Index: head/usr.sbin/pw/pw.c =================================================================== --- head/usr.sbin/pw/pw.c (revision 285317) +++ head/usr.sbin/pw/pw.c (revision 285318) @@ -1,587 +1,588 @@ /*- * Copyright (C) 1996 * David L. Nugent. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ #include #include #include #include #include #include #include "pw.h" #if !defined(_PATH_YP) #define _PATH_YP "/var/yp/" #endif const char *Modes[] = { "add", "del", "mod", "show", "next", NULL}; const char *Which[] = {"user", "group", NULL}; static const char *Combo1[] = { "useradd", "userdel", "usermod", "usershow", "usernext", "lock", "unlock", "groupadd", "groupdel", "groupmod", "groupshow", "groupnext", NULL}; static const char *Combo2[] = { "adduser", "deluser", "moduser", "showuser", "nextuser", "lock", "unlock", "addgroup", "delgroup", "modgroup", "showgroup", "nextgroup", NULL}; struct pwf PWF = { PWF_REGULAR, setpwent, endpwent, getpwent, getpwuid, getpwnam, setgrent, endgrent, getgrent, getgrgid, getgrnam, }; struct pwf VPWF = { PWF_ALT, vsetpwent, vendpwent, vgetpwent, vgetpwuid, vgetpwnam, vsetgrent, vendgrent, vgetgrent, vgetgrgid, vgetgrnam, }; struct pwconf conf; static struct cargs arglist; static int getindex(const char *words[], const char *word); static void cmdhelp(int mode, int which); int main(int argc, char *argv[]) { int ch; int mode = -1; int which = -1; long id = -1; char *config = NULL; struct stat st; const char *errstr; char arg, *name; bool relocated, nis; static const char *opts[W_NUM][M_NUM] = { { /* user */ "R:V:C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y", "R:V:C:qn:u:rY", "R:V:C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:FNPY", "R:V:C:qn:u:FPa7", "R:V:C:q", "R:V:C:q", "R:V:C:q" }, { /* grp */ "R:V:C:qn:g:h:H:M:opNPY", "R:V:C:qn:g:Y", "R:V:C:qn:d:g:l:h:H:FM:m:NPY", "R:V:C:qn:g:FPa", "R:V:C:q" } }; static int (*funcs[W_NUM]) (int _mode, char *_name, long _id, struct cargs * _args) = { /* Request handlers */ pw_user, pw_group }; name = NULL; relocated = nis = false; memset(&conf, 0, sizeof(conf)); strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath)); conf.fd = -1; LIST_INIT(&arglist); (void)setlocale(LC_ALL, ""); /* * Break off the first couple of words to determine what exactly * we're being asked to do */ while (argc > 1) { int tmp; if (*argv[1] == '-') { /* * Special case, allow pw -V [args] for scripts etc. */ arg = argv[1][1]; if (arg == 'V' || arg == 'R') { if (relocated) errx(EXIT_FAILURE, "Both '-R' and '-V' " "specified, only one accepted"); relocated = true; optarg = &argv[1][2]; if (*optarg == '\0') { if (stat(argv[2], &st) != 0) errx(EX_OSFILE, \ "no such directory `%s'", argv[2]); if (!S_ISDIR(st.st_mode)) errx(EX_OSFILE, "`%s' not a " "directory", argv[2]); optarg = argv[2]; ++argv; --argc; } memcpy(&PWF, &VPWF, sizeof PWF); if (arg == 'R') { strlcpy(conf.rootdir, optarg, sizeof(conf.rootdir)); PWF._altdir = PWF_ROOTDIR; } snprintf(conf.etcpath, sizeof(conf.etcpath), "%s%s", optarg, arg == 'R' ? "/etc" : ""); } else break; } else if (mode == -1 && (tmp = getindex(Modes, argv[1])) != -1) mode = tmp; else if (which == -1 && (tmp = getindex(Which, argv[1])) != -1) which = tmp; else if ((mode == -1 && which == -1) && ((tmp = getindex(Combo1, argv[1])) != -1 || (tmp = getindex(Combo2, argv[1])) != -1)) { which = tmp / M_NUM; mode = tmp % M_NUM; } else if (strcmp(argv[1], "help") == 0 && argv[2] == NULL) cmdhelp(mode, which); else if (which != -1 && mode != -1) { if (strspn(argv[1], "0123456789") == strlen(argv[1])) { id = strtonum(argv[1], 0, LONG_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", argv[1], errstr); } else name = argv[1]; } else errx(EX_USAGE, "unknown keyword `%s'", argv[1]); ++argv; --argc; } /* * Bail out unless the user is specific! */ if (mode == -1 || which == -1) cmdhelp(mode, which); + conf.which = which; /* * We know which mode we're in and what we're about to do, so now * let's dispatch the remaining command line args in a genric way. */ optarg = NULL; while ((ch = getopt(argc, argv, opts[which][mode])) != -1) { switch (ch) { case '?': errx(EX_USAGE, "unknown switch"); break; case '7': conf.v7 = true; break; case 