2 * Copyright (c) 1991, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * @(#) Copyright (c) 1991, 1993, 1994 The Regents of the University of California. All rights reserved.
30 * @(#)pwd_mkdb.c 8.5 (Berkeley) 4/20/94
31 * $FreeBSD: src/usr.sbin/pwd_mkdb/pwd_mkdb.c,v 1.51 2005/06/15 10:13:04 dd Exp $
34 #include <sys/param.h>
35 #include <sys/endian.h>
37 #include <arpa/inet.h>
55 #define PERM_INSECURE (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)
56 #define PERM_SECURE (S_IRUSR|S_IWUSR)
57 #define LEGACY_VERSION(x) _PW_VERSIONED(x, 3)
58 #define CURRENT_VERSION(x) _PW_VERSIONED(x, 4)
64 2048 * 1024, /* cachesize */
66 BYTE_ORDER
/* lorder */
69 static enum state
{ FILE_INSECURE
, FILE_SECURE
, FILE_ORIG
} clean
;
70 static struct passwd pwd
; /* password structure */
71 static char *pname
; /* password file name */
72 static char prefix
[MAXPATHLEN
];
74 static int is_comment
; /* flag for comments */
75 static char line
[LINE_MAX
];
78 void error(const char *) __dead2
;
79 void cp(char *, char *, mode_t mode
);
80 void mv(char *, char *);
81 int scan(FILE *, struct passwd
*);
82 static void usage(void);
85 main(int argc
, char *argv
[])
87 static char verskey
[] = _PWD_VERSION_KEY
;
88 char version
= _PWD_CURRENT_VERSION
;
93 int ch
, cnt
, ypcnt
, makeold
, tfd
, yp_enabled
= 0;
98 char buf
[MAX(MAXPATHLEN
, LINE_MAX
* 2)], tbuf
[1024];
99 char sbuf
[MAX(MAXPATHLEN
, LINE_MAX
* 2)];
100 char buf2
[MAXPATHLEN
];
101 char sbuf2
[MAXPATHLEN
];
103 u_int method
, methoduid
;
104 int Cflag
, dflag
, iflag
;
107 iflag
= dflag
= Cflag
= 0;
108 strcpy(prefix
, _PATH_PWD
);
112 while ((ch
= getopt(argc
, argv
, "BCLNd:ips:u:v")) != -1)
114 case 'B': /* big-endian output */
115 openinfo
.lorder
= BIG_ENDIAN
;
117 case 'C': /* verify only */
120 case 'L': /* little-endian output */
121 openinfo
.lorder
= LITTLE_ENDIAN
;
123 case 'N': /* do not wait for lock */
124 nblock
= LOCK_NB
; /* will fail if locked */
128 strlcpy(prefix
, optarg
, sizeof(prefix
));
133 case 'p': /* create V7 "file.orig" */
136 case 's': /* change default cachesize */
137 openinfo
.cachesize
= atoi(optarg
) * 1024 * 1024;
139 case 'u': /* only update this record */
142 case 'v': /* backward compatible */
150 if (argc
!= 1 || (username
&& (*username
== '+' || *username
== '-')))
154 * This could be changed to allow the user to interrupt.
155 * Probably not worth the effort.
158 sigaddset(&set
, SIGTSTP
);
159 sigaddset(&set
, SIGHUP
);
160 sigaddset(&set
, SIGINT
);
161 sigaddset(&set
, SIGQUIT
);
162 sigaddset(&set
, SIGTERM
);
163 sigprocmask(SIG_BLOCK
, &set
, NULL
);
165 /* We don't care what the user wants. */
171 * Open and lock the original password file. We have to check
172 * the hardlink count after we get the lock to handle any potential
173 * unlink/rename race.
175 * This lock is necessary when someone runs pwd_mkdb manually, directly
176 * on master.passwd, to handle the case where a user might try to
177 * change his password while pwd_mkdb is running.
