2 * Copyright (c) 1992 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
4 * Copyright (c) 2001 , Michał Moskal
5 * Copyright (c) 2001 - 2006, Tomasz Kłoczko
6 * Copyright (c) 2007 - 2010, Nicolas François
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of the copyright holders or contributors may not be used to
18 * endorse or promote products derived from this software without
19 * specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
24 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
45 #include "prototypes.h"
63 #define E_CANTUPDATE 5
71 static bool use_system_pw_file = true;
72 static bool use_system_spw_file = true;
74 static bool is_shadow = false;
76 static bool pw_opened = false;
77 static bool spw_opened = false;
79 static bool pw_locked = false;
80 static bool spw_locked = false;
83 static bool read_only = false;
84 static bool sort_mode = false;
85 static bool quiet = false; /* don't report warnings, only errors */
87 /* local function prototypes */
88 static void fail_exit (int code);
89 static void usage (void);
90 static void process_flags (int argc, char **argv);
91 static void open_files (void);
92 static void close_files (bool changed);
93 static void check_pw_file (int *errors, bool *changed);
94 static void check_spw_file (int *errors, bool *changed);
97 * fail_exit - do some cleanup and exit with the given error code
99 static void fail_exit (int code)
102 if (spw_unlock () == 0) {
103 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
104 if (use_system_spw_file) {
105 SYSLOG ((LOG_ERR, "failed to unlock %s",
113 if (pw_unlock () == 0) {
114 fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
115 if (use_system_pw_file) {
116 SYSLOG ((LOG_ERR, "failed to unlock %s",
128 * usage - print syntax message and exit
130 static void usage (void)
133 if (getdef_bool ("USE_TCB")) {
134 fprintf (stderr, _("Usage: %s [-q] [-r] [passwd]\n"),
137 #endif /* WITH_TCB */
140 _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
147 * process_flags - parse the command line options
149 * It will not return if an error is encountered.
151 static void process_flags (int argc, char **argv)
156 * Parse the command line arguments
158 while ((arg = getopt (argc, argv, "eqrs")) != EOF) {
160 case 'e': /* added for Debian shadow-961025-2 compatibility */
175 if (sort_mode && read_only) {
176 fprintf (stderr, _("%s: -s and -r are incompatible\n"), Prog);
181 * Make certain we have the right number of arguments
183 if ((argc < optind) || (argc > (optind + 2))) {
188 * If there are two left over filenames, use those as the password
189 * and shadow password filenames.
191 if (optind != argc) {
192 pw_setdbname (argv[optind]);
193 use_system_pw_file = false;
195 if ((optind + 2) == argc) {
197 if (getdef_bool ("USE_TCB")) {
199 _("%s: no alternative shadow file allowed when USE_TCB is enabled.\n"),
203 #endif /* WITH_TCB */
204 spw_setdbname (argv[optind + 1]);
206 use_system_spw_file = false;
207 } else if (optind == argc) {
208 is_shadow = spw_file_present ();
213 * open_files - open the shadow database
215 * In read-only mode, the databases are not locked and are opened
218 static void open_files (void)
220 bool use_tcb = false;
222 use_tcb = getdef_bool ("USE_TCB");
223 #endif /* WITH_TCB */
226 * Lock the files if we aren't in "read-only" mode
229 if (pw_lock () == 0) {
231 _("%s: cannot lock %s; try again later.\n"),
233 fail_exit (E_CANTLOCK);
236 if (is_shadow && !use_tcb) {
237 if (spw_lock () == 0) {
239 _("%s: cannot lock %s; try again later.\n"),
240 Prog, spw_dbname ());
241 fail_exit (E_CANTLOCK);
248 * Open the files. Use O_RDONLY if we are in read_only mode, O_RDWR
251 if (pw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
252 fprintf (stderr, _("%s: cannot open %s\n"),
254 if (use_system_pw_file) {
255 SYSLOG ((LOG_WARN, "cannot open %s", pw_dbname ()));
257 fail_exit (E_CANTOPEN);
260 if (is_shadow && !use_tcb) {
261 if (spw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
262 fprintf (stderr, _("%s: cannot open %s\n"),
263 Prog, spw_dbname ());
264 if (use_system_spw_file) {
265 SYSLOG ((LOG_WARN, "cannot open %s",
268 fail_exit (E_CANTOPEN);
275 * close_files - close and unlock the password/shadow databases
277 * If changed is not set, the databases are not closed, and no
278 * changes are committed in the databases. The databases are
281 static void close_files (bool changed)
284 * All done. If there were no change we can just abandon any
285 * changes to the files.
