xref: /netbsd-src/lib/libutil/passwd.c (revision b1c86f5f087524e68db12794ee9c3e3da1ab17a0) 
1 /*	$NetBSD: passwd.c,v 1.50 2010/08/18 08:32:02 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 1987, 1993, 1994, 1995
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 #if defined(LIBC_SCCS) && !defined(lint)
34 __RCSID("$NetBSD: passwd.c,v 1.50 2010/08/18 08:32:02 christos Exp $");
35 #endif /* LIBC_SCCS and not lint */
36 
37 #include <sys/types.h>
38 #include <sys/param.h>
39 #include <sys/stat.h>
40 #include <sys/time.h>
41 #include <sys/resource.h>
42 #include <sys/wait.h>
43 
44 #include <assert.h>
45 #include <ctype.h>
46 #include <err.h>
47 #include <errno.h>
48 #include <fcntl.h>
49 #include <limits.h>
50 #include <paths.h>
51 #include <pwd.h>
52 #include <grp.h>
53 #include <signal.h>
54 #include <stdio.h>
55 #include <stdlib.h>
56 #include <string.h>
57 #include <unistd.h>
58 #include <util.h>
59 
60 static const char      *pw_filename(const char *filename);
61 static void		pw_cont(int sig);
62 static const char *	pw_equal(char *buf, struct passwd *old_pw);
63 static const char      *pw_default(const char *option);
64 static int		read_line(FILE *fp, char *line, int max);
65 static void		trim_whitespace(char *line);
66 
67 static	char	pw_prefix[MAXPATHLEN];
68 
69 const char *
70 pw_getprefix(void)
71 {
72 
73 	return(pw_prefix);
74 }
75 
76 int
77 pw_setprefix(const char *new_prefix)
78 {
79 	size_t length;
80 
81 	_DIAGASSERT(new_prefix != NULL);
82 
83 	length = strlen(new_prefix);
84 	if (length < sizeof(pw_prefix)) {
85 		(void)strcpy(pw_prefix, new_prefix);
86 		while (length > 0 && pw_prefix[length - 1] == '/')
87 			pw_prefix[--length] = '\0';
88 		return(0);
89 	}
90 	errno = ENAMETOOLONG;
91 	return(-1);
92 }
93 
94 static const char *
95 pw_filename(const char *filename)
96 {
97 	static char newfilename[MAXPATHLEN];
98 
99 	_DIAGASSERT(filename != NULL);
100 
101 	if (pw_prefix[0] == '\0')
102 		return filename;
103 
104 	if (strlen(pw_prefix) + strlen(filename) < sizeof(newfilename))
105 		return strcat(strcpy(newfilename, pw_prefix), filename);
106 
107 	errno = ENAMETOOLONG;
108 	return(NULL);
109 }
110 
111 int
112 pw_lock(int retries)
113 {
114 	const char *filename;
115 	int i, fd;
116 	mode_t old_mode;
117 	int oerrno;
118 
119 	/* Acquire the lock file. */
120 	filename = pw_filename(_PATH_MASTERPASSWD_LOCK);
121 	if (filename == NULL)
122 		return(-1);
123 	old_mode = umask(0);
124 	fd = open(filename, O_WRONLY|O_CREAT|O_EXCL, 0600);
125 	for (i = 0; i < retries && fd < 0 && errno == EEXIST; i++) {
126 		sleep(1);
127 		fd = open(filename, O_WRONLY|O_CREAT|O_EXCL,
128 			  0600);
129 	}
130 	oerrno = errno;
131 	(void)umask(old_mode);
132 	errno = oerrno;
133 	return(fd);
134 }
135 
136 int
137 pw_mkdb(username, secureonly)
138 	const char *username;
139 	int secureonly;
140 {
141 	const char *args[9];
142 	int pstat, i;
143 	pid_t pid;
144 
145 	pid = vfork();
146 	if (pid == -1)
147 		return -1;
148 
149 	if (pid == 0) {
150 		args[0] = "pwd_mkdb";
151 		args[1] = "-d";
152 		args[2] = pw_prefix;
153 		args[3] = "-pl";
154 		i = 4;
155 
156 		if (secureonly)
157 			args[i++] = "-s";
158 		if (username != NULL) {
159 			args[i++] = "-u";
160 			args[i++] = username;
161 		}
162 
163 		args[i++] = pw_filename(_PATH_MASTERPASSWD_LOCK);
164 		args[i] = NULL;
165 		execv(_PATH_PWD_MKDB, (char * const *)__UNCONST(args));
166 		_exit(1);
