2 * chfn.c -- change your finger information
3 * (c) 1994 by salvatore valente <svalente@athena.mit.edu>
4 * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com>
6 * this program is free software. you can redistribute it and
7 * modify it under the terms of the gnu general public license.
8 * there is no warranty.
12 * $Date: 1998/06/11 22:30:11 $
14 * Updated Thu Oct 12 09:19:26 1995 by faith@cs.unc.edu with security
15 * patches from Zefram <A.Main@dcs.warwick.ac.uk>
17 * Hacked by Peter Breitenlohner, peb@mppmu.mpg.de,
18 * to remove trailing empty fields. Oct 5, 96.
20 * 1999-02-22 Arkadiusz MiĆkiewicz <misiek@pld.ORG.PL>
21 * - added Native Language Support
32 #include <sys/types.h>
37 #include "closestream.h"
43 #include "logindefs.h"
45 #include "ch-common.h"
47 #ifdef HAVE_LIBSELINUX
48 # include <selinux/selinux.h>
49 # include "selinux_utils.h"
53 # include <libuser/user.h>
55 #elif CHFN_CHSH_PASSWORD
59 #ifdef HAVE_LIBREADLINE
60 # define _FUNCTION_DEF
61 # include <readline/readline.h>
75 /* "oldf" Contains the users original finger information.
76 * "newf" Contains the changed finger information, and contains
77 * NULL in fields that haven't been changed.
78 * In the end, "newf" is folded into "oldf". */
79 struct finfo oldf
, newf
;
81 allow_fullname
:1, /* The login.defs restriction */
82 allow_room
:1, /* see: man login.defs(5) */
83 allow_work
:1, /* and look for CHFN_RESTRICT */
84 allow_home
:1, /* keyword for these four. */
85 changed
:1, /* is change requested */
86 interactive
:1; /* whether to prompt for fields or not */
89 /* we do not accept gecos field sizes longer than MAX_FIELD_SIZE */
90 #define MAX_FIELD_SIZE 256
92 static void __attribute__((__noreturn__
)) usage(FILE *fp
)
94 fputs(USAGE_HEADER
, fp
);
95 fprintf(fp
, _(" %s [options] [<username>]\n"), program_invocation_short_name
);
97 fputs(USAGE_SEPARATOR
, fp
);
98 fputs(_("Change your finger information.\n"), fp
);
100 fputs(USAGE_OPTIONS
, fp
);
101 fputs(_(" -f, --full-name <full-name> real name\n"), fp
);
102 fputs(_(" -o, --office <office> office number\n"), fp
);
103 fputs(_(" -p, --office-phone <phone> office phone number\n"), fp
);
104 fputs(_(" -h, --home-phone <phone> home phone number\n"), fp
);
105 fputs(USAGE_SEPARATOR
, fp
);
106 fputs(_(" -u, --help display this help and exit\n"), fp
);
107 fputs(_(" -v, --version output version information and exit\n"), fp
);
108 fprintf(fp
, USAGE_MAN_TAIL("chfn(1)"));
109 exit(fp
== stderr
? EXIT_FAILURE
: EXIT_SUCCESS
);
113 * check_gecos_string () --
114 * check that the given gecos string is legal. if it's not legal,
115 * output "msg" followed by a description of the problem, and return (-1).
117 static int check_gecos_string(const char *msg
, char *gecos
)
119 const size_t len
= strlen(gecos
);
121 if (MAX_FIELD_SIZE
< len
) {
122 warnx(_("field %s is too long"), msg
);
125 if (illegal_passwd_chars(gecos
)) {
126 warnx(_("%s: has illegal characters"), gecos
);
134 * parse the command line arguments.
135 * returns true if no information beyond the username was given.
