2007-10-07 11:44:02 +00:00
|
|
|
/*
|
2008-04-27 00:40:09 +00:00
|
|
|
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
|
|
|
|
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
|
|
|
|
* Copyright (c) 2001 - 2006, Tomasz Kłoczko
|
2011-09-18 17:27:18 +00:00
|
|
|
* Copyright (c) 2007 - 2011, Nicolas François
|
2007-10-07 11:44:02 +00:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2008-04-27 00:40:09 +00:00
|
|
|
* 3. The name of the copyright holders or contributors may not be used to
|
|
|
|
* endorse or promote products derived from this software without
|
|
|
|
* specific prior written permission.
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
2008-04-27 00:40:09 +00:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2007-11-10 23:46:11 +00:00
|
|
|
#ident "$Id$"
|
2007-10-07 11:47:01 +00:00
|
|
|
|
2007-10-07 11:46:52 +00:00
|
|
|
#include <errno.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
#include <fcntl.h>
|
2008-08-22 02:28:15 +00:00
|
|
|
#include <getopt.h>
|
2007-10-07 11:46:52 +00:00
|
|
|
#include <grp.h>
|
|
|
|
#include <pwd.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
#include <signal.h>
|
2007-10-07 11:46:52 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/types.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
#include "defines.h"
|
|
|
|
#include "groupio.h"
|
2007-10-07 11:47:22 +00:00
|
|
|
#include "nscd.h"
|
Flush sssd caches in addition to nscd caches
Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
passwd: sss files
group: sss files
The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.
Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.
More details about why Fedora chose to use sss before files can be found
on e.g.:
https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html
Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.
This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.
2018-09-12 14:22:11 +02:00
|
|
|
#include "sssd.h"
|
2007-10-07 11:46:52 +00:00
|
|
|
#include "prototypes.h"
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
2007-10-07 11:44:02 +00:00
|
|
|
#include "sgroupio.h"
|
|
|
|
#endif
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
/*@-exitarg@*/
|
|
|
|
#include "exitcodes.h"
|
|
|
|
|
2007-10-07 11:47:01 +00:00
|
|
|
/*
|
|
|
|
* Global variables
|
|
|
|
*/
|
2007-12-27 17:36:08 +00:00
|
|
|
/* The name of this command, as it is invoked */
|
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/chage.c,
src/groupadd.c, src/login.c, src/grpconv.c, src/groups.c,
src/grpunconv.c, src/chsh.c: Prog changed to a constant string.
2010-08-22 19:36:09 +00:00
|
|
|
const char *Prog;
|
2007-10-07 11:44:59 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
#ifdef SHADOWGRP
|
2007-12-27 17:36:08 +00:00
|
|
|
/* Indicate if shadow groups are enabled on the system
|
|
|
|
* (/etc/gshadow present) */
|
2008-06-09 19:26:19 +00:00
|
|
|
static bool is_shadowgrp;
|
2007-10-07 11:44:02 +00:00
|
|
|
#endif
|
|
|
|
|
2007-12-27 18:27:57 +00:00
|
|
|
/* Flags set by options */
|
2008-06-09 19:26:19 +00:00
|
|
|
static bool aflg = false;
|
|
|
|
static bool Aflg = false;
|
|
|
|
static bool dflg = false;
|
|
|
|
static bool Mflg = false;
|
|
|
|
static bool rflg = false;
|
|
|
|
static bool Rflg = false;
|
2007-12-27 18:27:57 +00:00
|
|
|
/* The name of the group that is being affected */
|
|
|
|
static char *group = NULL;
|
|
|
|
/* The name of the user being added (-a) or removed (-d) from group */
|
|
|
|
static char *user = NULL;
|
|
|
|
/* The new list of members set with -M */
|
|
|
|
static char *members = NULL;
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
/* The new list of group administrators set with -A */
|
2007-12-27 18:52:40 +00:00
|
|
|
static char *admins = NULL;
|
2007-12-27 18:27:57 +00:00
|
|
|
#endif
|
|
|
|
/* The name of the caller */
|
|
|
|
static char *myname = NULL;
|
2007-12-27 17:36:08 +00:00
|
|
|
/* The UID of the caller */
|
2008-06-09 19:26:19 +00:00
|
|
|
static uid_t bywho;
|
2007-12-27 18:27:57 +00:00
|
|
|
/* Indicate if gpasswd was called by root */
|
|
|
|
#define amroot (0 == bywho)
|
2007-10-07 11:47:01 +00:00
|
|
|
|
2007-12-27 17:36:08 +00:00
|
|
|
/* The number of retries for th user to provide and repeat a new password */
|
2007-10-07 11:44:02 +00:00
|
|
|
#ifndef RETRIES
|
|
|
|
#define RETRIES 3
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* local function prototypes */
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-04 23:02:33 +00:00
|
|
|
static void usage (int status);
|
2007-12-27 17:36:08 +00:00
|
|
|
static RETSIGTYPE catch_signals (int killed);
|
2008-06-09 19:26:19 +00:00
|
|
|
static bool is_valid_user_list (const char *users);
|
2007-12-27 18:27:57 +00:00
|
|
|
static void process_flags (int argc, char **argv);
|
2007-12-27 21:19:57 +00:00
|
|
|
static void check_flags (int argc, int opt_index);
|
2007-12-27 18:52:40 +00:00
|
|
|
static void open_files (void);
|
|
|
|
static void close_files (void);
|
|
|
|
#ifdef SHADOWGRP
|
2007-12-27 21:04:22 +00:00
|
|
|
static void get_group (struct group *gr, struct sgrp *sg);
|
2008-02-26 19:09:10 +00:00
|
|
|
static void check_perms (const struct group *gr, const struct sgrp *sg);
|
2007-12-27 18:52:40 +00:00
|
|
|
static void update_group (struct group *gr, struct sgrp *sg);
|
2007-12-27 21:04:22 +00:00
|
|
|
static void change_passwd (struct group *gr, struct sgrp *sg);
|
2007-12-27 18:52:40 +00:00
|
|
|
#else
|
2007-12-27 21:04:22 +00:00
|
|
|
static void get_group (struct group *gr);
|
2007-12-27 19:08:31 +00:00
|
|
|
static void check_perms (const struct group *gr);
|
2007-12-27 18:52:40 +00:00
|
|
|
static void update_group (struct group *gr);
|
2007-12-27 21:04:22 +00:00
|
|
|
static void change_passwd (struct group *gr);
|
2007-12-27 18:52:40 +00:00
|
|
|
#endif
|
2009-01-26 22:03:37 +00:00
|
|
|
static void log_gpasswd_failure (const char *suffix);
|
2011-11-19 21:51:52 +00:00
|
|
|
static void log_gpasswd_failure_system (/*@null@*/unused void *arg);
|
|
|
|
static void log_gpasswd_failure_group (/*@null@*/unused void *arg);
|
2009-01-26 22:03:37 +00:00
|
|
|
#ifdef SHADOWGRP
|
2011-11-19 21:51:52 +00:00
|
|
|
static void log_gpasswd_failure_gshadow (/*@null@*/unused void *arg);
|
2009-01-26 22:03:37 +00:00
|
|
|
#endif
|
|
|
|
static void log_gpasswd_success (const char *suffix);
|
2011-11-19 21:51:52 +00:00
|
|
|
static void log_gpasswd_success_system (/*@null@*/unused void *arg);
|
|
|
|
static void log_gpasswd_success_group (/*@null@*/unused void *arg);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* usage - display usage message
|
|
|
|
*/
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-04 23:02:33 +00:00
|
|
|
static void usage (int status)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
* src/userdel.c, src/lastlog.c, src/gpasswd.c, src/newusers.c,
src/chpasswd.c, src/groupmems.c, src/usermod.c, src/chgpasswd.c,
src/vipw.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c,
src/groupadd.c, src/chage.c, src/faillog.c, src/chsh.c: Use
booleans for tests.
