usermod.c

pwdutils是一套密码管理工具

          for (i = 0; gr->gr_mem[i]; i++)
            {
              if (strcmp (gr->gr_mem[i], name) == 0)
                {
                  item = malloc (sizeof (*item));
                  item->value = strdup (gr->gr_name);
                  item->next = list;
                  list = item;
                }
            }
        }
    }
  else
    {
      setgrent ();

      while ((gr = getgrent ()))
        {
          unsigned int i;

          for (i = 0; gr->gr_mem[i]; i++)
            {
              if (strcmp (gr->gr_mem[i], name) == 0)
                {
                  item = malloc (sizeof (*item));
                  item->value = strdup (gr->gr_name);
                  item->next = list;
                  list = item;
                }
            }
        }

      endgrent ();
    }

  item = list;
  while (item != NULL)
    {
      group_t *gr_data = find_group_data (item->value, 0, NULL);

      if (gr_data == NULL || gr_data->service == S_NONE)
        {
          fprintf (stderr,
                   _("%s: ERROR: Cannot find group `%s' anymore!\n"),
                   program, utf8_to_locale (item->value));
          if (retval == E_SUCCESS)
            retval = E_NOTFOUND;
        }
      else
        {
          gr_data->todo = DO_MODIFY;

#ifdef USE_LDAP
          if (gr_data->service == S_LDAP)
            {
              if (pw_data->binddn == NULL)
                {
                  pw_data->binddn = get_caller_dn ();
                  if (pw_data->binddn == NULL)
                    {
                      fprintf (stderr, _("%s: Cannot remove user from groups stored in LDAP database without DN.\n"),
                               program);
                    }
                }

              if (pw_data->binddn == NULL)
                {
		  sec_log (program, MSG_ERROR_REMOVE_USER_FROM_GROUP,
			   pw_data->pw.pw_name, pw_data->pw.pw_uid,
			   gr_data->gr.gr_name,
			   gr_data->gr.gr_gid, getuid ());
                  fprintf (stderr,
                           _("%s: User not removed from LDAP group `%s'.\n"),
                           program, utf8_to_locale (gr_data->gr.gr_name));
                  item = item->next;
                  free_group_t (gr_data);
                  retval = E_GRP_UPDATE;
                  continue;
                }

              gr_data->binddn = strdup (pw_data->binddn);

              if (pw_data->oldclearpwd == NULL)
                {
                  char *cp = get_ldap_password (pw_data->binddn);

                  if (cp)
                    pw_data->oldclearpwd = strdup (cp);
                  else
                    {
		      sec_log (program, MSG_ERROR_REMOVE_USER_FROM_GROUP,
			       pw_data->pw.pw_name, pw_data->pw.pw_uid,
			       gr_data->gr.gr_name,
			       gr_data->gr.gr_gid, getuid ());
                      fprintf (stderr,
                               _("%s: User not removed from LDAP group `%s'.\n"),
                               program, utf8_to_locale (gr_data->gr.gr_name));
                      item = item->next;
                      free_group_t (gr_data);
                      retval = E_GRP_UPDATE;
                      continue;
                    }
                }
            }
#endif
          if (pw_data->oldclearpwd)
            gr_data->oldclearpwd = strdup (pw_data->oldclearpwd);

          gr_data->new_gr_mem = remove_gr_mem (name,
                                               gr_data->gr.gr_mem);
          if (write_group_data (gr_data, 1) != 0)
            {
	      sec_log (program, MSG_ERROR_REMOVE_USER_FROM_GROUP,
		       pw_data->pw.pw_name, pw_data->pw.pw_uid,
		       gr_data->gr.gr_name,
		       gr_data->gr.gr_gid, getuid ());
              fprintf (stderr,
                       _("%s: User not removed from group `%s'.\n"),
                       program, utf8_to_locale (gr_data->gr.gr_name));
              retval = E_GRP_UPDATE;
            }
	  else
	    {
	      sec_log (program, MSG_USER_REMOVED_FROM_GROUP,
		       pw_data->pw.pw_name, gr_data->gr.gr_name,
		       gr_data->gr.gr_gid, getuid ());
	    }

