Merge upstream 4.3

This commit is contained in:
Serge Hallyn
2016-07-30 23:28:48 -05:00
parent f9aecd19f3
commit 5a6e0c0ebd
543 changed files with 145360 additions and 2954 deletions
+5 -1
View File
@@ -52,10 +52,13 @@ usbin_PROGRAMS = \
noinst_PROGRAMS = id sulogin
suidbins = su
suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap
suidubins = chage chfn chsh expiry gpasswd newgrp passwd
if ACCT_TOOLS_SETUID
suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
endif
if ENABLE_SUBIDS
suidubins += newgidmap newuidmap
endif
if WITH_TCB
suidubins -= passwd
@@ -95,6 +98,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
lastlog_LDADD = $(LDADD) $(LIBAUDIT)
login_SOURCES = \
login.c \
login_nopam.c
+1251
View File
File diff suppressed because it is too large Load Diff
+2 -2
View File
@@ -592,7 +592,7 @@ static void open_files (bool readonly)
}
pw_locked = true;
}
if (pw_open (readonly ? O_RDONLY: O_RDWR) == 0) {
if (pw_open (readonly ? O_RDONLY: O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", pw_dbname ()));
fail_exit (E_NOPERM);
@@ -613,7 +613,7 @@ static void open_files (bool readonly)
}
spw_locked = true;
}
if (spw_open (readonly ? O_RDONLY: O_RDWR) == 0) {
if (spw_open (readonly ? O_RDONLY: O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, spw_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", spw_dbname ()));
+1 -1
View File
@@ -463,7 +463,7 @@ static void update_gecos (const char *user, char *gecos)
fail_exit (E_NOPERM);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, pw_dbname ());
fail_exit (E_NOPERM);
+2 -2
View File
@@ -316,7 +316,7 @@ static void open_files (void)
fail_exit (1);
}
gr_locked = true;
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, gr_dbname ());
fail_exit (1);
@@ -332,7 +332,7 @@ static void open_files (void)
fail_exit (1);
}
sgr_locked = true;
if (sgr_open (O_RDWR) == 0) {
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"),
Prog, sgr_dbname ());
fail_exit (1);
+2 -2
View File
@@ -313,7 +313,7 @@ static void open_files (void)
fail_exit (1);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, pw_dbname ());
fail_exit (1);
@@ -328,7 +328,7 @@ static void open_files (void)
fail_exit (1);
}
spw_locked = true;
if (spw_open (O_RDWR) == 0) {
if (spw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
+1 -1
View File
@@ -373,7 +373,7 @@ static void update_shell (const char *user, char *newshell)
fail_exit (1);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", pw_dbname ()));
fail_exit (1);
+2 -2
View File
@@ -370,7 +370,7 @@ static void open_files (void)
add_cleanup (log_gpasswd_failure_system, NULL);
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
@@ -380,7 +380,7 @@ static void open_files (void)
#ifdef SHADOWGRP
if (is_shadowgrp) {
if (sgr_open (O_RDWR) == 0) {
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
+2 -2
View File
@@ -346,7 +346,7 @@ static void open_files (void)
add_cleanup (cleanup_report_add_group, group_name);
/* And now open the databases */
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
exit (E_GRP_UPDATE);
@@ -354,7 +354,7 @@ static void open_files (void)
#ifdef SHADOWGRP
if (is_shadow_grp) {
if (sgr_open (O_RDWR) == 0) {
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
+11 -4
View File
@@ -60,6 +60,7 @@ const char *Prog;
static char *group_name;
static gid_t group_id = -1;
static bool check_group_busy = true;
#ifdef SHADOWGRP
static bool is_shadow_grp;
@@ -96,6 +97,7 @@ static /*@noreturn@*/void usage (int status)
Prog);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -f, --force delete group even if it is the primary group of a user\n"), usageout);
(void) fputs ("\n", usageout);
exit (status);
}
@@ -246,7 +248,7 @@ static void open_files (void)
add_cleanup (cleanup_report_del_group, group_name);
/* An now open the databases */
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
@@ -255,7 +257,7 @@ static void open_files (void)
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
if (sgr_open (O_RDWR) == 0) {
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
@@ -321,7 +323,7 @@ static void process_flags (int argc, char **argv)
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv, "hR:",
while ((c = getopt_long (argc, argv, "hfR:",
long_options, NULL)) != -1) {
switch (c) {
case 'h':
@@ -329,6 +331,9 @@ static void process_flags (int argc, char **argv)
/*@notreached@*/break;
case 'R': /* no-op, handled in process_root_flag () */
break;
case 'f':
check_group_busy = false;
break;
default:
usage (E_USAGE);
}
@@ -465,7 +470,9 @@ int main (int argc, char **argv)
/*
* Make sure this isn't the primary group of anyone.
