2007-10-07 17:14:02 +05:30
|
|
|
/*
|
2021-12-05 21:05:27 +05:30
|
|
|
* SPDX-FileCopyrightText: 1994 , Julianne Frances Haugh
|
|
|
|
|
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
|
|
|
* SPDX-FileCopyrightText: 2001 - 2006, Tomasz Kłoczko
|
|
|
|
|
* SPDX-FileCopyrightText: 2007 - 2011, Nicolas François
|
2007-10-07 17:14:02 +05:30
|
|
|
*
|
2021-12-05 21:05:27 +05:30
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
2007-11-11 05:16:11 +05:30
|
|
|
#ident "$Id$"
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
|
|
|
#include <pwd.h>
|
2007-10-07 17:14:02 +05:30
|
|
|
#include <signal.h>
|
|
|
|
|
#include <stdio.h>
|
2007-10-07 17:17:01 +05:30
|
|
|
#include <sys/types.h>
|
2011-11-07 00:09:30 +05:30
|
|
|
#include <getopt.h>
|
2007-10-07 17:14:02 +05:30
|
|
|
#include "defines.h"
|
2007-10-07 17:17:01 +05:30
|
|
|
#include "prototypes.h"
|
2011-11-07 00:09:30 +05:30
|
|
|
/*@-exitarg@*/
|
|
|
|
|
#include "exitcodes.h"
|
2021-11-29 05:07:53 +05:30
|
|
|
#include "shadowlog.h"
|
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
2008-09-06 18:21:53 +05:30
|
|
|
|
|
|
|
|
/* Global variables */
|
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/chage.c,
src/groupadd.c, src/login.c, src/grpconv.c, src/groups.c,
src/grpunconv.c, src/chsh.c: Prog changed to a constant string.
2010-08-23 01:06:09 +05:30
|
|
|
const char *Prog;
|
2011-11-07 00:09:30 +05:30
|
|
|
static bool cflg = false;
|
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
2008-09-06 18:21:53 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/* local function prototypes */
|
2021-12-30 21:06:18 +05:30
|
|
|
static void catch_signals (unused int sig);
|
2011-11-07 00:09:30 +05:30
|
|
|
static /*@noreturn@*/void usage (int status);
|
|
|
|
|
static void process_flags (int argc, char **argv);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:17:22 +05:30
|
|
|
* catch_signals - signal catcher
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2021-12-30 21:06:18 +05:30
|
|
|
static void catch_signals (unused int sig)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2016-07-02 21:41:09 +05:30
|
|
|
_exit (10);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* usage - print syntax message and exit
|
|
|
|
|
*/
|
2011-11-07 00:09:30 +05:30
|
|
|
static /*@noreturn@*/void usage (int status)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2011-11-07 00:09:30 +05:30
|
|
|
FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
|
|
|
|
|
(void) fprintf (usageout,
|
|
|
|
|
_("Usage: %s [options]\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"Options:\n"),
|
|
|
|
|
Prog);
|
|
|
|
|
(void) fputs (_(" -c, --check check the user's password expiration\n"), usageout);
|
|
|
|
|
(void) fputs (_(" -f, --force force password change if the user's password\n"
|
|
|
|
|
" is expired\n"), usageout);
|
|
|
|
|
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
|
|
|
|
(void) fputs ("\n", usageout);
|
|
|
|
|
exit (status);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* process_flags - parse the command line options
|
|
|
|
|
*
|
|
|
|
|
* It will not return if an error is encountered.
