]>
git.ipfire.org Git - thirdparty/cups.git/blob - systemv/lppasswd.c
2 * "$Id: lppasswd.c 4924 2006-01-13 01:55:20Z mike $"
4 * MD5 password program for the Common UNIX Printing System (CUPS).
6 * Copyright 1997-2006 by Easy Software Products.
8 * These coded instructions, statements, and computer programs are the
9 * property of Easy Software Products and are protected by Federal
10 * copyright law. Distribution and use rights are outlined in the file
11 * "LICENSE.txt" which should have been included with this file. If this
12 * file is missing or damaged please contact Easy Software Products
15 * Attn: CUPS Licensing Information
16 * Easy Software Products
17 * 44141 Airport View Drive, Suite 204
18 * Hollywood, Maryland 20636 USA
20 * Voice: (301) 373-9600
21 * EMail: cups-info@cups.org
22 * WWW: http://www.cups.org
26 * main() - Add, change, or delete passwords from the MD5 password file.
27 * usage() - Show program usage.
31 * Include necessary headers...
40 #include <sys/types.h>
43 #include <cups/string.h>
44 #include <cups/cups.h>
45 #include <cups/i18n.h>
67 static void usage(FILE *fp
);
71 * 'main()' - Add, change, or delete passwords from the MD5 password file.
74 int /* O - Exit status */
75 main(int argc
, /* I - Number of command-line arguments */
76 char *argv
[]) /* I - Command-line arguments */
78 int i
; /* Looping var */
79 char *opt
; /* Option pointer */
80 const char *username
; /* Pointer to username */
81 const char *groupname
; /* Pointer to group name */
82 int op
; /* Operation (add, change, delete) */
83 const char *passwd
; /* Password string */
84 FILE *infile
, /* Input file */
85 *outfile
; /* Output file */
86 char line
[256], /* Line from file */
87 userline
[17], /* User from line */
88 groupline
[17], /* Group from line */
89 md5line
[33], /* MD5-sum from line */
90 md5new
[33]; /* New MD5 sum */
91 const char *root
; /* CUPS server root directory */
92 char passwdmd5
[1024], /* passwd.md5 file */
93 passwdold
[1024], /* passwd.old file */
94 passwdnew
[1024]; /* passwd.tmp file */
95 char *newpass
, /* new password */
96 *oldpass
; /* old password */
97 int flag
; /* Password check flags... */
98 int fd
; /* Password file descriptor */
99 int error
; /* Write error */
100 #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
101 struct sigaction action
; /* Signal action */
102 #endif /* HAVE_SIGACTION && !HAVE_SIGSET*/
106 * Check to see if stdin, stdout, and stderr are still open...
109 if (fcntl(0, F_GETFD
, &i
) ||
110 fcntl(1, F_GETFD
, &i
) ||
111 fcntl(2, F_GETFD
, &i
))
114 * No, return exit status 2 and don't try to send any output since
115 * someone is trying to bypass the security on the server.
122 * Find the server directory...
124 * We use the CUPS_SERVERROOT environment variable when we are running
125 * as root or when lppasswd is not setuid...
128 if ((root
= getenv("CUPS_SERVERROOT")) == NULL
||
129 (getuid() != geteuid() && getuid()))
130 root
= CUPS_SERVERROOT
;
132 snprintf(passwdmd5
, sizeof(passwdmd5
), "%s/passwd.md5", root
);
133 snprintf(passwdold
, sizeof(passwdold
), "%s/passwd.old", root
);
134 snprintf(passwdnew
, sizeof(passwdnew
), "%s/passwd.new", root
);
137 * Find the default system group...
140 if (getgrnam(CUPS_DEFAULT_GROUP
))
141 groupname
= CUPS_DEFAULT_GROUP
;
143 groupname
= "unknown";
151 * Parse command-line options...
154 for (i
= 1; i
< argc
; i
++)
155 if (argv
[i
][0] == '-')
156 for (opt
= argv
[i
] + 1; *opt
; opt
++)
162 case 'x' : /* Delete */
165 case 'g' : /* Group */
172 case 'h' : /* Help */
175 default : /* Bad option */
185 * See if we are trying to add or delete a password when we aren't logged in
189 if (getuid() && getuid() != geteuid() && (op
!= CHANGE
|| username
))
191 _cupsLangPuts(stderr
,
192 _("lppasswd: Only root can add or delete passwords!\n"));
197 * Fill in missing info...
201 username
= cupsUser();
203 oldpass
= newpass
= NULL
;
206 * Obtain old and new password _before_ locking the database
207 * to keep users from locking the file indefinitely.
210 if (op
== CHANGE
&& getuid())
212 if ((passwd
= cupsGetPassword(_("Enter old password:"))) == NULL
)
215 if ((oldpass
= strdup(passwd
)) == NULL
)
217 _cupsLangPrintf(stderr
,
218 _("lppasswd: Unable to copy password string: %s\n"),
225 * Now get the new password, if necessary...
230 if ((passwd
= cupsGetPassword(_("Enter password:"))) == NULL
)
233 if ((newpass
= strdup(passwd
)) == NULL
)
235 _cupsLangPrintf(stderr
,
236 _("lppasswd: Unable to copy password string: %s\n"),
241 if ((passwd
= cupsGetPassword(_("Enter password again:"))) == NULL
)
244 if (strcmp(passwd
, newpass
) != 0)
246 _cupsLangPuts(stderr
,
247 _("lppasswd: Sorry, passwords don't match!\n"));
252 * Check that the password contains at least one letter and number.
