Beispiel #1
0
/*
 * lock_files - lock the accounts databases
 *
 *	lock_files() locks the group, gshadow, and passwd databases.
 */
static void lock_files (void)
{
	if (gr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, gr_dbname ());
		exit (E_GRP_UPDATE);
	}
	add_cleanup (cleanup_unlock_group, NULL);

#ifdef	SHADOWGRP
	if (   is_shadow_grp
	    && (pflg || nflg)) {
		if (sgr_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, sgr_dbname ());
			exit (E_GRP_UPDATE);
		}
		add_cleanup (cleanup_unlock_gshadow, NULL);
	}
#endif

	if (gflg) {
		if (pw_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, pw_dbname ());
			exit (E_GRP_UPDATE);
		}
		add_cleanup (cleanup_unlock_passwd, NULL);
	}
}
Beispiel #2
0
static void open_files (void)
{
    if (!gr_lock ()) {
        fprintf (stderr, _("%s: unable to lock group file\n"),
                 Prog);
        exit (E_GRP_UPDATE);
    }
    if (!gr_open (O_RDWR)) {
        fprintf (stderr, _("%s: unable to open group file\n"),
                 Prog);
        fail_exit (E_GRP_UPDATE);
    }
#ifdef	SHADOWGRP
    if (is_shadow_grp && !sgr_lock ()) {
        fprintf (stderr,
                 _("%s: unable to lock shadow group file\n"),
                 Prog);
        fail_exit (E_GRP_UPDATE);
    }
    if (is_shadow_grp && !sgr_open (O_RDWR)) {
        fprintf (stderr,
                 _("%s: unable to open shadow group file\n"),
                 Prog);
        fail_exit (E_GRP_UPDATE);
    }
#endif				/* SHADOWGRP */
}
static void
open_files(void)
{
	if (!pw_lock()) {
		fprintf(stderr, _("%s: unable to lock password file\n"), Prog);
		exit(E_PW_UPDATE);
	}
	if (! pw_open (O_RDWR)) {
		fprintf(stderr, _("%s: unable to open password file\n"), Prog);
		fail_exit(E_PW_UPDATE);
	}
#ifdef	SHADOWPWD
	if (is_shadow_pwd && ! spw_lock ()) {
		fprintf(stderr, _("%s: cannot lock shadow password file\n"),
			Prog);
		fail_exit(E_PW_UPDATE);
	}
	if (is_shadow_pwd && ! spw_open (O_RDWR)) {
		fprintf(stderr, _("%s: cannot open shadow password file\n"),
			Prog);
		fail_exit(E_PW_UPDATE);
	}
#endif
#ifdef	HAVE_TCFS
	if (!tcfs_lock()) {
		fprintf(stderr, _("%s: cannot lock TCFS key file\n"), Prog);
		fail_exit(E_PW_UPDATE);
	}
	if (!tcfs_open(O_RDWR)) {
		fprintf(stderr, _("%s: cannot open TCFS key file\n"), Prog);
		fail_exit(E_PW_UPDATE);
	}
#endif
	if (! gr_lock ()) {
		fprintf(stderr, _("%s: unable to lock group file\n"), Prog);
		fail_exit(E_GRP_UPDATE);
	}
	if (! gr_open (O_RDWR)) {
		fprintf(stderr, _("%s: cannot open group file\n"), Prog);
		fail_exit(E_GRP_UPDATE);
	}
#ifdef	SHADOWGRP
	if (is_shadow_grp && ! sgr_lock ()) {
		fprintf(stderr, _("%s: unable to lock shadow group file\n"),
			Prog);
		fail_exit(E_GRP_UPDATE);
	}
	if (is_shadow_grp && ! sgr_open (O_RDWR)) {
		fprintf(stderr, _("%s: cannot open shadow group file\n"),
				Prog);
		fail_exit(E_GRP_UPDATE);
	}
#endif
}
Beispiel #4
0
/*
 * open_files - open the shadow database
 *
 *	In read-only mode, the databases are not locked and are opened
 *	only for reading.
 */
static void open_files (void)
{
	/*
	 * Lock the files if we aren't in "read-only" mode
	 */
	if (!read_only) {
		if (gr_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, grp_file);
			fail_exit (E_CANT_LOCK);
		}
		gr_locked = true;
#ifdef	SHADOWGRP
		if (is_shadow) {
			if (sgr_lock () == 0) {
				fprintf (stderr,
				         _("%s: cannot lock %s; try again later.\n"),
				         Prog, sgr_file);
				fail_exit (E_CANT_LOCK);
			}
			sgr_locked = true;
		}
#endif
	}

