1 /* vi: set sw=4 ts=4: */
5 * update_passwd is a common function for passwd and chpasswd applets;
6 * it is responsible for updating password file (i.e. /etc/passwd or
7 * /etc/shadow) for a given user and password.
9 * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org>
11 * Modified to be able to add or delete users, groups and users to/from groups
12 * by Tito Ragusa <farmatito@tiscali.it>
14 * Licensed under GPLv2, see file LICENSE in this tarball for details.
19 static void check_selinux_update_passwd(const char *username)
21 security_context_t context;
24 if (getuid() != (uid_t)0 || is_selinux_enabled() == 0)
25 return; /* No need to check */
27 if (getprevcon_raw(&context) < 0)
28 bb_perror_msg_and_die("getprevcon failed");
29 seuser = strtok(context, ":");
31 bb_error_msg_and_die("invalid context '%s'", context);
32 if (strcmp(seuser, username) != 0) {
33 if (checkPasswdAccess(PASSWD__PASSWD) != 0)
34 bb_error_msg_and_die("SELinux: access denied");
36 if (ENABLE_FEATURE_CLEAN_UP)
40 # define check_selinux_update_passwd(username) ((void)0)
44 1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL)
45 only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser
47 2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL)
48 only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup
50 3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER)
51 only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a'
52 like in addgroup and member != NULL
54 4) delete a user: update_passwd(FILE, USER, NULL, NULL)
56 5) delete a group: update_passwd(FILE, GROUP, NULL, NULL)
58 6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER)
59 only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL
61 7) change user's passord: update_passwd(FILE, USER, NEW_PASSWD, NULL)
62 only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd
63 or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd
65 This function does not validate the arguments fed to it
66 so the calling program should take care of that.
68 Returns number of lines changed, or -1 on error.
70 int FAST_FUNC update_passwd(const char *filename,
72 const char *new_passwd,
75 #if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP)
89 int ret = -1; /* failure */
90 /* used as a bool: "are we modifying /etc/shadow?" */
91 #if ENABLE_FEATURE_SHADOWPASSWDS
92 const char *shadow = strstr(filename, "shadow");
97 filename = xmalloc_follow_symlinks(filename);
101 check_selinux_update_passwd(name);
103 /* New passwd file, "/etc/passwd+" for now */
104 fnamesfx = xasprintf("%s+", filename);
105 sfx_char = &fnamesfx[strlen(fnamesfx)-1];
106 name = xasprintf("%s:", name);
107 user_len = strlen(name);
110 old_fp = fopen(filename, "r+");
112 old_fp = fopen_or_warn(filename, "r+");
115 ret = 0; /* missing shadow is not an error */
118 old_fd = fileno(old_fp);
120 selinux_preserve_fcontext(old_fd);
122 /* Try to create "/etc/passwd+". Wait if it exists. */
125 // FIXME: on last iteration try w/o O_EXCL but with O_TRUNC?
126 new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600);
127 if (new_fd >= 0) goto created;
128 if (errno != EEXIST) break;
129 usleep(100000); /* 0.1 sec */
131 bb_perror_msg("can't create '%s'", fnamesfx);
135 if (!fstat(old_fd, &sb)) {
136 fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */
137 fchown(new_fd, sb.st_uid, sb.st_gid);
140 new_fp = xfdopen_for_write(new_fd);
142 /* Backup file is "/etc/passwd-" */
144 /* Delete old backup */
145 i = (unlink(fnamesfx) && errno != ENOENT);
146 /* Create backup as a hardlink to current */
147 if (i || link(filename, fnamesfx))
148 bb_perror_msg("warning: can't create backup copy '%s'",
152 /* Lock the password file before updating */
153 lock.l_type = F_WRLCK;
154 lock.l_whence = SEEK_SET;
157 if (fcntl(old_fd, F_SETLK, &lock) < 0)
158 bb_perror_msg("warning: can't lock '%s'", filename);
159 lock.l_type = F_UNLCK;
161 /* Read current password file, write updated /etc/passwd+ */
166 line = xmalloc_fgetline(old_fp);
167 if (!line) /* EOF/error */
169 if (strncmp(name, line, user_len) != 0) {
170 fprintf(new_fp, "%s\n", line);
174 /* We have a match with "name:"... */
175 cp = line + user_len; /* move past name: */
177 #if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP
179 /* It's actually /etc/group+, not /etc/passwd+ */
180 if (ENABLE_FEATURE_ADDUSER_TO_GROUP
181 && applet_name[0] == 'a'
183 /* Add user to group */
184 fprintf(new_fp, "%s%s%s\n", line,
185 last_char_is(line, ':') ? "" : ",",
188 } else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP
189 /* && applet_name[0] == 'd' */
191 /* Delete user from group */
193 const char *fmt = "%s";
195 /* find the start of the member list: last ':' */
196 cp = strrchr(line, ':');
199 /* write the cut line name:passwd:gid:
201 fprintf(new_fp, "%s:", line);
202 /* parse the tokens of the member list */
204 while ((cp = strsep(&tmp, ",")) != NULL) {
205 if (strcmp(member, cp) != 0) {
206 fprintf(new_fp, fmt, cp);
209 /* found member, skip it */
213 fprintf(new_fp, "\n");
217 if ((ENABLE_PASSWD && applet_name[0] == 'p')
218 || (ENABLE_CHPASSWD && applet_name[0] == 'c')
221 cp = strchrnul(cp, ':'); /* move past old passwd */
223 if (shadow && *cp == ':') {
224 /* /etc/shadow's field 3 (passwd change date) needs updating */
225 /* move past old change date */
226 cp = strchrnul(cp + 1, ':');
227 /* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */
228 fprintf(new_fp, "%s%s:%u%s\n", name, new_passwd,
229 (unsigned)(time(NULL)) / (24*60*60), cp);
231 /* "name:" + "new_passwd" + ":rest of line" */
232 fprintf(new_fp, "%s%s%s\n", name, new_passwd, cp);
235 } /* else delete user or group: skip the line */
240 if (changed_lines == 0) {
241 #if ENABLE_FEATURE_DEL_USER_FROM_GROUP
243 bb_error_msg("can't find %s in %s", member, filename);
245 if ((ENABLE_ADDUSER || ENABLE_ADDGROUP)
246 && applet_name[0] == 'a' && !member
248 /* add user or group */
249 fprintf(new_fp, "%s%s\n", name, new_passwd);
254 fcntl(old_fd, F_SETLK, &lock);
256 /* We do want all of them to execute, thus | instead of || */
258 if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp))
259 || rename(fnamesfx, filename)
261 /* At least one of those failed */
265 /* Success: ret >= 0 */
277 free((char *)filename);