gno/usr.sbin/newuser/newuser.c
gdr-ftp 330e74b7e9 Makefile, mklink.data, mkso.data, newuser.desc, newuser.rez:
- initial checkin
README:
	- updated installation notes
installit, newuserv.c:
	- deleted (obsolete)
newuser.1:
	- renamed to newuser.8
newuser.c, newuser.8:
	- account home directories are now made in /home rather than /user
	- made all the routines internal to this file to be class 'static'
	- fit sources into GNO base distribution builds
	- added checks for parsing NEWID_FILE
	- added various conchecks to prevent buffer overflow and similar
	  problems
	- ensure the password is at least MIN_PASSWD_LEN characters long
	- don't set the terminal type; that is the responsibility of
	  initd/getty.
	- instead of creating explicit files in the user's home directory,
	  copy every file that is in the SKELETONS directory.
	- account creation is now logged via syslogd
	- added -g flag for selecting non-default group ids
	- check to ensure that the new uid returned by get_next_uid is
	  not already in use; if it is, then log a warning via syslog,
	  skip it, and get another uid
1999-02-15 00:22:11 +00:00

513 lines
13 KiB
C

/*
* newuser - add a new user to the system -- James Brookes
*
* $Id: newuser.c,v 1.3 1999/02/15 00:22:11 gdr-ftp Exp $
*
* Changes for version 1.2 (Modifications by Devin Reade)
* - account home directories are now made in /home rather than /user
* - made all the routines internal to this file to be class 'static'
* - fit sources into GNO base distribution builds
* - added checks for parsing NEWID_FILE
* - added various conchecks to prevent buffer overflow and similar
* problems
* - ensure the password is at least MIN_PASSWD_LEN characters long
* - don't set the terminal type; that is the responsibility of
* initd/getty.
* - instead of creating explicit files in the user's home directory,
* copy every file that is in the SKELETONS directory.
* - account creation is now logged via syslogd
* - added -g flag for selecting non-default group ids
* - check to ensure that the new uid returned by get_next_uid is
* not already in use; if it is, then log a warning via syslog,
* skip it, and get another uid
*
* Changes for version 1.1
*
* * Removed code to add "set $home/$user" stuff to new user's gshrc
* file, per request of Phil Vandry.
* * Added restriction that the new password entered must be greater
* than four characters.
* * Newuser will now try multiple times to open up the /etc/passwd
* file, just as passwd itself does.
*
* Original version 1.0:
* * Some code borrowed from Eric Shepard's passwd source.
*
* files: /var/adm/newuser/newid
* /var/adm/newuser/newusers
* /var/adm/newuser/gshrc
* /user/
*/
#include <sys/stat.h>
#include <limits.h>
#include <paths.h>
#include <errno.h>
#include <ctype.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <sgtty.h>
#include <pwd.h>
#include <unistd.h>
#include <syslog.h>
#include <err.h>
#include <dirent.h>
#include <gno/gno.h>
#include <gno/contrib.h>
#define HOME "/home"
#define NEWID_FILE "/var/adm/newuser/newid" /* next ID to assign */
#define NEWUSERS_FILE "/var/adm/newuser/pending" /* addtions "on hold */
#define SKELETONS "/var/adm/newuser/skel" /* files to copy */