* src/userdel.c, src/gpasswd.c, src/groupmems.c, src/usermod.c,
src/groupmod.c, src/passwd.c: Use a break even after usage().
2009-09-05 22:31:29 +00:00
|
|
|
FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
|
2009-09-05 20:25:40 +00:00
|
|
|
(void) fprintf (usageout,
|
|
|
|
_("Usage: %s [option] GROUP\n"
|
|
|
|
"\n"
|
|
|
|
"Options:\n"),
|
|
|
|
Prog);
|
|
|
|
(void) fputs (_(" -a, --add USER add USER to GROUP\n"), usageout);
|
|
|
|
(void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout);
|
|
|
|
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
2011-11-06 18:38:39 +00:00
|
|
|
(void) fputs (_(" -Q, --root CHROOT_DIR directory to chroot into\n"), usageout);
|
2009-09-05 20:25:40 +00:00
|
|
|
(void) fputs (_(" -r, --remove-password remove the GROUP's password\n"), usageout);
|
|
|
|
(void) fputs (_(" -R, --restrict restrict access to GROUP to its members\n"), usageout);
|
|
|
|
(void) fputs (_(" -M, --members USER,... set the list of members of GROUP\n"), usageout);
|
2008-09-06 22:20:19 +00:00
|
|
|
#ifdef SHADOWGRP
|
2009-09-05 20:25:40 +00:00
|
|
|
(void) fputs (_(" -A, --administrators ADMIN,...\n"
|
|
|
|
" set the list of administrators for GROUP\n"), usageout);
|
|
|
|
(void) fputs (_("Except for the -A and -M options, the options cannot be combined.\n"), usageout);
|
2007-10-07 11:44:02 +00:00
|
|
|
#else
|
2009-09-05 20:25:40 +00:00
|
|
|
(void) fputs (_("The options cannot be combined.\n"), usageout);
|
2007-10-07 11:44:02 +00:00
|
|
|
#endif
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-04 23:02:33 +00:00
|
|
|
exit (status);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 11:47:22 +00:00
|
|
|
* catch_signals - set or reset termio modes.
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
2007-10-07 11:47:22 +00:00
|
|
|
* catch_signals() is called before processing begins. signal() is then
|
|
|
|
* called with catch_signals() as the signal handler. If signal later
|
|
|
|
* calls catch_signals() with a signal number, the terminal modes are
|
|
|
|
* then reset.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
2007-10-07 11:47:22 +00:00
|
|
|
static RETSIGTYPE catch_signals (int killed)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
|
|
|
static TERMIO sgtty;
|
|
|
|
|
2008-06-09 19:26:19 +00:00
|
|
|
if (0 != killed) {
|
2007-10-07 11:44:59 +00:00
|
|
|
STTY (0, &sgtty);
|
2007-12-27 21:28:50 +00:00
|
|
|
} else {
|
2007-10-07 11:44:59 +00:00
|
|
|
GTTY (0, &sgtty);
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2008-06-09 19:26:19 +00:00
|
|
|
if (0 != killed) {
|
2016-07-02 18:11:09 +02:00
|
|
|
(void) write (STDOUT_FILENO, "\n", 1);
|
|
|
|
_exit (killed);
|
2008-03-08 20:54:54 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/*
|
2008-06-09 19:26:19 +00:00
|
|
|
* is_valid_user_list - check a comma-separated list of user names for validity
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
2008-06-09 19:26:19 +00:00
|
|
|
* is_valid_user_list scans a comma-separated list of user names and
|
|
|
|
* checks that each listed name exists is the user database.
|
2007-12-27 21:30:12 +00:00
|
|
|
*
|
2008-06-09 19:26:19 +00:00
|
|
|
* It returns true if the list of users is valid.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
2008-06-09 19:26:19 +00:00
|
|
|
static bool is_valid_user_list (const char *users)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2011-11-19 21:51:52 +00:00
|
|
|
const char *username;
|
|
|
|
char *end;
|
2008-08-31 17:28:59 +00:00
|
|
|
bool is_valid = true;
|
2011-11-19 21:51:52 +00:00
|
|
|
/*@owned@*/char *tmpusers = xstrdup (users);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2008-12-22 22:13:23 +00:00
|
|
|
for (username = tmpusers;
|
2008-12-15 21:54:53 +00:00
|
|
|
(NULL != username) && ('\0' != *username);
|
|
|
|
username = end) {
|
|
|
|
end = strchr (username, ',');
|
2007-12-27 21:43:29 +00:00
|
|
|
if (NULL != end) {
|
2008-12-22 22:13:23 +00:00
|
|
|
*end = '\0';
|
2007-10-07 11:44:02 +00:00
|
|
|
end++;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This user must exist.
|
|
|
|
*/
|
|
|
|
|
2007-12-27 21:56:45 +00:00
|
|
|
/* local, no need for xgetpwnam */
|
|
|
|
if (getpwnam (username) == NULL) {
|
2008-08-06 15:52:21 +00:00
|
|
|
fprintf (stderr, _("%s: user '%s' does not exist\n"),
|
2007-12-27 21:28:50 +00:00
|
|
|
Prog, username);
|
2008-08-31 17:28:59 +00:00
|
|
|
is_valid = false;
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
2008-12-22 22:13:23 +00:00
|
|
|
|
|
|
|
free (tmpusers);
|
|
|
|
|
2008-08-31 17:28:59 +00:00
|
|
|
return is_valid;
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
|
2007-10-07 11:44:59 +00:00
|
|
|
static void failure (void)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2007-10-07 11:46:25 +00:00
|
|
|
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
|
2009-01-26 22:03:37 +00:00
|
|
|
log_gpasswd_failure (": Permission denied");
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2007-10-07 11:47:01 +00:00
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/*
|
2007-12-27 18:27:57 +00:00
|
|
|
* process_flags - process the command line options and arguments
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
2007-12-27 18:27:57 +00:00
|
|
|
static void process_flags (int argc, char **argv)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2011-11-06 18:38:39 +00:00
|
|
|
int c;
|
2008-08-22 02:28:15 +00:00
|
|
|
static struct option long_options[] = {
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/faillog.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmems.c, src/groupmod.c, src/grpconv.c, src/grpunconv.c,
src/lastlog.c, src/newusers.c, src/passwd.c, src/pwconv.c,
src/pwunconv.c, src/su.c, src/useradd.c, src/userdel.c,
src/usermod.c, src/vipw.c: Align and sort options.
