MFC: r285133,r285136,r285137,r285156,r285157,r285158,r285256,r285318,r285395,

r285396,r285398,r285401,r285403,r285405,r285406,r285408,r285409,r285411,
r285412,r285413,r285415,r285418,r285430,r285433,r285434,r285442,r285948,
r285984,r285985,r285989,r285996,r285997,r286045,r286047,r286066,r286150,
r286151,r286152,r286154,r286155,r286156,r286157,r286173,r286196,r286197,
r286198,r286199,r286200,r286201,r286202,r286203,r286204,r286210,r286211,
r286217,r286218,r286258,r286259,r286341,r286775,r286982,r286986,r286991,
r286993

Validate most pw inputs.
Rewrite the way parsing sub arguments is made to simplify code and improve
maintenability
Add -y (NIS) to userdel/usermod
pw userdel -r <rootdir> now deletes directories in the rootdir
Only parse pw.conf when needed
Reject usermod and userdel if the user concerned is not on the user database
supposed to be manipulated
This commit is contained in:
bapt 2015-08-23 21:42:27 +00:00
parent e7eeb94654
commit 99f1ebbac6
27 changed files with 3089 additions and 2010 deletions

@ -5,8 +5,8 @@
PROG= pw
MAN= pw.conf.5 pw.8
SRCS= pw.c pw_conf.c pw_user.c pw_group.c pw_log.c pw_nis.c pw_vpw.c \
grupd.c pwupd.c fileupd.c psdate.c \
bitmap.c cpdir.c rm_r.c
grupd.c pwupd.c psdate.c bitmap.c cpdir.c rm_r.c strtounum.c \
pw_utils.c
WARNS?= 3

@ -29,103 +29,96 @@ static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <dirent.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <dirent.h>
#include "pw.h"
#include "pwupd.h"
void
copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid)
copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid,
gid_t gid, int flags)
{
char src[MAXPATHLEN];
char dst[MAXPATHLEN];
char lnk[MAXPATHLEN];
int len;
char *p, lnk[MAXPATHLEN], copybuf[4096];
int len, homefd, srcfd, destfd;
ssize_t sz;
struct stat st;
struct dirent *e;
DIR *d;
if (mkdir(dir, mode) != 0 && errno != EEXIST) {
if (*dir == '/')
dir++;
if (mkdirat(rootfd, dir, mode) != 0 && errno != EEXIST) {
warn("mkdir(%s)", dir);
} else {
int infd, outfd;
struct stat st;
static char counter = 0;
static char *copybuf = NULL;
++counter;
chown(dir, uid, gid);
if (skel != NULL && *skel != '\0') {
DIR *d = opendir(skel);
if (d != NULL) {
struct dirent *e;
while ((e = readdir(d)) != NULL) {
char *p = e->d_name;
if (snprintf(src, sizeof(src), "%s/%s", skel, p) >= (int)sizeof(src))
warn("warning: pathname too long '%s/%s' (skel not copied)", skel, p);
else if (lstat(src, &st) == 0) {
if (strncmp(p, "dot.", 4) == 0) /* Conversion */
p += 3;
if (snprintf(dst, sizeof(dst), "%s/%s", dir, p) >= (int)sizeof(dst))
warn("warning: path too long '%s/%s' (skel file skipped)", dir, p);
else {
if (S_ISDIR(st.st_mode)) { /* Recurse for this */
if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0)
copymkdir(dst, src, st.st_mode & _DEF_DIRMODE, uid, gid);
chflags(dst, st.st_flags); /* propagate flags */
} else if (S_ISLNK(st.st_mode) && (len = readlink(src, lnk, sizeof(lnk) - 1)) != -1) {
lnk[len] = '\0';
symlink(lnk, dst);
lchown(dst, uid, gid);
/*
* Note: don't propagate special attributes
* but do propagate file flags
*/
} else if (S_ISREG(st.st_mode) && (outfd = open(dst, O_RDWR | O_CREAT | O_EXCL, st.st_mode)) != -1) {
if ((infd = open(src, O_RDONLY)) == -1) {
close(outfd);
remove(dst);
} else {
int b;
/*
* Allocate our copy buffer if we need to
*/
if (copybuf == NULL)
copybuf = malloc(4096);
while ((b = read(infd, copybuf, 4096)) > 0)
write(outfd, copybuf, b);
close(infd);
/*
* Propagate special filesystem flags
*/
fchown(outfd, uid, gid);
fchflags(outfd, st.st_flags);
close(outfd);
chown(dst, uid, gid);
}
}
}
}
}
closedir(d);
}
}
if (--counter == 0 && copybuf != NULL) {
free(copybuf);
copybuf = NULL;
}
return;
}
}
fchownat(rootfd, dir, uid, gid, AT_SYMLINK_NOFOLLOW);
if (flags > 0)
chflagsat(rootfd, dir, flags, AT_SYMLINK_NOFOLLOW);
if (skelfd == -1)
return;
homefd = openat(rootfd, dir, O_DIRECTORY);
if ((d = fdopendir(skelfd)) == NULL) {
close(skelfd);
close(homefd);
return;
}
while ((e = readdir(d)) != NULL) {
if (strcmp(e->d_name, ".") == 0 || strcmp(e->d_name, "..") == 0)
continue;
p = e->d_name;
if (fstatat(skelfd, p, &st, AT_SYMLINK_NOFOLLOW) == -1)
continue;
if (strncmp(p, "dot.", 4) == 0) /* Conversion */
p += 3;
if (S_ISDIR(st.st_mode)) {
copymkdir(homefd, p, openat(skelfd, e->d_name, O_DIRECTORY),
st.st_mode & _DEF_DIRMODE, uid, gid, st.st_flags);
continue;
}
if (S_ISLNK(st.st_mode) &&
(len = readlinkat(skelfd, e->d_name, lnk, sizeof(lnk) -1))
!= -1) {
lnk[len] = '\0';
symlinkat(lnk, homefd, p);
fchownat(homefd, p, uid, gid, AT_SYMLINK_NOFOLLOW);
continue;
}
if (!S_ISREG(st.st_mode))
continue;
if ((srcfd = openat(skelfd, e->d_name, O_RDONLY)) == -1)
continue;
destfd = openat(homefd, p, O_RDWR | O_CREAT | O_EXCL,
st.st_mode);
if (destfd == -1) {
close(srcfd);
continue;
}
while ((sz = read(srcfd, copybuf, sizeof(copybuf))) > 0)
write(destfd, copybuf, sz);
close(srcfd);
/*
* Propagate special filesystem flags
*/
fchown(destfd, uid, gid);
fchflags(destfd, st.st_flags);
close(destfd);
}
closedir(d);
}

@ -1,47 +0,0 @@
/*-
* Copyright (C) 1996
* David L. Nugent. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <stdlib.h>
#include "pwupd.h"
int
extendarray(char ***buf, int * buflen, int needed)
{
if (needed > *buflen) {
char **tmp = realloc(*buf, needed * sizeof(char *));
if (tmp == NULL)
return -1;
*buf = tmp;
*buflen = needed;
}
return *buflen;
}

@ -29,13 +29,11 @@ static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <err.h>
#include <grp.h>
#include <libutil.h>
#include <err.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/param.h>
#include "pwupd.h"

@ -29,29 +29,15 @@ static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <stdio.h>
#include <ctype.h>
#include <err.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <xlocale.h>
#include "psdate.h"
static int
a2i(char const ** str)
{
int i = 0;
char const *s = *str;
if (isdigit((unsigned char)*s)) {
i = atoi(s);
while (isdigit((unsigned char)*s))
++s;
*str = s;
}
return i;
}
static int
numerics(char const * str)
{
@ -95,61 +81,73 @@ weekday(char const ** str)
return aindex(days, str, 3);
}
static int
month(char const ** str)
{
static char const *months[] =
{"jan", "feb", "mar", "apr", "may", "jun", "jul",
"aug", "sep", "oct", "nov", "dec", NULL};
return aindex(months, str, 3);
}
static void
parse_time(char const * str, int *hour, int *min, int *sec)
parse_datesub(char const * str, struct tm *t)
{
*hour = a2i(&str);
if ((str = strchr(str, ':')) == NULL)
*min = *sec = 0;
else {
++str;
*min = a2i(&str);
*sec = ((str = strchr(str, ':')) == NULL) ? 0 : atoi(++str);
struct tm tm;
locale_t l;
int i;
char *ret;
const char *valid_formats[] = {
"%d-%b-%y",
"%d-%b-%Y",
"%d-%m-%y",
"%d-%m-%Y",
"%H:%M %d-%b-%y",
"%H:%M %d-%b-%Y",
"%H:%M %d-%m-%y",
"%H:%M %d-%m-%Y",
"%H:%M:%S %d-%b-%y",
"%H:%M:%S %d-%b-%Y",
"%H:%M:%S %d-%m-%y",
"%H:%M:%S %d-%m-%Y",
"%d-%b-%y %H:%M",
"%d-%b-%Y %H:%M",
"%d-%m-%y %H:%M",
"%d-%m-%Y %H:%M",
"%d-%b-%y %H:%M:%S",
"%d-%b-%Y %H:%M:%S",
"%d-%m-%y %H:%M:%S",
"%d-%m-%Y %H:%M:%S",
"%H:%M\t%d-%b-%y",
"%H:%M\t%d-%b-%Y",
"%H:%M\t%d-%m-%y",
"%H:%M\t%d-%m-%Y",
"%H:%M\t%S %d-%b-%y",
"%H:%M\t%S %d-%b-%Y",
"%H:%M\t%S %d-%m-%y",
"%H:%M\t%S %d-%m-%Y",
"%d-%b-%y\t%H:%M",
"%d-%b-%Y\t%H:%M",
"%d-%m-%y\t%H:%M",
"%d-%m-%Y\t%H:%M",
"%d-%b-%y\t%H:%M:%S",
"%d-%b-%Y\t%H:%M:%S",
"%d-%m-%y\t%H:%M:%S",
"%d-%m-%Y\t%H:%M:%S",
NULL,
};
l = newlocale(LC_ALL_MASK, "C", NULL);
memset(&tm, 0, sizeof(tm));
for (i=0; valid_formats[i] != NULL; i++) {
ret = strptime_l(str, valid_formats[i], &tm, l);
if (ret && *ret == '\0') {
t->tm_mday = tm.tm_mday;
t->tm_mon = tm.tm_mon;
t->tm_year = tm.tm_year;
t->tm_hour = tm.tm_hour;
t->tm_min = tm.tm_min;
t->tm_sec = tm.tm_sec;
freelocale(l);
return;
}
}
}
freelocale(l);
static void
parse_datesub(char const * str, int *day, int *mon, int *year)
{
int i;
static char const nchrs[] = "0123456789 \t,/-.";
if ((i = month(&str)) != -1) {
*mon = i;
if ((i = a2i(&str)) != 0)
*day = i;
} else if ((i = a2i(&str)) != 0) {
*day = i;
while (*str && strchr(nchrs + 10, *str) != NULL)
++str;
if ((i = month(&str)) != -1)
*mon = i;
else if ((i = a2i(&str)) != 0)
*mon = i - 1;
} else
return;
while (*str && strchr(nchrs + 10, *str) != NULL)
++str;
if (isdigit((unsigned char)*str)) {
*year = atoi(str);
if (*year > 1900)
*year -= 1900;
else if (*year < 32)
*year += 100;
}
errx(EXIT_FAILURE, "Invalid date");
}
@ -256,39 +254,7 @@ parse_date(time_t dt, char const * str)
}
}
/*
* See if there is a time hh:mm[:ss]
*/
if ((p = strchr(tmp, ':')) == NULL) {
/*
* No time string involved
*/
T->tm_hour = T->tm_min = T->tm_sec = 0;
parse_datesub(tmp, &T->tm_mday, &T->tm_mon, &T->tm_year);
} else {
char datestr[64], timestr[64];
/*
* Let's chip off the time string
*/
if ((q = strpbrk(p, " \t")) != NULL) { /* Time first? */
int l = q - str;
strlcpy(timestr, str, l + 1);
strlcpy(datestr, q + 1, sizeof(datestr));
parse_time(timestr, &T->tm_hour, &T->tm_min, &T->tm_sec);
parse_datesub(datestr, &T->tm_mday, &T->tm_mon, &T->tm_year);
} else if ((q = strrchr(tmp, ' ')) != NULL) { /* Time last */
int l = q - tmp;
strlcpy(timestr, q + 1, sizeof(timestr));
strlcpy(datestr, tmp, l + 1);
} else /* Bail out */
return dt;
parse_time(timestr, &T->tm_hour, &T->tm_min, &T->tm_sec);
parse_datesub(datestr, &T->tm_mday, &T->tm_mon, &T->tm_year);
}
parse_datesub(tmp, T);
dt = mktime(T);
}
return dt;

