#include <sys/types.h>
#include <fcntl.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <pwd.h>
#include <shadow.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>
#include <nss_dbdefs.h>
#include <macros.h>
#include <syslog.h>
#include <limits.h>
#include "passwdutil.h"
int files_lock(void);
int files_unlock(void);
int files_checkhistory(const char *user, const char *passwd,
pwu_repository_t *rep);
int files_getattr(const char *name, attrlist *item, pwu_repository_t *rep);
int files_getpwnam(const char *name, attrlist *items, pwu_repository_t *rep,
void **buf);
int files_update(attrlist *items, pwu_repository_t *rep, void *buf);
int files_putpwnam(const char *name, const char *oldpw, pwu_repository_t *rep,
void *buf);
int files_user_to_authenticate(const char *name, pwu_repository_t *rep,
char **auth_user, int *privileged);
static int files_update_history(const char *name, struct spwd *spwd);
struct repops files_repops = {
files_checkhistory,
files_getattr,
files_getpwnam,
files_update,
files_putpwnam,
files_user_to_authenticate,
files_lock,
files_unlock
};
struct pwbuf {
int update_history;
struct passwd *pwd;
char *pwd_scratch;
struct spwd *spwd;
char *spwd_scratch;
char *new_sp_pwdp;
};
#define PWD_SCRATCH_SIZE NSS_LINELEN_PASSWD
#define SPW_SCRATCH_SIZE NSS_LINELEN_SHADOW
int
files_lock(void)
{
int res;
if (lckpwdf()) {
switch (errno) {
case EINTR:
res = PWU_BUSY;
break;
case EACCES:
res = PWU_DENIED;
break;
case 0:
res = PWU_SUCCESS;
break;
}
} else
res = PWU_SUCCESS;
return (res);
}
int
files_unlock(void)
{
if (ulckpwdf())
return (PWU_SYSTEM_ERROR);
return (PWU_SUCCESS);
}
int
files_privileged(void)
{
return (getuid() == 0);
}
struct passwd *
private_getpwnam_r(const char *name, struct passwd *result, char *buffer,
int buflen)
{
FILE *fp;
int found;
if ((fp = fopen(PASSWD, "rF")) == NULL)
return (NULL);
found = 0;
while (!found && fgetpwent_r(fp, result, buffer, buflen) != NULL) {
if (strcmp(name, result->pw_name) == 0)
found = 1;
}
(void) fclose(fp);
if (!found) {
(void) memset(buffer, 0, buflen);
(void) memset(result, 0, sizeof (*result));
return (NULL);
}
return (result);
}
struct spwd *
private_getspnam_r(const char *name, struct spwd *result, char *buffer,
int buflen)
{
FILE *fp;
int found;
fp = fopen(SHADOW, "rF");
if (fp == NULL)
return (NULL);
found = 0;
while (!found && fgetspent_r(fp, result, buffer, buflen) != NULL) {
if (strcmp(name, result->sp_namp) == 0)
found = 1;
}
(void) fclose(fp);
if (!found) {
(void) memset(buffer, 0, buflen);
(void) memset(result, 0, sizeof (*result));
return (NULL);
}
return (result);
}
int
files_getpwnam(const char *name, attrlist *items, pwu_repository_t *rep,
void **buf)
{
attrlist *p;
struct pwbuf *pwbuf;
int err = PWU_SUCCESS;
*buf = calloc(1, sizeof (struct pwbuf));
