New upstream version 4.7

This commit is contained in:
Balint Reczey
2019-06-23 22:06:37 +02:00
parent b0729855e8
commit b28d45d2bd
10587 changed files with 152812 additions and 381179 deletions
-35
View File
@@ -1,35 +0,0 @@
/chage
/chfn
/chgpasswd
/chpasswd
/chsh
/expiry
/faillog
/gpasswd
/groupadd
/groupdel
/groupmems
/groupmod
/groups
/grpck
/grpconv
/grpunconv
/id
/lastlog
/login
/logoutd
/newgrp
/newgidmap
/newuidmap
/newusers
/nologin
/passwd
/pwck
/pwconv
/pwunconv
/su
/sulogin
/useradd
/userdel
/usermod
/vipw
+10 -2
View File
@@ -61,8 +61,10 @@ if ACCT_TOOLS_SETUID
suidubins += chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
endif
if ENABLE_SUBIDS
if !FCAPS
suidubins += newgidmap newuidmap
endif
endif
if WITH_TCB
shadowsgidubins = passwd
@@ -86,8 +88,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
endif
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
newuidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP)
newgidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP)
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
@@ -138,3 +140,9 @@ if WITH_TCB
chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
done
endif
if ENABLE_SUBIDS
if FCAPS
setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap
setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
endif
endif
+1254
View File
File diff suppressed because it is too large Load Diff
+2
View File
@@ -47,6 +47,7 @@
#include "defines.h"
#include "getdef.h"
#include "nscd.h"
#include "sssd.h"
#ifdef USE_PAM
#include "pam_defs.h"
#endif
@@ -746,6 +747,7 @@ int main (int argc, char **argv)
SYSLOG ((LOG_INFO, "changed user '%s' information", user));
nscd_flush_cache ("passwd");
sssd_flush_cache (SSSD_DB_PASSWD);
closelog ();
exit (E_SUCCESS);
+2
View File
@@ -46,6 +46,7 @@
#endif /* ACCT_TOOLS_SETUID */
#include "defines.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#include "groupio.h"
#ifdef SHADOWGRP
@@ -581,6 +582,7 @@ int main (int argc, char **argv)
close_files ();
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
return (0);
}
+11
View File
@@ -44,6 +44,7 @@
#endif /* USE_PAM */
#include "defines.h"
#include "nscd.h"
#include "sssd.h"
#include "getdef.h"
#include "prototypes.h"
#include "pwio.h"
@@ -431,6 +432,15 @@ int main (int argc, char **argv)
*cp = '\0';
} else {
if (feof (stdin) == 0) {
// Drop all remaining characters on this line.
while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
cp = strchr (buf, '\n');
if (cp != NULL) {
break;
}
}
fprintf (stderr,
_("%s: line %d: line too long\n"),
Prog, line);
@@ -624,6 +634,7 @@ int main (int argc, char **argv)
}
nscd_flush_cache ("passwd");
sssd_flush_cache (SSSD_DB_PASSWD);
return (0);
}
+2
View File
@@ -46,6 +46,7 @@
#include "defines.h"
#include "getdef.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
@@ -557,6 +558,7 @@ int main (int argc, char **argv)
SYSLOG ((LOG_INFO, "changed user '%s' shell to '%s'", user, loginsh));
nscd_flush_cache ("passwd");
sssd_flush_cache (SSSD_DB_PASSWD);
closelog ();
exit (E_SUCCESS);
+2
View File
@@ -45,6 +45,7 @@
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
@@ -1201,6 +1202,7 @@ int main (int argc, char **argv)
close_files ();
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
exit (E_SUCCESS);
}
+2
View File
@@ -51,6 +51,7 @@
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
@@ -625,6 +626,7 @@ int main (int argc, char **argv)
close_files ();
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
return E_SUCCESS;
}
+2
View File
@@ -49,6 +49,7 @@
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
@@ -492,6 +493,7 @@ int main (int argc, char **argv)
close_files ();
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
return E_SUCCESS;
}
+2
View File
@@ -51,6 +51,7 @@
#include "groupio.h"
#include "pwio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
@@ -877,6 +878,7 @@ int main (int argc, char **argv)
close_files ();
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
return E_SUCCESS;
}
+5 -1
View File
@@ -45,6 +45,7 @@
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
@@ -869,7 +870,10 @@ int main (int argc, char **argv)
/* Commit the change in the database if needed */
close_files (changed);
nscd_flush_cache ("group");
if (!read_only) {
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
}
/*
* Tell the user what we did and exit.
