chage.c

pwdutils是一套密码管理工具

  if (argc > 1)
    {
      fprintf (stderr, _("%s: Too many arguments.\n"), program);
      print_error (program);
      return E_USAGE;
    }

  if (l_flag && !interactive)
    {
      fprintf (stderr, _("%s: Do not include \"l\" with other flags\n"),
	       program);
      print_usage (stderr, program);
      return E_USAGE;
    }
  else
    {
      int buflen = 256;
      char *buffer = alloca (buflen);
      struct passwd resultbuf;
      struct passwd *pw;
      char *arg_user;

      /* Determine our own user name for authentication.  */
      while (getpwuid_r (uid, &resultbuf, buffer, buflen, &pw) != 0
	     && errno == ERANGE)
	{
	  errno = 0;
	  buflen += 256;
	  buffer = alloca (buflen);
	}

      if (!pw)
	{
	  sec_log (program, MSG_NO_ACCOUNT_FOUND, uid);
	  fprintf (stderr, _("%s: Cannot determine your user name.\n"),
		   program);
	  return E_UNKNOWN_USER;
	}

      caller_name = strdupa (pw->pw_name);

      /* if we show/modify the data for another user, get the data from
	 this one.  */
      if (argc == 1)
	arg_user = locale_to_utf8 (argv[0]);
      else
	arg_user = pw->pw_name;

      pw_data = do_getpwnam (arg_user, use_service);
      if (pw_data == NULL || pw_data->service == S_NONE)
	{
	  if (use_service)
	    fprintf (stderr,
		     _("%s: User `%s' is not known to service `%s'.\n"),
		     program, utf8_to_locale (arg_user), use_service);
	  else
	    fprintf (stderr, _("%s: Unknown user `%s'.\n"), program,
		     utf8_to_locale (arg_user));
	  return E_UNKNOWN_USER;
	}
    }

  if (!l_flag)
    {
      /* Only root is allowed to change aging for local users. */
      if (uid && (pw_data->service == S_LOCAL
#ifdef USE_LDAP
		  || (pw_data->service == S_LDAP && binddn == NULL)
#endif
		  ))
	{
	  sec_log (program, MSG_PERMISSION_DENIED,
		   pw_data->pw.pw_name, pw_data->pw.pw_uid, uid);
	  fprintf (stderr,
		   _("Only an administrator is allowed to change aging information.\n"));
	  free_user_t (pw_data);
	  return E_NOPERM;
	}

      /* If no shadow entry exist for this account, check if we can
	 create them.  */
      if (!pw_data->use_shadow)
	{
	  char shadowfile[strlen (files_etc_dir) + 8];
	  char *cp = stpcpy (shadowfile, files_etc_dir);
	  strcpy (cp, "/shadow");

	  if (access (shadowfile, F_OK) != 0)
	    {
	      fprintf (stderr,
		       _("This system does not support shadow accounts.\n"));
	      return E_MISSING;
	    }
	  else if (pw_data->service != S_LOCAL)
	    {
	      fprintf (stderr,
		       _("This account does not have a shadow entry.\n"));
	      return E_MISSING;
	    }
	  else
	    {
	      /* Initialize data with dummy values. */
	      pw_data->sp.sp_lstchg = -1;
	      pw_data->sp.sp_min = -1;
	      pw_data->sp.sp_max = -1;
	      pw_data->sp.sp_warn = -1;
	      pw_data->sp.sp_inact = -1;
	      pw_data->sp.sp_expire = -1;
	      pw_data->sp.sp_flag = -1;
	    }
	}
    }

#ifdef USE_LDAP
  if (binddn && pw_data->service == S_LDAP)
    pw_data->oldclearpwd = strdup (get_ldap_password (binddn));
  else
#endif /* USE_LDAP */
    if (do_authentication (program, caller_name, pw_data) != 0)
      {
	sec_log (program, MSG_PERMISSION_DENIED,
		 pw_data->pw.pw_name, pw_data->pw.pw_uid, uid);
	free_user_t (pw_data);
	return E_NOPERM;
      }
  /* We don't need to extra ask for a password with "-l" and if the
     password is stored in the local file.  */
    else if (!l_flag && pw_data->service != S_LOCAL)
      if (get_old_clear_password (pw_data) != 0)
	{
	  free_user_t (pw_data);
	  return E_FAILURE;
	}

