blob: 95423d19bafc114f44c5cb400578afd73538967e
1 | /* vi: set sw=4 ts=4: */ |
2 | /* |
3 | * update_passwd |
4 | * |
5 | * update_passwd is a common function for passwd and chpasswd applets; |
6 | * it is responsible for updating password file (i.e. /etc/passwd or |
7 | * /etc/shadow) for a given user and password. |
8 | * |
9 | * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org> |
10 | * |
11 | * Modified to be able to add or delete users, groups and users to/from groups |
12 | * by Tito Ragusa <farmatito@tiscali.it> |
13 | * |
14 | * Licensed under GPLv2, see file LICENSE in this source tree. |
15 | */ |
16 | #include "libbb.h" |
17 | |
18 | #if ENABLE_SELINUX |
19 | static void check_selinux_update_passwd(const char *username) |
20 | { |
21 | security_context_t context; |
22 | char *seuser; |
23 | |
24 | if (getuid() != (uid_t)0 || is_selinux_enabled() == 0) |
25 | return; /* No need to check */ |
26 | |
27 | if (getprevcon_raw(&context) < 0) |
28 | bb_perror_msg_and_die("getprevcon failed"); |
29 | seuser = strtok(context, ":"); |
30 | if (!seuser) |
31 | bb_error_msg_and_die("invalid context '%s'", context); |
32 | if (strcmp(seuser, username) != 0) { |
33 | security_class_t tclass; |
34 | access_vector_t av; |
35 | |
36 | tclass = string_to_security_class("passwd"); |
37 | if (tclass == 0) |
38 | goto die; |
39 | av = string_to_av_perm(tclass, "passwd"); |
40 | if (av == 0) |
41 | goto die; |
42 | |
43 | if (selinux_check_passwd_access(av) != 0) |
44 | die: |
45 | bb_error_msg_and_die("SELinux: access denied"); |
46 | } |
47 | if (ENABLE_FEATURE_CLEAN_UP) |
48 | freecon(context); |
49 | } |
50 | #else |
51 | # define check_selinux_update_passwd(username) ((void)0) |
52 | #endif |
53 | |
54 | /* |
55 | 1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL) |
56 | only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser |
57 | |
58 | 2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL) |
59 | only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup |
60 | |
61 | 3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER) |
62 | only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a' |
63 | like in addgroup and member != NULL |
64 | |
65 | 4) delete a user: update_passwd(FILE, USER, NULL, NULL) |
66 | |
67 | 5) delete a group: update_passwd(FILE, GROUP, NULL, NULL) |
68 | |
69 | 6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER) |
70 | only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL |
71 | |
72 | 7) change user's password: update_passwd(FILE, USER, NEW_PASSWD, NULL) |
73 | only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd |
74 | or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd |
75 | |
76 | 8) delete a user from all groups: update_passwd(FILE, NULL, NULL, MEMBER) |
77 | |
78 | This function does not validate the arguments fed to it |
79 | so the calling program should take care of that. |
80 | |
81 | Returns number of lines changed, or -1 on error. |
82 | */ |
83 | int FAST_FUNC update_passwd(const char *filename, |
84 | const char *name, |
85 | const char *new_passwd, |
86 | const char *member) |
87 | { |
88 | #if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP) |
89 | #define member NULL |
90 | #endif |
91 | struct stat sb; |
92 | struct flock lock; |
93 | FILE *old_fp; |
94 | FILE *new_fp; |
95 | char *fnamesfx; |
96 | char *sfx_char; |
97 | char *name_colon; |
98 | int old_fd; |
99 | int new_fd; |
100 | int i; |
101 | int changed_lines; |
102 | int ret = -1; /* failure */ |
103 | /* used as a bool: "are we modifying /etc/shadow?" */ |
