Index: head/lib/libutil/Makefile =================================================================== --- head/lib/libutil/Makefile (revision 283968) +++ head/lib/libutil/Makefile (revision 283969) @@ -1,90 +1,91 @@ # @(#)Makefile 8.1 (Berkeley) 6/4/93 # $FreeBSD$ SHLIBDIR?= /lib .include LIB= util SHLIB_MAJOR= 9 SRCS= _secure_path.c auth.c expand_number.c flopen.c fparseln.c gr_util.c \ hexdump.c humanize_number.c kinfo_getfile.c kinfo_getfile.c \ kinfo_getallproc.c kinfo_getproc.c kinfo_getvmmap.c \ kinfo_getvmobject.c kld.c \ login_auth.c login_cap.c \ login_class.c login_crypt.c login_ok.c login_times.c login_tty.c \ pidfile.c property.c pty.c pw_util.c quotafile.c realhostname.c \ stub.c trimdomain.c uucplock.c INCS= libutil.h login_cap.h CFLAGS+= -DLIBC_SCCS .if ${MK_INET6_SUPPORT} != "no" CFLAGS+= -DINET6 .endif CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../libc/gen/ MAN+= expand_number.3 flopen.3 fparseln.3 hexdump.3 \ humanize_number.3 kinfo_getallproc.3 kinfo_getfile.3 \ kinfo_getproc.3 kinfo_getvmmap.3 kinfo_getvmobject.3 kld.3 \ login_auth.3 login_cap.3 \ login_class.3 login_ok.3 login_times.3 login_tty.3 pidfile.3 \ property.3 pty.3 quotafile.3 realhostname.3 realhostname_sa.3 \ _secure_path.3 trimdomain.3 uucplock.3 pw_util.3 MAN+= login.conf.5 MLINKS+= kld.3 kld_isloaded.3 kld.3 kld_load.3 MLINKS+=login_auth.3 auth_cat.3 login_auth.3 auth_checknologin.3 MLINKS+=login_cap.3 login_close.3 login_cap.3 login_getcapbool.3 \ login_cap.3 login_getcaplist.3 login_cap.3 login_getcapnum.3 \ login_cap.3 login_getcapsize.3 login_cap.3 login_getcapstr.3 \ login_cap.3 login_getcaptime.3 login_cap.3 login_getclass.3 \ login_cap.3 login_getclassbyname.3 login_cap.3 login_getpath.3 \ login_cap.3 login_getpwclass.3 login_cap.3 login_getstyle.3 \ login_cap.3 login_getuserclass.3 login_cap.3 login_setcryptfmt.3 MLINKS+=login_class.3 setclasscontext.3 login_class.3 setclassenvironment.3 \ login_class.3 setclassresources.3 login_class.3 setusercontext.3 MLINKS+=login_ok.3 auth_hostok.3 login_ok.3 auth_timeok.3 \ login_ok.3 auth_ttyok.3 MLINKS+=login_times.3 in_lt.3 login_times.3 in_ltm.3 \ login_times.3 in_ltms.3 \ login_times.3 in_lts.3 \ login_times.3 parse_lt.3 MLINKS+=pidfile.3 pidfile_close.3 \ pidfile.3 pidfile_fileno.3 \ pidfile.3 pidfile_open.3 \ pidfile.3 pidfile_remove.3 \ pidfile.3 pidfile_write.3 MLINKS+= property.3 property_find.3 property.3 properties_free.3 MLINKS+= property.3 properties_read.3 MLINKS+= pty.3 forkpty.3 pty.3 openpty.3 MLINKS+=quotafile.3 quota_close.3 \ quotafile.3 quota_fsname.3 \ quotafile.3 quota_open.3 \ quotafile.3 quota_qfname.3 \ quotafile.3 quota_read.3 \ quotafile.3 quota_statfs.3 \ quotafile.3 quota_write_limits.3 \ quotafile.3 quota_write_usage.3 MLINKS+=uucplock.3 uu_lock.3 uucplock.3 uu_lock_txfr.3 \ uucplock.3 uu_lockerr.3 uucplock.3 uu_unlock.3 MLINKS+=pw_util.3 pw_copy.3 \ pw_util.3 pw_dup.3 \ pw_util.3 pw_edit.3 \ pw_util.3 pw_equal.3 \ pw_util.3 pw_fini.3 \ pw_util.3 pw_init.3 \ pw_util.3 pw_make.3 \ pw_util.3 pw_make_v7.3 \ pw_util.3 pw_mkdb.3 \ + pw_util.3 pw_mkdb2.3 \ pw_util.3 pw_lock.3 \ pw_util.3 pw_scan.3 \ pw_util.3 pw_tempname.3 \ pw_util.3 pw_tmp.3 .if ${MK_TESTS} != "no" SUBDIR+= tests .endif .include Index: head/lib/libutil/libutil.h =================================================================== --- head/lib/libutil/libutil.h (revision 283968) +++ head/lib/libutil/libutil.h (revision 283969) @@ -1,252 +1,256 @@ /* * Copyright (c) 1996 Peter Wemm . * All rights reserved. * Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by * ThinkSec AS and NAI