New upstream version 4.7
This commit is contained in:
@@ -1,35 +0,0 @@
|
||||
/chage
|
||||
/chfn
|
||||
/chgpasswd
|
||||
/chpasswd
|
||||
/chsh
|
||||
/expiry
|
||||
/faillog
|
||||
/gpasswd
|
||||
/groupadd
|
||||
/groupdel
|
||||
/groupmems
|
||||
/groupmod
|
||||
/groups
|
||||
/grpck
|
||||
/grpconv
|
||||
/grpunconv
|
||||
/id
|
||||
/lastlog
|
||||
/login
|
||||
/logoutd
|
||||
/newgrp
|
||||
/newgidmap
|
||||
/newuidmap
|
||||
/newusers
|
||||
/nologin
|
||||
/passwd
|
||||
/pwck
|
||||
/pwconv
|
||||
/pwunconv
|
||||
/su
|
||||
/sulogin
|
||||
/useradd
|
||||
/userdel
|
||||
/usermod
|
||||
/vipw
|
||||
+10
-2
@@ -61,8 +61,10 @@ if ACCT_TOOLS_SETUID
|
||||
suidubins += chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
|
||||
endif
|
||||
if ENABLE_SUBIDS
|
||||
if !FCAPS
|
||||
suidubins += newgidmap newuidmap
|
||||
endif
|
||||
endif
|
||||
|
||||
if WITH_TCB
|
||||
shadowsgidubins = passwd
|
||||
@@ -86,8 +88,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
|
||||
endif
|
||||
|
||||
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
newuidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP)
|
||||
newgidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP)
|
||||
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
|
||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
@@ -138,3 +140,9 @@ if WITH_TCB
|
||||
chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
|
||||
done
|
||||
endif
|
||||
if ENABLE_SUBIDS
|
||||
if FCAPS
|
||||
setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap
|
||||
setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
|
||||
endif
|
||||
endif
|
||||
|
||||
+1254
File diff suppressed because it is too large
Load Diff
@@ -47,6 +47,7 @@
|
||||
#include "defines.h"
|
||||
#include "getdef.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#ifdef USE_PAM
|
||||
#include "pam_defs.h"
|
||||
#endif
|
||||
@@ -746,6 +747,7 @@ int main (int argc, char **argv)
|
||||
SYSLOG ((LOG_INFO, "changed user '%s' information", user));
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD);
|
||||
|
||||
closelog ();
|
||||
exit (E_SUCCESS);
|
||||
|
||||
@@ -46,6 +46,7 @@
|
||||
#endif /* ACCT_TOOLS_SETUID */
|
||||
#include "defines.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#include "groupio.h"
|
||||
#ifdef SHADOWGRP
|
||||
@@ -581,6 +582,7 @@ int main (int argc, char **argv)
|
||||
close_files ();
|
||||
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -44,6 +44,7 @@
|
||||
#endif /* USE_PAM */
|
||||
#include "defines.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "getdef.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwio.h"
|
||||
@@ -431,6 +432,15 @@ int main (int argc, char **argv)
|
||||
*cp = '\0';
|
||||
} else {
|
||||
if (feof (stdin) == 0) {
|
||||
|
||||
// Drop all remaining characters on this line.