'C': conf.config = optarg; config = conf.config; break; case 'N': conf.dryrun = true; break; case 'l': if (strlen(optarg) >= MAXLOGNAME) errx(EX_USAGE, "new name too long: %s", optarg); conf.newname = optarg; break; case 'P': conf.pretty = true; break; case 'Y': nis = true; break; case 'g': if (which == 0) { /* for user* */ addarg(&arglist, 'g', optarg); break; } if (strspn(optarg, "0123456789") != strlen(optarg)) errx(EX_USAGE, "-g expects a number"); id = strtonum(optarg, 0, LONG_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); break; case 'u': if (strspn(optarg, "0123456789,") != strlen(optarg)) errx(EX_USAGE, "-u expects a number"); if (strchr(optarg, ',') != NULL) { addarg(&arglist, 'u', optarg); break; } id = strtonum(optarg, 0, LONG_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); break; case 'n': if (strspn(optarg, "0123456789") != strlen(optarg)) { name = optarg; break; } id = strtonum(optarg, 0, LONG_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); break; case 'H': if (conf.fd != -1) errx(EX_USAGE, "'-h' and '-H' are mutually " "exclusive options"); conf.precrypted = true; if (strspn(optarg, "0123456789") != strlen(optarg)) errx(EX_USAGE, "'-H' expects a file descriptor"); conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad file descriptor '%s': %s", optarg, errstr); break; case 'h': if (conf.fd != -1) errx(EX_USAGE, "'-h' and '-H' are mutually " "exclusive options"); if (strcmp(optarg, "-") == 0) conf.fd = '-'; else if (strspn(optarg, "0123456789") == strlen(optarg)) { conf.fd = strtonum(optarg, 0, INT_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "'-h' expects a " "file descriptor or '-'"); } else errx(EX_USAGE, "'-h' expects a file " "descriptor or '-'"); break; case 'o': conf.checkduplicate = true; break; default: addarg(&arglist, ch, optarg); break; } optarg = NULL; } if (name != NULL && strlen(name) >= MAXLOGNAME) errx(EX_USAGE, "name too long: %s", name); /* * Must be root to attempt an update */ if (geteuid() != 0 && mode != M_PRINT && mode != M_NEXT && !conf.dryrun) errx(EX_NOPERM, "you must be root to run this program"); /* * We should immediately look for the -q 'quiet' switch so that we * don't bother with extraneous errors */ if (getarg(&arglist, 'q') != NULL) freopen(_PATH_DEVNULL, "w", stderr); /* * Set our base working path if not overridden */ if (config == NULL) { /* Only override config location if -C not specified */ asprintf(&config, "%s/pw.conf", conf.etcpath); if (config == NULL) errx(EX_OSERR, "out of memory"); } /* * Now, let's do the common initialisation */ conf.userconf = read_userconfig(config); ch = funcs[which] (mode, name, id, &arglist); /* * If everything went ok, and we've been asked to update * the NIS maps, then do it now */ if (ch == EXIT_SUCCESS && nis) { pid_t pid; fflush(NULL); if (chdir(_PATH_YP) == -1) warn("chdir(" _PATH_YP ")"); else if ((pid = fork()) == -1) warn("fork()"); else if (pid == 0) { /* Is make anywhere else? */ execlp("/usr/bin/make", "make", (char *)NULL); _exit(1); } else { int i; waitpid(pid, &i, 0); if ((i = WEXITSTATUS(i)) != 0) errx(ch, "make exited with status %d", i); else pw_log(conf.userconf, mode, which, "NIS maps updated"); } } return ch; } static int getindex(const char *words[], const char *word) { int i = 0; while (words[i]) { if (strcmp(words[i], word) == 0) return i; i++; } return -1; } /* * This is probably an overkill for a cmdline help system, but it reflects * the complexity of the command line. */ static void cmdhelp(int mode, int which) { if (which == -1) fprintf(stderr, "usage:\n pw [user|group|lock|unlock] [add|del|mod|show|next] [help|switches/values]\n"); else if (mode == -1) fprintf(stderr, "usage:\n pw %s [add|del|mod|show|next] [help|switches/values]\n", Which[which]); else { /* * We need to give mode specific help */ static const char *help[W_NUM][M_NUM] = { { "usage: pw useradd [name] [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-C config configuration file\n" "\t-q quiet operation\n" " Adding users:\n" "\t-n name login name\n" "\t-u uid user id\n" "\t-c comment user name/comment\n" "\t-d directory home directory\n" "\t-e date account expiry date\n" "\t-p date password expiry date\n" "\t-g