Compare commits

...

36 Commits

Author SHA1 Message Date
Alejandro Colomar 7ceeec8d79 Release 4.14.7
Closes: <https://github.com/shadow-maint/shadow/issues/959>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-26 20:46:18 +01:00
Enrico Scholz aed99b13e0 lib/copydir.c: copy_entry(): Use temporary stat buffer
There are no guarantees that fstatat() does not clobber the stat
buffer on errors.

Use a temporary buffer so that the following code sees correct
attributes of the source entry.

Link: <https://github.com/shadow-maint/shadow/issues/973>
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 000619344d ("lib/copydir:copy_entry(): use temporary stat buffer")
Link: <https://github.com/shadow-maint/shadow/pull/974>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-22 00:19:06 +01:00
Antoine Roux 89d26e03db man/po/fr.po: Fix wrong french translation
32 characters were wrongly translated to 16 in french translation file.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 51a0d94a08 ("Fix wrong french translation")
Link: <https://github.com/shadow-maint/shadow/pull/975>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-22 00:10:24 +01:00
Skyler Ferrante f4293f9fbc lib/, src/: Add checks for fd omission
Adding function check_fds to new file fd.c. The function check_fds
should be called in every setuid/setgid program.

Co-developed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: d2f2c1877a ("Adding checks for fd omission")
Link: <https://github.com/shadow-maint/shadow/pull/964>
Link: <https://inbox.sourceware.org/libc-alpha/ZeyujhVRsDTUNUtw@debian/T/>
[alx: It seems we shouldn't need this, as libc does it for us.  But it ]
[     shouldn't hurt either.  Let's be paranoic.                       ]
Cc: <Guillem Jover <guillem@hadrons.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Cc: Rich Felker <dalias@libc.org>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Thorsten Glaser <tg@mirbsd.de>
Cc: NRK <nrk@disroot.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: enh <enh@google.com>
Cc: Laurent Bercot <ska-dietlibc@skarnet.org>
Cc: Gabriel Ravier <gabravier@gmail.com>
Cc: Zack Weinberg <zack@owlfolio.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-13 23:19:51 +01:00
Alejandro Colomar 39192107a6 src/vipw.c: Use string literals to initialize 'Prog'
This avoids using argv[0], which is controlled by the user,
and might inject arbitrary text in stderr and the logs.

Link: <https://github.com/shadow-maint/shadow/issues/959>
Link: <https://github.com/shadow-maint/shadow/pull/960>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Karel Zak <kzak@redhat.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Cherry-picked-from: 89c4da43cb ("src/vipw.c: Use string literals to initialize 'Prog'")
Link: <https://github.com/shadow-maint/shadow/pull/962>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-08 17:42:18 +01:00
Alejandro Colomar 470d6be230 src/vipw.c: Reverse logic and variable name
Since we're checking for "vigr", it makes more sense to name the
variable accordingly.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 0ab893a734 ("src/vipw.c: Reverse logic and variable name")
Link: <https://github.com/shadow-maint/shadow/pull/962>
[alx: This is needed by 89c4da43cb ("src/vipw.c: Use string literals to initialize 'Prog'")
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-08 17:42:09 +01:00
Skyler Ferrante a28371336e src/: Hardcode Prog to known value
Set Prog (program name) based on hardcoded value instead of argv[0].
This is to help prevent escape sequence injection.

Cherry-picked-from: e6c2e43937 ("Hardcoding Prog to known value")
Link: <https://github.com/shadow-maint/shadow/issues/959>
Link: <https://github.com/shadow-maint/shadow/pull/960>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Karel Zak <kzak@redhat.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-07 22:54:04 +01:00
Alejandro Colomar 71080e7900 Release 4.14.6
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-01 20:52:49 +01:00
Alejandro Colomar 7e396ba47f lib/utmp.c: Use the appropriate autotools macros for struct utmpx
Recently, we started using utmpx instead of utmp, and we updated
<./configure.ac> to do the checks for 'struct utmpx' instead of
'struct utmp'.  However, I forgot to update the preprocessor
conditionals accordingly.

Fixes: 64bcb54fa9 ("lib/, src/, configure.ac: Use utmpx instead of utmp")
Link: <https://github.com/shadow-maint/shadow/pull/954>
Cc: Firas Khalil Khana <firasuke@gmail.com>
Cc: "A. Wilfox" <https://github.com/awilfox>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 1af6b68cbe ("lib/utmp.c: Use the appropriate autotools macros for struct utmpx")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-21 18:18:45 +01:00
Alejandro Colomar 128fe1197c lib/utmp.c: Use defined() instead of #if[n]def
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 2806b827d8 ("lib/utmp.c: Use defined() instead of #if[n]def")
[alx: This is needed by 1af6b68cbe ("lib/utmp.c: Use the appropriate autotools macros for struct utmpx")]
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-21 18:18:14 +01:00
Alejandro Colomar 2da400de13 lib/utmp.c: Remove #endif comments
Indentation makes it clear which is which.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 7e94a2f484 ("lib/utmp.c: Remove #endif comments")
[alx: This is needed by 1af6b68cbe ("lib/utmp.c: Use the appropriate autotools macros for struct utmpx")]
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-21 18:17:47 +01:00
Alejandro Colomar 561cbbe880 lib/utmp.c: Merge preprocessor conditionals
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: e5815acf37 ("lib/utmp.c: Merge preprocessor conditionals")
[alx: This is needed by 1af6b68cbe ("lib/utmp.c: Use the appropriate autotools macros for struct utmpx")]
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-21 18:17:12 +01:00
Alejandro Colomar 261f40423a lib/utmp.c: Indent nested preprocessor conditionals
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: f4ea04b728 ("lib/utmp.c: Indent nested preprocessor conditionals")
[alx: This is needed by 1af6b68cbe ("lib/utmp.c: Use the appropriate autotools macros for struct utmpx")]
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-21 18:15:59 +01:00
Alejandro Colomar 02a9d041a3 lib/utmp.c: Replace UT_LINESIZE by a NITEMS() calculation
A difference between 'struct utmp' and 'struct utmpx' is that
the former uses UT_LINESIZE for the size of its array members,
while the latter doesn't have a standard variable to get its
size.  Therefore, we need to get the number of elements in
the array with NITEMS().

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cc: Firas Khalil Khana <firasuke@gmail.com>
Cc: "A. Wilfox" <https://github.com/awilfox>
Cherry-picked-from: 5ff6edf9f2 ("lib/utmp.c: Replace UT_LINESIZE by a NITEMS() calculation")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-20 22:53:54 +01:00
Alejandro Colomar bec925d29d lib/, src/, configure.ac: Use utmpx instead of utmp
utmpx is specified by POSIX as an XSI extension.  That's more portable
than utmp, which is unavailable for example in musl libc.  The manual
page specifies that in Linux (but it probably means in glibc), utmp and
utmpx (and the functions that use them) are identical, so this commit
shouldn't affect glibc systems.

Assume utmpx is always present.

Also, if utmpx is present, POSIX guarantees that some members exist:

-  ut_user
-  ut_id
-  ut_line
-  ut_pid
-  ut_type
-  ut_tv

So, rely on them unconditionally.

Fixes: 170b76cdd1 ("Disable utmpx permanently")
Closes: <https://github.com/shadow-maint/shadow/issues/945>
Reported-by: Firas Khalil Khana <firasuke@gmail.com>
Reported-by: "A. Wilfox" <https://github.com/awilfox>
Tested-by: Firas Khalil Khana <firasuke@gmail.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 64bcb54fa9 ("lib/, src/, configure.ac: Use utmpx instead of utmp")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-20 22:53:54 +01:00
Alejandro Colomar 2128715ede Revert 3 cherry-picks
This changes pull some more dependencies.  That's too much for a stable
branch, I think.  If anyone needs them, please ask for them, but for now
let's keep them out.

Reverts: 9d5591fba9 ("src/passwd.c: check password length upper limit")
Reverts: dbdda2a48a ("lib/: Saturate addition to avoid overflow")
Reverts: 541d4dde23 ("src/chage.c: Unify long overflow checks in print_day_as_date()")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-20 22:48:02 +01:00
Alejandro Colomar fee5e61d05 lib/getdate.y: get_date(): Fix calculation
Instead of adding 1, we should add the value the we stored previously in
the variable.

Fixes: 45c6603cc8 ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
Closes: <https://github.com/shadow-maint/shadow/issues/939>
Link: <https://github.com/shadow-maint/shadow/pull/942>
Reported-by: Michael Vetter <jubalh@iodoru.org>
Reported-by: Gus Kenion <https://github.com/kenion>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 4d139ca466 ("lib/getdate.y: get_date(): Fix calculation")
Link: <https://github.com/shadow-maint/shadow/pull/952>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-17 03:08:54 +01:00
Tomas Halman 9d5591fba9 src/passwd.c: check password length upper limit
The passwd silently truncated the password length to PASS_MAX.
This patch introduces check that prints an error message
and exits the call.

Signed-off-by: Tomas Halman <tomas@halman.net>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: f024002b3d66 ("src/passwd.c: inconsistent password length limit")
Cc: Serge Hallyn <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/953>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-16 23:38:12 +01:00
Tomas Halman bed23cc34d src/passwd.c: inconsistent password length limit
The passwd utility had hardcoded limit for password lenght set
to 200 characters. In the agetpass.c is used PASS_MAX for
this purpose.

This patch moves the PASS_MAX definition to common place
and uses it in both places.

Signed-off-by: Tomas Halman <tomas@halman.net>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: f024002b3d66 ("src/passwd.c: inconsistent password length limit")
Cc: Serge Hallyn <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/953>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-16 23:34:56 +01:00
Alejandro Colomar c4eae35466 lib/strtoday.c: strtoday(): Fix calculation
Days officially roll over at 00:00 UTC, not at 12:00 UTC.  I see no
reason to add that half day.

Also, remove the comment.  It's likely to get stale.

So, get_date() gets the number of seconds since the Epoch.  I wonder how
that thing works, but I'll assume it's something similar to getdate(3)
+ mktime(3).  After that, we need to convert seconds since Epoch to days
since Epoch.  That should be a simple division, AFAICS, since Epoch is
"1970‐01‐01 00:00:00 +0000 (UTC)".  See mktime(3).

Fixes: 45c6603cc8 ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
Link: <https://github.com/shadow-maint/shadow/issues/939>
Reported-by: Michael Vetter <jubalh@iodoru.org>
Tested-by: Gus Kenion <https://github.com/kenion>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 1175932c0c ("lib/strtoday.c: strtoday(): Fix calculation")
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/942>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-14 04:10:03 +01:00
Alejandro Colomar d6a9b72603 src/login.c: Fix off-by-one bugss
These functions expect a size, not a length.  Don't subtract 1 to the
size.

Link: <https://github.com/shadow-maint/shadow/pull/935>
Link: <https://github.com/shadow-maint/shadow/issues/920#issuecomment-1926002209>
Link: <https://github.com/shadow-maint/shadow/pull/757>
Link: <https://github.com/shadow-maint/shadow/issues/674>
See-also: 0656a90bfd0d ("src/login.c: Fix off-by-one buggs")
See-also: 403a2e3771 ("lib/chkname.c: Take NUL byte into account")
Fixes: 3b7cc05387 ("lib: replace `USER_NAME_MAX_LENGTH` macro")
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Tobias Stoeckmann <tobias@stoeckmann.org>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 15882a5f90 ("src/login.c: Fix off-by-one bugss")
Link: <https://github.com/shadow-maint/shadow/pull/936>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-14 04:10:03 +01:00
Alejandro Colomar cc2970c3a1 src/login.c: Fix off-by-one buggs
Before 3b7cc05387 ("lib: replace `USER_NAME_MAX_LENGTH` macro"), this
code did use a length.  It used a utmp(5) fixed-width buffer, so the
length matches the buffer size (there was no terminating NUL byte).
However, sysconf(_SC_LOGIN_NAME_MAX) returns a buffer size that accounts
for the terminating null byte; see sysconf(3).  Thus, the commit that
introduced the call to sysconf(3), should have taken that detail into
account.

403a2e3771 ("lib/chkname.c: Take NUL byte into account"), by Tobias,
caught that bug in <lib/chkname.c>, but missed that the same commit that
introduced that bug, introduced the same bug in two other places.
This fixes all remaining calls to sysconf(_SC_LOGIN_NAME_MAX).

I still observe some suspicious code after this fix:

	if (do_rlogin(hostname, username, max_size - 1, term, sizeof(term)))

	...

	login_prompt(username, max_size - 1);

We're passing size-1 to functions that want a size.  But since the fix
to those will be different, let's do that in the following commits.