Labs, the Security Research Division of Network * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, is permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _LIBUTIL_H_ #define _LIBUTIL_H_ #include #include #include #ifndef _GID_T_DECLARED typedef __gid_t gid_t; #define _GID_T_DECLARED #endif #ifndef _MODE_T_DECLARED typedef __mode_t mode_t; #define _MODE_T_DECLARED #endif #ifndef _PID_T_DECLARED typedef __pid_t pid_t; #define _PID_T_DECLARED #endif #ifndef _SIZE_T_DECLARED typedef __size_t size_t; #define _SIZE_T_DECLARED #endif #ifndef _UID_T_DECLARED typedef __uid_t uid_t; #define _UID_T_DECLARED #endif #define PROPERTY_MAX_NAME 64 #define PROPERTY_MAX_VALUE 512 /* For properties.c. */ typedef struct _property { struct _property *next; char *name; char *value; } *properties; /* Avoid pulling in all the include files for no need. */ struct in_addr; struct pidfh; struct sockaddr; struct termios; struct winsize; __BEGIN_DECLS char *auth_getval(const char *_name); void clean_environment(const char * const *_white, const char * const *_more_white); int expand_number(const char *_buf, uint64_t *_num); int extattr_namespace_to_string(int _attrnamespace, char **_string); int extattr_string_to_namespace(const char *_string, int *_attrnamespace); int flopen(const char *_path, int _flags, ...); int forkpty(int *_amaster, char *_name, struct termios *_termp, struct winsize *_winp); void hexdump(const void *_ptr, int _length, const char *_hdr, int _flags); int humanize_number(char *_buf, size_t _len, int64_t _number, const char *_suffix, int _scale, int _flags); struct kinfo_file * kinfo_getfile(pid_t _pid, int *_cntp); struct kinfo_vmentry * kinfo_getvmmap(pid_t _pid, int *_cntp); struct kinfo_vmobject * kinfo_getvmobject(int *_cntp); struct kinfo_proc * kinfo_getallproc(int *_cntp); struct kinfo_proc * kinfo_getproc(pid_t _pid); int kld_isloaded(const char *_name); int kld_load(const char *_name); int login_tty(int _fd); int openpty(int *_amaster, int *_aslave, char *_name, struct termios *_termp, struct winsize *_winp); int pidfile_close(struct pidfh *_pfh); int pidfile_fileno(const struct pidfh *_pfh); struct pidfh * pidfile_open(const char *_path, mode_t _mode, pid_t *_pidptr); int pidfile_remove(struct pidfh *_pfh); int pidfile_write(struct pidfh *_pfh); void properties_free(properties _list); char *property_find(properties _list, const char *_name); properties properties_read(int _fd); int realhostname(char *_host, size_t _hsize, const struct in_addr *_ip); int realhostname_sa(char *_host, size_t _hsize, struct sockaddr *_addr, int _addrlen); int _secure_path(const char *_path, uid_t _uid, gid_t _gid); void trimdomain(char *_fullhost, int _hostsize); const char * uu_lockerr(int _uu_lockresult); int uu_lock(const char *_ttyname); int uu_unlock(const char *_ttyname); int uu_lock_txfr(const char *_ttyname, pid_t _pid); /* * Conditionally prototype the following functions if the include * files upon which they depend have been included. */ #ifdef _STDIO_H_ char *fparseln(FILE *_fp, size_t *_len, size_t *_lineno, const char _delim[3], int _flags); #endif #ifdef _PWD_H_ +#define PWDB_NATIVE 0 +#define PWDB_LE 1 +#define PWDB_BE 2 int pw_copy(int _ffd, int _tfd, const struct passwd *_pw, struct passwd *_old_pw); struct passwd *pw_dup(const struct passwd *_pw); int pw_edit(int _notsetuid); int pw_equal(const struct passwd *_pw1, const struct passwd *_pw2); void pw_fini(void); int pw_init(const char *_dir, const char *_master); char *pw_make(const struct passwd *_pw); char *pw_make_v7(const struct passwd *_pw); int pw_mkdb(const