int main (int argc, char **argv)
{
char buf[BUFSIZ];
char *name;
char *newpwd;
char *cp;
#ifndef USE_PAM
const struct spwd *sp;
struct spwd newsp;
const struct passwd *pw;
struct passwd newpw;
#endif /* !USE_PAM */
int errors = 0;
int line = 0;
Prog = Basename (argv[0]);
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
process_flags (argc, argv);
OPENLOG ("chpasswd");
check_perms ();
#ifndef USE_PAM
is_shadow_pwd = spw_file_present ();
open_files ();
#endif
/*
* Read each line, separating the user name from the password. The
* password entry for each user will be looked up in the appropriate
* file (shadow or passwd) and the password changed. For shadow
* files the last change date is set directly, for passwd files the
* last change date is set in the age only if aging information is
* present.
*/
while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
line++;
cp = strrchr (buf, '\n');
if (NULL != cp) {
*cp = '\0';
} else {
if (feof (stdin) == 0) {
fprintf (stderr,
_("%s: line %d: line too long\n"),
Prog, line);
errors++;
continue;
}
}
/*
* The username is the first field. It is separated from the
* password with a ":" character which is replaced with a
* NUL to give the new password. The new password will then
* be encrypted in the normal fashion with a new salt
* generated, unless the '-e' is given, in which case it is
* assumed to already be encrypted.
*/
name = buf;
cp = strchr (name, ':');
if (NULL != cp) {
*cp = '\0';
cp++;
} else {
fprintf (stderr,
_("%s: line %d: missing new password\n"),
Prog, line);
errors++;
continue;
}
newpwd = cp;
#ifdef USE_PAM
if (do_pam_passwd_non_interractive ("chpasswd", name, newpwd) != 0) {
fprintf (stderr,
_("%s: (line %d, user %s) password not changed\n"),
Prog, line, name);
errors++;
}
#else /* !USE_PAM */
if ( !eflg
&& ( (NULL == crypt_method)
|| (0 != strcmp (crypt_method, "NONE")))) {
void *arg = NULL;
if (md5flg) {
crypt_method = "MD5";
} else if (crypt_method != NULL) {
#ifdef USE_SHA_CRYPT
if (sflg) {
arg = &sha_rounds;
}
#endif
} else {
crypt_method = NULL;
}
cp = pw_encrypt (newpwd,
crypt_make_salt(crypt_method, arg));
}
/*
* Get the password file entry for this user. The user must
* already exist.
*/
pw = pw_locate (name);
if (NULL == pw) {
fprintf (stderr,
_("%s: line %d: user '%s' does not exist\n"), Prog,
line, name);
errors++;
continue;
}
if (is_shadow_pwd) {
sp = spw_locate (name);
} else {
sp = NULL;
}
/*
* The freshly encrypted new password is merged into the
* user's password file entry and the last password change
* date is set to the current date.
*/
if (NULL != sp) {
newsp = *sp;
newsp.sp_pwdp = cp;
newsp.sp_lstchg = (long) time ((time_t *)NULL) / SCALE;
if (0 == newsp.sp_lstchg) {
/* Better disable aging than requiring a
* password change */
newsp.sp_lstchg = -1;
}
} else {
newpw = *pw;
newpw.pw_passwd = cp;
}
/*
* The updated password file entry is then put back and will
* be written to the password file later, after all the
* other entries have been updated as well.
*/
if (NULL != sp) {
if (spw_update (&newsp) == 0) {
fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"),
Prog, line, spw_dbname (), newsp.sp_namp);
errors++;
continue;
}
} else {
if (pw_update (&newpw) == 0) {
fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"),
Prog, line, pw_dbname (), newpw.pw_name);
errors++;
continue;
}
}
#endif /* !USE_PAM */
}
/*
* Any detected errors will cause the entire set of changes to be
* aborted. Unlocking the password file will cause all of the
* changes to be ignored. Otherwise the file is closed, causing the
* changes to be written out all at once, and then unlocked
* afterwards.
*
* With PAM, it is not possible to delay the update of the
* password database.
*/
if (0 != errors) {
#ifndef USE_PAM
fprintf (stderr,
_("%s: error detected, changes ignored\n"), Prog);
#endif
fail_exit (1);
}
#ifndef USE_PAM
/* Save the changes */
close_files ();
#endif
nscd_flush_cache ("passwd");
return (0);
}
int main (int argc, char **argv)
{
char buf[BUFSIZ];
char *fields[8];
int nfields;
char *cp;
const struct passwd *pw;
struct passwd newpw;
int errors = 0;
int line = 0;
uid_t uid;
gid_t gid;
#ifdef USE_PAM
int *lines = NULL;
char **usernames = NULL;
char **passwords = NULL;
unsigned int nusers = 0;
#endif /* USE_PAM */
Prog = Basename (argv[0]);
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
/* FIXME: will not work with an input file */
process_root_flag ("-R", argc, argv);
OPENLOG ("newusers");
process_flags (argc, argv);
check_perms ();
is_shadow = spw_file_present ();
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
open_files ();
/*
* Read each line. The line has the same format as a password file
* entry, except that certain fields are not constrained to be
* numerical values. If a group ID is entered which does not already
* exist, an attempt is made to allocate the same group ID as the
* numerical user ID. Should that fail, the next available group ID
* over 100 is allocated. The pw_gid field will be updated with that
* value.