Link: <https://github.com/shadow-maint/shadow/pull/935>
Link: <https://github.com/shadow-maint/shadow/issues/920#issuecomment-1926002209>
Link: <https://github.com/shadow-maint/shadow/pull/757>
Link: <https://github.com/shadow-maint/shadow/issues/674>
See-also: 403a2e3771 ("lib/chkname.c: Take NUL byte into account")
Fixes: 3b7cc05387 ("lib: replace `USER_NAME_MAX_LENGTH` macro")
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Tobias Stoeckmann <tobias@stoeckmann.org>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 6551709e96 ("src/login.c: Fix off-by-one buggs")
Link: <https://github.com/shadow-maint/shadow/pull/936>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-14 04:10:03 +01:00
Tobias Stoeckmann dbdda2a48a lib/: Saturate addition to avoid overflow
Very large values in /etc/shadow could lead to overflows.  Make sure
that these calculations are saturated at LONG_MAX.  Since entries are
based on days and not seconds since epoch, saturating won't hurt anyone.

Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 674409e226 ("lib/: Saturate addition to avoid overflow")
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-14 04:08:26 +01:00
Tobias Stoeckmann 541d4dde23 src/chage.c: Unify long overflow checks in print_day_as_date()
The conversion from day to seconds can be done in print_date
(renamed to print_day_as_date for clarification).  This has the nice
benefit that DAY multiplication and long to time_t conversion are done
at just one place.

Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 20100e4b22 ("src/chage.c: Unify long overflow checks in print_day_as_date()")
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/876>
[alx: This is a pre-requisite for 674409e226 ("lib/: Saturate addition to avoid overflow")]
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-14 04:07:55 +01:00
Tobias Stoeckmann 55f9635ecf lib/, src/: Remove SCALE definition
SCALE is always DAY (and has to be always DAY), so replace it with DAY
in source code and remove unneeded calculations.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: ecc3508877 ("lib/, src/: Remove SCALE definition")
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/888>
Link: <https://github.com/shadow-maint/shadow/pull/876>
[alx: This is a pre-requisite for 674409e226 ("lib/: Saturate addition to avoid overflow")]
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-14 04:07:32 +01:00
Tobias Stoeckmann 25fd8eb404 lib/defines.h: Remove ITI_AGING
ITI_AGING is not set through any build environment. If it would be set,
then timings in /etc/shadow would not fit anymore.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Cherry-picked-from: ab260fcd1f ("lib/defines.h: Remove ITI_AGING")
Link: <https://github.com/shadow-maint/shadow/pull/873>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
[alx: This is a pre-requisite for 674409e226 ("lib/: Saturate addition to avoid overflow")]
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-14 04:06:51 +01:00
Alejandro Colomar 24605a1b62 Release 4.14.5
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-13 18:59:37 +01:00
Alejandro Colomar 9f3d42b14d etc/pam.d/Makefile.am: Fix typo
The commit we're fixing mentions that it wanted to move 'chpasswd', but
it removed 'ch_g_passwd' from 'pamd_acct_tools_files' and added
'chpasswd' to 'pamd_files'.  It seems it removed the wrong thing by
accident.

Fixes: 341d80c2c7 ("Makefile: move chpasswd and newusers to pamd target")
Link: <https://github.com/shadow-maint/shadow/pull/928#discussion_r1487687347>
Link: <https://github.com/shadow-maint/shadow/issues/926#issuecomment-1941324761>
Reported-by: Dominique Leuenberger <dleuenberger@suse.com>
Reported-by: Michael Vetter <jubalh@iodoru.org>
Cc: David Runge <dvzrv@archlinux.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Tested-by: Michael Vetter <jubalh@iodoru.org>
Reviewed-by: Michael Vetter <jubalh@iodoru.org>
Reviewed-by: loqs <https://github.com/loqs>
Co-developed-by: Dominique Leuenberger <dleuenberger@suse.com>
Signed-off-by: Dominique Leuenberger <dleuenberger@suse.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 7eb10e6298 ("etc/pam.d/Makefile.am: Fix typo")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-13 18:47:39 +01:00
Alejandro Colomar f0f7fc60f2 Release 4.14.4
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-11 23:46:58 +01:00
Tobias Stoeckmann bc0151d4d3 lib/chkname.c: Take NUL byte into account
The _SC_LOGIN_NAME_MAX value includes space for the NUL byte.  The
length of name must smaller than this value to be valid.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Cherry-picked-from: 403a2e3771 ("lib/chkname.c: Take NUL byte into account")
Link: <https://github.com/shadow-maint/shadow/pull/935>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-05 00:46:30 +01:00
Alejandro Colomar 4b775cbff9 lib/chkname.c: Use tmp variable to avoid a -Wsign-compare warning
I used size_t because:

sysconf(3) can return -1 if the value is not supported, but then it can
only mean that there's no limit.  Having no limit is the same as having
a limit of SIZE_MAX (to which -1 is converted).

Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 6be85b0baf ("lib/chkname.c: Use tmp variable to avoid a -Wsign-compare warning")
[alx: This is to cherry-pick the next commit without conflict]
Link: <https://github.com/shadow-maint/shadow/pull/801>
Link: <https://github.com/shadow-maint/shadow/pull/935>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-02-05 00:40:18 +01:00
loqs bc2cc1106d Makefile: Move chpasswd and newusers to pamd target
Install pam configs for chpasswd and newusers when using:

	$ ./configure --with-libpam --disable-account-tools-setuid

Closes: <https://github.com/shadow-maint/shadow/issues/810>
Link: <https://github.com/shadow-maint/shadow/pull/928>
Tested-by: David Runge <dvzrv@archlinux.org>
Cherry-picked-from: 341d80c2c7 ("Makefile: move chpasswd and newusers to pamd target")
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-30 22:14:53 +01:00
Pablo Saavedra f630203ed8 lib/logind.c: active_sessions_count(): Fix build error 'parameter name omitted'
Add the omitted parameter name.

Closes: <https://github.com/shadow-maint/shadow/issues/918>
Link: <https://github.com/shadow-maint/shadow/pull/919>
Signed-off-by: Pablo Saavedra <psaavedra@igalia.com>
Cherry-picked-from: da84d0ede7 ("Fix Build error 'parameter name omitted' in logind")
Cc: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-30 17:34:04 +01:00
Sam James 7540b05197 Link correctly with libdl
This fixes build with glibc-2.33 (newer glibc merged libdl and libpthread
into libc):
```
libtool: link: x86_64-pc-linux-gnu-gcc -isystem /usr/include/bsd -DLIBBSD_OVERLAY -O2 -pipe -Wl,-O1 -o login login.o login_nopam.o  -Wl,--as-needed ../lib/.libs/libshadow.a -lcrypt -lsystemd -lpam -lpam_misc -lbsd
/usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: ../lib/.libs/libshadow.a(libshadow_la-nss.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5'
/usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: /lib64/libdl.so.2: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
```

In Debian, the needed macro from libtool seems to be in libltdl-dev.

Signed-off-by: Sam James <sam@gentoo.org>
Cc: Iker Pedrosa <ikerpedrosam@gmail.com>
Cherry-picked-from: 0f4e59fd00 ("Link correctly with libdl")
Link: <https://github.com/shadow-maint/shadow/pull/917>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-26 13:32:08 +01:00
Alejandro Colomar eae0b02796 Release 4.14.3
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-16 00:01:06 +01:00
Samanta Navarro 1c6a1206bd lib/sgetgrent.c: fix null pointer dereference
If reallocation fails in function list, then reset the size to 0 again.
Without the reset, the next call assumes that `members` points to
a memory location with reserved space.

Also use size_t instead of int for size to prevent signed integer
overflows. The length of group lines is not limited.

Fixes 45c0003e53 (4.14 release series)

Proof of Concept:

-  Prepare a group file (one long group line and a shorter one, both with a list of users)

	$ echo -n "root:x:0:" > /tmp/uwu
	$ yes , | tr -d '\n' | dd of=/tmp/uwu bs=10 count=3145728 seek=1 conv=notrunc iflag=fullblock
	$ echo -e "\nbin:x:1:," >> /tmp/uwu

-  Run grpck with tight memory constraints

	$ ulimit -d 102400
	$ grpck /tmp/uwu
	Segmentation fault (core dumped)

