2 * Copyright (c) 1992 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
4 * Copyright (c) 2001 , Michał Moskal
5 * Copyright (c) 2001 - 2006, Tomasz Kłoczko
6 * Copyright (c) 2007 - 2008, Nicolas François
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of the copyright holders or contributors may not be used to
18 * endorse or promote products derived from this software without
19 * specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
24 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
45 #include "prototypes.h"
60 #define E_CANTUPDATE 5
67 static const char *pwd_file = PASSWD_FILE;
68 static bool use_system_pw_file = true;
69 static const char *spw_file = SHADOW_FILE;
70 static bool use_system_spw_file = true;
72 static bool is_shadow = false;
75 static bool read_only = false;
76 static bool sort_mode = false;
77 static bool quiet = false; /* don't report warnings, only errors */
79 /* local function prototypes */
80 static void usage (void);
81 static void process_flags (int argc, char **argv);
82 static void open_files (void);
83 static void close_files (int changed);
84 static void check_pw_file (int *errors, int *changed);
85 static void check_spw_file (int *errors, int *changed);
88 * usage - print syntax message and exit
90 static void usage (void)
92 fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
98 * process_flags - parse the command line options
100 * It will not return if an error is encountered.
102 static void process_flags (int argc, char **argv)
107 * Parse the command line arguments
109 while ((arg = getopt (argc, argv, "eqrs")) != EOF) {
111 case 'e': /* added for Debian shadow-961025-2 compatibility */
126 if (sort_mode && read_only) {
127 fprintf (stderr, _("%s: -s and -r are incompatibile\n"), Prog);
132 * Make certain we have the right number of arguments
134 if ((argc < optind) || (argc > (optind + 2))) {
139 * If there are two left over filenames, use those as the password
140 * and shadow password filenames.
142 if (optind != argc) {
143 pwd_file = argv[optind];
145 use_system_pw_file = false;
147 if ((optind + 2) == argc) {
148 spw_file = argv[optind + 1];
151 use_system_spw_file = false;
152 } else if (optind == argc) {
153 is_shadow = spw_file_present ();
158 * open_files - open the shadow database
160 * In read-only mode, the databases are not locked and are opened
163 static void open_files (void)
166 * Lock the files if we aren't in "read-only" mode
169 if (pw_lock () == 0) {
170 fprintf (stderr, _("%s: cannot lock file %s\n"),
172 if (use_system_pw_file) {
173 SYSLOG ((LOG_WARN, "cannot lock %s", pwd_file));
178 if (is_shadow && (spw_lock () == 0)) {
179 fprintf (stderr, _("%s: cannot lock file %s\n"),
181 if (use_system_spw_file) {
182 SYSLOG ((LOG_WARN, "cannot lock %s", spw_file));
190 * Open the files. Use O_RDONLY if we are in read_only mode, O_RDWR
193 if (pw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
194 fprintf (stderr, _("%s: cannot open file %s\n"),
196 if (use_system_pw_file) {
197 SYSLOG ((LOG_WARN, "cannot open %s", pwd_file));
202 if (is_shadow && (spw_open (read_only ? O_RDONLY : O_RDWR) == 0)) {
203 fprintf (stderr, _("%s: cannot open file %s\n"),
205 if (use_system_spw_file) {
206 SYSLOG ((LOG_WARN, "cannot open %s", spw_file));
214 * close_files - close and unlock the password/shadow databases
216 * If changed is not set, the databases are not closed, and no
217 * changes are committed in the databases. The databases are
220 static void close_files (int changed)
223 * All done. If there were no change we can just abandon any
224 * changes to the files.
227 if (pw_close () == 0) {
228 fprintf (stderr, _("%s: cannot update file %s\n"),
230 SYSLOG ((LOG_WARN, "cannot update %s", pwd_file));
234 if (is_shadow && (spw_close () == 0)) {
235 fprintf (stderr, _("%s: cannot update file %s\n"),
237 SYSLOG ((LOG_WARN, "cannot update %s", spw_file));
244 * Don't be anti-social - unlock the files when you're done.
253 * check_pw_file - check the content of the passwd file
255 static void check_pw_file (int *errors, int *changed)
257 struct commonio_entry *pfe, *tpfe;
262 * Loop through the entire password file.
264 for (pfe = __pw_get_head (); NULL != pfe; pfe = pfe->next) {
266 * If this is a NIS line, skip it. You can't "know" what NIS
267 * is going to do without directly asking NIS ...
269 if ((pfe->line[0] == '+') || (pfe->line[0] == '-')) {
274 * Start with the entries that are completely corrupt. They
275 * have no (struct passwd) entry because they couldn't be
278 if (NULL == pfe->eptr) {
280 * Tell the user this entire line is bogus and ask
283 puts (_("invalid password file entry"));
284 printf (_("delete line '%s'? "), pfe->line);
288 * prompt the user to delete the entry or not
290 if (!yes_or_no (read_only)) {
295 * All password file deletions wind up here. This
296 * code removes the current entry from the linked
297 * list. When done, it skips back to the top of the
298 * loop to try out the next list element.
301 SYSLOG ((LOG_INFO, "delete passwd line `%s'",
305 __pw_del_entry (pfe);
310 * Password structure is good, start using it.
315 * Make sure this entry has a unique name.
317 for (tpfe = __pw_get_head (); NULL != tpfe; tpfe = tpfe->next) {
318 const struct passwd *ent = tpfe->eptr;
321 * Don't check this entry
328 * Don't check invalid entries.
334 if (strcmp (pwd->pw_name, ent->pw_name) != 0) {
339 * Tell the user this entry is a duplicate of
340 * another and ask them to delete it.