137 static void parse_argv(struct chfn_control
*ctl
, int argc
, char **argv
)
139 int index
, c
, status
= 0;
140 static const struct option long_options
[] = {
141 { "full-name", required_argument
, NULL
, 'f' },
142 { "office", required_argument
, NULL
, 'o' },
143 { "office-phone", required_argument
, NULL
, 'p' },
144 { "home-phone", required_argument
, NULL
, 'h' },
145 { "help", no_argument
, NULL
, 'u' },
146 { "version", no_argument
, NULL
, 'v' },
147 { NULL
, 0, NULL
, 0 },
150 while ((c
= getopt_long(argc
, argv
, "f:r:p:h:o:uv", long_options
,
154 if (!ctl
->allow_fullname
)
155 errx(EXIT_FAILURE
, _("login.defs forbids setting %s"), _("Name"));
156 ctl
->newf
.full_name
= optarg
;
157 status
+= check_gecos_string(_("Name"), optarg
);
160 if (!ctl
->allow_room
)
161 errx(EXIT_FAILURE
, _("login.defs forbids setting %s"), _("Office"));
162 ctl
->newf
.office
= optarg
;
163 status
+= check_gecos_string(_("Office"), optarg
);
166 if (!ctl
->allow_work
)
167 errx(EXIT_FAILURE
, _("login.defs forbids setting %s"), _("Office Phone"));
168 ctl
->newf
.office_phone
= optarg
;
169 status
+= check_gecos_string(_("Office Phone"), optarg
);
172 if (!ctl
->allow_home
)
173 errx(EXIT_FAILURE
, _("login.defs forbids setting %s"), _("Home Phone"));
174 ctl
->newf
.home_phone
= optarg
;
175 status
+= check_gecos_string(_("Home Phone"), optarg
);
178 printf(UTIL_LINUX_VERSION
);
183 errtryhelp(EXIT_FAILURE
);
186 ctl
->interactive
= 0;
190 /* done parsing arguments. check for a username. */
192 if (optind
+ 1 < argc
)
194 ctl
->username
= argv
[optind
];
201 * take a struct password and fill in the fields of the struct finfo.
203 static void parse_passwd(struct chfn_control
*ctl
)
209 /* use pw_gecos - we take a copy since PAM destroys the original */
210 gecos
= xstrdup(ctl
->pw
->pw_gecos
);
211 /* extract known fields */
212 ctl
->oldf
.full_name
= strsep(&gecos
, ",");
213 ctl
->oldf
.office
= strsep(&gecos
, ",");
214 ctl
->oldf
.office_phone
= strsep(&gecos
, ",");
215 ctl
->oldf
.home_phone
= strsep(&gecos
, ",");
216 /* extra fields contain site-specific information, and can
217 * not be changed by this version of chfn. */
218 ctl
->oldf
.other
= strsep(&gecos
, ",");
222 * ask_new_field () --
223 * ask the user for a given field and check that the string is legal.
225 static char *ask_new_field(struct chfn_control
*ctl
, const char *question
,
230 #ifndef HAVE_LIBREADLINE
237 printf("%s [%s]: ", question
, def_val
);
239 #ifdef HAVE_LIBREADLINE
240 if ((buf
= readline(NULL
)) == NULL
)
242 if (getline(&buf
, &dummy
, stdin
) < 0)
244 errx(EXIT_FAILURE
, _("Aborted."));
245 /* remove white spaces from string end */
246 ltrim_whitespace((unsigned char *) buf
);
247 len
= rtrim_whitespace((unsigned char *) buf
);
250 return xstrdup(def_val
);
252 if (!strcasecmp(buf
, "none")) {
257 if (check_gecos_string(question
, buf
) >= 0)
266 * find /etc/login.defs CHFN_RESTRICT and save restrictions to run time
268 static void get_login_defs(struct chfn_control
*ctl
)
274 /* real root does not have restrictions */
275 if (geteuid() == getuid() && getuid() == 0) {
276 ctl
->allow_fullname
= ctl
->allow_room
= ctl
->allow_work
= ctl
->allow_home
= 1;
279 s
= getlogindefs_str("CHFN_RESTRICT", "");
280 if (!strcmp(s
, "yes")) {
281 ctl
->allow_room
= ctl
->allow_work
= ctl
->allow_home
= 1;
284 if (!strcmp(s
, "no")) {
285 ctl
->allow_fullname
= ctl
->allow_room
= ctl
->allow_work
= ctl
->allow_home
= 1;
288 for (i
= 0; s
[i
]; i
++) {
291 ctl
->allow_fullname
= 1;
307 warnx(_("%s: CHFN_RESTRICT has unexpected value: %s"), _PATH_LOGINDEFS
, s
);
308 if (!ctl
->allow_fullname
&& !ctl
->allow_room
&& !ctl
->allow_work
&& !ctl
->allow_home
)
309 errx(EXIT_FAILURE
, _("%s: CHFN_RESTRICT does not allow any changes"), _PATH_LOGINDEFS
);
315 * prompt the user for the finger information and store it.
