chfn.c

pwdutils是一套密码管理工具

      switch (c)
        {
	case 'f':
	  if (!may_change_field ('f'))
	    {
	      fprintf (stderr, _("%s: Permission denied.\n"), program);
	      return 1;
	    }
	  new.fullname = locale_to_utf8 (optarg);
	  interactive = 0;
	  break;
	case 'r':
	case 'o':
	case 'm':
	  /* This four have all a different meaning, depending on
	     SHADOW_CHFN. In result we check for office/room, misc
	  field and service switch.  */
	  if ((shadow_chfn && c == 'o') ||
	      (!shadow_chfn && c == 'm'))
	    {
	      /* -o other or -m other  */
	      if (getuid() != 0)
		{
		  fprintf (stderr, _("%s: Permission denied.\n"), program);
		  return 1;
		}
	      new.other = locale_to_utf8 (optarg);
	      interactive = 0;
	    }
	  else if ((shadow_chfn && c == 'r') ||
		   (!shadow_chfn && c == 'o'))
	    {
	      /* shadow chfn has "-r room" else "-o office"  */
	      if (!may_change_field ('r'))
		{
		  fprintf (stderr, _("%s: Permission denied.\n"), program);
		  return 1;
		}
	      new.roomno = locale_to_utf8 (optarg);
	      interactive = 0;
	    }
	  break;
	case '\254':
	  if (use_service != NULL)
	    {
	      if (shadow_chfn)
		print_usage_shadow (stderr, program);
	      else
		print_usage_util (stderr, program);
	      return 1;
	    }

	  if (strcasecmp (optarg, "yp") == 0 ||
	      strcasecmp (optarg, "nis") == 0)
	    use_service = "nis";
	  else if (strcasecmp (optarg, "nis+") == 0 ||
		   strcasecmp (optarg, "nisplus") == 0)
	    use_service = "nisplus";
	  else if (strcasecmp (optarg, "files") == 0)
	    use_service = "files";
#ifdef USE_LDAP
	  else if (strcasecmp (optarg, "ldap") == 0)
	    use_service = "ldap";
#endif
	  else
	    {
	      fprintf (stderr,
		       _("Service `%s' not supported.\n"), optarg);
	      if (shadow_chfn)
		print_usage_shadow (stderr, program);
	      else
		print_usage_util (stderr, program);
	      return 1;
	    }
	  break;
	case 'w':
	case 'p':
	  if (!may_change_field ('w'))
	    {
	      fprintf (stderr, _("%s: Permission denied.\n"), program);
	      return 1;
	    }
	  new.work_phone = locale_to_utf8 (optarg);
	  interactive = 0;
	  break;
	case 'h':
	  if (!may_change_field ('h'))
	    {
	      fprintf (stderr, _("%s: Permission denied.\n"), program);
	      return 1;
	    }
	  new.home_phone = locale_to_utf8 (optarg);
	  interactive = 0;
	  break;
	case 'q':
	  silent = 1;
	  break;
#ifdef USE_LDAP
        case 'D':
          binddn = optarg;
          break;
#endif
        case 'P':
          if (uid != 0)
            {
              fprintf (stderr,
                       _("Only root is allowed to specify another path\n"));
              return E_NOPERM;
            }
          else
            files_etc_dir = strdup (optarg);
          break;
        case '\255':
	  if (shadow_chfn)
	    print_help_shadow (program);
	  else
	    print_help_util (program);
          return 0;
        case 'v':
          print_version (program, "2005");
          return 0;
        case 'u':
	  if (shadow_chfn)
	    print_usage_shadow (stdout, program);
	  else
	    print_usage_util (stdout, program);
          return 0;
        default:
          print_error (program);
          return 1;
        }
    }

  argc -= optind;
  argv += optind;

  if (argc > 1)
    {
      fprintf (stderr, _("%s: Too many arguments.\n"), program);
      print_error (program);
      return 1;
    }

  {
    int buflen = 256;
    char *buffer = alloca (buflen);
    struct passwd resultbuf;
    struct passwd *pw;

    /* Determine our own user name for authentication.  */
    while (getpwuid_r (uid, &resultbuf, buffer, buflen, &pw) != 0
	   && errno == ERANGE)
      {
	errno = 0;
	buflen += 256;
	buffer = alloca (buflen);
      }
      if (!pw)
	{
	  fprintf (stderr, _("%s: Cannot determine your user name.\n"),
		   program);
	  return 1;
	}

      caller_name = strdupa (pw->pw_name);

      /* We change the passwd information for another user, get that
	 data, too.  */
      if (argc == 1)
	{
	  char *user = locale_to_utf8 (argv[0]);

	  while (getpwnam_r (user, &resultbuf, buffer, buflen, &pw) != 0
		 && errno == ERANGE)
	    {
	      errno = 0;
	      buflen += 256;
	      buffer = alloca (buflen);
	    }
	  free (user);

	  if (!pw)
	    {
	      fprintf (stderr, _("%s: Unknown user `%s'.\n"),
		       program, argv[0]);
	      return 1;
	    }
	}

      pw_data = do_getpwnam (pw->pw_name, use_service);
      if (pw_data == NULL || pw_data->service == S_NONE)
	{
	  if (use_service)
	    fprintf (stderr,
		     _("%s: User `%s' is not known to service `%s'.\n"),
		     program, utf8_to_locale (pw->pw_name), use_service);
	  else
	    fprintf (stderr, _("%s: Unknown user `%s'.\n"), program,
		     utf8_to_locale (pw->pw_name));
	  return 1;
	}

