/* * lock_files - lock the accounts databases * * lock_files() locks the group, gshadow, and passwd databases. */ static void lock_files (void) { if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP if ( is_shadow_grp && (pflg || nflg)) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_gshadow, NULL); } #endif if (gflg) { if (pw_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_passwd, NULL); } }
static void open_files (void) { if (!gr_lock ()) { fprintf (stderr, _("%s: unable to lock group file\n"), Prog); exit (E_GRP_UPDATE); } if (!gr_open (O_RDWR)) { fprintf (stderr, _("%s: unable to open group file\n"), Prog); fail_exit (E_GRP_UPDATE); } #ifdef SHADOWGRP if (is_shadow_grp && !sgr_lock ()) { fprintf (stderr, _("%s: unable to lock shadow group file\n"), Prog); fail_exit (E_GRP_UPDATE); } if (is_shadow_grp && !sgr_open (O_RDWR)) { fprintf (stderr, _("%s: unable to open shadow group file\n"), Prog); fail_exit (E_GRP_UPDATE); } #endif /* SHADOWGRP */ }
static void open_files(void) { if (!pw_lock()) { fprintf(stderr, _("%s: unable to lock password file\n"), Prog); exit(E_PW_UPDATE); } if (! pw_open (O_RDWR)) { fprintf(stderr, _("%s: unable to open password file\n"), Prog); fail_exit(E_PW_UPDATE); } #ifdef SHADOWPWD if (is_shadow_pwd && ! spw_lock ()) { fprintf(stderr, _("%s: cannot lock shadow password file\n"), Prog); fail_exit(E_PW_UPDATE); } if (is_shadow_pwd && ! spw_open (O_RDWR)) { fprintf(stderr, _("%s: cannot open shadow password file\n"), Prog); fail_exit(E_PW_UPDATE); } #endif #ifdef HAVE_TCFS if (!tcfs_lock()) { fprintf(stderr, _("%s: cannot lock TCFS key file\n"), Prog); fail_exit(E_PW_UPDATE); } if (!tcfs_open(O_RDWR)) { fprintf(stderr, _("%s: cannot open TCFS key file\n"), Prog); fail_exit(E_PW_UPDATE); } #endif if (! gr_lock ()) { fprintf(stderr, _("%s: unable to lock group file\n"), Prog); fail_exit(E_GRP_UPDATE); } if (! gr_open (O_RDWR)) { fprintf(stderr, _("%s: cannot open group file\n"), Prog); fail_exit(E_GRP_UPDATE); } #ifdef SHADOWGRP if (is_shadow_grp && ! sgr_lock ()) { fprintf(stderr, _("%s: unable to lock shadow group file\n"), Prog); fail_exit(E_GRP_UPDATE); } if (is_shadow_grp && ! sgr_open (O_RDWR)) { fprintf(stderr, _("%s: cannot open shadow group file\n"), Prog); fail_exit(E_GRP_UPDATE); } #endif }
/* * open_files - open the shadow database * * In read-only mode, the databases are not locked and are opened * only for reading. */ static void open_files (void) { /* * Lock the files if we aren't in "read-only" mode */ if (!read_only) { if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, grp_file); fail_exit (E_CANT_LOCK); } gr_locked = true; #ifdef SHADOWGRP if (is_shadow) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_file); fail_exit (E_CANT_LOCK); } sgr_locked = true; } #endif } /* * Open the files. Use O_RDONLY if we are in read_only mode, * O_RDWR otherwise. */ if (gr_open (read_only ? O_RDONLY : O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, grp_file); if (use_system_grp_file) { SYSLOG ((LOG_WARN, "cannot open %s", grp_file)); } fail_exit (E_CANT_OPEN); } #ifdef SHADOWGRP if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_RDWR) == 0)) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_file); if (use_system_sgr_file) { SYSLOG ((LOG_WARN, "cannot open %s", sgr_file)); } fail_exit (E_CANT_OPEN); } #endif }
/* * open_files - lock and open the group files * * open_files() opens the two group files. */ static void open_files (void) { /* First, lock the databases */ if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP if (is_shadow_grp) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_gshadow, NULL); } #endif /* * Now, if the group is not removed, it's our fault. * Make sure failures will be reported. */ add_cleanup (cleanup_report_del_group, group_name); /* An now open the databases */ if (gr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); exit (E_GRP_UPDATE); } #ifdef SHADOWGRP if (is_shadow_grp) { if (sgr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); exit (E_GRP_UPDATE); } } #endif /* SHADOWGRP */ }