grp initial group\n" "\t-G grp1,grp2 additional groups\n" "\t-m [ -k dir ] create and set up home\n" "\t-M mode home directory permissions\n" "\t-s shell name of login shell\n" "\t-o duplicate uid ok\n" "\t-L class user class\n" "\t-h fd read password on fd\n" "\t-H fd read encrypted password on fd\n" "\t-Y update NIS maps\n" "\t-N no update\n" " Setting defaults:\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-D set user defaults\n" "\t-b dir default home root dir\n" "\t-e period default expiry period\n" "\t-p period default password change period\n" "\t-g group default group\n" "\t-G grp1,grp2 additional groups\n" "\t-L class default user class\n" "\t-k dir default home skeleton\n" "\t-M mode home directory permissions\n" "\t-u min,max set min,max uids\n" "\t-i min,max set min,max gids\n" "\t-w method set default password method\n" "\t-s shell default shell\n" "\t-y path set NIS passwd file path\n", "usage: pw userdel [uid|name] [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-n name login name\n" "\t-u uid user id\n" "\t-Y update NIS maps\n" "\t-r remove home & contents\n", "usage: pw usermod [uid|name] [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-C config configuration file\n" "\t-q quiet operation\n" "\t-F force add if no user\n" "\t-n name login name\n" "\t-u uid user id\n" "\t-c comment user name/comment\n" "\t-d directory home directory\n" "\t-e date account expiry date\n" "\t-p date password expiry date\n" "\t-g grp initial group\n" "\t-G grp1,grp2 additional groups\n" "\t-l name new login name\n" "\t-L class user class\n" "\t-m [ -k dir ] create and set up home\n" "\t-M mode home directory permissions\n" "\t-s shell name of login shell\n" "\t-w method set new password using method\n" "\t-h fd read password on fd\n" "\t-H fd read encrypted password on fd\n" "\t-Y update NIS maps\n" "\t-N no update\n", "usage: pw usershow [uid|name] [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-n name login name\n" "\t-u uid user id\n" "\t-F force print\n" "\t-P prettier format\n" "\t-a print all users\n" "\t-7 print in v7 format\n", "usage: pw usernext [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-C config configuration file\n" "\t-q quiet operation\n", "usage pw: lock [switches]\n" "\t-V etcdir alternate /etc locations\n" "\t-C config configuration file\n" "\t-q quiet operation\n", "usage pw: unlock [switches]\n" "\t-V etcdir alternate /etc locations\n" "\t-C config configuration file\n" "\t-q quiet operation\n" }, { "usage: pw groupadd [group|gid] [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-C config configuration file\n" "\t-q quiet operation\n" "\t-n group group name\n" "\t-g gid group id\n" "\t-M usr1,usr2 add users as group members\n" "\t-o duplicate gid ok\n" "\t-Y update NIS maps\n" "\t-N no update\n", "usage: pw groupdel [group|gid] [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-n name group name\n" "\t-g gid group id\n" "\t-Y update NIS maps\n", "usage: pw groupmod [group|gid] [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-C config configuration file\n" "\t-q quiet operation\n" "\t-F force add if not exists\n" "\t-n name group name\n" "\t-g gid group id\n" "\t-M usr1,usr2 replaces users as group members\n" "\t-m usr1,usr2 add users as group members\n" "\t-d usr1,usr2 delete users as group members\n" "\t-l name new group name\n" "\t-Y update NIS maps\n" "\t-N no update\n", "usage: pw groupshow [group|gid] [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-n name group name\n" "\t-g gid group id\n" "\t-F force print\n" "\t-P prettier format\n" "\t-a print all accounting groups\n", "usage: pw groupnext [switches]\n" "\t-V etcdir alternate /etc location\n" "\t-R rootir alternate root directory\n" "\t-C config configuration file\n" "\t-q quiet operation\n" } }; fprintf(stderr, "%s", help[which][mode]); } exit(EXIT_FAILURE); } struct carg * getarg(struct cargs * _args, int ch) { struct carg *c = LIST_FIRST(_args); while (c != NULL && c->ch != ch) c = LIST_NEXT(c, list); return c; } struct carg * addarg(struct cargs * _args, int ch, char *argstr) { struct carg *ca = malloc(sizeof(struct carg)); if (ca == NULL) errx(EX_OSERR, "out of memory"); ca->ch = ch; ca->val = argstr; LIST_INSERT_HEAD(_args, ca, list); return ca; } Index: head/usr.sbin/pw/pw_group.c =================================================================== --- head/usr.sbin/pw/pw_group.c (revision 285317) +++ head/usr.sbin/pw/pw_group.c (revision 285318) @@ -1,422 +1,422 @@ /*- * Copyright (C) 1996 * David L. Nugent. