2 * Copyright (c) 1992 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
4 * Copyright (c) 2001 , Michał Moskal
5 * Copyright (c) 2001 - 2006, Tomasz Kłoczko
6 * Copyright (c) 2007 - 2011, Nicolas François
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of the copyright holders or contributors may not be used to
18 * endorse or promote products derived from this software without
19 * specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
24 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48 #include "prototypes.h"
64 #define E_CANT_UPDATE 5
71 static const char *grp_file = GROUP_FILE;
72 static bool use_system_grp_file = true;
75 static const char *sgr_file = SGROUP_FILE;
76 static bool use_system_sgr_file = true;
77 static bool is_shadow = false;
78 static bool sgr_locked = false;
80 static bool gr_locked = false;
82 static bool read_only = false;
83 static bool sort_mode = false;
85 /* local function prototypes */
86 static void fail_exit (int status);
87 static /*@noreturn@*/void usage (int status);
88 static void delete_member (char **, const char *);
89 static void process_flags (int argc, char **argv);
90 static void open_files (void);
91 static void close_files (bool changed);
92 static int check_members (const char *groupname,
95 const char *fmt_prompt,
96 const char *fmt_syslog,
98 static void check_grp_file (int *errors, bool *changed);
100 static void compare_members_lists (const char *groupname,
102 char **other_members,
104 const char *other_file);
105 static void check_sgr_file (int *errors, bool *changed);
109 * fail_exit - exit with an error code after unlocking files
111 static void fail_exit (int status)
114 if (gr_unlock () == 0) {
115 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
116 SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
123 if (sgr_unlock () == 0) {
124 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
125 SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
137 * usage - print syntax message and exit
139 static /*@noreturn@*/void usage (int status)
141 FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
143 (void) fprintf (usageout,
144 _("Usage: %s [options] [group [gshadow]]\n"
148 #else /* !SHADOWGRP */
149 (void) fprintf (usageout,
150 _("Usage: %s [options] [group]\n"
154 #endif /* !SHADOWGRP */
155 (void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
156 (void) fputs (_(" -r, --read-only display errors and warnings\n"
157 " but do not change files\n"), usageout);
158 (void) fputs (_(" -s, --sort sort entries by UID\n"), usageout);
159 (void) fputs ("\n", usageout);
164 * delete_member - delete an entry in a list of members
166 * It only deletes the first entry with the given name.
167 * The member is defined by its address, no string comparison are
170 static void delete_member (char **list, const char *member)
174 for (i = 0; NULL != list[i]; i++) {
175 if (list[i] == member) {
180 for (; NULL != list[i]; i++) {
181 list[i] = list[i + 1];
186 * process_flags - parse the command line options
188 * It will not return if an error is encountered.
190 static void process_flags (int argc, char **argv)
193 static struct option long_options[] = {
194 {"help", no_argument, NULL, 'h'},
195 {"quiet", no_argument, NULL, 'q'},
196 {"read-only", no_argument, NULL, 'r'},
197 {"sort", no_argument, NULL, 's'},
198 {NULL, 0, NULL, '\0'}
202 * Parse the command line arguments
204 while ((c = getopt_long (argc, argv, "hqrs",
205 long_options, NULL)) != -1) {
209 /*@notreached@*/break;
211 /* quiet - ignored for now */
224 if (sort_mode && read_only) {
225 fprintf (stderr, _("%s: -s and -r are incompatible\n"), Prog);
230 * Make certain we have the right number of arguments
233 if (argc > (optind + 2))
235 if (argc > (optind + 1))
242 * If there are two left over filenames, use those as the group and
243 * group password filenames.
