[3320] | 1 | /* vi: set sw=4 ts=4: */
|
---|
| 2 | /*
|
---|
| 3 | * update_passwd
|
---|
| 4 | *
|
---|
| 5 | * update_passwd is a common function for passwd and chpasswd applets;
|
---|
| 6 | * it is responsible for updating password file (i.e. /etc/passwd or
|
---|
| 7 | * /etc/shadow) for a given user and password.
|
---|
| 8 | *
|
---|
| 9 | * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
|
---|
| 10 | *
|
---|
| 11 | * Modified to be able to add or delete users, groups and users to/from groups
|
---|
| 12 | * by Tito Ragusa <farmatito@tiscali.it>
|
---|
| 13 | *
|
---|
| 14 | * Licensed under GPLv2, see file LICENSE in this source tree.
|
---|
| 15 | */
|
---|
| 16 | #include "libbb.h"
|
---|
| 17 |
|
---|
| 18 | #if ENABLE_SELINUX
|
---|
| 19 | static void check_selinux_update_passwd(const char *username)
|
---|
| 20 | {
|
---|
| 21 | security_context_t context;
|
---|
| 22 | char *seuser;
|
---|
| 23 |
|
---|
| 24 | if (getuid() != (uid_t)0 || is_selinux_enabled() == 0)
|
---|
| 25 | return; /* No need to check */
|
---|
| 26 |
|
---|
| 27 | if (getprevcon_raw(&context) < 0)
|
---|
| 28 | bb_perror_msg_and_die("getprevcon failed");
|
---|
| 29 | seuser = strtok(context, ":");
|
---|
| 30 | if (!seuser)
|
---|
| 31 | bb_error_msg_and_die("invalid context '%s'", context);
|
---|
| 32 | if (strcmp(seuser, username) != 0) {
|
---|
| 33 | if (checkPasswdAccess(PASSWD__PASSWD) != 0)
|
---|
| 34 | bb_error_msg_and_die("SELinux: access denied");
|
---|
| 35 | }
|
---|
| 36 | if (ENABLE_FEATURE_CLEAN_UP)
|
---|
| 37 | freecon(context);
|
---|
| 38 | }
|
---|
| 39 | #else
|
---|
| 40 | # define check_selinux_update_passwd(username) ((void)0)
|
---|
| 41 | #endif
|
---|
| 42 |
|
---|
| 43 | /*
|
---|
| 44 | 1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL)
|
---|
| 45 | only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser
|
---|
| 46 |
|
---|
| 47 | 2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL)
|
---|
| 48 | only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup
|
---|
| 49 |
|
---|
| 50 | 3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER)
|
---|
| 51 | only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a'
|
---|
| 52 | like in addgroup and member != NULL
|
---|
| 53 |
|
---|
| 54 | 4) delete a user: update_passwd(FILE, USER, NULL, NULL)
|
---|
| 55 |
|
---|
| 56 | 5) delete a group: update_passwd(FILE, GROUP, NULL, NULL)
|
---|
| 57 |
|
---|
| 58 | 6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER)
|
---|
| 59 | only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL
|
---|
| 60 |
|
---|
| 61 | 7) change user's password: update_passwd(FILE, USER, NEW_PASSWD, NULL)
|
---|
| 62 | only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd
|
---|
| 63 | or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd
|
---|
| 64 |
|
---|
| 65 | This function does not validate the arguments fed to it
|
---|
| 66 | so the calling program should take care of that.
|
---|
| 67 |
|
---|
| 68 | Returns number of lines changed, or -1 on error.
