mirror of
https://github.com/sheumann/hush.git
synced 2024-12-28 22:30:05 +00:00
adduser/addgroup: support specifying uid/gid, add system
account creation mode. By Tito. function old new delta adduser_main 650 726 +76 addgroup_main 341 402 +61 addgroup_longopts - 16 +16 adduser_longopts 97 103 +6 packed_usage 26161 26163 +2 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 4/0 up/down: 161/0) Total: 161 bytes
This commit is contained in:
parent
c8d7109f60
commit
c2931aa2df
@ -39,6 +39,7 @@
|
|||||||
"Add a group " IF_FEATURE_ADDUSER_TO_GROUP("or add a user to a group") "\n" \
|
"Add a group " IF_FEATURE_ADDUSER_TO_GROUP("or add a user to a group") "\n" \
|
||||||
"\nOptions:" \
|
"\nOptions:" \
|
||||||
"\n -g GID Group id" \
|
"\n -g GID Group id" \
|
||||||
|
"\n -S Create a system group" \
|
||||||
|
|
||||||
#define adduser_trivial_usage \
|
#define adduser_trivial_usage \
|
||||||
"[OPTIONS] user_name"
|
"[OPTIONS] user_name"
|
||||||
@ -52,6 +53,7 @@
|
|||||||
"\n -S Create a system user" \
|
"\n -S Create a system user" \
|
||||||
"\n -D Do not assign a password" \
|
"\n -D Do not assign a password" \
|
||||||
"\n -H Do not create home directory" \
|
"\n -H Do not create home directory" \
|
||||||
|
"\n -u UID User id" \
|
||||||
|
|
||||||
#define adjtimex_trivial_usage \
|
#define adjtimex_trivial_usage \
|
||||||
"[-q] [-o offset] [-f frequency] [-p timeconstant] [-t tick]"
|
"[-q] [-o offset] [-f frequency] [-p timeconstant] [-t tick]"
|
||||||
|
@ -97,6 +97,13 @@ config ADDGROUP
|
|||||||
help
|
help
|
||||||
Utility for creating a new group account.
|
Utility for creating a new group account.
|
||||||
|
|
||||||
|
config FEATURE_ADDGROUP_LONG_OPTIONS
|
||||||
|
bool "Enable long options"
|
||||||
|
default n
|
||||||
|
depends on ADDGROUP && GETOPT_LONG
|
||||||
|
help
|
||||||
|
Support long options for the addgroup applet.
|
||||||
|
|
||||||
config FEATURE_ADDUSER_TO_GROUP
|
config FEATURE_ADDUSER_TO_GROUP
|
||||||
bool "Support for adding users to groups"
|
bool "Support for adding users to groups"
|
||||||
default n
|
default n
|
||||||
|
@ -11,34 +11,50 @@
|
|||||||
*/
|
*/
|
||||||
#include "libbb.h"
|
#include "libbb.h"
|
||||||
|
|
||||||
|
#define OPT_GID (1 << 0)
|
||||||
|
#define OPT_SYSTEM_ACCOUNT (1 << 1)
|
||||||
|
|
||||||
|
/* We assume GID_T_MAX == INT_MAX */
|
||||||
static void xgroup_study(struct group *g)
|
static void xgroup_study(struct group *g)
|
||||||
{
|
{
|
||||||
|
unsigned max = INT_MAX;
|
||||||
|
|
||||||
/* Make sure gr_name is unused */
|
/* Make sure gr_name is unused */
|
||||||
if (getgrnam(g->gr_name)) {
|
if (getgrnam(g->gr_name)) {
|
||||||
goto error;
|
bb_error_msg_and_die("%s '%s' in use", "group", g->gr_name);
|
||||||
|
/* these format strings are reused in adduser and addgroup */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* if a specific gid is requested, the --system switch and */