182 if (!(fp
= fopen(pname
, "r")))
184 if (flock(fileno(fp
), LOCK_EX
|nblock
) < 0 && !(dflag
&& iflag
))
186 if (fstat(fileno(fp
), &st
) < 0)
188 if (st
.st_nlink
!= 0)
194 /* check only if password database is valid */
196 for (cnt
= 1; scan(fp
, &pwd
); ++cnt
);
200 /* Open the temporary insecure password database. */
201 snprintf(buf
, sizeof(buf
), "%s/%s.tmp", prefix
, _MP_DB
);
202 snprintf(sbuf
, sizeof(sbuf
), "%s/%s.tmp", prefix
, _SMP_DB
);
206 snprintf(buf2
, sizeof(buf2
), "%s/%s", prefix
, _MP_DB
);
207 snprintf(sbuf2
, sizeof(sbuf2
), "%s/%s", prefix
, _SMP_DB
);
209 clean
= FILE_INSECURE
;
210 cp(buf2
, buf
, PERM_INSECURE
);
212 O_RDWR
|O_EXCL
, PERM_INSECURE
, DB_HASH
, &openinfo
);
217 cp(sbuf2
, sbuf
, PERM_SECURE
);
219 O_RDWR
|O_EXCL
, PERM_SECURE
, DB_HASH
, &openinfo
);
224 * Do some trouble to check if we should store this users
225 * uid. Don't use getpwnam/getpwuid as that interferes
228 pw_db
= dbopen(_PATH_MP_DB
, O_RDONLY
, 0, DB_HASH
, NULL
);
233 key
.size
= sizeof(verskey
)-1;
234 if ((pw_db
->get
)(pw_db
, &key
, &data
, 0) == 0)
235 use_version
= *(unsigned char *)data
.data
;
238 buf
[0] = _PW_VERSIONED(_PW_KEYBYNAME
, use_version
);
239 len
= strlen(username
);
241 /* Only check that username fits in buffer */
242 memmove(buf
+ 1, username
, MIN(len
, sizeof(buf
) - 1));
243 key
.data
= (u_char
*)buf
;
245 if ((pw_db
->get
)(pw_db
, &key
, &data
, 0) == 0) {
246 p
= (char *)data
.data
;
248 /* jump over pw_name and pw_passwd, to get to pw_uid */
254 buf
[0] = _PW_VERSIONED(_PW_KEYBYUID
, use_version
);
255 memmove(buf
+ 1, p
, sizeof(store
));
256 key
.data
= (u_char
*)buf
;
257 key
.size
= sizeof(store
) + 1;
259 if ((pw_db
->get
)(pw_db
, &key
, &data
, 0) == 0) {
260 /* First field of data.data holds pw_pwname */
261 if (!strcmp(data
.data
, username
))
264 methoduid
= R_NOOVERWRITE
;
266 methoduid
= R_NOOVERWRITE
;
269 methoduid
= R_NOOVERWRITE
;
271 if ((pw_db
->close
)(pw_db
))
272 error("close pw_db");
276 O_RDWR
|O_CREAT
|O_EXCL
, PERM_INSECURE
, DB_HASH
, &openinfo
);
279 clean
= FILE_INSECURE
;
282 O_RDWR
|O_CREAT
|O_EXCL
, PERM_SECURE
, DB_HASH
, &openinfo
);
287 method
= R_NOOVERWRITE
;
288 methoduid
= R_NOOVERWRITE
;
292 * Open file for old password file. Minor trickiness -- don't want to
293 * chance the file already existing, since someone (stupidly) might
294 * still be using this for permission checking. So, open it first and
295 * fdopen the resulting fd. The resulting file should be readable by
299 snprintf(buf
, sizeof(buf
), "%s.orig", pname
);
301 O_WRONLY
|O_CREAT
|O_EXCL
, PERM_INSECURE
)) < 0)
303 if ((oldfp
= fdopen(tfd
, "w")) == NULL
)
309 * The databases actually contain three copies of the original data.
310 * Each password file entry is converted into a rough approximation
311 * of a ``struct passwd'', with the strings placed inline. This
312 * object is then stored as the data for three separate keys. The
313 * first key * is the pw_name field prepended by the _PW_KEYBYNAME
314 * character. The second key is the pw_uid field prepended by the
315 * _PW_KEYBYUID character. The third key is the line number in the
316 * original file prepended by the _PW_KEYBYNUM character. (The special
317 * characters are prepended to ensure that the keys do not collide.)
319 /* In order to transition this file into a machine-independent
320 * form, we have to change the format of entries. However, since
321 * older binaries will still expect the old MD format entries, we
322 * create those as usual and use versioned tags for the new entries.