*/
group_busy (group_id);
if (check_group_busy) {
group_busy (group_id);
}
/*
* Do the hard stuff - open the files, delete the group entries,
+2 -2
View File
@@ -536,14 +536,14 @@ static void open_files (void)
#endif
}
if (gr_open (list ? O_RDONLY : O_RDWR) == 0) {
if (gr_open (list ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
fail_exit (EXIT_GROUP_FILE);
}
#ifdef SHADOWGRP
if (is_shadowgrp) {
if (sgr_open (list ? O_RDONLY : O_RDWR) == 0) {
if (sgr_open (list ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ());
fail_exit (EXIT_GROUP_FILE);
}
+3 -3
View File
@@ -663,7 +663,7 @@ static void lock_files (void)
*/
static void open_files (void)
{
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
exit (E_GRP_UPDATE);
@@ -672,7 +672,7 @@ static void open_files (void)
#ifdef SHADOWGRP
if ( is_shadow_grp
&& (pflg || nflg)) {
if (sgr_open (O_RDWR) == 0) {
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
@@ -683,7 +683,7 @@ static void open_files (void)
#endif /* SHADOWGRP */
if (gflg) {
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, pw_dbname ());
+2 -2
View File
@@ -299,7 +299,7 @@ static void open_files (void)
* Open the files. Use O_RDONLY if we are in read_only mode,
* O_RDWR otherwise.
*/
if (gr_open (read_only ? O_RDONLY : O_RDWR) == 0) {
if (gr_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog,
grp_file);
if (use_system_grp_file) {
@@ -308,7 +308,7 @@ static void open_files (void)
fail_exit (E_CANT_OPEN);
}
#ifdef SHADOWGRP
if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_RDWR) == 0)) {
if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0)) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog,
sgr_file);
if (use_system_sgr_file) {
+1 -1
View File
@@ -163,7 +163,7 @@ int main (int argc, char **argv)
fail_exit (5);
}
gr_locked = true;
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
fail_exit (1);
}
+1 -1
View File
@@ -166,7 +166,7 @@ int main (int argc, char **argv)
fail_exit (5);
}
gr_locked = true;
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, gr_dbname ());
fail_exit (1);
+112 -3
View File
@@ -71,6 +71,8 @@ static struct stat statbuf; /* fstat buffer for file size */
static bool uflg = false; /* print only an user of range of users */
static bool tflg = false; /* print is restricted to most recent days */
static bool bflg = false; /* print excludes most recent days */
static bool Cflg = false; /* clear record for user */
static bool Sflg = false; /* set record for user */
#define NOW (time ((time_t *) 0))
@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int status)
"Options:\n"),
Prog);
(void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout);
(void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout);
(void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout);
(void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout);
(void) fputs ("\n", usageout);
@@ -194,6 +198,80 @@ static void print (void)
}
}
static void update_one (/*@null@*/const struct passwd *pw)
{
off_t offset;
struct lastlog ll;
int err;
if (NULL == pw) {
return;
}
offset = (off_t) pw->pw_uid * sizeof (ll);
/* fseeko errors are not really relevant for us. */
err = fseeko (lastlogfile, offset, SEEK_SET);
assert (0 == err);
memzero (&ll, sizeof (ll));
if (Sflg) {
ll.ll_time = NOW;
#ifdef HAVE_LL_HOST
strcpy (ll.ll_host, "localhost");
#endif
strcpy (ll.ll_line, "lastlog");
#ifdef WITH_AUDIT
audit_logger (AUDIT_ACCT_UNLOCK, Prog,
"clearing-lastlog",
pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
#endif
}
#ifdef WITH_AUDIT
else {
audit_logger (AUDIT_ACCT_UNLOCK, Prog,
"refreshing-lastlog",
pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
}
#endif
if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
fprintf (stderr,
_("%s: Failed to update the entry for UID %lu\n"),
Prog, (unsigned long int)pw->pw_uid);
exit (EXIT_FAILURE);
}
}
static void update (void)
{
const struct passwd *pwent;
if (!uflg) /* safety measure */
return;
if (has_umin && has_umax && (umin == umax)) {
update_one (getpwuid ((uid_t)umin));
} else {
setpwent ();
while ( (pwent = getpwent ()) != NULL ) {
if ((has_umin && (pwent->pw_uid < (uid_t)umin))
|| (has_umax && (pwent->pw_uid > (uid_t)umax))) {
continue;
}
update_one (pwent);
}
endpwent ();
}
if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
