shadow/src/pwck.c

634 lines
14 KiB
C

/*
* Copyright 1992 - 1994, Julianne Frances Haugh
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Julianne F. Haugh nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <config.h>
#ident "$Id$"
#include <fcntl.h>
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
#include "chkname.h"
#include "commonio.h"
#include "defines.h"
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
#include "getdef.h"
#include "nscd.h"
extern void __pw_del_entry (const struct commonio_entry *);
extern struct commonio_entry *__pw_get_head (void);
extern void __spw_del_entry (const struct commonio_entry *);
extern struct commonio_entry *__spw_get_head (void);
/*
* Exit codes
*/
#define E_OKAY 0
#define E_USAGE 1
#define E_BADENTRY 2
#define E_CANTOPEN 3
#define E_CANTLOCK 4
#define E_CANTUPDATE 5
/*
* Global variables
*/
static char *Prog;
static const char *pwd_file = PASSWD_FILE;
static int use_system_pw_file = 1;
static const char *spw_file = SHADOW_FILE;
static int use_system_spw_file = 1;
static int is_shadow = 0;
/* Options */
static int read_only = 0;
static int sort_mode = 0;
static int quiet = 0; /* don't report warnings, only errors */
/* local function prototypes */
static void usage (void);
static void process_flags (int argc, char **argv);
static void open_files (void);
static void close_files (int changed);
static void check_pw_file (int *errors, int *changed);
static void check_spw_file (int *errors, int *changed);
/*
* usage - print syntax message and exit
*/
static void usage (void)
{
fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
Prog);
exit (E_USAGE);
}
/*
* process_flags - parse the command line options
*
* It will not return if an error is encountered.
*/
static void process_flags (int argc, char **argv)
{
int arg;
/*
* Parse the command line arguments
*/
while ((arg = getopt (argc, argv, "eqrs")) != EOF) {
switch (arg) {
case 'e': /* added for Debian shadow-961025-2 compatibility */
case 'q':
quiet = 1;
break;
case 'r':
read_only = 1;
break;
case 's':
sort_mode = 1;
break;
default:
usage ();
}
}
if (sort_mode && read_only) {
fprintf (stderr, _("%s: -s and -r are incompatibile\n"), Prog);
exit (E_USAGE);
}
/*
* Make certain we have the right number of arguments
*/
if (optind != argc && optind + 1 != argc && optind + 2 != argc)
usage ();
/*
* If there are two left over filenames, use those as the password
* and shadow password filenames.
*/
if (optind != argc) {
pwd_file = argv[optind];
pw_name (pwd_file);
use_system_pw_file = 0;
}
if (optind + 2 == argc) {
spw_file = argv[optind + 1];
spw_name (spw_file);
is_shadow = 1;
use_system_spw_file = 0;
} else if (optind == argc)
is_shadow = spw_file_present ();
}
/*
* open_files - open the shadow database
*
* In read-only mode, the databases are not locked and are opened
* only for reading.
*/
static void open_files (void)
{
/*
* Lock the files if we aren't in "read-only" mode
*/
if (!read_only) {
if (!pw_lock ()) {
fprintf (stderr, _("%s: cannot lock file %s\n"),
Prog, pwd_file);
if (use_system_pw_file)
SYSLOG ((LOG_WARN, "cannot lock %s", pwd_file));
closelog ();
exit (E_CANTLOCK);
}
if (is_shadow && !spw_lock ()) {
fprintf (stderr, _("%s: cannot lock file %s\n"),
Prog, spw_file);
if (use_system_spw_file)
SYSLOG ((LOG_WARN, "cannot lock %s", spw_file));
closelog ();
exit (E_CANTLOCK);
}
}
/*
* Open the files. Use O_RDONLY if we are in read_only mode, O_RDWR
* otherwise.
*/
if (!pw_open (read_only ? O_RDONLY : O_RDWR)) {
fprintf (stderr, _("%s: cannot open file %s\n"),
Prog, pwd_file);
if (use_system_pw_file)
SYSLOG ((LOG_WARN, "cannot open %s", pwd_file));
closelog ();
exit (E_CANTOPEN);
}
if (is_shadow && !spw_open (read_only ? O_RDONLY : O_RDWR)) {
fprintf (stderr, _("%s: cannot open file %s\n"),
Prog, spw_file);
if (use_system_spw_file)
SYSLOG ((LOG_WARN, "cannot open %s", spw_file));
closelog ();
exit (E_CANTOPEN);
}
}
/*
* close_files - close and unlock the password/shadow databases
*
* If changed is not set, the databases are not closed, and no
* changes are committed in the databases. The databases are
* unlocked anyway.