167 	}
168 	pid = waitpid(pid, &pstat, 0);
169 	if (pid == -1) {
170 		warn("error waiting for pid %lu", (unsigned long)pid);
171 		return -1;
172 	}
173 	if (WIFEXITED(pstat)) {
174 		if (WEXITSTATUS(pstat) != 0) {
175 			warnx("pwd_mkdb exited with static %d",
176 			    WEXITSTATUS(pstat));
177 			return -1;
178 		}
179 	} else if (WIFSIGNALED(pstat)) {
180 		warnx("pwd_mkdb exited with signal %d", WTERMSIG(pstat));
181 		return -1;
182 	}
183 	return 0;
184 }
185 
186 int
187 pw_abort(void)
188 {
189 	const char *filename;
190 
191 	filename = pw_filename(_PATH_MASTERPASSWD_LOCK);
192 	return((filename == NULL) ? -1 : unlink(filename));
193 }
194 
195 /* Everything below this point is intended for the convenience of programs
196  * which allow a user to interactively edit the passwd file.  Errors in the
197  * routines below will cause the process to abort. */
198 
199 static pid_t editpid = -1;
200 
201 static void
202 pw_cont(int sig)
203 {
204 
205 	if (editpid != -1)
206 		kill(editpid, sig);
207 }
208 
209 void
210 pw_init(void)
211 {
212 	struct rlimit rlim;
213 
214 	/* Unlimited resource limits. */
215 	rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
216 	(void)setrlimit(RLIMIT_CPU, &rlim);
217 	(void)setrlimit(RLIMIT_FSIZE, &rlim);
218 	(void)setrlimit(RLIMIT_STACK, &rlim);
219 	(void)setrlimit(RLIMIT_DATA, &rlim);
220 	(void)setrlimit(RLIMIT_RSS, &rlim);
221 
222 	/* Don't drop core (not really necessary, but GP's). */
223 	rlim.rlim_cur = rlim.rlim_max = 0;
224 	(void)setrlimit(RLIMIT_CORE, &rlim);
225 
226 	/* Turn off signals. */
227 	(void)signal(SIGALRM, SIG_IGN);
228 	(void)signal(SIGHUP, SIG_IGN);
229 	(void)signal(SIGINT, SIG_IGN);
230 	(void)signal(SIGPIPE, SIG_IGN);
231 	(void)signal(SIGQUIT, SIG_IGN);
232 	(void)signal(SIGTERM, SIG_IGN);
233 	(void)signal(SIGCONT, pw_cont);
234 }
235 
236 void
237 pw_edit(int notsetuid, const char *filename)
238 {
239 	int pstat;
240 	char *p;
241 	const char * volatile editor;
242 	const char *argp[] = { "sh", "-c", NULL, NULL };
243 
244 	if (filename == NULL)
245 		filename = _PATH_MASTERPASSWD_LOCK;
246 
247 	filename = pw_filename(filename);
248 	if (filename == NULL)
249 		return;
250 
251 	if ((editor = getenv("EDITOR")) == NULL)
252 		editor = _PATH_VI;
253 
254 	p = malloc(strlen(editor) + 1 + strlen(filename) + 1);
255 	if (p == NULL)
256 		return;
257 
258 	sprintf(p, "%s %s", editor, filename);
259 	argp[2] = p;
260 
261 	switch(editpid = vfork()) {
262 	case -1:
263 		free(p);
264 		return;
265 	case 0:
266 		if (notsetuid) {
267 			setgid(getgid());
268 			setuid(getuid());
269 		}
270 		execvp(_PATH_BSHELL, (char *const *)__UNCONST(argp));
271 		_exit(1);
272 	}
273 
274 	free(p);
275 
276 	for (;;) {
277 		editpid = waitpid(editpid, (int *)&pstat, WUNTRACED);
278 		if (editpid == -1)
279 			pw_error(editor, 1, 1);
280 		else if (WIFSTOPPED(pstat))
281 			raise(WSTOPSIG(pstat));
282 		else if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0)
283 			break;
284 		else
285 			pw_error(editor, 1, 1);
286 	}
287 	editpid = -1;
288 }
289 
290 void
291 pw_prompt(void)
292 {
293 	int c;
294 
295 	(void)printf("re-edit the password file? [y]: ");
296 	(void)fflush(stdout);
297 	c = getchar();
298 	if (c != EOF && c != '\n')
299 		while (getchar() != '\n');
300 	if (c == 'n')
301 		pw_error(NULL, 0, 0);
302 }
303 
304 /* for use in pw_copy(). Compare a pw entry to a pw struct. */