pwbuf = (struct pwbuf *)*buf;
if (pwbuf == NULL)
return (PWU_NOMEM);
for (p = items; p != NULL; p = p->next) {
switch (p->type) {
case ATTR_NAME:
case ATTR_UID:
case ATTR_GID:
case ATTR_AGE:
case ATTR_COMMENT:
case ATTR_GECOS:
case ATTR_HOMEDIR:
case ATTR_SHELL:
if (pwbuf->pwd == NULL) {
pwbuf->pwd = malloc(sizeof (struct passwd));
if (pwbuf->pwd == NULL) {
err = PWU_NOMEM;
goto error;
}
}
break;
case ATTR_PASSWD:
case ATTR_PASSWD_SERVER_POLICY:
case ATTR_LSTCHG:
case ATTR_MIN:
case ATTR_MAX:
case ATTR_WARN:
case ATTR_INACT:
case ATTR_EXPIRE:
case ATTR_FLAG:
case ATTR_LOCK_ACCOUNT:
case ATTR_EXPIRE_PASSWORD:
case ATTR_FAILED_LOGINS:
case ATTR_INCR_FAILED_LOGINS:
case ATTR_RST_FAILED_LOGINS:
case ATTR_NOLOGIN_ACCOUNT:
case ATTR_UNLOCK_ACCOUNT:
if (pwbuf->spwd == NULL) {
pwbuf->spwd = malloc(sizeof (struct spwd));
if (pwbuf->spwd == NULL) {
err = PWU_NOMEM;
goto error;
}
}
break;
default:
break;
}
}
if (pwbuf->pwd) {
if ((pwbuf->pwd_scratch = malloc(PWD_SCRATCH_SIZE)) == NULL) {
err = PWU_NOMEM;
goto error;
}
if (private_getpwnam_r(name, pwbuf->pwd, pwbuf->pwd_scratch,
PWD_SCRATCH_SIZE) == NULL) {
err = PWU_NOT_FOUND;
goto error;
}
}
if (pwbuf->spwd) {
if ((pwbuf->spwd_scratch = malloc(SPW_SCRATCH_SIZE)) == NULL) {
err = PWU_NOMEM;
goto error;
}
if (private_getspnam_r(name, pwbuf->spwd, pwbuf->spwd_scratch,
SPW_SCRATCH_SIZE) == NULL) {
err = PWU_NOT_FOUND;
goto error;
}
}
return (PWU_SUCCESS);
error:
if (pwbuf->pwd) free(pwbuf->pwd);
if (pwbuf->pwd_scratch) free(pwbuf->pwd_scratch);
if (pwbuf->spwd) free(pwbuf->spwd);
if (pwbuf->spwd_scratch) free(pwbuf->spwd_scratch);
free(pwbuf);
*buf = NULL;
return (err);
}
int
files_user_to_authenticate(const char *user, pwu_repository_t *rep,
char **auth_user, int *privileged)
{
struct pwbuf *pwbuf;
int res;
attrlist attr_tmp[1] = { { ATTR_UID, NULL, NULL } };
res = files_getpwnam(user, &attr_tmp[0], rep, (void **)&pwbuf);
if (res != PWU_SUCCESS)
return (res);
if (files_privileged()) {
*auth_user = NULL;
*privileged = 1;
res = PWU_SUCCESS;
} else {
*privileged = 0;
if (getuid() == pwbuf->pwd->pw_uid) {
if ((*auth_user = strdup(user)) == NULL) {
res = PWU_NOMEM;
} else {
res = PWU_SUCCESS;
}
} else {
res = PWU_DENIED;
}
}
if (pwbuf->pwd) free(pwbuf->pwd);
if (pwbuf->pwd_scratch) free(pwbuf->pwd_scratch);
if (pwbuf->spwd) free(pwbuf->spwd);
if (pwbuf->spwd_scratch) free(pwbuf->spwd_scratch);
free(pwbuf);
return (res);
}
#define HISTORY "/etc/security/passhistory"
#define HISTEMP "/etc/security/pwhistemp"
#define OHISTORY "/etc/security/opwhistory"
#define HISTMODE S_IRUSR
#define MAX_LOGNAME (3 * LOGNAME_MAX)
int
files_checkhistory(const char *user, const char *passwd, pwu_repository_t *rep)
{
attrlist attr;
int res;
attr.type = ATTR_HISTORY;
attr.data.val_s = NULL;