257 for (passwd
= newpass
; *passwd
; passwd
++)
258 if (isdigit(*passwd
& 255))
260 else if (isalpha(*passwd
& 255))
264 * Only allow passwords that are at least 6 chars, have a letter and
265 * a number, and don't contain the username.
268 if (strlen(newpass
) < 6 || strstr(newpass
, username
) != NULL
|| flag
!= 3)
270 _cupsLangPuts(stderr
,
271 _("lppasswd: Sorry, password rejected.\n"
272 "Your password must be at least 6 characters long, "
274 "your username, and must contain at least one letter "
281 * Ignore SIGHUP, SIGINT, SIGTERM, and SIGXFSZ (if defined) for the
282 * remainder of the time so that we won't end up with bogus password
287 # if defined(HAVE_SIGSET)
288 sigset(SIGHUP
, SIG_IGN
);
289 sigset(SIGINT
, SIG_IGN
);
290 sigset(SIGTERM
, SIG_IGN
);
292 sigset(SIGXFSZ
, SIG_IGN
);
293 # endif /* SIGXFSZ */
294 # elif defined(HAVE_SIGACTION)
295 memset(&action
, 0, sizeof(action
));
296 action
.sa_handler
= SIG_IGN
;
298 sigaction(SIGHUP
, &action
, NULL
);
299 sigaction(SIGINT
, &action
, NULL
);
300 sigaction(SIGTERM
, &action
, NULL
);
302 sigaction(SIGXFSZ
, &action
, NULL
);
303 # endif /* SIGXFSZ */
305 signal(SIGHUP
, SIG_IGN
);
306 signal(SIGINT
, SIG_IGN
);
307 signal(SIGTERM
, SIG_IGN
);
309 signal(SIGXFSZ
, SIG_IGN
);
310 # endif /* SIGXFSZ */
315 * Open the output file.
318 if ((fd
= open(passwdnew
, O_WRONLY
| O_CREAT
| O_EXCL
, 0400)) < 0)
321 _cupsLangPuts(stderr
, _("lppasswd: Password file busy!\n"));
323 _cupsLangPrintf(stderr
,
324 _("lppasswd: Unable to open password file: %s\n"),
330 if ((outfile
= fdopen(fd
, "w")) == NULL
)
332 _cupsLangPrintf(stderr
,
333 _("lppasswd: Unable to open password file: %s\n"),
341 setbuf(outfile
, NULL
);
344 * Open the existing password file and create a new one...
347 infile
= fopen(passwdmd5
, "r");
348 if (infile
== NULL
&& errno
!= ENOENT
&& op
!= ADD
)
350 _cupsLangPrintf(stderr
,
351 _("lppasswd: Unable to open password file: %s\n"),
362 * Read lines from the password file; the format is:
364 * username:group:MD5-sum
374 while (fgets(line
, sizeof(line
), infile
) != NULL
)
376 if (sscanf(line
, "%16[^:]:%16[^:]:%32s", userline
, groupline
, md5line
) != 3)
379 if (strcmp(username
, userline
) == 0 &&
380 strcmp(groupname
, groupline
) == 0)
383 if (fputs(line
, outfile
) == EOF
)
385 _cupsLangPrintf(stderr
,
386 _("lppasswd: Unable to write to password file: %s\n"),
395 while (fgets(line
, sizeof(line
), infile
) != NULL
)
396 if (fputs(line
, outfile
) == EOF
)
398 _cupsLangPrintf(stderr
,
399 _("lppasswd: Unable to write to password file: %s\n"),
408 (strcmp(username
, userline
) || strcmp(groupname
, groupline
)))
410 _cupsLangPrintf(stderr
,
411 _("lppasswd: user \"%s\" and group \"%s\" do not exist.\n"),
412 username
, groupname
);
415 else if (op
!= DELETE
)
418 strcmp(httpMD5(username
, "CUPS", oldpass
, md5new
), md5line
) != 0)
420 _cupsLangPuts(stderr
,
421 _("lppasswd: Sorry, password doesn't match!\n"));
426 snprintf(line
, sizeof(line
), "%s:%s:%s\n", username
, groupname
,
427 httpMD5(username
, "CUPS", newpass
, md5new
));
428 if (fputs(line
, outfile
) == EOF
)
430 _cupsLangPrintf(stderr
,
431 _("lppasswd: Unable to write to password file: %s\n"),
445 if (fclose(outfile
) == EOF
)
449 * Error out gracefully as needed...
454 _cupsLangPuts(stderr
, _("lppasswd: Password file not updated!\n"));
462 * Save old passwd file
466 if (link(passwdmd5
, passwdold
) && errno
!= ENOENT
)
468 _cupsLangPrintf(stderr
,
469 _("lppasswd: failed to backup old password file: %s\n"),
476 * Install new password file
479 if (rename(passwdnew
, passwdmd5
) < 0)
481 _cupsLangPrintf(stderr
,
482 _("lppasswd: failed to rename password file: %s\n"),
493 * 'usage()' - Show program usage.
497 usage(FILE *fp
) /* I - File to send usage to */
500 _cupsLangPuts(fp
, _("Usage: lppasswd [-g groupname]\n"));
503 _("Usage: lppasswd [-g groupname] [username]\n"
504 " lppasswd [-g groupname] -a [username]\n"
505 " lppasswd [-g groupname] -x [username]\n"));
512 * End of "$Id: lppasswd.c 4924 2006-01-13 01:55:20Z mike $".