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ #include #include #include #include #include #include #include #include "pw.h" #include "bitmap.h" static struct passwd *lookup_pwent(const char *user); static void delete_members(char ***members, int *grmembers, int *i, struct carg *arg, struct group *grp); static int print_group(struct group * grp); static gid_t gr_gidpolicy(struct userconf * cnf, long id); static void set_passwd(struct group *grp, bool update) { int b; int istty; struct termios t, n; char *p, line[256]; if (conf.fd == '-') { grp->gr_passwd = "*"; /* No access */ return; } if ((istty = isatty(conf.fd))) { n = t; /* Disable echo */ n.c_lflag &= ~(ECHO); tcsetattr(conf.fd, TCSANOW, &n); printf("%sassword for group %s:", update ? "New p" : "P", grp->gr_name); fflush(stdout); } b = read(conf.fd, line, sizeof(line) - 1); if (istty) { /* Restore state */ tcsetattr(conf.fd, TCSANOW, &t); fputc('\n', stdout); fflush(stdout); } if (b < 0) err(EX_OSERR, "-h file descriptor"); line[b] = '\0'; if ((p = strpbrk(line, " \t\r\n")) != NULL) *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", conf.fd); if (conf.precrypted) { if (strchr(line, ':') != 0) errx(EX_DATAERR, "wrong encrypted passwrd"); grp->gr_passwd = line; } else grp->gr_passwd = pw_pwcrypt(line); } int pw_group(int mode, char *name, long id, struct cargs * args) { int rc; struct carg *arg; struct group *grp = NULL; int grmembers = 0; char **members = NULL; struct userconf *cnf = conf.userconf; static struct group fakegroup = { "nogroup", "*", -1, NULL }; if (mode == M_LOCK || mode == M_UNLOCK) errx(EX_USAGE, "'lock' command is not available for groups"); /* * With M_NEXT, we only need to return the * next gid to stdout */ if (mode == M_NEXT) { gid_t next = gr_gidpolicy(cnf, id); if (getarg(args, 'q')) return next; printf("%u\n", next); return EXIT_SUCCESS; } if (mode == M_PRINT && getarg(args, 'a')) { SETGRENT(); while ((grp = GETGRENT()) != NULL) print_group(grp); ENDGRENT(); return EXIT_SUCCESS; } if (id < 0 && name == NULL) errx(EX_DATAERR, "group name or id required"); grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id); if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) { if (name == NULL && grp == NULL) /* Try harder */ grp = GETGRGID(id); if (grp == NULL) { if (mode == M_PRINT && getarg(args, 'F')) { char *fmems[1]; fmems[0] = NULL; fakegroup.gr_name = name ? name : "nogroup"; fakegroup.gr_gid = (gid_t) id; fakegroup.gr_mem = fmems; return print_group(&fakegroup); } if (name == NULL) errx(EX_DATAERR, "unknown group `%s'", name); else errx(EX_DATAERR, "unknown group `%ld'", id); } if (name == NULL) /* Needed later */ name = grp->gr_name; /* * Handle deletions now */ if (mode == M_DELETE) { rc = delgrent(grp); if (rc == -1) err(EX_IOERR, "group '%s' not available (NIS?)", name); else if (rc != 0) { err(EX_IOERR, "group update"); } pw_log(cnf, mode, W_GROUP, "%s(%ld) removed", name, id); return EXIT_SUCCESS; } else if (mode == M_PRINT) return print_group(grp); if (id > 0) grp->gr_gid = (gid_t) id; if (conf.newname != NULL) grp->gr_name = pw_checkname(conf.newname, 0); } else { if (name == NULL) /* Required */ errx(EX_DATAERR, "group name required"); else if (grp != NULL) /* Exists */ errx(EX_DATAERR, "group name `%s' already exists", name); extendarray(&members, &grmembers, 200); members[0] = NULL; grp = &fakegroup; grp->gr_name = pw_checkname(name, 0); grp->gr_passwd = "*"; grp->gr_gid = gr_gidpolicy(cnf, id); grp->gr_mem = members; } /* * This allows us to set a group password Group passwords is an * antique idea, rarely used and insecure (no secure database) Should * be discouraged, but it is apparently still supported by some * software. */ - if (conf.fd != -1) + if (conf.which == W_GROUP && conf.fd != -1) set_passwd(grp, mode == M_UPDATE); if (((arg = getarg(args, 'M')) != NULL || (arg = getarg(args, 