platform/external/busybox.git - Unnamed repository; edit this file 'description' to name the repository.

1 /* vi: set sw=4 ts=4: */
2 /*
3  * update_passwd
4  *
5  * update_passwd is a common function for passwd and chpasswd applets;
6  * it is responsible for updating password file (i.e. /etc/passwd or
7  * /etc/shadow) for a given user and password.
8  *
9  * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
10  *
11  * Modified to be able to add or delete users, groups and users to/from groups
12  * by Tito Ragusa <farmatito@tiscali.it>
13  *
14  * Licensed under GPLv2, see file LICENSE in this source tree.
15  */
16 #include "libbb.h"
17
18 #if ENABLE_SELINUX
19 static void check_selinux_update_passwd(const char *username)
20 {
21 	security_context_t context;
22 	char *seuser;
23
24 	if (getuid() != (uid_t)0 || is_selinux_enabled() == 0)
25 		return;  /* No need to check */
26
27 	if (getprevcon_raw(&context) < 0)
28 		bb_perror_msg_and_die("getprevcon failed");
29 	seuser = strtok(context, ":");
30 	if (!seuser)
31 		bb_error_msg_and_die("invalid context '%s'", context);
32 	if (strcmp(seuser, username) != 0) {
33 		security_class_t tclass;
34 		access_vector_t av;
35
36 		tclass = string_to_security_class("passwd");
37 		if (tclass == 0)
38 			goto die;
39 		av = string_to_av_perm(tclass, "passwd");
40 		if (av == 0)
41 			goto die;
42
43 		if (selinux_check_passwd_access(av) != 0)
44  die:
45 			bb_error_msg_and_die("SELinux: access denied");
46 	}
47 	if (ENABLE_FEATURE_CLEAN_UP)
48 		freecon(context);
49 }
50 #else
51 # define check_selinux_update_passwd(username) ((void)0)
52 #endif
53
54 /*
55  1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL)
56     only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser
57
58  2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL)
59     only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup
60
61  3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER)
62     only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a'
63     like in addgroup and member != NULL
64
65  4) delete a user: update_passwd(FILE, USER, NULL, NULL)
66
67  5) delete a group: update_passwd(FILE, GROUP, NULL, NULL)
68
69  6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER)
70     only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL
71
72  7) change user's password: update_passwd(FILE, USER, NEW_PASSWD, NULL)
73     only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd
74     or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd
75
76  8) delete a user from all groups: update_passwd(FILE, NULL, NULL, MEMBER)
77
78  This function does not validate the arguments fed to it
79  so the calling program should take care of that.
80
81  Returns number of lines changed, or -1 on error.
82 */
83 int FAST_FUNC update_passwd(const char *filename,
84 		const char *name,
85 		const char *new_passwd,
86 		const char *member)
87 {
88 #if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP)
89 #define member NULL
90 #endif
91 	struct stat sb;
92 	struct flock lock;
93 	FILE *old_fp;
94 	FILE *new_fp;
95 	char *fnamesfx;
96 	char *sfx_char;
97 	char *name_colon;
98 	int old_fd;
99 	int new_fd;
100 	int i;
101 	int changed_lines;
102 	int ret = -1; /* failure */
103 	/* used as a bool: "are we modifying /etc/shadow?" */
104 #if ENABLE_FEATURE_SHADOWPASSWDS
105 	const char *shadow = strstr(filename, "shadow");
106 #else
107 # define shadow NULL
108 #endif
109
110 	filename = xmalloc_follow_symlinks(filename);
111 	if (filename == NULL)
112 		return ret;
113
114 	if (name)
115 		check_selinux_update_passwd(name);
116
117 	/* New passwd file, "/etc/passwd+" for now */
118 	fnamesfx = xasprintf("%s+", filename);
119 	sfx_char = &fnamesfx[strlen(fnamesfx)-1];
120 	name_colon = xasprintf("%s:", name ? name : "");
121
122 	if (shadow)
123 		old_fp = fopen(filename, "r+");
124 	else
125 		old_fp = fopen_or_warn(filename, "r+");
126 	if (!old_fp) {
127 		if (shadow)
128 			ret = 0; /* missing shadow is not an error */
129 		goto free_mem;
130 	}
131 	old_fd = fileno(old_fp);
132
133 	selinux_preserve_fcontext(old_fd);
134
135 	/* Try to create "/etc/passwd+". Wait if it exists. */