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
Cherry-picked-from: a9e07c0feb ("lib/sgetgrent.c: fix null pointer dereference")
Link: <https://github.com/shadow-maint/shadow/pull/904>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-16 00:00:43 +01:00
59 changed files with 402 additions and 435 deletions
+10 -13
View File
@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
m4_define([libsubid_abi_minor], 0) m4_define([libsubid_abi_minor], 0)
m4_define([libsubid_abi_micro], 0) m4_define([libsubid_abi_micro], 0)
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro]) m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
AC_INIT([shadow], [4.14.2], [pkg-shadow-devel@lists.alioth.debian.org], [], AC_INIT([shadow], [4.14.7], [pkg-shadow-devel@lists.alioth.debian.org], [],
[https://github.com/shadow-maint/shadow]) [https://github.com/shadow-maint/shadow])
AM_INIT_AUTOMAKE([1.11 foreign dist-xz]) AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
AC_CONFIG_MACRO_DIRS([m4]) AC_CONFIG_MACRO_DIRS([m4])
@@ -32,6 +32,7 @@ AC_PROG_CC
AC_PROG_LN_S AC_PROG_LN_S
AC_PROG_YACC AC_PROG_YACC
LT_INIT LT_INIT
LT_LIB_DLLOAD
dnl Checks for libraries. dnl Checks for libraries.
@@ -48,7 +49,7 @@ AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
AC_CHECK_FUNCS(arc4random_buf futimes \ AC_CHECK_FUNCS(arc4random_buf futimes \
getentropy getrandom getspnam getusershell \ getentropy getrandom getspnam getusershell \
initgroups lckpwdf lutimes mempcpy \ initgroups lckpwdf lutimes mempcpy \
setgroups updwtmp updwtmpx innetgr \ setgroups updwtmpx innetgr \
getspnam_r \ getspnam_r \
rpmatch \ rpmatch \
memset_explicit explicit_bzero stpecpy stpeprintf) memset_explicit explicit_bzero stpecpy stpeprintf)
@@ -56,17 +57,13 @@ AC_SYS_LARGEFILE
dnl Checks for typedefs, structures, and compiler characteristics. dnl Checks for typedefs, structures, and compiler characteristics.
AC_CHECK_MEMBERS([struct utmp.ut_type, AC_CHECK_MEMBERS([struct utmpx.ut_name,
struct utmp.ut_id, struct utmpx.ut_host,
struct utmp.ut_name, struct utmpx.ut_syslen,
struct utmp.ut_user, struct utmpx.ut_addr,
struct utmp.ut_host, struct utmpx.ut_addr_v6,
struct utmp.ut_syslen, struct utmpx.ut_time,
struct utmp.ut_addr, struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])
struct utmp.ut_addr_v6,
struct utmp.ut_time,
struct utmp.ut_xtime,
struct utmp.ut_tv],,,[[#include <utmp.h>]])
dnl Checks for library functions. dnl Checks for library functions.
AC_TYPE_GETGROUPS AC_TYPE_GETGROUPS
+2 -2
View File
@@ -2,20 +2,20 @@
# and also cooperate to make a distribution for `make dist' # and also cooperate to make a distribution for `make dist'
pamd_files = \ pamd_files = \
chpasswd \
chfn \ chfn \
chsh \ chsh \
groupmems \ groupmems \
login \ login \
newusers \
passwd passwd
pamd_acct_tools_files = \ pamd_acct_tools_files = \
chage \ chage \
chgpasswd \ chgpasswd \
chpasswd \
groupadd \ groupadd \
groupdel \ groupdel \
groupmod \ groupmod \
newusers \
useradd \ useradd \
userdel \ userdel \
usermod usermod
+2
View File
@@ -20,6 +20,7 @@ endif
libshadow_la_CPPFLAGS += -I$(top_srcdir) libshadow_la_CPPFLAGS += -I$(top_srcdir)
libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD) libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
libshadow_la_LIBADD = $(LIBADD_DLOPEN)
libshadow_la_SOURCES = \ libshadow_la_SOURCES = \
addgrps.c \ addgrps.c \
@@ -52,6 +53,7 @@ libshadow_la_SOURCES = \
faillog.h \ faillog.h \
failure.c \ failure.c \
failure.h \ failure.h \
fd.c \
fields.c \ fields.c \
find_new_gid.c \ find_new_gid.c \
find_new_uid.c \ find_new_uid.c \
+1 -2
View File
@@ -139,7 +139,7 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
void agecheck (/*@null@*/const struct spwd *sp) void agecheck (/*@null@*/const struct spwd *sp)
{ {
long now = time(NULL) / SCALE; long now = time(NULL) / DAY;
long remain; long remain;
if (NULL == sp) { if (NULL == sp) {
@@ -164,7 +164,6 @@ void agecheck (/*@null@*/const struct spwd *sp)
remain = sp->sp_lstchg + sp->sp_max - now; remain = sp->sp_lstchg + sp->sp_max - now;
if (remain <= sp->sp_warn) { if (remain <= sp->sp_warn) {
remain /= DAY / SCALE;
if (remain > 1) { if (remain > 1) {
(void) printf (_("Your password will expire in %ld days.\n"), (void) printf (_("Your password will expire in %ld days.\n"),
remain); remain);
-6
View File
@@ -9,7 +9,6 @@
#include <limits.h> #include <limits.h>
#include <readpassphrase.h> #include <readpassphrase.h>
#include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@@ -23,11 +22,6 @@
#endif /* WITH_LIBBSD */ #endif /* WITH_LIBBSD */
#if !defined(PASS_MAX)
#define PASS_MAX BUFSIZ - 1
#endif
/* /*
* SYNOPSIS * SYNOPSIS
* [[gnu::malloc(erase_pass)]] * [[gnu::malloc(erase_pass)]]
+4 -2
View File
@@ -74,12 +74,14 @@ static bool is_valid_name (const char *name)
bool is_valid_user_name (const char *name) bool is_valid_user_name (const char *name)
{ {
size_t maxlen;
/* /*
* User names length are limited by the kernel * User names length are limited by the kernel
*/ */
if (strlen (name) > sysconf(_SC_LOGIN_NAME_MAX)) { maxlen = sysconf(_SC_LOGIN_NAME_MAX);
if (strlen(name) >= maxlen)
return false; return false;
}
return is_valid_name (name); return is_valid_name (name);
} }
+2 -1
View File
@@ -415,6 +415,7 @@ static int copy_entry (const struct path_info *src, const struct path_info *dst,
{ {
int err = 0; int err = 0;
struct stat sb; struct stat sb;
struct stat tmp_sb;
struct link_name *lp; struct link_name *lp;
struct timespec mt[2]; struct timespec mt[2];
@@ -436,7 +437,7 @@ static int copy_entry (const struct path_info *src, const struct path_info *dst,
* If the destination already exists do nothing. * If the destination already exists do nothing.
* This is after the copy_dir above to still iterate into subdirectories. * This is after the copy_dir above to still iterate into subdirectories.
*/ */
if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) {
return 0; return 0;
} }
+11 -7
View File
@@ -25,6 +25,7 @@
((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
#endif #endif
#include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@@ -153,7 +154,6 @@ static inline void memzero(void *ptr, size_t size)
* *
* DAY - seconds / day * DAY - seconds / day
* WEEK - seconds / week * WEEK - seconds / week
* SCALE - seconds / aging unit
*/ */
/* Solaris defines this in shadow.h */ /* Solaris defines this in shadow.h */
@@ -163,12 +163,6 @@ static inline void memzero(void *ptr, size_t size)
#define WEEK (7*DAY) #define WEEK (7*DAY)
#ifdef ITI_AGING
#define SCALE 1
#else
#define SCALE DAY
#endif
#define WIDTHOF(x) (sizeof(x) * CHAR_BIT) #define WIDTHOF(x) (sizeof(x) * CHAR_BIT)
#define NITEMS(arr) (sizeof((arr)) / sizeof((arr)[0])) #define NITEMS(arr) (sizeof((arr)) / sizeof((arr)[0]))
#define STRLEN(s) (NITEMS(s) - 1) #define STRLEN(s) (NITEMS(s) - 1)
@@ -247,4 +241,14 @@ static inline void memzero(void *ptr, size_t size)
# define shadow_getenv(name) getenv(name) # define shadow_getenv(name) getenv(name)
#endif #endif
/*
* Maximum password length
*
* Consider that there is also limit in PAM (PAM_MAX_RESP_SIZE)
* currently set to 512.
*/
#if !defined(PASS_MAX)
#define PASS_MAX BUFSIZ - 1
#endif
#endif /* _DEFINES_H_ */ #endif /* _DEFINES_H_ */
+41
View File
@@ -0,0 +1,41 @@
// SPDX-FileCopyrightText: 2024, Skyler Ferrante <sjf5462@rit.edu>
// SPDX-License-Identifier: BSD-3-Clause
/**
* To protect against file descriptor omission attacks, we open the std file
* descriptors with /dev/null if they are not already open. Code is based on
* fix_fds from sudo.c.
*/
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
#include "prototypes.h"
static void check_fd(int fd);
void
check_fds(void)
{
/**
* Make sure stdin, stdout, stderr are open
* If they are closed, set them to /dev/null
*/
check_fd(STDIN_FILENO);
check_fd(STDOUT_FILENO);
check_fd(STDERR_FILENO);
}
static void
check_fd(int fd)
{
int devnull;
if (fcntl(fd, F_GETFL, 0) != -1)
return;
devnull = open("/dev/null", O_RDWR);
if (devnull != fd)
abort();
}
+6 -6
View File
@@ -318,7 +318,7 @@ relunit : tUNUMBER tYEAR_UNIT {
yyRelYear += $1 * $2; yyRelYear += $1 * $2;
} }
| tYEAR_UNIT { | tYEAR_UNIT {
yyRelYear++; yyRelYear += $1;
} }
| tUNUMBER tMONTH_UNIT { | tUNUMBER tMONTH_UNIT {
yyRelMonth += $1 * $2; yyRelMonth += $1 * $2;
@@ -327,7 +327,7 @@ relunit : tUNUMBER tYEAR_UNIT {
yyRelMonth += $1 * $2; yyRelMonth += $1 * $2;
} }
| tMONTH_UNIT { | tMONTH_UNIT {
yyRelMonth++; yyRelMonth += $1;
} }
| tUNUMBER tDAY_UNIT { | tUNUMBER tDAY_UNIT {
yyRelDay += $1 * $2; yyRelDay += $1 * $2;
@@ -336,7 +336,7 @@ relunit : tUNUMBER tYEAR_UNIT {
yyRelDay += $1 * $2; yyRelDay += $1 * $2;
} }
| tDAY_UNIT { | tDAY_UNIT {
yyRelDay++; yyRelDay += $1;
} }
| tUNUMBER tHOUR_UNIT { | tUNUMBER tHOUR_UNIT {
yyRelHour += $1 * $2; yyRelHour += $1 * $2;
@@ -345,7 +345,7 @@ relunit : tUNUMBER tYEAR_UNIT {
yyRelHour += $1 * $2; yyRelHour += $1 * $2;
} }
| tHOUR_UNIT { | tHOUR_UNIT {
yyRelHour++; yyRelHour += $1;
} }
| tUNUMBER tMINUTE_UNIT { | tUNUMBER tMINUTE_UNIT {
yyRelMinutes += $1 * $2; yyRelMinutes += $1 * $2;
@@ -354,7 +354,7 @@ relunit : tUNUMBER tYEAR_UNIT {
yyRelMinutes += $1 * $2; yyRelMinutes += $1 * $2;
} }
| tMINUTE_UNIT { | tMINUTE_UNIT {
yyRelMinutes++; yyRelMinutes += $1;
} }
| tUNUMBER tSEC_UNIT { | tUNUMBER tSEC_UNIT {
yyRelSeconds += $1 * $2; yyRelSeconds += $1 * $2;
@@ -363,7 +363,7 @@ relunit : tUNUMBER tYEAR_UNIT {
yyRelSeconds += $1 * $2; yyRelSeconds += $1 * $2;
} }
| tSEC_UNIT { | tSEC_UNIT {
yyRelSeconds++; yyRelSeconds += $1;
} }
; ;
+2 -2
View File
@@ -40,7 +40,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
{ {
long now; long now;
now = time(NULL) / SCALE; now = time(NULL) / DAY;
if (NULL == sp) { if (NULL == sp) {
return 0; return 0;
@@ -84,7 +84,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
if ( (-1 == sp->sp_lstchg) if ( (-1 == sp->sp_lstchg)
|| (-1 == sp->sp_max) || (-1 == sp->sp_max)
|| (sp->sp_max >= ((10000L * DAY) / SCALE))) { || (sp->sp_max >= 10000)) {
return 0; return 0;
} }
+1 -1
View File
@@ -24,7 +24,7 @@
* *
* A "last login" entry is created for the user being logged in. The * A "last login" entry is created for the user being logged in. The
* UID is extracted from the global (struct passwd) entry and the * UID is extracted from the global (struct passwd) entry and the
* TTY information is gotten from the (struct utmp). * TTY information is gotten from the (struct utmpx).
*/ */
void dolastlog ( void dolastlog (
struct lastlog *ll, struct lastlog *ll,
+1 -1
View File
@@ -35,7 +35,7 @@ done:
return ret; return ret;
} }
unsigned long active_sessions_count(const char *name, unsigned long unused) unsigned long active_sessions_count(const char *name, unsigned long unused(limit))
{ {
struct passwd *pw; struct passwd *pw;
unsigned long count = 0; unsigned long count = 0;
+3
View File
@@ -127,6 +127,9 @@ extern void initenv (void);
extern void set_env (int, char *const *); extern void set_env (int, char *const *);
extern void sanitize_env (void); extern void sanitize_env (void);
/* fd.c */
extern void check_fds (void);
/* fields.c */ /* fields.c */
extern void change_field (char *, size_t, const char *); extern void change_field (char *, size_t, const char *);
extern int valid_field (const char *, const char *); extern int valid_field (const char *, const char *);
+2 -2
View File
@@ -39,8 +39,8 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
* Defaults used if there is no pw_age information. * Defaults used if there is no pw_age information.
*/ */
sp.sp_min = 0; sp.sp_min = 0;
sp.sp_max = (10000L * DAY) / SCALE; sp.sp_max = 10000;
sp.sp_lstchg = gettime () / SCALE; sp.sp_lstchg = gettime () / DAY;
if (0 == sp.sp_lstchg) { if (0 == sp.sp_lstchg) {
/* Better disable aging than requiring a password /* Better disable aging than requiring a password
* change */ * change */
+5 -3
View File
@@ -37,8 +37,8 @@
static char **list (char *s) static char **list (char *s)
{ {
static char **members = NULL; static char **members = NULL;
static int size = 0; /* max members + 1 */ static size_t size = 0; /* max members + 1 */
int i; size_t i;
i = 0; i = 0;
for (;;) { for (;;) {
@@ -47,8 +47,10 @@ static char **list (char *s)
if (i >= size) { if (i >= size) {
size = i + 100; /* at least: i + 1 */ size = i + 100; /* at least: i + 1 */
members = REALLOCF(members, size, char *); members = REALLOCF(members, size, char *);
if (!members) if (!members) {
size = 0;
return NULL; return NULL;
}
} }
if (!s || s[0] == '\0') if (!s || s[0] == '\0')
break; break;
+2 -3
View File