@ -35,11 +35,9 @@
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar useradd
.Op name|uid
.Oo Fl n Oc name Oo Fl u Ar uid Oc
.Op Fl C Ar config
.Op Fl q
.Op Fl n Ar name
.Op Fl u Ar uid
.Op Fl c Ar comment
.Op Fl d Ar dir
.Op Fl e Ar date
@ -61,7 +59,6 @@
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar useradd
.Op name|uid
.Fl D
.Op Fl C Ar config
.Op Fl q
@ -81,27 +78,23 @@
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar userdel
.Op name|uid
.Op Fl n Ar name
.Op Fl u Ar uid
.Oo Fl n Oc name|uid | Fl u Ar uid
.Op Fl r
.Op Fl Y
.Nm
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar usermod
.Op name|uid
.Oo Fl n Oc name|uid Oo Fl u Ar newuid Oc | Fl u Ar uid
.Op Fl C Ar config
.Op Fl q
.Op Fl n Ar name
.Op Fl u Ar uid
.Op Fl c Ar comment
.Op Fl d Ar dir
.Op Fl e Ar date
.Op Fl p Ar date
.Op Fl g Ar group
.Op Fl G Ar grouplist
.Op Fl l Ar name
.Op Fl l Ar newname
.Op Fl m
.Op Fl M Ar mode
.Op Fl k Ar dir
@ -116,9 +109,7 @@
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar usershow
.Op name|uid
.Op Fl n Ar name
.Op Fl u Ar uid
.Oo Fl n Oc name|uid | Fl u Ar uid
.Op Fl F
.Op Fl P
.Op Fl 7
@ -133,11 +124,9 @@
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupadd
.Op group|gid
.Oo Fl n Oc name Oo Fl g Ar gid Oc
.Op Fl C Ar config
.Op Fl q
.Op Fl n Ar group
.Op Fl g Ar gid
.Op Fl M Ar members
.Op Fl o
.Op Fl h Ar fd | Fl H Ar fd
@ -148,20 +137,16 @@
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupdel
.Op group|gid
.Op Fl n Ar name
.Op Fl g Ar gid
.Oo Fl n Oc name|gid | Fl g Ar gid
.Op Fl Y
.Nm
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupmod
.Op group|gid
.Oo Fl n Oc name|gid Oo Fl g Ar newgid Oc | Fl g Ar gid
.Op Fl C Ar config
.Op Fl q
.Op Fl n Ar name
.Op Fl g Ar gid
.Op Fl l Ar name
.Op Fl l Ar newname
.Op Fl M Ar members
.Op Fl m Ar newmembers
.Op Fl d Ar oldmembers
@ -173,9 +158,7 @@
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar groupshow
.Op group|gid
.Op Fl n Ar name
.Op Fl g Ar gid
.Oo Fl n Oc name|gid | Fl g Ar gid
.Op Fl F
.Op Fl P
.Op Fl a
@ -189,14 +172,14 @@
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar lock
.Op name|uid
.Oo Fl n Oc name|uid | Fl u Ar uid
.Op Fl C Ar config
.Op Fl q
.Nm
.Op Fl R Ar rootdir
.Op Fl V Ar etcdir
.Ar unlock
.Op name|uid
.Oo Fl n Oc name|uid | Fl u Ar uid
.Op Fl C Ar config
.Op Fl q
.Sh DESCRIPTION
@ -250,8 +233,9 @@ all mean the same thing.)
This flexibility is useful for interactive scripts calling
.Nm
for user and group database manipulation.
Following these keywords, you may optionally specify the user or group name or numeric
id as an alternative to using the
Following these keywords,
the user or group name or numeric id may be optionally specified as an
alternative to using the
.Fl n Ar name ,
.Fl u Ar uid ,
.Fl g Ar gid
@ -266,12 +250,13 @@ will operate.
Any paths specified will be relative to
.Va rootdir .
.It Fl V Ar etcdir
This flag sets an alternate location for the password, group and configuration files,
and may be used to maintain a user/group database in an alternate location.
Set an alternate location for the password, group, and configuration files.
Can be used to maintain a user/group database in an alternate location.
If this switch is specified, the system
.Pa /etc/pw.conf
will not be sourced for default configuration data, but the file pw.conf in the
specified directory will be used instead (or none, if it does not exist).
will not be sourced for default configuration data,
but the file pw.conf in the specified directory will be used instead
.Pq or none, if it does not exist .
The
.Fl C
flag may be used to override this behaviour.
@ -294,7 +279,8 @@ configuration file.
.It Fl q
Use of this option causes
.Nm
to suppress error messages, which may be useful in interactive environments where it
to suppress error messages,
which may be useful in interactive environments where it
is preferable to interpret status codes returned by
.Nm
rather than messing up a carefully formatted display.
@ -338,27 +324,40 @@ and
.Ar usermod
commands:
.Bl -tag -width "-G grouplist"
.It Fl n Ar name
.It Oo Fl n Oc Ar name
Required unless
.Fl u Ar uid
is given.
Specify the user/account name.
In the case of
.Ar usermod
can be a uid.
.It Fl u Ar uid
Required if
.Ar name
is not given.
Specify the user/account numeric id.
In the case of
.Ar usermod
if paired with
.Ar name ,
changes the numeric id of the named user/account.
.Pp
Usually, you only need to provide one or the other of these options, as the account
name will imply the uid, or vice versa.
However, there are times when you need to provide both.
Usually, only one of these options is required,
as the account name will imply the uid, or vice versa.
However, there are times when both are needed.
For example, when changing the uid of an existing user with
.Ar usermod ,
or overriding the default uid when creating a new account.
If you wish
.Nm
to automatically allocate the uid to a new user with
or overriding the default uid when creating a new account with
.Ar useradd .
To automatically allocate the uid to a new user with
.Ar useradd ,
then you should
then do
.Em not
use the
.Fl u
option.
You may also provide either the account or userid immediately after the
Either the account or userid can also be provided immediately after the
.Ar useradd ,
.Ar userdel ,
.Ar usermod
@ -372,21 +371,23 @@ options.
.El
.Bl -tag -width "-G grouplist"
.It Fl c Ar comment
This field sets the contents of the passwd GECOS field, which normally contains up
to four comma-separated fields containing the user's full name, office or location,
This field sets the contents of the passwd GECOS field,
which normally contains up to four comma-separated fields containing the
user's full name, office or location,
and work and home phone numbers.
These sub-fields are used by convention only, however, and are optional.
If this field is to contain spaces, you need to quote the comment itself with double
quotes
If this field is to contain spaces,
the comment must be enclosed in double quotes
.Ql \&" .
Avoid using commas in this field as these are used as sub-field separators, and the
colon
Avoid using commas in this field as these are used as sub-field separators,
and the colon
.Ql \&:
character also cannot be used as this is the field separator for the passwd
file itself.
.It Fl d Ar dir
This option sets the account's home directory.
Normally, you will only use this if the home directory is to be different from the
Normally,
this is only used if the home directory is to be different from the
default determined from
.Pa /etc/pw.conf
- normally
@ -396,13 +397,15 @@ with the account name as a subdirectory.
Set the account's expiration date.
Format of the date is either a UNIX time in decimal, or a date in
.Ql dd-mmm-yy[yy]
format, where dd is the day, mmm is the month, either in numeric or alphabetic format
format, where dd is the day,
mmm is the month, either in numeric or alphabetic format
('Jan', 'Feb', etc) and year is either a two or four digit year.
This option also accepts a relative date in the form
.Ql \&+n[mhdwoy]
where
.Ql \&n
is a decimal, octal (leading 0) or hexadecimal (leading 0x) digit followed by the
is a decimal,
octal (leading 0) or hexadecimal (leading 0x) digit followed by the
number of Minutes, Hours, Days, Weeks, Months or Years from the current date at
which the expiration date is to be set.
.It Fl p Ar date
@ -442,8 +445,8 @@ This option instructs
to attempt to create the user's home directory.
While primarily useful when adding a new account with
.Ar useradd ,
this may also be of use when moving an existing user's home directory elsewhere on
the file system.
this may also be of use when moving an existing user's home directory elsewhere
on the file system.
The new home directory is populated with the contents of the
.Ar skeleton
directory, which typically contains a set of shell configuration files that the
@ -461,7 +464,8 @@ existing configuration files in the user's home directory are
.Em not
overwritten from the skeleton files.
.Pp
When a user's home directory is created, it will by default be a subdirectory of the
When a user's home directory is created,
it will by default be a subdirectory of the
.Ar basehome
directory as specified by the
.Fl b
@ -599,10 +603,13 @@ The default value for this is
but it may be set elsewhere as desired.
.It Fl e Ar days
Set the default account expiration period in days.
Unlike use without
.Fl D ,
the argument must be numeric, which specifies the number of days after creation when
the account is to expire.
When
.Fl D
is used, the
.Ar days
argument is interpreted differently.
It must be numeric and represents the number of days after creation
that the account expires.
A value of 0 suppresses automatic calculation of the expiry date.
.It Fl p Ar days
Set the default password expiration period in days.
@ -615,8 +622,8 @@ with the same name as their login name.
If a group is supplied, either its name or uid may be given as an argument.
.It Fl G Ar grouplist
Set the default groups in which new users are granted membership.
This is a separate set of groups from the primary group, and you should avoid
nominating the same group as both primary and extra groups.
This is a separate set of groups from the primary group.
Avoid nominating the same group as both primary and extra groups.
In other words, these extra groups determine membership in groups
.Em other than
the primary group.
@ -630,7 +637,8 @@ This option sets the default login class for new users.
.It Fl k Ar dir
Set the default
.Em skeleton
directory, from which prototype shell and other initialization files are copied when
directory,
from which prototype shell and other initialization files are copied when
.Nm
creates a user's home directory.
See description of
@ -640,22 +648,24 @@ for naming conventions of these files.
.Fl u Ar min , Ns Ar max ,
.Fl i Ar min , Ns Ar max
.Xc
These options set the minimum and maximum user and group ids allocated for new accounts
and groups created by
Set the minimum and maximum user and group ids allocated for new
accounts and groups created by
.Nm .
The default values for each is 1000 minimum and 32000 maximum.
.Ar min
and
.Ar max
are both numbers, where max must be greater than min, and both must be between 0
and 32767.
In general, user and group ids less than 100 are reserved for use by the system,
and numbers greater than 32000 may also be reserved for special purposes (used by
some system daemons).
are both numbers, where max must be greater than min,
and both must be between 0 and 32767.
In general,
user and group ids less than 100 are reserved for use by the system,
and numbers greater than 32000 may also be reserved for special purposes
.Pq used by some system daemons .
.It Fl w Ar method
The
.Fl w
option sets the default method used to set passwords for newly created user accounts.
option selects the default method used to set passwords for newly created user
accounts.
.Ar method
is one of:
.Pp
@ -676,9 +686,11 @@ or
.Ql \&no
methods are the most secure; in the former case,
.Nm
generates a password and prints it to stdout, which is suitable where you issue
users with passwords to access their accounts rather than having the user nominate
their own (possibly poorly chosen) password.
generates a password and prints it to stdout,
which is suitable when users are issued passwords rather than being allowed
to select their own
.Pq possibly poorly chosen
password.
The
.Ql \&no
method requires that the superuser use
@ -699,7 +711,7 @@ servers.
.Pp
The
.Ar userdel
command has only three valid options.
command has three distinct options.
The
.Fl n Ar name
and
@ -714,7 +726,8 @@ to remove the user's home directory and all of its contents.
The
.Nm
utility errs on the side of caution when removing files from the system.
Firstly, it will not do so if the uid of the account being removed is also used by
Firstly,
it will not do so if the uid of the account being removed is also used by
another account on the system, and the 'home' directory in the password file is
a valid path that commences with the character
.Ql \&/ .
@ -725,20 +738,20 @@ will be removed.
If any additional cleanup work is required, this is left to the administrator.
.El
.Pp
Mail spool files and crontabs are always removed when an account is deleted as these
are unconditionally attached to the user name.
Mail spool files and crontabs are always removed when an account is deleted as
these are unconditionally attached to the user name.
Jobs queued for processing by
.Ar at
are also removed if the user's uid is unique and not also used by another account on the
system.
are also removed if the user's uid is unique and not also used by another
account on the system.
.Pp
The
.Ar usermod
command adds one additional option:
.Bl -tag -width "-G grouplist"
.It Fl l Ar name
.It Fl l Ar newname
This option allows changing of an existing account name to
.Ql \&name .
.Ql \&newname .
The new name must not already exist, and any attempt to duplicate an
existing account name will be rejected.
.El
@ -782,10 +795,24 @@ options (explained at the start of the previous section) are available
with the group manipulation commands.
Other common options to all group-related commands are:
.Bl -tag -width "-m newmembers"
.It Fl n Ar name
.It Oo Fl n Oc Ar name
Required unless
.Fl g Ar gid
is given.
Specify the group name.
In the case of
.Ar groupmod
can be a gid.
.It Fl g Ar gid
Required if
.Ar name
is not given.
Specify the group numeric id.
In the case of
.Ar groupmod
if paired with
.Ar name ,
changes the numeric id of the named group.
.Pp
As with the account name and id fields, you will usually only need
to supply one of these, as the group name implies the uid and vice
@ -822,18 +849,19 @@ silently eliminated.
also has a
.Fl o
option that allows allocation of an existing group id to a new group.
The default action is to reject an attempt to add a group, and this option overrides
the check for duplicate group ids.
The default action is to reject an attempt to add a group,
and this option overrides the check for duplicate group ids.
There is rarely any need to duplicate a group id.
.Pp
The
.Ar groupmod
command adds one additional option:
.Bl -tag -width "-m newmembers"
.It Fl l Ar name
.It Fl l Ar newname
This option allows changing of an existing group name to
.Ql \&name .
The new name must not already exist, and any attempt to duplicate an existing group
.Ql \&newname .
The new name must not already exist,
and any attempt to duplicate an existing group
name will be rejected.
.El
.Pp