+2
View File
@@ -48,6 +48,7 @@
#include <unistd.h>
#include <getopt.h>
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
/*@-exitarg@*/
#include "exitcodes.h"
@@ -273,6 +274,7 @@ int main (int argc, char **argv)
}
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
return 0;
}
+2
View File
@@ -48,6 +48,7 @@
#include <grp.h>
#include <getopt.h>
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
/*@-exitarg@*/
#include "exitcodes.h"
@@ -236,6 +237,7 @@ int main (int argc, char **argv)
}
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
return 0;
}
+21
View File
@@ -44,6 +44,7 @@
#include <assert.h>
#include "defines.h"
#include "prototypes.h"
#include "getdef.h"
/*@-exitarg@*/
#include "exitcodes.h"
@@ -182,6 +183,15 @@ static void print_one (/*@null@*/const struct passwd *pw)
static void print (void)
{
const struct passwd *pwent;
unsigned long lastlog_uid_max;
lastlog_uid_max = getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
if ( (has_umin && umin > lastlog_uid_max)
|| (has_umax && umax > lastlog_uid_max)) {
fprintf (stderr, _("%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
"\tthe output might be incorrect.\n"), Prog, lastlog_uid_max);
}
if (uflg && has_umin && has_umax && (umin == umax)) {
print_one (getpwuid ((uid_t)umin));
} else {
@@ -191,6 +201,8 @@ static void print (void)
&& ( (has_umin && (pwent->pw_uid < (uid_t)umin))
|| (has_umax && (pwent->pw_uid > (uid_t)umax)))) {
continue;
} else if ( !uflg && pwent->pw_uid > (uid_t) lastlog_uid_max) {
continue;
}
print_one (pwent);
}
@@ -246,10 +258,19 @@ static void update_one (/*@null@*/const struct passwd *pw)
static void update (void)
{
const struct passwd *pwent;
unsigned long lastlog_uid_max;
if (!uflg) /* safety measure */
return;
lastlog_uid_max = getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
if ( (has_umin && umin > lastlog_uid_max)
|| (has_umax && umax > lastlog_uid_max)) {
fprintf (stderr, _("%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
"\tthey will not be updated.\n"), Prog, lastlog_uid_max);
return;
}
if (has_umin && has_umax && (umin == umax)) {
update_one (getpwuid ((uid_t)umin));
} else {
+25 -7
View File
@@ -129,7 +129,12 @@ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *use
static void update_utmp (const char *user,
const char *tty,
const char *host,
/*@null@*/const struct utmp *utent);
#ifdef USE_UTMPX
/*@null@*/const struct utmpx *utent
#else
/*@null@*/const struct utmp *utent
#endif
);
#ifndef USE_PAM
static struct faillog faillog;
@@ -481,17 +486,23 @@ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *use
static void update_utmp (const char *user,
const char *tty,
const char *host,
/*@null@*/const struct utmp *utent)
#ifdef USE_UTMPX
/*@null@*/const struct utmpx *utent
#else
/*@null@*/const struct utmp *utent
#endif
)
{
struct utmp *ut = prepare_utmp (user, tty, host, utent);
#ifdef USE_UTMPX
struct utmpx *utx = prepare_utmpx (user, tty, host, utent);
#else
struct utmp *ut = prepare_utmp (user, tty, host, utent);
#endif /* USE_UTMPX */
#ifndef USE_UTMPX
(void) setutmp (ut); /* make entry in the utmp & wtmp files */
free (ut);
#ifdef USE_UTMPX
#else
(void) setutmpx (utx); /* make entry in the utmpx & wtmpx files */
free (utx);
#endif /* USE_UTMPX */
@@ -539,7 +550,11 @@ int main (int argc, char **argv)
struct passwd *pwd = NULL;
char **envp = environ;
const char *failent_user;
#ifdef USE_UTMPX
