summaryrefslogtreecommitdiffstats
path: root/login-utils/libuser.c
blob: b11fadc1ca8a25a2009522f9726c69366e67e74b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/*
 *   libuser.c -- Utilize libuser to set a user attribute
 *   (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com>
 *
 *   this program is free software.  you can redistribute it and
 *   modify it under the terms of the gnu general public license.
 *   there is no warranty.
 *
 */

#include "libuser.h"

#include <grp.h>
#include <libuser/user.h>
#include <unistd.h>

#include "auth.h"
#include "c.h"
#include "nls.h"

static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid,
			const char *username);

static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid,
			const char *username) {
	if (!lu_uses_elevated_privileges(ctx)) {
		/* Drop privileges */
		if (setegid(getgid()) == -1)
			err(EXIT_FAILURE, _("Couldn't drop group privileges"));
		if (seteuid(getuid()) == -1)
			err(EXIT_FAILURE, _("Couldn't drop group privileges"));
		return TRUE;
	}

	return auth_pam(service_name, uid, username);
}

int set_value_libuser(const char *service_name, const char *username, uid_t uid,
			const char *attr, const char *val) {
	struct lu_context *ctx;
	struct lu_error *error = NULL;
	struct lu_ent *ent;

	ctx = lu_start(username, lu_user, NULL, NULL, lu_prompt_console_quiet,
			NULL, &error);
	if (ctx == NULL)
		errx(EXIT_FAILURE, _("libuser initialization failed: %s."),
			lu_strerror(error));

	if (!auth_lu(service_name, ctx, uid, username)) {
		errno = EACCES;
		err(EXIT_FAILURE, _("changing user attribute failed"));
	}

	/* Look up the user's record. */
	ent = lu_ent_new();
	if (lu_user_lookup_name(ctx, username, ent, &error) == FALSE) {
		lu_end(ctx);
		errx(EXIT_FAILURE, _("user \"%s\" does not exist."), username);
	}

	lu_ent_set_string(ent, attr, val);
	if (!lu_user_modify(ctx, ent, &error)) {
		lu_ent_free(ent);
		lu_end(ctx);
		errx(EXIT_FAILURE, _("user attribute not changed: %s"), lu_strerror(error));
	}
	lu_ent_free(ent);
	lu_end(ctx);

	return 0;
}