@ -32,14 +32,12 @@ static const char rcsid[] =
#include <err.h>
#include <fcntl.h>
#include <locale.h>
#include <paths.h>
#include <stdbool.h>
#include <sys/wait.h>
#include <string.h>
#include <sysexits.h>
#include <unistd.h>
#include "pw.h"
#if !defined(_PATH_YP)
#define _PATH_YP "/var/yp/"
#endif
const char *Modes[] = {
"add", "del", "mod", "show", "next",
NULL};
@ -85,71 +83,53 @@ struct pwf VPWF =
vgetgrnam,
};
static int (*cmdfunc[W_NUM][M_NUM])(int argc, char **argv, char *_name) = {
{ /* user */
pw_user_add,
pw_user_del,
pw_user_mod,
pw_user_show,
pw_user_next,
pw_user_lock,
pw_user_unlock,
},
{ /* group */
pw_group_add,
pw_group_del,
pw_group_mod,
pw_group_show,
pw_group_next,
}
};
struct pwconf conf;
static struct cargs arglist;
static int getindex(const char *words[], const char *word);
static void cmdhelp(int mode, int which);
static int getindex(const char *words[], const char *word);
static void cmdhelp(int mode, int which);
int
main(int argc, char *argv[])
{
int ch;
int mode = -1;
int which = -1;
long id = -1;
char *config = NULL;
int mode = -1, which = -1, tmp;
struct stat st;
const char *errstr;
char arg, *name;
char arg, *arg1;
bool relocated, nis;
static const char *opts[W_NUM][M_NUM] =
{
{ /* user */
"R:V:C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y",
"R:V:C:qn:u:rY",
"R:V:C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:FNPY",
"R:V:C:qn:u:FPa7",
"R:V:C:q",
"R:V:C:q",
"R:V:C:q"
},
{ /* grp */
"R:V:C:qn:g:h:H:M:opNPY",
"R:V:C:qn:g:Y",
"R:V:C:qn:d:g:l:h:H:FM:m:NPY",
"R:V:C:qn:g:FPa",
"R:V:C:q"
}
};
static int (*funcs[W_NUM]) (int _mode, char *_name, long _id,
struct cargs * _args) =
{ /* Request handlers */
pw_user,
pw_group
};
name = NULL;
arg1 = NULL;
relocated = nis = false;
memset(&conf, 0, sizeof(conf));
strlcpy(conf.rootdir, "/", sizeof(conf.rootdir));
strlcpy(conf.etcpath, _PATH_PWD, sizeof(conf.etcpath));
conf.checkduplicate = true;
conf.fd = -1;
LIST_INIT(&arglist);
(void)setlocale(LC_ALL, "");
setlocale(LC_ALL, "");
/*
* Break off the first couple of words to determine what exactly
* we're being asked to do
*/
while (argc > 1) {
int tmp;
if (*argv[1] == '-') {
/*
* Special case, allow pw -V<dir> <operation> [args] for scripts etc.
@ -195,15 +175,9 @@ main(int argc, char *argv[])
mode = tmp % M_NUM;
} else if (strcmp(argv[1], "help") == 0 && argv[2] == NULL)
cmdhelp(mode, which);
else if (which != -1 && mode != -1) {
if (strspn(argv[1], "0123456789") == strlen(argv[1])) {
id = strtonum(argv[1], 0, LONG_MAX, &errstr);
if (errstr != NULL)
errx(EX_USAGE, "Bad id '%s': %s",
argv[1], errstr);
} else
name = argv[1];
} else
else if (which != -1 && mode != -1)
arg1 = argv[1];
else
errx(EX_USAGE, "unknown keyword `%s'", argv[1]);
++argv;
--argc;
@ -215,155 +189,25 @@ main(int argc, char *argv[])
if (mode == -1 || which == -1)
cmdhelp(mode, which);
/*
* We know which mode we're in and what we're about to do, so now
* let's dispatch the remaining command line args in a genric way.
*/
optarg = NULL;
conf.rootfd = open(conf.rootdir, O_DIRECTORY|O_CLOEXEC);
if (conf.rootfd == -1)
errx(EXIT_FAILURE, "Unable to open '%s'", conf.rootdir);
while ((ch = getopt(argc, argv, opts[which][mode])) != -1) {
switch (ch) {
case '?':
errx(EX_USAGE, "unknown switch");
break;
case '7':
conf.v7 = true;
break;
case 'C':
conf.config = optarg;
config = conf.config;
break;
case 'N':
conf.dryrun = true;
break;
case 'l':
if (strlen(optarg) >= MAXLOGNAME)
errx(EX_USAGE, "new name too long: %s", optarg);
conf.newname = optarg;
break;
case 'P':
conf.pretty = true;
break;
case 'Y':
nis = true;
break;
case 'g':
if (which == 0) { /* for user* */
addarg(&arglist, 'g', optarg);
break;
}
if (strspn(optarg, "0123456789") != strlen(optarg))
errx(EX_USAGE, "-g expects a number");
id = strtonum(optarg, 0, LONG_MAX, &errstr);
if (errstr != NULL)
errx(EX_USAGE, "Bad id '%s': %s", optarg,
errstr);
break;
case 'u':
if (strspn(optarg, "0123456789,") != strlen(optarg))
errx(EX_USAGE, "-u expects a number");
if (strchr(optarg, ',') != NULL) {
addarg(&arglist, 'u', optarg);
break;
}
id = strtonum(optarg, 0, LONG_MAX, &errstr);
if (errstr != NULL)
errx(EX_USAGE, "Bad id '%s': %s", optarg,
errstr);
break;
case 'n':
if (strspn(optarg, "0123456789") != strlen(optarg)) {
name = optarg;
break;
}
id = strtonum(optarg, 0, LONG_MAX, &errstr);
if (errstr != NULL)
errx(EX_USAGE, "Bad id '%s': %s", optarg,
errstr);
break;
case 'o':
conf.checkduplicate = false;
break;
default:
addarg(&arglist, ch, optarg);
break;
}
optarg = NULL;
}
if (name != NULL && strlen(name) >= MAXLOGNAME)
errx(EX_USAGE, "name too long: %s", name);
/*
* Must be root to attempt an update
*/
if (geteuid() != 0 && mode != M_PRINT && mode != M_NEXT && !conf.dryrun)
errx(EX_NOPERM, "you must be root to run this program");
/*
* We should immediately look for the -q 'quiet' switch so that we
* don't bother with extraneous errors
*/
if (getarg(&arglist, 'q') != NULL)
freopen(_PATH_DEVNULL, "w", stderr);
/*
* Set our base working path if not overridden
*/
if (config == NULL) { /* Only override config location if -C not specified */
asprintf(&config, "%s/pw.conf", conf.etcpath);
if (config == NULL)
errx(EX_OSERR, "out of memory");
}
/*
* Now, let's do the common initialisation
*/
conf.userconf = read_userconfig(config);
ch = funcs[which] (mode, name, id, &arglist);
/*
* If everything went ok, and we've been asked to update
* the NIS maps, then do it now
*/
if (ch == EXIT_SUCCESS && nis) {
pid_t pid;
fflush(NULL);
if (chdir(_PATH_YP) == -1)
warn("chdir(" _PATH_YP ")");
else if ((pid = fork()) == -1)
warn("fork()");
else if (pid == 0) {
/* Is make anywhere else? */
execlp("/usr/bin/make", "make", (char *)NULL);
_exit(1);
} else {
int i;
waitpid(pid, &i, 0);
if ((i = WEXITSTATUS(i)) != 0)
errx(ch, "make exited with status %d", i);
else
pw_log(conf.userconf, mode, which, "NIS maps updated");
}
}
return ch;
return (cmdfunc[which][mode](argc, argv, arg1));
}
static int
getindex(const char *words[], const char *word)
{
int i = 0;
int i = 0;
while (words[i]) {
if (strcmp(words[i], word) == 0)
return i;
return (i);
i++;
}
return -1;
return (-1);
}
@ -413,7 +257,7 @@ cmdhelp(int mode, int which)
" Setting defaults:\n"
"\t-V etcdir alternate /etc location\n"
"\t-R rootir alternate root directory\n"
"\t-D set user defaults\n"
"\t-D set user defaults\n"
"\t-b dir default home root dir\n"
"\t-e period default expiry period\n"
"\t-p period default password change period\n"
@ -433,6 +277,7 @@ cmdhelp(int mode, int which)
"\t-n name login name\n"
"\t-u uid user id\n"
"\t-Y update NIS maps\n"
"\t-y path set NIS passwd file path\n"
"\t-r remove home & contents\n",
"usage: pw usermod [uid|name] [switches]\n"
"\t-V etcdir alternate /etc location\n"
@ -457,6 +302,7 @@ cmdhelp(int mode, int which)
"\t-h fd read password on fd\n"
"\t-H fd read encrypted password on fd\n"
"\t-Y update NIS maps\n"
"\t-y path set NIS passwd file path\n"
"\t-N no update\n",
"usage: pw usershow [uid|name] [switches]\n"
"\t-V etcdir alternate /etc location\n"
@ -533,26 +379,3 @@ cmdhelp(int mode, int which)
}
exit(EXIT_FAILURE);
}
struct carg *
getarg(struct cargs * _args, int ch)
{
struct carg *c = LIST_FIRST(_args);
while (c != NULL && c->ch != ch)
c = LIST_NEXT(c, list);
return c;
}
struct carg *
addarg(struct cargs * _args, int ch, char *argstr)
{
struct carg *ca = malloc(sizeof(struct carg));
if (ca == NULL)
errx(EX_OSERR, "out of memory");
ca->ch = ch;
ca->val = argstr;
LIST_INSERT_HEAD(_args, ca, list);
return ca;
}

@ -26,22 +26,13 @@
* $FreeBSD$
*/
#include <sys/stat.h>
#define _WITH_GETLINE
#include <inttypes.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdarg.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <pwd.h>
#include <grp.h>
#include <sys/queue.h>
#include <sysexits.h>
#include "psdate.h"
#include "pwupd.h"
enum _mode
@ -63,33 +54,44 @@ enum _which
W_NUM
};
struct carg
{
int ch;
char *val;
LIST_ENTRY(carg) list;
};
LIST_HEAD(cargs, carg);
#define _DEF_DIRMODE (S_IRWXU | S_IRWXG | S_IRWXO)
#define _PATH_PW_CONF "/etc/pw.conf"
#define _UC_MAXLINE 1024
#define _UC_MAXSHELLS 32
struct userconf *get_userconfig(const char *cfg);
struct userconf *read_userconfig(char const * file);
int write_userconfig(char const * file);
struct carg *addarg(struct cargs * _args, int ch, char *argstr);
struct carg *getarg(struct cargs * _args, int ch);
int write_userconfig(struct userconf *cnf, char const * file);
int pw_user(int mode, char *name, long id, struct cargs * _args);
int pw_group(int mode, char *name, long id, struct cargs * _args);
int pw_group_add(int argc, char **argv, char *name);
int pw_group_del(int argc, char **argv, char *name);
int pw_group_mod(int argc, char **argv, char *name);
int pw_group_next(int argc, char **argv, char *name);
int pw_group_show(int argc, char **argv, char *name);
int pw_user_add(int argc, char **argv, char *name);
int pw_user_add(int argc, char **argv, char *name);
int pw_user_add(int argc, char **argv, char *name);
int pw_user_add(int argc, char **argv, char *name);
int pw_user_del(int argc, char **argv, char *name);
int pw_user_lock(int argc, char **argv, char *name);
int pw_user_mod(int argc, char **argv, char *name);
int pw_user_next(int argc, char **argv, char *name);
int pw_user_show(int argc, char **argv, char *name);
int pw_user_unlock(int argc, char **argv, char *name);
int pw_groupnext(struct userconf *cnf, bool quiet);
char *pw_checkname(char *name, int gecos);
uintmax_t pw_checkid(char *nptr, uintmax_t maxval);
int pw_checkfd(char *nptr);
int addnispwent(const char *path, struct passwd *pwd);
int delnispwent(const char *path, const char *login);
int chgnispwent(const char *path, const char *login, struct passwd *pwd);
int groupadd(struct userconf *, char *name, gid_t id, char *members, int fd,
bool dryrun, bool pretty, bool precrypted);
int nis_update(void);
int boolean_val(char const * str, int dflt);
char const *boolean_str(int val);
char *newstr(char const * p);
@ -99,3 +101,6 @@ char *pw_pwcrypt(char *password);
extern const char *Modes[];
extern const char *Which[];
uintmax_t strtounum(const char * __restrict, uintmax_t, uintmax_t,
const char ** __restrict);