|
||||||
|
/* min and max values are overriden, and the range of valid */
|
||||||
|
/* gid values is set to [0, INT_MAX] */
|
||||||
|
if (!(option_mask32 & OPT_GID)) {
|
||||||
|
if (option_mask32 & OPT_SYSTEM_ACCOUNT) {
|
||||||
|
g->gr_gid = 100; /* FIRST_SYSTEM_GID */
|
||||||
|
max = 999; /* LAST_SYSTEM_GID */
|
||||||
|
} else {
|
||||||
|
g->gr_gid = 1000; /* FIRST_GID */
|
||||||
|
max = 64999; /* LAST_GID */
|
||||||
|
}
|
||||||
|
}
|
||||||
/* Check if the desired gid is free
|
/* Check if the desired gid is free
|
||||||
* or find the first free one */
|
* or find the first free one */
|
||||||
while (1) {
|
while (1) {
|
||||||
if (!getgrgid(g->gr_gid)) {
|
if (!getgrgid(g->gr_gid)) {
|
||||||
return; /* found free group: return */
|
return; /* found free group: return */
|
||||||
}
|
}
|
||||||
if (option_mask32) {
|
if (option_mask32 & OPT_GID) {
|
||||||
/* -g N, cannot pick gid other than N: error */
|
/* -g N, cannot pick gid other than N: error */
|
||||||
g->gr_name = itoa(g->gr_gid);
|
bb_error_msg_and_die("%s '%s' in use", "gid", itoa(g->gr_gid));
|
||||||
goto error;
|
/* this format strings is reused in adduser and addgroup */
|
||||||
|
}
|
||||||
|
if (g->gr_gid == max) {
|
||||||
|
/* overflowed: error */
|
||||||
|
bb_error_msg_and_die("no %cids left", 'g');
|
||||||
|
/* this format string is reused in adduser and addgroup */
|
||||||
}
|
}
|
||||||
g->gr_gid++;
|
g->gr_gid++;
|
||||||
if (g->gr_gid <= 0) {
|
|
||||||
/* overflowed: error */
|
|
||||||
bb_error_msg_and_die("no gids left");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
error:
|
|
||||||
/* exit */
|
|
||||||
bb_error_msg_and_die("group %s already exists", g->gr_name);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* append a new user to the passwd file */
|
/* append a new user to the passwd file */
|
||||||
@ -53,7 +69,7 @@ static void new_group(char *group, gid_t gid)
|
|||||||
xgroup_study(&gr);
|
xgroup_study(&gr);
|
||||||
|
|
||||||
/* add entry to group */
|
/* add entry to group */
|
||||||
p = xasprintf("x:%u:", gr.gr_gid);
|
p = xasprintf("x:%u:", (unsigned) gr.gr_gid);
|
||||||
if (update_passwd(bb_path_group_file, group, p, NULL) < 0)
|
if (update_passwd(bb_path_group_file, group, p, NULL) < 0)
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
if (ENABLE_FEATURE_CLEAN_UP)
|
if (ENABLE_FEATURE_CLEAN_UP)
|
||||||
@ -64,6 +80,13 @@ static void new_group(char *group, gid_t gid)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if ENABLE_FEATURE_ADDGROUP_LONG_OPTIONS
|
||||||
|
static const char addgroup_longopts[] ALIGN1 =
|
||||||
|
"gid\0" Required_argument "g"
|
||||||
|
"system\0" No_argument "S"
|
||||||
|
;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* addgroup will take a login_name as its first parameter.
|
* addgroup will take a login_name as its first parameter.
