int
main(int argc, char *argv[])
{
enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW, NEWEXP } op;
struct passwd lpw, *old_pw, *pw;
int ch, pfd, tfd;
const char *password;
char *arg = NULL;
uid_t uid;
#ifdef YP
struct ypclnt *ypclnt;
const char *yp_domain = NULL, *yp_host = NULL;
#endif
pw = old_pw = NULL;
op = EDITENTRY;
#ifdef YP
while ((ch = getopt(argc, argv, "a:p:s:e:d:h:loy")) != -1)
#else
while ((ch = getopt(argc, argv, "a:p:s:e:")) != -1)
#endif
switch (ch) {
case 'a':
op = LOADENTRY;
arg = optarg;
break;
case 's':
op = NEWSH;
arg = optarg;
break;
case 'p':
op = NEWPW;
arg = optarg;
break;
case 'e':
op = NEWEXP;
arg = optarg;
break;
#ifdef YP
case 'd':
yp_domain = optarg;
break;
case 'h':
yp_host = optarg;
break;
case 'l':
case 'o':
case 'y':
/* compatibility */
break;
#endif
case '?':
default:
usage();
}
argc -= optind;
argv += optind;
if (argc > 1)
usage();
uid = getuid();
if (op == EDITENTRY || op == NEWSH || op == NEWPW || op == NEWEXP) {
if (argc == 0) {
if ((pw = getpwuid(uid)) == NULL)
errx(1, "unknown user: uid %lu",
(unsigned long)uid);
} else {
if ((pw = getpwnam(*argv)) == NULL)
errx(1, "unknown user: %s", *argv);
if (uid != 0 && uid != pw->pw_uid)
baduser();
}
/* Make a copy for later verification */
if ((pw = pw_dup(pw)) == NULL ||
(old_pw = pw_dup(pw)) == NULL)
err(1, "pw_dup");
}
#ifdef YP
if (pw != NULL && (pw->pw_fields & _PWF_SOURCE) == _PWF_NIS) {
ypclnt = ypclnt_new(yp_domain, "passwd.byname", yp_host);
master_mode = (ypclnt != NULL &&
ypclnt_connect(ypclnt) != -1 &&
ypclnt_havepasswdd(ypclnt) == 1);
ypclnt_free(ypclnt);
} else
#endif
master_mode = (uid == 0);
if (op == NEWSH) {
/* protect p_shell -- it thinks NULL is /bin/sh */
if (!arg[0])
usage();
if (p_shell(arg, pw, (ENTRY *)NULL) == -1)
exit(1);
}
if (op == NEWEXP) {
if (uid) /* only root can change expire */
baduser();
if (p_expire(arg, pw, (ENTRY *)NULL) == -1)
exit(1);
}
if (op == LOADENTRY) {
if (uid)
baduser();
pw = &lpw;
old_pw = NULL;
if (!__pw_scan(arg, pw, _PWSCAN_WARN|_PWSCAN_MASTER))
exit(1);
}
if (op == NEWPW) {
if (uid)
baduser();
if (strchr(arg, ':'))
errx(1, "invalid format for password");
pw->pw_passwd = arg;
}
if (op == EDITENTRY) {
/*
* We don't really need pw_*() here, but pw_edit() (used
* by edit()) is just too useful...
*/
if (pw_init(NULL, NULL))
err(1, "pw_init()");
if ((tfd = pw_tmp(-1)) == -1) {
pw_fini();
err(1, "pw_tmp()");
}
free(pw);
pw = edit(pw_tempname(), old_pw);
pw_fini();
if (pw == NULL)
err(1, "edit()");
/*
* pw_equal does not check for crypted passwords, so we
* should do it explicitly
*/
if (pw_equal(old_pw, pw) &&
strcmp(old_pw->pw_passwd, pw->pw_passwd) == 0)
errx(0, "user information unchanged");
}
if (old_pw && !master_mode) {
password = getpass("Password: "******"";
}
if (old_pw != NULL)
pw->pw_fields |= (old_pw->pw_fields & _PWF_SOURCE);
switch (pw->pw_fields & _PWF_SOURCE) {
#ifdef YP
case _PWF_NIS:
ypclnt = ypclnt_new(yp_domain, "passwd.byname", yp_host);
if (ypclnt == NULL) {
warnx("ypclnt_new failed");
exit(1);
}
if (ypclnt_connect(ypclnt) == -1 ||
ypclnt_passwd(ypclnt, pw, password) == -1) {
warnx("%s", ypclnt->error);
ypclnt_free(ypclnt);
exit(1);
}
ypclnt_free(ypclnt);
errx(0, "NIS user information updated");
#endif /* YP */
case 0:
case _PWF_FILES:
if (pw_init(NULL, NULL))
err(1, "pw_init()");
if ((pfd = pw_lock()) == -1) {
pw_fini();
err(1, "pw_lock()");
}
if ((tfd = pw_tmp(-1)) == -1) {
pw_fini();
err(1, "pw_tmp()");
}
if (pw_copy(pfd, tfd, pw, old_pw) == -1) {
pw_fini();
err(1, "pw_copy");
}
if (pw_mkdb(pw->pw_name) == -1) {
pw_fini();
err(1, "pw_mkdb()");
}
pw_fini();
errx(0, "user information updated");
break;
default:
errx(1, "unsupported passwd source");
}
}
int
main(int argc, char *argv[])
{
struct passwd *pw = NULL, *opw = NULL, lpw;
int i, ch, pfd, tfd, dfd;
char *tz, *arg = NULL;
sigset_t fullset;
#ifdef YP
use_yp = _yp_check(NULL);
#endif
/* We need to use the system timezone for date conversions. */
if ((tz = getenv("TZ")) != NULL) {
