File: | src/usr.sbin/user/user.c |
Warning: | line 1958, column 10 Potential leak of memory pointed to by 'u.u_comment' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: user.c,v 1.131 2023/05/18 18:29:28 millert Exp $ */ | |||
2 | /* $NetBSD: user.c,v 1.69 2003/04/14 17:40:07 agc Exp $ */ | |||
3 | ||||
4 | /* | |||
5 | * Copyright (c) 1999 Alistair G. Crooks. All rights reserved. | |||
6 | * | |||
7 | * Redistribution and use in source and binary forms, with or without | |||
8 | * modification, are permitted provided that the following conditions | |||
9 | * are met: | |||
10 | * 1. Redistributions of source code must retain the above copyright | |||
11 | * notice, this list of conditions and the following disclaimer. | |||
12 | * 2. Redistributions in binary form must reproduce the above copyright | |||
13 | * notice, this list of conditions and the following disclaimer in the | |||
14 | * documentation and/or other materials provided with the distribution. | |||
15 | * 3. The name of the author may not be used to endorse or promote | |||
16 | * products derived from this software without specific prior written | |||
17 | * permission. | |||
18 | * | |||
19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS | |||
20 | * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |||
21 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | |||
23 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE | |||
25 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |||
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, | |||
27 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |||
28 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |||
29 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |||
30 | */ | |||
31 | ||||
32 | #include <sys/types.h> | |||
33 | #include <sys/stat.h> | |||
34 | #include <sys/wait.h> | |||
35 | ||||
36 | #include <ctype.h> | |||
37 | #include <dirent.h> | |||
38 | #include <err.h> | |||
39 | #include <errno(*__errno()).h> | |||
40 | #include <fcntl.h> | |||
41 | #include <grp.h> | |||
42 | #include <limits.h> | |||
43 | #include <login_cap.h> | |||
44 | #include <paths.h> | |||
45 | #include <pwd.h> | |||
46 | #include <stdio.h> | |||
47 | #include <stdlib.h> | |||
48 | #include <string.h> | |||
49 | #include <syslog.h> | |||
50 | #include <time.h> | |||
51 | #include <unistd.h> | |||
52 | #include <util.h> | |||
53 | ||||
54 | #include "usermgmt.h" | |||
55 | ||||
56 | ||||
57 | /* this struct describes a uid range */ | |||
58 | typedef struct range_t { | |||
59 | uid_t r_from; /* low uid */ | |||
60 | uid_t r_to; /* high uid */ | |||
61 | } range_t; | |||
62 | ||||
63 | /* this struct encapsulates the user information */ | |||
64 | typedef struct user_t { | |||
65 | int u_flags; /* see below */ | |||
66 | uid_t u_uid; /* uid of user */ | |||
67 | char *u_password; /* encrypted password */ | |||
68 | char *u_comment; /* comment field */ | |||
69 | char *u_home; /* home directory */ | |||
70 | char *u_primgrp; /* primary group */ | |||
71 | int u_groupc; /* # of secondary groups */ | |||
72 | const char *u_groupv[NGROUPS_MAX16]; /* secondary groups */ | |||
73 | char *u_shell; /* user's shell */ | |||
74 | char *u_basedir; /* base directory for home */ | |||
75 | char *u_expire; /* when account will expire */ | |||
76 | char *u_inactive; /* when password will expire */ | |||
77 | char *u_skeldir; /* directory for startup files */ | |||
78 | char *u_class; /* login class */ | |||
79 | unsigned int u_rsize; /* size of range array */ | |||
80 | unsigned int u_rc; /* # of ranges */ | |||
81 | range_t *u_rv; /* the ranges */ | |||
82 | unsigned int u_defrc; /* # of ranges in defaults */ | |||
83 | int u_preserve; /* preserve uids on deletion */ | |||
84 | } user_t; | |||
85 | ||||
86 | /* flags for which fields of the user_t replace the passwd entry */ | |||
87 | enum { | |||
88 | F_COMMENT = 0x0001, | |||
89 | F_DUPUID = 0x0002, | |||
90 | F_EXPIRE = 0x0004, | |||
91 | F_GROUP = 0x0008, | |||
92 | F_HOMEDIR = 0x0010, | |||
93 | F_MKDIR = 0x0020, | |||
94 | F_INACTIVE = 0x0040, | |||
95 | F_PASSWORD = 0x0080, | |||
96 | F_SECGROUP = 0x0100, | |||
97 | F_SHELL = 0x0200, | |||
98 | F_UID = 0x0400, | |||
99 | F_USERNAME = 0x0800, | |||
100 | F_CLASS = 0x1000, | |||
101 | F_SETSECGROUP = 0x4000, | |||
102 | F_ACCTLOCK = 0x8000, | |||
103 | F_ACCTUNLOCK = 0x10000 | |||
104 | }; | |||
105 | ||||
106 | /* flags for runas() */ | |||
107 | enum { | |||
108 | RUNAS_DUP_DEVNULL = 0x01, | |||
109 | RUNAS_IGNORE_EXITVAL = 0x02 | |||
110 | }; | |||
111 | ||||
112 | #define CONFFILE"/etc/usermgmt.conf" "/etc/usermgmt.conf" | |||
113 | #define _PATH_NONEXISTENT"/nonexistent" "/nonexistent" | |||
114 | ||||
115 | #ifndef DEF_GROUP"=uid" | |||
116 | #define DEF_GROUP"=uid" "=uid" | |||
117 | #endif | |||
118 | ||||
119 | #ifndef DEF_BASEDIR"/home" | |||
120 | #define DEF_BASEDIR"/home" "/home" | |||
121 | #endif | |||
122 | ||||
123 | #ifndef DEF_SKELDIR"/etc/skel" | |||
124 | #define DEF_SKELDIR"/etc/skel" "/etc/skel" | |||
125 | #endif | |||
126 | ||||
127 | #ifndef DEF_SHELL"/bin/ksh" | |||
128 | #define DEF_SHELL"/bin/ksh" _PATH_KSHELL"/bin/ksh" | |||
129 | #endif | |||
130 | ||||
131 | #ifndef DEF_COMMENT"" | |||
132 | #define DEF_COMMENT"" "" | |||
133 | #endif | |||
134 | ||||
135 | #ifndef DEF_LOWUID1000 | |||
136 | #define DEF_LOWUID1000 1000 | |||
137 | #endif | |||
138 | ||||
139 | #ifndef DEF_HIGHUID60000 | |||
140 | #define DEF_HIGHUID60000 60000 | |||
141 | #endif | |||
142 | ||||
143 | #ifndef DEF_INACTIVE0 | |||
144 | #define DEF_INACTIVE0 0 | |||
145 | #endif | |||
146 | ||||
147 | #ifndef DEF_EXPIRE((void *)0) | |||
148 | #define DEF_EXPIRE((void *)0) NULL((void *)0) | |||
149 | #endif | |||
150 | ||||
151 | #ifndef DEF_CLASS"" | |||
152 | #define DEF_CLASS"" "" | |||
153 | #endif | |||
154 | ||||
155 | #ifndef WAITSECS10 | |||
156 | #define WAITSECS10 10 | |||
157 | #endif | |||
158 | ||||
159 | #ifndef NOBODY_UID32767 | |||
160 | #define NOBODY_UID32767 32767 | |||
161 | #endif | |||
162 | ||||
163 | /* some useful constants */ | |||
164 | enum { | |||
165 | MaxShellNameLen = 256, | |||
166 | MaxFileNameLen = PATH_MAX1024, | |||
167 | MaxUserNameLen = _PW_NAME_LEN31, | |||
168 | MaxCommandLen = 2048, | |||
169 | PasswordLength = _PASSWORD_LEN128, | |||
170 | LowGid = DEF_LOWUID1000, | |||
171 | HighGid = DEF_HIGHUID60000 | |||
172 | }; | |||
173 | ||||
174 | /* Full paths of programs used here */ | |||
175 | #define CHMOD"/bin/chmod" "/bin/chmod" | |||
176 | #define CHOWN"/sbin/chown" "/sbin/chown" | |||
177 | #define MKDIR"/bin/mkdir" "/bin/mkdir" | |||
178 | #define MV"/bin/mv" "/bin/mv" | |||
179 | #define NOLOGIN"/sbin/nologin" "/sbin/nologin" | |||
180 | #define CP"/bin/cp" "/bin/cp" | |||
181 | #define RM"/bin/rm" "/bin/rm" | |||
182 | ||||
183 | #define UNSET_INACTIVE"Null (unset)" "Null (unset)" | |||
184 | #define UNSET_EXPIRY"Null (unset)" "Null (unset)" | |||
185 | ||||
186 | static int adduser(char *, user_t *); | |||
187 | static int append_group(char *, int, const char **); | |||
188 | static int copydotfiles(char *, char *); | |||
189 | static int creategid(char *, gid_t, const char *); | |||
190 | static int getnextgid(uid_t *, uid_t, uid_t); | |||
191 | static int getnextuid(int, uid_t *, uid_t, uid_t); | |||
192 | static int is_local(char *, const char *); | |||
193 | static int modify_gid(char *, char *); | |||
194 | static int moduser(char *, char *, user_t *); | |||
195 | static int removehomedir(const char *, uid_t, const char *); | |||
196 | static int rm_user_from_groups(char *); | |||
197 | static int save_range(user_t *, char *); | |||
198 | static int scantime(time_t *, char *); | |||
199 | static int setdefaults(user_t *); | |||
200 | static int valid_class(char *); | |||
201 | static int valid_group(char *); | |||
202 | static int valid_login(char *); | |||
203 | static size_t expand_len(const char *, const char *); | |||
204 | static struct group *find_group_info(const char *); | |||
205 | static struct passwd *find_user_info(const char *); | |||
206 | static void checkeuid(void); | |||
207 | static void strsave(char **, const char *); | |||
208 | static void read_defaults(user_t *); | |||
209 | ||||
210 | static int verbose; | |||
211 | ||||
212 | /* free *cpp, then store a copy of `s' in it */ | |||
213 | static void | |||
214 | strsave(char **cpp, const char *s) | |||
215 | { | |||
216 | free(*cpp); | |||
217 | if ((*cpp = strdup(s)) == NULL((void *)0)) | |||
218 | err(1, NULL((void *)0)); | |||
219 | } | |||
220 | ||||
221 | /* run the given command with optional arguments as the specified uid */ | |||
222 | static int | |||
223 | runas(const char *path, const char *const argv[], uid_t uid, int flags) | |||
224 | { | |||
225 | int argc, status, ret = 0; | |||
226 | char buf[MaxCommandLen]; | |||
227 | pid_t child; | |||
228 | ||||
229 | strlcpy(buf, path, sizeof(buf)); | |||
230 | for (argc = 1; argv[argc] != NULL((void *)0); argc++) { | |||
231 | strlcat(buf, " ", sizeof(buf)); | |||
232 | strlcat(buf, argv[argc], sizeof(buf)); | |||
233 | } | |||
234 | if (verbose) | |||
235 | printf("Command: %s\n", buf); | |||
236 | ||||
237 | child = fork(); | |||
238 | switch (child) { | |||
239 | case -1: | |||
240 | err(EXIT_FAILURE1, "fork"); | |||
241 | case 0: | |||
242 | if (flags & RUNAS_DUP_DEVNULL) { | |||
243 | /* Redirect output to /dev/null if possible. */ | |||
244 | int dev_null = open(_PATH_DEVNULL"/dev/null", O_RDWR0x0002); | |||
245 | if (dev_null != -1) { | |||
246 | dup2(dev_null, STDOUT_FILENO1); | |||
247 | dup2(dev_null, STDERR_FILENO2); | |||
248 | if (dev_null > STDERR_FILENO2) | |||
249 | close(dev_null); | |||
250 | } else { | |||
251 | warn("%s", _PATH_DEVNULL"/dev/null"); | |||
252 | } | |||
253 | } | |||
254 | if (uid != -1) { | |||
255 | if (setresuid(uid, uid, uid) == -1) | |||
256 | warn("setresuid(%u, %u, %u)", uid, uid, uid); | |||
257 | } | |||
258 | execv(path, (char **)argv); | |||
259 | warn("%s", buf); | |||
260 | _exit(EXIT_FAILURE1); | |||
261 | default: | |||
262 | while (waitpid(child, &status, 0) == -1) { | |||
263 | if (errno(*__errno()) != EINTR4) | |||
264 | err(EXIT_FAILURE1, "waitpid"); | |||
265 | } | |||
266 | if (WIFSIGNALED(status)(((status) & 0177) != 0177 && ((status) & 0177 ) != 0)) { | |||
267 | ret = WTERMSIG(status)(((status) & 0177)); | |||
268 | warnx("[Warning] `%s' killed by signal %d", buf, ret); | |||
269 | ret |= 128; | |||
270 | } else { | |||
271 | if (!(flags & RUNAS_IGNORE_EXITVAL)) | |||
272 | ret = WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff); | |||
273 | if (ret != 0) { | |||
274 | warnx("[Warning] `%s' failed with status %d", | |||
275 | buf, ret); | |||
276 | } | |||
277 | } | |||
278 | return ret; | |||
279 | } | |||
280 | } | |||
281 | ||||
282 | /* run the given command with optional arguments */ | |||
283 | static int | |||
284 | run(const char *path, const char *const argv[]) | |||
285 | { | |||
286 | return runas(path, argv, -1, 0); | |||
287 | } | |||
288 | ||||
289 | /* remove a users home directory, returning 1 for success (ie, no problems encountered) */ | |||
290 | static int | |||
291 | removehomedir(const char *user, uid_t uid, const char *dir) | |||
292 | { | |||
293 | const char *rm_argv[] = { "rm", "-rf", dir, NULL((void *)0) }; | |||
294 | struct stat st; | |||
295 | ||||
296 | /* userid not root? */ | |||
297 | if (uid == 0) { | |||
298 | warnx("Not deleting home directory `%s'; userid is 0", dir); | |||
299 | return 0; | |||
300 | } | |||
301 | ||||
