]> git.saurik.com Git - apple/system_cmds.git/blame - pwd_mkdb.tproj/pwd_mkdb.c
system_cmds-336.23.tar.gz
[apple/system_cmds.git] / pwd_mkdb.tproj / pwd_mkdb.c
CommitLineData
c3a08f59
A
1/* $OpenBSD: pwd_mkdb.c,v 1.36 2003/06/08 21:14:55 millert Exp $ */
2
1815bff5
A
3/*-
4 * Copyright (c) 1991, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
c3a08f59
A
6 * Portions Copyright (c) 1994, Jason Downs. All rights reserved.
7 * Portions Copyright (c) 1998, Todd C. Miller. All rights reserved.
1815bff5
A
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
c3a08f59 17 * 3. Neither the name of the University nor the names of its contributors
1815bff5
A
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#ifndef lint
c3a08f59 35static const char copyright[] =
1815bff5
A
36"@(#) Copyright (c) 1991, 1993, 1994\n\
37 The Regents of the University of California. All rights reserved.\n";
38#endif /* not lint */
39
40#ifndef lint
c3a08f59
A
41#if 0
42static const char sccsid[] = "from: @(#)pwd_mkdb.c 8.5 (Berkeley) 4/20/94";
43#else
44static const char rcsid[] = "$OpenBSD: pwd_mkdb.c,v 1.36 2003/06/08 21:14:55 millert Exp $";
45#endif
1815bff5
A
46#endif /* not lint */
47
48#include <sys/param.h>
49#include <sys/stat.h>
50
51#include <db.h>
52#include <err.h>
53#include <errno.h>
54#include <fcntl.h>
c3a08f59 55#include <grp.h>
1815bff5
A
56#include <limits.h>
57#include <pwd.h>
58#include <signal.h>
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <unistd.h>
c3a08f59
A
63#include <util.h>
64#include <sys/param.h>
1815bff5
A
65
66#define INSECURE 1
67#define SECURE 2
68#define PERM_INSECURE (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)
69#define PERM_SECURE (S_IRUSR|S_IWUSR)
70
c3a08f59
A
71#define FILE_SECURE 0x01
72#define FILE_INSECURE 0x02
73#define FILE_ORIG 0x04
74
75#define SHADOW_GROUP "wheel"
76
1815bff5
A
77HASHINFO openinfo = {
78 4096, /* bsize */
79 32, /* ffactor */
80 256, /* nelem */
81 2048 * 1024, /* cachesize */
82 NULL, /* hash() */
83 0 /* lorder */
84};
85
1815bff5 86static char *pname; /* password file name */
c3a08f59
A
87static char *basedir; /* dir holding master.passwd */
88static int clean; /* what to remove on cleanup */
89static int hasyp; /* are we running YP? */
90
91void cleanup(void);
92void error(char *);
93void errorx(char *);
94void cp(char *, char *, mode_t);
95void mv(char *, char *);
96int scan(FILE *, struct passwd *, int *);
97void usage(void);
98char *changedir(char *path, char *dir);
99void db_store(FILE *, FILE *, DB *, DB *,struct passwd *, int, char *, uid_t);
1815bff5
A
100
101int
c3a08f59 102main(int argc, char **argv)
1815bff5
A
103{
104 DB *dp, *edp;
105 DBT data, key;
c3a08f59
A
106 FILE *fp, *oldfp = NULL;
107 struct stat st;
108 struct passwd pwd;
109 struct group *grp;
1815bff5 110 sigset_t set;
c3a08f59
A
111 uid_t olduid;
112 gid_t shadow;
113 int ch, tfd, makeold, secureonly, flags, checkonly;
114 char *username, buf[MAX(MAXPATHLEN, LINE_MAX * 2)];
115
116 flags = checkonly = makeold = secureonly = 0;
117 username = NULL;
118 while ((ch = getopt(argc, argv, "cd:psu:v")) != -1)
119 switch (ch) {
120 case 'c': /* verify only */
121 checkonly = 1;
122 break;
123 case 'd':
124 basedir = optarg;
125 if (strlen(basedir) > MAXPATHLEN - 40)
126 errx(1, "basedir too long");
127 break;
1815bff5
A
128 case 'p': /* create V7 "file.orig" */
129 makeold = 1;
130 break;
c3a08f59
A
131 case 's': /* only update spwd.db */
132 secureonly = 1;
133 break;
134 case 'u': /* only update this record */
135 username = optarg;
136 if (strlen(username) > _PW_NAME_LEN)
137 errx(1, "username too long");
138 break;
1815bff5
A
139 case 'v': /* backward compatible */
140 break;
141 case '?':
142 default:
143 usage();
144 }
145 argc -= optind;
146 argv += optind;
147
c3a08f59
A
148 if (argc != 1 || (makeold && secureonly) ||
149 (username && (*username == '+' || *username == '-')))
1815bff5 150 usage();
c3a08f59
A
151
152 if ((grp = getgrnam(SHADOW_GROUP)) == NULL)
153 errx(1, "cannot find `%s' in the group database, aborting",
154 SHADOW_GROUP);
155 shadow = grp->gr_gid;
1815bff5
A
156
157 /*
158 * This could be changed to allow the user to interrupt.