unsetenv("TZ");
tzset();
setenv("TZ", tz, 1);
}
op = EDITENTRY;
while ((ch = getopt(argc, argv, "a:s:ly")) != -1)
switch(ch) {
case 'a':
op = LOADENTRY;
arg = optarg;
break;
case 's':
op = NEWSH;
arg = optarg;
break;
#ifdef YP
case 'l':
use_yp = 0;
break;
case 'y':
if (!use_yp) {
warnx("YP not in use.");
usage();
}
force_yp = 1;
break;
#endif
case '?':
default:
usage();
}
argc -= optind;
argv += optind;
#ifdef YP
if (op == LOADENTRY && use_yp)
errx(1, "cannot load using YP, use -l to load local.");
#endif
uid = getuid();
if (op == EDITENTRY || op == NEWSH)
switch(argc) {
case 0:
pw = getpwuid(uid);
#ifdef YP
if (pw && !force_yp)
use_yp = 0;
else if (use_yp)
pw = ypgetpwuid(uid);
#endif /* YP */
if (!pw)
errx(1, "unknown user: uid %u", uid);
break;
case 1:
pw = getpwnam(*argv);
#ifdef YP
if (pw && !force_yp)
use_yp = 0;
else if (use_yp)
pw = ypgetpwnam(*argv);
#endif /* YP */
if (!pw)
errx(1, "unknown user: %s", *argv);
if (uid && uid != pw->pw_uid)
baduser();
break;
default:
usage();
}
if (op == LOADENTRY) {
if (argc != 0)
errx(1, "option -a does not accept user argument");
if (uid)
baduser();
pw = &lpw;
if (!pw_scan(arg, pw, NULL))
exit(1);
opw = getpwnam(pw->pw_name);
}
if (opw == NULL && (opw = pw_dup(pw)) == NULL)
err(1, NULL);
/* Edit the user passwd information if requested. */
if (op == EDITENTRY) {
char tempname[] = _PATH_VARTMP "pw.XXXXXXXXXX";
int edit_status;
if ((pw = pw_dup(pw)) == NULL)
pw_error(NULL, 1, 1);
dfd = mkstemp(tempname);
if (dfd == -1 || fcntl(dfd, F_SETFD, 1) == -1)
pw_error(tempname, 1, 1);
display(tempname, dfd, pw);
edit_status = edit(tempname, pw);
close(dfd);
unlink(tempname);
switch (edit_status) {
case EDIT_OK:
break;
case EDIT_NOCHANGE:
pw_error(NULL, 0, 0);
break;
case EDIT_ERROR:
default:
pw_error(tempname, 1, 1);
break;
}
}
if (op == NEWSH) {
/* protect p_shell -- it thinks NULL is /bin/sh */
if (!arg[0])
usage();
if (p_shell(arg, pw, NULL))
pw_error(NULL, 0, 1);
}
/* Drop user's real uid and block all signals to avoid a DoS. */
setuid(0);
sigfillset(&fullset);
sigdelset(&fullset, SIGINT);
sigprocmask(SIG_BLOCK, &fullset, NULL);
/* Get the passwd lock file and open the passwd file for reading. */
pw_init();
for (i = 1; (tfd = pw_lock(0)) == -1; i++) {
if (i == 4)
(void)fputs("Attempting to lock password file, "
"please wait or press ^C to abort", stderr);
(void)signal(SIGINT, kbintr);
if (i % 16 == 0)
fputc('.', stderr);
usleep(250000);
(void)signal(SIGINT, SIG_IGN);
}
if (i >= 4)
fputc('\n', stderr);
pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
if (pfd == -1 || fcntl(pfd, F_SETFD, 1) == -1)
pw_error(_PATH_MASTERPASSWD, 1, 1);
#ifdef YP
if (use_yp) {
if (pw_yp(pw, uid))
pw_error(NULL, 0, 1);
else {
pw_abort();
exit(0);
}
} else
#endif /* YP */
{
/* Copy the passwd file to the lock file, updating pw. */
pw_copy(pfd, tfd, pw, opw);
/* If username changed we need to rebuild the entire db. */
arg = !strcmp(opw->pw_name, pw->pw_name) ? pw->pw_name : NULL;
/* Now finish the passwd file update. */
if (pw_mkdb(arg, 0) == -1)
pw_error(NULL, 0, 1);
}
exit(0);
}
int
main(int argc, char **argv)
{
enum { NEWSH, LOADENTRY, EDITENTRY } op;
struct passwd *pw, lpw, old_pw;
int ch, dfd, pfd, tfd;
#ifdef YP
int yflag = 0;
#endif
char *arg, *username = NULL;
#ifdef __GNUC__
pw = NULL; /* XXX gcc -Wuninitialized */
arg = NULL;
#endif
#ifdef YP
use_yp = _yp_check(NULL);
#endif
op = EDITENTRY;
while ((ch = getopt(argc, argv, "a:s:ly")) != -1)
switch (ch) {
case 'a':
op = LOADENTRY;
arg = optarg;
break;
case 's':
op = NEWSH;
arg = optarg;
break;
case 'l':
use_yp = 0;
break;
case 'y':
#ifdef YP
if (!use_yp)
errx(1, "YP not in use.");
yflag = 1;
#else
errx(1, "YP support not compiled in.");
#endif
break;
default:
usage();
}
argc -= optind;
argv += optind;
uid = getuid();
switch (argc) {
case 0:
/* nothing */
break;
case 1:
username = argv[0];
break;
default:
usage();
}
#ifdef YP
/*
* We need to determine if we _really_ want to use YP.
