diff options
author | Martin Schlemmer <azarah@gentoo.org> | 2002-10-20 15:16:51 +0000 |
---|---|---|
committer | Martin Schlemmer <azarah@gentoo.org> | 2002-10-20 15:16:51 +0000 |
commit | bf3fdd404752daa1db50811c680b06059b8552ae (patch) | |
tree | 3b95f0793db9576accdd852221368536f9e77f53 /sys-apps/shadow/files | |
parent | unmask bugfixing rev (diff) | |
download | gentoo-2-bf3fdd404752daa1db50811c680b06059b8552ae.tar.gz gentoo-2-bf3fdd404752daa1db50811c680b06059b8552ae.tar.bz2 gentoo-2-bf3fdd404752daa1db50811c680b06059b8552ae.zip |
cleanup; update su-pam_open_session.patch
Diffstat (limited to 'sys-apps/shadow/files')
-rw-r--r-- | sys-apps/shadow/files/chage | 7 | ||||
-rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.1-r2 | 1 | ||||
-rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.2-r4 | 1 | ||||
-rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.3-r2 (renamed from sys-apps/shadow/files/digest-shadow-4.0.3-r1) | 0 | ||||
-rw-r--r-- | sys-apps/shadow/files/login.defs | 51 | ||||
-rw-r--r-- | sys-apps/shadow/files/shadow | 6 | ||||
-rw-r--r-- | sys-apps/shadow/files/shadow-4.0.3-su-pam_open_session.patch-v2 | 209 | ||||
-rw-r--r-- | sys-apps/shadow/files/shells | 8 | ||||
-rw-r--r-- | sys-apps/shadow/files/useradd | 5 | ||||
-rw-r--r-- | sys-apps/shadow/files/useradd.c | 1829 | ||||
-rw-r--r-- | sys-apps/shadow/files/useradd.diff | 42 |
11 files changed, 209 insertions, 1950 deletions
diff --git a/sys-apps/shadow/files/chage b/sys-apps/shadow/files/chage deleted file mode 100644 index 197f0857fd7d..000000000000 --- a/sys-apps/shadow/files/chage +++ /dev/null @@ -1,7 +0,0 @@ -#%PAM-1.0 -# /etc/pam.d/shadow - sample PAM config file for all shadow utils like: -# chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod. -auth sufficient /lib/security/pam_rootok.so -auth required /lib/security/pam_permit.so -account required /lib/security/pam_permit.so -password required /lib/security/pam_permit.so diff --git a/sys-apps/shadow/files/digest-shadow-4.0.1-r2 b/sys-apps/shadow/files/digest-shadow-4.0.1-r2 deleted file mode 100644 index a54c563d6853..000000000000 --- a/sys-apps/shadow/files/digest-shadow-4.0.1-r2 +++ /dev/null @@ -1 +0,0 @@ -MD5 0d81d40d11ff7d1e0b061e4ab7976a9e shadow-4.0.1.tar.gz 960841 diff --git a/sys-apps/shadow/files/digest-shadow-4.0.2-r4 b/sys-apps/shadow/files/digest-shadow-4.0.2-r4 deleted file mode 100644 index cd747a96a934..000000000000 --- a/sys-apps/shadow/files/digest-shadow-4.0.2-r4 +++ /dev/null @@ -1 +0,0 @@ -MD5 5a98215dd9ee6511cbc2c898898d3c14 shadow-4.0.2.tar.gz 966765 diff --git a/sys-apps/shadow/files/digest-shadow-4.0.3-r1 b/sys-apps/shadow/files/digest-shadow-4.0.3-r2 index aee0733f80f7..aee0733f80f7 100644 --- a/sys-apps/shadow/files/digest-shadow-4.0.3-r1 +++ b/sys-apps/shadow/files/digest-shadow-4.0.3-r2 diff --git a/sys-apps/shadow/files/login.defs b/sys-apps/shadow/files/login.defs deleted file mode 100644 index b2696881076c..000000000000 --- a/sys-apps/shadow/files/login.defs +++ /dev/null @@ -1,51 +0,0 @@ -#MAIL_FILE .mail -#MD5_CRYPT_ENAB yes -#QMAIL_DIR Maildir -CHFN_AUTH yes -CHFN_RESTRICT rwh -CONSOLE /etc/securetty -#CREATE_HOME is a RedHat'ism and not supported -#by the stock shadow package. -#Generates warning message if set to 'yes' -CREATE_HOME no -DEFAULT_HOME yes -DIALUPS_CHECK_ENAB yes -ENVIRON_FILE /etc/environment -ENV_HZ HZ=100 -ENV_PATH PATH=/bin:/usr/bin -ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin -ERASECHAR 0177 -FAILLOG_ENAB yes -FAIL_DELAY 3 -FTMP_FILE /var/log/btmp -GID_MAX 60000 -GID_MIN 100 -HUSHLOGIN_FILE .hushlogin -KILLCHAR 025 -LASTLOG_ENAB yes -LOGIN_RETRIES 5 -LOGIN_TIMEOUT 60 -LOG_OK_LOGINS no -LOG_UNKFAIL_ENAB no -MAIL_CHECK_ENAB yes -MAIL_DIR /var/spool/mail -MOTD_FILE /etc/motd -NOLOGINS_FILE /etc/nologin -OBSCURE_CHECKS_ENAB yes -PASS_ALWAYS_WARN yes -PASS_CHANGE_TRIES 5 -PASS_MAX_DAYS 99999 -PASS_MIN_DAYS 0 -PASS_MIN_LEN 5 -PASS_WARN_AGE 7 -PORTTIME_CHECKS_ENAB yes -QUOTAS_ENAB yes -SU_NAME su -SU_WHEEL_ONLY no -SYSLOG_SG_ENAB yes -SYSLOG_SU_ENAB yes -TTYGROUP tty -TTYPERM 0600 -UID_MAX 60000 -UID_MIN 1000 -UMASK 022 diff --git a/sys-apps/shadow/files/shadow b/sys-apps/shadow/files/shadow deleted file mode 100644 index 353b6a09616b..000000000000 --- a/sys-apps/shadow/files/shadow +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -# /etc/pam.d/shadow - sample PAM config file for all shadow utils like: -# chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod. -auth sufficient /lib/security/pam_rootok.so -account required /lib/security/pam_permit.so -password required /lib/security/pam_permit.so diff --git a/sys-apps/shadow/files/shadow-4.0.3-su-pam_open_session.patch-v2 b/sys-apps/shadow/files/shadow-4.0.3-su-pam_open_session.patch-v2 new file mode 100644 index 000000000000..a443c1ab8a2a --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.3-su-pam_open_session.patch-v2 @@ -0,0 +1,209 @@ +--- shadow-4.0.3/src/su.c.orig 2002-10-20 16:43:21.000000000 +0200 ++++ shadow-4.0.3/src/su.c 2002-10-20 16:50:57.000000000 +0200 +@@ -134,6 +134,108 @@ + exit (1); + } + ++#ifdef USE_PAM ++static int caught=0; ++ ++/* Signal handler for parent process later */ ++static void su_catch_sig(int sig) ++{ ++ ++caught; ++} ++ ++/* This I ripped out of su.c from sh-utils after the Mandrake pam patch ++ * have been applied. Some work was needed to get it integrated into ++ * su.c from shadow. ++ */ ++static void run_shell (const char *shellstr, char *args[], int doshell) ++{ ++ int child; ++ sigset_t ourset; ++ int status; ++ int ret; ++ ++ child = fork(); ++ if (child == 0) { /* child shell */ ++ pam_end (pamh, PAM_SUCCESS); ++ ++ if (doshell) ++ shell (shellstr, (char *) args[0]); ++ else ++ (void) execv (shellstr, (char **) args); ++ { ++ int exit_status = (errno == ENOENT ? 