159 * Probably not worth the effort.
160 */
161 sigemptyset(&set);
162 sigaddset(&set, SIGTSTP);
163 sigaddset(&set, SIGHUP);
164 sigaddset(&set, SIGINT);
165 sigaddset(&set, SIGQUIT);
166 sigaddset(&set, SIGTERM);
167 (void)sigprocmask(SIG_BLOCK, &set, (sigset_t *)NULL);
168
169 /* We don't care what the user wants. */
170 (void)umask(0);
171
c3a08f59
A
172 if (**argv != '/' && basedir == NULL)
173 errx(1, "%s must be specified as an absolute path", *argv);
174
175 if ((pname = strdup(changedir(*argv, basedir))) == NULL)
176 err(1, NULL);
1815bff5
A
177 /* Open the original password file */
178 if (!(fp = fopen(pname, "r")))
179 error(pname);
180
c3a08f59
A
181 /* Check only if password database is valid */
182 if (checkonly) {
183 u_int cnt;
184
185 for (cnt = 1; scan(fp, &pwd, &flags); ++cnt)
186 ;
187 exit(0);
188 }
189
190 if (fstat(fileno(fp), &st) == -1)
191 error(pname);
192
193 /* Tweak openinfo values for large passwd files. */
194 if (st.st_size > (off_t)100*1024)
195 openinfo.cachesize = MIN(st.st_size * 20, (off_t)12*1024*1024);
196 if (st.st_size / 128 > openinfo.nelem)
197 openinfo.nelem = st.st_size / 128;
198
199 /* If only updating a single record, stash the old uid */
200 if (username) {
201 dp = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
202 if (dp == NULL)
203 error(_PATH_MP_DB);
204 buf[0] = _PW_KEYBYNAME;
205 strlcpy(buf + 1, username, sizeof(buf) - 1);
206 key.data = (u_char *)buf;
207 key.size = strlen(buf + 1) + 1;
208 if ((dp->get)(dp, &key, &data, 0) == 0) {
209 char *p = (char *)data.data;
210 /* Skip to uid field */
211 while (*p++ != '\0')
212 ;
213 while (*p++ != '\0')
214 ;
215 memcpy(&olduid, p, sizeof(olduid));
216 } else
217 olduid = UID_MAX;
218 (dp->close)(dp);
219 }
220
221 /* Open the temporary encrypted password database. */
222 (void)snprintf(buf, sizeof(buf), "%s.tmp",
223 changedir(_PATH_SMP_DB, basedir));
224 if (username) {
225 cp(changedir(_PATH_SMP_DB, basedir), buf, PERM_SECURE);
226 edp = dbopen(buf,
227 O_RDWR, PERM_SECURE, DB_HASH, &openinfo);
228 } else {
229 edp = dbopen(buf,
230 O_RDWR|O_CREAT|O_EXCL, PERM_SECURE, DB_HASH, &openinfo);
231 }
232 if (!edp)
1815bff5 233 error(buf);
c3a08f59
A
234 if (fchown(edp->fd(edp), (uid_t)-1, shadow) != 0)
235 warn("%s: unable to set group to %s", _PATH_SMP_DB,
236 SHADOW_GROUP);
237 else if (fchmod(edp->fd(edp), PERM_SECURE|S_IRGRP) != 0)
238 warn("%s: unable to make group readable", _PATH_SMP_DB);
239 clean |= FILE_SECURE;
240
241 /* Open the temporary insecure password database. */
242 if (!secureonly) {
243 (void)snprintf(buf, sizeof(buf), "%s.tmp",
244 changedir(_PATH_MP_DB, basedir));
245 if (username) {
246 cp(changedir(_PATH_MP_DB, basedir), buf, PERM_INSECURE);
247 dp = dbopen(buf, O_RDWR, PERM_INSECURE, DB_HASH,
248 &openinfo);
249 } else {
250 dp = dbopen(buf, O_RDWR|O_CREAT|O_EXCL, PERM_INSECURE,
251 DB_HASH, &openinfo);
252 }
253 if (dp == NULL)
254 error(buf);
255 clean |= FILE_INSECURE;
256 } else
257 dp = NULL;
1815bff5
A
258
259 /*
260 * Open file for old password file. Minor trickiness -- don't want to
261 * chance the file already existing, since someone (stupidly) might
262 * still be using this for permission checking. So, open it first and
263 * fdopen the resulting fd. The resulting file should be readable by
264 * everyone.