302 | /* directory exists (and is a directory!) */ | |||
303 | if (stat(dir, &st) == -1) { | |||
304 | warnx("Home directory `%s' doesn't exist", dir); | |||
305 | return 0; | |||
306 | } | |||
307 | if (!S_ISDIR(st.st_mode)((st.st_mode & 0170000) == 0040000)) { | |||
308 | warnx("Home directory `%s' is not a directory", dir); | |||
309 | return 0; | |||
310 | } | |||
311 | ||||
312 | /* userid matches directory owner? */ | |||
313 | if (st.st_uid != uid) { | |||
314 | warnx("User `%s' doesn't own directory `%s', not removed", | |||
315 | user, dir); | |||
316 | return 0; | |||
317 | } | |||
318 | ||||
319 | /* run "rm -rf dir 2>&1/dev/null" as user, not root */ | |||
320 | (void) runas(RM"/bin/rm", rm_argv, uid, RUNAS_DUP_DEVNULL|RUNAS_IGNORE_EXITVAL); | |||
321 | if (rmdir(dir) == -1 && errno(*__errno()) != ENOENT2) { | |||
322 | warnx("Unable to remove all files in `%s'", dir); | |||
323 | return 0; | |||
324 | } | |||
325 | return 1; | |||
326 | } | |||
327 | ||||
328 | /* | |||
329 | * check that the effective uid is 0 - called from funcs which will | |||
330 | * modify data and config files. | |||
331 | */ | |||
332 | static void | |||
333 | checkeuid(void) | |||
334 | { | |||
335 | if (geteuid() != 0) { | |||
336 | errx(EXIT_FAILURE1, "Program must be run as root"); | |||
337 | } | |||
338 | } | |||
339 | ||||
340 | /* copy any dot files into the user's home directory */ | |||
341 | static int | |||
342 | copydotfiles(char *skeldir, char *dst) | |||
343 | { | |||
344 | char src[MaxFileNameLen]; | |||
345 | struct dirent *dp; | |||
346 | DIR *dirp; | |||
347 | int len, n; | |||
348 | ||||
349 | if (*skeldir == '\0') | |||
350 | return 0; | |||
351 | if ((dirp = opendir(skeldir)) == NULL((void *)0)) { | |||
352 | warn("can't open source . files dir `%s'", skeldir); | |||
353 | return 0; | |||
354 | } | |||
355 | for (n = 0; (dp = readdir(dirp)) != NULL((void *)0) && n == 0 ; ) { | |||
356 | if (strcmp(dp->d_name, ".") == 0 || | |||
357 | strcmp(dp->d_name, "..") == 0) { | |||
358 | continue; | |||
359 | } | |||
360 | n = 1; | |||
361 | } | |||
362 | (void) closedir(dirp); | |||
363 | if (n == 0) { | |||
364 | warnx("No \"dot\" initialisation files found"); | |||
365 | } else { | |||
366 | len = snprintf(src, sizeof(src), "%s/.", skeldir); | |||
367 | if (len < 0 || len >= sizeof(src)) { | |||
368 | warnx("skeleton directory `%s' too long", skeldir); | |||
369 | n = 0; | |||
370 | } else { | |||
371 | const char *cp_argv[] = { "cp", "-a", src, dst, NULL((void *)0) }; | |||
372 | if (verbose) | |||
373 | cp_argv[1] = "-av"; | |||
374 | run(CP"/bin/cp", cp_argv); | |||
375 | } | |||
376 | } | |||
377 | return n; | |||
378 | } | |||
379 | ||||
380 | /* returns 1 if the specified gid exists in the group file, else 0 */ | |||
381 | static int | |||
382 | gid_exists(gid_t gid) | |||
383 | { | |||
384 | return group_from_gid(gid, 1) != NULL((void *)0); | |||
385 | } | |||
386 | ||||
387 | /* return 1 if the specified group exists in the group file, else 0 */ | |||
388 | static int | |||
389 | group_exists(const char *group) | |||
390 | { | |||
391 | gid_t gid; | |||
392 | ||||
393 | return gid_from_group(group, &gid) != -1; | |||
394 | } | |||
395 | ||||
396 | /* create a group entry with gid `gid' */ | |||
397 | static int | |||
398 | creategid(char *group, gid_t gid, const char *name) | |||
399 | { | |||
400 | struct stat st; | |||
401 | FILE *from; | |||
402 | FILE *to; | |||
403 | char *buf; | |||
404 | char f[MaxFileNameLen]; | |||
405 | int fd, ret; | |||
406 | int wroteit = 0; | |||
407 | size_t len; | |||
408 | ||||
409 | if (group_exists(group)) { | |||
410 | warnx("group `%s' already exists", group); | |||
411 | return 0; | |||
412 | } | |||
413 | if ((from = fopen(_PATH_GROUP"/etc/group", "r")) == NULL((void *)0)) { | |||
414 | warn("can't create gid for `%s': can't open `%s'", group, | |||
415 | _PATH_GROUP"/etc/group"); | |||
416 | return 0; | |||
417 | } | |||
418 | if (flock(fileno(from)(!__isthreaded ? ((from)->_file) : (fileno)(from)), LOCK_EX0x02 | LOCK_NB0x04) == -1) { | |||
419 | warn("can't lock `%s'", _PATH_GROUP"/etc/group"); | |||
420 | } | |||
421 | (void) fstat(fileno(from)(!__isthreaded ? ((from)->_file) : (fileno)(from)), &st); | |||
422 | (void) snprintf(f, sizeof(f), "%s.XXXXXXXX", _PATH_GROUP"/etc/group"); | |||
423 | if ((fd = mkstemp(f)) == -1) { | |||
424 | warn("can't create gid: mkstemp failed"); | |||
425 | fclose(from); | |||
426 | return 0; | |||
427 | } | |||
428 | if ((to = fdopen(fd, "w")) == NULL((void *)0)) { | |||
429 | warn("can't create gid: fdopen `%s' failed", f); | |||
430 | fclose(from); | |||
431 | close(fd); | |||
432 | unlink(f); | |||
433 | return 0; | |||
434 | } | |||
435 | while ((buf = fgetln(from, &len)) != NULL((void *)0) && len > 0) { | |||
436 | ret = 0; | |||
437 | if (buf[0] == '+' && wroteit == 0) { | |||
438 | ret = fprintf(to, "%s:*:%u:%s\n", group, gid, name); | |||
439 | wroteit = 1; | |||
440 | } | |||
441 | if (ret == -1 || | |||
442 | fprintf(to, "%*.*s", (int)len, (int)len, buf) != len) { | |||
443 | warn("can't create gid: short write to `%s'", f); | |||
444 | fclose(from); | |||
445 | fclose(to); | |||
446 | unlink(f); | |||
447 | return 0; | |||
448 | } | |||
449 | } | |||
450 | ret = 0; | |||
451 | if (wroteit == 0) | |||
452 | ret = fprintf(to, "%s:*:%u:%s\n", group, gid, name); | |||
453 | fclose(from); | |||
454 | if (fclose(to) == EOF(-1) || ret == -1) { | |||
455 | warn("can't create gid: short write to `%s'", f); | |||
456 | unlink(f); | |||
457 | return 0; | |||
458 | } | |||
459 | if (rename(f, _PATH_GROUP"/etc/group") == -1) { | |||
460 | warn("can't create gid: can't rename `%s' to `%s'", f, | |||
461 | _PATH_GROUP"/etc/group"); | |||
462 | unlink(f); | |||
463 | return 0; | |||
464 | } | |||
465 | (void) chmod(_PATH_GROUP"/etc/group", st.st_mode & 0777); | |||
466 | syslog(LOG_INFO6, "new group added: name=%s, gid=%u", group, gid); | |||
467 | return 1; | |||
468 | } | |||
469 | ||||
470 | /* modify the group entry with name `group' to be newent */ | |||
471 | static int | |||
472 | modify_gid(char *group, char *newent) | |||
473 | { | |||
474 | struct stat st; | |||
475 | FILE *from; | |||
476 | FILE *to; | |||
477 | char buf[LINE_MAX2048]; | |||
478 | char f[MaxFileNameLen]; | |||
479 | char *colon; | |||
480 | int groupc; | |||
481 | int entc; | |||
482 | int fd; | |||
483 | int cc; | |||
484 | ||||
485 | if ((from = fopen(_PATH_GROUP"/etc/group", "r")) == NULL((void *)0)) { | |||
486 | warn("can't modify gid for `%s': can't open `%s'", group, | |||
487 | _PATH_GROUP"/etc/group"); | |||
488 | return 0; | |||
489 | } | |||
490 | if (flock(fileno(from)(!__isthreaded ? ((from)->_file) : (fileno)(from)), LOCK_EX0x02 | LOCK_NB0x04) == -1) { | |||
491 | warn("can't lock `%s'", _PATH_GROUP"/etc/group"); | |||
492 | } | |||
493 | (void) fstat(fileno(from)(!__isthreaded ? ((from)->_file) : (fileno)(from)), &st); | |||
494 | (void) snprintf(f, sizeof(f), "%s.XXXXXXXX", _PATH_GROUP"/etc/group"); | |||
495 | if ((fd = mkstemp(f)) == -1) { | |||
496 | warn("can't modify gid: mkstemp failed"); | |||
497 | fclose(from); | |||
498 | return 0; | |||
499 | } | |||
500 | if ((to = fdopen(fd, "w")) == NULL((void *)0)) { | |||
501 | warn("can't modify gid: fdopen `%s' failed", f); | |||
502 | fclose(from); | |||
503 | close(fd); | |||
504 | unlink(f); | |||
505 | return 0; | |||
506 | } | |||
507 | groupc = strlen(group); | |||
508 | while (fgets(buf, sizeof(buf), from) != NULL((void *)0)) { | |||
509 | cc = strlen(buf); | |||
510 | if (cc > 0 && buf[cc - 1] != '\n' && !feof(from)(!__isthreaded ? (((from)->_flags & 0x0020) != 0) : (feof )(from))) { | |||
511 | while (fgetc(from) != '\n' && !feof(from)(!__isthreaded ? (((from)->_flags & 0x0020) != 0) : (feof )(from))) | |||
512 | cc++; | |||
513 | warnx("%s: line `%s' too long (%d bytes), skipping", | |||
514 | _PATH_GROUP"/etc/group", buf, cc); | |||
515 | continue; | |||
516 | } | |||
517 | if ((colon = strchr(buf, ':')) == NULL((void *)0)) { | |||
518 | /* | |||
519 | * The only valid entry with no column is the all-YP | |||
520 | * line. | |||
521 | */ | |||
522 | if (strcmp(buf, "+\n") != 0) { | |||
523 | warnx("badly formed entry `%.*s'", cc - 1, buf); | |||
524 | continue; | |||
525 | } | |||
526 | } else { | |||
527 | entc = (int)(colon - buf); | |||
528 | if (entc == groupc && strncmp(group, buf, entc) == 0) { | |||
529 | if (newent == NULL((void *)0)) { | |||
530 | continue; | |||
531 | } else { | |||
532 | cc = strlcpy(buf, newent, sizeof(buf)); | |||
533 | if (cc >= sizeof(buf)) { | |||
534 | warnx("group `%s' entry too long", | |||
535 | newent); | |||
536 | fclose(from); | |||
537 | fclose(to); | |||
538 | unlink(f); | |||
539 | return (0); | |||
540 | } | |||
541 | } | |||
542 | } | |||
543 | } | |||
544 | if (fwrite(buf, cc, 1, to) != 1) { | |||
545 | warn("can't modify gid: short write to `%s'", f); | |||
546 | fclose(from); | |||
547 | fclose(to); | |||
548 | unlink(f); | |||
549 | return 0; | |||
550 | } | |||
551 | } | |||
552 | fclose(from); | |||
553 | if (fclose(to) == EOF(-1)) { | |||
554 | warn("can't modify gid: short write to `%s'", f); | |||
555 | unlink(f); | |||
556 | return 0; | |||
557 | } | |||
558 | if (rename(f, _PATH_GROUP"/etc/group") == -1) { | |||
559 | warn("can't modify gid: can't rename `%s' to `%s'", f, _PATH_GROUP"/etc/group"); | |||
560 | unlink(f); | |||
561 | return 0; | |||
562 | } | |||
563 | (void) chmod(_PATH_GROUP"/etc/group", st.st_mode & 0777); | |||
564 | if (newent == NULL((void *)0)) { | |||
565 | syslog(LOG_INFO6, "group deleted: name=%s", group); | |||
566 | } else { | |||
567 | syslog(LOG_INFO6, "group information modified: name=%s", group); | |||
568 | } | |||
569 | return 1; | |||
570 | } | |||
571 | ||||
572 | /* modify the group entries for all `groups', by adding `user' */ | |||
573 | static int | |||
574 | append_group(char *user, int ngroups, const char **groups) | |||
575 | { | |||
576 | struct group *grp; | |||
577 | struct passwd *pwp; | |||
578 | struct stat st; | |||
579 | FILE *from; | |||
580 | FILE *to; | |||
581 | char buf[LINE_MAX2048]; | |||
582 | char f[MaxFileNameLen]; | |||
583 | char *colon; | |||
584 | const char *ugid = NULL((void *)0); | |||
585 | int fd; | |||
586 | int cc; | |||
587 | int i; | |||
588 | int j; | |||
589 | ||||
590 | if ((pwp = getpwnam(user))) { | |||
591 | if ((ugid = group_from_gid(pwp->pw_gid, 1)) == NULL((void *)0)) { | |||
592 | warnx("can't get primary group for user `%s'", user); | |||
593 | return 0; | |||
594 | } | |||
595 | } | |||
596 | ||||
597 | for (i = 0 ; i < ngroups ; i++) { | |||
598 | if ((grp = getgrnam(groups[i])) == NULL((void *)0)) { | |||
599 | warnx("can't append group `%s' for user `%s'", | |||
600 | groups[i], user); | |||
601 | } else { | |||
602 | for (j = 0 ; grp->gr_mem[j] ; j++) { | |||
603 | if (strcmp(user, grp->gr_mem[j]) == 0) { | |||
604 | /* already in it */ | |||
605 | groups[i] = ""; | |||
606 | } | |||
607 | } | |||
608 | } | |||
609 | } | |||
610 | if ((from = fopen(_PATH_GROUP"/etc/group", "r")) == NULL((void *)0)) { | |||
611 | warn("can't append group for `%s': can't open `%s'", user, | |||
612 | _PATH_GROUP"/etc/group"); | |||
613 | return 0; | |||
614 | } | |||
615 | if (flock(fileno(from)(!__isthreaded ? ((from)->_file) : (fileno)(from)), LOCK_EX0x02 | LOCK_NB0x04) == -1) { | |||
616 | warn("can't lock `%s'", _PATH_GROUP"/etc/group"); | |||
617 | } | |||
618 | (void) fstat(fileno(from)(!__isthreaded ? ((from)->_file) : (fileno)(from)), &st); | |||
