New upstream version 4.15.2

This commit is contained in:
Chris Hofstaedtler
2024-06-22 17:34:25 +02:00
parent f7f4fd7c05
commit 0fda4df4f1
10661 changed files with 382133 additions and 3243 deletions
+227 -210
View File
@@ -33,6 +33,7 @@
#include <time.h>
#include "alloc.h"
#include "atoi/str2i.h"
#include "chkname.h"
#include "defines.h"
#include "faillog.h"
@@ -177,10 +178,12 @@ NORETURN static void usage (int status);
static void new_pwent (struct passwd *);
static void new_spent (struct spwd *);
NORETURN static void fail_exit (int);
static void update_group (void);
static void update_group_file(void);
static void update_group(const struct group *grp);
#ifdef SHADOWGRP
static void update_gshadow (void);
static void update_gshadow_file(void);
static void update_gshadow(const struct sgrp *sgrp);
#endif
static void grp_update (void);
@@ -684,263 +687,277 @@ fail_exit (int code)
}
static void update_group (void)
static void
update_group_file(void)
{
bool is_member;
bool was_member;
bool changed;
const struct group *grp;
struct group *ngrp;
changed = false;
const struct group *grp;
/*
* Scan through the entire group file looking for the groups that
* the user is a member of.
*/
while ((grp = gr_next ()) != NULL) {
/*
* See if the user specified this group as one of their
* concurrent groups.
*/
was_member = is_on_list (grp->gr_mem, user_name);
is_member = Gflg && ( (was_member && aflg)
|| is_on_list (user_groups, grp->gr_name));
while ((grp = gr_next()) != NULL)
update_group(grp);
}
if (!was_member && !is_member) {
continue;
}
/*
* If rflg+Gflg is passed in AKA -rG invert is_member flag, which removes
* mentioned groups while leaving the others.
*/
if (Gflg && rflg) {
is_member = !is_member;
}
static void
update_group(const struct group *grp)
{
bool changed;
bool is_member;
bool was_member;
struct group *ngrp;
ngrp = __gr_dup (grp);
if (NULL == ngrp) {
fprintf (stderr,
_("%s: Out of memory. Cannot update %s.\n"),
Prog, gr_dbname ());
fail_exit (E_GRP_UPDATE);
}
changed = false;
if (was_member) {
if ((!Gflg) || is_member) {
/* User was a member and is still a member
* of this group.
* But the user might have been renamed.
*/
if (lflg) {
ngrp->gr_mem = del_list (ngrp->gr_mem,
user_name);
ngrp->gr_mem = add_list (ngrp->gr_mem,
user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing group member",
user_newname, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO,
"change '%s' to '%s' in group '%s'",
user_name, user_newname,
ngrp->gr_name));
}
} else {
/* User was a member but is no more a
* member of this group.
*/
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
/*
* See if the user specified this group as one of their
* concurrent groups.
*/
was_member = is_on_list (grp->gr_mem, user_name);
is_member = Gflg && ( (was_member && aflg)
|| is_on_list (user_groups, grp->gr_name));
if (!was_member && !is_member)
return;
/*
* If rflg+Gflg is passed in AKA -rG invert is_member flag, which removes
* mentioned groups while leaving the others.
*/
if (Gflg && rflg) {
is_member = !is_member;
}
ngrp = __gr_dup (grp);
if (NULL == ngrp) {
fprintf (stderr,
_("%s: Out of memory. Cannot update %s.\n"),
Prog, gr_dbname ());
fail_exit (E_GRP_UPDATE);
}
if (was_member) {
if ((!Gflg) || is_member) {
/* User was a member and is still a member
* of this group.
* But the user might have been renamed.
*/
if (lflg) {
ngrp->gr_mem = del_list (ngrp->gr_mem,
user_name);
ngrp->gr_mem = add_list (ngrp->gr_mem,
user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"removing group member",
user_name, AUDIT_NO_ID, 1);
"changing group member",
user_newname, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO,
"delete '%s' from group '%s'",
user_name, ngrp->gr_name));
"change '%s' to '%s' in group '%s'",
user_name, user_newname,
ngrp->gr_name));
}
} else if (is_member) {
/* User was not a member but is now a member this
* group.
