New upstream version 4.15.1
This commit is contained in:
+47
-109
@@ -19,6 +19,8 @@
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "alloc.h"
|
||||
#ifdef ACCT_TOOLS_SETUID
|
||||
#ifdef USE_PAM
|
||||
#include "pam_defs.h"
|
||||
@@ -50,6 +52,8 @@
|
||||
#include "subordinateio.h"
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
#include "shadowlog.h"
|
||||
#include "string/sprintf.h"
|
||||
|
||||
|
||||
/*
|
||||
* exit status values
|
||||
@@ -68,7 +72,7 @@
|
||||
/*
|
||||
* Global variables
|
||||
*/
|
||||
const char *Prog;
|
||||
static const char Prog[] = "userdel";
|
||||
|
||||
static char *user_name;
|
||||
static uid_t user_id;
|
||||
@@ -204,8 +208,7 @@ static void update_groups (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting user from group",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_SUCCESS);
|
||||
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
||||
#endif /* WITH_AUDIT */
|
||||
SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n",
|
||||
user_name, ngrp->gr_name));
|
||||
@@ -266,8 +269,7 @@ static void update_groups (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting user from shadow group",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_SUCCESS);
|
||||
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
||||
#endif /* WITH_AUDIT */
|
||||
SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
|
||||
user_name, nsgrp->sg_name));
|
||||
@@ -526,8 +528,7 @@ static void fail_exit (int code)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting user",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
|
||||
exit (code);
|
||||
@@ -548,8 +549,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"locking password file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
@@ -560,8 +560,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"opening password file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
@@ -573,8 +572,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"locking shadow password file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
@@ -586,8 +584,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"opening shadow password file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
@@ -599,8 +596,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"locking group file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
@@ -610,8 +606,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"opening group file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
@@ -624,8 +619,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"locking shadow group file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
@@ -636,8 +630,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"opening shadow group file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
@@ -652,8 +645,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"locking subordinate user file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
@@ -664,8 +656,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"opening subordinate user file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
@@ -678,8 +669,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"locking subordinate group file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_SUB_GID_UPDATE);
|
||||
}
|
||||
@@ -690,8 +680,7 @@ static void open_files (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"opening subordinate group file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_SUB_GID_UPDATE);
|
||||
}
|
||||
@@ -738,8 +727,7 @@ static void update_user (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting user entries",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_SUCCESS);
|
||||
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
||||
#endif /* WITH_AUDIT */
|
||||
SYSLOG ((LOG_INFO, "delete user '%s'\n", user_name));
|
||||
}
|
||||
@@ -763,7 +751,7 @@ static void user_cancel (const char *user)
|
||||
}
|
||||
argv[0] = cmd;
|
||||
argv[1] = user;
|
||||
argv[2] = (char *)0;
|
||||
argv[2] = NULL;
|
||||
(void) run_command (cmd, argv, NULL, &status);
|
||||
}
|
||||
|
||||
@@ -802,11 +790,9 @@ static int is_owner (uid_t uid, const char *path)
|
||||
|
||||
static int remove_mailbox (void)
|
||||
{
|
||||
const char *maildir;
|
||||
char* mailfile;
|
||||
int i;
|
||||
int errors = 0;
|
||||
size_t len;
|
||||
int i, errors = 0;
|
||||
char *mailfile;
|
||||
const char *maildir;
|
||||
|
||||
maildir = getdef_str ("MAIL_DIR");
|
||||
#ifdef MAIL_SPOOL_DIR
|
||||
@@ -818,18 +804,11 @@ static int remove_mailbox (void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
len = strlen (prefix) + strlen (maildir) + strlen (user_name) + 2;
|
||||
mailfile = xmalloc (len);
|
||||
|
||||
if (prefix[0]) {
|
||||
(void) snprintf (mailfile, len, "%s/%s/%s",
|
||||
prefix, maildir, user_name);
|
||||
xasprintf(&mailfile, "%s/%s/%s", prefix, maildir, user_name);
|
||||
} else {
|
||||
xasprintf(&mailfile, "%s/%s", maildir, user_name);
|
||||
}
|
||||
else {
|
||||
(void) snprintf (mailfile, len, "%s/%s",
|
||||
maildir, user_name);
|
||||
}
|
||||
mailfile[len-1] = '\0';
|
||||
|
||||
if (access (mailfile, F_OK) != 0) {
|
||||
if (ENOENT == errno) {
|
||||
@@ -846,8 +825,7 @@ static int remove_mailbox (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting mail file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