|
---|
| 69 | */
|
---|
| 70 | int FAST_FUNC update_passwd(const char *filename,
|
---|
| 71 | const char *name,
|
---|
| 72 | const char *new_passwd,
|
---|
| 73 | const char *member)
|
---|
| 74 | {
|
---|
| 75 | #if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP)
|
---|
| 76 | #define member NULL
|
---|
| 77 | #endif
|
---|
| 78 | struct stat sb;
|
---|
| 79 | struct flock lock;
|
---|
| 80 | FILE *old_fp;
|
---|
| 81 | FILE *new_fp;
|
---|
| 82 | char *fnamesfx;
|
---|
| 83 | char *sfx_char;
|
---|
| 84 | char *name_colon;
|
---|
| 85 | unsigned user_len;
|
---|
| 86 | int old_fd;
|
---|
| 87 | int new_fd;
|
---|
| 88 | int i;
|
---|
| 89 | int changed_lines;
|
---|
| 90 | int ret = -1; /* failure */
|
---|
| 91 | /* used as a bool: "are we modifying /etc/shadow?" */
|
---|
| 92 | #if ENABLE_FEATURE_SHADOWPASSWDS
|
---|
| 93 | const char *shadow = strstr(filename, "shadow");
|
---|
| 94 | #else
|
---|
| 95 | # define shadow NULL
|
---|
| 96 | #endif
|
---|
| 97 |
|
---|
| 98 | filename = xmalloc_follow_symlinks(filename);
|
---|
| 99 | if (filename == NULL)
|
---|
| 100 | return ret;
|
---|
| 101 |
|
---|
| 102 | check_selinux_update_passwd(name);
|
---|
| 103 |
|
---|
| 104 | /* New passwd file, "/etc/passwd+" for now */
|
---|
| 105 | fnamesfx = xasprintf("%s+", filename);
|
---|
| 106 | sfx_char = &fnamesfx[strlen(fnamesfx)-1];
|
---|
| 107 | name_colon = xasprintf("%s:", name);
|
---|
| 108 | user_len = strlen(name_colon);
|
---|
| 109 |
|
---|
| 110 | if (shadow)
|
---|
| 111 | old_fp = fopen(filename, "r+");
|
---|
| 112 | else
|
---|
| 113 | old_fp = fopen_or_warn(filename, "r+");
|
---|
| 114 | if (!old_fp) {
|
---|
| 115 | if (shadow)
|
---|
| 116 | ret = 0; /* missing shadow is not an error */
|
---|
| 117 | goto free_mem;
|
---|
| 118 | }
|
---|
| 119 | old_fd = fileno(old_fp);
|
---|
| 120 |
|
---|
| 121 | selinux_preserve_fcontext(old_fd);
|
---|
| 122 |
|
---|
| 123 | /* Try to create "/etc/passwd+". Wait if it exists. */
|
---|
| 124 | i = 30;
|
---|
| 125 | do {
|
---|
| 126 | // FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
|
---|
| 127 | new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600);
|
---|
| 128 | if (new_fd >= 0) goto created;
|
---|
| 129 | if (errno != EEXIST) break;
|
---|
| 130 | usleep(100000); /* 0.1 sec */
|
---|
| 131 | } while (--i);
|
---|
| 132 | bb_perror_msg("can't create '%s'", fnamesfx);
|
---|
| 133 | goto close_old_fp;
|
---|
| 134 |
|
---|
| 135 | created:
|
---|
| 136 | if (fstat(old_fd, &sb) == 0) {
|
---|
| 137 | fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
|
---|
| 138 | fchown(new_fd, sb.st_uid, sb.st_gid);
|
---|
| 139 | }
|
---|
| 140 | errno = 0;
|
---|
| 141 | new_fp = xfdopen_for_write(new_fd);
|
---|
| 142 |
|
---|
| 143 | /* Backup file is "/etc/passwd-" */
|
---|
| 144 | *sfx_char = '-';
|
---|
| 145 | /* Delete old backup */
|
---|
| 146 | i = (unlink(fnamesfx) && errno != ENOENT);
|
---|
| 147 | /* Create backup as a hardlink to current */
|
---|
| 148 | if (i || link(filename, fnamesfx))
|
---|
| 149 | bb_perror_msg("warning: can't create backup copy '%s'",
|
---|
| 150 | fnamesfx);
|
---|
| 151 | *sfx_char = '+';
|
---|
| 152 |
|
---|
| 153 | /* Lock the password file before updating */
|
---|
| 154 | lock.l_type = F_WRLCK;
|
---|
| 155 | lock.l_whence = SEEK_SET;
|
---|
| 156 | lock.l_start = 0;
|
---|
| 157 | lock.l_len = 0;
|
---|
| 158 | if (fcntl(old_fd, F_SETLK, &lock) < 0)
|
---|
| 159 | bb_perror_msg("warning: can't lock '%s'", filename);
|
---|
| 160 | lock.l_type = F_UNLCK;
|
---|
| 161 |
|
---|
| 162 | /* Read current password file, write updated /etc/passwd+ */
|
---|
| 163 | changed_lines = 0;
|
---|
| 164 | while (1) {
|
---|
| 165 | char *cp, *line;
|
---|
| 166 |
|
---|
| 167 | line = xmalloc_fgetline(old_fp);
|
---|
| 168 | if (!line) /* EOF/error */
|
---|
| 169 | break;
|
---|
| 170 | if (strncmp(name_colon, line, user_len) != 0) {
|
---|
| 171 | fprintf(new_fp, "%s\n", line);
|
---|
| 172 | goto next;
|
---|
| 173 | }
|
---|
| 174 |
|
---|
| 175 | /* We have a match with "name:"... */
|
---|
| 176 | cp = line + user_len; /* move past name: */
|
---|
| 177 |
|
---|