127 : 126); ++ exit (exit_status); ++ } ++ } else if (child == -1) { ++ (void) fprintf(stderr, "%s: Cannot fork user shell\n", Prog); ++ SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell)); ++ closelog (); ++ exit(1); ++ } ++ /* parent only */ ++ sigfillset(&ourset); ++ if (sigprocmask(SIG_BLOCK, &ourset, NULL)) { ++ (void) fprintf(stderr, "%s: signal malfunction\n", Prog); ++ caught = 1; ++ } ++ if (!caught) { ++ struct sigaction action; ++ action.sa_handler = su_catch_sig; ++ sigemptyset(&action.sa_mask); ++ action.sa_flags = 0; ++ sigemptyset(&ourset); ++ ++ if (sigaddset(&ourset, SIGTERM) ++ || sigaddset(&ourset, SIGALRM) ++ || sigaction(SIGTERM, &action, NULL) ++ || sigprocmask(SIG_UNBLOCK, &ourset, NULL) ++ ) { ++ fprintf(stderr, "%s: signal masking malfunction\n", Prog); ++ caught = 1; ++ } ++ } ++ ++ if (!caught) { ++ do { ++ int pid; ++ ++ pid = waitpid(-1, &status, WUNTRACED); ++ ++ if (WIFSTOPPED(status)) { ++ kill(getpid(), SIGSTOP); ++ /* once we get here, we must have resumed */ ++ kill(pid, SIGCONT); ++ } ++ } while (WIFSTOPPED(status)); ++ } ++ ++ if (caught) { ++ fprintf(stderr, "\nSession terminated, killing shell..."); ++ kill (child, SIGTERM); ++ } ++ ++ ret = pam_close_session(pamh, 0); ++ if (ret != PAM_SUCCESS) { ++ SYSLOG ((LOG_ERR, "pam_close_session: %s", ++ pam_strerror (pamh, ret))); ++ fprintf (stderr, "%s: %s\n", Prog, ++ pam_strerror (pamh, ret)); ++ pam_end (pamh, ret); ++ exit (1); ++ } ++ ++ ret = pam_end(pamh, PAM_SUCCESS); ++ ++ if (caught) { ++ sleep(2); ++ kill(child, SIGKILL); ++ fprintf(stderr, " ...killed.\n"); ++ exit(-1); ++ } ++ ++ exit (WEXITSTATUS(status)); ++} ++#endif + + /* + * su - switch user id +@@ -152,6 +254,7 @@ + int main (int argc, char **argv) + { + char *cp; ++ char **envcp; + const char *tty = 0; /* Name of tty SU is run from */ + int doshell = 0; + int fakelogin = 0; +@@ -252,6 +355,14 @@ + */ + if ((cp = getenv ("TERM"))) + addenv ("TERM", cp); ++ /* ++ * Also leave DISPLAY and XAUTHORITY if present, else ++ * pam_xauth will not work. ++ */ ++ if ((cp = getenv ("DISPLAY"))) ++ addenv ("DISPLAY", cp); ++ if ((cp = getenv ("XAUTHORITY"))) ++ addenv ("XAUTHORITY", cp); + } else { + while (*envp) + addenv (*envp++, NULL); +@@ -507,7 +618,10 @@ + } + #endif + ++/* setup the environment for pam later on, else we run into auth problems */ ++#ifndef USE_PAM + environ = newenvp; /* make new environment active */ ++#endif + + if (getenv ("IFS")) /* don't export user IFS ... */ + addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */ +@@ -555,6 +669,31 @@ + exit (1); + } + ++ ret = pam_open_session (pamh, 0); ++ if (ret != PAM_SUCCESS) { ++ SYSLOG ((LOG_ERR, "pam_open_session: %s", ++ pam_strerror (pamh, ret))); ++ fprintf (stderr, "%s: %s\n", Prog, ++ pam_strerror (pamh, ret)); ++ pam_end (pamh, ret); ++ exit (1); ++ } ++ ++ /* we need to setup the environment *after* pam_open_session(), ++ * else the UID is changed before stuff like pam_xauth could ++ * run, and we cannot access /etc/shadow and co ++ */ ++ environ = newenvp; /* make new environment active */ ++ ++ /* update environment with all pam set variables */ ++ envcp = pam_getenvlist(pamh); ++ if(envcp) { ++ while(*envcp) { ++ putenv(*envcp); ++ envcp++; ++ } ++ } ++ + /* become the new user */ + if (change_uid (&pwent)) { + pam_setcred (pamh, PAM_DELETE_CRED); +@@ -562,9 +701,6 @@ + exit (1); + } + +- /* now we are done using PAM */ +- pam_end (pamh, PAM_SUCCESS); +- + #else /* !USE_PAM */ + if (!amroot) /* no limits if su from root */ + setup_limits (&pwent); +@@ -622,13 +758,21 @@ + */ + + argv[-1] = pwent.pw_shell; ++#ifndef USE_PAM + (void) execv (pwent.pw_shell, &argv[-1]); ++#else ++ run_shell (pwent.pw_shell, &argv[-1], 0); ++#endif + (void) fprintf (stderr, _("No shell\n")); + SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell)); + closelog (); + exit (1); + } + ++#ifndef USE_PAM + shell (pwent.pw_shell, cp); ++#else ++ run_shell (pwent.pw_shell, &cp, 1); ++#endif + /*NOTREACHED*/ exit (1); + } diff --git a/sys-apps/shadow/files/shells b/sys-apps/shadow/files/shells deleted file mode 100644 index 3a445cad6737..000000000000 --- a/sys-apps/shadow/files/shells +++ /dev/null @@ -1,8 +0,0 @@ -# /etc/shells: valid login shells -/bin/sh -/bin/bash -/bin/tcsh -/bin/esh -/bin/ksh -/bin/zsh -/bin/sash diff --git a/sys-apps/shadow/files/useradd b/sys-apps/shadow/files/useradd deleted file mode 100644 index bb1ab7fdfa0c..000000000000 --- a/sys-apps/shadow/files/useradd +++ /dev/null @@ -1,5 +0,0 @@ -auth required pam_wheel.so trust use_uid -auth sufficient pam_rootok.so -#auth required pam_pwdb.so nullok -account required pam_pwdb.so -session required pam_pwdb.so diff --git a/sys-apps/shadow/files/useradd.c b/sys-apps/shadow/files/useradd.c deleted file mode 100644 index 4e839a232e1b..000000000000 --- a/sys-apps/shadow/files/useradd.c +++ /dev/null @@ -1,1829 +0,0 @@ -/* - * Copyright 1991 - 1994, Julianne Frances Haugh - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Julianne F. Haugh nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <config.h> - -#include "rcsid.h" -RCSID(PKG_VER "$Id: useradd.c,v 1.1 2001/08/01 19:00:37 drobbins Exp $") - -#include "prototypes.h" -#include "defines.h" -#include "chkname.h" -#include <sys/types.h> -#include <sys/stat.h> -#include <stdio.h> -#include <errno.h> -#include <pwd.h> -#include <grp.h> -#include <ctype.h> -#include <fcntl.h> -#include <time.h> - -#ifdef USE_PAM -#include <security/pam_appl.h> -#include <security/pam_misc.h> -#include <pwd.h> -#endif /* USE_PAM */ - -#include "pwauth.h" -#if HAVE_LASTLOG_H -#include <lastlog.h> -#else -#include "lastlog_.h" -#endif -#include "faillog.h" - -#ifndef SKEL_DIR -#define SKEL_DIR "/etc/skel" -#endif - -#ifndef USER_DEFAULTS_FILE -#define USER_DEFAULTS_FILE "/etc/default/useradd" -#define NEW_USER_FILE "/etc/default/nuaddXXXXXX" -#endif - -/* - * Needed for MkLinux DR1/2/2.1 - J. - */ -#ifndef LASTLOG_FILE -#define LASTLOG_FILE "/var/log/lastlog" -#endif - -/* - * These defaults are used if there is no defaults file. - */ -static gid_t def_group = 100; -static const char *def_gname = "other"; -static const char *def_home = "/home"; -static const char *def_shell = ""; -static const char *def_template = SKEL_DIR; -#ifdef SHADOWPWD -static long def_inactive = -1; -static const char *def_expire = ""; -#endif - -static char def_file[] = USER_DEFAULTS_FILE; - -#define VALID(s) (strcspn (s, ":\n") == strlen (s)) - -static const char *user_name = ""; -static const char *user_pass = "!"; -static uid_t user_id; -static gid_t user_gid; -static const char *user_comment = ""; -static const char *user_home = ""; -static const char *user_shell = ""; -#ifdef SHADOWPWD -static long user_expire = -1; -static int is_shadow_pwd; -#endif -#ifdef SHADOWGRP -static int is_shadow_grp; -#endif -static char *user_groups[NGROUPS_MAX+1]; /* NULL-terminated list */ -static int do_grp_update = 0; /* group files need to be updated */ - -static char *Prog; - -static int - uflg = 0, /* specify user ID for new account */ - oflg = 0, /* permit non-unique user ID to be specified with -u */ - gflg = 0, /* primary group ID for new account */ - Gflg = 0, /* secondary group set for new account */ - dflg = 0, /* home directory for new account */ - bflg = 0, /* new default root of home directory */ - sflg = 0, /* shell program for new account */ - cflg = 0, /* comment (GECOS) field for new account */ - mflg = 0, /* create user's home directory if it doesn't exist */ - kflg = 0, /* specify a directory to fill new user directory */ - fflg = 0, /* days until account with expired password is locked */ - eflg = 0, /* days since 1970-01-01 when account is locked */ - Dflg = 0; /* set/show new user default values */ - -#ifdef AUTH_METHODS -static int Aflg = 0; /* specify authentication method for user */ -static char user_auth[1024]; -static char *auth_arg; -#endif - -extern char *optarg; -extern int optind; - -#ifdef NDBM -extern int pw_dbm_mode; -#ifdef SHADOWPWD -extern int sp_dbm_mode; -#endif -extern int gr_dbm_mode; -#ifdef SHADOWGRP -extern int sg_dbm_mode; -#endif -#endif - -static int home_added; - -#ifdef NDBM -static int pw_dbm_added; -static int gr_dbm_added; -#ifdef SHADOWPWD -static int sp_dbm_added; -#endif -#ifdef SHADOWGRP -static int sg_dbm_added; -#endif -#endif /* NDBM */ - -#include "groupio.h" - -#ifdef SHADOWGRP -#include "sgroupio.h" -#endif - -#include "pwio.h" - -#ifdef SHADOWPWD -#include "shadowio.h" -#endif - -#include "getdef.h" - -/* - * exit status values - */ -#define E_SUCCESS 0 /* success */ -#define E_PW_UPDATE 1 /* can't update password file */ -#define E_USAGE 2 /* bad command syntax */ -#define E_BAD_ARG 3 /* invalid argument to option */ -#define E_UID_IN_USE 4 /* uid already in use (and no -o) */ -#define E_NOTFOUND 6 /* specified group doesn't exist */ -#define E_NAME_IN_USE 9 /* username already in use */ -#define E_GRP_UPDATE 10 /* can't update group file */ -#define E_HOMEDIR 12 /* can't create home directory */ - -#ifdef SVR4 -#define DGROUP "defgroup=" -#define HOME "defparent=" -#define SHELL "defshell=" -#define INACT "definact=" -#define EXPIRE "defexpire=" -#define SKEL "defskel=" -#else -#define DGROUP "GROUP=" -#define HOME "HOME=" -#define SHELL "SHELL=" -#define INACT "INACTIVE=" -#define EXPIRE "EXPIRE=" -#define SKEL "SKEL=" -#endif - -/* local function prototypes */ -static void fail_exit(int); -static struct group *getgr_nam_gid(const char *); -static long get_number(const char *); -static void get_defaults(void); -static void show_defaults(void); -static int set_defaults(void); -static int get_groups(char *); -static void usage(void); -static void new_pwent(struct passwd *); -#ifdef SHADOWPWD -static long scale_age(long); -static void new_spent(struct spwd *); -#endif -static void grp_update(void); -static void find_new_uid(void); -#ifdef AUTH_METHODS -static void convert_auth(char *, const char *); -static int valid_auth(const char *); -#endif -static void process_flags(int argc, char **argv); -static void close_files(void); -static void open_files(void); -static void faillog_reset(uid_t); -static void lastlog_reset(uid_t); -static void usr_update(void); -static void create_home(void); - -/* - * fail_exit - undo as much as possible - */ - -static void -fail_exit(int code) -{ -#ifdef NDBM - struct passwd pwent; - - if (pw_dbm_added) { - pwent.pw_name = user_name; - pwent.pw_uid = user_id; - pw_dbm_remove(&pwent); - } - if (gr_dbm_added) - fprintf(stderr, _("%s: rebuild the group database\n"), Prog); -#ifdef SHADOWPWD - if (sp_dbm_added) - sp_dbm_remove(user_name); -#endif -#ifdef SHADOWGRP - if (sg_dbm_added) - fprintf(stderr, _("%s: rebuild the shadow group database\n"), - Prog); -#endif -#endif /* NDBM */ - if (home_added) - rmdir(user_home); - - SYSLOG((LOG_INFO, "failed adding user `%s', data deleted\n", - user_name)); - exit(code); -} - - -static struct group * -getgr_nam_gid(const char *name) -{ - gid_t gid; - char *ep; - - gid = strtol(name, &ep, 10); - if (*name != '\0' && *ep == '\0') /* valid numeric gid */ - return getgrgid(gid); - - return getgrnam(name); -} - - -static long -get_number(const char *cp) -{ - long val; - char *ep; - - val = strtol(cp, &ep, 10); - if (*cp != '\0' && *ep == '\0') /* valid number */ - return val; - - fprintf(stderr, _("%s: invalid numeric argument `%s'\n"), Prog, cp); - exit(E_BAD_ARG); -} - -#define MATCH(x,y) (strncmp((x),(y),strlen(y)) == 0) - -/* - * get_defaults - read the defaults file - * - * get_defaults() reads the defaults file for this command. It sets - * the various values from the file, or uses built-in default values - * if the file does not exist. - */ - -static void -get_defaults(void) -{ - FILE *fp; - char buf[1024]; - char *cp, *ep; - const struct group *grp; - long val; - - /* - * Open the defaults file for reading. - */ - - if (!(fp = fopen(def_file, "r"))) - return; - - /* - * Read the file a line at a time. Only the lines that have - * relevant values are used, everything else can be ignored. - */ - - while (fgets(buf, sizeof buf, fp)) { - if ((cp = strrchr (buf, '\n'))) - *cp = '\0'; - - if (!(cp = strchr(buf, '='))) - continue; - - cp++; - - /* - * Primary GROUP identifier - */ - - if (MATCH(buf, DGROUP)) { - val = strtol(cp, &ep, 10); - if (*cp != '\0' && *ep == '\0') { /* valid number */ - def_group = val; - if ((grp = getgrgid(def_group))) { - def_gname = xstrdup(grp->gr_name); - } else { - fprintf(stderr, - _("%s: unknown gid %s\n"), - Prog, cp); - } - } else if ((grp = getgrnam(cp))) { - def_group = grp->gr_gid; - def_gname = xstrdup(cp); - } else { - fprintf(stderr, _("%s: unknown group %s\n"), - Prog, cp); - } - } - - /* - * Default HOME filesystem - */ - - else if (MATCH(buf, HOME)) { - def_home = xstrdup(cp); - } - - /* - * Default Login Shell command - */ - - else if (MATCH(buf, SHELL)) { - def_shell = xstrdup(cp); - } - -#ifdef SHADOWPWD - /* - * Default Password Inactive value - */ - - else if (MATCH(buf, INACT)) { - val = strtol(cp, &ep, 10); - if (*cp != '\0' && *ep == '\0') /* valid number */ - def_inactive = val; - else - def_inactive = -1; - } - - /* - * Default account expiration date - */ - - else if (MATCH(buf, EXPIRE)) { - def_expire = xstrdup(cp); - } -#endif - - /* - * Default Skeleton information - */ - - else if (MATCH(buf, SKEL)) { - if (*cp == '\0') - cp = SKEL_DIR; /* XXX warning: const */ - - def_template = xstrdup(cp); - } - } -} - - -/* - * show_defaults - show the contents of the defaults file - * - * show_defaults() displays the values that are used from the default - * file and the built-in values. - */ - -static void -show_defaults(void) -{ -#ifdef SVR4 - printf(_("group=%s,%ld basedir=%s skel=%s\n"), - def_gname, (long) def_group, def_home, def_template); - - printf(_("shell=%s "), def_shell); -#ifdef SHADOWPWD - printf(_("inactive=%ld expire=%s"), def_inactive, def_expire); -#endif - printf("\n"); -#else /* !SVR4 */ - printf(_("GROUP=%ld\n"), (long) def_group); - printf(_("HOME=%s\n"), def_home); -#ifdef SHADOWPWD - printf(_("INACTIVE=%ld\n"), def_inactive); - printf(_("EXPIRE=%s\n"), def_expire); -#endif - printf(_("SHELL=%s\n"), def_shell); - printf(_("SKEL=%s\n"), def_template); -#endif /* !SVR4 */ -} - -/* - * set_defaults - write new defaults file - * - * set_defaults() re-writes the defaults file using the values that - * are currently set. Duplicated lines are pruned, missing lines are - * added, and unrecognized lines are copied as is. - */ - -static int -set_defaults(void) -{ - FILE *ifp; - FILE *ofp; - char buf[1024]; - static char new_file[] = NEW_USER_FILE; - char *cp; - int out_group = 0; - int out_home = 0; - int out_inactive = 0; - int out_expire = 0; - int out_shell = 0; - int out_skel = 0; -#ifdef SVR4 - int out_gname = 0; -#endif - - /* - * Create a temporary file to copy the new output to. - */ -#ifdef HAVE_MKSTEMP - mkstemp (new_file); -#else - mktemp (new_file); -#endif - if (!(ofp = fopen (new_file, "w"))) { - fprintf(stderr, _("%s: cannot create new defaults file\n"), - Prog); - return -1; - } - - /* - * Open the existing defaults file and copy the lines to the - * temporary file, using any new values. Each line is checked - * to insure that it is not output more than once. - */ - - if (!(ifp = fopen(def_file, "r"))) { - fprintf(ofp, "# useradd defaults file\n"); - goto skip; - } - - while (fgets(buf, sizeof buf, ifp)) { - if ((cp = strrchr(buf, '\n'))) - *cp = '\0'; - - if (!out_group && MATCH(buf, DGROUP)) { - fprintf(ofp, DGROUP "%d\n", (int) def_group); - out_group++; - } -#ifdef SVR4 - else if (!out_gname && MATCH(buf, "defgname=")) { - fprintf(ofp, "defgname=%s\n", def_gname); - out_gname++; - } -#endif - else if (!out_home && MATCH(buf, HOME)) { - fprintf(ofp, HOME "%s\n", def_home); - out_home++; -#ifdef SHADOWPWD - } else if (!out_inactive && MATCH(buf, INACT)) { - fprintf(ofp, INACT "%ld\n", def_inactive); - out_inactive++; - } else if (!out_expire && MATCH(buf, EXPIRE)) { - fprintf(ofp, EXPIRE "%s\n", def_expire); - out_expire++; - } -#endif - else if (!out_shell && MATCH(buf, SHELL)) { - fprintf(ofp, SHELL "%s\n", def_shell); - out_shell++; - } - else if (!out_skel && MATCH(buf, SKEL)) { - fprintf(ofp, SKEL "%s\n", def_template); - out_skel++; - } - else - fprintf(ofp, "%s\n", buf); - } - fclose(ifp); - -skip: - /* - * Check each line to insure that every line was output. This - * causes new values to be added to a file which did not previously - * have an entry for that value. - */ - - if (!out_group) - fprintf(ofp, DGROUP "%d\n", (int) def_group); - if (!out_home) - fprintf(ofp, HOME "%s\n", def_home); -#ifdef SHADOWPWD - if (!out_inactive) - fprintf(ofp, INACT "%ld\n", def_inactive); - if (!out_expire) - fprintf(ofp, EXPIRE "%s\n", def_expire); -#endif - if (!out_shell) - fprintf(ofp, SHELL "%s\n", def_shell); - if (!out_skel) - fprintf(ofp, SKEL "%s\n", def_template); - - /* - * Flush and close the file. Check for errors to make certain - * the new file is intact. - */ - - fflush(ofp); - if (ferror(ofp) || fclose(ofp)) { - unlink(new_file); - return -1; - } - - /* - * Rename the current default file to its backup name. - */ - - snprintf(buf, sizeof buf, "%s-", def_file); - if (rename(def_file, buf) && errno != ENOENT) { - snprintf(buf, sizeof buf, _("%s: rename: %s"), Prog, def_file); - perror(buf); - unlink(new_file); - return -1; - } - - /* - * Rename the new default file to its correct name. - */ - - if (rename(new_file, def_file)) { - snprintf(buf, sizeof buf, _("%s: rename: %s"), Prog, new_file); - perror(buf); - return -1; - } -#ifdef SHADOWPWD - SYSLOG((LOG_INFO, - "defaults: group=%d, home=%s, inactive=%ld, expire=%s\n", - (int) def_group, def_home, def_inactive, def_expire)); -#else - SYSLOG((LOG_INFO, "defaults: group=%d, home=%s\n", - (int) def_group, def_home)); -#endif - return 0; -} - -/* - * get_groups - convert a list of group names to an array of group IDs - * - * get_groups() takes a comma-separated list of group names and - * converts it to a NULL-terminated array. Any unknown group - * names are reported as errors. - */ - -static int -get_groups(char *list) -{ - char *cp; - const struct group *grp; - int errors = 0; - int ngroups = 0; - - /* - * Initialize the list to be empty - */ - - user_groups[0] = (char *) 0; - - if (! *list) - return 0; - - /* - * So long as there is some data to be converted, strip off - * each name and look it up. A mix of numerical and string - * values for group identifiers is permitted. - */ - - do { - /* - * Strip off a single name from the list - */ - - if ((cp = strchr (list, ','))) - *cp++ = '\0'; - - /* - * Names starting with digits are treated as numerical - * GID values, otherwise the string is looked up as is. - */ - - grp = getgr_nam_gid(list); - - /* - * There must be a match, either by GID value or by - * string name. - */ - - if (! grp) { - fprintf(stderr, _("%s: unknown group %s\n"), - Prog, list); - errors++; - } - list = cp; - - /* - * If the group doesn't exist, don't dump core... - * Instead, try the next one. --marekm - */ - if (! grp) - continue; - -#ifdef USE_NIS - /* - * Don't add this group if they are an NIS group. Tell - * the user to go to the server for this group. - */ - - if (__isgrNIS ()) { - fprintf(stderr, _("%s: group `%s' is a NIS group.\n"), - Prog, grp->gr_name); - continue; - } -#endif - - if (ngroups == NGROUPS_MAX) { - fprintf(stderr, - _("%s: too many groups specified (max %d).