Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / busybox / 936c8809caea5705e26e5d7e06ea3895c28fffd8 / . / libbb / update_passwd.c
blob: dc26ebd1d1a6a51afae912d9d10074e4120abcb8 [file] [log] [blame]
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]1/* vi: set sw=4 ts=4: */
2/*
3 * update_passwd
4 *
5 * update_passwd is a common function for passwd and chpasswd applets;
6 * it is responsible for updating password file (i.e. /etc/passwd or
7 * /etc/shadow) for a given user and password.
8 *
9 * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
Denis Vlasenkodb12d1d2008-12-07 00:52:58 +0000[diff] [blame]10 *
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]11 * Modified to be able to add or delete users, groups and users to/from groups
12 * by Tito Ragusa <farmatito@tiscali.it>
13 *
Denys Vlasenko0ef64bd2010-08-16 20:14:46 +0200[diff] [blame]14 * Licensed under GPLv2, see file LICENSE in this source tree.
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]15 */
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]16#include "libbb.h"
17
Denis Vlasenko2edbc2a2007-10-20 02:00:49 +0000[diff] [blame]18#if ENABLE_SELINUX
19static void check_selinux_update_passwd(const char *username)
20{
21 security_context_t context;
22 char *seuser;
23
24 if (getuid() != (uid_t)0 || is_selinux_enabled() == 0)
Denys Vlasenkoe4dcba12010-10-28 18:57:19 +0200[diff] [blame]25 return; /* No need to check */
Denis Vlasenko2edbc2a2007-10-20 02:00:49 +0000[diff] [blame]26
27 if (getprevcon_raw(&context) < 0)
28 bb_perror_msg_and_die("getprevcon failed");
29 seuser = strtok(context, ":");
30 if (!seuser)
31 bb_error_msg_and_die("invalid context '%s'", context);
32 if (strcmp(seuser, username) != 0) {
33 if (checkPasswdAccess(PASSWD__PASSWD) != 0)
34 bb_error_msg_and_die("SELinux: access denied");
35 }
36 if (ENABLE_FEATURE_CLEAN_UP)
37 freecon(context);
38}
39#else
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]40# define check_selinux_update_passwd(username) ((void)0)
Denis Vlasenko2edbc2a2007-10-20 02:00:49 +0000[diff] [blame]41#endif
42
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]43/*
44 1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL)
45 only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser
46
47 2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL)
48 only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup
49
50 3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER)
51 only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a'
52 like in addgroup and member != NULL
53
54 4) delete a user: update_passwd(FILE, USER, NULL, NULL)
55
56 5) delete a group: update_passwd(FILE, GROUP, NULL, NULL)
57
58 6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER)
59 only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL
60
Denys Vlasenko854738d2010-11-03 02:48:43 +0100[diff] [blame]61 7) change user's password: update_passwd(FILE, USER, NEW_PASSWD, NULL)
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]62 only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd
63 or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd
64
Denys Vlasenko936c8802015-03-12 15:30:46 +0100[diff] [blame^]65 8) delete a user from all groups: update_passwd(FILE, NULL, NULL, MEMBER)
66
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]67 This function does not validate the arguments fed to it
68 so the calling program should take care of that.
69
70 Returns number of lines changed, or -1 on error.
71*/
72int FAST_FUNC update_passwd(const char *filename,
73 const char *name,
74 const char *new_passwd,
75 const char *member)
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]76{
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]77#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP)
78#define member NULL
79#endif
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]80 struct stat sb;
81 struct flock lock;
82 FILE *old_fp;
83 FILE *new_fp;
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]84 char *fnamesfx;
85 char *sfx_char;
Denys Vlasenko4653e442010-01-09 20:57:06 +0100[diff] [blame]86 char *name_colon;
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]87 unsigned user_len;
88 int old_fd;
89 int new_fd;
90 int i;
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]91 int changed_lines;
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]92 int ret = -1; /* failure */
Denys Vlasenko189f74d2009-07-13 01:15:30 +0200[diff] [blame]93 /* used as a bool: "are we modifying /etc/shadow?" */
94#if ENABLE_FEATURE_SHADOWPASSWDS
95 const char *shadow = strstr(filename, "shadow");
96#else
97# define shadow NULL
98#endif
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]99
Paul Fox599bbfb2007-11-08 20:00:36 +0000[diff] [blame]100 filename = xmalloc_follow_symlinks(filename);
Paul Fox53bd4012007-11-08 01:12:38 +0000[diff] [blame]101 if (filename == NULL)
