1 /* $NetBSD: chpass.c,v 1.35 2011/08/31 16:24:57 plunky Exp $ */
2
3 /*-
4 * Copyright (c) 1988, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 #ifndef lint
34 __COPYRIGHT("@(#) Copyright (c) 1988, 1993, 1994\
35 The Regents of the University of California. All rights reserved.");
36 #endif /* not lint */
37
38 #ifndef lint
39 #if 0
40 static char sccsid[] = "@(#)chpass.c 8.4 (Berkeley) 4/2/94";
41 #else
42 __RCSID("$NetBSD: chpass.c,v 1.35 2011/08/31 16:24:57 plunky Exp $");
43 #endif
44 #endif /* not lint */
45
46 #include <sys/param.h>
47 #include <sys/stat.h>
48 #include <sys/time.h>
49 #include <sys/resource.h>
50
51 #include <ctype.h>
52 #include <err.h>
53 #include <errno.h>
54 #include <fcntl.h>
55 #include <pwd.h>
56 #include <stdio.h>
57 #include <stdlib.h>
58 #include <string.h>
59 #include <unistd.h>
60 #include <util.h>
61 #include <libgen.h>
62
63 #include "chpass.h"
64 #include "pathnames.h"
65
66 static char tempname[] = "/tmp/pw.XXXXXX";
67 uid_t uid;
68 int use_yp;
69
70 void (*Pw_error)(const char *, int, int);
71
72 #ifdef YP
73 extern int _yp_check(char **); /* buried deep inside libc */
74 #endif
75
76 __dead static void baduser(void);
77 static void cleanup(void);
78 __dead static void usage(void);
79
80 int
main(int argc,char ** argv)81 main(int argc, char **argv)
82 {
83 enum { NEWSH, LOADENTRY, EDITENTRY } op;
84 struct passwd *pw, lpw, old_pw;
85 int ch, dfd, pfd, tfd;
86 #ifdef YP
87 int yflag = 0;
88 #endif
89 char *arg, *username = NULL;
90
91 #ifdef __GNUC__
92 pw = NULL; /* XXX gcc -Wuninitialized */
93 arg = NULL;
94 #endif
95 #ifdef YP
96 use_yp = _yp_check(NULL);
97 #endif
98
99 op = EDITENTRY;
100 while ((ch = getopt(argc, argv, "a:s:ly")) != -1)
101 switch (ch) {
102 case 'a':
103 op = LOADENTRY;
104 arg = optarg;
105 break;
106 case 's':
107 op = NEWSH;
108 arg = optarg;
109 break;
110 case 'l':
111 use_yp = 0;
112 break;
113 case 'y':
114 #ifdef YP
115 if (!use_yp)
116 errx(1, "YP not in use.");
117 yflag = 1;
118 #else
119 errx(1, "YP support not compiled in.");
120 #endif
121 break;
122 default:
123 usage();
124 }
125 argc -= optind;
126 argv += optind;
127
128 uid = getuid();
129 switch (argc) {
130 case 0:
131 /* nothing */
132 break;
133
134 case 1:
135 username = argv[0];
136 break;
137
138 default:
139 usage();
140 }
141
142 #ifdef YP
143 /*
144 * We need to determine if we _really_ want to use YP.
145 * If we defaulted to YP (i.e. were not given the -y flag),
146 * and the master is not running rpc.yppasswdd, we check
147 * to see if the user exists in the local passwd database.
148 * If so, we use it, otherwise we error out.
149 */
150 if (use_yp && yflag == 0) {
151 if (check_yppasswdd()) {
152 /*
153 * We weren't able to contact rpc.yppasswdd.
154 * Check to see if we're in the local
155 * password database. If we are, use it.