\n"), - Prog, ngroups); - break; - } - - /* - * Add the group name to the user's list of groups. - */ - - user_groups[ngroups++] = xstrdup(grp->gr_name); - } while (list); - - user_groups[ngroups] = (char *) 0; - - /* - * Any errors in finding group names are fatal - */ - - if (errors) - return -1; - - return 0; -} - -/* - * usage - display usage message and exit - */ - -static void -usage(void) -{ - fprintf(stderr, - _("usage: %s\t[-u uid [-o]] [-g group] [-G group,...] \n"), - Prog); - fprintf(stderr, - _("\t\t[-d home] [-s shell] [-c comment] [-m [-k template]]\n")); - fprintf(stderr, "\t\t"); -#ifdef SHADOWPWD - fprintf(stderr, _("[-f inactive] [-e expire ] ")); -#endif -#ifdef AUTH_METHODS - fprintf(stderr, _("[-A program] ")); -#endif - fprintf(stderr, _("[-p passwd] name\n")); - - fprintf(stderr, _(" %s\t-D [-g group] [-b base] [-s shell]\n"), - Prog); -#ifdef SHADOWPWD - fprintf(stderr, _("\t\t[-f inactive] [-e expire ]\n")); -#endif - - exit(E_USAGE); -} - -/* - * new_pwent - initialize the values in a password file entry - * - * new_pwent() takes all of the values that have been entered and - * fills in a (struct passwd) with them. - */ - -static void -new_pwent(struct passwd *pwent) -{ - memzero(pwent, sizeof *pwent); - pwent->pw_name = (char *) user_name; -#ifdef SHADOWPWD - if (is_shadow_pwd) - pwent->pw_passwd = (char *) SHADOW_PASSWD_STRING; - else -#endif - pwent->pw_passwd = (char *) user_pass; - -#ifdef ATT_AGE - pwent->pw_age = (char *) ""; -#endif - pwent->pw_uid = user_id; - pwent->pw_gid = user_gid; - pwent->pw_gecos = (char *) user_comment; -#ifdef ATT_COMMENT - pwent->pw_comment = (char *) ""; -#endif -#ifdef BSD_QUOTA - pwent->pw_quota = 0; -#endif - pwent->pw_dir = (char *) user_home; - pwent->pw_shell = (char *) user_shell; -} - -#ifdef SHADOWPWD -static long -scale_age(long x) -{ - if (x <= 0) - return x; - - return x * (DAY/SCALE); -} - -/* - * new_spent - initialize the values in a shadow password file entry - * - * new_spent() takes all of the values that have been entered and - * fills in a (struct spwd) with them. - */ - -static void -new_spent(struct spwd *spent) -{ - memzero(spent, sizeof *spent); - spent->sp_namp = (char *) user_name; - spent->sp_pwdp = (char *) user_pass; - spent->sp_lstchg = time((time_t *) 0) / SCALE; - spent->sp_min = scale_age(getdef_num("PASS_MIN_DAYS", -1)); - spent->sp_max = scale_age(getdef_num("PASS_MAX_DAYS", -1)); - spent->sp_warn = scale_age(getdef_num("PASS_WARN_AGE", -1)); - spent->sp_inact = scale_age(def_inactive); - spent->sp_expire = scale_age(user_expire); - spent->sp_flag = -1; -} -#endif - -/* - * grp_update - add user to secondary group set - * - * grp_update() takes the secondary group set given in user_groups - * and adds the user to each group given by that set. - */ - -static void -grp_update(void) -{ - const struct group *grp; - struct group *ngrp; -#ifdef SHADOWGRP - const struct sgrp *sgrp; - struct sgrp *nsgrp; -#endif - - /* - * Lock and open the group file. This will load all of the group - * entries. - */ - - if (! gr_lock ()) { - fprintf(stderr, _("%s: error locking group file\n"), Prog); - fail_exit(E_GRP_UPDATE); - } - if (! gr_open (O_RDWR)) { - fprintf(stderr, _("%s: error opening group file\n"), Prog); - fail_exit(E_GRP_UPDATE); - } -#ifdef SHADOWGRP - if (is_shadow_grp && ! sgr_lock ()) { - fprintf(stderr, _("%s: error locking shadow group file\n"), - Prog); - fail_exit(E_GRP_UPDATE); - } - if (is_shadow_grp && ! sgr_open (O_RDWR)) { - fprintf(stderr, _("%s: error opening shadow group file\n"), - Prog); - fail_exit(E_GRP_UPDATE); - } -#endif - - /* - * Scan through the entire group file looking for the groups that - * the user is a member of. - */ - - for (gr_rewind (), grp = gr_next ();grp;grp = gr_next ()) { - - /* - * See if the user specified this group as one of their - * concurrent groups. - */ - - if (!is_on_list(user_groups, grp->gr_name)) - continue; - - /* - * Make a copy - gr_update() will free() everything - * from the old entry, and we need it later. - */ - - ngrp = __gr_dup(grp); - if (!ngrp) { - fail_exit(E_GRP_UPDATE); /* XXX */ - } - - /* - * Add the username to the list of group members and - * update the group entry to reflect the change. - */ - - ngrp->gr_mem = add_list (ngrp->gr_mem, user_name); - if (!gr_update(ngrp)) { - fprintf(stderr, "%s: error adding new group entry\n", - Prog); - fail_exit(E_GRP_UPDATE); - } -#ifdef NDBM - /* - * Update the DBM group file with the new entry as well. - */ - - if (!gr_dbm_update(ngrp)) { - fprintf(stderr, "%s: cannot add new dbm group entry\n", - Prog); - fail_exit(E_GRP_UPDATE); - } else - gr_dbm_added++; -#endif - SYSLOG((LOG_INFO, "add `%s' to group `%s'\n", - user_name, ngrp->gr_name)); - } -#ifdef NDBM - endgrent (); -#endif - -#ifdef SHADOWGRP - if (!is_shadow_grp) - return; - - /* - * Scan through the entire shadow group file looking for the groups - * that the user is a member of. The administrative list isn't - * modified. - */ - - for (sgr_rewind (), sgrp = sgr_next ();sgrp;sgrp = sgr_next ()) { - - /* - * See if the user specified this group as one of their - * concurrent groups. - */ - - if (!gr_locate(sgrp->sg_name)) - continue; - - if (!is_on_list(user_groups, sgrp->sg_name)) - continue; - - /* - * Make a copy - sgr_update() will free() everything - * from the old entry, and we need it later. - */ - - nsgrp = __sgr_dup(sgrp); - if (!nsgrp) { - fail_exit(E_GRP_UPDATE); /* XXX */ - } - - /* - * Add the username to the list of group members and - * update the group entry to reflect the change. - */ - - nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_name); - if (!sgr_update(nsgrp)) { - fprintf(stderr, - _("%s: error adding new group entry\n"), - Prog); - fail_exit(E_GRP_UPDATE); - } -#ifdef NDBM - /* - * Update the DBM group file with the new entry as well. - */ - - if (!sg_dbm_update(nsgrp)) { - fprintf(stderr, - _("%s: cannot add new dbm group entry\n"), - Prog); - fail_exit(E_GRP_UPDATE); - } else - sg_dbm_added++; -#endif /* NDBM */ - SYSLOG((LOG_INFO, "add `%s' to shadow group `%s'\n", - user_name, nsgrp->sg_name)); - } -#ifdef NDBM - endsgent (); -#endif /* NDBM */ -#endif /* SHADOWGRP */ -} - -/* - * find_new_uid - find the next available UID - * - * find_new_uid() locates the next highest unused UID in the password - * file, or checks the given user ID against the existing ones for - * uniqueness. - */ - -static void -find_new_uid(void) -{ - const struct passwd *pwd; - uid_t uid_min, uid_max; - - uid_min = getdef_num("UID_MIN", 100); - uid_max = getdef_num("UID_MAX", 60000); - - /* - * Start with some UID value if the user didn't provide us with - * one already. - */ - - if (! uflg) - user_id = uid_min; - - /* - * Search the entire password file, either looking for this - * UID (if the user specified one with -u) or looking for the - * largest unused value. - */ - -#ifdef NO_GETPWENT - pw_rewind(); - while ((pwd = pw_next())) { -#else /* using getpwent() we can check against NIS users etc. */ - setpwent(); - while ((pwd = getpwent())) { -#endif - if (strcmp(user_name, pwd->pw_name) == 0) { - fprintf(stderr, _("%s: name %s is not unique\n"), - Prog, user_name); - exit(E_NAME_IN_USE); - } - if (uflg && user_id == pwd->pw_uid) { - fprintf(stderr, _("%s: uid %d is not unique\n"), - Prog, (int) user_id); - exit(E_UID_IN_USE); - } - if (! uflg && pwd->pw_uid >= user_id) { - if (pwd->pw_uid > uid_max) - continue; - user_id = pwd->pw_uid + 1; - } - } - /* - * If a user with uid equal to UID_MAX exists, the above algorithm - * will give us UID_MAX+1 even if not unique. Search for the first - * free uid starting with UID_MIN (it's O(n*n) but can be avoided - * by not having users with uid equal to UID_MAX). --marekm - */ - if (!uflg && user_id == uid_max + 1) { - for (user_id = uid_min; user_id < uid_max; user_id++) { -#ifdef NO_GETPWENT - pw_rewind(); - while ((pwd = pw_next()) && pwd->pw_uid != user_id) - ; - if (!pwd) - break; -#else - if (!getpwuid(user_id)) - break; -#endif - } - if (user_id == uid_max) { - fprintf(stderr, _("%s: can't get unique uid\n"), - Prog); - fail_exit(E_UID_IN_USE); - } - } -} - -#ifdef AUTH_METHODS -/* - * convert_auth - convert the argument list to a authentication list - */ - -static void -convert_auth(char *auths, const char *list) -{ - char *cp, *end; - char buf[257]; - - /* - * Copy each method. DEFAULT is replaced by an encrypted string - * if one can be found in the current authentication list. - */ - - strcpy(buf, list); - auths[0] = '\0'; - for (cp = buf; cp; cp = end) { - if (auths[0]) - strcat(auths, ";"); - - if ((end = strchr(cp, ','))) - *end++ = '\0'; - - if (strcmp(cp, "DEFAULT") == 0) { - strcat(auths, user_pass); - } else { - strcat(auths, "@"); - strcat(auths, cp); - } - } -} - -/* - * valid_auth - check authentication list for validity - */ - -static int -valid_auth(const char *methods) -{ - char *cp, *end; - char buf[257]; - int default_cnt = 0; - - /* - * Cursory checks, length and illegal characters - */ - - if ((int) strlen (methods) > 256) - return 0; - - if (! VALID (methods)) - return 0; - - /* - * Pick each method apart and check it. - */ - - strcpy (buf, methods); - for (cp = buf;cp;cp = end) { - if ((end = strchr (cp, ','))) - *end++ = '\0'; - - if (strcmp (cp, "DEFAULT") == 0) { - if (default_cnt++ > 0) - return 0; - } - } - return 1; -} -#endif /* AUTH_METHODS */ - -/* - * process_flags - perform command line argument setting - * - * process_flags() interprets the command line arguments and sets - * the values that the user will be created with accordingly. The - * values are checked for sanity. - */ - -static void -process_flags(int argc, char **argv) -{ - const struct group *grp; - int anyflag = 0; - int arg; - char *cp; - -#ifdef SHADOWPWD -#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:M" -#else -#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:M" -#endif - while ((arg = getopt(argc, argv, FLAGS)) != EOF) { -#undef FLAGS - switch (arg) { -#ifdef AUTH_METHODS - case 'A': - if (! valid_auth (optarg)) { - fprintf(stderr, - _("%s: invalid field `%s'\n"), - Prog, optarg); - exit(E_BAD_ARG); - } - auth_arg = optarg; - Aflg++; - break; -#endif - case 'b': - if (!Dflg) - usage (); - - if (!VALID(optarg) || optarg[0] != '/') { - fprintf(stderr, - _("%s: invalid base directory `%s'\n"), - Prog, optarg); - exit(E_BAD_ARG); - } - def_home = optarg; - bflg++; - break; - case 'c': - if (!VALID(optarg)) { - fprintf(stderr, - _("%s: invalid comment `%s'\n"), - Prog, optarg); - exit(E_BAD_ARG); - } - user_comment = optarg; - cflg++; - break; - case 'd': - if (!VALID(optarg) || optarg[0] != '/') { - fprintf(stderr, - _("%s: invalid home directory `%s'\n"), - Prog, optarg); - exit(E_BAD_ARG); - } - user_home = optarg; - dflg++; - break; - case 'D': - if (anyflag) - usage(); - Dflg++; - break; -#ifdef SHADOWPWD - case 'e': - if (*optarg) { - user_expire = strtoday(optarg); - if (user_expire == -1) { - fprintf(stderr, - _("%s: invalid date `%s'\n"), - Prog, optarg); - exit(E_BAD_ARG); - } - } else - user_expire = -1; - - /* - * -e "" is allowed - it's a no-op without /etc/shadow - */ - if (*optarg && !is_shadow_pwd) { - fprintf(stderr, - _("%s: shadow passwords required for -e\n"), - Prog); - exit(E_USAGE); - } - if (Dflg) - def_expire = optarg; - eflg++; - break; - case 'f': - def_inactive = get_number(optarg); - /* - * -f -1 is allowed - it's a no-op without /etc/shadow - */ - if (def_inactive != -1 && !is_shadow_pwd) { - fprintf(stderr, - _("%s: shadow passwords required for -f\n"), - Prog); - exit(E_USAGE); - } - fflg++; - break; -#endif - case 'g': - grp = getgr_nam_gid(optarg); - if (!grp) { - fprintf(stderr, _("%s: unknown group %s\n"), - Prog, optarg); - exit(E_NOTFOUND); - } - if (Dflg) { - def_group = grp->gr_gid; - def_gname = optarg; - } else { - user_gid = grp->gr_gid; - } - gflg++; - break; - case 'G': - if (get_groups(optarg)) - exit(E_NOTFOUND); - if (user_groups[0]) - do_grp_update++; - Gflg++; - break; - case 'k': - def_template = optarg; - kflg++; - break; - case 'm': - mflg++; - break; - case 'M': - /* - * don't create home dir - this is the default, - * ignored for RedHat/PLD adduser compatibility. - */ - break; - case 'o': - oflg++; - break; - case 'O': - /* - * override login.defs defaults (-O name=value) - * example: -O UID_MIN=100 -O UID_MAX=499 - * note: -O UID_MIN=10,UID_MAX=499 doesn't work yet - */ - cp = strchr(optarg, '='); - if (!cp) { - fprintf(stderr, - _("%s: -O requires NAME=VALUE\n"), - Prog); - exit(E_BAD_ARG); - } - /* terminate name, point to value */ - *cp++ = '\0'; - if (putdef_str(optarg, cp) < 0) - exit(E_BAD_ARG); - break; - case 'p': /* set encrypted password */ - if (!VALID(optarg)) { - fprintf(stderr, _("%s: invalid field `%s'\n"), - Prog, optarg); - exit(E_BAD_ARG); - } - user_pass = optarg; - break; - case 's': - if (!VALID(optarg) || (optarg[0] && - (optarg[0] != '/' && optarg[0] != '*'))) { - fprintf(stderr, _("%s: invalid shell `%s'\n"), - Prog, optarg); - exit(E_BAD_ARG); - } - user_shell = optarg; - def_shell = optarg; - sflg++; - break; - case 'u': - user_id = get_number(optarg); - uflg++; - break; - default: - usage(); - } - anyflag++; - } - - /* - * Certain options are only valid in combination with others. - * Check it here so that they can be specified in any order. - */ - if ((oflg && !uflg) || (kflg && !mflg)) - usage(); - - /* - * Either -D or username is required. Defaults can be set with -D - * for the -b, -e, -f, -g, -s options only. - */ - if (Dflg) { - if (optind != argc) - usage(); - - if (uflg || oflg || Gflg || dflg || cflg || mflg) - usage(); - } else { - if (optind != argc - 1) - usage(); - - user_name = argv[optind]; - if (!check_user_name(user_name)) { - fprintf(stderr, _("%s: invalid user name `%s'\n"), - Prog, user_name); - exit(E_BAD_ARG); - } - if (!dflg) { - char *uh; - - uh = xmalloc(strlen(def_home) + strlen(user_name) + 2); - sprintf(uh, "%s/%s", def_home, user_name); - user_home = uh; - } - } - -#ifdef SHADOWPWD - if (!eflg) - user_expire = strtoday(def_expire); -#endif - - if (!gflg) - user_gid = def_group; - - if (!sflg) - user_shell = def_shell; -} - -/* - * close_files - close all of the files that were opened - * - * close_files() closes all of the files that were opened for this - * new user. This causes any modified entries to be written out. - */ - -static void -close_files(void) -{ - if (!pw_close()) { - fprintf(stderr, _("%s: cannot rewrite password file\n"), Prog); - fail_exit(E_PW_UPDATE); - } -#ifdef SHADOWPWD - if (is_shadow_pwd && !spw_close()) { - fprintf(stderr, _("%s: cannot rewrite shadow password file\n"), - Prog); - fail_exit(E_PW_UPDATE); - } -#endif - if (do_grp_update) { - if (!gr_close()) { - fprintf(stderr, _("%s: cannot rewrite group file\n"), - Prog); - fail_exit(E_GRP_UPDATE); - } - gr_unlock(); -#ifdef SHADOWGRP - if (is_shadow_grp && !sgr_close()) { - fprintf (stderr, - _("%s: cannot rewrite shadow group file\n"), - Prog); - fail_exit(E_GRP_UPDATE); - } - if (is_shadow_grp) - sgr_unlock(); -#endif - } -#ifdef SHADOWPWD - if (is_shadow_pwd) - spw_unlock(); -#endif - pw_unlock(); -} - -/* - * open_files - lock and open the password files - * - * open_files() opens the two password files. - */ - -static void -open_files(void) -{ - if (!pw_lock()) { - fprintf(stderr, _("%s: unable to lock password file\n"), Prog); - exit(E_PW_UPDATE); - } - if (!pw_open(O_RDWR)) { - fprintf(stderr, _("%s: unable to open password file\n"), Prog); - pw_unlock(); - exit(E_PW_UPDATE); - } -#ifdef SHADOWPWD - if (is_shadow_pwd && !spw_lock()) { - fprintf(stderr, _("%s: cannot lock shadow password file\n"), - Prog); - pw_unlock(); - exit(E_PW_UPDATE); - } - if (is_shadow_pwd && !spw_open(O_RDWR)) { - fprintf(stderr, _("%s: cannot open shadow password file\n"), - Prog); - spw_unlock(); - pw_unlock(); - exit(E_PW_UPDATE); - } -#endif -} - - -static void -faillog_reset(uid_t uid) -{ - struct faillog fl; - int fd; - - fd = open(FAILLOG_FILE, O_RDWR); - if (fd >= 0) { - memzero(&fl, sizeof(fl)); - lseek(fd, (off_t) sizeof(fl) * uid, SEEK_SET); - write(fd, &fl, sizeof(fl)); - close(fd); - } -} - -static void -lastlog_reset(uid_t uid) -{ - struct lastlog ll; - int fd; - - fd = open(LASTLOG_FILE, O_RDWR); - if (fd >= 0) { - memzero(&ll, sizeof(ll)); - lseek(fd, (off_t) sizeof(ll) * uid, SEEK_SET); - write(fd, &ll, sizeof(ll)); - close(fd); - } -} - -/* - * usr_update - create the user entries - * - * usr_update() creates the password file entries for this user - * and will update the group entries if required. - */ - -static void -usr_update(void) -{ - struct passwd pwent; -#ifdef SHADOWPWD - struct spwd spent; -#endif - - if (! oflg) - find_new_uid (); - -#ifdef AUTH_METHODS - if (Aflg) { - convert_auth(user_auth, auth_arg); - user_pass = user_auth; - } -#endif - - /* - * Fill in the password structure with any new fields, making - * copies of strings. - */ - - new_pwent (&pwent); -#ifdef SHADOWPWD - new_spent (&spent); -#endif - - /* - * Create a syslog entry. We need to do this now in case anything - * happens so we know what we were trying to accomplish. - */ - -#ifdef AUTH_METHODS - SYSLOG((LOG_INFO, - "new user: name=%s, uid=%d, gid=%d, home=%s, shell=%s, auth=%s\n", - user_name, user_id, user_gid, user_home, user_shell, - Aflg ? auth_arg : "DEFAULT")); -#else - SYSLOG((LOG_INFO, - "new user: name=%s, uid=%d, gid=%d, home=%s, shell=%s\n", - user_name, user_id, user_gid, user_home, user_shell)); -#endif - -#ifdef AUTH_METHODS - /* - * Attempt to add the new user to any authentication programs - * which have been requested. Since this is more likely to fail - * than the update of the password file, we do this first. - */ - - if (Aflg && pw_auth(user_auth, pwent.pw_name, PW_ADD, (char *) 0)) { - fprintf(stderr, _("%s: error adding authentication method\n"), - Prog); - fail_exit(E_PW_UPDATE); /* XXX */ - } -#endif /* AUTH_METHODS */ - - /* - * Initialize faillog and lastlog entries for this UID in case - * it belongs to a previously deleted user. We do it only if - * no user with this UID exists yet (entries for shared UIDs - * are left unchanged). --marekm - */ - - if (!getpwuid(user_id)) { - faillog_reset(user_id); - lastlog_reset(user_id); - } - - /* - * Put the new (struct passwd) in the table. - */ - - if (! pw_update (&pwent)) { - fprintf(stderr, _("%s: error adding new password entry\n"), - Prog); - exit(E_PW_UPDATE); - } - -#ifdef NDBM - /* - * Update the DBM files. This creates the user before the flat - * files are updated. This is safe before the password field is - * either locked, or set to a valid authentication string. - */ - - if (pw_dbm_present()) { - if (!pw_dbm_update(&pwent)) { - fprintf(stderr, - _("%s: error updating password dbm entry\n"), - Prog); - exit(E_PW_UPDATE); - } else - pw_dbm_added = 1; - } - endpwent(); -#endif - -#ifdef SHADOWPWD - /* - * Put the new (struct spwd) in the table. - */ - - if (is_shadow_pwd && !spw_update(&spent)) { - fprintf(stderr, - _("%s: error adding new shadow password entry\n"), - Prog); - exit(E_PW_UPDATE); - } - -#ifdef NDBM - /* - * Update the DBM files for the shadow password. This entry