619 | (void) snprintf(f, sizeof(f), "%s.XXXXXXXX", _PATH_GROUP"/etc/group"); | |||
620 | if ((fd = mkstemp(f)) == -1) { | |||
621 | warn("can't append group: mkstemp failed"); | |||
622 | fclose(from); | |||
623 | return 0; | |||
624 | } | |||
625 | if ((to = fdopen(fd, "w")) == NULL((void *)0)) { | |||
626 | warn("can't append group: fdopen `%s' failed", f); | |||
627 | fclose(from); | |||
628 | close(fd); | |||
629 | unlink(f); | |||
630 | return 0; | |||
631 | } | |||
632 | while (fgets(buf, sizeof(buf), from) != NULL((void *)0)) { | |||
633 | cc = strlen(buf); | |||
634 | if (cc > 0 && buf[cc - 1] != '\n' && !feof(from)(!__isthreaded ? (((from)->_flags & 0x0020) != 0) : (feof )(from))) { | |||
635 | while (fgetc(from) != '\n' && !feof(from)(!__isthreaded ? (((from)->_flags & 0x0020) != 0) : (feof )(from))) | |||
636 | cc++; | |||
637 | warnx("%s: line `%s' too long (%d bytes), skipping", | |||
638 | _PATH_GROUP"/etc/group", buf, cc); | |||
639 | continue; | |||
640 | } | |||
641 | if ((colon = strchr(buf, ':')) == NULL((void *)0)) { | |||
642 | warnx("badly formed entry `%s'", buf); | |||
643 | continue; | |||
644 | } | |||
645 | for (i = 0 ; i < ngroups ; i++) { | |||
646 | j = (int)(colon - buf); | |||
647 | if (ugid) { | |||
648 | if (strcmp(ugid, groups[i]) == 0) { | |||
649 | /* user's primary group, no need to append */ | |||
650 | groups[i] = ""; | |||
651 | } | |||
652 | } | |||
653 | if (strncmp(groups[i], buf, j) == 0 && | |||
654 | groups[i][j] == '\0') { | |||
655 | while (isspace((unsigned char)buf[cc - 1])) | |||
656 | cc--; | |||
657 | buf[(j = cc)] = '\0'; | |||
658 | if (buf[strlen(buf) - 1] != ':') | |||
659 | strlcat(buf, ",", sizeof(buf)); | |||
660 | cc = strlcat(buf, user, sizeof(buf)) + 1; | |||
661 | if (cc >= sizeof(buf)) { | |||
662 | warnx("Warning: group `%s' would " | |||
663 | "become too long, not modifying", | |||
664 | groups[i]); | |||
665 | cc = j + 1; | |||
666 | } | |||
667 | buf[cc - 1] = '\n'; | |||
668 | buf[cc] = '\0'; | |||
669 | } | |||
670 | } | |||
671 | if (fwrite(buf, cc, 1, to) != 1) { | |||
672 | warn("can't append group: short write to `%s'", f); | |||
673 | fclose(from); | |||
674 | fclose(to); | |||
675 | unlink(f); | |||
676 | return 0; | |||
677 | } | |||
678 | } | |||
679 | fclose(from); | |||
680 | if (fclose(to) == EOF(-1)) { | |||
681 | warn("can't append group: short write to `%s'", f); | |||
682 | unlink(f); | |||
683 | return 0; | |||
684 | } | |||
685 | if (rename(f, _PATH_GROUP"/etc/group") == -1) { | |||
686 | warn("can't append group: can't rename `%s' to `%s'", f, _PATH_GROUP"/etc/group"); | |||
687 | unlink(f); | |||
688 | return 0; | |||
689 | } | |||
690 | (void) chmod(_PATH_GROUP"/etc/group", st.st_mode & 0777); | |||
691 | return 1; | |||
692 | } | |||
693 | ||||
694 | /* return 1 if `login' is a valid login name */ | |||
695 | static int | |||
696 | valid_login(char *login_name) | |||
697 | { | |||
698 | unsigned char *cp; | |||
699 | ||||
700 | /* The first character cannot be a hyphen */ | |||
701 | if (*login_name == '-') | |||
702 | return 0; | |||
703 | ||||
704 | for (cp = login_name ; *cp ; cp++) { | |||
705 | /* We allow '$' as the last character for samba */ | |||
706 | if (!isalnum((unsigned char)*cp) && *cp != '.' && | |||
707 | *cp != '_' && *cp != '-' && | |||
708 | !(*cp == '$' && *(cp + 1) == '\0')) { | |||
709 | return 0; | |||
710 | } | |||
711 | } | |||
712 | if ((char *)cp - login_name > MaxUserNameLen) | |||
713 | return 0; | |||
714 | return 1; | |||
715 | } | |||
716 | ||||
717 | /* return 1 if `group' is a valid group name */ | |||
718 | static int | |||
719 | valid_group(char *group) | |||
720 | { | |||
721 | unsigned char *cp; | |||
722 | ||||
723 | for (cp = group ; *cp ; cp++) { | |||
724 | if (!isalnum((unsigned char)*cp) && *cp != '.' && | |||
725 | *cp != '_' && *cp != '-') { | |||
726 | return 0; | |||
727 | } | |||
728 | } | |||
729 | if ((char *)cp - group > MaxUserNameLen) | |||
730 | return 0; | |||
731 | return 1; | |||
732 | } | |||
733 | ||||
734 | /* return 1 if `class' exists */ | |||
735 | static int | |||
736 | valid_class(char *class) | |||
737 | { | |||
738 | login_cap_t *lc; | |||
739 | ||||
740 | if ((lc = login_getclass(class)) != NULL((void *)0)) | |||
741 | login_close(lc); | |||
742 | return lc != NULL((void *)0); | |||
743 | } | |||
744 | ||||
745 | /* find the next gid in the range lo .. hi */ | |||
746 | static int | |||
747 | getnextgid(uid_t *gidp, uid_t lo, uid_t hi) | |||
748 | { | |||
749 | for (*gidp = lo ; *gidp < hi ; *gidp += 1) { | |||
750 | if (!gid_exists((gid_t)*gidp)) { | |||
751 | return 1; | |||
752 | } | |||
753 | } | |||
754 | return 0; | |||
755 | } | |||
756 | ||||
757 | /* save a range of uids */ | |||
758 | static int | |||
759 | save_range(user_t *up, char *cp) | |||
760 | { | |||
761 | uid_t from; | |||
762 | uid_t to; | |||
763 | int i; | |||
764 | ||||
765 | if (up->u_rc == up->u_rsize) { | |||
766 | up->u_rsize *= 2; | |||
767 | if ((up->u_rv = reallocarray(up->u_rv, up->u_rsize, | |||
768 | sizeof(range_t))) == NULL((void *)0)) { | |||
769 | warn(NULL((void *)0)); | |||
770 | return 0; | |||
771 | } | |||
772 | } | |||
773 | if (up->u_rv && sscanf(cp, "%u..%u", &from, &to) == 2) { | |||
774 | for (i = up->u_defrc ; i < up->u_rc ; i++) { | |||
775 | if (up->u_rv[i].r_from == from && up->u_rv[i].r_to == to) { | |||
776 | break; | |||
777 | } | |||
778 | } | |||
779 | if (i == up->u_rc) { | |||
780 | up->u_rv[up->u_rc].r_from = from; | |||
781 | up->u_rv[up->u_rc].r_to = to; | |||
782 | up->u_rc += 1; | |||
783 | } | |||
784 | } else { | |||
785 | warnx("Bad uid range `%s'", cp); | |||
786 | return 0; | |||
787 | } | |||
788 | return 1; | |||
789 | } | |||
790 | ||||
791 | /* set the defaults in the defaults file */ | |||
792 | static int | |||
793 | setdefaults(user_t *up) | |||
794 | { | |||
795 | char template[MaxFileNameLen]; | |||
796 | FILE *fp; | |||
797 | int ret; | |||
798 | int fd; | |||
799 | int i; | |||
800 | ||||
801 | (void) snprintf(template, sizeof(template), "%s.XXXXXXXX", CONFFILE"/etc/usermgmt.conf"); | |||
802 | if ((fd = mkstemp(template)) == -1) { | |||
803 | warnx("can't mkstemp `%s' for writing", CONFFILE"/etc/usermgmt.conf"); | |||
804 | return 0; | |||
805 | } | |||
806 | if ((fp = fdopen(fd, "w")) == NULL((void *)0)) { | |||
807 | warn("can't fdopen `%s' for writing", CONFFILE"/etc/usermgmt.conf"); | |||
808 | return 0; | |||
809 | } | |||
810 | ret = 1; | |||
811 | if (fprintf(fp, "group\t\t%s\n", up->u_primgrp) <= 0 || | |||
812 | fprintf(fp, "base_dir\t%s\n", up->u_basedir) <= 0 || | |||
813 | fprintf(fp, "skel_dir\t%s\n", up->u_skeldir) <= 0 || | |||
814 | fprintf(fp, "shell\t\t%s\n", up->u_shell) <= 0 || | |||
815 | fprintf(fp, "class\t\t%s\n", up->u_class) <= 0 || | |||
816 | fprintf(fp, "inactive\t%s\n", (up->u_inactive == NULL((void *)0)) ? UNSET_INACTIVE"Null (unset)" : up->u_inactive) <= 0 || | |||
817 | fprintf(fp, "expire\t\t%s\n", (up->u_expire == NULL((void *)0)) ? UNSET_EXPIRY"Null (unset)" : up->u_expire) <= 0 || | |||
818 | fprintf(fp, "preserve\t%s\n", (up->u_preserve == 0) ? "false" : "true") <= 0) { | |||
819 | warn("can't write to `%s'", CONFFILE"/etc/usermgmt.conf"); | |||
820 | ret = 0; | |||
821 | } | |||
822 | for (i = (up->u_defrc != up->u_rc) ? up->u_defrc : 0 ; i < up->u_rc ; i++) { | |||
823 | if (fprintf(fp, "range\t\t%u..%u\n", up->u_rv[i].r_from, up->u_rv[i].r_to) <= 0) { | |||
824 | warn("can't write to `%s'", CONFFILE"/etc/usermgmt.conf"); | |||
825 | ret = 0; | |||
826 | } | |||
827 | } | |||
828 | if (fclose(fp) == EOF(-1)) { | |||
829 | warn("can't write to `%s'", CONFFILE"/etc/usermgmt.conf"); | |||
830 | ret = 0; | |||
831 | } | |||
832 | if (ret) { | |||
833 | ret = ((rename(template, CONFFILE"/etc/usermgmt.conf") == 0) && (chmod(CONFFILE"/etc/usermgmt.conf", 0644) == 0)); | |||
834 | } | |||
835 | return ret; | |||
836 | } | |||
837 | ||||
838 | /* read the defaults file */ | |||
839 | static void | |||
840 | read_defaults(user_t *up) | |||
841 | { | |||
842 | struct stat st; | |||
843 | size_t lineno; | |||
844 | size_t len; | |||
845 | FILE *fp; | |||
846 | unsigned char *cp; | |||
847 | unsigned char *s; | |||
848 | ||||
849 | strsave(&up->u_primgrp, DEF_GROUP"=uid"); | |||
850 | strsave(&up->u_basedir, DEF_BASEDIR"/home"); | |||
851 | strsave(&up->u_skeldir, DEF_SKELDIR"/etc/skel"); | |||
852 | strsave(&up->u_shell, DEF_SHELL"/bin/ksh"); | |||
853 | strsave(&up->u_comment, DEF_COMMENT""); | |||
854 | strsave(&up->u_class, DEF_CLASS""); | |||
855 | up->u_rsize = 16; | |||
856 | up->u_defrc = 0; | |||
857 | if ((up->u_rv = calloc(up->u_rsize, sizeof(range_t))) == NULL((void *)0)) | |||
858 | err(1, NULL((void *)0)); | |||
859 | up->u_inactive = DEF_INACTIVE0; | |||
860 | up->u_expire = DEF_EXPIRE((void *)0); | |||
861 | if ((fp = fopen(CONFFILE"/etc/usermgmt.conf", "r")) == NULL((void *)0)) { | |||
862 | if (stat(CONFFILE"/etc/usermgmt.conf", &st) == -1 && !setdefaults(up)) { | |||
863 | warn("can't create `%s' defaults file", CONFFILE"/etc/usermgmt.conf"); | |||
864 | } | |||
865 | fp = fopen(CONFFILE"/etc/usermgmt.conf", "r"); | |||
866 | } | |||
867 | if (fp != NULL((void *)0)) { | |||
868 | while ((s = fparseln(fp, &len, &lineno, NULL((void *)0), 0)) != NULL((void *)0)) { | |||
869 | if (strncmp(s, "group", 5) == 0) { | |||
870 | for (cp = s + 5 ; isspace((unsigned char)*cp); cp++) { | |||
871 | } | |||
872 | strsave(&up->u_primgrp, cp); | |||
873 | } else if (strncmp(s, "base_dir", 8) == 0) { | |||
874 | for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { | |||
875 | } | |||
876 | strsave(&up->u_basedir, cp); | |||
877 | } else if (strncmp(s, "skel_dir", 8) == 0) { | |||
878 | for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { | |||
879 | } | |||
880 | strsave(&up->u_skeldir, cp); | |||
881 | } else if (strncmp(s, "shell", 5) == 0) { | |||
882 | for (cp = s + 5 ; isspace((unsigned char)*cp); cp++) { | |||
883 | } | |||
884 | strsave(&up->u_shell, cp); | |||
885 | } else if (strncmp(s, "password", 8) == 0) { | |||
886 | for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { | |||
887 | } | |||
888 | strsave(&up->u_password, cp); | |||
889 | } else if (strncmp(s, "class", 5) == 0) { | |||
890 | for (cp = s + 5 ; isspace((unsigned char)*cp); cp++) { | |||
891 | } | |||
892 | strsave(&up->u_class, cp); | |||
893 | } else if (strncmp(s, "inactive", 8) == 0) { | |||
894 | for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { | |||
895 | } | |||
896 | if (strcmp(cp, UNSET_INACTIVE"Null (unset)") == 0) { | |||
897 | free(up->u_inactive); | |||
898 | up->u_inactive = NULL((void *)0); | |||
899 | } else { | |||
900 | strsave(&up->u_inactive, cp); | |||
901 | } | |||
902 | } else if (strncmp(s, "range", 5) == 0) { | |||
903 | for (cp = s + 5 ; isspace((unsigned char)*cp); cp++) { | |||
904 | } | |||
905 | (void) save_range(up, cp); | |||
906 | } else if (strncmp(s, "preserve", 8) == 0) { | |||
907 | for (cp = s + 8 ; isspace((unsigned char)*cp); cp++) { | |||
908 | } | |||
909 | up->u_preserve = (strncmp(cp, "true", 4) == 0) ? 1 : | |||
910 | (strncmp(cp, "yes", 3) == 0) ? 1 : | |||
911 | strtonum(cp, INT_MIN(-0x7fffffff-1), INT_MAX0x7fffffff, NULL((void *)0)); | |||
912 | } else if (strncmp(s, "expire", 6) == 0) { | |||
913 | for (cp = s + 6 ; isspace((unsigned char)*cp); cp++) { | |||
914 | } | |||
915 | if (strcmp(cp, UNSET_EXPIRY"Null (unset)") == 0) { | |||
916 | free(up->u_expire); | |||
917 | up->u_expire = NULL((void *)0); | |||
918 | } else { | |||
919 | strsave(&up->u_expire, cp); | |||
