]> git.ipfire.org Git - thirdparty/util-linux.git/blob - login-utils/chfn.c
projects / thirdparty / util-linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
chfn: chsh: use selinux_check_passwd_access()
[thirdparty/util-linux.git] / login-utils / chfn.c
1 /*
2 * chfn.c -- change your finger information
3 * (c) 1994 by salvatore valente <svalente@athena.mit.edu>
4 * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com>
5 *
6 * this program is free software. you can redistribute it and
7 * modify it under the terms of the gnu general public license.
8 * there is no warranty.
9 *
10 * $Author: aebr $
11 * $Revision: 1.18 $
12 * $Date: 1998/06/11 22:30:11 $
13 *
14 * Updated Thu Oct 12 09:19:26 1995 by faith@cs.unc.edu with security
15 * patches from Zefram <A.Main@dcs.warwick.ac.uk>
16 *
17 * Hacked by Peter Breitenlohner, peb@mppmu.mpg.de,
18 * to remove trailing empty fields. Oct 5, 96.
19 *
20 * 1999-02-22 Arkadiusz Miƛkiewicz <misiek@pld.ORG.PL>
21 * - added Native Language Support
22 */
23
24 #include <ctype.h>
25 #include <errno.h>
26 #include <getopt.h>
27 #include <pwd.h>
28 #include <stdbool.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <sys/types.h>
33 #include <unistd.h>
34
35 #include "c.h"
36 #include "env.h"
37 #include "closestream.h"
38 #include "islocal.h"
39 #include "nls.h"
40 #include "setpwnam.h"
41 #include "strutils.h"
42 #include "xalloc.h"
43 #include "logindefs.h"
44
45 #include "ch-common.h"
46
47 #ifdef HAVE_LIBSELINUX
48 # include <selinux/selinux.h>
49 # include "selinux_utils.h"
50 #endif
51
52 #ifdef HAVE_LIBUSER
53 # include <libuser/user.h>
54 # include "libuser.h"
55 #elif CHFN_CHSH_PASSWORD
56 # include "auth.h"
57 #endif
58
59 struct finfo {
60 char *full_name;
61 char *office;
62 char *office_phone;
63 char *home_phone;
64 char *other;
65 };
66
67 struct chfn_control {
68 struct passwd *pw;
69 char *username;
70 /* "oldf" Contains the users original finger information.
71 * "newf" Contains the changed finger information, and contains
72 * NULL in fields that haven't been changed.
73 * In the end, "newf" is folded into "oldf". */
74 struct finfo oldf, newf;
75 unsigned int
76 allow_fullname:1, /* The login.defs restriction */
77 allow_room:1, /* see: man login.defs(5) */
78 allow_work:1, /* and look for CHFN_RESTRICT */
79 allow_home:1, /* keyword for these four. */
80 changed:1, /* is change requested */
81 interactive:1; /* whether to prompt for fields or not */
82 };
83
84 /* we do not accept gecos field sizes longer than MAX_FIELD_SIZE */
85 #define MAX_FIELD_SIZE 256
86
87 static void __attribute__((__noreturn__)) usage(FILE *fp)
88 {
89 fputs(USAGE_HEADER, fp);
90 fprintf(fp, _(" %s [options] [<username>]\n"), program_invocation_short_name);
91
92 fputs(USAGE_SEPARATOR, fp);
93 fputs(_("Change your finger information.\n"), fp);
94
95 fputs(USAGE_OPTIONS, fp);
96 fputs(_(" -f, --full-name <full-name> real name\n"), fp);
97 fputs(_(" -o, --office <office> office number\n"), fp);
98 fputs(_(" -p, --office-phone <phone> office phone number\n"), fp);
99 fputs(_(" -h, --home-phone <phone> home phone number\n"), fp);
100 fputs(USAGE_SEPARATOR, fp);
101 fputs(_(" -u, --help display this help and exit\n"), fp);
102 fputs(_(" -v, --version output version information and exit\n"), fp);
103 fprintf(fp, USAGE_MAN_TAIL("chfn(1)"));
104 exit(fp == stderr ? EXIT_FAILURE : EXIT_SUCCESS);
105 }
106
107 /*
108 * check_gecos_string () --
109 * check that the given gecos string is legal. if it's not legal,
110 * output "msg" followed by a description of the problem, and return (-1).
