xref: /freebsd/usr.sbin/pw/pw_conf.c (revision 7ef62cebc2f965b0f640263e179276928885e33d)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (C) 1996
5  *	David L. Nugent.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #ifndef lint
30 static const char rcsid[] =
31   "$FreeBSD$";
32 #endif /* not lint */
33 
34 #include <err.h>
35 #include <fcntl.h>
36 #include <string.h>
37 #include <unistd.h>
38 
39 #include "pw.h"
40 
41 #define debugging 0
42 
43 enum {
44 	_UC_NONE,
45 	_UC_DEFAULTPWD,
46 	_UC_REUSEUID,
47 	_UC_REUSEGID,
48 	_UC_NISPASSWD,
49 	_UC_DOTDIR,
50 	_UC_NEWMAIL,
51 	_UC_LOGFILE,
52 	_UC_HOMEROOT,
53 	_UC_HOMEMODE,
54 	_UC_SHELLPATH,
55 	_UC_SHELLS,
56 	_UC_DEFAULTSHELL,
57 	_UC_DEFAULTGROUP,
58 	_UC_EXTRAGROUPS,
59 	_UC_DEFAULTCLASS,
60 	_UC_MINUID,
61 	_UC_MAXUID,
62 	_UC_MINGID,
63 	_UC_MAXGID,
64 	_UC_EXPIRE,
65 	_UC_PASSWORD,
66 	_UC_FIELDS
67 };
68 
69 static char     bourne_shell[] = "sh";
70 
71 static char    *system_shells[_UC_MAXSHELLS] =
72 {
73 	bourne_shell,
74 	"csh",
75 	"tcsh"
76 };
77 
78 static char const *booltrue[] =
79 {
80 	"yes", "true", "1", "on", NULL
81 };
82 static char const *boolfalse[] =
83 {
84 	"no", "false", "0", "off", NULL
85 };
86 
87 static struct userconf config =
88 {
89 	0,			/* Default password for new users? (nologin) */
90 	0,			/* Reuse uids? */
91 	0,			/* Reuse gids? */
92 	NULL,			/* NIS version of the passwd file */
93 	"/usr/share/skel",	/* Where to obtain skeleton files */
94 	NULL,			/* Mail to send to new accounts */
95 	"/var/log/userlog",	/* Where to log changes */
96 	"/home",		/* Where to create home directory */
97 	_DEF_DIRMODE,		/* Home directory perms, modified by umask */
98 	"/bin",			/* Where shells are located */
99 	system_shells,		/* List of shells (first is default) */
100 	bourne_shell,		/* Default shell */
101 	NULL,			/* Default group name */
102 	NULL,			/* Default (additional) groups */
103 	NULL,			/* Default login class */
104 	1000, 32000,		/* Allowed range of uids */
105 	1000, 32000,		/* Allowed range of gids */
106 	0,			/* Days until account expires */
107 	0			/* Days until password expires */
108 };
109 
110 static char const *comments[_UC_FIELDS] =
111 {
112 	"#\n# pw.conf - user/group configuration defaults\n#\n",
113 	"\n# Password for new users? no=nologin yes=loginid none=blank random=random\n",
114 	"\n# Reuse gaps in uid sequence? (yes or no)\n",
115 	"\n# Reuse gaps in gid sequence? (yes or no)\n",
116 	"\n# Path to the NIS passwd file (blank or 'no' for none)\n",
117 	"\n# Obtain default dotfiles from this directory\n",
118 	"\n# Mail this file to new user (/etc/newuser.msg or no)\n",
119 	"\n# Log add/change/remove information in this file\n",
120 	"\n# Root directory in which $HOME directory is created\n",
121 	"\n# Mode for the new $HOME directory, will be modified by umask\n",
122 	"\n# Colon separated list of directories containing valid shells\n",
123 	"\n# Comma separated list of available shells (without paths)\n",
124 	"\n# Default shell (without path)\n",
125 	"\n# Default group (leave blank for new group per user)\n",
126 	"\n# Extra groups for new users\n",
127 	"\n# Default login class for new users\n",
128 	"\n# Range of valid default user ids\n",
129 	NULL,
130 	"\n# Range of valid default group ids\n",
131 	NULL,
132 	"\n# Days after which account expires (0=disabled)\n",
133 	"\n# Days after which password expires (0=disabled)\n"
134 };
135 
136 static char const *kwds[] =
137 {
138 	"",
139 	"defaultpasswd",
140 	"reuseuids",
141 	"reusegids",
142 	"nispasswd",
143 	"skeleton",