	/*
	 * Open the files. Use O_RDONLY if we are in read_only mode,
	 * O_RDWR otherwise.
	 */
	if (gr_open (read_only ? O_RDONLY : O_RDWR) == 0) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog,
		         grp_file);
		if (use_system_grp_file) {
			SYSLOG ((LOG_WARN, "cannot open %s", grp_file));
		}
		fail_exit (E_CANT_OPEN);
	}
#ifdef	SHADOWGRP
	if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_RDWR) == 0)) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog,
		         sgr_file);
		if (use_system_sgr_file) {
			SYSLOG ((LOG_WARN, "cannot open %s", sgr_file));
		}
		fail_exit (E_CANT_OPEN);
	}
#endif
}
Beispiel #5
0
/*
 * open_files - lock and open the group files
 *
 *	open_files() opens the two group files.
 */
static void open_files (void)
{
	/* First, lock the databases */
	if (gr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, gr_dbname ());
		exit (E_GRP_UPDATE);
	}
	add_cleanup (cleanup_unlock_group, NULL);
#ifdef	SHADOWGRP
	if (is_shadow_grp) {
		if (sgr_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, sgr_dbname ());
			exit (E_GRP_UPDATE);
		}
		add_cleanup (cleanup_unlock_gshadow, NULL);
	}
#endif

	/*
	 * Now, if the group is not removed, it's our fault.
	 * Make sure failures will be reported.
	 */
	add_cleanup (cleanup_report_del_group, group_name);

	/* An now open the databases */
	if (gr_open (O_RDWR) == 0) {
		fprintf (stderr,
		         _("%s: cannot open %s\n"),
		         Prog, gr_dbname ());
		SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
		exit (E_GRP_UPDATE);
	}
#ifdef	SHADOWGRP
	if (is_shadow_grp) {
		if (sgr_open (O_RDWR) == 0) {
			fprintf (stderr,
			         _("%s: cannot open %s\n"),
			         Prog, sgr_dbname ());
			SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
			exit (E_GRP_UPDATE);
		}
	}
#endif				/* SHADOWGRP */
}
Beispiel #6
0
/*
 * open_files - lock and open the group databases
 *
 *	It will call exit in case of error.
 */
static void open_files (void)
{
	if (gr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, gr_dbname ());
		exit (E_NOPERM);
	}
	add_cleanup (cleanup_unlock_group, NULL);

#ifdef SHADOWGRP
	if (is_shadowgrp) {
		if (sgr_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, sgr_dbname ());
			exit (E_NOPERM);
		}
		add_cleanup (cleanup_unlock_gshadow, NULL);
	}
#endif				/* SHADOWGRP */

	add_cleanup (log_gpasswd_failure_system, NULL);

	if (gr_open (O_RDWR) == 0) {
		fprintf (stderr,
		         _("%s: cannot open %s\n"),
		         Prog, gr_dbname ());
		SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
		exit (E_NOPERM);
	}

#ifdef SHADOWGRP
	if (is_shadowgrp) {
		if (sgr_open (O_RDWR) == 0) {
			fprintf (stderr,
			         _("%s: cannot open %s\n"),
			         Prog, sgr_dbname ());
			SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
			exit (E_NOPERM);
		}
		add_cleanup (log_gpasswd_failure_gshadow, NULL);
	}
#endif				/* SHADOWGRP */

	add_cleanup (log_gpasswd_failure_group, NULL);
	del_cleanup (log_gpasswd_failure_system);
}
Beispiel #7
0
/*
 * open_files - lock and open the group databases
 */
static void open_files (void)
{
	/*
	 * Lock the group file and open it for reading and writing. This will
	 * bring all of the entries into memory where they may be updated.
	 */
	if (gr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, gr_dbname ());
		fail_exit (1);
	}
	gr_locked = true;
	if (gr_open (O_CREAT | O_RDWR) == 0) {
		fprintf (stderr,
		         _("%s: cannot open %s\n"), Prog, gr_dbname ());
		fail_exit (1);
	}

#ifdef SHADOWGRP
	/* Do the same for the shadowed database, if it exist */
	if (is_shadow_grp) {
		if (sgr_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, sgr_dbname ());
			fail_exit (1);
		}
		sgr_locked = true;
		if (sgr_open (O_CREAT | O_RDWR) == 0) {
			fprintf (stderr, _("%s: cannot open %s\n"),
			         Prog, sgr_dbname ());
			fail_exit (1);
		}
	}
#endif
}
Beispiel #8
0
int main (int argc, char **argv)
{
	const struct group *gr;
	struct group grent;
	const struct sgrp *sg;

	Prog = Basename (argv[0]);

	(void) setlocale (LC_ALL, "");
	(void) bindtextdomain (PACKAGE, LOCALEDIR);
	(void) textdomain (PACKAGE);

	process_root_flag ("-R", argc, argv);

	OPENLOG ("grpunconv");

	process_flags (argc, argv);

	if (sgr_file_present () == 0) {
		exit (0);	/* no /etc/gshadow, nothing to do */
	}

	if (gr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, gr_dbname ());
		fail_exit (5);
	}
	gr_locked = true;
	if (gr_open (O_RDWR) == 0) {
		fprintf (stderr,
		         _("%s: cannot open %s\n"), Prog, gr_dbname ());
		fail_exit (1);
	}

	if (sgr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, sgr_dbname ());
		fail_exit (5);
	}
	sgr_locked = true;
	if (sgr_open (O_RDONLY) == 0) {
		fprintf (stderr,
		         _("%s: cannot open %s\n"), Prog, sgr_dbname ());
		fail_exit (1);
	}

