2 * Copyright 1991 - 1994, Julianne Frances Haugh
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 RCSID(PKG_VER "$Id: groupmod.c,v 1.16 2000/10/09 19:02:20 kloczek Exp $")
35 #include <sys/types.h>
42 #include <security/pam_appl.h>
43 #include <security/pam_misc.h>
47 #include "prototypes.h"
56 static int is_shadow_grp;
63 #define E_SUCCESS 0 /* success */
64 #define E_USAGE 2 /* invalid command syntax */
65 #define E_BAD_ARG 3 /* invalid argument to option */
66 #define E_GID_IN_USE 4 /* gid already in use (and no -o) */
67 #define E_NOTFOUND 6 /* specified group doesn't exist */
68 #define E_NAME_IN_USE 9 /* group name already in use */
69 #define E_GRP_UPDATE 10 /* can't update group file */
71 static char *group_name;
72 static char *group_newname;
73 static gid_t group_id;
74 static gid_t group_newid;
79 oflg = 0, /* permit non-unique group ID to be specified with -g */
80 gflg = 0, /* new ID value for the group */
81 nflg = 0; /* a new name has been specified for the group */
84 extern int gr_dbm_mode;
85 extern int sg_dbm_mode;
91 /* local function prototypes */
92 static void usage(void);
93 static void new_grent(struct group *);
95 static void new_sgent(struct sgrp *);
97 static void grp_update(void);
98 static void check_new_gid(void);
99 static void check_new_name(void);
100 static void process_flags(int, char **);
101 static void close_files(void);
102 static void open_files(void);
105 * usage - display usage message and exit
111 fprintf(stderr, _("usage: groupmod [-g gid [-o]] [-n name] group\n"));
116 * new_grent - updates the values in a group file entry
118 * new_grent() takes all of the values that have been entered and
119 * fills in a (struct group) with them.
123 new_grent(struct group *grent)
126 grent->gr_name = xstrdup (group_newname);
129 grent->gr_gid = group_newid;
134 * new_sgent - updates the values in a shadow group file entry
136 * new_sgent() takes all of the values that have been entered and
137 * fills in a (struct sgrp) with them.
141 new_sgent(struct sgrp *sgent)
144 sgent->sg_name = xstrdup (group_newname);
146 #endif /* SHADOWGRP */
149 * grp_update - update group file entries
151 * grp_update() writes the new records to the group files.
158 const struct group *ogrp;
161 const struct sgrp *osgrp = NULL;
162 #endif /* SHADOWGRP */
165 * Get the current settings for this group.
168 ogrp = gr_locate(group_name);
171 _("%s: %s not found in /etc/group\n"),
178 if (is_shadow_grp && (osgrp = sgr_locate(group_name))) {
182 #endif /* SHADOWGRP */
185 * Write out the new group file entry.
188 if (!gr_update(&grp)) {
189 fprintf(stderr, _("%s: error adding new group entry\n"), Prog);
192 if (nflg && !gr_remove(group_name)) {
193 fprintf(stderr, _("%s: error removing group entry\n"), Prog);
199 * Update the DBM group file with the new entry as well.
202 if (gr_dbm_present()) {
203 if (!gr_dbm_update(&grp)) {
205 _("%s: cannot add new dbm group entry\n"),
209 if (nflg && (ogrp = getgrnam(group_name)) &&
210 !gr_dbm_remove(ogrp)) {
212 _("%s: error removing group dbm entry\n"),
223 * Make sure there was a shadow entry to begin with. Skip
224 * down to "out" if there wasn't. Can't just return because
225 * there might be some syslogging to do.
232 * Write out the new shadow group entries as well.
235 if (!sgr_update(&sgrp)) {
236 fprintf(stderr, _("%s: error adding new group entry\n"), Prog);
239 if (nflg && !sgr_remove(group_name)) {
240 fprintf(stderr, _("%s: error removing group entry\n"), Prog);
246 * Update the DBM shadow group file with the new entry as well.
249 if (sg_dbm_present()) {
250 if (!sg_dbm_update(&sgrp)) {
252 _("%s: cannot add new dbm shadow group entry\n"),
256 if (nflg && ! sg_dbm_remove (group_name)) {
258 _("%s: error removing shadow group dbm entry\n"),
266 #endif /* SHADOWGRP */
269 SYSLOG((LOG_INFO, "change group `%s' to `%s'\n",
270 group_name, group_newname));
273 SYSLOG((LOG_INFO, "change gid for `%s' to %d\n",
274 nflg ? group_newname:group_name, group_newid));
278 * check_new_gid - check the new GID value for uniqueness
280 * check_new_gid() insures that the new GID value is unique.
287 * First, the easy stuff. If the ID can be duplicated, or if
288 * the ID didn't really change, just return. If the ID didn't
289 * change, turn off those flags. No sense doing needless work.
292 if (group_id == group_newid) {
297 if (oflg || ! getgrgid (group_newid))
301 * Tell the user what they did wrong.