305 /* returns a character string labelling the miscompared field or 0 */
306 static const char *
307 pw_equal(char *buf, struct passwd *pw)
308 {
309 	struct passwd buf_pw;
310 	size_t len;
311 
312 	_DIAGASSERT(buf != NULL);
313 	_DIAGASSERT(pw != NULL);
314 
315 	len = strlen (buf);
316 	if (buf[len-1] == '\n')
317 		buf[len-1] = '\0';
318 	if (!pw_scan(buf, &buf_pw, NULL))
319 		return "corrupt line";
320 	if (strcmp(pw->pw_name, buf_pw.pw_name) != 0)
321 		return "name";
322 	if (pw->pw_uid != buf_pw.pw_uid)
323 		return "uid";
324 	if (pw->pw_gid != buf_pw.pw_gid)
325 		return "gid";
326 	if (strcmp( pw->pw_class, buf_pw.pw_class) != 0)
327 		return "class";
328 	if (pw->pw_change != buf_pw.pw_change)
329 		return "change";
330 	if (pw->pw_expire != buf_pw.pw_expire)
331 		return "expire";
332 	if (strcmp( pw->pw_gecos, buf_pw.pw_gecos) != 0)
333 		return "gecos";
334 	if (strcmp( pw->pw_dir, buf_pw.pw_dir) != 0)
335 		return "dir";
336 	if (strcmp( pw->pw_shell, buf_pw.pw_shell) != 0)
337 		return "shell";
338 	return (char *)0;
339 }
340 
341 void
342 pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw)
343 {
344 	char errbuf[200];
345 	int rv;
346 
347 	rv = pw_copyx(ffd, tfd, pw, old_pw, errbuf, sizeof(errbuf));
348 	if (rv == 0) {
349 		warnx("%s", errbuf);
350 		pw_error(NULL, 0, 1);
351 	}
352 }
353 
354 static void
355 pw_print(FILE *to, const struct passwd *pw)
356 {
357 	(void)fprintf(to, "%s:%s:%d:%d:%s:%lld:%lld:%s:%s:%s\n",
358 	    pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid,
359 	    pw->pw_class, (long long)pw->pw_change,
360 	    (long long)pw->pw_expire,
361 	    pw->pw_gecos, pw->pw_dir, pw->pw_shell);
362 }
363 
364 int
365 pw_copyx(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw,
366     char *errbuf, size_t errbufsz)
367 {
368 	const char *filename;
369 	char mpwd[MAXPATHLEN], mpwdl[MAXPATHLEN], *p, buf[8192];
370 	FILE *from, *to;
371 	int done;
372 
373 	_DIAGASSERT(pw != NULL);
374 	_DIAGASSERT(errbuf != NULL);
375 	/* old_pw may be NULL */
376 
377 	if ((filename = pw_filename(_PATH_MASTERPASSWD)) == NULL) {
378 		snprintf(errbuf, errbufsz, "%s: %s", pw_prefix,
379 		    strerror(errno));
380 		return (0);
381 	}
382 	(void)strcpy(mpwd, filename);
383 	if ((filename = pw_filename(_PATH_MASTERPASSWD_LOCK)) == NULL) {
384 		snprintf(errbuf, errbufsz, "%s: %s", pw_prefix,
385 		    strerror(errno));
386 		return (0);
387 	}
388 	(void)strcpy(mpwdl, filename);
389 
390 	if (!(from = fdopen(ffd, "r"))) {
391 		snprintf(errbuf, errbufsz, "%s: %s", mpwd, strerror(errno));
392 		return (0);
393 	}
394 	if (!(to = fdopen(tfd, "w"))) {
395 		snprintf(errbuf, errbufsz, "%s: %s", mpwdl, strerror(errno));
396 		(void)fclose(from);
397 		return (0);
398 	}
399 
400 	for (done = 0; fgets(buf, (int)sizeof(buf), from);) {
401 		const char *neq;
402 		if (!strchr(buf, '\n')) {
403 			snprintf(errbuf, errbufsz, "%s: line too long", mpwd);
404 			(void)fclose(from);
405 			(void)fclose(to);
406 			return (0);
407 		}
408 		if (done) {
409 			(void)fprintf(to, "%s", buf);
410 			if (ferror(to)) {
411 				snprintf(errbuf, errbufsz, "%s",
412 				    strerror(errno));
413 				(void)fclose(from);
414 				(void)fclose(to);
415 				return (0);
416 			}
417 			continue;
418 		}
419 		if (!(p = strchr(buf, ':'))) {
420 			snprintf(errbuf, errbufsz, "%s: corrupted entry", mpwd);
421 			(void)fclose(from);
422 			(void)fclose(to);
423 			return (0);
