update_passwd.c 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340
  1. /* vi: set sw=4 ts=4: */
  2. /*
  3. * update_passwd
  4. *
  5. * update_passwd is a common function for passwd and chpasswd applets;
  6. * it is responsible for updating password file (i.e. /etc/passwd or
  7. * /etc/shadow) for a given user and password.
  8. *
  9. * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
  10. *
  11. * Modified to be able to add or delete users, groups and users to/from groups
  12. * by Tito Ragusa <farmatito@tiscali.it>
  13. *
  14. * Licensed under GPLv2, see file LICENSE in this source tree.
  15. */
  16. #include "libbb.h"
  17. #if ENABLE_SELINUX
  18. static void check_selinux_update_passwd(const char *username)
  19. {
  20. security_context_t seuser;
  21. char *p;
  22. if (getuid() != (uid_t)0 || is_selinux_enabled() == 0)
  23. return; /* No need to check */
  24. if (getprevcon_raw(&seuser) < 0)
  25. bb_simple_perror_msg_and_die("getprevcon failed");
  26. p = strchr(seuser, ':');
  27. if (!p)
  28. bb_error_msg_and_die("invalid context '%s'", seuser);
  29. *p = '\0';
  30. if (strcmp(seuser, username) != 0) {
  31. security_class_t tclass;
  32. access_vector_t av;
  33. tclass = string_to_security_class("passwd");
  34. if (tclass == 0)
  35. goto die;
  36. av = string_to_av_perm(tclass, "passwd");
  37. if (av == 0)
  38. goto die;
  39. if (selinux_check_passwd_access(av) != 0)
  40. die:
  41. bb_simple_error_msg_and_die("SELinux: access denied");
  42. }
  43. if (ENABLE_FEATURE_CLEAN_UP)
  44. freecon(seuser);
  45. }
  46. #else
  47. # define check_selinux_update_passwd(username) ((void)0)
  48. #endif
  49. /*
  50. 1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL)
  51. only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser
  52. 2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL)
  53. only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup
  54. 3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER)
  55. only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a'
  56. like in addgroup and member != NULL
  57. 4) delete a user: update_passwd(FILE, USER, NULL, NULL)
  58. 5) delete a group: update_passwd(FILE, GROUP, NULL, NULL)
  59. 6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER)
  60. only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL
  61. 7) change user's password: update_passwd(FILE, USER, NEW_PASSWD, NULL)
  62. only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd
  63. or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd
  64. 8) delete a user from all groups: update_passwd(FILE, NULL, NULL, MEMBER)
  65. This function does not validate the arguments fed to it
  66. so the calling program should take care of that.
  67. Returns number of lines changed, or -1 on error.
  68. */
  69. int FAST_FUNC update_passwd(const char *filename,
  70. const char *name,
  71. const char *new_passwd,
  72. const char *member)
  73. {
  74. #if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP)
  75. #define member NULL
  76. #endif
  77. struct stat sb;
  78. struct flock lock;
  79. FILE *old_fp;
  80. FILE *new_fp;
  81. char *fnamesfx;
  82. char *sfx_char;
  83. char *name_colon;
  84. int old_fd;
  85. int new_fd;
  86. int i;
  87. int changed_lines;
  88. int ret = -1; /* failure */
  89. /* used as a bool: "are we modifying /etc/shadow?" */
  90. #if ENABLE_FEATURE_SHADOWPASSWDS
  91. const char *shadow = strstr(filename, "shadow");
  92. #else
  93. # define shadow NULL
  94. #endif
  95. filename = xmalloc_follow_symlinks(filename);
  96. if (filename == NULL)
  97. return ret;
  98. if (name)
  99. check_selinux_update_passwd(name);
  100. /* New passwd file, "/etc/passwd+" for now */
  101. fnamesfx = xasprintf("%s+", filename);
  102. sfx_char = &fnamesfx[strlen(fnamesfx)-1];
  103. name_colon = xasprintf("%s:", name ? name : "");
  104. if (shadow)
  105. old_fp = fopen(filename, "r+");
  106. else
  107. old_fp = fopen_or_warn(filename, "r+");
  108. if (!old_fp) {
  109. if (shadow)
  110. ret = 0; /* missing shadow is not an error */
  111. goto free_mem;
  112. }
  113. old_fd = fileno(old_fp);
  114. selinux_preserve_fcontext(old_fd);
  115. /* Try to create "/etc/passwd+". Wait if it exists. */
  116. i = 30;
  117. do {
  118. // FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
  119. new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600);
  120. if (new_fd >= 0) goto created;
  121. if (errno != EEXIST) break;
  122. usleep(100000); /* 0.1 sec */
  123. } while (--i);
  124. bb_perror_msg("can't create '%s'", fnamesfx);
  125. goto close_old_fp;
  126. created:
  127. if (fstat(old_fd, &sb) == 0) {
  128. fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
  129. fchown(new_fd, sb.st_uid, sb.st_gid);
  130. }
  131. errno = 0;
  132. new_fp = xfdopen_for_write(new_fd);
  133. /* Backup file is "/etc/passwd-" */
  134. *sfx_char = '-';
  135. /* Delete old backup */
  136. i = (unlink(fnamesfx) && errno != ENOENT);
  137. /* Create backup as a hardlink to current */
