1 /* $OpenBSD: edit.c,v 1.15 1998/05/28 19:13:26 deraadt Exp $ */ 2 /* $NetBSD: edit.c,v 1.6 1996/05/15 21:50:45 jtc Exp $ */ 3 4 /*- 5 * Copyright (c) 1990, 1993, 1994 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37 #ifndef lint 38 #if 0 39 static char sccsid[] = "@(#)edit.c 8.3 (Berkeley) 4/2/94"; 40 #else 41 static char rcsid[] = "$OpenBSD: edit.c,v 1.15 1998/05/28 19:13:26 deraadt Exp $"; 42 #endif 43 #endif /* not lint */ 44 45 #include <sys/param.h> 46 #include <sys/stat.h> 47 48 #include <ctype.h> 49 #include <err.h> 50 #include <errno.h> 51 #include <paths.h> 52 #include <pwd.h> 53 #include <stdio.h> 54 #include <stdlib.h> 55 #include <string.h> 56 #include <unistd.h> 57 #include <util.h> 58 59 #include "chpass.h" 60 61 void 62 edit(tempname, pw) 63 char *tempname; 64 struct passwd *pw; 65 { 66 struct stat begin, end; 67 68 for (;;) { 69 if (lstat(tempname, &begin) == -1 || S_ISLNK(begin.st_mode)) 70 pw_error(tempname, 1, 1); 71 pw_edit(1, tempname); 72 if (lstat(tempname, &end) == -1 || S_ISLNK(end.st_mode)) 73 pw_error(tempname, 1, 1); 74 if (begin.st_mtime == end.st_mtime) { 75 warnx("no changes made"); 76 unlink(tempname); 77 pw_error(NULL, 0, 0); 78 } 79 if (verify(tempname, pw)) { 80 unlink(tempname); 81 break; 82 } 83 pw_prompt(); 84 } 85 } 86 87 /* 88 * display -- 89 * print out the file for the user to edit; strange side-effect: 90 * set conditional flag if the user gets to edit the shell. 91 */ 92 void 93 display(tempname, fd, pw) 94 char *tempname; 95 int fd; 96 struct passwd *pw; 97 { 98 FILE *fp; 99 char *bp, *p; 100 char chngstr[256]; 101 102 if (!(fp = fdopen(fd, "w"))) 103 pw_error(tempname, 1, 1); 104 105 (void)fprintf(fp, 106 "#Changing user database information for %s.\n", pw->pw_name); 107 if (!uid) { 108 (void)fprintf(fp, "Login: %s\n", pw->pw_name); 109 (void)fprintf(fp, "Encrypted password: %s\n", pw->pw_passwd); 110 (void)fprintf(fp, "Uid [#]: %d\n", pw->pw_uid); 111 (void)fprintf(fp, "Gid [# or name]: %d\n", pw->pw_gid); 112 (void)fprintf(fp, "Change [month day year]: %s\n", 113 ttoa(chngstr, sizeof(chngstr), pw->pw_change)); 114 (void)fprintf(fp, "Expire [month day year]: %s\n", 115 ttoa(chngstr, sizeof(chngstr), pw->pw_expire)); 116 (void)fprintf(fp, "Class: %s\n", pw->pw_class); 117 (void)fprintf(fp, "Home directory: %s\n", pw->pw_dir); 118 (void)fprintf(fp, "Shell: %s\n", 119 *pw->pw_shell ? pw->pw_shell : _PATH_BSHELL); 120 } 121 /* Only admin can change "restricted" shells. */ 122 else if (ok_shell(pw->pw_shell)) 123 /* 124 * Make shell a restricted field. Ugly with a 125 * necklace, but there's not much else to do. 126 */ 127 (void)fprintf(fp, "Shell: %s\n", 128 *pw->pw_shell ? pw->pw_shell : _PATH_BSHELL); 129 else 130 list[E_SHELL].restricted = 1; 131 bp = pw->pw_gecos; 132 p = strsep(&bp, ","); 133 (void)fprintf(fp, "Full