1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2013 Gary Mills
23 *
24 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
25 * Use is subject to license terms.
26 */
27
28 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
29 /* All Rights Reserved */
30
31 /*
32 * Copyright (c) 2013 RackTop Systems.
33 */
34
35 #include <sys/types.h>
36 #include <sys/stat.h>
37 #include <sys/param.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <ctype.h>
41 #include <limits.h>
42 #include <string.h>
43 #include <userdefs.h>
44 #include <errno.h>
45 #include <project.h>
46 #include <unistd.h>
47 #include <user_attr.h>
48 #include <libcmdutils.h>
49 #include "users.h"
50 #include "messages.h"
51 #include "userdisp.h"
52 #include "funcs.h"
53
54 /*
55 * useradd [-u uid [-o] | -g group | -G group [[, group]...]
56 * | -d dir [-m [-z|Z]]
57 * | -s shell | -c comment | -k skel_dir | -b base_dir] ]
58 * [ -A authorization [, authorization ...]]
59 * [ -P profile [, profile ...]]
60 * [ -K key=value ]
61 * [ -R role [, role ...]] [-p project [, project ...]] login
62 * useradd -D [ -g group ] [ -b base_dir | -f inactive | -e expire |
63 * -s shell | -k skel_dir ]
64 * [ -A authorization [, authorization ...]]
65 * [ -P profile [, profile ...]] [ -K key=value ]
66 * [ -R role [, role ...]] [-p project [, project ...]] login
67 *
68 * This command adds new user logins to the system. Arguments are:
69 *
70 * uid - an integer
71 * group - an existing group's integer ID or char string name
72 * dir - home directory
73 * shell - a program to be used as a shell
74 * comment - any text string
75 * skel_dir - a skeleton directory
76 * base_dir - a directory
77 * login - a string of printable chars except colon(:)
78 * authorization - One or more comma separated authorizations defined
79 * in auth_attr(5).
80 * profile - One or more comma separated execution profiles defined
81 * in prof_attr(5)
82 * role - One or more comma-separated role names defined in user_attr(5)
83 * project - One or more comma-separated project names or numbers
84 *
85 */
86
87 extern struct userdefs *getusrdef();
88 extern void dispusrdef();
89
90 static void cleanup();
91
92 extern int check_perm(), valid_expire();
93 extern int putusrdef(), valid_uid();
94 extern int call_passmgmt(), edit_group(), create_home();
95 extern int edit_project();
96 extern int **valid_lgroup();
97 extern projid_t **valid_lproject();
98 extern void update_def(struct userdefs *);
99 extern void import_def(struct userdefs *);
100 extern int get_default_zfs_flags();
101
102 static uid_t uid; /* new uid */
103 static char *logname; /* login name to add */
104 static struct userdefs *usrdefs; /* defaults for useradd */
105
106 char *cmdname;
107
108 static char homedir[ PATH_MAX + 1 ]; /* home directory */
109 static char gidstring[32]; /* group id string representation */
110 static gid_t gid; /* gid of new login */
111 static char uidstring[32]; /* user id string representation */
112 static char *uidstr = NULL; /* uid from command line */
113 static char *base_dir = NULL; /* base_dir from command line */
114 static char *group = NULL; /* group from command line */