342 puts (_("duplicate password entry"));
343 printf (_("delete line '%s'? "), pfe->line);
347 * prompt the user to delete the entry or not
349 if (yes_or_no (read_only)) {
355 * Check for invalid usernames. --marekm
357 if (!is_valid_user_name (pwd->pw_name)) {
358 printf (_("invalid user name '%s'\n"), pwd->pw_name);
363 * Make sure the primary group exists
365 /* local, no need for xgetgrgid */
366 if (!quiet && (NULL == getgrgid (pwd->pw_gid))) {
369 * No primary group, just give a warning
372 printf (_("user %s: no group %u\n"),
373 pwd->pw_name, pwd->pw_gid);
378 * Make sure the home directory exists
380 if (!quiet && (access (pwd->pw_dir, F_OK) != 0)) {
382 * Home directory doesn't exist, give a warning
384 printf (_("user %s: directory %s does not exist\n"),
385 pwd->pw_name, pwd->pw_dir);
390 * Make sure the login shell is executable
393 && ('\0' != pwd->pw_shell[0])
394 && (access (pwd->pw_shell, F_OK) != 0)) {
397 * Login shell doesn't exist, give a warning
399 printf (_("user %s: program %s does not exist\n"),
400 pwd->pw_name, pwd->pw_shell);
405 * Make sure this entry exists in the /etc/shadow file.
409 spw = (struct spwd *) spw_locate (pwd->pw_name);
411 printf (_("no matching password file entry in %s\n"),
413 printf (_("add user '%s' in %s? "),
414 pwd->pw_name, spw_file);
416 if (yes_or_no (read_only)) {
420 sp.sp_namp = pwd->pw_name;
421 sp.sp_pwdp = pwd->pw_passwd;
423 getdef_num ("PASS_MIN_DAYS", -1);
425 getdef_num ("PASS_MAX_DAYS", -1);
427 getdef_num ("PASS_WARN_AGE", -1);
432 time ((time_t *) 0) / (24L * 3600L);
435 if (spw_update (&sp) == 0) {
437 _("%s: can't update shadow entry for %s\n"),
441 /* remove password from /etc/passwd */
443 pw.pw_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
444 if (pw_update (&pw) == 0) {
446 _("%s: can't update passwd entry for %s\n"),
457 * check_spw_file - check the content of the shadowed password file (shadow)
459 static void check_spw_file (int *errors, int *changed)
461 struct commonio_entry *spe, *tspe;
465 * Loop through the entire shadow password file.
467 for (spe = __spw_get_head (); NULL != spe; spe = spe->next) {
469 * Do not treat lines which were missing in shadow
470 * and were added earlier.
472 if (spe->line == NULL) {
477 * If this is a NIS line, skip it. You can't "know" what NIS
478 * is going to do without directly asking NIS ...
480 if ((spe->line[0] == '+') || (spe->line[0] == '-')) {
485 * Start with the entries that are completely corrupt. They
486 * have no (struct spwd) entry because they couldn't be
489 if (NULL == spe->eptr) {
491 * Tell the user this entire line is bogus and ask
494 puts (_("invalid shadow password file entry"));
495 printf (_("delete line '%s'? "), spe->line);
499 * prompt the user to delete the entry or not
501 if (!yes_or_no (read_only)) {
506 * All shadow file deletions wind up here. This code
507 * removes the current entry from the linked list.
508 * When done, it skips back to the top of the loop
509 * to try out the next list element.
512 SYSLOG ((LOG_INFO, "delete shadow line `%s'",
516 __spw_del_entry (spe);
521 * Shadow password structure is good, start using it.
526 * Make sure this entry has a unique name.
528 for (tspe = __spw_get_head (); NULL != tspe; tspe = tspe->next) {
529 const struct spwd *ent = tspe->eptr;
532 * Don't check this entry
539 * Don't check invalid entries.
545 if (strcmp (spw->sp_namp, ent->sp_namp) != 0) {
550 * Tell the user this entry is a duplicate of
551 * another and ask them to delete it.
553 puts (_("duplicate shadow password entry"));
554 printf (_("delete line '%s'? "), spe->line);
558 * prompt the user to delete the entry or not
560 if (yes_or_no (read_only)) {
566 * Make sure this entry exists in the /etc/passwd
569 if (pw_locate (spw->sp_namp) == NULL) {
571 * Tell the user this entry has no matching
572 * /etc/passwd entry and ask them to delete it.
574 printf (_("no matching password file entry in %s\n"),
576 printf (_("delete line '%s'? "), spe->line);
580 * prompt the user to delete the entry or not
582 if (yes_or_no (read_only)) {
588 * Warn if last password change in the future. --marekm
591 && (spw->sp_lstchg > time ((time_t *) 0) / SCALE)) {
592 printf (_("user %s: last password change in the future\n"),
600 * pwck - verify password file integrity
602 int main (int argc, char **argv)
608 * Get my name so that I can use it to report errors.
610 Prog = Basename (argv[0]);
612 (void) setlocale (LC_ALL, "");
613 (void) bindtextdomain (PACKAGE, LOCALEDIR);
614 (void) textdomain (PACKAGE);
618 /* Parse the command line arguments */
619 process_flags (argc, argv);
630 check_pw_file (&errors, &changed);
633 check_spw_file (&errors, &changed);
637 close_files (changed);
639 nscd_flush_cache ("passwd");
642 * Tell the user what we did and exit.
646 _("%s: the files have been updated\n") :
647 _("%s: no changes\n"), Prog);
651 exit (errors ? E_BADENTRY : E_OKAY);