920 | } | |||
921 | } | |||
922 | free(s); | |||
923 | } | |||
924 | fclose(fp); | |||
925 | } | |||
926 | if (up->u_rc == 0) { | |||
927 | up->u_rv[up->u_rc].r_from = DEF_LOWUID1000; | |||
928 | up->u_rv[up->u_rc].r_to = DEF_HIGHUID60000; | |||
929 | up->u_rc += 1; | |||
930 | } | |||
931 | up->u_defrc = up->u_rc; | |||
932 | } | |||
933 | ||||
934 | /* return 1 if the specified uid exists in the passwd file, else 0 */ | |||
935 | static int | |||
936 | uid_exists(uid_t uid) | |||
937 | { | |||
938 | return user_from_uid(uid, 1) != NULL((void *)0); | |||
939 | } | |||
940 | ||||
941 | /* return 1 if the specified user exists in the passwd file, else 0 */ | |||
942 | static int | |||
943 | user_exists(const char *user) | |||
944 | { | |||
945 | uid_t uid; | |||
946 | ||||
947 | return uid_from_user(user, &uid) != -1; | |||
948 | } | |||
949 | ||||
950 | /* return the next valid unused uid */ | |||
951 | static int | |||
952 | getnextuid(int sync_uid_gid, uid_t *uid, uid_t low_uid, uid_t high_uid) | |||
953 | { | |||
954 | for (*uid = low_uid ; *uid <= high_uid ; (*uid)++) { | |||
955 | if (!uid_exists((uid_t)*uid) && *uid != NOBODY_UID32767) { | |||
956 | if (sync_uid_gid) { | |||
957 | if (!gid_exists((gid_t)*uid)) { | |||
958 | return 1; | |||
959 | } | |||
960 | } else { | |||
961 | return 1; | |||
962 | } | |||
963 | } | |||
964 | } | |||
965 | return 0; | |||
966 | } | |||
967 | ||||
968 | /* look for a valid time, return 0 if it was specified but bad */ | |||
969 | static int | |||
970 | scantime(time_t *tp, char *s) | |||
971 | { | |||
972 | struct tm tm; | |||
973 | ||||
974 | *tp = 0; | |||
975 | if (s != NULL((void *)0)) { | |||
976 | memset(&tm, 0, sizeof(tm)); | |||
977 | tm.tm_isdst = -1; | |||
978 | if (strptime(s, "%c", &tm) != NULL((void *)0)) { | |||
979 | *tp = mktime(&tm); | |||
980 | } else if (strptime(s, "%B %d %Y", &tm) != NULL((void *)0)) { | |||
981 | *tp = mktime(&tm); | |||
982 | } else if (isdigit((unsigned char) s[0]) != 0) { | |||
983 | *tp = (time_t)atoll(s); | |||
984 | } else { | |||
985 | return 0; | |||
986 | } | |||
987 | } | |||
988 | return 1; | |||
989 | } | |||
990 | ||||
991 | /* compute the extra length '&' expansion consumes */ | |||
992 | static size_t | |||
993 | expand_len(const char *p, const char *username) | |||
994 | { | |||
995 | size_t alen; | |||
996 | size_t ulen; | |||
997 | ||||
998 | ulen = strlen(username); | |||
999 | for (alen = 0; *p != '\0'; p++) | |||
1000 | if (*p == '&') | |||
1001 | alen += ulen - 1; | |||
1002 | return alen; | |||
1003 | } | |||
1004 | ||||
1005 | /* see if we can find out the user struct */ | |||
1006 | static struct passwd * | |||
1007 | find_user_info(const char *name) | |||
1008 | { | |||
1009 | struct passwd *pwp; | |||
1010 | const char *errstr; | |||
1011 | uid_t uid; | |||
1012 | ||||
1013 | if ((pwp = getpwnam(name)) == NULL((void *)0)) { | |||
1014 | uid = strtonum(name, -1, UID_MAX0xffffffffU, &errstr); | |||
1015 | if (errstr == NULL((void *)0)) | |||
1016 | pwp = getpwuid(uid); | |||
1017 | } | |||
1018 | return pwp; | |||
1019 | } | |||
1020 | ||||
1021 | /* see if we can find out the group struct */ | |||
1022 | static struct group * | |||
1023 | find_group_info(const char *name) | |||
1024 | { | |||
1025 | struct group *grp; | |||
1026 | const char *errstr; | |||
1027 | gid_t gid; | |||
1028 | ||||
1029 | if ((grp = getgrnam(name)) == NULL((void *)0)) { | |||
1030 | gid = strtonum(name, -1, GID_MAX0xffffffffU, &errstr); | |||
1031 | if (errstr == NULL((void *)0)) | |||
1032 | grp = getgrgid(gid); | |||
1033 | } | |||
1034 | return grp; | |||
1035 | } | |||
1036 | ||||
1037 | /* add a user */ | |||
1038 | static int | |||
1039 | adduser(char *login_name, user_t *up) | |||
1040 | { | |||
1041 | struct group *grp; | |||
1042 | struct stat st; | |||
1043 | time_t expire; | |||
1044 | time_t inactive; | |||
1045 | char password[PasswordLength + 1]; | |||
1046 | char home[MaxFileNameLen]; | |||
1047 | char buf[LINE_MAX2048]; | |||
1048 | int sync_uid_gid; | |||
1049 | int masterfd; | |||
1050 | int ptmpfd; | |||
1051 | gid_t gid; | |||
1052 | int cc; | |||
1053 | int i, yp = 0; | |||
1054 | FILE *fp; | |||
1055 | ||||
1056 | if (!valid_login(login_name)) { | |||
1057 | errx(EXIT_FAILURE1, "`%s' is not a valid login name", login_name); | |||
1058 | } | |||
1059 | if (!valid_class(up->u_class)) { | |||
1060 | errx(EXIT_FAILURE1, "No such login class `%s'", up->u_class); | |||
1061 | } | |||
1062 | if ((masterfd = open(_PATH_MASTERPASSWD"/etc/master.passwd", O_RDONLY0x0000)) == -1) { | |||
1063 | err(EXIT_FAILURE1, "can't open `%s'", _PATH_MASTERPASSWD"/etc/master.passwd"); | |||
1064 | } | |||
1065 | if (flock(masterfd, LOCK_EX0x02 | LOCK_NB0x04) == -1) { | |||
1066 | err(EXIT_FAILURE1, "can't lock `%s'", _PATH_MASTERPASSWD"/etc/master.passwd"); | |||
1067 | } | |||
1068 | pw_init(); | |||
1069 | if ((ptmpfd = pw_lock(WAITSECS10)) == -1) { | |||
1070 | int saved_errno = errno(*__errno()); | |||
1071 | close(masterfd); | |||
1072 | errc(EXIT_FAILURE1, saved_errno, "can't obtain pw_lock"); | |||
1073 | } | |||
1074 | if ((fp = fdopen(masterfd, "r")) == NULL((void *)0)) { | |||
1075 | int saved_errno = errno(*__errno()); | |||
1076 | close(masterfd); | |||
1077 | close(ptmpfd); | |||
1078 | pw_abort(); | |||
1079 | errc(EXIT_FAILURE1, saved_errno, | |||
1080 | "can't fdopen `%s' for reading", _PATH_MASTERPASSWD"/etc/master.passwd"); | |||
1081 | } | |||
1082 | while (fgets(buf, sizeof(buf), fp) != NULL((void *)0)) { | |||
1083 | cc = strlen(buf); | |||
1084 | /* | |||
1085 | * Stop copying the file at the yp entry; we want to | |||
1086 | * put the new user before it, and preserve entries | |||
1087 | * after the yp entry. | |||
1088 | */ | |||
1089 | if (cc > 1 && buf[0] == '+' && buf[1] == ':') { | |||
1090 | yp = 1; | |||
1091 | break; | |||
1092 | } | |||
1093 | if (write(ptmpfd, buf, (size_t)(cc)) != cc) { | |||
1094 | int saved_errno = errno(*__errno()); | |||
1095 | fclose(fp); | |||
1096 | close(ptmpfd); | |||
1097 | pw_abort(); | |||
1098 | errc(EXIT_FAILURE1, saved_errno, | |||
1099 | "short write to /etc/ptmp (not %d chars)", cc); | |||
1100 | } | |||
1101 | } | |||
1102 | if (ferror(fp)(!__isthreaded ? (((fp)->_flags & 0x0040) != 0) : (ferror )(fp))) { | |||
1103 | int saved_errno = errno(*__errno()); | |||
1104 | fclose(fp); | |||
1105 | close(ptmpfd); | |||
1106 | pw_abort(); | |||
1107 | errc(EXIT_FAILURE1, saved_errno, "read error on %s", | |||
1108 | _PATH_MASTERPASSWD"/etc/master.passwd"); | |||
1109 | } | |||
1110 | /* if no uid was specified, get next one in [low_uid..high_uid] range */ | |||
1111 | sync_uid_gid = (strcmp(up->u_primgrp, "=uid") == 0); | |||
1112 | if (up->u_uid == -1) { | |||
1113 | int got_id = 0; | |||
1114 | ||||
1115 | /* | |||
1116 | * Look for a free UID in the command line ranges (if any). | |||
1117 | * These start after the ranges specified in the config file. | |||
1118 | */ | |||
1119 | for (i = up->u_defrc; got_id == 0 && i < up->u_rc ; i++) { | |||
1120 | got_id = getnextuid(sync_uid_gid, &up->u_uid, | |||
1121 | up->u_rv[i].r_from, up->u_rv[i].r_to); | |||
1122 | } | |||
1123 | /* | |||
1124 | * If there were no free UIDs in the command line ranges, | |||
1125 | * try the ranges from the config file (there will always | |||
1126 | * be at least one default). | |||
1127 | */ | |||
1128 | if (got_id == 0) { | |||
1129 | for (i = 0; got_id == 0 && i < up->u_defrc; i++) { | |||
1130 | got_id = getnextuid(sync_uid_gid, &up->u_uid, | |||
1131 | up->u_rv[i].r_from, up->u_rv[i].r_to); | |||
1132 | } | |||
1133 | } | |||
1134 | if (got_id == 0) { | |||
1135 | close(ptmpfd); | |||
1136 | pw_abort(); | |||
1137 | errx(EXIT_FAILURE1, "can't get next uid for %u", up->u_uid); | |||
1138 | } | |||
1139 | } | |||
1140 | /* check uid isn't already allocated */ | |||
1141 | if (!(up->u_flags & F_DUPUID) && uid_exists((uid_t)up->u_uid)) { | |||
1142 | close(ptmpfd); | |||
1143 | pw_abort(); | |||
1144 | errx(EXIT_FAILURE1, "uid %u is already in use", up->u_uid); | |||
1145 | } | |||
1146 | /* if -g=uid was specified, check gid is unused */ | |||
1147 | if (sync_uid_gid) { | |||
1148 | if (gid_exists((gid_t)up->u_uid)) { | |||
1149 | close(ptmpfd); | |||
1150 | pw_abort(); | |||
1151 | errx(EXIT_FAILURE1, "gid %u is already in use", up->u_uid); | |||
1152 | } | |||
1153 | gid = up->u_uid; | |||
1154 | } else { | |||
1155 | if ((grp = find_group_info(up->u_primgrp)) == NULL((void *)0)) { | |||
1156 | close(ptmpfd); | |||
1157 | pw_abort(); | |||
1158 | errx(EXIT_FAILURE1, "group %s not found", up->u_primgrp); | |||
1159 | } | |||
1160 | gid = grp->gr_gid; | |||
1161 | } | |||
1162 | /* check name isn't already in use */ | |||
1163 | if (!(up->u_flags & F_DUPUID) && user_exists(login_name)) { | |||
1164 | close(ptmpfd); | |||
1165 | pw_abort(); | |||
1166 | errx(EXIT_FAILURE1, "already a `%s' user", login_name); | |||
1167 | } | |||
1168 | if (up->u_flags & F_HOMEDIR) { | |||
1169 | if (strlcpy(home, up->u_home, sizeof(home)) >= sizeof(home)) { | |||
1170 | close(ptmpfd); | |||
1171 | pw_abort(); | |||
1172 | errx(EXIT_FAILURE1, "home directory `%s' too long", | |||
1173 | up->u_home); | |||
1174 | } | |||
1175 | } else { | |||
1176 | /* if home directory hasn't been given, make it up */ | |||
1177 | if (snprintf(home, sizeof(home), "%s/%s", up->u_basedir, | |||
1178 | login_name) >= sizeof(home)) { | |||
1179 | close(ptmpfd); | |||
1180 | pw_abort(); | |||
1181 | errx(EXIT_FAILURE1, "home directory `%s/%s' too long", | |||
1182 | up->u_basedir, login_name); | |||
1183 | } | |||
1184 | } | |||
1185 | if (!scantime(&inactive, up->u_inactive)) { | |||
1186 | warnx("Warning: inactive time `%s' invalid, password expiry off", | |||
1187 | up->u_inactive); | |||
1188 | } | |||
1189 | if (!scantime(&expire, up->u_expire)) { | |||
1190 | warnx("Warning: expire time `%s' invalid, account expiry off", | |||
1191 | up->u_expire); | |||
1192 | } | |||
1193 | if (lstat(home, &st) == -1 && !(up->u_flags & F_MKDIR) && | |||
1194 | strcmp(home, _PATH_NONEXISTENT"/nonexistent") != 0) { | |||
1195 | warnx("Warning: home directory `%s' doesn't exist, and -m was" | |||
1196 | " not specified", home); | |||
1197 | } | |||
1198 | (void) strlcpy(password, up->u_password ? up->u_password : "*", | |||
1199 | sizeof(password)); | |||
1200 | cc = snprintf(buf, sizeof(buf), "%s:%s:%u:%u:%s:%lld:%lld:%s:%s:%s\n", | |||
1201 | login_name, | |||
1202 | password, | |||
1203 | up->u_uid, | |||
1204 | gid, | |||
1205 | up->u_class, | |||
1206 | (long long) inactive, | |||
1207 | (long long) expire, | |||
1208 | up->u_comment, | |||
1209 | home, | |||
1210 | up->u_shell); | |||
1211 | if (cc >= sizeof(buf) || cc < 0 || | |||
1212 | cc + expand_len(up->u_comment, login_name) >= 1023) { | |||
1213 | close(ptmpfd); | |||
1214 | pw_abort(); | |||
1215 | errx(EXIT_FAILURE1, "can't add `%s', line too long", buf); | |||
1216 | } | |||
1217 | if (write(ptmpfd, buf, (size_t) cc) != cc) { | |||
1218 | int saved_errno = errno(*__errno()); | |||
1219 | close(ptmpfd); | |||
1220 | pw_abort(); | |||
1221 | errc(EXIT_FAILURE1, saved_errno, "can't add `%s'", buf); | |||
1222 | } | |||
1223 | if (yp) { | |||
1224 | /* put back the + line */ | |||
1225 | cc = snprintf(buf, sizeof(buf), "+:*::::::::\n"); | |||
1226 | if (cc < 0 || cc >= sizeof(buf)) { | |||
1227 | close(ptmpfd); | |||
1228 | pw_abort(); | |||
1229 | errx(EXIT_FAILURE1, "can't add `%s', line too long", buf); | |||
1230 | } | |||
1231 | if (write(ptmpfd, buf, (size_t) cc) != cc) { | |||