115 static char *grps = NULL; /* multi groups from command line */
116 static char *dir = NULL; /* home dir from command line */
117 static char *shell = NULL; /* shell from command line */
118 static char *comment = NULL; /* comment from command line */
119 static char *skel_dir = NULL; /* skel dir from command line */
120 static long inact; /* inactive days */
121 static char *inactstr = NULL; /* inactive from command line */
122 static char inactstring[10]; /* inactivity string representation */
123 static char *expirestr = NULL; /* expiration date from command line */
124 static char *projects = NULL; /* project id's from command line */
125
126 static char *usertype = NULL; /* type of user, either role or normal */
127
128 typedef enum {
129 BASEDIR = 0,
130 SKELDIR,
131 SHELL
132 } path_opt_t;
133
134
135 static void valid_input(path_opt_t, const char *);
136
137 int
main(argc,argv)138 main(argc, argv)
139 int argc;
140 char *argv[];
141 {
142 int ch, ret, mflag = 0, oflag = 0, Dflag = 0;
143 int zflag = 0, Zflag = 0, **gidlist = NULL;
144 projid_t **projlist = NULL;
145 char *ptr; /* loc in a str, may be set by strtol */
146 struct group *g_ptr;
147 struct project p_ptr;
148 char mybuf[PROJECT_BUFSZ];
149 struct stat statbuf; /* status buffer for stat */
150 int warning;
151 int busy = 0;
152 char **nargv; /* arguments for execvp of passmgmt */
153 int argindex; /* argument index into nargv */
154 int zfs_flags = 0; /* create_home flags */
155
156 cmdname = argv[0];
157
158 if (geteuid() != 0) {
159 errmsg(M_PERM_DENIED);
160 exit(EX_NO_PERM);
161 }
162
163 opterr = 0; /* no print errors from getopt */
164 usertype = getusertype(argv[0]);
165
166 change_key(USERATTR_TYPE_KW, usertype);
167
168 while ((ch = getopt(argc, argv,
169 "b:c:Dd:e:f:G:g:k:mzZop:s:u:A:P:R:K:")) != EOF)
170 switch (ch) {
171 case 'b':
172 base_dir = optarg;
173 break;
174
175 case 'c':
176 comment = optarg;
177 break;
178
179 case 'D':
180 Dflag++;
181 break;
182
183 case 'd':
184 dir = optarg;
185 break;
186
187 case 'e':
188 expirestr = optarg;
189 break;
190
191 case 'f':
192 inactstr = optarg;
193 break;
194
195 case 'G':
196 grps = optarg;
197 break;
198
199 case 'g':
200 group = optarg;
201 break;
202
203 case 'k':
204 skel_dir = optarg;
205 break;
206
207 case 'm':
208 mflag++;
209 break;
210
211 case 'o':
212 oflag++;
213 break;
214
215 case 'p':
216 projects = optarg;
217 break;
218
219 case 's':
220 shell = optarg;
221 break;
222
223 case 'u':
224 uidstr = optarg;
225 break;
226
227 case 'Z':
228 Zflag++;
229 break;
230
231 case 'z':
232 zflag++;
233 break;
234
235 case 'A':
236 change_key(USERATTR_AUTHS_KW, optarg);
237 break;
238
239 case 'P':
240 change_key(USERATTR_PROFILES_KW, optarg);
241 break;
242
243 case 'R':
244 if (is_role(usertype)) {
245 errmsg(M_ARUSAGE);
246 exit(EX_SYNTAX);
247 }
248 change_key(USERATTR_ROLES_KW, optarg);
249 break;
250
251 case 'K':
252 change_key(NULL, optarg);
253 break;
254
255 default:
256 case '?':
257 if (is_role(usertype))
258 errmsg(M_ARUSAGE);
259 else
260 errmsg(M_AUSAGE);
261 exit(EX_SYNTAX);
262 }
263