|
||||||
*
|
*
|
||||||
@ -74,23 +97,23 @@ static void new_group(char *group, gid_t gid)
|
|||||||
int addgroup_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
int addgroup_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
||||||
int addgroup_main(int argc UNUSED_PARAM, char **argv)
|
int addgroup_main(int argc UNUSED_PARAM, char **argv)
|
||||||
{
|
{
|
||||||
char *group;
|
unsigned opts;
|
||||||
gid_t gid = 0;
|
unsigned gid = 0;
|
||||||
|
|
||||||
/* need to be root */
|
/* need to be root */
|
||||||
if (geteuid()) {
|
if (geteuid()) {
|
||||||
bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
|
bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
|
||||||
}
|
}
|
||||||
|
#if ENABLE_FEATURE_ADDGROUP_LONG_OPTIONS
|
||||||
|
applet_long_options = addgroup_longopts;
|
||||||
|
#endif
|
||||||
/* Syntax:
|
/* Syntax:
|
||||||
* addgroup group
|
* addgroup group
|
||||||
* addgroup -g num group
|
* addgroup -g num group
|
||||||
* addgroup user group
|
* addgroup user group
|
||||||
* Check for min, max and missing args */
|
* Check for min, max and missing args */
|
||||||
opt_complementary = "-1:?2";
|
opt_complementary = "-1:?2:g+";
|
||||||
if (getopt32(argv, "g:", &group)) {
|
opts = getopt32(argv, "g:S", &gid);
|
||||||
gid = xatoul_range(group, 0, ((unsigned long)(gid_t)ULONG_MAX) >> 1);
|
|
||||||
}
|
|
||||||
/* move past the commandline options */
|
/* move past the commandline options */
|
||||||
argv += optind;
|
argv += optind;
|
||||||
//argc -= optind;
|
//argc -= optind;
|
||||||
@ -99,7 +122,7 @@ int addgroup_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
if (argv[1]) {
|
if (argv[1]) {
|
||||||
struct group *gr;
|
struct group *gr;
|
||||||
|
|
||||||
if (option_mask32) {
|
if (opts & OPT_GID) {
|
||||||
/* -g was there, but "addgroup -g num user group"
|
/* -g was there, but "addgroup -g num user group"
|
||||||
* is a no-no */
|
* is a no-no */
|
||||||
bb_show_usage();
|
bb_show_usage();
|
||||||
|
@ -9,38 +9,55 @@
|
|||||||
*/
|
*/
|
||||||
#include "libbb.h"
|
#include "libbb.h"
|
||||||
|
|
||||||
|
/* #define OPT_HOME (1 << 0) */ /* unused */
|
||||||
|
/* #define OPT_GECOS (1 << 1) */ /* unused */
|
||||||
|
#define OPT_SHELL (1 << 2)
|
||||||
|
#define OPT_GID (1 << 3)
|
||||||
#define OPT_DONT_SET_PASS (1 << 4)
|
#define OPT_DONT_SET_PASS (1 << 4)
|
||||||
#define OPT_SYSTEM_ACCOUNT (1 << 5)
|
#define OPT_SYSTEM_ACCOUNT (1 << 5)
|
||||||
#define OPT_DONT_MAKE_HOME (1 << 6)
|
#define OPT_DONT_MAKE_HOME (1 << 6)
|
||||||
|
#define OPT_UID (1 << 7)
|
||||||
|
|
||||||
|
/* We assume UID_T_MAX == INT_MAX */
|
||||||
/* remix */
|
/* remix */
|
||||||
/* recoded such that the uid may be passed in *p */
|
/* recoded such that the uid may be passed in *p */
|
||||||
static void passwd_study(struct passwd *p)
|
static void passwd_study(struct passwd *p)
|
||||||
{
|
{
|
||||||
int max;
|
int max = UINT_MAX;
|
||||||
|
|
||||||
if (getpwnam(p->pw_name))
|
if (getpwnam(p->pw_name)) {
|
||||||
bb_error_msg_and_die("login '%s' is in use", p->pw_name);
|
bb_error_msg_and_die("%s '%s' in use", "user", p->pw_name);
|
||||||
|
/* this format string is reused in adduser and addgroup */