@@ -68,10 +68,9 @@ long strtoday (const char *str)
return retdate; return retdate;
} }
t = get_date (str, NULL); t = get_date(str, NULL);
if ((time_t) - 1 == t) { if ((time_t) - 1 == t) {
return -2; return -2;
} }
/* convert seconds to days since 1970-01-01 */ return t / DAY;
return (t + DAY / 2) / DAY;
} }
+9 -6
View File
@@ -49,13 +49,15 @@ int user_busy (const char *name, uid_t uid)
#endif /* !__linux__ */ #endif /* !__linux__ */
} }
#ifndef __linux__
static int user_busy_utmp (const char *name)
{
struct utmp *utent;
setutent (); #ifndef __linux__
while ((utent = getutent ()) != NULL) static int
user_busy_utmp(const char *name)
{
struct utmpx *utent;
setutxent();
while ((utent = getutxent()) != NULL)
{ {
if (utent->ut_type != USER_PROCESS) { if (utent->ut_type != USER_PROCESS) {
continue; continue;
@@ -77,6 +79,7 @@ static int user_busy_utmp (const char *name)
} }
#endif /* !__linux__ */ #endif /* !__linux__ */
#ifdef __linux__ #ifdef __linux__
#ifdef ENABLE_SUBIDS #ifdef ENABLE_SUBIDS
#define in_parentuid_range(uid) ((uid) >= parentuid && (uid) < parentuid + range) #define in_parentuid_range(uid) ((uid) >= parentuid && (uid) < parentuid + range)
+89 -90
View File
@@ -13,7 +13,7 @@
#include "prototypes.h" #include "prototypes.h"
#include "getdef.h" #include "getdef.h"
#include <utmp.h> #include <utmpx.h>
#include <assert.h> #include <assert.h>
#include <sys/param.h> #include <sys/param.h>
#include <sys/types.h> #include <sys/types.h>
@@ -27,19 +27,23 @@
#ident "$Id$" #ident "$Id$"
#define UTX_LINESIZE NITEMS((struct utmpx){}.ut_line)
/* /*
* is_my_tty -- determine if "tty" is the same TTY stdin is using * is_my_tty -- determine if "tty" is the same TTY stdin is using
*/ */
static bool is_my_tty (const char tty[UT_LINESIZE]) static bool
is_my_tty(const char tty[UTX_LINESIZE])
{ {
char full_tty[STRLEN("/dev/") + UT_LINESIZE + 1]; char full_tty[STRLEN("/dev/") + UTX_LINESIZE + 1];
/* tmptty shall be bigger than full_tty */ /* tmptty shall be bigger than full_tty */
static char tmptty[sizeof(full_tty) + 1]; static char tmptty[sizeof(full_tty) + 1];
full_tty[0] = '\0'; full_tty[0] = '\0';
if (tty[0] != '/') if (tty[0] != '/')
strcpy (full_tty, "/dev/"); strcpy (full_tty, "/dev/");
strncat (full_tty, tty, UT_LINESIZE); strncat(full_tty, tty, UTX_LINESIZE);
if ('\0' == tmptty[0]) { if ('\0' == tmptty[0]) {
const char *tname = ttyname (STDIN_FILENO); const char *tname = ttyname (STDIN_FILENO);
@@ -55,13 +59,15 @@ static bool is_my_tty (const char tty[UT_LINESIZE])
return strcmp (full_tty, tmptty) == 0; return strcmp (full_tty, tmptty) == 0;
} }
/* /*
* failtmp - update the cumulative failure log * failtmp - update the cumulative failure log
* *
* failtmp updates the (struct utmp) formatted failure log which * failtmp updates the (struct utmpx) formatted failure log which
* maintains a record of all login failures. * maintains a record of all login failures.
*/ */
static void failtmp (const char *username, const struct utmp *failent) static void
failtmp(const char *username, const struct utmpx *failent)
{ {
const char *ftmp; const char *ftmp;
int fd; int fd;
@@ -106,6 +112,7 @@ static void failtmp (const char *username, const struct utmp *failent)
} }
} }
/* /*
* get_current_utmp - return the most probable utmp entry for the current * get_current_utmp - return the most probable utmp entry for the current
* session * session
@@ -114,56 +121,55 @@ static void failtmp (const char *username, const struct utmp *failent)
* The line entered by the *getty / telnetd, etc. should also match * The line entered by the *getty / telnetd, etc. should also match
* the current terminal. * the current terminal.
* *
* When an entry is returned by get_current_utmp, and if the utmp * When an entry is returned by get_current_utmp, and if the utmpx
* structure has a ut_id field, this field should be used to update * structure has a ut_id field, this field should be used to update
* the entry information. * the entry information.
* *
* Return NULL if no entries exist in utmp for the current process. * Return NULL if no entries exist in utmp for the current process.
*/ */
static static /*@null@*/ /*@only@*/struct utmpx *
/*@null@*/ /*@only@*/struct utmp *get_current_utmp (void) get_current_utmp(void)
{ {
struct utmp *ut; struct utmpx *ut;
struct utmp *ret = NULL; struct utmpx *ret = NULL;
setutent (); setutxent();
/* First, try to find a valid utmp entry for this process. */ /* First, try to find a valid utmp entry for this process. */
while ((ut = getutent ()) != NULL) { while ((ut = getutxent()) != NULL) {
if ( (ut->ut_pid == getpid ()) if ( (ut->ut_pid == getpid ())
#ifdef HAVE_STRUCT_UTMP_UT_ID
&& ('\0' != ut->ut_id[0]) && ('\0' != ut->ut_id[0])
#endif
#ifdef HAVE_STRUCT_UTMP_UT_TYPE
&& ( (LOGIN_PROCESS == ut->ut_type) && ( (LOGIN_PROCESS == ut->ut_type)
|| (USER_PROCESS == ut->ut_type)) || (USER_PROCESS == ut->ut_type))
#endif
/* A process may have failed to close an entry /* A process may have failed to close an entry
* Check if this entry refers to the current tty */ * Check if this entry refers to the current tty */
&& is_my_tty (ut->ut_line)) { && is_my_tty(ut->ut_line))
{
break; break;
} }
} }
if (NULL != ut) { if (NULL != ut) {
ret = XMALLOC(1, struct utmp); ret = XMALLOC(1, struct utmpx);
memcpy (ret, ut, sizeof (*ret)); memcpy (ret, ut, sizeof (*ret));
} }
endutent (); endutxent();
return ret; return ret;
} }
int get_session_host (char **out)
int
get_session_host(char **out)
{ {
char *hostname = NULL; int ret = 0;
struct utmp *ut = NULL; char *hostname;
int ret = 0; struct utmpx *ut;
ut = get_current_utmp(); ut = get_current_utmp();
#ifdef HAVE_STRUCT_UTMP_UT_HOST #if defined(HAVE_STRUCT_UTMPX_UT_HOST)
if ((ut != NULL) && (ut->ut_host[0] != '\0')) { if ((ut != NULL) && (ut->ut_host[0] != '\0')) {
hostname = XMALLOC(sizeof(ut->ut_host) + 1, char); hostname = XMALLOC(sizeof(ut->ut_host) + 1, char);
strncpy (hostname, ut->ut_host, sizeof (ut->ut_host)); strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
@@ -177,18 +183,19 @@ int get_session_host (char **out)
#else #else
*out = NULL; *out = NULL;
ret = -2; ret = -2;
#endif /* HAVE_STRUCT_UTMP_UT_HOST */ #endif
return ret; return ret;
} }
#ifndef USE_PAM
#if !defined(USE_PAM) && !defined(HAVE_UPDWTMPX)
/* /*
* Some systems already have updwtmp() and possibly updwtmpx(). Others * Some systems already have updwtmpx(). Others
* don't, so we re-implement these functions if necessary. * don't, so we re-implement these functions if necessary.
*/ */
#ifndef HAVE_UPDWTMP static void
static void updwtmp (const char *filename, const struct utmp *ut) updwtmpx(const char *filename, const struct utmpx *ut)
{ {
int fd; int fd;
@@ -198,9 +205,7 @@ static void updwtmp (const char *filename, const struct utmp *ut)
close (fd); close (fd);
} }
} }
#endif /* ! HAVE_UPDWTMP */ #endif
#endif /* ! USE_PAM */
/* /*
@@ -221,15 +226,13 @@ static void updwtmp (const char *filename, const struct utmp *ut)
* *
* The returned structure shall be freed by the caller. * The returned structure shall be freed by the caller.
*/ */
static static /*@only@*/struct utmpx *
/*@only@*/struct utmp *prepare_utmp (const char *name, prepare_utmp(const char *name, const char *line, const char *host,
const char *line, /*@null@*/const struct utmpx *ut)
const char *host,
/*@null@*/const struct utmp *ut)
{ {
struct timeval tv; char *hostname = NULL;
char *hostname = NULL; struct utmpx *utent;
struct utmp *utent; struct timeval tv;
assert (NULL != name); assert (NULL != name);
assert (NULL != line); assert (NULL != line);
@@ -240,13 +243,13 @@ static
&& ('\0' != host[0])) { && ('\0' != host[0])) {
hostname = XMALLOC(strlen(host) + 1, char); hostname = XMALLOC(strlen(host) + 1, char);
strcpy (hostname, host); strcpy (hostname, host);
#ifdef HAVE_STRUCT_UTMP_UT_HOST #if defined(HAVE_STRUCT_UTMPX_UT_HOST)
} else if ( (NULL != ut) } else if ( (NULL != ut)
&& ('\0' != ut->ut_host[0])) { && ('\0' != ut->ut_host[0])) {
hostname = XMALLOC(sizeof(ut->ut_host) + 1, char); hostname = XMALLOC(sizeof(ut->ut_host) + 1, char);
strncpy (hostname, ut->ut_host, sizeof (ut->ut_host)); strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
hostname[sizeof (ut->ut_host)] = '\0'; hostname[sizeof (ut->ut_host)] = '\0';
#endif /* HAVE_STRUCT_UTMP_UT_HOST */ #endif
} }
if (strncmp(line, "/dev/", 5) == 0) { if (strncmp(line, "/dev/", 5) == 0) {
@@ -254,38 +257,32 @@ static
} }
utent = XCALLOC (1, struct utmp); utent = XCALLOC(1, struct utmpx);
#ifdef HAVE_STRUCT_UTMP_UT_TYPE
utent->ut_type = USER_PROCESS; utent->ut_type = USER_PROCESS;
#endif /* HAVE_STRUCT_UTMP_UT_TYPE */
utent->ut_pid = getpid (); utent->ut_pid = getpid ();
strncpy (utent->ut_line, line, sizeof (utent->ut_line) - 1); strncpy (utent->ut_line, line, sizeof (utent->ut_line) - 1);
#ifdef HAVE_STRUCT_UTMP_UT_ID
if (NULL != ut) { if (NULL != ut) {
strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id)); strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id));
} else { } else {
/* XXX - assumes /dev/tty?? */ /* XXX - assumes /dev/tty?? */
strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id) - 1); strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id) - 1);
} }
#endif /* HAVE_STRUCT_UTMP_UT_ID */ #if defined(HAVE_STRUCT_UTMPX_UT_NAME)
#ifdef HAVE_STRUCT_UTMP_UT_NAME
strncpy (utent->ut_name, name, sizeof (utent->ut_name)); strncpy (utent->ut_name, name, sizeof (utent->ut_name));
#endif /* HAVE_STRUCT_UTMP_UT_NAME */ #endif
#ifdef HAVE_STRUCT_UTMP_UT_USER
strncpy (utent->ut_user, name, sizeof (utent->ut_user) - 1); strncpy (utent->ut_user, name, sizeof (utent->ut_user) - 1);
#endif /* HAVE_STRUCT_UTMP_UT_USER */
if (NULL != hostname) { if (NULL != hostname) {
struct addrinfo *info = NULL; struct addrinfo *info = NULL;
#ifdef HAVE_STRUCT_UTMP_UT_HOST #if defined(HAVE_STRUCT_UTMPX_UT_HOST)
strncpy (utent->ut_host, hostname, sizeof (utent->ut_host) - 1); strncpy (utent->ut_host, hostname, sizeof (utent->ut_host) - 1);
#endif /* HAVE_STRUCT_UTMP_UT_HOST */ #endif
#ifdef HAVE_STRUCT_UTMP_UT_SYSLEN #if defined(HAVE_STRUCT_UTMPX_UT_SYSLEN)
utent->ut_syslen = MIN (strlen (hostname), utent->ut_syslen = MIN (strlen (hostname),
sizeof (utent->ut_host)); sizeof (utent->ut_host));
#endif /* HAVE_STRUCT_UTMP_UT_SYSLEN */ #endif
#if defined(HAVE_STRUCT_UTMP_UT_ADDR) || defined(HAVE_STRUCT_UTMP_UT_ADDR_V6) #if defined(HAVE_STRUCT_UTMPX_UT_ADDR) || defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
if (getaddrinfo (hostname, NULL, NULL, &info) == 0) { if (getaddrinfo (hostname, NULL, NULL, &info) == 0) {
/* getaddrinfo might not be reliable. /* getaddrinfo might not be reliable.
* Just try to log what may be useful. * Just try to log what may be useful.
@@ -293,13 +290,13 @@ static
if (info->ai_family == AF_INET) { if (info->ai_family == AF_INET) {
struct sockaddr_in *sa = struct sockaddr_in *sa =
(struct sockaddr_in *) info->ai_addr; (struct sockaddr_in *) info->ai_addr;
#ifdef HAVE_STRUCT_UTMP_UT_ADDR # if defined(HAVE_STRUCT_UTMPX_UT_ADDR)
memcpy (&(utent->ut_addr), memcpy (&(utent->ut_addr),
&(sa->sin_addr), &(sa->sin_addr),
MIN (sizeof (utent->ut_addr), MIN (sizeof (utent->ut_addr),
sizeof (sa->sin_addr))); sizeof (sa->sin_addr)));
#endif /* HAVE_STRUCT_UTMP_UT_ADDR */ # endif
#ifdef HAVE_STRUCT_UTMP_UT_ADDR_V6 # if defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
memcpy (utent->ut_addr_v6, memcpy (utent->ut_addr_v6,
&(sa->sin_addr), &(sa->sin_addr),
MIN (sizeof (utent->ut_addr_v6), MIN (sizeof (utent->ut_addr_v6),
@@ -311,61 +308,61 @@ static
&(sa->sin6_addr), &(sa->sin6_addr),
MIN (sizeof (utent->ut_addr_v6), MIN (sizeof (utent->ut_addr_v6),
sizeof (sa->sin6_addr))); sizeof (sa->sin6_addr)));
#endif /* HAVE_STRUCT_UTMP_UT_ADDR_V6 */ # endif
} }
freeaddrinfo (info); freeaddrinfo (info);
} }
#endif /* HAVE_STRUCT_UTMP_UT_ADDR || HAVE_STRUCT_UTMP_UT_ADDR_V6 */ #endif
free (hostname); free (hostname);
} }
/* ut_exit is only for DEAD_PROCESS */ /* ut_exit is only for DEAD_PROCESS */
utent->ut_session = getsid (0); utent->ut_session = getsid (0);
if (gettimeofday (&tv, NULL) == 0) { if (gettimeofday (&tv, NULL) == 0) {
#ifdef HAVE_STRUCT_UTMP_UT_TIME #if defined(HAVE_STRUCT_UTMPX_UT_TIME)
utent->ut_time = tv.tv_sec; utent->ut_time = tv.tv_sec;
#endif /* HAVE_STRUCT_UTMP_UT_TIME */ #endif
#ifdef HAVE_STRUCT_UTMP_UT_XTIME #if defined(HAVE_STRUCT_UTMPX_UT_XTIME)
utent->ut_xtime = tv.tv_usec; utent->ut_xtime = tv.tv_usec;
#endif /* HAVE_STRUCT_UTMP_UT_XTIME */ #endif
#ifdef HAVE_STRUCT_UTMP_UT_TV
utent->ut_tv.tv_sec = tv.tv_sec; utent->ut_tv.tv_sec = tv.tv_sec;