111 */
112 static int check_gecos_string(const char *msg, char *gecos)
113 {
114 const size_t len = strlen(gecos);
115
116 if (MAX_FIELD_SIZE < len) {
117 warnx(_("field %s is too long"), msg);
118 return -1;
119 }
120 if (illegal_passwd_chars(gecos)) {
121 warnx(_("%s: has illegal characters"), gecos);
122 return -1;
123 }
124 return 0;
125 }
126
127 /*
128 * parse_argv () --
129 * parse the command line arguments.
130 * returns true if no information beyond the username was given.
131 */
132 static void parse_argv(struct chfn_control *ctl, int argc, char **argv)
133 {
134 int index, c, status = 0;
135 static const struct option long_options[] = {
136 {"full-name", required_argument, 0, 'f'},
137 {"office", required_argument, 0, 'o'},
138 {"office-phone", required_argument, 0, 'p'},
139 {"home-phone", required_argument, 0, 'h'},
140 {"help", no_argument, 0, 'u'},
141 {"version", no_argument, 0, 'v'},
142 {NULL, no_argument, 0, '0'},
143 };
144
145 while ((c = getopt_long(argc, argv, "f:r:p:h:o:uv", long_options,
146 &index)) != -1) {
147 switch (c) {
148 case 'f':
149 if (!ctl->allow_fullname)
150 errx(EXIT_FAILURE, _("login.defs forbids setting %s"), _("Name"));
151 ctl->newf.full_name = optarg;
152 status += check_gecos_string(_("Name"), optarg);
153 break;
154 case 'o':
155 if (!ctl->allow_room)
156 errx(EXIT_FAILURE, _("login.defs forbids setting %s"), _("Office"));
157 ctl->newf.office = optarg;
158 status += check_gecos_string(_("Office"), optarg);
159 break;
160 case 'p':
161 if (!ctl->allow_work)
162 errx(EXIT_FAILURE, _("login.defs forbids setting %s"), _("Office Phone"));
163 ctl->newf.office_phone = optarg;
164 status += check_gecos_string(_("Office Phone"), optarg);
165 break;
166 case 'h':
167 if (!ctl->allow_home)
168 errx(EXIT_FAILURE, _("login.defs forbids setting %s"), _("Home Phone"));
169 ctl->newf.home_phone = optarg;
170 status += check_gecos_string(_("Home Phone"), optarg);
171 break;
172 case 'v':
173 printf(UTIL_LINUX_VERSION);
174 exit(EXIT_SUCCESS);
175 case 'u':
176 usage(stdout);
177 default:
178 usage(stderr);
179 }
180 ctl->changed = 1;
181 ctl->interactive = 0;
182 }
183 if (status != 0)
184 exit(EXIT_FAILURE);
185 /* done parsing arguments. check for a username. */
186 if (optind < argc) {
187 if (optind + 1 < argc)
188 usage(stderr);
189 ctl->username = argv[optind];
190 }
191 return;
192 }
193
194 /*
195 * parse_passwd () --
196 * take a struct password and fill in the fields of the struct finfo.
197 */
198 static void parse_passwd(struct chfn_control *ctl)
199 {
200 char *gecos;
201
202 if (!ctl->pw)
203 return;
204 /* use pw_gecos - we take a copy since PAM destroys the original */
205 gecos = xstrdup(ctl->pw->pw_gecos);
206 /* extract known fields */
207 ctl->oldf.full_name = strsep(&gecos, ",");
208 ctl->oldf.office = strsep(&gecos, ",");
209 ctl->oldf.office_phone = strsep(&gecos, ",");
210 ctl->oldf.home_phone = strsep(&gecos, ",");
211 /* extra fields contain site-specific information, and can
212 * not be changed by this version of chfn. */
213 ctl->oldf.other = strsep(&gecos, ",");
214 }
215
216 /*
217 * ask_new_field () --
218 * ask the user for a given field and check that the string is legal.
