xref: /freebsd/lib/libc/gen/pw_scan.c (revision edf8578117e8844e02c0121147f45e4609b30680)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1990, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 __SCCSID("@(#)pw_scan.c	8.3 (Berkeley) 4/2/94");
34 /*
35  * This module is used to "verify" password entries by chpass(1) and
36  * pwd_mkdb(8).
37  */
38 
39 #include <sys/param.h>
40 
41 #include <err.h>
42 #include <errno.h>
43 #include <pwd.h>
44 #include <string.h>
45 #include <stdlib.h>
46 #include <unistd.h>
47 
48 #include "pw_scan.h"
49 
50 /*
51  * Some software assumes that IDs are short.  We should emit warnings
52  * for id's which cannot be stored in a short, but we are more liberal
53  * by default, warning for IDs greater than USHRT_MAX.
54  *
55  * If pw_big_ids_warning is -1 on entry to pw_scan(), it will be set based
56  * on the existence of PW_SCAN_BIG_IDS in the environment.
57  *
58  * It is believed all baseline system software that can not handle the
59  * normal ID sizes is now gone so pw_big_ids_warning is disabled for now.
60  * But the code has been left in place in case end-users want to re-enable
61  * it and/or for the next time the ID sizes get bigger but pieces of the
62  * system lag behind.
63  */
64 static int	pw_big_ids_warning = 0;
65 
66 void
67 __pw_initpwd(struct passwd *pwd)
68 {
69 	static char nul[] = "";
70 
71 	memset(pwd, 0, sizeof(*pwd));
72 	pwd->pw_uid = (uid_t)-1;  /* Considered least likely to lead to */
73 	pwd->pw_gid = (gid_t)-1;  /* a security issue.                  */
74 	pwd->pw_name = nul;
75 	pwd->pw_passwd = nul;
76 	pwd->pw_class = nul;
77 	pwd->pw_gecos = nul;
78 	pwd->pw_dir = nul;
79 	pwd->pw_shell = nul;
80 }
81 
82 int
83 __pw_scan(char *bp, struct passwd *pw, int flags)
84 {
85 	uid_t id;
86 	int root;
87 	char *ep, *p, *sh;
88 	unsigned long temp;
89 
90 	if (pw_big_ids_warning == -1)
91 		pw_big_ids_warning = getenv("PW_SCAN_BIG_IDS") == NULL ? 1 : 0;
92 
93 	pw->pw_fields = 0;
94 	if (!(pw->pw_name = strsep(&bp, ":")))		/* login */
95 		goto fmt;
96 	root = !strcmp(pw->pw_name, "root");
97 	if (pw->pw_name[0] && (pw->pw_name[0] != '+' || pw->pw_name[1] == '\0'))
98 		pw->pw_fields |= _PWF_NAME;
99 
100 	if (!(pw->pw_passwd = strsep(&bp, ":")))	/* passwd */
101 		goto fmt;
102 	if (pw->pw_passwd[0])
103 		pw->pw_fields |= _PWF_PASSWD;
104 
105 	if (!(p = strsep(&bp, ":")))			/* uid */
106 		goto fmt;
107 	if (p[0])
108 		pw->pw_fields |= _PWF_UID;
109 	else {
110 		if (pw->pw_name[0] != '+' && pw->pw_name[0] != '-') {
111 			if (flags & _PWSCAN_WARN)
112 				warnx("no uid for user %s", pw->pw_name);
113 			return (0);
114 		}
115 	}
116 	errno = 0;
117 	temp = strtoul(p, &ep, 10);
118 	if ((temp == ULONG_MAX && errno == ERANGE) || temp > UID_MAX) {
119 		if (flags & _PWSCAN_WARN)