324 if (username
== NULL
) {
325 /* Do not add the VERSION tag when updating a single
326 * user. When operating on `old format' databases, this
327 * would result in applications `seeing' only the updated
331 key
.size
= sizeof(verskey
)-1;
332 data
.data
= &version
;
334 if ((dp
->put
)(dp
, &key
, &data
, 0) == -1)
336 if ((dp
->put
)(sdp
, &key
, &data
, 0) == -1)
340 data
.data
= (u_char
*)buf
;
341 sdata
.data
= (u_char
*)sbuf
;
342 key
.data
= (u_char
*)tbuf
;
343 for (cnt
= 1; scan(fp
, &pwd
); ++cnt
) {
345 (pwd
.pw_name
[0] == '+' || pwd
.pw_name
[0] == '-'))
349 #define COMPACT(e) t = e; while ((*p++ = *t++));
350 #define SCALAR(e) store = htonl((uint32_t)(e)); \
351 memmove(p, &store, sizeof(store)); \
353 #define LSCALAR(e) store = HTOL((uint32_t)(e)); \
354 memmove(p, &store, sizeof(store)); \
356 #define HTOL(e) (openinfo.lorder == BYTE_ORDER ? \
358 bswap32((uint32_t)(e)))
360 (!username
|| (strcmp(username
, pwd
.pw_name
) == 0))) {
361 /* Create insecure data. */
363 COMPACT(pwd
.pw_name
);
367 SCALAR(pwd
.pw_change
);
368 COMPACT(pwd
.pw_class
);
369 COMPACT(pwd
.pw_gecos
);
371 COMPACT(pwd
.pw_shell
);
372 SCALAR(pwd
.pw_expire
);
373 SCALAR(pwd
.pw_fields
);
376 /* Create secure data. */
378 COMPACT(pwd
.pw_name
);
379 COMPACT(pwd
.pw_passwd
);
382 SCALAR(pwd
.pw_change
);
383 COMPACT(pwd
.pw_class
);
384 COMPACT(pwd
.pw_gecos
);
386 COMPACT(pwd
.pw_shell
);
387 SCALAR(pwd
.pw_expire
);
388 SCALAR(pwd
.pw_fields
);
389 sdata
.size
= p
- sbuf
;
391 /* Store insecure by name. */
392 tbuf
[0] = CURRENT_VERSION(_PW_KEYBYNAME
);
393 len
= strlen(pwd
.pw_name
);
394 memmove(tbuf
+ 1, pwd
.pw_name
, len
);
396 if ((dp
->put
)(dp
, &key
, &data
, method
) == -1)
399 /* Store insecure by number. */
400 tbuf
[0] = CURRENT_VERSION(_PW_KEYBYNUM
);
402 memmove(tbuf
+ 1, &store
, sizeof(store
));
403 key
.size
= sizeof(store
) + 1;
404 if ((dp
->put
)(dp
, &key
, &data
, method
) == -1)
407 /* Store insecure by uid. */
408 tbuf
[0] = CURRENT_VERSION(_PW_KEYBYUID
);
409 store
= htonl(pwd
.pw_uid
);
410 memmove(tbuf
+ 1, &store
, sizeof(store
));
411 key
.size
= sizeof(store
) + 1;
412 if ((dp
->put
)(dp
, &key
, &data
, methoduid
) == -1)
415 /* Store secure by name. */
416 tbuf
[0] = CURRENT_VERSION(_PW_KEYBYNAME
);
417 len
= strlen(pwd
.pw_name
);
418 memmove(tbuf
+ 1, pwd
.pw_name
, len
);
420 if ((sdp
->put
)(sdp
, &key
, &sdata
, method
) == -1)
423 /* Store secure by number. */
424 tbuf
[0] = CURRENT_VERSION(_PW_KEYBYNUM
);
426 memmove(tbuf
+ 1, &store
, sizeof(store
));
427 key
.size
= sizeof(store
) + 1;
428 if ((sdp
->put
)(sdp
, &key
, &sdata
, method
) == -1)
431 /* Store secure by uid. */
432 tbuf
[0] = CURRENT_VERSION(_PW_KEYBYUID
);
433 store
= htonl(pwd
.pw_uid
);
434 memmove(tbuf
+ 1, &store
, sizeof(store
));
435 key
.size
= sizeof(store
) + 1;
436 if ((sdp
->put
)(sdp
, &key
, &sdata
, methoduid
) == -1)
439 /* Store insecure and secure special plus and special minus */
440 if (pwd
.pw_name
[0] == '+' || pwd
.pw_name
[0] == '-') {
441 tbuf