136 	i = 30;
137 	do {
138 		// FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
139 		new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600);
140 		if (new_fd >= 0) goto created;
141 		if (errno != EEXIST) break;
142 		usleep(100000); /* 0.1 sec */
143 	} while (--i);
144 	bb_perror_msg("can't create '%s'", fnamesfx);
145 	goto close_old_fp;
146
147  created:
148 	if (fstat(old_fd, &sb) == 0) {
149 		fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
150 		fchown(new_fd, sb.st_uid, sb.st_gid);
151 	}
152 	errno = 0;
153 	new_fp = xfdopen_for_write(new_fd);
154
155 	/* Backup file is "/etc/passwd-" */
156 	*sfx_char = '-';
157 	/* Delete old backup */
158 	i = (unlink(fnamesfx) && errno != ENOENT);
159 	/* Create backup as a hardlink to current */
160 	if (i || link(filename, fnamesfx))
161 		bb_perror_msg("warning: can't create backup copy '%s'",
162 				fnamesfx);
163 	*sfx_char = '+';
164
165 	/* Lock the password file before updating */
166 	lock.l_type = F_WRLCK;
167 	lock.l_whence = SEEK_SET;
168 	lock.l_start = 0;
169 	lock.l_len = 0;
170 	if (fcntl(old_fd, F_SETLK, &lock) < 0)
171 		bb_perror_msg("warning: can't lock '%s'", filename);
172 	lock.l_type = F_UNLCK;
173
174 	/* Read current password file, write updated /etc/passwd+ */
175 	changed_lines = 0;
176 	while (1) {
177 		char *cp, *line;
178
179 		line = xmalloc_fgetline(old_fp);
180 		if (!line) /* EOF/error */
181 			break;
182
183 #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
184 		if (!name && member) {
185 			/* Delete member from all groups */
186 			/* line is "GROUP:PASSWD:[member1[,member2]...]" */
187 			unsigned member_len = strlen(member);
188 			char *list = strrchr(line, ':');
189 			while (list) {
190 				list++;
191  next_list_element:
192 				if (is_prefixed_with(list, member)) {
193 					char c;
194 					changed_lines++;
195 					c = list[member_len];
196 					if (c == '\0') {
197 						if (list[-1] == ',')
198 							list--;
199 						*list = '\0';
200 						break;
201 					}
202 					if (c == ',') {
203 						overlapping_strcpy(list, list + member_len + 1);
204 						goto next_list_element;
205 					}
206 					changed_lines--;
207 				}
208 				list = strchr(list, ',');
209 			}
210 			fprintf(new_fp, "%s\n", line);
211 			goto next;
212 		}
213 #endif
214
215 		cp = is_prefixed_with(line, name_colon);
216 		if (!cp) {
217 			fprintf(new_fp, "%s\n", line);
218 			goto next;
219 		}
220
221 		/* We have a match with "name:"... */
222 		/* cp points past "name:" */
223
224 #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
225 		if (member) {
226 			/* It's actually /etc/group+, not /etc/passwd+ */
227 			if (ENABLE_FEATURE_ADDUSER_TO_GROUP
228 			 && applet_name[0] == 'a'
229 			) {
230 				/* Add user to group */
231 				fprintf(new_fp, "%s%s%s\n", line,
232 					last_char_is(line, ':') ? "" : ",",
233 					member);
234 				changed_lines++;
235 			} else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP
236 			/* && applet_name[0] == 'd' */
237 			) {
238 				/* Delete user from group */
239 				char *tmp;
240 				const char *fmt = "%s";
241
242 				/* find the start of the member list: last ':' */
243 				cp = strrchr(line, ':');
244 				/* cut it */
245 				*cp++ = '\0';
246 				/* write the cut line name:passwd:gid:
247 				 * or name:!:: */
248 				fprintf(new_fp, "%s:", line);
249 				/* parse the tokens of the member list */
250 				tmp = cp;
251 				while ((cp = strsep(&tmp, ",")) != NULL) {
252 					if (strcmp(member, cp) != 0) {
253 						fprintf(new_fp, fmt, cp);
254 						fmt = ",%s";
255 					} else {
256 						/* found member, skip it */
257 						changed_lines++;
258 					}
259 				}
260 				fprintf(new_fp, "\n");
261 			}
262 		} else
263 #endif
264 		if ((ENABLE_PASSWD && applet_name[0] == 'p')
265 		 || (ENABLE_CHPASSWD && applet_name[0] == 'c')
266 		) {
267 			/* Change passwd */
268 			cp = strchrnul(cp, ':'); /* move past old passwd */
269
270 			if (shadow && *cp == ':') {
271 				/* /etc/shadow's field 3 (passwd change date) needs updating */
272 				/* move past old change date */
273 				cp = strchrnul(cp + 1, ':');