is - * output before the entry in the flat file, but this is safe as - * the password is locked or the authentication string has the - * proper values. - */ - - if (is_shadow_pwd && sp_dbm_present()) { - if (!sp_dbm_update(&spent)) { - fprintf(stderr, - _("%s: error updating shadow passwd dbm entry\n"), - Prog); - fail_exit(E_PW_UPDATE); - } else - sp_dbm_added++; - endspent(); - } -#endif -#endif /* SHADOWPWD */ - - /* - * Do any group file updates for this user. - */ - - if (do_grp_update) - grp_update(); -} - -/* - * create_home - create the user's home directory - * - * create_home() creates the user's home directory if it does not - * already exist. It will be created mode 755 owned by the user - * with the user's default group. - */ - -static void -create_home(void) -{ - if (access(user_home, F_OK)) { - /* XXX - create missing parent directories. --marekm */ - if (mkdir (user_home, 0)) { - fprintf(stderr, _("%s: cannot create directory %s\n"), - Prog, user_home); - fail_exit(E_HOMEDIR); - } - chown (user_home, user_id, user_gid); -#if 1 - chmod(user_home, 0777 & ~getdef_num("UMASK", 077)); -#else - chmod (user_home, 0755); -#endif - home_added++; - } -} - -#ifdef USE_PAM -static struct pam_conv conv = { - misc_conv, - NULL -}; -#endif /* USE_PAM */ - -/* - * main - useradd command - */ - -int -main(int argc, char **argv) -{ -#ifdef USE_PAM - pam_handle_t *pamh = NULL; - struct passwd *pampw; - int retval; -#endif - /* - * Get my name so that I can use it to report errors. - */ - - Prog = Basename(argv[0]); - - setlocale(LC_ALL, ""); - bindtextdomain(PACKAGE, LOCALEDIR); - textdomain(PACKAGE); - -#ifdef USE_PAM - retval = PAM_SUCCESS; - - pampw = getpwuid(getuid()); - if (pampw == NULL) { - retval = PAM_USER_UNKNOWN; - } - - if (retval == PAM_SUCCESS) { - retval = pam_start("useradd", pampw->pw_name, &conv, &pamh); - } - - if (retval == PAM_SUCCESS) { - retval = pam_authenticate(pamh, 0); - if (retval != PAM_SUCCESS) { - pam_end(pamh, retval); - } - } - - if (retval == PAM_SUCCESS) { - retval = pam_acct_mgmt(pamh, 0); - if (retval != PAM_SUCCESS) { - pam_end(pamh, retval); - } - } - - if (retval != PAM_SUCCESS) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); - exit (1); - } -#endif /* USE_PAM */ - - OPENLOG(Prog); - -#ifdef SHADOWPWD - is_shadow_pwd = spw_file_present(); -#endif -#ifdef SHADOWGRP - is_shadow_grp = sgr_file_present(); -#endif - - /* - * The open routines for the NDBM files don't use read-write - * as the mode, so we have to clue them in. - */ - -#ifdef NDBM - pw_dbm_mode = O_RDWR; -#ifdef SHADOWPWD - sp_dbm_mode = O_RDWR; -#endif - gr_dbm_mode = O_RDWR; -#ifdef SHADOWGRP - sg_dbm_mode = O_RDWR; -#endif -#endif - get_defaults(); - - process_flags(argc, argv); - - /* - * See if we are messing with the defaults file, or creating - * a new user. - */ - - if (Dflg) { - if (gflg || bflg || fflg || eflg || sflg) - exit (set_defaults () ? 1:0); - - show_defaults(); - exit(E_SUCCESS); - } - - /* - * Start with a quick check to see if the user exists. - */ - - if (getpwnam(user_name)) { - fprintf(stderr, _("%s: user %s exists\n"), Prog, user_name); - exit(E_NAME_IN_USE); - } - - /* - * Don't blindly overwrite a group when a user is added... - * If you already have a group username, and want to add the user - * to that group, use useradd -g username username. - * --bero - */ - if (!gflg) { - if (getgrnam(user_name)) { - fprintf(stderr, _("%s: group %s exists - if you want to add this user to that group, use -g.\n"), Prog, user_name); - exit(E_NAME_IN_USE); - } - } - - /* - * Do the hard stuff - open the files, create the user entries, - * create the home directory, then close and update the files. - */ - - open_files (); - - usr_update (); - - if (mflg) { - create_home (); - copy_tree (def_template, user_home, user_id, user_gid); - } else if (getdef_str("CREATE_HOME")) { - /* - * RedHat added the CREATE_HOME option in login.defs in their - * version of shadow-utils (which makes -m the default, with - * new -M option to turn it off). Unfortunately, this - * changes the way useradd works (it can be run by scripts - * expecting some standard behaviour), compared to other - * Unices and other Linux distributions, and also adds a lot - * of confusion :-(. - * So we now recognize CREATE_HOME and give a warning here - * (better than "configuration error ... notify administrator" - * errors in every program that reads /etc/login.defs). -MM - */ - fprintf(stderr, - _("%s: warning: CREATE_HOME not supported, please use -m instead.\n"), - Prog); - } - - close_files (); - -#ifdef USE_PAM - if (retval == PAM_SUCCESS) { - retval = pam_chauthtok(pamh, 0); - if (retval != PAM_SUCCESS) { - pam_end(pamh, retval); - } - } - - if (retval != PAM_SUCCESS) { - fprintf (stderr, _("%s: PAM chauthtok failed\n"), Prog); - exit (1); - } - - if (retval == PAM_SUCCESS) - pam_end(pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - - exit(E_SUCCESS); - /*NOTREACHED*/ -} diff --git a/sys-apps/shadow/files/useradd.diff b/sys-apps/shadow/files/useradd.diff deleted file mode 100644 index dd110bf064af..000000000000 --- a/sys-apps/shadow/files/useradd.diff +++ /dev/null @@ -1,42 +0,0 @@ ---- useradd.c.orig Thu Jan 18 16:41:33 2001 -+++ useradd.c Thu Jan 18 16:41:33 2001 -@@ -30,7 +30,7 @@ - #include <config.h> - - #include "rcsid.h" --RCSID(PKG_VER "$Id: useradd.diff,v 1.1 2001/01/18 18:31:53 achim Exp $") -+RCSID(PKG_VER "$Id: useradd.diff,v 1.1 2001/01/18 18:31:53 achim Exp $") - - #include "prototypes.h" - #include "defines.h" -@@ -471,7 +471,11 @@ - * Create a temporary file to copy the new output to. - */ - -+#ifdef HAVE_MKSTEMP -+ mkstemp (new_file); -+#else - mktemp (new_file); -+#endif - if (!(ofp = fopen (new_file, "w"))) { - fprintf(stderr, _("%s: cannot create new defaults file\n"), - Prog); -@@ -1686,7 +1690,7 @@ - } - - if (retval == PAM_SUCCESS) { -- retval = pam_start("shadow", pampw->pw_name, &conv, &pamh); -+ retval = pam_start("useradd", pampw->pw_name, &conv, &pamh); - } - - if (retval == PAM_SUCCESS) { -@@ -1765,7 +1769,7 @@ - * to that group, use useradd -g username username. - * --bero - */ -- if (! (nflg || gflg)) { -+ if (!gflg) { - if (getgrnam(user_name)) { - fprintf(stderr, _("%s: group %s exists - if you want to add this user to that group, use -g.\n"), Prog, user_name); - exit(E_NAME_IN_USE); - |