diff options
author | Denis Vlasenko <vda.linux@googlemail.com> | 2009-04-14 00:51:05 +0000 |
---|---|---|
committer | Denis Vlasenko <vda.linux@googlemail.com> | 2009-04-14 00:51:05 +0000 |
commit | 829bbd3b5701f656c94f1cc672faa39946675d13 (patch) | |
tree | dbe6672228a3cb51eb8031ba714bb4abb96decf4 /libbb | |
parent | f2b39e088d6ccbf4a540c741059c2f661eebc9ac (diff) | |
download | busybox-829bbd3b5701f656c94f1cc672faa39946675d13.tar.gz |
*: unify concurrent-safe update of /etc/{passwd,group,[g]shadow}
by Tito (farmatito AT tiscali.it)
function old new delta
update_passwd 743 1171 +428
bb_perror_nomsg - 9 +9
find_main 436 444 +8
passwd_main 1023 1027 +4
nameval 202 206 +4
chpasswd_main 315 319 +4
bb__parsespent 119 117 -2
adduser_main 654 650 -4
addgroup_main 345 341 -4
sv_main 1228 1222 -6
deluser_main 173 160 -13
bb_internal_putpwent 69 - -69
add_user_to_group 231 - -231
del_line_matching 460 31 -429
------------------------------------------------------------------------------
(add/remove: 1/2 grow/shrink: 5/6 up/down: 457/-758) Total: -301 bytes
Diffstat (limited to 'libbb')
-rw-r--r-- | libbb/Kbuild | 3 | ||||
-rw-r--r-- | libbb/update_passwd.c | 163 |
2 files changed, 139 insertions, 27 deletions
diff --git a/libbb/Kbuild b/libbb/Kbuild index 2c8830f99..57d5d21cf 100644 --- a/libbb/Kbuild +++ b/libbb/Kbuild @@ -120,6 +120,9 @@ lib-y += xrealloc_vector.o lib-$(CONFIG_FEATURE_MOUNT_LOOP) += loop.o lib-$(CONFIG_LOSETUP) += loop.o lib-$(CONFIG_FEATURE_MTAB_SUPPORT) += mtab.o +lib-$(CONFIG_ADDGROUP) += update_passwd.o +lib-$(CONFIG_ADDUSER) += update_passwd.o +lib-$(CONFIG_DELUSER) += update_passwd.o lib-$(CONFIG_PASSWD) += pw_encrypt.o update_passwd.o lib-$(CONFIG_CHPASSWD) += pw_encrypt.o update_passwd.o lib-$(CONFIG_CRYPTPW) += pw_encrypt.o diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c index 565dd3702..32943482c 100644 --- a/libbb/update_passwd.c +++ b/libbb/update_passwd.c @@ -8,9 +8,11 @@ * * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org> * + * Modified to be able to add or delete users, groups and users to/from groups + * by Tito Ragusa <farmatito@tiscali.it> + * * Licensed under GPLv2, see file LICENSE in this tarball for details. */ - #include "libbb.h" #if ENABLE_SELINUX @@ -35,12 +37,44 @@ static void check_selinux_update_passwd(const char *username) freecon(context); } #else -#define check_selinux_update_passwd(username) ((void)0) +# define check_selinux_update_passwd(username) ((void)0) #endif -int FAST_FUNC update_passwd(const char *filename, const char *username, - const char *new_pw) +/* + 1) add a user: update_passwd(FILE, USER, REMAINING_PWLINE, NULL) + only if CONFIG_ADDUSER=y and applet_name[0] == 'a' like in adduser + + 2) add a group: update_passwd(FILE, GROUP, REMAINING_GRLINE, NULL) + only if CONFIG_ADDGROUP=y and applet_name[0] == 'a' like in addgroup + + 3) add a user to a group: update_passwd(FILE, GROUP, NULL, MEMBER) + only if CONFIG_FEATURE_ADDUSER_TO_GROUP=y, applet_name[0] == 'a' + like in addgroup and member != NULL + + 4) delete a user: update_passwd(FILE, USER, NULL, NULL) + + 5) delete a group: update_passwd(FILE, GROUP, NULL, NULL) + + 6) delete a user from a group: update_passwd(FILE, GROUP, NULL, MEMBER) + only if CONFIG_FEATURE_DEL_USER_FROM_GROUP=y and member != NULL + + 7) change user's passord: update_passwd(FILE, USER, NEW_PASSWD, NULL) + only if CONFIG_PASSWD=y and applet_name[0] == 'p' like in passwd + or if CONFIG_CHPASSWD=y and applet_name[0] == 'c' like in chpasswd + + This function does not validate the arguments fed to it + so the calling program should take care of that. + + Returns number of lines changed, or -1 on error. +*/ +int FAST_FUNC update_passwd(const char *filename, + const char *name, + const char *new_passwd, + const char *member) { +#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP) +#define member NULL +#endif struct stat sb; struct flock lock; FILE *old_fp; @@ -51,22 +85,25 @@ int FAST_FUNC update_passwd(const char *filename, const char *username, int old_fd; int new_fd; int i; - int cnt = 0; + int changed_lines; int ret = -1; /* failure */ filename = xmalloc_follow_symlinks(filename); if (filename == NULL) - return -1; + return ret; - check_selinux_update_passwd(username); + check_selinux_update_passwd(name); /* New passwd file, "/etc/passwd+" for now */ fnamesfx = xasprintf("%s+", filename); sfx_char = &fnamesfx[strlen(fnamesfx)-1]; - username = xasprintf("%s:", username); - user_len = strlen(username); + name = xasprintf("%s:", name); + user_len = strlen(name); - old_fp = fopen(filename, "r+"); + if (strstr(filename, "shadow")) + old_fp = fopen(filename, "r+"); + else + old_fp = fopen_or_warn(filename, "r+"); if (!old_fp) goto free_mem; old_fd = fileno(old_fp); @@ -82,7 +119,7 @@ int FAST_FUNC update_passwd(const char *filename, const char *username, if (errno != EEXIST) break; usleep(100000); /* 0.1 sec */ } while (--i); - bb_perror_msg("cannot create '%s'", fnamesfx); + bb_perror_msg("can't create '%s'", fnamesfx); goto close_old_fp; created: @@ -90,8 +127,10 @@ int FAST_FUNC update_passwd(const char *filename, const char *username, fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */ fchown(new_fd, sb.st_uid, sb.st_gid); } + errno = 0; new_fp = fdopen(new_fd, "w"); if (!new_fp) { + bb_perror_nomsg(); close(new_fd); goto unlink_new; } @@ -102,7 +141,8 @@ int FAST_FUNC update_passwd(const char *filename, const char *username, i = (unlink(fnamesfx) && errno != ENOENT); /* Create backup as a hardlink to current */ if (i || link(filename, fnamesfx)) - bb_perror_msg("warning: cannot create backup copy '%s'", fnamesfx); + bb_perror_msg("warning: can't create backup copy '%s'", + fnamesfx); *sfx_char = '+'; /* Lock the password file before updating */ @@ -111,38 +151,107 @@ int FAST_FUNC update_passwd(const char *filename, const char *username, lock.l_start = 0; lock.l_len = 0; if (fcntl(old_fd, F_SETLK, &lock) < 0) - bb_perror_msg("warning: cannot lock '%s'", filename); + bb_perror_msg("warning: can't lock '%s'", filename); lock.l_type = F_UNLCK; /* Read current password file, write updated /etc/passwd+ */ + changed_lines = 0; while (1) { - char *line = xmalloc_fgets(old_fp); - if (!line) break; /* EOF/error */ - if (strncmp(username, line, user_len) == 0) { - /* we have a match with "username:"... */ - const char *cp = line + user_len; - /* now cp -> old passwd, skip it: */ - cp = strchrnul(cp, ':'); - /* now cp -> ':' after old passwd or -> "" */ - fprintf(new_fp, "%s%s%s", username, new_pw, cp); - cnt++; + char *cp, *line; + + line = xmalloc_fgetline(old_fp); + if (!line) /* EOF/error */ + break; + if (strncmp(name, line, user_len) != 0) { + fprintf(new_fp, "%s\n", line); + goto next; + } + + /* We have a match with "name:"... */ + cp = line + user_len; /* move past name: */ + +#if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP + if (member) { + /* It's actually /etc/group+, not /etc/passwd+ */ + if (ENABLE_FEATURE_ADDUSER_TO_GROUP + && applet_name[0] == 'a' + ) { + /* Add user to group */ + fprintf(new_fp, "%s%s%s\n", line, + last_char_is(line, ':') ? "" : ",", + member); + changed_lines++; + } else if (ENABLE_FEATURE_DEL_USER_FROM_GROUP + /* && applet_name[0] == 'd' */ + ) { + /* Delete user from group */ + char *tmp; + const char *fmt = "%s"; + + /* find the start of the member list: last ':' */ + cp = strrchr(line, ':'); + /* cut it */ + *cp++ = '\0'; + /* write the cut line name:passwd:gid: + * or name:!:: */ + fprintf(new_fp, "%s:", line); + /* parse the tokens of the member list */ + tmp = cp; + while ((cp = strsep(&tmp, ",")) != NULL) { + if (strcmp(member, cp) != 0) { + fprintf(new_fp, fmt, cp); + fmt = ",%s"; + } else { + /* found member, skip it */ + changed_lines++; + } + } + fprintf(new_fp, "\n"); + } } else - fputs(line, new_fp); +#endif + if ((ENABLE_PASSWD && applet_name[0] == 'p') + || (ENABLE_CHPASSWD && applet_name[0] == 'c') + ) { + /* Change passwd */ + cp = strchrnul(cp, ':'); /* move past old passwd */ + /* name: + new_passwd + :rest of line */ + fprintf(new_fp, "%s%s%s\n", name, new_passwd, cp); + changed_lines++; + } /* else delete user or group: skip the line */ + next: free(line); } + + if (changed_lines == 0) { + if (ENABLE_FEATURE_DEL_USER_FROM_GROUP && member) + bb_error_msg("can't find %s in %s", member, filename); + if ((ENABLE_ADDUSER || ENABLE_ADDGROUP) + && applet_name[0] == 'a' && !member + ) { + /* add user or group */ + fprintf(new_fp, "%s%s\n", name, new_passwd); + changed_lines++; + } + } + fcntl(old_fd, F_SETLK, &lock); /* We do want all of them to execute, thus | instead of || */ + errno = 0; if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp)) || rename(fnamesfx, filename) ) { /* At least one of those failed */ + bb_perror_nomsg(); goto unlink_new; } - ret = cnt; /* whee, success! */ + /* Success: ret >= 0 */ + ret = changed_lines; unlink_new: - if (ret < 0) unlink(fnamesfx); + if (ret < 0) + unlink(fnamesfx); close_old_fp: fclose(old_fp); @@ -150,6 +259,6 @@ int FAST_FUNC update_passwd(const char *filename, const char *username, free_mem: free(fnamesfx); free((char *)filename); - free((char *)username); + free((char *)name); return ret; } |