@ -31,10 +31,11 @@ static const char rcsid[] =
#include <sys/types.h>
#include <sys/sbuf.h>
#include <string.h>
#include <ctype.h>
#include <fcntl.h>
#include <err.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include "pw.h"
@ -104,8 +105,7 @@ static struct userconf config =
1000, 32000, /* Allowed range of uids */
1000, 32000, /* Allowed range of gids */
0, /* Days until account expires */
0, /* Days until password expires */
0 /* size of default_group array */
0 /* Days until password expires */
};
static char const *comments[_UC_FIELDS] =
@ -228,16 +228,13 @@ read_userconfig(char const * file)
{
FILE *fp;
char *buf, *p;
const char *errstr;
size_t linecap;
ssize_t linelen;
buf = NULL;
linecap = 0;
config.numgroups = 200;
config.groups = calloc(config.numgroups, sizeof(char *));
if (config.groups == NULL)
err(1, "calloc()");
if (file == NULL)
file = _PATH_PW_CONF;
@ -317,40 +314,68 @@ read_userconfig(char const * file)
break;
case _UC_EXTRAGROUPS:
for (i = 0; q != NULL; q = strtok(NULL, toks)) {
if (extendarray(&config.groups, &config.numgroups, i + 2) != -1)
config.groups[i++] = newstr(q);
if (config.groups == NULL)
config.groups = sl_init();
sl_add(config.groups, newstr(q));
}
if (i > 0)
while (i < config.numgroups)
config.groups[i++] = NULL;
break;
case _UC_DEFAULTCLASS:
config.default_class = (q == NULL || !boolean_val(q, 1))
? NULL : newstr(q);
break;
case _UC_MINUID:
if ((q = unquote(q)) != NULL && isdigit(*q))
config.min_uid = (uid_t) atol(q);
if ((q = unquote(q)) != NULL) {
config.min_uid = strtounum(q, 0,
UID_MAX, &errstr);
if (errstr)
warnx("Invalid min_uid: '%s';"
" ignoring", q);
}
break;
case _UC_MAXUID:
if ((q = unquote(q)) != NULL && isdigit(*q))
config.max_uid = (uid_t) atol(q);
if ((q = unquote(q)) != NULL) {
config.max_uid = strtounum(q, 0,
UID_MAX, &errstr);
if (errstr)
warnx("Invalid max_uid: '%s';"
" ignoring", q);
}
break;
case _UC_MINGID:
if ((q = unquote(q)) != NULL && isdigit(*q))
config.min_gid = (gid_t) atol(q);
if ((q = unquote(q)) != NULL) {
config.min_gid = strtounum(q, 0,
GID_MAX, &errstr);
if (errstr)
warnx("Invalid min_gid: '%s';"
" ignoring", q);
}
break;
case _UC_MAXGID:
if ((q = unquote(q)) != NULL && isdigit(*q))
config.max_gid = (gid_t) atol(q);
if ((q = unquote(q)) != NULL) {
config.max_gid = strtounum(q, 0,
GID_MAX, &errstr);
if (errstr)
warnx("Invalid max_gid: '%s';"
" ignoring", q);
}
break;
case _UC_EXPIRE:
if ((q = unquote(q)) != NULL && isdigit(*q))
config.expire_days = atoi(q);
if ((q = unquote(q)) != NULL) {
config.expire_days = strtonum(q, 0,
INT_MAX, &errstr);
if (errstr)
warnx("Invalid expire days:"
" '%s'; ignoring", q);
}
break;
case _UC_PASSWORD:
if ((q = unquote(q)) != NULL && isdigit(*q))
config.password_days = atoi(q);
if ((q = unquote(q)) != NULL) {
config.password_days = strtonum(q, 0,
INT_MAX, &errstr);
if (errstr)
warnx("Invalid password days:"
" '%s'; ignoring", q);
}
break;
case _UC_FIELDS:
case _UC_NONE:
@ -366,7 +391,7 @@ read_userconfig(char const * file)
int
write_userconfig(char const * file)
write_userconfig(struct userconf *cnf, const char *file)
{
int fd;
int i, j;
@ -391,40 +416,39 @@ write_userconfig(char const * file)
sbuf_clear(buf);
switch (i) {
case _UC_DEFAULTPWD:
sbuf_cat(buf, boolean_str(config.default_password));
sbuf_cat(buf, boolean_str(cnf->default_password));
break;
case _UC_REUSEUID:
sbuf_cat(buf, boolean_str(config.reuse_uids));
sbuf_cat(buf, boolean_str(cnf->reuse_uids));
break;
case _UC_REUSEGID:
sbuf_cat(buf, boolean_str(config.reuse_gids));
sbuf_cat(buf, boolean_str(cnf->reuse_gids));
break;
case _UC_NISPASSWD:
sbuf_cat(buf, config.nispasswd ? config.nispasswd :
"");
sbuf_cat(buf, cnf->nispasswd ? cnf->nispasswd : "");
quote = 0;
break;
case _UC_DOTDIR:
sbuf_cat(buf, config.dotdir ? config.dotdir :
sbuf_cat(buf, cnf->dotdir ? cnf->dotdir :
boolean_str(0));
break;
case _UC_NEWMAIL:
sbuf_cat(buf, config.newmail ? config.newmail :
sbuf_cat(buf, cnf->newmail ? cnf->newmail :
boolean_str(0));
break;
case _UC_LOGFILE:
sbuf_cat(buf, config.logfile ? config.logfile :
sbuf_cat(buf, cnf->logfile ? cnf->logfile :
boolean_str(0));
break;
case _UC_HOMEROOT:
sbuf_cat(buf, config.home);
sbuf_cat(buf, cnf->home);
break;
case _UC_HOMEMODE:
sbuf_printf(buf, "%04o", config.homemode);
sbuf_printf(buf, "%04o", cnf->homemode);
quote = 0;
break;
case _UC_SHELLPATH:
sbuf_cat(buf, config.shelldir);
sbuf_cat(buf, cnf->shelldir);
break;
case _UC_SHELLS:
for (j = 0; j < _UC_MAXSHELLS &&
@ -434,46 +458,46 @@ write_userconfig(char const * file)
quote = 0;
break;
case _UC_DEFAULTSHELL:
sbuf_cat(buf, config.shell_default ?
config.shell_default : bourne_shell);
sbuf_cat(buf, cnf->shell_default ?
cnf->shell_default : bourne_shell);
break;
case _UC_DEFAULTGROUP:
sbuf_cat(buf, config.default_group ?
config.default_group : "");
sbuf_cat(buf, cnf->default_group ?
cnf->default_group : "");
break;
case _UC_EXTRAGROUPS:
for (j = 0; j < config.numgroups &&
config.groups[j] != NULL; j++)
for (j = 0; cnf->groups != NULL &&
j < (int)cnf->groups->sl_cur; j++)
sbuf_printf(buf, "%s\"%s\"", j ?
"," : "", config.groups[j]);
"," : "", cnf->groups->sl_str[j]);
quote = 0;
break;
case _UC_DEFAULTCLASS:
sbuf_cat(buf, config.default_class ?
config.default_class : "");
sbuf_cat(buf, cnf->default_class ?
cnf->default_class : "");
break;
case _UC_MINUID:
sbuf_printf(buf, "%u", config.min_uid);
sbuf_printf(buf, "%ju", (uintmax_t)cnf->min_uid);
quote = 0;
break;
case _UC_MAXUID:
sbuf_printf(buf, "%u", config.max_uid);
sbuf_printf(buf, "%ju", (uintmax_t)cnf->max_uid);
quote = 0;
break;
case _UC_MINGID:
sbuf_printf(buf, "%u", config.min_gid);
sbuf_printf(buf, "%ju", (uintmax_t)cnf->min_gid);
quote = 0;
break;
case _UC_MAXGID:
sbuf_printf(buf, "%u", config.max_gid);
sbuf_printf(buf, "%ju", (uintmax_t)cnf->max_gid);
quote = 0;
break;
case _UC_EXPIRE:
sbuf_printf(buf, "%d", config.expire_days);
sbuf_printf(buf, "%jd", (intmax_t)cnf->expire_days);
quote = 0;
break;
case _UC_PASSWORD:
sbuf_printf(buf, "%d", config.password_days);
sbuf_printf(buf, "%jd", (intmax_t)cnf->password_days);
quote = 0;
break;
case _UC_NONE:

@ -31,249 +31,98 @@ static const char rcsid[] =
#include <ctype.h>
#include <err.h>
#include <termios.h>
#include <stdbool.h>
#include <unistd.h>
#include <grp.h>
#include <libutil.h>
#include <paths.h>
#include <string.h>
#include <sysexits.h>
#include <termios.h>
#include <unistd.h>
#include "pw.h"
#include "bitmap.h"
static struct passwd *lookup_pwent(const char *user);
static void delete_members(char ***members, int *grmembers, int *i,
struct carg *arg, struct group *grp);
static int print_group(struct group * grp);
static gid_t gr_gidpolicy(struct userconf * cnf, long id);
static void delete_members(struct group *grp, char *list);
static int print_group(struct group * grp, bool pretty);
static gid_t gr_gidpolicy(struct userconf * cnf, intmax_t id);
int
pw_group(int mode, char *name, long id, struct cargs * args)
static void
grp_set_passwd(struct group *grp, bool update, int fd, bool precrypted)
{
int rc;
struct carg *arg;
struct group *grp = NULL;
int grmembers = 0;
char **members = NULL;
struct userconf *cnf = conf.userconf;
int b;
int istty;
struct termios t, n;
char *p, line[256];
static struct group fakegroup =
{
"nogroup",
"*",
-1,
NULL
};
if (fd == -1)
return;
if (mode == M_LOCK || mode == M_UNLOCK)
errx(EX_USAGE, "'lock' command is not available for groups");
/*
* With M_NEXT, we only need to return the
* next gid to stdout
*/
if (mode == M_NEXT) {
gid_t next = gr_gidpolicy(cnf, id);
if (getarg(args, 'q'))
return next;
printf("%u\n", next);
return EXIT_SUCCESS;
if (fd == '-') {
grp->gr_passwd = "*"; /* No access */
return;
}
if (mode == M_PRINT && getarg(args, 'a')) {
SETGRENT();
while ((grp = GETGRENT()) != NULL)
print_group(grp);
ENDGRENT();
return EXIT_SUCCESS;
if ((istty = isatty(fd))) {
n = t;
/* Disable echo */
n.c_lflag &= ~(ECHO);
tcsetattr(fd, TCSANOW, &n);
printf("%sassword for group %s:", update ? "New p" : "P",
grp->gr_name);
fflush(stdout);
}
if (id < 0 && name == NULL)
errx(EX_DATAERR, "group name or id required");
grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id);
if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) {
if (name == NULL && grp == NULL) /* Try harder */
grp = GETGRGID(id);
if (grp == NULL) {
if (mode == M_PRINT && getarg(args, 'F')) {
char *fmems[1];
fmems[0] = NULL;
fakegroup.gr_name = name ? name : "nogroup";
fakegroup.gr_gid = (gid_t) id;
fakegroup.gr_mem = fmems;
return print_group(&fakegroup);
}
if (name == NULL)
errx(EX_DATAERR, "unknown group `%s'", name);
else
errx(EX_DATAERR, "unknown group `%ld'", id);
}
if (name == NULL) /* Needed later */
name = grp->gr_name;
/*
* Handle deletions now
*/
if (mode == M_DELETE) {
rc = delgrent(grp);
if (rc == -1)
err(EX_IOERR, "group '%s' not available (NIS?)",
name);
else if (rc != 0) {
err(EX_IOERR, "group update");
}
pw_log(cnf, mode, W_GROUP, "%s(%ld) removed", name, id);
return EXIT_SUCCESS;
} else if (mode == M_PRINT)
return print_group(grp);
if (id > 0)
grp->gr_gid = (gid_t) id;
if (conf.newname != NULL)
grp->gr_name = pw_checkname(conf.newname, 0);
} else {
if (name == NULL) /* Required */
errx(EX_DATAERR, "group name required");
else if (grp != NULL) /* Exists */
errx(EX_DATAERR, "group name `%s' already exists", name);
extendarray(&members, &grmembers, 200);
members[0] = NULL;
grp = &fakegroup;
grp->gr_name = pw_checkname(name, 0);
grp->gr_passwd = "*";
grp->gr_gid = gr_gidpolicy(cnf, id);
grp->gr_mem = members;
b = read(fd, line, sizeof(line) - 1);
if (istty) { /* Restore state */
tcsetattr(fd, TCSANOW, &t);
fputc('\n', stdout);
fflush(stdout);
}
/*
* This allows us to set a group password Group passwords is an
* antique idea, rarely used and insecure (no secure database) Should
* be discouraged, but it is apparently still supported by some
* software.
*/
if ((arg = getarg(args, 'h')) != NULL ||
(arg = getarg(args, 'H')) != NULL) {
if (strcmp(arg->val, "-") == 0)
grp->gr_passwd = "*"; /* No access */
else {
int fd = atoi(arg->val);
int precrypt = (arg->ch == 'H');
int b;
int istty = isatty(fd);
struct termios t;
char *p, line[256];
if (istty) {
if (tcgetattr(fd, &t) == -1)
istty = 0;
else {
struct termios n = t;
/* Disable echo */
n.c_lflag &= ~(ECHO);
tcsetattr(fd, TCSANOW, &n);
printf("%sassword for group %s:", (mode == M_UPDATE) ? "New p" : "P", grp->gr_name);
fflush(stdout);
}
}
b = read(fd, line, sizeof(line) - 1);
if (istty) { /* Restore state */
tcsetattr(fd, TCSANOW, &t);
fputc('\n', stdout);
fflush(stdout);
}
if (b < 0)
err(EX_OSERR, "-h file descriptor");
line[b] = '\0';
if ((p = strpbrk(line, " \t\r\n")) != NULL)
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
if (precrypt) {
if (strchr(line, ':') != NULL)
return EX_DATAERR;
grp->gr_passwd = line;
} else
grp->gr_passwd = pw_pwcrypt(line);
}
}
if (((arg = getarg(args, 'M')) != NULL ||
(arg = getarg(args, 'd')) != NULL ||
(arg = getarg(args, 'm')) != NULL) && arg->val) {
int i = 0;
char *p;
struct passwd *pwd;
/* Make sure this is not stay NULL with -M "" */
extendarray(&members, &grmembers, 200);
if (arg->ch == 'd')
delete_members(&members, &grmembers, &i, arg, grp);
else if (arg->ch == 'm') {
int k = 0;
if (grp->gr_mem != NULL) {
while (grp->gr_mem[k] != NULL) {
if (extendarray(&members, &grmembers, i + 2) != -1)
members[i++] = grp->gr_mem[k];
k++;
}
}
}
if (arg->ch != 'd')
for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) {
int j;
/*
* Check for duplicates
*/
pwd = lookup_pwent(p);
for (j = 0; j < i && strcmp(members[j], pwd->pw_name) != 0; j++)
;
if (j == i && extendarray(&members, &grmembers, i + 2) != -1)
members[i++] = newstr(pwd->pw_name);
}
while (i < grmembers)
members[i++] = NULL;
grp->gr_mem = members;
}
if (conf.dryrun)
return print_group(grp);
if (mode == M_ADD && (rc = addgrent(grp)) != 0) {
if (rc == -1)
errx(EX_IOERR, "group '%s' already exists",
grp->gr_name);
else
err(EX_IOERR, "group update");
} else if (mode == M_UPDATE && (rc = chggrent(name, grp)) != 0) {
if (rc == -1)
errx(EX_IOERR, "group '%s' not available (NIS?)",
grp->gr_name);
else
err(EX_IOERR, "group update");
}
if (conf.newname != NULL)
name = conf.newname;
/* grp may have been invalidated */
if ((grp = GETGRNAM(name)) == NULL)
errx(EX_SOFTWARE, "group disappeared during update");
pw_log(cnf, mode, W_GROUP, "%s(%u)", grp->gr_name, grp->gr_gid);
free(members);
return EXIT_SUCCESS;
if (b < 0)
err(EX_OSERR, "-h file descriptor");
line[b] = '\0';
if ((p = strpbrk(line, " \t\r\n")) != NULL)
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d",
conf.fd);
if (precrypted) {
if (strchr(line, ':') != 0)
errx(EX_DATAERR, "wrong encrypted passwrd");
grp->gr_passwd = line;
} else
grp->gr_passwd = pw_pwcrypt(line);
}
int
pw_groupnext(struct userconf *cnf, bool quiet)
{
gid_t next = gr_gidpolicy(cnf, -1);
if (quiet)
return (next);
printf("%ju\n", (uintmax_t)next);
return (EXIT_SUCCESS);
}
static struct group *
getgroup(char *name, intmax_t id, bool fatal)
{
struct group *grp;
if (id < 0 && name == NULL)
errx(EX_DATAERR, "groupname or id required");
grp = (name != NULL) ? GETGRNAM(name) : GETGRGID(id);
if (grp == NULL) {
if (!fatal)
return (NULL);
if (name == NULL)
errx(EX_DATAERR, "unknown gid `%ju'", id);
errx(EX_DATAERR, "unknown group `%s'", name);
}
return (grp);
}
/*
* Lookup a passwd entry using a name or UID.
@ -296,49 +145,32 @@ lookup_pwent(const char *user)
* Delete requested members from a group.
*/
static void
delete_members(char ***members, int *grmembers, int *i, struct carg *arg,
struct group *grp)
delete_members(struct group *grp, char *list)
{
bool matchFound;
char *user;
char *valueCopy;
char *valuePtr;
char *p;
int k;
struct passwd *pwd;
if (grp->gr_mem == NULL)
return;
k = 0;
while (grp->gr_mem[k] != NULL) {
matchFound = false;
if ((valueCopy = strdup(arg->val)) == NULL)
errx(EX_UNAVAILABLE, "out of memory");
valuePtr = valueCopy;
while ((user = strsep(&valuePtr, ", \t")) != NULL) {
pwd = lookup_pwent(user);
if (strcmp(grp->gr_mem[k], pwd->pw_name) == 0) {
matchFound = true;
for (p = strtok(list, ", \t"); p != NULL; p = strtok(NULL, ", \t")) {
for (k = 0; grp->gr_mem[k] != NULL; k++) {
if (strcmp(grp->gr_mem[k], p) == 0)
break;
}
}
free(valueCopy);
if (grp->gr_mem[k] == NULL) /* No match */
continue;
if (!matchFound &&
extendarray(members, grmembers, *i + 2) != -1)
(*members)[(*i)++] = grp->gr_mem[k];
k++;
for (; grp->gr_mem[k] != NULL; k++)
grp->gr_mem[k] = grp->gr_mem[k+1];
}
return;
}
static gid_t
gr_gidpolicy(struct userconf * cnf, long id)
static gid_t
gr_gidpolicy(struct userconf * cnf, intmax_t id)
{
struct group *grp;
struct bitmap bm;
gid_t gid = (gid_t) - 1;
/*
@ -348,67 +180,62 @@ gr_gidpolicy(struct userconf * cnf, long id)
gid = (gid_t) id;
if ((grp = GETGRGID(gid)) != NULL && conf.checkduplicate)
errx(EX_DATAERR, "gid `%u' has already been allocated", grp->gr_gid);
} else {
struct bitmap bm;
/*
* We need to allocate the next available gid under one of
* two policies a) Grab the first unused gid b) Grab the
* highest possible unused gid
*/
if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */
cnf->min_gid = 1000;
cnf->max_gid = 32000;
}
bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1);
/*
* Now, let's fill the bitmap from the password file
*/
SETGRENT();
while ((grp = GETGRENT()) != NULL)
if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid &&
(gid_t)grp->gr_gid <= (gid_t)cnf->max_gid)
bm_setbit(&bm, grp->gr_gid - cnf->min_gid);
ENDGRENT();
/*
* Then apply the policy, with fallback to reuse if necessary
*/
if (cnf->reuse_gids)
gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
else {
gid = (gid_t) (bm_lastset(&bm) + 1);
if (!bm_isset(&bm, gid))
gid += cnf->min_gid;
else
gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
}
/*
* Another sanity check
*/
if (gid < cnf->min_gid || gid > cnf->max_gid)
errx(EX_SOFTWARE, "unable to allocate a new gid - range fully used");
bm_dealloc(&bm);
errx(EX_DATAERR, "gid `%ju' has already been allocated",
(uintmax_t)grp->gr_gid);
return (gid);
}
return gid;
/*
* We need to allocate the next available gid under one of
* two policies a) Grab the first unused gid b) Grab the
* highest possible unused gid
*/
if (cnf->min_gid >= cnf->max_gid) { /* Sanity claus^H^H^H^Hheck */
cnf->min_gid = 1000;
cnf->max_gid = 32000;
}
bm = bm_alloc(cnf->max_gid - cnf->min_gid + 1);
/*
* Now, let's fill the bitmap from the password file
*/
SETGRENT();
while ((grp = GETGRENT()) != NULL)
if ((gid_t)grp->gr_gid >= (gid_t)cnf->min_gid &&
(gid_t)grp->gr_gid <= (gid_t)cnf->max_gid)
bm_setbit(&bm, grp->gr_gid - cnf->min_gid);
ENDGRENT();
/*
* Then apply the policy, with fallback to reuse if necessary
*/
if (cnf->reuse_gids)
gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
else {
gid = (gid_t) (bm_lastset(&bm) + 1);
if (!bm_isset(&bm, gid))
gid += cnf->min_gid;
else
gid = (gid_t) (bm_firstunset(&bm) + cnf->min_gid);
}
/*
* Another sanity check
*/
if (gid < cnf->min_gid || gid > cnf->max_gid)
errx(EX_SOFTWARE, "unable to allocate a new gid - range fully "
"used");
bm_dealloc(&bm);
return (gid);
}
static int
print_group(struct group * grp)
print_group(struct group * grp, bool pretty)
{
if (!conf.pretty) {
char *buf = NULL;
buf = gr_make(grp);
printf("%s\n", buf);
free(buf);
} else {
int i;
char *buf = NULL;
int i;
if (pretty) {
printf("Group Name: %-15s #%lu\n"
" Members: ",
grp->gr_name, (long) grp->gr_gid);
@ -417,6 +244,446 @@ print_group(struct group * grp)
printf("%s%s", i ? "," : "", grp->gr_mem[i]);
}
fputs("\n\n", stdout);
return (EXIT_SUCCESS);
}
return EXIT_SUCCESS;
buf = gr_make(grp);
printf("%s\n", buf);
free(buf);
return (EXIT_SUCCESS);
}
int
pw_group_next(int argc, char **argv, char *arg1 __unused)
{
struct userconf *cnf;
const char *cfg = NULL;
int ch;
bool quiet;
while ((ch = getopt(argc, argv, "Cq")) != -1) {
switch (ch) {
case 'C':
cfg = optarg;
break;
case 'q':
quiet = true;
break;
}
}
if (quiet)
freopen(_PATH_DEVNULL, "w", stderr);
cnf = get_userconfig(cfg);
return (pw_groupnext(cnf, quiet));
}
int
pw_group_show(int argc, char **argv, char *arg1)
{
struct group *grp = NULL;
char *name;
intmax_t id = -1;
int ch;
bool all, force, quiet, pretty;
all = force = quiet = pretty = false;
struct group fakegroup = {
"nogroup",
"*",
-1,
NULL
};
if (arg1 != NULL) {
if (arg1[strspn(arg1, "0123456789")] == '\0')
id = pw_checkid(arg1, GID_MAX);
else
name = arg1;
}
while ((ch = getopt(argc, argv, "C:qn:g:FPa")) != -1) {
switch (ch) {
case 'C':
/* ignore compatibility */
break;
case 'q':
quiet = true;
break;
case 'n':
name = optarg;
break;
case 'g':
id = pw_checkid(optarg, GID_MAX);
break;
case 'F':
force = true;
break;
case 'P':
pretty = true;
break;
case 'a':
all = true;
break;
}
}
if (quiet)
freopen(_PATH_DEVNULL, "w", stderr);
if (all) {
SETGRENT();
while ((grp = GETGRENT()) != NULL)
print_group(grp, pretty);
ENDGRENT();
return (EXIT_SUCCESS);
}
grp = getgroup(name, id, !force);
if (grp == NULL)
grp = &fakegroup;
return (print_group(grp, pretty));
}
int
pw_group_del(int argc, char **argv, char *arg1)
{
struct userconf *cnf = NULL;
struct group *grp = NULL;
char *name;
const char *cfg = NULL;
intmax_t id = -1;
int ch, rc;
bool quiet = false;
bool nis = false;
if (arg1 != NULL) {
if (arg1[strspn(arg1, "0123456789")] == '\0')
id = pw_checkid(arg1, GID_MAX);
else
name = arg1;
}
while ((ch = getopt(argc, argv, "C:qn:g:Y")) != -1) {
switch (ch) {
case 'C':
cfg = optarg;
break;
case 'q':
quiet = true;
break;
case 'n':
name = optarg;
break;
case 'g':
id = pw_checkid(optarg, GID_MAX);
break;
case 'Y':
nis = true;
break;
}
}
if (quiet)
freopen(_PATH_DEVNULL, "w", stderr);
grp = getgroup(name, id, true);
cnf = get_userconfig(cfg);
rc = delgrent(grp);
if (rc == -1)
err(EX_IOERR, "group '%s' not available (NIS?)", name);
else if (rc != 0)
err(EX_IOERR, "group update");
pw_log(cnf, M_DELETE, W_GROUP, "%s(%ju) removed", name,
(uintmax_t)id);
if (nis && nis_update() == 0)
pw_log(cnf, M_DELETE, W_GROUP, "NIS maps updated");
return (EXIT_SUCCESS);
}
static bool
grp_has_member(struct group *grp, const char *name)
{
int j;
for (j = 0; grp->gr_mem != NULL && grp->gr_mem[j] != NULL; j++)
if (strcmp(grp->gr_mem[j], name) == 0)
return (true);
return (false);
}
static void
grp_add_members(struct group **grp, char *members)
{
struct passwd *pwd;
char *p;
char tok[] = ", \t";
if (members == NULL)
return;
for (p = strtok(members, tok); p != NULL; p = strtok(NULL, tok)) {
pwd = lookup_pwent(p);
if (grp_has_member(*grp, pwd->pw_name))
continue;
*grp = gr_add(*grp, pwd->pw_name);
}
}
int
groupadd(struct userconf *cnf, char *name, gid_t id, char *members, int fd,
bool dryrun, bool pretty, bool precrypted)
{
struct group *grp;
int rc;
struct group fakegroup = {
"nogroup",
"*",
-1,
NULL
};
grp = &fakegroup;
grp->gr_name = pw_checkname(name, 0);
grp->gr_passwd = "*";
grp->gr_gid = gr_gidpolicy(cnf, id);
grp->gr_mem = NULL;
/*
* This allows us to set a group password Group passwords is an
* antique idea, rarely used and insecure (no secure database) Should
* be discouraged, but it is apparently still supported by some
* software.
*/
grp_set_passwd(grp, false, fd, precrypted);
grp_add_members(&grp, members);
if (dryrun)
return (print_group(grp, pretty));
if ((rc = addgrent(grp)) != 0) {
if (rc == -1)
errx(EX_IOERR, "group '%s' already exists",
grp->gr_name);
else
err(EX_IOERR, "group update");
}
pw_log(cnf, M_ADD, W_GROUP, "%s(%ju)", grp->gr_name,
(uintmax_t)grp->gr_gid);
return (EXIT_SUCCESS);
}
int
pw_group_add(int argc, char **argv, char *arg1)
{
struct userconf *cnf = NULL;
char *name = NULL;
char *members = NULL;
const char *cfg = NULL;
intmax_t id = -1;
int ch, rc, fd = -1;
bool quiet, precrypted, dryrun, pretty, nis;
quiet = precrypted = dryrun = pretty = nis = false;
if (arg1 != NULL) {
if (arg1[strspn(arg1, "0123456789")] == '\0')
id = pw_checkid(arg1, GID_MAX);
else
name = arg1;
}
while ((ch = getopt(argc, argv, "C:qn:g:h:H:M:oNPY")) != -1) {
switch (ch) {
case 'C':
cfg = optarg;
break;
case 'q':
quiet = true;
break;
case 'n':
name = optarg;
break;
case 'g':
id = pw_checkid(optarg, GID_MAX);
break;
case 'H':
if (fd != -1)
errx(EX_USAGE, "'-h' and '-H' are mutually "
"exclusive options");
fd = pw_checkfd(optarg);
precrypted = true;
if (fd == '-')
errx(EX_USAGE, "-H expects a file descriptor");
break;
case 'h':
if (fd != -1)
errx(EX_USAGE, "'-h' and '-H' are mutually "
"exclusive options");
fd = pw_checkfd(optarg);
break;
case 'M':
members = optarg;
break;
case 'o':
conf.checkduplicate = false;
break;
case 'N':
dryrun = true;
break;
case 'P':
pretty = true;
break;
case 'Y':
nis = true;
break;
}
}
if (quiet)
freopen(_PATH_DEVNULL, "w", stderr);
if (name == NULL)
errx(EX_DATAERR, "group name required");
if (GETGRNAM(name) != NULL)
errx(EX_DATAERR, "group name `%s' already exists", name);
cnf = get_userconfig(cfg);
rc = groupadd(cnf, name, gr_gidpolicy(cnf, id), members, fd, dryrun,
pretty, precrypted);
if (nis && rc == EXIT_SUCCESS && nis_update() == 0)
pw_log(cnf, M_ADD, W_GROUP, "NIS maps updated");
return (rc);
}
int
pw_group_mod(int argc, char **argv, char *arg1)
{
struct userconf *cnf;
struct group *grp = NULL;
const char *cfg = NULL;
char *oldmembers = NULL;
char *members = NULL;
char *newmembers = NULL;
char *newname = NULL;
char *name = NULL;
intmax_t id = -1;
int ch, rc, fd = -1;
bool quiet, pretty, dryrun, nis, precrypted;
quiet = pretty = dryrun = nis = precrypted = false;
if (arg1 != NULL) {
if (arg1[strspn(arg1, "0123456789")] == '\0')
id = pw_checkid(arg1, GID_MAX);
else
name = arg1;
}
while ((ch = getopt(argc, argv, "C:qn:d:g:l:h:H:M:m:NPY")) != -1) {
switch (ch) {
case 'C':
cfg = optarg;
break;
case 'q':
quiet = true;
break;
case 'n':
name = optarg;
break;
case 'g':
id = pw_checkid(optarg, GID_MAX);
break;
case 'd':
oldmembers = optarg;
break;
case 'l':
newname = optarg;
break;
case 'H':
if (fd != -1)
errx(EX_USAGE, "'-h' and '-H' are mutually "
"exclusive options");
fd = pw_checkfd(optarg);
precrypted = true;
if (fd == '-')
errx(EX_USAGE, "-H expects a file descriptor");
break;
case 'h':
if (fd != -1)
errx(EX_USAGE, "'-h' and '-H' are mutually "
"exclusive options");
fd = pw_checkfd(optarg);
break;
case 'M':
members = optarg;
break;
case 'm':
newmembers = optarg;
break;
case 'N':
dryrun = true;
break;
case 'P':
pretty = true;
break;
case 'Y':
nis = true;
break;
}
}
if (quiet)
freopen(_PATH_DEVNULL, "w", stderr);
cnf = get_userconfig(cfg);
grp = getgroup(name, id, true);
if (name == NULL)
name = grp->gr_name;
if (id > 0)
grp->gr_gid = id;
if (newname != NULL)
grp->gr_name = pw_checkname(newname, 0);
grp_set_passwd(grp, true, fd, precrypted);
/*
* Keep the same logic as old code for now:
* if -M is passed, -d and -m are ignored
* then id -d, -m is ignored
* last is -m
*/
if (members) {
grp->gr_mem = NULL;
grp_add_members(&grp, members);
} else if (oldmembers) {
delete_members(grp, oldmembers);
} else if (newmembers) {
grp_add_members(&grp, newmembers);
}
if ((rc = chggrent(name, grp)) != 0) {
if (rc == -1)
errx(EX_IOERR, "group '%s' not available (NIS?)",
grp->gr_name);
else
err(EX_IOERR, "group update");
}
if (newname)
name = newname;
/* grp may have been invalidated */
if ((grp = GETGRNAM(name)) == NULL)
errx(EX_SOFTWARE, "group disappeared during update");
pw_log(cnf, M_UPDATE, W_GROUP, "%s(%ju)", grp->gr_name,
(uintmax_t)grp->gr_gid);
if (nis && nis_update() == 0)
pw_log(cnf, M_UPDATE, W_GROUP, "NIS maps updated");
return (EXIT_SUCCESS);
}