|
||||
while (fgets (buf, (int) sizeof buf, stdin) != (char *) 0) {
|
||||
cp = strchr (buf, '\n');
|
||||
if (cp != NULL) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
fprintf (stderr,
|
||||
_("%s: line %d: line too long\n"),
|
||||
Prog, line);
|
||||
@@ -624,6 +634,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -46,6 +46,7 @@
|
||||
#include "defines.h"
|
||||
#include "getdef.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwauth.h"
|
||||
#include "pwio.h"
|
||||
@@ -557,6 +558,7 @@ int main (int argc, char **argv)
|
||||
SYSLOG ((LOG_INFO, "changed user '%s' shell to '%s'", user, loginsh));
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD);
|
||||
|
||||
closelog ();
|
||||
exit (E_SUCCESS);
|
||||
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "defines.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#ifdef SHADOWGRP
|
||||
#include "sgroupio.h"
|
||||
@@ -1201,6 +1202,7 @@ int main (int argc, char **argv)
|
||||
close_files ();
|
||||
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
|
||||
exit (E_SUCCESS);
|
||||
}
|
||||
|
||||
@@ -51,6 +51,7 @@
|
||||
#include "getdef.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#ifdef SHADOWGRP
|
||||
#include "sgroupio.h"
|
||||
@@ -625,6 +626,7 @@ int main (int argc, char **argv)
|
||||
close_files ();
|
||||
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -49,6 +49,7 @@
|
||||
#include "defines.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#ifdef SHADOWGRP
|
||||
#include "sgroupio.h"
|
||||
@@ -492,6 +493,7 @@ int main (int argc, char **argv)
|
||||
close_files ();
|
||||
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -51,6 +51,7 @@
|
||||
#include "groupio.h"
|
||||
#include "pwio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#ifdef SHADOWGRP
|
||||
#include "sgroupio.h"
|
||||
@@ -877,6 +878,7 @@ int main (int argc, char **argv)
|
||||
close_files ();
|
||||
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
||||
+5
-1
@@ -45,6 +45,7 @@
|
||||
#include "defines.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
|
||||
#ifdef SHADOWGRP
|
||||
@@ -869,7 +870,10 @@ int main (int argc, char **argv)
|
||||
/* Commit the change in the database if needed */
|
||||
close_files (changed);
|
||||
|
||||
nscd_flush_cache ("group");
|
||||
if (!read_only) {
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
}
|
||||
|
||||
/*
|
||||
* Tell the user what we did and exit.
|
||||
|
||||
@@ -48,6 +48,7 @@
|
||||
#include <unistd.h>
|
||||
#include <getopt.h>
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
/*@-exitarg@*/
|
||||
#include "exitcodes.h"
|
||||
@@ -273,6 +274,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -48,6 +48,7 @@
|
||||
#include <grp.h>
|
||||
#include <getopt.h>
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
/*@-exitarg@*/
|
||||
#include "exitcodes.h"
|
||||
@@ -236,6 +237,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <assert.h>
|
||||
#include "defines.h"
|
||||
#include "prototypes.h"
|
||||
#include "getdef.h"
|
||||
/*@-exitarg@*/
|
||||
#include "exitcodes.h"
|
||||
|
||||
@@ -182,6 +183,15 @@ static void print_one (/*@null@*/const struct passwd *pw)
|
||||
static void print (void)
|
||||
{
|
||||
const struct passwd *pwent;
|
||||
unsigned long lastlog_uid_max;
|
||||
|
||||
lastlog_uid_max = getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
|
||||
if ( (has_umin && umin > lastlog_uid_max)
|
||||
|| (has_umax && umax > lastlog_uid_max)) {
|
||||
fprintf (stderr, _("%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
|
||||
