1dea673e9SRodney W. Grimes /*- 2dea673e9SRodney W. Grimes * Copyright (c) 1990, 1993, 1994 3dea673e9SRodney W. Grimes * The Regents of the University of California. All rights reserved. 4dea673e9SRodney W. Grimes * 5dea673e9SRodney W. Grimes * Redistribution and use in source and binary forms, with or without 6dea673e9SRodney W. Grimes * modification, are permitted provided that the following conditions 7dea673e9SRodney W. Grimes * are met: 8dea673e9SRodney W. Grimes * 1. Redistributions of source code must retain the above copyright 9dea673e9SRodney W. Grimes * notice, this list of conditions and the following disclaimer. 10dea673e9SRodney W. Grimes * 2. Redistributions in binary form must reproduce the above copyright 11dea673e9SRodney W. Grimes * notice, this list of conditions and the following disclaimer in the 12dea673e9SRodney W. Grimes * documentation and/or other materials provided with the distribution. 13dea673e9SRodney W. Grimes * 3. All advertising materials mentioning features or use of this software 14dea673e9SRodney W. Grimes * must display the following acknowledgement: 15dea673e9SRodney W. Grimes * This product includes software developed by the University of 16dea673e9SRodney W. Grimes * California, Berkeley and its contributors. 17dea673e9SRodney W. Grimes * 4. Neither the name of the University nor the names of its contributors 18dea673e9SRodney W. Grimes * may be used to endorse or promote products derived from this software 19dea673e9SRodney W. Grimes * without specific prior written permission. 20dea673e9SRodney W. Grimes * 21dea673e9SRodney W. Grimes * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22dea673e9SRodney W. Grimes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23dea673e9SRodney W. Grimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24dea673e9SRodney W. Grimes * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25dea673e9SRodney W. Grimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26dea673e9SRodney W. Grimes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27dea673e9SRodney W. Grimes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28dea673e9SRodney W. Grimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29dea673e9SRodney W. Grimes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30dea673e9SRodney W. Grimes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31dea673e9SRodney W. Grimes * SUCH DAMAGE. 32dea673e9SRodney W. Grimes */ 33dea673e9SRodney W. Grimes 34dea673e9SRodney W. Grimes #ifndef lint 35dea673e9SRodney W. Grimes static char sccsid[] = "@(#)pw_util.c 8.3 (Berkeley) 4/2/94"; 36dea673e9SRodney W. Grimes #endif /* not lint */ 37dea673e9SRodney W. Grimes 38dea673e9SRodney W. Grimes /* 39dea673e9SRodney W. Grimes * This file is used by all the "password" programs; vipw(8), chpass(1), 40dea673e9SRodney W. Grimes * and passwd(1). 41dea673e9SRodney W. Grimes */ 42dea673e9SRodney W. Grimes 43dea673e9SRodney W. Grimes #include <sys/param.h> 44dea673e9SRodney W. Grimes #include <sys/time.h> 45dea673e9SRodney W. Grimes #include <sys/resource.h> 46dea673e9SRodney W. Grimes #include <sys/stat.h> 47dea673e9SRodney W. Grimes #include <sys/wait.h> 48dea673e9SRodney W. Grimes 49dea673e9SRodney W. Grimes #include <err.h> 50dea673e9SRodney W. Grimes #include <errno.h> 51dea673e9SRodney W. Grimes #include <fcntl.h> 52dea673e9SRodney W. Grimes #include <paths.h> 53dea673e9SRodney W. Grimes #include <pwd.h> 54dea673e9SRodney W. Grimes #include <signal.h> 55dea673e9SRodney W. Grimes #include <stdio.h> 56dea673e9SRodney