1232 | int saved_errno = errno(*__errno()); | |||
1233 | close(ptmpfd); | |||
1234 | pw_abort(); | |||
1235 | errc(EXIT_FAILURE1, saved_errno, "can't add `%s'", buf); | |||
1236 | } | |||
1237 | /* copy the entries following it, if any */ | |||
1238 | while (fgets(buf, sizeof(buf), fp) != NULL((void *)0)) { | |||
1239 | cc = strlen(buf); | |||
1240 | if (write(ptmpfd, buf, (size_t)(cc)) != cc) { | |||
1241 | int saved_errno = errno(*__errno()); | |||
1242 | fclose(fp); | |||
1243 | close(ptmpfd); | |||
1244 | pw_abort(); | |||
1245 | errc(EXIT_FAILURE1, saved_errno, | |||
1246 | "short write to /etc/ptmp (not %d chars)", | |||
1247 | cc); | |||
1248 | } | |||
1249 | } | |||
1250 | if (ferror(fp)(!__isthreaded ? (((fp)->_flags & 0x0040) != 0) : (ferror )(fp))) { | |||
1251 | int saved_errno = errno(*__errno()); | |||
1252 | fclose(fp); | |||
1253 | close(ptmpfd); | |||
1254 | pw_abort(); | |||
1255 | errc(EXIT_FAILURE1, saved_errno, "read error on %s", | |||
1256 | _PATH_MASTERPASSWD"/etc/master.passwd"); | |||
1257 | } | |||
1258 | } | |||
1259 | if (up->u_flags & F_MKDIR) { | |||
1260 | if (lstat(home, &st) == 0) { | |||
1261 | close(ptmpfd); | |||
1262 | pw_abort(); | |||
1263 | errx(EXIT_FAILURE1, "home directory `%s' already exists", | |||
1264 | home); | |||
1265 | } else { | |||
1266 | char idstr[64]; | |||
1267 | const char *mkdir_argv[] = | |||
1268 | { "mkdir", "-p", home, NULL((void *)0) }; | |||
1269 | const char *chown_argv[] = | |||
1270 | { "chown", "-RP", idstr, home, NULL((void *)0) }; | |||
1271 | const char *chmod_argv[] = | |||
1272 | { "chmod", "-R", "u+w", home, NULL((void *)0) }; | |||
1273 | ||||
1274 | if (run(MKDIR"/bin/mkdir", mkdir_argv) != 0) { | |||
1275 | int saved_errno = errno(*__errno()); | |||
1276 | close(ptmpfd); | |||
1277 | pw_abort(); | |||
1278 | errc(EXIT_FAILURE1, saved_errno, | |||
1279 | "can't mkdir `%s'", home); | |||
1280 | } | |||
1281 | (void) copydotfiles(up->u_skeldir, home); | |||
1282 | (void) snprintf(idstr, sizeof(idstr), "%u:%u", | |||
1283 | up->u_uid, gid); | |||
1284 | (void) run(CHOWN"/sbin/chown", chown_argv); | |||
1285 | (void) run(CHMOD"/bin/chmod", chmod_argv); | |||
1286 | } | |||
1287 | } | |||
1288 | if (strcmp(up->u_primgrp, "=uid") == 0 && !group_exists(login_name) && | |||
1289 | !creategid(login_name, gid, "")) { | |||
1290 | close(ptmpfd); | |||
1291 | pw_abort(); | |||
1292 | errx(EXIT_FAILURE1, "can't create gid %u for login name %s", | |||
1293 | gid, login_name); | |||
1294 | } | |||
1295 | if (up->u_groupc > 0 && !append_group(login_name, up->u_groupc, up->u_groupv)) { | |||
1296 | close(ptmpfd); | |||
1297 | pw_abort(); | |||
1298 | errx(EXIT_FAILURE1, "can't append `%s' to new groups", login_name); | |||
1299 | } | |||
1300 | fclose(fp); | |||
1301 | close(ptmpfd); | |||
1302 | if (pw_mkdb(yp ? NULL((void *)0) : login_name, 0) == -1) { | |||
1303 | pw_abort(); | |||
1304 | err(EXIT_FAILURE1, "pw_mkdb failed"); | |||
1305 | } | |||
1306 | syslog(LOG_INFO6, "new user added: name=%s, uid=%u, gid=%u, home=%s, shell=%s", | |||
1307 | login_name, up->u_uid, gid, home, up->u_shell); | |||
1308 | return 1; | |||
1309 | } | |||
1310 | ||||
1311 | /* remove a user from the groups file */ | |||
1312 | static int | |||
1313 | rm_user_from_groups(char *login_name) | |||
1314 | { | |||
1315 | struct stat st; | |||
1316 | size_t login_len; | |||
1317 | FILE *from; | |||
1318 | FILE *to; | |||
1319 | char buf[LINE_MAX2048]; | |||
1320 | char f[MaxFileNameLen]; | |||
1321 | char *cp, *ep; | |||
1322 | int fd; | |||
1323 | int cc; | |||
1324 | ||||
1325 | login_len = strlen(login_name); | |||
1326 | if ((from = fopen(_PATH_GROUP"/etc/group", "r")) == NULL((void *)0)) { | |||
1327 | warn("can't remove gid for `%s': can't open `%s'", | |||
1328 | login_name, _PATH_GROUP"/etc/group"); | |||
1329 | return 0; | |||
1330 | } | |||
1331 | if (flock(fileno(from)(!__isthreaded ? ((from)->_file) : (fileno)(from)), LOCK_EX0x02 | LOCK_NB0x04) == -1) { | |||
1332 | warn("can't lock `%s'", _PATH_GROUP"/etc/group"); | |||
1333 | } | |||
1334 | (void) fstat(fileno(from)(!__isthreaded ? ((from)->_file) : (fileno)(from)), &st); | |||
1335 | (void) snprintf(f, sizeof(f), "%s.XXXXXXXX", _PATH_GROUP"/etc/group"); | |||
1336 | if ((fd = mkstemp(f)) == -1) { | |||
1337 | warn("can't remove gid for `%s': mkstemp failed", login_name); | |||
1338 | fclose(from); | |||
1339 | return 0; | |||
1340 | } | |||
1341 | if ((to = fdopen(fd, "w")) == NULL((void *)0)) { | |||
1342 | warn("can't remove gid for `%s': fdopen `%s' failed", | |||
1343 | login_name, f); | |||
1344 | fclose(from); | |||
1345 | close(fd); | |||
1346 | unlink(f); | |||
1347 | return 0; | |||
1348 | } | |||
1349 | while (fgets(buf, sizeof(buf), from) != NULL((void *)0)) { | |||
1350 | cc = strlen(buf); | |||
1351 | if (cc > 0 && buf[cc - 1] != '\n' && !feof(from)(!__isthreaded ? (((from)->_flags & 0x0020) != 0) : (feof )(from))) { | |||
1352 | while (fgetc(from) != '\n' && !feof(from)(!__isthreaded ? (((from)->_flags & 0x0020) != 0) : (feof )(from))) | |||
1353 | cc++; | |||
1354 | warnx("%s: line `%s' too long (%d bytes), skipping", | |||
1355 | _PATH_GROUP"/etc/group", buf, cc); | |||
1356 | continue; | |||
1357 | } | |||
1358 | ||||
1359 | /* Break out the group list. */ | |||
1360 | for (cp = buf, cc = 0; *cp != '\0' && cc < 3; cp++) { | |||
1361 | if (*cp == ':') | |||
1362 | cc++; | |||
1363 | } | |||
1364 | if (cc != 3) { | |||
1365 | buf[strcspn(buf, "\n")] = '\0'; | |||
1366 | warnx("Malformed entry `%s'. Skipping", buf); | |||
1367 | continue; | |||
1368 | } | |||
1369 | while ((cp = strstr(cp, login_name)) != NULL((void *)0)) { | |||
1370 | if ((cp[-1] == ':' || cp[-1] == ',') && | |||
1371 | (cp[login_len] == ',' || cp[login_len] == '\n')) { | |||
1372 | ep = cp + login_len; | |||
1373 | if (cp[login_len] == ',') | |||
1374 | ep++; | |||
1375 | else if (cp[-1] == ',') | |||
1376 | cp--; | |||
1377 | memmove(cp, ep, strlen(ep) + 1); | |||
1378 | } else { | |||
1379 | if ((cp = strchr(cp, ',')) == NULL((void *)0)) | |||
1380 | break; | |||
1381 | cp++; | |||
1382 | } | |||
1383 | } | |||
1384 | if (fwrite(buf, strlen(buf), 1, to) != 1) { | |||
1385 | warn("can't remove gid for `%s': short write to `%s'", | |||
1386 | login_name, f); | |||
1387 | fclose(from); | |||
1388 | fclose(to); | |||
1389 | unlink(f); | |||
1390 | return 0; | |||
1391 | } | |||
1392 | } | |||
1393 | (void) fchmod(fileno(to)(!__isthreaded ? ((to)->_file) : (fileno)(to)), st.st_mode & 0777); | |||
1394 | fclose(from); | |||
1395 | if (fclose(to) == EOF(-1)) { | |||
1396 | warn("can't remove gid for `%s': short write to `%s'", | |||
1397 | login_name, f); | |||
1398 | unlink(f); | |||
1399 | return 0; | |||
1400 | } | |||
1401 | if (rename(f, _PATH_GROUP"/etc/group") == -1) { | |||
1402 | warn("can't remove gid for `%s': can't rename `%s' to `%s'", | |||
1403 | login_name, f, _PATH_GROUP"/etc/group"); | |||
1404 | unlink(f); | |||
1405 | return 0; | |||
1406 | } | |||
1407 | return 1; | |||
1408 | } | |||
1409 | ||||
1410 | /* check that the user or group is local, not from YP/NIS */ | |||
1411 | static int | |||
1412 | is_local(char *name, const char *file) | |||
1413 | { | |||
1414 | FILE *fp; | |||
1415 | char buf[LINE_MAX2048]; | |||
1416 | size_t len; | |||
1417 | int ret; | |||
1418 | int cc; | |||
1419 | ||||
1420 | if ((fp = fopen(file, "r")) == NULL((void *)0)) { | |||
1421 | err(EXIT_FAILURE1, "can't open `%s'", file); | |||
1422 | } | |||
1423 | len = strlen(name); | |||
1424 | for (ret = 0 ; fgets(buf, sizeof(buf), fp) != NULL((void *)0) ; ) { | |||
1425 | cc = strlen(buf); | |||
1426 | if (cc > 0 && buf[cc - 1] != '\n' && !feof(fp)(!__isthreaded ? (((fp)->_flags & 0x0020) != 0) : (feof )(fp))) { | |||
1427 | while (fgetc(fp) != '\n' && !feof(fp)(!__isthreaded ? (((fp)->_flags & 0x0020) != 0) : (feof )(fp))) | |||
1428 | cc++; | |||
1429 | warnx("%s: line `%s' too long (%d bytes), skipping", | |||
1430 | file, buf, cc); | |||
1431 | continue; | |||
1432 | } | |||
1433 | if (strncmp(buf, name, len) == 0 && buf[len] == ':') { | |||
1434 | ret = 1; | |||
1435 | break; | |||
1436 | } | |||
1437 | } | |||
1438 | fclose(fp); | |||
1439 | return ret; | |||
1440 | } | |||
1441 | ||||
1442 | /* modify a user */ | |||
1443 | static int | |||
1444 | moduser(char *login_name, char *newlogin, user_t *up) | |||
1445 | { | |||
1446 | struct passwd *pwp = NULL((void *)0); | |||
1447 | struct group *grp; | |||
1448 | const char *homedir; | |||
1449 | char buf[LINE_MAX2048]; | |||
1450 | char acctlock_str[] = "-"; | |||
1451 | char pwlock_str[] = "*"; | |||
1452 | char pw_len[PasswordLength + 1]; | |||
1453 | char shell_len[MaxShellNameLen]; | |||
1454 | char *shell_last_char; | |||
1455 | size_t colonc, loginc; | |||
1456 | size_t cc; | |||
1457 | size_t shell_buf; | |||
1458 | FILE *master; | |||
1459 | char newdir[MaxFileNameLen]; | |||
1460 | char *colon; | |||
1461 | char *pw_tmp = NULL((void *)0); | |||
1462 | char *shell_tmp = NULL((void *)0); | |||
1463 | int len; | |||
1464 | int locked = 0; | |||
1465 | int unlocked = 0; | |||
1466 | int masterfd; | |||
1467 | int ptmpfd; | |||
1468 | int rval; | |||
1469 | int i; | |||
1470 | ||||
1471 | if (!valid_login(newlogin)) { | |||
1472 | errx(EXIT_FAILURE1, "`%s' is not a valid login name", login_name); | |||
1473 | } | |||
1474 | if ((pwp = getpwnam_shadow(login_name)) == NULL((void *)0)) { | |||
1475 | errx(EXIT_FAILURE1, "No such user `%s'", login_name); | |||
1476 | } | |||
1477 | if (up != NULL((void *)0)) { | |||
1478 | if ((*pwp->pw_passwd != '\0') && | |||
1479 | (up->u_flags & F_PASSWORD) == 0) { | |||
1480 | up->u_flags |= F_PASSWORD; | |||
1481 | strsave(&up->u_password, pwp->pw_passwd); | |||
1482 | explicit_bzero(pwp->pw_passwd, strlen(pwp->pw_passwd)); | |||
1483 | } | |||
1484 | } | |||
1485 | endpwent(); | |||
1486 | ||||
1487 | if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", | |||
1488 | NULL((void *)0)) == -1) | |||
1489 | err(1, "pledge"); | |||
1490 | ||||
1491 | if (!is_local(login_name, _PATH_MASTERPASSWD"/etc/master.passwd")) { | |||
1492 | errx(EXIT_FAILURE1, "User `%s' must be a local user", login_name); | |||
1493 | } | |||
1494 | if (up != NULL((void *)0)) { | |||
1495 | if ((up->u_flags & (F_ACCTLOCK | F_ACCTUNLOCK)) && (pwp->pw_uid < 1000)) | |||
1496 | errx(EXIT_FAILURE1, "(un)locking is not supported for the `%s' account", pwp->pw_name); | |||
1497 | } | |||
1498 | /* keep dir name in case we need it for '-m' */ | |||
1499 | homedir = pwp->pw_dir; | |||
1500 | ||||
1501 | /* get the last char of the shell in case we need it for '-U' or '-Z' */ | |||
1502 | shell_last_char = pwp->pw_shell+strlen(pwp->pw_shell) - 1; | |||
1503 | ||||
1504 | if ((masterfd = open(_PATH_MASTERPASSWD"/etc/master.passwd", O_RDONLY0x0000)) == -1) { | |||
1505 | err(EXIT_FAILURE1, "can't open `%s'", _PATH_MASTERPASSWD"/etc/master.passwd"); | |||
1506 | } | |||
1507 | if (flock(masterfd, LOCK_EX0x02 | LOCK_NB0x04) == -1) { | |||
1508 | err(EXIT_FAILURE1, "can't lock `%s'", _PATH_MASTERPASSWD"/etc/master.passwd"); | |||
1509 | } | |||
1510 | pw_init(); | |||
1511 | if ((ptmpfd = pw_lock(WAITSECS10)) == -1) { | |||
1512 | int saved_errno = errno(*__errno()); | |||
1513 | close(masterfd); | |||
1514 | errc(EXIT_FAILURE1, saved_errno, "can't obtain pw_lock"); | |||
1515 | } | |||
1516 | if ((master = fdopen(masterfd, "r")) == NULL((void *)0)) { | |||
1517 | int saved_errno = errno(*__errno()); | |||
1518 | close(masterfd); | |||
1519 | close(ptmpfd); | |||
1520 | pw_abort(); | |||