#define DEFAULT_SHELL _PATH_GSHELL /* default shell */
#define MIN_PASSWD_LEN 5 /* minimum length of cleartext password */
#define DEFAULT_GID 100 /* default group ID assigned to new user */
#define ACCT_NAME_LEN 32 /* max # of chars in account name, +1 */
/* We later truncate the account name to */
/* to no more than 8 chars. */
#define REAL_NAME_LEN 31 /* max # of chars in real name, +1 */
#define CRYPT_PASS_LEN 14 /* max # of chars in encrypted passwd +1 */
#define MAX_TRIES 3 /* max # of trials for opening passwd file */
#ifndef FALSE
#define FALSE 0
#define TRUE 1
#endif
static void time_out(void);
static void makesalt(char *salt, long seed);
static uid_t get_next_uid(void);
static int getpassword(char *, int, char *, char *);
static int bad_name(char *acct_name);
static void mygets(char *string, int maxchar);
static FILE * smartopen(char *file, char *mode);
static char acct_name[ACCT_NAME_LEN];
static char name[REAL_NAME_LEN];
static char pass1[CRYPT_PASS_LEN];
static char pass2[CRYPT_PASS_LEN];
static char salt[3];
static char newhome[PATH_MAX];
static unsigned char salttab[] = /* table of chars for salt */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
#pragma databank 1
static void
time_out(void)
{
printf("\nnewuser timed out after 60 seconds.\n");
exit(1);
}
#pragma databank 0
/* Borrowed from Eric's passwd.cc */
static void
makesalt(char *salt, long seed)
{
int num = 2;
while (--num >= 0) {
*salt++ = salttab[seed&0x3f];
seed >= 6;
}
}
/*
* get_next_uid()
*
* Return the next available user id from NEWID_FILE, and update the
* NEWID_FILE under the assumption that the returned id will be assigned
* in /etc/passwd. Abort on any errors.
*/
static uid_t
get_next_uid(void)
{
FILE *FPtr;
uid_t uid;
if ((FPtr = fopen(NEWID_FILE,"r+")) == NULL) {
err(1, "failed to id file %s", NEWID_FILE);
/*NOTREACHED*/
}
if (fscanf(FPtr,"%d\n",&uid) != 1) {
errx(1, "scan of %s failed", NEWID_FILE);
}
rewind(FPtr);
fprintf(FPtr,"%d\n",uid+1);
fclose(FPtr);
return(uid);
}
/*
* getpassword
* prompt for a password with <passstrings>. put the encrypted
* password into <password>, aborting if it's length is greater
* than <passwdlen>-1. Return the length of the plaintext password.
*/
static int
getpassword(char *password, int passwdlen, char *salt, char *passstring)
{
char *pass, *passcode;
int length_clear, length_crypt, quit_now;
pass = getpass(passstring);
if (*pass == '\0') { /* ^D */
quit_now = 1;
} else {
quit_now = 0;
length_clear = strlen(pass);
passcode = crypt(pass,salt);
}
/* zero out the cleartext password */
for (length_crypt=0; length_crypt<_PASSWORD_LEN; length_crypt++) {
if (pass[length_crypt] == '\0') {
break;
}
pass[length_crypt] = '\0';
}
/* password not given? */
if (quit_now) {
errx(1, "aborted");
}
if (length_crypt > passwdlen-1) {
errx(1,
"internal error: encrypted password length (%d) > buffer length (%d)",
length_crypt+1, passwdlen);
/*NOTREACHED*/
}
strcpy(password,passcode);
return length_clear;
}
/*
* bad_name()
*
* return nonzero if <acct_name> is unsuitable as an account name. It must
* be between 2 and 8 characters long, start with a lower case letter, and
* contain only lower case letters or digits.