219 */
220 static char *ask_new_field(struct chfn_control *ctl, const char *question,
221 char *def_val)
222 {
223 int len;
224 char *ans;
225 char buf[MAX_FIELD_SIZE + 2];
226
227 if (!def_val)
228 def_val = "";
229 while (true) {
230 printf("%s [%s]: ", question, def_val);
231 __fpurge(stdin);
232 if (fgets(buf, sizeof(buf), stdin) == NULL)
233 errx(EXIT_FAILURE, _("Aborted."));
234 ans = buf;
235 /* remove white spaces from string end */
236 ltrim_whitespace((unsigned char *) ans);
237 len = rtrim_whitespace((unsigned char *) ans);
238 if (len == 0)
239 return xstrdup(def_val);
240 if (!strcasecmp(ans, "none")) {
241 ctl->changed = 1;
242 return xstrdup("");
243 }
244 if (check_gecos_string(question, ans) >= 0)
245 break;
246 }
247 ctl->changed = 1;
248 return xstrdup(ans);
249 }
250
251 /*
252 * get_login_defs()
253 * find /etc/login.defs CHFN_RESTRICT and save restrictions to run time
254 */
255 static void get_login_defs(struct chfn_control *ctl)
256 {
257 const char *s;
258 size_t i;
259 int broken = 0;
260
261 /* real root does not have restrictions */
262 if (geteuid() == getuid() && getuid() == 0) {
263 ctl->allow_fullname = ctl->allow_room = ctl->allow_work = ctl->allow_home = 1;
264 return;
265 }
266 s = getlogindefs_str("CHFN_RESTRICT", "");
267 if (!strcmp(s, "yes")) {
268 ctl->allow_room = ctl->allow_work = ctl->allow_home = 1;
269 return;
270 }
271 if (!strcmp(s, "no")) {
272 ctl->allow_fullname = ctl->allow_room = ctl->allow_work = ctl->allow_home = 1;
273 return;
274 }
275 for (i = 0; s[i]; i++) {
276 switch (s[i]) {
277 case 'f':
278 ctl->allow_fullname = 1;
279 break;
280 case 'r':
281 ctl->allow_room = 1;
282 break;
283 case 'w':
284 ctl->allow_work = 1;
285 break;
286 case 'h':
287 ctl->allow_home = 1;
288 break;
289 default:
290 broken = 1;
291 }
292 }
293 if (broken)
294 warnx(_("%s: CHFN_RESTRICT has unexpected value: %s"), _PATH_LOGINDEFS, s);
295 if (!ctl->allow_fullname && !ctl->allow_room && !ctl->allow_work && !ctl->allow_home)
296 errx(EXIT_FAILURE, _("%s: CHFN_RESTRICT does not allow any changes"), _PATH_LOGINDEFS);
297 return;
298 }
299
300 /*
301 * ask_info () --
302 * prompt the user for the finger information and store it.
303 */
304 static void ask_info(struct chfn_control *ctl)
305 {
306 if (ctl->allow_fullname)
307 ctl->newf.full_name = ask_new_field(ctl, _("Name"), ctl->oldf.full_name);
308 if (ctl->allow_room)
309 ctl->newf.office = ask_new_field(ctl, _("Office"), ctl->oldf.office);
310 if (ctl->allow_work)
311 ctl->newf.office_phone = ask_new_field(ctl, _("Office Phone"), ctl->oldf.office_phone);
312 if (ctl->allow_home)
313 ctl->newf.home_phone = ask_new_field(ctl, _("Home Phone"), ctl->oldf.home_phone);
314 putchar('\n');
315 }
316
317 /*
318 * find_field () --
319 * find field value in uninteractive mode; can be new, old, or blank
320 */
321 static char *find_field(char *nf, char *of)
322 {
323 if (nf)
324 return nf;
325 if (of)
326 return of;
327 return xstrdup("");
328 }
329
330 /*
331 * add_missing () --
332 * add not supplied field values when in uninteractive mode
333 */
334 static void add_missing(struct chfn_control *ctl)
335 {
336 ctl->newf.full_name = find_field(ctl->newf.full_name, ctl->oldf.full_name);
337 ctl->newf.office = find_field(ctl->newf.office, ctl->oldf.office);
338 ctl->newf.office_phone = find_field(ctl->newf.office_phone, ctl->oldf.office_phone);
339 ctl->newf.home_phone = find_field(ctl->newf.home_phone, ctl->oldf.home_phone);
340 ctl->newf.other = find_field(ctl->newf.other, ctl->oldf.other);
341 printf("\n");
342 }
343
344 /*
345 * save_new_data () --
346 * save the given finger info in /etc/passwd.
347 * return zero on success.