	/*
	 * Update group passwords if non-shadow password is "x".
	 */
	(void) gr_rewind ();
	while ((gr = gr_next ()) != NULL) {
		sg = sgr_locate (gr->gr_name);
		if (   (NULL != sg)
		    && (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) == 0)) {
			/* add password to /etc/group */
			grent = *gr;
			grent.gr_passwd = sg->sg_passwd;
			if (gr_update (&grent) == 0) {
				fprintf (stderr,
				         _("%s: failed to prepare the new %s entry '%s'\n"),
				         Prog, gr_dbname (), grent.gr_name);
				fail_exit (3);
			}
		}
	}

	(void) sgr_close (); /* was only open O_RDONLY */

	if (gr_close () == 0) {
		fprintf (stderr,
		         _("%s: failure while writing changes to %s\n"),
		         Prog, gr_dbname ());
		SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
		fail_exit (3);
	}

	if (unlink (SGROUP_FILE) != 0) {
		fprintf (stderr,
		         _("%s: cannot delete %s\n"),
		         Prog, SGROUP_FILE);
		SYSLOG ((LOG_ERR, "cannot delete %s", SGROUP_FILE));
		fail_exit (3);
	}

	if (gr_unlock () == 0) {
		fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
		SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
		/* continue */
	}

	if (sgr_unlock () == 0) {
		fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
		SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
		/* continue */
	}

	nscd_flush_cache ("group");

	return 0;
}
Beispiel #9
0
/*
 * open_files - lock and open the password, group and shadow databases
 */
static void open_files (void)
{
	/*
	 * Lock the password files and open them for update. This will bring
	 * all of the entries into memory where they may be searched for an
	 * modified, or new entries added. The password file is the key - if
	 * it gets locked, assume the others can be locked right away.
	 */
	if (pw_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, pw_dbname ());
		fail_exit (EXIT_FAILURE);
	}
	pw_locked = true;
	if (is_shadow) {
		if (spw_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, spw_dbname ());
			fail_exit (EXIT_FAILURE);
		}
		spw_locked = true;
	}
	if (gr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, gr_dbname ());
		fail_exit (EXIT_FAILURE);
	}
	gr_locked = true;
#ifdef SHADOWGRP
	if (is_shadow_grp) {
		if (sgr_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, sgr_dbname ());
			fail_exit (EXIT_FAILURE);
		}
		sgr_locked = true;
	}
#endif
#ifdef ENABLE_SUBIDS
	if (is_sub_uid) {
		if (sub_uid_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, sub_uid_dbname ());
			fail_exit (EXIT_FAILURE);
		}
		sub_uid_locked = true;
	}
	if (is_sub_gid) {
		if (sub_gid_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, sub_gid_dbname ());
			fail_exit (EXIT_FAILURE);
		}
		sub_gid_locked = true;
	}
#endif				/* ENABLE_SUBIDS */

	if (pw_open (O_CREAT | O_RDWR) == 0) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
		fail_exit (EXIT_FAILURE);
	}
	if (is_shadow && (spw_open (O_CREAT | O_RDWR) == 0)) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ());
		fail_exit (EXIT_FAILURE);
	}
	if (gr_open (O_CREAT | O_RDWR) == 0) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
		fail_exit (EXIT_FAILURE);
	}
#ifdef SHADOWGRP
	if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ());
		fail_exit (EXIT_FAILURE);
	}
#endif
#ifdef ENABLE_SUBIDS
	if (is_sub_uid) {
		if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
			fprintf (stderr,
			         _("%s: cannot open %s\n"),
			         Prog, sub_uid_dbname ());
			fail_exit (EXIT_FAILURE);
		}
	}
	if (is_sub_gid) {
		if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
			fprintf (stderr,
			         _("%s: cannot open %s\n"),
			         Prog, sub_gid_dbname ());
			fail_exit (EXIT_FAILURE);
		}
	}
#endif				/* ENABLE_SUBIDS */
}
Beispiel #10
0
static int update_gshadow (void)
{
	int is_member;
	int was_member;
	int was_admin;
	int changed;
	const struct sgrp *sgrp;
	struct sgrp *nsgrp;

	if (!sgr_lock ()) {
		fprintf (stderr,
			 _("%s: error locking shadow group file\n"), Prog);
		SYSLOG ((LOG_ERR, "error locking shadow group file"));
		return -1;
	}
	if (!sgr_open (O_RDWR)) {
		fprintf (stderr,
			 _("%s: error opening shadow group file\n"), Prog);
		SYSLOG ((LOG_ERR, "error opening shadow group file"));
		sgr_unlock ();
		return -1;
	}

	changed = 0;