} else {
/* User was a member but is no more a
* member of this group.
*/
ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"adding user to group",
user_name, AUDIT_NO_ID, 1);
"removing group member",
user_name, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
user_newname, ngrp->gr_name));
SYSLOG ((LOG_INFO,
"delete '%s' from group '%s'",
user_name, ngrp->gr_name));
}
if (!changed) {
continue;
}
changed = false;
if (gr_update (ngrp) == 0) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), ngrp->gr_name);
SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'", gr_dbname (), ngrp->gr_name));
fail_exit (E_GRP_UPDATE);
}
gr_free(ngrp);
} else if (is_member) {
/* User was not a member but is now a member this
* group.
*/
ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"adding user to group",
user_name, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
user_newname, ngrp->gr_name));
}
if (!changed)
goto free_ngrp;
if (gr_update (ngrp) == 0) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), ngrp->gr_name);
SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'", gr_dbname (), ngrp->gr_name));
fail_exit (E_GRP_UPDATE);
}
free_ngrp:
gr_free(ngrp);
}
#ifdef SHADOWGRP
static void update_gshadow (void)
{
bool is_member;
bool was_member;
bool was_admin;
bool changed;
const struct sgrp *sgrp;
struct sgrp *nsgrp;
changed = false;
#ifdef SHADOWGRP
static void
update_gshadow_file(void)
{
const struct sgrp *sgrp;
/*
* Scan through the entire shadow group file looking for the groups
* that the user is a member of.
*/
while ((sgrp = sgr_next ()) != NULL) {
while ((sgrp = sgr_next()) != NULL)
update_gshadow(sgrp);
}
#endif /* SHADOWGRP */
/*
* See if the user was a member of this group
#ifdef SHADOWGRP
static void
update_gshadow(const struct sgrp *sgrp)
{
bool changed;
bool is_member;
bool was_member;
bool was_admin;
struct sgrp *nsgrp;
changed = false;
/*
* See if the user was a member of this group
*/
was_member = is_on_list (sgrp->sg_mem, user_name);
/*
* See if the user was an administrator of this group
*/
was_admin = is_on_list (sgrp->sg_adm, user_name);
/*
* See if the user specified this group as one of their
* concurrent groups.
*/
is_member = Gflg && ( (was_member && aflg)
|| is_on_list (user_groups, sgrp->sg_name));
if (!was_member && !was_admin && !is_member)
return;
/*
* If rflg+Gflg is passed in AKA -rG invert is_member, to remove targeted
* groups while leaving the user apart of groups not mentioned
*/
if (Gflg && rflg) {
is_member = !is_member;
}
nsgrp = __sgr_dup (sgrp);
if (NULL == nsgrp) {
fprintf (stderr,
_("%s: Out of memory. Cannot update %s.\n"),
Prog, sgr_dbname ());
fail_exit (E_GRP_UPDATE);
}
if (was_admin && lflg) {
/* User was an admin of this group but the user
* has been renamed.
*/
was_member = is_on_list (sgrp->sg_mem, user_name);
nsgrp->sg_adm = del_list (nsgrp->sg_adm, user_name);
nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing admin name in shadow group",
user_name, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO,
"change admin '%s' to '%s' in shadow group '%s'",
user_name, user_newname, nsgrp->sg_name));
}
/*
* See if the user was an administrator of this group
*/
was_admin = is_on_list (sgrp->sg_adm, user_name);
/*
* See if the user specified this group as one of their
* concurrent groups.