|
||||||
if (option_mask32 & OPT_SYSTEM_ACCOUNT) {
|
|
||||||
p->pw_uid = 0;
|
|
||||||
max = 999;
|
|
||||||
} else {
|
|
||||||
p->pw_uid = 1000;
|
|
||||||
max = 64999;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!(option_mask32 & OPT_UID)) {
|
||||||
|
if (option_mask32 & OPT_SYSTEM_ACCOUNT) {
|
||||||
|
p->pw_uid = 100; /* FIRST_SYSTEM_UID */
|
||||||
|
max = 999; /* LAST_SYSTEM_UID */
|
||||||
|
} else {
|
||||||
|
p->pw_uid = 1000; /* FIRST_UID */
|
||||||
|
max = 64999; /* LAST_UID */
|
||||||
|
}
|
||||||
|
}
|
||||||
/* check for a free uid (and maybe gid) */
|
/* check for a free uid (and maybe gid) */
|
||||||
while (getpwuid(p->pw_uid) || (p->pw_gid == (gid_t)-1 && getgrgid(p->pw_uid))) {
|
while (getpwuid(p->pw_uid) || (p->pw_gid == (gid_t)-1 && getgrgid(p->pw_uid))) {
|
||||||
|
if (option_mask32 & OPT_UID) {
|
||||||
|
/* -u N, cannot pick uid other than N: error */
|
||||||
|
bb_error_msg_and_die("%s '%s' in use", "uid", itoa(p->pw_uid));
|
||||||
|
/* this format string is reused in adduser and addgroup */
|
||||||
|
}
|
||||||
|
if (p->pw_uid == max) {
|
||||||
|
bb_error_msg_and_die("no %cids left", 'u');
|
||||||
|
}
|
||||||
p->pw_uid++;
|
p->pw_uid++;
|
||||||
if (p->pw_uid > max)
|
|
||||||
bb_error_msg_and_die("no free uids left");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (p->pw_gid == (gid_t)-1) {
|
if (p->pw_gid == (gid_t)-1) {
|
||||||
p->pw_gid = p->pw_uid; /* new gid = uid */
|
p->pw_gid = p->pw_uid; /* new gid = uid */
|
||||||
if (getgrnam(p->pw_name))
|
if (getgrnam(p->pw_name)) {
|
||||||
bb_error_msg_and_die("group name '%s' is in use", p->pw_name);
|
bb_error_msg_and_die("%s '%s' in use", "group", p->pw_name);
|
||||||
|
/* this format string is reused in adduser and addgroup */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,6 +90,7 @@ static const char adduser_longopts[] ALIGN1 =
|
|||||||
"empty-password\0" No_argument "D"
|
"empty-password\0" No_argument "D"
|
||||||
"system\0" No_argument "S"
|
"system\0" No_argument "S"
|
||||||
"no-create-home\0" No_argument "H"
|
"no-create-home\0" No_argument "H"
|
||||||
|
"uid\0" Required_argument "u"
|
||||||
;
|
;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -87,6 +105,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
struct passwd pw;
|
struct passwd pw;
|
||||||
const char *usegroup = NULL;
|
const char *usegroup = NULL;
|
||||||
char *p;
|
char *p;
|
||||||
|
unsigned opts;
|
||||||
|
|
||||||
#if ENABLE_FEATURE_ADDUSER_LONG_OPTIONS
|
#if ENABLE_FEATURE_ADDUSER_LONG_OPTIONS
|
||||||
applet_long_options = adduser_longopts;
|
applet_long_options = adduser_longopts;
|
||||||
@ -102,8 +121,17 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
pw.pw_dir = NULL;
|
pw.pw_dir = NULL;
|
||||||
|
|
||||||
/* exactly one non-option arg */
|
/* exactly one non-option arg */
|
||||||
opt_complementary = "=1";
|
/* disable interactive passwd for system accounts */
|
||||||
getopt32(argv, "h:g:s:G:DSH", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup);
|
opt_complementary = "=1:SD:u+";
|
||||||
|
if (sizeof(pw.pw_uid) == sizeof(int)) {
|
||||||
|