	/*
	 * Scan through the entire shadow group file looking for the groups
	 * that the user is a member of.
	 */
	while ((sgrp = sgr_next ())) {

		/*
		 * See if the user was a member of this group
		 */
		was_member = is_on_list (sgrp->sg_mem, user_name);

		/*
		 * See if the user was an administrator of this group
		 */
		was_admin = is_on_list (sgrp->sg_adm, user_name);

		/*
		 * See if the user specified this group as one of their
		 * concurrent groups.
		 */
		is_member = Gflg
		    && is_on_list (user_groups, sgrp->sg_name);

		if (!was_member && !was_admin && !is_member)
			continue;

		nsgrp = __sgr_dup (sgrp);
		if (!nsgrp) {
			fprintf (stderr,
				 _
				 ("%s: out of memory in update_gshadow\n"),
				 Prog);
			sgr_unlock ();
			return -1;
		}

		if (was_admin && lflg) {
			nsgrp->sg_adm =
			    del_list (nsgrp->sg_adm, user_name);
			nsgrp->sg_adm =
			    add_list (nsgrp->sg_adm, user_newname);
			changed = 1;
			SYSLOG ((LOG_INFO,
				 "change admin `%s' to `%s' in shadow group `%s'",
				 user_name, user_newname, nsgrp->sg_name));
		}
		if (was_member && (!Gflg || is_member)) {
			if (lflg) {
				nsgrp->sg_mem = del_list (nsgrp->sg_mem,
							  user_name);
				nsgrp->sg_mem = add_list (nsgrp->sg_mem,
							  user_newname);
				changed = 1;
				SYSLOG ((LOG_INFO,
					 "change `%s' to `%s' in shadow group `%s'",
					 user_name, user_newname,
					 nsgrp->sg_name));
			}
		} else if (was_member && Gflg && !is_member) {
			nsgrp->sg_mem =
			    del_list (nsgrp->sg_mem, user_name);
			changed = 1;
			SYSLOG ((LOG_INFO,
				 "delete `%s' from shadow group `%s'",
				 user_name, nsgrp->sg_name));
		} else if (!was_member && Gflg && is_member) {
			nsgrp->sg_mem = add_list (nsgrp->sg_mem,
						  lflg ? user_newname :
						  user_name);
			changed = 1;
			SYSLOG ((LOG_INFO, "add `%s' to shadow group `%s'",
				 lflg ? user_newname : user_name,
				 nsgrp->sg_name));
		}
		if (!changed)
			continue;

		changed = 0;