utent->ut_tv.tv_usec = tv.tv_usec; utent->ut_tv.tv_usec = tv.tv_usec;
#endif /* HAVE_STRUCT_UTMP_UT_TV */
} }
return utent; return utent;
} }
/* /*
* setutmp - Update an entry in utmp and log an entry in wtmp * setutmp - Update an entry in utmp and log an entry in wtmp
* *
* Return 1 on failure and 0 on success. * Return 1 on failure and 0 on success.
*/ */
static int setutmp (struct utmp *ut) static int
setutmp(struct utmpx *ut)
{ {
int err = 0; int err = 0;
assert (NULL != ut); assert (NULL != ut);
setutent (); setutxent();
if (pututline (ut) == NULL) { if (pututxline(ut) == NULL) {
err = 1; err = 1;
} }
endutent (); endutxent();
#ifndef USE_PAM #if !defined(USE_PAM)
/* This is done by pam_lastlog */ /* This is done by pam_lastlog */
updwtmp (_WTMP_FILE, ut); updwtmpx(_WTMP_FILE, ut);
#endif /* ! USE_PAM */ #endif
return err; return err;
} }
int update_utmp (const char *user,
const char *tty, int
const char *host) update_utmp(const char *user, const char *tty, const char *host)
{ {
struct utmp *utent, *ut; struct utmpx *utent, *ut;
utent = get_current_utmp (); utent = get_current_utmp ();
ut = prepare_utmp (user, tty, host, utent); ut = prepare_utmp (user, tty, host, utent);
@@ -380,11 +377,11 @@ int update_utmp (const char *user,
return 0; return 0;
} }
void record_failure(const char *failent_user,
const char *tty, void
const char *hostname) record_failure(const char *failent_user, const char *tty, const char *hostname)
{ {
struct utmp *utent, *failent; struct utmpx *utent, *failent;
if (getdef_str ("FTMP_FILE") != NULL) { if (getdef_str ("FTMP_FILE") != NULL) {
utent = get_current_utmp (); utent = get_current_utmp ();
@@ -395,13 +392,15 @@ void record_failure(const char *failent_user,
} }
} }
unsigned long active_sessions_count(const char *name, unsigned long limit)
{
struct utmp *ut;
unsigned long count = 0;
setutent (); unsigned long
while ((ut = getutent ())) active_sessions_count(const char *name, unsigned long limit)
{
struct utmpx *ut;
unsigned long count = 0;
setutxent();
while ((ut = getutxent()))
{ {
if (USER_PROCESS != ut->ut_type) { if (USER_PROCESS != ut->ut_type) {
continue; continue;
@@ -417,7 +416,7 @@ unsigned long active_sessions_count(const char *name, unsigned long limit)
break; break;
} }
} }
endutent (); endutxent();
return count; return count;
} }
+1 -1
View File
@@ -2610,7 +2610,7 @@ msgstr ""
#: useradd.8.xml:641(para) #: useradd.8.xml:641(para)
msgid "Usernames may only be up to 32 characters long." msgid "Usernames may only be up to 32 characters long."
msgstr "Les noms d'utilisateur sont limités à 16 caractères." msgstr "Les noms d'utilisateur sont limités à 32 caractères."
#: useradd.8.xml:30(term) login.defs.5.xml:30(term) #: useradd.8.xml:30(term) login.defs.5.xml:30(term)
msgid "<option>CREATE_HOME</option> (boolean)" msgid "<option>CREATE_HOME</option> (boolean)"
+1 -1
View File
@@ -9,7 +9,7 @@ RUN export DEBIAN_PRIORITY=critical \
RUN apt-get update -y \ RUN apt-get update -y \
&& apt-get dist-upgrade -y && apt-get dist-upgrade -y
RUN apt-get build-dep shadow -y RUN apt-get build-dep shadow -y
RUN apt-get install libbsd-dev pkgconf -y RUN apt-get install libltdl-dev libbsd-dev pkgconf -y
COPY ./ /usr/local/src/shadow/ COPY ./ /usr/local/src/shadow/
WORKDIR /usr/local/src/shadow/ WORKDIR /usr/local/src/shadow/
+20 -22
View File
@@ -41,7 +41,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "chage";
static bool static bool
dflg = false, /* set last password change date */ dflg = false, /* set last password change date */
@@ -175,10 +175,10 @@ static int new_fields (void)
return 0; return 0;
} }
if (-1 == lstchgdate || lstchgdate > LONG_MAX / SCALE) { if (-1 == lstchgdate || lstchgdate > LONG_MAX / DAY) {
strcpy (buf, "-1"); strcpy (buf, "-1");
} else { } else {
date_to_str (sizeof(buf), buf, lstchgdate * SCALE); date_to_str (sizeof(buf), buf, lstchgdate * DAY);
} }
change_field (buf, sizeof buf, _("Last Password Change (YYYY-MM-DD)")); change_field (buf, sizeof buf, _("Last Password Change (YYYY-MM-DD)"));
@@ -206,10 +206,10 @@ static int new_fields (void)
return 0; return 0;
} }
if (-1 == expdate || LONG_MAX / SCALE < expdate) { if (-1 == expdate || LONG_MAX / DAY < expdate) {
strcpy (buf, "-1"); strcpy (buf, "-1");
} else { } else {
date_to_str (sizeof(buf), buf, expdate * SCALE); date_to_str (sizeof(buf), buf, expdate * DAY);
} }
change_field (buf, sizeof buf, change_field (buf, sizeof buf,
@@ -258,12 +258,12 @@ static void list_fields (void)
* was last modified. The date is the number of days since 1/1/1970. * was last modified. The date is the number of days since 1/1/1970.
*/ */
(void) fputs (_("Last password change\t\t\t\t\t: "), stdout); (void) fputs (_("Last password change\t\t\t\t\t: "), stdout);
if (lstchgdate < 0 || lstchgdate > LONG_MAX / SCALE) { if (lstchgdate < 0 || lstchgdate > LONG_MAX / DAY) {
(void) puts (_("never")); (void) puts (_("never"));
} else if (lstchgdate == 0) { } else if (lstchgdate == 0) {
(void) puts (_("password must be changed")); (void) puts (_("password must be changed"));
} else { } else {
changed = lstchgdate * SCALE; changed = lstchgdate * DAY;
print_date (changed); print_date (changed);
} }
@@ -275,12 +275,12 @@ static void list_fields (void)
if (lstchgdate == 0) { if (lstchgdate == 0) {
(void) puts (_("password must be changed")); (void) puts (_("password must be changed"));
} else if ( (lstchgdate < 0) } else if ( (lstchgdate < 0)
|| (maxdays >= (10000 * (DAY / SCALE))) || (maxdays >= 10000)
|| (maxdays < 0) || (maxdays < 0)
|| ((LONG_MAX - changed) / SCALE < maxdays)) { || ((LONG_MAX - changed) / DAY < maxdays)) {
(void) puts (_("never")); (void) puts (_("never"));
} else { } else {
expires = changed + maxdays * SCALE; expires = changed + maxdays * DAY;
print_date (expires); print_date (expires);
} }
@@ -295,13 +295,13 @@ static void list_fields (void)
(void) puts (_("password must be changed")); (void) puts (_("password must be changed"));
} else if ( (lstchgdate < 0) } else if ( (lstchgdate < 0)
|| (inactdays < 0) || (inactdays < 0)
|| (maxdays >= (10000 * (DAY / SCALE))) || (maxdays >= 10000)
|| (maxdays < 0) || (maxdays < 0)
|| (maxdays > LONG_MAX - inactdays) || (maxdays > LONG_MAX - inactdays)
|| ((LONG_MAX - changed) / SCALE < maxdays + inactdays)) { || ((LONG_MAX - changed) / DAY < maxdays + inactdays)) {
(void) puts (_("never")); (void) puts (_("never"));
} else { } else {
expires = changed + (maxdays + inactdays) * SCALE; expires = changed + (maxdays + inactdays) * DAY;
print_date (expires); print_date (expires);
} }
@@ -310,10 +310,10 @@ static void list_fields (void)
* password expiring or not. * password expiring or not.
*/ */
(void) fputs (_("Account expires\t\t\t\t\t\t: "), stdout); (void) fputs (_("Account expires\t\t\t\t\t\t: "), stdout);
if (expdate < 0 || LONG_MAX / SCALE < expdate) { if (expdate < 0 || LONG_MAX / DAY < expdate) {
(void) puts (_("never")); (void) puts (_("never"));
} else { } else {
expires = expdate * SCALE; expires = expdate * DAY;
print_date (expires); print_date (expires);
} }
@@ -511,7 +511,7 @@ static void check_perms (void)
exit (E_NOPERM); exit (E_NOPERM);
} }
retval = pam_start ("chage", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -762,14 +762,12 @@ int main (int argc, char **argv)
gid_t rgid; gid_t rgid;
const struct passwd *pw; const struct passwd *pw;
/* sanitize_env ();
* Get the program name so that error messages can use it. check_fds ();
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
sanitize_env ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
@@ -780,7 +778,7 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
OPENLOG ("chage"); OPENLOG (Prog);
ruid = getuid (); ruid = getuid ();
rgid = getgid (); rgid = getgid ();
+1 -2
View File
@@ -18,14 +18,13 @@
#include "idmapping.h" #include "idmapping.h"
#include "shadowlog.h" #include "shadowlog.h"
const char *Prog; static const char Prog[] = "check_subid_range";
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
char *owner; char *owner;
unsigned long start, count; unsigned long start, count;
bool check_uids; bool check_uids;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+8 -11
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables. * Global variables.
*/ */
const char *Prog; static const char Prog[] = "chfn";
static char fullnm[BUFSIZ]; static char fullnm[BUFSIZ];
static char roomno[BUFSIZ]; static char roomno[BUFSIZ];
static char workph[BUFSIZ]; static char workph[BUFSIZ];
@@ -362,7 +362,7 @@ static void check_perms (const struct passwd *pw)
* check if the change is allowed by SELinux policy. * check if the change is allowed by SELinux policy.
*/ */
if ((pw->pw_uid != getuid ()) if ((pw->pw_uid != getuid ())
&& (check_selinux_permit ("chfn") != 0)) { && (check_selinux_permit (Prog) != 0)) {
fprintf (stderr, _("%s: Permission denied.\n"), Prog); fprintf (stderr, _("%s: Permission denied.\n"), Prog);
closelog (); closelog ();
exit (E_NOPERM); exit (E_NOPERM);
@@ -377,7 +377,7 @@ static void check_perms (const struct passwd *pw)
* --marekm * --marekm
*/ */
if (!amroot && getdef_bool ("CHFN_AUTH")) { if (!amroot && getdef_bool ("CHFN_AUTH")) {
passwd_check (pw->pw_name, pw->pw_passwd, "chfn"); passwd_check (pw->pw_name, pw->pw_passwd, Prog);
} }
#else /* !USE_PAM */ #else /* !USE_PAM */
@@ -389,7 +389,7 @@ static void check_perms (const struct passwd *pw)
exit (E_NOPERM); exit (E_NOPERM);
} }
retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -616,15 +616,12 @@ int main (int argc, char **argv)
char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */ char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */
char *user; char *user;
/* sanitize_env ();
* Get the program name. The program name is used as a check_fds ();
* prefix to most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
sanitize_env ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
@@ -637,7 +634,7 @@ int main (int argc, char **argv)
*/ */
amroot = (getuid () == 0); amroot = (getuid () == 0);
OPENLOG ("chfn"); OPENLOG (Prog);
/* parse the command line options */ /* parse the command line options */
process_flags (argc, argv); process_flags (argc, argv);
+3 -4
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "chgpasswd";
static bool eflg = false; static bool eflg = false;
static bool md5flg = false; static bool md5flg = false;
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
@@ -303,7 +303,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -423,7 +423,6 @@ int main (int argc, char **argv)
int errors = 0; int errors = 0;
int line = 0; int line = 0;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -441,7 +440,7 @@ int main (int argc, char **argv)
process_flags (argc, argv); process_flags (argc, argv);
OPENLOG ("chgpasswd"); OPENLOG (Prog);
check_perms (); check_perms ();
+5 -6
View File
@@ -35,7 +35,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "chpasswd";
static bool eflg = false; static bool eflg = false;
static bool md5flg = false; static bool md5flg = false;
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
@@ -302,7 +302,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -450,7 +450,6 @@ int main (int argc, char **argv)
int errors = 0; int errors = 0;
int line = 0; int line = 0;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -476,7 +475,7 @@ int main (int argc, char **argv)
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
OPENLOG ("chpasswd"); OPENLOG (Prog);
check_perms (); check_perms ();
@@ -546,7 +545,7 @@ int main (int argc, char **argv)
#ifdef USE_PAM #ifdef USE_PAM
if (use_pam) { if (use_pam) {
if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) { if (do_pam_passwd_non_interactive (Prog, name, newpwd) != 0) {
fprintf (stderr, fprintf (stderr,
_("%s: (line %d, user %s) password not changed\n"), _("%s: (line %d, user %s) password not changed\n"),
Prog, line, name); Prog, line, name);
@@ -621,7 +620,7 @@ int main (int argc, char **argv)
if (NULL != sp) { if (NULL != sp) {
newsp = *sp; newsp = *sp;
newsp.sp_pwdp = cp; newsp.sp_pwdp = cp;
newsp.sp_lstchg = gettime () / SCALE; newsp.sp_lstchg = gettime () / DAY;
if (0 == newsp.sp_lstchg) { if (0 == newsp.sp_lstchg) {
/* Better disable aging than requiring a /* Better disable aging than requiring a
* password change */ * password change */
+6 -10
View File
@@ -45,7 +45,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; /* Program name */ static const char Prog[] = "chsh"; /* Program name */
static bool amroot; /* Real UID is root */ static bool amroot; /* Real UID is root */