  138. if (i || link(filename, fnamesfx))
  139. bb_perror_msg("warning: can't create backup copy '%s'",
  140. fnamesfx);
  141. *sfx_char = '+';
  142. /* Lock the password file before updating */
  143. lock.l_type = F_WRLCK;
  144. lock.l_whence = SEEK_SET;
  145. lock.l_start = 0;
  146. lock.l_len = 0;
  147. if (fcntl(old_fd, F_SETLK, &lock) < 0)
  148. bb_perror_msg("warning: can't lock '%s'", filename);
  149. lock.l_type = F_UNLCK;
  150. /* Read current password file, write updated /etc/passwd+ */
  151. changed_lines = 0;
  152. while (1) {
  153. char *cp, *line;
  154. line = xmalloc_fgetline(old_fp);
  155. if (!line) /* EOF/error */
  156. break;
  157. #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
  158. if (!name && member) {
  159. /* Delete member from all groups */
  160. /* line is "GROUP:PASSWD:[member1[,member2]...]" */
  161. unsigned member_len = strlen(member);
  162. char *list = strrchr(line, ':');
  163. while (list) {
  164. list++;
  165. next_list_element:
  166. if (is_prefixed_with(list, member)) {
  167. char c;
  168. changed_lines++;
  169. c = list[member_len];
  170. if (c == '\0') {
  171. if (list[-1] == ',')
  172. list--;
  173. *list = '\0';
  174. break;
  175. }
  176. if (c == ',') {
  177. overlapping_strcpy(list, list + member_len + 1);
  178. goto next_list_element;
  179. }
  180. changed_lines--;
  181. }
  182. list = strchr(list, ',');
  183. }
  184. fprintf(new_fp, "%s\n", line);
  185. goto next;
  186. }
  187. #endif
  188. cp = is_prefixed_with(line, name_colon);
  189. if (!cp) {
  190. fprintf(new_fp, "%s\n", line);
  191. goto next;
  192. }
  193. /* We have a match with "name:"... */
  194. /* cp points past "name:" */
  195. #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
  196. if (member) {
  197. /* It's actually /etc/group+, not /etc/passwd+ */
  198. if (ENABLE_FEATURE_ADDUSER_TO_GROUP
  199. && applet_name[0] == 'a'
  200. ) {
  201. /* Add user to group */
  202. fprintf(new_fp, "%s%s%s\n", line,
  203. last_char_is(line, ':') ? "" : ",",
  204. member);
  205. changed_lines++;
  206. } else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP
  207. /* && applet_name[0] == 'd' */
  208. ) {
  209. /* Delete user from group */
  210. char *tmp;
  211. const char *fmt = "%s";
  212. /* find the start of the member list: last ':' */
  213. cp = strrchr(line, ':');
  214. /* cut it */
  215. *cp++ = '\0';
  216. /* write the cut line name:passwd:gid:
  217. * or name:!:: */
  218. fprintf(new_fp, "%s:", line);
  219. /* parse the tokens of the member list */
  220. tmp = cp;
  221. while ((cp = strsep(&tmp, ",")) != NULL) {
  222. if (strcmp(member, cp) != 0) {
  223. fprintf(new_fp, fmt, cp);
  224. fmt = ",%s";
  225. } else {
  226. /* found member, skip it */
  227. changed_lines++;
  228. }
  229. }
  230. fprintf(new_fp, "\n");
  231. }
  232. } else
  233. #endif
  234. if ((ENABLE_PASSWD && applet_name[0] == 'p')
  235. || (ENABLE_CHPASSWD && applet_name[0] == 'c')
  236. ) {
  237. /* Change passwd */
  238. cp = strchrnul(cp, ':'); /* move past old passwd */
  239. if (shadow && *cp == ':') {
  240. /* /etc/shadow's field 3 (passwd change date) needs updating */
  241. /* move past old change date */
  242. unsigned time_days = (unsigned long)(time(NULL)) / (24*60*60);
  243. if (time_days == 0) {
  244. /* 0 as change date has special meaning, avoid it */
  245. time_days = 1;
  246. }
  247. cp = strchrnul(cp + 1, ':');
  248. /* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */
  249. fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd,
  250. time_days, cp);
  251. } else {
  252. /* "name:" + "new_passwd" + ":rest of line" */
  253. fprintf(new_fp, "%s%s%s\n", name_colon, new_passwd, cp);
  254. }
  255. changed_lines++;
  256. } /* else delete user or group: skip the line */
  257. next:
  258. free(line);
  259. }
  260. if (changed_lines == 0) {
  261. #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
  262. if (member) {
  263. if (ENABLE_ADDGROUP && applet_name[0] == 'a')
  264. bb_error_msg("can't find %s in %s", name, filename);
  265. if (ENABLE_DELGROUP && applet_name[0] == 'd')
  266. bb_error_msg("can't find %s in %s", member, filename);
  267. }
  268. #endif
  269. if ((ENABLE_ADDUSER || ENABLE_ADDGROUP)
  270. && applet_name[0] == 'a' && !member
  271. ) {
  272. /* add user or group */
  273. fprintf(new_fp, "%s%s\n", name_colon, new_passwd);
  274. changed_lines++;
  275. }
  276. }
  277. fcntl(old_fd, F_SETLK, &lock);
  278. /* We do want all of them to execute, thus | instead of || */
  279. errno = 0;
  280. if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
  281. || rename(fnamesfx, filename)
  282. ) {
  283. /* At least one of those failed */
  284. bb_perror_nomsg();
  285. goto unlink_new;
  286. }
  287. /* Success: ret >= 0 */
  288. ret = changed_lines;
  289. unlink_new:
  290. if (ret < 0)
  291. unlink(fnamesfx);
  292. close_old_fp:
  293. fclose(old_fp);
  294. free_mem:
  295. free(fnamesfx);
  296. free((char *)filename);
  297. free(name_colon);
  298. return ret;
  299. }