/* * open_files - lock and open the group databases * * It will call exit in case of error. */ static void open_files (void) { if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); exit (E_NOPERM); } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP if (is_shadowgrp) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); exit (E_NOPERM); } add_cleanup (cleanup_unlock_gshadow, NULL); } #endif /* SHADOWGRP */ add_cleanup (log_gpasswd_failure_system, NULL); if (gr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); exit (E_NOPERM); } #ifdef SHADOWGRP if (is_shadowgrp) { if (sgr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); exit (E_NOPERM); } add_cleanup (log_gpasswd_failure_gshadow, NULL); } #endif /* SHADOWGRP */ add_cleanup (log_gpasswd_failure_group, NULL); del_cleanup (log_gpasswd_failure_system); }
/* * open_files - lock and open the group databases */ static void open_files (void) { /* * Lock the group file and open it for reading and writing. This will * bring all of the entries into memory where they may be updated. */ if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); fail_exit (1); } gr_locked = true; if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (1); } #ifdef SHADOWGRP /* Do the same for the shadowed database, if it exist */ if (is_shadow_grp) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); fail_exit (1); } sgr_locked = true; if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); fail_exit (1); } } #endif }
int main (int argc, char **argv) { const struct group *gr; struct group grent; const struct sgrp *sg; Prog = Basename (argv[0]); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); OPENLOG ("grpunconv"); process_flags (argc, argv); if (sgr_file_present () == 0) { exit (0); /* no /etc/gshadow, nothing to do */ } if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); fail_exit (5); } gr_locked = true; if (gr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (1); } if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); fail_exit (5); } sgr_locked = true; if (sgr_open (O_RDONLY) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); fail_exit (1); } /* * Update group passwords if non-shadow password is "x". */ (void) gr_rewind (); while ((gr = gr_next ()) != NULL) { sg = sgr_locate (gr->gr_name); if ( (NULL != sg) && (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) == 0)) { /* add password to /etc/group */ grent = *gr; grent.gr_passwd = sg->sg_passwd; if (gr_update (&grent) == 0) { fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), grent.gr_name); fail_exit (3); } } } (void) sgr_close (); /* was only open O_RDONLY */ if (gr_close () == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); fail_exit (3); } if (unlink (SGROUP_FILE) != 0) { fprintf (stderr, _("%s: cannot delete %s\n"), Prog, SGROUP_FILE); SYSLOG ((LOG_ERR, "cannot delete %s", SGROUP_FILE)); fail_exit (3); } if (gr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ } if (sgr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ } nscd_flush_cache ("group"); return 0; }
/* * open_files - lock and open the password, group and shadow databases */ static void open_files (void) { /* * Lock the password files and open them for update. This will bring * all of the entries into memory where they may be searched for an * modified, or new entries added. The password file is the key - if * it gets locked, assume the others can be locked right away. */ if (pw_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); fail_exit (EXIT_FAILURE); } pw_locked = true; if (is_shadow) { if (spw_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, spw_dbname ()); fail_exit (EXIT_FAILURE); } spw_locked = true; } if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); fail_exit (EXIT_FAILURE); } gr_locked = true; #ifdef SHADOWGRP if (is_shadow_grp) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); fail_exit (EXIT_FAILURE); } sgr_locked = true; } #endif #ifdef ENABLE_SUBIDS if (is_sub_uid) { if (sub_uid_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_uid_dbname ()); fail_exit (EXIT_FAILURE); } sub_uid_locked = true; } if (is_sub_gid) { if (sub_gid_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_gid_dbname ()); fail_exit (EXIT_FAILURE); } sub_gid_locked = true; } #endif /* ENABLE_SUBIDS */ if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); fail_exit (EXIT_FAILURE); } if (is_shadow && (spw_open (O_CREAT | O_RDWR) == 0)) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); fail_exit (EXIT_FAILURE); } if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (EXIT_FAILURE); } #ifdef SHADOWGRP if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); fail_exit (EXIT_FAILURE); } #endif #ifdef ENABLE_SUBIDS if (is_sub_uid) { if (sub_uid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); fail_exit (EXIT_FAILURE); } } if (is_sub_gid) { if (sub_gid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); fail_exit (EXIT_FAILURE); } } #endif /* ENABLE_SUBIDS */ }