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]102 return ret;
Paul Fox53bd4012007-11-08 01:12:38 +0000[diff] [blame]103
Denys Vlasenko936c8802015-03-12 15:30:46 +0100[diff] [blame^]104 if (name)
105 check_selinux_update_passwd(name);
Denis Vlasenko2edbc2a2007-10-20 02:00:49 +0000[diff] [blame]106
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]107 /* New passwd file, "/etc/passwd+" for now */
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]108 fnamesfx = xasprintf("%s+", filename);
109 sfx_char = &fnamesfx[strlen(fnamesfx)-1];
Denys Vlasenko936c8802015-03-12 15:30:46 +0100[diff] [blame^]110 name_colon = xasprintf("%s:", name ? name : "");
Denys Vlasenko4653e442010-01-09 20:57:06 +0100[diff] [blame]111 user_len = strlen(name_colon);
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]112
Denys Vlasenko189f74d2009-07-13 01:15:30 +0200[diff] [blame]113 if (shadow)
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]114 old_fp = fopen(filename, "r+");
115 else
116 old_fp = fopen_or_warn(filename, "r+");
Denys Vlasenkoc6fb2a62009-11-02 19:18:49 +0100[diff] [blame]117 if (!old_fp) {
118 if (shadow)
119 ret = 0; /* missing shadow is not an error */
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]120 goto free_mem;
Denys Vlasenkoc6fb2a62009-11-02 19:18:49 +0100[diff] [blame]121 }
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]122 old_fd = fileno(old_fp);
123
Denis Vlasenko2edbc2a2007-10-20 02:00:49 +0000[diff] [blame]124 selinux_preserve_fcontext(old_fd);
125
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]126 /* Try to create "/etc/passwd+". Wait if it exists. */
127 i = 30;
128 do {
129 // FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]130 new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600);
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]131 if (new_fd >= 0) goto created;
132 if (errno != EEXIST) break;
133 usleep(100000); /* 0.1 sec */
134 } while (--i);
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]135 bb_perror_msg("can't create '%s'", fnamesfx);
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]136 goto close_old_fp;
137
138 created:
Denys Vlasenko8d3e2252010-08-31 12:42:06 +0200[diff] [blame]139 if (fstat(old_fd, &sb) == 0) {
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]140 fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
141 fchown(new_fd, sb.st_uid, sb.st_gid);
142 }
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]143 errno = 0;
Denys Vlasenkoa7ccdee2009-11-15 23:28:11 +0100[diff] [blame]144 new_fp = xfdopen_for_write(new_fd);
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]145
146 /* Backup file is "/etc/passwd-" */
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]147 *sfx_char = '-';
148 /* Delete old backup */
149 i = (unlink(fnamesfx) && errno != ENOENT);
150 /* Create backup as a hardlink to current */
151 if (i || link(filename, fnamesfx))
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]152 bb_perror_msg("warning: can't create backup copy '%s'",
153 fnamesfx);
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]154 *sfx_char = '+';
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]155
156 /* Lock the password file before updating */
157 lock.l_type = F_WRLCK;
158 lock.l_whence = SEEK_SET;
159 lock.l_start = 0;
160 lock.l_len = 0;
161 if (fcntl(old_fd, F_SETLK, &lock) < 0)
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]162 bb_perror_msg("warning: can't lock '%s'", filename);
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]163 lock.l_type = F_UNLCK;
164
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]165 /* Read current password file, write updated /etc/passwd+ */
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]166 changed_lines = 0;
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]167 while (1) {
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]168 char *cp, *line;
169
170 line = xmalloc_fgetline(old_fp);
171 if (!line) /* EOF/error */
172 break;
Denys Vlasenko936c8802015-03-12 15:30:46 +0100[diff] [blame^]173
174 if (!name && member) {
175 /* Delete member from all groups */
176 /* line is "GROUP:PASSWD:[member1[,member2]...]" */
177 unsigned member_len = strlen(member);
178 char *list = strrchr(line, ':');
179 while (list) {
180 list++;
181 next_list_element:
182 if (strncmp(list, member, member_len) == 0) {
183 char c;
184 changed_lines++;
185 c = list[member_len];
186 if (c == '\0') {
187 if (list[-1] == ',')
188 list--;
189 *list = '\0';
190 break;
191 }
192 if (c == ',') {
193 overlapping_strcpy(list, list + member_len + 1);
194 goto next_list_element;
195 }
196 changed_lines--;
197 }
198 list = strchr(list, ',');
199 }
200 fprintf(new_fp, "%s\n", line);
201 goto next;
202 }
203
Denys Vlasenko4653e442010-01-09 20:57:06 +0100[diff] [blame]204 if (strncmp(name_colon, line, user_len) != 0) {