288 if (pw_opened && pw_close () == 0) {
290 _("%s: failure while writing changes to %s\n"),
292 if (use_system_pw_file) {
294 "failure while writing changes to %s",
297 fail_exit (E_CANTUPDATE);
300 if (is_shadow && spw_opened && (spw_close () == 0)) {
302 _("%s: failure while writing changes to %s\n"),
303 Prog, spw_dbname ());
304 if (use_system_spw_file) {
306 "failure while writing changes to %s",
309 fail_exit (E_CANTUPDATE);
315 * Don't be anti-social - unlock the files when you're done.
318 if (spw_unlock () == 0) {
320 _("%s: failed to unlock %s\n"),
321 Prog, spw_dbname ());
322 if (use_system_spw_file) {
323 SYSLOG ((LOG_ERR, "failed to unlock %s",
331 if (pw_unlock () == 0) {
333 _("%s: failed to unlock %s\n"),
335 if (use_system_pw_file) {
336 SYSLOG ((LOG_ERR, "failed to unlock %s",
346 * check_pw_file - check the content of the passwd file
348 static void check_pw_file (int *errors, bool *changed)
350 struct commonio_entry *pfe, *tpfe;
355 * Loop through the entire password file.
357 for (pfe = __pw_get_head (); NULL != pfe; pfe = pfe->next) {
359 * If this is a NIS line, skip it. You can't "know" what NIS
360 * is going to do without directly asking NIS ...
362 if (('+' == pfe->line[0]) || ('-' == pfe->line[0])) {
367 * Start with the entries that are completely corrupt. They
368 * have no (struct passwd) entry because they couldn't be
371 if (NULL == pfe->eptr) {
373 * Tell the user this entire line is bogus and ask
376 puts (_("invalid password file entry"));
377 printf (_("delete line '%s'? "), pfe->line);
381 * prompt the user to delete the entry or not
383 if (!yes_or_no (read_only)) {
388 * All password file deletions wind up here. This
389 * code removes the current entry from the linked
390 * list. When done, it skips back to the top of the
391 * loop to try out the next list element.
394 if (use_system_pw_file) {
395 SYSLOG ((LOG_INFO, "delete passwd line '%s'",
400 __pw_del_entry (pfe);
405 * Password structure is good, start using it.
410 * Make sure this entry has a unique name.
412 for (tpfe = __pw_get_head (); NULL != tpfe; tpfe = tpfe->next) {
413 const struct passwd *ent = tpfe->eptr;
416 * Don't check this entry
423 * Don't check invalid entries.
429 if (strcmp (pwd->pw_name, ent->pw_name) != 0) {
434 * Tell the user this entry is a duplicate of
435 * another and ask them to delete it.
437 puts (_("duplicate password entry"));
438 printf (_("delete line '%s'? "), pfe->line);
442 * prompt the user to delete the entry or not
444 if (yes_or_no (read_only)) {
450 * Check for invalid usernames. --marekm
452 if (!is_valid_user_name (pwd->pw_name)) {
453 printf (_("invalid user name '%s'\n"), pwd->pw_name);
458 * Check for invalid user ID.