"\tthe output might be incorrect.\n"), Prog, lastlog_uid_max);
|
||||
}
|
||||
|
||||
if (uflg && has_umin && has_umax && (umin == umax)) {
|
||||
print_one (getpwuid ((uid_t)umin));
|
||||
} else {
|
||||
@@ -191,6 +201,8 @@ static void print (void)
|
||||
&& ( (has_umin && (pwent->pw_uid < (uid_t)umin))
|
||||
|| (has_umax && (pwent->pw_uid > (uid_t)umax)))) {
|
||||
continue;
|
||||
} else if ( !uflg && pwent->pw_uid > (uid_t) lastlog_uid_max) {
|
||||
continue;
|
||||
}
|
||||
print_one (pwent);
|
||||
}
|
||||
@@ -246,10 +258,19 @@ static void update_one (/*@null@*/const struct passwd *pw)
|
||||
static void update (void)
|
||||
{
|
||||
const struct passwd *pwent;
|
||||
unsigned long lastlog_uid_max;
|
||||
|
||||
if (!uflg) /* safety measure */
|
||||
return;
|
||||
|
||||
lastlog_uid_max = getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
|
||||
if ( (has_umin && umin > lastlog_uid_max)
|
||||
|| (has_umax && umax > lastlog_uid_max)) {
|
||||
fprintf (stderr, _("%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
|
||||
"\tthey will not be updated.\n"), Prog, lastlog_uid_max);
|
||||
return;
|
||||
}
|
||||
|
||||
if (has_umin && has_umax && (umin == umax)) {
|
||||
update_one (getpwuid ((uid_t)umin));
|
||||
} else {
|
||||
|
||||
+25
-7
@@ -129,7 +129,12 @@ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *use
|
||||
static void update_utmp (const char *user,
|
||||
const char *tty,
|
||||
const char *host,
|
||||
/*@null@*/const struct utmp *utent);
|
||||
#ifdef USE_UTMPX
|
||||
/*@null@*/const struct utmpx *utent
|
||||
#else
|
||||
/*@null@*/const struct utmp *utent
|
||||
#endif
|
||||
);
|
||||
|
||||
#ifndef USE_PAM
|
||||
static struct faillog faillog;
|
||||
@@ -481,17 +486,23 @@ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *use
|
||||
static void update_utmp (const char *user,
|
||||
const char *tty,
|
||||
const char *host,
|
||||
/*@null@*/const struct utmp *utent)
|
||||
#ifdef USE_UTMPX
|
||||
/*@null@*/const struct utmpx *utent
|
||||
#else
|
||||
/*@null@*/const struct utmp *utent
|
||||
#endif
|
||||
)
|
||||
{
|
||||
struct utmp *ut = prepare_utmp (user, tty, host, utent);
|
||||
#ifdef USE_UTMPX
|
||||
struct utmpx *utx = prepare_utmpx (user, tty, host, utent);
|
||||
#else
|
||||
struct utmp *ut = prepare_utmp (user, tty, host, utent);
|
||||
#endif /* USE_UTMPX */
|
||||
|
||||
#ifndef USE_UTMPX
|
||||
(void) setutmp (ut); /* make entry in the utmp & wtmp files */
|
||||
free (ut);
|
||||
|
||||
#ifdef USE_UTMPX
|
||||
#else
|
||||
(void) setutmpx (utx); /* make entry in the utmpx & wtmpx files */
|
||||
free (utx);
|
||||
#endif /* USE_UTMPX */
|
||||
@@ -539,7 +550,11 @@ int main (int argc, char **argv)
|
||||
struct passwd *pwd = NULL;
|
||||
char **envp = environ;
|
||||
const char *failent_user;
|
||||
#ifdef USE_UTMPX
|
||||
/*@null@*/struct utmpx *utent;
|
||||
#else
|
||||
/*@null@*/struct utmp *utent;
|
||||
#endif
|
||||
|
||||
#ifdef USE_PAM
|
||||
int retcode;
|
||||
@@ -681,7 +696,7 @@ int main (int argc, char **argv)
|
||||
|
||||
if (rflg || hflg) {
|
||||
cp = hostname;
|
||||
#ifdef HAVE_STRUCT_UTMP_UT_HOST
|
||||
#if defined(HAVE_STRUCT_UTMP_UT_HOST) || defined(USE_UTMPX)
|
||||
} else if ((NULL != utent) && ('\0' != utent->ut_host[0])) {
|
||||
cp = utent->ut_host;
|
||||
#endif /* HAVE_STRUCT_UTMP_UT_HOST */
|
||||
@@ -1147,7 +1162,9 @@ int main (int argc, char **argv)
|
||||
#endif /* WITH_AUDIT */
|
||||
|
||||
#ifndef USE_PAM /* pam_lastlog handles this */
|
||||
if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */
|
||||