317 static void ask_info(struct chfn_control
*ctl
)
319 if (ctl
->allow_fullname
)
320 ctl
->newf
.full_name
= ask_new_field(ctl
, _("Name"), ctl
->oldf
.full_name
);
322 ctl
->newf
.office
= ask_new_field(ctl
, _("Office"), ctl
->oldf
.office
);
324 ctl
->newf
.office_phone
= ask_new_field(ctl
, _("Office Phone"), ctl
->oldf
.office_phone
);
326 ctl
->newf
.home_phone
= ask_new_field(ctl
, _("Home Phone"), ctl
->oldf
.home_phone
);
332 * find field value in uninteractive mode; can be new, old, or blank
334 static char *find_field(char *nf
, char *of
)
345 * add not supplied field values when in uninteractive mode
347 static void add_missing(struct chfn_control
*ctl
)
349 ctl
->newf
.full_name
= find_field(ctl
->newf
.full_name
, ctl
->oldf
.full_name
);
350 ctl
->newf
.office
= find_field(ctl
->newf
.office
, ctl
->oldf
.office
);
351 ctl
->newf
.office_phone
= find_field(ctl
->newf
.office_phone
, ctl
->oldf
.office_phone
);
352 ctl
->newf
.home_phone
= find_field(ctl
->newf
.home_phone
, ctl
->oldf
.home_phone
);
353 ctl
->newf
.other
= find_field(ctl
->newf
.other
, ctl
->oldf
.other
);
358 * save_new_data () --
359 * save the given finger info in /etc/passwd.
360 * return zero on success.
362 static int save_new_data(struct chfn_control
*ctl
)
367 /* create the new gecos string */
368 len
= xasprintf(&gecos
, "%s,%s,%s,%s,%s",
371 ctl
->newf
.office_phone
,
372 ctl
->newf
.home_phone
,
375 /* remove trailing empty fields (but not subfields of ctl->newf.other) */
376 if (!ctl
->newf
.other
) {
377 while (len
> 0 && gecos
[len
- 1] == ',')
383 if (set_value_libuser("chfn", ctl
->username
, ctl
->pw
->pw_uid
,
384 LU_GECOS
, gecos
) < 0) {
385 #else /* HAVE_LIBUSER */
386 /* write the new struct passwd to the passwd file. */
387 ctl
->pw
->pw_gecos
= gecos
;
388 if (setpwnam(ctl
->pw
, ".chfn") < 0) {
389 warn("setpwnam failed");
392 ("Finger information *NOT* changed. Try again later.\n"));
396 printf(_("Finger information changed.\n"));
400 int main(int argc
, char **argv
)
403 struct chfn_control ctl
= {
408 setlocale(LC_ALL
, ""); /* both for messages and for iscntrl() below */
409 bindtextdomain(PACKAGE
, LOCALEDIR
);
411 atexit(close_stdout
);
414 /* check /etc/login.defs CHFN_RESTRICT */
415 get_login_defs(&ctl
);
417 parse_argv(&ctl
, argc
, argv
);
419 ctl
.pw
= getpwuid(uid
);
421 errx(EXIT_FAILURE
, _("you (user %d) don't exist."),
423 ctl
.username
= ctl
.pw
->pw_name
;
425 ctl
.pw
= getpwnam(ctl
.username
);
427 errx(EXIT_FAILURE
, _("user \"%s\" does not exist."),
432 if (!(is_local(ctl
.username
)))
433 errx(EXIT_FAILURE
, _("can only change local entries"));
436 #ifdef HAVE_LIBSELINUX
437 if (is_selinux_enabled() > 0) {
439 access_vector_t av
= get_access_vector("passwd", "chfn");
441 if (selinux_check_passwd_access(av
) != 0) {
442 security_context_t user_context
;
443 if (getprevcon(&user_context
) < 0)
446 _("%s is not authorized to change "
447 "the finger info of %s"),
448 user_context
? : _("Unknown user context"),
452 if (setupDefaultContext(_PATH_PASSWD
))
454 _("can't set default context for %s"), _PATH_PASSWD
);
459 /* If we're setuid and not really root, disallow the password change. */
460 if (geteuid() != getuid() && uid
!= ctl
.pw
->pw_uid
) {
462 if (uid
!= 0 && uid
!= ctl
.pw
->pw_uid
) {
465 err(EXIT_FAILURE
, _("running UID doesn't match UID of user we're "
466 "altering, change denied"));
469 printf(_("Changing finger information for %s.\n"), ctl
.username
);
471 #if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD)
472 if (!auth_pam("chfn", uid
, ctl
.username
)) {
483 printf(_("Finger information not changed.\n"));
487 return save_new_data(&ctl
) == 0 ? EXIT_SUCCESS
: EXIT_FAILURE
;