          item = item->next;
        }

      free_group_t (gr_data);
    }

  return retval;
}


int
main (int argc, char **argv)
{
  char *use_service = NULL;
  user_t *pw_data;
#ifdef USE_LDAP
  char *binddn = NULL;
#endif
  char *modify_account;
  char *new_group = NULL;
  gid_t new_gid = 0;
  char *new_comment = NULL;
  char *new_home = NULL;
  char *old_home = NULL;
  char *new_shell = NULL;
  char *new_login = NULL;
  char *new_password = NULL;
  char *new_groups_arg = NULL;
  char *add_groups_arg = NULL;
  char *remove_groups_arg = NULL;
  char **new_groups = NULL;
  unsigned int new_groupscnt = 0;
  char **del_groups = NULL;
  unsigned int del_groupscnt = 0;
  uid_t new_uid = 0;
  char *know_uid = NULL;
  int non_unique = 0;
  int have_extrapath = 0;
  int move_homedir = 0;
  long int new_expire = -1;
  int know_expire = 0;
  long int new_inactive = -1;
  int know_inactive = 0;
  int retval = E_SUCCESS;
  int lock_password = 0;
  int unlock_password = 0;
  int a_flg = 0;

  setlocale (LC_ALL, "");
  bindtextdomain (PACKAGE, LOCALEDIR);
  textdomain (PACKAGE);

  open_sec_log (program);

  /* Before going any further, raise the ulimit and ignore
     signals.  */

  init_environment ();

  while (1)
    {
      int c;
      int option_index = 0;

      c = getopt_long (argc, argv, short_options,
		       long_options, &option_index);
      if (c == (-1))
	break;
      switch (c)
	{
	case 'a':
	  a_flg = 1;
	  break;
	case 'c':
	  if (strcspn (optarg, ":\n") != strlen (optarg))
	    {
	      fprintf (stderr, _("%s: Invalid comment `%s'.\n"),
		       program, optarg);
	      return E_BAD_ARG;
	    }
	  new_comment = locale_to_utf8 (optarg);
	  break;
	case 'D':
#ifdef USE_LDAP
	  binddn = optarg;
#endif
	  break;
	case 'd':
	  if (check_home (optarg) == -1)
	    {
	      fprintf (stderr, _("%s: Invalid home directory `%s'.\n"),
		       program, optarg);
	      return E_BAD_ARG;
	    }
	  new_home = locale_to_utf8 (optarg);
	  break;
	case 'e':
	  if (strcmp (optarg, "1969-12-31") == 0)
	    {
	      new_expire = -1;
	      know_expire = 1;
	    }
	  else
	    {
	      long int expire;
	      char *cp;

	      expire = str2date (optarg);
	      if (expire == -1)
		{
		  if (((expire = strtol (optarg, &cp, 10)) == 0 && *cp) ||
		      expire < -1)
		    {
		      fprintf (stderr,
			       _("%s: Expiredate `%s' is no date and no integer value >= -1.\n"),
			       program, optarg);
		      return E_BAD_ARG;
		    }
		}
	      new_expire = expire;
	      know_expire = 1;
	    }
	  break;
	case 'f':
	  {
	    long int inactive;
	    char *cp;