144 	"newmail",
145 	"logfile",
146 	"home",
147 	"homemode",
148 	"shellpath",
149 	"shells",
150 	"defaultshell",
151 	"defaultgroup",
152 	"extragroups",
153 	"defaultclass",
154 	"minuid",
155 	"maxuid",
156 	"mingid",
157 	"maxgid",
158 	"expire_days",
159 	"password_days",
160 	NULL
161 };
162 
163 static char    *
164 unquote(char const * str)
165 {
166 	if (str && (*str == '"' || *str == '\'')) {
167 		char           *p = strchr(str + 1, *str);
168 
169 		if (p != NULL)
170 			*p = '\0';
171 		return (char *) (*++str ? str : NULL);
172 	}
173 	return (char *) str;
174 }
175 
176 int
177 boolean_val(char const * str, int dflt)
178 {
179 	if ((str = unquote(str)) != NULL) {
180 		int             i;
181 
182 		for (i = 0; booltrue[i]; i++)
183 			if (strcmp(str, booltrue[i]) == 0)
184 				return 1;
185 		for (i = 0; boolfalse[i]; i++)
186 			if (strcmp(str, boolfalse[i]) == 0)
187 				return 0;
188 	}
189 	return dflt;
190 }
191 
192 int
193 passwd_val(char const * str, int dflt)
194 {
195 	if ((str = unquote(str)) != NULL) {
196 		int             i;
197 
198 		for (i = 0; booltrue[i]; i++)
199 			if (strcmp(str, booltrue[i]) == 0)
200 				return P_YES;
201 		for (i = 0; boolfalse[i]; i++)
202 			if (strcmp(str, boolfalse[i]) == 0)
203 				return P_NO;
204 
205 		/*
206 		 * Special cases for defaultpassword
207 		 */
208 		if (strcmp(str, "random") == 0)
209 			return P_RANDOM;
210 		if (strcmp(str, "none") == 0)
211 			return P_NONE;
212 
213 		errx(1, "Invalid value for default password");
214 	}
215 	return dflt;
216 }
217 
218 char const     *
219 boolean_str(int val)
220 {
221 	if (val == P_NO)
222 		return (boolfalse[0]);
223 	else if (val == P_RANDOM)
224 		return ("random");
225 	else if (val == P_NONE)
226 		return ("none");
227 	else
228 		return (booltrue[0]);
229 }
230 
231 char           *
232 newstr(char const * p)
233 {
234 	char	*q;
235 
236 	if ((p = unquote(p)) == NULL)
237 		return (NULL);
238 
239 	if ((q = strdup(p)) == NULL)
240 		err(1, "strdup()");
241 
242 	return (q);
243 }
244 
245 struct userconf *
246 read_userconfig(char const * file)
247 {
248 	FILE	*fp;
249 	char	*buf, *p;
250 	const char *errstr;
251 	size_t	linecap;
252 	ssize_t	linelen;
253 
254 	buf = NULL;
255 	linecap = 0;
256 
257 	if ((fp = fopen(file, "r")) == NULL)
258 		return (&config);
259 
260 	while ((linelen = getline(&buf, &linecap, fp)) > 0) {
261 		if (*buf && (p = strtok(buf, " \t\r\n=")) != NULL && *p != '#') {
262 			static char const toks[] = " \t\r\n,=";
263 			char           *q = strtok(NULL, toks);
264 			int             i = 0;
265 			mode_t          *modeset;
266 
267 			while (i < _UC_FIELDS && strcmp(p, kwds[i]) != 0)
268 				++i;
269 #if debugging
270 			if (i == _UC_FIELDS)
271 				printf("Got unknown kwd `%s' val=`%s'\n", p, q ? q : "");
272 			else
273 				printf("Got kwd[%s]=%s\n", p, q);
274 #endif
275 			switch (i) {
276 			case _UC_DEFAULTPWD:
277 				config.default_password = passwd_val(q, 1);
278 				break;
279 			case _UC_REUSEUID:
280 				config.reuse_uids = boolean_val(q, 0);
281 				break;
282 			case _UC_REUSEGID:
283 				config.reuse_gids = boolean_val(q, 0);
284 				break;
285 			case _UC_NISPASSWD:
286 				config.nispasswd = (q == NULL || !boolean_val(q, 1))
287 					? NULL : newstr(q);
288 				break;
289 			case _UC_DOTDIR:
290 				config.dotdir = (q == NULL || !boolean_val(q, 1))
291 					? NULL : newstr(q);
292 				break;
293 				case _UC_NEWMAIL:
294 				config.newmail = (q == NULL || !boolean_val(q, 1))
295 					? NULL : newstr(q);
296 				break;