104 | #if ENABLE_FEATURE_SHADOWPASSWDS |
105 | const char *shadow = strstr(filename, "shadow"); |
106 | #else |
107 | # define shadow NULL |
108 | #endif |
109 | |
110 | filename = xmalloc_follow_symlinks(filename); |
111 | if (filename == NULL) |
112 | return ret; |
113 | |
114 | if (name) |
115 | check_selinux_update_passwd(name); |
116 | |
117 | /* New passwd file, "/etc/passwd+" for now */ |
118 | fnamesfx = xasprintf("%s+", filename); |
119 | sfx_char = &fnamesfx[strlen(fnamesfx)-1]; |
120 | name_colon = xasprintf("%s:", name ? name : ""); |
121 | |
122 | if (shadow) |
123 | old_fp = fopen(filename, "r+"); |
124 | else |
125 | old_fp = fopen_or_warn(filename, "r+"); |
126 | if (!old_fp) { |
127 | if (shadow) |
128 | ret = 0; /* missing shadow is not an error */ |
129 | goto free_mem; |
130 | } |
131 | old_fd = fileno(old_fp); |
132 | |
133 | selinux_preserve_fcontext(old_fd); |
134 | |
135 | /* Try to create "/etc/passwd+". Wait if it exists. */ |
136 | i = 30; |
137 | do { |
138 | // FIXME: on last iteration try w/o O_EXCL but with O_TRUNC? |
139 | new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600); |
140 | if (new_fd >= 0) goto created; |
141 | if (errno != EEXIST) break; |
142 | usleep(100000); /* 0.1 sec */ |
143 | } while (--i); |
144 | bb_perror_msg("can't create '%s'", fnamesfx); |
145 | goto close_old_fp; |
146 | |
147 | created: |
148 | if (fstat(old_fd, &sb) == 0) { |
149 | fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */ |
150 | fchown(new_fd, sb.st_uid, sb.st_gid); |
151 | } |
152 | errno = 0; |
153 | new_fp = xfdopen_for_write(new_fd); |
154 | |
155 | /* Backup file is "/etc/passwd-" */ |
156 | *sfx_char = '-'; |
157 | /* Delete old backup */ |
158 | i = (unlink(fnamesfx) && errno != ENOENT); |
159 | /* Create backup as a hardlink to current */ |
160 | if (i || link(filename, fnamesfx)) |
161 | bb_perror_msg("warning: can't create backup copy '%s'", |
162 | fnamesfx); |
163 | *sfx_char = '+'; |
164 | |
165 | /* Lock the password file before updating */ |
166 | lock.l_type = F_WRLCK; |
167 | lock.l_whence = SEEK_SET; |
168 | lock.l_start = 0; |
169 | lock.l_len = 0; |
170 | if (fcntl(old_fd, F_SETLK, &lock) < 0) |
171 | bb_perror_msg("warning: can't lock '%s'", filename); |
172 | lock.l_type = F_UNLCK; |
173 | |
174 | /* Read current password file, write updated /etc/passwd+ */ |
175 | changed_lines = 0; |
176 | while (1) { |
177 | char *cp, *line; |
178 | |
179 | line = xmalloc_fgetline(old_fp); |
180 | if (!line) /* EOF/error */ |
181 | break; |
182 | |
183 | #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP |
184 | if (!name && member) { |
185 | /* Delete member from all groups */ |
186 | /* line is "GROUP:PASSWD:[member1[,member2]...]" */ |
187 | unsigned member_len = strlen(member); |
188 | char *list = strrchr(line, ':'); |
189 | while (list) { |
190 | list++; |
191 | next_list_element: |
192 | if (is_prefixed_with(list, member)) { |
193 | char c; |
194 | changed_lines++; |
195 | c = list[member_len]; |
196 | if (c == '\0') { |
197 | if (list[-1] == ',') |
198 | list--; |
199 | *list = '\0'; |
200 | break; |
201 | } |
202 | if (c == ',') { |
203 | overlapping_strcpy(list, list + member_len + 1); |
204 | goto next_list_element; |
205 | } |
206 | changed_lines--; |
207 | } |
208 | list = strchr(list, ','); |
209 | } |
210 | fprintf(new_fp, "%s\n", line); |
211 | goto next; |
212 | } |
213 | #endif |
214 | |
215 | cp = is_prefixed_with(line, name_colon); |
216 | if (!cp) { |
217 | fprintf(new_fp, "%s\n", line); |