1521 | errc(EXIT_FAILURE1, saved_errno, "can't fdopen fd for %s", | |||
1522 | _PATH_MASTERPASSWD"/etc/master.passwd"); | |||
1523 | } | |||
1524 | if (up != NULL((void *)0)) { | |||
1525 | if (up->u_flags & F_USERNAME) { | |||
1526 | /* if changing name, check new name isn't already in use */ | |||
1527 | if (strcmp(login_name, newlogin) != 0 && | |||
1528 | user_exists(newlogin)) { | |||
1529 | close(ptmpfd); | |||
1530 | pw_abort(); | |||
1531 | errx(EXIT_FAILURE1, "already a `%s' user", newlogin); | |||
1532 | } | |||
1533 | pwp->pw_name = newlogin; | |||
1534 | ||||
1535 | /* | |||
1536 | * Provide a new directory name in case the | |||
1537 | * home directory is to be moved. | |||
1538 | */ | |||
1539 | if (up->u_flags & F_MKDIR) { | |||
1540 | (void) snprintf(newdir, sizeof(newdir), | |||
1541 | "%s/%s", up->u_basedir, newlogin); | |||
1542 | pwp->pw_dir = newdir; | |||
1543 | } | |||
1544 | } | |||
1545 | if (up->u_flags & F_PASSWORD) { | |||
1546 | if (up->u_password != NULL((void *)0)) | |||
1547 | pwp->pw_passwd = up->u_password; | |||
1548 | } | |||
1549 | if (up->u_flags & F_ACCTLOCK) { | |||
1550 | /* lock the account */ | |||
1551 | if (*shell_last_char != *acctlock_str) { | |||
1552 | shell_tmp = malloc(strlen(pwp->pw_shell) + sizeof(acctlock_str)); | |||
1553 | if (shell_tmp == NULL((void *)0)) { | |||
1554 | close(ptmpfd); | |||
1555 | pw_abort(); | |||
1556 | errx(EXIT_FAILURE1, "account lock: cannot allocate memory"); | |||
1557 | } | |||
1558 | strlcpy(shell_tmp, pwp->pw_shell, sizeof(shell_len)); | |||
1559 | strlcat(shell_tmp, acctlock_str, sizeof(shell_len)); | |||
1560 | pwp->pw_shell = shell_tmp; | |||
1561 | } else { | |||
1562 | locked++; | |||
1563 | } | |||
1564 | /* lock the password */ | |||
1565 | if (strncmp(pwp->pw_passwd, pwlock_str, sizeof(pwlock_str)-1) != 0) { | |||
1566 | pw_tmp = malloc(strlen(pwp->pw_passwd) + sizeof(pwlock_str)); | |||
1567 | if (pw_tmp == NULL((void *)0)) { | |||
1568 | close(ptmpfd); | |||
1569 | pw_abort(); | |||
1570 | errx(EXIT_FAILURE1, "password lock: cannot allocate memory"); | |||
1571 | } | |||
1572 | strlcpy(pw_tmp, pwlock_str, sizeof(pw_len)); | |||
1573 | strlcat(pw_tmp, pwp->pw_passwd, sizeof(pw_len)); | |||
1574 | pwp->pw_passwd = pw_tmp; | |||
1575 | } else { | |||
1576 | locked++; | |||
1577 | } | |||
1578 | ||||
1579 | if (locked > 1) | |||
1580 | warnx("account `%s' is already locked", pwp->pw_name); | |||
1581 | } | |||
1582 | if (up->u_flags & F_ACCTUNLOCK) { | |||
1583 | /* unlock the password */ | |||
1584 | if (strcmp(pwp->pw_passwd, pwlock_str) != 0 && | |||
1585 | strcmp(pwp->pw_passwd, "*************") != 0) { | |||
1586 | if (strncmp(pwp->pw_passwd, pwlock_str, sizeof(pwlock_str)-1) == 0) { | |||
1587 | pwp->pw_passwd += sizeof(pwlock_str)-1; | |||
1588 | } else { | |||
1589 | unlocked++; | |||
1590 | } | |||
1591 | } else { | |||
1592 | warnx("account `%s' has no password: cannot fully unlock", pwp->pw_name); | |||
1593 | } | |||
1594 | /* unlock the account */ | |||
1595 | if (*shell_last_char == *acctlock_str) { | |||
1596 | shell_buf = strlen(pwp->pw_shell) + 2 - sizeof(acctlock_str); | |||
1597 | shell_tmp = malloc(shell_buf); | |||
1598 | if (shell_tmp == NULL((void *)0)) { | |||
1599 | close(ptmpfd); | |||
1600 | pw_abort(); | |||
1601 | errx(EXIT_FAILURE1, "unlock: cannot allocate memory"); | |||
1602 | } | |||
1603 | strlcpy(shell_tmp, pwp->pw_shell, shell_buf); | |||
1604 | pwp->pw_shell = shell_tmp; | |||
1605 | } else { | |||
1606 | unlocked++; | |||
1607 | } | |||
1608 | ||||
1609 | if (unlocked > 1) | |||
1610 | warnx("account `%s' is not locked", pwp->pw_name); | |||
1611 | } | |||
1612 | if (up->u_flags & F_UID) { | |||
1613 | /* check uid isn't already allocated */ | |||
1614 | if (!(up->u_flags & F_DUPUID) && | |||
1615 | uid_exists((uid_t)up->u_uid)) { | |||
1616 | close(ptmpfd); | |||
1617 | pw_abort(); | |||
1618 | errx(EXIT_FAILURE1, "uid %u is already in use", up->u_uid); | |||
1619 | } | |||
1620 | pwp->pw_uid = up->u_uid; | |||
1621 | } | |||
1622 | if (up->u_flags & F_GROUP) { | |||
1623 | /* if -g=uid was specified, check gid is unused */ | |||
1624 | if (strcmp(up->u_primgrp, "=uid") == 0) { | |||
1625 | if (gid_exists((gid_t)pwp->pw_uid)) { | |||
1626 | close(ptmpfd); | |||
1627 | pw_abort(); | |||
1628 | errx(EXIT_FAILURE1, "gid %u is already " | |||
1629 | "in use", pwp->pw_uid); | |||
1630 | } | |||
1631 | pwp->pw_gid = pwp->pw_uid; | |||
1632 | if (!creategid(newlogin, pwp->pw_gid, "")) { | |||
1633 | close(ptmpfd); | |||
1634 | pw_abort(); | |||
1635 | errx(EXIT_FAILURE1, "could not create " | |||
1636 | "group %s with gid %u", newlogin, | |||
1637 | pwp->pw_gid); | |||
1638 | } | |||
1639 | } else { | |||
1640 | if ((grp = find_group_info(up->u_primgrp)) == NULL((void *)0)) { | |||
1641 | close(ptmpfd); | |||
1642 | pw_abort(); | |||
1643 | errx(EXIT_FAILURE1, "group %s not found", | |||
1644 | up->u_primgrp); | |||
1645 | } | |||
1646 | pwp->pw_gid = grp->gr_gid; | |||
1647 | } | |||
1648 | } | |||
1649 | if (up->u_flags & F_INACTIVE) { | |||
1650 | if (!scantime(&pwp->pw_change, up->u_inactive)) { | |||
1651 | warnx("Warning: inactive time `%s' invalid, password expiry off", | |||
1652 | up->u_inactive); | |||
1653 | } | |||
1654 | } | |||
1655 | if (up->u_flags & F_EXPIRE) { | |||
1656 | if (!scantime(&pwp->pw_expire, up->u_expire)) { | |||
1657 | warnx("Warning: expire time `%s' invalid, account expiry off", | |||
1658 | up->u_expire); | |||
1659 | } | |||
1660 | } | |||
1661 | if (up->u_flags & F_COMMENT) | |||
1662 | pwp->pw_gecos = up->u_comment; | |||
1663 | if (up->u_flags & F_HOMEDIR) | |||
1664 | pwp->pw_dir = up->u_home; | |||
1665 | if (up->u_flags & F_SHELL) | |||
1666 | pwp->pw_shell = up->u_shell; | |||
1667 | if (up->u_flags & F_CLASS) { | |||
1668 | if (!valid_class(up->u_class)) { | |||
1669 | close(ptmpfd); | |||
1670 | pw_abort(); | |||
1671 | errx(EXIT_FAILURE1, | |||
1672 | "No such login class `%s'", up->u_class); | |||
1673 | } | |||
1674 | pwp->pw_class = up->u_class; | |||
1675 | } | |||
1676 | } | |||
1677 | loginc = strlen(login_name); | |||
1678 | while (fgets(buf, sizeof(buf), master) != NULL((void *)0)) { | |||
1679 | if ((colon = strchr(buf, ':')) == NULL((void *)0)) { | |||
1680 | warnx("Malformed entry `%s'. Skipping", buf); | |||
1681 | continue; | |||
1682 | } | |||
1683 | colonc = (size_t)(colon - buf); | |||
1684 | if (strncmp(login_name, buf, loginc) == 0 && loginc == colonc) { | |||
1685 | if (up != NULL((void *)0)) { | |||
1686 | if ((len = snprintf(buf, sizeof(buf), | |||
1687 | "%s:%s:%u:%u:%s:%lld:%lld:%s:%s:%s\n", | |||
1688 | newlogin, | |||
1689 | pwp->pw_passwd, | |||
1690 | pwp->pw_uid, | |||
1691 | pwp->pw_gid, | |||
1692 | pwp->pw_class, | |||
1693 | (long long)pwp->pw_change, | |||
1694 | (long long)pwp->pw_expire, | |||
1695 | pwp->pw_gecos, | |||
1696 | pwp->pw_dir, | |||
1697 | pwp->pw_shell)) >= sizeof(buf) || len < 0 || | |||
1698 | len + expand_len(pwp->pw_gecos, newlogin) | |||
1699 | >= 1023) { | |||
1700 | close(ptmpfd); | |||
1701 | pw_abort(); | |||
1702 | errx(EXIT_FAILURE1, "can't add `%s', " | |||
1703 | "line too long (%zu bytes)", buf, | |||
1704 | len + expand_len(pwp->pw_gecos, | |||
1705 | newlogin)); | |||
1706 | } | |||
1707 | if (write(ptmpfd, buf, len) != len) { | |||
1708 | int saved_errno = errno(*__errno()); | |||
1709 | close(ptmpfd); | |||
1710 | pw_abort(); | |||
1711 | errc(EXIT_FAILURE1, saved_errno, | |||
1712 | "can't add `%s'", buf); | |||
1713 | } | |||
1714 | } | |||
1715 | } else { | |||
1716 | len = strlen(buf); | |||
1717 | if ((cc = write(ptmpfd, buf, len)) != len) { | |||
1718 | int saved_errno = errno(*__errno()); | |||
1719 | close(masterfd); | |||
1720 | close(ptmpfd); | |||
1721 | pw_abort(); | |||
1722 | errc(EXIT_FAILURE1, saved_errno, | |||
1723 | "short write to /etc/ptmp (%lld not %lld chars)", | |||
1724 | (long long)cc, (long long)len); | |||
1725 | } | |||
1726 | } | |||
1727 | } | |||
1728 | if (up != NULL((void *)0)) { | |||
1729 | const char *mv_argv[] = { "mv", homedir, pwp->pw_dir, NULL((void *)0) }; | |||
1730 | if ((up->u_flags & F_MKDIR) && | |||
1731 | run(MV"/bin/mv", mv_argv) != 0) { | |||
1732 | int saved_errno = errno(*__errno()); | |||
1733 | close(ptmpfd); | |||
1734 | pw_abort(); | |||
1735 | errc(EXIT_FAILURE1, saved_errno, | |||
1736 | "can't move `%s' to `%s'", homedir, pwp->pw_dir); | |||
1737 | } | |||
1738 | if (up->u_flags & F_SETSECGROUP) { | |||
1739 | for (i = 0 ; i < up->u_groupc ; i++) { | |||
1740 | if (!group_exists(up->u_groupv[i])) { | |||
1741 | close(ptmpfd); | |||
1742 | pw_abort(); | |||
1743 | errx(EXIT_FAILURE1, | |||
1744 | "aborting, group `%s' does not exist", | |||
1745 | up->u_groupv[i]); | |||
1746 | } | |||
1747 | } | |||
1748 | if (!rm_user_from_groups(newlogin)) { | |||
1749 | close(ptmpfd); | |||
1750 | pw_abort(); | |||
1751 | errx(EXIT_FAILURE1, | |||
1752 | "can't reset groups for `%s'", newlogin); | |||
1753 | } | |||
1754 | } | |||
1755 | if (up->u_groupc > 0) { | |||
1756 | if (!append_group(newlogin, up->u_groupc, up->u_groupv)) { | |||
1757 | close(ptmpfd); | |||
1758 | pw_abort(); | |||
1759 | errx(EXIT_FAILURE1, "can't append `%s' to new groups", | |||
1760 | newlogin); | |||
1761 | } | |||
1762 | } | |||
1763 | } | |||
1764 | fclose(master); | |||
1765 | close(ptmpfd); | |||
1766 | free(pw_tmp); | |||
1767 | free(shell_tmp); | |||
1768 | if (up != NULL((void *)0) && strcmp(login_name, newlogin) == 0) | |||
1769 | rval = pw_mkdb(login_name, 0); | |||
1770 | else | |||
1771 | rval = pw_mkdb(NULL((void *)0), 0); | |||
1772 | if (rval == -1) { | |||
1773 | pw_abort(); | |||
1774 | err(EXIT_FAILURE1, "pw_mkdb failed"); | |||
1775 | } | |||
1776 | if (up == NULL((void *)0)) { | |||
1777 | syslog(LOG_INFO6, "user removed: name=%s", login_name); | |||
1778 | } else if (strcmp(login_name, newlogin) == 0) { | |||
1779 | syslog(LOG_INFO6, "user information modified: name=%s, uid=%u, gid=%u, home=%s, shell=%s", | |||
1780 | login_name, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, pwp->pw_shell); | |||
1781 | } else { | |||
1782 | syslog(LOG_INFO6, "user information modified: name=%s, new name=%s, uid=%u, gid=%u, home=%s, shell=%s", | |||
1783 | login_name, newlogin, pwp->pw_uid, pwp->pw_gid, pwp->pw_dir, pwp->pw_shell); | |||
1784 | } | |||
1785 | return 1; | |||
1786 | } | |||
1787 | ||||
1788 | /* print out usage message, and then exit */ | |||
1789 | void | |||
1790 | usermgmt_usage(const char *prog) | |||
1791 | { | |||
1792 | if (strcmp(prog, "useradd") == 0) { | |||
1793 | fprintf(stderr(&__sF[2]), "usage: %s -D [-b base-directory] " | |||
1794 | "[-e expiry-time] [-f inactive-time]\n" | |||
1795 | " [-g gid | name | =uid] [-k skel-directory] " | |||
1796 | "[-L login-class]\n" | |||
1797 | " [-r low..high] [-s shell]\n", prog); | |||
1798 | fprintf(stderr(&__sF[2]), " %s [-mov] [-b base-directory] " | |||
1799 | "[-c comment] [-d home-directory]\n" | |||
1800 | " [-e expiry-time] [-f inactive-time]\n" | |||
1801 | " [-G secondary-group[,group,...]] " | |||
1802 | "[-g gid | name | =uid]\n" | |||
1803 | " [-k skel-directory] [-L login-class] " | |||
1804 | "[-p password] [-r low..high]\n" | |||
1805 | " [-s shell] [-u uid] user\n", prog); | |||
1806 | } else if (strcmp(prog, "usermod") == 0) { | |||
1807 | fprintf(stderr(&__sF[2]), "usage: %s [-moUvZ] " | |||
1808 | "[-c comment] [-d home-directory] [-e expiry-time]\n" | |||
1809 | " [-f inactive-time] " | |||
1810 | "[-G secondary-group[,group,...]]\n" | |||