297 			case _UC_LOGFILE:
298 				config.logfile = (q == NULL || !boolean_val(q, 1))
299 					? NULL : newstr(q);
300 				break;
301 			case _UC_HOMEROOT:
302 				config.home = (q == NULL || !boolean_val(q, 1))
303 					? "/home" : newstr(q);
304 				break;
305 			case _UC_HOMEMODE:
306 				modeset = setmode(q);
307 				config.homemode = (q == NULL || !boolean_val(q, 1))
308 					? _DEF_DIRMODE : getmode(modeset, _DEF_DIRMODE);
309 				free(modeset);
310 				break;
311 			case _UC_SHELLPATH:
312 				config.shelldir = (q == NULL || !boolean_val(q, 1))
313 					? "/bin" : newstr(q);
314 				break;
315 			case _UC_SHELLS:
316 				for (i = 0; i < _UC_MAXSHELLS && q != NULL; i++, q = strtok(NULL, toks))
317 					system_shells[i] = newstr(q);
318 				if (i > 0)
319 					while (i < _UC_MAXSHELLS)
320 						system_shells[i++] = NULL;
321 				break;
322 			case _UC_DEFAULTSHELL:
323 				config.shell_default = (q == NULL || !boolean_val(q, 1))
324 					? (char *) bourne_shell : newstr(q);
325 				break;
326 			case _UC_DEFAULTGROUP:
327 				q = unquote(q);
328 				config.default_group = (q == NULL || !boolean_val(q, 1) || GETGRNAM(q) == NULL)
329 					? NULL : newstr(q);
330 				break;
331 			case _UC_EXTRAGROUPS:
332 				while ((q = strtok(NULL, toks)) != NULL) {
333 					if (config.groups == NULL)
334 						config.groups = sl_init();
335 					sl_add(config.groups, newstr(q));
336 				}
337 				break;
338 			case _UC_DEFAULTCLASS:
339 				config.default_class = (q == NULL || !boolean_val(q, 1))
340 					? NULL : newstr(q);
341 				break;
342 			case _UC_MINUID:
343 				if ((q = unquote(q)) != NULL) {
344 					config.min_uid = strtounum(q, 0,
345 					    UID_MAX, &errstr);
346 					if (errstr)
347 						warnx("Invalid min_uid: '%s';"
348 						    " ignoring", q);
349 				}
350 				break;
351 			case _UC_MAXUID:
352 				if ((q = unquote(q)) != NULL) {
353 					config.max_uid = strtounum(q, 0,
354 					    UID_MAX, &errstr);
355 					if (errstr)
356 						warnx("Invalid max_uid: '%s';"
357 						    " ignoring", q);
358 				}
359 				break;
360 			case _UC_MINGID:
361 				if ((q = unquote(q)) != NULL) {
362 					config.min_gid = strtounum(q, 0,
363 					    GID_MAX, &errstr);
364 					if (errstr)
365 						warnx("Invalid min_gid: '%s';"
366 						    " ignoring", q);
367 				}
368 				break;
369 			case _UC_MAXGID:
370 				if ((q = unquote(q)) != NULL) {
371 					config.max_gid = strtounum(q, 0,
372 					    GID_MAX, &errstr);
373 					if (errstr)
374 						warnx("Invalid max_gid: '%s';"
375 						    " ignoring", q);
376 				}
377 				break;
378 			case _UC_EXPIRE:
379 				if ((q = unquote(q)) != NULL) {
380 					config.expire_days = strtonum(q, 0,
381 					    INT_MAX, &errstr);
382 					if (errstr)
383 						warnx("Invalid expire days:"
384 						    " '%s'; ignoring", q);
385 				}
386 				break;
387 			case _UC_PASSWORD:
388 				if ((q = unquote(q)) != NULL) {
389 					config.password_days = strtonum(q, 0,
390 					    INT_MAX, &errstr);
391 					if (errstr)
392 						warnx("Invalid password days:"
393 						    " '%s'; ignoring", q);
394 				}
395 				break;
396 			case _UC_FIELDS:
397 			case _UC_NONE:
398 				break;
399 			}
400 		}
401 	}
402 	free(buf);
403 	fclose(fp);
404 
405 	return (&config);
406 }
407 
408 
409 int
410 write_userconfig(struct userconf *cnf, const char *file)
411 {
412 	int             fd;
413 	int             i, j;
414 	FILE           *buffp;
415 	FILE           *fp;
416 	char		cfgfile[MAXPATHLEN];
417 	char           *buf;
418 	size_t          sz;
419 
420 	if (file == NULL) {
