2 * Copyright (c) 1987 Regents of the University of California.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Updated Thu Oct 12 09:56:55 1995 by faith@cs.unc.edu with security
34 * patches from Zefram <A.Main@dcs.warwick.ac.uk>
36 * Updated Thu Nov 9 21:58:53 1995 by Martin Schulze
37 * <joey@finlandia.infodrom.north.de>. Support for vigr.
39 * Martin Schulze's patches adapted to Util-Linux by Nicolai Langfeldt.
41 * 1999-02-22 Arkadiusz Mi¶kiewicz <misiek@pld.ORG.PL>
42 * - added Native Language Support
43 * Sun Mar 21 1999 - Arnaldo Carvalho de Melo <acme@conectiva.com.br>
44 * - fixed strerr(errno) in gettext calls
47 static char version_string[] = "vipw 1.4";
49 #include <sys/types.h>
55 #include <sys/param.h>
58 #include <sys/resource.h>
71 #ifdef HAVE_LIBSELINUX
72 #include <selinux/selinux.h>
75 #define FILENAMELEN 67
80 char orig_file[FILENAMELEN]; /* original file /etc/passwd or /etc/group */
81 char tmp_file[FILENAMELEN]; /* tmp file */
82 char tmptmp_file[FILENAMELEN]; /* very tmp file */
84 void pw_error __P((char *, int, int));
87 copyfile(int from, int to) {
91 while ((nr = read(from, buf, sizeof(buf))) > 0)
92 for (off = 0; off < nr; nr -= nw, off += nw)
93 if ((nw = write(to, buf + off, nr)) < 0)
94 pw_error(tmp_file, 1, 1);
97 pw_error(orig_file, 1, 1);
105 /* Unlimited resource limits. */
106 rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
107 (void)setrlimit(RLIMIT_CPU, &rlim);
108 (void)setrlimit(RLIMIT_FSIZE, &rlim);
109 (void)setrlimit(RLIMIT_STACK, &rlim);
110 (void)setrlimit(RLIMIT_DATA, &rlim);
111 (void)setrlimit(RLIMIT_RSS, &rlim);
113 /* Don't drop core (not really necessary, but GP's). */
114 rlim.rlim_cur = rlim.rlim_max = 0;
115 (void)setrlimit(RLIMIT_CORE, &rlim);
117 /* Turn off signals. */
118 (void)signal(SIGALRM, SIG_IGN);
119 (void)signal(SIGHUP, SIG_IGN);
120 (void)signal(SIGINT, SIG_IGN);
121 (void)signal(SIGPIPE, SIG_IGN);
122 (void)signal(SIGQUIT, SIG_IGN);
123 (void)signal(SIGTERM, SIG_IGN);
124 (void)signal(SIGTSTP, SIG_IGN);
125 (void)signal(SIGTTOU, SIG_IGN);
127 /* Create with exact permissions. */
136 * If the password file doesn't exist, the system is hosed.
137 * Might as well try to build one. Set the close-on-exec bit so
138 * that users can't get at the encrypted passwords while editing.
139 * Open should allow flock'ing the file; see 4.4BSD. XXX
141 #if 0 /* flock()ing is superfluous here, with the ptmp/ptmptmp system. */
142 if (flock(lockfd, LOCK_EX|LOCK_NB)) {
144 fprintf(stderr, _("%s: the password file is busy.\n"),
147 fprintf(stderr, _("%s: the group file is busy.\n"),
153 if ((fd = open(tmptmp_file, O_WRONLY|O_CREAT, 0600)) == -1)
154 err(EXIT_FAILURE, _("%s: open failed"), tmptmp_file);
156 ret = link(tmptmp_file, tmp_file);
157 (void)unlink(tmptmp_file);
160 (void)fprintf(stderr,
161 _("%s: the %s file is busy (%s present)\n"),
163 program == VIPW ? "password" : "group",
167 (void)fprintf(stderr, _("%s: can't link %s: %s\n"), progname,
168 tmp_file, strerror(errsv));
173 lockfd = open(orig_file, O_RDONLY, 0);
176 (void)fprintf(stderr, "%s: %s: %s\n",
177 progname, orig_file, strerror(errno));
182 copyfile(lockfd, fd);
190 char tmp[FILENAMELEN+4];
192 sprintf(tmp, "%s%s", orig_file, ".OLD");
195 if (link(orig_file, tmp))
196 warn(_("%s: create a link to %s failed"), orig_file, tmp);
