1 /*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * $FreeBSD: src/usr.bin/chpass/edit.c,v 1.16.2.2 2001/08/02 01:48:22 obrien Exp $ 34 * $DragonFly: src/usr.bin/chpass/edit.c,v 1.3 2003/10/02 17:42:26 hmp Exp $ 35 * 36 * @(#)edit.c 8.3 (Berkeley) 4/2/94 37 */ 38 39 #include <sys/param.h> 40 #include <sys/stat.h> 41 42 #include <ctype.h> 43 #include <err.h> 44 #include <errno.h> 45 #include <md5.h> 46 #include <paths.h> 47 #include <pwd.h> 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <unistd.h> 52 53 #include <pw_scan.h> 54 #include <pw_util.h> 55 56 #include "chpass.h" 57 #ifdef YP 58 #include "pw_yp.h" 59 #endif /* YP */ 60 61 extern char *tempname; 62 63 void 64 edit(struct passwd *pw) 65 { 66 struct stat begin, end; 67 char *begin_sum, *end_sum; 68 69 for (;;) { 70 if (stat(tempname, &begin)) 71 pw_error(tempname, 1, 1); 72 begin_sum = MD5File(tempname, (char *)NULL); 73 pw_edit(1); 74 if (stat(tempname, &end)) 75 pw_error(tempname, 1, 1); 76 end_sum = MD5File(tempname, (char *)NULL); 77 if ((begin.st_mtime == end.st_mtime) && 78 (strcmp(begin_sum, end_sum) == 0)) { 79 warnx("no changes made"); 80 pw_error(NULL, 0, 0); 81 } 82 free(begin_sum); 83 free(end_sum); 84 if (verify(pw)) 85 break; 86 pw_prompt(); 87 } 88 } 89 90 /* 91 * display -- 92 * print out the file for the user to edit; strange side-effect: 93 * set conditional flag if the user gets to edit the shell. 94 */ 95 void 96 display(int fd, struct passwd *pw) 97 { 98 FILE *fp; 99 char *bp, *p, *ttoa(); 100 101 if (!(fp = fdopen(fd, "w"))) 102 pw_error(tempname, 1, 1); 103 104 (void)fprintf(fp, 105 #ifdef YP 106 "#Changing %s information for %s.\n", _use_yp ? "NIS" : "user database", pw->pw_name); 107 if (!uid && (!_use_yp || suser_override)) { 108 #else 109 "#Changing user database information for %s.\n", pw->pw_name); 110 if (!uid) { 111 #endif /* YP */ 112 (void)fprintf(fp, "Login: %s\n", pw->pw_name); 113 (void)fprintf(fp, "Password: %s\n", pw->pw_passwd); 114 (void)fprintf(fp, "Uid [#]: %lu\n", (unsigned long)pw->pw_uid); 115 (void)fprintf(fp, "Gid [# or name]: %lu\n", 116 (unsigned long)pw->pw_gid); 117 (void)fprintf(fp, "Change [month day year]: %s\n", 118 ttoa(pw->pw_change)); 119 (void)fprintf(fp, "Expire [month day year]: %s\n", 120 ttoa(pw->pw_expire)); 121 (void)fprintf(fp, "Class: %s\n", pw->pw_class); 122 (void)fprintf(fp, "Home directory: %s\n", pw->pw_dir); 123 (void)fprintf(fp, "Shell: %s\n", 124 *pw->pw_shell ? pw->pw_shell : _PATH_BSHELL); 125 } 126 /* Only admin can change "restricted" shells. */ 127 #if 0 128 else if (ok_shell(pw->pw_shell)) 129 /* 130 * Make shell a restricted field. Ugly with a 131 * necklace, but there's not much else to do. 132 */ 133 #else 134 else if ((!list[E_SHELL].restricted && ok_shell(pw->pw_shell)) || !uid) 135 /* 136 * If change not restrict (table.c) and standard shell 137 * OR if root, then allow editing of shell. 