245 if (optind != argc) {
246 grp_file = argv[optind];
247 gr_setdbname (grp_file);
248 use_system_grp_file = false;
251 if ((optind + 2) == argc) {
252 sgr_file = argv[optind + 1];
253 sgr_setdbname (sgr_file);
255 use_system_sgr_file = false;
256 } else if (optind == argc) {
257 is_shadow = sgr_file_present ();
263 * open_files - open the shadow database
265 * In read-only mode, the databases are not locked and are opened
268 static void open_files (void)
271 * Lock the files if we aren't in "read-only" mode
274 if (gr_lock () == 0) {
276 _("%s: cannot lock %s; try again later.\n"),
278 fail_exit (E_CANT_LOCK);
283 if (sgr_lock () == 0) {
285 _("%s: cannot lock %s; try again later.\n"),
287 fail_exit (E_CANT_LOCK);
295 * Open the files. Use O_RDONLY if we are in read_only mode,
298 if (gr_open (read_only ? O_RDONLY : O_RDWR) == 0) {
299 fprintf (stderr, _("%s: cannot open %s\n"), Prog,
301 if (use_system_grp_file) {
302 SYSLOG ((LOG_WARN, "cannot open %s", grp_file));
304 fail_exit (E_CANT_OPEN);
307 if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_RDWR) == 0)) {
308 fprintf (stderr, _("%s: cannot open %s\n"), Prog,
310 if (use_system_sgr_file) {
311 SYSLOG ((LOG_WARN, "cannot open %s", sgr_file));
313 fail_exit (E_CANT_OPEN);
319 * close_files - close and unlock the group/gshadow databases
321 * If changed is not set, the databases are not closed, and no
322 * changes are committed in the databases. The databases are
325 static void close_files (bool changed)
328 * All done. If there were no change we can just abandon any
329 * changes to the files.
332 if (gr_close () == 0) {
333 fprintf (stderr, _("%s: failure while writing changes to %s\n"),
335 fail_exit (E_CANT_UPDATE);
338 if (is_shadow && (sgr_close () == 0)) {
339 fprintf (stderr, _("%s: failure while writing changes to %s\n"),
341 fail_exit (E_CANT_UPDATE);
347 * Don't be anti-social - unlock the files when you're done.
351 if (sgr_unlock () == 0) {
352 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
353 SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
360 if (gr_unlock () == 0) {
361 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
362 SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
370 * check_members - check that every members of a group exist
372 * If an error is detected, *errors is incremented.
374 * The user will be prompted for the removal of the non-existent
377 * If any changes are performed, the return value will be 1,
378 * otherwise check_members() returns 0.
380 * fmt_info, fmt_prompt, and fmt_syslog are used for logging.
381 * * fmt_info must contain two string flags (%s): for the group's
382 * name and the missing member.
383 * * fmt_prompt must contain one string flags (%s): the missing
385 * * fmt_syslog must contain two string flags (%s): for the
386 * group's name and the missing member.
388 static int check_members (const char *groupname,
390 const char *fmt_info,
391 const char *fmt_prompt,
392 const char *fmt_syslog,
396 int members_changed = 0;
399 * Make sure each member exists
401 for (i = 0; NULL != members[i]; i++) {
402 /* local, no need for xgetpwnam */
403 if (getpwnam (members[i]) != NULL) {
407 * Can't find this user. Remove them
411 printf (fmt_info, groupname, members[i]);
412 printf (fmt_prompt, members[i]);
414 if (!yes_or_no (read_only)) {
418 SYSLOG ((LOG_INFO, fmt_syslog, members[i], groupname));
420 delete_member (members, members[i]);
422 /* Rewind in case of removal */
426 return members_changed;
431 * compare_members_lists - make sure the list of members is contained in
434 * compare_members_lists() checks that all the members of members are
435 * also in other_members.
436 * file and other_file are used for logging.
438 * TODO: No changes are performed on the lists.
440 static void compare_members_lists (const char *groupname,
442 char **other_members,
444 const char *other_file)
446 char **pmem, **other_pmem;
448 for (pmem = members; NULL != *pmem; pmem++) {
449 for (other_pmem = other_members; NULL != *other_pmem; other_pmem++) {
450 if (strcmp (*pmem, *other_pmem) == 0) {
454 if (*other_pmem == NULL) {
456 ("'%s' is a member of the '%s' group in %s but not in %s\n",
457 *pmem, groupname, file, other_file);
461 #endif /* SHADOWGRP */
464 * check_grp_file - check the content of the group file
466 static void check_grp_file (int *errors, bool *changed)
468 struct commonio_entry *gre, *tgre;
475 * Loop through the entire group file.