static char loginsh[BUFSIZ]; /* Name of new login shell */ static char loginsh[BUFSIZ]; /* Name of new login shell */
/* command line options */ /* command line options */
@@ -320,7 +320,7 @@ static void check_perms (const struct passwd *pw)
* check if the change is allowed by SELinux policy. * check if the change is allowed by SELinux policy.
*/ */
if ((pw->pw_uid != getuid ()) if ((pw->pw_uid != getuid ())
&& (check_selinux_permit("chsh") != 0)) { && (check_selinux_permit(Prog) != 0)) {
SYSLOG ((LOG_WARN, "can't change shell for '%s'", pw->pw_name)); SYSLOG ((LOG_WARN, "can't change shell for '%s'", pw->pw_name));
fprintf (stderr, fprintf (stderr,
_("You may not change the shell for '%s'.\n"), _("You may not change the shell for '%s'.\n"),
@@ -337,7 +337,7 @@ static void check_perms (const struct passwd *pw)
* chfn/chsh. --marekm * chfn/chsh. --marekm
*/ */
if (!amroot && getdef_bool ("CHSH_AUTH")) { if (!amroot && getdef_bool ("CHSH_AUTH")) {
passwd_check (pw->pw_name, pw->pw_passwd, "chsh"); passwd_check (pw->pw_name, pw->pw_passwd, Prog);
} }
#else /* !USE_PAM */ #else /* !USE_PAM */
@@ -349,7 +349,7 @@ static void check_perms (const struct passwd *pw)
exit (E_NOPERM); exit (E_NOPERM);
} }
retval = pam_start ("chsh", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -473,12 +473,8 @@ int main (int argc, char **argv)
const struct passwd *pw; /* Password entry from /etc/passwd */ const struct passwd *pw; /* Password entry from /etc/passwd */
sanitize_env (); sanitize_env ();
check_fds ();
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -493,7 +489,7 @@ int main (int argc, char **argv)
*/ */
amroot = (getuid () == 0); amroot = (getuid () == 0);
OPENLOG ("chsh"); OPENLOG (Prog);
/* parse the command line options */ /* parse the command line options */
process_flags (argc, argv); process_flags (argc, argv);
+5 -5
View File
@@ -23,7 +23,7 @@
#include "shadowlog.h" #include "shadowlog.h"
/* Global variables */ /* Global variables */
const char *Prog; static const char Prog[] = "expiry";
static bool cflg = false; static bool cflg = false;
/* local function prototypes */ /* local function prototypes */
@@ -123,12 +123,12 @@ int main (int argc, char **argv)
struct passwd *pwd; struct passwd *pwd;
struct spwd *spwd; struct spwd *spwd;
Prog = Basename (argv[0]); sanitize_env ();
check_fds ();
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
sanitize_env ();
/* /*
* Start by disabling all of the keyboard signals. * Start by disabling all of the keyboard signals.
*/ */
@@ -145,7 +145,7 @@ int main (int argc, char **argv)
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
OPENLOG ("expiry"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+1 -6
View File
@@ -39,7 +39,7 @@ static void reset (void);
/* /*
* Global variables * Global variables
*/ */
const char *Prog; /* Program name */ static const char Prog[] = "faillog"; /* Program name */
static FILE *fail; /* failure file stream */ static FILE *fail; /* failure file stream */
static time_t seconds; /* that number of days in seconds */ static time_t seconds; /* that number of days in seconds */
static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */
@@ -543,11 +543,6 @@ int main (int argc, char **argv)
short fail_max = 0; // initialize to silence compiler warning short fail_max = 0; // initialize to silence compiler warning
long days = 0; long days = 0;
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+1 -2
View File
@@ -9,7 +9,7 @@
/* Test program for the subid freeing routine */ /* Test program for the subid freeing routine */
const char *Prog; static const char Prog[] = "free_subid_range";
static void usage(void) static void usage(void)
{ {
@@ -25,7 +25,6 @@ int main(int argc, char *argv[])
struct subordinate_range range; struct subordinate_range range;
bool group = false; // get subuids by default bool group = false; // get subuids by default
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
while ((c = getopt(argc, argv, "g")) != EOF) { while ((c = getopt(argc, argv, "g")) != EOF) {
+1 -2
View File
@@ -6,7 +6,7 @@
#include "prototypes.h" #include "prototypes.h"
#include "shadowlog.h" #include "shadowlog.h"
const char *Prog; static const char Prog[] = "get_subid_owners";
static void usage(void) static void usage(void)
{ {
@@ -21,7 +21,6 @@ int main(int argc, char *argv[])
int i, n; int i, n;
uid_t *uids; uid_t *uids;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
if (argc < 2) { if (argc < 2) {
+1 -2
View File
@@ -7,7 +7,7 @@
#include "prototypes.h" #include "prototypes.h"
#include "shadowlog.h" #include "shadowlog.h"
const char *Prog; static const char Prog[] = "getsubids";
static void usage(void) static void usage(void)
{ {
@@ -23,7 +23,6 @@ int main(int argc, char *argv[])
struct subid_range *ranges; struct subid_range *ranges;
const char *owner; const char *owner;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
if (argc < 2) if (argc < 2)
+4 -3
View File
@@ -37,7 +37,7 @@
* Global variables * Global variables
*/ */
/* The name of this command, as it is invoked */ /* The name of this command, as it is invoked */
const char *Prog; static const char Prog[] = "gpasswd";
#ifdef SHADOWGRP #ifdef SHADOWGRP
/* Indicate if shadow groups are enabled on the system /* Indicate if shadow groups are enabled on the system
@@ -956,6 +956,8 @@ int main (int argc, char **argv)
#endif #endif
sanitize_env (); sanitize_env ();
check_fds ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
@@ -968,11 +970,10 @@ int main (int argc, char **argv)
* with this command. * with this command.
*/ */
bywho = getuid (); bywho = getuid ();
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
OPENLOG ("gpasswd"); OPENLOG (Prog);
setbuf (stdout, NULL); setbuf (stdout, NULL);
setbuf (stderr, NULL); setbuf (stderr, NULL);
+5 -9
View File
@@ -50,7 +50,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groupadd";
static /*@null@*/char *group_name; static /*@null@*/char *group_name;
static gid_t group_id; static gid_t group_id;
@@ -542,7 +542,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -571,10 +571,6 @@ static void check_perms (void)
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -585,7 +581,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("groupadd"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -605,7 +601,7 @@ int main (int argc, char **argv)
check_perms (); check_perms ();
if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name, if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name,
"groupadd")) { Prog)) {
exit(1); exit(1);
} }
@@ -628,7 +624,7 @@ int main (int argc, char **argv)
grp_update (); grp_update ();
close_files (); close_files ();
if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name, if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name,
"groupadd")) { Prog)) {
exit(1); exit(1);
} }
+5 -9
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groupdel";
static char *group_name; static char *group_name;
static gid_t group_id = -1; static gid_t group_id = -1;
@@ -349,10 +349,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -363,7 +359,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("groupdel"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -389,7 +385,7 @@ int main (int argc, char **argv)
exit (1); exit (1);
} }
retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
@@ -463,7 +459,7 @@ int main (int argc, char **argv)
} }
if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name, if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name,
"groupdel")) { Prog)) {
exit(1); exit(1);
} }
@@ -478,7 +474,7 @@ int main (int argc, char **argv)
close_files (); close_files ();
if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name, if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name,
"groupdel")) { Prog)) {
exit(1); exit(1);
} }
+3 -7
View File
@@ -44,7 +44,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groupmems";
static char *adduser = NULL; static char *adduser = NULL;
static char *deluser = NULL; static char *deluser = NULL;
@@ -443,7 +443,7 @@ static void check_perms (void)
fail_exit (1); fail_exit (1);
} }
retval = pam_start ("groupmems", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -573,10 +573,6 @@ int main (int argc, char **argv)
char *name; char *name;
const struct group *grp; const struct group *grp;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -586,7 +582,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("groupmems"); OPENLOG (Prog);
#ifdef SHADOWGRP #ifdef SHADOWGRP
is_shadowgrp = sgr_file_present (); is_shadowgrp = sgr_file_present ();
+3 -7
View File
@@ -58,7 +58,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groupmod";
#ifdef SHADOWGRP #ifdef SHADOWGRP
static bool is_shadow_grp; static bool is_shadow_grp;
@@ -750,10 +750,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -764,7 +760,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("groupmod"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -790,7 +786,7 @@ int main (int argc, char **argv)
exit (E_PAM_USERNAME); exit (E_PAM_USERNAME);
} }
retval = pam_start ("groupmod", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
+1 -5
View File
@@ -23,7 +23,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groups";
/* local function prototypes */ /* local function prototypes */
static void print_groups (const char *member); static void print_groups (const char *member);
@@ -97,10 +97,6 @@ int main (int argc, char **argv)
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
/*
* Get the program name so that error messages can use it.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+2 -6
View File
@@ -43,7 +43,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "grpck";
static const char *grp_file = GROUP_FILE; static const char *grp_file = GROUP_FILE;
static bool use_system_grp_file = true; static bool use_system_grp_file = true;
@@ -816,10 +816,6 @@ int main (int argc, char **argv)
int errors = 0; int errors = 0;
bool changed = false; bool changed = false;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -829,7 +825,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("grpck"); OPENLOG (Prog);
/* Parse the command line arguments */ /* Parse the command line arguments */
process_flags (argc, argv); process_flags (argc, argv);
+2 -3
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "grpconv";
static bool gr_locked = false; static bool gr_locked = false;
static bool sgr_locked = false; static bool sgr_locked = false;
@@ -123,7 +123,6 @@ int main (int argc, char **argv)
const struct sgrp *sg; const struct sgrp *sg;
struct sgrp sgent; struct sgrp sgent;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -133,7 +132,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("grpconv"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+2 -3
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "grpunconv";
static bool gr_locked = false; static bool gr_locked = false;
static bool sgr_locked = false; static bool sgr_locked = false;
@@ -122,7 +122,6 @@ int main (int argc, char **argv)
struct group grent; struct group grent;
const struct sgrp *sg; const struct sgrp *sg;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -132,7 +131,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("grpunconv"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+1 -2
View File
@@ -39,7 +39,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; /* Program name */ static const char Prog[] = "lastlog"; /* Program name */
static FILE *lastlogfile; /* lastlog file stream */ static FILE *lastlogfile; /* lastlog file stream */
static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */
static bool has_umin = false; static bool has_umin = false;
@@ -290,7 +290,6 @@ int main (int argc, char **argv)
* Get the program name. The program name is used as a prefix to * Get the program name. The program name is used as a prefix to
* most error messages. * most error messages.
*/ */
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+14 -12
View File
@@ -64,7 +64,7 @@ static pam_handle_t *pamh = NULL;
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "login";
static const char *hostname = ""; static const char *hostname = "";
static /*@null@*/ /*@only@*/char *username = NULL; static /*@null@*/ /*@only@*/char *username = NULL;
@@ -520,7 +520,6 @@ int main (int argc, char **argv)
initenv (); initenv ();
amroot = (getuid () == 0); amroot = (getuid () == 0);
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -572,11 +571,13 @@ int main (int argc, char **argv)