*/
static int
bad_name(char *acct_name)
{
int len;
len = strlen(acct_name);
if ((len < 2) || (len > 8) || !islower(*acct_name)) {
return(TRUE);
}
len = 1;
acct_name++;
while (*acct_name != '\0') {
len++;
if ((len > 8) || (!islower(*acct_name) && !isdigit(*acct_name))) {
return(TRUE);
}
acct_name++;
}
/* it's a good account name */
return(FALSE);
}
static void
mygets(char *string, int maxchar)
{
int len;
fgets(string, maxchar, stdin);
fflush(stdin);
if (*string == 0x00) { /* ^D */
goto fail;
}
len = strlen(string);
if (len == 0) {
goto fail;
}
/* remove terminating \n if necessary */
if ((string[len-1] == '\r') || (string[len-1] == '\n')) {
string[len-1] = '\0';
len--;
}
/* check for empty string */
if ((len == 0)) {
goto fail;
}
return;
fail:
errx(1, "aborted");
/*NOTREACHED*/
}
/* try multiple times to open /etc/passwd file */
static FILE *
smartopen(char *file, char *mode)
{
FILE *FOutPtr;
int i;
for (i = 0; i < MAX_TRIES; i++) {
FOutPtr = fopen(file,mode);
if (FOutPtr == NULL) {
sleep(1);
} else {
break;
}
}
return(FOutPtr);
}
static void
usage (void)
{
printf("Usage: newuser [-v] [-g gid]\n");
printf(" newuserv [-v] [-g gid]\n");
exit(1);
}
int
main (int argc, char **argv)
{
int validate, ch;
uid_t uid;
gid_t gid;
FILE *FOutPtr;
DIR *dirp;
struct dirent *entp;
struct sgttyb *s;
char *srcfile;
__REPORT_STACK();
/* check usage */
gid = DEFAULT_GID;
validate = (strcmp(basename(argv[0]), "newuserv") == 0) ? TRUE : FALSE;
while ((ch = getopt(argc, argv, "vg:")) != EOF) {
switch(ch) {
case 'g':
if ((gid = atoi(optarg)) == 0) {
gid = DEFAULT_GID;
}
break;
case 'v':
validate = TRUE;
break;
default:
usage();
}
}
if (argc - optind > 0) {
usage();
}
/* set up for system logging */
openlog(basename(argv[0]), LOG_PID | LOG_NDELAY, LOG_AUTH | LOG_INFO);
/* set up signal handlers */
signal(SIGINT,SIG_IGN);
signal(SIGHUP,SIG_IGN);
signal(SIGQUIT,SIG_IGN);
signal(SIGTSTP,SIG_IGN);
signal(SIGALRM,time_out);
/* Set proper erase character */
s = malloc (sizeof(struct sgttyb));
gtty(STDIN_FILENO,s);
s->sg_erase = 0x7f;
stty(STDIN_FILENO,s);
free(s);
/* Make sure all required files exist before going any further */
if (access(NEWID_FILE, R_OK | W_OK) != 0) {
errx(1, "no read/write access for %s", NEWID_FILE);
}
if (access(HOME, R_OK | W_OK | X_OK) != 0) {
errx(1, "no read/write/execute access for %s", HOME);
}
if (access(SKELETONS, R_OK | X_OK) != 0) {
errx(1, "no read/execute access for %s", SKELETONS);
}
printf("\n\tYou have requested a new account. You will be required\n");
printf("\tto enter the account information, after which ");
if (validate) {
printf("your account\n\tWill be placed on hold until it is verified\n");
} else {
printf("you will be\n\table to log into the system\n");
}
/* Get the user's "Real Name" for the GECOS field */
printf("\nReal Name: ");
mygets(name, REAL_NAME_LEN);
/* Get login name. If the login name is duplicate, prompt for */
/* a new login name. If the login name would call for the */
/* creation of a bogus directory, prompt for a new login name. */
/* Note that I'm using the restrictions of the ProDOS FST, */
/* since HFS is less restrictive. In other words, the username */
/* must start with a character and may only contain letters */
/* and numbers. */
while(1) {
printf("Login Name: ");
mygets(acct_name, ACCT_NAME_LEN);
#if 0
printf("\n\n(login name: '%s')\n\n", acct_name);
#endif
if (bad_name(acct_name)) {
puts("\nInvalid login name. Login names must be between 2 and 8");
puts("characters long, must start with a lower case letter, and");
puts("must consist of only digits and lower case letters.\n");
} else if (getpwnam(acct_name) != NULL) {
printf("The login name \"%s\" is already in use.\n", acct_name);
printf("Please choose another.\n");
} else {
#if 0
/* bad_name ensures that strlen(acct_name) < 8 */
if (sizeof(HOME) + strlen(acct_name) > PATH_MAX) {
/* what are the chances? */
err(1, "buffer overflow at line %d", __LINE__);
}
#endif
sprintf(newhome, "%s/%s", HOME, acct_name);
if (access(newhome, X_OK) == 0) {
printf("The login name \"%s\" has already been requested by someone else\n",
acct_name);
printf("Please choose another.\n");
} else {
break;
}
}
}
/* close the file descriptor we have open on /etc/passswd */
endpwent();
/* Get password of >= MIN_PASSWD_LEN chars, with verification */
makesalt(salt, rand());
while(1) {
if (getpassword(pass1, CRYPT_PASS_LEN, salt, "Password: ")
< MIN_PASSWD_LEN) {
printf("The password must be at least %d characters long.\nTry again.\n",
MIN_PASSWD_LEN);
continue;
}
getpassword(pass2, CRYPT_PASS_LEN, salt,"Verify: ");
if (strcmp(pass1,pass2) == 0) {
break;
} else {
printf("Passwords don't match. Try again.\n");
}
}
/*
* Get the next free uid and update the NEWID_FILE. When we return from
* this routine, we are now past the point of no return; if we fail
* anything, then we have used up a user id.