W. Grimes #include <stdlib.h> 57dea673e9SRodney W. Grimes #include <string.h> 58dea673e9SRodney W. Grimes #include <unistd.h> 59dea673e9SRodney W. Grimes 60dea673e9SRodney W. Grimes #include "pw_util.h" 61dea673e9SRodney W. Grimes 62dea673e9SRodney W. Grimes extern char *tempname; 63dea673e9SRodney W. Grimes 64dea673e9SRodney W. Grimes void 65dea673e9SRodney W. Grimes pw_init() 66dea673e9SRodney W. Grimes { 67dea673e9SRodney W. Grimes struct rlimit rlim; 68dea673e9SRodney W. Grimes 69dea673e9SRodney W. Grimes /* Unlimited resource limits. */ 70dea673e9SRodney W. Grimes rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY; 71dea673e9SRodney W. Grimes (void)setrlimit(RLIMIT_CPU, &rlim); 72dea673e9SRodney W. Grimes (void)setrlimit(RLIMIT_FSIZE, &rlim); 73dea673e9SRodney W. Grimes (void)setrlimit(RLIMIT_STACK, &rlim); 74dea673e9SRodney W. Grimes (void)setrlimit(RLIMIT_DATA, &rlim); 75dea673e9SRodney W. Grimes (void)setrlimit(RLIMIT_RSS, &rlim); 76dea673e9SRodney W. Grimes 77dea673e9SRodney W. Grimes /* Don't drop core (not really necessary, but GP's). */ 78dea673e9SRodney W. Grimes rlim.rlim_cur = rlim.rlim_max = 0; 79dea673e9SRodney W. Grimes (void)setrlimit(RLIMIT_CORE, &rlim); 80dea673e9SRodney W. Grimes 81dea673e9SRodney W. Grimes /* Turn off signals. */ 82dea673e9SRodney W. Grimes (void)signal(SIGALRM, SIG_IGN); 83dea673e9SRodney W. Grimes (void)signal(SIGHUP, SIG_IGN); 84dea673e9SRodney W. Grimes (void)signal(SIGINT, SIG_IGN); 85dea673e9SRodney W. Grimes (void)signal(SIGPIPE, SIG_IGN); 86dea673e9SRodney W. Grimes (void)signal(SIGQUIT, SIG_IGN); 87dea673e9SRodney W. Grimes (void)signal(SIGTERM, SIG_IGN); 88dea673e9SRodney W. Grimes (void)signal(SIGTSTP, SIG_IGN); 89dea673e9SRodney W. Grimes (void)signal(SIGTTOU, SIG_IGN); 90dea673e9SRodney W. Grimes 91dea673e9SRodney W. Grimes /* Create with exact permissions. */ 92dea673e9SRodney W. Grimes (void)umask(0); 93dea673e9SRodney W. Grimes } 94dea673e9SRodney W. Grimes 95dea673e9SRodney W. Grimes static int lockfd; 96dea673e9SRodney W. Grimes 97dea673e9SRodney W. Grimes int 98dea673e9SRodney W. Grimes pw_lock() 99dea673e9SRodney W. Grimes { 100dea673e9SRodney W. Grimes /* 101dea673e9SRodney W. Grimes * If the master password file doesn't exist, the system is hosed. 102dea673e9SRodney W. Grimes * Might as well try to build one. Set the close-on-exec bit so 103dea673e9SRodney W. Grimes * that users can't get at the encrypted passwords while editing. 104dea673e9SRodney W. Grimes * Open should allow flock'ing the file; see 4.4BSD. XXX 105dea673e9SRodney W. Grimes */ 106dea673e9SRodney W. Grimes lockfd = open(_PATH_MASTERPASSWD, O_RDONLY, 0); 107dea673e9SRodney W. Grimes if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) 108dea673e9SRodney W. Grimes err(1, "%s", _PATH_MASTERPASSWD); 109dea673e9SRodney W. Grimes if (flock(lockfd, LOCK_EX|LOCK_NB)) 110dea673e9SRodney W. Grimes errx(1, "the password db file is busy"); 111dea673e9SRodney W. Grimes return (lockfd); 112dea673e9SRodney W. Grimes } 113dea673e9SRodney W. Grimes 114dea673e9SRodney W. Grimes int 115dea673e9SRodney W. Grimes pw_tmp() 116dea673e9SRodney W. Grimes { 117dea673e9SRodney W. Grimes static char path[MAXPATHLEN] = _PATH_MASTERPASSWD; 118dea673e9SRodney W. Grimes int fd; 119dea673e9SRodney W. Grimes char *p; 120dea673e9SRodney W. Grimes 121dea673e9SRodney W. Grimes if (p = strrchr(path, '/')) 122dea673e9SRodney W. Grimes ++p; 123dea673e9SRodney W. Grimes else 124dea673e9SRodney W. Grimes p = path; 125dea673e9SRodney W. Grimes strcpy(p, "pw.XXXXXX"); 126dea673e9SRodney