348 */
349 static int save_new_data(struct chfn_control *ctl)
350 {
351 char *gecos;
352 int len;
353
354 /* create the new gecos string */
355 len = xasprintf(&gecos, "%s,%s,%s,%s,%s",
356 ctl->newf.full_name,
357 ctl->newf.office,
358 ctl->newf.office_phone,
359 ctl->newf.home_phone,
360 ctl->newf.other);
361
362 /* remove trailing empty fields (but not subfields of ctl->newf.other) */
363 if (!ctl->newf.other) {
364 while (len > 0 && gecos[len - 1] == ',')
365 len--;
366 gecos[len] = 0;
367 }
368
369 #ifdef HAVE_LIBUSER
370 if (set_value_libuser("chfn", ctl->username, ctl->pw->pw_uid,
371 LU_GECOS, gecos) < 0) {
372 #else /* HAVE_LIBUSER */
373 /* write the new struct passwd to the passwd file. */
374 ctl->pw->pw_gecos = gecos;
375 if (setpwnam(ctl->pw, ".chfn") < 0) {
376 warn("setpwnam failed");
377 #endif
378 printf(_
379 ("Finger information *NOT* changed. Try again later.\n"));
380 return -1;
381 }
382 free(gecos);
383 printf(_("Finger information changed.\n"));
384 return 0;
385 }
386
387 int main(int argc, char **argv)
388 {
389 uid_t uid;
390 struct chfn_control ctl = {
391 .interactive = 1
392 };
393
394 sanitize_env();
395 setlocale(LC_ALL, ""); /* both for messages and for iscntrl() below */
396 bindtextdomain(PACKAGE, LOCALEDIR);
397 textdomain(PACKAGE);
398 atexit(close_stdout);
399 uid = getuid();
400
401 /* check /etc/login.defs CHFN_RESTRICT */
402 get_login_defs(&ctl);
403
404 parse_argv(&ctl, argc, argv);
405 if (!ctl.username) {
406 ctl.pw = getpwuid(uid);
407 if (!ctl.pw)
408 errx(EXIT_FAILURE, _("you (user %d) don't exist."),
409 uid);
410 ctl.username = ctl.pw->pw_name;
411 } else {
412 ctl.pw = getpwnam(ctl.username);
413 if (!ctl.pw)
414 errx(EXIT_FAILURE, _("user \"%s\" does not exist."),
415 ctl.username);
416 }
417 parse_passwd(&ctl);
418 #ifndef HAVE_LIBUSER
419 if (!(is_local(ctl.username)))
420 errx(EXIT_FAILURE, _("can only change local entries"));
421 #endif
422
423 #ifdef HAVE_LIBSELINUX
424 if (is_selinux_enabled() > 0) {
425 if (uid == 0) {
426 access_vector_t av = get_access_vector("passwd", "chfn");
427
428 if (selinux_check_passwd_access(av) != 0) {
429 security_context_t user_context;
430 if (getprevcon(&user_context) < 0)
431 user_context = NULL;
432 errx(EXIT_FAILURE,
433 _("%s is not authorized to change "
434 "the finger info of %s"),
435 user_context ? : _("Unknown user context"),
436 ctl.username);
437 }
438 }
439 if (setupDefaultContext(_PATH_PASSWD))
440 errx(EXIT_FAILURE,
441 _("can't set default context for %s"), _PATH_PASSWD);
442 }
443 #endif
444
445 #ifdef HAVE_LIBUSER
446 /* If we're setuid and not really root, disallow the password change. */
447 if (geteuid() != getuid() && uid != ctl.pw->pw_uid) {
448 #else
449 if (uid != 0 && uid != ctl.pw->pw_uid) {
450 #endif
451 errno = EACCES;
452 err(EXIT_FAILURE, _("running UID doesn't match UID of user we're "
453 "altering, change denied"));
454 }
455
456 printf(_("Changing finger information for %s.\n"), ctl.username);
457
458 #if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD)
459 if (!auth_pam("chfn", uid, ctl.username)) {
460 return EXIT_FAILURE;
461 }
462 #endif
463
464 if (ctl.interactive)
465 ask_info(&ctl);
466
467 add_missing(&ctl);
468
469 if (!ctl.changed) {
470 printf(_("Finger information not changed.\n"));
471 return EXIT_SUCCESS;
472 }
473
474 return save_new_data(&ctl) == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
475 }
Unnamed repository; edit this file 'description' to name the repository.