fprintf (stderr,
_("%s: Failed to update the lastlog file\n"),
Prog);
exit (EXIT_FAILURE);
}
}
int main (int argc, char **argv)
{
/*
@@ -208,18 +286,24 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv);
#ifdef WITH_AUDIT
audit_help_open ();
#endif
{
int c;
static struct option const longopts[] = {
{"before", required_argument, NULL, 'b'},
{"clear", no_argument, NULL, 'C'},
{"help", no_argument, NULL, 'h'},
{"root", required_argument, NULL, 'R'},
{"set", no_argument, NULL, 'S'},
{"time", required_argument, NULL, 't'},
{"user", required_argument, NULL, 'u'},
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
NULL)) != -1) {
switch (c) {
case 'b':
@@ -235,11 +319,21 @@ int main (int argc, char **argv)
bflg = true;
break;
}
case 'C':
{
Cflg = true;
break;
}
case 'h':
usage (EXIT_SUCCESS);
/*@notreached@*/break;
case 'R': /* no-op, handled in process_root_flag () */
break;
case 'S':
{
Sflg = true;
break;
}
case 't':
{
unsigned long days;
@@ -294,9 +388,21 @@ int main (int argc, char **argv)
Prog, argv[optind]);
usage (EXIT_FAILURE);
}
if (Cflg && Sflg) {
fprintf (stderr,
_("%s: Option -C cannot be used together with option -S\n"),
Prog);
usage (EXIT_FAILURE);
}
if ((Cflg || Sflg) && !uflg) {
fprintf (stderr,
_("%s: Options -C and -S require option -u to specify the user\n"),
Prog);
usage (EXIT_FAILURE);
}
}
lastlogfile = fopen (LASTLOG_FILE, "r");
lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
if (NULL == lastlogfile) {
perror (LASTLOG_FILE);
exit (EXIT_FAILURE);
@@ -310,7 +416,10 @@ int main (int argc, char **argv)
exit (EXIT_FAILURE);
}
print ();
if (Cflg || Sflg)
update ();
else
print ();
(void) fclose (lastlogfile);
+6 -3
View File
@@ -94,7 +94,7 @@ static void usage(void)
*/
int main(int argc, char **argv)
{
char proc_dir_name[PATH_MAX];
char proc_dir_name[32];
char *target_str;
pid_t target, parent;
int proc_dir_fd;
@@ -120,6 +120,7 @@ int main(int argc, char **argv)
if (!get_pid(target_str, &target))
usage();
/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/",
target);
if ((written <= 0) || (written >= sizeof(proc_dir_name))) {
@@ -160,8 +161,10 @@ int main(int argc, char **argv)
(getgid() != pw->pw_gid) ||
(pw->pw_uid != st.st_uid) ||
(pw->pw_gid != st.st_gid)) {
fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
Prog, target);
fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
Prog, target,
(unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
(unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
return EXIT_FAILURE;
}
+7 -2
View File
@@ -255,12 +255,15 @@ static void syslog_sg (const char *name, const char *group)
{
const char *loginname = getlogin ();
const char *tty = ttyname (0);
char *free_login = NULL, *free_tty = NULL;
if (loginname != NULL) {
loginname = xstrdup (loginname);
free_login = xstrdup (loginname);
loginname = free_login;
}
if (tty != NULL) {
tty = xstrdup (tty);
free_tty = xstrdup (tty);
tty = free_tty;
}
if (loginname == NULL) {
@@ -372,6 +375,8 @@ static void syslog_sg (const char *name, const char *group)
(void) signal (SIGTTOU, SIG_DFL);
}
#endif /* USE_PAM */
free(free_login);
free(free_tty);
}
#endif /* USE_SYSLOG */
+6 -3
View File
@@ -94,7 +94,7 @@ void usage(void)
*/
int main(int argc, char **argv)
{
char proc_dir_name[PATH_MAX];
char proc_dir_name[32];
char *target_str;
pid_t target, parent;
int proc_dir_fd;
@@ -120,6 +120,7 @@ int main(int argc, char **argv)
if (!get_pid(target_str, &target))
usage();
/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/",
target);
if ((written <= 0) || (written >= sizeof(proc_dir_name))) {
@@ -160,8 +161,10 @@ int main(int argc, char **argv)
(getgid() != pw->pw_gid) ||
(pw->pw_uid != st.st_uid) ||
(pw->pw_gid != st.st_gid)) {
fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ),
Prog, target);
fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ),
Prog, target,
(unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid,
(unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid);
return EXIT_FAILURE;
}
+8 -8
View File
@@ -805,27 +805,27 @@ static void open_files (void)
}
#endif /* ENABLE_SUBIDS */
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
fail_exit (EXIT_FAILURE);
}
if (is_shadow && (spw_open (O_RDWR) == 0)) {