424 		}
425 		*p = '\0';
426 		if (strcmp(buf, pw->pw_name)) {
427 			*p = ':';
428 			(void)fprintf(to, "%s", buf);
429 			if (ferror(to)) {
430 				snprintf(errbuf, errbufsz, "%s",
431 				    strerror(errno));
432 				(void)fclose(from);
433 				(void)fclose(to);
434 				return (0);
435 			}
436 			continue;
437 		}
438 		*p = ':';
439 		if (old_pw && (neq = pw_equal(buf, old_pw)) != NULL) {
440 			if (strcmp(neq, "corrupt line") == 0)
441 				(void)snprintf(errbuf, errbufsz,
442 				    "%s: entry %s corrupted", mpwd,
443 				    pw->pw_name);
444 			else
445 				(void)snprintf(errbuf, errbufsz,
446 				    "%s: entry %s inconsistent %s",
447 				    mpwd, pw->pw_name, neq);
448 			(void)fclose(from);
449 			(void)fclose(to);
450 			return (0);
451 		}
452 		pw_print(to, pw);
453 		done = 1;
454 		if (ferror(to)) {
455 			snprintf(errbuf, errbufsz, "%s", strerror(errno));
456 			(void)fclose(from);
457 			(void)fclose(to);
458 			return (0);
459 		}
460 	}
461 	/* Only append a new entry if real uid is root! */
462 	if (!done) {
463 		if (getuid() == 0) {
464 			pw_print(to, pw);
465 			done = 1;
466 		} else {
467 			snprintf(errbuf, errbufsz,
468 			    "%s: changes not made, no such entry", mpwd);
469 		}
470 	}
471 
472 	if (ferror(to)) {
473 		snprintf(errbuf, errbufsz, "%s", strerror(errno));
474 		(void)fclose(from);
475 		(void)fclose(to);
476 		return (0);
477 	}
478 	(void)fclose(from);
479 	(void)fclose(to);
480 
481 	return (done);
482 }
483 
484 void
485 pw_error(const char *name, int error, int eval)
486 {
487 
488 	if (error) {
489 		if (name)
490 			warn("%s", name);
491 		else
492 			warn(NULL);
493 	}
494 
495 	warnx("%s%s: unchanged", pw_prefix, _PATH_MASTERPASSWD);
496 	pw_abort();
497 	exit(eval);
498 }
499 
500 /* Removes head and/or tail spaces. */
501 static void
502 trim_whitespace(char *line)
503 {
504 	char *p;
505 
506 	_DIAGASSERT(line != NULL);
507 
508 	/* Remove leading spaces */
509 	p = line;
510 	while (isspace((unsigned char) *p))
511 		p++;
512 	memmove(line, p, strlen(p) + 1);
513 
514 	/* Remove trailing spaces */
515 	p = line + strlen(line) - 1;
516 	while (isspace((unsigned char) *p))
517 		p--;
518 	*(p + 1) = '\0';
519 }
520 
521 
522 /* Get one line, remove spaces from front and tail */
523 static int
524 read_line(FILE *fp, char *line, int max)
525 {
526 	char   *p;
527 
528 	_DIAGASSERT(fp != NULL);
529 	_DIAGASSERT(line != NULL);
530 
531 	/* Read one line of config */
532 	if (fgets(line, max, fp) == NULL)
533 		return (0);
534 
535 	if ((p = strchr(line, '\n')) == NULL) {
536 		warnx("line too long");
537 		return (0);
538 	}
539 	*p = '\0';
540 
541 	/* Remove comments */
542 	if ((p = strchr(line, '#')) != NULL)
543 		*p = '\0';
544 
545 	trim_whitespace(line);
546 	return (1);
547 }
548 
549 static const char *
550 pw_default(const char *option)
551 {
552 	static const char *options[][2] = {
553 		{ "localcipher",	"old" },
554 		{ "ypcipher",		"old" },
555 	};
556 	size_t i;
557 
558 	_DIAGASSERT(option != NULL);
559 	for (i = 0; i < sizeof(options) / sizeof(options[0]); i++)
560 		if (strcmp(options[i][0], option) == 0)
561 			return (options[i][1]);
562 
563 	return (NULL);
564 }
565 
566 /*
567  * Retrieve password information from the /etc/passwd.conf file, at the
568  * moment this is only for choosing the cipher to use.  It could easily be
569  * used for other authentication methods as well.
