diff options
Diffstat (limited to 'libbb/update_passwd.c')
-rw-r--r-- | libbb/update_passwd.c | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c new file mode 100644 index 0000000..88bc28c --- /dev/null +++ b/libbb/update_passwd.c @@ -0,0 +1,153 @@ +/* vi: set sw=4 ts=4: */ +/* + * update_passwd + * + * update_passwd is a common function for passwd and chpasswd applets; + * it is responsible for updating password file (i.e. /etc/passwd or + * /etc/shadow) for a given user and password. + * + * Moved from loginutils/passwd.c by Alexander Shishkin <virtuoso@slind.org> + */ + +#include "libbb.h" + +#if ENABLE_SELINUX +static void check_selinux_update_passwd(const char *username) +{ + security_context_t context; + char *seuser; + + if (getuid() != (uid_t)0 || is_selinux_enabled() == 0) + return; /* No need to check */ + + if (getprevcon_raw(&context) < 0) + bb_perror_msg_and_die("getprevcon failed"); + seuser = strtok(context, ":"); + if (!seuser) + bb_error_msg_and_die("invalid context '%s'", context); + if (strcmp(seuser, username) != 0) { + if (checkPasswdAccess(PASSWD__PASSWD) != 0) + bb_error_msg_and_die("SELinux: access denied"); + } + if (ENABLE_FEATURE_CLEAN_UP) + freecon(context); +} +#else +#define check_selinux_update_passwd(username) ((void)0) +#endif + +int FAST_FUNC update_passwd(const char *filename, const char *username, + const char *new_pw) +{ + struct stat sb; + struct flock lock; + FILE *old_fp; + FILE *new_fp; + char *fnamesfx; + char *sfx_char; + unsigned user_len; + int old_fd; + int new_fd; + int i; + int cnt = 0; + int ret = -1; /* failure */ + + filename = xmalloc_follow_symlinks(filename); + if (filename == NULL) + return -1; + + check_selinux_update_passwd(username); + + /* New passwd file, "/etc/passwd+" for now */ + fnamesfx = xasprintf("%s+", filename); + sfx_char = &fnamesfx[strlen(fnamesfx)-1]; + username = xasprintf("%s:", username); + user_len = strlen(username); + + old_fp = fopen(filename, "r+"); + if (!old_fp) + goto free_mem; + old_fd = fileno(old_fp); + + selinux_preserve_fcontext(old_fd); + + /* Try to create "/etc/passwd+". Wait if it exists. */ + i = 30; + do { + // FIXME: on last iteration try w/o O_EXCL but with O_TRUNC? + new_fd = open(fnamesfx, O_WRONLY|O_CREAT|O_EXCL, 0600); + if (new_fd >= 0) goto created; + if (errno != EEXIST) break; + usleep(100000); /* 0.1 sec */ + } while (--i); + bb_perror_msg("cannot create '%s'", fnamesfx); + goto close_old_fp; + + created: + if (!fstat(old_fd, &sb)) { + fchmod(new_fd, sb.st_mode & 0777); /* ignore errors */ + fchown(new_fd, sb.st_uid, sb.st_gid); + } + new_fp = fdopen(new_fd, "w"); + if (!new_fp) { + close(new_fd); + goto unlink_new; + } + + /* Backup file is "/etc/passwd-" */ + *sfx_char = '-'; + /* Delete old backup */ + i = (unlink(fnamesfx) && errno != ENOENT); + /* Create backup as a hardlink to current */ + if (i || link(filename, fnamesfx)) + bb_perror_msg("warning: cannot create backup copy '%s'", fnamesfx); + *sfx_char = '+'; + + /* Lock the password file before updating */ + lock.l_type = F_WRLCK; + lock.l_whence = SEEK_SET; + lock.l_start = 0; + lock.l_len = 0; + if (fcntl(old_fd, F_SETLK, &lock) < 0) + bb_perror_msg("warning: cannot lock '%s'", filename); + lock.l_type = F_UNLCK; + + /* Read current password file, write updated /etc/passwd+ */ + while (1) { + char *line = xmalloc_fgets(old_fp); + if (!line) break; /* EOF/error */ + if (strncmp(username, line, user_len) == 0) { + /* we have a match with "username:"... */ + const char *cp = line + user_len; + /* now cp -> old passwd, skip it: */ + cp = strchrnul(cp, ':'); + /* now cp -> ':' after old passwd or -> "" */ + fprintf(new_fp, "%s%s%s", username, new_pw, cp); + cnt++; + } else + fputs(line, new_fp); + free(line); + } + fcntl(old_fd, F_SETLK, &lock); + + /* We do want all of them to execute, thus | instead of || */ + if ((ferror(old_fp) | fflush(new_fp) | fsync(new_fd) | fclose(new_fp)) + || rename(fnamesfx, filename) + ) { + /* At least one of those failed */ + goto unlink_new; + } + ret = cnt; /* whee, success! */ + + unlink_new: + if (ret < 0) unlink(fnamesfx); + + close_old_fp: + fclose(old_fp); + + free_mem: + free(fnamesfx); + free((char *)filename); + free((char *)username); + return ret; +} |