@ -30,6 +30,8 @@ static const char rcsid[] =
#endif /* not lint */
#include <fcntl.h>
#include <string.h>
#include <stdarg.h>
#include "pw.h"

@ -30,6 +30,7 @@ static const char rcsid[] =
#endif /* not lint */
#include <sys/types.h>
#include <err.h>
#include <pwd.h>
#include <libutil.h>
@ -43,6 +44,7 @@ pw_nisupdate(const char * path, struct passwd * pwd, char const * user)
struct passwd *pw = NULL;
struct passwd *old_pw = NULL;
printf("===> %s\n", path);
if (pwd != NULL)
pw = pw_dup(pwd);

File diff suppressed because it is too large Load Diff

99
usr.sbin/pw/pw_utils.c Normal file

@ -0,0 +1,99 @@
/*-
* Copyright (C) 2015 Baptiste Daroussin <bapt@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/wait.h>
#include <err.h>
#include <inttypes.h>
#include <sysexits.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "pw.h"
int
pw_checkfd(char *nptr)
{
const char *errstr;
int fd = -1;
if (strcmp(nptr, "-") == 0)
return '-';
fd = strtonum(nptr, 0, INT_MAX, &errstr);
if (errstr != NULL)
errx(EX_USAGE, "Bad file descriptor '%s': %s",
nptr, errstr);
return (fd);
}
uintmax_t
pw_checkid(char *nptr, uintmax_t maxval)
{
const char *errstr = NULL;
uintmax_t id;
id = strtounum(nptr, 0, maxval, &errstr);
if (errstr)
errx(EX_USAGE, "Bad id '%s': %s", nptr, errstr);
return (id);
}
struct userconf *
get_userconfig(const char *config)
{
char defaultcfg[MAXPATHLEN];
if (config != NULL)
return (read_userconfig(config));
snprintf(defaultcfg, sizeof(defaultcfg), "%s/pw.conf", conf.etcpath);
return (read_userconfig(defaultcfg));
}
int
nis_update(void) {
pid_t pid;
int i;
fflush(NULL);
if ((pid = fork()) == -1) {
warn("fork()");
return (1);
}
if (pid == 0) {
execlp("/usr/bin/make", "make", "-C", "/var/yp/", (char*) NULL);
_exit(1);
}
waitpid(pid, &i, 0);
if ((i = WEXITSTATUS(i)) != 0)
errx(i, "make exited with status %d", i);
return (i);
}

@ -38,6 +38,7 @@ static const char rcsid[] =
#include <string.h>
#include <stdlib.h>
#include <sys/param.h>
#include <err.h>
#include "pwupd.h"
@ -80,6 +81,9 @@ vnextpwent(char const *nam, uid_t uid, int doclose)
if (line[linelen - 1 ] == '\n')
line[linelen - 1] = '\0';
pw = pw_scan(line, PWSCAN_MASTER);
if (pw == NULL)
errx(EXIT_FAILURE, "Invalid user entry in '%s':"
" '%s'", getpwpath(_MASTERPASSWD), line);
if (uid != (uid_t)-1) {
if (uid == pw->pw_uid)
break;
@ -160,6 +164,9 @@ vnextgrent(char const *nam, gid_t gid, int doclose)
if (line[linelen - 1 ] == '\n')
line[linelen - 1] = '\0';
gr = gr_scan(line);
if (gr == NULL)
errx(EXIT_FAILURE, "Invalid group entry in '%s':"
" '%s'", getgrpath(_GROUP), line);
if (gid != (gid_t)-1) {
if (gid == gr->gr_gid)
break;

@ -29,18 +29,16 @@ static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <sys/wait.h>
#include <err.h>
#include <errno.h>
#include <pwd.h>
#include <libutil.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
#include <libutil.h>
#include <errno.h>
#include <err.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <sys/wait.h>
#include "pwupd.h"

