cipher to use.  It could easily be
522  * used for other authentication methods as well.
523  */
524 void
525 pw_getconf(char *data, size_t max, const char *key, const char *option)
526 {
527 	FILE *fp;
528 	char line[LINE_MAX], *p, *p2;
529 	static char result[LINE_MAX];
530 	int got, found;
531 	const char *cp;
532 
533 	_DIAGASSERT(data != NULL);
534 	_DIAGASSERT(key != NULL);
535 	_DIAGASSERT(option != NULL);
536 
537 	got = 0;
538 	found = 0;
539 	result[0] = '\0';
540 
541 	if ((fp = fopen(_PATH_PASSWD_CONF, "r")) == NULL) {
542 		if ((cp = pw_default(option)) != NULL)
543 			strlcpy(data, cp, max);
544 		else
545 			data[0] = '\0';
546 		return;
547 	}
548 
549 	while (!found && (got || read_line(fp, line, LINE_MAX))) {
550 		got = 0;
551 
552 		if (strncmp(key, line, strlen(key)) != 0 ||
553 		    line[strlen(key)] != ':')
554 			continue;
555 
556 		/* Now we found our specified key */
557 		while (read_line(fp, line, LINE_MAX)) {
558 			/* Leaving key field */
559 			if (line[0] != '\0' && strchr(line + 1, ':') != NULL) {
560 				got = 1;
561 				break;
562 			}
563 			p2 = line;
564 			if ((p = strsep(&p2, "=")) == NULL || p2 == NULL)
565 				continue;
566 			trim_whitespace(p);
567 
568 			if (!strncmp(p, option, strlen(option))) {
569 				trim_whitespace(p2);
570 				strcpy(result, p2);
571 				found = 1;
572 				break;
573 			}
574 		}
575 	}
576 	fclose(fp);
577 
578 	/*
579 	 * If we got no result and were looking for a default
580 	 * value, try hard coded defaults.
581 	 */
582 
583 	if (strlen(result) == 0 && strcmp(key, "default") == 0 &&
584 	    (cp = pw_default(option)) != NULL)
585 		strlcpy(data, cp, max);
586 	else
587 		strlcpy(data, result, max);
588 }
589