264 if (((!mflag) && (zflag || Zflag)) || (zflag && Zflag) ||
265 (mflag > 1 && (zflag || Zflag))) {
266 if (is_role(usertype))
267 errmsg(M_ARUSAGE);
268 else
269 errmsg(M_AUSAGE);
270 exit(EX_SYNTAX);
271 }
272
273
274 /* get defaults for adding new users */
275 usrdefs = getusrdef(usertype);
276
277 if (Dflag) {
278 /* DISPLAY mode */
279
280 /* check syntax */
281 if (optind != argc) {
282 if (is_role(usertype))
283 errmsg(M_ARUSAGE);
284 else
285 errmsg(M_AUSAGE);
286 exit(EX_SYNTAX);
287 }
288
289 if (uidstr != NULL || oflag || grps != NULL ||
290 dir != NULL || mflag || comment != NULL) {
291 if (is_role(usertype))
292 errmsg(M_ARUSAGE);
293 else
294 errmsg(M_AUSAGE);
295 exit(EX_SYNTAX);
296 }
297
298 /* Group must be an existing group */
299 if (group != NULL) {
300 switch (valid_group(group, &g_ptr, &warning)) {
301 case INVALID:
302 errmsg(M_INVALID, group, "group id");
303 exit(EX_BADARG);
304 /*NOTREACHED*/
305 case TOOBIG:
306 errmsg(M_TOOBIG, "gid", group);
307 exit(EX_BADARG);
308 /*NOTREACHED*/
309 case RESERVED:
310 case UNIQUE:
311 errmsg(M_GRP_NOTUSED, group);
312 exit(EX_NAME_NOT_EXIST);
313 }
314 if (warning)
315 warningmsg(warning, group);
316
317 usrdefs->defgroup = g_ptr->gr_gid;
318 usrdefs->defgname = g_ptr->gr_name;
319
320 }
321
322 /* project must be an existing project */
323 if (projects != NULL) {
324 switch (valid_project(projects, &p_ptr, mybuf,
325 sizeof (mybuf), &warning)) {
326 case INVALID:
327 errmsg(M_INVALID, projects, "project id");
328 exit(EX_BADARG);
329 /*NOTREACHED*/
330 case TOOBIG:
331 errmsg(M_TOOBIG, "projid", projects);
332 exit(EX_BADARG);
333 /*NOTREACHED*/
334 case UNIQUE:
335 errmsg(M_PROJ_NOTUSED, projects);
336 exit(EX_NAME_NOT_EXIST);
337 }
338 if (warning)
339 warningmsg(warning, projects);
340
341 usrdefs->defproj = p_ptr.pj_projid;
342 usrdefs->defprojname = p_ptr.pj_name;
343 }
344
345 /* base_dir must be an existing directory */
346 if (base_dir != NULL) {
347 valid_input(BASEDIR, base_dir);
348 usrdefs->defparent = base_dir;
349 }
350
351 /* inactivity period is an integer */
352 if (inactstr != NULL) {
353 /* convert inactstr to integer */
354 inact = strtol(inactstr, &ptr, 10);
355 if (*ptr || inact < 0) {
356 errmsg(M_INVALID, inactstr,
357 "inactivity period");
358 exit(EX_BADARG);
359 }
360
361 usrdefs->definact = inact;
362 }
363
364 /* expiration string is a date, newer than today */
365 if (expirestr != NULL) {
366 if (*expirestr) {
367 if (valid_expire(expirestr, (time_t *)0)
368 == INVALID) {
369 errmsg(M_INVALID, expirestr,
370 "expiration date");
371 exit(EX_BADARG);
372 }
373 usrdefs->defexpire = expirestr;
374 } else
375 /* Unset the expiration date */
376 usrdefs->defexpire = "";
377 }
378
379 if (shell != NULL) {
380 valid_input(SHELL, shell);
381 usrdefs->defshell = shell;
382 }
383 if (skel_dir != NULL) {
384 valid_input(SKELDIR, skel_dir);
385 usrdefs->defskel = skel_dir;
386 }
387 update_def(usrdefs);
388
389 /* change defaults for useradd */
390 if (putusrdef(usrdefs, usertype) < 0) {
391 errmsg(M_UPDATE, "created");
392 exit(EX_UPDATE);
393 }
394
395 /* Now, display */