305 _("%s: %ld is not a unique gid\n"),
306 Prog, (long) group_newid);
311 * check_new_name - check the new name for uniqueness
313 * check_new_name() insures that the new name does not exist
314 * already. You can't have the same name twice, period.
321 * Make sure they are actually changing the name.
324 if (strcmp(group_name, group_newname) == 0) {
329 if (check_group_name(group_newname)) {
332 * If the entry is found, too bad.
335 if (getgrnam(group_newname)) {
336 fprintf(stderr, _("%s: %s is not a unique name\n"),
337 Prog, group_newname);
344 * All invalid group names land here.
347 fprintf(stderr, _("%s: %s is a not a valid group name\n"),
348 Prog, group_newname);
353 * process_flags - perform command line argument setting
355 * process_flags() interprets the command line arguments and sets
356 * the values that the user will be created with accordingly. The
357 * values are checked for sanity.
361 process_flags(int argc, char **argv)
366 while ((arg = getopt (argc, argv, "og:n:")) != EOF) {
370 group_newid = strtol(optarg, &end, 10);
373 _("%s: invalid group %s\n"),
380 group_newname = optarg;
392 if (optind != argc - 1)
395 group_name = argv[argc - 1];
399 * close_files - close all of the files that were opened
401 * close_files() closes all of the files that were opened for this
402 * new group. This causes any modified entries to be written out.
409 fprintf(stderr, _("%s: cannot rewrite group file\n"), Prog);
414 if (is_shadow_grp && !sgr_close()) {
415 fprintf(stderr, _("%s: cannot rewrite shadow group file\n"),
421 #endif /* SHADOWGRP */
425 * open_files - lock and open the group files
427 * open_files() opens the two group files.
434 fprintf(stderr, _("%s: unable to lock group file\n"), Prog);
437 if (!gr_open(O_RDWR)) {
438 fprintf(stderr, _("%s: unable to open group file\n"), Prog);
442 if (is_shadow_grp && !sgr_lock()) {
443 fprintf(stderr, _("%s: unable to lock shadow group file\n"),
447 if (is_shadow_grp && !sgr_open(O_RDWR)) {
448 fprintf(stderr, _("%s: unable to open shadow group file\n"),
452 #endif /* SHADOWGRP */
456 static struct pam_conv conv = {
463 * main - groupmod command
465 * The syntax of the groupmod command is
467 * groupmod [ -g gid [ -o ]] [ -n name ] group
470 * -g - specify a new group ID value
471 * -o - permit the group ID value to be non-unique
472 * -n - specify a new group name
476 main(int argc, char **argv)
480 pam_handle_t *pamh = NULL;
481 struct passwd *pampw;
486 * Get my name so that I can use it to report errors.
489 Prog = Basename(argv[0]);
491 setlocale(LC_ALL, "");
492 bindtextdomain(PACKAGE, LOCALEDIR);
496 retval = PAM_SUCCESS;
498 pampw = getpwuid(getuid());
500 retval = PAM_USER_UNKNOWN;
503 if (retval == PAM_SUCCESS) {
504 retval = pam_start("shadow", pampw->pw_name, &conv, &pamh);
507 if (retval == PAM_SUCCESS) {
508 retval = pam_authenticate(pamh, 0);
509 if (retval != PAM_SUCCESS) {
510 pam_end(pamh, retval);
514 if (retval == PAM_SUCCESS) {
515 retval = pam_acct_mgmt(pamh, 0);
516 if (retval != PAM_SUCCESS) {
517 pam_end(pamh, retval);
521 if (retval != PAM_SUCCESS) {
522 fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
530 is_shadow_grp = sgr_file_present();
534 * The open routines for the DBM files don't use read-write
535 * as the mode, so we have to clue them in.
539 gr_dbm_mode = O_RDWR;
541 sg_dbm_mode = O_RDWR;
542 #endif /* SHADOWGRP */
544 process_flags (argc, argv);
547 * Start with a quick check to see if the group exists.
550 if (!(grp = getgrnam(group_name))) {
551 fprintf(stderr, _("%s: group %s does not exist\n"),
555 group_id = grp->gr_gid;
560 * Now make sure it isn't an NIS group.
567 fprintf(stderr, _("%s: group %s is a NIS group\n"),
570 if (! yp_get_default_domain (&nis_domain) &&
571 ! yp_master (nis_domain, "group.byname",
573 fprintf(stderr, _("%s: %s is the NIS master\n"),
587 * Do the hard stuff - open the files, create the group entries,
588 * then close and update the files.
598 if (retval == PAM_SUCCESS) {
599 retval = pam_chauthtok(pamh, 0);
600 if (retval != PAM_SUCCESS) {
601 pam_end(pamh, retval);
605 if (retval != PAM_SUCCESS) {
606 fprintf (stderr, _("%s: PAM chauthtok failed\n"), Prog);
610 if (retval == PAM_SUCCESS)
611 pam_end(pamh, PAM_SUCCESS);