attr.next = NULL;
debug("files_checkhistory(user=%s)", user);
if ((res = files_getattr(user, &attr, rep)) == PWU_SUCCESS) {
char *s;
char *crypt_passwd;
int histsize;
char *last = attr.data.val_s;
if ((histsize = def_getint("HISTORY=", DEFHISTORY)) == 0) {
debug("files_checkhistory: no history requested");
res = PWU_NOT_FOUND;
goto out;
}
debug("files_checkhistory: histsize = %d", histsize);
if (histsize > MAXHISTORY)
histsize = MAXHISTORY;
debug("line to test\n\t%s", last);
res = PWU_NOT_FOUND;
while ((histsize-- > 0) &&
(((s = strtok_r(NULL, ":", &last)) != NULL) &&
(*s != '\n'))) {
crypt_passwd = crypt(passwd, s);
debug("files_checkhistory: user_pw=%s, history_pw=%s",
crypt_passwd, s);
if (strcmp(crypt_passwd, s) == 0) {
res = PWU_SUCCESS;
break;
}
}
debug("files_checkhistory(%s, %s) = %d", user, crypt_passwd,
res);
}
out:
if (attr.data.val_s != NULL)
free(attr.data.val_s);
return (res);
}
int
files_getattr(const char *name, attrlist *items, pwu_repository_t *rep)
{
struct pwbuf *pwbuf;
struct passwd *pw;
struct spwd *spw;
attrlist *w;
int res;
res = files_getpwnam(name, items, rep, (void **)&pwbuf);
if (res != PWU_SUCCESS)
return (res);
pw = pwbuf->pwd;
spw = pwbuf->spwd;
for (w = items; res == PWU_SUCCESS && w != NULL; w = w->next) {
switch (w->type) {
case ATTR_NAME:
if ((w->data.val_s = strdup(pw->pw_name)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_COMMENT:
if ((w->data.val_s = strdup(pw->pw_comment)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_GECOS:
if ((w->data.val_s = strdup(pw->pw_gecos)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_HOMEDIR:
if ((w->data.val_s = strdup(pw->pw_dir)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_SHELL:
if ((w->data.val_s = strdup(pw->pw_shell)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_PASSWD:
case ATTR_PASSWD_SERVER_POLICY:
if ((w->data.val_s = strdup(spw->sp_pwdp)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_AGE:
if ((w->data.val_s = strdup(pw->pw_age)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_REP_NAME:
if ((w->data.val_s = strdup("files")) == NULL)
res = PWU_NOMEM;
break;
case ATTR_HISTORY: {
FILE *history;
char buf[MAX_LOGNAME + MAXHISTORY +
(MAXHISTORY * CRYPT_MAXCIPHERTEXTLEN)+1];
char *s, *s1;
debug("files_getattr: Get password history for %s ",
name);
if ((history = fopen(HISTORY, "rF")) == NULL) {
debug("files_getattr: %s not found", HISTORY);
res = PWU_OPEN_FAILED;
goto getattr_exit;
}
res = PWU_NOT_FOUND;
while ((s = fgets(buf, sizeof (buf), history)) !=
NULL) {
s1 = strchr(s, ':');
if (s1 != NULL) {
*s1 = '\0';
} else {
res = PWU_NOT_FOUND;
break;
}
#ifdef DEBUG
debug("got history line for %s", s);
#endif
if (strcmp(s, name) == 0) {
if ((items->data.val_s =
strdup(s1+1)) == NULL)
res = PWU_NOMEM;
else