2011-11-06 18:39:59 +00:00
|
|
|
{"add", required_argument, NULL, 'a'},
|
|
|
|
{"administrators", required_argument, NULL, 'A'},
|
|
|
|
{"delete", required_argument, NULL, 'd'},
|
|
|
|
{"help", no_argument, NULL, 'h'},
|
|
|
|
{"members", required_argument, NULL, 'M'},
|
|
|
|
{"root", required_argument, NULL, 'Q'},
|
|
|
|
{"remove-password", no_argument, NULL, 'r'},
|
|
|
|
{"restrict", no_argument, NULL, 'R'},
|
2008-08-22 02:28:15 +00:00
|
|
|
{NULL, 0, NULL, '\0'}
|
|
|
|
};
|
|
|
|
|
2011-11-06 18:38:39 +00:00
|
|
|
while ((c = getopt_long (argc, argv, "a:A:d:ghM:Q:rR",
|
|
|
|
long_options, NULL)) != -1) {
|
|
|
|
switch (c) {
|
2007-10-07 11:44:02 +00:00
|
|
|
case 'a': /* add a user */
|
2009-01-26 22:03:37 +00:00
|
|
|
aflg = true;
|
2007-10-07 11:44:02 +00:00
|
|
|
user = optarg;
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
/* local, no need for xgetpwnam */
|
2007-12-27 21:56:45 +00:00
|
|
|
if (getpwnam (user) == NULL) {
|
2007-10-07 11:44:59 +00:00
|
|
|
fprintf (stderr,
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
_("%s: user '%s' does not exist\n"),
|
|
|
|
Prog, user);
|
|
|
|
exit (E_BAD_ARG);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
#ifdef SHADOWGRP
|
2009-01-26 22:03:37 +00:00
|
|
|
case 'A': /* set the list of administrators */
|
2007-10-07 11:44:02 +00:00
|
|
|
if (!is_shadowgrp) {
|
2007-10-07 11:44:59 +00:00
|
|
|
fprintf (stderr,
|
2009-01-26 22:03:37 +00:00
|
|
|
_("%s: shadow group passwords required for -A\n"),
|
|
|
|
Prog);
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_GSHADOW_NOTFOUND);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
admins = optarg;
|
2008-06-09 19:26:19 +00:00
|
|
|
if (!is_valid_user_list (admins)) {
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_BAD_ARG);
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2008-06-09 19:26:19 +00:00
|
|
|
Aflg = true;
|
2007-10-07 11:44:02 +00:00
|
|
|
break;
|
2009-01-26 22:03:37 +00:00
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 11:44:02 +00:00
|
|
|
case 'd': /* delete a user */
|
2008-06-09 19:26:19 +00:00
|
|
|
dflg = true;
|
2007-10-07 11:44:02 +00:00
|
|
|
user = optarg;
|
|
|
|
break;
|
|
|
|
case 'g': /* no-op from normal password */
|
|
|
|
break;
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-04 23:02:33 +00:00
|
|
|
case 'h':
|
|
|
|
usage (E_SUCCESS);
|
* src/userdel.c, src/lastlog.c, src/gpasswd.c, src/newusers.c,
src/chpasswd.c, src/groupmems.c, src/usermod.c, src/chgpasswd.c,
src/vipw.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c,
src/groupadd.c, src/chage.c, src/faillog.c, src/chsh.c: Use
booleans for tests.
* src/userdel.c, src/gpasswd.c, src/groupmems.c, src/usermod.c,
src/groupmod.c, src/passwd.c: Use a break even after usage().
2009-09-05 22:31:29 +00:00
|
|
|
break;
|
2009-01-26 22:03:37 +00:00
|
|
|
case 'M': /* set the list of members */
|
2007-10-07 11:44:02 +00:00
|
|
|
members = optarg;
|
2008-06-09 19:26:19 +00:00
|
|
|
if (!is_valid_user_list (members)) {
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_BAD_ARG);
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2008-06-09 19:26:19 +00:00
|
|
|
Mflg = true;
|
2007-10-07 11:44:02 +00:00
|
|
|
break;
|
2011-11-06 18:38:39 +00:00
|
|
|
case 'Q': /* no-op, handled in process_root_flag () */
|
|
|
|
break;
|
2007-10-07 11:44:02 +00:00
|
|
|
case 'r': /* remove group password */
|
2008-06-09 19:26:19 +00:00
|
|
|
rflg = true;
|
2007-10-07 11:44:02 +00:00
|
|
|
break;
|
|
|
|
case 'R': /* restrict group password */
|
2008-06-09 19:26:19 +00:00
|
|
|
Rflg = true;
|
2007-10-07 11:44:02 +00:00
|
|
|
break;
|
|
|
|
default:
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-04 23:02:33 +00:00
|
|
|
usage (E_USAGE);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
2007-12-27 21:19:57 +00:00
|
|
|
|
|
|
|
/* Get the name of the group that is being affected. */
|
|
|
|
group = argv[optind];
|
|
|
|
|
|
|
|
check_flags (argc, optind);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* check_flags - check the validity of options
|
|
|
|
*/
|
|
|
|
static void check_flags (int argc, int opt_index)
|
|
|
|
{
|
2008-06-09 19:26:19 +00:00
|
|
|
int exclusive = 0;
|
2007-12-27 21:19:57 +00:00
|
|
|
/*
|
|
|
|
* Make sure exclusive flags are exclusive
|
|
|
|
*/
|
2008-06-09 19:26:19 +00:00
|
|
|
if (aflg) {
|
|
|
|
exclusive++;
|
|
|
|
}
|
|
|
|
if (dflg) {
|
|
|
|
exclusive++;
|
|
|
|
}
|
|
|
|
if (rflg) {
|
|
|
|
exclusive++;
|
|
|
|
}
|
|
|
|
if (Rflg) {
|
|
|
|
exclusive++;
|
|
|
|
}
|
|
|
|
if (Aflg || Mflg) {
|
|
|
|
exclusive++;
|
|
|
|
}
|
|
|
|
if (exclusive > 1) {
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-04 23:02:33 +00:00
|
|
|
usage (E_USAGE);
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2007-12-27 21:19:57 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Make sure one (and only one) group was provided
|
|
|
|
*/
|
|
|
|
if ((argc != (opt_index+1)) || (NULL == group)) {
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-04 23:02:33 +00:00
|
|
|
usage (E_USAGE);
|
2007-12-27 21:19:57 +00:00
|
|
|
}
|
2007-12-27 18:27:57 +00:00
|
|
|
}
|
|
|
|
|
2007-12-27 18:52:40 +00:00
|
|
|
/*
|
|
|
|
* open_files - lock and open the group databases
|
|
|
|
*
|
|
|
|
* It will call exit in case of error.
