Compare commits
25 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4c944d236c | |||
| 46cc41933b | |||
| 388cb97893 | |||
| 81c4e06c3b | |||
| 4fcb8d510b | |||
| 2ff61e3c80 | |||
| 61472718df | |||
| b63aced4b3 | |||
| b532614a3b | |||
| 02f8995749 | |||
| cb56b9d10e | |||
| bdb2aa7202 | |||
| 7a3935ef98 | |||
| 9d0f797494 | |||
| 862809e6de | |||
| 0e71b4600c | |||
| fcee2d4028 | |||
| 3ee8ec58bb | |||
| d20c220441 | |||
| 451264e2b2 | |||
| d2ea0055d4 | |||
| d48226e507 | |||
| 1a19ece5ee | |||
| a70f9f8694 | |||
| 02ea908972 |
@@ -1,34 +0,0 @@
|
|||||||
image: alpine/latest
|
|
||||||
# apk add --update alpine-sdk
|
|
||||||
packages:
|
|
||||||
- cmd:setcap
|
|
||||||
- autoconf
|
|
||||||
- automake
|
|
||||||
- byacc
|
|
||||||
- expect
|
|
||||||
- gettext
|
|
||||||
- gettext-dev
|
|
||||||
- gettext-lang
|
|
||||||
- libbsd-dev
|
|
||||||
- libcap-dev
|
|
||||||
- libtool
|
|
||||||
- linux-pam-dev
|
|
||||||
- pkgconf
|
|
||||||
- sed
|
|
||||||
sources:
|
|
||||||
- https://github.com/shadow-maint/shadow
|
|
||||||
tasks:
|
|
||||||
- build: |
|
|
||||||
cd shadow
|
|
||||||
./autogen.sh --without-selinux --disable-man --disable-nls
|
|
||||||
grep ENABLE_ config.status
|
|
||||||
- tasks: |
|
|
||||||
cd shadow
|
|
||||||
cat /proc/self/uid_map
|
|
||||||
cat /proc/self/status
|
|
||||||
make
|
|
||||||
make DESTDIR=/tmp/shadow-inst install
|
|
||||||
sudo make install
|
|
||||||
#TODO - fix up the tests. Let's merge what's here now as it
|
|
||||||
#at least tests build.
|
|
||||||
#(cd tests; sudo ./run_some || { cat testsuite.log; false; })
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
image: fedora/latest
|
|
||||||
packages:
|
|
||||||
- autoconf
|
|
||||||
- automake
|
|
||||||
- byacc
|
|
||||||
- expect
|
|
||||||
- findutils
|
|
||||||
- gettext
|
|
||||||
- gettext-devel
|
|
||||||
- git
|
|
||||||
- libbsd-devel
|
|
||||||
- libselinux-devel
|
|
||||||
- libsemanage-devel
|
|
||||||
- libtool
|
|
||||||
- libxslt
|
|
||||||
- pkgconf
|
|
||||||
sources:
|
|
||||||
- https://github.com/shadow-maint/shadow
|
|
||||||
tasks:
|
|
||||||
- build: |
|
|
||||||
cd shadow
|
|
||||||
./autogen.sh --with-selinux --enable-man
|
|
||||||
grep ENABLE_ config.status
|
|
||||||
- tasks: |
|
|
||||||
cd shadow
|
|
||||||
cat /proc/self/uid_map
|
|
||||||
cat /proc/self/status
|
|
||||||
make
|
|
||||||
make DESTDIR=/tmp/shadow-inst install
|
|
||||||
sudo make install
|
|
||||||
#TODO - fix up the tests. Let's merge what's here now as it
|
|
||||||
#at least tests build.
|
|
||||||
#(cd tests; sudo ./run_some || { cat testsuite.log; false; })
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
image: ubuntu/focal
|
|
||||||
packages:
|
|
||||||
- automake
|
|
||||||
- autopoint
|
|
||||||
- xsltproc
|
|
||||||
- libbsd-dev
|
|
||||||
- libselinux1-dev
|
|
||||||
- gettext
|
|
||||||
- expect
|
|
||||||
- byacc
|
|
||||||
- libtool
|
|
||||||
- pkgconf
|
|
||||||
sources:
|
|
||||||
- https://github.com/shadow-maint/shadow
|
|
||||||
tasks:
|
|
||||||
- build: |
|
|
||||||
cd shadow
|
|
||||||
./autogen.sh --without-selinux --disable-man
|
|
||||||
grep ENABLE_ config.status
|
|
||||||
- tasks: |
|
|
||||||
cd shadow
|
|
||||||
cat /proc/self/uid_map
|
|
||||||
cat /proc/self/status
|
|
||||||
systemd-detect-virt
|
|
||||||
make
|
|
||||||
make DESTDIR=/tmp/shadow-inst install
|
|
||||||
sudo make install
|
|
||||||
(cd tests; sudo ./run_some || { cat testsuite.log; false; })
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
image: ubuntu/22.04
|
|
||||||
packages:
|
|
||||||
- automake
|
|
||||||
- autopoint
|
|
||||||
- xsltproc
|
|
||||||
- libbsd-dev
|
|
||||||
- libselinux1-dev
|
|
||||||
- gettext
|
|
||||||
- expect
|
|
||||||
- byacc
|
|
||||||
- libtool
|
|
||||||
- pkgconf
|
|
||||||
sources:
|
|
||||||
- https://github.com/shadow-maint/shadow
|
|
||||||
tasks:
|
|
||||||
- build: |
|
|
||||||
cd shadow
|
|
||||||
./autogen.sh --without-selinux --enable-man
|
|
||||||
grep ENABLE_ config.status
|
|
||||||
- tasks: |
|
|
||||||
cat /proc/self/uid_map
|
|
||||||
cat /proc/self/status
|
|
||||||
systemd-detect-virt
|
|
||||||
cd shadow
|
|
||||||
make
|
|
||||||
make DESTDIR=/tmp/shadow-inst install
|
|
||||||
sudo make install
|
|
||||||
(cd tests; sudo ./run_some || { cat testsuite.log; false; })
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
root = true
|
|
||||||
|
|
||||||
[*.{c,h}]
|
|
||||||
indent_style = tab
|
|
||||||
@@ -1,12 +0,0 @@
|
|||||||
name: 'Install dependencies'
|
|
||||||
description: 'Install dependencies to build shadow-utils'
|
|
||||||
runs:
|
|
||||||
using: "composite"
|
|
||||||
steps:
|
|
||||||
- shell: bash
|
|
||||||
run: |
|
|
||||||
sudo apt-get update -y
|
|
||||||
sudo apt-get install -y ubuntu-dev-tools libbsd-dev
|
|
||||||
sudo sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
|
|
||||||
sudo apt-get update -y
|
|
||||||
sudo apt-get -y build-dep shadow
|
|
||||||
@@ -1,108 +0,0 @@
|
|||||||
name: CI
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [ master ]
|
|
||||||
pull_request:
|
|
||||||
branches: [ master ]
|
|
||||||
# Allows you to run this workflow manually from the Actions tab
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: debug
|
|
||||||
run: |
|
|
||||||
id
|
|
||||||
which bash
|
|
||||||
whoami
|
|
||||||
env
|
|
||||||
ps -ef
|
|
||||||
pwd
|
|
||||||
cat /proc/self/uid_map
|
|
||||||
cat /proc/self/status
|
|
||||||
systemd-detect-virt
|
|
||||||
- name: Install dependencies
|
|
||||||
run: |
|
|
||||||
sudo cat /etc/apt/sources.list
|
|
||||||
sudo sed -i '/deb-src/d' /etc/apt/sources.list
|
|
||||||
sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
|
|
||||||
export DEBIAN_PRIORITY=critical
|
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
|
||||||
# let's try to work around upgrade breakage in a pkg we don't care about
|
|
||||||
sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get -y dist-upgrade
|
|
||||||
sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf
|
|
||||||
sudo apt-get -y build-dep shadow
|
|
||||||
- name: configure
|
|
||||||
run: |
|
|
||||||
autoreconf -v -f --install
|
|
||||||
./autogen.sh --without-selinux --disable-man --with-yescrypt
|
|
||||||
- run: make
|
|
||||||
- run: make install DESTDIR=${HOME}/rootfs
|
|
||||||
- run: sudo make install
|
|
||||||
- name: run tests in shell with tty
|
|
||||||
shell: 'script -q -e -c "bash {0}"'
|
|
||||||
run: |
|
|
||||||
set -e
|
|
||||||
cd tests
|
|
||||||
sudo ./run_some
|
|
||||||
cat testsuite.log
|
|
||||||
|
|
||||||
# Make sure that 'make dist' makes a usable tarball with no missing files
|
|
||||||
dist-build:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
run: |
|
|
||||||
sudo cat /etc/apt/sources.list
|
|
||||||
sudo sed -i '/deb-src/d' /etc/apt/sources.list
|
|
||||||
sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
|
|
||||||
export DEBIAN_PRIORITY=critical
|
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
|
||||||
# let's try to work around upgrade breakage in a pkg we don't care about
|
|
||||||
sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get -y dist-upgrade
|
|
||||||
sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf
|
|
||||||
sudo apt-get -y build-dep shadow
|
|
||||||
|
|
||||||
- name: Test make dist
|
|
||||||
run: |
|
|
||||||
./autogen.sh
|
|
||||||
make dist
|
|
||||||
f=shadow-*.tar.gz
|
|
||||||
tar -zxf $f
|
|
||||||
d=$(basename $f .tar.gz)
|
|
||||||
cd $d
|
|
||||||
./configure
|
|
||||||
make -j5
|
|
||||||
|
|
||||||
container-build:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
os: [alpine, debian, fedora]
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Build container
|
|
||||||
run: |
|
|
||||||
docker buildx build -f ./share/containers/${{ matrix.os }}.dockerfile . --output build-out
|
|
||||||
|
|
||||||
- name: Store artifacts
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: ${{ matrix.os }}-build
|
|
||||||
path: |
|
|
||||||
./build-out/config.log
|
|
||||||
./build-out/config.h
|
|
||||||
if-no-files-found: ignore
|
|
||||||
@@ -1,61 +0,0 @@
|
|||||||
name: "Static code analysis"
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [master]
|
|
||||||
pull_request:
|
|
||||||
branches: [master]
|
|
||||||
schedule:
|
|
||||||
# Everyday at midnight
|
|
||||||
- cron: '0 0 * * *'
|
|
||||||
jobs:
|
|
||||||
codeql:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
permissions:
|
|
||||||
security-events: write
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
id: dependencies
|
|
||||||
uses: ./.github/actions/install-dependencies
|
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
|
||||||
uses: github/codeql-action/init@v2
|
|
||||||
with:
|
|
||||||
languages: cpp
|
|
||||||
queries: +security-and-quality
|
|
||||||
|
|
||||||
- name: Configure shadow-utils
|
|
||||||
run: ./autogen.sh --without-selinux --disable-man
|
|
||||||
|
|
||||||
- name: Build shadow-utils
|
|
||||||
run: |
|
|
||||||
PROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN)
|
|
||||||
make -kj$PROCESSORS || true
|
|
||||||
|
|
||||||
- name: Check build errors
|
|
||||||
run: make
|
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
|
||||||
uses: github/codeql-action/analyze@v2
|
|
||||||
|
|
||||||
differential-shellcheck:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
security-events: write
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
# Doc: https://github.com/redhat-plumbers-in-action/differential-shellcheck#usage
|
|
||||||
- name: Differential ShellCheck
|
|
||||||
uses: redhat-plumbers-in-action/differential-shellcheck@v3
|
|
||||||
with:
|
|
||||||
severity: warning
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
-51
@@ -1,51 +0,0 @@
|
|||||||
*~
|
|
||||||
lib*.a
|
|
||||||
*.o
|
|
||||||
*.lo
|
|
||||||
*.la
|
|
||||||
*.gmo
|
|
||||||
.deps
|
|
||||||
.libs
|
|
||||||
|
|
||||||
*.patch
|
|
||||||
*.rej
|
|
||||||
*.orig
|
|
||||||
|
|
||||||
Makefile
|
|
||||||
Makefile.in
|
|
||||||
|
|
||||||
/ABOUT-NLS
|
|
||||||
/aclocal.m4
|
|
||||||
/autom4te.cache
|
|
||||||
/compile
|
|
||||||
/config.cache
|
|
||||||
/config.guess
|
|
||||||
/config.h
|
|
||||||
/config.h.in
|
|
||||||
/config.log
|
|
||||||
/config.rpath
|
|
||||||
/config.status
|
|
||||||
/config.sub
|
|
||||||
/configure
|
|
||||||
/depcomp
|
|
||||||
/install-sh
|
|
||||||
/libtool
|
|
||||||
/ltmain.sh
|
|
||||||
/m4
|
|
||||||
/missing
|
|
||||||
/stamp-h1
|
|
||||||
/ylwrap
|
|
||||||
|
|
||||||
/po/*.header
|
|
||||||
/po/*.sed
|
|
||||||
/po/*.sin
|
|
||||||
/po/Makefile.in.in
|
|
||||||
/po/Makevars.template
|
|
||||||
/po/POTFILES
|
|
||||||
/po/Rules-quot
|
|
||||||
/po/stamp-po
|
|
||||||
|
|
||||||
/shadow.spec
|
|
||||||
/shadow-*.tar.*
|
|
||||||
/libmisc/getdate.c
|
|
||||||
/libsubid/subid.h
|
|
||||||
-52
@@ -1,52 +0,0 @@
|
|||||||
dist: bionic
|
|
||||||
sudo: false
|
|
||||||
|
|
||||||
language: c
|
|
||||||
|
|
||||||
compiler:
|
|
||||||
- gcc
|
|
||||||
- clang
|
|
||||||
|
|
||||||
arch:
|
|
||||||
- amd64
|
|
||||||
- arm64
|
|
||||||
- ppc64le
|
|
||||||
- s390x
|
|
||||||
|
|
||||||
before_install:
|
|
||||||
- sudo apt-get update -qq
|
|
||||||
- sudo apt-get -y install -qq automake autopoint xsltproc libselinux1-dev gettext expect
|
|
||||||
- sudo apt-get -y install -qq byacc libtool
|
|
||||||
script:
|
|
||||||
- ./autogen.sh --without-selinux --disable-man
|
|
||||||
- grep ENABLE_ config.status
|
|
||||||
- make
|
|
||||||
|
|
||||||
env:
|
|
||||||
global:
|
|
||||||
- secure: "G47VYFrtzqalrVjixTqBG9Qsa8EZRcaqsh1k6fq5JgEyHmMQActpvTUDs9FXf1MEqiY5XX3VDVfBsZgKPHgmHsMzD1bX11xpnpGByB8g7gr8I3u2ZkCREqgi77a5l3LeBh+seWiambe/DYOgvPCNa6pCynLgR9advqtgKhpCruU="
|
|
||||||
|
|
||||||
addons:
|
|
||||||
coverity_scan:
|
|
||||||
|
|
||||||
project:
|
|
||||||
name: "shadow-maint/shadow"
|
|
||||||
description: "Upstream shadow utils tree"
|
|
||||||
|
|
||||||
notification_email: christian.brauner@ubuntu.com,serge@hallyn.com
|
|
||||||
|
|
||||||
build_command_prepend: "./autogen.sh --without-selinux --disable-man"
|
|
||||||
build_command: "make -kj4 || make"
|
|
||||||
branch_pattern: master
|
|
||||||
|
|
||||||
script:
|
|
||||||
- cat /proc/self/uid_map
|
|
||||||
- cat /proc/self/status
|
|
||||||
- systemd-detect-virt
|
|
||||||
- ./autogen.sh --without-selinux --disable-man
|
|
||||||
- grep ENABLE_ config.status
|
|
||||||
- make
|
|
||||||
- sudo make install
|
|
||||||
- (cd tests; sudo ./run_some; cat testsuite.log)
|
|
||||||
|
|
||||||
# vim:et:ts=2:sw=2
|
|
||||||
-90
@@ -1,90 +0,0 @@
|
|||||||
Thanks to at least the following people for sending patches, bug
|
|
||||||
reports and various comments. This list may be incomplete, I received
|
|
||||||
a lot of mail...
|
|
||||||
|
|
||||||
# Maintainers
|
|
||||||
* Marek Michałkiewicz <marekm72@gmail.com> (1995-2000)
|
|
||||||
* Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
|
|
||||||
* Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
|
|
||||||
* Serge E. Hallyn <serge@hallyn.com> (2014-now)
|
|
||||||
* Christian Brauner <christian@brauner.io> (2019-now)
|
|
||||||
* Iker Pedrosa <ipedrosa@redhat.com> (2022-now)
|
|
||||||
|
|
||||||
# Authors and contributors
|
|
||||||
* Adam Rudnicki <adam@v-lo.krakow.pl>
|
|
||||||
* Alan Curry <pacman@tardis.mars.net>
|
|
||||||
* Aleksa Sarai <cyphar@cyphar.com>
|
|
||||||
* Alexander O. Yuriev <alex@bach.cis.temple.edu>
|
|
||||||
* Algis Rudys <arudys@rice.edu>
|
|
||||||
* Andreas Jaeger <aj@arthur.rhein-neckar.de>
|
|
||||||
* Andy Zaugg <andy.zaugg@gmail.com>
|
|
||||||
* Aniello Del Sorbo <anidel@edu-gw.dia.unisa.it>
|
|
||||||
* Anton Gluck <gluc@midway.uchicago.edu>
|
|
||||||
* Arkadiusz Miskiewicz <misiek@pld.org.pl>
|
|
||||||
* Ben Collins <bcollins@debian.org>
|
|
||||||
* Brian R. Gaeke <brg@dgate.org>
|
|
||||||
* Calle Karlsson <ckn@kash.se>
|
|
||||||
* Chip Rosenthal <chip@unicom.com>
|
|
||||||
* Chris Evans <lady0110@sable.ox.ac.uk>
|
|
||||||
* Chris Lamb <chris@chris-lamb.co.uk>
|
|
||||||
* Cristian Gafton <gafton@sorosis.ro>
|
|
||||||
* Dan Walsh <dwalsh@redhat.com>
|
|
||||||
* Darcy Boese <possum@chardonnay.niagara.com>
|
|
||||||
* Dave Hagewood <admin@arrowweb.com>
|
|
||||||
* David A. Holland <dholland@hcs.harvard.edu>
|
|
||||||
* David Frey <David.Frey@lugs.ch>
|
|
||||||
* Ed Carp <ecarp@netcom.com>
|
|
||||||
* Ed Neville <ed@s5h.net>
|
|
||||||
* Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
* Floody <flood@evcom.net>
|
|
||||||
* Frank Denis <j@4u.net>
|
|
||||||
* George Kraft IV <gk4@us.ibm.com>
|
|
||||||
* Greg Mortensen <loki@world.std.com>
|
|
||||||
* Guido van Rooij
|
|
||||||
* Guy Maor <maor@debian.org>
|
|
||||||
* Hrvoje Dogan <hdogan@bjesomar.srce.hr>
|
|
||||||
* Jakub Hrozek <jhrozek@redhat.com>
|
|
||||||
* Janos Farkas <chexum@bankinf.banki.hu>
|
|
||||||
* Jason Franklin <jason.franklin@quoininc.com>
|
|
||||||
* Jay Soffian <jay@lw.net>
|
|
||||||
* Jesse Thilo <Jesse.Thilo@pobox.com>
|
|
||||||
* Joey Hess <joey@kite.ml.org>
|
|
||||||
* John Adelsberger <jja@umr.edu>
|
|
||||||
* Jonathan Hankins <jhankins@mailserv.homewood.k12.al.us>
|
|
||||||
* Jon Lewis <jlewis@lewis.org>
|
|
||||||
* Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
|
|
||||||
* Judd Bourgeois <shagboy@bluesky.net>
|
|
||||||
* Juergen Heinzl <unicorn@noris.net>
|
|
||||||
* Juha Virtanen <jiivee@iki.fi>
|
|
||||||
* Julian Pidancet <julian.pidancet@gmail.com>
|
|
||||||
* Julianne Frances Haugh <julie78787@gmail.com>
|
|
||||||
* Leonard N. Zubkoff <lnz@dandelion.com>
|
|
||||||
* Luca Berra <bluca@www.polimi.it>
|
|
||||||
* Lukáš Kuklínek <lkukline@redhat.com>
|
|
||||||
* Lutz Schwalowsky <schwalow@mineralogie.uni-hamburg.de>
|
|
||||||
* Marc Ewing <marc@redhat.com>
|
|
||||||
* Martin Bene <mb@sime.com>
|
|
||||||
* Martin Mares <mj@gts.cz>
|
|
||||||
* Michael Meskes <meskes@topsystem.de>
|
|
||||||
* Michael Talbot-Wilson <mike@calypso.bns.com.au>
|
|
||||||
* Michael Vetter <jubalh@iodoru.org>
|
|
||||||
* Mike Frysinger <vapier@gentoo.org>
|
|
||||||
* Mike Pakovic <mpakovic@users.southeast.net>
|
|
||||||
* Nicolas François <nicolas.francois@centraliens.net>
|
|
||||||
* Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
|
|
||||||
* Pavel Machek <pavel@bug.ucw.cz>
|
|
||||||
* Peter Vrabec <pvrabec@redhat.com>
|
|
||||||
* Phillip Street
|
|
||||||
* Rafał Maszkowski <rzm@icm.edu.pl>
|
|
||||||
* Rani Chouha <ranibey@smartec.com>
|
|
||||||
* Sami Kerola <kerolasa@rocketmail.com>
|
|
||||||
* Scott Garman <scott.a.garman@intel.com>
|
|
||||||
* Sebastian Rick Rijkers <srrijkers@gmail.com>
|
|
||||||
* Seraphim Mellos <mellos@ceid.upatras.gr>
|
|
||||||
* Shane Watts <shane@nexus.mlckew.edu.au>
|
|
||||||
* Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
|
|
||||||
* Thorsten Kukuk <kukuk@suse.de>
|
|
||||||
* Tim Hockin <thockin@eagle.ais.net>
|
|
||||||
* Timo Karjalainen <timok@iki.fi>
|
|
||||||
* Ulisses Alonso Camaro <ulisses@pusa.eleinf.uv.es>
|
|
||||||
* Werner Fink <werner@suse.de>
|
|
||||||
@@ -1,41 +0,0 @@
|
|||||||
SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
|
|
||||||
All files under this project either
|
|
||||||
|
|
||||||
1. fall under the BSD 3 clause license (by default).
|
|
||||||
|
|
||||||
2. carry an SPDX header declaring what license applies.
|
|
||||||
|
|
||||||
or
|
|
||||||
|
|
||||||
3. list a full custom license
|
|
||||||
|
|
||||||
This software is originally
|
|
||||||
|
|
||||||
* Copyright (c) 1989 - 1994, Julianne Frances Haugh
|
|
||||||
|
|
||||||
* All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
* 1. Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in the
|
|
||||||
* documentation and/or other materials provided with the distribution.
|
|
||||||
* 3. The name of the copyright holders or contributors may not be used to
|
|
||||||
* endorse or promote products derived from this software without
|
|
||||||
* specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
||||||
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
-15
@@ -1,15 +0,0 @@
|
|||||||
## Process this file with automake to produce Makefile.in
|
|
||||||
|
|
||||||
EXTRA_DIST = NEWS README TODO shadow.spec.in
|
|
||||||
|
|
||||||
SUBDIRS = libmisc lib
|
|
||||||
|
|
||||||
if ENABLE_SUBIDS
|
|
||||||
SUBDIRS += libsubid
|
|
||||||
endif
|
|
||||||
|
|
||||||
SUBDIRS += src po contrib doc etc
|
|
||||||
|
|
||||||
if ENABLE_REGENERATE_MAN
|
|
||||||
SUBDIRS += man
|
|
||||||
endif
|
|
||||||
@@ -1,41 +0,0 @@
|
|||||||
# shadow-utils
|
|
||||||
|
|
||||||
## Introduction
|
|
||||||
The shadow-utils package includes the necessary programs for
|
|
||||||
converting UNIX password files to the shadow password format, plus
|
|
||||||
programs for managing user and group accounts. The pwconv command
|
|
||||||
converts passwords to the shadow password format. The pwunconv command
|
|
||||||
unconverts shadow passwords and generates a passwd file (a standard
|
|
||||||
UNIX password file). The pwck command checks the integrity of password
|
|
||||||
and shadow files. The lastlog command prints out the last login times
|
|
||||||
for all users. The useradd, userdel, and usermod commands are used for
|
|
||||||
managing user accounts. The groupadd, groupdel, and groupmod commands
|
|
||||||
are used for managing group accounts.
|
|
||||||
|
|
||||||
## Sites
|
|
||||||
* [Homepage](https://github.com/shadow-maint/shadow)
|
|
||||||
* [Issue tracker](https://github.com/shadow-maint/shadow/issues)
|
|
||||||
* [Releases](https://github.com/shadow-maint/shadow/releases)
|
|
||||||
|
|
||||||
## Contacts
|
|
||||||
There are several ways to contact us:
|
|
||||||
* [the general discussion mailing list](
|
|
||||||
https://alioth-lists.debian.net/mailman/listinfo/pkg-shadow-devel)
|
|
||||||
* the #shadow IRC channel on libera.chat:
|
|
||||||
* irc://irc.libera.chat/shadow
|
|
||||||
|
|
||||||
### Mailing archives
|
|
||||||
* [the general discussion mailing list archive](
|
|
||||||
https://alioth-lists.debian.net/pipermail/pkg-shadow-devel/)
|
|
||||||
* [the commit mailing list archive](
|
|
||||||
https://alioth-lists-archive.debian.net/pipermail/pkg-shadow-commits/),
|
|
||||||
only used for historical purposes
|
|
||||||
|
|
||||||
## Contributions
|
|
||||||
|
|
||||||
Contributions are welcome. Follow the
|
|
||||||
[guidelines](doc/contributions/introduction.md) before posting any patches.
|
|
||||||
|
|
||||||
## Authors and maintainers
|
|
||||||
Authors and maintainers are listed in [AUTHORS.md](
|
|
||||||
https://github.com/shadow-maint/shadow/blob/master/AUTHORS.md).
|
|
||||||
-12
@@ -1,12 +0,0 @@
|
|||||||
# Security Policy
|
|
||||||
|
|
||||||
## Supported Versions
|
|
||||||
|
|
||||||
At the moment only the latest release is supported.
|
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
|
||||||
|
|
||||||
Security vulnerabilities may be reported to
|
|
||||||
* Serge Hallyn <serge@hallyn.com> (B175CFA98F192AF2)
|
|
||||||
* Christian Brauner <christian@brauner.io> (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)
|
|
||||||
* Iker Pedrosa <ipedrosa@redhat.com> (4E80EF49C7987B6DE2F81F5005079C6C3A653E57)
|
|
||||||
@@ -1,127 +0,0 @@
|
|||||||
* Create a common usage function that'd take the array of
|
|
||||||
long options and an array of descriptions and output that so things would
|
|
||||||
be standardized across the utils.
|
|
||||||
Usage strings should be normalized and split first.
|
|
||||||
Investigate optparse.
|
|
||||||
|
|
||||||
|
|
||||||
/etc/default/useradd
|
|
||||||
* GROUP=1000 should accept a group name.
|
|
||||||
|
|
||||||
Check when RLOGIN is enabled if ruserok() exists
|
|
||||||
|
|
||||||
Move selinux_file_context out of libmisc/copydir.c
|
|
||||||
|
|
||||||
Review hardcoded root account?
|
|
||||||
|
|
||||||
review all call to strto
|
|
||||||
|
|
||||||
libmisc/cleanup_user.c
|
|
||||||
cleanup needed (cleanup_report_add_user* not used)
|
|
||||||
|
|
||||||
|
|
||||||
libxcrypt support
|
|
||||||
* http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch
|
|
||||||
|
|
||||||
implement getlong, getulong.
|
|
||||||
avoid atoi, atol, atoul, strtol, strtoul, ...
|
|
||||||
|
|
||||||
manpages: comment the RLOGIN parts
|
|
||||||
|
|
||||||
Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by
|
|
||||||
comma_to_list()
|
|
||||||
|
|
||||||
Revert the modified files if all files could not be changed.
|
|
||||||
* or warn and indicate which files were modified and which were not.
|
|
||||||
* check the order the files are modified.
|
|
||||||
|
|
||||||
report nscd_flush_cache failures?
|
|
||||||
call nscd from the programs or from lib (commonio?)
|
|
||||||
|
|
||||||
PAM: check if a non-interactive conversation function could be used to set
|
|
||||||
the password in chpasswd and newusers
|
|
||||||
|
|
||||||
WITH_SELINUX
|
|
||||||
- review all tools to check that the strategies are consistent
|
|
||||||
|
|
||||||
chage, chfn, chsh: same change needed as in passwd.
|
|
||||||
- probably need moving check_selinux_access to a separate file.
|
|
||||||
|
|
||||||
testsuite
|
|
||||||
- newgrp
|
|
||||||
- test with unknown user's GID
|
|
||||||
|
|
||||||
newusers
|
|
||||||
- add logging to SYSLOG & AUDIT
|
|
||||||
- use CREATE_HOME
|
|
||||||
- Add a -Z option (see useradd / usermod)
|
|
||||||
|
|
||||||
Document when/where option appeared, document whether an option is standard
|
|
||||||
or not.
|
|
||||||
|
|
||||||
Check all the expiry semantics
|
|
||||||
|
|
||||||
ALL:
|
|
||||||
- move base passwd/shadow/group/gshadow operation to module for allow write
|
|
||||||
different backend modules for db, NIS, LDAP and others. Default backend it
|
|
||||||
will be goot if will be chosen depending on /etc/nsswitch.conf and allow
|
|
||||||
override this by -r <repository> options (where the <repository> can be
|
|
||||||
file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column).
|
|
||||||
passwd have old piece of code with handling -r option and it will be good
|
|
||||||
finish this and propagate on other shadow tools for allow operate on other
|
|
||||||
user databases by well known tools.
|
|
||||||
- Protect against signals. Register do_cleanups in a signal handler.
|
|
||||||
|
|
||||||
- login.defs
|
|
||||||
- generate depending on configuration
|
|
||||||
|
|
||||||
- useradd:
|
|
||||||
- add handle create user mail spool in maildir format.
|
|
||||||
- Add support for -k in -D mode
|
|
||||||
- Add support for -K in -D mode
|
|
||||||
- Add option to create or not the mail spool (and set the default in -D
|
|
||||||
mode)
|
|
||||||
- Change -l to reset the entry if an entry was already there
|
|
||||||
- set the mask in mkdir?
|
|
||||||
|
|
||||||
- userdel:
|
|
||||||
- add backup option for the removal of user resources,
|
|
||||||
- user_busy: check that the user is not running any processes.
|
|
||||||
- missing "deleting group" FAILED
|
|
||||||
- home dir removed, but userdel may fail and may leave the user
|
|
||||||
=> warning needed
|
|
||||||
|
|
||||||
- usermod
|
|
||||||
- add an option equivalent to useradd's -l (only when uid is changed)
|
|
||||||
- the mode of new home directories should be set according to the
|
|
||||||
original mode. Does copy_tree does this?
|
|
||||||
- user renamed, order is not kept in /etc/group (see
|
|
||||||
47_usermod-l_no_shadow_file). This is a problem when the first user is
|
|
||||||
considered as the admin.
|
|
||||||
- see mail "user ID change" on April, 15
|
|
||||||
+ fix call to chown (combination of -m and -u/-g)
|
|
||||||
+ add tests
|
|
||||||
|
|
||||||
- passwd:
|
|
||||||
- check combination of options (e.g. -u/-l)
|
|
||||||
- when -u refuse to unlock because it would create an empty password, it
|
|
||||||
should not display "Password changed."
|
|
||||||
exit instead?
|
|
||||||
|
|
||||||
- newgrp: check the USE_PAM section.
|
|
||||||
|
|
||||||
- pwck
|
|
||||||
- Add check to move passwd passwords to shadow if there is a shadow
|
|
||||||
entry (with a password).
|
|
||||||
- Add check to move passwd passwords to shadow if there is a shadow
|
|
||||||
file.
|
|
||||||
- Support an alternative /etc/tcb directory as second parameter.
|
|
||||||
- add options -g / -G to specify alternative group / gshadow files
|
|
||||||
|
|
||||||
- su
|
|
||||||
- add a login.defs configuration parameter to add variables to keep in
|
|
||||||
the environment with "su -l" (TERM/TERMCOLOR/...)
|
|
||||||
|
|
||||||
- vipw
|
|
||||||
- set ACLs and XATTRs on the temporary file (and backups?)
|
|
||||||
- vipw + selinux -> use lib/selinux.c
|
|
||||||
@@ -1,54 +0,0 @@
|
|||||||
# Checks the location of the XML Catalog
|
|
||||||
# Usage:
|
|
||||||
# JH_PATH_XML_CATALOG([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
|
|
||||||
# Defines XMLCATALOG and XML_CATALOG_FILE substitutions
|
|
||||||
AC_DEFUN([JH_PATH_XML_CATALOG],
|
|
||||||
[
|
|
||||||
# check for the presence of the XML catalog
|
|
||||||
AC_ARG_WITH([xml-catalog],
|
|
||||||
AS_HELP_STRING([--with-xml-catalog=CATALOG],
|
|
||||||
[path to xml catalog to use]),,
|
|
||||||
[with_xml_catalog=/etc/xml/catalog])
|
|
||||||
jh_found_xmlcatalog=true
|
|
||||||
XML_CATALOG_FILE="$with_xml_catalog"
|
|
||||||
AC_SUBST([XML_CATALOG_FILE])
|
|
||||||
AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)])
|
|
||||||
if test -f "$XML_CATALOG_FILE"; then
|
|
||||||
AC_MSG_RESULT([found])
|
|
||||||
else
|
|
||||||
jh_found_xmlcatalog=false
|
|
||||||
AC_MSG_RESULT([not found])
|
|
||||||
fi
|
|
||||||
|
|
||||||
# check for the xmlcatalog program
|
|
||||||
AC_PATH_PROG(XMLCATALOG, xmlcatalog, no)
|
|
||||||
if test "x$XMLCATALOG" = xno; then
|
|
||||||
jh_found_xmlcatalog=false
|
|
||||||
fi
|
|
||||||
|
|
||||||
if $jh_found_xmlcatalog; then
|
|
||||||
ifelse([$1],,[:],[$1])
|
|
||||||
else
|
|
||||||
ifelse([$2],,[AC_MSG_ERROR([could not find XML catalog])],[$2])
|
|
||||||
fi
|
|
||||||
])
|
|
||||||
|
|
||||||
# Checks if a particular URI appears in the XML catalog
|
|
||||||
# Usage:
|
|
||||||
# JH_CHECK_XML_CATALOG(URI, [FRIENDLY-NAME], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
|
|
||||||
AC_DEFUN([JH_CHECK_XML_CATALOG],
|
|
||||||
[
|
|
||||||
AC_REQUIRE([JH_PATH_XML_CATALOG],[JH_PATH_XML_CATALOG(,[:])])dnl
|
|
||||||
AC_MSG_CHECKING([for ifelse([$2],,[$1],[$2]) in XML catalog])
|
|
||||||
if $jh_found_xmlcatalog && \
|
|
||||||
AC_RUN_LOG([$XMLCATALOG --noout "$XML_CATALOG_FILE" "$1" >&2]); then
|
|
||||||
AC_MSG_RESULT([found])
|
|
||||||
ifelse([$3],,,[$3
|
|
||||||
])dnl
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT([not found])
|
|
||||||
ifelse([$4],,
|
|
||||||
[AC_MSG_ERROR([could not find ifelse([$2],,[$1],[$2]) in XML catalog])],
|
|
||||||
[$4])
|
|
||||||
fi
|
|
||||||
])
|
|
||||||
-13
@@ -1,13 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
|
|
||||||
autoreconf -v -f --install || exit 1
|
|
||||||
|
|
||||||
./configure \
|
|
||||||
CFLAGS="-O2 -Wall" \
|
|
||||||
--enable-lastlog \
|
|
||||||
--enable-man \
|
|
||||||
--enable-maintainer-mode \
|
|
||||||
--enable-shared \
|
|
||||||
--without-libpam \
|
|
||||||
--with-selinux \
|
|
||||||
"$@"
|
|
||||||
-796
@@ -1,796 +0,0 @@
|
|||||||
dnl Process this file with autoconf to produce a configure script.
|
|
||||||
AC_PREREQ([2.69])
|
|
||||||
m4_define([libsubid_abi_major], 4)
|
|
||||||
m4_define([libsubid_abi_minor], 0)
|
|
||||||
m4_define([libsubid_abi_micro], 0)
|
|
||||||
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
|
||||||
AC_INIT([shadow], [4.14.0-rc5], [pkg-shadow-devel@lists.alioth.debian.org], [],
|
|
||||||
[https://github.com/shadow-maint/shadow])
|
|
||||||
AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
|
|
||||||
AC_CONFIG_MACRO_DIRS([m4])
|
|
||||||
AM_SILENT_RULES([yes])
|
|
||||||
AC_CONFIG_HEADERS([config.h])
|
|
||||||
|
|
||||||
AC_SUBST([LIBSUBID_ABI_MAJOR], [libsubid_abi_major])
|
|
||||||
AC_SUBST([LIBSUBID_ABI_MINOR], [libsubid_abi_minor])
|
|
||||||
AC_SUBST([LIBSUBID_ABI_MICRO], [libsubid_abi_micro])
|
|
||||||
AC_SUBST([LIBSUBID_ABI], [libsubid_abi])
|
|
||||||
|
|
||||||
dnl Some hacks...
|
|
||||||
test "$prefix" = "NONE" && prefix="/usr"
|
|
||||||
test "$prefix" = "/usr" && exec_prefix=""
|
|
||||||
|
|
||||||
AC_USE_SYSTEM_EXTENSIONS
|
|
||||||
|
|
||||||
AC_ENABLE_STATIC
|
|
||||||
AC_ENABLE_SHARED
|
|
||||||
|
|
||||||
AM_MAINTAINER_MODE
|
|
||||||
|
|
||||||
dnl Checks for programs.
|
|
||||||
AC_PROG_CC
|
|
||||||
AC_PROG_LN_S
|
|
||||||
AC_PROG_YACC
|
|
||||||
LT_INIT
|
|
||||||
|
|
||||||
dnl Checks for libraries.
|
|
||||||
|
|
||||||
dnl Checks for header files.
|
|
||||||
AC_CHECK_HEADERS(crypt.h utmp.h \
|
|
||||||
termio.h sgtty.h sys/ioctl.h paths.h \
|
|
||||||
sys/capability.h sys/random.h \
|
|
||||||
gshadow.h lastlog.h rpc/key_prot.h acl/libacl.h \
|
|
||||||
attr/libattr.h attr/error_context.h)
|
|
||||||
|
|
||||||
dnl shadow now uses the libc's shadow implementation
|
|
||||||
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
|
|
||||||
|
|
||||||
AC_CHECK_FUNCS(arc4random_buf futimes \
|
|
||||||
getentropy getrandom getspnam getusershell \
|
|
||||||
initgroups lckpwdf lutimes mempcpy \
|
|
||||||
setgroups updwtmp updwtmpx innetgr \
|
|
||||||
getspnam_r \
|
|
||||||
rpmatch \
|
|
||||||
memset_explicit explicit_bzero stpecpy stpeprintf)
|
|
||||||
AC_SYS_LARGEFILE
|
|
||||||
|
|
||||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
|
||||||
|
|
||||||
AC_CHECK_MEMBERS([struct utmp.ut_type,
|
|
||||||
struct utmp.ut_id,
|
|
||||||
struct utmp.ut_name,
|
|
||||||
struct utmp.ut_user,
|
|
||||||
struct utmp.ut_host,
|
|
||||||
struct utmp.ut_syslen,
|
|
||||||
struct utmp.ut_addr,
|
|
||||||
struct utmp.ut_addr_v6,
|
|
||||||
struct utmp.ut_time,
|
|
||||||
struct utmp.ut_xtime,
|
|
||||||
struct utmp.ut_tv],,,[[#include <utmp.h>]])
|
|
||||||
|
|
||||||
dnl Checks for library functions.
