]> git.ipfire.org Git - thirdparty/util-linux.git/blob - login-utils/vipw.c
projects / thirdparty / util-linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
login-utils: verify writing to streams was successful
[thirdparty/util-linux.git] / login-utils / vipw.c
1 /*
2 * Copyright (c) 1987 Regents of the University of California.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 * Updated Thu Oct 12 09:56:55 1995 by faith@cs.unc.edu with security
34 * patches from Zefram <A.Main@dcs.warwick.ac.uk>
35 *
36 * Updated Thu Nov 9 21:58:53 1995 by Martin Schulze
37 * <joey@finlandia.infodrom.north.de>. Support for vigr.
38 *
39 * Martin Schulze's patches adapted to Util-Linux by Nicolai Langfeldt.
40 *
41 * 1999-02-22 Arkadiusz Mi¶kiewicz <misiek@pld.ORG.PL>
42 * - added Native Language Support
43 * Sun Mar 21 1999 - Arnaldo Carvalho de Melo <acme@conectiva.com.br>
44 * - fixed strerr(errno) in gettext calls
45 */
46
47 /*
48 * This command is deprecated. The utility is in maintenance mode,
49 * meaning we keep them in source tree for backward compatibility
50 * only. Do not waste time making this command better, unless the
51 * fix is about security or other very critical issue.
52 *
53 * See Documentation/deprecated.txt for more information.
54 */
55
56 #include <errno.h>
57 #include <fcntl.h>
58 #include <paths.h>
59 #include <pwd.h>
60 #include <shadow.h>
61 #include <signal.h>
62 #include <stdio.h>
63 #include <stdlib.h>
64 #include <string.h>
65 #include <sys/file.h>
66 #include <sys/param.h>
67 #include <sys/resource.h>
68 #include <sys/stat.h>
69 #include <sys/time.h>
70 #include <sys/types.h>
71 #include <sys/wait.h>
72 #include <unistd.h>
73
74 #include "c.h"
75 #include "closestream.h"
76 #include "nls.h"
77 #include "setpwnam.h"
78 #include "strutils.h"
79 #include "xalloc.h"
80
81 #ifdef HAVE_LIBSELINUX
82 # include <selinux/selinux.h>
83 #endif
84
85 #define FILENAMELEN 67
86
87 enum {
88 VIPW,
89 VIGR
90 };
91 int program;
92 char orig_file[FILENAMELEN]; /* original file /etc/passwd or /etc/group */
93 char *tmp_file; /* tmp file */
94
95 void pw_error __P((char *, int, int));
96
97 static void copyfile(int from, int to)
98 {
99 int nr, nw, off;
100 char buf[8 * 1024];
101
102 while ((nr = read(from, buf, sizeof(buf))) > 0)
103 for (off = 0; off < nr; nr -= nw, off += nw)
104 if ((nw = write(to, buf + off, nr)) < 0)
105 pw_error(tmp_file, 1, 1);
106
107 if (nr < 0)
108 pw_error(orig_file, 1, 1);
109 }
110
111 static void pw_init(void)
112 {
113 struct rlimit rlim;
114
115 /* Unlimited resource limits. */
116 rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
117 (void)setrlimit(RLIMIT_CPU, &rlim);
118 (void)setrlimit(RLIMIT_FSIZE, &rlim);
119 (void)setrlimit(RLIMIT_STACK, &rlim);
120 (void)setrlimit(RLIMIT_DATA, &rlim);
121 (void)setrlimit(RLIMIT_RSS, &rlim);
122
123 /* Don't drop core (not really necessary, but GP's). */
124 rlim.rlim_cur = rlim.rlim_max = 0;
125 (void)setrlimit(RLIMIT_CORE, &rlim);
126
127 /* Turn off signals. */
128 (void)signal(SIGALRM, SIG_IGN);
129 (void)signal(SIGHUP, SIG_IGN);
130 (void)signal(SIGINT, SIG_IGN);
131 (void)signal(SIGPIPE, SIG_IGN);
132 (void)signal(SIGQUIT, SIG_IGN);
133 (void)signal(SIGTERM, SIG_IGN);
134 (void)signal(SIGTSTP, SIG_IGN);
135 (void)signal(SIGTTOU, SIG_IGN);
136
137 /* Create with exact permissions. */
138 (void)umask(0);
139 }
140
141 static FILE * pw_tmpfile(int lockfd)
142 {
143 FILE *fd;
144 char *tmpname = NULL;
145
146 if ((fd = xfmkstemp(&tmpname)) == NULL) {
147 ulckpwdf();
148 err(EXIT_FAILURE, _("can't open temporary file"));
149 }
150
151 copyfile(lockfd, fileno(fd));
152 tmp_file = tmpname;
153 return fd;
154 }
155
156 static void pw_write(void)
157 {
158 char tmp[FILENAMELEN + 4];
159
160 sprintf(tmp, "%s%s", orig_file, ".OLD");
161 unlink(tmp);
162
163 if (link(orig_file, tmp))
164 warn(_("%s: create a link to %s failed"), orig_file, tmp);
165
166 #ifdef HAVE_LIBSELINUX
167 if (is_selinux_enabled() > 0) {
168 security_context_t passwd_context = NULL;
169 int ret = 0;
170 if (getfilecon(orig_file, &passwd_context) < 0) {
171 warnx(_("Can't get context for %s"), orig_file);