/*@null@*/struct utmpx *utent;
#else
/*@null@*/struct utmp *utent;
#endif
#ifdef USE_PAM
int retcode;
@@ -681,7 +696,7 @@ int main (int argc, char **argv)
if (rflg || hflg) {
cp = hostname;
#ifdef HAVE_STRUCT_UTMP_UT_HOST
#if defined(HAVE_STRUCT_UTMP_UT_HOST) || defined(USE_UTMPX)
} else if ((NULL != utent) && ('\0' != utent->ut_host[0])) {
cp = utent->ut_host;
#endif /* HAVE_STRUCT_UTMP_UT_HOST */
@@ -1147,7 +1162,9 @@ int main (int argc, char **argv)
#endif /* WITH_AUDIT */
#ifndef USE_PAM /* pam_lastlog handles this */
if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */
if ( getdef_bool ("LASTLOG_ENAB")
&& pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)) {
/* give last login and log this one */
dolastlog (&ll, pwd, tty, hostname);
}
#endif
@@ -1283,6 +1300,7 @@ int main (int argc, char **argv)
}
}
if ( getdef_bool ("LASTLOG_ENAB")
&& pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)
&& (ll.ll_time != 0)) {
time_t ll_time = ll.ll_time;
+1 -1
View File
@@ -250,7 +250,7 @@ int main(int argc, char **argv)
verify_ranges(pw, ranges, mappings, &allow_setgroups);
write_setgroups(proc_dir_fd, allow_setgroups);
write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
write_mapping(proc_dir_fd, ranges, mappings, "gid_map", pw->pw_uid);
sub_gid_close();
return EXIT_SUCCESS;
+1 -1
View File
@@ -179,7 +179,7 @@ int main(int argc, char **argv)
verify_ranges(pw, ranges, mappings);
write_mapping(proc_dir_fd, ranges, mappings, "uid_map");
write_mapping(proc_dir_fd, ranges, mappings, "uid_map", pw->pw_uid);
sub_uid_close();
return EXIT_SUCCESS;
+2
View File
@@ -62,6 +62,7 @@
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "pwio.h"
#include "sgroupio.h"
#include "shadowio.h"
@@ -1233,6 +1234,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
#ifdef USE_PAM
unsigned int i;
+3 -2
View File
@@ -24,7 +24,6 @@
* SUCH DAMAGE.
*/
#include <config.h>
#ident "$Id$"
@@ -36,6 +35,7 @@
int main (void)
{
const char *user, *tty;
uid_t uid;
tty = ttyname (0);
if (NULL == tty) {
@@ -45,8 +45,9 @@ int main (void)
if (NULL == user) {
user = "UNKNOWN";
}
uid = getuid (); /* getuid() is always successful */
openlog ("nologin", LOG_CONS, LOG_AUTH);
syslog (LOG_CRIT, "Attempted login by %s on %s", user, tty);
syslog (LOG_CRIT, "Attempted login by %s (UID: %d) on %s", user, uid, tty);
closelog ();
printf ("%s", "This account is currently not available.\n");
+2
View File
@@ -51,6 +51,7 @@
#include "defines.h"
#include "getdef.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
@@ -1150,6 +1151,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
SYSLOG ((LOG_INFO, "password for '%s' changed by '%s'", name, myname));
closelog ();
+6 -2
View File
@@ -48,6 +48,7 @@
#include "shadowio.h"
#include "getdef.h"
#include "nscd.h"
#include "sssd.h"
#ifdef WITH_TCB
#include "tcbfuncs.h"
#endif /* WITH_TCB */
@@ -608,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
sp.sp_inact = -1;
sp.sp_expire = -1;
sp.sp_flag = SHADOW_SP_FLAG_UNSET;
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
sp.sp_lstchg = (long) gettime () / SCALE;
if (0 == sp.sp_lstchg) {
/* Better disable aging than
* requiring a password change
@@ -876,7 +877,10 @@ int main (int argc, char **argv)
close_files (changed);
nscd_flush_cache ("passwd");
if (!read_only) {
nscd_flush_cache ("passwd");
sssd_flush_cache (SSSD_DB_PASSWD);
}
/*
* Tell the user what we did and exit.
