*: unify concurrent-safe update of /etc/{passwd,group,[g]shadow}
by Tito (farmatito AT tiscali.it)
function old new delta
update_passwd 743 1171 +428
bb_perror_nomsg - 9 +9
find_main 436 444 +8
passwd_main 1023 1027 +4
nameval 202 206 +4
chpasswd_main 315 319 +4
bb__parsespent 119 117 -2
adduser_main 654 650 -4
addgroup_main 345 341 -4
sv_main 1228 1222 -6
deluser_main 173 160 -13
bb_internal_putpwent 69 - -69
add_user_to_group 231 - -231
del_line_matching 460 31 -429
------------------------------------------------------------------------------
(add/remove: 1/2 grow/shrink: 5/6 up/down: 457/-758) Total: -301 bytes
diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
index 565dd37..3294348 100644
--- a/libbb/update_passwd.c
+++ b/libbb/update_passwd.c
@@ -8,9 +8,11 @@
*
* Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
*
+ * Modified to be able to add or delete users, groups and users to/from groups
+ * by Tito Ragusa <farmatito@tiscali.it>
+ *
* Licensed under GPLv2, see file LICENSE in this tarball for details.
*/
-
#include "libbb.h"
#if ENABLE_SELINUX
@@ -35,12 +37,44 @@
freecon(context);
}
#else
-#define check_selinux_update_passwd(username) ((void)0)
+# define check_selinux_update_passwd(username) ((void)0)
#endif
-int FAST_FUNC update_passwd(const char *filename, const char *username,
- const char *new_pw)
+/*
+ 1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL)
+ only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser
+
+ 2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL)
+ only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup
+
+ 3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER)
+ only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a'
+ like in addgroup and member != NULL
+
+ 4) delete a user: update_passwd(FILE, USER, NULL, NULL)
+
+ 5) delete a group: update_passwd(FILE, GROUP, NULL, NULL)
+
+ 6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER)
+ only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL
+
+ 7) change user's passord: update_passwd(FILE, USER, NEW_PASSWD, NULL)
+ only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd
+ or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd
+
+ This function does not validate the arguments fed to it
+ so the calling program should take care of that.
+
+ Returns number of lines changed, or -1 on error.
+*/
+int FAST_FUNC update_passwd(const char *filename,
+ const char *name,
+ const char *new_passwd,
+ const char *member)
{
+#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP)
+#define member NULL
+#endif
struct stat sb;
struct flock lock;
FILE *old_fp;
@@ -51,22 +85,25 @@
int old_fd;
int new_fd;
int i;
- int cnt = 0;
+ int changed_lines;
int ret = -1; /* failure */
filename = xmalloc_follow_symlinks(filename);
if (filename == NULL)
- return -1;
+ return ret;
- check_selinux_update_passwd(username);
+ check_selinux_update_passwd(name);
/* New passwd file, "/etc/passwd+" for now */
fnamesfx = xasprintf("%s+", filename);
sfx_char = &fnamesfx[strlen(fnamesfx)-1];
- username = xasprintf("%s:", username);
- user_len = strlen(username);
+ name = xasprintf("%s:", name);
+ user_len = strlen(name);
- old_fp = fopen(filename, "r+");
+ if (strstr(filename, "shadow"))
+ old_fp = fopen(filename, "r+");
+ else
+ old_fp = fopen_or_warn(filename, "r+");
if (!old_fp)
goto free_mem;
old_fd = fileno(old_fp);
@@ -82,7 +119,7 @@
if (errno != EEXIST) break;
usleep(100000); /* 0.1 sec */
} while (--i);
- bb_perror_msg("cannot create '%s'", fnamesfx);
+ bb_perror_msg("can't create '%s'", fnamesfx);
goto close_old_fp;
created:
@@ -90,8 +127,10 @@
fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
fchown(new_fd, sb.st_uid, sb.st_gid);
}
+ errno = 0;