|
|
||||||
AC_TYPE_GETGROUPS
|
|
||||||
AC_FUNC_UTIME_NULL
|
|
||||||
AC_REPLACE_FUNCS(putgrent putpwent putspent)
|
|
||||||
AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
|
|
||||||
|
|
||||||
AC_CHECK_FUNC(setpgrp)
|
|
||||||
AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
|
|
||||||
1,
|
|
||||||
[Defined to 1 if you have the declaration of 'secure_getenv'])])
|
|
||||||
|
|
||||||
if test "$ac_cv_header_shadow_h" = "yes"; then
|
|
||||||
AC_CACHE_CHECK(for working shadow group support,
|
|
||||||
ac_cv_libc_shadowgrp,
|
|
||||||
AC_RUN_IFELSE([AC_LANG_SOURCE([
|
|
||||||
#include <shadow.h>
|
|
||||||
#ifdef HAVE_GSHADOW_H
|
|
||||||
#include <gshadow.h>
|
|
||||||
#endif
|
|
||||||
int
|
|
||||||
main()
|
|
||||||
{
|
|
||||||
struct sgrp *sg = sgetsgent("test:x::");
|
|
||||||
/* NYS libc on Red Hat 3.0.3 has broken shadow group support */
|
|
||||||
return !sg || !sg->sg_adm || !sg->sg_mem;
|
|
||||||
}]
|
|
||||||
)],
|
|
||||||
[ac_cv_libc_shadowgrp=yes],
|
|
||||||
[ac_cv_libc_shadowgrp=no],
|
|
||||||
[ac_cv_libc_shadowgrp=no]
|
|
||||||
)
|
|
||||||
)
|
|
||||||
|
|
||||||
if test "$ac_cv_libc_shadowgrp" = "yes"; then
|
|
||||||
AC_DEFINE(HAVE_SHADOWGRP, 1, [Have working shadow group support in libc])
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_CACHE_CHECK([location of shared mail directory], shadow_cv_maildir,
|
|
||||||
[for shadow_cv_maildir in /var/mail /var/spool/mail /usr/spool/mail /usr/mail none; do
|
|
||||||
if test -d $shadow_cv_maildir; then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done])
|
|
||||||
if test $shadow_cv_maildir != none; then
|
|
||||||
AC_DEFINE_UNQUOTED(MAIL_SPOOL_DIR, "$shadow_cv_maildir",
|
|
||||||
[Location of system mail spool directory.])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_CACHE_CHECK([location of user mail file], shadow_cv_mailfile,
|
|
||||||
[for shadow_cv_mailfile in Mailbox mailbox Mail mail .mail none; do
|
|
||||||
if test -f $HOME/$shadow_cv_mailfile; then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done])
|
|
||||||
if test $shadow_cv_mailfile != none; then
|
|
||||||
AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "$shadow_cv_mailfile",
|
|
||||||
[Name of user's mail spool file if stored in user's home directory.])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_CACHE_CHECK([location of utmp], shadow_cv_utmpdir,
|
|
||||||
[for shadow_cv_utmpdir in /var/run /var/adm /usr/adm /etc none; do
|
|
||||||
if test -f $shadow_cv_utmpdir/utmp; then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done])
|
|
||||||
if test "$shadow_cv_utmpdir" = "none"; then
|
|
||||||
AC_MSG_WARN(utmp file not found)
|
|
||||||
fi
|
|
||||||
AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_cv_utmpdir/utmp",
|
|
||||||
[Path for utmp file.])
|
|
||||||
|
|
||||||
AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
|
|
||||||
[for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
|
|
||||||
if test -d $shadow_cv_logdir; then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done])
|
|
||||||
AC_DEFINE_UNQUOTED(_WTMP_FILE, "$shadow_cv_logdir/wtmp",
|
|
||||||
[Path for wtmp file.])
|
|
||||||
AC_DEFINE_UNQUOTED(LASTLOG_FILE, "$shadow_cv_logdir/lastlog",
|
|
||||||
[Path for lastlog file.])
|
|
||||||
AC_DEFINE_UNQUOTED(FAILLOG_FILE, "$shadow_cv_logdir/faillog",
|
|
||||||
[Path for faillog file.])
|
|
||||||
|
|
||||||
AC_CACHE_CHECK([location of the passwd program], shadow_cv_passwd_dir,
|
|
||||||
[if test -f /usr/bin/passwd; then
|
|
||||||
shadow_cv_passwd_dir=/usr/bin
|
|
||||||
else
|
|
||||||
shadow_cv_passwd_dir=/bin
|
|
||||||
fi])
|
|
||||||
AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
|
|
||||||
[Path to passwd program.])
|
|
||||||
|
|
||||||
dnl XXX - quick hack, should disappear before anyone notices :).
|
|
||||||
dnl XXX - I just read the above message :).
|
|
||||||
if test "$ac_cv_func_ruserok" = "yes"; then
|
|
||||||
AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
|
|
||||||
AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(shadowgrp,
|
|
||||||
[AS_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
|
|
||||||
[case "${enableval}" in
|
|
||||||
yes) enable_shadowgrp="yes" ;;
|
|
||||||
no) enable_shadowgrp="no" ;;
|
|
||||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-shadowgrp) ;;
|
|
||||||
esac],
|
|
||||||
[enable_shadowgrp="yes"]
|
|
||||||
)
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(man,
|
|
||||||
[AS_HELP_STRING([--enable-man],
|
|
||||||
[regenerate roff man pages from Docbook @<:@default=no@:>@])],
|
|
||||||
[enable_man="${enableval}"],
|
|
||||||
[enable_man="no"]
|
|
||||||
)
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(account-tools-setuid,
|
|
||||||
[AS_HELP_STRING([--enable-account-tools-setuid],
|
|
||||||
[Install the user and group management tools setuid and authenticate the callers. This requires --with-libpam.])],
|
|
||||||
[case "${enableval}" in
|
|
||||||
yes) enable_acct_tools_setuid="yes" ;;
|
|
||||||
no) enable_acct_tools_setuid="no" ;;
|
|
||||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
|
|
||||||
;;
|
|
||||||
esac],
|
|
||||||
[enable_acct_tools_setuid="no"]
|
|
||||||
)
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(subordinate-ids,
|
|
||||||
[AS_HELP_STRING([--enable-subordinate-ids],
|
|
||||||
[support subordinate ids @<:@default=yes@:>@])],
|
|
||||||
[enable_subids="${enableval}"],
|
|
||||||
[enable_subids="maybe"]
|
|
||||||
)
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(lastlog,
|
|
||||||
[AS_HELP_STRING([--enable-lastlog],
|
|
||||||
[enable lastlog @<:@default=no@:>@])],
|
|
||||||
[enable_lastlog="${enableval}"],
|
|
||||||
[enable_lastlog="no"]
|
|
||||||
)
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(logind,
|
|
||||||
[AS_HELP_STRING([--enable-logind],
|
|
||||||
[enable logind @<:@default=yes@:>@])],
|
|
||||||
[enable_logind="${enableval}"],
|
|
||||||
[enable_logind="yes"]
|
|
||||||
)
|
|
||||||
|
|
||||||
AC_ARG_WITH(audit,
|
|
||||||
[AS_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
|
|
||||||
[with_audit=$withval], [with_audit=maybe])
|
|
||||||
AC_ARG_WITH(libpam,
|
|
||||||
[AS_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
|
|
||||||
[with_libpam=$withval], [with_libpam=maybe])
|
|
||||||
AC_ARG_WITH(btrfs,
|
|
||||||
[AS_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
|
|
||||||
[with_btrfs=$withval], [with_btrfs=maybe])
|
|
||||||
AC_ARG_WITH(selinux,
|
|
||||||
[AS_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
|
|
||||||
[with_selinux=$withval], [with_selinux=maybe])
|
|
||||||
AC_ARG_WITH(acl,
|
|
||||||
[AS_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
|
|
||||||
[with_acl=$withval], [with_acl=maybe])
|
|
||||||
AC_ARG_WITH(attr,
|
|
||||||
[AS_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
|
|
||||||
[with_attr=$withval], [with_attr=maybe])
|
|
||||||
AC_ARG_WITH(skey,
|
|
||||||
[AS_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
|
|
||||||
[with_skey=$withval], [with_skey=no])
|
|
||||||
AC_ARG_WITH(tcb,
|
|
||||||
[AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
|
|
||||||
[with_tcb=$withval], [with_tcb=maybe])
|
|
||||||
AC_ARG_WITH(libcrack,
|
|
||||||
[AS_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
|
|
||||||
[with_libcrack=$withval], [with_libcrack=no])
|
|
||||||
AC_ARG_WITH(sha-crypt,
|
|
||||||
[AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
|
|
||||||
[with_sha_crypt=$withval], [with_sha_crypt=yes])
|
|
||||||
AC_ARG_WITH(bcrypt,
|
|
||||||
[AS_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
|
|
||||||
[with_bcrypt=$withval], [with_bcrypt=no])
|
|
||||||
AC_ARG_WITH(yescrypt,
|
|
||||||
[AS_HELP_STRING([--with-yescrypt], [allow the yescrypt password encryption algorithm @<:@default=no@:>@])],
|
|
||||||
[with_yescrypt=$withval], [with_yescrypt=no])
|
|
||||||
AC_ARG_WITH(nscd,
|
|
||||||
[AS_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
|
|
||||||
[with_nscd=$withval], [with_nscd=yes])
|
|
||||||
AC_ARG_WITH(sssd,
|
|
||||||
[AS_HELP_STRING([--with-sssd], [enable support for flushing sssd caches @<:@default=yes@:>@])],
|
|
||||||
[with_sssd=$withval], [with_sssd=yes])
|
|
||||||
AC_ARG_WITH(group-name-max-length,
|
|
||||||
[AS_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=32@:>@])],
|
|
||||||
[with_group_name_max_length=$withval], [with_group_name_max_length=yes])
|
|
||||||
AC_ARG_WITH(su,
|
|
||||||
[AS_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
|
|
||||||
[with_su=$withval], [with_su=yes])
|
|
||||||
AC_ARG_WITH(libbsd,
|
|
||||||
[AS_HELP_STRING([--with-libbsd], [use libbsd support @<:@default=yes if found@:>@])],
|
|
||||||
[with_libbsd=$withval], [with_libbsd=yes])
|
|
||||||
|
|
||||||
if test "$with_group_name_max_length" = "no" ; then
|
|
||||||
with_group_name_max_length=0
|
|
||||||
elif test "$with_group_name_max_length" = "yes" ; then
|
|
||||||
with_group_name_max_length=32
|
|
||||||
fi
|
|
||||||
AC_DEFINE_UNQUOTED(GROUP_NAME_MAX_LENGTH, $with_group_name_max_length, [max group name length])
|
|
||||||
AC_SUBST(GROUP_NAME_MAX_LENGTH)
|
|
||||||
GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"
|
|
||||||
|
|
||||||
AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes")
|
|
||||||
if test "$with_sha_crypt" = "yes"; then
|
|
||||||
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
|
|
||||||
if test "$with_bcrypt" = "yes"; then
|
|
||||||
AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AM_CONDITIONAL(USE_YESCRYPT, test "x$with_yescrypt" = "xyes")
|
|
||||||
if test "$with_yescrypt" = "yes"; then
|
|
||||||
AC_DEFINE(USE_YESCRYPT, 1, [Define to allow the yescrypt password encryption algorithm])
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$with_nscd" = "yes"; then
|
|
||||||
AC_CHECK_FUNC(posix_spawn,
|
|
||||||
[AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
|
|
||||||
[AC_MSG_ERROR([posix_spawn is needed for nscd support])])
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$with_sssd" = "yes"; then
|
|
||||||
AC_CHECK_FUNC(posix_spawn,
|
|
||||||
[AC_DEFINE(USE_SSSD, 1, [Define to support flushing of sssd caches])],
|
|
||||||
[AC_MSG_ERROR([posix_spawn is needed for sssd support])])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su]))
|
|
||||||
AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
|
|
||||||
|
|
||||||
dnl Check for some functions in libc first, only if not found check for
|
|
||||||
dnl other libraries. This should prevent linking libnsl if not really
|
|
||||||
dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
|
|
||||||
|
|
||||||
AC_SEARCH_LIBS(gethostbyname, nsl)
|
|
||||||
|
|
||||||
AC_CHECK_LIB([econf],[econf_readDirs],[LIBECONF="-leconf"],[LIBECONF=""])
|
|
||||||
if test -n "$LIBECONF"; then
|
|
||||||
AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"],
|
|
||||||
[Directory for distribution provided configuration files])
|
|
||||||
ECONF_CPPFLAGS="-DUSE_ECONF=1"
|
|
||||||
AC_ARG_ENABLE([vendordir],
|
|
||||||
AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
|
|
||||||
fi
|
|
||||||
AC_SUBST(ECONF_CPPFLAGS)
|
|
||||||
AC_SUBST(LIBECONF)
|
|
||||||
AC_SUBST([VENDORDIR], [$enable_vendordir])
|
|
||||||
if test "x$enable_vendordir" != x; then
|
|
||||||
AC_DEFINE(HAVE_VENDORDIR, 1, [Define to support vendor settings.])
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL([HAVE_VENDORDIR], [test "x$enable_vendordir" != x])
|
|
||||||
|
|
||||||
if test "$enable_shadowgrp" = "yes"; then
|
|
||||||
AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(SHADOWGRP, test "x$enable_shadowgrp" = "xyes")
|
|
||||||
|
|
||||||
if test "$enable_man" = "yes"; then
|
|
||||||
dnl
|
|
||||||
dnl Check for xsltproc
|
|
||||||
dnl
|
|
||||||
AC_PATH_PROG([XSLTPROC], [xsltproc])
|
|
||||||
if test -z "$XSLTPROC"; then
|
|
||||||
enable_man=no
|
|
||||||
AC_MSG_ERROR([xsltproc is missing.])
|
|
||||||
fi
|
|
||||||
|
|
||||||
dnl check for DocBook DTD and stylesheets in the local catalog.
|
|
||||||
JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.5//EN],
|
|
||||||
[DocBook XML DTD V4.5], [], enable_man=no)
|
|
||||||
JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
|
|
||||||
[DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test "x$enable_man" != "xno")
|
|
||||||
|
|
||||||
if test "$enable_subids" != "no"; then
|
|
||||||
dnl
|
|
||||||
dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
|
|
||||||
dnl
|
|
||||||
AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
|
|
||||||
AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
|
|
||||||
|
|
||||||
if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
|
|
||||||
AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
|
|
||||||
enable_subids="yes"
|
|
||||||
else
|
|
||||||
if test "x$enable_subids" = "xyes"; then
|
|
||||||
AC_MSG_ERROR([Cannot enable support the subordinate IDs on systems where gid_t or uid_t has less than 32 bits])
|
|
||||||
fi
|
|
||||||
enable_subids="no"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(ENABLE_SUBIDS, test "x$enable_subids" != "xno")
|
|
||||||
|
|
||||||
if test "$enable_lastlog" = "yes" && test "$ac_cv_header_lastlog_h" = "yes"; then
|
|
||||||
AC_CACHE_CHECK(for ll_host in struct lastlog,
|
|
||||||
ac_cv_struct_lastlog_ll_host,
|
|
||||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
|
|
||||||
[struct lastlog ll; char *cp = ll.ll_host;]
|
|
||||||
)],
|
|
||||||
[ac_cv_struct_lastlog_ll_host=yes],
|
|
||||||
[ac_cv_struct_lastlog_ll_host=no]
|
|
||||||
)
|
|
||||||
)
|
|
||||||
|
|
||||||
if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
|
|
||||||
AC_DEFINE(HAVE_LL_HOST, 1,
|
|
||||||
[Define if struct lastlog has ll_host])
|
|
||||||
AC_DEFINE(ENABLE_LASTLOG, 1, [Define to support lastlog.])
|
|
||||||
enable_lastlog="yes"
|
|
||||||
else
|
|
||||||
AC_MSG_ERROR([Cannot enable support for lastlog on systems where the data structures aren't available])
|
|
||||||
enable_subids="no"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(ENABLE_LASTLOG, test "x$enable_lastlog" != "xno")
|
|
||||||
|
|
||||||
AC_SUBST(LIBSYSTEMD)
|
|
||||||
if test "$enable_logind" = "yes"; then
|
|
||||||
AC_CHECK_LIB(systemd, sd_session_get_remote_host,
|
|
||||||
[enable_logind="yes"; [LIBSYSTEMD=-lsystemd];
|
|
||||||
AC_DEFINE(ENABLE_LOGIND, 1,
|
|
||||||
[Define to manage session support with logind.])],
|
|
||||||
[enable_logind="no"])
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(ENABLE_LOGIND, test "x$enable_logind" != "xno")
|
|
||||||
|
|
||||||
AC_SUBST(LIBCRYPT)
|
|
||||||
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
|
|
||||||
[AC_MSG_ERROR([crypt() not found])])
|
|
||||||
|
|
||||||
AC_SUBST(LIYESCRYPT)
|
|
||||||
AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
|
|
||||||
[AC_MSG_ERROR([crypt() not found])])
|
|
||||||
|
|
||||||
AC_SUBST(LIBBSD)
|
|
||||||
if test "$with_libbsd" != "no"; then
|
|
||||||
AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
|
|
||||||
AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
|
|
||||||
])
|
|
||||||
AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
|
|
||||||
PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
|
|
||||||
])
|
|
||||||
dnl Make sure either the libc or libbsd provide the header.
|
|
||||||
save_CFLAGS="$CFLAGS"
|
|
||||||
CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
|
|
||||||
AC_CHECK_HEADERS([readpassphrase.h])
|
|
||||||
AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
|
|
||||||
AC_MSG_ERROR([readpassphrase.h is missing])
|
|
||||||
])
|
|
||||||
CFLAGS="$save_CFLAGS"
|
|
||||||
AC_DEFINE(WITH_LIBBSD, 1, [Build shadow with libbsd support])
|
|
||||||
else
|
|
||||||
AC_DEFINE(WITH_LIBBSD, 0, [Build shadow without libbsd support])
|
|
||||||
AC_CHECK_FUNC(strlcpy, [], [AC_MSG_ERROR([strlcpy is required from glibc >= 2.38 or libbsd])])
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(WITH_LIBBSD, test x$with_libbsd = xyes)
|
|
||||||
|
|
||||||
AC_SUBST(LIBACL)
|
|
||||||
if test "$with_acl" != "no"; then
|
|
||||||
AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
|
|
||||||
if test "$acl_header$with_acl" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([acl/libacl.h or attr/error_context.h is missing])
|
|
||||||
elif test "$acl_header" = "yes" ; then
|
|
||||||
AC_CHECK_LIB(acl, perm_copy_file,
|
|
||||||
[AC_CHECK_LIB(acl, perm_copy_fd,
|
|
||||||
[acl_lib="yes"],
|
|
||||||
[acl_lib="no"])],
|
|
||||||
[acl_lib="no"])
|
|
||||||
if test "$acl_lib$with_acl" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([libacl not found])
|
|
||||||
elif test "$acl_lib" = "no" ; then
|
|
||||||
with_acl="no"
|
|
||||||
else
|
|
||||||
AC_DEFINE(WITH_ACL, 1,
|
|
||||||
[Build shadow with ACL support])
|
|
||||||
LIBACL="-lacl"
|
|
||||||
with_acl="yes"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
with_acl="no"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_SUBST(LIBATTR)
|
|
||||||
if test "$with_attr" != "no"; then
|
|
||||||
AC_CHECK_HEADERS(attr/libattr.h attr/error_context.h, [attr_header="yes"], [attr_header="no"])
|
|
||||||
if test "$attr_header$with_attr" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([attr/libattr.h or attr/error_context.h is missing])
|
|
||||||
elif test "$attr_header" = "yes" ; then
|
|
||||||
AC_CHECK_LIB(attr, attr_copy_file,
|
|
||||||
[AC_CHECK_LIB(attr, attr_copy_fd,
|
|
||||||
[attr_lib="yes"],
|
|
||||||
[attr_lib="no"])],
|
|
||||||
[attr_lib="no"])
|
|
||||||
if test "$attr_lib$with_attr" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([libattr not found])
|
|
||||||
elif test "$attr_lib" = "no" ; then
|
|
||||||
with_attr="no"
|
|
||||||
else
|
|
||||||
AC_DEFINE(WITH_ATTR, 1,
|
|
||||||
[Build shadow with Extended Attributes support])
|
|
||||||
LIBATTR="-lattr"
|
|
||||||
with_attr="yes"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
with_attr="no"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_SUBST(LIBAUDIT)
|
|
||||||
if test "$with_audit" != "no"; then
|
|
||||||
AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
|
|
||||||
if test "$audit_header$with_audit" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([libaudit.h is missing])
|
|
||||||
elif test "$audit_header" = "yes"; then
|
|
||||||
AC_CHECK_DECL(AUDIT_ADD_USER,,[audit_header="no"],[#include <libaudit.h>])
|
|
||||||
AC_CHECK_DECL(AUDIT_DEL_USER,,[audit_header="no"],[#include <libaudit.h>])
|
|
||||||
AC_CHECK_DECL(AUDIT_ADD_GROUP,,[audit_header="no"],[#include <libaudit.h>])
|
|
||||||
AC_CHECK_DECL(AUDIT_DEL_GROUP,,[audit_header="no"],[#include <libaudit.h>])
|
|
||||||
if test "$audit_header$with_audit" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([AUDIT_ADD_USER AUDIT_DEL_USER AUDIT_ADD_GROUP or AUDIT_DEL_GROUP missing from libaudit.h])
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if test "$audit_header" = "yes"; then
|
|
||||||
AC_CHECK_LIB(audit, audit_log_acct_message,
|
|
||||||
[audit_lib="yes"], [audit_lib="no"])
|
|
||||||
if test "$audit_lib$with_audit" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([libaudit not found])
|
|
||||||
elif test "$audit_lib" = "no" ; then
|
|
||||||
with_audit="no"
|
|
||||||
else
|
|
||||||
AC_DEFINE(WITH_AUDIT, 1,
|
|
||||||
[Define if you want to enable Audit messages])
|
|
||||||
LIBAUDIT="-laudit"
|
|
||||||
with_audit="yes"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
with_audit="no"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_SUBST(LIBCRACK)
|
|
||||||
if test "$with_libcrack" = "yes"; then
|
|
||||||
echo "checking cracklib flavour, don't be surprised by the results"
|
|
||||||
AC_CHECK_LIB(crack, FascistCheck,
|
|
||||||
[LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])])
|
|
||||||
AC_CHECK_LIB(crack, FascistHistory,
|
|
||||||
AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.]))
|
|
||||||
AC_CHECK_LIB(crack, FascistHistoryPw,
|
|
||||||
AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$with_btrfs" != "no"; then
|
|
||||||
AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
|
|
||||||
[btrfs_headers="yes"], [btrfs_headers="no"])
|
|
||||||
if test "$btrfs_headers$with_btrfs" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$btrfs_headers" = "yes" ; then
|
|
||||||
AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
|
|
||||||
with_btrfs="yes"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)
|
|
||||||
|
|
||||||
AC_SUBST(LIBSELINUX)
|
|
||||||
AC_SUBST(LIBSEMANAGE)
|
|
||||||
if test "$with_selinux" != "no"; then
|
|
||||||
AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
|
|
||||||
if test "$selinux_header$with_selinux" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([selinux/selinux.h is missing])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_CHECK_HEADERS(semanage/semanage.h, [semanage_header="yes"], [semanage_header="no"])
|
|
||||||
if test "$semanage_header$with_selinux" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([semanage/semanage.h is missing])
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$selinux_header$semanage_header" = "yesyes" ; then
|
|
||||||
AC_CHECK_LIB(selinux, is_selinux_enabled, [selinux_lib="yes"], [selinux_lib="no"])
|
|
||||||
if test "$selinux_lib$with_selinux" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([libselinux not found])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_CHECK_LIB(semanage, semanage_connect, [semanage_lib="yes"], [semanage_lib="no"])
|
|
||||||
if test "$semanage_lib$with_selinux" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([libsemanage not found])
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$selinux_lib$semanage_lib" = "yesyes" ; then
|
|
||||||
AC_DEFINE(WITH_SELINUX, 1,
|
|
||||||
[Build shadow with SELinux support])
|
|
||||||
LIBSELINUX="-lselinux"
|
|
||||||
LIBSEMANAGE="-lsemanage"
|
|
||||||
with_selinux="yes"
|
|
||||||
else
|
|
||||||
with_selinux="no"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
with_selinux="no"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_SUBST(LIBTCB)
|
|
||||||
if test "$with_tcb" != "no"; then
|
|
||||||
AC_CHECK_HEADERS(tcb.h, [tcb_header="yes"], [tcb_header="no"])
|
|
||||||
if test "$tcb_header$with_tcb" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([tcb.h is missing])
|
|
||||||
elif test "$tcb_header" = "yes" ; then
|
|
||||||
AC_CHECK_LIB(tcb, tcb_is_suspect, [tcb_lib="yes"], [tcb_lib="no"])
|
|
||||||
if test "$tcb_lib$with_tcb" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR([libtcb not found])
|
|
||||||
elif test "$tcb_lib" = "no" ; then
|
|
||||||
with_tcb="no"
|
|
||||||
else
|
|
||||||
AC_DEFINE(WITH_TCB, 1, [Build shadow with tcb support (incomplete)])
|
|
||||||
LIBTCB="-ltcb"
|
|
||||||
with_tcb="yes"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
with_tcb="no"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(WITH_TCB, test x$with_tcb = xyes)
|
|
||||||
|
|
||||||
AC_SUBST(LIBPAM)
|
|
||||||
if test "$with_libpam" != "no"; then
|
|
||||||
AC_CHECK_LIB(pam, pam_start,
|
|
||||||
[pam_lib="yes"], [pam_lib="no"])
|
|
||||||
if test "$pam_lib$with_libpam" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR(libpam not found)
|
|
||||||
fi
|
|
||||||
|
|
||||||
LIBPAM="-lpam"
|
|
||||||
pam_conv_function="no"
|
|
||||||
|
|
||||||
AC_CHECK_LIB(pam, openpam_ttyconv,
|
|
||||||
[pam_conv_function="openpam_ttyconv"],
|
|
||||||
AC_CHECK_LIB(pam_misc, misc_conv,
|
|
||||||
[pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
|
|
||||||
)
|
|
||||||
|
|
||||||
if test "$pam_conv_function$with_libpam" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR(PAM conversation function not found)
|
|
||||||
fi
|
|
||||||
|
|
||||||
pam_headers_found=no
|
|
||||||
AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
|
|
||||||
[ pam_headers_found=yes ; break ], [],
|
|
||||||
[ #include <security/pam_appl.h> ] )
|
|
||||||
if test "$pam_headers_found$with_libpam" = "noyes" ; then
|
|
||||||
AC_MSG_ERROR(PAM headers not found)
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
|
|
||||||
with_libpam="yes"
|
|
||||||
else
|
|
||||||
with_libpam="no"
|
|
||||||
unset LIBPAM
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
dnl Now with_libpam is either yes or no
|
|
||||||
if test "$with_libpam" = "yes"; then
|
|
||||||
AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
|
|
||||||
PAM_DELETE_CRED,
|
|
||||||
PAM_NEW_AUTHTOK_REQD,
|
|
||||||
PAM_DATA_SILENT],
|
|
||||||
[], [], [#include <security/pam_appl.h>])
|
|
||||||
|
|
||||||
|
|
||||||
save_libs=$LIBS
|
|
||||||
LIBS="$LIBS $LIBPAM"
|
|
||||||
# We do not use AC_CHECK_FUNCS to avoid duplicated definition with
|
|
||||||
# Linux PAM.
|
|
||||||
AC_CHECK_FUNC(pam_fail_delay, [AC_DEFINE(HAS_PAM_FAIL_DELAY, 1, [Define to 1 if you have the declaration of 'pam_fail_delay'])])
|
|
||||||
LIBS=$save_libs
|
|
||||||
|
|
||||||
AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
|
|
||||||
AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM conversation to use])
|
|
||||||
AM_CONDITIONAL(USE_PAM, [true])
|
|
||||||
|
|
||||||
AC_MSG_CHECKING(use login and su access checking if PAM not used)
|
|
||||||
AC_MSG_RESULT(no)
|
|
||||||
else
|
|
||||||
AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
|
|
||||||
AM_CONDITIONAL(USE_PAM, [false])
|
|
||||||
AC_MSG_CHECKING(use login and su access checking if PAM not used)
|
|
||||||
AC_MSG_RESULT(yes)
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$enable_acct_tools_setuid" != "no"; then
|
|
||||||
if test "$with_libpam" != "yes"; then
|
|
||||||
if test "$enable_acct_tools_setuid" = "yes"; then
|
|
||||||
AC_MSG_ERROR(PAM support is required for --enable-account-tools-setuid)
|
|
||||||
else
|
|
||||||
enable_acct_tools_setuid="no"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
enable_acct_tools_setuid="yes"
|
|
||||||
fi
|
|
||||||
if test "$enable_acct_tools_setuid" = "yes"; then
|
|
||||||
AC_DEFINE(ACCT_TOOLS_SETUID,
|
|
||||||
1,
|
|
||||||
[Define if account management tools should be installed setuid and authenticate the callers])
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
|
|
||||||
|
|
||||||
|
|
||||||
AC_ARG_WITH(fcaps,
|
|
||||||
[AS_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
|
|
||||||
[with_fcaps=$withval], [with_fcaps=no])
|
|
||||||
AM_CONDITIONAL(FCAPS, test "x$with_fcaps" = "xyes")
|
|
||||||
|
|
||||||
if test "x$with_fcaps" = "xyes"; then
|
|
||||||
AC_CHECK_PROGS(capcmd, "setcap")
|
|
||||||
if test "x$capcmd" = "x" ; then
|
|
||||||
AC_MSG_ERROR([setcap command not available])
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_SUBST(LIBSKEY)
|
|
||||||
AC_SUBST(LIBMD)
|
|
||||||
if test "$with_skey" = "yes"; then
|
|
||||||
AC_CHECK_LIB(md, MD5Init, [LIBMD=-lmd])
|
|
||||||
AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
|
|
||||||
[AC_MSG_ERROR([liskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
|
|
||||||
AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
|
|
||||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <skey.h>
|
|
||||||
]], [[
|
|
||||||
skeychallenge((void*)0, (void*)0, (void*)0, 0);
|
|
||||||
]])],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])],[])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_CHECK_FUNC(fgetpwent_r, [AC_DEFINE(HAVE_FGETPWENT_R, 1, [Defined to 1 if you have the declaration of 'fgetpwent_r'])])
|
|
||||||
|
|
||||||
AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.])
|
|
||||||
|
|
||||||
AM_GNU_GETTEXT_VERSION([0.19])
|
|
||||||
AM_GNU_GETTEXT([external], [need-ngettext])
|
|
||||||
AM_CONDITIONAL(USE_NLS, test "x$USE_NLS" = "xyes")
|
|
||||||
|
|
||||||
AC_CONFIG_FILES([
|
|
||||||
Makefile
|
|
||||||
po/Makefile.in
|
|
||||||
doc/Makefile
|
|
||||||
man/Makefile
|
|
||||||
man/config.xml
|
|
||||||
man/po/Makefile
|
|
||||||
man/cs/Makefile
|
|
||||||
man/da/Makefile
|
|
||||||
man/de/Makefile
|
|
||||||
man/es/Makefile
|
|
||||||
man/fi/Makefile
|
|
||||||
man/fr/Makefile
|
|
||||||
man/hu/Makefile
|
|
||||||
man/id/Makefile
|
|
||||||
man/it/Makefile
|
|
||||||
man/ja/Makefile
|
|
||||||
man/ko/Makefile
|
|
||||||
man/pl/Makefile
|
|
||||||
man/pt_BR/Makefile
|
|
||||||
man/ru/Makefile
|
|
||||||
man/sv/Makefile
|
|
||||||
man/tr/Makefile
|
|
||||||
man/uk/Makefile
|
|
||||||
man/zh_CN/Makefile
|
|
||||||
man/zh_TW/Makefile
|
|
||||||
libmisc/Makefile
|
|
||||||
lib/Makefile
|
|
||||||
libsubid/Makefile
|
|
||||||
libsubid/subid.h
|
|
||||||
src/Makefile
|
|
||||||
contrib/Makefile
|
|
||||||
etc/Makefile
|
|
||||||
etc/pam.d/Makefile
|
|
||||||
etc/shadow-maint/Makefile
|
|
||||||
shadow.spec
|
|
||||||
])
|
|
||||||
AC_OUTPUT
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "shadow will be compiled with the following features:"
|
|
||||||
echo
|
|
||||||
echo " auditing support: $with_audit"
|
|
||||||
echo " CrackLib support: $with_libcrack"
|
|
||||||
echo " PAM support: $with_libpam"
|
|
||||||
if test "$with_libpam" = "yes"; then
|
|
||||||
echo " suid account management tools: $enable_acct_tools_setuid"
|
|
||||||
fi
|
|
||||||
echo " SELinux support: $with_selinux"
|
|
||||||
echo " BtrFS support: $with_btrfs"
|
|
||||||
echo " ACL support: $with_acl"
|
|
||||||
echo " Extended Attributes support: $with_attr"
|
|
||||||
echo " tcb support (incomplete): $with_tcb"
|
|
||||||
echo " shadow group support: $enable_shadowgrp"
|
|
||||||
echo " S/Key support: $with_skey"
|
|
||||||
echo " SHA passwords encryption: $with_sha_crypt"
|
|
||||||
echo " bcrypt passwords encryption: $with_bcrypt"
|
|
||||||
echo " yescrypt passwords encryption: $with_yescrypt"
|
|
||||||
echo " nscd support: $with_nscd"
|
|
||||||
echo " sssd support: $with_sssd"
|
|
||||||
echo " subordinate IDs support: $enable_subids"
|
|
||||||
echo " enable lastlog: $enable_lastlog"
|
|
||||||
echo " enable logind: $enable_logind"
|
|
||||||
echo " use file caps: $with_fcaps"
|
|
||||||
echo " install su: $with_su"
|
|
||||||
echo " enabled vendor dir: $enable_vendordir"
|
|
||||||
echo
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
# This is a dummy Makefile.am to get automake work flawlessly,
|
|
||||||
# and also cooperate to make a distribution for `make dist'
|
|
||||||
|
|
||||||
EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \
|
|
||||||
atudel groupmems.shar shadow-anonftp.patch \
|
|
||||||
udbachk.tgz
|
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
People keep sending various adduser programs and scripts... They are
|
|
||||||
all in this directory. I haven't tested them, use at your own risk.
|
|
||||||
Anyway, the best one I've seen so far is adduser-3.x from Debian.
|
|
||||||
|
|
||||||
atudel is a perl script to remove at jobs owned by the specified user
|
|
||||||
(atrm in at-2.9 for Linux can't do that).
|
|
||||||
|
|
||||||
udbachk.tgz is a passwd/group/shadow file integrity checker.
|
|
||||||
|
|
||||||
--marekm
|
|
||||||
@@ -1,502 +0,0 @@
|
|||||||
/****
|
|
||||||
** 04/21/96
|
|
||||||
** hacked even more, replaced gets() with something slightly harder to buffer
|
|
||||||
** overflow. Added support for setting a default quota on new account, with
|
|
||||||
** edquota -p. Other cleanups for security, I let some users run adduser suid
|
|
||||||
** root to add new accounts. (overflow checks, clobber environment, valid
|
|
||||||
** shell checks, restrictions on gid + home dir settings).
|
|
||||||
|
|
||||||
** Added max. username length. Used syslog() a bit for important events.
|
|
||||||
** Support to immediately expire account with passwd -e.
|
|
||||||
|
|
||||||
** Called it version 2.0! Because I felt like it!
|
|
||||||
|
|
||||||
** -- Chris, chris@ferret.lmh.ox.ac.uk
|
|
||||||
|
|
||||||
** 03/17/96
|
|
||||||
** hacked a bit more, removed unused code, cleaned up for gcc -Wall.
|
|
||||||
** --marekm
|
|
||||||
**
|
|
||||||
** 02/26/96
|
|
||||||
** modified to call shadow utils (useradd,chage,passwd) on shadowed
|
|
||||||
** systems - Cristian Gafton, gafton@sorosis.ro
|
|
||||||
**
|
|
||||||
** 6/27/95
|
|
||||||
** shadow-adduser 1.4:
|
|
||||||
**
|
|
||||||
** now it copies the /etc/skel dir into the person's dir,
|
|
||||||
** makes the mail folders, changed some defaults and made a 'make
|
|
||||||
** install' just for the hell of it.
|
|
||||||
**
|
|
||||||
** Greg Gallagher
|
|
||||||
** CIN.Net
|
|
||||||
**
|
|
||||||
** 1/28/95
|
|
||||||
** shadow-adduser 1.3:
|
|
||||||
**
|
|
||||||
** Basically a bug-fix on my additions in 1.2. Thanks to Terry Stewart
|
|
||||||
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
|
||||||
** It was such a stupid bug that I would have never seen it myself.
|
|
||||||
**
|
|
||||||
** Brandon
|
|
||||||
*****
|
|
||||||
** 01/27/95
|
|
||||||
**
|
|
||||||
** shadow-adduser 1.2:
|
|
||||||
** I took the C source from adduser-shadow (credits are below) and made
|
|
||||||
** it a little more worthwhile. Many small changes... Here's
|
|
||||||
** the ones I can remember:
|
|
||||||
**
|
|
||||||
** Removed support for non-shadowed systems (if you don't have shadow,
|
|
||||||
** use the original adduser, don't get this shadow version!)
|
|
||||||
** Added support for the correct /etc/shadow fields (Min days before
|
|
||||||
** password change, max days before password change, Warning days,
|
|
||||||
** and how many days from expiry date does the account go invalid)
|
|
||||||
** The previous version just left all of those fields blank.
|
|
||||||
** There is still one field left (expiry date for the account, period)
|
|
||||||
** which I have left blank because I do not use it and didn't want to
|
|
||||||
** spend any more time on this. I'm sure someone will put it in and
|
|
||||||
** tack another plethora of credits on here. :)
|
|
||||||
** Added in the password date field, which should always reflect the last
|
|
||||||
** date the password was changed, for expiry purposes. "passwd" always
|
|
||||||
** updates this field, so the adduser program should set it up right
|
|
||||||
** initially (or a user could keep their initial password forever ;)
|
|
||||||
** The number is in days since Jan 1st, 1970.
|
|
||||||
**
|
|
||||||
** Have fun with it, and someone please make
|
|
||||||
** a real version(this is still just a hack)
|
|
||||||
** for us all to use (and Email it to me???)
|
|
||||||
**
|
|
||||||
** Brandon
|
|
||||||
** photon@usis.com
|
|
||||||
**
|
|
||||||
*****
|
|
||||||
** adduser 1.0: add a new user account (For systems not using shadow)
|
|
||||||
** With a nice little interface and a will to do all the work for you.
|
|
||||||
**
|
|
||||||
** Craig Hagan
|
|
||||||
** hagan@opine.cs.umass.edu
|
|
||||||
**
|
|
||||||
** Modified to really work, look clean, and find unused uid by Chris Cappuccio
|
|
||||||
** chris@slinky.cs.umass.edu
|
|
||||||
**
|
|
||||||
*****
|
|
||||||
**
|
|
||||||
** 01/19/95
|
|
||||||
**
|
|
||||||
** FURTHER modifications to enable shadow passwd support (kludged, but
|
|
||||||
** no more so than the original) by Dan Crowson - dcrowson@mo.net
|
|
||||||
**
|
|
||||||
** Search on DAN for all changes...
|
|
||||||
**
|
|
||||||
*****
|
|
||||||
**
|
|
||||||
** cc -O -o adduser adduser.c
|
|
||||||
** Use gcc if you have it... (political reasons beyond my control) (chris)
|
|
||||||
**
|
|
||||||
** I've gotten this program to work with success under Linux (without
|
|
||||||
** shadow) and SunOS 4.1.3. I would assume it should work pretty well
|
|
||||||
** on any system that uses no shadow. (chris)
|
|
||||||
**
|
|
||||||
** If you have no crypt() then try
|
|
||||||
** cc -DNO_CRYPT -O -o adduser adduser.c xfdes.c
|
|
||||||
** I'm not sure how login operates with no crypt()... I guess
|
|
||||||
** the same way we're doing it here.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <pwd.h>
|
|
||||||
#include <grp.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/timeb.h>
|
|
||||||
#include <sys/time.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <syslog.h>
|
|
||||||
|
|
||||||
#define IMMEDIATE_CHANGE /* Expire newly created password, must be changed
|
|
||||||
* immediately upon next login */
|
|
||||||
#define HAVE_QUOTAS /* Obvious */
|
|
||||||
#define EXPIRE_VALS_SET /* If defined, 'normal' users can't change
|
|
||||||
* password expiry values (if running suid root) */
|
|
||||||
|
|
||||||
#define HAVE_GETUSERSHELL /* FIXME: Isn't this defined in config.h too? */
|
|
||||||
#define LOGGING /* If we want to log various things to syslog */
|
|
||||||
#define MAX_USRNAME 8 /* Longer usernames seem to work on my system....