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]205 fprintf(new_fp, "%s\n", line);
206 goto next;
207 }
208
209 /* We have a match with "name:"... */
210 cp = line + user_len; /* move past name: */
211
212#if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
213 if (member) {
214 /* It's actually /etc/group+, not /etc/passwd+ */
215 if (ENABLE_FEATURE_ADDUSER_TO_GROUP
216 && applet_name[0] == 'a'
217 ) {
218 /* Add user to group */
219 fprintf(new_fp, "%s%s%s\n", line,
220 last_char_is(line, ':') ? "" : ",",
221 member);
222 changed_lines++;
223 } else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP
224 /* && applet_name[0] == 'd' */
225 ) {
226 /* Delete user from group */
227 char *tmp;
228 const char *fmt = "%s";
229
230 /* find the start of the member list: last ':' */
231 cp = strrchr(line, ':');
232 /* cut it */
233 *cp++ = '\0';
234 /* write the cut line name:passwd:gid:
235 * or name:!:: */
236 fprintf(new_fp, "%s:", line);
237 /* parse the tokens of the member list */
238 tmp = cp;
239 while ((cp = strsep(&tmp, ",")) != NULL) {
240 if (strcmp(member, cp) != 0) {
241 fprintf(new_fp, fmt, cp);
242 fmt = ",%s";
243 } else {
244 /* found member, skip it */
245 changed_lines++;
246 }
247 }
248 fprintf(new_fp, "\n");
249 }
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]250 } else
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]251#endif
252 if ((ENABLE_PASSWD && applet_name[0] == 'p')
253 || (ENABLE_CHPASSWD && applet_name[0] == 'c')
254 ) {
255 /* Change passwd */
256 cp = strchrnul(cp, ':'); /* move past old passwd */
Denys Vlasenko189f74d2009-07-13 01:15:30 +0200[diff] [blame]257
258 if (shadow && *cp == ':') {
259 /* /etc/shadow's field 3 (passwd change date) needs updating */
260 /* move past old change date */
261 cp = strchrnul(cp + 1, ':');
262 /* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */
Denys Vlasenko4653e442010-01-09 20:57:06 +0100[diff] [blame]263 fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd,
Denys Vlasenko189f74d2009-07-13 01:15:30 +0200[diff] [blame]264 (unsigned)(time(NULL)) / (24*60*60), cp);
265 } else {
266 /* "name:" + "new_passwd" + ":rest of line" */
Denys Vlasenko4653e442010-01-09 20:57:06 +0100[diff] [blame]267 fprintf(new_fp, "%s%s%s\n", name_colon, new_passwd, cp);
Denys Vlasenko189f74d2009-07-13 01:15:30 +0200[diff] [blame]268 }
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]269 changed_lines++;
270 } /* else delete user or group: skip the line */
271 next:
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]272 free(line);
273 }
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]274
275 if (changed_lines == 0) {
Denys Vlasenko4653e442010-01-09 20:57:06 +0100[diff] [blame]276#if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
277 if (member) {
278 if (ENABLE_ADDGROUP && applet_name[0] == 'a')
279 bb_error_msg("can't find %s in %s", name, filename);
280 if (ENABLE_DELGROUP && applet_name[0] == 'd')
281 bb_error_msg("can't find %s in %s", member, filename);
282 }
Denis Vlasenko7f959372009-04-14 08:06:59 +0000[diff] [blame]283#endif
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]284 if ((ENABLE_ADDUSER || ENABLE_ADDGROUP)
285 && applet_name[0] == 'a' && !member
286 ) {
287 /* add user or group */
Denys Vlasenko4653e442010-01-09 20:57:06 +0100[diff] [blame]288 fprintf(new_fp, "%s%s\n", name_colon, new_passwd);
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]289 changed_lines++;
290 }
291 }
292
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]293 fcntl(old_fd, F_SETLK, &lock);
294
295 /* We do want all of them to execute, thus | instead of || */
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]296 errno = 0;
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]297 if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]298 || rename(fnamesfx, filename)
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]299 ) {
300 /* At least one of those failed */
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]301 bb_perror_nomsg();
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]302 goto unlink_new;
303 }
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]304 /* Success: ret >= 0 */
305 ret = changed_lines;
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]306
307 unlink_new:
Denis Vlasenko829bbd32009-04-14 00:51:05 +0000[diff] [blame]308 if (ret < 0)
309 unlink(fnamesfx);
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]310
311 close_old_fp:
312 fclose(old_fp);
313
314 free_mem:
Denis Vlasenko557fb712007-07-21 13:25:28 +0000[diff] [blame]315 free(fnamesfx);
Paul Fox53bd4012007-11-08 01:12:38 +0000[diff] [blame]316 free((char *)filename);
Denys Vlasenko4653e442010-01-09 20:57:06 +0100[diff] [blame]317 free(name_colon);
Denis Vlasenko1ec5eae2007-07-20 21:29:49 +0000[diff] [blame]318 return ret;
319}