shadow/lib/shadowio.c

248 lines
4.7 KiB
C
Raw Normal View History

/*
* SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
* SPDX-FileCopyrightText: 2001 , Michał Moskal
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
* SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <config.h>
#ident "$Id$"
#include "prototypes.h"
#include "defines.h"
#include <shadow.h>
#include <stdio.h>
#include "commonio.h"
#include "getdef.h"
#include "shadowio.h"
#ifdef WITH_TCB
#include <tcb.h>
#include "tcbfuncs.h"
#endif /* WITH_TCB */
static /*@null@*/ /*@only@*/void *shadow_dup (const void *ent)
{
const struct spwd *sp = ent;
return __spw_dup (sp);
}
2009-04-23 03:03:09 +05:30
static void shadow_free (/*@out@*//*@only@*/void *ent)
{
struct spwd *sp = ent;
spw_free (sp);
}
static const char *shadow_getname (const void *ent)
{
const struct spwd *sp = ent;
return sp->sp_namp;
}
static void *shadow_parse (const char *line)
{
return sgetspent (line);
}
static int shadow_put (const void *ent, FILE * file)
{
const struct spwd *sp = ent;
if ( (NULL == sp)
|| (valid_field (sp->sp_namp, ":\n") == -1)
|| (valid_field (sp->sp_pwdp, ":\n") == -1)
|| (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
1000 > PASSWD_ENTRY_MAX_LENGTH)) {
return -1;
}
return (putspent (sp, file) == -1) ? -1 : 0;
}
static struct commonio_ops shadow_ops = {
shadow_dup,
shadow_free,
shadow_getname,
shadow_parse,
shadow_put,
fgets,
fputs,
NULL, /* open_hook */
NULL /* close_hook */
};
static struct commonio_db shadow_db = {
SHADOW_FILE, /* filename */
&shadow_ops, /* ops */
NULL, /* fp */
#ifdef WITH_SELINUX
NULL, /* scontext */
#endif /* WITH_SELINUX */
2015-02-27 21:56:57 +05:30
0400, /* st_mode */
0, /* st_uid */
0, /* st_gid */
NULL, /* head */
NULL, /* tail */
NULL, /* cursor */
false, /* changed */
false, /* isopen */
false, /* locked */
false, /* readonly */
false /* setname */
};
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h: Added *_dbname() functions to retrieve the name of the databases. * lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h: *_name() functions renamed *setname(). * src/grpck.c, src/pwck.c: Likewise. * lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added the name of the arguments to the prototypes. * src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c, src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the erro & syslog messages in case of failure of the *_lock(), *_open(), *_close(), *_unlock(), *_remove() functions. * src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid capitalized messages. * src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages in case of inexistent entries. * src/usermod.c: Harmonize messages in case of already existing entries. * src/newusers.c, src/useradd.c: Simplify PAM error handling. * src/useradd.c: Report failures to unlock files (stderr, syslog, and audit). But do not fail (continue). * src/useradd.c (open_files): Do not report to syslog & audit failures to lock or open the databases. This might be harmless, and the logs were not already informed that a change was requested. * src/usermod.c: It's not the account which is unlocked, but its password.
2008-08-06 21:27:31 +05:30
int spw_setdbname (const char *filename)
{
return commonio_setname (&shadow_db, filename);
}
/*@observer@*/const char *spw_dbname (void)
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h: Added *_dbname() functions to retrieve the name of the databases. * lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h: *_name() functions renamed *setname(). * src/grpck.c, src/pwck.c: Likewise. * lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added the name of the arguments to the prototypes. * src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c, src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the erro & syslog messages in case of failure of the *_lock(), *_open(), *_close(), *_unlock(), *_remove() functions. * src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid capitalized messages. * src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages in case of inexistent entries. * src/usermod.c: Harmonize messages in case of already existing entries. * src/newusers.c, src/useradd.c: Simplify PAM error handling. * src/useradd.c: Report failures to unlock files (stderr, syslog, and audit). But do not fail (continue). * src/useradd.c (open_files): Do not report to syslog & audit failures to lock or open the databases. This might be harmless, and the logs were not already informed that a change was requested. * src/usermod.c: It's not the account which is unlocked, but its password.
2008-08-06 21:27:31 +05:30
{
return shadow_db.filename;
}
bool spw_file_present (void)
{
2015-02-27 19:48:56 +05:30
if (getdef_bool ("FORCE_SHADOW"))
return true;
return commonio_present (&shadow_db);
}
int spw_lock (void)
{
#ifdef WITH_TCB
int retval = 0;
if (!getdef_bool ("USE_TCB")) {
#endif /* WITH_TCB */
return commonio_lock (&shadow_db);
#ifdef WITH_TCB
}
if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
return 0;
}
if (lckpwdf_tcb (shadow_db.filename) == 0) {
shadow_db.locked = 1;
retval = 1;
}
if (shadowtcb_gain_priv () == SHADOWTCB_FAILURE) {
return 0;
}
return retval;
#endif /* WITH_TCB */
}
int spw_open (int mode)
{
int retval = 0;
#ifdef WITH_TCB
bool use_tcb = getdef_bool ("USE_TCB");
if (use_tcb && (shadowtcb_drop_priv () == SHADOWTCB_FAILURE)) {
return 0;
}
#endif /* WITH_TCB */
retval = commonio_open (&shadow_db, mode);
#ifdef WITH_TCB
if (use_tcb && (shadowtcb_gain_priv () == SHADOWTCB_FAILURE)) {
return 0;
}
#endif /* WITH_TCB */
return retval;
}
/*@observer@*/ /*@null@*/const struct spwd *spw_locate (const char *name)
{
return commonio_locate (&shadow_db, name);
}
int spw_update (const struct spwd *sp)
{
return commonio_update (&shadow_db, sp);
}
int spw_remove (const char *name)
{
return commonio_remove (&shadow_db, name);
}
int spw_rewind (void)
{
return commonio_rewind (&shadow_db);
}
/*@observer@*/ /*@null@*/const struct spwd *spw_next (void)
{
return commonio_next (&shadow_db);
}
int spw_close (void)
{
int retval = 0;
#ifdef WITH_TCB
bool use_tcb = getdef_bool ("USE_TCB");
if (use_tcb && (shadowtcb_drop_priv () == SHADOWTCB_FAILURE)) {
return 0;
}
#endif /* WITH_TCB */
retval = commonio_close (&shadow_db);
#ifdef WITH_TCB
if (use_tcb && (shadowtcb_gain_priv () == SHADOWTCB_FAILURE)) {
return 0;
}
#endif /* WITH_TCB */
return retval;
}
int spw_unlock (void)
{
#ifdef WITH_TCB
int retval = 0;
if (!getdef_bool ("USE_TCB")) {
#endif /* WITH_TCB */
return commonio_unlock (&shadow_db);
#ifdef WITH_TCB
}
if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
return 0;
}
if (ulckpwdf_tcb () == 0) {
shadow_db.locked = 0;
retval = 1;
}
if (shadowtcb_gain_priv () == SHADOWTCB_FAILURE) {
return 0;
}
return retval;
#endif /* WITH_TCB */
}
struct commonio_entry *__spw_get_head (void)
{
return shadow_db.head;
}
void __spw_del_entry (const struct commonio_entry *ent)
{
commonio_del_entry (&shadow_db, ent);
}
/* Sort with respect to passwd ordering. */
int spw_sort ()
{
#ifdef WITH_TCB
if (getdef_bool ("USE_TCB")) {
return 0;
}
#endif /* WITH_TCB */
return commonio_sort_wrt (&shadow_db, __pw_get_db ());
}