userdel.c

pwdutils是一套密码管理工具

		       gr_data->gr.gr_gid, getuid ())
	    }

	  item = item->next;
	}

      free_group_t (gr_data);
    }

  return retval;
}

/* XXX */
void
init_environment (void)
{
  struct rlimit rlim;

  /* Don't create a core file.  */
  rlim.rlim_cur = rlim.rlim_max = 0;
  setrlimit (RLIMIT_CORE, &rlim);

  /* Set all limits to unlimited to avoid to run in any
     problems later.  */
  rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
  setrlimit (RLIMIT_AS, &rlim);
  setrlimit (RLIMIT_CPU, &rlim);
  setrlimit (RLIMIT_DATA, &rlim);
  setrlimit (RLIMIT_FSIZE, &rlim);
  setrlimit (RLIMIT_NOFILE, &rlim);
  setrlimit (RLIMIT_RSS, &rlim);
  setrlimit (RLIMIT_STACK, &rlim);

  /* Ignore all signals which can make trouble later.  */
  signal (SIGALRM, SIG_IGN);
  signal (SIGXFSZ, SIG_IGN);
  signal (SIGHUP, SIG_IGN);
  /* signal (SIGINT, SIG_IGN); */
  signal (SIGPIPE, SIG_IGN);
  /* signal (SIGQUIT, SIG_IGN); */
  /* signal (SIGTERM, SIG_IGN); */
  signal (SIGTSTP, SIG_IGN);
  signal (SIGTTOU, SIG_IGN);

  umask (077);
}

int
main (int argc, char **argv)
{
  char *use_service = NULL;
#ifdef USE_LDAP
  char *binddn = NULL;
#endif
  char *remove_user;
  int have_extrapath = 0;
  int remove_flag = 0;
  int force_removal = 0;
  user_t *pw_data;
  int retval = E_SUCCESS;
  int i;

  setlocale (LC_ALL, "");
  bindtextdomain (PACKAGE, LOCALEDIR);
  textdomain (PACKAGE);

  open_sec_log (program);

  /* Before going any further, raise the ulimit and ignore
     signals.  */

  init_environment ();

  while (1)
    {
      int c;
      int option_index = 0;

      c = getopt_long (argc, argv, short_options,
		       long_options, &option_index);
      if (c == (-1))
	break;
      switch (c)
	{
#ifdef USE_LDAP
	case 'D':
	  binddn = optarg;
	  break;
#endif
	case 'f':
	  force_removal = 1;
	  break;
	case 'P':
	  files_etc_dir = strdup (optarg);
	  have_extrapath = 1;
	  /* If -P option is used, set service to "files" if not already
	     set through an option. If we don't limitate to service files,
	     we can get trouble finding the right source.  */
	  if (!use_service)
	    use_service = "files";
	  break;
	case 'r':
	  remove_flag = 1;
	  break;
	case '\253':
	  if (use_service != NULL)
            {
              print_usage (stderr, program);
              return E_BAD_ARG;
            }

          if (strcasecmp (optarg, "files") == 0)
            use_service = "files";
#ifdef USE_LDAP
          else if (strcasecmp (optarg, "ldap") == 0)
            use_service = "ldap";
#endif
          else
            {
              fprintf (stderr, _("Service `%s' not supported.\n"), optarg);
              print_usage (stderr, program);
              return E_BAD_ARG;
            }
	  break;
	case '\255':
	  print_help (program);
	  return 0;
	case 'u':
	  print_usage (stdout, program);
	  return 0;
	case 'v':
	  print_version (program, "2005");
	  return 0;
	default:
	  print_error (program);
	  return E_USAGE;
	}
    }

  argc -= optind;
  argv += optind;

  if (argc > 1)
    {
      fprintf (stderr, _("%s: Too many arguments.\n"), program);
      print_error (program);
      return E_USAGE;
    }
  else if (argc == 0)
    {
      fprintf (stderr, _("%s: Too few arguments.\n"), program);
      print_error (program);
      return E_USAGE;
    }
  else
    {
      int buflen = 256;
      char *buffer = alloca (buflen);
      struct passwd resultbuf;
      struct passwd *pw;

      /* Determine our own user name for PAM authentication.  */
      while (getpwuid_r (getuid (), &resultbuf, buffer, buflen, &pw) != 0
	     && errno == ERANGE)
	{
	  errno = 0;
	  buflen += 256;
	  buffer = alloca (buflen);
	}

      if (!pw)
	{
	  fprintf (stderr, _("%s: Cannot determine your user name.\n"),
		   program);
	  return E_UNKNOWN_USER;
	}

      if (do_authentication ("shadow", pw->pw_name, NULL) != 0)
	{
	  sec_log (program, MSG_PERMISSION_DENIED, pw->pw_name,
                   pw->pw_uid, getuid ());
	  return E_NOPERM;
	}
    }

  remove_user = argv[0];

  pw_data = do_getpwnam (remove_user, use_service);
  if (pw_data == NULL || pw_data->service == S_NONE)
    {
      sec_log (program, MSG_UNKNOWN_USER, remove_user, getuid ());
      if (use_service)
	fprintf (stderr, _("%s: User `%s' is not known to service `%s'.\n"),
		 program, remove_user, use_service);
      else
	fprintf (stderr, _("%s: Unknown user `%s'.\n"), program,
		 remove_user);
      return E_UNKNOWN_USER;
    }

  if (is_logged_in (remove_user))
    {
      fprintf (stderr, _("%s: account `%s' is currently in use.\n"),
	       program, remove_user);
      return E_USER_BUSY;
    }