|
|
|
|
*/
|
|
|
|
static void open_files (void)
|
|
|
|
{
|
|
|
|
if (gr_lock () == 0) {
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
2008-08-22 02:20:53 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
Prog, gr_dbname ());
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
add_cleanup (cleanup_unlock_group, NULL);
|
|
|
|
|
2007-12-27 21:43:29 +00:00
|
|
|
#ifdef SHADOWGRP
|
2008-03-08 20:54:54 +00:00
|
|
|
if (is_shadowgrp) {
|
|
|
|
if (sgr_lock () == 0) {
|
|
|
|
fprintf (stderr,
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
2008-08-22 02:20:53 +00:00
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
Prog, sgr_dbname ());
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2008-03-08 20:54:54 +00:00
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
add_cleanup (cleanup_unlock_gshadow, NULL);
|
2007-12-27 18:52:40 +00:00
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
|
|
|
|
add_cleanup (log_gpasswd_failure_system, NULL);
|
|
|
|
|
2015-02-27 13:17:25 +00:00
|
|
|
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
2009-01-26 22:03:37 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: cannot open %s\n"),
|
|
|
|
Prog, gr_dbname ());
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 15:57:31 +00:00
|
|
|
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2009-01-26 22:03:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
if (is_shadowgrp) {
|
2015-02-27 13:17:25 +00:00
|
|
|
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
2009-01-26 22:03:37 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: cannot open %s\n"),
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2009-01-26 22:03:37 +00:00
|
|
|
}
|
|
|
|
add_cleanup (log_gpasswd_failure_gshadow, NULL);
|
|
|
|
}
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
|
|
|
|
add_cleanup (log_gpasswd_failure_group, NULL);
|
|
|
|
del_cleanup (log_gpasswd_failure_system);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void log_gpasswd_failure (const char *suffix)
|
|
|
|
{
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
char buf[1024];
|
|
|
|
#endif
|
|
|
|
if (aflg) {
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"%s failed to add user %s to group %s%s",
|
|
|
|
myname, user, group, suffix));
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef WITH_AUDIT
|
2009-01-26 22:03:37 +00:00
|
|
|
snprintf (buf, 1023,
|
|
|
|
"%s failed to add user %s to group %s%s",
|
|
|
|
myname, user, group, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
#endif
|
|
|
|
} else if (dflg) {
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"%s failed to remove user %s from group %s%s",
|
|
|
|
myname, user, group, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"%s failed to remove user %s from group %s%s",
|
|
|
|
myname, user, group, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
#endif
|
|
|
|
} else if (rflg) {
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"%s failed to remove password of group %s%s",
|
|
|
|
myname, group, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"%s failed to remove password of group %s%s",
|
|
|
|
myname, group, suffix);
|
|
|
|
buf[1023] = '\0';
|
2007-12-27 18:52:40 +00:00
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2009-01-26 22:03:37 +00:00
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2007-12-27 18:52:40 +00:00
|
|
|
#endif
|
2009-01-26 22:03:37 +00:00
|
|
|
} else if (Rflg) {
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"%s failed to restrict access to group %s%s",
|
|
|
|
myname, group, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"%s failed to restrict access to group %s%s",
|
|
|
|
myname, group, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
#endif
|
|
|
|
} else if (Aflg || Mflg) {
|
2007-12-27 21:43:29 +00:00
|
|
|
#ifdef SHADOWGRP
|
2009-01-26 22:03:37 +00:00
|
|
|
if (Aflg) {
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"%s failed to set the administrators of group %s to %s%s",
|
|
|
|
myname, group, admins, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"%s failed to set the administrators of group %s to %s%s",
|
|
|
|
myname, group, admins, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
if (Mflg) {
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"%s failed to set the members of group %s to %s%s",
|
|
|
|
myname, group, members, suffix));
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef WITH_AUDIT
|
2009-01-26 22:03:37 +00:00
|
|
|
snprintf (buf, 1023,
|
|
|
|
"%s failed to set the members of group %s to %s%s",
|
|
|
|
myname, group, members, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"%s failed to change password of group %s%s",
|
|
|
|
myname, group, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"%s failed to change password of group %s%s",
|
|
|
|
myname, group, suffix);
|
|
|
|
buf[1023] = '\0';
|
2007-12-27 18:52:40 +00:00
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2009-01-26 22:03:37 +00:00
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2007-12-27 18:52:40 +00:00
|
|
|
#endif
|
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
}
|
|
|
|
|
2009-04-11 18:37:59 +00:00
|
|
|
static void log_gpasswd_failure_system (unused void *arg)
|
2009-01-26 22:03:37 +00:00
|
|
|
{
|
|
|
|
log_gpasswd_failure ("");
|
|
|
|
}
|
|
|
|
|
2009-04-11 18:37:59 +00:00
|
|
|
static void log_gpasswd_failure_group (unused void *arg)
|
2009-01-26 22:03:37 +00:00
|
|
|
{
|
|
|
|
char buf[1024];
|
|
|
|
snprintf (buf, 1023, " in %s", gr_dbname ());
|
|
|
|
buf[1023] = '\0';
|
|
|
|
log_gpasswd_failure (buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef SHADOWGRP
|
2009-04-11 18:37:59 +00:00
|
|
|
static void log_gpasswd_failure_gshadow (unused void *arg)
|
2009-01-26 22:03:37 +00:00
|
|
|
{
|
|
|
|
char buf[1024];
|
|
|
|
snprintf (buf, 1023, " in %s", sgr_dbname ());
|
|
|
|
buf[1023] = '\0';
|
|
|
|
log_gpasswd_failure (buf);
|
|
|
|
}
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
|
|
|
|
static void log_gpasswd_success (const char *suffix)
|
|
|
|
{
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
char buf[1024];
|
|
|
|
#endif
|
|
|
|
if (aflg) {
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"user %s added by %s to group %s%s",
|
|
|
|
user, myname, group, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"user %s added by %s to group %s%s",
|
|
|
|
user, myname, group, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
#endif
|
|
|
|
} else if (dflg) {
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"user %s removed by %s from group %s%s",
|
|
|
|
user, myname, group, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"user %s removed by %s from group %s%s",
|
|
|
|
user, myname, group, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
#endif
|
|
|
|
} else if (rflg) {
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"password of group %s removed by %s%s",
|
|
|
|
group, myname, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"password of group %s removed by %s%s",
|
|
|
|
group, myname, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
#endif
|
|
|
|
} else if (Rflg) {
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"access to group %s restricted by %s%s",
|
|
|
|
group, myname, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"access to group %s restricted by %s%s",
|
|
|
|
group, myname, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
#endif
|
|
|
|
} else if (Aflg || Mflg) {
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
if (Aflg) {
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"administrators of group %s set by %s to %s%s",
|
|
|
|
group, myname, admins, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"administrators of group %s set by %s to %s%s",
|
|
|
|
group, myname, admins, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
if (Mflg) {
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"members of group %s set by %s to %s%s",
|
|
|
|
group, myname, members, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"members of group %s set by %s to %s%s",
|
|
|
|
group, myname, members, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_ACCT, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2007-12-27 18:52:40 +00:00
|
|
|
#endif
|
2009-01-26 22:03:37 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"password of group %s changed by %s%s",
|
|
|
|
group, myname, suffix));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
snprintf (buf, 1023,
|
|
|
|
"password of group %s changed by %s%s",
|
|
|
|
group, myname, suffix);
|
|
|
|
buf[1023] = '\0';
|
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
buf,
|
|
|
|
group, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-04-11 18:37:59 +00:00
|
|
|
static void log_gpasswd_success_system (unused void *arg)
|
2009-01-26 22:03:37 +00:00
|
|
|
{
|
|
|
|
log_gpasswd_success ("");
|
2007-12-27 18:52:40 +00:00
|
|
|
}
|
|
|
|
|
2009-04-11 18:37:59 +00:00
|
|
|
static void log_gpasswd_success_group (unused void *arg)
|
2009-01-26 22:03:37 +00:00
|
|
|
{
|
|
|
|
char buf[1024];
|
|
|
|
snprintf (buf, 1023, " in %s", gr_dbname ());
|
|
|
|
buf[1023] = '\0';
|
|
|
|
log_gpasswd_success (buf);
|
|
|
|
}
|
|
|
|
|
2007-12-27 18:52:40 +00:00
|
|
|
/*
|
|
|
|
* close_files - close and unlock the group databases
|
|
|
|
*
|
|
|
|
* This cause any changes in the databases to be committed.
|
|
|
|
*
|
|
|
|
* It will call exit in case of error.