char *_user); +int pw_mkdb2(const char *_user, int endian); int pw_lock(void); struct passwd * pw_scan(const char *_line, int _flags); const char * pw_tempname(void); int pw_tmp(int _mfd); #endif #ifdef _GRP_H_ int gr_copy(int __ffd, int _tfd, const struct group *_gr, struct group *_old_gr); struct group * gr_dup(const struct group *_gr); struct group * gr_add(const struct group *_gr, const char *_newmember); int gr_equal(const struct group *_gr1, const struct group *_gr2); void gr_fini(void); int gr_init(const char *_dir, const char *_master); int gr_lock(void); char *gr_make(const struct group *_gr); int gr_mkdb(void); struct group * gr_scan(const char *_line); int gr_tmp(int _mdf); #endif #ifdef _UFS_UFS_QUOTA_H_ struct fstab; struct quotafile; int quota_check_path(const struct quotafile *_qf, const char *_path); void quota_close(struct quotafile *_qf); int quota_convert(struct quotafile *_qf, int _wordsize); const char * quota_fsname(const struct quotafile *_qf); int quota_maxid(struct quotafile *_qf); int quota_off(struct quotafile *_qf); int quota_on(struct quotafile *_qf); struct quotafile * quota_open(struct fstab *_fs, int _quotatype, int _openflags); const char * quota_qfname(const struct quotafile *_qf); int quota_read(struct quotafile *_qf, struct dqblk *_dqb, int _id); int quota_write_limits(struct quotafile *_qf, struct dqblk *_dqb, int _id); int quota_write_usage(struct quotafile *_qf, struct dqblk *_dqb, int _id); #endif __END_DECLS /* fparseln(3) */ #define FPARSELN_UNESCESC 0x01 #define FPARSELN_UNESCCONT 0x02 #define FPARSELN_UNESCCOMM 0x04 #define FPARSELN_UNESCREST 0x08 #define FPARSELN_UNESCALL 0x0f /* Flags for hexdump(3). */ #define HD_COLUMN_MASK 0xff #define HD_DELIM_MASK 0xff00 #define HD_OMIT_COUNT (1 << 16) #define HD_OMIT_HEX (1 << 17) #define HD_OMIT_CHARS (1 << 18) /* Values for humanize_number(3)'s flags parameter. */ #define HN_DECIMAL 0x01 #define HN_NOSPACE 0x02 #define HN_B 0x04 #define HN_DIVISOR_1000 0x08 #define HN_IEC_PREFIXES 0x10 /* Values for humanize_number(3)'s scale parameter. */ #define HN_GETSCALE 0x10 #define HN_AUTOSCALE 0x20 /* Return values from realhostname(). */ #define HOSTNAME_FOUND 0 #define HOSTNAME_INCORRECTNAME 1 #define HOSTNAME_INVALIDADDR 2 #define HOSTNAME_INVALIDNAME 3 /* Flags for pw_scan(). */ #define PWSCAN_MASTER 0x01 #define PWSCAN_WARN 0x02 /* Return values from uu_lock(). */ #define UU_LOCK_INUSE 1 #define UU_LOCK_OK 0 #define UU_LOCK_OPEN_ERR (-1) #define UU_LOCK_READ_ERR (-2) #define UU_LOCK_CREAT_ERR (-3) #define UU_LOCK_WRITE_ERR (-4) #define UU_LOCK_LINK_ERR (-5) #define UU_LOCK_TRY_ERR (-6) #define UU_LOCK_OWNER_ERR (-7) #endif /* !_LIBUTIL_H_ */ Index: head/lib/libutil/pw_util.3 =================================================================== --- head/lib/libutil/pw_util.3 (revision 283968) +++ head/lib/libutil/pw_util.3 (revision 283969) @@ -1,286 +1,308 @@ .\" Copyright (c) 2012 Baptiste Daroussin .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd June 06, 2015 .Dt PW_UTIL 3 .Os .Sh NAME .Nm pw_copy , .Nm pw_dup , .Nm pw_edit , .Nm pw_equal , .Nm pw_fini , .Nm pw_init , .Nm pw_make , .Nm pw_make_v7 , .Nm pw_mkdb , +.Nm pw_mkdb2 , .Nm pw_lock , .Nm pw_scan , .Nm pw_tempname , .Nm pw_tmp .Nd "functions for passwd file handling" .Sh LIBRARY .Lb libutil .Sh SYNOPSIS .In pwd.h .In libutil.h .Ft int .Fn pw_copy "int ffd" "int tfd" "const struct passwd *pw" "struct passwd *oldpw" .Ft "struct passwd *" .Fn pw_dup "const struct passwd *pw" .Ft int .Fn pw_edit "int nosetuid" .Ft int .Fn pw_equal "const struct passwd *pw1" "const struct passwd *pw2" .Ft void .Fn pw_fini "void" .Ft int .Fn pw_init "const char *dir" const char *master" .Ft "char *" .Fn pw_make "const struct passwd *pw" .Ft "char *" .Fn pw_make_v7 "const struct passwd *pw" .Ft int .Fn pw_mkdb "const char *user" .Ft int +.Fn pw_mkdb "const char *user" "int endian" +.Ft int .Fn pw_lock "void" .Ft "struct passwd *" .Fn pw_scan "const char *line" "int flags" .Ft "const char *" .Fn pw_tempname "void" .Ft int .Fn pw_tmp "int mfd" .Sh DESCRIPTION The .Fn pw_copy function reads a password file from .Vt ffd and writes it back out to .Vt tfd possibly with modifications: .Bl -dash .It If .Fa pw is .Dv NULL and .Fa oldpw is not .Dv NULL , then the record represented by .Fa oldpw will not be copied (corresponding to user deletion). .It If .Fa pw and .Fa oldpw are not .Dv NULL then the record corresponding to .Fa pw will be replaced by the record corresponding to .Fa oldpw . .It If .Vt pw is set and .Vt oldpw is .Dv NULL then the record corresponding to .Vt pw will be appended (corresponding to user addition). .El .Pp The .Fn pw_copy function returns -1 in case of failure otherwise 0. .Pp The .Fn pw_dup function duplicates the .Vt struct passwd pointed to by .Fa pw and returns a pointer to the copy, or .Dv NULL in case of failure. The new .Vt struct passwd is allocated with .Xr malloc 3 , and it is the caller's responsibility to free it with .Xr free 3 . .Pp The .Fn pw_edit function invokes the command specified by the .Ev EDITOR environment variable (or .Pa /usr/bin/vi if .Ev EDITOR is not defined) on a temporary copy of the master password file created by .Fn pw_tmp . If the file was modified, .Fn pw_edit installs it and regenerates the password database. The .Fn pw_edit function returns -1 in case of failure, 0 if the file was not modified, and a non-zero positive number if the file was modified and successfully installed. .Pp The .Fn pw_equal function compares two .Vt struct passwd and returns 0 if they are equal. .Pp The .Fn pw_fini function destroy the temporary file created by .Fn pw_tmp if any, kills any running instance of .Ev EDITOR executed by .Fn pw_edit if any, and closes the lock created by .Fn pw_lock if any. .Pp The .Fn pw_init initialize the static variable representing the path a password file. .Fa dir is the directory where the password file is located. If set to .Dv NULL , it will default to .Pa /etc . .Fa master is the name of the password file. If set to .Dv NULL? it will default to .Pa master.passwd .Pp The .Fn pw_make function creates a properly formatted .Bx .Xr passwd 5 line from a .Vt struct passwd , and returns a pointer to the resulting string. The string is allocated with .Xr malloc 3 , and it is the caller's responsibility to free it with .Xr free 3 . .Pp The .Fn pw_make_v7 function creates a properly formatted .Ux V7 .Xr passwd 5 line from a .Vt struct passwd , and returns a pointer to the resulting string. The string is allocated with .Xr malloc 3 , and it is the caller's responsibility to free it with .Xr free 3 . .Pp The .Fn pw_mkdb function regenerates the password database by running .Xr pwd_mkdb 8 . If .Fa user -only the record corresponding to that user will be updated. +is set, only the record corresponding to that user will be updated. The .Fn pw_mkdb function returns 0 in case of success and -1 in case of failure. +.Pp +.Fn pw_mkdb2 +function regenerates the password database by running +.Xr pwd_mkdb 8 . +If +.Fa user +is set, only the record corresponding to that user will be updated. +.Pp +The +.Fa endian +variable can take the following values +.Bl -tag -width