W. Grimes if ((fd = mkstemp(path)) == -1) 127dea673e9SRodney W. Grimes err(1, "%s", path); 128dea673e9SRodney W. Grimes tempname = path; 129dea673e9SRodney W. Grimes return (fd); 130dea673e9SRodney W. Grimes } 131dea673e9SRodney W. Grimes 132dea673e9SRodney W. Grimes int 133dea673e9SRodney W. Grimes pw_mkdb() 134dea673e9SRodney W. Grimes { 135dea673e9SRodney W. Grimes int pstat; 136dea673e9SRodney W. Grimes pid_t pid; 137dea673e9SRodney W. Grimes 138dea673e9SRodney W. Grimes warnx("rebuilding the database..."); 139dea673e9SRodney W. Grimes (void)fflush(stderr); 140dea673e9SRodney W. Grimes if (!(pid = vfork())) { 141dea673e9SRodney W. Grimes execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p", tempname, NULL); 142dea673e9SRodney W. Grimes pw_error(_PATH_PWD_MKDB, 1, 1); 143dea673e9SRodney W. Grimes } 144dea673e9SRodney W. Grimes pid = waitpid(pid, &pstat, 0); 145dea673e9SRodney W. Grimes if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) 146dea673e9SRodney W. Grimes return (0); 147dea673e9SRodney W. Grimes warnx("done"); 148dea673e9SRodney W. Grimes return (1); 149dea673e9SRodney W. Grimes } 150dea673e9SRodney W. Grimes 151dea673e9SRodney W. Grimes void 152dea673e9SRodney W. Grimes pw_edit(notsetuid) 153dea673e9SRodney W. Grimes int notsetuid; 154dea673e9SRodney W. Grimes { 155dea673e9SRodney W. Grimes int pstat; 156dea673e9SRodney W. Grimes pid_t pid; 157dea673e9SRodney W. Grimes char *p, *editor; 158dea673e9SRodney W. Grimes 159dea673e9SRodney W. Grimes if (!(editor = getenv("EDITOR"))) 160dea673e9SRodney W. Grimes editor = _PATH_VI; 161dea673e9SRodney W. Grimes if (p = strrchr(editor, '/')) 162dea673e9SRodney W. Grimes ++p; 163dea673e9SRodney W. Grimes else 164dea673e9SRodney W. Grimes p = editor; 165dea673e9SRodney W. Grimes 166dea673e9SRodney W. Grimes if (!(pid = vfork())) { 167dea673e9SRodney W. Grimes if (notsetuid) { 168dea673e9SRodney W. Grimes (void)setgid(getgid()); 169dea673e9SRodney W. Grimes (void)setuid(getuid()); 170dea673e9SRodney W. Grimes } 171dea673e9SRodney W. Grimes execlp(editor, p, tempname, NULL); 172dea673e9SRodney W. Grimes _exit(1); 173dea673e9SRodney W. Grimes } 174dea673e9SRodney W. Grimes pid = waitpid(pid, (int *)&pstat, 0); 175dea673e9SRodney W. Grimes if (pid == -1 || !WIFEXITED(pstat) || WEXITSTATUS(pstat) != 0) 176dea673e9SRodney W. Grimes pw_error(editor, 1, 1); 177dea673e9SRodney W. Grimes } 178dea673e9SRodney W. Grimes 179dea673e9SRodney W. Grimes void 180dea673e9SRodney W. Grimes pw_prompt() 181dea673e9SRodney W. Grimes { 182dea673e9SRodney W. Grimes int c; 183dea673e9SRodney W. Grimes 184dea673e9SRodney W. Grimes (void)printf("re-edit the password file? [y]: "); 185dea673e9SRodney W. Grimes (void)fflush(stdout); 186dea673e9SRodney W. Grimes c = getchar(); 187dea673e9SRodney W. Grimes if (c != EOF && c != '\n') 188dea673e9SRodney W. Grimes while (getchar() != '\n'); 189dea673e9SRodney W. Grimes if (c == 'n') 190dea673e9SRodney W. Grimes pw_error(NULL, 0, 0); 191dea673e9SRodney W. Grimes } 192dea673e9SRodney W. Grimes 193dea673e9SRodney W. Grimes void 194dea673e9SRodney W. Grimes pw_error(name, err, eval) 195dea673e9SRodney W. Grimes char *name; 196dea673e9SRodney W. Grimes int err, eval; 197dea673e9SRodney W. Grimes { 198dea673e9SRodney W. Grimes if (err) 199dea673e9SRodney W. Grimes warn(name); 200dea673e9SRodney W. Grimes 201dea673e9SRodney W. Grimes warnx("%s: unchanged", _PATH_MASTERPASSWD); 202dea673e9SRodney W. Grimes (void)unlink(tempname); 203dea673e9SRodney W. Grimes exit(eval); 204dea673e9SRodney W. Grimes } 205