396 dispusrdef(stdout, (D_ALL & ~D_RID), usertype);
397 exit(EX_SUCCESS);
398
399 }
400
401 /* ADD mode */
402
403 /* check syntax */
404 if (optind != argc - 1 || (skel_dir != NULL && !mflag)) {
405 if (is_role(usertype))
406 errmsg(M_ARUSAGE);
407 else
408 errmsg(M_AUSAGE);
409 exit(EX_SYNTAX);
410 }
411
412 logname = argv[optind];
413 switch (valid_login(logname, (struct passwd **)NULL, &warning)) {
414 case INVALID:
415 errmsg(M_INVALID, logname, "login name");
416 exit(EX_BADARG);
417 /*NOTREACHED*/
418
419 case NOTUNIQUE:
420 errmsg(M_USED, logname);
421 exit(EX_NAME_EXISTS);
422 /*NOTREACHED*/
423
424 case LONGNAME:
425 errmsg(M_TOO_LONG, logname);
426 exit(EX_BADARG);
427 /*NOTREACHED*/
428 }
429
430 if (warning)
431 warningmsg(warning, logname);
432 if (uidstr != NULL) {
433 /* convert uidstr to integer */
434 errno = 0;
435 uid = (uid_t)strtol(uidstr, &ptr, (int)10);
436 if (*ptr || errno == ERANGE) {
437 errmsg(M_INVALID, uidstr, "user id");
438 exit(EX_BADARG);
439 }
440
441 switch (valid_uid(uid, NULL)) {
442 case NOTUNIQUE:
443 if (!oflag) {
444 /* override not specified */
445 errmsg(M_UID_USED, uid);
446 exit(EX_ID_EXISTS);
447 }
448 break;
449 case RESERVED:
450 errmsg(M_RESERVED, uid);
451 break;
452 case TOOBIG:
453 errmsg(M_TOOBIG, "uid", uid);
454 exit(EX_BADARG);
455 break;
456 }
457
458 } else {
459
460 if (findnextuid(DEFRID+1, MAXUID, &uid) != 0) {
461 errmsg(M_INVALID, "default id", "user id");
462 exit(EX_ID_EXISTS);
463 }
464 }
465
466 if (group != NULL) {
467 switch (valid_group(group, &g_ptr, &warning)) {
468 case INVALID:
469 errmsg(M_INVALID, group, "group id");
470 exit(EX_BADARG);
471 /*NOTREACHED*/
472 case TOOBIG:
473 errmsg(M_TOOBIG, "gid", group);
474 exit(EX_BADARG);
475 /*NOTREACHED*/
476 case RESERVED:
477 case UNIQUE:
478 errmsg(M_GRP_NOTUSED, group);
479 exit(EX_NAME_NOT_EXIST);
480 /*NOTREACHED*/
481 }
482
483 if (warning)
484 warningmsg(warning, group);
485 gid = g_ptr->gr_gid;
486
487 } else gid = usrdefs->defgroup;
488
489 if (grps != NULL) {
490 if (!*grps)
491 /* ignore -G "" */
492 grps = (char *)0;
493 else if (!(gidlist = valid_lgroup(grps, gid)))
494 exit(EX_BADARG);
495 }
496
497 if (projects != NULL) {
498 if (! *projects)
499 projects = (char *)0;
500 else if (! (projlist = valid_lproject(projects)))
501 exit(EX_BADARG);
502 }
503
504 /* if base_dir is provided, check its validity; otherwise default */
505 if (base_dir != NULL)
506 valid_input(BASEDIR, base_dir);
507 else
508 base_dir = usrdefs->defparent;
509
510 if (dir == NULL) {
511 /* set homedir to home directory made from base_dir */
512 (void) sprintf(homedir, "%s/%s", base_dir, logname);
513
514 } else if (REL_PATH(dir)) {
515 errmsg(M_RELPATH, dir);
516 exit(EX_BADARG);
517
518 } else
519 (void) strcpy(homedir, dir);
520
521 if (mflag) {
522 /* Does home dir. already exist? */
523 if (stat(homedir, &statbuf) == 0) {
524 /* directory exists - don't try to create */
525 mflag = 0;
526
527 if (check_perm(statbuf, uid, gid, S_IXOTH) != 0)
528 errmsg(M_NO_PERM, logname, homedir);
529 }
530 }
531 /*
532 * if shell, skel_dir are provided, check their validity.
533 * Otherwise default.
