]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * chfn.c -- change your finger information | |
3 | * (c) 1994 by salvatore valente <svalente@athena.mit.edu> | |
4 | * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com> | |
5 | * | |
6 | * this program is free software. you can redistribute it and | |
7 | * modify it under the terms of the gnu general public license. | |
8 | * there is no warranty. | |
9 | * | |
10 | * $Author: aebr $ | |
11 | * $Revision: 1.18 $ | |
12 | * $Date: 1998/06/11 22:30:11 $ | |
13 | * | |
14 | * Updated Thu Oct 12 09:19:26 1995 by faith@cs.unc.edu with security | |
15 | * patches from Zefram <A.Main@dcs.warwick.ac.uk> | |
16 | * | |
17 | * Hacked by Peter Breitenlohner, peb@mppmu.mpg.de, | |
18 | * to remove trailing empty fields. Oct 5, 96. | |
19 | * | |
20 | * 1999-02-22 Arkadiusz MiĆkiewicz <misiek@pld.ORG.PL> | |
21 | * - added Native Language Support | |
22 | */ | |
23 | ||
24 | #include <ctype.h> | |
25 | #include <errno.h> | |
26 | #include <getopt.h> | |
27 | #include <pwd.h> | |
28 | #include <stdbool.h> | |
29 | #include <stdio.h> | |
30 | #include <stdlib.h> | |
31 | #include <string.h> | |
32 | #include <sys/types.h> | |
33 | #include <unistd.h> | |
34 | ||
35 | #include "c.h" | |
36 | #include "env.h" | |
37 | #include "closestream.h" | |
38 | #include "islocal.h" | |
39 | #include "nls.h" | |
40 | #include "setpwnam.h" | |
41 | #include "strutils.h" | |
42 | #include "xalloc.h" | |
43 | #include "logindefs.h" | |
44 | ||
45 | #include "ch-common.h" | |
46 | ||
47 | #ifdef HAVE_LIBSELINUX | |
48 | # include <selinux/selinux.h> | |
49 | # include "selinux_utils.h" | |
50 | #endif | |
51 | ||
52 | #ifdef HAVE_LIBUSER | |
53 | # include <libuser/user.h> | |
54 | # include "libuser.h" | |
55 | #elif CHFN_CHSH_PASSWORD | |
56 | # include "auth.h" | |
57 | #endif | |
58 | ||
59 | #ifdef HAVE_LIBREADLINE | |
60 | # define _FUNCTION_DEF | |
61 | # include <readline/readline.h> | |
62 | #endif | |
63 | ||
64 | struct finfo { | |
65 | char *full_name; | |
66 | char *office; | |
67 | char *office_phone; | |
68 | char *home_phone; | |
69 | char *other; | |
70 | }; | |
71 | ||
72 | struct chfn_control { | |
73 | struct passwd *pw; | |
74 | char *username; | |
75 | /* "oldf" Contains the users original finger information. | |
76 | * "newf" Contains the changed finger information, and contains | |
77 | * NULL in fields that haven't been changed. | |
78 | * In the end, "newf" is folded into "oldf". */ | |
79 | struct finfo oldf, newf; | |
80 | unsigned int | |
81 | allow_fullname:1, /* The login.defs restriction */ | |
82 | allow_room:1, /* see: man login.defs(5) */ | |
83 | allow_work:1, /* and look for CHFN_RESTRICT */ | |
84 | allow_home:1, /* keyword for these four. */ | |
85 | changed:1, /* is change requested */ | |
86 | interactive:1; /* whether to prompt for fields or not */ | |
87 | }; | |
88 | ||
89 | /* we do not accept gecos field sizes longer than MAX_FIELD_SIZE */ | |
90 | #define MAX_FIELD_SIZE 256 | |
91 | ||
92 | static void __attribute__((__noreturn__)) usage(void) | |
93 | { | |
94 | FILE *fp = stdout; | |
95 | fputs(USAGE_HEADER, fp); | |
96 | fprintf(fp, _(" %s [options] [<username>]\n"), program_invocation_short_name); | |
97 | ||
98 | fputs(USAGE_SEPARATOR, fp); | |
99 | fputs(_("Change your finger information.\n"), fp); | |
100 | ||
101 | fputs(USAGE_OPTIONS, fp); | |