218 | goto next; |
219 | } |
220 | |
221 | /* We have a match with "name:"... */ |
222 | /* cp points past "name:" */ |
223 | |
224 | #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP |
225 | if (member) { |
226 | /* It's actually /etc/group+, not /etc/passwd+ */ |
227 | if (ENABLE_FEATURE_ADDUSER_TO_GROUP |
228 | && applet_name[0] == 'a' |
229 | ) { |
230 | /* Add user to group */ |
231 | fprintf(new_fp, "%s%s%s\n", line, |
232 | last_char_is(line, ':') ? "" : ",", |
233 | member); |
234 | changed_lines++; |
235 | } else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP |
236 | /* && applet_name[0] == 'd' */ |
237 | ) { |
238 | /* Delete user from group */ |
239 | char *tmp; |
240 | const char *fmt = "%s"; |
241 | |
242 | /* find the start of the member list: last ':' */ |
243 | cp = strrchr(line, ':'); |
244 | /* cut it */ |
245 | *cp++ = '\0'; |
246 | /* write the cut line name:passwd:gid: |
247 | * or name:!:: */ |
248 | fprintf(new_fp, "%s:", line); |
249 | /* parse the tokens of the member list */ |
250 | tmp = cp; |
251 | while ((cp = strsep(&tmp, ",")) != NULL) { |
252 | if (strcmp(member, cp) != 0) { |
253 | fprintf(new_fp, fmt, cp); |
254 | fmt = ",%s"; |
255 | } else { |
256 | /* found member, skip it */ |
257 | changed_lines++; |
258 | } |
259 | } |
260 | fprintf(new_fp, "\n"); |
261 | } |
262 | } else |
263 | #endif |
264 | if ((ENABLE_PASSWD && applet_name[0] == 'p') |
265 | || (ENABLE_CHPASSWD && applet_name[0] == 'c') |
266 | ) { |
267 | /* Change passwd */ |
268 | cp = strchrnul(cp, ':'); /* move past old passwd */ |
269 | |
270 | if (shadow && *cp == ':') { |
271 | /* /etc/shadow's field 3 (passwd change date) needs updating */ |
272 | /* move past old change date */ |
273 | cp = strchrnul(cp + 1, ':'); |
274 | /* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */ |
275 | fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd, |
276 | (unsigned)(time(NULL)) / (24*60*60), cp); |
277 | } else { |
278 | /* "name:" + "new_passwd" + ":rest of line" */ |
279 | fprintf(new_fp, "%s%s%s\n", name_colon, new_passwd, cp); |
280 | } |
281 | changed_lines++; |
282 | } /* else delete user or group: skip the line */ |
283 | next: |
284 | free(line); |
285 | } |
286 | |
287 | if (changed_lines == 0) { |
288 | #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP |
289 | if (member) { |
290 | if (ENABLE_ADDGROUP && applet_name[0] == 'a') |
291 | bb_error_msg("can't find %s in %s", name, filename); |
292 | if (ENABLE_DELGROUP && applet_name[0] == 'd') |
293 | bb_error_msg("can't find %s in %s", member, filename); |
294 | } |
295 | #endif |
296 | if ((ENABLE_ADDUSER || ENABLE_ADDGROUP) |
297 | && applet_name[0] == 'a' && !member |
298 | ) { |
299 | /* add user or group */ |
300 | fprintf(new_fp, "%s%s\n", name_colon, new_passwd); |
301 | changed_lines++; |
302 | } |
303 | } |
304 | |
305 | fcntl(old_fd, F_SETLK, &lock); |
306 | |
307 | /* We do want all of them to execute, thus | instead of || */ |
308 | errno = 0; |
309 | if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp)) |
310 | || rename(fnamesfx, filename) |
311 | ) { |
312 | /* At least one of those failed */ |
313 | bb_perror_nomsg(); |
314 | goto unlink_new; |
315 | } |
316 | /* Success: ret >= 0 */ |
317 | ret = changed_lines; |
318 | |
319 | unlink_new: |
320 | if (ret < 0) |
321 | unlink(fnamesfx); |
322 | |
323 | close_old_fp: |
324 | fclose(old_fp); |
325 | |
326 | free_mem: |
327 | free(fnamesfx); |
328 | free((char *)filename); |
329 | free(name_colon); |
330 | return ret; |
331 | } |
332 |