@ -36,6 +36,7 @@
#include <pwd.h>
#include <grp.h>
#include <stdbool.h>
#include <stringlist.h>
#if defined(__FreeBSD__)
#define RET_SETGRENT int
@ -58,38 +59,33 @@ struct pwf {
};
struct userconf {
int default_password; /* Default password for new users? */
int reuse_uids; /* Reuse uids? */
int reuse_gids; /* Reuse gids? */
char *nispasswd; /* Path to NIS version of the passwd file */
char *dotdir; /* Where to obtain skeleton files */
char *newmail; /* Mail to send to new accounts */
char *logfile; /* Where to log changes */
char *home; /* Where to create home directory */
mode_t homemode; /* Home directory permissions */
char *shelldir; /* Where shells are located */
char **shells; /* List of shells */
char *shell_default; /* Default shell */
char *default_group; /* Default group number */
char **groups; /* Default (additional) groups */
char *default_class; /* Default user class */
uid_t min_uid, max_uid; /* Allowed range of uids */
gid_t min_gid, max_gid; /* Allowed range of gids */
int expire_days; /* Days to expiry */
int password_days; /* Days to password expiry */
int numgroups; /* (internal) size of default_group array */
int default_password; /* Default password for new users? */
int reuse_uids; /* Reuse uids? */
int reuse_gids; /* Reuse gids? */
char *nispasswd; /* Path to NIS version of the passwd file */
char *dotdir; /* Where to obtain skeleton files */
char *newmail; /* Mail to send to new accounts */
char *logfile; /* Where to log changes */
char *home; /* Where to create home directory */
mode_t homemode; /* Home directory permissions */
char *shelldir; /* Where shells are located */
char **shells; /* List of shells */
char *shell_default; /* Default shell */
char *default_group; /* Default group number */
StringList *groups; /* Default (additional) groups */
char *default_class; /* Default user class */
uid_t min_uid, max_uid; /* Allowed range of uids */
gid_t min_gid, max_gid; /* Allowed range of gids */
time_t expire_days; /* Days to expiry */
time_t password_days; /* Days to password expiry */
};
struct pwconf {
char rootdir[MAXPATHLEN];
char etcpath[MAXPATHLEN];
char *newname;
char *config;
bool dryrun;
bool pretty;
bool v7;
int fd;
int rootfd;
bool checkduplicate;
struct userconf *userconf;
};
extern struct pwf PWF;
@ -148,9 +144,9 @@ struct group * vgetgrnam(const char * nam);
RET_SETGRENT vsetgrent(void);
void vendgrent(void);
void copymkdir(char const * dir, char const * skel, mode_t mode, uid_t uid, gid_t gid);
void rm_r(char const * dir, uid_t uid);
int extendarray(char ***buf, int *buflen, int needed);
void copymkdir(int rootfd, char const * dir, int skelfd, mode_t mode, uid_t uid,
gid_t gid, int flags);
void rm_r(int rootfd, char const * dir, uid_t uid);
__END_DECLS
#endif /* !_PWUPD_H */

@ -29,47 +29,42 @@ static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <unistd.h>
#include <dirent.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include "pwupd.h"
void
rm_r(char const * dir, uid_t uid)
rm_r(int rootfd, const char *path, uid_t uid)
{
DIR *d = opendir(dir);
int dirfd;
DIR *d;
struct dirent *e;
struct stat st;
if (d != NULL) {
struct dirent *e;
struct stat st;
char file[MAXPATHLEN];
if (*path == '/')
path++;
while ((e = readdir(d)) != NULL) {
if (strcmp(e->d_name, ".") != 0 && strcmp(e->d_name, "..") != 0) {
snprintf(file, sizeof(file), "%s/%s", dir, e->d_name);
if (lstat(file, &st) == 0) { /* Need symlinks, not
* linked file */
if (S_ISDIR(st.st_mode)) /* Directory - recurse */
rm_r(file, uid);
else {
if (S_ISLNK(st.st_mode) || st.st_uid == uid)
remove(file);
}
}
}
}
closedir(d);
if (lstat(dir, &st) == 0) {
if (S_ISLNK(st.st_mode))
remove(dir);
else if (st.st_uid == uid)
rmdir(dir);
}
dirfd = openat(rootfd, path, O_DIRECTORY);
d = fdopendir(dirfd);
while ((e = readdir(d)) != NULL) {
if (strcmp(e->d_name, ".") == 0 || strcmp(e->d_name, "..") == 0)
continue;
if (fstatat(dirfd, e->d_name, &st, AT_SYMLINK_NOFOLLOW) != 0)
continue;
if (S_ISDIR(st.st_mode))
rm_r(dirfd, e->d_name, uid);
else if (S_ISLNK(st.st_mode) || st.st_uid == uid)
unlinkat(dirfd, e->d_name, 0);
}
closedir(d);
if (fstatat(rootfd, path, &st, AT_SYMLINK_NOFOLLOW) != 0)
return;
unlinkat(rootfd, path, S_ISDIR(st.st_mode) ? AT_REMOVEDIR : 0);
}

72
usr.sbin/pw/strtounum.c Normal file

@ -0,0 +1,72 @@
/*-
* Copyright (C) 2015 Baptiste Daroussin <bapt@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <errno.h>
#include <inttypes.h>
#include <limits.h>
#include <stdlib.h>
#include "pw.h"
uintmax_t
strtounum(const char * __restrict np, uintmax_t minval, uintmax_t maxval,
const char ** __restrict errpp)
{
char *endp;
uintmax_t ret;
*errpp = NULL;
if (minval > maxval) {
errno = EINVAL;
if (errpp != NULL)
*errpp = "invalid";
return (0);
}
errno = 0;
ret = strtoumax(np, &endp, 10);
if (endp == np || *endp != '\0') {
errno = EINVAL;
if (errpp != NULL)
*errpp = "invalid";
return (0);
}
if (ret < minval) {
errno = ERANGE;
if (errpp != NULL)
*errpp = "too small";
return (0);
}
if (errno == ERANGE || ret > maxval) {
errno = ERANGE;
if (errpp != NULL)
*errpp = "too large";
return (0);
}
return (ret);
}

@ -1,13 +1,11 @@
# $FreeBSD$
TESTSRC= ${.CURDIR}/../../../contrib/netbsd-tests/usr.sbin/useradd
.PATH: ${TESTSRC}
TESTSDIR= ${TESTSBASE}/usr.sbin/pw
ATF_TESTS_SH= pw_etcdir \
pw_lock \
pw_config \
pw_groupadd \
pw_groupdel \
pw_groupmod \
pw_useradd \
@ -23,12 +21,4 @@ FILES= group helper_functions.shin master.passwd pw.conf \
pw-modified.conf
FILESDIR= ${TESTSDIR}
ATF_TESTS_SH+= pw_test
# - user{add,del} does not exist on FreeBSD; use pw user{add,del} instead
# - The command passes on FreeBSD
ATF_TESTS_SH_SED_pw_test= -e 's/useradd /pw useradd /'
ATF_TESTS_SH_SED_pw_test+= -e 's/userdel /pw userdel /'
ATF_TESTS_SH_SED_pw_test+= -e '/atf_expect_fail "PR bin\/39546"/d'
ATF_TESTS_SH_SRC_pw_test= t_useradd.sh
.include <bsd.test.mk>

@ -2,11 +2,12 @@
# The pw command
PW="pw -V ${HOME}"
RPW="pw -R ${HOME}"
# Workdir to run tests in
TESTDIR=$(atf_get_srcdir)
# Populate the files pw needs to use into $HOME/etc
# Populate the files pw needs to use into $HOME
populate_etc_skel() {
cp ${TESTDIR}/master.passwd ${HOME} || \
atf_fail "Populating master.passwd in ${HOME}"
@ -16,3 +17,16 @@ populate_etc_skel() {
pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \
atf_fail "generate passwd from master.passwd"
}
# Populate the files pw needs to use into $HOME/etc
populate_root_etc_skel() {
mkdir ${HOME}/etc
cp ${TESTDIR}/master.passwd ${HOME}/etc || \
atf_fail "Populating master.passwd in ${HOME}/etc"
cp ${TESTDIR}/group ${HOME}/etc || \
atf_fail "Populating group in ${HOME}/etc"
# Generate the passwd file
pwd_mkdb -p -d ${HOME}/etc ${HOME}//etc/master.passwd || \
atf_fail "generate passwd from master.passwd"
}

@ -0,0 +1,26 @@
# $FreeBSD$
# Import helper functions
. $(atf_get_srcdir)/helper_functions.shin
atf_test_case group_add_gid_too_large
group_add_gid_too_large_body() {
populate_etc_skel
atf_check -s exit:64 -e inline:"pw: Bad id '9999999999999': too large\n" \
${PW} groupadd -n test1 -g 9999999999999
}
atf_test_case group_add_already_exists
group_add_already_exists_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} groupadd foo
atf_check -s exit:65 \
-e inline:"pw: group name \`foo' already exists\n" \
${PW} groupadd foo
}
atf_init_test_cases() {
atf_add_test_case group_add_gid_too_large
atf_add_test_case group_add_already_exists
}

@ -13,7 +13,7 @@ group_do_not_delete_wheel_if_group_unknown_head() {
group_do_not_delete_wheel_if_group_unknown_body() {
populate_etc_skel
atf_check -s exit:0 -o inline:"wheel:*:0:root\n" -x ${PW} groupshow wheel
atf_check -e inline:"pw: -g expects a number\n" -s exit:64 -x \
atf_check -e inline:"pw: Bad id 'I_do_not_exist': invalid\n" -s exit:64 -x \
${PW} groupdel -g I_do_not_exist
atf_check -s exit:0 -o inline:"wheel:*:0:root\n" -x ${PW} groupshow wheel
}

@ -81,6 +81,32 @@ groupmod_rename_body() {
grep "^bar:.*" ${HOME}/group
}
atf_test_case groupmod_members
groupmod_members_body() {
populate_etc_skel
for i in user1 user2 user3 user4; do
atf_check -s exit:0 ${PW} useradd $i
done
atf_check -s exit:0 ${PW} groupadd foo -M "user1, user2"
atf_check -o inline:"foo:*:1005:user1,user2\n" -s exit:0 \
${PW} groupshow foo
atf_check -s exit:0 ${PW} groupmod foo -m "user3, user4"
atf_check -o inline:"foo:*:1005:user1,user2,user3,user4\n" -s exit:0 \
${PW} groupshow foo
atf_check -s exit:0 ${PW} groupmod foo -M "user1, user4"
atf_check -o inline:"foo:*:1005:user1,user4\n" -s exit:0 \
${PW} groupshow foo
# what about duplicates
atf_check -s exit:0 ${PW} groupmod foo -m "user1, user2, user3, user4"
atf_check -o inline:"foo:*:1005:user1,user4,user2,user3\n" -s exit:0 \
${PW} groupshow foo
atf_check -s exit:0 ${PW} groupmod foo -d "user1, user3"
atf_check -o inline:"foo:*:1005:user4,user2\n" -s exit:0 \
${PW} groupshow foo
}
atf_init_test_cases() {
atf_add_test_case groupmod_user
atf_add_test_case groupmod_invalid_user
@ -88,4 +114,5 @@ atf_init_test_cases() {
atf_add_test_case usermod_bug_185666
atf_add_test_case do_not_duplicate_group_on_gid_change
atf_add_test_case groupmod_rename
atf_add_test_case groupmod_members
}