	    inactive = strtol (optarg, &cp, 10);
	    if (*cp != '\0')	/* invalid number */
	      {
		fprintf (stderr, _("%s: Invalid numeric argument `%s'.\n"),
			 program, optarg);
		return E_BAD_ARG;
	      }
	    new_inactive = inactive;
	    know_inactive = 1;
	  }
	  break;
	case 'G':
	  if (add_groups_arg || remove_groups_arg)
	    {
	      print_usage (stderr, program);
	      return E_BAD_ARG;
	    }
	  /* Only save the arguments for later checking. We can find a
	     -P <path> option later.  */
	  new_groups_arg = locale_to_utf8 (optarg);
	  break;
	case 'A':
	  if (new_groups_arg)
	    {
	      print_usage (stderr, program);
	      return E_BAD_ARG;
	    }
	  /* Only save the arguments for later checking. We can find a
	     -P <path> option later.  */
	  add_groups_arg = locale_to_utf8 (optarg);
	  break;
	case 'R':
	  if (new_groups_arg)
	    {
	      print_usage (stderr, program);
	      return E_BAD_ARG;
	    }
	  /* Only save the arguments for later checking. We can find a
	     -P <path> option later.  */
	  remove_groups_arg = locale_to_utf8 (optarg);
	  break;
	case 'g':
	  new_group = locale_to_utf8 (optarg);
	  break;
	case 'l':
	  new_login = locale_to_utf8 (optarg);
	  break;
	case 'L':
	  if (unlock_password)
	    {
	      print_usage (stderr, program);
	      return E_BAD_ARG;
	    }
	  lock_password = 1;
	  break;
	case 'm':
	  move_homedir = 1;
	  break;
	case 'o':
	  non_unique = 1;
	  break;
	case 'P':
	  files_etc_dir = strdup (optarg);
	  have_extrapath = 1;
	  /* If -P option is used, set use_service to "files" if not
	     already set through an option. If we don't limitate to
	     service files, we can get trouble finding the right
	     source.  */
	  if (!use_service)
	    use_service = "files";
	  break;
	case 'p':		/* set encrypted password */
	  if (strcspn (optarg, ":\n") != strlen (optarg))
	    {
	      fprintf (stderr,
		       _("%s: Invalid characters in password `%s'.\n"),
		       program, optarg);
	      return E_BAD_ARG;
	    }
	  new_password = optarg;
	  break;
	case 's':
	  if (strcspn (optarg, ",=\":*\n") != strlen (optarg) ||
	      *optarg != '/')
	    {
	      fprintf (stderr, _("%s: Invalid shell `%s'.\n"),
		       program, optarg);
	      return E_BAD_ARG;
	    }
	  new_shell = optarg;
	  break;
	case 'u':
	  {
	    char *cp;

	    new_uid = strtoul (optarg, &cp, 10);
	    if (*cp != '\0')	/* invalid number */
	      {
		fprintf (stderr, _("%s: Invalid numeric argument `%s'.\n"),
			 program, optarg);
		return E_BAD_ARG;
	      }
	    know_uid = optarg;
	  }
	  break;
	case 'U':
	  if (lock_password)
	    {
	      print_usage (stderr, program);
	      return E_BAD_ARG;
	    }
	  unlock_password = 1;
	  break;
	case '\253':
	  if (use_service != NULL)
	    {
	      print_usage (stderr, program);
	      return E_BAD_ARG;
	    }

	  if (strcasecmp (optarg, "files") == 0)
	    use_service = "files";
#ifdef USE_LDAP
	  else if (strcasecmp (optarg, "ldap") == 0)
	    use_service = "ldap";
#endif
	  else
	    {
	      fprintf (stderr, _("Service `%s' not supported.\n"), optarg);
	      print_usage (stderr, program);
	      return E_BAD_ARG;
	    }
	  break;
	case '\255':
	  print_help (program);
	  return 0;
	case 'v':
	  print_version (program, "2005");
	  return 0;
	case '\254':
	  print_usage (stdout, program);
	  return 0;
	default:
	  print_error (program);
	  return E_USAGE;
	}
    }

  argc -= optind;
  argv += optind;

  if (a_flg) /* -a -G is identical to -A */
    {
      if (add_groups_arg)
	{
	  print_usage (stderr, program);
	  return E_BAD_ARG;
	}
      add_groups_arg = new_groups_arg;
      new_groups_arg = NULL;
    }

  if (argc > 1)
    {
      fprintf (stderr, _("%s: Too many arguments.\n"), program);
      print_error (program);
      return E_USAGE;
    }
  else if (argc == 0)
    {
      fprintf (stderr, _("%s: Too few arguments.\n"), program);
      print_error (program);
      return E_USAGE;
    }
  else if (move_homedir && !new_home)
    {
      print_usage (stderr, program);
      return E_USAGE;
    }
  else
    {
      int buflen = 256;
      char *buffer = alloca (buflen);
      struct passwd resultbuf;
      struct passwd *pw;