172 pw_error(orig_file, 1, 1);
173 }
174 ret = setfilecon(tmp_file, passwd_context);
175 freecon(passwd_context);
176 if (ret != 0) {
177 warnx(_("Can't set context for %s"), tmp_file);
178 pw_error(tmp_file, 1, 1);
179 }
180 }
181 #endif
182
183 if (rename(tmp_file, orig_file) == -1) {
184 int errsv = errno;
185 errx(EXIT_FAILURE,
186 ("cannot write %s: %s (your changes are still in %s)"),
187 orig_file, strerror(errsv), tmp_file);
188 }
189 unlink(tmp_file);
190 free(tmp_file);
191 }
192
193 static void pw_edit(int notsetuid)
194 {
195 int pstat;
196 pid_t pid;
197 char *p, *editor, *tk;
198
199 editor = getenv("EDITOR");
200 editor = xstrdup(editor ? editor : _PATH_VI);
201
202 tk = strtok(editor, " \t");
203 if (tk && (p = strrchr(tk, '/')) != NULL)
204 ++p;
205 else
206 p = editor;
207
208 pid = fork();
209 if (pid < 0)
210 err(EXIT_FAILURE, _("fork failed"));
211
212 if (!pid) {
213 if (notsetuid) {
214 (void)setgid(getgid());
215 (void)setuid(getuid());
216 }
217 execlp(editor, p, tmp_file, NULL);
218 /* Shouldn't get here */
219 _exit(EXIT_FAILURE);
220 }
221 for (;;) {
222 pid = waitpid(pid, &pstat, WUNTRACED);
223 if (WIFSTOPPED(pstat)) {
224 /* the editor suspended, so suspend us as well */
225 kill(getpid(), SIGSTOP);
226 kill(pid, SIGCONT);
227 } else {
228 break;
229 }
230 }
231 if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0)
232 pw_error(editor, 1, 1);
233
234 free(editor);
235 }
236
237 void pw_error(char *name, int err, int eval)
238 {
239 if (err) {
240 if (name)
241 warn("%s: ", name);
242 else
243 warn(NULL);
244 }
245 warnx(_("%s unchanged"), orig_file);
246 unlink(tmp_file);
247 ulckpwdf();
248 exit(eval);
249 }
250
251 static void edit_file(int is_shadow)
252 {
253 struct stat begin, end;
254 int passwd_file, ch_ret;
255 FILE *tmp_fd;
256
257 pw_init();
258
259 /* acquire exclusive lock */
260 if (lckpwdf() < 0)
261 err(EXIT_FAILURE, _("cannot get lock"));
262
263 passwd_file = open(orig_file, O_RDONLY, 0);
264 if (passwd_file < 0)
265 err(EXIT_FAILURE, "%s: %s", _("cannot open file"), orig_file);
266 tmp_fd = pw_tmpfile(passwd_file);
267
268 if (fstat(fileno(tmp_fd), &begin))
269 pw_error(tmp_file, 1, 1);
270
271 pw_edit(0);
272
273 if (fstat(fileno(tmp_fd), &end))
274 pw_error(tmp_file, 1, 1);
275 if (begin.st_mtime == end.st_mtime) {
276 warnx(_("no changes made"));
277 pw_error((char *)NULL, 0, 0);
278 }
279 /* pw_tmpfile() will create the file with mode 600 */
280 if (!is_shadow)
281 ch_ret = fchmod(fileno(tmp_fd), 0644);
282 else
283 ch_ret = fchmod(fileno(tmp_fd), 0400);
284 if (ch_ret < 0)
285 err(EXIT_FAILURE, "%s: %s", _("cannot chmod file"), orig_file);
286 if (close_stream(tmp_fd) != 0)
287 err(EXIT_FAILURE, _("write error"));
288 pw_write();
289 close(passwd_file);
290 ulckpwdf();
291 }
292
293 int main(int argc, char *argv[])
294 {
295 setlocale(LC_ALL, "");
296 bindtextdomain(PACKAGE, LOCALEDIR);
297 textdomain(PACKAGE);
298 atexit(close_stdout);
299
300 if (!strcmp(program_invocation_short_name, "vigr")) {
301 program = VIGR;
302 xstrncpy(orig_file, GROUP_FILE, sizeof(orig_file));
303 } else {
304 program = VIPW;
305 xstrncpy(orig_file, PASSWD_FILE, sizeof(orig_file));
306 }
307
308 if ((argc > 1) &&
309 (!strcmp(argv[1], "-V") || !strcmp(argv[1], "--version"))) {
310 printf(UTIL_LINUX_VERSION);
311 exit(EXIT_SUCCESS);
312 }
313
314 edit_file(0);
315
316 if (program == VIGR) {
317 strncpy(orig_file, SGROUP_FILE, FILENAMELEN - 1);
318 } else {
319 strncpy(orig_file, SHADOW_FILE, FILENAMELEN - 1);
320 }
321
322 if (access(orig_file, F_OK) == 0) {
323 char response[80];
324
325 printf((program == VIGR)
326 ? _("You are using shadow groups on this system.\n")
327 : _("You are using shadow passwords on this system.\n"));
328 /* TRANSLATORS: this program uses for y and n rpmatch(3),
329 * which means they can be translated. */
330 printf(_("Would you like to edit %s now [y/n]? "), orig_file);
331
332 if (fgets(response, sizeof(response), stdin)) {
333 if (rpmatch(response) == 1)
334 edit_file(1);
335 }
336 }
337 exit(EXIT_SUCCESS);
338 }
Unnamed repository; edit this file 'description' to name the repository.