res = PWU_SUCCESS;
break;
}
}
(void) fclose(history);
break;
}
case ATTR_UID:
w->data.val_i = pw->pw_uid;
break;
case ATTR_GID:
w->data.val_i = pw->pw_gid;
break;
case ATTR_LSTCHG:
w->data.val_i = spw->sp_lstchg;
break;
case ATTR_MIN:
w->data.val_i = spw->sp_min;
break;
case ATTR_MAX:
w->data.val_i = spw->sp_max;
break;
case ATTR_WARN:
w->data.val_i = spw->sp_warn;
break;
case ATTR_INACT:
w->data.val_i = spw->sp_inact;
break;
case ATTR_EXPIRE:
w->data.val_i = spw->sp_expire;
break;
case ATTR_FLAG:
w->data.val_i = spw->sp_flag;
break;
case ATTR_FAILED_LOGINS:
w->data.val_i = spw->sp_flag & FAILCOUNT_MASK;
break;
default:
break;
}
}
getattr_exit:
if (pwbuf->pwd) free(pwbuf->pwd);
if (pwbuf->pwd_scratch) free(pwbuf->pwd_scratch);
if (pwbuf->spwd) free(pwbuf->spwd);
if (pwbuf->spwd_scratch) free(pwbuf->spwd_scratch);
free(pwbuf);
return (res);
}
static int
max_present(attrlist *list)
{
while (list != NULL)
if (list->type == ATTR_MAX && list->data.val_i != -1)
return (1);
else
list = list->next;
return (0);
}
int
files_update(attrlist *items, pwu_repository_t *rep, void *buf)
{
struct pwbuf *pwbuf = (struct pwbuf *)buf;
struct passwd *pw;
struct spwd *spw;
attrlist *p;
int aging_needed = 0;
int aging_set = 0;
int disable_aging;
char *pword;
int len;
pw = pwbuf->pwd;
spw = pwbuf->spwd;
pwbuf->update_history = 0;
disable_aging = (spw != NULL && spw->sp_max == 0);
for (p = items; p != NULL; p = p->next) {
switch (p->type) {
case ATTR_NAME:
break;
case ATTR_UID:
pw->pw_uid = (uid_t)p->data.val_i;
break;
case ATTR_GID:
pw->pw_gid = (gid_t)p->data.val_i;
break;
case ATTR_AGE:
pw->pw_age = p->data.val_s;
break;
case ATTR_COMMENT:
pw->pw_comment = p->data.val_s;
break;
case ATTR_GECOS:
pw->pw_gecos = p->data.val_s;
break;
case ATTR_HOMEDIR:
pw->pw_dir = p->data.val_s;
break;
case ATTR_SHELL:
pw->pw_shell = p->data.val_s;
break;
case ATTR_PASSWD:
case ATTR_PASSWD_SERVER_POLICY:
if (p->data.val_s == NULL) {
spw->sp_pwdp = "";
} else {
char *salt = NULL;
char *hash = NULL;
salt = crypt_gensalt(spw->sp_pwdp, pw);
if (salt == NULL) {
if (errno == ENOMEM)
return (PWU_NOMEM);
syslog(LOG_AUTH | LOG_ALERT,
"passwdutil: crypt_gensalt %m");
return (PWU_UPDATE_FAILED);
}
hash = crypt(p->data.val_s, salt);
free(salt);
if (hash == NULL) {
errno = ENOMEM;
return (PWU_NOMEM);
}
pword = strdup(hash);
if (pword == NULL) {
errno = ENOMEM;
return (PWU_NOMEM);
}
if (pwbuf->new_sp_pwdp)
free(pwbuf->new_sp_pwdp);
pwbuf->new_sp_pwdp = pword;
spw->sp_pwdp = pword;
aging_needed = 1;
pwbuf->update_history = 1;
}
spw->sp_flag &= ~FAILCOUNT_MASK;
spw->sp_lstchg = DAY_NOW_32;
break;
case ATTR_LOCK_ACCOUNT:
if (spw->sp_pwdp == NULL) {
spw->sp_pwdp = LOCKSTRING;
} else if ((strncmp(spw->sp_pwdp, LOCKSTRING,
sizeof (LOCKSTRING)-1) != 0) &&
(strcmp(spw->sp_pwdp, NOLOGINSTRING) != 0)) {