'd')) != NULL || (arg = getarg(args, 'm')) != NULL) && arg->val) { int i = 0; char *p; struct passwd *pwd; /* Make sure this is not stay NULL with -M "" */ extendarray(&members, &grmembers, 200); if (arg->ch == 'd') delete_members(&members, &grmembers, &i, arg, grp); else if (arg->ch == 'm') { int k = 0; if (grp->gr_mem != NULL) { while (grp->gr_mem[k] != NULL) { if (extendarray(&members, &grmembers, i + 2) != -1) members[i++] = grp->gr_mem[k]; k++; } } } if (arg->ch != 'd') for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { int j; /* * Check for duplicates */ pwd = lookup_pwent(p); for (j = 0; j < i && strcmp(members[j], pwd->pw_name) != 0; j++) ; if (j == i && extendarray(&members, &grmembers, i + 2) != -1) members[i++] = newstr(pwd->pw_name); } while (i < grmembers) members[i++] = NULL; grp->gr_mem = members; } if (conf.dryrun) return print_group(grp); if (mode == M_ADD && (rc = addgrent(grp)) != 0) { if (rc == -1) errx(EX_IOERR, "group '%s' already exists", grp->gr_name); else err(EX_IOERR, "group update"); } else if (mode == M_UPDATE && (rc = chggrent(name, grp)) != 0) { if (rc == -1) errx(EX_IOERR, "group '%s' not available (NIS?)", grp->gr_name); else err(EX_IOERR, "group update"); } if (conf.newname != NULL) name = conf.newname; /* grp may have been invalidated */ if ((grp = GETGRNAM(name)) == NULL) errx(EX_SOFTWARE, "group disappeared during update"); pw_log(cnf, mode, W_GROUP, "%s(%u)", grp->gr_name, grp->gr_gid); free(members); return EXIT_SUCCESS; } /* * Lookup a passwd entry using a name or UID. */ static struct passwd * lookup_pwent(const char *user) { struct passwd *pwd; if ((pwd = GETPWNAM(user)) == NULL && (!isdigit((unsigned char)*user) || (pwd = getpwuid((uid_t) atoi(user))) == NULL)) errx(EX_NOUSER, "user `%s' does not exist", user); return (pwd); } /* * Delete requested members from a group. */ static void delete_members(char ***members, int *grmembers, int *i, struct carg *arg, struct group *grp) { bool matchFound; char *user; char *valueCopy; char *valuePtr; int k; struct passwd *pwd; if (grp->gr_mem == NULL) return; k = 0; while (grp->gr_mem[k] != NULL) { matchFound = false; if ((valueCopy = strdup(arg->val)) == NULL) errx(EX_UNAVAILABLE, "out of memory"); valuePtr = valueCopy; while ((user = strsep(&valuePtr, ", \t")) != NULL) { pwd = lookup_pwent(user); if (strcmp(grp->gr_mem[k], pwd->pw_name) == 0) { matchFound = true; break; } } free(valueCopy); if (!matchFound && extendarray(members, grmembers, *i + 2) != -1) (*members)[(*i)++] = grp->gr_mem[k]; k++; } return; } static gid_t gr_gidpolicy(struct userconf * cnf, long id) { struct group *grp; gid_t gid = (gid_t) - 1; /* * Check the given gid, if any */ if (id > 0) { gid = (gid_t) id; if ((grp = GETGRGID(gid)) != NULL && conf.checkduplicate) errx(EX_DATAERR, "gid `%u' has already been allocated", grp->gr_gid); } else { struct bitmap bm; /* * We need to allocate the next available gid under one of * two policies a) Grab the first unused gid b) Grab the * highest possible unused gid */ if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */ cnf->min_gid = 1000; cnf->max_gid = 32000; } bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1); /* * Now, let's fill the bitmap from the password file */ SETGRENT(); while ((grp = GETGRENT()) != NULL) if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid && (gid_t)grp->gr_gid <= (gid_t)cnf->max_gid) bm_setbit(&bm, grp->gr_gid - cnf->min_gid); ENDGRENT(); /* * Then apply the policy, with fallback to reuse if necessary */ if (cnf->reuse_gids) gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); else { gid = (gid_t) (bm_lastset(&bm) + 1); if (!bm_isset(&bm, gid)) gid += cnf->min_gid; else gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid); } /* * Another sanity check */ if (gid < cnf->min_gid || gid > cnf->max_gid) errx(EX_SOFTWARE, "unable to allocate a new gid - range fully used"); bm_dealloc(&bm); } return gid; } static int print_group(struct group * grp) { if (!conf.pretty) { char *buf = NULL; buf = gr_make(grp); printf("%s\n", buf); free(buf); } else { int i; printf("Group Name: %-15s #%lu\n" " Members: ", grp->gr_name, (long) grp->gr_gid); if (grp->gr_mem != NULL) { for (i = 0; grp->gr_mem[i]; i++) printf("%s%s", i ? "," : "", grp->gr_mem[i]); } fputs("\n\n", stdout); } return EXIT_SUCCESS; } Index: head/usr.sbin/pw/pwupd.h =================================================================== --- head/usr.sbin/pw/pwupd.h (revision 285317) +++ head/usr.sbin/pw/pwupd.h (revision 285318) @@ -1,158 +1,159 @@ /*- * Copyright (C) 1996 * David L. Nugent. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _PWUPD_H_ #define _PWUPD_H_ #include #include #include #include #include #include #if defined(__FreeBSD__) #define RET_SETGRENT int #else #define RET_SETGRENT void #endif struct pwf { int _altdir; void (*_setpwent)(void); void (*_endpwent)(void); struct passwd * (*_getpwent)(void); struct passwd * (*_getpwuid)(uid_t uid); struct passwd * (*_getpwnam)(const char * nam); RET_SETGRENT (*_setgrent)(void); void (*_endgrent)(void); struct group * (*_getgrent)(void); struct group * (*_getgrgid)(gid_t gid); struct group * (*_getgrnam)(const char * nam); }; struct userconf { int default_password; /* Default password for new users? */ int reuse_uids; /* Reuse uids? */ int reuse_gids; /* Reuse gids? */ char *nispasswd; /* Path to NIS version of the passwd file */ char *dotdir; /* Where to obtain skeleton files */ char *newmail; /* Mail to send to new accounts */ char *logfile; /* Where to log changes */ char *home; /* Where to create home directory */ mode_t homemode; /* Home directory permissions */ char *shelldir; /* Where shells are located */ char **shells; /* List of shells */ char *shell_default; /* Default shell */ char *default_group; /* Default group number */ char **groups; /* Default (additional) groups */ char *default_class; /* Default user class */ uid_t min_uid, max_uid; /* Allowed range of uids */ gid_t min_gid, max_gid; /* Allowed range of gids */ int expire_days; /* Days to expiry */ int password_days; /* Days to password expiry */ int numgroups; /* (internal) size of default_group array */ }; struct pwconf { char rootdir[MAXPATHLEN]; char etcpath[MAXPATHLEN]; char *newname; char *config; int fd; + int which; bool dryrun; bool pretty; bool v7; bool checkduplicate; bool precrypted; struct userconf *userconf; }; extern struct pwf PWF; extern struct pwf VPWF; extern struct pwconf conf; #define SETPWENT() PWF._setpwent() #define ENDPWENT() PWF._endpwent() #define GETPWENT() PWF._getpwent() #define GETPWUID(uid) PWF._getpwuid(uid) #define GETPWNAM(nam) PWF._getpwnam(nam) #define SETGRENT() PWF._setgrent() #define ENDGRENT() PWF._endgrent() #define GETGRENT() PWF._getgrent() #define GETGRGID(gid) PWF._getgrgid(gid) #define GETGRNAM(nam) PWF._getgrnam(nam) #define PWF_REGULAR 0 #define PWF_ALT 1 #define PWF_ROOTDIR 2 #define PWALTDIR() PWF._altdir #ifndef _PATH_PWD #define _PATH_PWD "/etc" #endif #ifndef _GROUP #define _GROUP "group" #endif #ifndef _MASTERPASSWD #define _MASTERPASSWD "master.passwd" #endif __BEGIN_DECLS int addpwent(struct passwd * pwd); int delpwent(struct passwd * pwd); int chgpwent(char const * login, struct passwd * pwd); char * getpwpath(char const * file); int addgrent(struct group * grp); int delgrent(struct group * grp); int chggrent(char const * name, struct group * grp); char * getgrpath(const char *file); void vsetpwent(void); void vendpwent(void); struct passwd * vgetpwent(void); struct passwd * vgetpwuid(uid_t uid); struct passwd * vgetpwnam(const char * nam); struct group * vgetgrent(void); struct group * vgetgrgid(gid_t gid); struct group * vgetgrnam(const char * nam); RET_SETGRENT vsetgrent(void); void vendgrent(void); void copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid); void rm_r(char const * dir, uid_t uid); int extendarray(char ***buf, int *buflen, int needed); __END_DECLS #endif /* !_PWUPD_H */ Index: head/usr.sbin/pw/tests/pw_useradd.sh =================================================================== --- head/usr.sbin/pw/tests/pw_useradd.sh (revision 285317) +++ head/usr.sbin/pw/tests/pw_useradd.sh (revision 285318) @@ -1,254 +1,264 @@ # $FreeBSD$ # Import helper functions . $(atf_get_srcdir)/helper_functions.shin # Test add user atf_test_case user_add user_add_body() { populate_etc_skel atf_check -s exit:0 ${PW} useradd test atf_check -s exit:0 -o match:"^test:.