PWDB_NATIVE +.It Dv PWDB_NATIVE +the database will be generated in host native endianness. +.It Dv PWDB_LE +the database will be generated in Little-endian. +.It Dv PWDB_BE +the database will be generated in Big-endian. +.El .Pp The .Fn pw_lock function locks the master password file. It returns 0 in case of success and -1 in case of failure. .Pp The .Fn pw_scan function is a wrapper around the internal libc function .Fn __pw_scan . It scans the master password file for a line corresponding to the .Fa line provided and return a .Vt struct passwd if it matched an existing record. In case of failure, it returns .Dv NULL . Otherwise, it returns a pointer to a .Vt struct passwd containing the matching record. The .Vt struct passwd is allocated with .Xr malloc 3 , and it is the caller's responsibility to free it with .Xr free 3 . .Pp The .Fn pw_tempname function returns the temporary name of the masterfile created via .Fn pw_tmp . .Pp The .Fn pw_tmp creates and opens a presumably safe temporary password file. If .Fa mfd is a file descriptor to an open password file, it will be read and written back to the temporary password file. Otherwise if should be set -1. The .Fn pw_tmp returns an open file descriptor to the temporary password file or -1 in case of failure. .Sh AUTHORS Portions of this software were developed for the .Fx Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Pp This manual page was written by .An Baptiste Daroussin Aq Mt bapt@FreeBSD.org . Index: head/lib/libutil/pw_util.c =================================================================== --- head/lib/libutil/pw_util.c (revision 283968) +++ head/lib/libutil/pw_util.c (revision 283969) @@ -1,664 +1,686 @@ /*- * Copyright (c) 1990, 1993, 1994 * The Regents of the University of California. All rights reserved. * Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by * ThinkSec AS and NAI Labs, the Security Research Division of Network * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint #if 0 static const char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; #endif static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ /* * This file is used by all the "password" programs; vipw(8), chpass(1), * and passwd(1). */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "libutil.h" static pid_t editpid = -1; static int lockfd = -1; static char masterpasswd[PATH_MAX]; static char passwd_dir[PATH_MAX]; static char tempname[PATH_MAX]; static int initialized; #if 0 void pw_cont(int sig) { if (editpid != -1) kill(editpid, sig); } #endif /* * Initialize statics and set limits, signals & umask to try to avoid * interruptions, crashes etc. that might expose passord data. */ int pw_init(const char *dir, const char *master) { #if 0 struct rlimit rlim; #endif if (dir == NULL) { strcpy(passwd_dir, _PATH_ETC); } else { if (strlen(dir) >= sizeof(passwd_dir)) { errno = ENAMETOOLONG; return (-1); } strcpy(passwd_dir, dir); } if (master == NULL) { if (dir == NULL) { strcpy(masterpasswd, _PATH_MASTERPASSWD); } else if (snprintf(masterpasswd, sizeof(masterpasswd), "%s/%s", passwd_dir, _MASTERPASSWD) > (int)sizeof(masterpasswd)) { errno = ENAMETOOLONG; return (-1); } } else { if (strlen(master) >= sizeof(masterpasswd)) { errno = ENAMETOOLONG; return (-1); } strcpy(masterpasswd, master); } /* * The code that follows is extremely disruptive to the calling * process, and is therefore disabled until someone can conceive * of a realistic scenario where it would fend off a compromise. * Race conditions concerning the temporary files can be guarded * against in other ways than masking