#ifdef USE_LDAP
  if (binddn)
    {
      pw_data->binddn = strdup (binddn);
      if (pw_data->service == S_LDAP)
	{
	  char *cp = get_ldap_password (binddn);
	  if (cp)
	    pw_data->oldclearpwd = strdup (cp);
	}
    }
#endif

  i = call_script ("USERDEL_PRECMD", pw_data->pw.pw_name, pw_data->pw.pw_uid,
		   pw_data->pw.pw_gid, pw_data->pw.pw_dir, program);
  if (i != 0)
    {
      fprintf (stderr, _("%s: USERDEL_PRECMD fails with exit code %d.\n"),
	       program, i);
      return E_FAILURE;
    }

  /* Lock passwd file, so that a concurrent useradd process will not
     add the user a second time or a second user with the same uid.  */
  if (pw_data->service == S_LOCAL && lock_database () != 0)
    {
      sec_log (program, MSG_PASSWD_FILE_ALREADY_LOCKED);
      fputs (_("Cannot lock password file: already locked.\n"), stderr);
      return E_PWDBUSY;
    }

  if (remove_flag)
    {
      char *cp;
      int ret;

      if (asprintf (&cp, "%s/%s", _PATH_MAILDIR, pw_data->pw.pw_name) < 1)
	return E_FAILURE;

      /* Remove the mail file only if owned by user or -f was given.  */
      ret = is_owned_by (cp, pw_data->pw.pw_uid);
      if (ret == 0 && !force_removal)
	{
	  sec_log (program, MSG_NOT_OWNED_BY_USER,
		   cp, pw_data->pw.pw_name, pw_data->pw.pw_uid, getuid ());
	  fprintf (stderr, _("%s: `%s' is not owned by `%s', not removed.\n"),
		   program, cp, pw_data->pw.pw_name);
	}
      else if (ret == 1 || (ret == 0 && force_removal))
	{
	  if (unlink (cp) == -1)
	    fprintf (stderr, _("%s: warning: can't remove `%s': %s"),
		     program, cp, strerror (errno));
	}

      /* Remove the home directory only, if owned by the user and
	 not used by any other user or -f was given.  */
      ret = is_owned_by (pw_data->pw.pw_dir, pw_data->pw.pw_uid);
      if (ret == 0 && !force_removal)
	{
	  sec_log (program, MSG_NOT_OWNED_BY_USER,
		   pw_data->pw.pw_dir, pw_data->pw.pw_name,
		   pw_data->pw.pw_uid, getuid ());
	  fprintf (stderr, _("%s: `%s' is not owned by `%s', not removed.\n"),
		   program, pw_data->pw.pw_dir, pw_data->pw.pw_name);
	}
      else if (ret == 1 || (ret == 0 && force_removal))
	{
	  if (!in_use_by_other_users (pw_data->pw.pw_dir,
				      pw_data->pw.pw_name,
				      have_extrapath) || force_removal)
	    {
	      if (remove_dir_rec (pw_data->pw.pw_dir) != 0)
		fprintf (stderr, _("%s: warning: can't remove `%s': %s"),
			 program, pw_data->pw.pw_dir, strerror (errno));
	      else
		{
		  sec_log (program, MSG_HOME_DIR_REMOVED,
			   pw_data->pw.pw_name, pw_data->pw.pw_uid,
			   pw_data->pw.pw_dir, getuid ());
		}
	    }
	  else
	    fprintf (stderr, _("%s: directory `%s' not removed.\n"),
		     program, pw_data->pw.pw_dir);
	}
    }

  retval = remove_from_secondary_groups (pw_data, have_extrapath);

  pw_data->todo = DO_DELETE;
  if (write_user_data (pw_data, 1) != 0)
    {
      sec_log (program, MSG_ERROR_REMOVING_USER,
	       pw_data->pw.pw_name, pw_data->pw.pw_uid, getuid ());
      fprintf (stderr, _("%s: error deleting user `%s'.\n"),
	       program, pw_data->pw.pw_name);
      free_user_t (pw_data);
      return E_FAILURE;
    }
  else
    sec_log (program, MSG_USER_DELETED,
	     pw_data->pw.pw_name, pw_data->pw.pw_uid, getuid ());

#ifdef HAVE_NSCD_FLUSH_CACHE
  /* flush NSCD cache to remove user really from the system.  */
  nscd_flush_cache ("passwd");
  nscd_flush_cache ("group");
#endif

  if (pw_data->service == S_LOCAL)
    ulckpwdf ();

  i = call_script ("USERDEL_POSTCMD", pw_data->pw.pw_name, pw_data->pw.pw_uid,
		   pw_data->pw.pw_gid, pw_data->pw.pw_dir, program);
  if (i != 0)
    {
      fprintf (stderr, _("%s: USERDEL_POSTCMD fails with exit code %d.\n"),
	       program, i);
      return E_FAILURE;
    }

  free_user_t (pw_data);

  return retval;
}