|
|
|
|
|
*/
|
|
|
|
|
static void process_flags (int argc, char **argv)
|
|
|
|
|
{
|
|
|
|
|
bool fflg = false;
|
|
|
|
|
int c;
|
|
|
|
|
static struct option long_options[] = {
|
|
|
|
|
{"check", no_argument, NULL, 'c'},
|
|
|
|
|
{"force", no_argument, NULL, 'f'},
|
|
|
|
|
{"help", no_argument, NULL, 'h'},
|
|
|
|
|
{NULL, 0, NULL, '\0'}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
while ((c = getopt_long (argc, argv, "cfh",
|
|
|
|
|
long_options, NULL)) != -1) {
|
|
|
|
|
switch (c) {
|
|
|
|
|
case 'c':
|
|
|
|
|
cflg = true;
|
|
|
|
|
break;
|
|
|
|
|
case 'f':
|
|
|
|
|
fflg = true;
|
|
|
|
|
break;
|
|
|
|
|
case 'h':
|
|
|
|
|
usage (E_SUCCESS);
|
|
|
|
|
/*@notreached@*/break;
|
|
|
|
|
default:
|
|
|
|
|
usage (E_USAGE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (! (cflg || fflg)) {
|
|
|
|
|
usage (E_USAGE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cflg && fflg) {
|
|
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: options %s and %s conflict\n"),
|
|
|
|
|
Prog, "-c", "-f");
|
|
|
|
|
usage (E_USAGE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (argc != optind) {
|
|
|
|
|
fprintf (stderr,
|
|
|
|
|
_("%s: unexpected argument: %s\n"),
|
|
|
|
|
Prog, argv[optind]);
|
|
|
|
|
usage (E_USAGE);
|
|
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
2021-09-13 21:53:17 +05:30
|
|
|
/*
|
2007-10-07 17:14:02 +05:30
|
|
|
* expiry - check and enforce password expiration policy
|
|
|
|
|
*
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
* expiry checks (-c) the current password expiration and forces (-f)
|
2007-10-07 17:14:59 +05:30
|
|
|
* changes when required. It is callable as a normal user command.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
int main (int argc, char **argv)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:14:59 +05:30
|
|
|
struct passwd *pwd;
|
|
|
|
|
struct spwd *spwd;
|
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
2008-09-06 18:21:53 +05:30
|
|
|
|
|
|
|
|
Prog = Basename (argv[0]);
|
2021-11-29 05:07:53 +05:30
|
|
|
log_set_progname(Prog);
|
|
|
|
|
log_set_logfd(stderr);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
sanitize_env ();
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2021-09-13 21:53:17 +05:30
|
|
|
/*
|
2007-10-07 17:14:02 +05:30
|
|
|
* Start by disabling all of the keyboard signals.
|
|
|
|
|
*/
|
2008-06-14 02:27:20 +05:30
|
|
|
(void) signal (SIGHUP, catch_signals);
|
|
|
|
|
(void) signal (SIGINT, catch_signals);
|
|
|
|
|
(void) signal (SIGQUIT, catch_signals);
|
|
|
|
|
(void) signal (SIGTSTP, catch_signals);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* expiry takes one of two arguments. The default action is to give
|
|
|
|
|
* the usage message.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2008-06-10 02:06:24 +05:30
|
|
|
(void) setlocale (LC_ALL, "");
|
|
|
|
|
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
|
|
(void) textdomain (PACKAGE);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-08-31 00:04:04 +05:30
|
|
|
OPENLOG ("expiry");
|
|
|
|
|
|
2011-11-07 00:09:30 +05:30
|
|
|
process_flags (argc, argv);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get user entries for /etc/passwd and /etc/shadow
|
|
|
|
|
*/
|
2008-06-10 02:06:24 +05:30
|
|
|
pwd = get_my_pwent ();
|
|
|
|
|
if (NULL == pwd) {
|
2008-08-30 23:57:07 +05:30
|
|
|
fprintf (stderr, _("%s: Cannot determine your user name.\n"),
|
|
|
|
|
Prog);
|
|
|
|
|
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
|
|
|
|
|
(unsigned long) getuid ()));
|
2007-10-07 17:14:59 +05:30
|
|
|
exit (10);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
spwd = getspnam (pwd->pw_name); /* !USE_PAM, No need for xgetspnam */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If checking accounts, use agecheck() function.
|
|
|
|
|
*/
|
2011-11-07 00:09:30 +05:30
|
|
|
if (cflg) {
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
|
* Print out number of days until expiration.
|
|
|
|
|
*/
|
2009-04-12 00:07:08 +05:30
|
|
|
agecheck (spwd);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Exit with status indicating state of account.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
exit (isexpired (pwd, spwd));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2011-07-23 04:09:30 +05:30
|
|
|
* Otherwise, force a password change with the expire() function.
|
|
|
|
|
* It will force the change or give a message indicating what to
|
|
|
|
|
* do.
|
|
|
|
|
* It won't return unless the account is unexpired.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2011-11-20 03:21:52 +05:30
|
|
|
(void) expire (pwd, spwd);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2011-11-07 00:09:30 +05:30
|
|
|
return E_SUCCESS;
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2008-06-10 02:06:24 +05:30
|
|
|
|