|
|
||||||
* But they're probably a poor idea */
|
|
||||||
|
|
||||||
|
|
||||||
#define DEFAULT_SHELL "/bin/bash" /* because BASH is your friend */
|
|
||||||
#define DEFAULT_HOME "/home"
|
|
||||||
#define USERADD_PATH "/usr/sbin/useradd"
|
|
||||||
#define CHAGE_PATH "/usr/bin/chage"
|
|
||||||
#define PASSWD_PATH "/usr/bin/passwd"
|
|
||||||
#define EDQUOTA_PATH "/usr/sbin/edquota"
|
|
||||||
#define QUOTA_DEFAULT "defuser"
|
|
||||||
#define DEFAULT_GROUP 100
|
|
||||||
|
|
||||||
#define DEFAULT_MIN_PASS 0
|
|
||||||
#define DEFAULT_MAX_PASS 100
|
|
||||||
#define DEFAULT_WARN_PASS 14
|
|
||||||
#define DEFAULT_USER_DIE 366
|
|
||||||
|
|
||||||
void safeget (char *, int);
|
|
||||||
|
|
||||||
void
|
|
||||||
main (void)
|
|
||||||
{
|
|
||||||
char foo[32];
|
|
||||||
char usrname[32], person[32], dir[32], shell[32];
|
|
||||||
unsigned int group, min_pass, max_pass, warn_pass, user_die;
|
|
||||||
/* the group and uid of the new user */
|
|
||||||
int bad = 0, done = 0, correct = 0, olduid;
|
|
||||||
char cmd[255];
|
|
||||||
struct group *grp;
|
|
||||||
|
|
||||||
/* flags, in order:
|
|
||||||
* bad to see if the username is in /etc/passwd, or if strange stuff has
|
|
||||||
* been typed if the user might be put in group 0
|
|
||||||
* done allows the program to exit when a user has been added
|
|
||||||
* correct loops until a username is found that isn't in /etc/passwd
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* The real program starts HERE! */
|
|
||||||
|
|
||||||
if (geteuid () != 0)
|
|
||||||
{
|
|
||||||
printf ("It seems you don't have access to add a new user. Try\n");
|
|
||||||
printf ("logging in as root or su root to gain superuser access.\n");
|
|
||||||
exit (1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Sanity checks
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifdef LOGGING
|
|
||||||
openlog ("adduser", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
|
|
||||||
syslog (LOG_INFO, "invoked by user %s\n", getpwuid (getuid ())->pw_name);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!(grp = getgrgid (DEFAULT_GROUP)))
|
|
||||||
{
|
|
||||||
printf ("Error: the default group %d does not exist on this system!\n",
|
|
||||||
DEFAULT_GROUP);
|
|
||||||
printf ("adduser must be recompiled.\n");
|
|
||||||
#ifdef LOGGING
|
|
||||||
syslog (LOG_ERR, "warning: failed. no such default group\n");
|
|
||||||
closelog ();
|
|
||||||
#endif
|
|
||||||
exit (1);
|
|
||||||
};
|
|
||||||
|
|
||||||
while (!correct)
|
|
||||||
{ /* loop until a "good" usrname is chosen */
|
|
||||||
while (!done)
|
|
||||||
{
|
|
||||||
printf ("\nLogin to add (^C to quit): ");
|
|
||||||
fflush (stdout);
|
|
||||||
|
|
||||||
safeget (usrname, sizeof (usrname));
|
|
||||||
|
|
||||||
if (!strlen (usrname))
|
|
||||||
{
|
|
||||||
printf ("Empty input.\n");
|
|
||||||
done = 0;
|
|
||||||
continue;
|
|
||||||
};
|
|
||||||
|
|
||||||
/* what I saw here before made me think maybe I was running DOS */
|
|
||||||
/* might this be a solution? (chris) */
|
|
||||||
if (strlen (usrname) > MAX_USRNAME)
|
|
||||||
{
|
|
||||||
printf ("That name is longer than the maximum of %d characters. Choose another.\n", MAX_USRNAME);
|
|
||||||
done = 0;
|
|
||||||
}
|
|
||||||
else if (getpwnam (usrname) != NULL)
|
|
||||||
{
|
|
||||||
printf ("That name is in use, choose another.\n");
|
|
||||||
done = 0;
|
|
||||||
}
|
|
||||||
else if (strchr (usrname, ' ') != NULL)
|
|
||||||
{
|
|
||||||
printf ("No spaces in username!!\n");
|
|
||||||
done = 0;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
done = 1;
|
|
||||||
}; /* done, we have a valid new user name */
|
|
||||||
|
|
||||||
/* all set, get the rest of the stuff */
|
|
||||||
printf ("\nEditing information for new user [%s]\n", usrname);
|
|
||||||
|
|
||||||
printf ("\nFull Name [%s]: ", usrname);
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (person, sizeof (person));
|
|
||||||
if (!strlen (person))
|
|
||||||
{
|
|
||||||
bzero (person, sizeof (person));
|
|
||||||
strcpy (person, usrname);
|
|
||||||
};
|
|
||||||
|
|
||||||
if (getuid () == 0)
|
|
||||||
{
|
|
||||||
do
|
|
||||||
{
|
|
||||||
bad = 0;
|
|
||||||
printf ("GID [%d]: ", DEFAULT_GROUP);
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (foo, sizeof (foo));
|
|
||||||
if (!strlen (foo))
|
|
||||||
group = DEFAULT_GROUP;
|
|
||||||
else if (isdigit (*foo))
|
|
||||||
{
|
|
||||||
group = atoi (foo);
|
|
||||||
if (!(grp = getgrgid (group)))
|
|
||||||
{
|
|
||||||
printf ("unknown gid %s\n", foo);
|
|
||||||
group = DEFAULT_GROUP;
|
|
||||||
bad = 1;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
else if ((grp = getgrnam (foo)))
|
|
||||||
group = grp->gr_gid;
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf ("unknown group %s\n", foo);
|
|
||||||
group = DEFAULT_GROUP;
|
|
||||||
bad = 1;
|
|
||||||
}
|
|
||||||
if (group == 0)
|
|
||||||
{ /* You're not allowed to make root group users! */
|
|
||||||
printf ("Creation of root group users not allowed (must be done by hand)\n");
|
|
||||||
group = DEFAULT_GROUP;
|
|
||||||
bad = 1;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
while (bad);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf ("Group will be default of: %d\n", DEFAULT_GROUP);
|
|
||||||
group = DEFAULT_GROUP;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (getuid () == 0)
|
|
||||||
{
|
|
||||||
printf ("\nIf home dir ends with a / then '%s' will be appended to it\n", usrname);
|
|
||||||
printf ("Home Directory [%s/%s]: ", DEFAULT_HOME, usrname);
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (dir, sizeof (dir));
|
|
||||||
if (!strlen (dir))
|
|
||||||
{ /* hit return */
|
|
||||||
sprintf (dir, "%s/%s", DEFAULT_HOME, usrname);
|
|
||||||
}
|
|
||||||
else if (dir[strlen (dir) - 1] == '/')
|
|
||||||
sprintf (dir+strlen(dir), "%s", usrname);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf ("\nHome directory will be %s/%s\n", DEFAULT_HOME, usrname);
|
|
||||||
sprintf (dir, "%s/%s", DEFAULT_HOME, usrname);
|
|
||||||
}
|
|
||||||
|
|
||||||
printf ("\nShell [%s]: ", DEFAULT_SHELL);
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (shell, sizeof (shell));
|
|
||||||
if (!strlen (shell))
|
|
||||||
sprintf (shell, "%s", DEFAULT_SHELL);
|
|
||||||
else
|
|
||||||
{
|
|
||||||
char *sh;
|
|
||||||
int ok = 0;
|
|
||||||
#ifdef HAVE_GETUSERSHELL
|
|
||||||
setusershell ();
|
|
||||||
while ((sh = getusershell ()) != NULL)
|
|
||||||
if (!strcmp (shell, sh))
|
|
||||||
ok = 1;
|
|
||||||
endusershell ();
|
|
||||||
#endif
|
|
||||||
if (!ok)
|
|
||||||
{
|
|
||||||
if (getuid () == 0)
|
|
||||||
printf ("Warning: root allowed non standard shell\n");
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf ("Shell NOT in /etc/shells, DEFAULT used\n");
|
|
||||||
sprintf (shell, "%s", DEFAULT_SHELL);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef EXPIRE_VALS_SET
|
|
||||||
if (getuid () == 0)
|
|
||||||
{
|
|
||||||
#endif
|
|
||||||
printf ("\nMin. Password Change Days [%d]: ", DEFAULT_MIN_PASS);
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (foo, sizeof (foo));
|
|
||||||
if (strlen (foo) > 1)
|
|
||||||
min_pass = DEFAULT_MIN_PASS;
|
|
||||||
else
|
|
||||||
min_pass = atoi (foo);
|
|
||||||
|
|
||||||
printf ("Max. Password Change Days [%d]: ", DEFAULT_MAX_PASS);
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (foo, sizeof (foo));
|
|
||||||
if (strlen (foo) > 1)
|
|
||||||
max_pass = atoi (foo);
|
|
||||||
else
|
|
||||||
max_pass = DEFAULT_MAX_PASS;
|
|
||||||
|
|
||||||
printf ("Password Warning Days [%d]: ", DEFAULT_WARN_PASS);
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (foo, sizeof (foo));
|
|
||||||
warn_pass = atoi (foo);
|
|
||||||
if (warn_pass == 0)
|
|
||||||
|
|
||||||
warn_pass = DEFAULT_WARN_PASS;
|
|
||||||
|
|
||||||
printf ("Days after Password Expiry for Account Locking [%d]: ", DEFAULT_USER_DIE);
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (foo, sizeof (foo));
|
|
||||||
user_die = atoi (foo);
|
|
||||||
if (user_die == 0)
|
|
||||||
user_die = DEFAULT_USER_DIE;
|
|
||||||
|
|
||||||
#ifdef EXPIRE_VALS_SET
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf ("\nSorry, account expiry values are set.\n");
|
|
||||||
user_die = DEFAULT_USER_DIE;
|
|
||||||
warn_pass = DEFAULT_WARN_PASS;
|
|
||||||
max_pass = DEFAULT_MAX_PASS;
|
|
||||||
min_pass = DEFAULT_MIN_PASS;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
printf ("\nInformation for new user [%s] [%s]:\n", usrname, person);
|
|
||||||
printf ("Home directory: [%s] Shell: [%s]\n", dir, shell);
|
|
||||||
printf ("GID: [%d]\n", group);
|
|
||||||
printf ("MinPass: [%d] MaxPass: [%d] WarnPass: [%d] UserExpire: [%d]\n",
|
|
||||||
min_pass, max_pass, warn_pass, user_die);
|
|
||||||
printf ("\nIs this correct? [y/N]: ");
|
|
||||||
fflush (stdout);
|
|
||||||
safeget (foo, sizeof (foo));
|
|
||||||
|
|
||||||
done = bad = correct = (foo[0] == 'y' || foo[0] == 'Y');
|
|
||||||
|
|
||||||
if (bad != 1)
|
|
||||||
printf ("\nUser [%s] not added\n", usrname);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Clobber the environment, I run this suid root sometimes to let
|
|
||||||
* non root privileged accounts add users --chris */
|
|
||||||
|
|
||||||
*environ = NULL;
|
|
||||||
|
|
||||||
bzero (cmd, sizeof (cmd));
|
|
||||||
sprintf (cmd, "%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
|
|
||||||
USERADD_PATH, group, dir, shell, person, usrname);
|
|
||||||
printf ("Calling useradd to add new user:\n%s\n", cmd);
|
|
||||||
if (system (cmd))
|
|
||||||
{
|
|
||||||
printf ("User add failed!\n");
|
|
||||||
#ifdef LOGGING
|
|
||||||
syslog (LOG_ERR, "could not add new user\n");
|
|
||||||
closelog ();
|
|
||||||
#endif
|
|
||||||
exit (errno);
|
|
||||||
};
|
|
||||||
|
|
||||||
olduid = getuid (); /* chage, passwd, edquota etc. require ruid = root
|
|
||||||
*/
|
|
||||||
setuid (0);
|
|
||||||
|
|
||||||
bzero (cmd, sizeof (cmd));
|
|
||||||
|
|
||||||
/* Chage runs suid root. => we need ruid root to run it with
|
|
||||||
* anything other than chage -l
|
|
||||||
*/
|
|
||||||
|
|
||||||
sprintf (cmd, "%s -m %d -M %d -W %d -I %d %s", CHAGE_PATH,
|
|
||||||
min_pass, max_pass, warn_pass, user_die, usrname);
|
|
||||||
printf ("%s\n", cmd);
|
|
||||||
if (system (cmd))
|
|
||||||
{
|
|
||||||
printf ("There was an error setting password expire values\n");
|
|
||||||
#ifdef LOGGING
|
|
||||||
syslog (LOG_ERR, "password expire values could not be set\n");
|
|
||||||
#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
/* I want to add a user completely with one easy command --chris */
|
|
||||||
|
|
||||||
#ifdef HAVE_QUOTAS
|
|
||||||
bzero (cmd, sizeof (cmd));
|
|
||||||
sprintf (cmd, "%s -p %s -u %s", EDQUOTA_PATH, QUOTA_DEFAULT, usrname);
|
|
||||||
printf ("%s\n", cmd);
|
|
||||||
if (system (cmd))
|
|
||||||
{
|
|
||||||
printf ("\nWarning: error setting quota\n");
|
|
||||||
#ifdef LOGGING
|
|
||||||
syslog (LOG_ERR, "warning: account created but NO quotas set!\n");
|
|
||||||
#endif /* LOGGING */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
printf ("\nDefault quota set.\n");
|
|
||||||
#endif /* HAVE_QUOTAS */
|
|
||||||
|
|
||||||
bzero (cmd, sizeof (cmd));
|
|
||||||
sprintf (cmd, "%s %s", PASSWD_PATH, usrname);
|
|
||||||
if (system (cmd))
|
|
||||||
{
|
|
||||||
printf ("\nWarning: error setting password\n");
|
|
||||||
#ifdef LOGGING
|
|
||||||
syslog (LOG_ERR, "warning: password set failed!\n");
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
#ifdef IMMEDIATE_CHANGE
|
|
||||||
bzero (cmd, sizeof (cmd));
|
|
||||||
sprintf (cmd, "%s -e %s", PASSWD_PATH, usrname);
|
|
||||||
if (system (cmd))
|
|
||||||
{
|
|
||||||
printf ("\nWarning: error expiring password\n");
|
|
||||||
#ifdef LOGGING
|
|
||||||
syslog (LOG_ERR, "warning: password expire failed!\n");
|
|
||||||
#endif /* LOGGING */
|
|
||||||
}
|
|
||||||
#endif /* IMMEDIATE_CHANGE */
|
|
||||||
|
|
||||||
setuid (olduid);
|
|
||||||
|
|
||||||
#ifdef LOGGING
|
|
||||||
closelog ();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
printf ("\nDone.\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
safeget (char *buf, int maxlen)
|
|
||||||
{
|
|
||||||
int c, i = 0, bad = 0;
|
|
||||||
char *bstart = buf;
|
|
||||||
while ((c = getc (stdin)) != EOF && (c != '\n') && (++i < maxlen))
|
|
||||||
{
|
|
||||||
bad = (!isalnum (c) && (c != '_') && (c != ' '));
|
|
||||||
*(buf++) = c;
|
|
||||||
}
|
|
||||||
*buf = '\0';
|
|
||||||
|
|
||||||
if (bad)
|
|
||||||
{
|
|
||||||
printf ("\nString contained banned character. Please stick to alphanumerics.\n");
|
|
||||||
*bstart = '\0';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,90 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# adduser script for use with shadow passwords and useradd command.
|
|
||||||
# by Hrvoje Dogan <hdogan@student.math.hr>, Dec 1995.
|
|
||||||
|
|
||||||
echo -n "Login name for new user []:"
|
|
||||||
read LOGIN
|
|
||||||
if [ -z $LOGIN ]
|
|
||||||
then echo "Come on, man, you can't leave the login field empty...";exit
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
echo -n "User id for $LOGIN [ defaults to next available]:"
|
|
||||||
read ID
|
|
||||||
GUID="-u $ID"
|
|
||||||
if [ -z $ID ]
|
|
||||||
then GUID=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo -n "Initial group for $LOGIN [users]:"
|
|
||||||
read GID
|
|
||||||
GGID="-g $GID"
|
|
||||||
if [ -z $GID ]
|
|
||||||
then GGID=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo -n "Additional groups for $LOGIN []:"
|
|
||||||
read AGID
|
|
||||||
GAGID="-G $AGID"
|
|
||||||
if [ -z $AGID ]
|
|
||||||
then GAGID=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo -n "$LOGIN's home directory [/home/$LOGIN]:"
|
|
||||||
read HME
|
|
||||||
GHME="-d $HME"
|
|
||||||
if [ -z $HME ]
|
|
||||||
then GHME=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo -n "$LOGIN's shell [/bin/bash]:"
|
|
||||||
read SHL
|
|
||||||
GSHL="-s $SHL"
|
|
||||||
if [ -z $SHL ]
|
|
||||||
then GSHL=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo -n "$LOGIN's account expiry date (MM/DD/YY) []:"
|
|
||||||
read EXP
|
|
||||||
GEXP="-e $EXP"
|
|
||||||
if [ -z $EXP ]
|
|
||||||
then GEXP=""
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
echo OK, I'm about to make a new account. Here's what you entered so far:
|
|
||||||
echo New login name: $LOGIN
|
|
||||||
if [ -z $GUID ]
|
|
||||||
then echo New UID: [Next available]
|
|
||||||
else echo New UID: $UID
|
|
||||||
fi
|
|
||||||
if [ -z $GGID ]
|
|
||||||
then echo Initial group: users
|
|
||||||
else echo Initial group: $GID
|
|
||||||
fi
|
|
||||||
if [ -z $GAGID ]
|
|
||||||
then echo Additional groups: [none]
|
|
||||||
else echo Additional groups: $AGID
|
|
||||||
fi
|
|
||||||
if [ -z $GHME ]
|
|
||||||
then echo Home directory: /home/$LOGIN
|
|
||||||
else echo Home directory: $HME
|
|
||||||
fi
|
|
||||||
if [ -z $GSHL ]
|
|
||||||
then echo Shell: /bin/bash
|
|
||||||
else echo Shell: $SHL
|
|
||||||
fi
|
|
||||||
if [ -z $GEXP ]
|
|
||||||
then echo Expiry date: [no expiration]
|
|
||||||
else echo Expiry date: $EXP
|
|
||||||
fi
|
|
||||||
echo "This is it... if you want to bail out, you'd better do it now."
|
|
||||||
read FOO
|
|
||||||
echo Making new account...
|
|
||||||
/usr/sbin/useradd $GHME -m $GEXP $GGID $GAGID $GSHL $GUID $LOGIN
|
|
||||||
/usr/bin/chfn $LOGIN
|
|
||||||
/usr/bin/passwd $LOGIN
|
|
||||||
echo "Done..."
|
|
||||||
@@ -1,743 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# adduser Interactive user adding program.
|
|
||||||
#
|
|
||||||
# Copyright (C) 1996 Petri Mattila, Prihateam Networks
|
|
||||||
# petri@prihateam.fi
|
|
||||||
#
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2, or (at your option)
|
|
||||||
# any later version.
|
|
||||||
#
|
|
||||||
# Changes:
|
|
||||||
# 220496 v0.01 Initial version
|
|
||||||
# 230496 v0.02 More checks, embolden summary
|
|
||||||
# 240496 Even more checks
|
|
||||||
# 250496 Help with ?
|
|
||||||
# 040596 v0.03 Cleanups
|
|
||||||
# 050596 v0.04 Bug fixes, expire date checks
|
|
||||||
# 070596 v0.05 Iso-latin-1 names
|
|
||||||
#
|
|
||||||
|
|
||||||
## Defaults
|
|
||||||
|
|
||||||
# default groups
|
|
||||||
def_group="users"
|
|
||||||
def_other_groups=""
|
|
||||||
|
|
||||||
# default home directory
|
|
||||||
def_home_dir=/home/users
|
|
||||||
|
|
||||||
# default shell
|
|
||||||
def_shell=/bin/tcsh
|
|
||||||
|
|
||||||
# Default expiration date (mm/dd/yy)
|
|
||||||
def_expire=""
|
|
||||||
|
|
||||||
# default dates
|
|
||||||
def_pwd_min=0
|
|
||||||
def_pwd_max=90
|
|
||||||
def_pwd_warn=14
|
|
||||||
def_pwd_iact=14
|
|
||||||
|
|
||||||
|
|
||||||
# possible UIDs
|
|
||||||
uid_low=1000
|
|
||||||
uid_high=64000
|
|
||||||
|
|
||||||
# skel directory
|
|
||||||
skel=/etc/skel
|
|
||||||
|
|
||||||
# default mode for home directory
|
|
||||||
def_mode=711
|
|
||||||
|
|
||||||
# Regex, that the login name must meet, only ANSI characters
|
|
||||||
login_regex='^[0-9a-zA-Z_-]*$'
|
|
||||||
|
|
||||||
# Regex, that the user name must meet
|
|
||||||
# ANSI version
|
|
||||||
##name_regex='^[0-9a-zA-Z_-\ ]*$'
|
|
||||||
# ISO-LATIN-1 version
|
|
||||||
name_regex='^[0-9a-zA-ZÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõöùúûüýþÿ_-\ ]*$'
|
|
||||||
|
|
||||||
# set PATH
|
|
||||||
export PATH="/bin:/sbin:/usr/bin:/usr/sbin"
|
|
||||||
|
|
||||||
# Some special characters
|
|
||||||
case "$TERM" in
|
|
||||||
vt*|ansi*|con*|xterm*|linux*)
|
|
||||||
S='[1m' # start embolden
|
|
||||||
E='[m' # end embolden
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
S=''
|
|
||||||
E=''
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
## Functions
|
|
||||||
|
|
||||||
check_root() {
|
|
||||||
if test "$EUID" -ne 0
|
|
||||||
then
|
|
||||||
echo "You must be root to run this program."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
check_user() {
|
|
||||||
local usr pwd uid gid name home sh
|
|
||||||
|
|
||||||
cat /etc/passwd | (
|
|
||||||
while IFS=":" read usr pwd uid gid name home sh
|
|
||||||
do
|
|
||||||
if test "$1" = "${usr}"
|
|
||||||
then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
return 0
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
check_group() {
|
|
||||||
local read grp pwd gid members
|
|
||||||
|
|
||||||
cat /etc/group | (
|
|
||||||
while IFS=":" read grp pwd gid members
|
|
||||||
do
|
|
||||||
if test "$1" = "${grp}"
|
|
||||||
then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
return 0
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
check_other_groups() {
|
|
||||||
local grp check IFS
|
|
||||||
|
|
||||||
check="$1"
|
|
||||||
IFS=","
|
|
||||||
|
|
||||||
set ${check}
|
|
||||||
for grp
|
|
||||||
do
|
|
||||||
if check_group "${grp}"
|
|
||||||
then
|
|
||||||
echo "Group ${grp} does not exist."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
check_uid() {
|
|
||||||
local usr pwd uid gid name home sh
|
|
||||||
|
|
||||||
cat /etc/passwd | (
|
|
||||||
while IFS=":" read usr pwd uid gid name home sh
|
|
||||||
do
|
|
||||||
if test "$1" = "${uid}"
|
|
||||||
then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
return 0
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
read_yn() {
|
|
||||||
local ans ynd
|
|
||||||
|
|
||||||
ynd="$1"
|
|
||||||
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
read ans
|
|
||||||
case "${ans}" in
|
|
||||||
"") return ${ynd} ;;
|
|
||||||
[nN]) return 1 ;;
|
|
||||||
[yY]) return 0 ;;
|
|
||||||
*) echo -n "Y or N, please ? " ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_login() {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -n "Login: ${def_login:+[${def_login}] }"
|
|
||||||
read login
|
|
||||||
|
|
||||||
if test "${login}" = '?'
|
|
||||||
then
|
|
||||||
less /etc/passwd
|
|
||||||
echo
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -z "${login}" -a -n "${def_login}"
|
|
||||||
then
|
|
||||||
login="${def_login}"
|
|
||||||
echo "Using ${login}"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "${#login}" -gt 8
|
|
||||||
then
|
|
||||||
echo "Login must be at most 8 characters long"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "${#login}" -lt 2
|
|
||||||
then
|
|
||||||
echo "Login must be at least 2 characters long"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expr "${login}" : "${login_regex}" &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use letters, numbers and special characters _-,."
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! check_user "${login}"
|
|
||||||
then
|
|
||||||
echo "Username ${login} is already in use"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_login="${login}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_name () {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -n "Real name: ${def_name:+[${def_name}] }"
|
|
||||||
read name
|
|
||||||
|
|
||||||
if test "${name}" = '?'
|
|
||||||
then
|
|
||||||
less /etc/passwd
|
|
||||||
echo
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -z "${name}" -a -n "${def_name}"
|
|
||||||
then
|
|
||||||
name="${def_name}"
|
|
||||||
echo "Using ${name}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "${#name}" -gt 32
|
|
||||||
then
|
|
||||||
echo "Name should be at most 32 characters long"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expr "${name}" : "${name_regex}" &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use letters, numbers, spaces and special characters ,._-"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_name="${name}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_home() {
|
|
||||||
local x
|
|
||||||
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -n "Home Directory: [${def_home_dir}/${login}] "
|
|
||||||
read home
|
|
||||||
|
|
||||||
if test -z "${home}"
|
|
||||||
then
|
|
||||||
home="${def_home_dir}/${login}"
|
|
||||||
echo "Using ${home}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expr "${home}" : '^[0-9a-zA-Z,._-\/]*$' &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use letters, numbers, spaces and special characters ,._-/"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
x="$(basename ${home})"
|
|
||||||
if test "${x}" != "${login}"
|
|
||||||
then
|
|
||||||
echo "Warning: you are about to use different login name and home directory."
|
|
||||||
fi
|
|
||||||
|
|
||||||
x="$(dirname ${home})"
|
|
||||||
if ! test -d "${x}"
|
|
||||||
then
|
|
||||||
echo "Directory ${x} does not exist."
|
|
||||||
echo "If you still want to use it, please make it manually."
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_home_dir="${x}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_shell () {
|
|
||||||
local x
|
|
||||||
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -n "Shell: [${def_shell}] "
|
|
||||||
read shell
|
|
||||||
|
|
||||||
if test -z "${shell}"
|
|
||||||
then
|
|
||||||
shell="${def_shell}"
|
|
||||||
echo "Using ${shell}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
for x in $(cat /etc/shells)
|
|
||||||
do
|
|
||||||
if test "${x}" = "${shell}"
|
|
||||||
then
|
|
||||||
def_shell="${shell}"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Possible shells are:"
|
|
||||||
cat /etc/shells
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_group () {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -n "Group: [${def_group}] "
|
|
||||||
read group
|
|
||||||
|
|
||||||
if test -z "${group}"
|
|
||||||
then
|
|
||||||
group="${def_group}"
|
|
||||||
echo "Using ${group}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "${group}" = '?'
|
|
||||||
then
|
|
||||||
less /etc/group
|
|
||||||
echo
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if check_group "${group}"
|
|
||||||
then
|
|
||||||
echo "Group ${group} does not exist."
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_group="${group}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_other_groups () {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -n "Other groups: [${def_og:-none}] "
|
|
||||||
read other_groups
|
|
||||||
|
|
||||||
if test "${other_groups}" = '?'
|
|
||||||
then
|
|
||||||
less /etc/group
|
|
||||||
echo
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -z "${other_groups}"
|
|
||||||
then
|
|
||||||
if test -n "${def_og}"
|
|
||||||
then
|
|
||||||
other_groups="${def_og}"
|
|
||||||
echo "Using ${other_groups}"
|
|
||||||
else
|
|
||||||
echo "No other groups"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if ! check_other_groups "${other_groups}"
|
|
||||||
then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_og="${other_groups}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_uid () {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -n "uid: [first free] "
|
|
||||||
read uid
|
|
||||||
|
|
||||||
if test -z "${uid}"
|
|
||||||
then
|
|
||||||
echo "Using first free UID."
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "${uid}" = '?'
|
|
||||||
then
|
|
||||||
less /etc/passwd
|
|
||||||
echo
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expr "${uid}" : '^[0-9]+$' &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use numbers only."
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if test "${uid}" -lt "${uid_low}"
|
|
||||||
then
|
|
||||||
echo "UID must be greater than ${uid_low}"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if test "${uid}" -gt "${uid_high}"
|
|
||||||
then
|
|
||||||
echo "UID must be smaller than ${uid_high}"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if ! check_uid "${uid}"
|
|
||||||
then
|
|
||||||
echo "UID ${uid} is already in use"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_max_valid_days() {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -en "Maximum days between password changes: [${def_pwd_max}] "
|
|
||||||
read max_days
|
|
||||||
|
|
||||||
if test -z "${max_days}"
|
|
||||||
then
|
|
||||||
max_days="${def_pwd_max}"
|
|
||||||
echo "Using ${max_days}"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expr "${max_days}" : '^[0-9]+$' &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use numbers only."
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if test "${max_days}" -lt 7
|
|
||||||
then
|
|
||||||
echo "Warning: you are using a value shorter than a week."
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_pwd_max="${max_days}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_min_valid_days() {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -en "Minimum days between password changes: [${def_pwd_min}] "
|
|
||||||
read min_days
|
|
||||||
|
|
||||||
if test -z "${min_days}"
|
|
||||||
then
|
|
||||||
min_days="${def_pwd_min}"
|
|
||||||
echo "Using ${min_days}"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expr "${min_days}" : '^[0-9]+$' &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use numbers only."
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if test "${min_days}" -gt 7
|
|
||||||
then
|
|
||||||
echo "Warning: you are using a value longer than a week."
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_pwd_min="${min_days}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_warning_days() {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -en "Number of warning days before password expires: [${def_pwd_warn}] "
|
|
||||||
read warn_days
|
|
||||||
|
|
||||||
if test -z "${warn_days}"
|
|
||||||
then
|
|
||||||
warn_days="${def_pwd_warn}"
|
|
||||||
echo "Using ${warn_days}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expr "${warn_days}" : '^[0-9]+$' &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use numbers only."
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if test "${warn_days}" -gt 14
|
|
||||||
then
|
|
||||||
echo "Warning: you are using a value longer than two week."
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_pwd_warn="${warn_days}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
read_inactive_days() {
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -en "Number of usable days after expiration: [${def_pwd_iact}] "
|
|
||||||
read iact_days
|
|
||||||
|
|
||||||
if test -z "${iact_days}"
|
|
||||||
then
|
|
||||||
iact_days="${def_pwd_iact}"
|
|
||||||
echo "Using ${iact_days}"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
if ! expr "${iact_days}" : '^[0-9]+$' &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use numbers only."
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if test "${iact_days}" -gt 14
|
|
||||||
then
|
|
||||||
echo "Warning: you are using a value that is more than two weeks."
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_pwd_iact="${iact_days}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_expire_date() {
|
|
||||||
local ans
|
|
||||||
|
|
||||||
echo
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
echo -en "Expire date of this account (mm/dd/yy): [${def_expire:-never}] "
|
|
||||||
read ans
|
|
||||||
|
|
||||||
if test -z "${ans}"
|
|
||||||
then
|
|
||||||
if test -z "${def_expire}"
|
|
||||||
then
|
|
||||||
ans="never"
|
|
||||||
else
|
|
||||||
ans="${def_expire}"
|
|
||||||
echo "Using ${def_expire}"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "${ans}" = "never"
|
|
||||||
then
|
|
||||||
echo "Account will never expire."
|
|
||||||
def_expire=""
|
|
||||||
expire=""
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expr "${ans}" : '^[0-9][0-9]/[0-9][0-9]/[0-9][0-9]$' &> /dev/null
|
|
||||||
then
|
|
||||||
echo "Please use format mm/dd/yy"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! expire_date="$(date -d ${ans} '+%A, %B %d %Y')"
|
|
||||||
then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
def_expire="${expire}"
|
|
||||||
return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
read_passwd_yn() {
|
|
||||||
echo -en "\nDo you want to set password [Y/n] ? "
|
|
||||||
if read_yn 0
|
|
||||||
then
|
|
||||||
set_pwd="YES"
|
|
||||||
else
|
|
||||||
set_pwd=""
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
print_values() {
|
|
||||||
|
|
||||||
clear
|
|
||||||
cat << EOM
|
|
||||||
|
|
||||||
Login: ${S}${login}${E}
|
|
||||||
Group: ${S}${group}${E}
|
|
||||||
Other groups: ${S}${other_groups:-[none]}${E}
|
|
||||||
|
|
||||||
Real Name: ${S}${name}${E}
|
|
||||||
|
|
||||||
uid: ${S}${uid:-[first free]}${E}
|
|
||||||
home: ${S}${home}${E}
|
|
||||||
shell: ${S}${shell}${E}
|
|
||||||
|
|
||||||
Account expiration date: ${S}${expire_date:-never}${E}
|
|
||||||
Minimum days between password changes: ${S}${min_days}${E}
|
|
||||||
Maximum days between password changes: ${S}${max_days}${E}
|
|
||||||
Number of usable days after expiration: ${S}${iact_days}${E}
|
|
||||||
Number of warning days before expiration: ${S}${warn_days}${E}
|
|
||||||
|
|
||||||
${S}${set_pwd:+Set password for this account.}${E}
|
|
||||||
|
|
||||||
EOM
|
|
||||||
}
|
|
||||||
|
|
||||||
set_user() {
|
|
||||||
if ! useradd \
|
|
||||||
-c "${name}" \
|
|
||||||
-d "${home}" \
|
|
||||||
-g "${group}" \
|
|
||||||
-s "${shell}" \
|
|
||||||
${expire:+-e ${expire}} \
|
|
||||||
${uid:+-u ${uid}} \
|
|
||||||
${other_groups:+-G ${other_groups}} \
|
|
||||||
${login}
|
|
||||||
then
|
|
||||||
echo "Error ($?) in useradd...exiting..."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
set_aging() {
|
|
||||||
if ! passwd \
|
|
||||||
-x ${max_days} \
|
|
||||||
-n ${min_days} \
|
|
||||||
-w ${warn_days} \
|
|
||||||
-i ${iact_days} \
|
|
||||||
${login}
|
|
||||||
then
|
|
||||||
echo "Error ($?) in setting password aging...exiting..."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
set_password() {
|
|
||||||
if test -n "${set_pwd}"
|
|
||||||
then
|
|
||||||
echo
|
|
||||||
passwd ${login}
|
|
||||||
echo
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
set_system() {
|
|
||||||
if test -d "${home}"
|
|
||||||
then
|
|
||||||
echo "Directory ${home} already exists."
|
|
||||||
echo "Skeleton files not copied."
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo -n "Copying skeleton files..."
|
|
||||||
(
|
|
||||||
mkdir ${home}
|
|
||||||
cd ${skel} && cp -af . ${home}
|
|
||||||
chmod ${def_mode} ${home}
|
|
||||||
chown -R ${login}:${group} ${home}
|
|
||||||
)
|
|
||||||
echo "done."
|
|
||||||
|
|
||||||
## Add your own stuff here:
|
|
||||||
echo -n "Setting up other files..."
|
|
||||||
(
|
|
||||||
mailbox="/var/spool/mail/${login}"
|
|
||||||
touch ${mailbox}
|
|
||||||
chown "${login}:mail" ${mailbox}
|
|
||||||
chmod 600 ${mailbox}
|
|
||||||
)
|
|
||||||
echo "done."