265 */
266 if (makeold) {
267 (void)snprintf(buf, sizeof(buf), "%s.orig", pname);
268 if ((tfd = open(buf,
269 O_WRONLY|O_CREAT|O_EXCL, PERM_INSECURE)) < 0)
270 error(buf);
271 if ((oldfp = fdopen(tfd, "w")) == NULL)
272 error(buf);
c3a08f59 273 clean |= FILE_ORIG;
1815bff5
A
274 }
275
276 /*
277 * The databases actually contain three copies of the original data.
278 * Each password file entry is converted into a rough approximation
279 * of a ``struct passwd'', with the strings placed inline. This
280 * object is then stored as the data for three separate keys. The
281 * first key * is the pw_name field prepended by the _PW_KEYBYNAME
282 * character. The second key is the pw_uid field prepended by the
283 * _PW_KEYBYUID character. The third key is the line number in the
284 * original file prepended by the _PW_KEYBYNUM character. (The special
285 * characters are prepended to ensure that the keys do not collide.)
c3a08f59
A
286 *
287 * If we see something go by that looks like YP, we save a special
288 * pointer record, which if YP is enabled in the C lib, will speed
289 * things up.
1815bff5 290 */
1815bff5 291
c3a08f59
A
292 /*
293 * Write the .db files.
294 * We do this three times, one per key type (for getpw{nam,uid,ent}).
295 * The first time through we also check for YP, issue warnings
296 * and save the V7 format passwd file if necessary.
297 */
298 db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYNAME, username, olduid);
299 db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYUID, username, olduid);
300 db_store(fp, oldfp, edp, dp, &pwd, _PW_KEYBYNUM, username, olduid);
1815bff5 301
c3a08f59
A
302 /* Store YP token, if needed. */
303 if (hasyp && !username) {
304 key.data = (u_char *)_PW_YPTOKEN;
305 key.size = strlen(_PW_YPTOKEN);
306 data.data = (u_char *)NULL;
307 data.size = 0;
1815bff5 308
1815bff5
A
309 if ((edp->put)(edp, &key, &data, R_NOOVERWRITE) == -1)
310 error("put");
311
c3a08f59 312 if (dp && (dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1)
1815bff5
A
313 error("put");
314 }
315
c3a08f59
A
316 if ((edp->close)(edp))
317 error("close edp");
318 if (dp && (dp->close)(dp))
319 error("close dp");
320 if (makeold) {
321 if (fclose(oldfp) == EOF)
322 error("close old");
323 }
1815bff5
A
324
325 /* Set master.passwd permissions, in case caller forgot. */
326 (void)fchmod(fileno(fp), S_IRUSR|S_IWUSR);
c3a08f59
A
327 if (fclose(fp) != 0)
328 error("fclose");
1815bff5
A
329
330 /* Install as the real password files. */
c3a08f59
A
331 if (!secureonly) {
332 (void)snprintf(buf, sizeof(buf), "%s.tmp",
333 changedir(_PATH_MP_DB, basedir));
334 mv(buf, changedir(_PATH_MP_DB, basedir));
335 }
336 (void)snprintf(buf, sizeof(buf), "%s.tmp",
337 changedir(_PATH_SMP_DB, basedir));
338 mv(buf, changedir(_PATH_SMP_DB, basedir));
1815bff5
A
339 if (makeold) {
340 (void)snprintf(buf, sizeof(buf), "%s.orig", pname);
c3a08f59 341 mv(buf, changedir(_PATH_PASSWD, basedir));
1815bff5 342 }
c3a08f59 343
1815bff5
A
344 /*
345 * Move the master password LAST -- chpass(1), passwd(1) and vipw(8)
346 * all use flock(2) on it to block other incarnations of themselves.
347 * The rename means that everything is unlocked, as the original file
348 * can no longer be accessed.
349 */
c3a08f59 350 mv(pname, changedir(_PATH_MASTERPASSWD, basedir));
1815bff5
A
351 exit(0);
352}
353
354int
c3a08f59 355scan(FILE *fp, struct passwd *pw, int *flags)
1815bff5
A
356{
357 static int lcnt;
358 static char line[LINE_MAX];
359 char *p;
360
c3a08f59 361 if (fgets(line, sizeof(line), fp) == NULL)
1815bff5 362 return (0);
1815bff5
A
363 ++lcnt;
364 /*
365 * ``... if I swallow anything evil, put your fingers down my
366 * throat...''