len = sizeof (LOCKSTRING)-1 +
strlen(spw->sp_pwdp) + 1;
pword = malloc(len);
if (pword == NULL) {
errno = ENOMEM;
return (PWU_NOMEM);
}
(void) strlcpy(pword, LOCKSTRING, len);
(void) strlcat(pword, spw->sp_pwdp, len);
if (pwbuf->new_sp_pwdp)
free(pwbuf->new_sp_pwdp);
pwbuf->new_sp_pwdp = pword;
spw->sp_pwdp = pword;
}
spw->sp_lstchg = DAY_NOW_32;
break;
case ATTR_UNLOCK_ACCOUNT:
if (spw->sp_pwdp != NULL &&
strncmp(spw->sp_pwdp, LOCKSTRING,
sizeof (LOCKSTRING)-1) == 0) {
(void) strcpy(spw->sp_pwdp, spw->sp_pwdp +
sizeof (LOCKSTRING)-1);
}
spw->sp_lstchg = DAY_NOW_32;
break;
case ATTR_NOLOGIN_ACCOUNT:
spw->sp_pwdp = NOLOGINSTRING;
if (pwbuf->new_sp_pwdp) {
free(pwbuf->new_sp_pwdp);
pwbuf->new_sp_pwdp = NULL;
}
spw->sp_lstchg = DAY_NOW_32;
break;
case ATTR_EXPIRE_PASSWORD:
spw->sp_lstchg = 0;
break;
case ATTR_LSTCHG:
spw->sp_lstchg = p->data.val_i;
break;
case ATTR_MIN:
if (spw->sp_max == -1 &&
p->data.val_i != -1 && max_present(p->next) == 0)
return (PWU_AGING_DISABLED);
spw->sp_min = p->data.val_i;
aging_set = 1;
break;
case ATTR_MAX:
if (p->data.val_i == -1) {
spw->sp_min = -1;
spw->sp_warn = -1;
} else {
if (spw->sp_min == -1) {
spw->sp_min = 0;
}
if (spw->sp_max == -1 &&
spw->sp_pwdp != NULL && *spw->sp_pwdp &&
spw->sp_lstchg == -1) {
spw->sp_lstchg = DAY_NOW_32;
}
}
spw->sp_max = p->data.val_i;
aging_set = 1;
break;
case ATTR_WARN:
if (spw->sp_max == -1 && p->data.val_i != -1 &&
max_present(p->next) == 0)
return (PWU_AGING_DISABLED);
spw->sp_warn = p->data.val_i;
break;
case ATTR_INACT:
spw->sp_inact = p->data.val_i;
break;
case ATTR_EXPIRE:
spw->sp_expire = p->data.val_i;
break;
case ATTR_FLAG:
spw->sp_flag = p->data.val_i;
break;
case ATTR_INCR_FAILED_LOGINS:
{
int count = (spw->sp_flag & FAILCOUNT_MASK) + 1;
spw->sp_flag &= ~FAILCOUNT_MASK;
spw->sp_flag |= min(FAILCOUNT_MASK, count);
p->data.val_i = count;
}
break;
case ATTR_RST_FAILED_LOGINS:
p->data.val_i = spw->sp_flag & FAILCOUNT_MASK;
spw->sp_flag &= ~FAILCOUNT_MASK;
break;
default:
break;
}
}
if (spw != NULL && spw->sp_max <= 0) {
if (aging_needed && !aging_set) {
if (disable_aging) {
spw->sp_min = spw->sp_max = spw->sp_warn = -1;
} else {
turn_on_default_aging(spw);
}
}
}
return (PWU_SUCCESS);
}
int
files_update_shadow(const char *name, struct spwd *spwd)
{
struct stat64 stbuf;
FILE *dst;
FILE *src;
struct spwd cur;
char buf[SPW_SCRATCH_SIZE];
int tempfd;
mode_t filemode;
int result = -1;
int err = PWU_SUCCESS;
if (stat64(SHADOW, &stbuf) < 0) {
err = PWU_STAT_FAILED;
goto shadow_exit;
}
filemode = stbuf.st_mode & S_IRUSR;
tempfd = open(SHADTEMP, O_WRONLY|O_CREAT|O_TRUNC, filemode);
if (tempfd < 0) {
err = PWU_OPEN_FAILED;
goto shadow_exit;
}
(void) fchown(tempfd, (uid_t)0, stbuf.st_gid);
if ((dst = fdopen(tempfd, "wF")) == NULL) {