  if (l_flag)
    {
      if (uid != 0 && pw_data->service != S_LDAP &&
	  strcmp (caller_name, pw_data->pw.pw_name) != 0)
	{
	  sec_log (program, MSG_PERMISSION_DENIED,
		   pw_data->pw.pw_name, pw_data->pw.pw_uid, uid);
	  fprintf (stderr,
		   _("You can only list your own aging information.\n"));
	  return E_NOPERM;
	}

      if (setgid (getgid ()) || setuid (uid))
	{
	  sec_log (program, MSG_DROP_PRIVILEGE_FAILED, errno, uid);
	  fprintf (stderr, _("%s: Failed to drop privileges: %s\n"),
		   program, strerror (errno));
	  return E_FAILURE;
        }

      if (pw_data->use_shadow)
	{
	  sec_log (program, MSG_SHADOW_DATA_PRINTED,
		   pw_data->pw.pw_name, pw_data->pw.pw_uid, uid);
	  print_shadow_info (pw_data);
	}
      else
	fprintf (stdout, _("No aging information available for %s.\n"),
		 utf8_to_locale (pw_data->pw.pw_name));

      return 0;
    }

  /* Caller must be root or he needs to know the binddn and password
     for LDAP administrator.  */
  if (uid != 0
#ifdef USE_LDAP
      && !(binddn && pw_data->service == S_LDAP)
#endif
      )
    return E_USAGE;

  if (interactive)
    {
      int res;

      if (!silent)
	printf (_("Changing aging information for %s.\n"),
		utf8_to_locale (pw_data->pw.pw_name));

      if ((res = change_shadow_info (pw_data)) != 0)
	{
	  if (!silent)
	    printf (_("Aging information not changed.\n"));
	  return E_FAILURE;
	}
    }
  else
    {
      char *cp;
      int error = 0;

      if (mindays)
	if (((pw_data->spn.sp_min = strtol (mindays, &cp, 10)) == 0 && *cp) ||
	    pw_data->spn.sp_min < -1)
	  ++error;

      if (maxdays)
	if (((pw_data->spn.sp_max = strtol (maxdays, &cp, 10)) == 0 && *cp) ||
	    pw_data->spn.sp_max < -1)
	  ++error;

      if (warndays)
	if (((pw_data->spn.sp_warn = strtol (warndays, &cp, 10)) == 0 && *cp)
	    || pw_data->spn.sp_warn < -1)
	  ++error;

      if (inactive)
	if (((pw_data->spn.sp_inact = strtol (inactive, &cp, 10)) == 0 && *cp)
	    || pw_data->spn.sp_inact < -1)
	  ++error;

      if (lastday)
	{
	  if (strcmp (lastday, "1969-12-31") == 0)
	    pw_data->sp.sp_lstchg = -1;
	  else
	    {
	      pw_data->spn.sp_lstchg = str2date (lastday);
	      if (pw_data->spn.sp_lstchg == -1)
		{
		  if (((pw_data->spn.sp_lstchg =
			strtol (lastday, &cp, 10)) == 0 && *cp) ||
		      pw_data->spn.sp_lstchg < -1)
		    {
		      fprintf (stderr,
			_("Lastday is no date and no integer value >= -1\n"));
		      ++error;
		    }
		}
	    }
	}

      if (expiredate)
	{
	  if (strcmp (expiredate, "1969-12-31") == 0)
	    pw_data->spn.sp_expire = -1;
	  else
	    {
	      pw_data->spn.sp_expire = str2date (expiredate);
	      if (pw_data->spn.sp_expire == -1)
		{
		  if (((pw_data->spn.sp_expire =
			strtol (expiredate, &cp, 10)) == 0 && *cp) ||
		      pw_data->spn.sp_expire < -1)
		    {
		      fprintf (stderr, _("Expiredate is no date and no integer value >= -1\n"));
		      ++error;
		    }
		}
	    }
	}
      if (error)
	{
	  if (!silent)
	    fprintf (stderr, _("Error while parsing options.\n"));
	  free_user_t (pw_data);
	  return E_BAD_ARG;
	}
    }

  /* we don't need to change the data if there is no change */
  if (pw_data->sp.sp_min == pw_data->spn.sp_min &&
      pw_data->sp.sp_max == pw_data->spn.sp_max &&
      pw_data->sp.sp_warn == pw_data->spn.sp_warn &&
      pw_data->sp.sp_inact == pw_data->spn.sp_inact &&
      pw_data->sp.sp_lstchg == pw_data->spn.sp_lstchg &&
      pw_data->sp.sp_expire == pw_data->spn.sp_expire)
    {
      if (!silent)
	printf (_("Aging information not changed.\n"));
      return 0;
    }
  else
    {
      pw_data->sp_changed = TRUE;
      pw_data->todo = DO_MODIFY;
    }