@ -176,6 +176,182 @@ user_add_name_too_long_body() {
${PW} useradd name_very_vert_very_very_very_long
}
atf_test_case user_add_expiration
user_add_expiration_body() {
populate_etc_skel
atf_check -s exit:0 \
${PW} useradd foo -e 20-03-2037
atf_check -o inline:"foo:*:1001:1001::0:2121120000:User &:/home/foo:/bin/sh\n" \
-s exit:0 grep "^foo" ${HOME}/master.passwd
atf_check -s exit:0 ${PW} userdel foo
atf_check -s exit:0 \
${PW} useradd foo -e 20-03-37
atf_check -o inline:"foo:*:1001:1001::0:2121120000:User &:/home/foo:/bin/sh\n" \
-s exit:0 grep "^foo" ${HOME}/master.passwd
atf_check -s exit:0 ${PW} userdel foo
atf_check -s exit:0 \
${PW} useradd foo -e 20-Mar-2037
atf_check -o inline:"foo:*:1001:1001::0:2121120000:User &:/home/foo:/bin/sh\n" \
-s exit:0 grep "^foo" ${HOME}/master.passwd
atf_check -s exit:0 ${PW} userdel foo
atf_check -e inline:"pw: Invalid date\n" -s exit:1 \
${PW} useradd foo -e 20-Foo-2037
atf_check -e inline:"pw: Invalid date\n" -s exit:1 \
${PW} useradd foo -e 20-13-2037
atf_check -s exit:0 ${PW} useradd foo -e "12:00 20-03-2037"
atf_check -s exit:0 ${PW} userdel foo
atf_check -e inline:"pw: Invalid date\n" -s exit:1 \
${PW} useradd foo -e "12 20-03-2037"
atf_check -s exit:0 ${PW} useradd foo -e "20-03-2037 12:00"
atf_check -s exit:0 ${PW} userdel foo
}
atf_test_case user_add_invalid_user_entry
user_add_invalid_user_entry_body() {
touch ${HOME}/master.passwd
touch ${HOME}/group
pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \
atf_fail "generate passwd from master.passwd"
atf_check -s exit:0 ${PW} useradd foo
echo "foo1:*:1002" >> ${HOME}/master.passwd
atf_check -s exit:1 -e match:"Invalid user entry" ${PW} useradd foo2
}
atf_test_case user_add_invalid_group_entry
user_add_invalid_group_entry_body() {
touch ${HOME}/master.passwd
touch ${HOME}/group
pwd_mkdb -p -d ${HOME} ${HOME}/master.passwd || \
atf_fail "generate passwd from master.passwd"
atf_check -s exit:0 ${PW} useradd foo
echo 'foo1:*:1002' >> group
atf_check -s exit:1 -e match:"Invalid group entry" ${PW} useradd foo2
}
atf_test_case user_add_password_from_h
user_add_password_from_h_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} useradd test -h 0 <<-EOF
$(echo test)
EOF
}
atf_test_case user_add_R
user_add_R_body() {
populate_root_etc_skel
atf_check -s exit:0 ${RPW} useradd foo
atf_check -s exit:0 ${RPW} useradd bar -m
test -d ${HOME}/home || atf_fail "Home parent directory not created"
test -d ${HOME}/home/bar || atf_fail "Directory not created"
atf_check -s exit:0 ${RPW} userdel bar
test -d ${HOME}/home/bar || atf_fail "Directory removed"
atf_check -s exit:0 ${RPW} useradd bar
atf_check -s exit:0 ${RPW} userdel bar -r
[ ! -d ${HOME}/home/bar ] || atf_fail "Directory not removed"
}
atf_test_case user_add_R_symlink
user_add_R_symlink_body() {
populate_root_etc_skel
mkdir ${HOME}/usr
atf_check -s exit:0 ${RPW} useradd foo -m
test -d ${HOME}/usr/home || atf_fail "Home parent directory not created"
test -h ${HOME}/home || atf_fail "/home directory is not a symlink"
atf_check -s exit:0 -o inline:"usr/home\n" readlink ${HOME}/home
}
atf_test_case user_add_skel
user_add_skel_body() {
populate_root_etc_skel
mkdir ${HOME}/skel
echo "a" > ${HOME}/skel/.a
echo "b" > ${HOME}/skel/b
mkdir ${HOME}/skel/c
mkdir ${HOME}/skel/c/d
mkdir ${HOME}/skel/dot.plop
echo "c" > ${HOME}/skel/c/d/dot.c
mkdir ${HOME}/home
ln -sf /nonexistent ${HOME}/skel/c/foo
atf_check -s exit:0 ${RPW} useradd foo -k /skel -m
test -d ${HOME}/home/foo || atf_fail "Directory not created"
test -f ${HOME}/home/foo/.a || atf_fail "File not created"
atf_check -o file:${HOME}/skel/.a -s exit:0 cat ${HOME}/home/foo/.a
atf_check -o file:${HOME}/skel/b -s exit:0 cat ${HOME}/home/foo/b
test -d ${HOME}/home/foo/c || atf_fail "Dotted directory in skel not copied"
test -d ${HOME}/home/foo/.plop || atf_fail "Directory in skell not created"
atf_check -o inline:"/nonexistent\n" -s ignore readlink -f ${HOME}/home/foo/c/foo
atf_check -o file:${HOME}/skel/c/d/dot.c -s exit:0 cat ${HOME}/home/foo/c/d/.c
}
atf_test_case user_add_uid0
user_add_uid0_body() {
populate_etc_skel
atf_check -e inline:"pw: WARNING: new account \`foo' has a uid of 0 (superuser access!)\n" \
-s exit:0 ${PW} useradd foo -u 0 -g 0 -d /root -s /bin/sh -c "Bourne-again Superuser" -o
atf_check \
-o inline:"foo:*:0:0::0:0:Bourne-again Superuser:/root:/bin/sh\n" \
-s exit:0 ${PW} usershow foo
}
atf_test_case user_add_uid_too_large
user_add_uid_too_large_body() {
populate_etc_skel
atf_check -s exit:64 -e inline:"pw: Bad id '9999999999999': too large\n" \
${PW} useradd -n test1 -u 9999999999999
}
atf_test_case user_add_bad_shell
user_add_bad_shell_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} useradd foo -s sh
atf_check -s exit:78 -e ignore ${PW} useradd bar -s badshell
}
atf_test_case user_add_already_exists
user_add_already_exists_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} useradd foo
atf_check -s exit:65 \
-e inline:"pw: login name \`foo' already exists\n" \
${PW} useradd foo
}
atf_test_case user_add_w_yes
user_add_w_yes_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} useradd foo -w yes
atf_check -s exit:0 \
-o match:'^foo:\$.*' \
grep "^foo" ${HOME}/master.passwd
atf_check -s exit:0 ${PW} usermod foo -w yes
atf_check -s exit:0 \
-o match:'^foo:\$.*' \
grep "^foo" ${HOME}/master.passwd
}
atf_test_case user_add_with_pw_conf
user_add_with_pw_conf_body()
{
populate_etc_skel
atf_check -s exit:0 \
${PW} useradd -D -C ${HOME}/pw.conf \
-u 2000,32767 -i 2000,32767
atf_check -s exit:0 \
-o inline:"minuid = 2000\nmaxuid = 32767\nmingid = 2000\nmaxgid = 32767\n" \
grep "^m.*id =" ${HOME}/pw.conf
atf_check -s exit:0 \
${PW} useradd foo -C ${HOME}/pw.conf
}
atf_init_test_cases() {
atf_add_test_case user_add
atf_add_test_case user_add_noupdate
@ -193,4 +369,17 @@ atf_init_test_cases() {
atf_add_test_case user_add_password_expiration_date_month
atf_add_test_case user_add_password_expiration_date_relative
atf_add_test_case user_add_name_too_long
atf_add_test_case user_add_expiration
atf_add_test_case user_add_invalid_user_entry
atf_add_test_case user_add_invalid_group_entry
atf_add_test_case user_add_password_from_h
atf_add_test_case user_add_R
atf_add_test_case user_add_R_symlink
atf_add_test_case user_add_skel
atf_add_test_case user_add_uid0
atf_add_test_case user_add_uid_too_large
atf_add_test_case user_add_bad_shell
atf_add_test_case user_add_already_exists
atf_add_test_case user_add_w_yes
atf_add_test_case user_add_with_pw_conf
}

@ -27,11 +27,41 @@ user_do_not_try_to_delete_root_if_user_unknown_head() {
}
user_do_not_try_to_delete_root_if_user_unknown_body() {
populate_etc_skel
atf_check -e inline:"pw: -u expects a number\n" -s exit:64 -x \
atf_check -e inline:"pw: Bad id 'plop': invalid\n" -s exit:64 -x \
${PW} userdel -u plop
}
atf_test_case delete_files
delete_files_body() {
populate_root_etc_skel
mkdir -p ${HOME}/skel
touch ${HOME}/skel/a
mkdir -p ${HOME}/home
mkdir -p ${HOME}/var/mail
echo "foo wedontcare" > ${HOME}/etc/opiekeys
atf_check -s exit:0 ${RPW} useradd foo -k /skel -m
test -d ${HOME}/home || atf_fail "Fail to create home directory"
test -f ${HOME}/var/mail/foo || atf_fail "Mail file not created"
atf_check -s exit:0 ${RPW} userdel foo -r
atf_check -s exit:0 -o inline:"#oo wedontcare\n" cat ${HOME}/etc/opiekeys
if test -f ${HOME}/var/mail/foo; then
atf_fail "Mail file not removed"
fi
}
atf_test_case delete_numeric_name
delete_numeric_name_body() {
populate_etc_skel
atf_check ${PW} useradd -n foo -u 4001
atf_check -e inline:"pw: no such user \`4001'\n" -s exit:67 \
${PW} userdel -n 4001
}
atf_init_test_cases() {
atf_add_test_case rmuser_seperate_group
atf_add_test_case user_do_not_try_to_delete_root_if_user_unknown
atf_add_test_case delete_files
atf_add_test_case delete_numeric_name
}

@ -100,6 +100,36 @@ user_mod_name_noupdate_body() {
grep "^foo:.*" $HOME/master.passwd
}
atf_test_case user_mod_rename_multigroups
user_mod_rename_multigroups_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} groupadd test1
atf_check -s exit:0 ${PW} groupadd test2
atf_check -s exit:0 ${PW} useradd foo -G test1,test2
atf_check -o match:"foo" -s exit:0 ${PW} groupshow test1
atf_check -o match:"foo" -s exit:0 ${PW} groupshow test2
atf_check -s exit:0 ${PW} usermod foo -l bar
atf_check -o match:"bar" -s exit:0 ${PW} groupshow test1
atf_check -o match:"bar" -s exit:0 ${PW} groupshow test2
}
atf_test_case user_mod_nogroups
user_mod_nogroups_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} groupadd test1
atf_check -s exit:0 ${PW} groupadd test2
atf_check -s exit:0 ${PW} groupadd test3
atf_check -s exit:0 ${PW} groupadd test4
atf_check -s exit:0 ${PW} useradd foo -G test1,test2
atf_check -o match:"foo" -s exit:0 ${PW} groupshow test1
atf_check -o match:"foo" -s exit:0 ${PW} groupshow test2
atf_check -s exit:0 ${PW} usermod foo -G test3,test4
atf_check -s exit:0 -o inline:"test3\ntest4\n" \
awk -F\: '$4 == "foo" { print $1 }' ${HOME}/group
}
atf_test_case user_mod_rename
user_mod_rename_body() {
populate_etc_skel
@ -119,6 +149,60 @@ user_mod_rename_too_long_body() {
-l name_very_very_very_very_very_long
}
atf_test_case user_mod_h
user_mod_h_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} useradd foo
atf_check -s exit:0 ${PW} usermod foo -h 0 <<- EOF
$(echo a)
EOF
atf_check -s exit:0 -o not-match:"^foo:\*:.*" \
grep "^foo" ${HOME}/master.passwd
atf_check -s exit:0 ${PW} usermod foo -h - <<- EOF
$(echo b)
EOF
atf_check -s exit:0 -o match:"^foo:\*:.*" \
grep "^foo" ${HOME}/master.passwd
atf_check -e inline:"pw: Bad file descriptor 'a': invalid\n" \
-s exit:64 ${PW} usermod foo -h a <<- EOF
$(echo a)
EOF
}
atf_test_case user_mod_H
user_mod_H_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} useradd foo
atf_check -s exit:0 ${PW} usermod foo -H 0 <<- EOF
$(echo a)
EOF
atf_check -s exit:0 -o match:"^foo:a:.*" \
grep "^foo" ${HOME}/master.passwd
atf_check -s exit:64 -e inline:"pw: -H expects a file descriptor\n" \
${PW} usermod foo -H -
}
atf_test_case user_mod_renamehome
user_mod_renamehome_body() {
populate_root_etc_skel
mkdir -p ${HOME}/home
atf_check -s exit:0 ${RPW} useradd foo -m
test -d ${HOME}/home/foo || atf_fail "Directory not created"
atf_check -s exit:0 ${RPW} usermod foo -l bar -d /home/bar -m
test -d ${HOME}/home/bar || atf_fail "Directory not created"
}
atf_test_case user_mod_uid
user_mod_uid_body() {
populate_etc_skel
atf_check -s exit:0 ${PW} useradd foo
atf_check -s exit:0 ${PW} usermod foo -u 5000
}
atf_init_test_cases() {
atf_add_test_case user_mod
atf_add_test_case user_mod_noupdate
@ -126,8 +210,13 @@ atf_init_test_cases() {
atf_add_test_case user_mod_comments_noupdate
atf_add_test_case user_mod_comments_invalid
atf_add_test_case user_mod_comments_invalid_noupdate
atf_add_test_case user_mod_nogroups
atf_add_test_case user_mod_rename
atf_add_test_case user_mod_name_noupdate
atf_add_test_case user_mod_rename
atf_add_test_case user_mod_rename_too_long
atf_add_test_case user_mod_rename_multigroups
atf_add_test_case user_mod_h
atf_add_test_case user_mod_H
atf_add_test_case user_mod_renamehome
atf_add_test_case user_mod_uid
}