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
read_values() {
|
|
||||||
clear
|
|
||||||
echo -e "\nPlease answer the following questions about the new user to be added."
|
|
||||||
|
|
||||||
while :
|
|
||||||
do
|
|
||||||
read_login
|
|
||||||
read_name
|
|
||||||
read_group
|
|
||||||
read_other_groups
|
|
||||||
read_home
|
|
||||||
read_shell
|
|
||||||
read_uid
|
|
||||||
read_expire_date
|
|
||||||
read_max_valid_days
|
|
||||||
read_min_valid_days
|
|
||||||
read_warning_days
|
|
||||||
read_inactive_days
|
|
||||||
read_passwd_yn
|
|
||||||
|
|
||||||
print_values
|
|
||||||
|
|
||||||
echo -n "Is this correct [N/y] ? "
|
|
||||||
read_yn 1 && return
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
main() {
|
|
||||||
check_root
|
|
||||||
read_values
|
|
||||||
set_user
|
|
||||||
set_aging
|
|
||||||
set_system
|
|
||||||
set_password
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
## Run it 8-)
|
|
||||||
main
|
|
||||||
|
|
||||||
# End.
|
|
||||||
@@ -1,58 +0,0 @@
|
|||||||
#!/usr/bin/perl
|
|
||||||
#
|
|
||||||
# SPDX-FileCopyrightText: 1996 Brian R. Gaeke
|
|
||||||
# SPDX-License-Identifier: BSD-4-Clause
|
|
||||||
#
|
|
||||||
# Additionally:
|
|
||||||
#
|
|
||||||
# This software is provided without support and without any obligation
|
|
||||||
# on the part of Brian R. Gaeke to assist in its use, correction,
|
|
||||||
# modification or enhancement.
|
|
||||||
#
|
|
||||||
#######################################################################
|
|
||||||
#
|
|
||||||
# this is atudel, version 2, by Brian R. Gaeke <brg@dgate.org>
|
|
||||||
#
|
|
||||||
|
|
||||||
require "getopts.pl";
|
|
||||||
&Getopts('v');
|
|
||||||
$username = shift(@ARGV);
|
|
||||||
&usage unless $username;
|
|
||||||
|
|
||||||
sub usage
|
|
||||||
{
|
|
||||||
print STDERR "atudel - remove all at jobs owned by a user\n";
|
|
||||||
print STDERR "usage: $0 [-v] username\n";
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
# odd. unless getpwnam($uname) doesn't seem to work for $uname eq "root" on
|
|
||||||
# my linux system. but this does.
|
|
||||||
die "user $username does not exist; stopping"
|
|
||||||
unless defined(getpwnam($username));
|
|
||||||
|
|
||||||
print "searching for at jobs owned by user $username ..." if $opt_v;
|
|
||||||
|
|
||||||
chdir "/var/spool/atjobs" ||
|
|
||||||
die "can't chdir to /var/spool/atjobs: $!\nstopping";
|
|
||||||
opendir(DIR,".") || die "can't opendir(/var/spool/atjobs): $!\nstopping";
|
|
||||||
@files = grep(!/^\./,grep(-f,readdir(DIR)));
|
|
||||||
closedir DIR;
|
|
||||||
|
|
||||||
foreach $x (@files)
|
|
||||||
{
|
|
||||||
$owner = (getpwuid((stat($x))[4]))[0];
|
|
||||||
push(@nuke_bait,$x) if $owner eq $username;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (@nuke_bait)
|
|
||||||
{
|
|
||||||
print "removed jobIDs: @{nuke_bait}.\n" if $opt_v;
|
|
||||||
unlink @nuke_bait;
|
|
||||||
}
|
|
||||||
elsif ($opt_v)
|
|
||||||
{
|
|
||||||
print "\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
exit 0;
|
|
||||||
@@ -1,465 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# This is a shell archive (produced by GNU sharutils 4.2.1).
|
|
||||||
# To extract the files from this archive, save it to some FILE, remove
|
|
||||||
# everything before the `!/bin/sh' line above, then type `sh FILE'.
|
|
||||||
#
|
|
||||||
# Made on 2000-05-25 14:41 CDT by <gk4@gnu.austin.ibm.com>.
|
|
||||||
# Source directory was `/home/gk4/src/groupmem'.
|
|
||||||
#
|
|
||||||
# Existing files will *not* be overwritten unless `-c' is specified.
|
|
||||||
#
|
|
||||||
# This shar contains:
|
|
||||||
# length mode name
|
|
||||||
# ------ ---------- ------------------------------------------
|
|
||||||
# 1960 -rw-r--r-- Makefile
|
|
||||||
# 6348 -rw-r--r-- groupmems.c
|
|
||||||
# 3372 -rw------- groupmems.8
|
|
||||||
#
|
|
||||||
save_IFS="${IFS}"
|
|
||||||
IFS="${IFS}:"
|
|
||||||
gettext_dir=FAILED
|
|
||||||
locale_dir=FAILED
|
|
||||||
first_param="$1"
|
|
||||||
for dir in $PATH
|
|
||||||
do
|
|
||||||
if test "$gettext_dir" = FAILED && test -f $dir/gettext \
|
|
||||||
&& ($dir/gettext --version >/dev/null 2>&1)
|
|
||||||
then
|
|
||||||
set `$dir/gettext --version 2>&1`
|
|
||||||
if test "$3" = GNU
|
|
||||||
then
|
|
||||||
gettext_dir=$dir
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if test "$locale_dir" = FAILED && test -f $dir/shar \
|
|
||||||
&& ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
|
|
||||||
then
|
|
||||||
locale_dir=`$dir/shar --print-text-domain-dir`
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
IFS="$save_IFS"
|
|
||||||
if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
|
|
||||||
then
|
|
||||||
echo=echo
|
|
||||||
else
|
|
||||||
TEXTDOMAINDIR=$locale_dir
|
|
||||||
export TEXTDOMAINDIR
|
|
||||||
TEXTDOMAIN=sharutils
|
|
||||||
export TEXTDOMAIN
|
|
||||||
echo="$gettext_dir/gettext -s"
|
|
||||||
fi
|
|
||||||
if touch -am -t 200112312359.59 $$.touch >/dev/null 2>&1 && test ! -f 200112312359.59 -a -f $$.touch; then
|
|
||||||
shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"'
|
|
||||||
elif touch -am 123123592001.59 $$.touch >/dev/null 2>&1 && test ! -f 123123592001.59 -a ! -f 123123592001.5 -a -f $$.touch; then
|
|
||||||
shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"'
|
|
||||||
elif touch -am 1231235901 $$.touch >/dev/null 2>&1 && test ! -f 1231235901 -a -f $$.touch; then
|
|
||||||
shar_touch='touch -am $3$4$5$6$2 "$8"'
|
|
||||||
else
|
|
||||||
shar_touch=:
|
|
||||||
echo
|
|
||||||
$echo 'WARNING: not restoring timestamps. Consider getting and'
|
|
||||||
$echo "installing GNU \`touch', distributed in GNU File Utilities..."
|
|
||||||
echo
|
|
||||||
fi
|
|
||||||
rm -f 200112312359.59 123123592001.59 123123592001.5 1231235901 $$.touch
|
|
||||||
#
|
|
||||||
if mkdir _sh10937; then
|
|
||||||
$echo 'x -' 'creating lock directory'
|
|
||||||
else
|
|
||||||
$echo 'failed to create lock directory'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# ============= Makefile ==============
|
|
||||||
if test -f 'Makefile' && test "$first_param" != -c; then
|
|
||||||
$echo 'x -' SKIPPING 'Makefile' '(file already exists)'
|
|
||||||
else
|
|
||||||
$echo 'x -' extracting 'Makefile' '(text)'
|
|
||||||
sed 's/^X//' << 'SHAR_EOF' > 'Makefile' &&
|
|
||||||
/*
|
|
||||||
# SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
|
|
||||||
# SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
|
|
||||||
# SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
#
|
|
||||||
X
|
|
||||||
all: groupmems
|
|
||||||
X
|
|
||||||
groupmems: groupmems.c
|
|
||||||
X cc -g -o groupmems groupmems.c -L. -lshadow
|
|
||||||
X
|
|
||||||
install: groupmems
|
|
||||||
X -/usr/sbin/groupadd groups
|
|
||||||
X install -o root -g groups -m 4770 groupmems /usr/bin
|
|
||||||
X
|
|
||||||
install.man: groupmems.8
|
|
||||||
X install -o root -g root -m 644 groupmems.8 /usr/man/man8
|
|
||||||
X
|
|
||||||
SHAR_EOF
|
|
||||||
(set 20 00 05 25 14 40 28 'Makefile'; eval "$shar_touch") &&
|
|
||||||
chmod 0644 'Makefile' ||
|
|
||||||
$echo 'restore of' 'Makefile' 'failed'
|
|
||||||
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
|
|
||||||
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
|
|
||||||
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|
|
||||||
|| $echo 'Makefile:' 'MD5 check failed'
|
|
||||||
b46cf7ef8d59149093c011ced3f3103c Makefile
|
|
||||||
SHAR_EOF
|
|
||||||
else
|
|
||||||
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'Makefile'`"
|
|
||||||
test 1960 -eq "$shar_count" ||
|
|
||||||
$echo 'Makefile:' 'original size' '1960,' 'current size' "$shar_count!"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
# ============= groupmems.c ==============
|
|
||||||
if test -f 'groupmems.c' && test "$first_param" != -c; then
|
|
||||||
$echo 'x -' SKIPPING 'groupmems.c' '(file already exists)'
|
|
||||||
else
|
|
||||||
$echo 'x -' extracting 'groupmems.c' '(text)'
|
|
||||||
sed 's/^X//' << 'SHAR_EOF' > 'groupmems.c' &&
|
|
||||||
/*
|
|
||||||
X * SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
|
|
||||||
X * SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
|
|
||||||
X * SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
X */
|
|
||||||
/*
|
|
||||||
**
|
|
||||||
** Utility "groupmem" adds and deletes members from a user's group.
|
|
||||||
**
|
|
||||||
** Setup (as "root"):
|
|
||||||
**
|
|
||||||
** groupadd -r groups
|
|
||||||
** chmod 2770 groupmems
|
|
||||||
** chown root.groups groupmems
|
|
||||||
** groupmems -g groups -a gk4
|
|
||||||
**
|
|
||||||
** Usage (as "gk4"):
|
|
||||||
**
|
|
||||||
** groupmems -a olive
|
|
||||||
** groupmems -a jordan
|
|
||||||
** groupmems -a meghan
|
|
||||||
** groupmems -a morgan
|
|
||||||
** groupmems -a jake
|
|
||||||
** groupmems -l
|
|
||||||
** groupmems -d jake
|
|
||||||
** groupmems -l
|
|
||||||
*/
|
|
||||||
X
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pwd.h>
|
|
||||||
#include <grp.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
#include "defines.h"
|
|
||||||
#include "groupio.h"
|
|
||||||
X
|
|
||||||
/* Exit Status Values */
|
|
||||||
X
|
|
||||||
#define EXIT_SUCCESS 0 /* success */
|
|
||||||
#define EXIT_USAGE 1 /* invalid command syntax */
|
|
||||||
#define EXIT_GROUP_FILE 2 /* group file access problems */
|
|
||||||
#define EXIT_NOT_ROOT 3 /* not superuser */
|
|
||||||
#define EXIT_NOT_EROOT 4 /* not effective superuser */
|
|
||||||
#define EXIT_NOT_PRIMARY 5 /* not primary owner of group */
|
|
||||||
#define EXIT_NOT_MEMBER 6 /* member of group does not exist */
|
|
||||||
#define EXIT_MEMBER_EXISTS 7 /* member of group already exists */
|
|
||||||
X
|
|
||||||
#define TRUE 1
|
|
||||||
#define FALSE 0
|
|
||||||
X
|
|
||||||
/* Globals */
|
|
||||||
X
|
|
||||||
extern int optind;
|
|
||||||
extern char *optarg;
|
|
||||||
static char *adduser = NULL;
|
|
||||||
static char *deluser = NULL;
|
|
||||||
static char *thisgroup = NULL;
|
|
||||||
static int purge = FALSE;
|
|
||||||
static int list = FALSE;
|
|
||||||
static int exclusive = 0;
|
|
||||||
X
|
|
||||||
static int isroot(void) {
|
|
||||||
X return getuid() ? FALSE : TRUE;
|
|
||||||
}
|
|
||||||
X
|
|
||||||
static int isgroup(void) {
|
|
||||||
X gid_t g = getgid();
|
|
||||||
X struct group *grp = getgrgid(g);
|
|
||||||
X
|
|
||||||
X return TRUE;
|
|
||||||
}
|
|
||||||
X
|
|
||||||
static char *whoami(void) {
|
|
||||||
X struct group *grp = getgrgid(getgid());
|
|
||||||
X struct passwd *usr = getpwuid(getuid());
|
|
||||||
X
|
|
||||||
X if (0 == strcmp(usr->pw_name, grp->gr_name)) {
|
|
||||||
X return (char *)strdup(usr->pw_name);
|
|
||||||
X } else {
|
|
||||||
X return NULL;
|
|
||||||
X }
|
|
||||||
}
|
|
||||||
X
|
|
||||||
static void
|
|
||||||
addtogroup(char *user, char **members) {
|
|
||||||
X int i;
|
|
||||||
X char **pmembers;
|
|
||||||
X
|
|
||||||
X for (i = 0; NULL != members[i]; i++ ) {
|
|
||||||
X if (0 == strcmp(user, members[i])) {
|
|
||||||
X fprintf(stderr, "Member already exists\n");
|
|
||||||
X exit(EXIT_MEMBER_EXISTS);
|
|
||||||
X }
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X if (0 == i) {
|
|
||||||
X pmembers = (char **)calloc(2, sizeof(char *));
|
|
||||||
X } else {
|
|
||||||
X pmembers = (char **)realloc(members, sizeof(char *)*(i+1));
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X *members = *pmembers;
|
|
||||||
X members[i] = user;
|
|
||||||
X members[i+1] = NULL;
|
|
||||||
}
|
|
||||||
X
|
|
||||||
static void
|
|
||||||
rmfromgroup(char *user, char **members) {
|
|
||||||
X int i;
|
|
||||||
X int found = FALSE;
|
|
||||||
X
|
|
||||||
X i = 0;
|
|
||||||
X while (!found && NULL != members[i]) {
|
|
||||||
X if (0 == strcmp(user, members[i])) {
|
|
||||||
X found = TRUE;
|
|
||||||
X } else {
|
|
||||||
X i++;
|
|
||||||
X }
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X while (found && NULL != members[i]) {
|
|
||||||
X members[i] = members[++i];
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X if (!found) {
|
|
||||||
X fprintf(stderr, "Member to remove could not be found\n");
|
|
||||||
X exit(EXIT_NOT_MEMBER);
|
|
||||||
X }
|
|
||||||
}
|
|
||||||
X
|
|
||||||
static void
|
|
||||||
nomembers(char **members) {
|
|
||||||
X int i;
|
|
||||||
X
|
|
||||||
X for (i = 0; NULL != members[i]; i++ ) {
|
|
||||||
X members[i] = NULL;
|
|
||||||
X }
|
|
||||||
}
|
|
||||||
X
|
|
||||||
static void
|
|
||||||
members(char **members) {
|
|
||||||
X int i;
|
|
||||||
X
|
|
||||||
X for (i = 0; NULL != members[i]; i++ ) {
|
|
||||||
X printf("%s ", members[i]);
|
|
||||||
X
|
|
||||||
X if (NULL == members[i+1]) {
|
|
||||||
X printf("\n");
|
|
||||||
X } else {
|
|
||||||
X printf(" ");
|
|
||||||
X }
|
|
||||||
X }
|
|
||||||
}
|
|
||||||
X
|
|
||||||
static void usage(void) {
|
|
||||||
X fprintf(stderr, "usage: groupmems -a username | -d username | -D | -l [-g groupname]\n");
|
|
||||||
X exit(EXIT_USAGE);
|
|
||||||
}
|
|
||||||
X
|
|
||||||
main(int argc, char **argv) {
|
|
||||||
X int arg, i;
|
|
||||||
X char *name;
|
|
||||||
X struct group *grp;
|
|
||||||
X
|
|
||||||
X while ((arg = getopt(argc, argv, "a:d:g:Dl")) != EOF) {
|
|
||||||
X switch (arg) {
|
|
||||||
X case 'a':
|
|
||||||
X adduser = strdup(optarg);
|
|
||||||
X ++exclusive;
|
|
||||||
X break;
|
|
||||||
X case 'd':
|
|
||||||
X deluser = strdup(optarg);
|
|
||||||
X ++exclusive;
|
|
||||||
X break;
|
|
||||||
X case 'g':
|
|
||||||
X thisgroup = strdup(optarg);
|
|
||||||
X break;
|
|
||||||
X case 'D':
|
|
||||||
X purge = TRUE;
|
|
||||||
X ++exclusive;
|
|
||||||
X break;
|
|
||||||
X case 'l':
|
|
||||||
X list = TRUE;
|
|
||||||
X ++exclusive;
|
|
||||||
X break;
|
|
||||||
X default:
|
|
||||||
X usage();
|
|
||||||
X }
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X if (exclusive > 1 || optind < argc) {
|
|
||||||
X usage();
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X if (!isroot() && NULL != thisgroup) {
|
|
||||||
X fprintf(stderr, "Only root can add members to different groups\n");
|
|
||||||
X exit(EXIT_NOT_ROOT);
|
|
||||||
X } else if (isroot() && NULL != thisgroup) {
|
|
||||||
X name = thisgroup;
|
|
||||||
X } else if (!isgroup()) {
|
|
||||||
X fprintf(stderr, "Group access is required\n");
|
|
||||||
X exit(EXIT_NOT_EROOT);
|
|
||||||
X } else if (NULL == (name = whoami())) {
|
|
||||||
X fprintf(stderr, "Not primary owner of current group\n");
|
|
||||||
X exit(EXIT_NOT_PRIMARY);
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X if (!gr_lock()) {
|
|
||||||
X fprintf(stderr, "Unable to lock group file\n");
|
|
||||||
X exit(EXIT_GROUP_FILE);
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X if (!gr_open(O_RDWR)) {
|
|
||||||
X fprintf(stderr, "Unable to open group file\n");
|
|
||||||
X exit(EXIT_GROUP_FILE);
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X grp = (struct group *)gr_locate(name);
|
|
||||||
X
|
|
||||||
X if (NULL != adduser) {
|
|
||||||
X addtogroup(adduser, grp->gr_mem);
|
|
||||||
X gr_update(grp);
|
|
||||||
X } else if (NULL != deluser) {
|
|
||||||
X rmfromgroup(deluser, grp->gr_mem);
|
|
||||||
X gr_update(grp);
|
|
||||||
X } else if (purge) {
|
|
||||||
X nomembers(grp->gr_mem);
|
|
||||||
X gr_update(grp);
|
|
||||||
X } else if (list) {
|
|
||||||
X members(grp->gr_mem);
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X if (!gr_close()) {
|
|
||||||
X fprintf(stderr, "Cannot close group file\n");
|
|
||||||
X exit(EXIT_GROUP_FILE);
|
|
||||||
X }
|
|
||||||
X
|
|
||||||
X gr_unlock();
|
|
||||||
X
|
|
||||||
X exit(EXIT_SUCCESS);
|
|
||||||
}
|
|
||||||
X
|
|
||||||
/* EOF */
|
|
||||||
SHAR_EOF
|
|
||||||
(set 20 00 05 25 14 36 38 'groupmems.c'; eval "$shar_touch") &&
|
|
||||||
chmod 0644 'groupmems.c' ||
|
|
||||||
$echo 'restore of' 'groupmems.c' 'failed'
|
|
||||||
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
|
|
||||||
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
|
|
||||||
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|
|
||||||
|| $echo 'groupmems.c:' 'MD5 check failed'
|
|
||||||
f0dd68f8d762d89d24d3ce1f4141f981 groupmems.c
|
|
||||||
SHAR_EOF
|
|
||||||
else
|
|
||||||
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.c'`"
|
|
||||||
test 6348 -eq "$shar_count" ||
|
|
||||||
$echo 'groupmems.c:' 'original size' '6348,' 'current size' "$shar_count!"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
# ============= groupmems.8 ==============
|
|
||||||
if test -f 'groupmems.8' && test "$first_param" != -c; then
|
|
||||||
$echo 'x -' SKIPPING 'groupmems.8' '(file already exists)'
|
|
||||||
else
|
|
||||||
$echo 'x -' extracting 'groupmems.8' '(text)'
|
|
||||||
sed 's/^X//' << 'SHAR_EOF' > 'groupmems.8' &&
|
|
||||||
X.\"
|
|
||||||
X.\" SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
|
|
||||||
X.\" SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
|
|
||||||
X.\" SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
X.\"
|
|
||||||
X.\" $Id$
|
|
||||||
X.\"
|
|
||||||
X.TH GROUPMEMS 8
|
|
||||||
X.SH NAME
|
|
||||||
groupmems \- Administer members of a user's primary group
|
|
||||||
X.SH SYNOPSIS
|
|
||||||
X.B groupmems
|
|
||||||
\fB-a\fI user_name \fR |
|
|
||||||
\fB-d\fI user_name \fR |
|
|
||||||
\fB-l\fR |
|
|
||||||
\fB-D\fR |
|
|
||||||
[\fB-g\fI group_name \fR]
|
|
||||||
X.SH DESCRIPTION
|
|
||||||
The \fBgroupmems\fR utility allows a user to administer their own
|
|
||||||
group membership list without the requirement of superuser privileges.
|
|
||||||
The \fBgroupmems\fR utility is for systems that configure its users to
|
|
||||||
be in their own name sake primary group (i.e., guest / guest).
|
|
||||||
X.P
|
|
||||||
Only the superuser, as administrator, can use \fBgroupmems\fR to alter
|
|
||||||
the memberships of other groups.
|
|
||||||
X.IP "\fB-a \fIuser_name\fR"
|
|
||||||
Add a new user to the group membership list.
|
|
||||||
X.IP "\fB-d \fIuser_name\fR"
|
|
||||||
Delete a user from the group membership list.
|
|
||||||
X.IP "\fB-l\fR"
|
|
||||||
List the group membership list.
|
|
||||||
X.IP "\fB-D\fR"
|
|
||||||
Delete all users from the group membership list.
|
|
||||||
X.IP "\fB-g \fIgroup_name\fR"
|
|
||||||
The superuser can specify which group membership list to modify.
|
|
||||||
X.SH SETUP
|
|
||||||
The \fBgroupmems\fR executable should be in mode \fB2770\fR as user \fBroot\fR
|
|
||||||
and in group \fBgroups\fR. The system administrator can add users to
|
|
||||||
group groups to allow or disallow them using the \fBgroupmems\fR utility
|
|
||||||
to manager their own group membership list.
|
|
||||||
X.P
|
|
||||||
X $ groupadd -r groups
|
|
||||||
X.br
|
|
||||||
X $ chmod 2770 groupmems
|
|
||||||
X.br
|
|
||||||
X $ chown root.groups groupmems
|
|
||||||
X.br
|
|
||||||
X $ groupmems -g groups -a gk4
|
|
||||||
X.SH FILES
|
|
||||||
/etc/group
|
|
||||||
X.br
|
|
||||||
/etc/gshadow
|
|
||||||
X.SH SEE ALSO
|
|
||||||
X.BR chfn (1),
|
|
||||||
X.BR chsh (1),
|
|
||||||
X.BR useradd (8),
|
|
||||||
X.BR userdel (8),
|
|
||||||
X.BR usermod (8),
|
|
||||||
X.BR passwd (1),
|
|
||||||
X.BR groupadd (8),
|
|
||||||
X.BR groupdel (8)
|
|
||||||
X.SH AUTHOR
|
|
||||||
George Kraft IV (gk4@us.ibm.com)
|
|
||||||
X.\" EOF
|
|
||||||
SHAR_EOF
|
|
||||||
(set 20 00 05 25 14 38 23 'groupmems.8'; eval "$shar_touch") &&
|
|
||||||
chmod 0600 'groupmems.8' ||
|
|
||||||
$echo 'restore of' 'groupmems.8' 'failed'
|
|
||||||
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
|
|
||||||
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
|
|
||||||
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|
|
||||||
|| $echo 'groupmems.8:' 'MD5 check failed'
|
|
||||||
181e6cd3a3c9d3df320197fa2cde2b4a groupmems.8
|
|
||||||
SHAR_EOF
|
|
||||||
else
|
|
||||||
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.8'`"
|
|
||||||
test 3372 -eq "$shar_count" ||
|
|
||||||
$echo 'groupmems.8:' 'original size' '3372,' 'current size' "$shar_count!"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
rm -fr _sh10937
|
|
||||||
exit 0
|
|
||||||
@@ -1,147 +0,0 @@
|
|||||||
Hello Marek,
|
|
||||||
|
|
||||||
I have created a diffile against the 980403 release that adds
|
|
||||||
functionality to newusers for automatic handling of users with only
|
|
||||||
anonymous ftp login (using the guestgroup feature in ftpaccess, which
|
|
||||||
means that the users home directory looks like '/home/user/./'). It also
|
|
||||||
adds a commandline argument to specify an initial directory structure
|
|
||||||
for such users, with a tarball normally containing the bin,lib,etc
|
|
||||||
directories used in the chrooted environment.
|
|
||||||
|
|
||||||
I am using it to automatically create chunks of users with only ftp
|
|
||||||
access for a webserver.
|
|
||||||
|
|
||||||
I have tried to follow your coding standards and I believe it is bug
|
|
||||||
free but.. well, who knows. :) It's not much code however.
|
|
||||||
|
|
||||||
I hope you find it useful. Do what you like with it, feel free to ask if
|
|
||||||
anything is unclear.
|
|
||||||
|
|
||||||
Best rgds,
|
|
||||||
Calle Karlsson
|
|
||||||
ckn@kash.se
|
|
||||||
|
|
||||||
diff -uNr shadow-980403.orig/src/newusers.c shadow-980403/src/newusers.c
|
|
||||||
--- shadow-980403.orig/src/newusers.c Fri Jan 30 00:22:43 1998
|
|
||||||
+++ shadow-980403/src/newusers.c Fri Apr 17 16:55:33 1998
|
|
||||||
@@ -76,11 +76,35 @@
|
|
||||||
static void
|
|
||||||
usage(void)
|
|
||||||
{
|
|
||||||
- fprintf(stderr, "Usage: %s [ input ]\n", Prog);
|
|
||||||
+ fprintf (stderr, "Usage: %s [-p prototype tarfile] [ input ]\n", Prog);
|
|
||||||
+ fprintf (stderr, "The prototype tarfile is only used for users\n");
|
|
||||||
+ fprintf (stderr, "marked as anonymous ftp users. It must be a full pathname.\n");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
+ * createuserdir - create a directory and chmod it
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+createuserdir (char * dir, int uid, int gid, int line)
|
|
||||||
+{
|
|
||||||
+ if (mkdir (dir, 0777 & ~getdef_num("UMASK", 077))) {
|
|
||||||
+ fprintf (stderr, "%s: line %d: mkdir %s failed\n",
|
|
||||||
+ Prog, line, dir);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (chown (dir, uid, gid)) {
|
|
||||||
+ fprintf (stderr, "%s: line %d: chown %s failed\n",
|
|
||||||
+ Prog, line, dir);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
* add_group - create a new group or add a user to an existing group
|
|
||||||
*/
|
|
||||||
|
|
||||||
@@ -328,6 +352,8 @@
|
|
||||||
main(int argc, char **argv)
|
|
||||||
{
|
|
||||||
char buf[BUFSIZ];
|
|
||||||
+ char anonproto[BUFSIZ];
|
|
||||||
+ int flag;
|
|
||||||
char *fields[8];
|
|
||||||
int nfields;
|
|
||||||
char *cp;
|
|
||||||
@@ -340,12 +366,23 @@
|
|
||||||
|
|
||||||
Prog = Basename(argv[0]);
|
|
||||||
|
|
||||||
- if (argc > 1 && argv[1][0] == '-')
|
|
||||||
- usage ();
|
|
||||||
+ * anonproto = '\0';
|
|
||||||
+
|
|
||||||
+ while ((flag = getopt (argc, argv, "p:h")) != EOF) {
|
|
||||||
+ switch (flag) {
|
|
||||||
+ case 'p':
|
|
||||||
+ STRFCPY(anonproto, optarg);
|
|
||||||
+ break;
|
|
||||||
+ case 'h':
|
|
||||||
+ default:
|
|
||||||
+ usage ();
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- if (argc == 2) {
|
|
||||||
- if (! freopen (argv[1], "r", stdin)) {
|
|
||||||
- snprintf(buf, sizeof buf, "%s: %s", Prog, argv[1]);
|
|
||||||
+ if (optind < argc) {
|
|
||||||
+ if (! freopen (argv[optind], "r", stdin)) {
|
|
||||||
+ snprintf(buf, sizeof buf, "%s: %s", Prog, argv[optind]);
|
|
||||||
perror (buf);
|
|
||||||
exit (1);
|
|
||||||
}
|
|
||||||
@@ -499,15 +536,36 @@
|
|
||||||
if (fields[6][0])
|
|
||||||
newpw.pw_shell = fields[6];
|
|
||||||
|
|
||||||
- if (newpw.pw_dir[0] && access(newpw.pw_dir, F_OK)) {
|
|
||||||
- if (mkdir (newpw.pw_dir,
|
|
||||||
- 0777 & ~getdef_num("UMASK", 077)))
|
|
||||||
- fprintf (stderr, "%s: line %d: mkdir failed\n",
|
|
||||||
- Prog, line);
|
|
||||||
- else if (chown (newpw.pw_dir,
|
|
||||||
- newpw.pw_uid, newpw.pw_gid))
|
|
||||||
- fprintf (stderr, "%s: line %d: chown failed\n",
|
|
||||||
- Prog, line);
|
|
||||||
+ if (newpw.pw_dir[0]) {
|
|
||||||
+ char * userdir = strdup (newpw.pw_dir);
|
|
||||||
+ char * anonpart;
|
|
||||||
+ int rc;
|
|
||||||
+
|
|
||||||
+ if ((anonpart = strstr (userdir, "/./"))) {
|
|
||||||
+ * anonpart = '\0';
|
|
||||||
+ anonpart += 2;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (access(userdir, F_OK))
|
|
||||||
+ rc = createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
|
|
||||||
+ else
|
|
||||||
+ rc = 0;
|
|
||||||
+
|
|
||||||
+ if (rc == 0 && anonpart) {
|
|
||||||
+ if (* anonproto) {
|
|
||||||
+ char cmdbuf [BUFSIZ];
|
|
||||||
+ snprintf(cmdbuf, sizeof cmdbuf,
|
|
||||||
+ "cd %s; tar xf %s",
|
|
||||||
+ userdir, anonproto);
|
|
||||||
+ system (cmdbuf);
|
|
||||||
+ }
|
|
||||||
+ if (strlen (anonpart) > 1) {
|
|
||||||
+ strcat (userdir, anonpart);
|
|
||||||
+ if (access (userdir, F_OK))
|
|
||||||
+ createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ free (userdir);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
Binary file not shown.
@@ -1,5 +0,0 @@
|
|||||||
# This is a dummy Makefile.am to get automake work flawlessly,
|
|
||||||
# and also cooperate to make a distribution for `make dist'
|
|
||||||
|
|
||||||
EXTRA_DIST = HOWTO README.limits \
|
|
||||||
README.platforms WISHLIST console.c.spec.txt cracklib26.diff
|
|
||||||
@@ -1,65 +0,0 @@
|
|||||||
|
|
||||||
ABOUT shadow-login limits:
|
|
||||||
|
|
||||||
This code is merged into shadow login program from the original LShell 2.01
|
|
||||||
written by Joel Katz. The port and some additional features have been added
|
|
||||||
by Cristian Gafton (gafton@sorosis.ro).
|
|
||||||
|
|
||||||
|
|
||||||
Changes:
|
|
||||||
- 96/04/16
|
|
||||||
- {spaces,tabs} allowed within limits string
|
|
||||||
- Warn via syslog multiple default limits
|
|
||||||
- added few paragraphs to the login man page
|
|
||||||
- 96/04/14
|
|
||||||
- code merged into lmain.c --cristiang
|
|
||||||
|
|
||||||
TODO: - support groups in the limits file
|
|
||||||
(only usernames are supported at this moment :-( )
|
|
||||||
|
|
||||||
Setting user limits for shadow login program
|
|
||||||
|
|
||||||
First, make a root-only-readable file (/etc/limits by default or LIMITS_FILE
|
|
||||||
defined config.h) that describes the resource limits you wish to impose. By
|
|
||||||
default no quotas are imposed on 'root'. In fact, there is no way to impose
|
|
||||||
limits via this procedure to root-equiv accounts (accounts with UID 0).
|
|
||||||
|
|
||||||
Each line describes a limit for a user in the form:
|
|
||||||
|
|
||||||
user LIMITS_STRING
|
|
||||||
|
|
||||||
The LIMITS_STRING is a string of a concatenated list of resource limits.
|
|
||||||
Each limit consists of a letter identifier followed by a numerical limit.
|
|
||||||
The valid identifiers are:
|
|
||||||
|
|
||||||
A: max address space (KB)
|
|
||||||
C: max core file size (KB)
|
|
||||||
D: max data size (KB)
|
|
||||||
F: maximum filesize (KB)
|
|
||||||
M: max locked-in-memory address space (KB)
|
|
||||||
N: max number of open files
|
|
||||||
R: max resident set size (KB)
|
|
||||||
S: max stack size (KB)
|
|
||||||
T: max CPU time (MIN)
|
|
||||||
U: max number of processes
|
|
||||||
L: max number of logins for this user
|
|
||||||
|
|
||||||
For example, L2D2048N5 is a valid LIMITS_STRING. For reading convenience,
|
|
||||||
the following entries are equivalent:
|
|
||||||
|
|
||||||
username L2D2048N5
|
|
||||||
username L2 D2048 N5
|
|
||||||
|
|
||||||
Be aware that after <username> the rest of the line is considered a limit
|
|
||||||
string, thus comments are not allowed. A invalid limits string will be
|
|
||||||
rejected (not considered) by the login program.
|
|
||||||
|
|
||||||
The default entry is denoted by username '*'. If you have multiple 'default'
|
|
||||||
entries in your LIMITS_FILE, then the last one will be used as the default
|
|
||||||
entry.
|
|
||||||
|
|
||||||
To completely disable limits for a user, a single dash (-) will do.
|
|
||||||
|
|
||||||
Also, please note that all limit settings are set PER LOGIN. They are
|
|
||||||
not global, nor are they permanent. Perhaps global limits will come, but
|
|
||||||
for now this will have to do ;)
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
# $Id$
|
|
||||||
#
|
|
||||||
# This is the current (still incomplete) list of platforms this
|
|
||||||
# package has been verified to work on. Additions (preferably
|
|
||||||
# in the format as described below) are welcome. Thanks!
|
|
||||||
#
|
|
||||||
# V: last version reported to work
|
|
||||||
# H: host type
|
|
||||||
# L: Linux libc version
|
|
||||||
# D: Linux distribution, or other OS name and version
|
|
||||||
# C: changes (if any)
|
|
||||||
# R: reported by
|
|
||||||
|
|
||||||
V: 980529
|
|
||||||
H: sparc-unknown-linux-gnu
|
|
||||||
L: glibc-2.0.7
|
|
||||||
D: Ultrapenguin-1.0.9
|
|
||||||
C: had to explicitly disable desrpc.
|
|
||||||
R: Bjorn Christianson <bjorn@cascade.psychology.mcmaster.ca>
|
|
||||||
|
|
||||||
V: 980724
|
|
||||||
H: i486-pc-linux-gnulibc1
|
|
||||||
L: libc-5.4.33
|
|
||||||
D: Debian-1.3.1.r6
|
|
||||||
C: none (use dpkg-buildpackage)
|
|
||||||
R: Marek Michalkiewicz <marekm@linux.org.pl>
|
|
||||||
|
|
||||||
V: current
|
|
||||||
H: i686-pc-linux-gnu
|
|
||||||
L: glibc-2.0.7.19981211
|
|
||||||
D: Debian-2.1
|
|
||||||
C: none (use dpkg-buildpackage)
|
|
||||||
R: Marek Michalkiewicz <marekm@linux.org.pl>
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
# S/Key support
|
|
||||||
shadow-utils can be built with S/Key support using the S/Key package from:
|
|
||||||
* http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libskey/ or
|
|
||||||
* https://gentoo.osuosl.org/distfiles/skey-1.1.5.tar.bz2
|
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
$Id$
|
|
||||||
|
|
||||||
This is my wishlist for the shadow suite, in no particular order. Feel
|
|
||||||
free to do anything from this list and mail me the diffs :-).
|
|
||||||
|
|
||||||
Patches in diff -u format, against the latest version (sometimes in the
|
|
||||||
"beta" directory) are preferred and make my job easier. Please, no
|
|
||||||
MIME, base64, quoted-printable, or HTML. For very big patches, or if
|
|
||||||
your mailer can corrupt them, please use gzip and uuencode. Thanks!
|
|
||||||
|
|
||||||
New ideas to add to this list are welcome, too. --marekm
|
|
||||||
|
|
||||||
- fix all the bugs, of course
|
|
||||||
- implement "su only" accounts (no logins, only su from other account)
|
|
||||||
- rewrite getdef.c to be more general? (no hardcoded names)
|
|
||||||
- patch for rlogind/telnetd to create utmp entry and fill in ut_addr
|
|
||||||
- option to specify encrypted password in passwd (for yppasswdd, so it
|
|
||||||
doesn't need to know about shadow/non-shadow); should probably use a pipe
|
|
||||||
(less insecure than command line arguments)
|
|
||||||
- add support for changing NIS passwords
|
|
||||||
- add option to check passwords by piping them to external programs
|
|
||||||
- add functionality of the contrib/rpasswd.c wrapper to passwd
|
|
||||||
- option to generate pronounceable passwords (like on SCO), external program?
|
|
||||||
- poppassd (remote password change for eudora etc.)
|
|
||||||
- add support for passwd/shadow db files (glibc)
|
|
||||||
- vipw: check password files for errors after editing
|
|
||||||
- add "maximum time users allowed to stay logged in" limit option to logoutd
|
|
||||||
- handle quotes in /etc/environment like the shell does (but sshd doesn't...)
|
|
||||||
- better OPIE support (report number of logins left, etc.)
|
|
||||||
- new option for /etc/suauth: don't load user's environment (force "su -")
|
|
||||||
suggested by Ulisses Alonso Camaro
|
|
||||||
- find out why recent releases won't compile on Solaris
|
|
||||||
- newusers should be able to copy /etc/skel to the new home directory
|
|
||||||
(like useradd)
|
|
||||||
- add directories where other packages can add hooks for package-specific
|
|
||||||
per-user configuration, to be executed with run-parts. Some hooks should
|
|
||||||
be executed at package install time for existing users, likewise for
|
|
||||||
package removal and possibly modification. (Debian Bug#36019)
|
|
||||||
@@ -1,36 +0,0 @@
|
|||||||
$Id$
|
|
||||||
|
|
||||||
Specification for console.c source file --
|
|
||||||
|
|
||||||
input values --
|
|
||||||
tty -- character pointer to device name with leading "/dev/"
|
|
||||||
removed.
|
|
||||||
|
|
||||||
return values --
|
|
||||||
0 -- false
|
|
||||||
1 -- true
|
|
||||||
|
|
||||||
int console (char * tty)
|
|
||||||
if "CONSOLE" string value is not present in login.defs
|
|
||||||
return true
|
|
||||||
|
|
||||||
if the first character of "CONSOLE" string value is not "/"
|
|
||||||
treat the string as a ":" delimited list of device
|
|
||||||
names and search for the value of tty in that
|
|
||||||
tokenized list.
|
|
||||||
|
|
||||||
if a match is found
|
|
||||||
return true
|
|
||||||
|
|
||||||
return false
|
|
||||||
|
|
||||||
if the file named by "CONSOLE" cannot be opened
|
|
||||||
return true
|
|
||||||
|
|
||||||
scan the file looking for a match between the input line
|
|
||||||
and the value of tty
|
|
||||||
|
|
||||||
if a match is found
|
|
||||||
return true
|
|
||||||
|
|
||||||
return false
|
|
||||||
@@ -1,73 +0,0 @@
|
|||||||
# Build & install
|
|
||||||
|
|
||||||
The following page explains how to build and install the shadow project.
|
|
||||||
Additional information on how to do this in a container environment is provided
|
|
||||||
at the end of the page.
|
|
||||||
|
|
||||||
## Local
|
|
||||||
|
|
||||||
### Dependency installation
|
|
||||||
|
|
||||||
This projects depends on other software packages that need to be installed
|
|
||||||
before building it. We recommend using the dependency installation commands
|
|
||||||
provided by the distributions to install them. Some examples below.
|
|
||||||
|
|
||||||
Debian:
|
|
||||||
```
|
|
||||||
apt-get build-dep shadow
|
|
||||||
```
|
|
||||||
|
|
||||||
Fedora:
|
|
||||||
```
|
|
||||||
dnf builddep shadow-utils
|
|
||||||
```
|
|
||||||
|
|
||||||
An alternative would be to take a look at the CI workflow [file](../../.github/workflows/runner.yml)
|
|
||||||
and get the package names from there. This has the advantage that it
|
|
||||||
also includes new dependencies needed for the development version
|
|
||||||
which might have not been present in the last release.
|
|
||||||
|
|
||||||
### Configure
|
|
||||||
|
|
||||||
The first step is to configure it. You can use the
|
|
||||||
`autogen.sh` script provided by the project. Example:
|
|
||||||
|
|
||||||
```
|
|
||||||
./autogen.sh --without-selinux --enable-man --with-yescrypt
|
|
||||||
```
|
|
||||||
|
|
||||||
### Build
|
|
||||||
|
|
||||||
The next step is to build the project:
|
|
||||||
|
|
||||||
```
|
|
||||||
make -j4
|
|
||||||
```
|
|
||||||
|
|
||||||
### Install
|
|
||||||
|
|
||||||
The last step is to install it. We recommend avoiding this step and using a
|
|
||||||
disposable system like a VM or a container instead.
|
|
||||||
|
|
||||||
```
|
|
||||||
make install
|
|
||||||
```
|
|
||||||
|
|
||||||
## Containers
|
|
||||||
|
|
||||||
Alternatively, you can use any of the preconfigured container images builders
|
|
||||||
to build and install shadow.
|
|
||||||
|
|
||||||
You can either generate a single image by running the following command from
|
|
||||||
the root folder of the project (i.e. Alpine):
|
|
||||||
|
|
||||||
```
|
|
||||||
docker build -f share/containers/alpine.dockerfile . --output build-out/alpine
|
|
||||||
```
|
|
||||||
|
|
||||||
Or generate all of the images with the `container-build.sh` script, as if you
|
|
||||||
were running some of the CI checks locally:
|
|
||||||
|
|
||||||
```
|
|
||||||
share/container-build.sh
|
|
||||||
```
|
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
# Continuous Integration (CI)
|
|
||||||
|
|
||||||
Shadow runs a CI workflow every time a pull-request (PR) is updated. This
|
|
||||||
workflow contains several checks to assure the quality of the project, and
|
|
||||||
only pull-requests with green results are merged.
|
|
||||||
|
|
||||||
## Build & install
|
|
||||||
|
|
||||||
The project is built & installed on Ubuntu, Alpine, Debian and Fedora. The last
|
|
||||||
three distributions are built & installed on containers, and the workflow can
|
|
||||||
be triggered locally by following the instructions specified in the
|
|
||||||
[Build & install](build_install.md#containers) page.
|
|
||||||
|
|
||||||
## System tests
|
|
||||||
|
|
||||||
The project is tested on Ubuntu. For that purpose it is built & installed in
|
|
||||||
this distribution in a VM. You can run this step locally by following the
|
|
||||||
instructions provided in the [Tests](tests.md#system-tests) page.
|
|
||||||
|
|
||||||
## Static code analysis
|
|
||||||
|
|
||||||
C and shell static code analysis is also executed. For that purpose
|
|
||||||
[CodeQL](https://codeql.github.com/) and
|
|
||||||
[Differential ShellCheck](https://github.com/marketplace/actions/differential-shellcheck)
|
|
||||||
are used.
|
|
||||||
@@ -1,12 +0,0 @@
|
|||||||
# Coding style
|
|
||||||
|
|
||||||
* For a general guidance refer to the
|
|
||||||
[Linux kernel coding style](https://www.kernel.org/doc/html/latest/process/coding-style.html)
|
|
||||||
|
|
||||||
* Patches that change the existing coding style are not welcome, as they make
|
|
||||||
downstream porting harder for the distributions
|
|
||||||
|
|
||||||
## Indentation
|
|
||||||
|
|
||||||
Tabs are preferred over spaces for indentation. Loading the `.editorconfig`
|
|
||||||
file in your preferred IDE may help you configure it.
|
|
||||||
@@ -1,77 +0,0 @@
|
|||||||
# Introduction
|
|
||||||
|
|
||||||
## Git and Github
|
|
||||||
|
|
||||||
We recommend you to get familiar with the
|
|
||||||
[git](https://guides.github.com/introduction/git-handbook) and
|
|
||||||
[Github](https://guides.github.com) workflows before posting any changes.
|
|
||||||
|
|
||||||
### Set up in a nut shell
|
|
||||||
|
|
||||||
The following steps describe the process in a nut shell to provide you a basic
|
|
||||||
template:
|
|
||||||
|
|
||||||
* Create an account on [GitHub](https://github.com)
|
|
||||||
* Fork the [shadow repository](https://github.com/shadow-maint/shadow)
|
|
||||||
* Clone the shadow repository
|
|
||||||
|
|
||||||
```
|
|
||||||
git clone https://github.com/shadow-maint/shadow.git
|
|
||||||
```
|
|
||||||
|
|
||||||
* Add your fork as an extra remote
|
|
||||||
|
|
||||||
```
|
|
||||||
git remote add $ghusername git@github.com:$ghusername/shadow.git
|
|
||||||
```
|
|
||||||
|
|
||||||
* Setup your name contact e-mail that you want to use for the development
|
|
||||||
|
|
||||||
```
|
|
||||||
git config user.name "John Smith"
|
|
||||||
git config user.email "john.smith@home.com"
|
|
||||||
```
|
|
||||||
|
|
||||||
**Note**: this will setup the user information only for this repository. You
|
|
||||||
can also add `--global` switch to the `git config` command to setup these
|
|
||||||
options globally and thus making them available in every git repository.
|
|
||||||
|
|
||||||
* Create a working branch
|
|
||||||
|
|
||||||
```
|
|
||||||
git checkout -b my-changes
|
|
||||||
```
|
|
||||||
|
|
||||||
* Commit changes
|
|
||||||
|
|
||||||
```
|
|
||||||
vim change-what-you-need
|
|
||||||
git commit -s
|
|
||||||
```
|
|
||||||
|
|
||||||
Check
|
|
||||||
[the kernel patches guide](https://www.kernel.org/doc/html/v4.14/process/submitting-patches.html#describe-your-changes)
|
|
||||||
to get an idea on how to write a good commit message.
|
|
||||||
|
|
||||||
* Push your changes to your GitHub repository
|
|
||||||
|
|
||||||
```
|
|
||||||
git push $ghusername my-changes --force
|
|
||||||
```
|
|
||||||
|
|
||||||
* Open a Pull Request against shadow project by clicking on the link provided
|
|
||||||
in the output of the previous step
|
|
||||||
|
|
||||||
* Make sure that all Continuous Integration checks are green and wait review
|
|
||||||
|
|
||||||
## Internal guidelines
|
|
||||||
|
|
||||||
Additionally, you should also check the following internal guidelines to
|
|
||||||
understand the project's development model:
|
|
||||||
|
|
||||||
* [Build & install](build_install.md)
|
|
||||||
* [Coding style](coding_style.md)
|
|
||||||
* [Tests](tests.md)
|
|
||||||
* [Continuous Integration](CI.md)
|
|
||||||
* [Releases](releases.md)
|
|
||||||
* [License](license.md)
|
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
# License
|
|
||||||
|
|
||||||
All new source code committed to the shadow project is assumed to be made
|
|
||||||
available under the [BSD-3-Clause](../../COPYING) license unless the submitter
|
|
||||||
specifies another license at that time. The shadow maintainers reserve the
|
|
||||||
right to refuse a submission if the license is deemed incompatible with the
|
|
||||||
goals of the project.
|
|
||||||
|
|
||||||
**Note**: old code may be made available under another license, check the
|
|
||||||
license tag for each file to get additional information.