1811 | " [-g gid | name | =uid] [-L login-class] " | |||
1812 | "[-l new-login]\n" | |||
1813 | " [-p password] " | |||
1814 | "[-S secondary-group[,group,...]]\n" | |||
1815 | " [-s shell] [-u uid] user\n", | |||
1816 | prog); | |||
1817 | } else if (strcmp(prog, "userdel") == 0) { | |||
1818 | fprintf(stderr(&__sF[2]), "usage: %s -D [-p preserve-value]\n", | |||
1819 | prog); | |||
1820 | fprintf(stderr(&__sF[2]), " %s [-rv] [-p preserve-value] " | |||
1821 | "user\n", prog); | |||
1822 | } else if (strcmp(prog, "userinfo") == 0) { | |||
1823 | fprintf(stderr(&__sF[2]), "usage: %s [-e] user\n", prog); | |||
1824 | } else if (strcmp(prog, "groupadd") == 0) { | |||
1825 | fprintf(stderr(&__sF[2]), "usage: %s [-ov] [-g gid] group\n", | |||
1826 | prog); | |||
1827 | } else if (strcmp(prog, "groupdel") == 0) { | |||
1828 | fprintf(stderr(&__sF[2]), "usage: %s [-v] group\n", prog); | |||
1829 | } else if (strcmp(prog, "groupmod") == 0) { | |||
1830 | fprintf(stderr(&__sF[2]), "usage: %s [-ov] [-g gid] [-n newname] " | |||
1831 | "group\n", prog); | |||
1832 | } else if (strcmp(prog, "user") == 0 || strcmp(prog, "group") == 0) { | |||
1833 | fprintf(stderr(&__sF[2]), "usage: %s [add | del | mod" | |||
1834 | " | info" | |||
1835 | "] ...\n", | |||
1836 | prog); | |||
1837 | } else if (strcmp(prog, "groupinfo") == 0) { | |||
1838 | fprintf(stderr(&__sF[2]), "usage: %s [-e] group\n", prog); | |||
1839 | } else { | |||
1840 | fprintf(stderr(&__sF[2]), "This program must be called as {user,group}{add,del,mod,info},\n%s is not an understood name.\n", prog); | |||
1841 | } | |||
1842 | exit(EXIT_FAILURE1); | |||
1843 | } | |||
1844 | ||||
1845 | int | |||
1846 | useradd(int argc, char **argv) | |||
1847 | { | |||
1848 | user_t u; | |||
1849 | const char *errstr; | |||
1850 | int defaultfield; | |||
1851 | int bigD; | |||
1852 | int c; | |||
1853 | int i; | |||
1854 | ||||
1855 | memset(&u, 0, sizeof(u)); | |||
1856 | read_defaults(&u); | |||
1857 | u.u_uid = -1; | |||
1858 | defaultfield = bigD = 0; | |||
1859 | while ((c = getopt(argc, argv, "DG:L:b:c:d:e:f:g:k:mop:r:s:u:v")) != -1) { | |||
| ||||
1860 | switch(c) { | |||
1861 | case 'D': | |||
1862 | bigD = 1; | |||
1863 | break; | |||
1864 | case 'G': | |||
1865 | while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL((void *)0) && | |||
1866 | u.u_groupc < NGROUPS_MAX16 - 2) { | |||
1867 | if (u.u_groupv[u.u_groupc][0] != 0) { | |||
1868 | u.u_groupc++; | |||
1869 | } | |||
1870 | } | |||
1871 | if (optarg != NULL((void *)0)) { | |||
1872 | warnx("Truncated list of secondary groups to %d entries", NGROUPS_MAX16 - 2); | |||
1873 | } | |||
1874 | break; | |||
1875 | case 'b': | |||
1876 | defaultfield = 1; | |||
1877 | strsave(&u.u_basedir, optarg); | |||
1878 | break; | |||
1879 | case 'c': | |||
1880 | strsave(&u.u_comment, optarg); | |||
1881 | break; | |||
1882 | case 'd': | |||
1883 | strsave(&u.u_home, optarg); | |||
1884 | u.u_flags |= F_HOMEDIR; | |||
1885 | break; | |||
1886 | case 'e': | |||
1887 | defaultfield = 1; | |||
1888 | strsave(&u.u_expire, optarg); | |||
1889 | break; | |||
1890 | case 'f': | |||
1891 | defaultfield = 1; | |||
1892 | strsave(&u.u_inactive, optarg); | |||
1893 | break; | |||
1894 | case 'g': | |||
1895 | defaultfield = 1; | |||
1896 | strsave(&u.u_primgrp, optarg); | |||
1897 | break; | |||
1898 | case 'k': | |||
1899 | defaultfield = 1; | |||
1900 | strsave(&u.u_skeldir, optarg); | |||
1901 | break; | |||
1902 | case 'L': | |||
1903 | defaultfield = 1; | |||
1904 | strsave(&u.u_class, optarg); | |||
1905 | break; | |||
1906 | case 'm': | |||
1907 | u.u_flags |= F_MKDIR; | |||
1908 | break; | |||
1909 | case 'o': | |||
1910 | u.u_flags |= F_DUPUID; | |||
1911 | break; | |||
1912 | case 'p': | |||
1913 | strsave(&u.u_password, optarg); | |||
1914 | explicit_bzero(optarg, strlen(optarg)); | |||
1915 | break; | |||
1916 | case 'r': | |||
1917 | defaultfield = 1; | |||
1918 | if (!save_range(&u, optarg)) | |||
1919 | exit(EXIT_FAILURE1); | |||
1920 | break; | |||
1921 | case 's': | |||
1922 | defaultfield = 1; | |||
1923 | strsave(&u.u_shell, optarg); | |||
1924 | break; | |||
1925 | case 'u': | |||
1926 | u.u_uid = strtonum(optarg, -1, UID_MAX0xffffffffU, &errstr); | |||
1927 | if (errstr != NULL((void *)0)) { | |||
1928 | errx(EXIT_FAILURE1, "When using [-u uid], the uid must be numeric"); | |||
1929 | } | |||
1930 | break; | |||
1931 | case 'v': | |||
1932 | verbose = 1; | |||
1933 | break; | |||
1934 | default: | |||
1935 | usermgmt_usage("useradd"); | |||
1936 | } | |||
1937 | } | |||
1938 | ||||
1939 | if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", | |||
1940 | NULL((void *)0)) == -1) | |||
1941 | err(1, "pledge"); | |||
1942 | ||||
1943 | if (bigD
| |||
1944 | if (defaultfield
| |||
1945 | checkeuid(); | |||
1946 | return setdefaults(&u) ? EXIT_SUCCESS0 : EXIT_FAILURE1; | |||
1947 | } | |||
1948 | printf("group\t\t%s\n", u.u_primgrp); | |||
1949 | printf("base_dir\t%s\n", u.u_basedir); | |||
1950 | printf("skel_dir\t%s\n", u.u_skeldir); | |||
1951 | printf("shell\t\t%s\n", u.u_shell); | |||
1952 | printf("class\t\t%s\n", u.u_class); | |||
1953 | printf("inactive\t%s\n", (u.u_inactive == NULL((void *)0)) ? UNSET_INACTIVE"Null (unset)" : u.u_inactive); | |||
1954 | printf("expire\t\t%s\n", (u.u_expire == NULL((void *)0)) ? UNSET_EXPIRY"Null (unset)" : u.u_expire); | |||
1955 | for (i = 0 ; i < u.u_rc ; i++) { | |||
1956 | printf("range\t\t%u..%u\n", u.u_rv[i].r_from, u.u_rv[i].r_to); | |||
1957 | } | |||
1958 | return EXIT_SUCCESS0; | |||
| ||||
1959 | } | |||
1960 | argc -= optind; | |||
1961 | argv += optind; | |||
1962 | if (argc != 1) { | |||
1963 | usermgmt_usage("useradd"); | |||
1964 | } | |||
1965 | checkeuid(); | |||
1966 | openlog("useradd", LOG_PID0x01, LOG_USER(1<<3)); | |||
1967 | return adduser(*argv, &u) ? EXIT_SUCCESS0 : EXIT_FAILURE1; | |||
1968 | } | |||
1969 | ||||
1970 | int | |||
1971 | usermod(int argc, char **argv) | |||
1972 | { | |||
1973 | user_t u; | |||
1974 | char newuser[MaxUserNameLen + 1]; | |||
1975 | int c, have_new_user; | |||
1976 | const char *errstr; | |||
1977 | ||||
1978 | memset(&u, 0, sizeof(u)); | |||
1979 | memset(newuser, 0, sizeof(newuser)); | |||
1980 | read_defaults(&u); | |||
1981 | free(u.u_primgrp); | |||
1982 | u.u_primgrp = NULL((void *)0); | |||
1983 | have_new_user = 0; | |||
1984 | while ((c = getopt(argc, argv, "G:L:S:UZc:d:e:f:g:l:mop:s:u:v")) != -1) { | |||
1985 | switch(c) { | |||
1986 | case 'G': | |||
1987 | while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL((void *)0) && | |||
1988 | u.u_groupc < NGROUPS_MAX16 - 2) { | |||
1989 | if (u.u_groupv[u.u_groupc][0] != 0) { | |||
1990 | u.u_groupc++; | |||
1991 | } | |||
1992 | } | |||
1993 | if (optarg != NULL((void *)0)) { | |||
1994 | warnx("Truncated list of secondary groups to %d entries", NGROUPS_MAX16 - 2); | |||
1995 | } | |||
1996 | u.u_flags |= F_SECGROUP; | |||
1997 | break; | |||
1998 | case 'S': | |||
1999 | while ((u.u_groupv[u.u_groupc] = strsep(&optarg, ",")) != NULL((void *)0) && | |||
2000 | u.u_groupc < NGROUPS_MAX16 - 2) { | |||
2001 | if (u.u_groupv[u.u_groupc][0] != 0) { | |||
2002 | u.u_groupc++; | |||
2003 | } | |||
2004 | } | |||
2005 | if (optarg != NULL((void *)0)) { | |||
2006 | warnx("Truncated list of secondary groups to %d entries", NGROUPS_MAX16 - 2); | |||
2007 | } | |||
2008 | u.u_flags |= F_SETSECGROUP; | |||
2009 | break; | |||
2010 | case 'U': | |||
2011 | u.u_flags |= F_ACCTUNLOCK; | |||
2012 | break; | |||
2013 | case 'Z': | |||
2014 | u.u_flags |= F_ACCTLOCK; | |||
2015 | break; | |||
2016 | case 'c': | |||
2017 | strsave(&u.u_comment, optarg); | |||
2018 | u.u_flags |= F_COMMENT; | |||
2019 | break; | |||
2020 | case 'd': | |||
2021 | strsave(&u.u_home, optarg); | |||
2022 | u.u_flags |= F_HOMEDIR; | |||
2023 | break; | |||
2024 | case 'e': | |||
2025 | strsave(&u.u_expire, optarg); | |||
2026 | u.u_flags |= F_EXPIRE; | |||
2027 | break; | |||
2028 | case 'f': | |||
2029 | strsave(&u.u_inactive, optarg); | |||
2030 | u.u_flags |= F_INACTIVE; | |||
2031 | break; | |||
2032 | case 'g': | |||
2033 | strsave(&u.u_primgrp, optarg); | |||
2034 | u.u_flags |= F_GROUP; | |||
2035 | break; | |||
2036 | case 'l': | |||
2037 | if (strlcpy(newuser, optarg, sizeof(newuser)) >= | |||
2038 | sizeof(newuser)) | |||
2039 | errx(EXIT_FAILURE1, "username `%s' too long", | |||
2040 | optarg); | |||
2041 | have_new_user = 1; | |||
2042 | u.u_flags |= F_USERNAME; | |||
2043 | break; | |||
2044 | case 'L': | |||
2045 | strsave(&u.u_class, optarg); | |||
2046 | u.u_flags |= F_CLASS; | |||
2047 | break; | |||
2048 | case 'm': | |||
2049 | u.u_flags |= F_MKDIR; | |||
2050 | break; | |||
2051 | case 'o': | |||
2052 | u.u_flags |= F_DUPUID; | |||
2053 | break; | |||
2054 | case 'p': | |||
2055 | strsave(&u.u_password, optarg); | |||
2056 | explicit_bzero(optarg, strlen(optarg)); | |||
2057 | u.u_flags |= F_PASSWORD; | |||
2058 | break; | |||
2059 | case 's': | |||
2060 | strsave(&u.u_shell, optarg); | |||
2061 | u.u_flags |= F_SHELL; | |||
2062 | break; | |||
2063 | case 'u': | |||
2064 | u.u_uid = strtonum(optarg, -1, UID_MAX0xffffffffU, &errstr); | |||
2065 | u.u_flags |= F_UID; | |||
2066 | if (errstr != NULL((void *)0)) { | |||
2067 | errx(EXIT_FAILURE1, "When using [-u uid], the uid must be numeric"); | |||
2068 | } | |||
2069 | break; | |||
2070 | case 'v': | |||
2071 | verbose = 1; | |||
2072 | break; | |||
2073 | default: | |||
2074 | usermgmt_usage("usermod"); | |||
2075 | } | |||
2076 | } | |||
2077 | ||||
2078 | if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) && | |||
2079 | !(u.u_flags & F_USERNAME)) { | |||
2080 | warnx("option 'm' useless without 'd' or 'l' -- ignored"); | |||
2081 | u.u_flags &= ~F_MKDIR; | |||
2082 | } | |||
2083 | if ((u.u_flags & F_SECGROUP) && (u.u_flags & F_SETSECGROUP)) | |||
2084 | errx(EXIT_FAILURE1, "options 'G' and 'S' are mutually exclusive"); | |||
2085 | if ((u.u_flags & F_ACCTLOCK) && (u.u_flags & F_ACCTUNLOCK)) | |||
2086 | errx(EXIT_FAILURE1, "options 'U' and 'Z' are mutually exclusive"); | |||
2087 | if ((u.u_flags & F_PASSWORD) && (u.u_flags & (F_ACCTLOCK | F_ACCTUNLOCK))) | |||
2088 | errx(EXIT_FAILURE1, "options 'U' or 'Z' with 'p' are mutually exclusive"); | |||
2089 | argc -= optind; | |||
2090 | argv += optind; | |||
2091 | if (argc != 1) { | |||
2092 | usermgmt_usage("usermod"); | |||
2093 | } | |||
2094 | checkeuid(); | |||
2095 | openlog("usermod", LOG_PID0x01, LOG_USER(1<<3)); | |||
2096 | return moduser(*argv, (have_new_user) ? newuser : *argv, &u) ? | |||
2097 | EXIT_SUCCESS0 : EXIT_FAILURE1; | |||
2098 | } | |||
2099 | ||||
2100 | int | |||
2101 | userdel(int argc, char **argv) | |||
2102 | { | |||
2103 | struct passwd *pwp; | |||
2104 | user_t u; | |||
2105 | int defaultfield; | |||
2106 | int rmhome; | |||
2107 | int bigD; | |||
2108 | int c; | |||
2109 | ||||
2110 | memset(&u, 0, sizeof(u)); | |||
2111 | read_defaults(&u); | |||
2112 | defaultfield = bigD = rmhome = 0; | |||
2113 | while ((c = getopt(argc, argv, "Dp:rv")) != -1) { | |||
2114 | switch(c) { | |||
2115 | case 'D': | |||
2116 | bigD = 1; | |||
2117 | break; | |||
2118 | case 'p': | |||
2119 | defaultfield = 1; | |||
2120 | u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 : | |||
2121 | (strcmp(optarg, "yes") == 0) ? 1 : | |||
2122 | strtonum(optarg, INT_MIN(-0x7fffffff-1), INT_MAX0x7fffffff, NULL((void *)0)); | |||
2123 | break; | |||
2124 | case 'r': | |||
2125 | rmhome = 1; | |||
2126 | break; | |||
2127 | case 'v': | |||
2128 | verbose = 1; | |||
2129 | break; | |||