		/* 
		 * Update the group entry to reflect the changes.
		 */
		if (!sgr_update (nsgrp)) {
			fprintf (stderr,
				 _("%s: error adding new group entry\n"),
				 Prog);
			SYSLOG ((LOG_ERR,
				 "error adding shadow group entry"));
			sgr_unlock ();
			return -1;
		}
#ifdef	NDBM
		/*
		 * Update the DBM group file with the new entry as well.
		 */
		if (!sg_dbm_update (nsgrp)) {
			fprintf (stderr,
				 _("%s: cannot add new dbm group entry\n"),
				 Prog);
			SYSLOG ((LOG_ERR,
				 "error adding dbm shadow group entry"));
			sgr_unlock ();
			return -1;
		}
#endif				/* NDBM */
	}
#ifdef NDBM
	endsgent ();
#endif				/* NDBM */
	if (!sgr_close ()) {
		fprintf (stderr,
			 _("%s: cannot rewrite shadow group file\n"),
			 Prog);
		sgr_unlock ();
		return -1;
	}
	sgr_unlock ();
	return 0;
}
Beispiel #11
0
static void open_files (void)
{
	if (pw_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, pw_dbname ());
#ifdef WITH_AUDIT
		audit_logger (AUDIT_DEL_USER, Prog,
		              "locking password file",
		              user_name, (unsigned int) user_id,
		              SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
		fail_exit (E_PW_UPDATE);
	}
	pw_locked = true;
	if (pw_open (O_CREAT | O_RDWR) == 0) {
		fprintf (stderr,
		         _("%s: cannot open %s\n"), Prog, pw_dbname ());
#ifdef WITH_AUDIT
		audit_logger (AUDIT_DEL_USER, Prog,
		              "opening password file",
		              user_name, (unsigned int) user_id,
		              SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
		fail_exit (E_PW_UPDATE);
	}
	if (is_shadow_pwd) {
		if (spw_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, spw_dbname ());
#ifdef WITH_AUDIT
			audit_logger (AUDIT_DEL_USER, Prog,
			              "locking shadow password file",
			              user_name, (unsigned int) user_id,
			              SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
			fail_exit (E_PW_UPDATE);
		}
		spw_locked = true;
		if (spw_open (O_CREAT | O_RDWR) == 0) {
			fprintf (stderr,
			         _("%s: cannot open %s\n"),
			         Prog, spw_dbname ());
#ifdef WITH_AUDIT
			audit_logger (AUDIT_DEL_USER, Prog,
			              "opening shadow password file",
			              user_name, (unsigned int) user_id,
			              SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
			fail_exit (E_PW_UPDATE);
		}
	}
	if (gr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, gr_dbname ());
#ifdef WITH_AUDIT
		audit_logger (AUDIT_DEL_USER, Prog,
		              "locking group file",
		              user_name, (unsigned int) user_id,
		              SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
		fail_exit (E_GRP_UPDATE);
	}
	gr_locked = true;
	if (gr_open (O_CREAT | O_RDWR) == 0) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
#ifdef WITH_AUDIT
		audit_logger (AUDIT_DEL_USER, Prog,
		              "opening group file",
		              user_name, (unsigned int) user_id,
		              SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
		fail_exit (E_GRP_UPDATE);
	}
#ifdef	SHADOWGRP
	if (is_shadow_grp) {
		if (sgr_lock () == 0) {
			fprintf (stderr,
			         _("%s: cannot lock %s; try again later.\n"),
			         Prog, sgr_dbname ());
#ifdef WITH_AUDIT
			audit_logger (AUDIT_DEL_USER, Prog,
			              "locking shadow group file",
			              user_name, (unsigned int) user_id,
			              SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
			fail_exit (E_GRP_UPDATE);
		}
		sgr_locked= true;
		if (sgr_open (O_CREAT | O_RDWR) == 0) {
			fprintf (stderr, _("%s: cannot open %s\n"),
			         Prog, sgr_dbname ());
#ifdef WITH_AUDIT
			audit_logger (AUDIT_DEL_USER, Prog,
			              "opening shadow group file",
			              user_name, (unsigned int) user_id,
			              SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
			fail_exit (E_GRP_UPDATE);
		}
	}
#endif				/* SHADOWGRP */
#ifdef ENABLE_SUBIDS
	if (is_sub_uid) {
		if (sub_uid_lock () == 0) {
			fprintf (stderr,
				_("%s: cannot lock %s; try again later.\n"),
				Prog, sub_uid_dbname ());
#ifdef WITH_AUDIT
			audit_logger (AUDIT_DEL_USER, Prog,
				"locking subordinate user file",
				user_name, (unsigned int) user_id,
				SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
			fail_exit (E_SUB_UID_UPDATE);
		}
		sub_uid_locked = true;
		if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
			fprintf (stderr,
				_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
#ifdef WITH_AUDIT
			audit_logger (AUDIT_DEL_USER, Prog,
				"opening subordinate user file",
				user_name, (unsigned int) user_id,
				SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
			fail_exit (E_SUB_UID_UPDATE);
		}
	}
	if (is_sub_gid) {
		if (sub_gid_lock () == 0) {
			fprintf (stderr,
				_("%s: cannot lock %s; try again later.\n"),
				Prog, sub_gid_dbname ());
#ifdef WITH_AUDIT
			audit_logger (AUDIT_DEL_USER, Prog,
				"locking subordinate group file",
				user_name, (unsigned int) user_id,
				SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
			fail_exit (E_SUB_GID_UPDATE);
		}
		sub_gid_locked = true;
		if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
			fprintf (stderr,
				_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
#ifdef WITH_AUDIT
			audit_logger (AUDIT_DEL_USER, Prog,
				"opening subordinate group file",
				user_name, (unsigned int) user_id,
				SHADOW_AUDIT_FAILURE);
#endif				/* WITH_AUDIT */
			fail_exit (E_SUB_GID_UPDATE);
		}
	}
#endif				/* ENABLE_SUBIDS */
}
Beispiel #12
0
int main (int argc, char **argv)
{
	const struct group *gr;
	struct group grent;
	const struct sgrp *sg;
	struct sgrp sgent;

	Prog = Basename (argv[0]);

	(void) setlocale (LC_ALL, "");
	(void) bindtextdomain (PACKAGE, LOCALEDIR);
	(void) textdomain (PACKAGE);

	process_root_flag ("-R", argc, argv);

	OPENLOG ("grpconv");

	process_flags (argc, argv);

	if (gr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, gr_dbname ());
		fail_exit (5);
	}
	gr_locked = true;
	if (gr_open (O_CREAT | O_RDWR) == 0) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
		fail_exit (1);
	}

	if (sgr_lock () == 0) {
		fprintf (stderr,
		         _("%s: cannot lock %s; try again later.\n"),
		         Prog, sgr_dbname ());
		fail_exit (5);
	}
	sgr_locked = true;
	if (sgr_open (O_CREAT | O_RDWR) == 0) {
		fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ());
		fail_exit (1);
	}