274 				/* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */
275 				fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd,
276 					(unsigned)(time(NULL)) / (24*60*60), cp);
277 			} else {
278 				/* "name:" + "new_passwd" + ":rest of line" */
279 				fprintf(new_fp, "%s%s%s\n", name_colon, new_passwd, cp);
280 			}
281 			changed_lines++;
282 		} /* else delete user or group: skip the line */
283  next:
284 		free(line);
285 	}
286
287 	if (changed_lines == 0) {
288 #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
289 		if (member) {
290 			if (ENABLE_ADDGROUP && applet_name[0] == 'a')
291 				bb_error_msg("can't find %s in %s", name, filename);
292 			if (ENABLE_DELGROUP && applet_name[0] == 'd')
293 				bb_error_msg("can't find %s in %s", member, filename);
294 		}
295 #endif
296 		if ((ENABLE_ADDUSER || ENABLE_ADDGROUP)
297 		 && applet_name[0] == 'a' && !member
298 		) {
299 			/* add user or group */
300 			fprintf(new_fp, "%s%s\n", name_colon, new_passwd);
301 			changed_lines++;
302 		}
303 	}
304
305 	fcntl(old_fd, F_SETLK, &lock);
306
307 	/* We do want all of them to execute, thus | instead of || */
308 	errno = 0;
309 	if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
310 	 || rename(fnamesfx, filename)
311 	) {
312 		/* At least one of those failed */
313 		bb_perror_nomsg();
314 		goto unlink_new;
315 	}
316 	/* Success: ret >= 0 */
317 	ret = changed_lines;
318
319  unlink_new:
320 	if (ret < 0)
321 		unlink(fnamesfx);
322
323  close_old_fp:
324 	fclose(old_fp);
325
326  free_mem:
327 	free(fnamesfx);
328 	free((char *)filename);
329 	free(name_colon);
330 	return ret;
331 }
332
1	/* vi: set sw=4 ts=4: */
2	/*
3	* update_passwd
4	*
5	* update_passwd is a common function for passwd and chpasswd applets;
6	* it is responsible for updating password file (i.e. /etc/passwd or
7	* /etc/shadow) for a given user and password.
8	*
9	* Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
10	*
11	* Modified to be able to add or delete users, groups and users to/from groups
12	* by Tito Ragusa <farmatito@tiscali.it>
13	*
14	* Licensed under GPLv2, see file LICENSE in this source tree.
15	*/
16	#include "libbb.h"
17
18	#if ENABLE_SELINUX
19	static void check_selinux_update_passwd(const char *username)
20	{
21	security_context_t context;
22	char *seuser;
23
24	if (getuid() != (uid_t)0 \|\| is_selinux_enabled() == 0)
25	return; /* No need to check */
26
27	if (getprevcon_raw(&context) < 0)
28	bb_perror_msg_and_die("getprevcon failed");
29	seuser = strtok(context, ":");
30	if (!seuser)
31	bb_error_msg_and_die("invalid context '%s'", context);
32	if (strcmp(seuser, username) != 0) {
33	security_class_t tclass;
34	access_vector_t av;
35
36	tclass = string_to_security_class("passwd");
37	if (tclass == 0)
38	goto die;
39	av = string_to_av_perm(tclass, "passwd");
40	if (av == 0)
41	goto die;
42
43	if (selinux_check_passwd_access(av) != 0)
44	die:
45	bb_error_msg_and_die("SELinux: access denied");
46	}
47	if (ENABLE_FEATURE_CLEAN_UP)
48	freecon(context);
49	}
50	#else
51	# define check_selinux_update_passwd(username) ((void)0)
52	#endif
53
54	/*
55	1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL)
56	only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser
57
58	2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL)
59	only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup
60
61	3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER)
62	only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a'
63	like in addgroup and member != NULL
64
65	4) delete a user: update_passwd(FILE, USER, NULL, NULL)
66
67	5) delete a group: update_passwd(FILE, GROUP, NULL, NULL)
68
69	6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER)
70	only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL
71
72	7) change user's password: update_passwd(FILE, USER, NEW_PASSWD, NULL)
73	only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd
74	or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd
75
76	8) delete a user from all groups: update_passwd(FILE, NULL, NULL, MEMBER)
77
78	This function does not validate the arguments fed to it
79	so the calling program should take care of that.