* If we defaulted to YP (i.e. were not given the -y flag),
* and the master is not running rpc.yppasswdd, we check
* to see if the user exists in the local passwd database.
* If so, we use it, otherwise we error out.
*/
if (use_yp && yflag == 0) {
if (check_yppasswdd()) {
/*
* We weren't able to contact rpc.yppasswdd.
* Check to see if we're in the local
* password database. If we are, use it.
*/
if (username != NULL)
pw = getpwnam(username);
else
pw = getpwuid(uid);
if (pw != NULL)
use_yp = 0;
else {
warnx("master YP server not running yppasswd"
" daemon.");
errx(1, "Can't change password.");
}
}
}
#endif
#ifdef YP
if (use_yp)
Pw_error = yppw_error;
else
#endif
Pw_error = pw_error;
#ifdef YP
if (op == LOADENTRY && use_yp)
errx(1, "cannot load entry using YP.\n"
"\tUse the -l flag to load local.");
#endif
if (op == EDITENTRY || op == NEWSH) {
if (username != NULL) {
pw = getpwnam(username);
if (pw == NULL)
errx(1, "unknown user: %s", username);
if (uid && uid != pw->pw_uid)
baduser();
} else {
pw = getpwuid(uid);
if (pw == NULL)
errx(1, "unknown user: uid %u", uid);
}
/* Make a copy for later verification */
old_pw = *pw;
old_pw.pw_gecos = strdup(old_pw.pw_gecos);
if (!old_pw.pw_gecos) {
err(1, "strdup");
/*NOTREACHED*/
}
}
if (op == NEWSH) {
/* protect p_shell -- it thinks NULL is /bin/sh */
if (!arg[0])
usage();
if (p_shell(arg, pw, NULL))
(*Pw_error)(NULL, 0, 1);
}
if (op == LOADENTRY) {
if (uid)
baduser();
pw = &lpw;
if (!pw_scan(arg, pw, NULL))
exit(1);
}
/* Edit the user passwd information if requested. */
if (op == EDITENTRY) {
struct stat sb;
dfd = mkstemp(tempname);
if (dfd < 0 || fcntl(dfd, F_SETFD, 1) < 0)
(*Pw_error)(tempname, 1, 1);
if (atexit(cleanup)) {
cleanup();
errx(1, "couldn't register cleanup");
}
if (stat(dirname(tempname), &sb) == -1)
err(1, "couldn't stat `%s'", dirname(tempname));
if (!(sb.st_mode & S_ISTXT))
errx(1, "temporary directory `%s' is not sticky",
dirname(tempname));
display(tempname, dfd, pw);
edit(tempname, pw);
}
#ifdef YP
if (use_yp) {
if (pw_yp(pw, uid))
yppw_error(NULL, 0, 1);
else
exit(0);
/* Will not exit from this if. */
}
#endif /* YP */
/*
* Get the passwd lock file and open the passwd file for
* reading.
*/
pw_init();
tfd = pw_lock(0);
if (tfd < 0) {
if (errno != EEXIST)
err(1, "%s", _PATH_MASTERPASSWD_LOCK);
warnx("The passwd file is busy, waiting...");
tfd = pw_lock(10);
if (tfd < 0) {
if (errno != EEXIST)
err(1, "%s", _PATH_MASTERPASSWD_LOCK);
errx(1, "The passwd file is still busy, "
"try again later.");
}
}
if (fcntl(tfd, F_SETFD, 1) < 0)
pw_error(_PATH_MASTERPASSWD_LOCK, 1, 1);
pfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0);
if (pfd < 0 || fcntl(pfd, F_SETFD, 1) < 0)
pw_error(_PATH_MASTERPASSWD, 1, 1);
/* Copy the passwd file to the lock file, updating pw. */
pw_copy(pfd, tfd, pw, (op == LOADENTRY) ? NULL : &old_pw);
close(pfd);
close(tfd);
/* Now finish the passwd file update. */
if (pw_mkdb(username, 0) < 0)
pw_error(NULL, 0, 1);
exit(0);
}