	/*
	 * Remove /etc/gshadow entries for groups not in /etc/group.
	 */
	(void) sgr_rewind ();
	while ((sg = sgr_next ()) != NULL) {
		if (gr_locate (sg->sg_name) != NULL) {
			continue;
		}

		if (sgr_remove (sg->sg_name) == 0) {
			/*
			 * This shouldn't happen (the entry exists) but...
			 */
			fprintf (stderr,
			         _("%s: cannot remove entry '%s' from %s\n"),
			         Prog, sg->sg_name, sgr_dbname ());
			fail_exit (3);
		}
	}

	/*
	 * Update shadow group passwords if non-shadow password is not "x".
	 * Add any missing shadow group entries.
	 */
	(void) gr_rewind ();
	while ((gr = gr_next ()) != NULL) {
		sg = sgr_locate (gr->gr_name);
		if (NULL != sg) {
			/* update existing shadow group entry */
			sgent = *sg;
			if (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)
				sgent.sg_passwd = gr->gr_passwd;
		} else {
			static char *empty = 0;

			/* add new shadow group entry */
			memset (&sgent, 0, sizeof sgent);
			sgent.sg_name = gr->gr_name;
			sgent.sg_passwd = gr->gr_passwd;
			sgent.sg_adm = ∅
		}
		/*
		 * XXX - sg_mem is redundant, it is currently always a copy
		 * of gr_mem. Very few programs actually use sg_mem, and all
		 * of them are in the shadow suite. Maybe this field could
		 * be used for something else? Any suggestions?
		 */
		sgent.sg_mem = gr->gr_mem;

		if (sgr_update (&sgent) == 0) {
			fprintf (stderr,
			         _("%s: failed to prepare the new %s entry '%s'\n"),
			         Prog, sgr_dbname (), sgent.sg_name);
			fail_exit (3);
		}
		/* remove password from /etc/group */
		grent = *gr;
		grent.gr_passwd = SHADOW_PASSWD_STRING;	/* XXX warning: const */
		if (gr_update (&grent) == 0) {
			fprintf (stderr,
			         _("%s: failed to prepare the new %s entry '%s'\n"),
			         Prog, gr_dbname (), grent.gr_name);
			fail_exit (3);
		}
	}

	if (sgr_close () == 0) {
		fprintf (stderr,
		         _("%s: failure while writing changes to %s\n"),
		         Prog, sgr_dbname ());
		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
		fail_exit (3);
	}
	if (gr_close () == 0) {
		fprintf (stderr,
		         _("%s: failure while writing changes to %s\n"),
		         Prog, gr_dbname ());
		SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
		fail_exit (3);
	}
	if (sgr_unlock () == 0) {
		fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
		SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
		/* continue */
	}
	if (gr_unlock () == 0) {
		fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
		SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
		/* continue */
	}

	nscd_flush_cache ("group");

	return 0;
}
Beispiel #13
0
/*
 * grpck - verify group file integrity
 */
int main (int argc, char **argv)
{
    int arg;
    int errors = 0;
    int deleted = 0;
    int i;
    struct commonio_entry *gre, *tgre;
    struct group *grp;
    int sort_mode = 0;

#ifdef	SHADOWGRP
    struct commonio_entry *sge, *tsge;
    struct sgrp *sgr;
    int is_shadow = 0;
#endif

    /*
     * Get my name so that I can use it to report errors.
     */
    Prog = Basename (argv[0]);

    setlocale (LC_ALL, "");
    bindtextdomain (PACKAGE, LOCALEDIR);
    textdomain (PACKAGE);

    OPENLOG ("grpck");

    /*
     * Parse the command line arguments
     */
    while ((arg = getopt (argc, argv, "qrs")) != EOF) {
        switch (arg) {
        case 'q':
            /* quiet - ignored for now */
            break;
        case 'r':
            read_only = 1;
            break;
        case 's':
            sort_mode = 1;
            break;
        default:
            usage ();
        }
    }

    if (sort_mode && read_only) {
        fprintf (stderr, _("%s: -s and -r are incompatibile\n"), Prog);
        exit (E_USAGE);
    }

    /*
     * Make certain we have the right number of arguments
     */
#ifdef	SHADOWGRP
    if (optind != argc && optind + 1 != argc && optind + 2 != argc)
#else
    if (optind != argc && optind + 1 != argc)
#endif
        usage ();

    /*
     * If there are two left over filenames, use those as the group and
     * group password filenames.
     */
    if (optind != argc) {
        grp_file = argv[optind];
        gr_name (grp_file);
    }
#ifdef	SHADOWGRP
    if (optind + 2 == argc) {
        sgr_file = argv[optind + 1];
        sgr_name (sgr_file);
        is_shadow = 1;
    } else if (optind == argc)
        is_shadow = sgr_file_present ();
#endif