|
|
|
|
*/
|
|
|
|
static void close_files (void)
|
|
|
|
{
|
|
|
|
if (gr_close () == 0) {
|
2009-01-26 22:03:37 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: failure while writing changes to %s\n"),
|
|
|
|
Prog, gr_dbname ());
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2007-12-27 18:52:40 +00:00
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
add_cleanup (log_gpasswd_success_group, NULL);
|
|
|
|
del_cleanup (log_gpasswd_failure_group);
|
|
|
|
|
|
|
|
cleanup_unlock_group (NULL);
|
|
|
|
del_cleanup (cleanup_unlock_group);
|
|
|
|
|
2007-12-27 21:43:29 +00:00
|
|
|
#ifdef SHADOWGRP
|
2008-08-06 15:55:57 +00:00
|
|
|
if (is_shadowgrp) {
|
|
|
|
if (sgr_close () == 0) {
|
2009-01-26 22:03:37 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: failure while writing changes to %s\n"),
|
|
|
|
Prog, sgr_dbname ());
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2008-08-06 15:52:42 +00:00
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
del_cleanup (log_gpasswd_failure_gshadow);
|
|
|
|
|
|
|
|
cleanup_unlock_gshadow (NULL);
|
|
|
|
del_cleanup (cleanup_unlock_gshadow);
|
2007-12-27 18:52:40 +00:00
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
|
|
|
|
log_gpasswd_success_system (NULL);
|
|
|
|
del_cleanup (log_gpasswd_success_group);
|
2007-12-27 18:52:40 +00:00
|
|
|
}
|
|
|
|
|
2007-12-27 19:08:31 +00:00
|
|
|
/*
|
|
|
|
* check_perms - check if the user is allowed to change the password of
|
|
|
|
* the specified group.
|
|
|
|
*
|
|
|
|
* It only returns if the user is allowed.
|
|
|
|
*/
|
|
|
|
#ifdef SHADOWGRP
|
2008-02-26 19:09:10 +00:00
|
|
|
static void check_perms (const struct group *gr, const struct sgrp *sg)
|
2007-12-27 19:08:31 +00:00
|
|
|
#else
|
|
|
|
static void check_perms (const struct group *gr)
|
|
|
|
#endif
|
|
|
|
{
|
2009-01-26 22:03:37 +00:00
|
|
|
/*
|
|
|
|
* Only root can use the -M and -A options.
|
|
|
|
*/
|
|
|
|
if (!amroot && (Aflg || Mflg)) {
|
|
|
|
failure ();
|
|
|
|
}
|
|
|
|
|
2007-12-27 19:08:31 +00:00
|
|
|
#ifdef SHADOWGRP
|
2008-02-26 19:09:10 +00:00
|
|
|
if (is_shadowgrp) {
|
2008-02-26 19:17:20 +00:00
|
|
|
/*
|
|
|
|
* The policy here for changing a group is that
|
|
|
|
* 1) you must be root or
|
|
|
|
* 2) you must be listed as an administrative member.
|
|
|
|
* Administrative members can do anything to a group that
|
|
|
|
* the root user can.
|
|
|
|
*/
|
|
|
|
if (!amroot && !is_on_list (sg->sg_adm, myname)) {
|
|
|
|
failure ();
|
|
|
|
}
|
2008-02-26 19:09:10 +00:00
|
|
|
} else
|
2009-01-26 22:03:37 +00:00
|
|
|
#endif /* SHADOWGRP */
|
2008-02-26 19:09:10 +00:00
|
|
|
{
|
2007-12-27 19:08:31 +00:00
|
|
|
#ifdef FIRST_MEMBER_IS_ADMIN
|
2008-02-26 19:17:20 +00:00
|
|
|
/*
|
|
|
|
* The policy here for changing a group is that
|
|
|
|
* 1) you must be root or
|
|
|
|
* 2) you must be the first listed member of the group.
|
|
|
|
* The first listed member of a group can do anything to
|
|
|
|
* that group that the root user can. The rationale for
|
|
|
|
* this hack is that the FIRST user is probably the most
|
|
|
|
* important user in this entire group.
|
|
|
|
*
|
|
|
|
* This feature enabled by default could be a security
|
|
|
|
* problem when installed on existing systems where the
|
|
|
|
* first group member might be just a normal user.
|
|
|
|
* --marekm
|
|
|
|
*/
|
|
|
|
if (!amroot) {
|
|
|
|
if (gr->gr_mem[0] == (char *) 0) {
|
|
|
|
failure ();
|
|
|
|
}
|
2007-12-27 19:08:31 +00:00
|
|
|
|
2008-02-26 19:17:20 +00:00
|
|
|
if (strcmp (gr->gr_mem[0], myname) != 0) {
|
|
|
|
failure ();
|
|
|
|
}
|
2007-12-27 19:08:31 +00:00
|
|
|
}
|
2008-02-26 18:59:28 +00:00
|
|
|
#else /* ! FIRST_MEMBER_IS_ADMIN */
|
2008-02-26 19:17:20 +00:00
|
|
|
if (!amroot) {
|
|
|
|
failure ();
|
|
|
|
}
|
2007-12-27 19:08:31 +00:00
|
|
|
#endif
|
2008-02-26 19:09:10 +00:00
|
|
|
}
|
2007-12-27 19:08:31 +00:00
|
|
|
}
|
|
|
|
|
2007-12-27 21:04:22 +00:00
|
|
|
/*
|
|
|
|
* update_group - Update the group information in the databases
|
|
|
|
*/
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
|
|
|
static void update_group (struct group *gr, struct sgrp *sg)
|
|
|
|
#else
|
|
|
|
static void update_group (struct group *gr)
|
|
|
|
#endif
|
|
|
|
{
|
2007-12-27 21:56:45 +00:00
|
|
|
if (gr_update (gr) == 0) {
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 15:57:31 +00:00
|
|
|
fprintf (stderr,
|
2008-08-30 18:28:24 +00:00
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
Prog, gr_dbname (), gr->gr_name);
|
2009-01-26 22:03:37 +00:00
|
|
|
exit (1);
|
2007-12-27 18:52:40 +00:00
|
|
|
}
|
|
|
|
#ifdef SHADOWGRP
|
2007-12-27 21:56:45 +00:00
|
|
|
if (is_shadowgrp && (sgr_update (sg) == 0)) {
|
* src/groupmems.c: Check the return value of gr_update().
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c,
src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the error
message sent to stderr in case of *_update () failure.
* src/chage.c, src/chsh.c, src/groupadd.c, src/passwd.c: Do not
log to syslog when pw_update() or spw_update() fail.
* src/newusers.c: Do not log specific error message to stderr when
sgr_update() fails.
* src/pwconv.c: Remove duplicated definition of Prog.