      /* Determine our own user name for PAM authentication.  */
      while (getpwuid_r (getuid (), &resultbuf, buffer, buflen, &pw) != 0
	     && errno == ERANGE)
	{
	  errno = 0;
	  buflen += 256;
	  buffer = alloca (buflen);
	}

      if (!pw)
	{
	  sec_log (program, MSG_NO_ACCOUNT_FOUND, getuid ());
	  fprintf (stderr, _("%s: Cannot determine your user name.\n"),
		   program);
	  return E_UNKNOWN_USER;
	}

      if (do_authentication ("shadow", pw->pw_name, NULL) != 0)
        {
          sec_log (program, MSG_PERMISSION_DENIED, pw->pw_name,
                   pw->pw_uid, getuid ());
	  return E_NOPERM;
	}
    }

  modify_account = locale_to_utf8 (argv[0]);
  /* Check, if the account we should modify exist.  */
  pw_data = do_getpwnam (modify_account, use_service);
  if (pw_data == NULL || pw_data->service == S_NONE)
    {				/* User does not exist.  */
      sec_log (program, MSG_UNKNOWN_USER, modify_account, getuid ());
      fprintf (stderr, _("%s: Account `%s' does not exist.\n"),
	       program, utf8_to_locale (modify_account));
      return E_NOTFOUND;
    }

  old_home = strdupa (pw_data->pw.pw_dir);

  if (new_group)
    {
      if ((retval = convert_grpopt_to_name (new_group, NULL,
					    &new_gid, use_service)) != 0)
	return retval;
    }

  if (new_groups_arg)
    {
      char *arg = new_groups_arg;
      unsigned int errors = 0, i, j;

      j = 1;
      for (i = 0; i < strlen (arg); i++)
	if (arg[i] == ',')
	  ++j;

      new_groups = malloc (sizeof (char *) * j);
      new_groupscnt = 0;

      do
	{
	  char *cp = strchr (arg, ',');
	  if (cp)
	    *cp++ = '\0';

	  if (arg && *arg)
	    {
	      gid_t gid;

	      if (convert_grpopt_to_name (arg,
					  &new_groups[new_groupscnt],
					  &gid, use_service) != 0)
		++errors;
	      else
		{
		  /* If this group is the primary group, print error
		     message and ignore it. Don't exit with an error,
		     this would break too many existing scripts.  */
		  if ((new_group &&
		       strcmp (new_group, new_groups[new_groupscnt]) == 0) ||
		      (gid == pw_data->pw.pw_gid))
		    {
		      fprintf (stderr, _("%s: `%s' is primary group name.\n"),
			       program,
			       utf8_to_locale (new_groups[new_groupscnt]));
		      /* return E_BAD_ARG; */
		    }
		  else
		    {
		      new_groupscnt++;
		      if (new_groupscnt > j)
			abort ();
		    }
		}
	    }
	  arg = cp;
	}
      while (arg);

      if (errors)
	{
	  /* This is more a guess than something else.  */
	  if (files_etc_dir)
	    return E_NOTFOUND;
	  else
	    return E_BAD_ARG;
	}
    }

  /* Create list of groups, to which we should add this account. -A option.  */
  /* XXX merge with new_groups_arg above.  */
  if (add_groups_arg)
    {
      char *arg = add_groups_arg;
      unsigned int errors = 0, i, j;

      j = 1;
      for (i = 0; i < strlen (arg); i++)
	if (arg[i] == ',')
	  ++j;

      new_groups = malloc (sizeof (char *) * j);
      new_groupscnt = 0;

      do
	{
	  char *cp = strchr (arg, ',');
	  if (cp)
	    *cp++ = '\0';

	  if (arg && *arg)
	    {
	      gid_t gid;

	      if (convert_grpopt_to_name (arg,
					  &new_groups[new_groupscnt],
					  &gid, use_service) != 0)
		++errors;
	      else
		{
		  /* If this group is the primary group, print error
		     message and ignore it. Don't exit with an error,
		     this would break too many existing scripts.  */
		  if ((new_group &&
		       strcmp (new_group, new_groups[new_groupscnt]) == 0) ||
		      (gid == pw_data->pw.pw_gid))
		    {
		      fprintf (stderr, _("%s: `%s' is primary group name.\n"),
			       program,