477 for (gre = __gr_get_head (); NULL != gre; gre = gre->next) {
479 * Skip all NIS entries.
482 if ((gre->line[0] == '+') || (gre->line[0] == '-')) {
487 * Start with the entries that are completely corrupt. They
488 * have no (struct group) entry because they couldn't be
491 if (NULL == gre->eptr) {
494 * Tell the user this entire line is bogus and ask
497 (void) puts (_("invalid group file entry"));
498 printf (_("delete line '%s'? "), gre->line);
502 * prompt the user to delete the entry or not
504 if (!yes_or_no (read_only)) {
509 * All group file deletions wind up here. This code
510 * removes the current entry from the linked list.
511 * When done, it skips back to the top of the loop
512 * to try out the next list element.
515 SYSLOG ((LOG_INFO, "delete group line '%s'",
519 __gr_del_entry (gre);
524 * Group structure is good, start using it.
529 * Make sure this entry has a unique name.
531 for (tgre = __gr_get_head (); NULL != tgre; tgre = tgre->next) {
533 const struct group *ent = tgre->eptr;
536 * Don't check this entry
543 * Don't check invalid entries.
549 if (strcmp (grp->gr_name, ent->gr_name) != 0) {
554 * Tell the user this entry is a duplicate of
555 * another and ask them to delete it.
557 (void) puts (_("duplicate group entry"));
558 printf (_("delete line '%s'? "), gre->line);
562 * prompt the user to delete the entry or not
564 if (yes_or_no (read_only)) {
570 * Check for invalid group names. --marekm
572 if (!is_valid_group_name (grp->gr_name)) {
574 printf (_("invalid group name '%s'\n"), grp->gr_name);
578 * Check for invalid group ID.
580 if (grp->gr_gid == (gid_t)-1) {
581 printf (_("invalid group ID '%lu'\n"), (long unsigned int)grp->gr_gid);
586 * Workaround for a NYS libc 5.3.12 bug on RedHat 4.2 -
587 * groups with no members are returned as groups with one
588 * member "", causing grpck to fail. --marekm
590 if ( (NULL != grp->gr_mem[0])
591 && (NULL == grp->gr_mem[1])
592 && ('\0' == grp->gr_mem[0][0])) {
593 grp->gr_mem[0] = NULL;
596 if (check_members (grp->gr_name, grp->gr_mem,
597 _("group %s: no user %s\n"),
598 _("delete member '%s'? "),
599 "delete member '%s' from group '%s'",
608 * Make sure this entry exists in the /etc/gshadow file.
612 sgr = (struct sgrp *) sgr_locate (grp->gr_name);
614 printf (_("no matching group file entry in %s\n"),
616 printf (_("add group '%s' in %s? "),
617 grp->gr_name, sgr_file);
619 if (yes_or_no (read_only)) {
622 static char *empty = NULL;
624 sg.sg_name = grp->gr_name;
625 sg.sg_passwd = grp->gr_passwd;
627 sg.sg_mem = grp->gr_mem;
629 "add group '%s' to '%s'",
630 grp->gr_name, sgr_file));
633 if (sgr_update (&sg) == 0) {
635 _("%s: failed to prepare the new %s entry '%s'\n"),
636 Prog, sgr_dbname (), sg.sg_name);
637 fail_exit (E_CANT_UPDATE);
639 /* remove password from /etc/group */
641 gr.gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
642 if (gr_update (&gr) == 0) {
644 _("%s: failed to prepare the new %s entry '%s'\n"),
645 Prog, gr_dbname (), gr.gr_name);
646 fail_exit (E_CANT_UPDATE);
651 * Verify that all the members defined in /etc/group are also
652 * present in /etc/gshadow.