198 #ifdef HAVE_LIBSELINUX
199 if (is_selinux_enabled() > 0) {
200 security_context_t passwd_context=NULL;
202 if (getfilecon(orig_file,&passwd_context) < 0) {
203 (void) fprintf(stderr,_("%s: Can't get context for %s"),progname,orig_file);
204 pw_error(orig_file, 1, 1);
206 ret=setfilecon(tmp_file,passwd_context);
207 freecon(passwd_context);
209 (void) fprintf(stderr,_("%s: Can't set context for %s"),progname,tmp_file);
210 pw_error(tmp_file, 1, 1);
215 if (rename(tmp_file, orig_file) == -1) {
218 _("%s: can't unlock %s: %s (your changes are still in %s)\n"),
219 progname, orig_file, strerror(errsv), tmp_file);
227 pw_edit(int notsetuid) {
232 if (!(editor = getenv("EDITOR")))
233 editor = strdup(_PATH_VI); /* adia@egnatia.ee.auth.gr */
234 if ((p = strrchr(strtok(editor," \t"), '/')) != NULL)
241 err(EXIT_FAILURE, _("fork failed"));
245 (void)setgid(getgid());
246 (void)setuid(getuid());
248 execlp(editor, p, tmp_file, NULL);
250 /* Shouldn't get here */
254 pid = waitpid(pid, &pstat, WUNTRACED);
255 if (WIFSTOPPED(pstat)) {
256 /* the editor suspended, so suspend us as well */
257 kill(getpid(), SIGSTOP);
263 if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0)
264 pw_error(editor, 1, 1);
268 pw_error(char *name, int err, int eval) {
272 fprintf(stderr, "%s: ", progname);
274 (void)fprintf(stderr, "%s: ", name);
275 fprintf(stderr, "%s\n", strerror(sverrno));
278 _("%s: %s unchanged\n"), progname, orig_file);
284 edit_file(int is_shadow)
286 struct stat begin, end;
291 if (stat(tmp_file, &begin))
292 pw_error(tmp_file, 1, 1);
296 if (stat(tmp_file, &end))
297 pw_error(tmp_file, 1, 1);
298 if (begin.st_mtime == end.st_mtime) {
299 (void)fprintf(stderr, _("%s: no changes made\n"), progname);
300 pw_error((char *)NULL, 0, 0);
302 /* see pw_lock() where we create the file with mode 600 */
304 chmod(tmp_file, 0644);
306 chmod(tmp_file, 0400);
310 int main(int argc, char *argv[]) {
312 setlocale(LC_ALL, "");
313 bindtextdomain(PACKAGE, LOCALEDIR);
316 memset(tmp_file, '\0', FILENAMELEN);
317 progname = (strrchr(argv[0], '/')) ? strrchr(argv[0], '/') + 1 : argv[0];
318 if (!strcmp(progname, "vigr")) {
320 xstrncpy(orig_file, GROUP_FILE, sizeof(orig_file));
321 xstrncpy(tmp_file, GTMP_FILE, sizeof(tmp_file));
322 xstrncpy(tmptmp_file, GTMPTMP_FILE, sizeof(tmptmp_file));
325 xstrncpy(orig_file, PASSWD_FILE, sizeof(orig_file));
326 xstrncpy(tmp_file, PTMP_FILE, sizeof(tmp_file));
327 xstrncpy(tmptmp_file, PTMPTMP_FILE, sizeof(tmptmp_file));
331 (!strcmp(argv[1], "-V") || !strcmp(argv[1], "--version"))) {
332 printf("%s\n", version_string);
338 if (program == VIGR) {
339 strncpy(orig_file, SGROUP_FILE, FILENAMELEN-1);
340 strncpy(tmp_file, SGTMP_FILE, FILENAMELEN-1);
341 strncpy(tmptmp_file, SGTMPTMP_FILE, FILENAMELEN-1);
343 strncpy(orig_file, SHADOW_FILE, FILENAMELEN-1);
344 strncpy(tmp_file, SPTMP_FILE, FILENAMELEN-1);
345 strncpy(tmptmp_file, SPTMPTMP_FILE, FILENAMELEN-1);
348 if (access(orig_file, F_OK) == 0) {
351 printf((program == VIGR)
352 ? _("You are using shadow groups on this system.\n")
353 : _("You are using shadow passwords on this system.\n"));
354 printf(_("Would you like to edit %s now [y/n]? "), orig_file);
357 if (fgets(response, sizeof(response), stdin)) {
358 if (response[0] == 'y' || response[0] == 'Y')