102 | fputs(_(" -f, --full-name <full-name> real name\n"), fp); | |
103 | fputs(_(" -o, --office <office> office number\n"), fp); | |
104 | fputs(_(" -p, --office-phone <phone> office phone number\n"), fp); | |
105 | fputs(_(" -h, --home-phone <phone> home phone number\n"), fp); | |
106 | fputs(USAGE_SEPARATOR, fp); | |
107 | printf( " -u, --help %s\n", USAGE_OPTSTR_HELP); | |
108 | printf( " -v, --version %s\n", USAGE_OPTSTR_VERSION); | |
109 | printf(USAGE_MAN_TAIL("chfn(1)")); | |
110 | exit(EXIT_SUCCESS); | |
111 | } | |
112 | ||
113 | /* | |
114 | * check_gecos_string () -- | |
115 | * check that the given gecos string is legal. if it's not legal, | |
116 | * output "msg" followed by a description of the problem, and return (-1). | |
117 | */ | |
118 | static int check_gecos_string(const char *msg, char *gecos) | |
119 | { | |
120 | const size_t len = strlen(gecos); | |
121 | ||
122 | if (MAX_FIELD_SIZE < len) { | |
123 | warnx(_("field %s is too long"), msg); | |
124 | return -1; | |
125 | } | |
126 | if (illegal_passwd_chars(gecos)) { | |
127 | warnx(_("%s: has illegal characters"), gecos); | |
128 | return -1; | |
129 | } | |
130 | return 0; | |
131 | } | |
132 | ||
133 | /* | |
134 | * parse_argv () -- | |
135 | * parse the command line arguments. | |
136 | * returns true if no information beyond the username was given. | |
137 | */ | |
138 | static void parse_argv(struct chfn_control *ctl, int argc, char **argv) | |
139 | { | |
140 | int index, c, status = 0; | |
141 | static const struct option long_options[] = { | |
142 | { "full-name", required_argument, NULL, 'f' }, | |
143 | { "office", required_argument, NULL, 'o' }, | |
144 | { "office-phone", required_argument, NULL, 'p' }, | |
145 | { "home-phone", required_argument, NULL, 'h' }, | |
146 | { "help", no_argument, NULL, 'u' }, | |
147 | { "version", no_argument, NULL, 'v' }, | |
148 | { NULL, 0, NULL, 0 }, | |
149 | }; | |
150 | ||
151 | while ((c = getopt_long(argc, argv, "f:r:p:h:o:uv", long_options, | |
152 | &index)) != -1) { | |
153 | switch (c) { | |
154 | case 'f': | |
155 | if (!ctl->allow_fullname) | |
156 | errx(EXIT_FAILURE, _("login.defs forbids setting %s"), _("Name")); | |
157 | ctl->newf.full_name = optarg; | |
158 | status += check_gecos_string(_("Name"), optarg); | |
159 | break; | |
160 | case 'o': | |
161 | if (!ctl->allow_room) | |
162 | errx(EXIT_FAILURE, _("login.defs forbids setting %s"), _("Office")); | |
163 | ctl->newf.office = optarg; | |
164 | status += check_gecos_string(_("Office"), optarg); | |
165 | break; | |
166 | case 'p': | |
167 | if (!ctl->allow_work) | |
168 | errx(EXIT_FAILURE, _("login.defs forbids setting %s"), _("Office Phone")); | |
169 | ctl->newf.office_phone = optarg; | |
170 | status += check_gecos_string(_("Office Phone"), optarg); | |
171 | break; | |
172 | case 'h': | |
173 | if (!ctl->allow_home) | |
174 | errx(EXIT_FAILURE, _("login.defs forbids setting %s"), _("Home Phone")); | |
175 | ctl->newf.home_phone = optarg; | |
176 | status += check_gecos_string(_("Home Phone"), optarg); | |
177 | break; | |
178 | case 'v': | |
179 | print_version(EXIT_SUCCESS); | |
180 | case 'u': | |
181 | usage(); | |
182 | default: | |
183 | errtryhelp(EXIT_FAILURE); | |
184 | } | |
185 | ctl->changed = 1; | |
186 | ctl->interactive = 0; | |
187 | } | |
188 | if (status != 0) | |
189 | exit(EXIT_FAILURE); | |