[0] = CURRENT_VERSION(_PW_KEYYPBYNUM
);
442 store
= htonl(ypcnt
);
443 memmove(tbuf
+ 1, &store
, sizeof(store
));
445 key
.size
= sizeof(store
) + 1;
446 if ((dp
->put
)(dp
, &key
, &data
, method
) == -1)
448 if ((sdp
->put
)(sdp
, &key
, &sdata
, method
) == -1)
452 /* Create insecure data. (legacy version) */
454 COMPACT(pwd
.pw_name
);
458 LSCALAR(pwd
.pw_change
);
459 COMPACT(pwd
.pw_class
);
460 COMPACT(pwd
.pw_gecos
);
462 COMPACT(pwd
.pw_shell
);
463 LSCALAR(pwd
.pw_expire
);
464 LSCALAR(pwd
.pw_fields
);
467 /* Create secure data. (legacy version) */
469 COMPACT(pwd
.pw_name
);
470 COMPACT(pwd
.pw_passwd
);
473 LSCALAR(pwd
.pw_change
);
474 COMPACT(pwd
.pw_class
);
475 COMPACT(pwd
.pw_gecos
);
477 COMPACT(pwd
.pw_shell
);
478 LSCALAR(pwd
.pw_expire
);
479 LSCALAR(pwd
.pw_fields
);
480 sdata
.size
= p
- sbuf
;
482 /* Store insecure by name. */
483 tbuf
[0] = LEGACY_VERSION(_PW_KEYBYNAME
);
484 len
= strlen(pwd
.pw_name
);
485 memmove(tbuf
+ 1, pwd
.pw_name
, len
);
487 if ((dp
->put
)(dp
, &key
, &data
, method
) == -1)
490 /* Store insecure by number. */
491 tbuf
[0] = LEGACY_VERSION(_PW_KEYBYNUM
);
493 memmove(tbuf
+ 1, &store
, sizeof(store
));
494 key
.size
= sizeof(store
) + 1;
495 if ((dp
->put
)(dp
, &key
, &data
, method
) == -1)
498 /* Store insecure by uid. */
499 tbuf
[0] = LEGACY_VERSION(_PW_KEYBYUID
);
500 store
= HTOL(pwd
.pw_uid
);
501 memmove(tbuf
+ 1, &store
, sizeof(store
));
502 key
.size
= sizeof(store
) + 1;
503 if ((dp
->put
)(dp
, &key
, &data
, methoduid
) == -1)
506 /* Store secure by name. */
507 tbuf
[0] = LEGACY_VERSION(_PW_KEYBYNAME
);
508 len
= strlen(pwd
.pw_name
);
509 memmove(tbuf
+ 1, pwd
.pw_name
, len
);
511 if ((sdp
->put
)(sdp
, &key
, &sdata
, method
) == -1)
514 /* Store secure by number. */
515 tbuf
[0] = LEGACY_VERSION(_PW_KEYBYNUM
);
517 memmove(tbuf
+ 1, &store
, sizeof(store
));
518 key
.size
= sizeof(store
) + 1;
519 if ((sdp
->put
)(sdp
, &key
, &sdata
, method
) == -1)
522 /* Store secure by uid. */
523 tbuf
[0] = LEGACY_VERSION(_PW_KEYBYUID
);
524 store
= HTOL(pwd
.pw_uid
);
525 memmove(tbuf
+ 1, &store
, sizeof(store
));
526 key
.size
= sizeof(store
) + 1;
527 if ((sdp
->put
)(sdp
, &key
, &sdata
, methoduid
) == -1)
530 /* Store insecure and secure special plus and special minus */
531 if (pwd
.pw_name
[0] == '+' || pwd
.pw_name
[0] == '-') {
532 tbuf
[0] = LEGACY_VERSION(_PW_KEYYPBYNUM
);
534 memmove(tbuf
+ 1, &store
, sizeof(store
));
536 key
.size
= sizeof(store
) + 1;
537 if ((dp
->put
)(dp
, &key
, &data
, method
) == -1)
539 if ((sdp
->put
)(sdp
, &key
, &sdata
, method
) == -1)
543 /* Create original format password file entry */
544 if (is_comment
&& makeold
){ /* copy comments */
545 if (fprintf(oldfp
, "%s\n", line
) < 0)
547 } else if (makeold
) {
551 snprintf(uidstr
, sizeof(uidstr
), "%u", pwd
.pw_uid
);
552 snprintf(gidstr
, sizeof(gidstr
), "%u", pwd
.pw_gid
);
554 if (fprintf(oldfp
, "%s:*:%s:%s:%s:%s:%s\n",
555 pwd
.pw_name
, pwd
.pw_fields
& _PWF_UID
? uidstr
: "",
556 pwd
.pw_fields
& _PWF_GID