Name: %s\n", p ? p : ""); 134 p = strsep(&bp, ","); 135 (void)fprintf(fp, "Location: %s\n", p ? p : ""); 136 p = strsep(&bp, ","); 137 (void)fprintf(fp, "Office Phone: %s\n", p ? p : ""); 138 p = strsep(&bp, ","); 139 (void)fprintf(fp, "Home Phone: %s\n", p ? p : ""); 140 141 (void)fchown(fd, getuid(), getgid()); 142 (void)fclose(fp); 143 } 144 145 int 146 verify(tempname, pw) 147 char *tempname; 148 struct passwd *pw; 149 { 150 ENTRY *ep; 151 char *p; 152 struct stat sb; 153 FILE *fp; 154 int len, alen, line; 155 static char buf[LINE_MAX]; 156 157 if (!(fp = fopen(tempname, "r"))) 158 pw_error(tempname, 1, 1); 159 if (fstat(fileno(fp), &sb)) 160 pw_error(tempname, 1, 1); 161 if (sb.st_size == 0) { 162 warnx("corrupted temporary file"); 163 goto bad; 164 } 165 line = 0; 166 while (fgets(buf, sizeof(buf), fp)) { 167 line++; 168 if (!buf[0] || buf[0] == '#') 169 continue; 170 if (!(p = strchr(buf, '\n'))) { 171 warnx("line %d too long", line); 172 goto bad; 173 } 174 *p = '\0'; 175 for (ep = list;; ++ep) { 176 if (!ep->prompt) { 177 warnx("unrecognized field on line %d", line); 178 goto bad; 179 } 180 if (!strncasecmp(buf, ep->prompt, ep->len)) { 181 if (ep->restricted && uid) { 182 warnx( 183 "you may not change the %s field", 184 ep->prompt); 185 goto bad; 186 } 187 if (!(p = strchr(buf, ':'))) { 188 warnx("line %d corrupted", line); 189 goto bad; 190 } 191 while (isspace(*++p)); 192 if (ep->except && strpbrk(p, ep->except)) { 193 warnx( 194 "illegal character in the \"%s\" field", 195 ep->prompt); 196 goto bad; 197 } 198 if ((ep->func)(p, pw, ep)) { 199 bad: (void)fclose(fp); 200 return (0); 201 } 202 break; 203 } 204 } 205 } 206 (void)fclose(fp); 207 208 if (list[E_NAME].save == NULL) 209 list[E_NAME].save = ""; 210 if (list[E_BPHONE].save == NULL) 211 list[E_BPHONE].save = ""; 212 if (list[E_HPHONE].save == NULL) 213 list[E_HPHONE].save = ""; 214 if (list[E_LOCATE].save == NULL) 215 list[E_LOCATE].save = ""; 216 217 /* Build the gecos field. */ 218 len = strlen(list[E_NAME].save) + strlen(list[E_BPHONE].save) + 219 strlen(list[E_HPHONE].save) + strlen(list[E_LOCATE].save) + 4; 220 for (alen = 0, p = list[E_NAME].save; *p; p++) 221 if (*p == '&') 222 alen = alen + strlen(pw->pw_name) - 1; 223 if (!(p = malloc(len))) 224 err(1, NULL); 225 (void)sprintf(pw->pw_gecos = p, "%s,%s,%s,%s", list[E_NAME].save, 226 list[E_LOCATE].save, list[E_BPHONE].save, list[E_HPHONE].save); 227 228 if (snprintf(buf, sizeof(buf), 229 "%s:%s:%d:%d:%s:%ld:%ld:%s:%s:%s", 230 pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid, pw->pw_class, 231 pw->pw_change, pw->pw_expire, pw->pw_gecos, pw->pw_dir, 232 pw->pw_shell) >= 1023 || 233 strlen(buf) + alen >= 1023) { 234 warnx("entries too long"); 235 free(p); 236 return (0); 237 } 238 free(p); 239 240 return (pw_scan(buf, pw, NULL)); 241 } 242