2 * chfn.c -- change your finger information
3 * (c) 1994 by salvatore valente <svalente@athena.mit.edu>
4 * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com>
6 * this program is free software. you can redistribute it and
7 * modify it under the terms of the gnu general public license.
8 * there is no warranty.
12 * $Date: 1998/06/11 22:30:11 $
14 * Updated Thu Oct 12 09:19:26 1995 by faith@cs.unc.edu with security
15 * patches from Zefram <A.Main@dcs.warwick.ac.uk>
17 * Hacked by Peter Breitenlohner, peb@mppmu.mpg.de,
18 * to remove trailing empty fields. Oct 5, 96.
20 * 1999-02-22 Arkadiusz MiĆkiewicz <misiek@pld.ORG.PL>
21 * - added Native Language Support
32 #include <sys/types.h>
37 #include "closestream.h"
43 #include "logindefs.h"
45 #include "ch-common.h"
47 #ifdef HAVE_LIBSELINUX
48 # include <selinux/selinux.h>
49 # include "selinux-utils.h"
53 # include <libuser/user.h>
55 #elif CHFN_CHSH_PASSWORD
70 /* "oldf" Contains the users original finger information.
71 * "newf" Contains the changed finger information, and contains
72 * NULL in fields that haven't been changed.
73 * In the end, "newf" is folded into "oldf". */
74 struct finfo oldf
, newf
;
76 allow_fullname
:1, /* The login.defs restriction */
77 allow_room
:1, /* see: man login.defs(5) */
78 allow_work
:1, /* and look for CHFN_RESTRICT */
79 allow_home
:1, /* keyword for these four. */
80 changed
:1, /* is change requested */
81 interactive
:1; /* whether to prompt for fields or not */
84 /* we do not accept gecos field sizes longer than MAX_FIELD_SIZE */
85 #define MAX_FIELD_SIZE 256
87 static void __attribute__((__noreturn__
)) usage(void)
90 fputs(USAGE_HEADER
, fp
);
91 fprintf(fp
, _(" %s [options] [<username>]\n"), program_invocation_short_name
);
93 fputs(USAGE_SEPARATOR
, fp
);
94 fputs(_("Change your finger information.\n"), fp
);
96 fputs(USAGE_OPTIONS
, fp
);
97 fputs(_(" -f, --full-name <full-name> real name\n"), fp
);
98 fputs(_(" -o, --office <office> office number\n"), fp
);
99 fputs(_(" -p, --office-phone <phone> office phone number\n"), fp
);
100 fputs(_(" -h, --home-phone <phone> home phone number\n"), fp
);
101 fputs(USAGE_SEPARATOR
, fp
);
102 printf( " -u, --help %s\n", USAGE_OPTSTR_HELP
);
103 printf( " -V, --version %s\n", USAGE_OPTSTR_VERSION
);
104 printf(USAGE_MAN_TAIL("chfn(1)"));
109 * check_gecos_string () --
110 * check that the given gecos string is legal. if it's not legal,
111 * output "msg" followed by a description of the problem, and return (-1).
113 static int check_gecos_string(const char *msg
, char *gecos
)
115 const size_t len
= strlen(gecos
);
117 if (MAX_FIELD_SIZE
< len
) {
118 warnx(_("field %s is too long"), msg
);
121 if (illegal_passwd_chars(gecos
)) {
122 warnx(_("%s: has illegal characters"), gecos
);
130 * parse the command line arguments.
131 * returns true if no information beyond the username was given.
