int main(int argc, char **argv) {
struct passwd *p;
int i, ecode;
init_defaults(basename(argv[0]), "passwd");
while ((i=getopt(argc,argv,"c")) != EOF) {
switch (i) {
case 'c':
if (getuid() != 0) {
fprintf(stderr,"%s: must be root to set chroot option\n", argv[0]);
return EXIT_FAILURE;
}
passwd_stub = CHROOTED_PASSWD;
break;
default:
fprintf(stderr,"%s: bad option %c\n", argv[0], i);
return EXIT_FAILURE;
}
}
if (optind == argc) {
if (!(p = getpwuid(getuid()))) {
fprintf(stderr, "%s: cannot locate your password entry\n", argv[0]);
return EXIT_FAILURE;
}
return change_passwd(p);
}
/* passwd should use getopt to support -- syntax */
ecode = Success;
for (i = optind; i < argc; i++) {
if (!(p = getpwnam(argv[i]))) {
if (getuid() != 0) {
fprintf(stderr, "%s: must be root to create new accounts\n",
argv[0]);
return EXIT_FAILURE;
}
if (strlen(argv[i]) > LOGIN_NAME_MAX) {
fprintf(stderr,"%s: username exceeds maximum length of %d characters\n", argv[0], LOGIN_NAME_MAX);
return EXIT_FAILURE;
}
if (strchr(argv[i], ':')) {
fprintf(stderr, "%s: username cannot contain ':' character\n",
argv[0]);
return EXIT_FAILURE;
}
if ((ecode=create_account(argv[i])) != Success) {
return ecode;
}
} else if (p->pw_uid != getuid() && getuid() != 0) {
fprintf(stderr, "%s: sorry, only root may change another user's password\n", argv[0]);
} else if ((ecode=change_passwd(p)) != Success) {
return ecode;
}
}
return ecode;
}
int main(int argc, char *argv[])
{
char account_id[ACCOUNT_LEN+1];
menu_options_e current_option;
/* Initian account_id. */
memset(account_id, '\0', sizeof(account_id));
current_option = mo_login; /* make sure current_option not equal mo_exit. */
announce();
database_initialize();
/* Now we wait for user to input command. */
while (current_option != mo_exit) {
current_option = show_menu(account_id);
switch(current_option) {
case mo_new:
create_new_account();
break;
case mo_reset:
reset_passwd();
break;
case mo_loss:
report_loss();
break;
case mo_login:
login(account_id);
break;
case mo_query:
query(account_id);
break;
case mo_store:
store_money(account_id);
break;
case mo_draw:
draw_money(account_id);
break;
case mo_renewal:
renewal(account_id);
break;
case mo_change_passwd:
change_passwd(account_id);
break;
case mo_logout:
logout(account_id);
break;
case mo_exit:
case mo_invalid:
default:
break;
} /* switch */
} /* while */
database_close();
exit(EXIT_SUCCESS);
}
/*
* gpasswd - administer the /etc/group file
*/
int main (int argc, char **argv)
{
struct group grent;
#ifdef SHADOWGRP
struct sgrp sgent;
#endif
struct passwd *pw = NULL;
#ifdef WITH_AUDIT
audit_help_open ();
#endif
sanitize_env ();
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
/*
* Make a note of whether or not this command was invoked by root.
* This will be used to bypass certain checks later on. Also, set
* the real user ID to match the effective user ID. This will
* prevent the invoker from issuing signals which would interfere
* with this command.
*/
bywho = getuid ();
Prog = Basename (argv[0]);
OPENLOG ("gpasswd");
setbuf (stdout, NULL);
setbuf (stderr, NULL);
#ifdef SHADOWGRP
is_shadowgrp = sgr_file_present ();
#endif
/*
* Determine the name of the user that invoked this command. This
* is really hit or miss because there are so many ways that command
* can be executed and so many ways to trip up the routines that
* report the user name.
*/
pw = get_my_pwent ();
if (NULL == pw) {
fprintf (stderr, _("%s: Cannot determine your user name.\n"),
Prog);
SYSLOG ((LOG_WARN,
"Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
exit (E_NOPERM);
}
myname = xstrdup (pw->pw_name);
/*
* Register an exit function to warn for any inconsistency that we
* could create.