*/
static void close_files (int changed)
{
/*
* All done. If there were no change we can just abandon any
* changes to the files.
*/
if (changed) {
if (!pw_close ()) {
fprintf (stderr, _("%s: cannot update file %s\n"),
Prog, pwd_file);
SYSLOG ((LOG_WARN, "cannot update %s", pwd_file));
closelog ();
exit (E_CANTUPDATE);
}
if (is_shadow && !spw_close ()) {
fprintf (stderr, _("%s: cannot update file %s\n"),
Prog, spw_file);
SYSLOG ((LOG_WARN, "cannot update %s", spw_file));
closelog ();
exit (E_CANTUPDATE);
}
}
/*
* Don't be anti-social - unlock the files when you're done.
*/
if (is_shadow)
spw_unlock ();
(void) pw_unlock ();
}
/*
* check_pw_file - check the content of the passwd file
*/
static void check_pw_file (int *errors, int *changed)
{
struct commonio_entry *pfe, *tpfe;
struct passwd *pwd;
struct spwd *spw;
/*
* Loop through the entire password file.
*/
for (pfe = __pw_get_head (); pfe; pfe = pfe->next) {
/*
* If this is a NIS line, skip it. You can't "know" what NIS
* is going to do without directly asking NIS ...
*/
if (pfe->line[0] == '+' || pfe->line[0] == '-')
continue;
/*
* Start with the entries that are completely corrupt. They
* have no (struct passwd) entry because they couldn't be
* parsed properly.
*/
if (!pfe->eptr) {
/*
* Tell the user this entire line is bogus and ask
* them to delete it.
*/
printf (_("invalid password file entry\n"));
printf (_("delete line '%s'? "), pfe->line);
*errors += 1;
/*
* prompt the user to delete the entry or not
*/
if (!yes_or_no (read_only))
continue;
/*
* All password file deletions wind up here. This
* code removes the current entry from the linked
* list. When done, it skips back to the top of the
* loop to try out the next list element.
*/
delete_pw:
SYSLOG ((LOG_INFO, "delete passwd line `%s'",
pfe->line));
*changed = 1;
__pw_del_entry (pfe);
continue;
}
/*
* Password structure is good, start using it.
*/
pwd = pfe->eptr;
/*
* Make sure this entry has a unique name.
*/
for (tpfe = __pw_get_head (); tpfe; tpfe = tpfe->next) {
const struct passwd *ent = tpfe->eptr;
/*
* Don't check this entry
*/
if (tpfe == pfe)
continue;
/*
* Don't check invalid entries.
*/
if (!ent)
continue;
if (strcmp (pwd->pw_name, ent->pw_name) != 0)
continue;
/*
* Tell the user this entry is a duplicate of
* another and ask them to delete it.
*/
printf (_("duplicate password entry\n"));
printf (_("delete line '%s'? "), pfe->line);
*errors += 1;
/*
* prompt the user to delete the entry or not
*/
if (yes_or_no (read_only))
goto delete_pw;
}
/*
* Check for invalid usernames. --marekm
*/
if (!check_user_name (pwd->pw_name)) {
printf (_("invalid user name '%s'\n"), pwd->pw_name);
*errors += 1;
}
/*
* Make sure the primary group exists
*/
/* local, no need for xgetgrgid */
if (!quiet && !getgrgid (pwd->pw_gid)) {
/*
* No primary group, just give a warning
*/
printf (_("user %s: no group %u\n"),
pwd->pw_name, pwd->pw_gid);
*errors += 1;
}
/*
* Make sure the home directory exists
*/
if (!quiet && access (pwd->pw_dir, F_OK)) {
/*
* Home directory doesn't exist, give a warning
*/
printf (_
("user %s: directory %s does not exist\n"),
pwd->pw_name, pwd->pw_dir);
*errors += 1;
}
/*
* Make sure the login shell is executable
*/
if (!quiet && pwd->pw_shell[0]
&& access (pwd->pw_shell, F_OK)) {
/*
* Login shell doesn't exist, give a warning
*/
printf (_("user %s: program %s does not exist\n"),
pwd->pw_name, pwd->pw_shell);
*errors += 1;
}
/*
* Make sure this entry exists in the /etc/shadow file.
