* Copyright (c) 1990 - 1994, Julianne Frances Haugh
* Copyright (c) 2006 , Tomasz Kłoczko
* Copyright (c) 2006 , Jonas Meurer
- * Copyright (c) 2007 - 2009, Nicolas François
+ * Copyright (c) 2007 - 2011, Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include "defines.h"
-#include "exitcodes.h"
#include "nscd.h"
#include "prototypes.h"
#include "groupio.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
#endif
+/*@-exitarg@*/
+#include "exitcodes.h"
+
/*
* Global variables
*/
-char *Prog;
-static bool cflg = false;
+const char *Prog;
static bool eflg = false;
static bool md5flg = false;
#ifdef USE_SHA_CRYPT
static bool sflg = false;
#endif
-static const char *crypt_method = NULL;
+static /*@null@*//*@observer@*/const char *crypt_method = NULL;
+#define cflg (NULL != crypt_method)
#ifdef USE_SHA_CRYPT
static long sha_rounds = 5000;
#endif
/* local function prototypes */
static void fail_exit (int code);
-static void usage (void);
+static /*@noreturn@*/void usage (int status);
static void process_flags (int argc, char **argv);
static void check_flags (void);
static void check_perms (void);
/*
* usage - display usage message and exit
*/
-static void usage (void)
+static /*@noreturn@*/void usage (int status)
{
- fprintf (stderr, _("Usage: %s [options]\n"
- "\n"
- "Options:\n"
- " -c, --crypt-method the crypt method (one of %s)\n"
- " -e, --encrypted supplied passwords are encrypted\n"
- " -h, --help display this help message and exit\n"
- " -m, --md5 encrypt the clear text password using\n"
- " the MD5 algorithm\n"
- "%s"
- "\n"),
- Prog,
+ FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
+ (void) fprintf (usageout,
+ _("Usage: %s [options]\n"
+ "\n"
+ "Options:\n"),
+ Prog);
+ (void) fprintf (usageout,
+ _(" -c, --crypt-method <METHOD> the crypt method (one of %s)\n"),
#ifndef USE_SHA_CRYPT
- "NONE DES MD5", ""
-#else
- "NONE DES MD5 SHA256 SHA512",
- _(" -s, --sha-rounds number of SHA rounds for the SHA*\n"
- " crypt algorithms\n")
-#endif
- );
- exit (E_USAGE);
+ "NONE DES MD5"
+#else /* USE_SHA_CRYPT */
+ "NONE DES MD5 SHA256 SHA512"
+#endif /* USE_SHA_CRYPT */
+ );
+ (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout);
+ (void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
+ (void) fputs (_(" -m, --md5 encrypt the clear text password using\n"
+ " the MD5 algorithm\n"),
+ usageout);
+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+#ifdef USE_SHA_CRYPT
+ (void) fputs (_(" -s, --sha-rounds number of SHA rounds for the SHA*\n"
+ " crypt algorithms\n"),
+ usageout);
+#endif /* USE_SHA_CRYPT */
+ (void) fputs ("\n", usageout);
+
+ exit (status);
}
/*
*/
static void process_flags (int argc, char **argv)
{
- int option_index = 0;
int c;
static struct option long_options[] = {
{"crypt-method", required_argument, NULL, 'c'},
{"encrypted", no_argument, NULL, 'e'},
{"help", no_argument, NULL, 'h'},
{"md5", no_argument, NULL, 'm'},
+ {"root", required_argument, NULL, 'R'},
#ifdef USE_SHA_CRYPT
{"sha-rounds", required_argument, NULL, 's'},
#endif
while ((c = getopt_long (argc, argv,
#ifdef USE_SHA_CRYPT
- "c:ehms:",
+ "c:ehmR:s:",
#else
- "c:ehm",
+ "c:ehmR:",
#endif
- long_options, &option_index)) != -1) {
+ long_options, NULL)) != -1) {
switch (c) {
case 'c':
- cflg = true;
crypt_method = optarg;
break;
case 'e':
eflg = true;
break;
case 'h':
- usage ();
- break;
+ usage (E_SUCCESS);
+ /*@notreached@*/break;
case 'm':
md5flg = true;
break;
+ case 'R': /* no-op, handled in process_root_flag () */
+ break;
#ifdef USE_SHA_CRYPT
case 's':
sflg = true;
fprintf (stderr,
_("%s: invalid numeric argument '%s'\n"),
Prog, optarg);
- usage ();
+ usage (E_USAGE);
}
break;
#endif
default:
- usage ();
- break;
+ usage (E_USAGE);
+ /*@notreached@*/break;
}
}
fprintf (stderr,
_("%s: %s flag is only allowed with the %s flag\n"),
Prog, "-s", "-c");
- usage ();
+ usage (E_USAGE);
}
#endif
fprintf (stderr,
_("%s: the -c, -e, and -m flags are exclusive\n"),
Prog);
- usage ();
+ usage (E_USAGE);
}
if (cflg) {
fprintf (stderr,
_("%s: unsupported crypt method: %s\n"),
Prog, crypt_method);
- usage ();
+ usage (E_USAGE);
}
}
}
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
+ process_root_flag ("-R", argc, argv);
+
process_flags (argc, argv);
OPENLOG ("chgpasswd");
continue;
}
newpwd = cp;
- if (!eflg &&
- (NULL == crypt_method ||
- 0 != strcmp(crypt_method, "NONE"))) {
+ if ( (!eflg)
+ && ( (NULL == crypt_method)
+ || (0 != strcmp (crypt_method, "NONE")))) {
void *arg = NULL;
if (md5flg) {
crypt_method = "MD5";
- } else if (crypt_method != NULL) {
+ }
#ifdef USE_SHA_CRYPT
- if (sflg) {
- arg = &sha_rounds;
- }
-#endif
- } else {
- crypt_method = NULL;
+ if (sflg) {
+ arg = &sha_rounds;
}
+#endif
cp = pw_encrypt (newpwd,
- crypt_make_salt(crypt_method, arg));
+ crypt_make_salt (crypt_method, arg));
}
/*
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
+ /* The gshadow entry should be updated if the
+ * group entry has a password set to 'x'.
+ * But on the other hand, if there is already both
+ * a group and a gshadow password, it's preferable
+ * to update both.
+ */
sg = sgr_locate (name);
+
+ if ( (NULL == sg)
+ && (strcmp (gr->gr_passwd,
+ SHADOW_PASSWD_STRING) == 0)) {
+ static char *empty = NULL;
+ /* If the password is set to 'x' in
+ * group, but there are no entries in
+ * gshadow, create one.
+ */
+ newsg.sg_name = name;
+ /* newsg.sg_passwd = NULL; will be set later */
+ newsg.sg_adm = ∅
+ newsg.sg_mem = dup_list (gr->gr_mem);
+ sg = &newsg;
+ }
} else {
sg = NULL;
}
if (NULL != sg) {
newsg = *sg;
newsg.sg_passwd = cp;
- } else
+ }
+ if ( (NULL == sg)
+ || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0))
#endif
{
newgr = *gr;
errors++;
continue;
}
- } else
+ }
+ if ( (NULL == sg)
+ || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0))
#endif
{
if (gr_update (&newgr) == 0) {
projects / shadow / blobdiff