free(mailfile);
|
||||
return -1;
|
||||
@@ -863,8 +841,7 @@ static int remove_mailbox (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting mail file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
errors = 1;
|
||||
/* continue */
|
||||
@@ -874,8 +851,7 @@ static int remove_mailbox (void)
|
||||
{
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting mail file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_SUCCESS);
|
||||
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
||||
}
|
||||
#endif /* WITH_AUDIT */
|
||||
free(mailfile);
|
||||
@@ -892,8 +868,7 @@ static int remove_mailbox (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting mail file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
free(mailfile);
|
||||
return 1;
|
||||
@@ -909,8 +884,7 @@ static int remove_mailbox (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting mail file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
errors = 1;
|
||||
/* continue */
|
||||
@@ -920,8 +894,7 @@ static int remove_mailbox (void)
|
||||
{
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting mail file",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_SUCCESS);
|
||||
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
||||
}
|
||||
#endif /* WITH_AUDIT */
|
||||
free(mailfile);
|
||||
@@ -931,22 +904,19 @@ static int remove_mailbox (void)
|
||||
#ifdef WITH_TCB
|
||||
static int remove_tcbdir (const char *user_name, uid_t user_id)
|
||||
{
|
||||
char *buf;
|
||||
int ret = 0;
|
||||
size_t buflen = (sizeof TCB_DIR) + strlen (user_name) + 2;
|
||||
int ret = 0;
|
||||
char *buf;
|
||||
|
||||
if (!getdef_bool ("USE_TCB")) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
buf = malloc (buflen);
|
||||
if (NULL == buf) {
|
||||
fprintf (stderr, _("%s: Can't allocate memory, "
|
||||
"tcb entry for %s not removed.\n"),
|
||||
Prog, user_name);
|
||||
if (asprintf(&buf, TCB_DIR "/%s", user_name) == -1) {
|
||||
fprintf(stderr,
|
||||
_("%s: Can't allocate memory, tcb entry for %s not removed.\n"),
|
||||
Prog, user_name);
|
||||
return 1;
|
||||
}
|
||||
snprintf (buf, buflen, TCB_DIR "/%s", user_name);
|
||||
if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
|
||||
fprintf (stderr, _("%s: Cannot drop privileges: %s\n"),
|
||||
Prog, strerror (errno));
|
||||
@@ -989,10 +959,6 @@ int main (int argc, char **argv)
|
||||
#endif /* USE_PAM */
|
||||
#endif /* ACCT_TOOLS_SETUID */
|
||||
|
||||
/*
|
||||
* Get my name so that I can use it to report errors.
|
||||
*/
|
||||
Prog = Basename (argv[0]);
|
||||
log_set_progname(Prog);
|
||||
log_set_logfd(stderr);
|
||||
(void) setlocale (LC_ALL, "");
|
||||
@@ -1002,7 +968,7 @@ int main (int argc, char **argv)
|
||||
process_root_flag ("-R", argc, argv);
|
||||
prefix = process_prefix_flag ("-P", argc, argv);
|
||||
|
||||
OPENLOG ("userdel");
|
||||
OPENLOG (Prog);
|
||||
#ifdef WITH_AUDIT
|
||||
audit_help_open ();
|
||||
#endif /* WITH_AUDIT */
|
||||
@@ -1086,7 +1052,7 @@ int main (int argc, char **argv)
|
||||
exit (E_PW_UPDATE);
|
||||
}
|
||||
|
||||
retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh);
|
||||
retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
|
||||
}
|
||||
|
||||
if (PAM_SUCCESS == retval) {
|
||||
@@ -1148,15 +1114,9 @@ int main (int argc, char **argv)
|
||||
user_gid = pwd->pw_gid;
|
||||
|
||||
if (prefix[0]) {
|
||||
|
||||
size_t len = strlen(prefix) + strlen(pwd->pw_dir) + 2;
|
||||
int wlen;
|
||||
user_home = xmalloc(len);
|
||||
wlen = snprintf(user_home, len, "%s/%s", prefix, pwd->pw_dir);
|
||||
assert (wlen == (int) len -1);
|
||||
}
|
||||
else {
|
||||
user_home = xstrdup (pwd->pw_dir);
|
||||
xasprintf(&user_home, "%s/%s", prefix, pwd->pw_dir);
|
||||
} else {
|
||||
user_home = xstrdup(pwd->pw_dir);
|
||||
}
|
||||
pw_close();
|
||||
}
|
||||
@@ -1165,26 +1125,6 @@ int main (int argc, char **argv)
|
||||
exit (E_NOTFOUND);
|
||||
}
|
||||
#endif /* WITH_TCB */
|
||||
#ifdef USE_NIS
|
||||
|
||||
/*
|
||||
* Now make sure it isn't an NIS user.
|
||||
*/
|
||||
if (__ispwNIS ()) {
|
||||
char *nis_domain;
|
||||
char *nis_master;
|
||||
|
||||
fprintf (stderr,
|
||||
_("%s: user %s is a NIS user\n"), Prog, user_name);
|
||||
if ( !yp_get_default_domain (&nis_domain)
|
||||
&& !yp_master (nis_domain, "passwd.byname", &nis_master)) {
|
||||
fprintf (stderr,
|
||||
_("%s: %s is the NIS master\n"),
|
||||
Prog, nis_master);
|
||||
}
|
||||
exit (E_NOTFOUND);
|
||||
}
|
||||
#endif /* USE_NIS */
|
||||
/*
|
||||
* Check to make certain the user isn't logged in.
|
||||
* Note: This is a best effort basis. The user may log in between,
|
||||
@@ -1290,8 +1230,7 @@ int main (int argc, char **argv)
|
||||
{
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
"deleting home directory",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_SUCCESS);
|
||||
user_name, user_id, SHADOW_AUDIT_SUCCESS);
|
||||
}
|
||||
#endif /* WITH_AUDIT */
|
||||
}
|
||||
@@ -1313,8 +1252,7 @@ int main (int argc, char **argv)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_ADD_USER, Prog,
|
||||
"removing SELinux user mapping",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
user_name, user_id, SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_SE_UPDATE);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user