if ( getdef_bool ("LASTLOG_ENAB")
|
||||
&& pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)) {
|
||||
/* give last login and log this one */
|
||||
dolastlog (&ll, pwd, tty, hostname);
|
||||
}
|
||||
#endif
|
||||
@@ -1283,6 +1300,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
}
|
||||
if ( getdef_bool ("LASTLOG_ENAB")
|
||||
&& pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)
|
||||
&& (ll.ll_time != 0)) {
|
||||
time_t ll_time = ll.ll_time;
|
||||
|
||||
|
||||
+1
-1
@@ -250,7 +250,7 @@ int main(int argc, char **argv)
|
||||
verify_ranges(pw, ranges, mappings, &allow_setgroups);
|
||||
|
||||
write_setgroups(proc_dir_fd, allow_setgroups);
|
||||
write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
|
||||
write_mapping(proc_dir_fd, ranges, mappings, "gid_map", pw->pw_uid);
|
||||
sub_gid_close();
|
||||
|
||||
return EXIT_SUCCESS;
|
||||
|
||||
+1
-1
@@ -179,7 +179,7 @@ int main(int argc, char **argv)
|
||||
|
||||
verify_ranges(pw, ranges, mappings);
|
||||
|
||||
write_mapping(proc_dir_fd, ranges, mappings, "uid_map");
|
||||
write_mapping(proc_dir_fd, ranges, mappings, "uid_map", pw->pw_uid);
|
||||
sub_uid_close();
|
||||
|
||||
return EXIT_SUCCESS;
|
||||
|
||||
@@ -62,6 +62,7 @@
|
||||
#include "getdef.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "pwio.h"
|
||||
#include "sgroupio.h"
|
||||
#include "shadowio.h"
|
||||
@@ -1233,6 +1234,7 @@ int main (int argc, char **argv)
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
#ifdef USE_PAM
|
||||
unsigned int i;
|
||||
|
||||
+3
-2
@@ -24,7 +24,6 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#ident "$Id$"
|
||||
|
||||
@@ -36,6 +35,7 @@
|
||||
int main (void)
|
||||
{
|
||||
const char *user, *tty;
|
||||
uid_t uid;
|
||||
|
||||
tty = ttyname (0);
|
||||
if (NULL == tty) {
|
||||
@@ -45,8 +45,9 @@ int main (void)
|
||||
if (NULL == user) {
|
||||
user = "UNKNOWN";
|
||||
}
|
||||
uid = getuid (); /* getuid() is always successful */
|
||||
openlog ("nologin", LOG_CONS, LOG_AUTH);
|
||||
syslog (LOG_CRIT, "Attempted login by %s on %s", user, tty);
|
||||
syslog (LOG_CRIT, "Attempted login by %s (UID: %d) on %s", user, uid, tty);
|
||||
closelog ();
|
||||
|
||||
printf ("%s", "This account is currently not available.\n");
|
||||
|
||||
@@ -51,6 +51,7 @@
|
||||
#include "defines.h"
|
||||
#include "getdef.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwauth.h"
|
||||
#include "pwio.h"
|
||||
@@ -1150,6 +1151,7 @@ int main (int argc, char **argv)
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
SYSLOG ((LOG_INFO, "password for '%s' changed by '%s'", name, myname));
|
||||
closelog ();
|
||||
|
||||
+6
-2
@@ -48,6 +48,7 @@
|
||||
#include "shadowio.h"
|
||||
#include "getdef.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#ifdef WITH_TCB
|
||||
#include "tcbfuncs.h"
|
||||
#endif /* WITH_TCB */
|
||||
@@ -608,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
|
||||
sp.sp_inact = -1;
|
||||
sp.sp_expire = -1;
|
||||
sp.sp_flag = SHADOW_SP_FLAG_UNSET;
|
||||
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||
sp.sp_lstchg = (long) gettime () / SCALE;
|
||||
if (0 == sp.sp_lstchg) {
|
||||
/* Better disable aging than
|
||||
* requiring a password change
|
||||
@@ -876,7 +877,10 @@ int main (int argc, char **argv)
|
||||
|
||||
close_files (changed);
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
if (!read_only) {
|
||||
nscd_flush_cache ("passwd");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD);
|
||||
}
|
||||
|
||||
/*
|
||||
* Tell the user what we did and exit.