if (is_shadow && (spw_open (O_CREAT | O_RDWR) == 0)) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ());
fail_exit (EXIT_FAILURE);
}
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
fail_exit (EXIT_FAILURE);
}
#ifdef SHADOWGRP
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ());
fail_exit (EXIT_FAILURE);
}
#endif
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_open (O_RDWR) == 0) {
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_uid_dbname ());
@@ -833,7 +833,7 @@ static void open_files (void)
}
}
if (is_sub_gid) {
if (sub_gid_open (O_RDWR) == 0) {
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_gid_dbname ());
@@ -988,8 +988,8 @@ int main (int argc, char **argv)
is_shadow_grp = sgr_file_present ();
#endif
#ifdef ENABLE_SUBIDS
is_sub_uid = sub_uid_file_present () && !rflg;
is_sub_gid = sub_gid_file_present () && !rflg;
is_sub_uid = sub_uid_file_present ();
is_sub_gid = sub_gid_file_present ();
#endif /* ENABLE_SUBIDS */
open_files ();
+2 -2
View File
@@ -573,7 +573,7 @@ static void update_noshadow (void)
exit (E_PWDBUSY);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
(void) fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, pw_dbname ());
@@ -627,7 +627,7 @@ static void update_shadow (void)
exit (E_PWDBUSY);
}
spw_locked = true;
if (spw_open (O_RDWR) == 0) {
if (spw_open (O_CREAT | O_RDWR) == 0) {
(void) fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
+3 -3
View File
@@ -281,7 +281,7 @@ static void open_files (void)
* Open the files. Use O_RDONLY if we are in read_only mode, O_RDWR
* otherwise.
*/
if (pw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
if (pw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"),
Prog, pw_dbname ());
if (use_system_pw_file) {
@@ -290,7 +290,7 @@ static void open_files (void)
fail_exit (E_CANTOPEN);
}
if (is_shadow && !use_tcb) {
if (spw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
if (spw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"),
Prog, spw_dbname ());
if (use_system_spw_file) {
@@ -566,7 +566,7 @@ static void check_pw_file (int *errors, bool *changed)
continue;
}
spw_locked = true;
if (spw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
if (spw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
+3 -2
View File
@@ -200,7 +200,7 @@ int main (int argc, char **argv)
fail_exit (E_PWDBUSY);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, pw_dbname ());
fail_exit (E_MISSING);
@@ -305,7 +305,8 @@ int main (int argc, char **argv)
}
/* /etc/passwd- (backup file) */
if (chmod (PASSWD_FILE "-", 0600) != 0) {
errno = 0;
if ((chmod (PASSWD_FILE "-", 0600) != 0) && (errno != ENOENT)) {
fprintf (stderr,
_("%s: failed to change the mode of %s to 0600\n"),
Prog, PASSWD_FILE "-");
+1 -1
View File
@@ -166,7 +166,7 @@ int main (int argc, char **argv)
fail_exit (5);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, pw_dbname ());
+11 -9
View File
@@ -1537,7 +1537,7 @@ static void open_files (void)
exit (E_PW_UPDATE);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
fail_exit (E_PW_UPDATE);
}
@@ -1554,7 +1554,7 @@ static void open_files (void)
fail_exit (E_GRP_UPDATE);
}
gr_locked = true;
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
fail_exit (E_GRP_UPDATE);
}
@@ -1567,7 +1567,7 @@ static void open_files (void)
fail_exit (E_GRP_UPDATE);
}
sgr_locked = true;
if (sgr_open (O_RDWR) == 0) {
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
@@ -1584,7 +1584,7 @@ static void open_files (void)
fail_exit (E_SUB_UID_UPDATE);
}
sub_uid_locked = true;
if (sub_uid_open (O_RDWR) == 0) {
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_uid_dbname ());
@@ -1599,7 +1599,7 @@ static void open_files (void)
fail_exit (E_SUB_GID_UPDATE);
}
sub_gid_locked = true;
if (sub_gid_open (O_RDWR) == 0) {
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_gid_dbname ());
@@ -1621,7 +1621,7 @@ static void open_shadow (void)
fail_exit (E_PW_UPDATE);
}
spw_locked = true;
if (spw_open (O_RDWR) == 0) {
if (spw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
@@ -1993,9 +1993,10 @@ int main (int argc, char **argv)
#endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
/* Needed for userns check */
#ifdef ENABLE_SUBIDS
uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
#endif
/*
* Get my name so that I can use it to report errors.