      locale_name = utf8_to_locale (pw_data->pw.pw_name);
  }

#ifdef WITH_SELINUX
  if (is_selinux_enabled () > 0)
    {
      if ((uid == 0) &&
          (selinux_check_access (pw_data->pw.pw_name, PASSWD__CHFN) != 0))
        {
          security_context_t user_context;
          if (getprevcon (&user_context) < 0)
            user_context =
              (security_context_t) strdup (_("Unknown user context"));
	  fprintf (stderr,
		   _("%s: %s is not authorized to change the finger information for %s.\n"),
		   program, user_context, locale_name);
	  if (security_getenforce() > 0)
	    {
	      syslog (LOG_ALERT,
		      "%s is not authorized to change the finger information for %s",
		      user_context, pw_data->pw.pw_name);
	      freecon (user_context);
	      return E_NOPERM;
	    }
	  else
	    {
	      fprintf (stderr,
		       _("SELinux is in permissive mode, continuing.\n"));
	      freecon (user_context);
	    }
	}
    }
#endif

  /* Only root is allowed to change the gecos field for local users. */
  if (uid && uid != pw_data->pw.pw_uid &&
      (pw_data->service == S_LOCAL
#ifdef USE_LDAP
       || (pw_data->service == S_LDAP && binddn == NULL)
#endif
       ))
    {
      syslog (LOG_ERR, "%u cannot change finger information for `%s'",
	      uid, pw_data->pw.pw_name);
      fprintf (stderr,
	       _("You cannot change the finger information for `%s'.\n"),
	       locale_name);
      free_user_t (pw_data);
      return 1;
    }

  if (!silent)
    printf (_("Changing finger information for %s.\n"), locale_name);

  if (getlogindefs_bool ("CHFN_AUTH", 1) || pw_data->service != S_LOCAL)
    {
#ifdef USE_LDAP
      if (binddn && pw_data->service == S_LDAP)
	pw_data->oldclearpwd = strdup (get_ldap_password (binddn));
      else
#endif /* USE_LDAP */
	if (do_authentication (program, caller_name, pw_data) != 0)
	  {
	    free_user_t (pw_data);
	    return 1;
	  }
      if (pw_data->service != S_LOCAL && get_old_clear_password (pw_data) != 0)
	return 1;
    }

  {
    fn_info old;
    int len;

    memset (&old, 0, sizeof (old));

    parse_passwd (pw_data->pw.pw_gecos, &old);
    if (interactive)
      get_fields (&old, &new);

    if (!new.fullname)
      new.fullname = strdup (old.fullname ?:"");
    if (check_field (program, new.fullname, ":,=") != 0)
      {
	fprintf (stderr, _("%s: Invalid name: `%s'\n"), program,
		 utf8_to_locale (new.fullname));
	return 1;
      }
    if (!new.roomno)
      new.roomno = strdup (old.roomno ?:"");
    if (check_field (program, new.roomno, ":,=") != 0)
      {
	fprintf (stderr, _("%s: Invalid room number: `%s'\n"), program,
		 utf8_to_locale (new.roomno));
	return 1;
      }
    if (!new.work_phone)
      new.work_phone = strdup (old.work_phone ?:"");
    if (check_field (program, new.work_phone, ":,=") != 0)
      {
	fprintf (stderr, _("%s: Invalid work phone: `%s'\n"), program,
		 utf8_to_locale (new.work_phone));
	return 1;
      }
    if (!new.home_phone)
      new.home_phone = strdup (old.home_phone ?:"");
    if (check_field (program, new.work_phone, ":,=") != 0)
      {
	fprintf (stderr, _("%s: Invalid home phone: `%s'\n"), program,
		 utf8_to_locale (new.home_phone));
	return 1;
      }
    if (!new.other)
      new.other = strdup (old.other ?:"");
    if (check_field (program, new.other, ":") != 0)
      {
	fprintf (stderr, _("%s: `%s' contains illegal characters.\n"),
		 program, utf8_to_locale (new.other));
	return 1;
      }

    /* create the new gecos string */
    len = (strlen (new.fullname) + strlen (new.roomno) +
           strlen (new.work_phone) + strlen (new.home_phone) +
           strlen (new.other) + 4);
    new_gecos = (char *)malloc (len + 1);
    sprintf (new_gecos, "%s,%s,%s,%s,%s", new.fullname, new.roomno,
             new.work_phone, new.home_phone, new.other);

    /* remove trailing empty fields (but not subfields of new.other) */
    if (new.other[0] == '\0')
      {
	while (len > 0 && new_gecos[len-1] == ',')
	  len--;
	new_gecos[len] = 0;
      }
  }

  /* we don't need to change the gecos field if here is no change */
  if (strcmp (pw_data->pw.pw_gecos, new_gecos) == 0)
    {
      if (!silent)
	printf (_("Finger information not changed.\n"));
      return 0;
    }

  pw_data->new_gecos = new_gecos;

  if (write_user_data (pw_data, 0) != 0)
    {
      fprintf (stderr, _("Error while changing finger information.\n"));
      free_user_t (pw_data);
      return 1;
    }
  else
    {
#ifdef HAVE_NSCD_FLUSH_CACHE
      nscd_flush_cache ("passwd");
#endif
      if (!silent)
	printf (_("Finger information changed.\n"));
    }

  free_user_t (pw_data);

  return 0;
}