|
||||
|
||||
+3
-1
@@ -72,6 +72,7 @@
|
||||
#include "pwio.h"
|
||||
#include "shadowio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
|
||||
/*
|
||||
* exit status values
|
||||
@@ -266,7 +267,7 @@ int main (int argc, char **argv)
|
||||
spent.sp_flag = SHADOW_SP_FLAG_UNSET;
|
||||
}
|
||||
spent.sp_pwdp = pw->pw_passwd;
|
||||
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||
spent.sp_lstchg = (long) gettime () / SCALE;
|
||||
if (0 == spent.sp_lstchg) {
|
||||
/* Better disable aging than requiring a password
|
||||
* change */
|
||||
@@ -328,6 +329,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD);
|
||||
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -42,6 +42,7 @@
|
||||
#include <getopt.h>
|
||||
#include "defines.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwio.h"
|
||||
#include "shadowio.h"
|
||||
@@ -250,6 +251,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -913,28 +913,8 @@ static void set_environment (struct passwd *pw)
|
||||
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
|
||||
}
|
||||
|
||||
#ifdef USE_PAM
|
||||
/* we need to setup the environment *after* pam_open_session(),
|
||||
* else the UID is changed before stuff like pam_xauth could
|
||||
* run, and we cannot access /etc/shadow and co
|
||||
*/
|
||||
environ = newenvp; /* make new environment active */
|
||||
|
||||
if (change_environment) {
|
||||
/* update environment with all pam set variables */
|
||||
char **envcp = pam_getenvlist (pamh);
|
||||
if (NULL != envcp) {
|
||||
while (NULL != *envcp) {
|
||||
addenv (*envcp, NULL);
|
||||
envcp++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#else /* !USE_PAM */
|
||||
environ = newenvp; /* make new environment active */
|
||||
#endif /* !USE_PAM */
|
||||
|
||||
if (change_environment) {
|
||||
if (fakelogin) {
|
||||
if (shellstr != pw->pw_shell) {
|
||||
@@ -948,6 +928,21 @@ static void set_environment (struct passwd *pw)
|
||||
addenv ("LOGNAME", pw->pw_name);
|
||||
addenv ("SHELL", shellstr);
|
||||
}
|
||||
|
||||
#ifdef USE_PAM
|
||||
/* we need to setup the environment *after* pam_open_session(),
|
||||
* else the UID is changed before stuff like pam_xauth could
|
||||
* run, and we cannot access /etc/shadow and co
|
||||
*/
|
||||
/* update environment with all pam set variables */
|
||||
char **envcp = pam_getenvlist (pamh);
|
||||
if (NULL != envcp) {
|
||||
while (NULL != *envcp) {
|
||||
addenv (*envcp, NULL);
|
||||
envcp++;
|
||||
}
|
||||
}
|
||||
#endif /* !USE_PAM */
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+130
-28
@@ -60,6 +60,7 @@
|
||||
#include "getdef.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwauth.h"
|
||||
#include "pwio.h"
|
||||
@@ -164,6 +165,7 @@ static bool
|
||||
oflg = false, /* permit non-unique user ID to be specified with -u */
|
||||
rflg = false, /* create a system account */
|
||||
sflg = false, /* shell program for new account */
|
||||
subvolflg = false, /* create subvolume home on BTRFS */
|
||||
uflg = false, /* specify user ID for new account */
|
||||
Uflg = false; /* create a group having the same name as the user */
|
||||
|
||||
@@ -343,7 +345,7 @@ static void fail_exit (int code)
|
||||
static void get_defaults (void)
|
||||
{
|
||||
FILE *fp;
|
||||
char* default_file = USER_DEFAULTS_FILE;
|
||||
char *default_file = USER_DEFAULTS_FILE;
|
||||
char buf[1024];
|
||||
char *cp;
|
||||
|
||||
@@ -353,6 +355,8 @@ static void get_defaults (void)
|
||||
|
||||
len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
|
||||
default_file = malloc(len);
|
||||
if (default_file == NULL)
|
||||
return;
|
||||
wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
|
||||
assert (wlen == (int) len -1);
|
||||
}
|
||||
@@ -363,7 +367,7 @@ static void get_defaults (void)
|
||||
|
||||
fp = fopen (default_file, "r");
|
||||
if (NULL == fp) {
|
||||
return;
|
||||
goto getdef_err;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -474,7 +478,7 @@ static void get_defaults (void)
|
||||
}
|
||||
}
|
||||
(void) fclose (fp);
|
||||
|
||||
getdef_err:
|
||||
if(prefix[0]) {
|
||||
free(default_file);
|
||||
}
|
||||
@@ -509,8 +513,8 @@ static int set_defaults (void)