signals (by checking stat(2) * results after creation). */ #if 0 /* Unlimited resource limits. */ rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY; (void)setrlimit(RLIMIT_CPU, &rlim); (void)setrlimit(RLIMIT_FSIZE, &rlim); (void)setrlimit(RLIMIT_STACK, &rlim); (void)setrlimit(RLIMIT_DATA, &rlim); (void)setrlimit(RLIMIT_RSS, &rlim); /* Don't drop core (not really necessary, but GP's). */ rlim.rlim_cur = rlim.rlim_max = 0; (void)setrlimit(RLIMIT_CORE, &rlim); /* Turn off signals. */ (void)signal(SIGALRM, SIG_IGN); (void)signal(SIGHUP, SIG_IGN); (void)signal(SIGINT, SIG_IGN); (void)signal(SIGPIPE, SIG_IGN); (void)signal(SIGQUIT, SIG_IGN); (void)signal(SIGTERM, SIG_IGN); (void)signal(SIGCONT, pw_cont); /* Create with exact permissions. */ (void)umask(0); #endif initialized = 1; return (0); } /* * Lock the master password file. */ int pw_lock(void) { if (*masterpasswd == '\0') return (-1); /* * If the master password file doesn't exist, the system is hosed. * Might as well try to build one. Set the close-on-exec bit so * that users can't get at the encrypted passwords while editing. * Open should allow flock'ing the file; see 4.4BSD. XXX */ for (;;) { struct stat st; lockfd = flopen(masterpasswd, O_RDONLY|O_NONBLOCK|O_CLOEXEC, 0); if (lockfd == -1) { if (errno == EWOULDBLOCK) { errx(1, "the password db file is busy"); } else { err(1, "could not lock the passwd file: "); } } /* * If the password file was replaced while we were trying to * get the lock, our hardlink count will be 0 and we have to * close and retry. */ if (fstat(lockfd, &st) == -1) err(1, "fstat() failed: "); if (st.st_nlink != 0) break; close(lockfd); lockfd = -1; } return (lockfd); } /* * Create and open a presumably safe temp file for editing the password * data, and copy the master password file into it. */ int pw_tmp(int mfd) { char buf[8192]; ssize_t nr; const char *p; int tfd; if (*masterpasswd == '\0') return (-1); if ((p = strrchr(masterpasswd, '/'))) ++p; else p = masterpasswd; if (snprintf(tempname, sizeof(tempname), "%.*spw.XXXXXX", (int)(p - masterpasswd), masterpasswd) >= (int)sizeof(tempname)) { errno = ENAMETOOLONG; return (-1); } if ((tfd = mkstemp(tempname)) == -1) return (-1); if (mfd != -1) { while ((nr = read(mfd, buf, sizeof(buf))) > 0) if (write(tfd, buf, (size_t)nr) != nr) break; if (nr != 0) { unlink(tempname); *tempname = '\0'; close(tfd); return (-1); } } return (tfd); } +int +pw_mkdb(const char *user) +{ + + return (pw_mkdb2(user, PWDB_NATIVE)); +} + /* * Regenerate the password database. */ int -pw_mkdb(const char *user) +pw_mkdb2(const char *user, int endian) { int pstat; pid_t pid; + const char *arg; + switch (endian) { + case PWDB_NATIVE: + arg = "-p"; + break; + case PWDB_LE: + arg = "-pL"; + break; + case PWDB_BE: + arg = "-pB"; + break; + default: + return (-1); + } + (void)fflush(stderr); switch ((pid = fork())) { case -1: return (-1); case 0: /* child */ if (user == NULL) - execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", + execl(_PATH_PWD_MKDB, "pwd_mkdb", arg, "-d", passwd_dir, tempname, (char *)NULL); else - execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", + execl(_PATH_PWD_MKDB, "pwd_mkdb", arg, "-d", passwd_dir, "-u", user, tempname, (char *)NULL); _exit(1); /* NOTREACHED */ default: /* parent */ break; } if (waitpid(pid, &pstat, 0) == -1) return (-1); if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0) return (0); errno = 0; return (-1); } /* * Edit the temp file. Return -1 on error, >0 if the file was modified, 0 * if it was not. */ int pw_edit(int notsetuid) { struct sigaction