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
# Releases
|
|
||||||
|
|
||||||
The shadow project doesn't follow any specific timeline to release new software
|
|
||||||
versions. Usually, they are released when a major milestone is finished.
|
|
||||||
|
|
||||||
Released source code, alongside the release notes, are provided in the
|
|
||||||
[release Github page](https://github.com/shadow-maint/shadow/releases).
|
|
||||||
@@ -1,18 +0,0 @@
|
|||||||
# Tests
|
|
||||||
|
|
||||||
Currently, shadow only provides system tests.
|
|
||||||
|
|
||||||
## System tests
|
|
||||||
|
|
||||||
These type of tests are written in shell. Unfortunately, the testing framework
|
|
||||||
is tightly coupled to the Ubuntu distribution and it can only be run in this
|
|
||||||
distribution. Besides, if anything fails during the execution the system can
|
|
||||||
be left in an unstable state. Taking that into account you shouldn't run this
|
|
||||||
workflow in your host machine, we recommend to use a disposable system like a
|
|
||||||
VM or a container instead.
|
|
||||||
|
|
||||||
You can execute system tests by running:
|
|
||||||
|
|
||||||
```
|
|
||||||
cd tests && ./run_all`.
|
|
||||||
```
|
|
||||||
@@ -1,340 +0,0 @@
|
|||||||
diff -ur orig/cracklib26_small/cracklib/fascist.c cracklib26_small/cracklib/fascist.c
|
|
||||||
--- orig/cracklib26_small/cracklib/fascist.c Mon Dec 15 02:56:55 1997
|
|
||||||
+++ cracklib26_small/cracklib/fascist.c Sat Apr 4 22:14:45 1998
|
|
||||||
@@ -12,6 +12,7 @@
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <pwd.h>
|
|
||||||
+#include <string.h>
|
|
||||||
|
|
||||||
#define ISSKIP(x) (isspace(x) || ispunct(x))
|
|
||||||
|
|
||||||
@@ -460,28 +461,27 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
char *
|
|
||||||
-FascistGecos(password, uid)
|
|
||||||
+FascistGecosPw(password, pwd)
|
|
||||||
char *password;
|
|
||||||
- int uid;
|
|
||||||
+ struct passwd *pwd;
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
int j;
|
|
||||||
int wc;
|
|
||||||
char *ptr;
|
|
||||||
- struct passwd *pwp;
|
|
||||||
char gbuffer[STRINGSIZE];
|
|
||||||
char tbuffer[STRINGSIZE];
|
|
||||||
char *uwords[STRINGSIZE];
|
|
||||||
char longbuffer[STRINGSIZE * 2];
|
|
||||||
|
|
||||||
- if (!(pwp = getpwuid(uid)))
|
|
||||||
+ if (!pwd)
|
|
||||||
{
|
|
||||||
return ("you are not registered in the password file");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* lets get really paranoid and assume a dangerously long gecos entry */
|
|
||||||
|
|
||||||
- strncpy(tbuffer, pwp->pw_name, STRINGSIZE);
|
|
||||||
+ strncpy(tbuffer, pwd->pw_name, STRINGSIZE);
|
|
||||||
tbuffer[STRINGSIZE-1] = '\0';
|
|
||||||
if (GTry(tbuffer, password))
|
|
||||||
{
|
|
||||||
@@ -490,12 +490,13 @@
|
|
||||||
|
|
||||||
/* it never used to be that you got passwd strings > 1024 chars, but now... */
|
|
||||||
|
|
||||||
- strncpy(tbuffer, pwp->pw_gecos, STRINGSIZE);
|
|
||||||
+ strncpy(tbuffer, pwd->pw_gecos, STRINGSIZE);
|
|
||||||
tbuffer[STRINGSIZE-1] = '\0';
|
|
||||||
strcpy(gbuffer, Lowercase(tbuffer));
|
|
||||||
|
|
||||||
wc = 0;
|
|
||||||
ptr = gbuffer;
|
|
||||||
+ uwords[0] = (char *) 0;
|
|
||||||
|
|
||||||
while (*ptr)
|
|
||||||
{
|
|
||||||
@@ -530,6 +531,8 @@
|
|
||||||
*(ptr++) = '\0';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ if (!uwords[0])
|
|
||||||
+ return ((char *) 0); /* empty gecos */
|
|
||||||
#ifdef DEBUG
|
|
||||||
for (i = 0; uwords[i]; i++)
|
|
||||||
{
|
|
||||||
@@ -586,9 +589,10 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
char *
|
|
||||||
-FascistLook(pwp, instring)
|
|
||||||
+FascistLookPw(pwp, instring, pwd)
|
|
||||||
PWDICT *pwp;
|
|
||||||
char *instring;
|
|
||||||
+ struct passwd *pwd;
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
char *ptr;
|
|
||||||
@@ -667,7 +671,7 @@
|
|
||||||
return ("it looks like a National Insurance number.");
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (ptr = FascistGecos(password, getuid()))
|
|
||||||
+ if (ptr = FascistGecosPw(password, pwd ? pwd : getpwuid(getuid())))
|
|
||||||
{
|
|
||||||
return (ptr);
|
|
||||||
}
|
|
||||||
@@ -715,9 +719,10 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
char *
|
|
||||||
-FascistCheck(password, path)
|
|
||||||
+FascistCheckPw(password, path, pwd)
|
|
||||||
char *password;
|
|
||||||
char *path;
|
|
||||||
+ struct passwd *pwd;
|
|
||||||
{
|
|
||||||
static char lastpath[STRINGSIZE];
|
|
||||||
static PWDICT *pwp;
|
|
||||||
@@ -750,5 +755,29 @@
|
|
||||||
strncpy(lastpath, path, STRINGSIZE);
|
|
||||||
}
|
|
||||||
|
|
||||||
- return (FascistLook(pwp, pwtrunced));
|
|
||||||
+ return (FascistLookPw(pwp, pwtrunced, pwd));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+char *
|
|
||||||
+FascistGecos(password, uid)
|
|
||||||
+ char *password;
|
|
||||||
+ int uid;
|
|
||||||
+{
|
|
||||||
+ return (FascistGecosPw(password, getpwuid(uid)));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+char *
|
|
||||||
+FascistLook(pwp, instring)
|
|
||||||
+ PWDICT *pwp;
|
|
||||||
+ char *instring;
|
|
||||||
+{
|
|
||||||
+ return (FascistLookPw(pwp, instring, (char *) 0));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+char *
|
|
||||||
+FascistCheck(password, path)
|
|
||||||
+ char *password;
|
|
||||||
+ char *path;
|
|
||||||
+{
|
|
||||||
+ return (FascistCheckPw(password, path, (char *) 0));
|
|
||||||
}
|
|
||||||
diff -ur orig/cracklib26_small/cracklib/packer.h cracklib26_small/cracklib/packer.h
|
|
||||||
--- orig/cracklib26_small/cracklib/packer.h Mon Dec 15 00:09:30 1997
|
|
||||||
+++ cracklib26_small/cracklib/packer.h Sat Jan 10 22:13:46 1998
|
|
||||||
@@ -34,6 +34,7 @@
|
|
||||||
FILE *dfp;
|
|
||||||
FILE *wfp;
|
|
||||||
|
|
||||||
+ int canfree;
|
|
||||||
int32 flags;
|
|
||||||
#define PFOR_WRITE 0x0001
|
|
||||||
#define PFOR_FLUSH 0x0002
|
|
||||||
diff -ur orig/cracklib26_small/cracklib/packlib.c cracklib26_small/cracklib/packlib.c
|
|
||||||
--- orig/cracklib26_small/cracklib/packlib.c Fri Jul 9 22:22:58 1993
|
|
||||||
+++ cracklib26_small/cracklib/packlib.c Sat Jan 10 22:28:49 1998
|
|
||||||
@@ -16,7 +16,7 @@
|
|
||||||
char *mode;
|
|
||||||
{
|
|
||||||
int32 i;
|
|
||||||
- static PWDICT pdesc;
|
|
||||||
+ PWDICT *pdesc;
|
|
||||||
char iname[STRINGSIZE];
|
|
||||||
char dname[STRINGSIZE];
|
|
||||||
char wname[STRINGSIZE];
|
|
||||||
@@ -25,92 +25,94 @@
|
|
||||||
FILE *ifp;
|
|
||||||
FILE *wfp;
|
|
||||||
|
|
||||||
- if (pdesc.header.pih_magic == PIH_MAGIC)
|
|
||||||
- {
|
|
||||||
- fprintf(stderr, "%s: another dictionary already open\n", prefix);
|
|
||||||
+ if ((pdesc = (PWDICT *) malloc(sizeof(PWDICT))) == 0)
|
|
||||||
return ((PWDICT *) 0);
|
|
||||||
- }
|
|
||||||
|
|
||||||
- memset(&pdesc, '\0', sizeof(pdesc));
|
|
||||||
+ memset(pdesc, '\0', sizeof(*pdesc));
|
|
||||||
|
|
||||||
sprintf(iname, "%s.pwi", prefix);
|
|
||||||
sprintf(dname, "%s.pwd", prefix);
|
|
||||||
sprintf(wname, "%s.hwm", prefix);
|
|
||||||
|
|
||||||
- if (!(pdesc.dfp = fopen(dname, mode)))
|
|
||||||
+ if (!(pdesc->dfp = fopen(dname, mode)))
|
|
||||||
{
|
|
||||||
perror(dname);
|
|
||||||
+ free(pdesc);
|
|
||||||
return ((PWDICT *) 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (!(pdesc.ifp = fopen(iname, mode)))
|
|
||||||
+ if (!(pdesc->ifp = fopen(iname, mode)))
|
|
||||||
{
|
|
||||||
- fclose(pdesc.dfp);
|
|
||||||
+ fclose(pdesc->dfp);
|
|
||||||
perror(iname);
|
|
||||||
+ free(pdesc);
|
|
||||||
return ((PWDICT *) 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (pdesc.wfp = fopen(wname, mode))
|
|
||||||
+ if (pdesc->wfp = fopen(wname, mode))
|
|
||||||
{
|
|
||||||
- pdesc.flags |= PFOR_USEHWMS;
|
|
||||||
+ pdesc->flags |= PFOR_USEHWMS;
|
|
||||||
}
|
|
||||||
|
|
||||||
- ifp = pdesc.ifp;
|
|
||||||
- dfp = pdesc.dfp;
|
|
||||||
- wfp = pdesc.wfp;
|
|
||||||
+ ifp = pdesc->ifp;
|
|
||||||
+ dfp = pdesc->dfp;
|
|
||||||
+ wfp = pdesc->wfp;
|
|
||||||
|
|
||||||
if (mode[0] == 'w')
|
|
||||||
{
|
|
||||||
- pdesc.flags |= PFOR_WRITE;
|
|
||||||
- pdesc.header.pih_magic = PIH_MAGIC;
|
|
||||||
- pdesc.header.pih_blocklen = NUMWORDS;
|
|
||||||
- pdesc.header.pih_numwords = 0;
|
|
||||||
+ pdesc->flags |= PFOR_WRITE;
|
|
||||||
+ pdesc->header.pih_magic = PIH_MAGIC;
|
|
||||||
+ pdesc->header.pih_blocklen = NUMWORDS;
|
|
||||||
+ pdesc->header.pih_numwords = 0;
|
|
||||||
|
|
||||||
- fwrite((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp);
|
|
||||||
+ fwrite((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp);
|
|
||||||
} else
|
|
||||||
{
|
|
||||||
- pdesc.flags &= ~PFOR_WRITE;
|
|
||||||
+ pdesc->flags &= ~PFOR_WRITE;
|
|
||||||
|
|
||||||
- if (!fread((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp))
|
|
||||||
+ if (!fread((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp))
|
|
||||||
{
|
|
||||||
fprintf(stderr, "%s: error reading header\n", prefix);
|
|
||||||
|
|
||||||
- pdesc.header.pih_magic = 0;
|
|
||||||
+ pdesc->header.pih_magic = 0;
|
|
||||||
fclose(ifp);
|
|
||||||
fclose(dfp);
|
|
||||||
+ free(pdesc);
|
|
||||||
return ((PWDICT *) 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (pdesc.header.pih_magic != PIH_MAGIC)
|
|
||||||
+ if (pdesc->header.pih_magic != PIH_MAGIC)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "%s: magic mismatch\n", prefix);
|
|
||||||
|
|
||||||
- pdesc.header.pih_magic = 0;
|
|
||||||
+ pdesc->header.pih_magic = 0;
|
|
||||||
fclose(ifp);
|
|
||||||
fclose(dfp);
|
|
||||||
+ free(pdesc);
|
|
||||||
return ((PWDICT *) 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (pdesc.header.pih_blocklen != NUMWORDS)
|
|
||||||
+ if (pdesc->header.pih_blocklen != NUMWORDS)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "%s: size mismatch\n", prefix);
|
|
||||||
|
|
||||||
- pdesc.header.pih_magic = 0;
|
|
||||||
+ pdesc->header.pih_magic = 0;
|
|
||||||
fclose(ifp);
|
|
||||||
fclose(dfp);
|
|
||||||
+ free(pdesc);
|
|
||||||
return ((PWDICT *) 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (pdesc.flags & PFOR_USEHWMS)
|
|
||||||
+ if (pdesc->flags & PFOR_USEHWMS)
|
|
||||||
{
|
|
||||||
- if (fread(pdesc.hwms, 1, sizeof(pdesc.hwms), wfp) != sizeof(pdesc.hwms))
|
|
||||||
+ if (fread(pdesc->hwms, 1, sizeof(pdesc->hwms), wfp) != sizeof(pdesc->hwms))
|
|
||||||
{
|
|
||||||
- pdesc.flags &= ~PFOR_USEHWMS;
|
|
||||||
+ pdesc->flags &= ~PFOR_USEHWMS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- return (&pdesc);
|
|
||||||
+ pdesc->canfree = 1;
|
|
||||||
+ return (pdesc);
|
|
||||||
}
|
|
||||||
|
|
||||||
int
|
|
||||||
@@ -159,8 +161,13 @@
|
|
||||||
|
|
||||||
fclose(pwp->ifp);
|
|
||||||
fclose(pwp->dfp);
|
|
||||||
+ if (pwp->wfp)
|
|
||||||
+ fclose(pwp->wfp);
|
|
||||||
|
|
||||||
- pwp->header.pih_magic = 0;
|
|
||||||
+ if (pwp->canfree)
|
|
||||||
+ free(pwp);
|
|
||||||
+ else
|
|
||||||
+ pwp->header.pih_magic = 0;
|
|
||||||
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
@@ -307,6 +314,11 @@
|
|
||||||
register char *this;
|
|
||||||
int idx;
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * comment in npasswd-2.0beta4 says this:
|
|
||||||
+ * This does not work under all circumstances, so don't bother
|
|
||||||
+ */
|
|
||||||
+#if 0
|
|
||||||
if (pwp->flags & PFOR_USEHWMS)
|
|
||||||
{
|
|
||||||
idx = string[0] & 0xff;
|
|
||||||
@@ -317,6 +329,10 @@
|
|
||||||
lwm = 0;
|
|
||||||
hwm = PW_WORDS(pwp) - 1;
|
|
||||||
}
|
|
||||||
+#else
|
|
||||||
+ lwm = 0;
|
|
||||||
+ hwm = PW_WORDS(pwp);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#ifdef DEBUG
|
|
||||||
printf("---- %lu, %lu ----\n", lwm, hwm);
|
|
||||||
diff -ur orig/cracklib26_small/util/mkdict cracklib26_small/util/mkdict
|
|
||||||
--- orig/cracklib26_small/util/mkdict Fri Jul 9 22:23:03 1993
|
|
||||||
+++ cracklib26_small/util/mkdict Sat Apr 4 22:31:45 1998
|
|
||||||
@@ -14,9 +14,16 @@
|
|
||||||
SORT="sort"
|
|
||||||
###SORT="sort -T /tmp"
|
|
||||||
|
|
||||||
-cat $* |
|
|
||||||
+### Use zcat to read compressed (as well as uncompressed) dictionaries.
|
|
||||||
+### Compressed dictionaries can save quite a lot of disk space.
|
|
||||||
+
|
|
||||||
+CAT="gzip -cdf"
|
|
||||||
+###CAT="zcat"
|
|
||||||
+###CAT="cat"
|
|
||||||
+
|
|
||||||
+$CAT $* |
|
|
||||||
tr '[A-Z]' '[a-z]' |
|
|
||||||
- tr -cd '[\012a-z0-9]' |
|
|
||||||
+ tr -cd '\012[a-z][0-9]' |
|
|
||||||
$SORT |
|
|
||||||
uniq |
|
|
||||||
grep -v '^#' |
|
|
||||||
@@ -1,23 +0,0 @@
|
|||||||
# This is a dummy Makefile.am to get automake work flawlessly,
|
|
||||||
# and also cooperate to make a distribution for `make dist'
|
|
||||||
|
|
||||||
sysconf_DATA = login.defs
|
|
||||||
|
|
||||||
defaultdir = $(sysconfdir)/default
|
|
||||||
default_DATA =
|
|
||||||
|
|
||||||
nonpam_files = \
|
|
||||||
limits \
|
|
||||||
login.access
|
|
||||||
|
|
||||||
if !USE_PAM
|
|
||||||
nonpamdir = $(sysconfdir)
|
|
||||||
nonpam_DATA = $(nonpam_files)
|
|
||||||
endif
|
|
||||||
|
|
||||||
EXTRA_DIST = \
|
|
||||||
$(nonpam_files) \
|
|
||||||
$(sysconf_DATA) \
|
|
||||||
$(default_DATA)
|
|
||||||
|
|
||||||
SUBDIRS = pam.d shadow-maint
|
|
||||||
-30
@@ -1,30 +0,0 @@
|
|||||||
# /etc/limits contains user resource limits.
|
|
||||||
# See limits(5).
|
|
||||||
#
|
|
||||||
# Format:
|
|
||||||
# <username> <limits-string>
|
|
||||||
#
|
|
||||||
# default entry is '*' for username
|
|
||||||
#
|
|
||||||
# Valid flags are:
|
|
||||||
# A: max address space (KB)
|
|
||||||
# C: max core file size (KB)
|
|
||||||
# D: max data size (KB)
|
|
||||||
# F: maximum filesize (KB)
|
|
||||||
# M: max locked-in-memory address space (KB) [only for root on Linux 2.0.x]
|
|
||||||
# N: max number of open files
|
|
||||||
# R: max resident set size (KB) [no effect on Linux 2.0.x]
|
|
||||||
# S: max stack size (KB)
|
|
||||||
# T: max CPU time (MIN)
|
|
||||||
# U: max number of processes
|
|
||||||
# L: max number of logins for this user
|
|
||||||
# I: max nice value (0..39 translates to 20..-19)
|
|
||||||
# O: max real time priority (0..MAX_RT_PRIO)
|
|
||||||
#
|
|
||||||
# Examples:
|
|
||||||
# the default entry
|
|
||||||
#* L2 D6144 R2048 S2048 U32 N32 F16384 T5 C0 I20 O0
|
|
||||||
# another way of suspending a user login
|
|
||||||
#guest L0
|
|
||||||
# this account has no limits
|
|
||||||
#sysadm -
|
|
||||||
@@ -1,54 +0,0 @@
|
|||||||
# $Id$
|
|
||||||
#
|
|
||||||
# Login access control table.
|
|
||||||
#
|
|
||||||
# When someone logs in, the table is scanned for the first entry that
|
|
||||||
# matches the (user, host) combination, or, in case of non-networked
|
|
||||||
# logins, the first entry that matches the (user, tty) combination. The
|
|
||||||
# permissions field of that table entry determines whether the login will
|
|
||||||
# be accepted or refused.
|
|
||||||
#
|
|
||||||
# Format of the login access control table is three fields separated by a
|
|
||||||
# ":" character:
|
|
||||||
#
|
|
||||||
# permission : users : origins
|
|
||||||
#
|
|
||||||
# The first field should be a "+" (access granted) or "-" (access denied)
|
|
||||||
# character.
|
|
||||||
#
|
|
||||||
# The second field should be a list of one or more login names, group
|
|
||||||
# names, or ALL (always matches). A pattern of the form user@host is
|
|
||||||
# matched when the login name matches the "user" part, and when the
|
|
||||||
# "host" part matches the local machine name.
|
|
||||||
#
|
|
||||||
# The third field should be a list of one or more tty names (for
|
|
||||||
# non-networked logins), host names, domain names (begin with "."), host
|
|
||||||
# addresses, internet network numbers (end with "."), ALL (always
|
|
||||||
# matches) or LOCAL (matches any string that does not contain a "."
|
|
||||||
# character).
|
|
||||||
#
|
|
||||||
# If you run NIS you can use @netgroupname in host or user patterns; this
|
|
||||||
# even works for @usergroup@@hostgroup patterns. Weird.
|
|
||||||
#
|
|
||||||
# The EXCEPT operator makes it possible to write very compact rules.
|
|
||||||
#
|
|
||||||
# The group file is searched only when a name does not match that of the
|
|
||||||
# logged-in user. Only groups are matched in which users are explicitly
|
|
||||||
# listed: the program does not look at a user's primary group id value.
|
|
||||||
#
|
|
||||||
##############################################################################
|
|
||||||
#
|
|
||||||
# Disallow console logins to all but a few accounts.
|
|
||||||
#
|
|
||||||
#-:ALL EXCEPT wheel shutdown sync:console
|
|
||||||
#
|
|
||||||
# Disallow non-local logins to privileged accounts (group wheel).
|
|
||||||
#
|
|
||||||
#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
|
|
||||||
#
|
|
||||||
# Some accounts are not allowed to login from anywhere:
|
|
||||||
#
|
|
||||||
#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
|
|
||||||
#
|
|
||||||
# All other accounts are allowed to login from anywhere.
|
|
||||||
#
|
|
||||||
-478
@@ -1,478 +0,0 @@
|
|||||||
#
|
|
||||||
# /etc/login.defs - Configuration control definitions for the shadow package.
|
|
||||||
#
|
|
||||||
# $Id$
|
|
||||||
#
|
|
||||||
|
|
||||||
#
|
|
||||||
# Delay in seconds before being allowed another attempt after a login failure
|
|
||||||
# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
|
|
||||||
# pam_unix(8) enforces a 2s delay)
|
|
||||||
#
|
|
||||||
FAIL_DELAY 3
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable logging and display of /var/log/faillog login(1) failure info.
|
|
||||||
#
|
|
||||||
FAILLOG_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable display of unknown usernames when login(1) failures are recorded.
|
|
||||||
#
|
|
||||||
LOG_UNKFAIL_ENAB no
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable logging of successful logins
|
|
||||||
#
|
|
||||||
LOG_OK_LOGINS no
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable logging and display of /var/log/lastlog login(1) time info.
|
|
||||||
#
|
|
||||||
LASTLOG_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Limit the highest user ID number for which the lastlog entries should
|
|
||||||
# be updated.
|
|
||||||
#
|
|
||||||
# No LASTLOG_UID_MAX means that there is no user ID limit for writing
|
|
||||||
# lastlog entries.
|
|
||||||
#
|
|
||||||
#LASTLOG_UID_MAX
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable checking and display of mailbox status upon login.
|
|
||||||
#
|
|
||||||
# Disable if the shell startup files already check for mail
|
|
||||||
# ("mailx -e" or equivalent).
|
|
||||||
#
|
|
||||||
MAIL_CHECK_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable additional checks upon password changes.
|
|
||||||
#
|
|
||||||
OBSCURE_CHECKS_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable checking of time restrictions specified in /etc/porttime.
|
|
||||||
#
|
|
||||||
PORTTIME_CHECKS_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
|
|
||||||
#
|
|
||||||
QUOTAS_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
|
||||||
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
|
||||||
#
|
|
||||||
SYSLOG_SU_ENAB yes
|
|
||||||
SYSLOG_SG_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, either full pathname of a file containing device names or
|
|
||||||
# a ":" delimited list of device names. Root logins will be allowed only
|
|
||||||
# from these devices.
|
|
||||||
#
|
|
||||||
CONSOLE /etc/securetty
|
|
||||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, all su(1) activity is logged to this file.
|
|
||||||
#
|
|
||||||
#SULOG_FILE /var/log/sulog
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, ":" delimited list of "message of the day" files to
|
|
||||||
# be displayed upon login.
|
|
||||||
#
|
|
||||||
MOTD_FILE /etc/motd
|
|
||||||
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, this file will be output before each login(1) prompt.
|
|
||||||
#
|
|
||||||
#ISSUE_FILE /etc/issue
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, file which maps tty line to TERM environment parameter.
|
|
||||||
# Each line of the file is in a format similar to "vt100 tty01".
|
|
||||||
#
|
|
||||||
#TTYTYPE_FILE /etc/ttytype
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, login(1) failures will be logged here in a utmp format.
|
|
||||||
# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
|
|
||||||
#
|
|
||||||
FTMP_FILE /var/log/btmp
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, name of file whose presence will inhibit non-root
|
|
||||||
# logins. The content of this file should be a message indicating
|
|
||||||
# why logins are inhibited.
|
|
||||||
#
|
|
||||||
NOLOGINS_FILE /etc/nologin
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, the command name to display when running "su -". For
|
|
||||||
# example, if this is defined as "su" then ps(1) will display the
|
|
||||||
# command as "-su". If not defined, then ps(1) will display the
|
|
||||||
# name of the shell actually being run, e.g. something like "-sh".
|
|
||||||
#
|
|
||||||
SU_NAME su
|
|
||||||
|
|
||||||
#
|
|
||||||
# *REQUIRED*
|
|
||||||
# Directory where mailboxes reside, _or_ name of file, relative to the
|
|
||||||
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
|
||||||
#
|
|
||||||
MAIL_DIR /var/spool/mail
|
|
||||||
#MAIL_FILE .mail
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, file which inhibits all the usual chatter during the login
|
|
||||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
|
||||||
# user's name or shell are found in the file. If not a full pathname, then
|
|
||||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
|
||||||
#
|
|
||||||
HUSHLOGIN_FILE .hushlogin
|
|
||||||
#HUSHLOGIN_FILE /etc/hushlogins
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, either a TZ environment parameter spec or the
|
|
||||||
# fully-rooted pathname of a file containing such a spec.
|
|
||||||
#
|
|
||||||
#ENV_TZ TZ=CST6CDT
|
|
||||||
#ENV_TZ /etc/tzname
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, an HZ environment parameter spec.
|
|
||||||
#
|
|
||||||
# for Linux/x86
|
|
||||||
ENV_HZ HZ=100
|
|
||||||
# For Linux/Alpha...
|
|
||||||
#ENV_HZ HZ=1024
|
|
||||||
|
|
||||||
#
|
|
||||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
|
||||||
#
|
|
||||||
# (they are minimal, add the rest in the shell startup files)
|
|
||||||
ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
|
||||||
ENV_PATH PATH=/bin:/usr/bin
|
|
||||||
|
|
||||||
#
|
|
||||||
# Terminal permissions
|
|
||||||
#
|
|
||||||
# TTYGROUP Login tty will be assigned this group ownership.
|
|
||||||
# TTYPERM Login tty will be set to this permission.
|
|
||||||
#
|
|
||||||
# If you have a write(1) program which is "setgid" to a special group
|
|
||||||
# which owns the terminals, define TTYGROUP as the number of such group
|
|
||||||
# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
|
|
||||||
# set TTYPERM to either 622 or 600.
|
|
||||||
#
|
|
||||||
TTYGROUP tty
|
|
||||||
TTYPERM 0600
|
|
||||||
|
|
||||||
#
|
|
||||||
# Login configuration initializations:
|
|
||||||
#
|
|
||||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
|
||||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
|
||||||
# ULIMIT Default "ulimit" value.
|
|
||||||
#
|
|
||||||
# The ERASECHAR and KILLCHAR are used only on System V machines.
|
|
||||||
# The ULIMIT is used only if the system supports it.
|
|
||||||
# (now it works with setrlimit too; ulimit is in 512-byte units)
|
|
||||||
#
|
|
||||||
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
|
||||||
#
|
|
||||||
ERASECHAR 0177
|
|
||||||
KILLCHAR 025
|
|
||||||
#ULIMIT 2097152
|
|
||||||
|
|
||||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
|
||||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
|
||||||
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
|
|
||||||
# home directories if HOME_MODE is not set.
|
|
||||||
# 022 is the default value, but 027, or even 077, could be considered
|
|
||||||
# for increased privacy. There is no One True Answer here: each sysadmin
|
|
||||||
# must make up their mind.
|
|
||||||
UMASK 022
|
|
||||||
|
|
||||||
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
|
||||||
# home directories.
|
|
||||||
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
|
||||||
#HOME_MODE 0700
|
|
||||||
|
|
||||||
#
|
|
||||||
# Password aging controls:
|
|
||||||
#
|
|
||||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
|
||||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
|
||||||
# PASS_MIN_LEN Minimum acceptable password length.
|
|
||||||
# PASS_WARN_AGE Number of days warning given before a password expires.
|
|
||||||
#
|
|
||||||
PASS_MAX_DAYS 99999
|
|
||||||
PASS_MIN_DAYS 0
|
|
||||||
PASS_MIN_LEN 5
|
|
||||||
PASS_WARN_AGE 7
|
|
||||||
|
|
||||||
#
|
|
||||||
# If "yes", the user must be listed as a member of the first gid 0 group
|
|
||||||
# in /etc/group (called "root" on most Linux systems) to be able to "su"
|
|
||||||
# to uid 0 accounts. If the group doesn't exist or is empty, no one
|
|
||||||
# will be able to "su" to uid 0.
|
|
||||||
#
|
|
||||||
SU_WHEEL_ONLY no
|
|
||||||
|
|
||||||
#
|
|
||||||
# If compiled with cracklib support, sets the path to the dictionaries
|
|
||||||
#
|
|
||||||
CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
|
|
||||||
|
|
||||||
#
|
|
||||||
# Min/max values for automatic uid selection in useradd(8)
|
|
||||||
#
|
|
||||||
UID_MIN 1000
|
|
||||||
UID_MAX 60000
|
|
||||||
# System accounts
|
|
||||||
SYS_UID_MIN 101
|
|
||||||
SYS_UID_MAX 999
|
|
||||||
# Extra per user uids
|
|
||||||
SUB_UID_MIN 100000
|
|
||||||
SUB_UID_MAX 600100000
|
|
||||||
SUB_UID_COUNT 65536
|
|
||||||
|
|
||||||
#
|
|
||||||
# Min/max values for automatic gid selection in groupadd(8)
|
|
||||||
#
|
|
||||||
GID_MIN 1000
|
|
||||||
GID_MAX 60000
|
|
||||||
# System accounts
|
|
||||||
SYS_GID_MIN 101
|
|
||||||
SYS_GID_MAX 999
|
|
||||||
# Extra per user group ids
|
|
||||||
SUB_GID_MIN 100000
|
|
||||||
SUB_GID_MAX 600100000
|
|
||||||
SUB_GID_COUNT 65536
|
|
||||||
|
|
||||||
#
|
|
||||||
# Max number of login(1) retries if password is bad
|
|
||||||
#
|
|
||||||
LOGIN_RETRIES 5
|
|
||||||
|
|
||||||
#
|
|
||||||
# Max time in seconds for login(1)
|
|
||||||
#
|
|
||||||
LOGIN_TIMEOUT 60
|
|
||||||
|
|
||||||
#
|
|
||||||
# Maximum number of attempts to change password if rejected (too easy)
|
|
||||||
#
|
|
||||||
PASS_CHANGE_TRIES 5
|
|
||||||
|
|
||||||
#
|
|
||||||
# Warn about weak passwords (but still allow them) if you are root.
|
|
||||||
#
|
|
||||||
PASS_ALWAYS_WARN yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Number of significant characters in the password for crypt().
|
|
||||||
# Default is 8, don't change unless your crypt() is better.
|
|
||||||
# Ignored if MD5_CRYPT_ENAB set to "yes".
|
|
||||||
#
|
|
||||||
#PASS_MAX_LEN 8
|
|
||||||
|
|
||||||
#
|
|
||||||
# Require password before chfn(1)/chsh(1) can make any changes.
|
|
||||||
#
|
|
||||||
CHFN_AUTH yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Which fields may be changed by regular users using chfn(1) - use
|
|
||||||
# any combination of letters "frwh" (full name, room number, work
|
|
||||||
# phone, home phone). If not defined, no changes are allowed.
|
|
||||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
|
||||||
#
|
|
||||||
CHFN_RESTRICT rwh
|
|
||||||
|
|
||||||
#
|
|
||||||
# Password prompt (%s will be replaced by user name).
|
|
||||||
#
|
|
||||||
# XXX - it doesn't work correctly yet, for now leave it commented out
|
|
||||||
# to use the default which is just "Password: ".
|
|
||||||
#LOGIN_STRING "%s's Password: "
|
|
||||||
|
|
||||||
#
|
|
||||||
# Only works if compiled with MD5_CRYPT defined:
|
|
||||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
|
||||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
|
||||||
# It supports passwords of unlimited length and longer salt strings.
|
|
||||||
# Set to "no" if you need to copy encrypted passwords to other systems
|
|
||||||
# which don't understand the new algorithm. Default is "no".
|
|
||||||
#
|
|
||||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
|
||||||
# the PAM modules configuration.
|
|
||||||
#
|
|
||||||
# This variable is deprecated. You should use ENCRYPT_METHOD instead.
|
|
||||||
#
|
|
||||||
#MD5_CRYPT_ENAB no
|
|
||||||
|
|
||||||
#
|
|
||||||
# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
|
|
||||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
|
||||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
|
||||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
|
||||||
# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
|
|
||||||
# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
|
|
||||||
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
|
||||||
# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
|
|
||||||
# Overrides the MD5_CRYPT_ENAB option
|
|
||||||
#
|
|
||||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
|
||||||
# the PAM modules configuration.
|
|
||||||
#
|
|
||||||
#ENCRYPT_METHOD DES
|
|
||||||
|
|
||||||
#
|
|
||||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
|
||||||
#
|
|
||||||
# Define the number of SHA rounds.
|
|
||||||
# With a lot of rounds, it is more difficult to brute-force the password.
|
|
||||||
# However, more CPU resources will be needed to authenticate users if
|
|
||||||
# this value is increased.
|
|
||||||
#
|
|
||||||
# If not specified, the libc will choose the default number of rounds (5000),
|
|
||||||
# which is orders of magnitude too low for modern hardware.
|
|
||||||
# The values must be within the 1000-999999999 range.
|
|
||||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
|
||||||
# If MIN > MAX, the highest value will be used.
|
|
||||||
#
|
|
||||||
#SHA_CRYPT_MIN_ROUNDS 5000
|
|
||||||
#SHA_CRYPT_MAX_ROUNDS 5000
|
|
||||||
|
|
||||||
#
|
|
||||||
# Only works if ENCRYPT_METHOD is set to BCRYPT.
|
|
||||||
#
|
|
||||||
# Define the number of BCRYPT rounds.
|
|
||||||
# With a lot of rounds, it is more difficult to brute-force the password.
|
|
||||||
# However, more CPU resources will be needed to authenticate users if
|
|
||||||
# this value is increased.
|
|
||||||
#
|
|
||||||
# If not specified, 13 rounds will be attempted.
|
|
||||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
|
||||||
# If MIN > MAX, the highest value will be used.
|
|
||||||
#
|
|
||||||
#BCRYPT_MIN_ROUNDS 13
|
|
||||||
#BCRYPT_MAX_ROUNDS 13
|
|
||||||
|
|
||||||
#
|
|
||||||
# Only works if ENCRYPT_METHOD is set to YESCRYPT.
|
|
||||||
#
|
|
||||||
# Define the YESCRYPT cost factor.
|
|
||||||
# With a higher cost factor, it is more difficult to brute-force the password.
|
|
||||||
# However, more CPU time and more memory will be needed to authenticate users
|
|
||||||
# if this value is increased.
|
|
||||||
#
|
|
||||||
# If not specified, a cost factor of 5 will be used.
|
|
||||||
# The value must be within the 1-11 range.
|
|
||||||
#
|
|
||||||
#YESCRYPT_COST_FACTOR 5
|
|
||||||
|
|
||||||
#
|
|
||||||
# List of groups to add to the user's supplementary group set
|
|
||||||
# when logging in from the console (as determined by the CONSOLE
|
|
||||||
# setting). Default is none.
|
|
||||||
#
|
|
||||||
# Use with caution - it is possible for users to gain permanent
|
|
||||||
# access to these groups, even when not logged in from the console.
|
|
||||||
# How to do it is left as an exercise for the reader...
|
|
||||||
#
|
|
||||||
#CONSOLE_GROUPS floppy:audio:cdrom
|
|
||||||
|
|
||||||
#
|
|
||||||
# Should login be allowed if we can't cd to the home directory?
|
|
||||||
# Default is no.
|
|
||||||
#
|
|
||||||
DEFAULT_HOME yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# The pwck(8) utility emits a warning for any system account with a home
|
|
||||||
# directory that does not exist. Some system accounts intentionally do
|
|
||||||
# not have a home directory. Such accounts may have this string as
|
|
||||||
# their home directory in /etc/passwd to avoid a spurious warning.
|
|
||||||
#
|
|
||||||
NONEXISTENT /nonexistent
|
|
||||||
|
|
||||||
#
|
|
||||||
# If this file exists and is readable, login environment will be
|
|
||||||
# read from it. Every line should be in the form name=value.
|
|
||||||
#
|
|
||||||
ENVIRON_FILE /etc/environment
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, this command is run when removing a user.