+3 -1
View File
@@ -72,6 +72,7 @@
#include "pwio.h"
#include "shadowio.h"
#include "nscd.h"
#include "sssd.h"
/*
* exit status values
@@ -266,7 +267,7 @@ int main (int argc, char **argv)
spent.sp_flag = SHADOW_SP_FLAG_UNSET;
}
spent.sp_pwdp = pw->pw_passwd;
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
spent.sp_lstchg = (long) gettime () / SCALE;
if (0 == spent.sp_lstchg) {
/* Better disable aging than requiring a password
* change */
@@ -328,6 +329,7 @@ int main (int argc, char **argv)
}
nscd_flush_cache ("passwd");
sssd_flush_cache (SSSD_DB_PASSWD);
return E_SUCCESS;
}
+2
View File
@@ -42,6 +42,7 @@
#include <getopt.h>
#include "defines.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
@@ -250,6 +251,7 @@ int main (int argc, char **argv)
}
nscd_flush_cache ("passwd");
sssd_flush_cache (SSSD_DB_PASSWD);
return 0;
}
+15 -20
View File
@@ -913,28 +913,8 @@ static void set_environment (struct passwd *pw)
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
}
#ifdef USE_PAM
/* we need to setup the environment *after* pam_open_session(),
* else the UID is changed before stuff like pam_xauth could
* run, and we cannot access /etc/shadow and co
*/
environ = newenvp; /* make new environment active */
if (change_environment) {
/* update environment with all pam set variables */
char **envcp = pam_getenvlist (pamh);
if (NULL != envcp) {
while (NULL != *envcp) {
addenv (*envcp, NULL);
envcp++;
}
}
}
#else /* !USE_PAM */
environ = newenvp; /* make new environment active */
#endif /* !USE_PAM */
if (change_environment) {
if (fakelogin) {
if (shellstr != pw->pw_shell) {
@@ -948,6 +928,21 @@ static void set_environment (struct passwd *pw)
addenv ("LOGNAME", pw->pw_name);
addenv ("SHELL", shellstr);
}
#ifdef USE_PAM
/* we need to setup the environment *after* pam_open_session(),
* else the UID is changed before stuff like pam_xauth could
* run, and we cannot access /etc/shadow and co
*/
/* update environment with all pam set variables */
char **envcp = pam_getenvlist (pamh);
if (NULL != envcp) {
while (NULL != *envcp) {
addenv (*envcp, NULL);
envcp++;
}
}
#endif /* !USE_PAM */
}
}
+130 -28
View File
@@ -60,6 +60,7 @@
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
@@ -164,6 +165,7 @@ static bool
oflg = false, /* permit non-unique user ID to be specified with -u */
rflg = false, /* create a system account */
sflg = false, /* shell program for new account */
subvolflg = false, /* create subvolume home on BTRFS */
uflg = false, /* specify user ID for new account */
Uflg = false; /* create a group having the same name as the user */
@@ -343,7 +345,7 @@ static void fail_exit (int code)
static void get_defaults (void)
{
FILE *fp;
char* default_file = USER_DEFAULTS_FILE;
char *default_file = USER_DEFAULTS_FILE;
char buf[1024];
char *cp;
@@ -353,6 +355,8 @@ static void get_defaults (void)
len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
default_file = malloc(len);
if (default_file == NULL)
return;
wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
assert (wlen == (int) len -1);
}
@@ -363,7 +367,7 @@ static void get_defaults (void)
fp = fopen (default_file, "r");
if (NULL == fp) {
return;
goto getdef_err;
}
/*
@@ -474,7 +478,7 @@ static void get_defaults (void)
}
}
(void) fclose (fp);
getdef_err:
if(prefix[0]) {