367 * -- The Who
368 */
c3a08f59
A
369 p = line;
370 if (*p != '\0' && *(p += strlen(line) - 1) != '\n') {
1815bff5
A
371 warnx("line too long");
372 goto fmt;
1815bff5
A
373 }
374 *p = '\0';
c3a08f59
A
375 *flags = 0;
376 if (!pw_scan(line, pw, flags)) {
1815bff5
A
377 warnx("at line #%d", lcnt);
378fmt: errno = EFTYPE; /* XXX */
379 error(pname);
380 }
381
382 return (1);
383}
384
c3a08f59
A
385void
386cp(from, to, mode)
387 char *from, *to;
388 mode_t mode;
389{
390 static char buf[MAXBSIZE];
391 int from_fd, rcount, to_fd, wcount;
392
393 if ((from_fd = open(from, O_RDONLY, 0)) < 0)
394 error(from);
395 if ((to_fd = open(to, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0)
396 error(to);
397 while ((rcount = read(from_fd, buf, MAXBSIZE)) > 0) {
398 wcount = write(to_fd, buf, rcount);
399 if (rcount != wcount || wcount == -1) {
400 int sverrno = errno;
401
402 (void)snprintf(buf, sizeof(buf), "%s to %s", from, to);
403 errno = sverrno;
404 error(buf);
405 }
406 }
407 if (rcount < 0) {
408 int sverrno = errno;
409
410 (void)snprintf(buf, sizeof(buf), "%s to %s", from, to);
411 errno = sverrno;
412 error(buf);
413 }
414}
415
1815bff5
A
416void
417mv(from, to)
418 char *from, *to;
419{
c3a08f59 420 char buf[MAXPATHLEN * 2];
1815bff5
A
421
422 if (rename(from, to)) {
423 int sverrno = errno;
c3a08f59 424
1815bff5
A
425 (void)snprintf(buf, sizeof(buf), "%s to %s", from, to);
426 errno = sverrno;
427 error(buf);
428 }
429}
430
431void
432error(name)
433 char *name;
434{
435
c3a08f59
A
436 warn("%s", name);
437 cleanup();
438 exit(1);
439}
440
441void
442errorx(name)
443 char *name;
444{
445
446 warnx("%s", name);
1815bff5
A
447 cleanup();
448 exit(1);
449}
450
451void
452cleanup()
453{
454 char buf[MAXPATHLEN];
455
c3a08f59 456 if (clean & FILE_ORIG) {
1815bff5
A
457 (void)snprintf(buf, sizeof(buf), "%s.orig", pname);
458 (void)unlink(buf);
c3a08f59
A
459 }
460 if (clean & FILE_SECURE) {
461 (void)snprintf(buf, sizeof(buf), "%s.tmp",
462 changedir(_PATH_SMP_DB, basedir));
1815bff5 463 (void)unlink(buf);
c3a08f59
A
464 }
465 if (clean & FILE_INSECURE) {
466 (void)snprintf(buf, sizeof(buf), "%s.tmp",
467 changedir(_PATH_MP_DB, basedir));
1815bff5
A
468 (void)unlink(buf);
469 }
470}
471
472void
c3a08f59 473usage(void)
1815bff5
A
474{
475
c3a08f59
A
476 (void)fprintf(stderr,
477 "usage: pwd_mkdb [-c] [-p | -s] [-d basedir] [-u username] file\n");
1815bff5
A
478 exit(1);
479}
c3a08f59
A
480
481char *
482changedir(char *path, char *dir)
483{
484 static char fixed[MAXPATHLEN];
485 char *p;
486
487 if (!dir)
488 return (path);
489
490 if ((p = strrchr(path, '/')) != NULL)
491 path = p + 1;
492 snprintf(fixed, sizeof(fixed), "%s/%s", dir, path);
493 return (fixed);
494}
495
496void
497db_store(FILE *fp, FILE *oldfp, DB *edp, DB *dp, struct passwd *pw,
498 int keytype, char *username, uid_t olduid)
499{
500 int flags = 0;
501 int dbmode, found = 0;
502 u_int cnt;
503 char *p, *t, buf[LINE_MAX * 2], tbuf[1024];
504 DBT data, key;
505 size_t len;
506 static int firsttime = 1;
507
508 /* If given a username just add that record to the existing db. */
509 dbmode = username ? 0 : R_NOOVERWRITE;
510
511 rewind(fp);
512 data.data = (u_char *)buf;
513 key.data = (u_char *)tbuf;