|
||||
FILE *ifp;
|
||||
FILE *ofp;
|
||||
char buf[1024];
|
||||
char* new_file = NEW_USER_FILE;
|
||||
char* default_file = USER_DEFAULTS_FILE;
|
||||
char *new_file = NULL;
|
||||
char *default_file = USER_DEFAULTS_FILE;
|
||||
char *cp;
|
||||
int ofd;
|
||||
int wlen;
|
||||
@@ -521,17 +525,30 @@ static int set_defaults (void)
|
||||
bool out_shell = false;
|
||||
bool out_skel = false;
|
||||
bool out_create_mail_spool = false;
|
||||
size_t len;
|
||||
int ret = -1;
|
||||
|
||||
|
||||
len = strlen(prefix) + strlen(NEW_USER_FILE) + 2;
|
||||
new_file = malloc(len);
|
||||
if (new_file == NULL) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot create new defaults file: %s\n"),
|
||||
Prog, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
wlen = snprintf(new_file, len, "%s%s%s", prefix, prefix[0]?"/":"", NEW_USER_FILE);
|
||||
assert (wlen <= (int) len -1);
|
||||
|
||||
if(prefix[0]) {
|
||||
size_t len;
|
||||
|
||||
len = strlen(prefix) + strlen(NEW_USER_FILE) + 2;
|
||||
new_file = malloc(len);
|
||||
wlen = snprintf(new_file, len, "%s/%s", prefix, NEW_USER_FILE);
|
||||
assert (wlen == (int) len -1);
|
||||
|
||||
len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
|
||||
default_file = malloc(len);
|
||||
if (default_file == NULL) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot create new defaults file: %s\n"),
|
||||
Prog, strerror(errno));
|
||||
goto setdef_err;
|
||||
}
|
||||
wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
|
||||
assert (wlen == (int) len -1);
|
||||
}
|
||||
@@ -544,7 +561,7 @@ static int set_defaults (void)
|
||||
fprintf (stderr,
|
||||
_("%s: cannot create new defaults file\n"),
|
||||
Prog);
|
||||
return -1;
|
||||
goto setdef_err;
|
||||
}
|
||||
|
||||
ofp = fdopen (ofd, "w");
|
||||
@@ -552,7 +569,7 @@ static int set_defaults (void)
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open new defaults file\n"),
|
||||
Prog);
|
||||
return -1;
|
||||
goto setdef_err;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -579,7 +596,7 @@ static int set_defaults (void)
|
||||
_("%s: line too long in %s: %s..."),
|
||||
Prog, default_file, buf);
|
||||
(void) fclose (ifp);
|
||||
return -1;
|
||||
goto setdef_err;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -643,7 +660,7 @@ static int set_defaults (void)
|
||||
|| (fsync (fileno (ofp)) != 0)
|
||||
|| (fclose (ofp) != 0)) {
|
||||
unlink (new_file);
|
||||
return -1;
|
||||
goto setdef_err;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -658,7 +675,7 @@ static int set_defaults (void)
|
||||
_("%s: Cannot create backup file (%s): %s\n"),
|
||||
Prog, buf, strerror (err));
|
||||
unlink (new_file);
|
||||
return -1;
|
||||
goto setdef_err;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -669,7 +686,7 @@ static int set_defaults (void)
|
||||
fprintf (stderr,
|
||||
_("%s: rename: %s: %s\n"),
|
||||
Prog, new_file, strerror (err));
|
||||
return -1;
|
||||
goto setdef_err;
|
||||
}
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USYS_CONFIG, Prog,
|
||||
@@ -683,13 +700,14 @@ static int set_defaults (void)
|
||||
(unsigned int) def_group, def_home, def_shell,
|
||||
def_inactive, def_expire, def_template,
|
||||
def_create_mail_spool));
|
||||
|
||||
ret = 0;
|
||||
setdef_err:
|
||||
free(new_file);
|
||||
if(prefix[0]) {
|
||||
free(new_file);
|
||||
free(default_file);
|
||||
}
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -805,6 +823,9 @@ static void usage (int status)
|
||||
Prog, Prog, Prog);
|
||||
(void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n"
|
||||
" new account\n"), usageout);
|
||||
#ifdef WITH_BTRFS
|
||||
(void) fputs (_(" --btrfs-subvolume-home use BTRFS subvolume for home directory\n"), usageout);
|
||||
#endif
|
||||
(void) fputs (_(" -c, --comment COMMENT GECOS field of the new account\n"), usageout);
|
||||
(void) fputs (_(" -d, --home-dir HOME_DIR home directory of the new account\n"), usageout);
|
||||
(void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout);
|
||||
@@ -1085,6 +1106,9 @@ static void process_flags (int argc, char **argv)
|
||||
int c;
|
||||
static struct option long_options[] = {
|
||||