    /*
     * Lock the files if we aren't in "read-only" mode
     */
    if (!read_only) {
        if (!gr_lock ()) {
            fprintf (stderr, _("%s: cannot lock file %s\n"),
                     Prog, grp_file);
            if (optind == argc)
                SYSLOG ((LOG_WARN, "cannot lock %s", grp_file));
            closelog ();
            exit (E_CANT_LOCK);
        }
#ifdef	SHADOWGRP
        if (is_shadow && !sgr_lock ()) {
            fprintf (stderr, _("%s: cannot lock file %s\n"),
                     Prog, sgr_file);
            if (optind == argc)
                SYSLOG ((LOG_WARN, "cannot lock %s", sgr_file));
            closelog ();
            exit (E_CANT_LOCK);
        }
#endif
    }

    /*
     * Open the files. Use O_RDONLY if we are in read_only mode,
     * O_RDWR otherwise.
     */
    if (!gr_open (read_only ? O_RDONLY : O_RDWR)) {
        fprintf (stderr, _("%s: cannot open file %s\n"), Prog,
                 grp_file);
        if (optind == argc)
            SYSLOG ((LOG_WARN, "cannot open %s", grp_file));
        closelog ();
        exit (E_CANT_OPEN);
    }
#ifdef	SHADOWGRP
    if (is_shadow && !sgr_open (read_only ? O_RDONLY : O_RDWR)) {
        fprintf (stderr, _("%s: cannot open file %s\n"), Prog,
                 sgr_file);
        if (optind == argc)
            SYSLOG ((LOG_WARN, "cannot open %s", sgr_file));
        closelog ();
        exit (E_CANT_OPEN);
    }
#endif

    if (sort_mode) {
        gr_sort ();
#ifdef	SHADOWGRP
        if (is_shadow)
            sgr_sort ();
#endif
        goto write_and_bye;
    }

    /*
     * Loop through the entire group file.
     */
    for (gre = __gr_get_head (); gre; gre = gre->next) {
        /*
         * Skip all NIS entries.
         */

        if (gre->line[0] == '+' || gre->line[0] == '-')
            continue;

        /*
         * Start with the entries that are completely corrupt. They
         * have no (struct group) entry because they couldn't be
         * parsed properly.
         */
        if (!gre->eptr) {

            /*
             * Tell the user this entire line is bogus and ask
             * them to delete it.
             */
            printf (_("invalid group file entry\n"));
            printf (_("delete line `%s'? "), gre->line);
            errors++;

            /*
             * prompt the user to delete the entry or not
             */
            if (!yes_or_no ())
                continue;

            /*
             * All group file deletions wind up here. This code
             * removes the current entry from the linked list.
             * When done, it skips back to the top of the loop
             * to try out the next list element.
             */
delete_gr:
            SYSLOG ((LOG_INFO, "delete group line `%s'",
                     gre->line));
            deleted++;

            __gr_del_entry (gre);
            continue;
        }

        /*
         * Group structure is good, start using it.
         */
        grp = gre->eptr;

        /*
         * Make sure this entry has a unique name.
         */
        for (tgre = __gr_get_head (); tgre; tgre = tgre->next) {

            const struct group *ent = tgre->eptr;

            /*
             * Don't check this entry
             */
            if (tgre == gre)
                continue;

            /*
             * Don't check invalid entries.
             */
            if (!ent)
                continue;

            if (strcmp (grp->gr_name, ent->gr_name) != 0)
                continue;

            /*
             * Tell the user this entry is a duplicate of
             * another and ask them to delete it.
             */
            printf (_("duplicate group entry\n"));
            printf (_("delete line `%s'? "), gre->line);
            errors++;

            /*
             * prompt the user to delete the entry or not
             */
            if (yes_or_no ())
                goto delete_gr;
        }

        /*
         * Check for invalid group names.  --marekm
         */
        if (!check_group_name (grp->gr_name)) {
            errors++;
            printf (_("invalid group name `%s'\n"), grp->gr_name);
        }

        /*
         * Workaround for a NYS libc 5.3.12 bug on RedHat 4.2 -
         * groups with no members are returned as groups with one
         * member "", causing grpck to fail.  --marekm
         */
        if (grp->gr_mem[0] && !grp->gr_mem[1]
                && *(grp->gr_mem[0]) == '\0')
            grp->gr_mem[0] = (char *) 0;

        /*
         * Make sure each member exists
         */
        for (i = 0; grp->gr_mem[i]; i++) {
            if (getpwnam (grp->gr_mem[i]))
                continue;
            /*
             * Can't find this user. Remove them
             * from the list.
             */
            errors++;
            printf (_("group %s: no user %s\n"),
                    grp->gr_name, grp->gr_mem[i]);
            printf (_("delete member `%s'? "), grp->gr_mem[i]);

            if (!yes_or_no ())
                continue;

            SYSLOG ((LOG_INFO, "delete member `%s' group `%s'",
                     grp->gr_mem[i], grp->gr_name));
            deleted++;
            delete_member (grp->gr_mem, grp->gr_mem[i]);
            gre->changed = 1;
            __gr_set_changed ();
        }
    }

#ifdef	SHADOWGRP
    if (!is_shadow)
        goto shadow_done;