190 | /* done parsing arguments. check for a username. */ | |
191 | if (optind < argc) { | |
192 | if (optind + 1 < argc) { | |
193 | warnx(_("cannot handle multiple usernames")); | |
194 | errtryhelp(EXIT_FAILURE); | |
195 | } | |
196 | ctl->username = argv[optind]; | |
197 | } | |
198 | return; | |
199 | } | |
200 | ||
201 | /* | |
202 | * parse_passwd () -- | |
203 | * take a struct password and fill in the fields of the struct finfo. | |
204 | */ | |
205 | static void parse_passwd(struct chfn_control *ctl) | |
206 | { | |
207 | char *gecos; | |
208 | ||
209 | if (!ctl->pw) | |
210 | return; | |
211 | /* use pw_gecos - we take a copy since PAM destroys the original */ | |
212 | gecos = xstrdup(ctl->pw->pw_gecos); | |
213 | /* extract known fields */ | |
214 | ctl->oldf.full_name = strsep(&gecos, ","); | |
215 | ctl->oldf.office = strsep(&gecos, ","); | |
216 | ctl->oldf.office_phone = strsep(&gecos, ","); | |
217 | ctl->oldf.home_phone = strsep(&gecos, ","); | |
218 | /* extra fields contain site-specific information, and can | |
219 | * not be changed by this version of chfn. */ | |
220 | ctl->oldf.other = strsep(&gecos, ","); | |
221 | } | |
222 | ||
223 | /* | |
224 | * ask_new_field () -- | |
225 | * ask the user for a given field and check that the string is legal. | |
226 | */ | |
227 | static char *ask_new_field(struct chfn_control *ctl, const char *question, | |
228 | char *def_val) | |
229 | { | |
230 | int len; | |
231 | char *buf; | |
232 | #ifndef HAVE_LIBREADLINE | |
233 | size_t dummy = 0; | |
234 | #endif | |
235 | ||
236 | if (!def_val) | |
237 | def_val = ""; | |
238 | while (true) { | |
239 | printf("%s [%s]: ", question, def_val); | |
240 | __fpurge(stdin); | |
241 | #ifdef HAVE_LIBREADLINE | |
242 | rl_bind_key('\t', rl_insert); | |
243 | if ((buf = readline(NULL)) == NULL) | |
244 | #else | |
245 | if (getline(&buf, &dummy, stdin) < 0) | |
246 | #endif | |
247 | errx(EXIT_FAILURE, _("Aborted.")); | |
248 | /* remove white spaces from string end */ | |
249 | ltrim_whitespace((unsigned char *) buf); | |
250 | len = rtrim_whitespace((unsigned char *) buf); | |
251 | if (len == 0) { | |
252 | free(buf); | |
253 | return xstrdup(def_val); | |
254 | } | |
255 | if (!strcasecmp(buf, "none")) { | |
256 | free(buf); | |
257 | ctl->changed = 1; | |
258 | return xstrdup(""); | |
259 | } | |
260 | if (check_gecos_string(question, buf) >= 0) | |
261 | break; | |
262 | } | |
263 | ctl->changed = 1; | |
264 | return buf; | |
265 | } | |
266 | ||
267 | /* | |
268 | * get_login_defs() | |
269 | * find /etc/login.defs CHFN_RESTRICT and save restrictions to run time | |
270 | */ | |
271 | static void get_login_defs(struct chfn_control *ctl) | |
272 | { | |
273 | const char *s; | |
274 | size_t i; | |
275 | int broken = 0; | |
276 | ||
277 | /* real root does not have restrictions */ | |
278 | if (geteuid() == getuid() && getuid() == 0) { | |
279 | ctl->allow_fullname = ctl->allow_room = ctl->allow_work = ctl->allow_home = 1; | |
280 | return; | |
281 | } | |
282 | s = getlogindefs_str("CHFN_RESTRICT", ""); | |
283 | if (!strcmp(s, "yes")) { | |
284 | ctl->allow_room = ctl->allow_work = ctl->allow_home = 1; | |
285 | return; | |
286 | } | |
287 | if (!strcmp(s, "no")) { | |
288 | ctl->allow_fullname = ctl->allow_room = ctl->allow_work = ctl->allow_home = 1; | |
289 | return; | |
290 | } | |