80
81	Returns number of lines changed, or -1 on error.
82	*/
83	int FAST_FUNC update_passwd(const char *filename,
84	const char *name,
85	const char *new_passwd,
86	const char *member)
87	{
88	#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP \|\| ENABLE_FEATURE_DEL_USER_FROM_GROUP)
89	#define member NULL
90	#endif
91	struct stat sb;
92	struct flock lock;
93	FILE *old_fp;
94	FILE *new_fp;
95	char *fnamesfx;
96	char *sfx_char;
97	char *name_colon;
98	int old_fd;
99	int new_fd;
100	int i;
101	int changed_lines;
102	int ret = -1; /* failure */
103	/* used as a bool: "are we modifying /etc/shadow?" */
104	#if ENABLE_FEATURE_SHADOWPASSWDS
105	const char *shadow = strstr(filename, "shadow");
106	#else
107	# define shadow NULL
108	#endif
109
110	filename = xmalloc_follow_symlinks(filename);
111	if (filename == NULL)
112	return ret;
113
114	if (name)
115	check_selinux_update_passwd(name);
116
117	/* New passwd file, "/etc/passwd+" for now */
118	fnamesfx = xasprintf("%s+", filename);
119	sfx_char = &fnamesfx[strlen(fnamesfx)-1];
120	name_colon = xasprintf("%s:", name ? name : "");
121
122	if (shadow)
123	old_fp = fopen(filename, "r+");
124	else
125	old_fp = fopen_or_warn(filename, "r+");
126	if (!old_fp) {
127	if (shadow)
128	ret = 0; /* missing shadow is not an error */
129	goto free_mem;
130	}
131	old_fd = fileno(old_fp);
132
133	selinux_preserve_fcontext(old_fd);
134
135	/* Try to create "/etc/passwd+". Wait if it exists. */
136	i = 30;
137	do {
138	// FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
139	new_fd = open(fnamesfx, O_WRONLY\|O_CREAT\|O_EXCL, 0600);
140	if (new_fd >= 0) goto created;
141	if (errno != EEXIST) break;
142	usleep(100000); /* 0.1 sec */
143	} while (--i);
144	bb_perror_msg("can't create '%s'", fnamesfx);
145	goto close_old_fp;
146
147	created:
148	if (fstat(old_fd, &sb) == 0) {
149	fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
150	fchown(new_fd, sb.st_uid, sb.st_gid);
151	}
152	errno = 0;
153	new_fp = xfdopen_for_write(new_fd);
154
155	/* Backup file is "/etc/passwd-" */
156	*sfx_char = '-';
157	/* Delete old backup */
158	i = (unlink(fnamesfx) && errno != ENOENT);
159	/* Create backup as a hardlink to current */
160	if (i \|\| link(filename, fnamesfx))
161	bb_perror_msg("warning: can't create backup copy '%s'",
162	fnamesfx);
163	*sfx_char = '+';
164
165	/* Lock the password file before updating */
166	lock.l_type = F_WRLCK;
167	lock.l_whence = SEEK_SET;
168	lock.l_start = 0;
169	lock.l_len = 0;
170	if (fcntl(old_fd, F_SETLK, &lock) < 0)
171	bb_perror_msg("warning: can't lock '%s'", filename);
172	lock.l_type = F_UNLCK;
173
174	/* Read current password file, write updated /etc/passwd+ */
175	changed_lines = 0;
176	while (1) {
177	char cp, line;
178
179	line = xmalloc_fgetline(old_fp);
180	if (!line) /* EOF/error */
181	break;
182
183	#if ENABLE_FEATURE_ADDUSER_TO_GROUP \|\| ENABLE_FEATURE_DEL_USER_FROM_GROUP
184	if (!name && member) {
185	/* Delete member from all groups */
186	/* line is "GROUP:PASSWD:[member1[,member2]...]" */
187	unsigned member_len = strlen(member);
188	char *list = strrchr(line, ':');
189	while (list) {
190	list++;
191	next_list_element:
192	if (is_prefixed_with(list, member)) {
193	char c;
194	changed_lines++;
195	c = list[member_len];
196	if (c == '\0') {
197	if (list[-1] == ',')
198	list--;
199	*list = '\0';
200	break;
201	}
202	if (c == ',') {
203	overlapping_strcpy(list, list + member_len + 1);