|
|
||||||
# It should remove any at/cron/print jobs etc. owned by
|
|
||||||
# the user to be removed (passed as the first argument).
|
|
||||||
#
|
|
||||||
#USERDEL_CMD /usr/sbin/userdel_local
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable setting of the umask group bits to be the same as owner bits
|
|
||||||
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
|
|
||||||
# the same as gid, and username is the same as the primary group name.
|
|
||||||
#
|
|
||||||
# This also enables userdel(8) to remove user groups if no members exist.
|
|
||||||
#
|
|
||||||
USERGROUPS_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# If set to a non-zero number, the shadow utilities will make sure that
|
|
||||||
# groups never have more than this number of users on one line.
|
|
||||||
# This permits to support split groups (groups split into multiple lines,
|
|
||||||
# with the same group ID, to avoid limitation of the line length in the
|
|
||||||
# group file).
|
|
||||||
#
|
|
||||||
# 0 is the default value and disables this feature.
|
|
||||||
#
|
|
||||||
#MAX_MEMBERS_PER_GROUP 0
|
|
||||||
|
|
||||||
#
|
|
||||||
# If useradd(8) should create home directories for users by default (non
|
|
||||||
# system users only).
|
|
||||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
|
||||||
# command-line.
|
|
||||||
#
|
|
||||||
#CREATE_HOME yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Force use shadow, even if shadow passwd & shadow group files are
|
|
||||||
# missing.
|
|
||||||
#
|
|
||||||
#FORCE_SHADOW yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Allow newuidmap and newgidmap when running under an alternative
|
|
||||||
# primary group.
|
|
||||||
#
|
|
||||||
#GRANT_AUX_GROUP_SUBIDS yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Prevents an empty password field to be interpreted as "no authentication
|
|
||||||
# required".
|
|
||||||
# Set to "yes" to prevent for all accounts
|
|
||||||
# Set to "superuser" to prevent for UID 0 / root (default)
|
|
||||||
# Set to "no" to not prevent for any account (dangerous, historical default)
|
|
||||||
PREVENT_NO_AUTH superuser
|
|
||||||
|
|
||||||
#
|
|
||||||
# Select the HMAC cryptography algorithm.
|
|
||||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
|
||||||
# authentication code.
|
|
||||||
#
|
|
||||||
# Note: It is recommended to check hmac(3) to see the possible algorithms
|
|
||||||
# that are available in your system.
|
|
||||||
#
|
|
||||||
#HMAC_CRYPTO_ALGO SHA512
|
|
||||||
@@ -1,35 +0,0 @@
|
|||||||
# This is a dummy Makefile.am to get automake work flawlessly,
|
|
||||||
# and also cooperate to make a distribution for `make dist'
|
|
||||||
|
|
||||||
pamd_files = \
|
|
||||||
chfn \
|
|
||||||
chsh \
|
|
||||||
groupmems \
|
|
||||||
login \
|
|
||||||
passwd
|
|
||||||
|
|
||||||
pamd_acct_tools_files = \
|
|
||||||
chage \
|
|
||||||
chgpasswd \
|
|
||||||
chpasswd \
|
|
||||||
groupadd \
|
|
||||||
groupdel \
|
|
||||||
groupmod \
|
|
||||||
newusers \
|
|
||||||
useradd \
|
|
||||||
userdel \
|
|
||||||
usermod
|
|
||||||
|
|
||||||
if USE_PAM
|
|
||||||
pamddir = $(sysconfdir)/pam.d
|
|
||||||
pamd_DATA = $(pamd_files)
|
|
||||||
if ACCT_TOOLS_SETUID
|
|
||||||
pamd_DATA += $(pamd_acct_tools_files)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
if WITH_SU
|
|
||||||
pamd_files += su
|
|
||||||
endif
|
|
||||||
|
|
||||||
EXTRA_DIST = $(pamd_files) $(pamd_acct_tools_files)
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth required pam_securetty.so
|
|
||||||
auth include system-auth
|
|
||||||
account required pam_nologin.so
|
|
||||||
account include system-auth
|
|
||||||
password include system-auth
|
|
||||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
|
||||||
session include system-auth
|
|
||||||
session required pam_loginuid.so
|
|
||||||
session optional pam_console.so
|
|
||||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth include system-auth
|
|
||||||
account include system-auth
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
|
||||||
#auth sufficient pam_wheel.so trust use_uid
|
|
||||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
|
||||||
auth required pam_wheel.so use_uid
|
|
||||||
auth include system-auth
|
|
||||||
account include system-auth
|
|
||||||
password include system-auth
|
|
||||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
|
||||||
session include system-auth
|
|
||||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
|
||||||
session optional pam_xauth.so
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
account required pam_permit.so
|
|
||||||
password include system-auth
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
shadowmaint_files = \
|
|
||||||
groupdel-pre.d/01-kill_group_procs.sh \
|
|
||||||
userdel-pre.d/01-kill_user_procs.sh
|
|
||||||
|
|
||||||
EXTRA_DIST = $(shadowmaint_files)
|
|
||||||
@@ -1,26 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
||||||
GROUPID=`awk -F: '$1 == "'"${SUBJECT}"'" { print $3 }' /etc/group`
|
|
||||||
|
|
||||||
if [ "${GROUPID}" = "" ]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
for status in /proc/*/status; do
|
|
||||||
# either this isn't a process or its already dead since expanding the list
|
|
||||||
[ -f "$status" ] || continue
|
|
||||||
|
|
||||||
tbuf=${status%/status}
|
|
||||||
pid=${tbuf#/proc/}
|
|
||||||
case "$pid" in
|
|
||||||
"$$") continue;;
|
|
||||||
[0-9]*) :;;
|
|
||||||
*) continue
|
|
||||||
esac
|
|
||||||
|
|
||||||
grep -q '^Groups:.*\b'"${GROUPID}"'\b.*' "/proc/$pid/status" || continue
|
|
||||||
|
|
||||||
kill -9 "$pid" || echo "cannot kill $pid" 1>&2
|
|
||||||
done
|
|
||||||
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
||||||
|
|
||||||
# Check user exists, and if so, send sigkill to processes that the user owns
|
|
||||||
|
|
||||||
ps -eo user >/dev/null 2>&1
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
RUNNING=`ps -eo user | grep -Fx "$SUBJECT" | wc -l`
|
|
||||||
# if the user does not exist, RUNNING will be 0
|
|
||||||
if [ "${RUNNING}x" = "0x" ]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If there is no ps -eo, traverse the process directly.
|
|
||||||
|
|
||||||
ls -1 /proc | while IFS= read -r PROC; do
|
|
||||||
echo "$PROC" | grep -E '^[0-9]+$' >/dev/null
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if [ -d "/proc/${PROC}" ]; then
|
|
||||||
USR=`stat -c "%U" /proc/${PROC}`
|
|
||||||
if [ "${USR}" = "${SUBJECT}" ]; then
|
|
||||||
echo "Killing ${SUBJECT} owned ${PROC}"
|
|
||||||
kill -9 "${PROC}"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
Vendored
-5
@@ -1,5 +0,0 @@
|
|||||||
-kr
|
|
||||||
-i8
|
|
||||||
-bad
|
|
||||||
-pcs
|
|
||||||
-l80
|
|
||||||
@@ -1,83 +0,0 @@
|
|||||||
|
|
||||||
AUTOMAKE_OPTIONS = 1.0 foreign
|
|
||||||
|
|
||||||
DEFS =
|
|
||||||
|
|
||||||
noinst_LTLIBRARIES = libshadow.la
|
|
||||||
|
|
||||||
libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS)
|
|
||||||
if HAVE_VENDORDIR
|
|
||||||
libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
|
|
||||||
endif
|
|
||||||
|
|
||||||
libshadow_la_CPPFLAGS += -I$(top_srcdir)
|
|
||||||
libshadow_la_CFLAGS = $(LIBBSD_CFLAGS)
|
|
||||||
|
|
||||||
libshadow_la_SOURCES = \
|
|
||||||
commonio.c \
|
|
||||||
commonio.h \
|
|
||||||
defines.h \
|
|
||||||
encrypt.c \
|
|
||||||
exitcodes.h \
|
|
||||||
faillog.h \
|
|
||||||
fields.c \
|
|
||||||
fputsx.c \
|
|
||||||
getdef.c \
|
|
||||||
getdef.h \
|
|
||||||
get_gid.c \
|
|
||||||
getlong.c \
|
|
||||||
get_pid.c \
|
|
||||||
get_uid.c \
|
|
||||||
getulong.c \
|
|
||||||
groupio.c \
|
|
||||||
groupmem.c \
|
|
||||||
groupio.h \
|
|
||||||
gshadow.c \
|
|
||||||
lockpw.c \
|
|
||||||
nss.c \
|
|
||||||
nscd.c \
|
|
||||||
nscd.h \
|
|
||||||
shadowlog.c \
|
|
||||||
shadowlog.h \
|
|
||||||
shadowlog_internal.h \
|
|
||||||
sssd.c \
|
|
||||||
sssd.h \
|
|
||||||
pam_defs.h \
|
|
||||||
port.c \
|
|
||||||
port.h \
|
|
||||||
prototypes.h \
|
|
||||||
pwauth.c \
|
|
||||||
pwauth.h \
|
|
||||||
pwio.c \
|
|
||||||
pwio.h \
|
|
||||||
pwmem.c \
|
|
||||||
run_part.h \
|
|
||||||
run_part.c \
|
|
||||||
subordinateio.h \
|
|
||||||
subordinateio.c \
|
|
||||||
selinux.c \
|
|
||||||
semanage.c \
|
|
||||||
sgetgrent.c \
|
|
||||||
sgetpwent.c \
|
|
||||||
sgetspent.c \
|
|
||||||
sgroupio.c \
|
|
||||||
sgroupio.h\
|
|
||||||
shadow.c \
|
|
||||||
shadowio.c \
|
|
||||||
shadowio.h \
|
|
||||||
shadowmem.c \
|
|
||||||
spawn.c \
|
|
||||||
write_full.c
|
|
||||||
|
|
||||||
if WITH_TCB
|
|
||||||
libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
|
|
||||||
endif
|
|
||||||
|
|
||||||
# These files are unneeded for some reason, listed in
|
|
||||||
# order of appearance:
|
|
||||||
#
|
|
||||||
# sources for dbm support (not yet used)
|
|
||||||
|
|
||||||
EXTRA_DIST = \
|
|
||||||
.indent.pro \
|
|
||||||
gshadow_.h
|
|
||||||
-115
@@ -1,115 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef SHADOW_INCLUDE_LIB_MALLOC_H_
|
|
||||||
#define SHADOW_INCLUDE_LIB_MALLOC_H_
|
|
||||||
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#include <assert.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <stddef.h>
|
|
||||||
#include <stdint.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
|
|
||||||
#include "defines.h"
|
|
||||||
|
|
||||||
|
|
||||||
#define CALLOC(n, type) ((type *) calloc(n, sizeof(type)))
|
|
||||||
#define XCALLOC(n, type) ((type *) xcalloc(n, sizeof(type)))
|
|
||||||
#define MALLOC(n, type) ((type *) mallocarray(n, sizeof(type)))
|
|
||||||
#define XMALLOC(n, type) ((type *) xmallocarray(n, sizeof(type)))
|
|
||||||
|
|
||||||
#define REALLOC(ptr, n, type) \
|
|
||||||
({ \
|
|
||||||
__auto_type p_ = (ptr); \
|
|
||||||
\
|
|
||||||
static_assert(__builtin_types_compatible_p(typeof(p_), type *), ""); \
|
|
||||||
\
|
|
||||||
(type *) reallocarray(p_, n, sizeof(type)); \
|
|
||||||
})
|
|
||||||
|
|
||||||
#define REALLOCF(ptr, n, type) \
|
|
||||||
({ \
|
|
||||||
__auto_type p_ = (ptr); \
|
|
||||||
\
|
|
||||||
static_assert(__builtin_types_compatible_p(typeof(p_), type *), ""); \
|
|
||||||
\
|
|
||||||
(type *) reallocarrayf(p_, n, sizeof(type)); \
|
|
||||||
})
|
|
||||||
|
|
||||||
#define XREALLOC(ptr, n, type) \
|
|
||||||
({ \
|
|
||||||
__auto_type p_ = (ptr); \
|
|
||||||
\
|
|
||||||
static_assert(__builtin_types_compatible_p(typeof(p_), type *), ""); \
|
|
||||||
\
|
|
||||||
(type *) xreallocarray(p_, n, sizeof(type)); \
|
|
||||||
})
|
|
||||||
|
|
||||||
|
|
||||||
ATTR_MALLOC(free)
|
|
||||||
inline void *xmalloc(size_t size);
|
|
||||||
ATTR_MALLOC(free)
|
|
||||||
inline void *xmallocarray(size_t nmemb, size_t size);
|
|
||||||
ATTR_MALLOC(free)
|
|
||||||
inline void *mallocarray(size_t nmemb, size_t size);
|
|
||||||
ATTR_MALLOC(free)
|
|
||||||
inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
|
|
||||||
ATTR_MALLOC(free)
|
|
||||||
inline char *xstrdup(const char *str);
|
|
||||||
|
|
||||||
ATTR_MALLOC(free)
|
|
||||||
void *xcalloc(size_t nmemb, size_t size);
|
|
||||||
ATTR_MALLOC(free)
|
|
||||||
void *xreallocarray(void *p, size_t nmemb, size_t size);
|
|
||||||
|
|
||||||
|
|
||||||
inline void *
|
|
||||||
xmalloc(size_t size)
|
|
||||||
{
|
|
||||||
return xmallocarray(1, size);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
inline void *
|
|
||||||
xmallocarray(size_t nmemb, size_t size)
|
|
||||||
{
|
|
||||||
return xreallocarray(NULL, nmemb, size);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
inline void *
|
|
||||||
mallocarray(size_t nmemb, size_t size)
|
|
||||||
{
|
|
||||||
return reallocarray(NULL, nmemb, size);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
inline void *
|
|
||||||
reallocarrayf(void *p, size_t nmemb, size_t size)
|
|
||||||
{
|
|
||||||
void *q;
|
|
||||||
|
|
||||||
q = reallocarray(p, nmemb, size);
|
|
||||||
|
|
||||||
/* realloc(p, 0) is equivalent to free(p); avoid double free. */
|
|
||||||
if (q == NULL && nmemb != 0 && size != 0)
|
|
||||||
free(p);
|
|
||||||
return q;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
inline char *
|
|
||||||
xstrdup(const char *str)
|
|
||||||
{
|
|
||||||
return strcpy(XMALLOC(strlen(str) + 1, char), str);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#endif // include guard
|
|
||||||
@@ -1,53 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2022 - 2023, Alejandro Colomar <alx@kernel.org>
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef SHADOW_INCLUDE_LIB_BIT_H_
|
|
||||||
#define SHADOW_INCLUDE_LIB_BIT_H_
|
|
||||||
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#include <limits.h>
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef ULONG_WIDTH
|
|
||||||
#define ULONG_WIDTH (sizeof(unsigned long) * CHAR_BIT)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
inline unsigned long bit_ceilul(unsigned long x);
|
|
||||||
inline unsigned long bit_ceil_wrapul(unsigned long x);
|
|
||||||
inline int leading_zerosul(unsigned long x);
|
|
||||||
|
|
||||||
|
|
||||||
/* stdc_bit_ceilul(3) */
|
|
||||||
inline unsigned long
|
|
||||||
bit_ceilul(unsigned long x)
|
|
||||||
{
|
|
||||||
return 1 + (ULONG_MAX >> leading_zerosul(x));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* stdc_bit_ceilul(3), but wrap instead of having Undefined Behavior */
|
|
||||||
inline unsigned long
|
|
||||||
bit_ceil_wrapul(unsigned long x)
|
|
||||||
{
|
|
||||||
if (x == 0)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return bit_ceilul(x);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* stdc_leading_zerosul(3) */
|
|
||||||
inline int
|
|
||||||
leading_zerosul(unsigned long x)
|
|
||||||
{
|
|
||||||
return (x == 0) ? ULONG_WIDTH : __builtin_clzl(x);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#endif // include guard
|
|
||||||
-1263
File diff suppressed because it is too large
Load Diff
-145
@@ -1,145 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2001 - 2005, Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* $Id$ */
|
|
||||||
#ifndef COMMONIO_H
|
|
||||||
#define COMMONIO_H
|
|
||||||
|
|
||||||
#include "defines.h" /* bool */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Linked list entry.
|
|
||||||
*/
|
|
||||||
struct commonio_entry {
|
|
||||||
/*@null@*/char *line;
|
|
||||||
/*@null@*/void *eptr; /* struct passwd, struct spwd, ... */
|
|
||||||
/*@dependent@*/ /*@null@*/struct commonio_entry *prev;
|
|
||||||
/*@owned@*/ /*@null@*/struct commonio_entry *next;
|
|
||||||
bool changed:1;
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Operations depending on database type: passwd, group, shadow etc.
|
|
||||||
*/
|
|
||||||
struct commonio_ops {
|
|
||||||
/*
|
|
||||||
* Make a copy of the object (for example, struct passwd)
|
|
||||||
* and all strings pointed by it, in malloced memory.
|
|
||||||
*/
|
|
||||||
/*@null@*/ /*@only@*/void *(*dup) (const void *);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* free() the object including any strings pointed by it.
|
|
||||||
*/
|
|
||||||
void (*free) (/*@out@*/ /*@only@*/void *);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Return the name of the object (for example, pw_name
|
|
||||||
* for struct passwd).
|
|
||||||
*/
|
|
||||||
const char *(*getname) (const void *);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Parse a string, return object (in static area -
|
|
||||||
* should be copied using the dup operation above).
|
|
||||||
*/
|
|
||||||
void *(*parse) (const char *);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Write the object to the file (this calls putpwent()
|
|
||||||
* for struct passwd, for example).
|
|
||||||
*/
|
|
||||||
int (*put) (const void *, FILE *);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* fgets and fputs (can be replaced by versions that
|
|
||||||
* understand line continuation conventions).
|
|
||||||
*/
|
|
||||||
/*@null@*/char *(*fgets) (/*@returned@*/ /*@out@*/char *s, int n, FILE *stream);
|
|
||||||
int (*fputs) (const char *, FILE *);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* open_hook and close_hook.
|
|
||||||
* If non NULL, these functions will be called after the database
|
|
||||||
* is open or before it is closed.
|
|
||||||
* They return 0 on failure and 1 on success.
|
|
||||||
*/
|
|
||||||
/*@null@*/int (*open_hook) (void);
|
|
||||||
/*@null@*/int (*close_hook) (void);
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Database structure.
|
|
||||||
*/
|
|
||||||
struct commonio_db {
|
|
||||||
/*
|
|
||||||
* Name of the data file.
|
|
||||||
*/
|
|
||||||
char filename[1024];
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Operations from above.
|
|
||||||
*/
|
|
||||||
/*@observer@*/const struct commonio_ops *ops;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Currently open file stream.
|
|
||||||
*/
|
|
||||||
/*@dependent@*/ /*@null@*/FILE *fp;
|
|
||||||
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
/*@null@*/char *scontext;
|
|
||||||
#endif
|
|
||||||
/*
|
|
||||||
* Default permissions and owner for newly created data file.
|
|
||||||
*/
|
|
||||||
mode_t st_mode;
|
|
||||||
uid_t st_uid;
|
|
||||||
gid_t st_gid;
|
|
||||||
/*
|
|
||||||
* Head, tail, current position in linked list.
|
|
||||||
*/
|
|
||||||
/*@owned@*/ /*@null@*/struct commonio_entry *head;
|
|
||||||
/*@dependent@*/ /*@null@*/struct commonio_entry *tail;
|
|
||||||
/*@dependent@*/ /*@null@*/struct commonio_entry *cursor;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Various flags.
|
|
||||||
*/
|
|
||||||
bool changed:1;
|
|
||||||
bool isopen:1;
|
|
||||||
bool locked:1;
|
|
||||||
bool readonly:1;
|
|
||||||
bool setname:1;
|
|
||||||
};
|
|
||||||
|
|
||||||
extern int commonio_setname (struct commonio_db *, const char *);
|
|
||||||
extern bool commonio_present (const struct commonio_db *db);
|
|
||||||
extern int commonio_lock (struct commonio_db *);
|
|
||||||
extern int commonio_lock_nowait (struct commonio_db *, bool log);
|
|
||||||
extern int do_fcntl_lock (const char *file, bool log, short type);
|
|
||||||
extern int commonio_open (struct commonio_db *, int);
|
|
||||||
extern /*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *, const char *);
|
|
||||||
extern int commonio_update (struct commonio_db *, const void *);
|
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
extern int commonio_append (struct commonio_db *, const void *);
|
|
||||||
#endif /* ENABLE_SUBIDS */
|
|
||||||
extern int commonio_remove (struct commonio_db *, const char *);
|
|
||||||
extern int commonio_rewind (struct commonio_db *);
|
|
||||||
extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *);
|
|
||||||
extern int commonio_close (struct commonio_db *);
|
|
||||||
extern int commonio_unlock (struct commonio_db *);
|
|
||||||
extern void commonio_del_entry (struct commonio_db *,
|
|
||||||
const struct commonio_entry *);
|
|
||||||
extern int commonio_sort_wrt (struct commonio_db *shadow,
|
|
||||||
const struct commonio_db *passwd);
|
|
||||||
extern int commonio_sort (struct commonio_db *db,
|
|
||||||
int (*cmp) (const void *, const void *));
|
|
||||||
|
|
||||||
#endif
|
|
||||||
-250
@@ -1,250 +0,0 @@
|
|||||||
/* $Id$ */
|
|
||||||
/* some useful defines */
|
|
||||||
|
|
||||||
#ifndef _DEFINES_H_
|
|
||||||
#define _DEFINES_H_
|
|
||||||
|
|
||||||
#include "config.h"
|
|
||||||
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <locale.h>
|
|
||||||
|
|
||||||
#define gettext_noop(String) (String)
|
|
||||||
/* #define gettext_def(String) "#define String" */
|
|
||||||
|
|
||||||
#ifdef ENABLE_NLS
|
|
||||||
# include <libintl.h>
|
|
||||||
# define _(Text) gettext (Text)
|
|
||||||
#else
|
|
||||||
# undef bindtextdomain
|
|
||||||
# define bindtextdomain(Domain, Directory) (NULL)
|
|
||||||
# undef textdomain
|
|
||||||
# define textdomain(Domain) (NULL)
|
|
||||||
# define _(Text) Text
|
|
||||||
# define ngettext(Msgid1, Msgid2, N) \
|
|
||||||
((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
#include <errno.h>
|
|
||||||
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/wait.h>
|
|
||||||
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
/*
|
|
||||||
* crypt(3), crypt_gensalt(3), and their
|
|
||||||
* feature test macros may be defined in here.
|
|
||||||
*/
|
|
||||||
#if HAVE_CRYPT_H
|
|
||||||
# include <crypt.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <sys/time.h>
|
|
||||||
#include <time.h>
|
|
||||||
|
|
||||||
#ifdef HAVE_MEMSET_EXPLICIT
|
|
||||||
# define memzero(ptr, size) memset_explicit((ptr), 0, (size))
|
|
||||||
#elif defined HAVE_EXPLICIT_BZERO /* !HAVE_MEMSET_S */
|
|
||||||
# define memzero(ptr, size) explicit_bzero((ptr), (size))
|
|
||||||
#else /* !HAVE_MEMSET_S && HAVE_EXPLICIT_BZERO */
|
|
||||||
static inline void memzero(void *ptr, size_t size)
|
|
||||||
{
|
|
||||||
ptr = memset(ptr, '\0', size);
|
|
||||||
__asm__ __volatile__ ("" : : "r"(ptr) : "memory");
|
|
||||||
}
|
|
||||||
#endif /* !HAVE_MEMSET_S && !HAVE_EXPLICIT_BZERO */
|
|
||||||
|
|
||||||
#define strzero(s) memzero(s, strlen(s)) /* warning: evaluates twice */
|
|
||||||
|
|
||||||
#include <dirent.h>
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Possible cases:
|
|
||||||
* - /usr/include/shadow.h exists and includes the shadow group stuff.
|
|
||||||
* - /usr/include/shadow.h exists, but we use our own gshadow.h.
|
|
||||||
*/
|
|
||||||
#include <shadow.h>
|
|
||||||
#if defined(SHADOWGRP) && !defined(GSHADOW)
|
|
||||||
#include "gshadow_.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <limits.h>
|
|
||||||
|
|
||||||
#ifndef NGROUPS_MAX
|
|
||||||
#ifdef NGROUPS
|
|
||||||
#define NGROUPS_MAX NGROUPS
|
|
||||||
#else
|
|
||||||
#define NGROUPS_MAX 64
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <syslog.h>
|
|
||||||
|
|
||||||
#ifndef LOG_WARN
|
|
||||||
#define LOG_WARN LOG_WARNING
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* LOG_NOWAIT is deprecated */
|
|
||||||
#ifndef LOG_NOWAIT
|
|
||||||
#define LOG_NOWAIT 0
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* LOG_AUTH is deprecated, use LOG_AUTHPRIV instead */
|
|
||||||
#ifndef LOG_AUTHPRIV
|
|
||||||
#define LOG_AUTHPRIV LOG_AUTH
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* cleaner than lots of #ifdefs everywhere - use this as follows:
|
|
||||||
SYSLOG((LOG_CRIT, "user %s cracked root", user)); */
|
|
||||||
#ifdef ENABLE_NLS
|
|
||||||
/* Temporarily set LC_TIME to "C" to avoid strange dates in syslog.
|
|
||||||
This is a workaround for a more general syslog(d) design problem -
|
|
||||||
syslogd should log the current system time for each event, and not
|
|
||||||
trust the formatted time received from the unix domain (or worse,
|
|
||||||
UDP) socket. -MM */
|
|
||||||
/* Avoid translated PAM error messages: Set LC_ALL to "C".
|
|
||||||
* --Nekral */
|
|
||||||
#define SYSLOG(x) \
|
|
||||||
do { \
|
|
||||||
char *old_locale = setlocale (LC_ALL, NULL); \
|
|
||||||
char *saved_locale = NULL; \
|
|
||||||
if (NULL != old_locale) { \
|
|
||||||
saved_locale = strdup (old_locale); \
|
|
||||||
} \
|
|
||||||
if (NULL != saved_locale) { \
|
|
||||||
(void) setlocale (LC_ALL, "C"); \
|
|
||||||
} \
|
|
||||||
syslog x ; \
|
|
||||||
if (NULL != saved_locale) { \
|
|
||||||
(void) setlocale (LC_ALL, saved_locale); \
|
|
||||||
free (saved_locale); \
|
|
||||||
} \
|
|
||||||
} while (false)
|
|
||||||
#else /* !ENABLE_NLS */
|
|
||||||
#define SYSLOG(x) syslog x
|
|
||||||
#endif /* !ENABLE_NLS */
|
|
||||||
|
|
||||||
/* The default syslog settings can now be changed here,
|
|
||||||
in just one place. */
|
|
||||||
|
|
||||||
#ifndef SYSLOG_OPTIONS
|
|
||||||
/* #define SYSLOG_OPTIONS (LOG_PID | LOG_CONS | LOG_NOWAIT) */
|
|
||||||
#define SYSLOG_OPTIONS (LOG_PID)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef SYSLOG_FACILITY
|
|
||||||
#define SYSLOG_FACILITY LOG_AUTHPRIV
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define OPENLOG(progname) openlog(progname, SYSLOG_OPTIONS, SYSLOG_FACILITY)
|
|
||||||
|
|
||||||
#include <termios.h>
|
|
||||||
#define STTY(fd, termio) tcsetattr(fd, TCSANOW, termio)
|
|
||||||
#define GTTY(fd, termio) tcgetattr(fd, termio)
|
|
||||||
#define TERMIO struct termios
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Password aging constants
|
|
||||||
*
|
|
||||||
* DAY - seconds / day
|
|
||||||
* WEEK - seconds / week
|
|
||||||
* SCALE - seconds / aging unit
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* Solaris defines this in shadow.h */
|
|
||||||
#ifndef DAY
|
|
||||||
#define DAY (24L*3600L)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define WEEK (7*DAY)
|
|
||||||
|
|
||||||
#ifdef ITI_AGING
|
|
||||||
#define SCALE 1
|
|
||||||
#else
|
|
||||||
#define SCALE DAY
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define WIDTHOF(x) (sizeof(x) * CHAR_BIT)
|
|
||||||
#define NITEMS(arr) (sizeof((arr)) / sizeof((arr)[0]))
|
|
||||||
#define STRLEN(s) (NITEMS(s) - 1)
|
|
||||||
|
|
||||||
/* Copy string pointed by B to array A with size checking. It was originally
|
|
||||||
in lmain.c but is _very_ useful elsewhere. Some setuid root programs with
|
|
||||||
very sloppy coding used to assume that BUFSIZ will always be enough... */
|
|
||||||
|
|
||||||
/* danger - side effects */
|
|
||||||
#define STRFCPY(A,B) \
|
|
||||||
(strncpy((A), (B), sizeof(A) - 1), (A)[sizeof(A) - 1] = '\0')
|
|
||||||
|
|
||||||
#ifndef PASSWD_FILE
|
|
||||||
#define PASSWD_FILE "/etc/passwd"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef GROUP_FILE
|
|
||||||
#define GROUP_FILE "/etc/group"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef SHADOW_FILE
|
|
||||||
#define SHADOW_FILE "/etc/shadow"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
#ifndef SGROUP_FILE
|
|
||||||
#define SGROUP_FILE "/etc/gshadow"
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
* string to use for the pw_passwd field in /etc/passwd when using
|
|
||||||
* shadow passwords - most systems use "x" but there are a few
|
|
||||||
* exceptions, so it can be changed here if necessary. --marekm
|
|
||||||
*/
|
|
||||||
#ifndef SHADOW_PASSWD_STRING
|
|
||||||
#define SHADOW_PASSWD_STRING "x"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define SHADOW_SP_FLAG_UNSET ((unsigned long int)-1)
|
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
#ifdef __u8 /* in case we use pam < 0.80 */
|
|
||||||
#undef __u8
|
|
||||||
#endif
|
|
||||||
#ifdef __u32
|
|
||||||
#undef __u32
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <libaudit.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* To be used for verified unused parameters */
|
|
||||||
#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
|
|
||||||
# define unused __attribute__((unused))
|
|
||||||
# define NORETURN __attribute__((__noreturn__))
|
|
||||||
# define format_attr(type, index, check) __attribute__((format (type, index, check)))
|
|
||||||
#else
|
|
||||||
# define unused
|
|
||||||
# define NORETURN
|
|
||||||
# define format_attr(type, index, check)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Maximum length of passwd entry */
|
|
||||||
#define PASSWD_ENTRY_MAX_LENGTH 32768
|
|
||||||
|
|
||||||
#if (__GNUC__ >= 11) && !defined(__clang__)
|
|
||||||
# define ATTR_MALLOC(deallocator) [[gnu::malloc(deallocator)]]
|
|
||||||
#else
|
|
||||||
# define ATTR_MALLOC(deallocator)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE_SECURE_GETENV
|
|
||||||
# define shadow_getenv(name) secure_getenv(name)
|
|
||||||
# else
|
|
||||||
# define shadow_getenv(name) getenv(name)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* _DEFINES_H_ */
|
|
||||||
@@ -1,79 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1990 - 1993, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include "shadowlog_internal.h"
|
|
||||||
|
|
||||||
/*@exposed@*//*@null@*/char *pw_encrypt (const char *clear, const char *salt)
|
|
||||||
{
|
|
||||||
static char cipher[128];
|
|
||||||
char *cp;
|
|
||||||
|
|
||||||
cp = crypt (clear, salt);
|
|
||||||
if (NULL == cp) {
|
|
||||||
/*
|
|
||||||
* Single Unix Spec: crypt() may return a null pointer,
|
|
||||||
* and set errno to indicate an error. In this case return
|
|
||||||
* the NULL so the caller can handle appropriately.
|
|
||||||
*/
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Some crypt() do not return NULL if the algorithm is not
|
|
||||||
* supported, and return a DES encrypted password. */
|
|
||||||
if ((NULL != salt) && (salt[0] == '$') && (strlen (cp) <= 13))
|
|
||||||
{
|
|
||||||
/*@observer@*/const char *method;
|
|
||||||
switch (salt[1])
|
|
||||||
{
|
|
||||||
case '1':
|
|
||||||
method = "MD5";
|
|
||||||
break;
|
|
||||||
case '2':
|
|
||||||
method = "BCRYPT";
|
|
||||||
break;
|
|
||||||
case '5':
|
|
||||||
method = "SHA256";
|
|
||||||
break;
|
|
||||||
case '6':
|
|
||||||
method = "SHA512";
|
|
||||||
break;
|
|
||||||
case 'y':
|
|
||||||
method = "YESCRYPT";
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
{
|
|
||||||
static char nummethod[4] = "$x$";
|
|
||||||
nummethod[1] = salt[1];
|
|
||||||
method = &nummethod[0];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
(void) fprintf (shadow_logfd,
|
|
||||||
_("crypt method not supported by libcrypt? (%s)\n"),
|
|
||||||
method);
|
|
||||||
exit (EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (strlen (cp) != 13) {
|
|
||||||
return cp; /* nonstandard crypt() in libc, better bail out */
|
|
||||||
}
|
|
||||||
|
|
||||||
strcpy (cipher, cp);
|
|
||||||
|
|
||||||
return cipher;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,26 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2005 - 2006, Tomasz Kłoczko
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* $Id$ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Exit codes used by shadow programs
|
|
||||||
*/
|
|
||||||
#define E_SUCCESS EXIT_SUCCESS /* success */
|
|
||||||
/*
|
|
||||||
* FIXME: other values should differ from EXIT_FAILURE (and EXIT_SUCCESS).
|
|
||||||
*
|
|
||||||
* FIXME: reserve EXIT_FAILURE for internal failures.
|
|
||||||
*/
|
|
||||||
#define E_NOPERM 1 /* permission denied */
|
|
||||||
#define E_USAGE 2 /* invalid command syntax */
|
|
||||||
#define E_BAD_ARG 3 /* invalid argument to option */
|
|
||||||
#define E_PASSWD_NOTFOUND 14 /* not found password file */
|
|
||||||
#define E_SHADOW_NOTFOUND 15 /* not found shadow password file */
|
|
||||||
#define E_GROUP_NOTFOUND 16 /* not found group file */
|
|
||||||
#define E_GSHADOW_NOTFOUND 17 /* not found shadow group file */
|
|
||||||
#define E_CMD_NOEXEC 126 /* can't run command/shell */
|
|
||||||
#define E_CMD_NOTFOUND 127 /* can't find command/shell to run */
|
|
||||||
@@ -1,34 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* faillog.h - login failure logging file format
|
|
||||||
*
|
|
||||||
* $Id$
|
|
||||||
*
|
|
||||||
* The login failure file is maintained by login(1) and faillog(8)
|
|
||||||
* Each record in the file represents a separate UID and the file
|
|
||||||
* is indexed in that fashion.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef _FAILLOG_H
|
|
||||||
#define _FAILLOG_H
|
|
||||||
|
|
||||||
struct faillog {
|
|
||||||
short fail_cnt; /* failures since last success */
|
|
||||||
short fail_max; /* failures before turning account off */
|
|
||||||
char fail_line[12]; /* last failure occurred here */
|
|
||||||
time_t fail_time; /* last failure occurred then */
|
|
||||||
/*
|
|
||||||
* If nonzero, the account will be re-enabled if there are no
|
|
||||||
* failures for fail_locktime seconds since last failure.
|
|
||||||
*/
|
|
||||||
long fail_locktime;
|
|
||||||
};
|
|
||||||
|
|
||||||
#endif
|
|
||||||
-105
@@ -1,105 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1990 , Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2007 , Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include "prototypes.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* valid_field - insure that a field contains all legal characters
|
|
||||||
*
|
|
||||||
* The supplied field is scanned for non-printable and other illegal
|
|
||||||
* characters.
|
|
||||||
* + -1 is returned if an illegal or control character is present.
|
|
||||||
* + 1 is returned if no illegal or control characters are present,
|
|
||||||
* but the field contains a non-printable character.
|
|
||||||
* + 0 is returned otherwise.
|
|
||||||
*/
|
|
||||||
int valid_field (const char *field, const char *illegal)
|
|
||||||
{
|
|
||||||
const char *cp;
|
|
||||||
int err = 0;
|
|
||||||
|
|
||||||
if (NULL == field) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* For each character of field, search if it appears in the list
|
|
||||||
* of illegal characters. */
|
|
||||||
if (illegal && NULL != strpbrk (field, illegal)) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Search if there are non-printable or control characters */
|
|
||||||
for (cp = field; '\0' != *cp; cp++) {
|
|
||||||
unsigned char c = *cp;
|
|
||||||
if (!isprint (c)) {
|
|
||||||
err = 1;
|
|
||||||
}
|
|
||||||
if (iscntrl (c)) {
|
|
||||||
err = -1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* change_field - change a single field if a new value is given.
|
|
||||||
*
|
|
||||||
* prompt the user with the name of the field being changed and the
|
|
||||||
* current value.