| 178 | #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
|
---|
| 179 | if (member) {
|
---|
| 180 | /* It's actually /etc/group+, not /etc/passwd+ */
|
---|
| 181 | if (ENABLE_FEATURE_ADDUSER_TO_GROUP
|
---|
| 182 | && applet_name[0] == 'a'
|
---|
| 183 | ) {
|
---|
| 184 | /* Add user to group */
|
---|
| 185 | fprintf(new_fp, "%s%s%s\n", line,
|
---|
| 186 | last_char_is(line, ':') ? "" : ",",
|
---|
| 187 | member);
|
---|
| 188 | changed_lines++;
|
---|
| 189 | } else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP
|
---|
| 190 | /* && applet_name[0] == 'd' */
|
---|
| 191 | ) {
|
---|
| 192 | /* Delete user from group */
|
---|
| 193 | char *tmp;
|
---|
| 194 | const char *fmt = "%s";
|
---|
| 195 |
|
---|
| 196 | /* find the start of the member list: last ':' */
|
---|
| 197 | cp = strrchr(line, ':');
|
---|
| 198 | /* cut it */
|
---|
| 199 | *cp++ = '\0';
|
---|
| 200 | /* write the cut line name:passwd:gid:
|
---|
| 201 | * or name:!:: */
|
---|
| 202 | fprintf(new_fp, "%s:", line);
|
---|
| 203 | /* parse the tokens of the member list */
|
---|
| 204 | tmp = cp;
|
---|
| 205 | while ((cp = strsep(&tmp, ",")) != NULL) {
|
---|
| 206 | if (strcmp(member, cp) != 0) {
|
---|
| 207 | fprintf(new_fp, fmt, cp);
|
---|
| 208 | fmt = ",%s";
|
---|
| 209 | } else {
|
---|
| 210 | /* found member, skip it */
|
---|
| 211 | changed_lines++;
|
---|
| 212 | }
|
---|
| 213 | }
|
---|
| 214 | fprintf(new_fp, "\n");
|
---|
| 215 | }
|
---|
| 216 | } else
|
---|
| 217 | #endif
|
---|
| 218 | if ((ENABLE_PASSWD && applet_name[0] == 'p')
|
---|
| 219 | || (ENABLE_CHPASSWD && applet_name[0] == 'c')
|
---|
| 220 | ) {
|
---|
| 221 | /* Change passwd */
|
---|
| 222 | cp = strchrnul(cp, ':'); /* move past old passwd */
|
---|
| 223 |
|
---|
| 224 | if (shadow && *cp == ':') {
|
---|
| 225 | /* /etc/shadow's field 3 (passwd change date) needs updating */
|
---|
| 226 | /* move past old change date */
|
---|
| 227 | cp = strchrnul(cp + 1, ':');
|
---|
| 228 | /* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */
|
---|
| 229 | fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd,
|
---|
| 230 | (unsigned)(time(NULL)) / (24*60*60), cp);
|
---|
| 231 | } else {
|
---|
| 232 | /* "name:" + "new_passwd" + ":rest of line" */
|
---|
| 233 | fprintf(new_fp, "%s%s%s\n", name_colon, new_passwd, cp);
|
---|
| 234 | }
|
---|
| 235 | changed_lines++;
|
---|
| 236 | } /* else delete user or group: skip the line */
|
---|
| 237 | next:
|
---|
| 238 | free(line);
|
---|
| 239 | }
|
---|
| 240 |
|
---|
| 241 | if (changed_lines == 0) {
|
---|
| 242 | #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
|
---|
| 243 | if (member) {
|
---|
| 244 | if (ENABLE_ADDGROUP && applet_name[0] == 'a')
|
---|
| 245 | bb_error_msg("can't find %s in %s", name, filename);
|
---|
| 246 | if (ENABLE_DELGROUP && applet_name[0] == 'd')
|
---|
| 247 | bb_error_msg("can't find %s in %s", member, filename);
|
---|
| 248 | }
|
---|
| 249 | #endif
|
---|
| 250 | if ((ENABLE_ADDUSER || ENABLE_ADDGROUP)
|
---|
| 251 | && applet_name[0] == 'a' && !member
|
---|
| 252 | ) {
|
---|
| 253 | /* add user or group */
|
---|
| 254 | fprintf(new_fp, "%s%s\n", name_colon, new_passwd);
|
---|
| 255 | changed_lines++;
|
---|
| 256 | }
|
---|
| 257 | }
|
---|
| 258 |
|
---|
| 259 | fcntl(old_fd, F_SETLK, &lock);
|
---|
| 260 |
|
---|
| 261 | /* We do want all of them to execute, thus | instead of || */
|
---|
| 262 | errno = 0;
|
---|
| 263 | if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
|
---|
| 264 | || rename(fnamesfx, filename)
|
---|
| 265 | ) {
|
---|
| 266 | /* At least one of those failed */
|
---|
| 267 | bb_perror_nomsg();
|
---|
| 268 | goto unlink_new;
|
---|
| 269 | }
|
---|
| 270 | /* Success: ret >= 0 */
|
---|
| 271 | ret = changed_lines;
|
---|
| 272 |
|
---|
| 273 | unlink_new:
|
---|
| 274 | if (ret < 0)
|
---|
| 275 | unlink(fnamesfx);
|
---|
| 276 |
|
---|
| 277 | close_old_fp:
|
---|
| 278 | fclose(old_fp);
|
---|
| 279 |
|
---|
| 280 | free_mem:
|
---|
| 281 | free(fnamesfx);
|
---|
| 282 | free((char *)filename);
|
---|
| 283 | free(name_colon);
|
---|
| 284 | return ret;
|
---|
| 285 | }
|
---|