*/
while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
line++;
cp = strrchr (buf, '\n');
if (NULL != cp) {
*cp = '\0';
} else {
if (feof (stdin) == 0) {
fprintf (stderr,
_("%s: line %d: line too long\n"),
Prog, line);
errors++;
continue;
}
}
/*
* Break the string into fields and screw around with them.
* There MUST be 7 colon separated fields, although the
* values aren't that particular.
*/
for (cp = buf, nfields = 0; nfields < 7; nfields++) {
fields[nfields] = cp;
cp = strchr (cp, ':');
if (NULL != cp) {
*cp = '\0';
cp++;
} else {
break;
}
}
if (nfields != 6) {
fprintf (stderr, _("%s: line %d: invalid line\n"),
Prog, line);
errors++;
continue;
}
/*
* First check if we have to create or update an user
*/
pw = pw_locate (fields[0]);
/* local, no need for xgetpwnam */
if ( (NULL == pw)
&& (getpwnam (fields[0]) != NULL)) {
fprintf (stderr, _("%s: cannot update the entry of user %s (not in the passwd database)\n"), Prog, fields[0]);
errors++;
continue;
}
if ( (NULL == pw)
&& (get_user_id (fields[2], &uid) != 0)) {
fprintf (stderr,
_("%s: line %d: can't create user\n"),
Prog, line);
errors++;
continue;
}
/*
* Processed is the group name. A new group will be
* created if the group name is non-numeric and does not
* already exist. If the group name is a number (which is not
* an existing GID), a group with the same name as the user
* will be created, with the given GID. The given or created
* group will be the primary group of the user. If
* there is no named group to be a member of, the UID will
* be figured out and that value will be a candidate for a
* new group, if that group ID exists, a whole new group ID
* will be made up.
*/
if ( (NULL == pw)
&& (add_group (fields[0], fields[3], &gid, uid) != 0)) {
fprintf (stderr,
_("%s: line %d: can't create group\n"),
Prog, line);
errors++;
continue;
}
/*
* Now we work on the user ID. It has to be specified either
* as a numerical value, or left blank. If it is a numerical
* value, that value will be used, otherwise the next
* available user ID is computed and used. After this there
* will at least be a (struct passwd) for the user.
*/
if ( (NULL == pw)
&& (add_user (fields[0], uid, gid) != 0)) {
fprintf (stderr,
_("%s: line %d: can't create user\n"),
Prog, line);
errors++;
continue;
}
/*
* The password, gecos field, directory, and shell fields
* all come next.
*/
pw = pw_locate (fields[0]);
if (NULL == pw) {
fprintf (stderr,
_("%s: line %d: user '%s' does not exist in %s\n"),
Prog, line, fields[0], pw_dbname ());
errors++;
continue;
}
newpw = *pw;
#ifdef USE_PAM
/* keep the list of user/password for later update by PAM */
nusers++;
lines = realloc (lines, sizeof (lines[0]) * nusers);
usernames = realloc (usernames, sizeof (usernames[0]) * nusers);
passwords = realloc (passwords, sizeof (passwords[0]) * nusers);
lines[nusers-1] = line;
usernames[nusers-1] = strdup (fields[0]);
passwords[nusers-1] = strdup (fields[1]);
#endif /* USE_PAM */
if (add_passwd (&newpw, fields[1]) != 0) {
fprintf (stderr,
_("%s: line %d: can't update password\n"),
Prog, line);
errors++;
continue;
}
if ('\0' != fields[4][0]) {
newpw.pw_gecos = fields[4];
}
if ('\0' != fields[5][0]) {
newpw.pw_dir = fields[5];
}
if ('\0' != fields[6][0]) {
newpw.pw_shell = fields[6];
}
if ( ('\0' != fields[5][0])
&& (access (newpw.pw_dir, F_OK) != 0)) {
/* FIXME: should check for directory */
mode_t msk = 0777 & ~getdef_num ("UMASK",
GETDEF_DEFAULT_UMASK);
if (mkdir (newpw.pw_dir, msk) != 0) {
fprintf (stderr,
_("%s: line %d: mkdir %s failed: %s\n"),
Prog, line, newpw.pw_dir,
strerror (errno));
} else if (chown (newpw.pw_dir,
newpw.pw_uid,
newpw.pw_gid) != 0) {
fprintf (stderr,
_("%s: line %d: chown %s failed: %s\n"),
Prog, line, newpw.pw_dir,
strerror (errno));
}
}
/*
* Update the password entry with the new changes made.
*/
if (pw_update (&newpw) == 0) {
fprintf (stderr,
_("%s: line %d: can't update entry\n"),
Prog, line);
errors++;
continue;
}
}
/*
* Any detected errors will cause the entire set of changes to be
* aborted. Unlocking the password file will cause all of the
* changes to be ignored. Otherwise the file is closed, causing the
* changes to be written out all at once, and then unlocked
* afterwards.
*/
if (0 != errors) {
fprintf (stderr,
_("%s: error detected, changes ignored\n"), Prog);
fail_exit (EXIT_FAILURE);
}
close_files ();
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
#ifdef USE_PAM
unsigned int i;
/* Now update the passwords using PAM */
for (i = 0; i < nusers; i++) {
if (do_pam_passwd_non_interractive ("newusers", usernames[i], passwords[i]) != 0) {
fprintf (stderr,
_("%s: (line %d, user %s) password not changed\n"),
Prog, lines[i], usernames[i]);
errors++;
}
}
#endif /* USE_PAM */
return ((0 == errors) ? EXIT_SUCCESS : EXIT_FAILURE);
}