120 			warnx("%s > max uid value (%u)", p, UID_MAX);
121 		return (0);
122 	}
123 	id = temp;
124 	if (*ep != '\0') {
125 		if (flags & _PWSCAN_WARN)
126 			warnx("%s uid is incorrect", p);
127 		return (0);
128 	}
129 	if (root && id) {
130 		if (flags & _PWSCAN_WARN)
131 			warnx("root uid should be 0");
132 		return (0);
133 	}
134 	if (flags & _PWSCAN_WARN && pw_big_ids_warning && id > USHRT_MAX) {
135 		warnx("%s > recommended max uid value (%u)", p, USHRT_MAX);
136 		/*return (0);*/ /* THIS SHOULD NOT BE FATAL! */
137 	}
138 	pw->pw_uid = id;
139 
140 	if (!(p = strsep(&bp, ":")))			/* gid */
141 		goto fmt;
142 	if (p[0])
143 		pw->pw_fields |= _PWF_GID;
144 	else {
145 		if (pw->pw_name[0] != '+' && pw->pw_name[0] != '-') {
146 			if (flags & _PWSCAN_WARN)
147 				warnx("no gid for user %s", pw->pw_name);
148 			return (0);
149 		}
150 	}
151 	errno = 0;
152 	temp = strtoul(p, &ep, 10);
153 	if ((temp == ULONG_MAX && errno == ERANGE) || temp > GID_MAX) {
154 		if (flags & _PWSCAN_WARN)
155 			warnx("%s > max gid value (%u)", p, GID_MAX);
156 		return (0);
157 	}
158 	id = temp;
159 	if (*ep != '\0') {
160 		if (flags & _PWSCAN_WARN)
161 			warnx("%s gid is incorrect", p);
162 		return (0);
163 	}
164 	if (flags & _PWSCAN_WARN && pw_big_ids_warning && id > USHRT_MAX) {
165 		warnx("%s > recommended max gid value (%u)", p, USHRT_MAX);
166 		/* return (0); This should not be fatal! */
167 	}
168 	pw->pw_gid = id;
169 
170 	if (flags & _PWSCAN_MASTER ) {
171 		if (!(pw->pw_class = strsep(&bp, ":")))	/* class */
172 			goto fmt;
173 		if (pw->pw_class[0])
174 			pw->pw_fields |= _PWF_CLASS;
175 
176 		if (!(p = strsep(&bp, ":")))		/* change */
177 			goto fmt;
178 		if (p[0])
179 			pw->pw_fields |= _PWF_CHANGE;
180 		pw->pw_change = atol(p);
181 
182 		if (!(p = strsep(&bp, ":")))		/* expire */
183 			goto fmt;
184 		if (p[0])
185 			pw->pw_fields |= _PWF_EXPIRE;
186 		pw->pw_expire = atol(p);
187 	}
188 	if (!(pw->pw_gecos = strsep(&bp, ":")))		/* gecos */
189 		goto fmt;
190 	if (pw->pw_gecos[0])
191 		pw->pw_fields |= _PWF_GECOS;
192 
193 	if (!(pw->pw_dir = strsep(&bp, ":")))		/* directory */
194 		goto fmt;
195 	if (pw->pw_dir[0])
196 		pw->pw_fields |= _PWF_DIR;
197 
198 	if (!(pw->pw_shell = strsep(&bp, ":")))		/* shell */
199 		goto fmt;
200 
201 	p = pw->pw_shell;
202 	if (root && *p) {				/* empty == /bin/sh */
203 		for (setusershell();;) {
204 			if (!(sh = getusershell())) {
205 				if (flags & _PWSCAN_WARN)
206 					warnx("warning, unknown root shell");
207 				break;
208 			}
209 			if (!strcmp(p, sh))
210 				break;
211 		}
212 		endusershell();
213 	}
214 	if (p[0])
215 		pw->pw_fields |= _PWF_SHELL;
216 
217 	if ((p = strsep(&bp, ":"))) {			/* too many */
218 fmt:
219 		if (flags & _PWSCAN_WARN)
220 			warnx("corrupted entry");
221 		return (0);
222 	}
223 	return (1);
224 }
225