133 static void parse_argv(struct chfn_control
*ctl
, int argc
, char **argv
)
135 int index
, c
, status
= 0;
136 static const struct option long_options
[] = {
137 { "full-name", required_argument
, NULL
, 'f' },
138 { "office", required_argument
, NULL
, 'o' },
139 { "office-phone", required_argument
, NULL
, 'p' },
140 { "home-phone", required_argument
, NULL
, 'h' },
141 { "help", no_argument
, NULL
, 'u' },
142 { "version", no_argument
, NULL
, 'V' },
143 { NULL
, 0, NULL
, 0 },
146 while ((c
= getopt_long(argc
, argv
, "f:r:p:h:o:uvV", long_options
,
150 if (!ctl
->allow_fullname
)
151 errx(EXIT_FAILURE
, _("login.defs forbids setting %s"), _("Name"));
152 ctl
->newf
.full_name
= optarg
;
153 status
+= check_gecos_string(_("Name"), optarg
);
156 if (!ctl
->allow_room
)
157 errx(EXIT_FAILURE
, _("login.defs forbids setting %s"), _("Office"));
158 ctl
->newf
.office
= optarg
;
159 status
+= check_gecos_string(_("Office"), optarg
);
162 if (!ctl
->allow_work
)
163 errx(EXIT_FAILURE
, _("login.defs forbids setting %s"), _("Office Phone"));
164 ctl
->newf
.office_phone
= optarg
;
165 status
+= check_gecos_string(_("Office Phone"), optarg
);
168 if (!ctl
->allow_home
)
169 errx(EXIT_FAILURE
, _("login.defs forbids setting %s"), _("Home Phone"));
170 ctl
->newf
.home_phone
= optarg
;
171 status
+= check_gecos_string(_("Home Phone"), optarg
);
173 case 'v': /* deprecated */
175 print_version(EXIT_SUCCESS
);
179 errtryhelp(EXIT_FAILURE
);
182 ctl
->interactive
= 0;
186 /* done parsing arguments. check for a username. */
188 if (optind
+ 1 < argc
) {
189 warnx(_("cannot handle multiple usernames"));
190 errtryhelp(EXIT_FAILURE
);
192 ctl
->username
= argv
[optind
];
198 * take a struct password and fill in the fields of the struct finfo.
200 static void parse_passwd(struct chfn_control
*ctl
)
206 /* use pw_gecos - we take a copy since PAM destroys the original */
207 gecos
= xstrdup(ctl
->pw
->pw_gecos
);
208 /* extract known fields */
209 ctl
->oldf
.full_name
= strsep(&gecos
, ",");
210 ctl
->oldf
.office
= strsep(&gecos
, ",");
211 ctl
->oldf
.office_phone
= strsep(&gecos
, ",");
212 ctl
->oldf
.home_phone
= strsep(&gecos
, ",");
213 /* extra fields contain site-specific information, and can
214 * not be changed by this version of chfn. */
215 ctl
->oldf
.other
= strsep(&gecos
, ",");
219 * ask_new_field () --
220 * ask the user for a given field and check that the string is legal.
222 static char *ask_new_field(struct chfn_control
*ctl
, const char *question
,
226 char *buf
= NULL
; /* leave initialized to NULL or getline segfaults */
233 printf("%s [%s]:", question
, def_val
);
239 if (getline(&buf
, &dummy
, stdin
) < 0)
240 errx(EXIT_FAILURE
, _("Aborted."));
242 /* remove white spaces from string end */
243 ltrim_whitespace((unsigned char *) buf
);
244 len
= rtrim_whitespace((unsigned char *) buf
);
247 return xstrdup(def_val
);
249 if (!strcasecmp(buf
, "none")) {
254 if (check_gecos_string(question
, buf
) >= 0)
263 * find /etc/login.defs CHFN_RESTRICT and save restrictions to run time
265 static void get_login_defs(struct chfn_control
*ctl
)
271 /* real root does not have restrictions */
272 if (geteuid() == getuid() && getuid() == 0) {
273 ctl
->allow_fullname
= ctl
->allow_room
= ctl
->allow_work
= ctl
->allow_home
= 1;
276 s
= getlogindefs_str("CHFN_RESTRICT", "");
277 if (!strcmp(s
, "yes")) {
278 ctl
->allow_room
= ctl
->allow_work
= ctl
->allow_home
= 1;
281 if (!strcmp(s
, "no")) {
282 ctl
->allow_fullname
= ctl
->allow_room
= ctl
->allow_work
= ctl
->allow_home
= 1;
285 for (i
= 0; s
[i
]; i
++) {
288 ctl
->allow_fullname
= 1;
304 warnx(_("%s: CHFN_RESTRICT has unexpected value: %s"), _PATH_LOGINDEFS
, s
);
305 if (!ctl
->allow_fullname
&& !ctl
->allow_room
&& !ctl
->allow_work
&& !ctl
->allow_home
)
306 errx(EXIT_FAILURE
, _("%s: CHFN_RESTRICT does not allow any changes"), _PATH_LOGINDEFS
);
311 * prompt the user for the finger information and store it.