534 */
535 if (shell != NULL)
536 valid_input(SHELL, shell);
537 else
538 shell = usrdefs->defshell;
539
540 if (skel_dir != NULL)
541 valid_input(SKELDIR, skel_dir);
542 else
543 skel_dir = usrdefs->defskel;
544
545 if (inactstr != NULL) {
546 /* convert inactstr to integer */
547 inact = strtol(inactstr, &ptr, 10);
548 if (*ptr || inact < 0) {
549 errmsg(M_INVALID, inactstr, "inactivity period");
550 exit(EX_BADARG);
551 }
552 } else inact = usrdefs->definact;
553
554 /* expiration string is a date, newer than today */
555 if (expirestr != NULL) {
556 if (*expirestr) {
557 if (valid_expire(expirestr, (time_t *)0) == INVALID) {
558 errmsg(M_INVALID, expirestr, "expiration date");
559 exit(EX_BADARG);
560 }
561 usrdefs->defexpire = expirestr;
562 } else
563 /* Unset the expiration date */
564 expirestr = (char *)0;
565
566 } else expirestr = usrdefs->defexpire;
567
568 import_def(usrdefs);
569
570 /* must now call passmgmt */
571
572 /* set up arguments to passmgmt in nargv array */
573 nargv = malloc((30 + nkeys * 2) * sizeof (char *));
574 argindex = 0;
575 nargv[argindex++] = PASSMGMT;
576 nargv[argindex++] = "-a"; /* add */
577
578 if (comment != NULL) {
579 /* comment */
580 nargv[argindex++] = "-c";
581 nargv[argindex++] = comment;
582 }
583
584 /* flags for home directory */
585 nargv[argindex++] = "-h";
586 nargv[argindex++] = homedir;
587
588 /* set gid flag */
589 nargv[argindex++] = "-g";
590 (void) sprintf(gidstring, "%u", gid);
591 nargv[argindex++] = gidstring;
592
593 /* shell */
594 nargv[argindex++] = "-s";
595 nargv[argindex++] = shell;
596
597 /* set inactive */
598 nargv[argindex++] = "-f";
599 (void) sprintf(inactstring, "%ld", inact);
600 nargv[argindex++] = inactstring;
601
602 /* set expiration date */
603 if (expirestr != NULL) {
604 nargv[argindex++] = "-e";
605 nargv[argindex++] = expirestr;
606 }
607
608 /* set uid flag */
609 nargv[argindex++] = "-u";
610 (void) sprintf(uidstring, "%u", uid);
611 nargv[argindex++] = uidstring;
612
613 if (oflag) nargv[argindex++] = "-o";
614
615 if (nkeys > 1)
616 addkey_args(nargv, &argindex);
617
618 /* finally - login name */
619 nargv[argindex++] = logname;
620
621 /* set the last to null */
622 nargv[argindex++] = NULL;
623
624 /* now call passmgmt */
625 ret = PEX_FAILED;
626 /*
627 * If call_passmgmt fails for any reason other than PEX_BADUID, exit
628 * is invoked with an appropriate error message. If PEX_BADUID is
629 * returned, then if the user specified the ID, exit is invoked
630 * with an appropriate error message. Otherwise we try to pick a
631 * different ID and try again. If we run out of IDs, i.e. no more
632 * users can be created, then -1 is returned and we terminate via exit.
633 * If PEX_BUSY is returned we increment a count, since we will stop
634 * trying if PEX_BUSY reaches 3. For PEX_SUCCESS we immediately
635 * terminate the loop.
636 */
637 while (busy < 3 && ret != PEX_SUCCESS) {
638 switch (ret = call_passmgmt(nargv)) {
639 case PEX_SUCCESS:
640 break;
641 case PEX_BUSY:
642 busy++;
643 break;
644 case PEX_HOSED_FILES:
645 errmsg(M_HOSED_FILES);
646 exit(EX_INCONSISTENT);
647 break;
648
649 case PEX_SYNTAX:
650 case PEX_BADARG:
651 /* should NEVER occur that passmgmt usage is wrong */
652 if (is_role(usertype))
653 errmsg(M_ARUSAGE);
654 else
655 errmsg(M_AUSAGE);
656 exit(EX_SYNTAX);
657 break;
658
659 case PEX_BADUID:
660 /*
661 * The uid has been taken. If it was specified by a
662 * user, then we must fail. Otherwise, keep trying
663 * to get a good uid until we run out of IDs.