*/
if (is_shadow) {
spw = (struct spwd *) spw_locate (pwd->pw_name);
if (spw == NULL) {
printf (_
("no matching password file entry in %s\n"),
spw_file);
printf (_("add user '%s' in %s? "),
pwd->pw_name, spw_file);
*errors += 1;
if (yes_or_no (read_only)) {
struct spwd sp;
struct passwd pw;
sp.sp_namp = pwd->pw_name;
sp.sp_pwdp = pwd->pw_passwd;
sp.sp_min =
getdef_num ("PASS_MIN_DAYS", -1);
sp.sp_max =
getdef_num ("PASS_MAX_DAYS", -1);
sp.sp_warn =
getdef_num ("PASS_WARN_AGE", -1);
sp.sp_inact = -1;
sp.sp_expire = -1;
sp.sp_flag = -1;
sp.sp_lstchg =
time ((time_t *) 0) / (24L * 3600L);
*changed = 1;
if (!spw_update (&sp)) {
fprintf (stderr,
_
("%s: can't update shadow entry for %s\n"),
Prog, sp.sp_namp);
exit (E_CANTUPDATE);
}
/* remove password from /etc/passwd */
pw = *pwd;
pw.pw_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
if (!pw_update (&pw)) {
fprintf (stderr,
_
("%s: can't update passwd entry for %s\n"),
Prog, pw.pw_name);
exit (E_CANTUPDATE);
}
}
}
}
}
}
/*
* check_spw_file - check the content of the shadowed password file (shadow)
*/
static void check_spw_file (int *errors, int *changed)
{
struct commonio_entry *spe, *tspe;
struct spwd *spw;
/*
* Loop through the entire shadow password file.
*/
for (spe = __spw_get_head (); spe; spe = spe->next) {
/*
* Do not treat lines which were missing in shadow
* and were added earlier.
*/
if (spe->line == NULL)
continue;
/*
* If this is a NIS line, skip it. You can't "know" what NIS
* is going to do without directly asking NIS ...
*/
if (spe->line[0] == '+' || spe->line[0] == '-')
continue;
/*
* Start with the entries that are completely corrupt. They
* have no (struct spwd) entry because they couldn't be
* parsed properly.
*/
if (!spe->eptr) {
/*
* Tell the user this entire line is bogus and ask
* them to delete it.
*/
printf (_("invalid shadow password file entry\n"));
printf (_("delete line '%s'? "), spe->line);
*errors += 1;
/*
* prompt the user to delete the entry or not
*/
if (!yes_or_no (read_only))
continue;
/*
* All shadow file deletions wind up here. This code
* removes the current entry from the linked list.
* When done, it skips back to the top of the loop
* to try out the next list element.
*/
delete_spw:
SYSLOG ((LOG_INFO, "delete shadow line `%s'",
spe->line));
*changed = 1;
__spw_del_entry (spe);
continue;
}
/*
* Shadow password structure is good, start using it.
*/
spw = spe->eptr;
/*
* Make sure this entry has a unique name.
*/
for (tspe = __spw_get_head (); tspe; tspe = tspe->next) {
const struct spwd *ent = tspe->eptr;
/*
* Don't check this entry
*/
if (tspe == spe)
continue;
/*
* Don't check invalid entries.
*/
if (!ent)
continue;
if (strcmp (spw->sp_namp, ent->sp_namp) != 0)
continue;
/*
* Tell the user this entry is a duplicate of
* another and ask them to delete it.
*/
printf (_("duplicate shadow password entry\n"));
printf (_("delete line '%s'? "), spe->line);
*errors += 1;
/*
* prompt the user to delete the entry or not
*/
if (yes_or_no (read_only))
goto delete_spw;
}
/*
* Make sure this entry exists in the /etc/passwd
* file.
*/
if (!pw_locate (spw->sp_namp)) {
/*
* Tell the user this entry has no matching
* /etc/passwd entry and ask them to delete it.
*/
printf (_("no matching password file entry in %s\n"),
pwd_file);
printf (_("delete line '%s'? "), spe->line);
*errors += 1;
/*
* prompt the user to delete the entry or not
*/
if (yes_or_no (read_only))
goto delete_spw;
}
/*
* Warn if last password change in the future. --marekm
*/
if (!quiet && spw->sp_lstchg > time ((time_t *) 0) / SCALE) {
printf (_
("user %s: last password change in the future\n"),
spw->sp_namp);
*errors += 1;
}
}
}
/*
* pwck - verify password file integrity
*/
int main (int argc, char **argv)
{
int errors = 0;
int changed = 0;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
OPENLOG ("pwck");
/* Parse the command line arguments */
process_flags (argc, argv);
open_files ();
if (sort_mode) {
pw_sort ();
if (is_shadow)
spw_sort ();
changed = 1;
} else {
check_pw_file (&errors, &changed);
if (is_shadow) {
check_spw_file (&errors, &changed);
}
}
close_files (changed);
nscd_flush_cache ("passwd");
/*
* Tell the user what we did and exit.
*/
if (errors)
printf (changed ?
_("%s: the files have been updated\n") :
_("%s: no changes\n"), Prog);
closelog ();
exit (errors ? E_BADENTRY : E_OKAY);
}