static int update_gshadow (void) { int is_member; int was_member; int was_admin; int changed; const struct sgrp *sgrp; struct sgrp *nsgrp; if (!sgr_lock ()) { fprintf (stderr, _("%s: error locking shadow group file\n"), Prog); SYSLOG ((LOG_ERR, "error locking shadow group file")); return -1; } if (!sgr_open (O_RDWR)) { fprintf (stderr, _("%s: error opening shadow group file\n"), Prog); SYSLOG ((LOG_ERR, "error opening shadow group file")); sgr_unlock (); return -1; } changed = 0; /* * Scan through the entire shadow group file looking for the groups * that the user is a member of. */ while ((sgrp = sgr_next ())) { /* * See if the user was a member of this group */ was_member = is_on_list (sgrp->sg_mem, user_name); /* * See if the user was an administrator of this group */ was_admin = is_on_list (sgrp->sg_adm, user_name); /* * See if the user specified this group as one of their * concurrent groups. */ is_member = Gflg && is_on_list (user_groups, sgrp->sg_name); if (!was_member && !was_admin && !is_member) continue; nsgrp = __sgr_dup (sgrp); if (!nsgrp) { fprintf (stderr, _ ("%s: out of memory in update_gshadow\n"), Prog); sgr_unlock (); return -1; } if (was_admin && lflg) { nsgrp->sg_adm = del_list (nsgrp->sg_adm, user_name); nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname); changed = 1; SYSLOG ((LOG_INFO, "change admin `%s' to `%s' in shadow group `%s'", user_name, user_newname, nsgrp->sg_name)); } if (was_member && (!Gflg || is_member)) { if (lflg) { nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name); nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname); changed = 1; SYSLOG ((LOG_INFO, "change `%s' to `%s' in shadow group `%s'", user_name, user_newname, nsgrp->sg_name)); } } else if (was_member && Gflg && !is_member) { nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name); changed = 1; SYSLOG ((LOG_INFO, "delete `%s' from shadow group `%s'", user_name, nsgrp->sg_name)); } else if (!was_member && Gflg && is_member) { nsgrp->sg_mem = add_list (nsgrp->sg_mem, lflg ? user_newname : user_name); changed = 1; SYSLOG ((LOG_INFO, "add `%s' to shadow group `%s'", lflg ? user_newname : user_name, nsgrp->sg_name)); } if (!changed) continue; changed = 0; /* * Update the group entry to reflect the changes. */ if (!sgr_update (nsgrp)) { fprintf (stderr, _("%s: error adding new group entry\n"), Prog); SYSLOG ((LOG_ERR, "error adding shadow group entry")); sgr_unlock (); return -1; } #ifdef NDBM /* * Update the DBM group file with the new entry as well. */ if (!sg_dbm_update (nsgrp)) { fprintf (stderr, _("%s: cannot add new dbm group entry\n"), Prog); SYSLOG ((LOG_ERR, "error adding dbm shadow group entry")); sgr_unlock (); return -1; } #endif /* NDBM */ } #ifdef NDBM endsgent (); #endif /* NDBM */ if (!sgr_close ()) { fprintf (stderr, _("%s: cannot rewrite shadow group file\n"), Prog); sgr_unlock (); return -1; } sgr_unlock (); return 0; }
static void open_files (void) { if (pw_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "locking password file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_PW_UPDATE); } pw_locked = true; if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "opening password file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_PW_UPDATE); } if (is_shadow_pwd) { if (spw_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, spw_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "locking shadow password file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_PW_UPDATE); } spw_locked = true; if (spw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "opening shadow password