291 | for (i = 0; s[i]; i++) { | |
292 | switch (s[i]) { | |
293 | case 'f': | |
294 | ctl->allow_fullname = 1; | |
295 | break; | |
296 | case 'r': | |
297 | ctl->allow_room = 1; | |
298 | break; | |
299 | case 'w': | |
300 | ctl->allow_work = 1; | |
301 | break; | |
302 | case 'h': | |
303 | ctl->allow_home = 1; | |
304 | break; | |
305 | default: | |
306 | broken = 1; | |
307 | } | |
308 | } | |
309 | if (broken) | |
310 | warnx(_("%s: CHFN_RESTRICT has unexpected value: %s"), _PATH_LOGINDEFS, s); | |
311 | if (!ctl->allow_fullname && !ctl->allow_room && !ctl->allow_work && !ctl->allow_home) | |
312 | errx(EXIT_FAILURE, _("%s: CHFN_RESTRICT does not allow any changes"), _PATH_LOGINDEFS); | |
313 | return; | |
314 | } | |
315 | ||
316 | /* | |
317 | * ask_info () -- | |
318 | * prompt the user for the finger information and store it. | |
319 | */ | |
320 | static void ask_info(struct chfn_control *ctl) | |
321 | { | |
322 | if (ctl->allow_fullname) | |
323 | ctl->newf.full_name = ask_new_field(ctl, _("Name"), ctl->oldf.full_name); | |
324 | if (ctl->allow_room) | |
325 | ctl->newf.office = ask_new_field(ctl, _("Office"), ctl->oldf.office); | |
326 | if (ctl->allow_work) | |
327 | ctl->newf.office_phone = ask_new_field(ctl, _("Office Phone"), ctl->oldf.office_phone); | |
328 | if (ctl->allow_home) | |
329 | ctl->newf.home_phone = ask_new_field(ctl, _("Home Phone"), ctl->oldf.home_phone); | |
330 | putchar('\n'); | |
331 | } | |
332 | ||
333 | /* | |
334 | * find_field () -- | |
335 | * find field value in uninteractive mode; can be new, old, or blank | |
336 | */ | |
337 | static char *find_field(char *nf, char *of) | |
338 | { | |
339 | if (nf) | |
340 | return nf; | |
341 | if (of) | |
342 | return of; | |
343 | return xstrdup(""); | |
344 | } | |
345 | ||
346 | /* | |
347 | * add_missing () -- | |
348 | * add not supplied field values when in uninteractive mode | |
349 | */ | |
350 | static void add_missing(struct chfn_control *ctl) | |
351 | { | |
352 | ctl->newf.full_name = find_field(ctl->newf.full_name, ctl->oldf.full_name); | |
353 | ctl->newf.office = find_field(ctl->newf.office, ctl->oldf.office); | |
354 | ctl->newf.office_phone = find_field(ctl->newf.office_phone, ctl->oldf.office_phone); | |
355 | ctl->newf.home_phone = find_field(ctl->newf.home_phone, ctl->oldf.home_phone); | |
356 | ctl->newf.other = find_field(ctl->newf.other, ctl->oldf.other); | |
357 | printf("\n"); | |
358 | } | |
359 | ||
360 | /* | |
361 | * save_new_data () -- | |
362 | * save the given finger info in /etc/passwd. | |
363 | * return zero on success. | |
364 | */ | |
365 | static int save_new_data(struct chfn_control *ctl) | |
366 | { | |
367 | char *gecos; | |
368 | int len; | |
369 | ||
370 | /* create the new gecos string */ | |
371 | len = xasprintf(&gecos, "%s,%s,%s,%s,%s", | |
372 | ctl->newf.full_name, | |
373 | ctl->newf.office, | |
374 | ctl->newf.office_phone, | |
375 | ctl->newf.home_phone, | |
376 | ctl->newf.other); | |
377 | ||
378 | /* remove trailing empty fields (but not subfields of ctl->newf.other) */ | |
379 | if (!ctl->newf.other || !*ctl->newf.other) { | |
380 | while (len > 0 && gecos[len - 1] == ',') | |
381 | len--; | |
382 | gecos[len] = 0; | |
383 | } | |
384 | ||
385 | #ifdef HAVE_LIBUSER | |
386 | if (set_value_libuser("chfn", ctl->username, ctl->pw->pw_uid, | |
387 | LU_GECOS, gecos) < 0) { | |