2008-08-30 18:27:34 +00:00
|
|
|
fprintf (stderr,
|
2008-08-30 18:28:24 +00:00
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
Prog, sgr_dbname (), sg->sg_name);
|
2009-01-26 22:03:37 +00:00
|
|
|
exit (1);
|
2007-12-27 18:52:40 +00:00
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
#endif /* SHADOWGRP */
|
2007-12-27 18:52:40 +00:00
|
|
|
}
|
|
|
|
|
2007-12-27 21:04:22 +00:00
|
|
|
/*
|
|
|
|
* get_group - get the current information for the group
|
|
|
|
*
|
|
|
|
* The information are copied in group structure(s) so that they can be
|
|
|
|
* modified later.
|
2008-02-26 19:09:10 +00:00
|
|
|
*
|
|
|
|
* Note: If !is_shadowgrp, *sg will not be initialized.
|
2007-12-27 21:04:22 +00:00
|
|
|
*/
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
static void get_group (struct group *gr, struct sgrp *sg)
|
|
|
|
#else
|
|
|
|
static void get_group (struct group *gr)
|
|
|
|
#endif
|
|
|
|
{
|
|
|
|
struct group const*tmpgr = NULL;
|
2008-08-22 02:28:15 +00:00
|
|
|
#ifdef SHADOWGRP
|
2007-12-27 21:04:22 +00:00
|
|
|
struct sgrp const*tmpsg = NULL;
|
2008-08-22 02:28:15 +00:00
|
|
|
#endif
|
2007-12-27 21:04:22 +00:00
|
|
|
|
2007-12-27 21:56:45 +00:00
|
|
|
if (gr_open (O_RDONLY) == 0) {
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 15:57:31 +00:00
|
|
|
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
|
|
|
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2007-12-27 21:04:22 +00:00
|
|
|
}
|
|
|
|
|
2007-12-27 21:43:29 +00:00
|
|
|
tmpgr = gr_locate (group);
|
|
|
|
if (NULL == tmpgr) {
|
2009-01-26 22:03:37 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: group '%s' does not exist in %s\n"),
|
|
|
|
Prog, group, gr_dbname ());
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_BAD_ARG);
|
2007-12-27 21:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
*gr = *tmpgr;
|
|
|
|
gr->gr_name = xstrdup (tmpgr->gr_name);
|
|
|
|
gr->gr_passwd = xstrdup (tmpgr->gr_passwd);
|
|
|
|
gr->gr_mem = dup_list (tmpgr->gr_mem);
|
|
|
|
|
2007-12-27 21:56:45 +00:00
|
|
|
if (gr_close () == 0) {
|
2009-01-26 22:03:37 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: failure while closing read-only %s\n"),
|
|
|
|
Prog, gr_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"failure while closing read-only %s",
|
|
|
|
gr_dbname ()));
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2007-12-27 21:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef SHADOWGRP
|
2008-02-26 19:09:10 +00:00
|
|
|
if (is_shadowgrp) {
|
2008-02-26 19:17:20 +00:00
|
|
|
if (sgr_open (O_RDONLY) == 0) {
|
|
|
|
fprintf (stderr,
|
2009-01-26 22:03:37 +00:00
|
|
|
_("%s: cannot open %s\n"),
|
|
|
|
Prog, sgr_dbname ());
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 15:57:31 +00:00
|
|
|
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2008-02-26 19:17:20 +00:00
|
|
|
}
|
|
|
|
tmpsg = sgr_locate (group);
|
|
|
|
if (NULL != tmpsg) {
|
|
|
|
*sg = *tmpsg;
|
|
|
|
sg->sg_name = xstrdup (tmpsg->sg_name);
|
|
|
|
sg->sg_passwd = xstrdup (tmpsg->sg_passwd);
|
|
|
|
|
|
|
|
sg->sg_mem = dup_list (tmpsg->sg_mem);
|
|
|
|
sg->sg_adm = dup_list (tmpsg->sg_adm);
|
|
|
|
} else {
|
|
|
|
sg->sg_name = xstrdup (group);
|
|
|
|
sg->sg_passwd = gr->gr_passwd;
|
2008-02-26 20:09:56 +00:00
|
|
|
gr->gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
|
2007-12-27 21:04:22 +00:00
|
|
|
|
2008-02-26 19:17:20 +00:00
|
|
|
sg->sg_mem = dup_list (gr->gr_mem);
|
2007-12-27 21:04:22 +00:00
|
|
|
|
2008-02-26 19:17:20 +00:00
|
|
|
sg->sg_adm = (char **) xmalloc (sizeof (char *) * 2);
|
2007-12-27 21:04:22 +00:00
|
|
|
#ifdef FIRST_MEMBER_IS_ADMIN
|
2008-02-26 19:17:20 +00:00
|
|
|
if (sg->sg_mem[0]) {
|
|
|
|
sg->sg_adm[0] = xstrdup (sg->sg_mem[0]);
|
|
|
|
sg->sg_adm[1] = NULL;
|
|
|
|
} else
|
2007-12-27 21:04:22 +00:00
|
|
|
#endif
|
2008-02-26 19:17:20 +00:00
|
|
|
{
|
|
|
|
sg->sg_adm[0] = NULL;
|
|
|
|
}
|
2007-12-27 21:04:22 +00:00
|
|
|
|
2008-02-26 19:17:20 +00:00
|
|
|
}
|
|
|
|
if (sgr_close () == 0) {
|
|
|
|
fprintf (stderr,
|
2009-01-26 22:03:37 +00:00
|
|
|
_("%s: failure while closing read-only %s\n"),
|
|
|
|
Prog, sgr_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"failure while closing read-only %s",
|
|
|
|
sgr_dbname ()));
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2008-02-26 19:17:20 +00:00
|
|
|
}
|
2008-02-26 19:09:10 +00:00
|
|
|
}
|
2007-12-27 21:04:22 +00:00
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* change_passwd - change the group's password
|
|
|
|
*
|
|
|
|
* Get the new password from the user and update the password in the
|
|
|
|
* group's structure.
|
|
|
|
*
|
|
|
|
* It will call exit in case of error.
|
|
|
|
*/
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
static void change_passwd (struct group *gr, struct sgrp *sg)
|
|
|
|
#else
|
|
|
|
static void change_passwd (struct group *gr)
|
|
|
|
#endif
|
|
|
|
{
|
|
|
|
char *cp;
|
|
|
|
static char pass[BUFSIZ];
|
|
|
|
int retries;
|
2013-08-03 23:07:06 +02:00
|
|
|
const char *salt;
|
2007-12-27 21:04:22 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* A new password is to be entered and it must be encrypted, etc.
|
|
|
|
* The password will be prompted for twice, and both entries must be
|
|
|
|
* identical. There is no need to validate the old password since
|
|
|
|
* the invoker is either the group owner, or root.
