2 * Copyright (c) 1990 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
4 * Copyright (c) 2000 - 2006, Tomasz Kłoczko
5 * Copyright (c) 2007 - 2009, Nicolas François
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the copyright holders or contributors may not be used to
17 * endorse or promote products derived from this software without
18 * specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47 #include "prototypes.h"
51 #include "exitcodes.h"
57 static bool cflg = false;
58 static bool eflg = false;
59 static bool md5flg = false;
61 static bool sflg = false;
62 #endif /* USE_SHA_CRYPT */
64 static const char *crypt_method = NULL;
66 static long sha_rounds = 5000;
67 #endif /* USE_SHA_CRYPT */
69 static bool is_shadow_pwd;
70 static bool pw_locked = false;
71 static bool spw_locked = false;
73 /* local function prototypes */
74 static void fail_exit (int code);
75 static void usage (int status);
76 static void process_flags (int argc, char **argv);
77 static void check_flags (void);
78 static void check_perms (void);
79 static void open_files (void);
80 static void close_files (void);
83 * fail_exit - exit with a failure code after unlocking the files
85 static void fail_exit (int code)
88 if (pw_unlock () == 0) {
89 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
90 SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
96 if (spw_unlock () == 0) {
97 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
98 SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
107 * usage - display usage message and exit
109 static void usage (int status)
111 FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
112 (void) fprintf (usageout,
113 _("Usage: %s [options]\n"
117 (void) fprintf (usageout,
118 _(" -c, --crypt-method <METHOD> the crypt method (one of %s)\n"),
119 #ifndef USE_SHA_CRYPT
121 #else /* USE_SHA_CRYPT */
122 "NONE DES MD5 SHA256 SHA512"
123 #endif /* USE_SHA_CRYPT */
125 (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout);
126 (void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
127 (void) fputs (_(" -m, --md5 encrypt the clear text password using\n"
128 " the MD5 algorithm\n"),
131 (void) fputs (_(" -s, --sha-rounds number of SHA rounds for the SHA*\n"
132 " crypt algorithms\n"),
134 #endif /* USE_SHA_CRYPT */
135 (void) fputs ("\n", usageout);
141 * process_flags - parse the command line options
143 * It will not return if an error is encountered.
145 static void process_flags (int argc, char **argv)
147 int option_index = 0;
149 static struct option long_options[] = {
150 {"crypt-method", required_argument, NULL, 'c'},
151 {"encrypted", no_argument, NULL, 'e'},
152 {"md5", no_argument, NULL, 'm'},
154 {"sha-rounds", required_argument, NULL, 's'},
155 #endif /* USE_SHA_CRYPT */
156 {"help", no_argument, NULL, 'h'},
157 {NULL, 0, NULL, '\0'}
160 while ((c = getopt_long (argc, argv,
163 #else /* !USE_SHA_CRYPT */
165 #endif /* !USE_SHA_CRYPT */
166 long_options, &option_index)) != -1) {
173 crypt_method = optarg;
184 if (getlong(optarg, &sha_rounds) == 0) {
186 _("%s: invalid numeric argument '%s'\n"),
191 #endif /* USE_SHA_CRYPT */
198 /* validate options */
203 * check_flags - check flags and parameters consistency
205 * It will not return if an error is encountered.
207 static void check_flags (void)
212 _("%s: %s flag is only allowed with the %s flag\n"),
218 if ((eflg && (md5flg || cflg)) ||
221 _("%s: the -c, -e, and -m flags are exclusive\n"),
227 if ( (0 != strcmp (crypt_method, "DES"))
228 && (0 != strcmp (crypt_method, "MD5"))
229 && (0 != strcmp (crypt_method, "NONE"))
231 && (0 != strcmp (crypt_method, "SHA256"))
232 && (0 != strcmp (crypt_method, "SHA512"))
233 #endif /* USE_SHA_CRYPT */
236 _("%s: unsupported crypt method: %s\n"),
244 * check_perms - check if the caller is allowed to add a group
246 * With PAM support, the setuid bit can be set on chpasswd to allow
247 * non-root users to groups.
248 * Without PAM support, only users who can write in the group databases
251 * It will not return if the user is not allowed.
253 static void check_perms (void)
256 #ifdef ACCT_TOOLS_SETUID
257 /* If chpasswd uses PAM and is SUID, check the permissions,
258 * otherwise, the permissions are enforced by the access to the
259 * passwd and shadow files.
