2 * Copyright (c) 1987 Regents of the University of California.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Updated Thu Oct 12 09:56:55 1995 by faith@cs.unc.edu with security
34 * patches from Zefram <A.Main@dcs.warwick.ac.uk>
36 * Updated Thu Nov 9 21:58:53 1995 by Martin Schulze
37 * <joey@finlandia.infodrom.north.de>. Support for vigr.
39 * Martin Schulze's patches adapted to Util-Linux by Nicolai Langfeldt.
41 * 1999-02-22 Arkadiusz Mi¶kiewicz <misiek@pld.ORG.PL>
42 * - added Native Language Support
43 * Sun Mar 21 1999 - Arnaldo Carvalho de Melo <acme@conectiva.com.br>
44 * - fixed strerr(errno) in gettext calls
48 * This command is deprecated. The utility is in maintenance mode,
49 * meaning we keep them in source tree for backward compatibility
50 * only. Do not waste time making this command better, unless the
51 * fix is about security or other very critical issue.
53 * See Documentation/deprecated.txt for more information.
66 #include <sys/param.h>
67 #include <sys/resource.h>
70 #include <sys/types.h>
75 #include "closestream.h"
81 #ifdef HAVE_LIBSELINUX
82 # include <selinux/selinux.h>
85 #define FILENAMELEN 67
92 char orig_file
[FILENAMELEN
]; /* original file /etc/passwd or /etc/group */
93 char *tmp_file
; /* tmp file */
95 void pw_error
__P((char *, int, int));
97 static void copyfile(int from
, int to
)
102 while ((nr
= read(from
, buf
, sizeof(buf
))) > 0)
103 for (off
= 0; off
< nr
; nr
-= nw
, off
+= nw
)
104 if ((nw
= write(to
, buf
+ off
, nr
)) < 0)
105 pw_error(tmp_file
, 1, 1);
108 pw_error(orig_file
, 1, 1);
111 static void pw_init(void)
115 /* Unlimited resource limits. */
116 rlim
.rlim_cur
= rlim
.rlim_max
= RLIM_INFINITY
;
117 (void)setrlimit(RLIMIT_CPU
, &rlim
);
118 (void)setrlimit(RLIMIT_FSIZE
, &rlim
);
119 (void)setrlimit(RLIMIT_STACK
, &rlim
);
120 (void)setrlimit(RLIMIT_DATA
, &rlim
);
121 (void)setrlimit(RLIMIT_RSS
, &rlim
);
123 /* Don't drop core (not really necessary, but GP's). */
124 rlim
.rlim_cur
= rlim
.rlim_max
= 0;
125 (void)setrlimit(RLIMIT_CORE
, &rlim
);
127 /* Turn off signals. */
128 (void)signal(SIGALRM
, SIG_IGN
);
129 (void)signal(SIGHUP
, SIG_IGN
);
130 (void)signal(SIGINT
, SIG_IGN
);
131 (void)signal(SIGPIPE
, SIG_IGN
);
132 (void)signal(SIGQUIT
, SIG_IGN
);
133 (void)signal(SIGTERM
, SIG_IGN
);
134 (void)signal(SIGTSTP
, SIG_IGN
);
135 (void)signal(SIGTTOU
, SIG_IGN
);
137 /* Create with exact permissions. */
141 static FILE * pw_tmpfile(int lockfd
)
144 char *tmpname
= NULL
;
146 if ((fd
= xfmkstemp(&tmpname
)) == NULL
) {
148 err(EXIT_FAILURE
, _("can't open temporary file"));
151 copyfile(lockfd
, fileno(fd
));
156 static void pw_write(void)
158 char tmp
[FILENAMELEN
+ 4];
160 sprintf(tmp
, "%s%s", orig_file
, ".OLD");
163 if (link(orig_file
, tmp
))
164 warn(_("%s: create a link to %s failed"), orig_file
, tmp
);
166 #ifdef HAVE_LIBSELINUX
167 if (is_selinux_enabled() > 0) {
168 security_context_t passwd_context
= NULL
;
170 if (getfilecon(orig_file
, &passwd_context
) < 0) {
171 warnx(_("Can't get context for %s"), orig_file