} }
#ifdef RLOGIN #ifdef RLOGIN
if (rflg) { if (rflg) {
size_t max_size = sysconf(_SC_LOGIN_NAME_MAX); size_t max_size = sysconf(_SC_LOGIN_NAME_MAX);
assert (NULL == username); assert (NULL == username);
username = XMALLOC(max_size + 1, char); username = XMALLOC(max_size, char);
username[max_size] = '\0'; username[max_size - 1] = '\0';
if (do_rlogin (hostname, username, max_size, term, sizeof term)) { if (do_rlogin(hostname, username, max_size, term, sizeof(term)))
{
preauth_flag = true; preauth_flag = true;
} else { } else {
free (username); free (username);
@@ -585,7 +586,7 @@ int main (int argc, char **argv)
} }
#endif /* RLOGIN */ #endif /* RLOGIN */
OPENLOG ("login"); OPENLOG (Prog);
setup_tty (); setup_tty ();
@@ -671,7 +672,7 @@ int main (int argc, char **argv)
retries = getdef_unum ("LOGIN_RETRIES", RETRIES); retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM #ifdef USE_PAM
retcode = pam_start ("login", username, &conv, &pamh); retcode = pam_start (Prog, username, &conv, &pamh);
if (retcode != PAM_SUCCESS) { if (retcode != PAM_SUCCESS) {
fprintf (stderr, fprintf (stderr,
_("login: PAM Failure, aborting: %s\n"), _("login: PAM Failure, aborting: %s\n"),
@@ -885,15 +886,16 @@ int main (int argc, char **argv)
failed = false; /* haven't failed authentication yet */ failed = false; /* haven't failed authentication yet */
if (NULL == username) { /* need to get a login id */ if (NULL == username) { /* need to get a login id */
size_t max_size = sysconf(_SC_LOGIN_NAME_MAX); size_t max_size = sysconf(_SC_LOGIN_NAME_MAX);
if (subroot) { if (subroot) {
closelog (); closelog ();
exit (1); exit (1);
} }
preauth_flag = false; preauth_flag = false;
username = XMALLOC(max_size + 1, char); username = XMALLOC(max_size, char);
username[max_size] = '\0'; username[max_size - 1] = '\0';
login_prompt (username, max_size); login_prompt(username, max_size);
if ('\0' == username[0]) { if ('\0' == username[0]) {
/* Prompt for a new login */ /* Prompt for a new login */
+22 -19
View File
@@ -15,14 +15,14 @@
#include <stdio.h> #include <stdio.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
#include <utmp.h> #include <utmpx.h>
#include "defines.h" #include "defines.h"
#include "prototypes.h" #include "prototypes.h"
#include "shadowlog.h" #include "shadowlog.h"
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "logoutd";
#ifndef DEFAULT_HUP_MESG #ifndef DEFAULT_HUP_MESG
#define DEFAULT_HUP_MESG _("login time exceeded\n\n") #define DEFAULT_HUP_MESG _("login time exceeded\n\n")
@@ -32,14 +32,17 @@ const char *Prog;
#define HUP_MESG_FILE "/etc/logoutd.mesg" #define HUP_MESG_FILE "/etc/logoutd.mesg"
#endif #endif
/* local function prototypes */ /* local function prototypes */
static int check_login (const struct utmp *ut); static int check_login (const struct utmpx *ut);
static void send_mesg_to_tty (int tty_fd); static void send_mesg_to_tty (int tty_fd);
/* /*
* check_login - check if user (struct utmp) allowed to stay logged in * check_login - check if user (struct utmpx) allowed to stay logged in
*/ */
static int check_login (const struct utmp *ut) static int
check_login(const struct utmpx *ut)
{ {
char user[sizeof (ut->ut_user) + 1]; char user[sizeof (ut->ut_user) + 1];
time_t now; time_t now;
@@ -112,16 +115,17 @@ static void send_mesg_to_tty (int tty_fd)
* utmp file is periodically scanned and offending users are logged * utmp file is periodically scanned and offending users are logged
* off from the system. * off from the system.
*/ */
int main (int argc, char **argv) int
main(int argc, char **argv)
{ {
int i; int i;
int status; int status;
pid_t pid; pid_t pid;
struct utmp *ut; struct utmpx *ut;
char user[sizeof (ut->ut_user) + 1]; /* terminating NUL */ char user[sizeof (ut->ut_user) + 1]; /* terminating NUL */
char tty_name[sizeof (ut->ut_line) + 6]; /* /dev/ + NUL */ char tty_name[sizeof (ut->ut_line) + 6]; /* /dev/ + NUL */
int tty_fd; int tty_fd;
if (1 != argc) { if (1 != argc) {
(void) fputs (_("Usage: logoutd\n"), stderr); (void) fputs (_("Usage: logoutd\n"), stderr);
@@ -153,11 +157,10 @@ int main (int argc, char **argv)
/* /*
* Start syslogging everything * Start syslogging everything
*/ */
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
OPENLOG ("logoutd"); OPENLOG (Prog);
/* /*
* Scan the utmp file once per minute looking for users that * Scan the utmp file once per minute looking for users that
@@ -169,14 +172,14 @@ int main (int argc, char **argv)
* Attempt to re-open the utmp file. The file is only * Attempt to re-open the utmp file. The file is only
* open while it is being used. * open while it is being used.
*/ */
setutent (); setutxent();
/* /*
* Read all of the entries in the utmp file. The entries * Read all of the entries in the utmp file. The entries
* for login sessions will be checked to see if the user * for login sessions will be checked to see if the user
* is permitted to be signed on at this time. * is permitted to be signed on at this time.
*/ */
while ((ut = getutent ()) != NULL) { while ((ut = getutxent()) != NULL) {
if (ut->ut_type != USER_PROCESS) { if (ut->ut_type != USER_PROCESS) {
continue; continue;
} }
@@ -208,7 +211,7 @@ int main (int argc, char **argv)
tty_name[0] = '\0'; tty_name[0] = '\0';
} }
strncat (tty_name, ut->ut_line, UT_LINESIZE); strncat(tty_name, ut->ut_line, NITEMS(ut->ut_line));
#ifndef O_NOCTTY #ifndef O_NOCTTY
#define O_NOCTTY 0 #define O_NOCTTY 0
#endif #endif
@@ -239,7 +242,7 @@ int main (int argc, char **argv)
exit (EXIT_SUCCESS); exit (EXIT_SUCCESS);
} }
endutent (); endutxent();
#ifndef DEBUG #ifndef DEBUG
sleep (60); sleep (60);
+1 -2
View File
@@ -9,7 +9,7 @@
/* Test program for the subid creation routine */ /* Test program for the subid creation routine */
const char *Prog; static const char Prog[] = "new_subid_range";
static void usage(void) static void usage(void)
{ {
@@ -28,7 +28,6 @@ int main(int argc, char *argv[])
bool group = false; // get subuids by default bool group = false; // get subuids by default
bool ok; bool ok;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
while ((c = getopt(argc, argv, "gn")) != EOF) { while ((c = getopt(argc, argv, "gn")) != EOF) {
+1 -2
View File
@@ -23,7 +23,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "newgidmap";
static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
@@ -151,7 +151,6 @@ int main(int argc, char **argv)
struct passwd *pw; struct passwd *pw;
bool allow_setgroups = false; bool allow_setgroups = false;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+4 -1
View File
@@ -28,7 +28,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char *Prog;
extern char **newenvp; extern char **newenvp;
@@ -390,6 +390,9 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
check_fds ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
+1 -2
View File
@@ -23,7 +23,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "newuidmap";
static bool verify_range(struct passwd *pw, struct map_range *range) static bool verify_range(struct passwd *pw, struct map_range *range)
{ {
@@ -80,7 +80,6 @@ int main(int argc, char **argv)
struct stat st; struct stat st;
struct passwd *pw; struct passwd *pw;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+3 -4
View File
@@ -54,7 +54,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "newusers";
static bool rflg = false; /* create a system account */ static bool rflg = false; /* create a system account */
#ifndef USE_PAM #ifndef USE_PAM
@@ -527,7 +527,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
} }
spent.sp_pwdp = cp; spent.sp_pwdp = cp;
} }
spent.sp_lstchg = gettime () / SCALE; spent.sp_lstchg = gettime () / DAY;
if (0 == spent.sp_lstchg) { if (0 == spent.sp_lstchg) {
/* Better disable aging than requiring a password /* Better disable aging than requiring a password
* change */ * change */
@@ -584,7 +584,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
*/ */
spent.sp_pwdp = "!"; spent.sp_pwdp = "!";
#endif #endif
spent.sp_lstchg = gettime () / SCALE; spent.sp_lstchg = gettime () / DAY;
if (0 == spent.sp_lstchg) { if (0 == spent.sp_lstchg) {
/* Better disable aging than requiring a password change */ /* Better disable aging than requiring a password change */
spent.sp_lstchg = -1; spent.sp_lstchg = -1;
@@ -1056,7 +1056,6 @@ int main (int argc, char **argv)
unsigned int nusers = 0; unsigned int nusers = 0;
#endif /* USE_PAM */ #endif /* USE_PAM */
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+19 -23
View File
@@ -45,7 +45,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; /* Program name */ static const char Prog[] = "passwd"; /* Program name */
static char *name; /* The name of user whose password is being changed */ static char *name; /* The name of user whose password is being changed */
static char *myname; /* The current user's name */ static char *myname; /* The current user's name */
@@ -192,8 +192,8 @@ static int new_password (const struct passwd *pw)
char *cipher; /* Pointer to cipher text */ char *cipher; /* Pointer to cipher text */
const char *salt; /* Pointer to new salt */ const char *salt; /* Pointer to new salt */
char *cp; /* Pointer to agetpass() response */ char *cp; /* Pointer to agetpass() response */
char orig[200]; /* Original password */ char orig[PASS_MAX + 1]; /* Original password */
char pass[200]; /* New password */ char pass[PASS_MAX + 1]; /* New password */
int i; /* Counter for retries */ int i; /* Counter for retries */
bool warned; bool warned;
int pass_max_len = -1; int pass_max_len = -1;
@@ -414,9 +414,9 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
*/ */
if (sp->sp_lstchg > 0) { if (sp->sp_lstchg > 0) {
time_t ok; time_t ok;
ok = (time_t) sp->sp_lstchg * SCALE; ok = (time_t) sp->sp_lstchg * DAY;
if (sp->sp_min > 0) { if (sp->sp_min > 0) {
ok += (time_t) sp->sp_min * SCALE; ok += (time_t) sp->sp_min * DAY;
} }
if (now < ok) { if (now < ok) {
@@ -451,15 +451,15 @@ static void print_status (const struct passwd *pw)
sp = prefix_getspnam (pw->pw_name); /* local, no need for xprefix_getspnam */ sp = prefix_getspnam (pw->pw_name); /* local, no need for xprefix_getspnam */
if (NULL != sp) { if (NULL != sp) {
date_to_str (sizeof(date), date, sp->sp_lstchg * SCALE), date_to_str (sizeof(date), date, sp->sp_lstchg * DAY),
(void) printf ("%s %s %s %lld %lld %lld %lld\n", (void) printf ("%s %s %s %ld %ld %ld %ld\n",
pw->pw_name, pw->pw_name,
pw_status (sp->sp_pwdp), pw_status (sp->sp_pwdp),
date, date,
((long long)sp->sp_min * SCALE) / DAY, sp->sp_min,
((long long)sp->sp_max * SCALE) / DAY, sp->sp_max,
((long long)sp->sp_warn * SCALE) / DAY, sp->sp_warn,
((long long)sp->sp_inact * SCALE) / DAY); sp->sp_inact);
} else if (NULL != pw->pw_passwd) { } else if (NULL != pw->pw_passwd) {
(void) printf ("%s %s\n", (void) printf ("%s %s\n",
pw->pw_name, pw_status (pw->pw_passwd)); pw->pw_name, pw_status (pw->pw_passwd));
@@ -637,21 +637,21 @@ static void update_shadow (void)
} }
nsp->sp_pwdp = update_crypt_pw (nsp->sp_pwdp); nsp->sp_pwdp = update_crypt_pw (nsp->sp_pwdp);
if (xflg) { if (xflg) {
nsp->sp_max = (age_max * DAY) / SCALE; nsp->sp_max = age_max;
} }
if (nflg) { if (nflg) {
nsp->sp_min = (age_min * DAY) / SCALE; nsp->sp_min = age_min;
} }
if (wflg) { if (wflg) {
nsp->sp_warn = (warn * DAY) / SCALE; nsp->sp_warn = warn;
} }
if (iflg) { if (iflg) {
nsp->sp_inact = (inact * DAY) / SCALE; nsp->sp_inact = inact;
} }
if (!use_pam) if (!use_pam)
{ {
if (do_update_age) { if (do_update_age) {
nsp->sp_lstchg = gettime () / SCALE; nsp->sp_lstchg = gettime () / DAY;
if (0 == nsp->sp_lstchg) { if (0 == nsp->sp_lstchg) {
/* Better disable aging than requiring a password /* Better disable aging than requiring a password
* change */ * change */
@@ -730,12 +730,8 @@ int main (int argc, char **argv)
const struct spwd *sp; /* Shadow file entry for user */ const struct spwd *sp; /* Shadow file entry for user */
sanitize_env (); sanitize_env ();
check_fds ();
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -757,7 +753,7 @@ int main (int argc, char **argv)
*/ */
amroot = (getuid () == 0); amroot = (getuid () == 0);
OPENLOG ("passwd"); OPENLOG (Prog);
{ {
/* /*
@@ -976,7 +972,7 @@ int main (int argc, char **argv)
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
/* only do this check when getuid()==0 because it's a pre-condition for /* only do this check when getuid()==0 because it's a pre-condition for
changing a password without entering the old one */ changing a password without entering the old one */
if (amroot && (check_selinux_permit ("passwd") != 0)) { if (amroot && (check_selinux_permit (Prog) != 0)) {