{"base-dir", required_argument, NULL, 'b'},
|
||||
#ifdef WITH_BTRFS
|
||||
{"btrfs-subvolume-home", no_argument, NULL, 200},
|
||||
#endif
|
||||
{"comment", required_argument, NULL, 'c'},
|
||||
{"home-dir", required_argument, NULL, 'd'},
|
||||
{"defaults", no_argument, NULL, 'D'},
|
||||
@@ -1131,6 +1155,9 @@ static void process_flags (int argc, char **argv)
|
||||
def_home = optarg;
|
||||
bflg = true;
|
||||
break;
|
||||
case 200:
|
||||
subvolflg = true;
|
||||
break;
|
||||
case 'c':
|
||||
if (!VALID (optarg)) {
|
||||
fprintf (stderr,
|
||||
@@ -1846,11 +1873,18 @@ static void lastlog_reset (uid_t uid)
|
||||
struct lastlog ll;
|
||||
int fd;
|
||||
off_t offset_uid = (off_t) (sizeof ll) * uid;
|
||||
uid_t max_uid;
|
||||
|
||||
if (access (LASTLOG_FILE, F_OK) != 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
|
||||
if (uid > max_uid) {
|
||||
/* do not touch lastlog for large uids */
|
||||
return;
|
||||
}
|
||||
|
||||
memzero (&ll, sizeof (ll));
|
||||
|
||||
fd = open (LASTLOG_FILE, O_RDWR);
|
||||
@@ -2018,6 +2052,19 @@ static void usr_update (void)
|
||||
static void create_home (void)
|
||||
{
|
||||
if (access (prefix_user_home, F_OK) != 0) {
|
||||
char path[strlen (prefix_user_home) + 2];
|
||||
char *bhome, *cp;
|
||||
|
||||
path[0] = '\0';
|
||||
bhome = strdup (prefix_user_home);
|
||||
if (!bhome) {
|
||||
fprintf (stderr,
|
||||
_("%s: error while duplicating string %s\n"),
|
||||
Prog, user_home);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
++bhome;
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (prefix_user_home) != 0) {
|
||||
fprintf (stderr,
|
||||
@@ -2026,19 +2073,73 @@ static void create_home (void)
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
||||
/* XXX - create missing parent directories. --marekm */
|
||||
if (mkdir (prefix_user_home, 0) != 0) {
|
||||
|
||||
/* Check for every part of the path, if the directory
|
||||
exists. If not, create it with permissions 755 and
|
||||
owner root:root.
|
||||
*/
|
||||
cp = strtok (bhome, "/");
|
||||
while (cp) {
|
||||
strcat (path, "/");
|
||||
strcat (path, cp);
|
||||
if (access (path, F_OK) != 0) {
|
||||
/* Check if parent directory is BTRFS, fail if requesting
|
||||
subvolume but no BTRFS. The paths cound be different by the
|
||||
trailing slash
|
||||
*/
|
||||
#if WITH_BTRFS
|
||||
if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) {
|
||||
char *btrfs_check = strdup(path);
|
||||
|
||||
if (!btrfs_check) {
|
||||
fprintf (stderr,
|
||||
_("%s: error while duplicating string in BTRFS check %s\n"),
|
||||
Prog, path);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
btrfs_check[strlen(path) - strlen(cp) - 1] = '\0';
|
||||
if (is_btrfs(btrfs_check) <= 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: home directory \"%s\" must be mounted on BTRFS\n"),
|
||||
Prog, path);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
// make subvolume to mount for user instead of directory
|
||||
if (btrfs_create_subvolume(path)) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to create BTRFS subvolume: %s\n"),
|
||||
Prog, path);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if (mkdir (path, 0) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot create directory %s\n"),
|
||||
Prog, prefix_user_home);
|
||||
_("%s: cannot create directory %s\n"),
|
||||
Prog, path);
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_ADD_USER, Prog,
|
||||
"adding home directory",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
"adding home directory",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
#endif
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
if (chown (path, 0, 0) < 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: warning: chown on `%s' failed: %m\n"),
|
||||
Prog, path);
|
||||
}
|
||||
if (chmod (path, 0755) < 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: warning: chmod on `%s' failed: %m\n"),
|
||||
Prog, path);
|
||||
}
|
||||
}
|
||||
cp = strtok (NULL, "/");
|
||||
}
|
||||
|
||||
(void) chown (prefix_user_home, user_id, user_gid);
|
||||
chmod (prefix_user_home,
|
||||
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
||||