*/
is_member = Gflg && ( (was_member && aflg)
|| is_on_list (user_groups, sgrp->sg_name));
if (!was_member && !was_admin && !is_member) {
continue;
}
/*
* If rflg+Gflg is passed in AKA -rG invert is_member, to remove targeted
* groups while leaving the user apart of groups not mentioned
*/
if (Gflg && rflg) {
is_member = !is_member;
}
nsgrp = __sgr_dup (sgrp);
if (NULL == nsgrp) {
fprintf (stderr,
_("%s: Out of memory. Cannot update %s.\n"),
Prog, sgr_dbname ());
fail_exit (E_GRP_UPDATE);
}
if (was_admin && lflg) {
/* User was an admin of this group but the user
* has been renamed.
if (was_member) {
if ((!Gflg) || is_member) {
/* User was a member and is still a member
* of this group.
* But the user might have been renamed.
*/
nsgrp->sg_adm = del_list (nsgrp->sg_adm, user_name);
nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing admin name in shadow group",
user_name, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO,
"change admin '%s' to '%s' in shadow group '%s'",
user_name, user_newname, nsgrp->sg_name));
}
if (was_member) {
if ((!Gflg) || is_member) {
/* User was a member and is still a member
* of this group.
* But the user might have been renamed.
*/
if (lflg) {
nsgrp->sg_mem = del_list (nsgrp->sg_mem,
user_name);
nsgrp->sg_mem = add_list (nsgrp->sg_mem,
user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing member in shadow group",
user_name, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO,
"change '%s' to '%s' in shadow group '%s'",
user_name, user_newname,
nsgrp->sg_name));
}
} else {
/* User was a member but is no more a
* member of this group.
*/
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
if (lflg) {
nsgrp->sg_mem = del_list (nsgrp->sg_mem,
user_name);
nsgrp->sg_mem = add_list (nsgrp->sg_mem,
user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"removing user from shadow group",
user_name, AUDIT_NO_ID, 1);
"changing member in shadow group",
user_name, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO,
"delete '%s' from shadow group '%s'",
user_name, nsgrp->sg_name));
"change '%s' to '%s' in shadow group '%s'",
user_name, user_newname,
nsgrp->sg_name));
}
} else if (is_member) {
/* User was not a member but is now a member this
* group.
} else {
/* User was a member but is no more a
* member of this group.
*/
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"adding user to shadow group",
user_newname, AUDIT_NO_ID, 1);
"removing user from shadow group",
user_name, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
user_newname, nsgrp->sg_name));
SYSLOG ((LOG_INFO,
"delete '%s' from shadow group '%s'",
user_name, nsgrp->sg_name));
}
if (!changed) {
continue;
}
changed = false;
/*
* Update the group entry to reflect the changes.
} else if (is_member) {
/* User was not a member but is now a member this
* group.
*/
if (sgr_update (nsgrp) == 0) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), nsgrp->sg_name);
SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'",
sgr_dbname (), nsgrp->sg_name));
fail_exit (E_GRP_UPDATE);
}
free (nsgrp);
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
changed = true;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"adding user to shadow group",
user_newname, AUDIT_NO_ID, 1);
#endif
SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
user_newname, nsgrp->sg_name));
}
if (!changed)
goto free_nsgrp;
/*
* Update the group entry to reflect the changes.
*/
if (sgr_update (nsgrp) == 0) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), nsgrp->sg_name);
SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'",
sgr_dbname (), nsgrp->sg_name));
fail_exit (E_GRP_UPDATE);
}
free_nsgrp:
free (nsgrp);
}
#endif /* SHADOWGRP */
/*
* grp_update - add user to secondary group set
*
@@ -949,10 +966,10 @@ static void update_gshadow (void)
*/
static void grp_update (void)
{
update_group ();
update_group_file();
#ifdef SHADOWGRP
if (is_shadow_grp) {
update_gshadow ();
update_gshadow_file();
}
#endif
}
@@ -1061,7 +1078,7 @@ static void process_flags (int argc, char **argv)
eflg = true;
break;
case 'f':
if ( (getlong(optarg, &user_newinactive) == -1)
if ( (str2sl(&user_newinactive, optarg) == -1)
|| (user_newinactive < -1)) {
fprintf (stderr,
_("%s: invalid numeric argument '%s'\n"),