570  */
571 void
572 pw_getconf(char *data, size_t max, const char *key, const char *option)
573 {
574 	FILE *fp;
575 	char line[LINE_MAX], *p, *p2;
576 	static char result[LINE_MAX];
577 	int got, found;
578 	const char *cp;
579 
580 	_DIAGASSERT(data != NULL);
581 	_DIAGASSERT(key != NULL);
582 	_DIAGASSERT(option != NULL);
583 
584 	got = 0;
585 	found = 0;
586 	result[0] = '\0';
587 
588 	if ((fp = fopen(_PATH_PASSWD_CONF, "r")) == NULL) {
589 		if ((cp = pw_default(option)) != NULL)
590 			strlcpy(data, cp, max);
591 		else
592 			data[0] = '\0';
593 		return;
594 	}
595 
596 	while (!found && (got || read_line(fp, line, LINE_MAX))) {
597 		got = 0;
598 
599 		if (strncmp(key, line, strlen(key)) != 0 ||
600 		    line[strlen(key)] != ':')
601 			continue;
602 
603 		/* Now we found our specified key */
604 		while (read_line(fp, line, LINE_MAX)) {
605 			/* Leaving key field */
606 			if (line[0] != '\0' && strchr(line + 1, ':') != NULL) {
607 				got = 1;
608 				break;
609 			}
610 			p2 = line;
611 			if ((p = strsep(&p2, "=")) == NULL || p2 == NULL)
612 				continue;
613 			trim_whitespace(p);
614 
615 			if (!strncmp(p, option, strlen(option))) {
616 				trim_whitespace(p2);
617 				strcpy(result, p2);
618 				found = 1;
619 				break;
620 			}
621 		}
622 	}
623 	fclose(fp);
624 
625 	if (!found)
626 		errno = ENOENT;
627 	if (!got)
628 		errno = ENOTDIR;
629 
630 	/*
631 	 * If we got no result and were looking for a default
632 	 * value, try hard coded defaults.
633 	 */
634 
635 	if (strlen(result) == 0 && strcmp(key, "default") == 0 &&
636 	    (cp = pw_default(option)) != NULL)
637 		strlcpy(data, cp, max);
638 	else
639 		strlcpy(data, result, max);
640 }
641 
642 void
643 pw_getpwconf(char *data, size_t max, const struct passwd *pwd,
644     const char *option)
645 {
646 	char grpkey[LINE_MAX];
647 	struct group grs, *grp;
648 	char grbuf[1024];
649 
650 	pw_getconf(data, max, pwd->pw_name, option);
651 
652 	/* Try to find an entry for the group */
653 	if (*data == '\0') {
654 		(void)getgrgid_r(pwd->pw_gid, &grs, grbuf, sizeof(grbuf), &grp);
655 		if (grp != NULL) {
656 			(void)snprintf(grpkey, sizeof(grpkey), ":%s",
657 			    grp->gr_name);
658 			pw_getconf(data, max, grpkey, option);
659 		}
660 		if (*data == '\0')
661 		        pw_getconf(data, max, "default", option);
662 	}
663 }
664