388 | #else /* HAVE_LIBUSER */ | |
389 | /* write the new struct passwd to the passwd file. */ | |
390 | ctl->pw->pw_gecos = gecos; | |
391 | if (setpwnam(ctl->pw, ".chfn") < 0) { | |
392 | warn("setpwnam failed"); | |
393 | #endif | |
394 | printf(_ | |
395 | ("Finger information *NOT* changed. Try again later.\n")); | |
396 | return -1; | |
397 | } | |
398 | free(gecos); | |
399 | printf(_("Finger information changed.\n")); | |
400 | return 0; | |
401 | } | |
402 | ||
403 | int main(int argc, char **argv) | |
404 | { | |
405 | uid_t uid; | |
406 | struct chfn_control ctl = { | |
407 | .interactive = 1 | |
408 | }; | |
409 | ||
410 | sanitize_env(); | |
411 | setlocale(LC_ALL, ""); /* both for messages and for iscntrl() below */ | |
412 | bindtextdomain(PACKAGE, LOCALEDIR); | |
413 | textdomain(PACKAGE); | |
414 | close_stdout_atexit(); | |
415 | ||
416 | uid = getuid(); | |
417 | ||
418 | /* check /etc/login.defs CHFN_RESTRICT */ | |
419 | get_login_defs(&ctl); | |
420 | ||
421 | parse_argv(&ctl, argc, argv); | |
422 | if (!ctl.username) { | |
423 | ctl.pw = getpwuid(uid); | |
424 | if (!ctl.pw) | |
425 | errx(EXIT_FAILURE, _("you (user %d) don't exist."), | |
426 | uid); | |
427 | ctl.username = ctl.pw->pw_name; | |
428 | } else { | |
429 | ctl.pw = getpwnam(ctl.username); | |
430 | if (!ctl.pw) | |
431 | errx(EXIT_FAILURE, _("user \"%s\" does not exist."), | |
432 | ctl.username); | |
433 | } | |
434 | parse_passwd(&ctl); | |
435 | #ifndef HAVE_LIBUSER | |
436 | if (!(is_local(ctl.username))) | |
437 | errx(EXIT_FAILURE, _("can only change local entries")); | |
438 | #endif | |
439 | ||
440 | #ifdef HAVE_LIBSELINUX | |
441 | if (is_selinux_enabled() > 0) { | |
442 | if (uid == 0) { | |
443 | access_vector_t av = get_access_vector("passwd", "chfn"); | |
444 | ||
445 | if (selinux_check_passwd_access(av) != 0) { | |
446 | security_context_t user_context; | |
447 | if (getprevcon(&user_context) < 0) | |
448 | user_context = NULL; | |
449 | errx(EXIT_FAILURE, | |
450 | _("%s is not authorized to change " | |
451 | "the finger info of %s"), | |
452 | user_context ? : _("Unknown user context"), | |
453 | ctl.username); | |
454 | } | |
455 | } | |
456 | if (setupDefaultContext(_PATH_PASSWD)) | |
457 | errx(EXIT_FAILURE, | |
458 | _("can't set default context for %s"), _PATH_PASSWD); | |
459 | } | |
460 | #endif | |
461 | ||
462 | #ifdef HAVE_LIBUSER | |
463 | /* If we're setuid and not really root, disallow the password change. */ | |
464 | if (geteuid() != getuid() && uid != ctl.pw->pw_uid) { | |
465 | #else | |
466 | if (uid != 0 && uid != ctl.pw->pw_uid) { | |
467 | #endif | |
468 | errno = EACCES; | |
469 | err(EXIT_FAILURE, _("running UID doesn't match UID of user we're " | |
470 | "altering, change denied")); | |
471 | } | |
472 | ||
473 | printf(_("Changing finger information for %s.\n"), ctl.username); | |
474 | ||
475 | #if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD) | |
476 | if (!auth_pam("chfn", uid, ctl.username)) { | |
477 | return EXIT_FAILURE; | |
478 | } | |
479 | #endif | |
480 | ||
481 | if (ctl.interactive) | |
482 | ask_info(&ctl); | |
483 | ||
484 | add_missing(&ctl); | |
485 | ||
486 | if (!ctl.changed) { | |
487 | printf(_("Finger information not changed.\n")); | |
488 | return EXIT_SUCCESS; | |
489 | } | |
490 | ||
491 | return save_new_data(&ctl) == 0 ? EXIT_SUCCESS : EXIT_FAILURE; | |
492 | } |