*" \ grep "^test:.*" $HOME/master.passwd } # Test add user with option -N atf_test_case user_add_noupdate user_add_noupdate_body() { populate_etc_skel atf_check -s exit:0 -o match:"^test:.*" ${PW} useradd test -N atf_check -s exit:1 -o empty grep "^test:.*" $HOME/master.passwd } # Test add user with comments atf_test_case user_add_comments user_add_comments_body() { populate_etc_skel atf_check -s exit:0 ${PW} useradd test -c "Test User,work,123,456" atf_check -s exit:0 -o match:"^test:.*:Test User,work,123,456:" \ grep "^test:.*:Test User,work,123,456:" $HOME/master.passwd } # Test add user with comments and option -N atf_test_case user_add_comments_noupdate user_add_comments_noupdate_body() { populate_etc_skel atf_check -s exit:0 -o match:"^test:.*:Test User,work,123,456:" \ ${PW} useradd test -c "Test User,work,123,456" -N atf_check -s exit:1 -o empty grep "^test:.*" $HOME/master.passwd } # Test add user with invalid comments atf_test_case user_add_comments_invalid user_add_comments_invalid_body() { populate_etc_skel atf_check -s exit:65 -e match:"invalid character" \ ${PW} useradd test -c "Test User,work,123:456,456" atf_check -s exit:1 -o empty \ grep "^test:.*:Test User,work,123:456,456:" $HOME/master.passwd } # Test add user with invalid comments and option -N atf_test_case user_add_comments_invalid_noupdate user_add_comments_invalid_noupdate_body() { populate_etc_skel atf_check -s exit:65 -e match:"invalid character" \ ${PW} useradd test -c "Test User,work,123:456,456" -N atf_check -s exit:1 -o empty grep "^test:.*" $HOME/master.passwd } # Test add user with alternate homedir atf_test_case user_add_homedir user_add_homedir_body() { populate_etc_skel atf_check -s exit:0 ${PW} useradd test -d /foo/bar atf_check -s exit:0 -o match:"^test:\*:.*::0:0:User &:/foo/bar:.*" \ ${PW} usershow test } # Test add user with account expiration as an epoch date atf_test_case user_add_account_expiration_epoch user_add_account_expiration_epoch_body() { populate_etc_skel DATE=`date -j -v+1d "+%s"` atf_check -s exit:0 ${PW} useradd test -e ${DATE} atf_check -s exit:0 -o match:"^test:\*:.*::0:${DATE}:.*" \ ${PW} usershow test } # Test add user with account expiration as a DD-MM-YYYY date atf_test_case user_add_account_expiration_date_numeric user_add_account_expiration_date_numeric_body() { populate_etc_skel DATE=`date -j -v+1d "+%d-%m-%Y"` EPOCH=`date -j -f "%d-%m-%Y %H:%M:%S" "${DATE} 00:00:00" "+%s"` atf_check -s exit:0 ${PW} useradd test -e ${DATE} atf_check -s exit:0 -o match:"^test:\*:.*::0:${EPOCH}:User &:.*" \ ${PW} usershow test } # Test add user with account expiration as a DD-MM-YYYY date atf_test_case user_add_account_expiration_date_month user_add_account_expiration_date_month_body() { populate_etc_skel DATE=`date -j -v+1d "+%d-%b-%Y"` EPOCH=`date -j -f "%d-%b-%Y %H:%M:%S" "${DATE} 00:00:00" "+%s"` atf_check -s exit:0 ${PW} useradd test -e ${DATE} atf_check -s exit:0 -o match:"^test:\*:.*::0:${EPOCH}:User &:.*" \ ${PW} usershow test } # Test add user with account expiration as a relative date atf_test_case user_add_account_expiration_date_relative user_add_account_expiration_date_relative_body() { populate_etc_skel EPOCH=`date -j -v+13m "+%s"` BUF=`expr $EPOCH + 5` atf_check -s exit:0 ${PW} useradd test -e +13o TIME=`${PW} usershow test | awk -F ':' '{print $7}'` [ ! -z $TIME -a $TIME -ge $EPOCH -a $TIME -lt $BUF ] || \ atf_fail "Expiration time($TIME) was not within $EPOCH - $BUF seconds." } # Test add user with password expiration as an epoch date atf_test_case user_add_password_expiration_epoch user_add_password_expiration_epoch_body() { populate_etc_skel DATE=`date -j -v+1d "+%s"` atf_check -s exit:0 ${PW} useradd test -p ${DATE} atf_check -s exit:0 -o match:"^test:\*:.*::${DATE}:0:.*" \ ${PW} usershow test } # Test add user with password expiration as a DD-MM-YYYY date atf_test_case user_add_password_expiration_date_numeric user_add_password_expiration_date_numeric_body() { populate_etc_skel DATE=`date -j -v+1d "+%d-%m-%Y"` EPOCH=`date -j -f "%d-%m-%Y %H:%M:%S" "${DATE} 00:00:00" "+%s"` atf_check -s exit:0 ${PW} useradd test -p ${DATE} atf_check -s exit:0 -o match:"^test:\*:.*::${EPOCH}:0:User &:.