err = PWU_OPEN_FAILED;
goto shadow_exit;
}
if ((src = fopen(SHADOW, "rF")) == NULL) {
err = PWU_OPEN_FAILED;
(void) fclose(dst);
(void) unlink(SHADTEMP);
goto shadow_exit;
}
while (fgetspent_r(src, &cur, buf, sizeof (buf)) != NULL) {
if (strcmp(cur.sp_namp, name) == 0)
result = putspent(spwd, dst);
else
result = putspent(&cur, dst);
if (result != 0) {
err = PWU_WRITE_FAILED;
(void) fclose(src);
(void) fclose(dst);
goto shadow_exit;
}
}
(void) fclose(src);
if (fclose(dst) != 0) {
err = PWU_CLOSE_FAILED;
(void) unlink(SHADTEMP);
goto shadow_exit;
}
if (unlink(OSHADOW) && access(OSHADOW, 0) == 0) {
err = PWU_UPDATE_FAILED;
(void) unlink(SHADTEMP);
goto shadow_exit;
}
if (link(SHADOW, OSHADOW) == -1) {
err = PWU_UPDATE_FAILED;
(void) unlink(SHADTEMP);
goto shadow_exit;
}
if (rename(SHADTEMP, SHADOW) == -1) {
err = PWU_UPDATE_FAILED;
(void) unlink(SHADTEMP);
goto shadow_exit;
}
(void) unlink(OSHADOW);
shadow_exit:
return (err);
}
int
files_update_passwd(const char *name, struct passwd *pwd)
{
struct stat64 stbuf;
FILE *src, *dst;
int tempfd;
struct passwd cur;
char buf[PWD_SCRATCH_SIZE];
int result;
int err = PWU_SUCCESS;
if (stat64(PASSWD, &stbuf) < 0) {
err = PWU_STAT_FAILED;
goto passwd_exit;
}
if ((tempfd = open(PASSTEMP, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
err = PWU_OPEN_FAILED;
goto passwd_exit;
}
if ((dst = fdopen(tempfd, "wF")) == NULL) {
err = PWU_OPEN_FAILED;
goto passwd_exit;
}
if ((src = fopen(PASSWD, "rF")) == NULL) {
err = PWU_OPEN_FAILED;
(void) fclose(dst);
(void) unlink(PASSTEMP);
goto passwd_exit;
}
while (fgetpwent_r(src, &cur, buf, sizeof (buf)) != NULL) {
if (strcmp(cur.pw_name, name) == 0)
result = putpwent(pwd, dst);
else
result = putpwent(&cur, dst);
if (result != 0) {
err = PWU_WRITE_FAILED;
(void) fclose(src);
(void) fclose(dst);
goto passwd_exit;
}
}
(void) fclose(src);
if (fclose(dst) != 0) {
err = PWU_CLOSE_FAILED;
goto passwd_exit;
}
if (unlink(OPASSWD) && access(OPASSWD, 0) == 0) {
err = PWU_UPDATE_FAILED;
(void) unlink(PASSTEMP);
goto passwd_exit;
}
if (link(PASSWD, OPASSWD) == -1) {
err = PWU_UPDATE_FAILED;
(void) unlink(PASSTEMP);
goto passwd_exit;
}
if (rename(PASSTEMP, PASSWD) == -1) {
err = PWU_UPDATE_FAILED;
(void) unlink(PASSTEMP);
goto passwd_exit;
}
(void) chmod(PASSWD, 0644);
passwd_exit:
return (err);
}
int
files_putpwnam(const char *name, const char *oldpw, pwu_repository_t *rep,
void *buf)
{
struct pwbuf *pwbuf = (struct pwbuf *)buf;
int result = PWU_SUCCESS;
if (pwbuf->pwd) {
result = files_update_passwd(name, pwbuf->pwd);
}
if (result == PWU_SUCCESS && pwbuf->spwd) {
if (pwbuf->update_history != 0) {
debug("update_history = %d", pwbuf->update_history);
result = files_update_history(name, pwbuf->spwd);
} else {
debug("no password change");
}
if (result == PWU_SUCCESS) {