file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_PW_UPDATE); } } if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "locking group file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_GRP_UPDATE); } gr_locked = true; if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "opening group file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_GRP_UPDATE); } #ifdef SHADOWGRP if (is_shadow_grp) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "locking shadow group file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_GRP_UPDATE); } sgr_locked= true; if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "opening shadow group file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_GRP_UPDATE); } } #endif /* SHADOWGRP */ #ifdef ENABLE_SUBIDS if (is_sub_uid) { if (sub_uid_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_uid_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "locking subordinate user file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SUB_UID_UPDATE); } sub_uid_locked = true; if (sub_uid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "opening subordinate user file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SUB_UID_UPDATE); } } if (is_sub_gid) { if (sub_gid_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_gid_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "locking subordinate group file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SUB_GID_UPDATE); } sub_gid_locked = true; if (sub_gid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "opening subordinate group file", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SUB_GID_UPDATE); } } #endif /* ENABLE_SUBIDS */ }
int main (int argc, char **argv) { const struct group *gr; struct group grent; const struct sgrp *sg; struct sgrp sgent; Prog = Basename (argv[0]); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); OPENLOG ("grpconv"); process_flags (argc, argv); if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); fail_exit (5); } gr_locked = true; if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (1); } if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); fail_exit (5); } sgr_locked = true; if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); fail_exit (1); } /* * Remove /etc/gshadow entries for groups not in /etc/group. */ (void) sgr_rewind (); while ((sg = sgr_next ()) != NULL) { if (gr_locate (sg->sg_name) != NULL) { continue; } if (sgr_remove (sg->sg_name) == 0) { /* * This shouldn't happen (the entry exists) but... */ fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, sg->sg_name, sgr_dbname ()); fail_exit (3); } } /* * Update shadow group passwords if non-shadow password is not "x". * Add any missing shadow group entries. */ (void) gr_rewind (); while ((gr = gr_next ()) != NULL) { sg = sgr_locate (gr->gr_name); if (NULL != sg) { /* update existing shadow group entry */ sgent = *sg; if (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0) sgent.sg_passwd = gr->gr_passwd; } else { static char *empty = 0; /* add new shadow group entry */ memset (&sgent, 0, sizeof sgent); sgent.sg_name = gr->gr_name; sgent.sg_passwd = gr->gr_passwd; sgent.sg_adm = ∅ } /* * XXX - sg_mem is redundant, it is currently always a copy * of gr_mem. Very few programs actually use sg_mem, and all * of them are in the shadow suite. Maybe this field could * be used for something else? Any suggestions? */ sgent.sg_mem = gr->gr_mem; if (sgr_update (&sgent) == 0) { fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), sgent.sg_name); fail_exit (3); } /* remove password from /etc/group */ grent = *gr; grent.gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */ if (gr_update (&grent) == 0) { fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), grent.gr_name); fail_exit (3); } } if (sgr_close () == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ())); fail_exit (3); } if (gr_close () == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); fail_exit (3); } if (sgr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ } if (gr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ } nscd_flush_cache ("group"); return 0; }