460 if (pwd->pw_uid == (uid_t)-1) {
461 printf (_("invalid user ID '%lu'\n"), (long unsigned int)pwd->pw_uid);
466 * Make sure the primary group exists
468 /* local, no need for xgetgrgid */
469 if (!quiet && (NULL == getgrgid (pwd->pw_gid))) {
472 * No primary group, just give a warning
475 printf (_("user '%s': no group %lu\n"),
476 pwd->pw_name, (unsigned long) pwd->pw_gid);
481 * Make sure the home directory exists
483 if (!quiet && (access (pwd->pw_dir, F_OK) != 0)) {
485 * Home directory doesn't exist, give a warning
487 printf (_("user '%s': directory '%s' does not exist\n"),
488 pwd->pw_name, pwd->pw_dir);
493 * Make sure the login shell is executable
496 && ('\0' != pwd->pw_shell[0])
497 && (access (pwd->pw_shell, F_OK) != 0)) {
500 * Login shell doesn't exist, give a warning
502 printf (_("user '%s': program '%s' does not exist\n"),
503 pwd->pw_name, pwd->pw_shell);
508 * Make sure this entry exists in the /etc/shadow file.
513 if (getdef_bool ("USE_TCB")) {
514 if (shadowtcb_set_user (pwd->pw_name) == SHADOWTCB_FAILURE) {
515 printf (_("no tcb directory for %s\n"),
517 printf (_("create tcb directory for %s?"),
520 if (yes_or_no (read_only)) {
521 if (shadowtcb_create (pwd->pw_name, pwd->pw_uid) == SHADOWTCB_FAILURE) {
523 printf (_("failed to create tcb directory for %s\n"), pwd->pw_name);
530 if (spw_lock () == 0) {
533 _("%s: cannot lock %s.\n"),
534 Prog, spw_dbname ());
538 if (spw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
540 _("%s: cannot open %s\n"),
541 Prog, spw_dbname ());
543 if (spw_unlock () == 0) {
545 _("%s: failed to unlock %s\n"),
546 Prog, spw_dbname ());
547 if (use_system_spw_file) {
549 "failed to unlock %s",
557 #endif /* WITH_TCB */
558 spw = (struct spwd *) spw_locate (pwd->pw_name);
560 printf (_("no matching password file entry in %s\n"),
562 printf (_("add user '%s' in %s? "),
563 pwd->pw_name, spw_dbname ());
565 if (yes_or_no (read_only)) {
569 sp.sp_namp = pwd->pw_name;
570 sp.sp_pwdp = pwd->pw_passwd;
572 getdef_num ("PASS_MIN_DAYS", -1);
574 getdef_num ("PASS_MAX_DAYS", -1);
576 getdef_num ("PASS_WARN_AGE", -1);
579 sp.sp_flag = SHADOW_SP_FLAG_UNSET;
580 sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
581 if (0 == sp.sp_lstchg) {
582 /* Better disable aging than
583 * requiring a password change
589 if (spw_update (&sp) == 0) {
591 _("%s: failed to prepare the new %s entry '%s'\n"),
592 Prog, spw_dbname (), sp.sp_namp);
593 fail_exit (E_CANTUPDATE);
595 /* remove password from /etc/passwd */
597 pw.pw_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
598 if (pw_update (&pw) == 0) {
600 _("%s: failed to prepare the new %s entry '%s'\n"),
601 Prog, pw_dbname (), pw.pw_name);
602 fail_exit (E_CANTUPDATE);
606 /* The passwd entry has a shadow counterpart.
607 * Make sure no passwords are in passwd.
609 if (strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) != 0) {
610 printf (_("user %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
611 pwd->pw_name, spw_dbname (), pw_dbname ());
617 if (getdef_bool ("USE_TCB") && spw_locked) {
618 if (spw_opened && (spw_close () == 0)) {
620 _("%s: failure while writing changes to %s\n"),
621 Prog, spw_dbname ());
622 if (use_system_spw_file) {
624 "failure while writing changes to %s",
630 if (spw_unlock () == 0) {
632 _("%s: failed to unlock %s\n"),
633 Prog, spw_dbname ());
634 if (use_system_spw_file) {
635 SYSLOG ((LOG_ERR, "failed to unlock %s",
642 #endif /* WITH_TCB */
647 * check_spw_file - check the content of the shadowed password file (shadow)
649 static void check_spw_file (int *errors, bool *changed)
651 struct commonio_entry *spe, *tspe;
655 * Loop through the entire shadow password file.