);
172 pw_error(orig_file
, 1, 1);
174 ret
= setfilecon(tmp_file
, passwd_context
);
175 freecon(passwd_context
);
177 warnx(_("Can't set context for %s"), tmp_file
);
178 pw_error(tmp_file
, 1, 1);
183 if (rename(tmp_file
, orig_file
) == -1) {
186 ("cannot write %s: %s (your changes are still in %s)"),
187 orig_file
, strerror(errsv
), tmp_file
);
193 static void pw_edit(int notsetuid
)
197 char *p
, *editor
, *tk
;
199 editor
= getenv("EDITOR");
200 editor
= xstrdup(editor
? editor
: _PATH_VI
);
202 tk
= strtok(editor
, " \t");
203 if (tk
&& (p
= strrchr(tk
, '/')) != NULL
)
210 err(EXIT_FAILURE
, _("fork failed"));
214 (void)setgid(getgid());
215 (void)setuid(getuid());
217 execlp(editor
, p
, tmp_file
, NULL
);
218 /* Shouldn't get here */
222 pid
= waitpid(pid
, &pstat
, WUNTRACED
);
223 if (WIFSTOPPED(pstat
)) {
224 /* the editor suspended, so suspend us as well */
225 kill(getpid(), SIGSTOP
);
231 if (pid
== -1 || !WIFEXITED(pstat
) || WEXITSTATUS(pstat
) != 0)
232 pw_error(editor
, 1, 1);
237 void pw_error(char *name
, int err
, int eval
)
245 warnx(_("%s unchanged"), orig_file
);
251 static void edit_file(int is_shadow
)
253 struct stat begin
, end
;
254 int passwd_file
, ch_ret
;
259 /* acquire exclusive lock */
261 err(EXIT_FAILURE
, _("cannot get lock"));
263 passwd_file
= open(orig_file
, O_RDONLY
, 0);
265 err(EXIT_FAILURE
, "%s: %s", _("cannot open file"), orig_file
);
266 tmp_fd
= pw_tmpfile(passwd_file
);
268 if (fstat(fileno(tmp_fd
), &begin
))
269 pw_error(tmp_file
, 1, 1);
273 if (fstat(fileno(tmp_fd
), &end
))
274 pw_error(tmp_file
, 1, 1);
275 if (begin
.st_mtime
== end
.st_mtime
) {
276 warnx(_("no changes made"));
277 pw_error((char *)NULL
, 0, 0);
279 /* pw_tmpfile() will create the file with mode 600 */
281 ch_ret
= fchmod(fileno(tmp_fd
), 0644);
283 ch_ret
= fchmod(fileno(tmp_fd
), 0400);
285 err(EXIT_FAILURE
, "%s: %s", _("cannot chmod file"), orig_file
);
286 if (close_stream(tmp_fd
) != 0)
287 err(EXIT_FAILURE
, _("write error"));
293 int main(int argc
, char *argv
[])
295 setlocale(LC_ALL
, "");
296 bindtextdomain(PACKAGE
, LOCALEDIR
);
298 atexit(close_stdout
);
300 if (!strcmp(program_invocation_short_name
, "vigr")) {
302 xstrncpy(orig_file
, GROUP_FILE
, sizeof(orig_file
));
305 xstrncpy(orig_file
, PASSWD_FILE
, sizeof(orig_file
));
309 (!strcmp(argv
[1], "-V") || !strcmp(argv
[1], "--version"))) {
310 printf(UTIL_LINUX_VERSION
);
316 if (program
== VIGR
) {
317 strncpy(orig_file
, SGROUP_FILE
, FILENAMELEN
- 1);
319 strncpy(orig_file
, SHADOW_FILE
, FILENAMELEN
- 1);
322 if (access(orig_file
, F_OK
) == 0) {
325 printf((program
== VIGR
)
326 ? _("You are using shadow groups on this system.\n")
327 : _("You are using shadow passwords on this system.\n"));
328 /* TRANSLATORS: this program uses for y and n rpmatch(3),
329 * which means they can be translated. */
330 printf(_("Would you like to edit %s now [y/n]? "), orig_file
);
332 if (fgets(response
, sizeof(response
), stdin
)) {
333 if (rpmatch(response
) == 1)