654 compare_members_lists (grp->gr_name,
655 grp->gr_mem, sgr->sg_mem,
658 /* The group entry has a gshadow counterpart.
659 * Make sure no passwords are in group.
661 if (strcmp (grp->gr_passwd, SHADOW_PASSWD_STRING) != 0) {
662 printf (_("group %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
663 grp->gr_name, sgr_file, grp_file);
675 * check_sgr_file - check the content of the shadowed group file (gshadow)
677 static void check_sgr_file (int *errors, bool *changed)
680 struct commonio_entry *sge, *tsge;
684 * Loop through the entire shadow group file.
686 for (sge = __sgr_get_head (); NULL != sge; sge = sge->next) {
689 * Start with the entries that are completely corrupt. They
690 * have no (struct sgrp) entry because they couldn't be
693 if (NULL == sge->eptr) {
696 * Tell the user this entire line is bogus and ask
699 (void) puts (_("invalid shadow group file entry"));
700 printf (_("delete line '%s'? "), sge->line);
704 * prompt the user to delete the entry or not
706 if (!yes_or_no (read_only)) {
711 * All shadow group file deletions wind up here.
712 * This code removes the current entry from the
713 * linked list. When done, it skips back to the top
714 * of the loop to try out the next list element.
717 SYSLOG ((LOG_INFO, "delete shadow line '%s'",
721 __sgr_del_entry (sge);
726 * Shadow group structure is good, start using it.
731 * Make sure this entry has a unique name.
733 for (tsge = __sgr_get_head (); NULL != tsge; tsge = tsge->next) {
735 const struct sgrp *ent = tsge->eptr;
738 * Don't check this entry
745 * Don't check invalid entries.
751 if (strcmp (sgr->sg_name, ent->sg_name) != 0) {
756 * Tell the user this entry is a duplicate of
757 * another and ask them to delete it.
759 (void) puts (_("duplicate shadow group entry"));
760 printf (_("delete line '%s'? "), sge->line);
764 * prompt the user to delete the entry or not
766 if (yes_or_no (read_only)) {
772 * Make sure this entry exists in the /etc/group file.
774 grp = (struct group *) gr_locate (sgr->sg_name);
776 printf (_("no matching group file entry in %s\n"),
778 printf (_("delete line '%s'? "), sge->line);
780 if (yes_or_no (read_only)) {
785 * Verify that the all members defined in /etc/gshadow are also
786 * present in /etc/group.
788 compare_members_lists (sgr->sg_name,
789 sgr->sg_mem, grp->gr_mem,
794 * Make sure each administrator exists
796 if (check_members (sgr->sg_name, sgr->sg_adm,
797 _("shadow group %s: no administrative user %s\n"),
798 _("delete administrative member '%s'? "),
799 "delete admin '%s' from shadow group '%s'",
803 __sgr_set_changed ();
807 * Make sure each member exists
809 if (check_members (sgr->sg_name, sgr->sg_mem,
810 _("shadow group %s: no user %s\n"),
811 _("delete member '%s'? "),
812 "delete member '%s' from shadow group '%s'",
816 __sgr_set_changed ();
820 #endif /* SHADOWGRP */
823 * grpck - verify group file integrity
825 int main (int argc, char **argv)
828 bool changed = false;
831 * Get my name so that I can use it to report errors.
833 Prog = Basename (argv[0]);
835 (void) setlocale (LC_ALL, "");
836 (void) bindtextdomain (PACKAGE, LOCALEDIR);
837 (void) textdomain (PACKAGE);
841 /* Parse the command line arguments */
842 process_flags (argc, argv);
855 check_grp_file (&errors, &changed);
858 check_sgr_file (&errors, &changed);
863 /* Commit the change in the database if needed */
864 close_files (changed);
866 nscd_flush_cache ("group");
869 * Tell the user what we did and exit.
873 printf (_("%s: the files have been updated\n"), Prog);
875 printf (_("%s: no changes\n"), Prog);
879 return ((0 != errors) ? E_BAD_ENTRY : E_OKAY);