@@ -2025,6 +2026,9 @@ int main (int argc, char **argv)
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
process_flags (argc, argv);
#ifdef ENABLE_SUBIDS
is_sub_uid = sub_uid_file_present () && !rflg &&
(!user_id || (user_id <= uid_max && user_id >= uid_min));
@@ -2034,8 +2038,6 @@ int main (int argc, char **argv)
get_defaults ();
process_flags (argc, argv);
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM
{
+6 -6
View File
@@ -565,7 +565,7 @@ static void open_files (void)
fail_exit (E_PW_UPDATE);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, pw_dbname ());
#ifdef WITH_AUDIT
@@ -590,7 +590,7 @@ static void open_files (void)
fail_exit (E_PW_UPDATE);
}
spw_locked = true;
if (spw_open (O_RDWR) == 0) {
if (spw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
@@ -616,7 +616,7 @@ static void open_files (void)
fail_exit (E_GRP_UPDATE);
}
gr_locked = true;
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -641,7 +641,7 @@ static void open_files (void)
fail_exit (E_GRP_UPDATE);
}
sgr_locked= true;
if (sgr_open (O_RDWR) == 0) {
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"),
Prog, sgr_dbname ());
#ifdef WITH_AUDIT
@@ -669,7 +669,7 @@ static void open_files (void)
fail_exit (E_SUB_UID_UPDATE);
}
sub_uid_locked = true;
if (sub_uid_open (O_RDWR) == 0) {
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
#ifdef WITH_AUDIT
@@ -695,7 +695,7 @@ static void open_files (void)
fail_exit (E_SUB_GID_UPDATE);
}
sub_gid_locked = true;
if (sub_gid_open (O_RDWR) == 0) {
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
#ifdef WITH_AUDIT
+63 -65
View File
@@ -1361,6 +1361,7 @@ static void process_flags (int argc, char **argv)
exit (E_UID_IN_USE);
}
#ifdef ENABLE_SUBIDS
if ( (vflg || Vflg)
&& !is_sub_uid) {
fprintf (stderr,
@@ -1376,6 +1377,7 @@ static void process_flags (int argc, char **argv)
Prog, sub_gid_dbname (), "-w", "-W");
exit (E_USAGE);
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -1530,7 +1532,7 @@ static void open_files (void)
fail_exit (E_PW_UPDATE);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, pw_dbname ());
@@ -1543,7 +1545,7 @@ static void open_files (void)
fail_exit (E_PW_UPDATE);
}
spw_locked = true;
if (is_shadow_pwd && (spw_open (O_RDWR) == 0)) {
if (is_shadow_pwd && (spw_open (O_CREAT | O_RDWR) == 0)) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
@@ -1562,7 +1564,7 @@ static void open_files (void)
fail_exit (E_GRP_UPDATE);
}
gr_locked = true;
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
@@ -1576,7 +1578,7 @@ static void open_files (void)
fail_exit (E_GRP_UPDATE);
}
sgr_locked = true;
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
@@ -1593,7 +1595,7 @@ static void open_files (void)
fail_exit (E_SUB_UID_UPDATE);
}
sub_uid_locked = true;
if (sub_uid_open (O_RDWR) == 0) {
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_uid_dbname ());
@@ -1608,7 +1610,7 @@ static void open_files (void)
fail_exit (E_SUB_GID_UPDATE);
}
sub_gid_locked = true;
if (sub_gid_open (O_RDWR) == 0) {
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_gid_dbname ());
@@ -1717,60 +1719,6 @@ static void usr_update (void)
fail_exit (E_PW_UPDATE);
}
}
#ifdef ENABLE_SUBIDS
if (Vflg) {
struct ulong_range_list_entry *ptr;
for (ptr = del_sub_uids; ptr != NULL; ptr = ptr->next) {
unsigned long count = ptr->range.last - ptr->range.first + 1;
if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
fprintf (stderr,