261 pam_handle_t *pamh = NULL;
263 struct passwd *pampw;
265 pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
268 _("%s: Cannot determine your user name.\n"),
273 retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh);
275 if (PAM_SUCCESS == retval) {
276 retval = pam_authenticate (pamh, 0);
279 if (PAM_SUCCESS == retval) {
280 retval = pam_acct_mgmt (pamh, 0);
284 (void) pam_end (pamh, retval);
286 if (PAM_SUCCESS != retval) {
287 fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
290 #endif /* ACCT_TOOLS_SETUID */
295 * open_files - lock and open the password databases
297 static void open_files (void)
300 * Lock the password file and open it for reading and writing. This
301 * will bring all of the entries into memory where they may be updated.
303 if (pw_lock () == 0) {
305 _("%s: cannot lock %s; try again later.\n"),
310 if (pw_open (O_RDWR) == 0) {
312 _("%s: cannot open %s\n"), Prog, pw_dbname ());
316 /* Do the same for the shadowed database, if it exist */
318 if (spw_lock () == 0) {
320 _("%s: cannot lock %s; try again later.\n"),
321 Prog, spw_dbname ());
325 if (spw_open (O_RDWR) == 0) {
327 _("%s: cannot open %s\n"),
328 Prog, spw_dbname ());
335 * close_files - close and unlock the password databases
337 static void close_files (void)
340 if (spw_close () == 0) {
342 _("%s: failure while writing changes to %s\n"),
343 Prog, spw_dbname ());
344 SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
347 if (spw_unlock () == 0) {
348 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
349 SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
355 if (pw_close () == 0) {
357 _("%s: failure while writing changes to %s\n"),
359 SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
362 if (pw_unlock () == 0) {
363 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
364 SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
370 int main (int argc, char **argv)
384 Prog = Basename (argv[0]);
386 (void) setlocale (LC_ALL, "");
387 (void) bindtextdomain (PACKAGE, LOCALEDIR);
388 (void) textdomain (PACKAGE);
390 process_flags (argc, argv);
393 if (md5flg || eflg || cflg) {
398 OPENLOG ("chpasswd");
406 is_shadow_pwd = spw_file_present ();
412 * Read each line, separating the user name from the password. The
413 * password entry for each user will be looked up in the appropriate
414 * file (shadow or passwd) and the password changed. For shadow
415 * files the last change date is set directly, for passwd files the
416 * last change date is set in the age only if aging information is
419 while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
421 cp = strrchr (buf, '\n');
425 if (feof (stdin) == 0) {
427 _("%s: line %d: line too long\n"),
435 * The username is the first field. It is separated from the
436 * password with a ":" character which is replaced with a
437 * NUL to give the new password. The new password will then
438 * be encrypted in the normal fashion with a new salt
439 * generated, unless the '-e' is given, in which case it is
440 * assumed to already be encrypted.
444 cp = strchr (name, ':');
450 _("%s: line %d: missing new password\n"),
459 if (do_pam_passwd_non_interractive ("chpasswd", name, newpwd) != 0) {
461 _("%s: (line %d, user %s) password not changed\n"),
468 const struct spwd *sp;
470 const struct passwd *pw;
474 && ( (NULL == crypt_method)
475 || (0 != strcmp (crypt_method, "NONE")))) {
478 crypt_method = "MD5";
479 } else if (crypt_method != NULL) {
488 cp = pw_encrypt (newpwd,
489 crypt_make_salt(crypt_method, arg));
493 * Get the password file entry for this user. The user must
496 pw = pw_locate (name);
499 _("%s: line %d: user '%s' does not exist\n"), Prog,
505 sp = spw_locate (name);
511 * The freshly encrypted new password is merged into the
512 * user's password file entry and the last password change
513 * date is set to the current date.
518 newsp.sp_lstchg = (long) time ((time_t *)NULL) / SCALE;
519 if (0 == newsp.sp_lstchg) {
520 /* Better disable aging than requiring a
522 newsp.sp_lstchg = -1;
526 newpw.pw_passwd = cp;
530 * The updated password file entry is then put back and will
531 * be written to the password file later, after all the
532 * other entries have been updated as well.
535 if (spw_update (&newsp) == 0) {
537 _("%s: line %d: failed to prepare the new %s entry '%s'\n"),
538 Prog, line, spw_dbname (), newsp.sp_namp);
543 if (pw_update (&newpw) == 0) {
545 _("%s: line %d: failed to prepare the new %s entry '%s'\n"),
546 Prog, line, pw_dbname (), newpw.pw_name);
555 * Any detected errors will cause the entire set of changes to be
556 * aborted. Unlocking the password file will cause all of the
557 * changes to be ignored. Otherwise the file is closed, causing the
558 * changes to be written out all at once, and then unlocked
561 * With PAM, it is not possible to delay the update of the
570 _("%s: error detected, changes ignored\n"),
580 /* Save the changes */
584 nscd_flush_cache ("passwd");
projects / shadow / blob