/* * grpck - verify group file integrity */ int main (int argc, char **argv) { int arg; int errors = 0; int deleted = 0; int i; struct commonio_entry *gre, *tgre; struct group *grp; int sort_mode = 0; #ifdef SHADOWGRP struct commonio_entry *sge, *tsge; struct sgrp *sgr; int is_shadow = 0; #endif /* * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); OPENLOG ("grpck"); /* * Parse the command line arguments */ while ((arg = getopt (argc, argv, "qrs")) != EOF) { switch (arg) { case 'q': /* quiet - ignored for now */ break; case 'r': read_only = 1; break; case 's': sort_mode = 1; break; default: usage (); } } if (sort_mode && read_only) { fprintf (stderr, _("%s: -s and -r are incompatibile\n"), Prog); exit (E_USAGE); } /* * Make certain we have the right number of arguments */ #ifdef SHADOWGRP if (optind != argc && optind + 1 != argc && optind + 2 != argc) #else if (optind != argc && optind + 1 != argc) #endif usage (); /* * If there are two left over filenames, use those as the group and * group password filenames. */ if (optind != argc) { grp_file = argv[optind]; gr_name (grp_file); } #ifdef SHADOWGRP if (optind + 2 == argc) { sgr_file = argv[optind + 1]; sgr_name (sgr_file); is_shadow = 1; } else if (optind == argc) is_shadow = sgr_file_present (); #endif /* * Lock the files if we aren't in "read-only" mode */ if (!read_only) { if (!gr_lock ()) { fprintf (stderr, _("%s: cannot lock file %s\n"), Prog, grp_file); if (optind == argc) SYSLOG ((LOG_WARN, "cannot lock %s", grp_file)); closelog (); exit (E_CANT_LOCK); } #ifdef SHADOWGRP if (is_shadow && !sgr_lock ()) { fprintf (stderr, _("%s: cannot lock file %s\n"), Prog, sgr_file); if (optind == argc) SYSLOG ((LOG_WARN, "cannot lock %s", sgr_file)); closelog (); exit (E_CANT_LOCK); } #endif } /* * Open the files. Use O_RDONLY if we are in read_only mode, * O_RDWR otherwise. */ if (!gr_open (read_only ? O_RDONLY : O_RDWR)) { fprintf (stderr, _("%s: cannot open file %s\n"), Prog, grp_file); if (optind == argc) SYSLOG ((LOG_WARN, "cannot open %s", grp_file)); closelog (); exit (E_CANT_OPEN); } #ifdef SHADOWGRP if (is_shadow && !sgr_open (read_only ? O_RDONLY : O_RDWR)) { fprintf (stderr, _("%s: cannot open file %s\n"), Prog, sgr_file); if (optind == argc) SYSLOG ((LOG_WARN, "cannot open %s", sgr_file)); closelog (); exit (E_CANT_OPEN); } #endif if (sort_mode) { gr_sort (); #ifdef SHADOWGRP if (is_shadow) sgr_sort (); #endif goto write_and_bye; } /* * Loop through the entire group file. */ for (gre = __gr_get_head (); gre; gre = gre->next) { /* * Skip all NIS entries. */ if (gre->line[0] == '+' || gre->line[0] == '-') continue; /* * Start with the entries that are completely corrupt. They * have no (struct group) entry because they couldn't be * parsed properly. */ if (!gre->eptr) { /* * Tell the user this entire line is bogus and ask * them to delete it. */ printf (_("invalid group file entry\n")); printf (_("delete line `%s'? "), gre->line); errors++; /* * prompt the user to delete the entry or not */ if (!yes_or_no ()) continue; /* * All group file deletions wind up here. This code * removes the current entry from the linked list. * When done, it skips back to the top of the loop * to try out the next list element. */ delete_gr: SYSLOG ((LOG_INFO, "delete group line `%s'", gre->line)); deleted++; __gr_del_entry (gre); continue; } /* * Group structure is good, start using it. */ grp = gre->eptr; /* * Make sure this entry has a unique name. */ for (tgre = __gr_get_head (); tgre; tgre = tgre->next) { const struct group *ent = tgre->eptr; /* * Don't check this entry */ if (tgre == gre) continue; /* * Don't check invalid entries. */ if (!ent) continue; if (strcmp (grp->gr_name, ent->gr_name) != 0) continue; /* * Tell the user this entry is a duplicate of * another and ask them to delete it. */ printf (_("duplicate group entry\n")); printf (_("delete line `%s'? "), gre->line); errors++; /* * prompt the user to delete the entry or not */ if (yes_or_no ()) goto delete_gr; } /* * Check for invalid group names. --marekm */ if (!check_group_name (grp->gr_name)) { errors++; printf (_("invalid group name `%s'\n"), grp->gr_name); } /* * Workaround for a NYS libc 5.3.12 bug on RedHat 4.2 - * groups with no members are returned as groups with one * member "", causing grpck to fail. --marekm */ if (grp->gr_mem[0] && !grp->gr_mem[1] && *(grp->gr_mem[0]) == '\0') grp->gr_mem[0] = (char *) 0; /* * Make sure each member exists */ for (i = 0; grp->gr_mem[i]; i++) { if (getpwnam (grp->gr_mem[i])) continue; /* * Can't find this user. Remove them * from the list. */ errors++; printf (_("group %s: no user %s\n"), grp->gr_name, grp->gr_mem[i]); printf (_("delete member `%s'? "), grp->gr_mem[i]); if (!yes_or_no ()) continue; SYSLOG ((LOG_INFO, "delete member `%s' group `%s'", grp->gr_mem[i], grp->gr_name)); deleted++; delete_member (grp->gr_mem, grp->gr_mem[i]); gre->changed = 1; __gr_set_changed (); } } #ifdef SHADOWGRP if (!is_shadow) goto shadow_done; /* * Loop through the entire shadow group file. */ for (sge = __sgr_get_head (); sge; sge = sge->next) { /* * Start with the entries that are completely corrupt. They * have no (struct sgrp) entry because they couldn't be * parsed properly. */ if (!sge->eptr) { /* * Tell the user this entire line is bogus and ask * them to delete it. */ printf (_("invalid shadow group file entry\n")); printf (_("delete line `%s'? "), sge->line); errors++; /* * prompt the user to delete the entry or not */ if (!yes_or_no ()) continue; /* * All shadow group file deletions wind up here. * This code removes the current entry from the * linked list. When done, it skips back to the top * of the loop to try out the next list element. */ delete_sg: SYSLOG ((LOG_INFO, "delete shadow line `%s'", sge->line)); deleted++; __sgr_del_entry (sge); continue; } /* * Shadow group structure is good, start using it. */ sgr = sge->eptr; /* * Make sure this entry has a unique name. */ for (tsge = __sgr_get_head (); tsge; tsge = tsge->next) { const struct sgrp *ent = tsge->eptr; /* * Don't check this entry */ if (tsge == sge) continue; /* * Don't check invalid entries. */ if (!ent) continue; if (strcmp (sgr->sg_name, ent->sg_name) != 0) continue; /* * Tell the user this entry is a duplicate of * another and ask them to delete it. */ printf (_("duplicate shadow group entry\n")); printf (_("delete line `%s'? "), sge->line); errors++; /* * prompt the user to delete the entry or not */ if (yes_or_no ()) goto delete_sg; } /* * Make sure this entry exists in the /etc/group file. */ if (!gr_locate (sgr->sg_name)) { printf (_("no matching group file entry\n")); printf (_("delete line `%s'? "), sge->line); errors++; if (yes_or_no ()) goto delete_sg; } /* * Make sure each administrator exists */ for (i = 0; sgr->sg_adm[i]; i++) { if (getpwnam (sgr->sg_adm[i])) continue; /* * Can't find this user. Remove them * from the list. */ errors++; printf (_ ("shadow group %s: no administrative user %s\n"), sgr->sg_name, sgr->sg_adm[i]); printf (_("delete administrative member `%s'? "), sgr->sg_adm[i]); if (!yes_or_no ()) continue; SYSLOG ((LOG_INFO, "delete admin `%s' from shadow group `%s'", sgr->sg_adm[i], sgr->sg_name)); deleted++; delete_member (sgr->sg_adm, sgr->sg_adm[i]); sge->changed = 1; __sgr_set_changed (); } /* * Make sure each member exists */ for (i = 0; sgr->sg_mem[i]; i++) { if (getpwnam (sgr->sg_mem[i])) continue; /* * Can't find this user. Remove them from the list. */ errors++; printf (_("shadow group %s: no user %s\n"), sgr->sg_name, sgr->sg_mem[i]); printf (_("delete member `%s'? "), sgr->sg_mem[i]); if (!yes_or_no ()) continue; SYSLOG ((LOG_INFO, "delete member `%s' from shadow group `%s'", sgr->sg_mem[i], sgr->sg_name)); deleted++; delete_member (sgr->sg_mem, sgr->sg_mem[i]); sge->changed = 1; __sgr_set_changed (); } } shadow_done: #endif /* SHADOWGRP */ /* * All done. If there were no deletions we can just abandon any * changes to the files. */ if (deleted) { write_and_bye: if (!gr_close ()) { fprintf (stderr, _("%s: cannot update file %s\n"), Prog, grp_file); exit (E_CANT_UPDATE); } #ifdef SHADOWGRP if (is_shadow && !sgr_close ()) { fprintf (stderr, _("%s: cannot update file %s\n"), Prog, sgr_file); exit (E_CANT_UPDATE); } #endif } /* * Don't be anti-social - unlock the files when you're done. */ #ifdef SHADOWGRP if (is_shadow) sgr_unlock (); #endif (void) gr_unlock (); nscd_flush_cache ("group"); /* * Tell the user what we did and exit. */ if (errors) printf (deleted ? _("%s: the files have been updated\n") : _("%s: no changes\n"), Prog); exit (errors ? E_BAD_ENTRY : E_OKAY); }