514 for (cnt = 1; scan(fp, pw, &flags); ++cnt) {
515
83f6dbe8
A
516#ifdef __APPLE__
517 if (pw->pw_name == NULL)
518 continue;
519#endif
520
c3a08f59
A
521 if (firsttime) {
522 /* Look like YP? */
523 if ((pw->pw_name[0] == '+') || (pw->pw_name[0] == '-'))
524 hasyp++;
525
526 /* Warn about potentially unsafe uid/gid overrides. */
527 if (pw->pw_name[0] == '+') {
528 if (!(flags & _PASSWORD_NOUID) && !pw->pw_uid)
529 warnx("line %d: superuser override in "
530 "YP inclusion", cnt);
531 if (!(flags & _PASSWORD_NOGID) && !pw->pw_gid)
532 warnx("line %d: wheel override in "
533 "YP inclusion", cnt);
534 }
535
536 /* Create V7 format password file entry. */
537 if (oldfp != NULL)
538 if (fprintf(oldfp, "%s:*:%u:%u:%s:%s:%s\n",
539 pw->pw_name, pw->pw_uid, pw->pw_gid,
540 pw->pw_gecos, pw->pw_dir, pw->pw_shell)
541 == EOF)
542 error("write old");
543 }
544
545 /* Are we updating a specific record? */
546 if (username) {
547 if (strcmp(username, pw->pw_name) != 0)
548 continue;
549 found = 1;
550 /* If the uid changed, remove the old record by uid. */
551 if (olduid != UID_MAX && olduid != pw->pw_uid) {
552 tbuf[0] = _PW_KEYBYUID;
553 memcpy(tbuf + 1, &olduid, sizeof(olduid));
554 key.size = sizeof(olduid) + 1;
555 (edp->del)(edp, &key, 0);
556 if (dp)
557 (dp->del)(dp, &key, 0);
558 }
559 /* XXX - should check to see if line number changed. */
560 }
561
562 /* Build the key. */
563 tbuf[0] = keytype;
564 switch (keytype) {
565 case _PW_KEYBYNUM:
566 memmove(tbuf + 1, &cnt, sizeof(cnt));
567 key.size = sizeof(cnt) + 1;
568 break;
569
570 case _PW_KEYBYNAME:
571 len = strlen(pw->pw_name);
572 memmove(tbuf + 1, pw->pw_name, len);
573 key.size = len + 1;
574 break;
575
576 case _PW_KEYBYUID:
577 memmove(tbuf + 1, &pw->pw_uid, sizeof(pw->pw_uid));
578 key.size = sizeof(pw->pw_uid) + 1;
579 break;
580 }
581
582#define COMPACT(e) t = e; while ((*p++ = *t++));
583 /* Create the secure record. */
584 p = buf;
585 COMPACT(pw->pw_name);
586 COMPACT(pw->pw_passwd);
587 memmove(p, &pw->pw_uid, sizeof(uid_t));
588 p += sizeof(uid_t);
589 memmove(p, &pw->pw_gid, sizeof(gid_t));
590 p += sizeof(gid_t);
591 memmove(p, &pw->pw_change, sizeof(time_t));
592 p += sizeof(time_t);
593 COMPACT(pw->pw_class);
594 COMPACT(pw->pw_gecos);
595 COMPACT(pw->pw_dir);
596 COMPACT(pw->pw_shell);
597 memmove(p, &pw->pw_expire, sizeof(time_t));
598 p += sizeof(time_t);
599 memmove(p, &flags, sizeof(int));
600 p += sizeof(int);
601 data.size = p - buf;
602
603 /* Write the secure record. */
604 if ((edp->put)(edp, &key, &data, dbmode) == -1)
605 error("put");
606
607 if (dp == NULL)
608 continue;
609
610 /* Star out password to make insecure record. */
611 p = buf + strlen(pw->pw_name) + 1; /* skip pw_name */
612 len = strlen(pw->pw_passwd);
613 memset(p, 0, len); /* zero pw_passwd */
614 t = p + len + 1; /* skip pw_passwd */
615 if (len != 0)
616 *p++ = '*';
617 *p++ = '\0';
618 memmove(p, t, data.size - (t - buf));
619 data.size -= len - 1;
620
621 /* Write the insecure record. */
622 if ((dp->put)(dp, &key, &data, dbmode) == -1)
623 error("put");
624 }
625 if (firsttime) {
626 firsttime = 0;
627 if (username && !found && olduid != UID_MAX)
628 errorx("can't find user in master.passwd");
629 }
630}