sa, sa_int, sa_quit; sigset_t oldsigset, nsigset; struct stat st1, st2; const char *editor; int pstat; if ((editor = getenv("EDITOR")) == NULL) editor = _PATH_VI; if (stat(tempname, &st1) == -1) return (-1); sa.sa_handler = SIG_IGN; sigemptyset(&sa.sa_mask); sa.sa_flags = 0; sigaction(SIGINT, &sa, &sa_int); sigaction(SIGQUIT, &sa, &sa_quit); sigemptyset(&nsigset); sigaddset(&nsigset, SIGCHLD); sigprocmask(SIG_BLOCK, &nsigset, &oldsigset); switch ((editpid = fork())) { case -1: return (-1); case 0: sigaction(SIGINT, &sa_int, NULL); sigaction(SIGQUIT, &sa_quit, NULL); sigprocmask(SIG_SETMASK, &oldsigset, NULL); if (notsetuid) { (void)setgid(getgid()); (void)setuid(getuid()); } errno = 0; execlp(editor, basename(editor), tempname, (char *)NULL); _exit(errno); default: /* parent */ break; } for (;;) { if (waitpid(editpid, &pstat, WUNTRACED) == -1) { if (errno == EINTR) continue; unlink(tempname); editpid = -1; break; } else if (WIFSTOPPED(pstat)) { raise(WSTOPSIG(pstat)); } else if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0) { editpid = -1; break; } else { unlink(tempname); editpid = -1; break; } } sigaction(SIGINT, &sa_int, NULL); sigaction(SIGQUIT, &sa_quit, NULL); sigprocmask(SIG_SETMASK, &oldsigset, NULL); if (stat(tempname, &st2) == -1) return (-1); return (st1.st_mtim.tv_sec != st2.st_mtim.tv_sec || st1.st_mtim.tv_nsec != st2.st_mtim.tv_nsec); } /* * Clean up. Preserve errno for the caller's convenience. */ void pw_fini(void) { int serrno, status; if (!initialized) return; initialized = 0; serrno = errno; if (editpid != -1) { kill(editpid, SIGTERM); kill(editpid, SIGCONT); waitpid(editpid, &status, 0); editpid = -1; } if (*tempname != '\0') { unlink(tempname); *tempname = '\0'; } if (lockfd != -1) close(lockfd); errno = serrno; } /* * Compares two struct pwds. */ int pw_equal(const struct passwd *pw1, const struct passwd *pw2) { return (strcmp(pw1->pw_name, pw2->pw_name) == 0 && pw1->pw_uid == pw2->pw_uid && pw1->pw_gid == pw2->pw_gid && strcmp(pw1->pw_class, pw2->pw_class) == 0 && pw1->pw_change == pw2->pw_change && pw1->pw_expire == pw2->pw_expire && strcmp(pw1->pw_gecos, pw2->pw_gecos) == 0 && strcmp(pw1->pw_dir, pw2->pw_dir) == 0 && strcmp(pw1->pw_shell, pw2->pw_shell) == 0); } /* * Make a passwd line out of a struct passwd. */ char * pw_make(const struct passwd *pw) { char *line; asprintf(&line, "%s:%s:%ju:%ju:%s:%ju:%ju:%s:%s:%s", pw->pw_name, pw->pw_passwd, (uintmax_t)pw->pw_uid, (uintmax_t)pw->pw_gid, pw->pw_class, (uintmax_t)pw->pw_change, (uintmax_t)pw->pw_expire, pw->pw_gecos, pw->pw_dir, pw->pw_shell); return (line); } /* * Make a passwd line (in v7 format) out of a struct passwd */ char * pw_make_v7(const struct passwd *pw) { char *line; asprintf(&line, "%s:*:%ju:%ju:%s:%s:%s", pw->pw_name, (uintmax_t)pw->pw_uid, (uintmax_t)pw->pw_gid, pw->pw_gecos, pw->pw_dir, pw->pw_shell); return (line); } /* * Copy password file from one descriptor to another, replacing, deleting * or adding a single record on the way. */ int pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw) { char buf[8192], *end, *line, *p, *q, *r, t; struct passwd *fpw; const struct passwd *spw; size_t len; int eof, readlen; if (old_pw == NULL && pw == NULL) return (-1); spw = old_pw; /* deleting a user */ if (pw == NULL) { line = NULL; } else { if ((line = pw_make(pw)) == NULL) return (-1); } /* adding a user */ if (spw == NULL) spw = pw; eof = 0; len = 0; p = q = end = buf; for (;;) { /* find the end of the current line */ for (p = q; q < end && *q != '\0'; ++q) if (*q == '\n') break; /* if we don't have a complete line, fill up the