|
|
||||||
*/
|
|
||||||
void change_field (char *buf, size_t maxsize, const char *prompt)
|
|
||||||
{
|
|
||||||
char newf[200];
|
|
||||||
char *cp;
|
|
||||||
|
|
||||||
if (maxsize > sizeof (newf)) {
|
|
||||||
maxsize = sizeof (newf);
|
|
||||||
}
|
|
||||||
|
|
||||||
printf ("\t%s [%s]: ", prompt, buf);
|
|
||||||
(void) fflush (stdout);
|
|
||||||
if (fgets (newf, maxsize, stdin) != newf) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
cp = strchr (newf, '\n');
|
|
||||||
if (NULL == cp) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
*cp = '\0';
|
|
||||||
|
|
||||||
if ('\0' != newf[0]) {
|
|
||||||
/*
|
|
||||||
* Remove leading and trailing whitespace. This also
|
|
||||||
* makes it possible to change the field to empty, by
|
|
||||||
* entering a space. --marekm
|
|
||||||
*/
|
|
||||||
|
|
||||||
while (newf < cp && isspace (cp[-1])) {
|
|
||||||
cp--;
|
|
||||||
}
|
|
||||||
*cp = '\0';
|
|
||||||
|
|
||||||
cp = newf;
|
|
||||||
while (isspace (*cp)) {
|
|
||||||
cp++;
|
|
||||||
}
|
|
||||||
|
|
||||||
strcpy (buf, cp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,67 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2008 , Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include "defines.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
|
|
||||||
/*@null@*/char *fgetsx (/*@returned@*/ /*@out@*/char *buf, int cnt, FILE * f)
|
|
||||||
{
|
|
||||||
char *cp = buf;
|
|
||||||
char *ep;
|
|
||||||
|
|
||||||
while (cnt > 0) {
|
|
||||||
if (fgets (cp, cnt, f) != cp) {
|
|
||||||
if (cp == buf) {
|
|
||||||
return 0;
|
|
||||||
} else {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
ep = strrchr (cp, '\\');
|
|
||||||
if ((NULL != ep) && (*(ep + 1) == '\n')) {
|
|
||||||
cnt -= ep - cp;
|
|
||||||
if (cnt > 0) {
|
|
||||||
cp = ep;
|
|
||||||
*cp = '\0';
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return buf;
|
|
||||||
}
|
|
||||||
|
|
||||||
int fputsx (const char *s, FILE * stream)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
for (i = 0; '\0' != *s; i++, s++) {
|
|
||||||
if (putc (*s, stream) == EOF) {
|
|
||||||
return EOF;
|
|
||||||
}
|
|
||||||
|
|
||||||
#if 0 /* The standard getgr*() can't handle that. --marekm */
|
|
||||||
if (i > (BUFSIZ / 2)) {
|
|
||||||
if (putc ('\\', stream) == EOF ||
|
|
||||||
putc ('\n', stream) == EOF)
|
|
||||||
return EOF;
|
|
||||||
|
|
||||||
i = 0;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2009 , Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
|
|
||||||
int get_gid (const char *gidstr, gid_t *gid)
|
|
||||||
{
|
|
||||||
long long int val;
|
|
||||||
char *endptr;
|
|
||||||
|
|
||||||
errno = 0;
|
|
||||||
val = strtoll (gidstr, &endptr, 10);
|
|
||||||
if ( ('\0' == *gidstr)
|
|
||||||
|| ('\0' != *endptr)
|
|
||||||
|| (ERANGE == errno)
|
|
||||||
|| (/*@+longintegral@*/val != (gid_t)val)/*@=longintegral@*/) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
*gid = val;
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-102
@@ -1,102 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2009 , Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
|
|
||||||
int get_pid (const char *pidstr, pid_t *pid)
|
|
||||||
{
|
|
||||||
long long int val;
|
|
||||||
char *endptr;
|
|
||||||
|
|
||||||
errno = 0;
|
|
||||||
val = strtoll (pidstr, &endptr, 10);
|
|
||||||
if ( ('\0' == *pidstr)
|
|
||||||
|| ('\0' != *endptr)
|
|
||||||
|| (ERANGE == errno)
|
|
||||||
|| (val < 1)
|
|
||||||
|| (/*@+longintegral@*/val != (pid_t)val)/*@=longintegral@*/) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
*pid = val;
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If use passed in fd:4 as an argument, then return the
|
|
||||||
* value '4', the fd to use.
|
|
||||||
* On error, return -1.
|
|
||||||
*/
|
|
||||||
int get_pidfd_from_fd(const char *pidfdstr)
|
|
||||||
{
|
|
||||||
long long int val;
|
|
||||||
char *endptr;
|
|
||||||
struct stat st;
|
|
||||||
dev_t proc_st_dev, proc_st_rdev;
|
|
||||||
|
|
||||||
errno = 0;
|
|
||||||
val = strtoll (pidfdstr, &endptr, 10);
|
|
||||||
if ( ('\0' == *pidfdstr)
|
|
||||||
|| ('\0' != *endptr)
|
|
||||||
|| (ERANGE == errno)
|
|
||||||
|| (val < 0)
|
|
||||||
|| (/*@+longintegral@*/val != (int)val)/*@=longintegral@*/) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (stat("/proc/self/uid_map", &st) < 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
proc_st_dev = st.st_dev;
|
|
||||||
proc_st_rdev = st.st_rdev;
|
|
||||||
|
|
||||||
if (fstat(val, &st) < 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (st.st_dev != proc_st_dev || st.st_rdev != proc_st_rdev) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return (int)val;
|
|
||||||
}
|
|
||||||
|
|
||||||
int open_pidfd(const char *pidstr)
|
|
||||||
{
|
|
||||||
int proc_dir_fd;
|
|
||||||
int written;
|
|
||||||
char proc_dir_name[32];
|
|
||||||
pid_t target;
|
|
||||||
|
|
||||||
if (get_pid(pidstr, &target) == 0)
|
|
||||||
return -ENOENT;
|
|
||||||
|
|
||||||
/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
|
|
||||||
written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/",
|
|
||||||
target);
|
|
||||||
if ((written <= 0) || ((size_t)written >= sizeof(proc_dir_name))) {
|
|
||||||
fprintf(stderr, "snprintf of proc path failed for %u: %s\n",
|
|
||||||
target, strerror(errno));
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
proc_dir_fd = open(proc_dir_name, O_DIRECTORY);
|
|
||||||
if (proc_dir_fd < 0) {
|
|
||||||
fprintf(stderr, _("Could not open proc directory for target %u: %s\n"),
|
|
||||||
target, strerror(errno));
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
return proc_dir_fd;
|
|
||||||
}
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2009 , Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
|
|
||||||
int get_uid (const char *uidstr, uid_t *uid)
|
|
||||||
{
|
|
||||||
long long int val;
|
|
||||||
char *endptr;
|
|
||||||
|
|
||||||
errno = 0;
|
|
||||||
val = strtoll (uidstr, &endptr, 10);
|
|
||||||
if ( ('\0' == *uidstr)
|
|
||||||
|| ('\0' != *endptr)
|
|
||||||
|| (ERANGE == errno)
|
|
||||||
|| (/*@+longintegral@*/val != (uid_t)val)/*@=longintegral@*/) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
*uid = val;
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-638
@@ -1,638 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2002 - 2006, Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include <stddef.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#ifdef USE_ECONF
|
|
||||||
#include <libeconf.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "alloc.h"
|
|
||||||
#include "getdef.h"
|
|
||||||
#include "shadowlog_internal.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* A configuration item definition.
|
|
||||||
*/
|
|
||||||
struct itemdef {
|
|
||||||
/*@null@*/const char *name; /* name of the item */
|
|
||||||
/*@null@*/char *value; /* value given, or NULL if no value */
|
|
||||||
};
|
|
||||||
|
|
||||||
#define PAMDEFS \
|
|
||||||
{"CHFN_AUTH", NULL}, \
|
|
||||||
{"CHSH_AUTH", NULL}, \
|
|
||||||
{"CRACKLIB_DICTPATH", NULL}, \
|
|
||||||
{"ENV_HZ", NULL}, \
|
|
||||||
{"ENVIRON_FILE", NULL}, \
|
|
||||||
{"ENV_TZ", NULL}, \
|
|
||||||
{"FAILLOG_ENAB", NULL}, \
|
|
||||||
{"FTMP_FILE", NULL}, \
|
|
||||||
{"HMAC_CRYPTO_ALGO", NULL}, \
|
|
||||||
{"ISSUE_FILE", NULL}, \
|
|
||||||
{"LASTLOG_ENAB", NULL}, \
|
|
||||||
{"LOGIN_STRING", NULL}, \
|
|
||||||
{"MAIL_CHECK_ENAB", NULL}, \
|
|
||||||
{"MOTD_FILE", NULL}, \
|
|
||||||
{"NOLOGINS_FILE", NULL}, \
|
|
||||||
{"OBSCURE_CHECKS_ENAB", NULL}, \
|
|
||||||
{"PASS_ALWAYS_WARN", NULL}, \
|
|
||||||
{"PASS_CHANGE_TRIES", NULL}, \
|
|
||||||
{"PASS_MAX_LEN", NULL}, \
|
|
||||||
{"PASS_MIN_LEN", NULL}, \
|
|
||||||
{"PORTTIME_CHECKS_ENAB", NULL}, \
|
|
||||||
{"QUOTAS_ENAB", NULL}, \
|
|
||||||
{"SU_WHEEL_ONLY", NULL}, \
|
|
||||||
{"ULIMIT", NULL},
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Items used in other tools (util-linux, etc.)
|
|
||||||
*/
|
|
||||||
#define FOREIGNDEFS \
|
|
||||||
{"ALWAYS_SET_PATH", NULL}, \
|
|
||||||
{"ENV_ROOTPATH", NULL}, \
|
|
||||||
{"LOGIN_KEEP_USERNAME", NULL}, \
|
|
||||||
{"LOGIN_PLAIN_PROMPT", NULL}, \
|
|
||||||
{"MOTD_FIRSTONLY", NULL}, \
|
|
||||||
|
|
||||||
|
|
||||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
|
||||||
static struct itemdef def_table[] = {
|
|
||||||
{"CHFN_RESTRICT", NULL},
|
|
||||||
{"CONSOLE_GROUPS", NULL},
|
|
||||||
{"CONSOLE", NULL},
|
|
||||||
{"CREATE_HOME", NULL},
|
|
||||||
{"DEFAULT_HOME", NULL},
|
|
||||||
{"ENCRYPT_METHOD", NULL},
|
|
||||||
{"ENV_PATH", NULL},
|
|
||||||
{"ENV_SUPATH", NULL},
|
|
||||||
{"ERASECHAR", NULL},
|
|
||||||
{"FAIL_DELAY", NULL},
|
|
||||||
{"FAKE_SHELL", NULL},
|
|
||||||
{"GID_MAX", NULL},
|
|
||||||
{"GID_MIN", NULL},
|
|
||||||
{"HOME_MODE", NULL},
|
|
||||||
{"HUSHLOGIN_FILE", NULL},
|
|
||||||
{"KILLCHAR", NULL},
|
|
||||||
{"LASTLOG_UID_MAX", NULL},
|
|
||||||
{"LOGIN_RETRIES", NULL},
|
|
||||||
{"LOGIN_TIMEOUT", NULL},
|
|
||||||
{"LOG_OK_LOGINS", NULL},
|
|
||||||
{"LOG_UNKFAIL_ENAB", NULL},
|
|
||||||
{"MAIL_DIR", NULL},
|
|
||||||
{"MAIL_FILE", NULL},
|
|
||||||
{"MAX_MEMBERS_PER_GROUP", NULL},
|
|
||||||
{"MD5_CRYPT_ENAB", NULL},
|
|
||||||
{"NONEXISTENT", NULL},
|
|
||||||
{"PASS_MAX_DAYS", NULL},
|
|
||||||
{"PASS_MIN_DAYS", NULL},
|
|
||||||
{"PASS_WARN_AGE", NULL},
|
|
||||||
#ifdef USE_SHA_CRYPT
|
|
||||||
{"SHA_CRYPT_MAX_ROUNDS", NULL},
|
|
||||||
{"SHA_CRYPT_MIN_ROUNDS", NULL},
|
|
||||||
#endif
|
|
||||||
#ifdef USE_BCRYPT
|
|
||||||
{"BCRYPT_MAX_ROUNDS", NULL},
|
|
||||||
{"BCRYPT_MIN_ROUNDS", NULL},
|
|
||||||
#endif
|
|
||||||
#ifdef USE_YESCRYPT
|
|
||||||
{"YESCRYPT_COST_FACTOR", NULL},
|
|
||||||
#endif
|
|
||||||
{"SUB_GID_COUNT", NULL},
|
|
||||||
{"SUB_GID_MAX", NULL},
|
|
||||||
{"SUB_GID_MIN", NULL},
|
|
||||||
{"SUB_UID_COUNT", NULL},
|
|
||||||
{"SUB_UID_MAX", NULL},
|
|
||||||
{"SUB_UID_MIN", NULL},
|
|
||||||
{"SULOG_FILE", NULL},
|
|
||||||
{"SU_NAME", NULL},
|
|
||||||
{"SYS_GID_MAX", NULL},
|
|
||||||
{"SYS_GID_MIN", NULL},
|
|
||||||
{"SYS_UID_MAX", NULL},
|
|
||||||
{"SYS_UID_MIN", NULL},
|
|
||||||
{"TTYGROUP", NULL},
|
|
||||||
{"TTYPERM", NULL},
|
|
||||||
{"TTYTYPE_FILE", NULL},
|
|
||||||
{"UID_MAX", NULL},
|
|
||||||
{"UID_MIN", NULL},
|
|
||||||
{"UMASK", NULL},
|
|
||||||
{"USERDEL_CMD", NULL},
|
|
||||||
{"USERGROUPS_ENAB", NULL},
|
|
||||||
#ifndef USE_PAM
|
|
||||||
PAMDEFS
|
|
||||||
#endif
|
|
||||||
{"SYSLOG_SG_ENAB", NULL},
|
|
||||||
{"SYSLOG_SU_ENAB", NULL},
|
|
||||||
#ifdef WITH_TCB
|
|
||||||
{"TCB_AUTH_GROUP", NULL},
|
|
||||||
{"TCB_SYMLINKS", NULL},
|
|
||||||
{"USE_TCB", NULL},
|
|
||||||
#endif
|
|
||||||
{"FORCE_SHADOW", NULL},
|
|
||||||
{"GRANT_AUX_GROUP_SUBIDS", NULL},
|
|
||||||
{"PREVENT_NO_AUTH", NULL},
|
|
||||||
{NULL, NULL}
|
|
||||||
};
|
|
||||||
|
|
||||||
#define NUMKNOWNDEFS (sizeof(knowndef_table)/sizeof(knowndef_table[0]))
|
|
||||||
static struct itemdef knowndef_table[] = {
|
|
||||||
#ifdef USE_PAM
|
|
||||||
PAMDEFS
|
|
||||||
#endif
|
|
||||||
FOREIGNDEFS
|
|
||||||
{NULL, NULL}
|
|
||||||
};
|
|
||||||
|
|
||||||
#ifdef USE_ECONF
|
|
||||||
#ifdef VENDORDIR
|
|
||||||
static const char* vendordir = VENDORDIR;
|
|
||||||
#else
|
|
||||||
static const char* vendordir = NULL;
|
|
||||||
#endif
|
|
||||||
static const char* sysconfdir = "/etc";
|
|
||||||
#else
|
|
||||||
#ifndef LOGINDEFS
|
|
||||||
#define LOGINDEFS "/etc/login.defs"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
static const char* def_fname = LOGINDEFS; /* login config defs file */
|
|
||||||
#endif
|
|
||||||
static bool def_loaded = false; /* are defs already loaded? */
|
|
||||||
|
|
||||||
/* local function prototypes */
|
|
||||||
static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *);
|
|
||||||
static void def_load (void);
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getdef_str - get string value from table of definitions.
|
|
||||||
*
|
|
||||||
* Return point to static data for specified item, or NULL if item is not
|
|
||||||
* defined. First time invoked, will load definitions from the file.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*@observer@*/ /*@null@*/const char *getdef_str (const char *item)
|
|
||||||
{
|
|
||||||
struct itemdef *d;
|
|
||||||
|
|
||||||
if (!def_loaded) {
|
|
||||||
def_load ();
|
|
||||||
}
|
|
||||||
|
|
||||||
d = def_find (item);
|
|
||||||
return (NULL == d) ? NULL : d->value;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getdef_bool - get boolean value from table of definitions.
|
|
||||||
*
|
|
||||||
* Return TRUE if specified item is defined as "yes", else FALSE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
bool getdef_bool (const char *item)
|
|
||||||
{
|
|
||||||
struct itemdef *d;
|
|
||||||
|
|
||||||
if (!def_loaded) {
|
|
||||||
def_load ();
|
|
||||||
}
|
|
||||||
|
|
||||||
d = def_find (item);
|
|
||||||
if ((NULL == d) || (NULL == d->value)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return (strcasecmp (d->value, "yes") == 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getdef_num - get numerical value from table of definitions
|
|
||||||
*
|
|
||||||
* Returns numeric value of specified item, else the "dflt" value if
|
|
||||||
* the item is not defined. Octal (leading "0") and hex (leading "0x")
|
|
||||||
* values are handled.
|
|
||||||
*/
|
|
||||||
|
|
||||||
int getdef_num (const char *item, int dflt)
|
|
||||||
{
|
|
||||||
struct itemdef *d;
|
|
||||||
long val;
|
|
||||||
|
|
||||||
if (!def_loaded) {
|
|
||||||
def_load ();
|
|
||||||
}
|
|
||||||
|
|
||||||
d = def_find (item);
|
|
||||||
if ((NULL == d) || (NULL == d->value)) {
|
|
||||||
return dflt;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( (getlong (d->value, &val) == 0)
|
|
||||||
|| (val > INT_MAX)
|
|
||||||
|| (val < INT_MIN)) {
|
|
||||||
fprintf (shadow_logfd,
|
|
||||||
_("configuration error - cannot parse %s value: '%s'"),
|
|
||||||
item, d->value);
|
|
||||||
return dflt;
|
|
||||||
}
|
|
||||||
|
|
||||||
return val;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getdef_unum - get unsigned numerical value from table of definitions
|
|
||||||
*
|
|
||||||
* Returns numeric value of specified item, else the "dflt" value if
|
|
||||||
* the item is not defined. Octal (leading "0") and hex (leading "0x")
|
|
||||||
* values are handled.
|
|
||||||
*/
|
|
||||||
|
|
||||||
unsigned int getdef_unum (const char *item, unsigned int dflt)
|
|
||||||
{
|
|
||||||
struct itemdef *d;
|
|
||||||
long val;
|
|
||||||
|
|
||||||
if (!def_loaded) {
|
|
||||||
def_load ();
|
|
||||||
}
|
|
||||||
|
|
||||||
d = def_find (item);
|
|
||||||
if ((NULL == d) || (NULL == d->value)) {
|
|
||||||
return dflt;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( (getlong (d->value, &val) == 0)
|
|
||||||
|| (val < 0)
|
|
||||||
|| (val > INT_MAX)) {
|
|
||||||
fprintf (shadow_logfd,
|
|
||||||
_("configuration error - cannot parse %s value: '%s'"),
|
|
||||||
item, d->value);
|
|
||||||
return dflt;
|
|
||||||
}
|
|
||||||
|
|
||||||
return val;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getdef_long - get long integer value from table of definitions
|
|
||||||
*
|
|
||||||
* Returns numeric value of specified item, else the "dflt" value if
|
|
||||||
* the item is not defined. Octal (leading "0") and hex (leading "0x")
|
|
||||||
* values are handled.
|
|
||||||
*/
|
|
||||||
|
|
||||||
long getdef_long (const char *item, long dflt)
|
|
||||||
{
|
|
||||||
struct itemdef *d;
|
|
||||||
long val;
|
|
||||||
|
|
||||||
if (!def_loaded) {
|
|
||||||
def_load ();
|
|
||||||
}
|
|
||||||
|
|
||||||
d = def_find (item);
|
|
||||||
if ((NULL == d) || (NULL == d->value)) {
|
|
||||||
return dflt;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (getlong (d->value, &val) == 0) {
|
|
||||||
fprintf (shadow_logfd,
|
|
||||||
_("configuration error - cannot parse %s value: '%s'"),
|
|
||||||
item, d->value);
|
|
||||||
return dflt;
|
|
||||||
}
|
|
||||||
|
|
||||||
return val;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getdef_ulong - get unsigned long numerical value from table of definitions
|
|
||||||
*
|
|
||||||
* Returns numeric value of specified item, else the "dflt" value if
|
|
||||||
* the item is not defined. Octal (leading "0") and hex (leading "0x")
|
|
||||||
* values are handled.
|
|
||||||
*/
|
|
||||||
|
|
||||||
unsigned long getdef_ulong (const char *item, unsigned long dflt)
|
|
||||||
{
|
|
||||||
struct itemdef *d;
|
|
||||||
unsigned long val;
|
|
||||||
|
|
||||||
if (!def_loaded) {
|
|
||||||
def_load ();
|
|
||||||
}
|
|
||||||
|
|
||||||
d = def_find (item);
|
|
||||||
if ((NULL == d) || (NULL == d->value)) {
|
|
||||||
return dflt;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (getulong (d->value, &val) == 0) {
|
|
||||||
fprintf (shadow_logfd,
|
|
||||||
_("configuration error - cannot parse %s value: '%s'"),
|
|
||||||
item, d->value);
|
|
||||||
return dflt;
|
|
||||||
}
|
|
||||||
|
|
||||||
return val;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* putdef_str - override the value read from /etc/login.defs
|
|
||||||
* (also used when loading the initial defaults)
|
|
||||||
*/
|
|
||||||
|
|
||||||
int putdef_str (const char *name, const char *value)
|
|
||||||
{
|
|
||||||
struct itemdef *d;
|
|
||||||
char *cp;
|
|
||||||
|
|
||||||
if (!def_loaded) {
|
|
||||||
def_load ();
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Locate the slot to save the value. If this parameter
|
|
||||||
* is unknown then "def_find" will print an err message.
|
|
||||||
*/
|
|
||||||
d = def_find (name);
|
|
||||||
if (NULL == d) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Save off the value.
|
|
||||||
*/
|
|
||||||
cp = strdup (value);
|
|
||||||
if (NULL == cp) {
|
|
||||||
(void) fputs (_("Could not allocate space for config info.\n"),
|
|
||||||
shadow_logfd);
|
|
||||||
SYSLOG ((LOG_ERR, "could not allocate space for config info"));
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
free (d->value);
|
|
||||||
d->value = cp;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* def_find - locate named item in table
|
|
||||||
*
|
|
||||||
* Search through a table of configurable items to locate the
|
|
||||||
* specified configuration option.
|
|
||||||
*/
|
|
||||||
|
|
||||||
static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
|
|
||||||
{
|
|
||||||
struct itemdef *ptr;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Search into the table.
|
|
||||||
*/
|
|
||||||
|
|
||||||
for (ptr = def_table; NULL != ptr->name; ptr++) {
|
|
||||||
if (strcmp (ptr->name, name) == 0) {
|
|
||||||
return ptr;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Item was never found.
|
|
||||||
*/
|
|
||||||
|
|
||||||
for (ptr = knowndef_table; NULL != ptr->name; ptr++) {
|
|
||||||
if (strcmp (ptr->name, name) == 0) {
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
fprintf (shadow_logfd,
|
|
||||||
_("configuration error - unknown item '%s' (notify administrator)\n"),
|
|
||||||
name);
|
|
||||||
SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
|
|
||||||
|
|
||||||
out:
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* setdef_config_file - set the default configuration file path
|
|
||||||
*
|
|
||||||
* must be called prior to any def* calls.
|
|
||||||
*/
|
|
||||||
|
|
||||||
void setdef_config_file (const char* file)
|
|
||||||
{
|
|
||||||
#ifdef USE_ECONF
|
|
||||||
size_t len;
|
|
||||||
char* cp;
|
|
||||||
|
|
||||||
len = strlen(file) + strlen(sysconfdir) + 2;
|
|
||||||
cp = MALLOC(len, char);
|
|
||||||
if (cp == NULL)
|
|
||||||
exit (13);
|
|
||||||
snprintf(cp, len, "%s/%s", file, sysconfdir);
|
|
||||||
sysconfdir = cp;
|
|
||||||
#ifdef VENDORDIR
|
|
||||||
len = strlen(file) + strlen(vendordir) + 2;
|
|
||||||
cp = MALLOC(len, char);
|
|
||||||
if (cp == NULL)
|
|
||||||
exit (13);
|
|
||||||
snprintf(cp, len, "%s/%s", file, vendordir);
|
|
||||||
vendordir = cp;
|
|
||||||
#endif
|
|
||||||
#else
|
|
||||||
def_fname = file;
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* def_load - load configuration table
|
|
||||||
*
|
|
||||||
* Loads the user-configured options from the default configuration file
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifdef USE_ECONF
|
|
||||||
static void def_load (void)
|
|
||||||
{
|
|
||||||
econf_file *defs_file = NULL;
|
|
||||||
econf_err error;
|
|
||||||
char **keys;
|
|
||||||
size_t key_number;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Set the initialized flag.
|
|
||||||
* (do it early to prevent recursion in putdef_str())
|
|
||||||
*/
|
|
||||||
def_loaded = true;
|
|
||||||
|
|
||||||
error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
|
|
||||||
if (error) {
|
|
||||||
if (error == ECONF_NOFILE)
|
|
||||||
return;
|
|
||||||
|
|
||||||
SYSLOG ((LOG_CRIT, "cannot open login definitions [%s]",
|
|
||||||
econf_errString(error)));
|
|
||||||
exit (EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((error = econf_getKeys(defs_file, NULL, &key_number, &keys))) {
|
|
||||||
SYSLOG ((LOG_CRIT, "cannot read login definitions [%s]",
|
|
||||||
econf_errString(error)));
|
|
||||||
exit (EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
|
|
||||||
for (size_t i = 0; i < key_number; i++) {
|
|
||||||
char *value;
|
|
||||||
|
|
||||||
error = econf_getStringValue(defs_file, NULL, keys[i], &value);
|
|
||||||
if (error) {
|
|
||||||
SYSLOG ((LOG_CRIT, "failed reading key %zu from econf [%s]",
|
|
||||||
i, econf_errString(error)));
|
|
||||||
exit (EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Store the value in def_table.
|
|
||||||
*
|
|
||||||
* Ignore failures to load the login.defs file.
|
|
||||||
* The error was already reported to the user and to
|
|
||||||
* syslog. The tools will just use their default values.
|
|
||||||
*/
|
|
||||||
(void)putdef_str (keys[i], value);
|
|
||||||
|
|
||||||
free(value);
|
|
||||||
}
|
|
||||||
|
|
||||||
econf_free (keys);
|
|
||||||
econf_free (defs_file);
|
|
||||||
}
|
|
||||||
#else /* USE_ECONF */
|
|
||||||
static void def_load (void)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
FILE *fp;
|
|
||||||
char buf[1024], *name, *value, *s;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Set the initialized flag.
|
|
||||||
* (do it early to prevent recursion in putdef_str())
|
|
||||||
*/
|
|
||||||
def_loaded = true;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Open the configuration definitions file.
|
|
||||||
*/
|
|
||||||
fp = fopen (def_fname, "r");
|
|
||||||
if (NULL == fp) {
|
|
||||||
if (errno == ENOENT)
|
|
||||||
return;
|
|
||||||
|
|
||||||
int err = errno;
|
|
||||||
SYSLOG ((LOG_CRIT, "cannot open login definitions %s [%s]",
|
|
||||||
def_fname, strerror (err)));
|
|
||||||
exit (EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Go through all of the lines in the file.
|
|
||||||
*/
|
|
||||||
while (fgets (buf, sizeof (buf), fp) != NULL) {
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Trim trailing whitespace.
|
|
||||||
*/
|
|
||||||
for (i = (ptrdiff_t) strlen (buf) - 1; i >= 0; --i) {
|
|
||||||
if (!isspace (buf[i])) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
buf[i] = '\0';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Break the line into two fields.
|
|
||||||
*/
|
|
||||||
name = buf + strspn (buf, " \t"); /* first nonwhite */
|
|
||||||
if (*name == '\0' || *name == '#')
|
|
||||||
continue; /* comment or empty */
|
|
||||||
|
|
||||||
s = name + strcspn (name, " \t"); /* end of field */
|
|
||||||
if (*s == '\0')
|
|
||||||
continue; /* only 1 field?? */
|
|
||||||
|
|
||||||
*s++ = '\0';
|
|
||||||
value = s + strspn (s, " \"\t"); /* next nonwhite */
|
|
||||||
*(value + strcspn (value, "\"")) = '\0';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Store the value in def_table.
|
|
||||||
*
|
|
||||||
* Ignore failures to load the login.defs file.
|
|
||||||
* The error was already reported to the user and to
|
|
||||||
* syslog. The tools will just use their default values.
|
|
||||||
*/
|
|
||||||
(void)putdef_str (name, value);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ferror (fp) != 0) {
|
|
||||||
int err = errno;
|
|
||||||
SYSLOG ((LOG_CRIT, "cannot read login definitions %s [%s]",
|
|
||||||
def_fname, strerror (err)));
|
|
||||||
exit (EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
|
|
||||||
(void) fclose (fp);
|
|
||||||
}
|
|
||||||
#endif /* USE_ECONF */
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef CKDEFS
|
|
||||||
int main (int argc, char **argv)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
char *cp;
|
|
||||||
struct itemdef *d;
|
|
||||||
|
|
||||||
def_load ();
|
|
||||||
|
|
||||||
for (i = 0; i < NUMDEFS; ++i) {
|
|
||||||
d = def_find (def_table[i].name);
|
|
||||||
if (NULL == d) {
|
|
||||||
printf ("error - lookup '%s' failed\n",
|
|
||||||
def_table[i].name);
|
|
||||||
} else {
|
|
||||||
printf ("%4d %-24s %s\n", i + 1, d->name, d->value);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
for (i = 1; i < argc; i++) {
|
|
||||||
cp = getdef_str (argv[1]);
|
|
||||||
if (NULL != cp) {
|
|
||||||
printf ("%s `%s'\n", argv[1], cp);
|
|
||||||
} else {
|
|
||||||
printf ("%s not found\n", argv[1]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
exit (EXIT_SUCCESS);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2002 - 2006, Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2008 , Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
#ifndef _GETDEF_H
|
|
||||||
#define _GETDEF_H
|
|
||||||
|
|
||||||
/* getdef.c */
|
|
||||||
extern bool getdef_bool (const char *);
|
|
||||||
extern long getdef_long (const char *, long);
|
|
||||||
extern int getdef_num (const char *, int);
|
|
||||||
extern unsigned long getdef_ulong (const char *, unsigned long);
|
|
||||||
extern unsigned int getdef_unum (const char *, unsigned int);
|
|
||||||
extern /*@observer@*/ /*@null@*/const char *getdef_str (const char *);
|
|
||||||
extern int putdef_str (const char *, const char *);
|
|
||||||
extern void setdef_config_file (const char* file);
|
|
||||||
|
|
||||||
/* default UMASK value if not specified in /etc/login.defs */
|
|
||||||
#define GETDEF_DEFAULT_UMASK 022
|
|
||||||
|
|
||||||
#endif /* _GETDEF_H */
|
|
||||||
@@ -1,36 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include "prototypes.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getlong - extract a long integer provided by the numstr string in *result
|
|
||||||
*
|
|
||||||
* It supports decimal, hexadecimal or octal representations.
|
|
||||||
*
|
|
||||||
* Returns 0 on failure, 1 on success.
|
|
||||||
*/
|
|
||||||
int getlong (const char *numstr, /*@out@*/long int *result)
|
|
||||||
{
|
|
||||||
long val;
|
|
||||||
char *endptr;
|
|
||||||
|
|
||||||
errno = 0;
|
|
||||||
val = strtol (numstr, &endptr, 0);
|
|
||||||
if (('\0' == *numstr) || ('\0' != *endptr) || (ERANGE == errno)) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
*result = val;
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,39 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id: getlong.c 2763 2009-04-23 09:57:03Z nekral-guest $"
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include "prototypes.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getulong - extract an unsigned long integer provided by the numstr string in *result
|
|
||||||
*
|
|
||||||
* It supports decimal, hexadecimal or octal representations.
|
|
||||||
*
|
|
||||||
* Returns 0 on failure, 1 on success.
|
|
||||||
*/
|
|
||||||
int getulong (const char *numstr, /*@out@*/unsigned long int *result)
|
|
||||||
{
|
|
||||||
unsigned long int val;
|
|
||||||
char *endptr;
|
|
||||||
|
|
||||||
errno = 0;
|
|
||||||
val = strtoul (numstr, &endptr, 0);
|
|
||||||
if ( ('\0' == *numstr)
|
|
||||||
|| ('\0' != *endptr)
|
|
||||||
|| (ERANGE == errno)
|
|
||||||
) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
*result = val;
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-436
@@ -1,436 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2001 , Michał Moskal
|
|
||||||
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include <assert.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
|
|
||||||
#include "alloc.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include "commonio.h"
|
|
||||||
#include "getdef.h"
|
|
||||||
#include "groupio.h"
|
|
||||||
|
|
||||||
static /*@null@*/struct commonio_entry *merge_group_entries (
|
|
||||||
/*@null@*/ /*@returned@*/struct commonio_entry *gr1,
|
|
||||||
/*@null@*/struct commonio_entry *gr2);
|
|
||||||
static int split_groups (unsigned int max_members);
|
|
||||||
static int group_open_hook (void);
|
|
||||||
|
|
||||||
static /*@null@*/ /*@only@*/void *group_dup (const void *ent)
|
|
||||||
{
|
|
||||||
const struct group *gr = ent;
|
|
||||||
|
|
||||||
return __gr_dup (gr);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void group_free (/*@out@*/ /*@only@*/void *ent)
|
|
||||||
{
|
|
||||||
struct group *gr = ent;
|
|
||||||
|
|
||||||
gr_free (gr);
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char *group_getname (const void *ent)
|
|
||||||
{
|
|
||||||
const struct group *gr = ent;
|
|
||||||
|
|
||||||
return gr->gr_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void *group_parse (const char *line)
|
|
||||||
{
|
|
||||||
return sgetgrent (line);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int group_put (const void *ent, FILE * file)
|
|
||||||
{
|
|
||||||
const struct group *gr = ent;
|
|
||||||
|
|
||||||
if ( (NULL == gr)
|
|
||||||
|| (valid_field (gr->gr_name, ":\n") == -1)
|
|
||||||
|| (valid_field (gr->gr_passwd, ":\n") == -1)
|
|
||||||
|| (gr->gr_gid == (gid_t)-1)) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* FIXME: fail also if gr->gr_mem == NULL ?*/
|
|
||||||
if (NULL != gr->gr_mem) {
|
|
||||||
size_t i;
|
|
||||||
for (i = 0; NULL != gr->gr_mem[i]; i++) {
|
|
||||||
if (valid_field (gr->gr_mem[i], ",:\n") == -1) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return (putgrent (gr, file) == -1) ? -1 : 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int group_close_hook (void)
|
|
||||||
{
|
|
||||||
unsigned int max_members = getdef_unum("MAX_MEMBERS_PER_GROUP", 0);
|
|
||||||
|
|
||||||
if (0 == max_members) {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return split_groups (max_members);
|
|
||||||
}
|
|
||||||
|
|
||||||
static struct commonio_ops group_ops = {
|
|
||||||
group_dup,
|
|
||||||
group_free,
|
|
||||||
group_getname,
|
|
||||||
group_parse,
|
|
||||||
group_put,
|
|
||||||
fgetsx,
|
|
||||||
fputsx,
|
|
||||||
group_open_hook,
|
|
||||||
group_close_hook
|
|
||||||
};
|
|
||||||
|
|
||||||
static /*@owned@*/struct commonio_db group_db = {
|
|
||||||
GROUP_FILE, /* filename */
|
|
||||||
&group_ops, /* ops */
|
|
||||||
NULL, /* fp */
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
NULL, /* scontext */
|
|
||||||
#endif
|
|
||||||
0644, /* st_mode */
|
|
||||||
0, /* st_uid */
|
|
||||||
0, /* st_gid */
|
|
||||||
NULL, /* head */
|
|
||||||
NULL, /* tail */
|
|
||||||
NULL, /* cursor */
|
|
||||||
false, /* changed */
|
|
||||||
false, /* isopen */
|
|
||||||
false, /* locked */
|
|
||||||
false, /* readonly */
|
|
||||||
false /* setname */
|
|
||||||
};
|
|
||||||
|
|
||||||
int gr_setdbname (const char *filename)
|
|
||||||
{
|
|
||||||
return commonio_setname (&group_db, filename);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*@observer@*/const char *gr_dbname (void)
|
|
||||||
{
|
|
||||||
return group_db.filename;
|
|
||||||
}
|
|
||||||
|
|
||||||
int gr_lock (void)
|
|
||||||
{
|
|
||||||
return commonio_lock (&group_db);
|
|
||||||
}
|
|
||||||
|
|
||||||
int gr_open (int mode)
|
|
||||||
{
|
|
||||||
return commonio_open (&group_db, mode);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*@observer@*/ /*@null@*/const struct group *gr_locate (const char *name)
|
|
||||||
{
|
|
||||||
return commonio_locate (&group_db, name);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*@observer@*/ /*@null@*/const struct group *gr_locate_gid (gid_t gid)
|
|
||||||
{
|
|
||||||
const struct group *grp;
|
|
||||||
|
|
||||||
gr_rewind ();
|
|
||||||
while ( ((grp = gr_next ()) != NULL)
|
|
||||||
&& (grp->gr_gid != gid)) {
|
|
||||||
}
|
|
||||||
|
|
||||||
return grp;
|
|
||||||
}
|
|
||||||
|
|
||||||
int gr_update (const struct group *gr)
|
|
||||||
{
|
|
||||||
return commonio_update (&group_db, gr);
|
|
||||||
}
|
|
||||||
|
|
||||||
int gr_remove (const char *name)
|
|
||||||
{
|
|
||||||
return commonio_remove (&group_db, name);
|
|
||||||
}
|
|
||||||
|
|
||||||
int gr_rewind (void)
|
|
||||||
{
|
|
||||||
return commonio_rewind (&group_db);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*@observer@*/ /*@null@*/const struct group *gr_next (void)
|
|
||||||
{
|
|
||||||
return commonio_next (&group_db);
|
|
||||||
}
|
|
||||||
|
|
||||||
int gr_close (void)
|
|
||||||
{
|
|
||||||
return commonio_close (&group_db);
|
|
||||||
}
|
|
||||||
|
|
||||||
int gr_unlock (void)
|
|
||||||
{
|
|
||||||
return commonio_unlock (&group_db);
|
|
||||||
}
|
|
||||||
|
|
||||||
void __gr_set_changed (void)
|
|
||||||
{
|
|
||||||
group_db.changed = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*@dependent@*/ /*@null@*/struct commonio_entry *__gr_get_head (void)
|
|
||||||
{
|
|
||||||
return group_db.head;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*@observer@*/const struct commonio_db *__gr_get_db (void)
|
|
||||||
{
|
|
||||||
return &group_db;
|
|
||||||
}
|
|
||||||
|
|
||||||
void __gr_del_entry (const struct commonio_entry *ent)
|
|
||||||
{
|
|
||||||
commonio_del_entry (&group_db, ent);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int gr_cmp (const void *p1, const void *p2)
|
|
||||||
{
|
|
||||||
gid_t u1, u2;
|
|
||||||
|
|
||||||
if ((*(struct commonio_entry **) p1)->eptr == NULL) {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
if ((*(struct commonio_entry **) p2)->eptr == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
u1 = ((struct group *) (*(struct commonio_entry **) p1)->eptr)->gr_gid;
|
|
||||||
u2 = ((struct group *) (*(struct commonio_entry **) p2)->eptr)->gr_gid;
|
|
||||||
|
|
||||||
if (u1 < u2) {
|
|
||||||
return -1;
|
|
||||||
} else if (u1 > u2) {
|
|
||||||
return 1;
|
|
||||||
} else {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Sort entries by GID */
|
|
||||||
int gr_sort ()
|
|
||||||
{
|
|
||||||
return commonio_sort (&group_db, gr_cmp);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int group_open_hook (void)
|
|
||||||
{
|
|
||||||
unsigned int max_members = getdef_unum("MAX_MEMBERS_PER_GROUP", 0);
|
|
||||||
struct commonio_entry *gr1, *gr2;
|
|
||||||
|
|
||||||
if (0 == max_members) {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (gr1 = group_db.head; NULL != gr1; gr1 = gr1->next) {
|
|
||||||
for (gr2 = gr1->next; NULL != gr2; gr2 = gr2->next) {
|
|
||||||
struct group *g1 = gr1->eptr;
|
|
||||||
struct group *g2 = gr2->eptr;
|
|
||||||
if (NULL != g1 &&
|
|
||||||
NULL != g2 &&
|
|
||||||
0 == strcmp (g1->gr_name, g2->gr_name) &&
|
|
||||||
0 == strcmp (g1->gr_passwd, g2->gr_passwd) &&
|
|
||||||
g1->gr_gid == g2->gr_gid) {
|
|
||||||
/* Both group entries refer to the same
|
|
||||||
* group. It is a split group. Merge the
|
|
||||||
* members. */
|
|
||||||
gr1 = merge_group_entries (gr1, gr2);
|
|
||||||
if (NULL == gr1)
|
|
||||||
return 0;
|
|
||||||
/* Unlink gr2 */
|
|
||||||
if (NULL != gr2->next) {
|
|
||||||
gr2->next->prev = gr2->prev;
|
|
||||||
}
|
|
||||||
/* gr2 does not start with head */
|
|
||||||
assert (NULL != gr2->prev);
|
|
||||||
gr2->prev->next = gr2->next;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
assert (NULL != gr1);
|
|
||||||
}
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Merge the list of members of the two group entries.