#ifdef USE_LDAP
  if (binddn)
    pw_data->binddn = strdup (binddn);
#endif

  /* We have a shadow file, but this user does not have
     a shadow entry. Create one.  */
  if (!pw_data->use_shadow)
    {
      int rc;

      /* Backup original password and replace it with a "x"
	 in local files. Report error*/
      pw_data->todo = DO_MODIFY;
      pw_data->sp.sp_pwdp = pw_data->pw.pw_passwd;
      pw_data->newpassword = "x";
      rc = write_user_data (pw_data, 0);
      pw_data->newpassword = NULL;

      if (rc != 0)
	{
	  fprintf (stderr,
		   _("Error while converting to shadow account.\n"));
	  free_user_t (pw_data);
	  return E_FAILURE;
	}

      pw_data->use_shadow = 1;
      pw_data->todo = DO_CREATE_SHADOW;
      pw_data->sp.sp_namp = pw_data->pw.pw_name;
      pw_data->sp.sp_lstchg = pw_data->spn.sp_lstchg;
      pw_data->sp.sp_min = pw_data->spn.sp_min;
      pw_data->sp.sp_max = pw_data->spn.sp_max;
      pw_data->sp.sp_warn = pw_data->spn.sp_warn;
      pw_data->sp.sp_inact = pw_data->spn.sp_inact;
      pw_data->sp.sp_expire = pw_data->spn.sp_expire;
    }

  if (write_user_data (pw_data, 0) != 0)
    {
      fprintf (stderr, _("Error while changing aging information.\n"));
      free_user_t (pw_data);
      return E_FAILURE;
    }
  else
    {
#ifdef HAVE_NSCD_FLUSH_CACHE
      nscd_flush_cache ("passwd");
#endif
      if (!silent)
	printf (_("Aging information changed.\n"));
    }

  if (pw_data->sp.sp_min != pw_data->spn.sp_min)
    sec_log (program, MSG_MINIMUM_AGE,
	     pw_data->pw.pw_name, pw_data->pw.pw_uid,
	     pw_data->spn.sp_min, pw_data->sp.sp_min, uid);
  if (pw_data->sp.sp_max != pw_data->spn.sp_max)
    sec_log (program, MSG_MAXIMUM_AGE,
	     pw_data->pw.pw_name, pw_data->pw.pw_uid,
	     pw_data->spn.sp_max, pw_data->sp.sp_max, uid);
  if (pw_data->sp.sp_warn != pw_data->spn.sp_warn)
    sec_log (program, MSG_WARNING_DAYS,
	     pw_data->pw.pw_name, pw_data->pw.pw_uid,
	     pw_data->spn.sp_warn, pw_data->sp.sp_warn, uid);
  if (pw_data->sp.sp_inact != pw_data->spn.sp_inact)
    sec_log (program, MSG_INACTIVE_DAYS,
	     pw_data->pw.pw_name, pw_data->pw.pw_uid,
	     pw_data->spn.sp_inact, pw_data->sp.sp_inact, uid);

  if (pw_data->sp.sp_lstchg != pw_data->spn.sp_lstchg)
    {
      char *new_lstchg, *old_lstchg;

      new_lstchg = date2str (pw_data->spn.sp_lstchg * DAY);
      old_lstchg = date2str (pw_data->sp.sp_lstchg * DAY);
      sec_log (program, MSG_LAST_CHANGE_DATE,
	       pw_data->pw.pw_name, pw_data->pw.pw_uid,
	       new_lstchg, old_lstchg, uid);

      free(new_lstchg);
      free(old_lstchg);
    }
  if (pw_data->sp.sp_expire != pw_data->spn.sp_expire)
    {
      char *new_exp, *old_exp;

      new_exp = date2str (pw_data->spn.sp_expire * DAY);
      old_exp = date2str (pw_data->sp.sp_expire * DAY);
      sec_log (program, MSG_EXPIRE_DATE,
	       pw_data->pw.pw_name, pw_data->pw.pw_uid,
	       new_exp, old_exp, uid);

      free(new_exp);
      free(old_exp);
    }

  free_user_t (pw_data);

  return 0;
}