result = files_update_shadow(name, pwbuf->spwd);
}
}
if (pwbuf->pwd) {
(void) memset(pwbuf->pwd, 0, sizeof (struct passwd));
(void) memset(pwbuf->pwd_scratch, 0, PWD_SCRATCH_SIZE);
free(pwbuf->pwd);
free(pwbuf->pwd_scratch);
}
if (pwbuf->spwd) {
(void) memset(pwbuf->spwd, 0, sizeof (struct spwd));
(void) memset(pwbuf->spwd_scratch, 0, SPW_SCRATCH_SIZE);
free(pwbuf->spwd);
free(pwbuf->spwd_scratch);
}
if (pwbuf->new_sp_pwdp) {
free(pwbuf->new_sp_pwdp);
}
return (result);
}
int
files_update_history(const char *name, struct spwd *spwd)
{
int histsize;
int tmpfd;
FILE *src;
FILE *dst;
struct stat64 statbuf;
char buf[MAX_LOGNAME + MAXHISTORY +
(MAXHISTORY * CRYPT_MAXCIPHERTEXTLEN)+1];
int found;
if ((histsize = def_getint("HISTORY=", DEFHISTORY)) == 0) {
debug("files_update_history(%s) no history, unlinking", name);
(void) unlink(HISTORY);
return (PWU_SUCCESS);
}
debug("files_update_history(%s, %s) histsize = %d", name, spwd->sp_pwdp,
histsize);
if (histsize > MAXHISTORY)
histsize = MAXHISTORY;
if ((tmpfd = open(HISTEMP, O_WRONLY|O_CREAT|O_TRUNC, HISTMODE)) < 0) {
return (PWU_OPEN_FAILED);
}
(void) fchown(tmpfd, (uid_t)0, (gid_t)0);
if (((src = fopen(HISTORY, "rF")) == NULL) &&
(errno != ENOENT)) {
(void) unlink(HISTEMP);
return (PWU_OPEN_FAILED);
}
if ((dst = fdopen(tmpfd, "wF")) == NULL) {
(void) fclose(src);
(void) unlink(HISTEMP);
return (PWU_OPEN_FAILED);
}
found = 0;
while ((src != NULL) &&
(fgets(buf, sizeof (buf), src) != NULL)) {
char *user;
char *last;
user = strtok_r(buf, ":", &last);
#ifdef DEBUG
debug("files_update_history: read=\"%s\"", user);
#endif
if (strcmp(user, name) == 0) {
char *crypt;
int i;
found++;
(void) fprintf(dst, "%s:%s:", name, spwd->sp_pwdp);
debug("files_update_history: update user\n"
"\t%s:%s:", name, spwd->sp_pwdp);
for (i = 0; i < MAXHISTORY-1; i++) {
crypt = strtok_r(NULL, ":", &last);
if (crypt == NULL ||
*crypt == '\n') {
break;
}
(void) fprintf(dst, "%s:", crypt);
debug("\t%d = %s:", i+1, crypt);
}
(void) fprintf(dst, "\n");
} else {
(void) fprintf(dst, "%s:%s", user, last);
#ifdef DEBUG
debug("files_update_history: copy line %s",
user);
#endif
}
}
if (found == 0) {
(void) fprintf(dst, "%s:%s:\n", name, spwd->sp_pwdp);
debug("files_update_history: add line\n"
"\t%s:%s:", name, spwd->sp_pwdp);
}
(void) fclose(src);
if (fclose(dst) != 0) {
debug("files_update_history: update file close failed %d",
errno);
(void) unlink(HISTEMP);
return (PWU_CLOSE_FAILED);
}
(void) unlink(OHISTORY);
if (stat64(OHISTORY, &statbuf) == 0 ||
((src != NULL) && (link(HISTORY, OHISTORY) != 0)) ||
rename(HISTEMP, HISTORY) != 0) {
debug("files_update_history: update file rename failed %d",
errno);
(void) unlink(HISTEMP);
return (PWU_UPDATE_FAILED);
}
(void) unlink(OHISTORY);
return (PWU_SUCCESS);
}