*/
if (atexit (do_cleanups) != 0) {
fprintf(stderr, "%s: cannot set exit function\n", Prog);
exit (1);
}
/* Parse the options */
process_flags (argc, argv);
/*
* Replicate the group so it can be modified later on.
*/
#ifdef SHADOWGRP
get_group (&grent, &sgent);
#else
get_group (&grent);
#endif
/*
* Check if the user is allowed to change the password of this group.
*/
#ifdef SHADOWGRP
check_perms (&grent, &sgent);
#else
check_perms (&grent);
#endif
/*
* Removing a password is straight forward. Just set the password
* field to a "".
*/
if (rflg) {
grent.gr_passwd = ""; /* XXX warning: const */
#ifdef SHADOWGRP
sgent.sg_passwd = ""; /* XXX warning: const */
#endif
goto output;
} else if (Rflg) {
/*
* Same thing for restricting the group. Set the password
* field to "!".
*/
grent.gr_passwd = "!"; /* XXX warning: const */
#ifdef SHADOWGRP
sgent.sg_passwd = "!"; /* XXX warning: const */
#endif
goto output;
}
/*
* Adding a member to a member list is pretty straightforward as
* well. Call the appropriate routine and split.
*/
if (aflg) {
printf (_("Adding user %s to group %s\n"), user, group);
grent.gr_mem = add_list (grent.gr_mem, user);
#ifdef SHADOWGRP
if (is_shadowgrp) {
sgent.sg_mem = add_list (sgent.sg_mem, user);
}
#endif
goto output;
}
/*
* Removing a member from the member list is the same deal as adding
* one, except the routine is different.
*/
if (dflg) {
bool removed = false;
printf (_("Removing user %s from group %s\n"), user, group);
if (is_on_list (grent.gr_mem, user)) {
removed = true;
grent.gr_mem = del_list (grent.gr_mem, user);
}
#ifdef SHADOWGRP
if (is_shadowgrp) {
if (is_on_list (sgent.sg_mem, user)) {
removed = true;
sgent.sg_mem = del_list (sgent.sg_mem, user);
}
}
#endif
if (!removed) {
fprintf (stderr,
_("%s: user '%s' is not a member of '%s'\n"),
Prog, user, group);
exit (E_BAD_ARG);
}
goto output;
}
#ifdef SHADOWGRP
/*
* Replacing the entire list of administrators is simple. Check the
* list to make sure everyone is a real user. Then slap the new list
* in place.
*/
if (Aflg) {
sgent.sg_adm = comma_to_list (admins);
if (!Mflg) {
goto output;
}
}
#endif /* SHADOWGRP */
/*
* Replacing the entire list of members is simple. Check the list to
* make sure everyone is a real user. Then slap the new list in
* place.
*/
if (Mflg) {
#ifdef SHADOWGRP
sgent.sg_mem = comma_to_list (members);
#endif
grent.gr_mem = comma_to_list (members);
goto output;
}
/*
* If the password is being changed, the input and output must both
* be a tty. The typical keyboard signals are caught so the termio
* modes can be restored.
*/
if ((isatty (0) == 0) || (isatty (1) == 0)) {
fprintf (stderr, _("%s: Not a tty\n"), Prog);
exit (E_NOPERM);
}
catch_signals (0); /* save tty modes */
(void) signal (SIGHUP, catch_signals);
(void) signal (SIGINT, catch_signals);
(void) signal (SIGQUIT, catch_signals);
(void) signal (SIGTERM, catch_signals);
#ifdef SIGTSTP
(void) signal (SIGTSTP, catch_signals);
#endif
/* Prompt for the new password */
#ifdef SHADOWGRP
change_passwd (&grent, &sgent);
#else
change_passwd (&grent);
#endif
/*
* This is the common arrival point to output the new group file.
* The freshly crafted entry is in allocated space. The group file
* will be locked and opened for writing. The new entry will be
* output, etc.
*/
output:
if (setuid (0) != 0) {
fputs (_("Cannot change ID to root.\n"), stderr);
SYSLOG ((LOG_ERR, "can't setuid(0)"));
closelog ();
exit (E_NOPERM);
}
pwd_init ();
open_files ();
#ifdef SHADOWGRP
update_group (&grent, &sgent);
#else
update_group (&grent);
#endif
close_files ();
nscd_flush_cache ("group");
exit (E_SUCCESS);
}