_("%s: failed to remove uid range %lu-%lu from '%s'\n"),
Prog, ptr->range.first, ptr->range.last,
sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
}
}
if (vflg) {
struct ulong_range_list_entry *ptr;
for (ptr = add_sub_uids; ptr != NULL; ptr = ptr->next) {
unsigned long count = ptr->range.last - ptr->range.first + 1;
if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
fprintf (stderr,
_("%s: failed to add uid range %lu-%lu from '%s'\n"),
Prog, ptr->range.first, ptr->range.last,
sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
}
}
if (Wflg) {
struct ulong_range_list_entry *ptr;
for (ptr = del_sub_gids; ptr != NULL; ptr = ptr->next) {
unsigned long count = ptr->range.last - ptr->range.first + 1;
if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
fprintf (stderr,
_("%s: failed to remove gid range %lu-%lu from '%s'\n"),
Prog, ptr->range.first, ptr->range.last,
sub_gid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
}
}
if (wflg) {
struct ulong_range_list_entry *ptr;
for (ptr = add_sub_gids; ptr != NULL; ptr = ptr->next) {
unsigned long count = ptr->range.last - ptr->range.first + 1;
if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
fprintf (stderr,
_("%s: failed to add gid range %lu-%lu from '%s'\n"),
Prog, ptr->range.first, ptr->range.last,
sub_gid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
}
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -2174,16 +2122,66 @@ int main (int argc, char **argv)
*/
open_files ();
if ( cflg || dflg || eflg || fflg || gflg || Lflg || lflg || pflg
|| sflg || uflg || Uflg
#ifdef ENABLE_SUBIDS
|| vflg || Vflg || wflg || Wflg
#endif /* ENABLE_SUBIDS */
) {
|| sflg || uflg || Uflg) {
usr_update ();
}
if (Gflg || lflg) {
grp_update ();
}
#ifdef ENABLE_SUBIDS
if (Vflg) {
struct ulong_range_list_entry *ptr;
for (ptr = del_sub_uids; ptr != NULL; ptr = ptr->next) {
unsigned long count = ptr->range.last - ptr->range.first + 1;
if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
fprintf (stderr,
_("%s: failed to remove uid range %lu-%lu from '%s'\n"),
Prog, ptr->range.first, ptr->range.last,
sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
}
}
if (vflg) {
struct ulong_range_list_entry *ptr;
for (ptr = add_sub_uids; ptr != NULL; ptr = ptr->next) {
unsigned long count = ptr->range.last - ptr->range.first + 1;
if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
fprintf (stderr,
_("%s: failed to add uid range %lu-%lu from '%s'\n"),
Prog, ptr->range.first, ptr->range.last,
sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
}
}
if (Wflg) {
struct ulong_range_list_entry *ptr;
for (ptr = del_sub_gids; ptr != NULL; ptr = ptr->next) {
unsigned long count = ptr->range.last - ptr->range.first + 1;
if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
fprintf (stderr,
_("%s: failed to remove gid range %lu-%lu from '%s'\n"),
Prog, ptr->range.first, ptr->range.last,
sub_gid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
}
}
if (wflg) {
struct ulong_range_list_entry *ptr;
for (ptr = add_sub_gids; ptr != NULL; ptr = ptr->next) {
unsigned long count = ptr->range.last - ptr->range.first + 1;
if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
fprintf (stderr,
_("%s: failed to add gid range %lu-%lu from '%s'\n"),
Prog, ptr->range.first, ptr->range.last,
sub_gid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
}
}
#endif /* ENABLE_SUBIDS */
close_files ();
#ifdef WITH_TCB