? gidstr
: "",
557 pwd
.pw_gecos
, pwd
.pw_dir
, pwd
.pw_shell
) < 0)
561 /* If YP enabled, set flag. */
563 buf
[0] = yp_enabled
+ 2;
566 tbuf
[0] = CURRENT_VERSION(_PW_KEYYPENABLED
);
567 if ((dp
->put
)(dp
, &key
, &data
, method
) == -1)
569 if ((sdp
->put
)(sdp
, &key
, &data
, method
) == -1)
571 tbuf
[0] = LEGACY_VERSION(_PW_KEYYPENABLED
);
573 if ((dp
->put
)(dp
, &key
, &data
, method
) == -1)
575 if ((sdp
->put
)(sdp
, &key
, &data
, method
) == -1)
579 if ((dp
->close
)(dp
) == -1)
581 if ((sdp
->close
)(sdp
) == -1)
585 if (fclose(oldfp
) == EOF
)
589 /* Set master.passwd permissions, in case caller forgot. */
590 fchmod(fileno(fp
), S_IRUSR
|S_IWUSR
);
592 /* Install as the real password files. */
593 snprintf(buf
, sizeof(buf
), "%s/%s.tmp", prefix
, _MP_DB
);
594 snprintf(buf2
, sizeof(buf2
), "%s/%s", prefix
, _MP_DB
);
596 snprintf(buf
, sizeof(buf
), "%s/%s.tmp", prefix
, _SMP_DB
);
597 snprintf(buf2
, sizeof(buf2
), "%s/%s", prefix
, _SMP_DB
);
600 snprintf(buf2
, sizeof(buf2
), "%s/%s", prefix
, _PASSWD
);
601 snprintf(buf
, sizeof(buf
), "%s.orig", pname
);
605 * Move the master password LAST -- chpass(1), passwd(1) and vipw(8)
606 * all use flock(2) on it to block other incarnations of themselves.
607 * The rename means that everything is unlocked, as the original file
608 * can no longer be accessed.
610 snprintf(buf
, sizeof(buf
), "%s/%s", prefix
, _MASTERPASSWD
);
614 * Close locked password file after rename()
616 if (fclose(fp
) == EOF
)
623 scan(FILE *fp
, struct passwd
*pw
)
629 p
= fgetln(fp
, &len
);
634 * ``... if I swallow anything evil, put your fingers down my
638 if (len
> 0 && p
[len
- 1] == '\n')
640 if (len
>= sizeof(line
) - 1) {
641 warnx("line #%d too long", lcnt
);
644 memcpy(line
, p
, len
);
648 * Ignore comments: ^[ \t]*#
650 for (p
= line
; *p
!= '\0'; p
++)
651 if (*p
!= ' ' && *p
!= '\t')
653 if (*p
== '#' || *p
== '\0') {
659 if (!__pw_scan(line
, pw
, _PWSCAN_WARN
|_PWSCAN_MASTER
)) {
660 warnx("at line #%d", lcnt
);
661 fmt
: errno
= EFTYPE
; /* XXX */
669 cp(char *from
, char *to
, mode_t mode
)
671 static char buf
[MAXBSIZE
];
672 int from_fd
, rcount
, to_fd
, wcount
;
674 if ((from_fd
= open(from
, O_RDONLY
, 0)) < 0)
676 if ((to_fd
= open(to
, O_WRONLY
|O_CREAT
|O_EXCL
, mode
)) < 0)
678 while ((rcount
= read(from_fd
, buf
, MAXBSIZE
)) > 0) {
679 wcount
= write(to_fd
, buf
, rcount
);
680 if (rcount
!= wcount
|| wcount
== -1) {
683 snprintf(buf
, sizeof(buf
), "%s to %s", from
, to
);
691 snprintf(buf
, sizeof(buf
), "%s to %s", from
, to
);
699 mv(char *from
, char *to
)
701 char buf
[MAXPATHLEN
];
703 if (rename(from
, to
)) {
705 snprintf(buf
, sizeof(buf
), "%s to %s", from
, to
);
712 error(const char *name
)
723 char buf
[MAXPATHLEN
];
727 snprintf(buf
, sizeof(buf
), "%s.orig", pname
);
731 snprintf(buf
, sizeof(buf
), "%s/%s.tmp", prefix
, _SMP_DB
);
735 snprintf(buf
, sizeof(buf
), "%s/%s.tmp", prefix
, _MP_DB
);
745 "usage: pwd_mkdb [-BCiLNp] [-d directory] [-s cachesize] [-u username] file\n");