freebsd-skq/lib/libutil/pw_util.3
Ian Lepore 34e9190d82 Make pw_scan(3) more compatible with getpwent(3) et. al. when processing
data from /etc/passwd rather than /etc/master.passwd.

The libc getpwent(3) and related functions automatically read master.passwd
when run by root, or passwd when run by a non-root user.  When run by non-
root, getpwent() copes with the missing data by setting the corresponding
fields in the passwd struct to known values (zeroes for numbers, or a
pointer to an empty string for literals).  When libutil's pw_scan(3) was
used to parse a line without the root-accessible data, it was leaving
garbage in the corresponding fields.

These changes rename the static pw_init() function used by getpwent() and
friends to __pw_initpwd(), and move it into pw_scan.c so that common init
code can be shared between libc and libutil.  pw_scan(3) now calls
__pw_initpwd() before __pw_scan(), just like the getpwent() family does, so
that reading an arbitrary passwd file in either format and parsing it with
pw_scan(3) returns the same results as getpwent(3) would.

This also adds a new pw_initpwd(3) function to libutil, so that code which
creates passwd structs from scratch in some manner that doesn't involve
pw_scan() can initialize the struct to the values expected by lots of
existing code, which doesn't expect to encounter NULL pointers or garbage
values in some fields.
2018-07-26 18:34:38 +00:00