138 */ 139 #endif 140 (void)fprintf(fp, "Shell: %s\n", 141 *pw->pw_shell ? pw->pw_shell : _PATH_BSHELL); 142 else 143 list[E_SHELL].restricted = 1; 144 bp = pw->pw_gecos; 145 146 p = strsep(&bp, ","); 147 p = strdup(p ? p : ""); 148 list[E_NAME].save = p; 149 if (!list[E_NAME].restricted || !uid) 150 (void)fprintf(fp, "Full Name: %s\n", p); 151 152 p = strsep(&bp, ","); 153 p = strdup(p ? p : ""); 154 list[E_LOCATE].save = p; 155 if (!list[E_LOCATE].restricted || !uid) 156 (void)fprintf(fp, "Office Location: %s\n", p); 157 158 p = strsep(&bp, ","); 159 p = strdup(p ? p : ""); 160 list[E_BPHONE].save = p; 161 if (!list[E_BPHONE].restricted || !uid) 162 (void)fprintf(fp, "Office Phone: %s\n", p); 163 164 p = strsep(&bp, ","); 165 p = strdup(p ? p : ""); 166 list[E_HPHONE].save = p; 167 if (!list[E_HPHONE].restricted || !uid) 168 (void)fprintf(fp, "Home Phone: %s\n", p); 169 170 bp = strdup(bp ? bp : ""); 171 list[E_OTHER].save = bp; 172 if (!list[E_OTHER].restricted || !uid) 173 (void)fprintf(fp, "Other information: %s\n", bp); 174 175 (void)fchown(fd, getuid(), getgid()); 176 (void)fclose(fp); 177 } 178 179 int 180 verify(struct passwd *pw) 181 { 182 ENTRY *ep; 183 char *p; 184 struct stat sb; 185 FILE *fp; 186 int len, line; 187 static char buf[LINE_MAX]; 188 189 if (!(fp = fopen(tempname, "r"))) 190 pw_error(tempname, 1, 1); 191 if (fstat(fileno(fp), &sb)) 192 pw_error(tempname, 1, 1); 193 if (sb.st_size == 0) { 194 warnx("corrupted temporary file"); 195 goto bad; 196 } 197 line = 0; 198 while (fgets(buf, sizeof(buf), fp)) { 199 line++; 200 if (!buf[0] || buf[0] == '#') 201 continue; 202 if (!(p = strchr(buf, '\n'))) { 203 warnx("line %d too long", line); 204 goto bad; 205 } 206 *p = '\0'; 207 for (ep = list;; ++ep) { 208 if (!ep->prompt) { 209 warnx("unrecognized field on line %d", line); 210 goto bad; 211 } 212 if (!strncasecmp(buf, ep->prompt, ep->len)) { 213 if (ep->restricted && uid) { 214 warnx( 215 "you may not change the %s field", 216 ep->prompt); 217 goto bad; 218 } 219 if (!(p = strchr(buf, ':'))) { 220 warnx("line %d corrupted", line); 221 goto bad; 222 } 223 while (isspace(*++p)); 224 if (ep->except && strpbrk(p, ep->except)) { 225 warnx( 226 "illegal character in the \"%s\" field", 227 ep->prompt); 228 goto bad; 229 } 230 if ((ep->func)(p, pw, ep)) { 231 bad: (void)fclose(fp); 232 return (0); 233 } 234 break; 235 } 236 } 237 } 238 (void)fclose(fp); 239 240 /* Build the gecos field. */ 241 len = strlen(list[E_NAME].save) + strlen(list[E_BPHONE].save) + 242 strlen(list[E_HPHONE].save) + strlen(list[E_LOCATE].save) + 243 strlen(list[E_OTHER].save) + 5; 244 if (!(p = malloc(len))) 245 err(1, NULL); 246 (void)sprintf(pw->pw_gecos = p, "%s,%s,%s,%s,%s", list[E_NAME].save, 247 list[E_LOCATE].save, list[E_BPHONE].save, list[E_HPHONE].save, 248 list[E_OTHER].save); 249 250 while ((len = strlen(pw->pw_gecos)) && pw->pw_gecos[len - 1] == ',') 251 pw->pw_gecos[len - 1] = '\0'; 252 253 if (snprintf(buf, sizeof(buf), 254 "%s:%s:%lu:%lu:%s:%ld:%ld:%s:%s:%s", 255 pw->pw_name, pw->pw_passwd, (unsigned long)pw->pw_uid, 256 (unsigned long)pw->pw_gid, pw->pw_class, (long)pw->pw_change, 257 (long)pw->pw_expire, pw->pw_gecos, pw->pw_dir, 258 pw->pw_shell) >= sizeof(buf)) { 259 warnx("entries too long"); 260 free(p); 261 return (0); 262 } 263 free(p); 264 return (pw_scan(buf, pw)); 265 } 266