2130 | default: | |||
2131 | usermgmt_usage("userdel"); | |||
2132 | } | |||
2133 | } | |||
2134 | if (bigD) { | |||
2135 | if (defaultfield) { | |||
2136 | checkeuid(); | |||
2137 | return setdefaults(&u) ? EXIT_SUCCESS0 : EXIT_FAILURE1; | |||
2138 | } | |||
2139 | printf("preserve\t%s\n", (u.u_preserve) ? "true" : "false"); | |||
2140 | return EXIT_SUCCESS0; | |||
2141 | } | |||
2142 | argc -= optind; | |||
2143 | argv += optind; | |||
2144 | if (argc != 1) { | |||
2145 | usermgmt_usage("userdel"); | |||
2146 | } | |||
2147 | ||||
2148 | if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", | |||
2149 | NULL((void *)0)) == -1) | |||
2150 | err(1, "pledge"); | |||
2151 | ||||
2152 | checkeuid(); | |||
2153 | if ((pwp = getpwnam(*argv)) == NULL((void *)0)) { | |||
2154 | warnx("No such user `%s'", *argv); | |||
2155 | return EXIT_FAILURE1; | |||
2156 | } | |||
2157 | if (rmhome) | |||
2158 | (void)removehomedir(pwp->pw_name, pwp->pw_uid, pwp->pw_dir); | |||
2159 | if (u.u_preserve) { | |||
2160 | u.u_flags |= F_SHELL; | |||
2161 | strsave(&u.u_shell, NOLOGIN"/sbin/nologin"); | |||
2162 | strsave(&u.u_password, "*"); | |||
2163 | u.u_flags |= F_PASSWORD; | |||
2164 | openlog("userdel", LOG_PID0x01, LOG_USER(1<<3)); | |||
2165 | return moduser(*argv, *argv, &u) ? EXIT_SUCCESS0 : EXIT_FAILURE1; | |||
2166 | } | |||
2167 | if (!rm_user_from_groups(*argv)) { | |||
2168 | return 0; | |||
2169 | } | |||
2170 | openlog("userdel", LOG_PID0x01, LOG_USER(1<<3)); | |||
2171 | return moduser(*argv, *argv, NULL((void *)0)) ? EXIT_SUCCESS0 : EXIT_FAILURE1; | |||
2172 | } | |||
2173 | ||||
2174 | /* add a group */ | |||
2175 | int | |||
2176 | groupadd(int argc, char **argv) | |||
2177 | { | |||
2178 | int dupgid; | |||
2179 | int gid; | |||
2180 | int c; | |||
2181 | const char *errstr; | |||
2182 | ||||
2183 | gid = -1; | |||
2184 | dupgid = 0; | |||
2185 | while ((c = getopt(argc, argv, "g:ov")) != -1) { | |||
2186 | switch(c) { | |||
2187 | case 'g': | |||
2188 | gid = strtonum(optarg, -1, GID_MAX0xffffffffU, &errstr); | |||
2189 | if (errstr != NULL((void *)0)) { | |||
2190 | errx(EXIT_FAILURE1, "When using [-g gid], the gid must be numeric"); | |||
2191 | } | |||
2192 | break; | |||
2193 | case 'o': | |||
2194 | dupgid = 1; | |||
2195 | break; | |||
2196 | case 'v': | |||
2197 | verbose = 1; | |||
2198 | break; | |||
2199 | default: | |||
2200 | usermgmt_usage("groupadd"); | |||
2201 | } | |||
2202 | } | |||
2203 | argc -= optind; | |||
2204 | argv += optind; | |||
2205 | if (argc != 1) { | |||
2206 | usermgmt_usage("groupadd"); | |||
2207 | } | |||
2208 | ||||
2209 | if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL((void *)0)) == -1) | |||
2210 | err(1, "pledge"); | |||
2211 | ||||
2212 | checkeuid(); | |||
2213 | if (!valid_group(*argv)) { | |||
2214 | errx(EXIT_FAILURE1, "invalid group name `%s'", *argv); | |||
2215 | } | |||
2216 | if (gid < 0 && !getnextgid(&gid, LowGid, HighGid)) { | |||
2217 | errx(EXIT_FAILURE1, "can't add group: can't get next gid"); | |||
2218 | } | |||
2219 | if (!dupgid && gid_exists((gid_t)gid)) { | |||
2220 | errx(EXIT_FAILURE1, "can't add group: gid %d is a duplicate", gid); | |||
2221 | } | |||
2222 | openlog("groupadd", LOG_PID0x01, LOG_USER(1<<3)); | |||
2223 | if (!creategid(*argv, gid, "")) { | |||
2224 | errx(EXIT_FAILURE1, "can't add group: problems with %s file", | |||
2225 | _PATH_GROUP"/etc/group"); | |||
2226 | } | |||
2227 | return EXIT_SUCCESS0; | |||
2228 | } | |||
2229 | ||||
2230 | /* remove a group */ | |||
2231 | int | |||
2232 | groupdel(int argc, char **argv) | |||
2233 | { | |||
2234 | int c; | |||
2235 | ||||
2236 | while ((c = getopt(argc, argv, "v")) != -1) { | |||
2237 | switch(c) { | |||
2238 | case 'v': | |||
2239 | verbose = 1; | |||
2240 | break; | |||
2241 | default: | |||
2242 | usermgmt_usage("groupdel"); | |||
2243 | } | |||
2244 | } | |||
2245 | argc -= optind; | |||
2246 | argv += optind; | |||
2247 | if (argc != 1) { | |||
2248 | usermgmt_usage("groupdel"); | |||
2249 | } | |||
2250 | checkeuid(); | |||
2251 | openlog("groupdel", LOG_PID0x01, LOG_USER(1<<3)); | |||
2252 | if (!group_exists(*argv)) { | |||
2253 | warnx("No such group: `%s'", *argv); | |||
2254 | return EXIT_FAILURE1; | |||
2255 | } | |||
2256 | ||||
2257 | if (pledge("stdio rpath wpath cpath fattr flock", NULL((void *)0)) == -1) | |||
2258 | err(1, "pledge"); | |||
2259 | ||||
2260 | if (!modify_gid(*argv, NULL((void *)0))) { | |||
2261 | err(EXIT_FAILURE1, "can't change %s file", _PATH_GROUP"/etc/group"); | |||
2262 | } | |||
2263 | return EXIT_SUCCESS0; | |||
2264 | } | |||
2265 | ||||
2266 | /* modify a group */ | |||
2267 | int | |||
2268 | groupmod(int argc, char **argv) | |||
2269 | { | |||
2270 | struct group *grp; | |||
2271 | const char *errstr; | |||
2272 | char buf[LINE_MAX2048]; | |||
2273 | char *newname; | |||
2274 | char **cpp; | |||
2275 | int dupgid; | |||
2276 | int gid; | |||
2277 | int cc; | |||
2278 | int c; | |||
2279 | ||||
2280 | gid = -1; | |||
2281 | dupgid = 0; | |||
2282 | newname = NULL((void *)0); | |||
2283 | while ((c = getopt(argc, argv, "g:n:ov")) != -1) { | |||
2284 | switch(c) { | |||
2285 | case 'g': | |||
2286 | gid = strtonum(optarg, -1, GID_MAX0xffffffffU, &errstr); | |||
2287 | if (errstr != NULL((void *)0)) { | |||
2288 | errx(EXIT_FAILURE1, "When using [-g gid], the gid must be numeric"); | |||
2289 | } | |||
2290 | break; | |||
2291 | case 'o': | |||
2292 | dupgid = 1; | |||
2293 | break; | |||
2294 | case 'n': | |||
2295 | strsave(&newname, optarg); | |||
2296 | break; | |||
2297 | case 'v': | |||
2298 | verbose = 1; | |||
2299 | break; | |||
2300 | default: | |||
2301 | usermgmt_usage("groupmod"); | |||
2302 | } | |||
2303 | } | |||
2304 | argc -= optind; | |||
2305 | argv += optind; | |||
2306 | if (argc != 1) { | |||
2307 | usermgmt_usage("groupmod"); | |||
2308 | } | |||
2309 | checkeuid(); | |||
2310 | if (gid < 0 && newname == NULL((void *)0)) { | |||
2311 | errx(EXIT_FAILURE1, "Nothing to change"); | |||
2312 | } | |||
2313 | if (dupgid && gid < 0) { | |||
2314 | errx(EXIT_FAILURE1, "Duplicate which gid?"); | |||
2315 | } | |||
2316 | if ((grp = getgrnam(*argv)) == NULL((void *)0)) { | |||
2317 | errx(EXIT_FAILURE1, "can't find group `%s' to modify", *argv); | |||
2318 | } | |||
2319 | ||||
2320 | if (pledge("stdio rpath wpath cpath fattr flock", NULL((void *)0)) == -1) | |||
2321 | err(1, "pledge"); | |||
2322 | ||||
2323 | if (!is_local(*argv, _PATH_GROUP"/etc/group")) { | |||
2324 | errx(EXIT_FAILURE1, "Group `%s' must be a local group", *argv); | |||
2325 | } | |||
2326 | if (newname != NULL((void *)0) && !valid_group(newname)) { | |||
2327 | errx(EXIT_FAILURE1, "invalid group name `%s'", newname); | |||
2328 | } | |||
2329 | if ((cc = snprintf(buf, sizeof(buf), "%s:%s:%u:", | |||
2330 | (newname) ? newname : grp->gr_name, grp->gr_passwd, | |||
2331 | (gid < 0) ? grp->gr_gid : gid)) >= sizeof(buf) || cc < 0) | |||
2332 | errx(EXIT_FAILURE1, "group `%s' entry too long", grp->gr_name); | |||
2333 | ||||
2334 | for (cpp = grp->gr_mem ; *cpp ; cpp++) { | |||
2335 | cc = strlcat(buf, *cpp, sizeof(buf)) + 1; | |||
2336 | if (cc >= sizeof(buf)) | |||
2337 | errx(EXIT_FAILURE1, "group `%s' entry too long", | |||
2338 | grp->gr_name); | |||
2339 | if (cpp[1] != NULL((void *)0)) { | |||
2340 | buf[cc - 1] = ','; | |||
2341 | buf[cc] = '\0'; | |||
2342 | } | |||
2343 | } | |||
2344 | cc = strlcat(buf, "\n", sizeof(buf)); | |||
2345 | if (cc >= sizeof(buf)) | |||
2346 | errx(EXIT_FAILURE1, "group `%s' entry too long", grp->gr_name); | |||
2347 | ||||
2348 | openlog("groupmod", LOG_PID0x01, LOG_USER(1<<3)); | |||
2349 | if (!modify_gid(*argv, buf)) | |||
2350 | err(EXIT_FAILURE1, "can't change %s file", _PATH_GROUP"/etc/group"); | |||
2351 | return EXIT_SUCCESS0; | |||
2352 | } | |||
2353 | ||||
2354 | /* display user information */ | |||
2355 | int | |||
2356 | userinfo(int argc, char **argv) | |||
2357 | { | |||
2358 | struct passwd *pwp; | |||
2359 | struct group *grp; | |||
2360 | char **cpp; | |||
2361 | int exists; | |||
2362 | int i; | |||
2363 | ||||
2364 | exists = 0; | |||
2365 | while ((i = getopt(argc, argv, "ev")) != -1) { | |||
2366 | switch(i) { | |||
2367 | case 'e': | |||
2368 | exists = 1; | |||
2369 | break; | |||
2370 | case 'v': | |||
2371 | verbose = 1; | |||
2372 | break; | |||
2373 | default: | |||
2374 | usermgmt_usage("userinfo"); | |||
2375 | } | |||
2376 | } | |||
2377 | argc -= optind; | |||
2378 | argv += optind; | |||
2379 | if (argc != 1) { | |||
2380 | usermgmt_usage("userinfo"); | |||
2381 | } | |||
2382 | ||||
2383 | if (pledge("stdio getpw", NULL((void *)0)) == -1) | |||
2384 | err(1, "pledge"); | |||
2385 | ||||
2386 | pwp = find_user_info(*argv); | |||
2387 | if (exists) { | |||
2388 | exit((pwp) ? EXIT_SUCCESS0 : EXIT_FAILURE1); | |||
2389 | } | |||
2390 | if (pwp == NULL((void *)0)) { | |||
2391 | errx(EXIT_FAILURE1, "can't find user `%s'", *argv); | |||
2392 | } | |||
2393 | printf("login\t%s\n", pwp->pw_name); | |||
2394 | printf("passwd\t%s\n", pwp->pw_passwd); | |||
2395 | printf("uid\t%u\n", pwp->pw_uid); | |||
2396 | if ((grp = getgrgid(pwp->pw_gid)) == NULL((void *)0)) | |||
2397 | printf("groups\t%u", pwp->pw_gid); | |||
2398 | else | |||
2399 | printf("groups\t%s", grp->gr_name); | |||
2400 | while ((grp = getgrent()) != NULL((void *)0)) { | |||
2401 | for (cpp = grp->gr_mem ; *cpp ; cpp++) { | |||
2402 | if (strcmp(*cpp, pwp->pw_name) == 0 && | |||
2403 | grp->gr_gid != pwp->pw_gid) | |||
2404 | printf(" %s", grp->gr_name); | |||
2405 | } | |||
2406 | } | |||
2407 | fputc('\n', stdout(&__sF[1])); | |||
2408 | printf("change\t%s", pwp->pw_change ? ctime(&pwp->pw_change) : "NEVER\n"); | |||
2409 | printf("class\t%s\n", pwp->pw_class); | |||
2410 | printf("gecos\t%s\n", pwp->pw_gecos); | |||
2411 | printf("dir\t%s\n", pwp->pw_dir); | |||
2412 | printf("shell\t%s\n", pwp->pw_shell); | |||
2413 | printf("expire\t%s", pwp->pw_expire ? ctime(&pwp->pw_expire) : "NEVER\n"); | |||
2414 | return EXIT_SUCCESS0; | |||
2415 | } | |||
2416 | ||||
2417 | /* display user information */ | |||
2418 | int | |||
2419 | groupinfo(int argc, char **argv) | |||
2420 | { | |||
2421 | struct group *grp; | |||
2422 | char **cpp; | |||
2423 | int exists; | |||
2424 | int i; | |||
2425 | ||||
2426 | exists = 0; | |||
2427 | while ((i = getopt(argc, argv, "ev")) != -1) { | |||
2428 | switch(i) { | |||
2429 | case 'e': | |||
2430 | exists = 1; | |||
2431 | break; | |||
2432 | case 'v': | |||
2433 | verbose = 1; | |||
2434 | break; | |||
2435 | default: | |||
2436 | usermgmt_usage("groupinfo"); | |||
2437 | } | |||
2438 | } | |||
2439 | argc -= optind; | |||
2440 | argv += optind; | |||
2441 | if (argc != 1) { | |||
2442 | usermgmt_usage("groupinfo"); | |||
2443 | } | |||
2444 | ||||
2445 | if (pledge("stdio getpw", NULL((void *)0)) == -1) | |||
2446 | err(1, "pledge"); | |||
2447 | ||||
2448 | grp = find_group_info(*argv); | |||
2449 | if (exists) { | |||
2450 | exit((grp) ? EXIT_SUCCESS0 : EXIT_FAILURE1); | |||
2451 | } | |||
2452 | if (grp == NULL((void *)0)) { | |||
2453 | errx(EXIT_FAILURE1, "can't find group `%s'", *argv); | |||
2454 | } | |||
2455 | printf("name\t%s\n", grp->gr_name); | |||
2456 | printf("passwd\t%s\n", grp->gr_passwd); | |||
2457 | printf("gid\t%u\n", grp->gr_gid); | |||
2458 | printf("members\t"); | |||
2459 | for (cpp = grp->gr_mem ; *cpp ; cpp++) { | |||
2460 | printf("%s ", *cpp); | |||
2461 | } | |||
2462 | fputc('\n', stdout(&__sF[1])); | |||
2463 | return EXIT_SUCCESS0; | |||
2464 | } |