opts = getopt32(argv, "h:g:s:G:DSHu:", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup, &pw.pw_uid);
|
||||||
|
} else {
|
||||||
|
unsigned uid;
|
||||||
|
opts = getopt32(argv, "h:g:s:G:DSHu:", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup, &uid);
|
||||||
|
if (opts & OPT_UID) {
|
||||||
|
pw.pw_uid = uid;
|
||||||
|
}
|
||||||
|
}
|
||||||
argv += optind;
|
argv += optind;
|
||||||
|
|
||||||
/* fill in the passwd struct */
|
/* fill in the passwd struct */
|
||||||
@ -114,12 +142,22 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
pw.pw_dir = xasprintf("/home/%s", argv[0]);
|
pw.pw_dir = xasprintf("/home/%s", argv[0]);
|
||||||
}
|
}
|
||||||
pw.pw_passwd = (char *)"x";
|
pw.pw_passwd = (char *)"x";
|
||||||
|
if (opts & OPT_SYSTEM_ACCOUNT) {
|
||||||
|
if (!usegroup) {
|
||||||
|
usegroup = "nogroup";
|
||||||
|
}
|
||||||
|
if (!(opts & OPT_SHELL)) {
|
||||||
|
pw.pw_shell = (char *) "/bin/false";
|
||||||
|
}
|
||||||
|
}
|
||||||
pw.pw_gid = usegroup ? xgroup2gid(usegroup) : -1; /* exits on failure */
|
pw.pw_gid = usegroup ? xgroup2gid(usegroup) : -1; /* exits on failure */
|
||||||
|
|
||||||
/* make sure everything is kosher and setup uid && maybe gid */
|
/* make sure everything is kosher and setup uid && maybe gid */
|
||||||
passwd_study(&pw);
|
passwd_study(&pw);
|
||||||
|
|
||||||
p = xasprintf("x:%u:%u:%s:%s:%s", pw.pw_uid, pw.pw_gid, pw.pw_gecos, pw.pw_dir, pw.pw_shell);
|
p = xasprintf("x:%u:%u:%s:%s:%s",
|
||||||
|
(unsigned) pw.pw_uid, (unsigned) pw.pw_gid,
|
||||||
|
pw.pw_gecos, pw.pw_dir, pw.pw_shell);
|
||||||
if (update_passwd(bb_path_passwd_file, pw.pw_name, p, NULL) < 0) {
|
if (update_passwd(bb_path_passwd_file, pw.pw_name, p, NULL) < 0) {
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
@ -143,10 +181,10 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
/* clear the umask for this process so it doesn't
|
/* clear the umask for this process so it doesn't
|
||||||
* screw up the permissions on the mkdir and chown. */
|
* screw up the permissions on the mkdir and chown. */
|
||||||
umask(0);
|
umask(0);
|
||||||
if (!(option_mask32 & OPT_DONT_MAKE_HOME)) {
|
if (!(opts & OPT_DONT_MAKE_HOME)) {
|
||||||
/* Set the owner and group so it is owned by the new user,
|
/* set the owner and group so it is owned by the new user,
|
||||||
then fix up the permissions to 2755. Can't do it before
|
* then fix up the permissions to 2755. Can't do it before
|
||||||
since chown will clear the setgid bit */
|
* since chown will clear the setgid bit */
|
||||||
if (mkdir(pw.pw_dir, 0755)
|
if (mkdir(pw.pw_dir, 0755)
|
||||||
|| chown(pw.pw_dir, pw.pw_uid, pw.pw_gid)
|
|| chown(pw.pw_dir, pw.pw_uid, pw.pw_gid)
|
||||||
|| chmod(pw.pw_dir, 02755) /* set setgid bit on homedir */
|
|| chmod(pw.pw_dir, 02755) /* set setgid bit on homedir */
|
||||||
@ -155,7 +193,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(option_mask32 & OPT_DONT_SET_PASS)) {
|
if (!(opts & OPT_DONT_SET_PASS)) {
|
||||||
/* interactively set passwd */
|
/* interactively set passwd */
|
||||||
passwd_wrapper(pw.pw_name);
|
passwd_wrapper(pw.pw_name);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user