|
|
||||||
*
|
|
||||||
* The commonio_entry arguments shall be group entries.
|
|
||||||
*
|
|
||||||
* You should not merge the members of two groups if they don't have the
|
|
||||||
* same name, password and gid.
|
|
||||||
*
|
|
||||||
* It merge the members of the second entry in the first one, and return
|
|
||||||
* the modified first entry on success, or NULL on failure (with errno
|
|
||||||
* set).
|
|
||||||
*/
|
|
||||||
static /*@null@*/struct commonio_entry *merge_group_entries (
|
|
||||||
/*@null@*/ /*@returned@*/struct commonio_entry *gr1,
|
|
||||||
/*@null@*/struct commonio_entry *gr2)
|
|
||||||
{
|
|
||||||
struct group *gptr1;
|
|
||||||
struct group *gptr2;
|
|
||||||
char **new_members;
|
|
||||||
size_t members = 0;
|
|
||||||
char *new_line;
|
|
||||||
size_t new_line_len, i;
|
|
||||||
if (NULL == gr2 || NULL == gr1) {
|
|
||||||
errno = EINVAL;
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
gptr1 = gr1->eptr;
|
|
||||||
gptr2 = gr2->eptr;
|
|
||||||
if (NULL == gptr2 || NULL == gptr1) {
|
|
||||||
errno = EINVAL;
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Concatenate the 2 lines */
|
|
||||||
new_line_len = strlen (gr1->line) + strlen (gr2->line) +1;
|
|
||||||
new_line = MALLOC(new_line_len + 1, char);
|
|
||||||
if (NULL == new_line) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
|
|
||||||
|
|
||||||
/* Concatenate the 2 list of members */
|
|
||||||
for (i=0; NULL != gptr1->gr_mem[i]; i++);
|
|
||||||
members += i;
|
|
||||||
for (i=0; NULL != gptr2->gr_mem[i]; i++) {
|
|
||||||
char **pmember = gptr1->gr_mem;
|
|
||||||
while (NULL != *pmember) {
|
|
||||||
if (0 == strcmp(*pmember, gptr2->gr_mem[i])) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
pmember++;
|
|
||||||
}
|
|
||||||
if (NULL == *pmember) {
|
|
||||||
members++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
new_members = CALLOC (members + 1, char *);
|
|
||||||
if (NULL == new_members) {
|
|
||||||
free (new_line);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
for (i=0; NULL != gptr1->gr_mem[i]; i++) {
|
|
||||||
new_members[i] = gptr1->gr_mem[i];
|
|
||||||
}
|
|
||||||
/* NULL termination enforced by above calloc */
|
|
||||||
|
|
||||||
members = i;
|
|
||||||
for (i=0; NULL != gptr2->gr_mem[i]; i++) {
|
|
||||||
char **pmember = new_members;
|
|
||||||
while (NULL != *pmember) {
|
|
||||||
if (0 == strcmp(*pmember, gptr2->gr_mem[i])) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
pmember++;
|
|
||||||
}
|
|
||||||
if (NULL == *pmember) {
|
|
||||||
new_members[members] = gptr2->gr_mem[i];
|
|
||||||
members++;
|
|
||||||
new_members[members] = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
gr1->line = new_line;
|
|
||||||
gptr1->gr_mem = new_members;
|
|
||||||
|
|
||||||
return gr1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Scan the group database and split the groups which have more members
|
|
||||||
* than specified, if this is the result from a current change.
|
|
||||||
*
|
|
||||||
* Return 0 on failure (errno set) and 1 on success.
|
|
||||||
*/
|
|
||||||
static int split_groups (unsigned int max_members)
|
|
||||||
{
|
|
||||||
struct commonio_entry *gr;
|
|
||||||
|
|
||||||
for (gr = group_db.head; NULL != gr; gr = gr->next) {
|
|
||||||
struct group *gptr = gr->eptr;
|
|
||||||
struct commonio_entry *new;
|
|
||||||
struct group *new_gptr;
|
|
||||||
unsigned int members = 0;
|
|
||||||
unsigned int i;
|
|
||||||
|
|
||||||
/* Check if this group must be split */
|
|
||||||
if (!gr->changed) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
if (NULL == gptr) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
for (members = 0; NULL != gptr->gr_mem[members]; members++);
|
|
||||||
if (members <= max_members) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
new = MALLOC(1, struct commonio_entry);
|
|
||||||
if (NULL == new) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
new->eptr = group_dup(gr->eptr);
|
|
||||||
if (NULL == new->eptr) {
|
|
||||||
free (new);
|
|
||||||
errno = ENOMEM;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
new_gptr = new->eptr;
|
|
||||||
new->line = NULL;
|
|
||||||
new->changed = true;
|
|
||||||
|
|
||||||
/* Enforce the maximum number of members on gptr */
|
|
||||||
for (i = max_members; NULL != gptr->gr_mem[i]; i++) {
|
|
||||||
free (gptr->gr_mem[i]);
|
|
||||||
gptr->gr_mem[i] = NULL;
|
|
||||||
}
|
|
||||||
/* Shift all the members */
|
|
||||||
/* The number of members in new_gptr will be check later */
|
|
||||||
for (i = 0; NULL != new_gptr->gr_mem[i + max_members]; i++) {
|
|
||||||
free (new_gptr->gr_mem[i]);
|
|
||||||
new_gptr->gr_mem[i] = new_gptr->gr_mem[i + max_members];
|
|
||||||
new_gptr->gr_mem[i + max_members] = NULL;
|
|
||||||
}
|
|
||||||
for (; NULL != new_gptr->gr_mem[i]; i++) {
|
|
||||||
free (new_gptr->gr_mem[i]);
|
|
||||||
new_gptr->gr_mem[i] = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* insert the new entry in the list */
|
|
||||||
new->prev = gr;
|
|
||||||
new->next = gr->next;
|
|
||||||
gr->next = new;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2001 , Michał Moskal
|
|
||||||
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2008 , Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* $Id$ */
|
|
||||||
#ifndef _GROUPIO_H
|
|
||||||
#define _GROUPIO_H
|
|
||||||
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <grp.h>
|
|
||||||
|
|
||||||
extern int gr_close (void);
|
|
||||||
extern /*@observer@*/ /*@null@*/const struct group *gr_locate (const char *name);
|
|
||||||
extern /*@observer@*/ /*@null@*/const struct group *gr_locate_gid (gid_t gid);
|
|
||||||
extern int gr_lock (void);
|
|
||||||
extern int gr_setdbname (const char *filename);
|
|
||||||
extern /*@observer@*/const char *gr_dbname (void);
|
|
||||||
extern /*@observer@*/ /*@null@*/const struct group *gr_next (void);
|
|
||||||
extern int gr_open (int mode);
|
|
||||||
extern int gr_remove (const char *name);
|
|
||||||
extern int gr_rewind (void);
|
|
||||||
extern int gr_unlock (void);
|
|
||||||
extern int gr_update (const struct group *gr);
|
|
||||||
extern int gr_sort (void);
|
|
||||||
|
|
||||||
#endif
|
|
||||||
@@ -1,89 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2001 , Michał Moskal
|
|
||||||
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2007 - 2013, Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include "alloc.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include "groupio.h"
|
|
||||||
|
|
||||||
/*@null@*/ /*@only@*/struct group *__gr_dup (const struct group *grent)
|
|
||||||
{
|
|
||||||
struct group *gr;
|
|
||||||
int i;
|
|
||||||
|
|
||||||
gr = MALLOC(1, struct group);
|
|
||||||
if (NULL == gr) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
/* The libc might define other fields. They won't be copied. */
|
|
||||||
memset (gr, 0, sizeof *gr);
|
|
||||||
gr->gr_gid = grent->gr_gid;
|
|
||||||
/*@-mustfreeonly@*/
|
|
||||||
gr->gr_name = strdup (grent->gr_name);
|
|
||||||
/*@=mustfreeonly@*/
|
|
||||||
if (NULL == gr->gr_name) {
|
|
||||||
gr_free(gr);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
/*@-mustfreeonly@*/
|
|
||||||
gr->gr_passwd = strdup (grent->gr_passwd);
|
|
||||||
/*@=mustfreeonly@*/
|
|
||||||
if (NULL == gr->gr_passwd) {
|
|
||||||
gr_free(gr);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (i = 0; grent->gr_mem[i]; i++);
|
|
||||||
|
|
||||||
/*@-mustfreeonly@*/
|
|
||||||
gr->gr_mem = MALLOC(i + 1, char *);
|
|
||||||
/*@=mustfreeonly@*/
|
|
||||||
if (NULL == gr->gr_mem) {
|
|
||||||
gr_free(gr);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
for (i = 0; grent->gr_mem[i]; i++) {
|
|
||||||
gr->gr_mem[i] = strdup (grent->gr_mem[i]);
|
|
||||||
if (NULL == gr->gr_mem[i]) {
|
|
||||||
gr_free(gr);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
gr->gr_mem[i] = NULL;
|
|
||||||
|
|
||||||
return gr;
|
|
||||||
}
|
|
||||||
|
|
||||||
void gr_free_members (struct group *grent)
|
|
||||||
{
|
|
||||||
if (NULL != grent->gr_mem) {
|
|
||||||
size_t i;
|
|
||||||
for (i = 0; NULL != grent->gr_mem[i]; i++) {
|
|
||||||
free (grent->gr_mem[i]);
|
|
||||||
}
|
|
||||||
free (grent->gr_mem);
|
|
||||||
grent->gr_mem = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void gr_free (/*@out@*/ /*@only@*/struct group *grent)
|
|
||||||
{
|
|
||||||
free (grent->gr_name);
|
|
||||||
if (NULL != grent->gr_passwd) {
|
|
||||||
strzero (grent->gr_passwd);
|
|
||||||
free (grent->gr_passwd);
|
|
||||||
}
|
|
||||||
gr_free_members(grent);
|
|
||||||
free (grent);
|
|
||||||
}
|
|
||||||
-509
@@ -1,509 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
|
|
||||||
* SPDX-FileCopyrightText: 2008 - 2009, Nicolas François
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
/* Newer versions of Linux libc already have shadow support. */
|
|
||||||
#if defined(SHADOWGRP) && !defined(HAVE_SHADOWGRP) /*{ */
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
#include "alloc.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
|
|
||||||
static /*@null@*/FILE *shadow;
|
|
||||||
static /*@null@*//*@only@*/char **members = NULL;
|
|
||||||
static size_t nmembers = 0;
|
|
||||||
static /*@null@*//*@only@*/char **admins = NULL;
|
|
||||||
static size_t nadmins = 0;
|
|
||||||
static struct sgrp sgroup;
|
|
||||||
|
|
||||||
#define FIELDS 4
|
|
||||||
|
|
||||||
#ifdef USE_NIS
|
|
||||||
static bool nis_used;
|
|
||||||
static bool nis_ignore;
|
|
||||||
static enum { native, start, middle, native2 } nis_state;
|
|
||||||
static bool nis_bound;
|
|
||||||
static char *nis_domain;
|
|
||||||
static char *nis_key;
|
|
||||||
static int nis_keylen;
|
|
||||||
static char *nis_val;
|
|
||||||
static int nis_vallen;
|
|
||||||
|
|
||||||
#define IS_NISCHAR(c) ((c)=='+')
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef USE_NIS
|
|
||||||
/*
|
|
||||||
* bind_nis - bind to NIS server
|
|
||||||
*/
|
|
||||||
|
|
||||||
static int bind_nis (void)
|
|
||||||
{
|
|
||||||
if (yp_get_default_domain (&nis_domain))
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
nis_bound = true;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
static /*@null@*/char **build_list (char *s, char **list[], size_t * nlist)
|
|
||||||
{
|
|
||||||
char **ptr = *list;
|
|
||||||
size_t nelem = *nlist, size;
|
|
||||||
|
|
||||||
while (s != NULL && *s != '\0') {
|
|
||||||
size = (nelem + 1) * sizeof (ptr);
|
|
||||||
ptr = REALLOC(*list, size, char *);
|
|
||||||
if (NULL != ptr) {
|
|
||||||
ptr[nelem] = s;
|
|
||||||
nelem++;
|
|
||||||
*list = ptr;
|
|
||||||
*nlist = nelem;
|
|
||||||
s = strchr (s, ',');
|
|
||||||
if (NULL != s) {
|
|
||||||
*s = '\0';
|
|
||||||
s++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
size = (nelem + 1) * sizeof (ptr);
|
|
||||||
ptr = REALLOC(*list, size, char *);
|
|
||||||
if (NULL != ptr) {
|
|
||||||
ptr[nelem] = NULL;
|
|
||||||
*list = ptr;
|
|
||||||
}
|
|
||||||
return ptr;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setsgent (void)
|
|
||||||
{
|
|
||||||
#ifdef USE_NIS
|
|
||||||
nis_state = native;
|
|
||||||
#endif
|
|
||||||
if (NULL != shadow) {
|
|
||||||
rewind (shadow);
|
|
||||||
} else {
|
|
||||||
shadow = fopen (SGROUP_FILE, "r");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void endsgent (void)
|
|
||||||
{
|
|
||||||
if (NULL != shadow) {
|
|
||||||
(void) fclose (shadow);
|
|
||||||
}
|
|
||||||
|
|
||||||
shadow = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *string)
|
|
||||||
{
|
|
||||||
static char *sgrbuf = NULL;
|
|
||||||
static size_t sgrbuflen = 0;
|
|
||||||
|
|
||||||
char *fields[FIELDS];
|
|
||||||
char *cp;
|
|
||||||
int i;
|
|
||||||
size_t len = strlen (string) + 1;
|
|
||||||
|
|
||||||
if (len > sgrbuflen) {
|
|
||||||
char *buf = REALLOC(sgrbuf, len, char);
|
|
||||||
if (NULL == buf) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
sgrbuf = buf;
|
|
||||||
sgrbuflen = len;
|
|
||||||
}
|
|
||||||
|
|
||||||
strcpy (sgrbuf, string);
|
|
||||||
|
|
||||||
cp = strrchr (sgrbuf, '\n');
|
|
||||||
if (NULL != cp) {
|
|
||||||
*cp = '\0';
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* There should be exactly 4 colon separated fields. Find
|
|
||||||
* all 4 of them and save the starting addresses in fields[].
|
|
||||||
*/
|
|
||||||
|
|
||||||
for (cp = sgrbuf, i = 0; (i < FIELDS) && (NULL != cp); i++) {
|
|
||||||
fields[i] = cp;
|
|
||||||
cp = strchr (cp, ':');
|
|
||||||
if (NULL != cp) {
|
|
||||||
*cp++ = '\0';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If there was an extra field somehow, or perhaps not enough,
|
|
||||||
* the line is invalid.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if ((NULL != cp) || (i != FIELDS)) {
|
|
||||||
#ifdef USE_NIS
|
|
||||||
if (!IS_NISCHAR (fields[0][0])) {
|
|
||||||
return 0;
|
|
||||||
} else {
|
|
||||||
nis_used = true;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
return 0;
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
sgroup.sg_name = fields[0];
|
|
||||||
sgroup.sg_passwd = fields[1];
|
|
||||||
if (0 != nadmins) {
|
|
||||||
nadmins = 0;
|
|
||||||
free (admins);
|
|
||||||
admins = NULL;
|
|
||||||
}
|
|
||||||
if (0 != nmembers) {
|
|
||||||
nmembers = 0;
|
|
||||||
free (members);
|
|
||||||
members = NULL;
|
|
||||||
}
|
|
||||||
sgroup.sg_adm = build_list (fields[2], &admins, &nadmins);
|
|
||||||
sgroup.sg_mem = build_list (fields[3], &members, &nmembers);
|
|
||||||
|
|
||||||
return &sgroup;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* fgetsgent - convert next line in stream to (struct sgrp)
|
|
||||||
*
|
|
||||||
* fgetsgent() reads the next line from the provided stream and
|
|
||||||
* converts it to a (struct sgrp). NULL is returned on EOF.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *fgetsgent (/*@null@*/FILE * fp)
|
|
||||||
{
|
|
||||||
static size_t buflen = 0;
|
|
||||||
static char *buf = NULL;
|
|
||||||
|
|
||||||
char *cp;
|
|
||||||
|
|
||||||
if (0 == buflen) {
|
|
||||||
buf = MALLOC(BUFSIZ, char);
|
|
||||||
if (NULL == buf) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
buflen = BUFSIZ;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (NULL == fp) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef USE_NIS
|
|
||||||
while (fgetsx (buf, buflen, fp) == buf)
|
|
||||||
#else
|
|
||||||
if (fgetsx (buf, buflen, fp) == buf)
|
|
||||||
#endif
|
|
||||||
{
|
|
||||||
while ( ((cp = strrchr (buf, '\n')) == NULL)
|
|
||||||
&& (feof (fp) == 0)) {
|
|
||||||
size_t len;
|
|
||||||
|
|
||||||
cp = REALLOC(buf, buflen * 2, char);
|
|
||||||
if (NULL == cp) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
buf = cp;
|
|
||||||
buflen *= 2;
|
|
||||||
|
|
||||||
len = strlen (buf);
|
|
||||||
if (fgetsx (&buf[len],
|
|
||||||
(int) (buflen - len),
|
|
||||||
fp) != &buf[len]) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
cp = strrchr (buf, '\n');
|
|
||||||
if (NULL != cp) {
|
|
||||||
*cp = '\0';
|
|
||||||
}
|
|
||||||
#ifdef USE_NIS
|
|
||||||
if (nis_ignore && IS_NISCHAR (buf[0])) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
return (sgetsgent (buf));
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getsgent - get a single shadow group entry
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *getsgent (void)
|
|
||||||
{
|
|
||||||
#ifdef USE_NIS
|
|
||||||
bool nis_1_group = false;
|
|
||||||
struct sgrp *val;
|
|
||||||
#endif
|
|
||||||
if (NULL == shadow) {
|
|
||||||
setsgent ();
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef USE_NIS
|
|
||||||
again:
|
|
||||||
/*
|
|
||||||
* See if we are reading from the local file.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (nis_state == native || nis_state == native2) {
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Get the next entry from the shadow group file. Return
|
|
||||||
* NULL right away if there is none.
|
|
||||||
*/
|
|
||||||
|
|
||||||
val = fgetsgent (shadow);
|
|
||||||
if (NULL == val) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If this entry began with a NIS escape character, we have
|
|
||||||
* to see if this is just a single group, or if the entire
|
|
||||||
* map is being asked for.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (IS_NISCHAR (val->sg_name[0])) {
|
|
||||||
if ('\0' != val->sg_name[1]) {
|
|
||||||
nis_1_group = true;
|
|
||||||
} else {
|
|
||||||
nis_state = start;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If this isn't a NIS group and this isn't an escape to go
|
|
||||||
* use a NIS map, it must be a regular local group.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!nis_1_group && (nis_state != start)) {
|
|
||||||
return val;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If this is an escape to use an NIS map, switch over to
|
|
||||||
* that bunch of code.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (nis_state == start) {
|
|
||||||
goto again;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* NEEDSWORK. Here we substitute pieces-parts of this entry.
|
|
||||||
*/
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
} else {
|
|
||||||
if (!nis_bound) {
|
|
||||||
if (bind_nis ()) {
|
|
||||||
nis_state = native2;
|
|
||||||
goto again;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (nis_state == start) {
|
|
||||||
if (yp_first (nis_domain, "gshadow.byname", &nis_key,
|
|
||||||
&nis_keylen, &nis_val, &nis_vallen)) {
|
|
||||||
nis_state = native2;
|
|
||||||
goto again;
|
|
||||||
}
|
|
||||||
nis_state = middle;
|
|
||||||
} else if (nis_state == middle) {
|
|
||||||
if (yp_next (nis_domain, "gshadow.byname", nis_key,
|
|
||||||
nis_keylen, &nis_key, &nis_keylen,
|
|
||||||
&nis_val, &nis_vallen)) {
|
|
||||||
nis_state = native2;
|
|
||||||
goto again;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return sgetsgent (nis_val);
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
return (fgetsgent (shadow));
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* getsgnam - get a shadow group entry by name
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *getsgnam (const char *name)
|
|
||||||
{
|
|
||||||
struct sgrp *sgrp;
|
|
||||||
|
|
||||||
#ifdef USE_NIS
|
|
||||||
static char save_name[16];
|
|
||||||
int nis_disabled = 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
setsgent ();
|
|
||||||
|
|
||||||
#ifdef USE_NIS
|
|
||||||
if (nis_used) {
|
|
||||||
again:
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Search the gshadow.byname map for this group.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!nis_bound) {
|
|
||||||
bind_nis ();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (nis_bound) {
|
|
||||||
char *cp;
|
|
||||||
|
|
||||||
if (yp_match (nis_domain, "gshadow.byname", name,
|
|
||||||
strlen (name), &nis_val,
|
|
||||||
&nis_vallen) == 0) {
|
|
||||||
cp = strchr (nis_val, '\n');
|
|
||||||
if (NULL != cp) {
|
|
||||||
*cp = '\0';
|
|
||||||
}
|
|
||||||
|
|
||||||
nis_state = middle;
|
|
||||||
sgrp = sgetsgent (nis_val);
|
|
||||||
if (NULL != sgrp) {
|
|
||||||
strcpy (save_name, sgrp->sg_name);
|
|
||||||
nis_key = save_name;
|
|
||||||
nis_keylen = strlen (save_name);
|
|
||||||
}
|
|
||||||
return sgrp;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
nis_state = native2;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#ifdef USE_NIS
|
|
||||||
if (nis_used) {
|
|
||||||
nis_ignore = true;
|
|
||||||
nis_disabled = true;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
while ((sgrp = getsgent ()) != NULL) {
|
|
||||||
if (strcmp (name, sgrp->sg_name) == 0) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#ifdef USE_NIS
|
|
||||||
nis_ignore = false;
|
|
||||||
#endif
|
|
||||||
return sgrp;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* putsgent - output shadow group entry in text form
|
|
||||||
*
|
|
||||||
* putsgent() converts the contents of a (struct sgrp) to text and
|
|
||||||
* writes the result to the given stream. This is the logical
|
|
||||||
* opposite of fgetsgent.
|
|
||||||
*/
|
|
||||||
|
|
||||||
int putsgent (const struct sgrp *sgrp, FILE * fp)
|
|
||||||
{
|
|
||||||
char *buf, *cp;
|
|
||||||
int i;
|
|
||||||
size_t size;
|
|
||||||
|
|
||||||
if ((NULL == fp) || (NULL == sgrp)) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* calculate the required buffer size */
|
|
||||||
size = strlen (sgrp->sg_name) + strlen (sgrp->sg_passwd) + 10;
|
|
||||||
for (i = 0; (NULL != sgrp->sg_adm) && (NULL != sgrp->sg_adm[i]); i++) {
|
|
||||||
size += strlen (sgrp->sg_adm[i]) + 1;
|
|
||||||
}
|
|
||||||
for (i = 0; (NULL != sgrp->sg_mem) && (NULL != sgrp->sg_mem[i]); i++) {
|
|
||||||
size += strlen (sgrp->sg_mem[i]) + 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
buf = MALLOC(size, char);
|
|
||||||
if (NULL == buf) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
cp = buf;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copy the group name and passwd.
|
|
||||||
*/
|
|
||||||
|
|
||||||
strcpy (cp, sgrp->sg_name);
|
|
||||||
cp += strlen (cp);
|
|
||||||
*cp++ = ':';
|
|
||||||
|
|
||||||
strcpy (cp, sgrp->sg_passwd);
|
|
||||||
cp += strlen (cp);
|
|
||||||
*cp++ = ':';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copy the administrators, separating each from the other
|
|
||||||
* with a ",".
|
|
||||||
*/
|
|
||||||
|
|
||||||
for (i = 0; NULL != sgrp->sg_adm[i]; i++) {
|
|
||||||
if (i > 0) {
|
|
||||||
*cp++ = ',';
|
|
||||||
}
|
|
||||||
|
|
||||||
strcpy (cp, sgrp->sg_adm[i]);
|
|
||||||
cp += strlen (cp);
|
|
||||||
}
|
|
||||||
*cp = ':';
|
|
||||||
cp++;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Now do likewise with the group members.
|
|
||||||
*/
|
|
||||||
|
|
||||||
for (i = 0; NULL != sgrp->sg_mem[i]; i++) {
|
|
||||||
if (i > 0) {
|
|
||||||
*cp = ',';
|
|
||||||
cp++;
|
|
||||||
}
|
|
||||||
|
|
||||||
strcpy (cp, sgrp->sg_mem[i]);
|
|
||||||
cp += strlen (cp);
|
|
||||||
}
|
|
||||||
*cp = '\n';
|
|
||||||
cp++;
|
|
||||||
*cp = '\0';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Output using the function which understands the line
|
|
||||||
* continuation conventions.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (fputsx (buf, fp) == EOF) {
|
|
||||||
free (buf);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
free (buf);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
extern int ISO_C_forbids_an_empty_translation_unit;
|
|
||||||
#endif /*} SHADOWGRP */
|
|
||||||
@@ -1,52 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1988 - 1994, Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* $Id$
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef _H_GSHADOW
|
|
||||||
#define _H_GSHADOW
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Shadow group security file structure
|
|
||||||
*/
|
|
||||||
|
|
||||||
struct sgrp {
|
|
||||||
char *sg_name; /* group name */
|
|
||||||
char *sg_passwd; /* group password */
|
|
||||||
char **sg_adm; /* group administrator list */
|
|
||||||
char **sg_mem; /* group membership list */
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Shadow group security file functions.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <stdio.h> /* for FILE */
|
|
||||||
|
|
||||||
#if __STDC__
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *getsgent (void);
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *getsgnam (const char *);
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *);
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *fgetsgent (/*@null@*/FILE *);
|
|
||||||
void setsgent (void);
|
|
||||||
void endsgent (void);
|
|
||||||
int putsgent (const struct sgrp *, FILE *);
|
|
||||||
#else
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *getsgent ();
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *getsgnam ();
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *sgetsgent ();
|
|
||||||
/*@observer@*//*@null@*/struct sgrp *fgetsgent ();
|
|
||||||
void setsgent ();
|
|
||||||
void endsgent ();
|
|
||||||
int putsgent ();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define GSHADOW "/etc/gshadow"
|
|
||||||
#endif /* ifndef _H_GSHADOW */
|
|
||||||
@@ -1,85 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1992 , Julianne Frances Haugh
|
|
||||||
* SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2005 , Tomasz Kłoczko
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#ifndef HAVE_LCKPWDF
|
|
||||||
|
|
||||||
#ident "$Id$"
|
|
||||||
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include "pwio.h"
|
|
||||||
#include "shadowio.h"
|
|
||||||
/*
|
|
||||||
* lckpwdf - lock the password files
|
|
||||||
*/
|
|
||||||
int lckpwdf (void)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* We have 15 seconds to lock the whole mess
|
|
||||||
*/
|
|
||||||
|
|
||||||
for (i = 0; i < 15; i++)
|
|
||||||
if (pw_lock ())
|
|
||||||
break;
|
|
||||||
else
|
|
||||||
sleep (1);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Did we run out of time?
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (i == 15)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Nope, use any remaining time to lock the shadow password
|
|
||||||
* file.
|
|
||||||
*/
|
|
||||||
|
|
||||||
for (; i < 15; i++)
|
|
||||||
if (spw_lock ())
|
|
||||||
break;
|
|
||||||
else
|
|
||||||
sleep (1);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Out of time yet?
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (i == 15) {
|
|
||||||
pw_unlock ();
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Nope - and both files are now locked.
|
|
||||||
*/
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* ulckpwdf - unlock the password files
|
|
||||||
*/
|
|
||||||
|
|
||||||
int ulckpwdf (void)
|
|
||||||
{
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Unlock both files.
|
|
||||||
*/
|
|
||||||
|
|
||||||
return (pw_unlock () && spw_unlock ())? 0 : -1;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
extern int ISO_C_forbids_an_empty_translation_unit;
|
|
||||||
#endif
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef SHADOW_INCLUDE_LIB_MEMPCPY_H_
|
|
||||||
#define SHADOW_INCLUDE_LIB_MEMPCPY_H_
|
|
||||||
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
|
|
||||||
#if !defined(HAVE_MEMPCPY)
|
|
||||||
|
|
||||||
#include <stddef.h>
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
|
|
||||||
inline void *mempcpy(void *restrict dst, const void *restrict src, size_t n);
|
|
||||||
|
|
||||||
|
|
||||||
inline void *
|
|
||||||
mempcpy(void *restrict dst, const void *restrict src, size_t n)
|
|
||||||
{
|
|
||||||
return memcpy(dst, src, n) + n;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#endif // !HAVE_MEMPCPY
|
|
||||||
#endif // include guard
|
|
||||||
-58
@@ -1,58 +0,0 @@
|
|||||||
/* Author: Peter Vrabec <pvrabec@redhat.com> */
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
#ifdef USE_NSCD
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <sys/wait.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include "exitcodes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "nscd.h"
|
|
||||||
#include "shadowlog_internal.h"
|
|
||||||
|
|
||||||
#define MSG_NSCD_FLUSH_CACHE_FAILED "%s: Failed to flush the nscd cache.\n"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* nscd_flush_cache - flush specified service buffer in nscd cache
|
|
||||||
*/
|
|
||||||
int nscd_flush_cache (const char *service)
|
|
||||||
{
|
|
||||||
int status, code;
|
|
||||||
const char *cmd = "/usr/sbin/nscd";
|
|
||||||
const char *spawnedArgs[] = {"nscd", "-i", service, NULL};
|
|
||||||
const char *spawnedEnv[] = {NULL};
|
|
||||||
|
|
||||||
if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) {
|
|
||||||
/* run_command writes its own more detailed message. */
|
|
||||||
(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
code = WEXITSTATUS (status);
|
|
||||||
if (!WIFEXITED (status)) {
|
|
||||||
(void) fprintf (shadow_logfd,
|
|
||||||
_("%s: nscd did not terminate normally (signal %d)\n"),
|
|
||||||
shadow_progname, WTERMSIG (status));
|
|
||||||
return -1;
|
|
||||||
} else if (code == E_CMD_NOTFOUND) {
|
|
||||||
/* nscd is not installed, or it is installed but uses an
|
|
||||||
interpreter that is missing. Probably the former. */
|
|
||||||
return 0;
|
|
||||||
} else if (code == 1) {
|
|
||||||
/* nscd is installed, but it isn't active. */
|
|
||||||
return 0;
|
|
||||||
} else if (code != 0) {
|
|
||||||
(void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"),
|
|
||||||
shadow_progname, code);
|
|
||||||
(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#else /* USE_NSCD */
|
|
||||||
extern int ISO_C_forbids_an_empty_translation_unit;
|
|
||||||
#endif /* USE_NSCD */
|
|
||||||
|
|
||||||
-13
@@ -1,13 +0,0 @@
|
|||||||
#ifndef _NSCD_H_
|
|
||||||
#define _NSCD_H_
|
|
||||||
|
|
||||||
/*
|
|
||||||
* nscd_flush_cache - flush specified service buffer in nscd cache
|
|
||||||
*/
|
|
||||||
#ifdef USE_NSCD
|
|
||||||
extern int nscd_flush_cache (const char *service);
|
|
||||||
#else
|
|
||||||
#define nscd_flush_cache(service) (0)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
||||||
@@ -1,151 +0,0 @@
|
|||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <dlfcn.h>
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <strings.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <stdatomic.h>
|
|
||||||
|
|
||||||
#include "alloc.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "../libsubid/subid.h"
|
|
||||||
#include "shadowlog_internal.h"
|
|
||||||
#include "shadowlog.h"
|
|
||||||
|
|
||||||
#define NSSWITCH "/etc/nsswitch.conf"
|
|
||||||
|
|
||||||
// NSS plugin handling for subids
|
|
||||||
// If nsswitch has a line like
|
|
||||||
// subid: sssd
|
|
||||||
// then sssd will be consulted for subids. Unlike normal NSS dbs,
|
|
||||||
// only one db is supported at a time. That's open to debate, but
|
|
||||||
// the subids are a pretty limited resource, and local files seem
|
|
||||||
// bound to step on any other allocations leading to insecure
|
|
||||||
// conditions.
|
|
||||||
static atomic_flag nss_init_started;
|
|
||||||
static atomic_bool nss_init_completed;
|
|
||||||
|
|
||||||
static struct subid_nss_ops *subid_nss;
|
|
||||||
|
|
||||||
bool nss_is_initialized() {
|
|
||||||
return atomic_load(&nss_init_completed);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void nss_exit(void) {
|
|
||||||
if (nss_is_initialized() && subid_nss) {
|
|
||||||
dlclose(subid_nss->handle);
|
|
||||||
free(subid_nss);
|
|
||||||
subid_nss = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// nsswitch_path is an argument only to support testing.
|
|
||||||
void nss_init(const char *nsswitch_path) {
|
|
||||||
FILE *nssfp = NULL;
|
|
||||||
char *line = NULL, *p, *token, *saveptr;
|
|
||||||
size_t len = 0;
|
|
||||||
FILE *shadow_logfd = log_get_logfd();
|
|
||||||
char libname[65];
|
|
||||||
void *h;
|
|
||||||
|
|
||||||
if (atomic_flag_test_and_set(&nss_init_started)) {
|
|
||||||
// Another thread has started nss_init, wait for it to complete
|
|
||||||
while (!atomic_load(&nss_init_completed))
|
|
||||||
usleep(100);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!nsswitch_path)
|
|
||||||
nsswitch_path = NSSWITCH;
|
|
||||||
|
|
||||||
// read nsswitch.conf to check for a line like:
|
|
||||||
// subid: files
|
|
||||||
nssfp = fopen(nsswitch_path, "r");
|
|
||||||
if (!nssfp) {
|
|
||||||
if (errno != ENOENT)
|
|
||||||
fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
|
|
||||||
|
|
||||||
atomic_store(&nss_init_completed, true);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
p = NULL;
|
|
||||||
while (getline(&line, &len, nssfp) != -1) {
|
|
||||||
if (line[0] == '#')
|
|
||||||
continue;
|
|
||||||
if (strlen(line) < 8)
|
|
||||||
continue;
|
|
||||||
if (strncasecmp(line, "subid:", 6) != 0)
|
|
||||||
continue;
|
|
||||||
p = &line[6];
|
|
||||||
while (isspace(*p))
|
|
||||||
p++;
|
|
||||||
if (*p != '\0')
|
|
||||||
break;
|
|
||||||
p = NULL;
|
|
||||||
}
|
|
||||||
if (p == NULL) {
|
|
||||||
goto null_subid;
|
|
||||||
}
|
|
||||||
token = strtok_r(p, " \n\t", &saveptr);
|
|
||||||
if (token == NULL) {
|
|
||||||
fprintf(shadow_logfd, "No usable subid NSS module found, using files\n");
|
|
||||||
// subid_nss has to be null here, but to ease reviews:
|
|
||||||
goto null_subid;
|
|
||||||
}
|
|
||||||
if (strcmp(token, "files") == 0) {
|
|
||||||
goto null_subid;
|
|
||||||
}
|
|
||||||
if (strlen(token) > 50) {
|
|
||||||
fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
|
|
||||||
fprintf(shadow_logfd, "Using files\n");
|
|
||||||
goto null_subid;
|
|
||||||
}
|
|
||||||
snprintf(libname, 64, "libsubid_%s.so", token);
|
|
||||||
h = dlopen(libname, RTLD_LAZY);
|
|
||||||
if (!h) {
|
|
||||||
fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
|
|
||||||
fprintf(shadow_logfd, "Using files\n");
|
|
||||||
goto null_subid;
|
|
||||||
}
|
|
||||||
subid_nss = MALLOC(1, struct subid_nss_ops);
|
|
||||||
if (!subid_nss) {
|
|
||||||
goto close_lib;
|
|
||||||
}
|
|
||||||
subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
|
|
||||||
if (!subid_nss->has_range) {
|
|
||||||
fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
|
|
||||||
goto close_lib;
|
|
||||||
}
|
|
||||||
subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
|
|
||||||
if (!subid_nss->list_owner_ranges) {
|
|
||||||
fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
|
|
||||||
goto close_lib;
|
|
||||||
}
|
|
||||||
subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
|
|
||||||
if (!subid_nss->find_subid_owners) {
|
|
||||||
fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
|
|
||||||
goto close_lib;
|
|
||||||
}
|
|
||||||
subid_nss->handle = h;
|
|
||||||
goto done;
|
|
||||||
|
|
||||||
close_lib:
|
|
||||||
dlclose(h);
|
|
||||||
free(subid_nss);
|
|
||||||
null_subid:
|
|
||||||
subid_nss = NULL;
|
|
||||||
|
|
||||||
done:
|
|
||||||
atomic_store(&nss_init_completed, true);
|
|
||||||
free(line);
|
|
||||||
if (nssfp) {
|
|
||||||
atexit(nss_exit);
|
|
||||||
fclose(nssfp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
struct subid_nss_ops *get_subid_nss_handle() {
|
|
||||||
nss_init(NULL);
|
|
||||||
return subid_nss;
|
|
||||||
}
|
|
||||||
@@ -1,35 +0,0 @@
|
|||||||
/*
|
|
||||||
* SPDX-FileCopyrightText: 1999 , Marek Michałkiewicz
|
|
||||||
* SPDX-FileCopyrightText: 2001 - 2005, Tomasz Kłoczko
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <config.h>
|
|
||||||
#include <security/pam_appl.h>
|
|
||||||
#ifdef HAVE_SECURITY_PAM_MISC_H
|
|
||||||
# include <security/pam_misc.h>
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_SECURITY_OPENPAM_H
|
|
||||||
# include <security/openpam.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
static const struct pam_conv conv = {
|
|
||||||
SHADOW_PAM_CONVERSATION,
|
|
||||||
NULL
|
|
||||||
};
|
|
||||||
|
|
||||||
/* compatibility with different versions of Linux-PAM */
|
|
||||||
#if !HAVE_DECL_PAM_ESTABLISH_CRED
|
|
||||||
#define PAM_ESTABLISH_CRED PAM_CRED_ESTABLISH
|
|
||||||
#endif
|
|
||||||
#if !HAVE_DECL_PAM_DELETE_CRED
|
|
||||||
#define PAM_DELETE_CRED PAM_CRED_DELETE
|
|
||||||
#endif
|
|
||||||
#if !HAVE_DECL_PAM_NEW_AUTHTOK_REQD
|
|
||||||
#define PAM_NEW_AUTHTOK_REQD PAM_AUTHTOKEN_REQD
|
|
||||||
#endif
|
|
||||||
#if !HAVE_DECL_PAM_DATA_SILENT
|
|
||||||
#define PAM_DATA_SILENT 0
|
|
||||||
#endif
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user