free(default_file);
}
@@ -509,8 +513,8 @@ static int set_defaults (void)
FILE *ifp;
FILE *ofp;
char buf[1024];
char* new_file = NEW_USER_FILE;
char* default_file = USER_DEFAULTS_FILE;
char *new_file = NULL;
char *default_file = USER_DEFAULTS_FILE;
char *cp;
int ofd;
int wlen;
@@ -521,17 +525,30 @@ static int set_defaults (void)
bool out_shell = false;
bool out_skel = false;
bool out_create_mail_spool = false;
size_t len;
int ret = -1;
len = strlen(prefix) + strlen(NEW_USER_FILE) + 2;
new_file = malloc(len);
if (new_file == NULL) {
fprintf (stderr,
_("%s: cannot create new defaults file: %s\n"),
Prog, strerror(errno));
return -1;
}
wlen = snprintf(new_file, len, "%s%s%s", prefix, prefix[0]?"/":"", NEW_USER_FILE);
assert (wlen <= (int) len -1);
if(prefix[0]) {
size_t len;
len = strlen(prefix) + strlen(NEW_USER_FILE) + 2;
new_file = malloc(len);
wlen = snprintf(new_file, len, "%s/%s", prefix, NEW_USER_FILE);
assert (wlen == (int) len -1);
len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
default_file = malloc(len);
if (default_file == NULL) {
fprintf (stderr,
_("%s: cannot create new defaults file: %s\n"),
Prog, strerror(errno));
goto setdef_err;
}
wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
assert (wlen == (int) len -1);
}
@@ -544,7 +561,7 @@ static int set_defaults (void)
fprintf (stderr,
_("%s: cannot create new defaults file\n"),
Prog);
return -1;
goto setdef_err;
}
ofp = fdopen (ofd, "w");
@@ -552,7 +569,7 @@ static int set_defaults (void)
fprintf (stderr,
_("%s: cannot open new defaults file\n"),
Prog);
return -1;
goto setdef_err;
}
/*
@@ -579,7 +596,7 @@ static int set_defaults (void)
_("%s: line too long in %s: %s..."),
Prog, default_file, buf);
(void) fclose (ifp);
return -1;
goto setdef_err;
}
}
@@ -643,7 +660,7 @@ static int set_defaults (void)
|| (fsync (fileno (ofp)) != 0)
|| (fclose (ofp) != 0)) {
unlink (new_file);
return -1;
goto setdef_err;
}
/*
@@ -658,7 +675,7 @@ static int set_defaults (void)
_("%s: Cannot create backup file (%s): %s\n"),
Prog, buf, strerror (err));
unlink (new_file);
return -1;
goto setdef_err;
}
/*
@@ -669,7 +686,7 @@ static int set_defaults (void)
fprintf (stderr,
_("%s: rename: %s: %s\n"),
Prog, new_file, strerror (err));
return -1;
goto setdef_err;
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USYS_CONFIG, Prog,
@@ -683,13 +700,14 @@ static int set_defaults (void)
(unsigned int) def_group, def_home, def_shell,
def_inactive, def_expire, def_template,
def_create_mail_spool));
ret = 0;
setdef_err:
free(new_file);
if(prefix[0]) {
free(new_file);
free(default_file);
}
return 0;
return ret;
}
/*
@@ -805,6 +823,9 @@ static void usage (int status)
Prog, Prog, Prog);
(void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n"
" new account\n"), usageout);
#ifdef WITH_BTRFS
(void) fputs (_(" --btrfs-subvolume-home use BTRFS subvolume for home directory\n"), usageout);
#endif
(void) fputs (_(" -c, --comment COMMENT GECOS field of the new account\n"), usageout);
(void) fputs (_(" -d, --home-dir HOME_DIR home directory of the new account\n"), usageout);
(void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout);
@@ -1085,6 +1106,9 @@ static void process_flags (int argc, char **argv)
int c;
static struct option long_options[] = {
{"base-dir", required_argument, NULL, 'b'},