new_fp = fdopen(new_fd, "w");
if (!new_fp) {
+ bb_perror_nomsg();
close(new_fd);
goto unlink_new;
}
@@ -102,7 +141,8 @@
i = (unlink(fnamesfx) && errno != ENOENT);
/* Create backup as a hardlink to current */
if (i || link(filename, fnamesfx))
- bb_perror_msg("warning: cannot create backup copy '%s'", fnamesfx);
+ bb_perror_msg("warning: can't create backup copy '%s'",
+ fnamesfx);
*sfx_char = '+';
/* Lock the password file before updating */
@@ -111,38 +151,107 @@
lock.l_start = 0;
lock.l_len = 0;
if (fcntl(old_fd, F_SETLK, &lock) < 0)
- bb_perror_msg("warning: cannot lock '%s'", filename);
+ bb_perror_msg("warning: can't lock '%s'", filename);
lock.l_type = F_UNLCK;
/* Read current password file, write updated /etc/passwd+ */
+ changed_lines = 0;
while (1) {
- char *line = xmalloc_fgets(old_fp);
- if (!line) break; /* EOF/error */
- if (strncmp(username, line, user_len) == 0) {
- /* we have a match with "username:"... */
- const char *cp = line + user_len;
- /* now cp -> old passwd, skip it: */
- cp = strchrnul(cp, ':');
- /* now cp -> ':' after old passwd or -> "" */
- fprintf(new_fp, "%s%s%s", username, new_pw, cp);
- cnt++;
+ char *cp, *line;
+
+ line = xmalloc_fgetline(old_fp);
+ if (!line) /* EOF/error */
+ break;
+ if (strncmp(name, line, user_len) != 0) {
+ fprintf(new_fp, "%s\n", line);
+ goto next;
+ }
+
+ /* We have a match with "name:"... */
+ cp = line + user_len; /* move past name: */
+
+#if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
+ if (member) {
+ /* It's actually /etc/group+, not /etc/passwd+ */
+ if (ENABLE_FEATURE_ADDUSER_TO_GROUP
+ && applet_name[0] == 'a'
+ ) {
+ /* Add user to group */
+ fprintf(new_fp, "%s%s%s\n", line,
+ last_char_is(line, ':') ? "" : ",",
+ member);
+ changed_lines++;
+ } else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP
+ /* && applet_name[0] == 'd' */
+ ) {
+ /* Delete user from group */
+ char *tmp;
+ const char *fmt = "%s";
+
+ /* find the start of the member list: last ':' */
+ cp = strrchr(line, ':');
+ /* cut it */
+ *cp++ = '\0';
+ /* write the cut line name:passwd:gid:
+ * or name:!:: */
+ fprintf(new_fp, "%s:", line);
+ /* parse the tokens of the member list */
+ tmp = cp;
+ while ((cp = strsep(&tmp, ",")) != NULL) {
+ if (strcmp(member, cp) != 0) {
+ fprintf(new_fp, fmt, cp);
+ fmt = ",%s";
+ } else {
+ /* found member, skip it */
+ changed_lines++;
+ }
+ }
+ fprintf(new_fp, "\n");
+ }
} else
- fputs(line, new_fp);
+#endif
+ if ((ENABLE_PASSWD && applet_name[0] == 'p')
+ || (ENABLE_CHPASSWD && applet_name[0] == 'c')
+ ) {
+ /* Change passwd */
+ cp = strchrnul(cp, ':'); /* move past old passwd */
+ /* name: + new_passwd + :rest of line */
+ fprintf(new_fp, "%s%s%s\n", name, new_passwd, cp);
+ changed_lines++;
+ } /* else delete user or group: skip the line */
+ next:
free(line);
}
+
+ if (changed_lines == 0) {
+ if (ENABLE_FEATURE_DEL_USER_FROM_GROUP && member)
+ bb_error_msg("can't find %s in %s", member, filename);
+ if ((ENABLE_ADDUSER || ENABLE_ADDGROUP)
+ && applet_name[0] == 'a' && !member
+ ) {
+ /* add user or group */
+ fprintf(new_fp, "%s%s\n", name, new_passwd);
+ changed_lines++;
+ }
+ }
+
fcntl(old_fd, F_SETLK, &lock);
/* We do want all of them to execute, thus | instead of || */
+ errno = 0;
if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
|| rename(fnamesfx, filename)
) {
/* At least one of those failed */
+ bb_perror_nomsg();
goto unlink_new;
}
- ret = cnt; /* whee, success! */
+ /* Success: ret >= 0 */
+ ret = changed_lines;
unlink_new:
- if (ret < 0) unlink(fnamesfx);
+ if (ret < 0)
+ unlink(fnamesfx);
close_old_fp:
fclose(old_fp);
@@ -150,6 +259,6 @@
free_mem:
free(fnamesfx);
free((char *)filename);
- free((char *)username);
+ free((char *)name);
return ret;
}