421 		snprintf(cfgfile, sizeof(cfgfile), "%s/" _PW_CONF,
422 		    conf.etcpath);
423 		file = cfgfile;
424 	}
425 
426 	if ((fd = open(file, O_CREAT|O_RDWR|O_TRUNC|O_EXLOCK, 0644)) == -1)
427 		return (0);
428 
429 	if ((fp = fdopen(fd, "w")) == NULL) {
430 		close(fd);
431 		return (0);
432 	}
433 
434 	sz = 0;
435 	buf = NULL;
436 	buffp = open_memstream(&buf, &sz);
437 	if (buffp == NULL)
438 		err(EXIT_FAILURE, "open_memstream()");
439 
440 	for (i = _UC_NONE; i < _UC_FIELDS; i++) {
441 		int             quote = 1;
442 
443 		if (buf != NULL)
444 			memset(buf, 0, sz);
445 		rewind(buffp);
446 		switch (i) {
447 		case _UC_DEFAULTPWD:
448 			fputs(boolean_str(cnf->default_password), buffp);
449 			break;
450 		case _UC_REUSEUID:
451 			fputs(boolean_str(cnf->reuse_uids), buffp);
452 			break;
453 		case _UC_REUSEGID:
454 			fputs(boolean_str(cnf->reuse_gids), buffp);
455 			break;
456 		case _UC_NISPASSWD:
457 			fputs(cnf->nispasswd ?  cnf->nispasswd : "", buffp);
458 			quote = 0;
459 			break;
460 		case _UC_DOTDIR:
461 			fputs(cnf->dotdir ?  cnf->dotdir : boolean_str(0),
462 			    buffp);
463 			break;
464 		case _UC_NEWMAIL:
465 			fputs(cnf->newmail ?  cnf->newmail : boolean_str(0),
466 			    buffp);
467 			break;
468 		case _UC_LOGFILE:
469 			fputs(cnf->logfile ?  cnf->logfile : boolean_str(0),
470 			    buffp);
471 			break;
472 		case _UC_HOMEROOT:
473 			fputs(cnf->home, buffp);
474 			break;
475 		case _UC_HOMEMODE:
476 			fprintf(buffp, "%04o", cnf->homemode);
477 			quote = 0;
478 			break;
479 		case _UC_SHELLPATH:
480 			fputs(cnf->shelldir, buffp);
481 			break;
482 		case _UC_SHELLS:
483 			for (j = 0; j < _UC_MAXSHELLS &&
484 			    system_shells[j] != NULL; j++)
485 				fprintf(buffp, "%s\"%s\"", j ?
486 				    "," : "", system_shells[j]);
487 			quote = 0;
488 			break;
489 		case _UC_DEFAULTSHELL:
490 			fputs(cnf->shell_default ?  cnf->shell_default :
491 			    bourne_shell, buffp);
492 			break;
493 		case _UC_DEFAULTGROUP:
494 			fputs(cnf->default_group ?  cnf->default_group : "",
495 			    buffp);
496 			break;
497 		case _UC_EXTRAGROUPS:
498 			for (j = 0; cnf->groups != NULL &&
499 			    j < (int)cnf->groups->sl_cur; j++)
500 				fprintf(buffp, "%s\"%s\"", j ?
501 				    "," : "", cnf->groups->sl_str[j]);
502 			quote = 0;
503 			break;
504 		case _UC_DEFAULTCLASS:
505 			fputs(cnf->default_class ?  cnf->default_class : "",
506 			    buffp);
507 			break;
508 		case _UC_MINUID:
509 			fprintf(buffp, "%ju", (uintmax_t)cnf->min_uid);
510 			quote = 0;
511 			break;
512 		case _UC_MAXUID:
513 			fprintf(buffp, "%ju", (uintmax_t)cnf->max_uid);
514 			quote = 0;
515 			break;
516 		case _UC_MINGID:
517 			fprintf(buffp, "%ju", (uintmax_t)cnf->min_gid);
518 			quote = 0;
519 			break;
520 		case _UC_MAXGID:
521 			fprintf(buffp, "%ju", (uintmax_t)cnf->max_gid);
522 			quote = 0;
523 			break;
524 		case _UC_EXPIRE:
525 			fprintf(buffp, "%jd", (intmax_t)cnf->expire_days);
526 			quote = 0;
527 			break;
528 		case _UC_PASSWORD:
529 			fprintf(buffp, "%jd", (intmax_t)cnf->password_days);
530 			quote = 0;
531 			break;
532 		case _UC_NONE:
533 			break;
534 		}
535 		fflush(buffp);
536 
537 		if (comments[i])
538 			fputs(comments[i], fp);
539 
540 		if (*kwds[i]) {
541 			if (quote)
542 				fprintf(fp, "%s = \"%s\"\n", kwds[i], buf);
543 			else
544 				fprintf(fp, "%s = %s\n", kwds[i], buf);
545 #if debugging
546 			printf("WROTE: %s = %s\n", kwds[i], buf);
547 #endif
548 		}
549 	}
550 	fclose(buffp);
551 	free(buf);
552 	return (fclose(fp) != EOF);
553 }
554