buffer */ if (q >= end) { if (eof) break; if ((size_t)(q - p) >= sizeof(buf)) { warnx("passwd line too long"); errno = EINVAL; /* hack */ goto err; } if (p < end) { q = memmove(buf, p, end - p); end -= p - buf; } else { p = q = end = buf; } readlen = read(ffd, end, sizeof(buf) - (end - buf)); if (readlen == -1) goto err; else len = (size_t)readlen; if (len == 0 && p == buf) break; end += len; len = end - buf; if (len < (ssize_t)sizeof(buf)) { eof = 1; if (len > 0 && buf[len - 1] != '\n') ++len, *end++ = '\n'; } continue; } /* is it a blank line or a comment? */ for (r = p; r < q && isspace(*r); ++r) /* nothing */ ; if (r == q || *r == '#') { /* yep */ if (write(tfd, p, q - p + 1) != q - p + 1) goto err; ++q; continue; } /* is it the one we're looking for? */ t = *q; *q = '\0'; fpw = pw_scan(r, PWSCAN_MASTER); /* * fpw is either the struct passwd for the current line, * or NULL if the line is malformed. */ *q = t; if (fpw == NULL || strcmp(fpw->pw_name, spw->pw_name) != 0) { /* nope */ if (fpw != NULL) free(fpw); if (write(tfd, p, q - p + 1) != q - p + 1) goto err; ++q; continue; } if (old_pw && !pw_equal(fpw, old_pw)) { warnx("entry inconsistent"); free(fpw); errno = EINVAL; /* hack */ goto err; } free(fpw); /* it is, replace or remove it */ if (line != NULL) { len = strlen(line); if (write(tfd, line, len) != (int)len) goto err; } else { /* when removed, avoid the \n */ q++; } /* we're done, just copy the rest over */ for (;;) { if (write(tfd, q, end - q) != end - q) goto err; q = buf; readlen = read(ffd, buf, sizeof(buf)); if (readlen == 0) break; else len = (size_t)readlen; if (readlen == -1) goto err; end = buf + len; } goto done; } /* if we got here, we didn't find the old entry */ if (line == NULL) { errno = ENOENT; goto err; } len = strlen(line); if ((size_t)write(tfd, line, len) != len || write(tfd, "\n", 1) != 1) goto err; done: if (line != NULL) free(line); return (0); err: if (line != NULL) free(line); return (-1); } /* * Return the current value of tempname. */ const char * pw_tempname(void) { return (tempname); } /* * Duplicate a struct passwd. */ struct passwd * pw_dup(const struct passwd *pw) { char *dst; struct passwd *npw; ssize_t len; len = sizeof(*npw); if (pw->pw_name != NULL) len += strlen(pw->pw_name) + 1; if (pw->pw_passwd != NULL) len += strlen(pw->pw_passwd) + 1; if (pw->pw_class != NULL) len += strlen(pw->pw_class) + 1; if (pw->pw_gecos != NULL) len += strlen(pw->pw_gecos) + 1; if (pw->pw_dir != NULL) len += strlen(pw->pw_dir) + 1; if (pw->pw_shell != NULL) len += strlen(pw->pw_shell) + 1; if ((npw = malloc((size_t)len)) == NULL) return (NULL); memcpy(npw, pw, sizeof(*npw)); dst = (char *)npw + sizeof(*npw); if (pw->pw_name != NULL) { npw->pw_name = dst; dst = stpcpy(npw->pw_name, pw->pw_name) + 1; } if (pw->pw_passwd != NULL) { npw->pw_passwd = dst; dst = stpcpy(npw->pw_passwd, pw->pw_passwd) + 1; } if (pw->pw_class != NULL) { npw->pw_class = dst; dst = stpcpy(npw->pw_class, pw->pw_class) + 1; } if (pw->pw_gecos != NULL) { npw->pw_gecos = dst; dst = stpcpy(npw->pw_gecos, pw->pw_gecos) + 1; } if (pw->pw_dir != NULL) { npw->pw_dir = dst; dst = stpcpy(npw->pw_dir, pw->pw_dir) + 1; } if (pw->pw_shell != NULL) { npw->pw_shell = dst; dst = stpcpy(npw->pw_shell, pw->pw_shell) + 1; } return (npw); } #include "pw_scan.h" /* * Wrapper around an internal libc function */ struct passwd * pw_scan(const char *line, int flags) { struct passwd pw, *ret; char *bp; if ((bp = strdup(line)) == NULL) return (NULL); if (!__pw_scan(bp, &pw, flags)) { free(bp); return (NULL); } ret = pw_dup(&pw); free(bp); return (ret); }