302 lines
6.8 KiB
Groff

.\" Copyright (c) 2012 Baptiste Daroussin <bapt@FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd July 26, 2018
.Dt PW_UTIL 3
.Os
.Sh NAME
.Nm pw_copy ,
.Nm pw_dup ,
.Nm pw_edit ,
.Nm pw_equal ,
.Nm pw_fini ,
.Nm pw_init ,
.Nm pw_make ,
.Nm pw_make_v7 ,
.Nm pw_mkdb ,
.Nm pw_lock ,
.Nm pw_scan ,
.Nm pw_tempname ,
.Nm pw_tmp
.Nd "functions for passwd file handling"
.Sh LIBRARY
.Lb libutil
.Sh SYNOPSIS
.In pwd.h
.In libutil.h
.Ft int
.Fn pw_copy "int ffd" "int tfd" "const struct passwd *pw" "struct passwd *oldpw"
.Ft "struct passwd *"
.Fn pw_dup "const struct passwd *pw"
.Ft int
.Fn pw_edit "int nosetuid"
.Ft int
.Fn pw_equal "const struct passwd *pw1" "const struct passwd *pw2"
.Ft void
.Fn pw_fini "void"
.Ft int
.Fn pw_init "const char *dir" const char *master"
.Ft void
.Fn pw_initpwd "struct passwd *pw"
.Ft "char *"
.Fn pw_make "const struct passwd *pw"
.Ft "char *"
.Fn pw_make_v7 "const struct passwd *pw"
.Ft int
.Fn pw_mkdb "const char *user"
.Ft int
.Fn pw_lock "void"
.Ft "struct passwd *"
.Fn pw_scan "const char *line" "int flags"
.Ft "const char *"
.Fn pw_tempname "void"
.Ft int
.Fn pw_tmp "int mfd"
.Sh DESCRIPTION
The
.Fn pw_copy
function reads a password file from
.Vt ffd
and writes it back out to
.Vt tfd
possibly with modifications:
.Bl -dash
.It
If
.Fa pw
is
.Dv NULL
and
.Fa oldpw
is not
.Dv NULL ,
then the record represented by
.Fa oldpw
will not be copied (corresponding to user deletion).
.It
If
.Fa pw
and
.Fa oldpw
are not
.Dv NULL
then the record corresponding to
.Fa pw
will be replaced by the record corresponding to
.Fa oldpw .
.It
If
.Vt pw
is set and
.Vt oldpw
is
.Dv NULL
then the record corresponding to
.Vt pw
will be appended (corresponding to user addition).
.El
.Pp
The
.Fn pw_copy
function returns -1 in case of failure otherwise 0.
.Pp
The
.Fn pw_dup
function duplicates the
.Vt struct passwd
pointed to by
.Fa pw
and returns a pointer to the copy, or
.Dv NULL
in case of failure.
The new
.Vt struct passwd
is allocated with
.Xr malloc 3 ,
and it is the caller's responsibility to free it with
.Xr free 3 .
.Pp
The
.Fn pw_edit
function invokes the command specified by the
.Ev EDITOR
environment variable (or
.Pa /usr/bin/vi
if
.Ev EDITOR
is not defined)
on a temporary copy of the master password file created by
.Fn pw_tmp .
If the file was modified,
.Fn pw_edit
installs it and regenerates the password database.
The
.Fn pw_edit
function returns -1 in case of failure, 0 if the file was not modified,
and a non-zero positive number if the file was modified and successfully
installed.
.Pp
The
.Fn pw_equal
function compares two
.Vt struct passwd
and returns 0 if they are equal.
.Pp
The
.Fn pw_fini
function destroy the temporary file created by
.Fn pw_tmp
if any,
kills any running instance of
.Ev EDITOR
executed by
.Fn pw_edit
if any,
and closes the lock created by
.Fn pw_lock
if any.
.Pp
The
.Fn pw_init
initializes the static variable representing the path to a password file.
.Fa dir
is the directory where the password file is located.
If set to
.Dv NULL ,
it will default to
.Pa /etc .
.Fa master
is the name of the password file.
If set to
.Dv NULL?
it will default to
.Pa master.passwd
.Pp
The
.Fn pw_initpwd
function initializes the
.Vt passwd
struct to canonical values.
The entire structure is zeroed, then
.Va pw_uid
and
.Va pw_gid
are set to -1, and all string pointers are set to point at
an internally-defined zero-length string.
.Pp
The
.Fn pw_make
function creates a properly formatted
.Bx
.Xr passwd 5
line from a
.Vt struct passwd ,
and returns a pointer to the resulting string.
The string is allocated with
.Xr malloc 3 ,
and it is the caller's responsibility to free it with
.Xr free 3 .
.Pp
The
.Fn pw_make_v7
function creates a properly formatted
.Ux V7
.Xr passwd 5
line from a
.Vt struct passwd ,
and returns a pointer to the resulting string.
The string is allocated with
.Xr malloc 3 ,
and it is the caller's responsibility to free it with
.Xr free 3 .
.Pp
The
.Fn pw_mkdb
function regenerates the password database by running
.Xr pwd_mkdb 8 .
If
.Fa user
only the record corresponding to that user will be updated.
The
.Fn pw_mkdb
function returns 0 in case of success and -1 in case of failure.
.Pp
The
.Fn pw_lock
function locks the master password file.
It returns a file descriptor to the master password file on success
and -1 on failure.
.Pp
The
.Fn pw_scan
function is a wrapper around the internal libc function
.Fn __pw_scan .
It scans the master password file for a line corresponding to the
.Fa line
provided and return a
.Vt struct passwd
if it matched an existing record.
In case of failure, it returns
.Dv NULL .
Otherwise, it returns a pointer to a
.Vt struct passwd
containing the matching record.
The
.Vt struct passwd
is allocated with
.Xr malloc 3 ,
and it is the caller's responsibility to free it with
.Xr free 3 .
.Pp
The
.Fn pw_tempname
function returns the temporary name of the masterfile created via
.Fn pw_tmp .
.Pp
The
.Fn pw_tmp
creates and opens a presumably safe temporary password file.
If
.Fa mfd
is a file descriptor to an open password file, it will be read and
written back to the temporary password file.
Otherwise if should be set -1.
The
.Fn pw_tmp
returns an open file descriptor to the temporary password file or -1 in case of
failure.
.Sh AUTHORS
Portions of this software were developed for the
.Fx
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Pp
This manual page was written by
.An Baptiste Daroussin Aq Mt bapt@FreeBSD.org .