313 static void ask_info(struct chfn_control
*ctl
)
315 if (ctl
->allow_fullname
)
316 ctl
->newf
.full_name
= ask_new_field(ctl
, _("Name"), ctl
->oldf
.full_name
);
318 ctl
->newf
.office
= ask_new_field(ctl
, _("Office"), ctl
->oldf
.office
);
320 ctl
->newf
.office_phone
= ask_new_field(ctl
, _("Office Phone"), ctl
->oldf
.office_phone
);
322 ctl
->newf
.home_phone
= ask_new_field(ctl
, _("Home Phone"), ctl
->oldf
.home_phone
);
328 * find field value in uninteractive mode; can be new, old, or blank
330 static char *find_field(char *nf
, char *of
)
341 * add not supplied field values when in uninteractive mode
343 static void add_missing(struct chfn_control
*ctl
)
345 ctl
->newf
.full_name
= find_field(ctl
->newf
.full_name
, ctl
->oldf
.full_name
);
346 ctl
->newf
.office
= find_field(ctl
->newf
.office
, ctl
->oldf
.office
);
347 ctl
->newf
.office_phone
= find_field(ctl
->newf
.office_phone
, ctl
->oldf
.office_phone
);
348 ctl
->newf
.home_phone
= find_field(ctl
->newf
.home_phone
, ctl
->oldf
.home_phone
);
349 ctl
->newf
.other
= find_field(ctl
->newf
.other
, ctl
->oldf
.other
);
354 * save_new_data () --
355 * save the given finger info in /etc/passwd.
356 * return zero on success.
358 static int save_new_data(struct chfn_control
*ctl
)
363 /* create the new gecos string */
364 len
= xasprintf(&gecos
, "%s,%s,%s,%s,%s",
367 ctl
->newf
.office_phone
,
368 ctl
->newf
.home_phone
,
371 /* remove trailing empty fields (but not subfields of ctl->newf.other) */
372 if (!ctl
->newf
.other
|| !*ctl
->newf
.other
) {
373 while (len
> 0 && gecos
[len
- 1] == ',')
379 if (set_value_libuser("chfn", ctl
->username
, ctl
->pw
->pw_uid
,
380 LU_GECOS
, gecos
) < 0) {
381 #else /* HAVE_LIBUSER */
382 /* write the new struct passwd to the passwd file. */
383 ctl
->pw
->pw_gecos
= gecos
;
384 if (setpwnam(ctl
->pw
, ".chfn") < 0) {
385 warn("setpwnam failed");
388 ("Finger information *NOT* changed. Try again later.\n"));
392 printf(_("Finger information changed.\n"));
396 int main(int argc
, char **argv
)
399 struct chfn_control ctl
= {
404 setlocale(LC_ALL
, ""); /* both for messages and for iscntrl() below */
405 bindtextdomain(PACKAGE
, LOCALEDIR
);
407 close_stdout_atexit();
411 /* check /etc/login.defs CHFN_RESTRICT */
412 get_login_defs(&ctl
);
414 parse_argv(&ctl
, argc
, argv
);
416 ctl
.pw
= getpwuid(uid
);
418 errx(EXIT_FAILURE
, _("you (user %d) don't exist."),
420 ctl
.username
= ctl
.pw
->pw_name
;
422 ctl
.pw
= getpwnam(ctl
.username
);
424 errx(EXIT_FAILURE
, _("user \"%s\" does not exist."),
429 if (!(is_local(ctl
.username
)))
430 errx(EXIT_FAILURE
, _("can only change local entries"));
433 #ifdef HAVE_LIBSELINUX
434 if (is_selinux_enabled() > 0) {
435 char *user_cxt
= NULL
;
437 if (uid
== 0 && !ul_selinux_has_access("passwd", "chfn", &user_cxt
))
439 _("%s is not authorized to change "
440 "the finger info of %s"),
441 user_cxt
? : _("Unknown user context"),
444 if (ul_setfscreatecon_from_file(_PATH_PASSWD
) != 0)
446 _("can't set default context for %s"), _PATH_PASSWD
);
451 /* If we're setuid and not really root, disallow the password change. */
452 if (geteuid() != getuid() && uid
!= ctl
.pw
->pw_uid
) {
454 if (uid
!= 0 && uid
!= ctl
.pw
->pw_uid
) {
457 err(EXIT_FAILURE
, _("running UID doesn't match UID of user we're "
458 "altering, change denied"));
461 printf(_("Changing finger information for %s.\n"), ctl
.username
);
463 #if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD)
464 if (!auth_pam("chfn", uid
, ctl
.username
)) {
475 printf(_("Finger information not changed.\n"));
479 return save_new_data(&ctl
) == 0 ? EXIT_SUCCESS
: EXIT_FAILURE
;