156 */
157 if (username != NULL)
158 pw = getpwnam(username);
159 else
160 pw = getpwuid(uid);
161 if (pw != NULL)
162 use_yp = 0;
163 else {
164 warnx("master YP server not running yppasswd"
165 " daemon.");
166 errx(1, "Can't change password.");
167 }
168 }
169 }
170 #endif
171
172 #ifdef YP
173 if (use_yp)
174 Pw_error = yppw_error;
175 else
176 #endif
177 Pw_error = pw_error;
178
179 #ifdef YP
180 if (op == LOADENTRY && use_yp)
181 errx(1, "cannot load entry using YP.\n"
182 "\tUse the -l flag to load local.");
183 #endif
184
185 if (op == EDITENTRY || op == NEWSH) {
186 if (username != NULL) {
187 pw = getpwnam(username);
188 if (pw == NULL)
189 errx(1, "unknown user: %s", username);
190 if (uid && uid != pw->pw_uid)
191 baduser();
192 } else {
193 pw = getpwuid(uid);
194 if (pw == NULL)
195 errx(1, "unknown user: uid %u", uid);
196 }
197
198 /* Make a copy for later verification */
199 old_pw = *pw;
200 old_pw.pw_gecos = strdup(old_pw.pw_gecos);
201 if (!old_pw.pw_gecos) {
202 err(1, "strdup");
203 /*NOTREACHED*/
204 }
205 }
206
207 if (op == NEWSH) {
208 /* protect p_shell -- it thinks NULL is /bin/sh */
209 if (!arg[0])
210 usage();
211 if (p_shell(arg, pw, NULL))
212 (*Pw_error)(NULL, 0, 1);
213 }
214
215 if (op == LOADENTRY) {
216 if (uid)
217 baduser();
218 pw = &lpw;
219 if (!pw_scan(arg, pw, NULL))
220 exit(1);
221 }
222
223 /* Edit the user passwd information if requested. */
224 if (op == EDITENTRY) {
225 struct stat sb;
226
227 dfd = mkstemp(tempname);
228 if (dfd < 0 || fcntl(dfd, F_SETFD, 1) < 0)
229 (*Pw_error)(tempname, 1, 1);
230 if (atexit(cleanup)) {
231 cleanup();
232 errx(1, "couldn't register cleanup");
233 }
234 if (stat(dirname(tempname), &sb) == -1)
235 err(1, "couldn't stat `%s'", dirname(tempname));
236 if (!(sb.st_mode & S_ISTXT))
237 errx(1, "temporary directory `%s' is not sticky",
238 dirname(tempname));
239
240 display(tempname, dfd, pw);
241 edit(tempname, pw);
242 }
243
244 #ifdef YP
245 if (use_yp) {
246 if (pw_yp(pw, uid))
247 yppw_error(NULL, 0, 1);
248 else
249 exit(0);
250 /* Will not exit from this if. */
251 }
252 #endif /* YP */
253
254
255 /*
256 * Get the passwd lock file and open the passwd file for
257 * reading.
258 */
259 pw_init();
260 tfd = pw_lock(0);
261 if (tfd < 0) {
262 if (errno != EEXIST)
263 err(1, "%s", _PATH_MASTERPASSWD_LOCK);
264 warnx("The passwd file is busy, waiting...");
265 tfd = pw_lock(10);
266 if (tfd < 0) {
267 if (errno != EEXIST)
268 err(1, "%s", _PATH_MASTERPASSWD_LOCK);
269 errx(1, "The passwd file is still busy, "
270 "try again later.");
271 }
272 }
273 if (fcntl(tfd, F_SETFD, 1) < 0)
274 pw_error(_PATH_MASTERPASSWD_LOCK, 1, 1);
275
276 pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
277 if (pfd < 0 || fcntl(pfd, F_SETFD, 1) < 0)
278 pw_error(_PATH_MASTERPASSWD, 1, 1);
279
280 /* Copy the passwd file to the lock file, updating pw. */
281 pw_copy(pfd, tfd, pw, (op == LOADENTRY) ? NULL : &old_pw);
282
283 close(pfd);
284 close(tfd);
285
286 /* Now finish the passwd file update. */
287 if (pw_mkdb(username, 0) < 0)
288 pw_error(NULL, 0, 1);
289
290 exit(0);
291 }
292
293 static void
baduser(void)294 baduser(void)
295 {
296
297 errx(1, "%s", strerror(EACCES));
298 }
299
300 static void
usage(void)301 usage(void)
302 {
303
304 (void)fprintf(stderr,
305 "usage: %s [-a list] [-s shell] [-l] [user]\n"
306 " %s [-a list] [-s shell] [-y] [user]\n",
307 getprogname(), getprogname());
308 exit(1);
309 }
310
311 static void
cleanup(void)312 cleanup(void)
313 {
314
315 (void)unlink(tempname);
316 }
317