|
|
|
|
*/
|
|
|
|
printf (_("Changing the password for group %s\n"), group);
|
|
|
|
|
|
|
|
for (retries = 0; retries < RETRIES; retries++) {
|
2007-12-27 21:43:29 +00:00
|
|
|
cp = getpass (_("New Password: "));
|
|
|
|
if (NULL == cp) {
|
2009-01-26 22:03:37 +00:00
|
|
|
exit (1);
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2007-12-27 21:04:22 +00:00
|
|
|
|
|
|
|
STRFCPY (pass, cp);
|
|
|
|
strzero (cp);
|
2007-12-27 21:43:29 +00:00
|
|
|
cp = getpass (_("Re-enter new password: "));
|
|
|
|
if (NULL == cp) {
|
2009-01-26 22:03:37 +00:00
|
|
|
exit (1);
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2007-12-27 21:04:22 +00:00
|
|
|
|
|
|
|
if (strcmp (pass, cp) == 0) {
|
|
|
|
strzero (cp);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
strzero (cp);
|
|
|
|
memzero (pass, sizeof pass);
|
|
|
|
|
|
|
|
if (retries + 1 < RETRIES) {
|
|
|
|
puts (_("They don't match; try again"));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (retries == RETRIES) {
|
|
|
|
fprintf (stderr, _("%s: Try again later\n"), Prog);
|
2009-01-26 22:03:37 +00:00
|
|
|
exit (1);
|
2007-12-27 21:04:22 +00:00
|
|
|
}
|
|
|
|
|
2013-08-03 23:07:06 +02:00
|
|
|
salt = crypt_make_salt (NULL, NULL);
|
|
|
|
cp = pw_encrypt (pass, salt);
|
|
|
|
if (NULL == cp) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: failed to crypt password with salt '%s': %s\n"),
|
|
|
|
Prog, salt, strerror (errno));
|
|
|
|
exit (1);
|
2013-07-28 18:41:11 +02:00
|
|
|
}
|
2007-12-27 21:04:22 +00:00
|
|
|
memzero (pass, sizeof pass);
|
|
|
|
#ifdef SHADOWGRP
|
2007-12-27 21:28:50 +00:00
|
|
|
if (is_shadowgrp) {
|
2011-11-19 14:27:48 +00:00
|
|
|
gr->gr_passwd = SHADOW_PASSWD_STRING;
|
2007-12-27 21:04:22 +00:00
|
|
|
sg->sg_passwd = cp;
|
2007-12-27 21:28:50 +00:00
|
|
|
} else
|
2007-12-27 21:04:22 +00:00
|
|
|
#endif
|
2007-12-27 21:28:50 +00:00
|
|
|
{
|
2007-12-27 21:04:22 +00:00
|
|
|
gr->gr_passwd = cp;
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2007-12-27 21:04:22 +00:00
|
|
|
}
|
|
|
|
|
2007-12-27 18:27:57 +00:00
|
|
|
/*
|
|
|
|
* gpasswd - administer the /etc/group file
|
|
|
|
*/
|
|
|
|
int main (int argc, char **argv)
|
|
|
|
{
|
|
|
|
struct group grent;
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
2007-12-27 18:27:57 +00:00
|
|
|
struct sgrp sgent;
|
|
|
|
#endif
|
|
|
|
struct passwd *pw = NULL;
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
audit_help_open ();
|
|
|
|
#endif
|
|
|
|
|
|
|
|
sanitize_env ();
|
2008-06-09 19:26:19 +00:00
|
|
|
(void) setlocale (LC_ALL, "");
|
|
|
|
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
|
(void) textdomain (PACKAGE);
|
2007-12-27 18:27:57 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Make a note of whether or not this command was invoked by root.
|
|
|
|
* This will be used to bypass certain checks later on. Also, set
|
|
|
|
* the real user ID to match the effective user ID. This will
|
2009-01-26 22:03:37 +00:00
|
|
|
* prevent the invoker from issuing signals which would interfere
|
2007-12-27 18:27:57 +00:00
|
|
|
* with this command.
|
|
|
|
*/
|
|
|
|
bywho = getuid ();
|
|
|
|
Prog = Basename (argv[0]);
|
|
|
|
|
|
|
|
OPENLOG ("gpasswd");
|
|
|
|
setbuf (stdout, NULL);
|
|
|
|
setbuf (stderr, NULL);
|
|
|
|
|
2011-11-06 18:38:39 +00:00
|
|
|
process_root_flag ("-Q", argc, argv);
|
|
|
|
|
2007-12-27 18:27:57 +00:00
|
|
|
#ifdef SHADOWGRP
|
|
|
|
is_shadowgrp = sgr_file_present ();
|
|
|
|
#endif
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/*
|
2007-10-07 11:44:59 +00:00
|
|
|
* Determine the name of the user that invoked this command. This
|
|
|
|
* is really hit or miss because there are so many ways that command
|
|
|
|
* can be executed and so many ways to trip up the routines that
|
|
|
|
* report the user name.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
2007-10-07 11:44:59 +00:00
|
|
|
pw = get_my_pwent ();
|
2007-12-27 21:56:45 +00:00
|
|
|
if (NULL == pw) {
|
2008-08-30 18:27:07 +00:00
|
|
|
fprintf (stderr, _("%s: Cannot determine your user name.\n"),
|
|
|
|
Prog);
|
2009-01-26 22:03:37 +00:00
|
|
|
SYSLOG ((LOG_WARN,
|
|
|
|
"Cannot determine the user name of the caller (UID %lu)",
|
2008-08-30 18:27:07 +00:00
|
|
|
(unsigned long) getuid ()));
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2007-10-07 11:44:59 +00:00
|
|
|
myname = xstrdup (pw->pw_name);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2009-01-26 22:03:37 +00:00
|
|
|
/*
|
|
|
|
* Register an exit function to warn for any inconsistency that we
|
|
|
|
* could create.
|
|
|
|
*/
|
|
|
|
if (atexit (do_cleanups) != 0) {
|
|
|
|
fprintf(stderr, "%s: cannot set exit function\n", Prog);
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (1);
|
2009-01-26 22:03:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Parse the options */
|
|
|
|
process_flags (argc, argv);
|
|
|
|
|
2007-12-27 21:04:22 +00:00
|
|
|
/*
|
|
|
|
* Replicate the group so it can be modified later on.
|
|
|
|
*/
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
2007-12-27 21:04:22 +00:00
|
|
|
get_group (&grent, &sgent);
|
|
|
|
#else
|
|
|
|
get_group (&grent);
|
2007-11-22 21:55:12 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/*
|
2007-12-27 19:08:31 +00:00
|
|
|
* Check if the user is allowed to change the password of this group.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
2007-12-27 19:08:31 +00:00
|
|
|
#ifdef SHADOWGRP
|
2008-02-26 19:09:10 +00:00
|
|
|
check_perms (&grent, &sgent);
|
2007-10-07 11:44:02 +00:00
|
|
|
#else
|
2007-12-27 19:08:31 +00:00
|
|
|
check_perms (&grent);
|
2007-10-07 11:44:02 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
2007-10-07 11:44:59 +00:00
|
|
|
* Removing a password is straight forward. Just set the password
|
|
|
|
* field to a "".
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
if (rflg) {
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
2011-11-19 14:27:48 +00:00
|
|
|
if (is_shadowgrp) {
|
|
|
|
grent.gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
|
|
|
|
sgent.sg_passwd = ""; /* XXX warning: const */
|
|
|
|
} else
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
{
|
|
|
|
grent.gr_passwd = ""; /* XXX warning: const */
|
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
goto output;
|
|
|
|
} else if (Rflg) {
|
|
|
|
/*
|
2007-10-07 11:44:59 +00:00
|
|
|
* Same thing for restricting the group. Set the password
|
2007-10-07 11:44:02 +00:00
|
|
|
* field to "!".