#ifdef WITH_BTRFS
{"btrfs-subvolume-home", no_argument, NULL, 200},
#endif
{"comment", required_argument, NULL, 'c'},
{"home-dir", required_argument, NULL, 'd'},
{"defaults", no_argument, NULL, 'D'},
@@ -1131,6 +1155,9 @@ static void process_flags (int argc, char **argv)
def_home = optarg;
bflg = true;
break;
case 200:
subvolflg = true;
break;
case 'c':
if (!VALID (optarg)) {
fprintf (stderr,
@@ -1846,11 +1873,18 @@ static void lastlog_reset (uid_t uid)
struct lastlog ll;
int fd;
off_t offset_uid = (off_t) (sizeof ll) * uid;
uid_t max_uid;
if (access (LASTLOG_FILE, F_OK) != 0) {
return;
}
max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
if (uid > max_uid) {
/* do not touch lastlog for large uids */
return;
}
memzero (&ll, sizeof (ll));
fd = open (LASTLOG_FILE, O_RDWR);
@@ -2018,6 +2052,19 @@ static void usr_update (void)
static void create_home (void)
{
if (access (prefix_user_home, F_OK) != 0) {
char path[strlen (prefix_user_home) + 2];
char *bhome, *cp;
path[0] = '\0';
bhome = strdup (prefix_user_home);
if (!bhome) {
fprintf (stderr,
_("%s: error while duplicating string %s\n"),
Prog, user_home);
fail_exit (E_HOMEDIR);
}
++bhome;
#ifdef WITH_SELINUX
if (set_selinux_file_context (prefix_user_home) != 0) {
fprintf (stderr,
@@ -2026,19 +2073,73 @@ static void create_home (void)
fail_exit (E_HOMEDIR);
}
#endif
/* XXX - create missing parent directories. --marekm */
if (mkdir (prefix_user_home, 0) != 0) {
/* Check for every part of the path, if the directory
exists. If not, create it with permissions 755 and
owner root:root.
*/
cp = strtok (bhome, "/");
while (cp) {
strcat (path, "/");
strcat (path, cp);
if (access (path, F_OK) != 0) {
/* Check if parent directory is BTRFS, fail if requesting
subvolume but no BTRFS. The paths cound be different by the
trailing slash
*/
#if WITH_BTRFS
if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) {
char *btrfs_check = strdup(path);
if (!btrfs_check) {
fprintf (stderr,
_("%s: error while duplicating string in BTRFS check %s\n"),
Prog, path);
fail_exit (E_HOMEDIR);
}
btrfs_check[strlen(path) - strlen(cp) - 1] = '\0';
if (is_btrfs(btrfs_check) <= 0) {
fprintf (stderr,
_("%s: home directory \"%s\" must be mounted on BTRFS\n"),
Prog, path);
fail_exit (E_HOMEDIR);
}
// make subvolume to mount for user instead of directory
if (btrfs_create_subvolume(path)) {
fprintf (stderr,
_("%s: failed to create BTRFS subvolume: %s\n"),
Prog, path);
fail_exit (E_HOMEDIR);
}
}
else
#endif
if (mkdir (path, 0) != 0) {
fprintf (stderr,
_("%s: cannot create directory %s\n"),
Prog, prefix_user_home);
_("%s: cannot create directory %s\n"),
Prog, path);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding home directory",
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
"adding home directory",
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif
fail_exit (E_HOMEDIR);
}
if (chown (path, 0, 0) < 0) {
fprintf (stderr,
_("%s: warning: chown on `%s' failed: %m\n"),
Prog, path);
}
if (chmod (path, 0755) < 0) {
fprintf (stderr,
_("%s: warning: chmod on `%s' failed: %m\n"),
Prog, path);
}
}
cp = strtok (NULL, "/");
}
(void) chown (prefix_user_home, user_id, user_gid);
chmod (prefix_user_home,
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
@@ -2389,6 +2490,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