SYSLOG ((LOG_ALERT, SYSLOG ((LOG_ALERT,
"root is not authorized by SELinux to change the password of %s", "root is not authorized by SELinux to change the password of %s",
name)); name));
+4 -8
View File
@@ -47,7 +47,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "pwck";
static bool use_system_pw_file = true; static bool use_system_pw_file = true;
static bool use_system_spw_file = true; static bool use_system_spw_file = true;
@@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
sp.sp_inact = -1; sp.sp_inact = -1;
sp.sp_expire = -1; sp.sp_expire = -1;
sp.sp_flag = SHADOW_SP_FLAG_UNSET; sp.sp_flag = SHADOW_SP_FLAG_UNSET;
sp.sp_lstchg = gettime () / SCALE; sp.sp_lstchg = gettime () / DAY;
if (0 == sp.sp_lstchg) { if (0 == sp.sp_lstchg) {
/* Better disable aging than /* Better disable aging than
* requiring a password change * requiring a password change
@@ -816,7 +816,7 @@ static void check_spw_file (int *errors, bool *changed)
if (!quiet) { if (!quiet) {
time_t t = time (NULL); time_t t = time (NULL);
if ( (t != 0) if ( (t != 0)
&& (spw->sp_lstchg > (long) t / SCALE)) { && (spw->sp_lstchg > (long) t / DAY)) {
printf (_("user %s: last password change in the future\n"), printf (_("user %s: last password change in the future\n"),
spw->sp_namp); spw->sp_namp);
*errors += 1; *errors += 1;
@@ -833,10 +833,6 @@ int main (int argc, char **argv)
int errors = 0; int errors = 0;
bool changed = false; bool changed = false;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -846,7 +842,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("pwck"); OPENLOG (Prog);
/* Parse the command line arguments */ /* Parse the command line arguments */
process_flags (argc, argv); process_flags (argc, argv);
+3 -4
View File
@@ -66,7 +66,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "pwconv";
static bool spw_locked = false; static bool spw_locked = false;
static bool pw_locked = false; static bool pw_locked = false;
@@ -153,7 +153,6 @@ int main (int argc, char **argv)
const struct spwd *sp; const struct spwd *sp;
struct spwd spent; struct spwd spent;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -163,7 +162,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("pwconv"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
@@ -247,7 +246,7 @@ int main (int argc, char **argv)
spent.sp_flag = SHADOW_SP_FLAG_UNSET; spent.sp_flag = SHADOW_SP_FLAG_UNSET;
} }
spent.sp_pwdp = pw->pw_passwd; spent.sp_pwdp = pw->pw_passwd;
spent.sp_lstchg = gettime () / SCALE; spent.sp_lstchg = gettime () / DAY;
if (0 == spent.sp_lstchg) { if (0 == spent.sp_lstchg) {
/* Better disable aging than requiring a password /* Better disable aging than requiring a password
* change */ * change */
+2 -3
View File
@@ -30,7 +30,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "pwunconv";
static bool spw_locked = false; static bool spw_locked = false;
static bool pw_locked = false; static bool pw_locked = false;
@@ -114,7 +114,6 @@ int main (int argc, char **argv)
struct passwd pwent; struct passwd pwent;
const struct spwd *spwd; const struct spwd *spwd;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -124,7 +123,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("pwunconv"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+5 -8
View File
@@ -61,7 +61,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "su";
static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */ static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */
static bool caller_is_root = false; static bool caller_is_root = false;
static uid_t caller_uid; static uid_t caller_uid;
@@ -730,11 +730,6 @@ static void save_caller_context (char **argv)
const char *password = NULL; const char *password = NULL;
#endif /* SU_ACCESS */ #endif /* SU_ACCESS */
#endif /* !USE_PAM */ #endif /* !USE_PAM */
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -1004,20 +999,22 @@ int main (int argc, char **argv)
int ret; int ret;
#endif /* USE_PAM */ #endif /* USE_PAM */
check_fds ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
save_caller_context (argv); save_caller_context (argv);
OPENLOG ("su"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
initenv (); initenv ();
#ifdef USE_PAM #ifdef USE_PAM
ret = pam_start ("su", name, &conv, &pamh); ret = pam_start (Prog, name, &conv, &pamh);
if (PAM_SUCCESS != ret) { if (PAM_SUCCESS != ret) {
SYSLOG ((LOG_ERR, "pam_start: error %d", ret); SYSLOG ((LOG_ERR, "pam_start: error %d", ret);
fprintf (stderr, fprintf (stderr,
+1 -2
View File
@@ -27,7 +27,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "sulogin";
static char pass[BUFSIZ]; static char pass[BUFSIZ];
@@ -63,7 +63,6 @@ static void catch_signals (unused int sig)
termio.c_lflag |= (ECHO | ECHOE | ECHOK | ICANON | ISIG); termio.c_lflag |= (ECHO | ECHOE | ECHOK | ICANON | ISIG);
tcsetattr (0, TCSANOW, &termio); tcsetattr (0, TCSANOW, &termio);
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
+9 -23
View File
@@ -82,7 +82,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "useradd";
/* /*
* These defaults are used if there is no defaults file. * These defaults are used if there is no defaults file.
@@ -214,7 +214,6 @@ static struct group * get_local_group (char * grp_name);
static void usage (int status); static void usage (int status);
static void new_pwent (struct passwd *); static void new_pwent (struct passwd *);
static long scale_age (long);
static void new_spent (struct spwd *); static void new_spent (struct spwd *);
static void grp_update (void); static void grp_update (void);
@@ -1008,15 +1007,6 @@ static void new_pwent (struct passwd *pwent)
pwent->pw_shell = (char *) user_shell; pwent->pw_shell = (char *) user_shell;
} }
static long scale_age (long x)
{
if (x <= 0) {
return x;
}
return x * (DAY / SCALE);
}
/* /*
* new_spent - initialize the values in a shadow password file entry * new_spent - initialize the values in a shadow password file entry
* *
@@ -1028,17 +1018,17 @@ static void new_spent (struct spwd *spent)
memzero (spent, sizeof *spent); memzero (spent, sizeof *spent);
spent->sp_namp = (char *) user_name; spent->sp_namp = (char *) user_name;
spent->sp_pwdp = (char *) user_pass; spent->sp_pwdp = (char *) user_pass;
spent->sp_lstchg = gettime () / SCALE; spent->sp_lstchg = gettime () / DAY;
if (0 == spent->sp_lstchg) { if (0 == spent->sp_lstchg) {
/* Better disable aging than requiring a password change */ /* Better disable aging than requiring a password change */
spent->sp_lstchg = -1; spent->sp_lstchg = -1;
} }
if (!rflg) { if (!rflg) {
spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1)); spent->sp_min = getdef_num ("PASS_MIN_DAYS", -1);
spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1)); spent->sp_max = getdef_num ("PASS_MAX_DAYS", -1);
spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1)); spent->sp_warn = getdef_num ("PASS_WARN_AGE", -1);
spent->sp_inact = scale_age (def_inactive); spent->sp_inact = def_inactive;
spent->sp_expire = scale_age (user_expire); spent->sp_expire = user_expire;
} else { } else {
spent->sp_min = -1; spent->sp_min = -1;
spent->sp_max = -1; spent->sp_max = -1;
@@ -2528,10 +2518,6 @@ int main (int argc, char **argv)
unsigned long subuid_count = 0; unsigned long subuid_count = 0;
unsigned long subgid_count = 0; unsigned long subgid_count = 0;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -2543,7 +2529,7 @@ int main (int argc, char **argv)
prefix = process_prefix_flag("-P", argc, argv); prefix = process_prefix_flag("-P", argc, argv);
OPENLOG ("useradd"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -2595,7 +2581,7 @@ int main (int argc, char **argv)
fail_exit (1); fail_exit (1);
} }
retval = pam_start ("useradd", pampw?pampw->pw_name:"root", &conv, &pamh); retval = pam_start (Prog, pampw?pampw->pw_name:"root", &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
+3 -7
View File
@@ -70,7 +70,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "userdel";
static char *user_name; static char *user_name;
static uid_t user_id; static uid_t user_id;
@@ -969,10 +969,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
@@ -982,7 +978,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("userdel"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif /* WITH_AUDIT */ #endif /* WITH_AUDIT */
@@ -1066,7 +1062,7 @@ int main (int argc, char **argv)
exit (E_PW_UPDATE); exit (E_PW_UPDATE);
} }
retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
+5 -10
View File
@@ -86,7 +86,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "usermod";
static char *user_name; static char *user_name;
static char *user_newname; static char *user_newname;
@@ -613,7 +613,7 @@ static void new_spent (struct spwd *spent)
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp); spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
if (pflg) { if (pflg) {
spent->sp_lstchg = gettime () / SCALE; spent->sp_lstchg = gettime () / DAY;
if (0 == spent->sp_lstchg) { if (0 == spent->sp_lstchg) {
/* Better disable aging than requiring a password /* Better disable aging than requiring a password
* change. */ * change. */
@@ -1059,7 +1059,6 @@ static void process_flags (int argc, char **argv)
Prog, optarg); Prog, optarg);
exit (E_BAD_ARG); exit (E_BAD_ARG);
} }
user_newexpire *= DAY / SCALE;
eflg = true; eflg = true;
break; break;
case 'f': case 'f':
@@ -1745,7 +1744,7 @@ static void usr_update (void)
spent.sp_pwdp = xstrdup (pwent.pw_passwd); spent.sp_pwdp = xstrdup (pwent.pw_passwd);
pwent.pw_passwd = xstrdup (SHADOW_PASSWD_STRING); pwent.pw_passwd = xstrdup (SHADOW_PASSWD_STRING);
spent.sp_lstchg = gettime () / SCALE; spent.sp_lstchg = gettime () / DAY;
if (0 == spent.sp_lstchg) { if (0 == spent.sp_lstchg) {
/* Better disable aging than /* Better disable aging than
* requiring a password change */ * requiring a password change */
@@ -2154,10 +2153,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -2168,7 +2163,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("usermod"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -2214,7 +2209,7 @@ int main (int argc, char **argv)
exit (1); exit (1);
} }
retval = pam_start ("usermod", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
+30 -30
View File
@@ -52,7 +52,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char *Prog;
static const char *filename, *fileeditname; static const char *filename, *fileeditname;
static bool filelocked = false; static bool filelocked = false;
@@ -469,10 +469,12 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
bool editshadow = false; bool editshadow = false;
bool do_vipw; bool do_vigr;
Prog = Basename (argv[0]); do_vigr = (strcmp(Basename(argv[0]), "vigr") == 0);
Prog = do_vigr ? "vigr" : "vipw";
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -482,9 +484,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
do_vipw = (strcmp (Prog, "vigr") != 0); OPENLOG(Prog);
OPENLOG (do_vipw ? "vipw" : "vigr");
{ {
/* /*
@@ -512,13 +512,13 @@ int main (int argc, char **argv)
long_options, NULL)) != -1) { long_options, NULL)) != -1) {
switch (c) { switch (c) {
case 'g': case 'g':
do_vipw = false; do_vigr = true;
break; break;
case 'h': case 'h':
usage (E_SUCCESS); usage (E_SUCCESS);
break; break;
case 'p': case 'p':
do_vipw = true; do_vigr = false;
break; break;
case 'q': case 'q':
quiet = true; quiet = true;
@@ -543,7 +543,27 @@ int main (int argc, char **argv)
} }
} }
if (do_vipw) { if (do_vigr) {
#ifdef SHADOWGRP
if (editshadow) {
vipwedit (sgr_dbname (), sgr_lock, sgr_unlock);
printf (MSG_WARN_EDIT_OTHER_FILE,
sgr_dbname (),
gr_dbname (),
"vigr");
} else {
#endif /* SHADOWGRP */
vipwedit (gr_dbname (), gr_lock, gr_unlock);
#ifdef SHADOWGRP
if (sgr_file_present ()) {
printf (MSG_WARN_EDIT_OTHER_FILE,
gr_dbname (),
sgr_dbname (),
"vigr -s");
}
}
#endif /* SHADOWGRP */
} else {
if (editshadow) { if (editshadow) {
#ifdef WITH_TCB #ifdef WITH_TCB
if (getdef_bool ("USE_TCB") && (NULL != user)) { if (getdef_bool ("USE_TCB") && (NULL != user)) {
@@ -570,26 +590,6 @@ int main (int argc, char **argv)
"vipw -s"); "vipw -s");
} }
} }
} else {
#ifdef SHADOWGRP
if (editshadow) {
vipwedit (sgr_dbname (), sgr_lock, sgr_unlock);
printf (MSG_WARN_EDIT_OTHER_FILE,
sgr_dbname (),
gr_dbname (),
"vigr");
} else {
#endif /* SHADOWGRP */
vipwedit (gr_dbname (), gr_lock, gr_unlock);
#ifdef SHADOWGRP
if (sgr_file_present ()) {
printf (MSG_WARN_EDIT_OTHER_FILE,
gr_dbname (),
sgr_dbname (),
"vigr -s");
}
}
#endif /* SHADOWGRP */
} }
nscd_flush_cache ("passwd"); nscd_flush_cache ("passwd");