|
|
|
|
*/
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
2011-11-19 14:27:48 +00:00
|
|
|
if (is_shadowgrp) {
|
|
|
|
grent.gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
|
|
|
|
sgent.sg_passwd = "!"; /* XXX warning: const */
|
|
|
|
} else
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
{
|
|
|
|
grent.gr_passwd = "!"; /* XXX warning: const */
|
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
goto output;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 11:44:59 +00:00
|
|
|
* Adding a member to a member list is pretty straightforward as
|
|
|
|
* well. Call the appropriate routine and split.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
if (aflg) {
|
2007-10-07 11:44:59 +00:00
|
|
|
printf (_("Adding user %s to group %s\n"), user, group);
|
2007-10-07 11:44:02 +00:00
|
|
|
grent.gr_mem = add_list (grent.gr_mem, user);
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
2008-02-26 19:09:10 +00:00
|
|
|
if (is_shadowgrp) {
|
2008-02-26 19:17:20 +00:00
|
|
|
sgent.sg_mem = add_list (sgent.sg_mem, user);
|
2008-02-26 19:09:10 +00:00
|
|
|
}
|
2007-10-07 11:47:01 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
goto output;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 11:44:59 +00:00
|
|
|
* Removing a member from the member list is the same deal as adding
|
|
|
|
* one, except the routine is different.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
if (dflg) {
|
2008-06-09 19:26:19 +00:00
|
|
|
bool removed = false;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2007-10-07 11:46:07 +00:00
|
|
|
printf (_("Removing user %s from group %s\n"), user, group);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2007-10-07 11:44:59 +00:00
|
|
|
if (is_on_list (grent.gr_mem, user)) {
|
2008-06-09 19:26:19 +00:00
|
|
|
removed = true;
|
2007-10-07 11:44:02 +00:00
|
|
|
grent.gr_mem = del_list (grent.gr_mem, user);
|
|
|
|
}
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
2008-02-26 19:09:10 +00:00
|
|
|
if (is_shadowgrp) {
|
2008-02-26 19:17:20 +00:00
|
|
|
if (is_on_list (sgent.sg_mem, user)) {
|
2008-06-09 19:26:19 +00:00
|
|
|
removed = true;
|
2008-02-26 19:17:20 +00:00
|
|
|
sgent.sg_mem = del_list (sgent.sg_mem, user);
|
|
|
|
}
|
2008-02-26 19:09:10 +00:00
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
#endif
|
2007-10-07 11:44:59 +00:00
|
|
|
if (!removed) {
|
2009-01-26 22:03:37 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: user '%s' is not a member of '%s'\n"),
|
2008-08-06 15:52:21 +00:00
|
|
|
Prog, user, group);
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_BAD_ARG);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
goto output;
|
|
|
|
}
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SHADOWGRP
|
2007-10-07 11:44:02 +00:00
|
|
|
/*
|
2008-06-13 20:29:58 +00:00
|
|
|
* Replacing the entire list of administrators is simple. Check the
|
2007-10-07 11:44:59 +00:00
|
|
|
* list to make sure everyone is a real user. Then slap the new list
|
|
|
|
* in place.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
if (Aflg) {
|
2007-10-07 11:44:59 +00:00
|
|
|
sgent.sg_adm = comma_to_list (admins);
|
2007-12-27 21:28:50 +00:00
|
|
|
if (!Mflg) {
|
2007-10-07 11:44:02 +00:00
|
|
|
goto output;
|
2007-12-27 21:28:50 +00:00
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2009-01-26 22:03:37 +00:00
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/*
|
2007-10-07 11:44:59 +00:00
|
|
|
* Replacing the entire list of members is simple. Check the list to
|
|
|
|
* make sure everyone is a real user. Then slap the new list in
|
|
|
|
* place.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
if (Mflg) {
|
|
|
|
#ifdef SHADOWGRP
|
2007-10-07 11:44:59 +00:00
|
|
|
sgent.sg_mem = comma_to_list (members);
|
2007-10-07 11:44:02 +00:00
|
|
|
#endif
|
2007-10-07 11:44:59 +00:00
|
|
|
grent.gr_mem = comma_to_list (members);
|
2007-10-07 11:44:02 +00:00
|
|
|
goto output;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 11:44:59 +00:00
|
|
|
* If the password is being changed, the input and output must both
|
|
|
|
* be a tty. The typical keyboard signals are caught so the termio
|
|
|
|
* modes can be restored.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
2007-12-27 21:56:45 +00:00
|
|
|
if ((isatty (0) == 0) || (isatty (1) == 0)) {
|
2007-10-07 11:44:59 +00:00
|
|
|
fprintf (stderr, _("%s: Not a tty\n"), Prog);
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
|
2007-10-07 11:47:22 +00:00
|
|
|
catch_signals (0); /* save tty modes */
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2008-06-13 20:29:58 +00:00
|
|
|
(void) signal (SIGHUP, catch_signals);
|
|
|
|
(void) signal (SIGINT, catch_signals);
|
|
|
|
(void) signal (SIGQUIT, catch_signals);
|
|
|
|
(void) signal (SIGTERM, catch_signals);
|
2007-12-27 18:52:40 +00:00
|
|
|
#ifdef SIGTSTP
|
2008-06-13 20:29:58 +00:00
|
|
|
(void) signal (SIGTSTP, catch_signals);
|
2007-10-07 11:44:02 +00:00
|
|
|
#endif
|
|
|
|
|
2007-12-27 21:04:22 +00:00
|
|
|
/* Prompt for the new password */
|
2007-10-07 11:44:14 +00:00
|
|
|
#ifdef SHADOWGRP
|
2007-12-27 21:04:22 +00:00
|
|
|
change_passwd (&grent, &sgent);
|
|
|
|
#else
|
|
|
|
change_passwd (&grent);
|
2007-10-07 11:47:01 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/*
|
2007-10-07 11:44:59 +00:00
|
|
|
* This is the common arrival point to output the new group file.
|
|
|
|
* The freshly crafted entry is in allocated space. The group file
|
|
|
|
* will be locked and opened for writing. The new entry will be
|
|
|
|
* output, etc.
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
2007-10-07 11:44:59 +00:00
|
|
|
output:
|
2007-12-27 21:56:45 +00:00
|
|
|
if (setuid (0) != 0) {
|
2008-01-24 18:39:05 +00:00
|
|
|
fputs (_("Cannot change ID to root.\n"), stderr);
|
2007-10-07 11:44:59 +00:00
|
|
|
SYSLOG ((LOG_ERR, "can't setuid(0)"));
|
|
|
|
closelog ();
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
|
|
|
exit (E_NOPERM);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2007-10-07 11:44:59 +00:00
|
|
|
pwd_init ();
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2007-12-27 18:52:40 +00:00
|
|
|
open_files ();
|
|
|
|
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
update_group (&grent, &sgent);
|
|
|
|
#else
|
|
|
|
update_group (&grent);
|
2007-10-07 11:47:01 +00:00
|
|
|
#endif
|
2007-12-27 18:52:40 +00:00
|
|
|
|
|
|
|
close_files ();
|
2007-10-07 11:46:52 +00:00
|
|
|
|
|
|
|
nscd_flush_cache ("group");
|
Flush sssd caches in addition to nscd caches
Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
passwd: sss files
group: sss files
The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.
Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.
More details about why Fedora chose to use sss before files can be found
on e.g.:
https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html
Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.
This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.
2018-09-12 14:22:11 +02:00
|
|
|
sssd_flush_cache (SSSD_DB_GROUP);
|
2007-10-07 11:46:52 +00:00
|
|
|
|
2020-09-16 04:15:06 -04:00
|
|
|
#ifdef SHADOWGRP
|
|
|
|
if (sgent.sg_adm) {
|
|
|
|
xfree(sgent.sg_adm);
|
|
|
|
}
|
|
|
|
if (sgent.sg_mem) {
|
|
|
|
xfree(sgent.sg_mem);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
if (grent.gr_mem) {
|
|
|
|
xfree(grent.gr_mem);
|
|
|
|
}
|
2007-10-07 11:46:52 +00:00
|
|
|
exit (E_SUCCESS);
|
2007-10-07 11:45:23 +00:00
|
|
|
}
|
2008-06-13 20:29:58 +00:00
|
|
|
|