@@ -2389,6 +2490,7 @@ int main (int argc, char **argv)
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -53,6 +53,7 @@
|
||||
#include "getdef.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwauth.h"
|
||||
#include "pwio.h"
|
||||
@@ -1271,6 +1272,23 @@ int main (int argc, char **argv)
|
||||
#endif /* EXTRA_CHECK_HOME_DIR */
|
||||
|
||||
if (rflg) {
|
||||
#ifdef WITH_BTRFS
|
||||
int is_subvolume = btrfs_is_subvolume (user_home);
|
||||
if (is_subvolume < 0) {
|
||||
errors++;
|
||||
/* continue */
|
||||
}
|
||||
else if (is_subvolume > 0) {
|
||||
if (btrfs_remove_subvolume (user_home)) {
|
||||
fprintf (stderr,
|
||||
_("%s: error removing subvolume %s\n"),
|
||||
Prog, user_home);
|
||||
errors++;
|
||||
/* continue */
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if (remove_tree (user_home, true) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: error removing directory %s\n"),
|
||||
@@ -1328,6 +1346,7 @@ int main (int argc, char **argv)
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
return ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
|
||||
}
|
||||
|
||||
+29
-6
@@ -57,6 +57,7 @@
|
||||
#include "getdef.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwauth.h"
|
||||
#include "pwio.h"
|
||||
@@ -1251,11 +1252,13 @@ static void process_flags (int argc, char **argv)
|
||||
prefix_user_home = xmalloc(len);
|
||||
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
|
||||
assert (wlen == (int) len -1);
|
||||
if (user_newhome) {
|
||||
len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||
prefix_user_newhome = xmalloc(len);
|
||||
wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||
assert (wlen == (int) len -1);
|
||||
}
|
||||
|
||||
len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||
prefix_user_newhome = xmalloc(len);
|
||||
wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||
assert (wlen == (int) len -1);
|
||||
}
|
||||
else {
|
||||
prefix_user_home = user_home;
|
||||
@@ -1365,7 +1368,7 @@ static void process_flags (int argc, char **argv)
|
||||
|| Zflg
|
||||
#endif /* WITH_SELINUX */
|
||||
)) {
|
||||
fprintf (stderr, _("%s: no changes\n"), Prog);
|
||||
fprintf (stdout, _("%s: no changes\n"), Prog);
|
||||
exit (E_SUCCESS);
|
||||
}
|
||||
|
||||
@@ -1816,6 +1819,15 @@ static void move_home (void)
|
||||
return;
|
||||
} else {
|
||||
if (EXDEV == errno) {
|
||||
#ifdef WITH_BTRFS
|
||||
if (btrfs_is_subvolume (prefix_user_home) > 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: error: cannot move subvolume from %s to %s - different device\n"),
|
||||
Prog, prefix_user_home, prefix_user_newhome);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (copy_tree (prefix_user_home, prefix_user_newhome, true,
|
||||
true,
|
||||
user_id,
|
||||
@@ -1861,11 +1873,18 @@ static void update_lastlog (void)
|
||||
int fd;
|
||||
off_t off_uid = (off_t) user_id * sizeof ll;
|
||||
off_t off_newuid = (off_t) user_newid * sizeof ll;
|
||||
uid_t max_uid;
|
||||
|
||||
if (access (LASTLOG_FILE, F_OK) != 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL);
|
||||
if (user_newid > max_uid) {
|
||||
/* do not touch lastlog for large uids */
|
||||
return;
|
||||
}
|
||||
|
||||
fd = open (LASTLOG_FILE, O_RDWR);
|
||||
|
||||
if (-1 == fd) {
|
||||
@@ -2253,6 +2272,7 @@ int main (int argc, char **argv)
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (Zflg) {
|
||||
@@ -2302,7 +2322,10 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
if (!mflg && (uflg || gflg)) {
|
||||
if (access (dflg ? prefix_user_newhome : prefix_user_home, F_OK) == 0) {
|
||||
struct stat sb;
|
||||
|
||||
if (stat (dflg ? prefix_user_newhome : prefix_user_home, &sb) == 0 &&
|
||||
((uflg && sb.st_uid == user_newid) || sb.st_uid == user_id)) {
|
||||
/*
|
||||
* Change the UID on all of the files owned by
|
||||
* `user_id' to `user_newid' in the user's home
|
||||
|
||||
@@ -42,6 +42,7 @@
|
||||
#include "defines.h"
|
||||
#include "groupio.h"
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwio.h"
|
||||
#include "sgroupio.h"
|
||||
@@ -556,6 +557,7 @@ int main (int argc, char **argv)
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user