657 for (spe = __spw_get_head (); NULL != spe; spe = spe->next) {
659 * Do not treat lines which were missing in shadow
660 * and were added earlier.
662 if (NULL == spe->line) {
667 * If this is a NIS line, skip it. You can't "know" what NIS
668 * is going to do without directly asking NIS ...
670 if (('+' == spe->line[0]) || ('-' == spe->line[0])) {
675 * Start with the entries that are completely corrupt. They
676 * have no (struct spwd) entry because they couldn't be
679 if (NULL == spe->eptr) {
681 * Tell the user this entire line is bogus and ask
684 puts (_("invalid shadow password file entry"));
685 printf (_("delete line '%s'? "), spe->line);
689 * prompt the user to delete the entry or not
691 if (!yes_or_no (read_only)) {
696 * All shadow file deletions wind up here. This code
697 * removes the current entry from the linked list.
698 * When done, it skips back to the top of the loop
699 * to try out the next list element.
702 if (use_system_spw_file) {
703 SYSLOG ((LOG_INFO, "delete shadow line '%s'",
708 __spw_del_entry (spe);
713 * Shadow password structure is good, start using it.
718 * Make sure this entry has a unique name.
720 for (tspe = __spw_get_head (); NULL != tspe; tspe = tspe->next) {
721 const struct spwd *ent = tspe->eptr;
724 * Don't check this entry
731 * Don't check invalid entries.
737 if (strcmp (spw->sp_namp, ent->sp_namp) != 0) {
742 * Tell the user this entry is a duplicate of
743 * another and ask them to delete it.
745 puts (_("duplicate shadow password entry"));
746 printf (_("delete line '%s'? "), spe->line);
750 * prompt the user to delete the entry or not
752 if (yes_or_no (read_only)) {
758 * Make sure this entry exists in the /etc/passwd
761 if (pw_locate (spw->sp_namp) == NULL) {
763 * Tell the user this entry has no matching
764 * /etc/passwd entry and ask them to delete it.
766 printf (_("no matching password file entry in %s\n"),
768 printf (_("delete line '%s'? "), spe->line);
772 * prompt the user to delete the entry or not
774 if (yes_or_no (read_only)) {
780 * Warn if last password change in the future. --marekm
783 && (spw->sp_lstchg > (long) time ((time_t *) 0) / SCALE)) {
784 printf (_("user %s: last password change in the future\n"),
792 * pwck - verify password file integrity
794 int main (int argc, char **argv)
797 bool changed = false;
800 * Get my name so that I can use it to report errors.
802 Prog = Basename (argv[0]);
804 (void) setlocale (LC_ALL, "");
805 (void) bindtextdomain (PACKAGE, LOCALEDIR);
806 (void) textdomain (PACKAGE);
810 /* Parse the command line arguments */
811 process_flags (argc, argv);
816 if (pw_sort () != 0) {
818 _("%s: cannot sort entries in %s\n"),
820 fail_exit (E_CANTSORT);
823 if (spw_sort () != 0) {
825 _("%s: cannot sort entries in %s\n"),
826 Prog, spw_dbname ());
827 fail_exit (E_CANTSORT);
832 check_pw_file (&errors, &changed);
835 check_spw_file (&errors, &changed);
839 close_files (changed);
841 nscd_flush_cache ("passwd");
844 * Tell the user what we did and exit.
848 _("%s: the files have been updated\n") :
849 _("%s: no changes\n"), Prog);
853 return ((0 != errors) ? E_BADENTRY : E_OKAY);