204	goto next_list_element;
205	}
206	changed_lines--;
207	}
208	list = strchr(list, ',');
209	}
210	fprintf(new_fp, "%s\n", line);
211	goto next;
212	}
213	#endif
214
215	cp = is_prefixed_with(line, name_colon);
216	if (!cp) {
217	fprintf(new_fp, "%s\n", line);
218	goto next;
219	}
220
221	/* We have a match with "name:"... */
222	/* cp points past "name:" */
223
224	#if ENABLE_FEATURE_ADDUSER_TO_GROUP \|\| ENABLE_FEATURE_DEL_USER_FROM_GROUP
225	if (member) {
226	/* It's actually /etc/group+, not /etc/passwd+ */
227	if (ENABLE_FEATURE_ADDUSER_TO_GROUP
228	&& applet_name[0] == 'a'
229	) {
230	/* Add user to group */
231	fprintf(new_fp, "%s%s%s\n", line,
232	last_char_is(line, ':') ? "" : ",",
233	member);
234	changed_lines++;
235	} else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP
236	/* && applet_name[0] == 'd' */
237	) {
238	/* Delete user from group */
239	char *tmp;
240	const char *fmt = "%s";
241
242	/* find the start of the member list: last ':' */
243	cp = strrchr(line, ':');
244	/* cut it */
245	*cp++ = '\0';
246	/* write the cut line name:passwd:gid:
247	* or name:!:: */
248	fprintf(new_fp, "%s:", line);
249	/* parse the tokens of the member list */
250	tmp = cp;
251	while ((cp = strsep(&tmp, ",")) != NULL) {
252	if (strcmp(member, cp) != 0) {
253	fprintf(new_fp, fmt, cp);
254	fmt = ",%s";
255	} else {
256	/* found member, skip it */
257	changed_lines++;
258	}
259	}
260	fprintf(new_fp, "\n");
261	}
262	} else
263	#endif
264	if ((ENABLE_PASSWD && applet_name[0] == 'p')
265	\|\| (ENABLE_CHPASSWD && applet_name[0] == 'c')
266	) {
267	/* Change passwd */
268	cp = strchrnul(cp, ':'); /* move past old passwd */
269
270	if (shadow && *cp == ':') {
271	/* /etc/shadow's field 3 (passwd change date) needs updating */
272	/* move past old change date */
273	cp = strchrnul(cp + 1, ':');
274	/* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */
275	fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd,
276	(unsigned)(time(NULL)) / (246060), cp);
277	} else {
278	/* "name:" + "new_passwd" + ":rest of line" */
279	fprintf(new_fp, "%s%s%s\n", name_colon, new_passwd, cp);
280	}
281	changed_lines++;
282	} /* else delete user or group: skip the line */
283	next:
284	free(line);
285	}
286
287	if (changed_lines == 0) {
288	#if ENABLE_FEATURE_ADDUSER_TO_GROUP \|\| ENABLE_FEATURE_DEL_USER_FROM_GROUP
289	if (member) {
290	if (ENABLE_ADDGROUP && applet_name[0] == 'a')
291	bb_error_msg("can't find %s in %s", name, filename);
292	if (ENABLE_DELGROUP && applet_name[0] == 'd')
293	bb_error_msg("can't find %s in %s", member, filename);
294	}
295	#endif
296	if ((ENABLE_ADDUSER \|\| ENABLE_ADDGROUP)
297	&& applet_name[0] == 'a' && !member
298	) {
299	/* add user or group */
300	fprintf(new_fp, "%s%s\n", name_colon, new_passwd);
301	changed_lines++;
302	}
303	}
304
305	fcntl(old_fd, F_SETLK, &lock);
306
307	/* We do want all of them to execute, thus \| instead of \|\| */
308	errno = 0;
309	if ((ferror(old_fp) \| fflush(new_fp) \| fsync(new_fd) \| fclose(new_fp))
310	\|\| rename(fnamesfx, filename)
311	) {
312	/* At least one of those failed */
313	bb_perror_nomsg();
314	goto unlink_new;
315	}
316	/* Success: ret >= 0 */
317	ret = changed_lines;
318
319	unlink_new:
320	if (ret < 0)
321	unlink(fnamesfx);
322
323	close_old_fp:
324	fclose(old_fp);
325
326	free_mem:
327	free(fnamesfx);
328	free((char *)filename);
329	free(name_colon);
330	return ret;
331	}
332