*" \ ${PW} usershow test } # Test add user with password expiration as a DD-MMM-YYYY date atf_test_case user_add_password_expiration_date_month user_add_password_expiration_date_month_body() { populate_etc_skel DATE=`date -j -v+1d "+%d-%b-%Y"` EPOCH=`date -j -f "%d-%b-%Y %H:%M:%S" "${DATE} 00:00:00" "+%s"` atf_check -s exit:0 ${PW} useradd test -p ${DATE} atf_check -s exit:0 -o match:"^test:\*:.*::${EPOCH}:0:User &:.*" \ ${PW} usershow test } # Test add user with password expiration as a relative date atf_test_case user_add_password_expiration_date_relative user_add_password_expiration_date_relative_body() { populate_etc_skel EPOCH=`date -j -v+13m "+%s"` BUF=`expr $EPOCH + 5` atf_check -s exit:0 ${PW} useradd test -p +13o TIME=`${PW} usershow test | awk -F ':' '{print $6}'` [ ! -z $TIME -a $TIME -ge $EPOCH -a $TIME -lt $BUF ] || \ atf_fail "Expiration time($TIME) was not within $EPOCH - $BUF seconds." } atf_test_case user_add_name_too_long user_add_name_too_long_body() { populate_etc_skel atf_check -e match:"too long" -s exit:64 \ ${PW} useradd name_very_vert_very_very_very_long } atf_test_case user_add_expiration user_add_expiration_body() { populate_etc_skel atf_check -s exit:0 \ ${PW} useradd foo -e 20-03-2043 atf_check -o inline:"foo:*:1001:1001::0:2310422400:User &:/home/foo:/bin/sh\n" \ -s exit:0 grep "^foo" ${HOME}/master.passwd atf_check -s exit:0 ${PW} userdel foo atf_check -s exit:0 \ ${PW} useradd foo -e 20-03-43 atf_check -o inline:"foo:*:1001:1001::0:2310422400:User &:/home/foo:/bin/sh\n" \ -s exit:0 grep "^foo" ${HOME}/master.passwd atf_check -s exit:0 ${PW} userdel foo atf_check -s exit:0 \ ${PW} useradd foo -e 20-Mar-2043 atf_check -o inline:"foo:*:1001:1001::0:2310422400:User &:/home/foo:/bin/sh\n" \ -s exit:0 grep "^foo" ${HOME}/master.passwd atf_check -s exit:0 ${PW} userdel foo atf_check -e inline:"pw: Invalid date\n" -s exit:1 \ ${PW} useradd foo -e 20-Foo-2043 atf_check -e inline:"pw: Invalid date\n" -s exit:1 \ ${PW} useradd foo -e 20-13-2043 atf_check -s exit:0 ${PW} useradd foo -e "12:00 20-03-2043" atf_check -s exit:0 ${PW} userdel foo atf_check -e inline:"pw: Invalid date\n" -s exit:1 \ ${PW} useradd foo -e "12 20-03-2043" atf_check -s exit:0 ${PW} useradd foo -e "20-03-2043 12:00" atf_check -s exit:0 ${PW} userdel foo } atf_test_case user_add_invalid_user_entry user_add_invalid_user_entry_body() { touch ${HOME}/master.passwd touch ${HOME}/group pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \ atf_fail "generate passwd from master.passwd" atf_check -s exit:0 ${PW} useradd foo echo "foo1:*:1002" >> ${HOME}/master.passwd atf_check -s exit:1 -e match:"Invalid user entry" ${PW} useradd foo2 } atf_test_case user_add_invalid_group_entry user_add_invalid_group_entry_body() { touch ${HOME}/master.passwd touch ${HOME}/group pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \ atf_fail "generate passwd from master.passwd" atf_check -s exit:0 ${PW} useradd foo echo 'foo1:*:1002' >> group atf_check -s exit:1 -e match:"Invalid group entry" ${PW} useradd foo2 } +atf_test_case user_add_password_from_h +user_add_password_from_h_body() { + populate_etc_skel + + atf_check -s exit:0 ${PW} useradd test -h 0 <<-EOF + $(echo test) + EOF +} + atf_init_test_cases() { atf_add_test_case user_add atf_add_test_case user_add_noupdate atf_add_test_case user_add_comments atf_add_test_case user_add_comments_noupdate atf_add_test_case user_add_comments_invalid atf_add_test_case user_add_comments_invalid_noupdate atf_add_test_case user_add_homedir atf_add_test_case user_add_account_expiration_epoch atf_add_test_case user_add_account_expiration_date_numeric atf_add_test_case user_add_account_expiration_date_month atf_add_test_case user_add_account_expiration_date_relative atf_add_test_case user_add_password_expiration_epoch atf_add_test_case user_add_password_expiration_date_numeric atf_add_test_case user_add_password_expiration_date_month atf_add_test_case user_add_password_expiration_date_relative atf_add_test_case user_add_name_too_long atf_add_test_case user_add_expiration atf_add_test_case user_add_invalid_user_entry atf_add_test_case user_add_invalid_group_entry + atf_add_test_case user_add_password_from_h }