    /*
     * Loop through the entire shadow group file.
     */
    for (sge = __sgr_get_head (); sge; sge = sge->next) {

        /*
         * Start with the entries that are completely corrupt. They
         * have no (struct sgrp) entry because they couldn't be
         * parsed properly.
         */
        if (!sge->eptr) {

            /*
             * Tell the user this entire line is bogus and ask
             * them to delete it.
             */
            printf (_("invalid shadow group file entry\n"));
            printf (_("delete line `%s'? "), sge->line);
            errors++;

            /*
             * prompt the user to delete the entry or not
             */
            if (!yes_or_no ())
                continue;

            /*
             * All shadow group file deletions wind up here.
             * This code removes the current entry from the
             * linked list. When done, it skips back to the top
             * of the loop to try out the next list element.
             */
delete_sg:
            SYSLOG ((LOG_INFO, "delete shadow line `%s'",
                     sge->line));
            deleted++;

            __sgr_del_entry (sge);
            continue;
        }

        /*
         * Shadow group structure is good, start using it.
         */
        sgr = sge->eptr;

        /*
         * Make sure this entry has a unique name.
         */
        for (tsge = __sgr_get_head (); tsge; tsge = tsge->next) {

            const struct sgrp *ent = tsge->eptr;

            /*
             * Don't check this entry
             */
            if (tsge == sge)
                continue;

            /*
             * Don't check invalid entries.
             */
            if (!ent)
                continue;

            if (strcmp (sgr->sg_name, ent->sg_name) != 0)
                continue;

            /*
             * Tell the user this entry is a duplicate of
             * another and ask them to delete it.
             */
            printf (_("duplicate shadow group entry\n"));
            printf (_("delete line `%s'? "), sge->line);
            errors++;

            /*
             * prompt the user to delete the entry or not
             */
            if (yes_or_no ())
                goto delete_sg;
        }

        /*
         * Make sure this entry exists in the /etc/group file.
         */
        if (!gr_locate (sgr->sg_name)) {
            printf (_("no matching group file entry\n"));
            printf (_("delete line `%s'? "), sge->line);
            errors++;
            if (yes_or_no ())
                goto delete_sg;
        }

        /*
         * Make sure each administrator exists
         */
        for (i = 0; sgr->sg_adm[i]; i++) {
            if (getpwnam (sgr->sg_adm[i]))
                continue;
            /*
             * Can't find this user. Remove them
             * from the list.
             */
            errors++;
            printf (_
                    ("shadow group %s: no administrative user %s\n"),
                    sgr->sg_name, sgr->sg_adm[i]);
            printf (_("delete administrative member `%s'? "),
                    sgr->sg_adm[i]);

            if (!yes_or_no ())
                continue;

            SYSLOG ((LOG_INFO,
                     "delete admin `%s' from shadow group `%s'",
                     sgr->sg_adm[i], sgr->sg_name));
            deleted++;
            delete_member (sgr->sg_adm, sgr->sg_adm[i]);
            sge->changed = 1;
            __sgr_set_changed ();
        }

        /*
         * Make sure each member exists
         */
        for (i = 0; sgr->sg_mem[i]; i++) {
            if (getpwnam (sgr->sg_mem[i]))
                continue;

            /*
             * Can't find this user. Remove them from the list.
             */
            errors++;
            printf (_("shadow group %s: no user %s\n"),
                    sgr->sg_name, sgr->sg_mem[i]);
            printf (_("delete member `%s'? "), sgr->sg_mem[i]);

            if (!yes_or_no ())
                continue;

            SYSLOG ((LOG_INFO,
                     "delete member `%s' from shadow group `%s'",
                     sgr->sg_mem[i], sgr->sg_name));
            deleted++;
            delete_member (sgr->sg_mem, sgr->sg_mem[i]);
            sge->changed = 1;
            __sgr_set_changed ();
        }
    }

shadow_done:
#endif				/* SHADOWGRP */

    /*
     * All done. If there were no deletions we can just abandon any
     * changes to the files.
     */
    if (deleted) {
write_and_bye:
        if (!gr_close ()) {
            fprintf (stderr, _("%s: cannot update file %s\n"),
                     Prog, grp_file);
            exit (E_CANT_UPDATE);
        }
#ifdef	SHADOWGRP
        if (is_shadow && !sgr_close ()) {
            fprintf (stderr, _("%s: cannot update file %s\n"),
                     Prog, sgr_file);
            exit (E_CANT_UPDATE);
        }
#endif
    }

    /*
     * Don't be anti-social - unlock the files when you're done.
     */
#ifdef	SHADOWGRP
    if (is_shadow)
        sgr_unlock ();
#endif
    (void) gr_unlock ();

    nscd_flush_cache ("group");

    /*
     * Tell the user what we did and exit.
     */
    if (errors)
        printf (deleted ?
                _("%s: the files have been updated\n") :
                _("%s: no changes\n"), Prog);

    exit (errors ? E_BAD_ENTRY : E_OKAY);
}