*/
while(1) {
uid = get_next_uid();
if (getpwuid(uid) == NULL) {
break;
} else {
syslog(LOG_WARNING, "uid %d is already in use; skipping", uid);
}
}
/*
* make the home directory
*/
if (mkdir(newhome) != 0) {
err(1, "failed to create directory %s", newhome);
}
/*
* Copy each of the files in SKELETONS into the user's home directory.
* Initially change directory into SKELETONS so that we can use partial
* pathnames when copying the files into $HOME.
*/
putchar('\n');
if (chdir(SKELETONS) != 0) {
err(1, "couldn't change directory into %s", SKELETONS);
/*NOTREACHED*/
}
if ((dirp = opendir(SKELETONS)) == NULL) {
err(1, "read of directory %d failed", SKELETONS);
}
while ((entp = readdir(dirp)) != NULL) {
/* only copy regular files, and don't recurse through subdirectories */
if (entp->d_type == DT_DIR) {
continue;
}
/* skip entries for current and parent directories */
srcfile = entp->d_name;
if (((srcfile[0]=='.') && (srcfile[1]=='\0')) ||
((srcfile[0]=='.') && (srcfile[1]=='.') && (srcfile[2]=='\0'))) {
continue;
}
/* do the copy */
srcfile = LC_CopyFile(srcfile, newhome, LC_COPY_DATA | LC_COPY_REZ);
if (srcfile == NULL) {
err(1, "couldn't copy %s", entp->d_name);
} else {
printf("creating %s\n", srcfile);
}
}
closedir(dirp);
/* Save the password information away. */
if (!validate) { /* no validation, so append new entry to /etc/passwd */
FOutPtr = smartopen(_PATH_PASSWD, "a");
if (FOutPtr == NULL) {
err(1, "couldn't open %s", _PATH_PASSWD);
}
fprintf(FOutPtr, "%s:%s:%d:%d:%s:%s/%s:%s\n",
acct_name, pass1, uid, gid, name, HOME, acct_name, DEFAULT_SHELL);
fclose(FOutPtr);
syslog(LOG_INFO, "created account %s", acct_name);
printf("You may now log in.\n");
} else { /* validation selected -- so append new entry to NEWUSERS_FILE */
if ((FOutPtr = fopen(NEWUSERS_FILE, "a")) == NULL) {
err(1, "couldn't open %s", NEWUSERS_FILE);
}
fprintf(FOutPtr,"%s:%s:%d:%d:%s:%s/%s:%s\n",
acct_name, pass1, uid, gid, name, HOME, acct_name, DEFAULT_SHELL);
fclose(FOutPtr);
syslog(LOG_INFO, "created account %s pending validation", acct_name);
printf("\nYour account will be available after the system administrator");
printf("has had a\nchance to review it.\n");
}
closelog();
return 0;
}