return E_SUCCESS;
}
+19
View File
@@ -53,6 +53,7 @@
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
@@ -1271,6 +1272,23 @@ int main (int argc, char **argv)
#endif /* EXTRA_CHECK_HOME_DIR */
if (rflg) {
#ifdef WITH_BTRFS
int is_subvolume = btrfs_is_subvolume (user_home);
if (is_subvolume < 0) {
errors++;
/* continue */
}
else if (is_subvolume > 0) {
if (btrfs_remove_subvolume (user_home)) {
fprintf (stderr,
_("%s: error removing subvolume %s\n"),
Prog, user_home);
errors++;
/* continue */
}
}
else
#endif
if (remove_tree (user_home, true) != 0) {
fprintf (stderr,
_("%s: error removing directory %s\n"),
@@ -1328,6 +1346,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
return ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
}
+29 -6
View File
@@ -57,6 +57,7 @@
#include "getdef.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#include "pwauth.h"
#include "pwio.h"
@@ -1251,11 +1252,13 @@ static void process_flags (int argc, char **argv)
prefix_user_home = xmalloc(len);
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
assert (wlen == (int) len -1);
if (user_newhome) {
len = strlen(prefix) + strlen(user_newhome) + 2;
prefix_user_newhome = xmalloc(len);
wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
assert (wlen == (int) len -1);
}
len = strlen(prefix) + strlen(user_newhome) + 2;
prefix_user_newhome = xmalloc(len);
wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
assert (wlen == (int) len -1);
}
else {
prefix_user_home = user_home;
@@ -1365,7 +1368,7 @@ static void process_flags (int argc, char **argv)
|| Zflg
#endif /* WITH_SELINUX */
)) {
fprintf (stderr, _("%s: no changes\n"), Prog);
fprintf (stdout, _("%s: no changes\n"), Prog);
exit (E_SUCCESS);
}
@@ -1816,6 +1819,15 @@ static void move_home (void)
return;
} else {
if (EXDEV == errno) {
#ifdef WITH_BTRFS
if (btrfs_is_subvolume (prefix_user_home) > 0) {
fprintf (stderr,
_("%s: error: cannot move subvolume from %s to %s - different device\n"),
Prog, prefix_user_home, prefix_user_newhome);
fail_exit (E_HOMEDIR);
}
#endif
if (copy_tree (prefix_user_home, prefix_user_newhome, true,
true,
user_id,
@@ -1861,11 +1873,18 @@ static void update_lastlog (void)
int fd;
off_t off_uid = (off_t) user_id * sizeof ll;
off_t off_newuid = (off_t) user_newid * sizeof ll;
uid_t max_uid;
if (access (LASTLOG_FILE, F_OK) != 0) {
return;
}
max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL);
if (user_newid > max_uid) {
/* do not touch lastlog for large uids */
return;
}
fd = open (LASTLOG_FILE, O_RDWR);
if (-1 == fd) {
@@ -2253,6 +2272,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
#ifdef WITH_SELINUX
if (Zflg) {
@@ -2302,7 +2322,10 @@ int main (int argc, char **argv)
}
if (!mflg && (uflg || gflg)) {
if (access (dflg ? prefix_user_newhome : prefix_user_home, F_OK) == 0) {
struct stat sb;
if (stat (dflg ? prefix_user_newhome : prefix_user_home, &sb) == 0 &&
((uflg && sb.st_uid == user_newid) || sb.st_uid == user_id)) {
/*
* Change the UID on all of the files owned by
* `user_id' to `user_newid' in the user's home
+2
View File
@@ -42,6 +42,7 @@
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
#include "pwio.h"
#include "sgroupio.h"
@@ -556,6 +557,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
return E_SUCCESS;
}