664 */
665 if (uidstr != NULL) {
666 errmsg(M_UID_USED, uid);
667 exit(EX_ID_EXISTS);
668 } else {
669 if (findnextuid(DEFRID+1, MAXUID, &uid) != 0) {
670 errmsg(M_INVALID, "default id",
671 "user id");
672 exit(EX_ID_EXISTS);
673 }
674 (void) sprintf(uidstring, "%u", uid);
675 }
676 break;
677
678 case PEX_BADNAME:
679 /* invalid loname */
680 errmsg(M_USED, logname);
681 exit(EX_NAME_EXISTS);
682 break;
683
684 default:
685 errmsg(M_UPDATE, "created");
686 exit(ret);
687 break;
688 }
689 }
690 if (busy == 3) {
691 errmsg(M_UPDATE, "created");
692 exit(ret);
693 }
694
695 /* add group entry */
696 if ((grps != NULL) && edit_group(logname, (char *)0, gidlist, 0)) {
697 errmsg(M_UPDATE, "created");
698 cleanup(logname);
699 exit(EX_UPDATE);
700 }
701
702 /* update project database */
703 if ((projects != NULL) &&
704 edit_project(logname, (char *)NULL, projlist, 0)) {
705 errmsg(M_UPDATE, "created");
706 cleanup(logname);
707 exit(EX_UPDATE);
708 }
709
710 /* create home directory */
711 if (mflag) {
712 zfs_flags = get_default_zfs_flags();
713
714 if (zflag || mflag > 1)
715 zfs_flags |= MANAGE_ZFS;
716 else if (Zflag)
717 zfs_flags &= ~MANAGE_ZFS;
718 ret = create_home(homedir, skel_dir, uid, gid, zfs_flags);
719 }
720 if (ret != EX_SUCCESS) {
721 (void) edit_project(logname, (char *)NULL, (projid_t **)NULL,
722 0);
723 (void) edit_group(logname, (char *)0, (int **)0, 1);
724 cleanup(logname);
725 exit(EX_HOMEDIR);
726 }
727
728 return (ret);
729 }
730
731 static void
cleanup(logname)732 cleanup(logname)
733 char *logname;
734 {
735 char *nargv[4];
736
737 nargv[0] = PASSMGMT;
738 nargv[1] = "-d";
739 nargv[2] = logname;
740 nargv[3] = NULL;
741
742 switch (call_passmgmt(nargv)) {
743 case PEX_SUCCESS:
744 break;
745
746 case PEX_SYNTAX:
747 /* should NEVER occur that passmgmt usage is wrong */
748 if (is_role(usertype))
749 errmsg(M_ARUSAGE);
750 else
751 errmsg(M_AUSAGE);
752 break;
753
754 case PEX_BADUID:
755 /* uid is used - shouldn't happen but print message anyway */
756 errmsg(M_UID_USED, uid);
757 break;
758
759 case PEX_BADNAME:
760 /* invalid loname */
761 errmsg(M_USED, logname);
762 break;
763
764 default:
765 errmsg(M_UPDATE, "created");
766 break;
767 }
768 }
769
770 /* Check the validity for shell, base_dir and skel_dir */
771
772 void
valid_input(path_opt_t opt,const char * input)773 valid_input(path_opt_t opt, const char *input)
774 {
775 struct stat statbuf;
776
777 if (REL_PATH(input)) {
778 errmsg(M_RELPATH, input);
779 exit(EX_BADARG);
780 }
781 if (stat(input, &statbuf) == -1) {
782 errmsg(M_INVALID, input, "path");
783 exit(EX_BADARG);
784 }
785 if (opt == SHELL) {
786 if (!S_ISREG(statbuf.st_mode) ||
787 (statbuf.st_mode & 0555) != 0555) {
788 errmsg(M_INVALID, input, "shell");
789 exit(EX_BADARG);
790 }
791 } else {
792 if (!S_ISDIR(statbuf.st_mode)) {
793 errmsg(M_INVALID, input, "directory");
794 exit(EX_BADARG);
795 }
796 }
797 }
798