pw_util.c revision 79452 
1/*-
2 * Copyright (c) 1990, 1993, 1994
3 *	The Regents of the University of California.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 *    must display the following acknowledgement:
15 *	This product includes software developed by the University of
16 *	California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#ifndef lint
35#if 0
36static const char sccsid[] = "@(#)pw_util.c	8.3 (Berkeley) 4/2/94";
37#endif
38static const char rcsid[] =
39  "$FreeBSD: head/lib/libutil/pw_util.c 79452 2001-07-09 09:24:06Z brian $";
40#endif /* not lint */
41
42/*
43 * This file is used by all the "password" programs; vipw(8), chpass(1),
44 * and passwd(1).
45 */
46
47#include <sys/param.h>
48#include <sys/errno.h>
49#include <sys/time.h>
50#include <sys/resource.h>
51#include <sys/stat.h>
52#include <sys/wait.h>
53
54#include <err.h>
55#include <fcntl.h>
56#include <paths.h>
57#include <pwd.h>
58#include <signal.h>
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <unistd.h>
63
64#include "pw_util.h"
65
66extern char *tempname;
67static pid_t editpid = -1;
68static int lockfd;
69char *mppath = _PATH_PWD;
70char *masterpasswd = _PATH_MASTERPASSWD;
71
72void
73pw_cont(sig)
74	int sig;
75{
76
77	if (editpid != -1)
78		kill(editpid, sig);
79}
80
81void
82pw_init()
83{
84	struct rlimit rlim;
85
86	/* Unlimited resource limits. */
87	rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
88	(void)setrlimit(RLIMIT_CPU, &rlim);
89	(void)setrlimit(RLIMIT_FSIZE, &rlim);
90	(void)setrlimit(RLIMIT_STACK, &rlim);
91	(void)setrlimit(RLIMIT_DATA, &rlim);
92	(void)setrlimit(RLIMIT_RSS, &rlim);
93
94	/* Don't drop core (not really necessary, but GP's). */
95	rlim.rlim_cur = rlim.rlim_max = 0;
96	(void)setrlimit(RLIMIT_CORE, &rlim);
97
98	/* Turn off signals. */
99	(void)signal(SIGALRM, SIG_IGN);
100	(void)signal(SIGHUP, SIG_IGN);
101	(void)signal(SIGINT, SIG_IGN);
102	(void)signal(SIGPIPE, SIG_IGN);
103	(void)signal(SIGQUIT, SIG_IGN);
104	(void)signal(SIGTERM, SIG_IGN);
105	(void)signal(SIGCONT, pw_cont);
106
107	/* Create with exact permissions. */
108	(void)umask(0);
109}
110
111int
112pw_lock()
113{
114	/*
115	 * If the master password file doesn't exist, the system is hosed.
116	 * Might as well try to build one.  Set the close-on-exec bit so
117	 * that users can't get at the encrypted passwords while editing.
118	 * Open should allow flock'ing the file; see 4.4BSD.	XXX
119	 */
120	for (;;) {
121		struct stat st;
122
123		lockfd = open(masterpasswd, O_RDONLY, 0);
124		if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1)
125			err(1, "%s", masterpasswd);
126		if (flock(lockfd, LOCK_EX|LOCK_NB))
127			errx(1, "the password db file is busy");
128
129		/*
130		 * If the password file was replaced while we were trying to
131		 * get the lock, our hardlink count will be 0 and we have to
132		 * close and retry.
133		 */
134		if (fstat(lockfd, &st) < 0)
135			errx(1, "fstat() failed");
136		if (st.st_nlink != 0)
137			break;
138		close(lockfd);
139		lockfd = -1;
140	}
141	return (lockfd);
142}
143
144int
145pw_tmp()
146{
147	static char path[MAXPATHLEN];
148	int fd;
149	char *p;
150
151	strncpy(path, masterpasswd, MAXPATHLEN - 1);
152	path[MAXPATHLEN] = '\0';
153
154	if ((p = strrchr(path, '/')))
155		++p;
156	else
157		p = path;
158	strcpy(p, "pw.XXXXXX");
159	if ((fd = mkstemp(path)) == -1)
160		err(1, "%s", path);
161	tempname = path;
162	return (fd);
163}
164
165int
166pw_mkdb(username)
167char *username;
168{
169	int pstat;
170	pid_t pid;
171
172	(void)fflush(stderr);
173	if (!(pid = fork())) {
174		if(!username) {
175			warnx("rebuilding the database...");
176			execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", "-d", mppath,
177			    tempname, (char *)NULL);
178		} else {
179			warnx("updating the database...");
180			execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", "-d", mppath,
181			    "-u", username, tempname, (char *)NULL);
182		}
183		pw_error(_PATH_PWD_MKDB, 1, 1);
184	}
185	pid = waitpid(pid, &pstat, 0);
186	if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0)
187		return (0);
188	warnx("done");
189	return (1);
190}
191
192void
193pw_edit(notsetuid)
194	int notsetuid;
195{
196	int pstat;
197	char *p, *editor;
198
199	if (!(editor = getenv("EDITOR")))
200		editor = _PATH_VI;
201	if ((p = strrchr(editor, '/')))
202		++p;
203	else
204		p = editor;
205
206	if (!(editpid = fork())) {
207		if (notsetuid) {
208			(void)setgid(getgid());
209			(void)setuid(getuid());
210		}
211		errno = 0;
212		execlp(editor, p, tempname, (char *)NULL);
213		_exit(errno);
214	}
215	for (;;) {
216		editpid = waitpid(editpid, (int *)&pstat, WUNTRACED);
217		errno = WEXITSTATUS(pstat);
218		if (editpid == -1)
219			pw_error(editor, 1, 1);
220		else if (WIFSTOPPED(pstat))
221			raise(WSTOPSIG(pstat));
222		else if (WIFEXITED(pstat) && errno == 0)
223			break;
224		else
225			pw_error(editor, 1, 1);
226	}
227	editpid = -1;
228}
229
230void
231pw_prompt()
232{
233	int c, first;
234
235	(void)printf("re-edit the password file? [y]: ");
236	(void)fflush(stdout);
237	first = c = getchar();
238	while (c != '\n' && c != EOF)
239		c = getchar();
240	if (first == 'n')
241		pw_error(NULL, 0, 0);
242}
243
244void
245pw_error(name, err, eval)
246	char *name;
247	int err, eval;
248{
249#ifdef YP
250	extern int _use_yp;
251#endif /* YP */
252	if (err) {
253		if (name != NULL)
254			warn("%s", name);
255		else
256			warn(NULL);
257	}
258#ifdef YP
259	if (_use_yp)
260		warnx("NIS information unchanged");
261	else
262#endif /* YP */
263	warnx("%s: unchanged", masterpasswd);
264	(void)unlink(tempname);
265	exit(eval);
266}
267