Compare commits

...

9 Commits

Author SHA1 Message Date
Alejandro Colomar 19a6d3b74a configure.ac: Release 4.14.8
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-06-21 10:59:23 +02:00
Alejandro Colomar ad0958b816 lib/csrand.c: Fix the lower part of the domain of csrand_uniform()
I accidentally broke this code during an un-optimization.  We need to
start from a random value of the width of the limit, that is, 32 bits.

Thanks to Jason for pointing to his similar code in the kernel, which
made me see my mistake.

Fixes: 2a61122b5e ("Unoptimize the higher part of the domain of csrand_uniform()")
Closes: <https://github.com/shadow-maint/shadow/issues/1015>
Reported-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
Link: <https://git.zx2c4.com/linux-rng/tree/drivers/char/random.c#n535>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Link: <https://github.com/shadow-maint/shadow/pull/638>
Link: <https://github.com/shadow-maint/shadow/issues/634>
Link: <https://github.com/shadow-maint/shadow/pull/624>
Tested-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
Reviewed-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 4119a2dce564 ("lib/csrand.c: Fix the lower part of the domain of csrand_uniform()")
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/1025>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-06-21 10:58:22 +02:00
Alejandro Colomar 7ceeec8d79 Release 4.14.7
Closes: <https://github.com/shadow-maint/shadow/issues/959>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-26 20:46:18 +01:00
Enrico Scholz aed99b13e0 lib/copydir.c: copy_entry(): Use temporary stat buffer
There are no guarantees that fstatat() does not clobber the stat
buffer on errors.

Use a temporary buffer so that the following code sees correct
attributes of the source entry.

Link: <https://github.com/shadow-maint/shadow/issues/973>
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 000619344d ("lib/copydir:copy_entry(): use temporary stat buffer")
Link: <https://github.com/shadow-maint/shadow/pull/974>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-22 00:19:06 +01:00
Antoine Roux 89d26e03db man/po/fr.po: Fix wrong french translation
32 characters were wrongly translated to 16 in french translation file.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 51a0d94a08 ("Fix wrong french translation")
Link: <https://github.com/shadow-maint/shadow/pull/975>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-22 00:10:24 +01:00
Skyler Ferrante f4293f9fbc lib/, src/: Add checks for fd omission
Adding function check_fds to new file fd.c. The function check_fds
should be called in every setuid/setgid program.

Co-developed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: d2f2c1877a ("Adding checks for fd omission")
Link: <https://github.com/shadow-maint/shadow/pull/964>
Link: <https://inbox.sourceware.org/libc-alpha/ZeyujhVRsDTUNUtw@debian/T/>
[alx: It seems we shouldn't need this, as libc does it for us.  But it ]
[     shouldn't hurt either.  Let's be paranoic.                       ]
Cc: <Guillem Jover <guillem@hadrons.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Cc: Rich Felker <dalias@libc.org>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Thorsten Glaser <tg@mirbsd.de>
Cc: NRK <nrk@disroot.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: enh <enh@google.com>
Cc: Laurent Bercot <ska-dietlibc@skarnet.org>
Cc: Gabriel Ravier <gabravier@gmail.com>
Cc: Zack Weinberg <zack@owlfolio.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-13 23:19:51 +01:00
Alejandro Colomar 39192107a6 src/vipw.c: Use string literals to initialize 'Prog'
This avoids using argv[0], which is controlled by the user,
and might inject arbitrary text in stderr and the logs.

Link: <https://github.com/shadow-maint/shadow/issues/959>
Link: <https://github.com/shadow-maint/shadow/pull/960>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Karel Zak <kzak@redhat.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Cherry-picked-from: 89c4da43cb ("src/vipw.c: Use string literals to initialize 'Prog'")
Link: <https://github.com/shadow-maint/shadow/pull/962>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-08 17:42:18 +01:00
Alejandro Colomar 470d6be230 src/vipw.c: Reverse logic and variable name
Since we're checking for "vigr", it makes more sense to name the
variable accordingly.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 0ab893a734 ("src/vipw.c: Reverse logic and variable name")
Link: <https://github.com/shadow-maint/shadow/pull/962>
[alx: This is needed by 89c4da43cb ("src/vipw.c: Use string literals to initialize 'Prog'")
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-08 17:42:09 +01:00
Skyler Ferrante a28371336e src/: Hardcode Prog to known value
Set Prog (program name) based on hardcoded value instead of argv[0].
This is to help prevent escape sequence injection.

Cherry-picked-from: e6c2e43937 ("Hardcoding Prog to known value")
Link: <https://github.com/shadow-maint/shadow/issues/959>
Link: <https://github.com/shadow-maint/shadow/pull/960>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Karel Zak <kzak@redhat.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-07 22:54:04 +01:00
45 changed files with 192 additions and 213 deletions
+1 -1
View File
@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
m4_define([libsubid_abi_minor], 0) m4_define([libsubid_abi_minor], 0)
m4_define([libsubid_abi_micro], 0) m4_define([libsubid_abi_micro], 0)
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro]) m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
AC_INIT([shadow], [4.14.6], [pkg-shadow-devel@lists.alioth.debian.org], [], AC_INIT([shadow], [4.14.8], [pkg-shadow-devel@lists.alioth.debian.org], [],
[https://github.com/shadow-maint/shadow]) [https://github.com/shadow-maint/shadow])
AM_INIT_AUTOMAKE([1.11 foreign dist-xz]) AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
AC_CONFIG_MACRO_DIRS([m4]) AC_CONFIG_MACRO_DIRS([m4])
+1
View File
@@ -53,6 +53,7 @@ libshadow_la_SOURCES = \
faillog.h \ faillog.h \
failure.c \ failure.c \
failure.h \ failure.h \
fd.c \
fields.c \ fields.c \
find_new_gid.c \ find_new_gid.c \
find_new_uid.c \ find_new_uid.c \
+2 -1
View File
@@ -415,6 +415,7 @@ static int copy_entry (const struct path_info *src, const struct path_info *dst,
{ {
int err = 0; int err = 0;
struct stat sb; struct stat sb;
struct stat tmp_sb;
struct link_name *lp; struct link_name *lp;
struct timespec mt[2]; struct timespec mt[2];
@@ -436,7 +437,7 @@ static int copy_entry (const struct path_info *src, const struct path_info *dst,
* If the destination already exists do nothing. * If the destination already exists do nothing.
* This is after the copy_dir above to still iterate into subdirectories. * This is after the copy_dir above to still iterate into subdirectories.
*/ */
if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) {
return 0; return 0;
} }
+10 -2
View File
@@ -22,6 +22,7 @@
#include "shadowlog.h" #include "shadowlog.h"
static uint32_t csrand32(void);
static uint32_t csrand_uniform32(uint32_t n); static uint32_t csrand_uniform32(uint32_t n);
static unsigned long csrand_uniform_slow(unsigned long n); static unsigned long csrand_uniform_slow(unsigned long n);
@@ -96,6 +97,13 @@ csrand_interval(unsigned long min, unsigned long max)
} }
static uint32_t
csrand32(void)
{
return csrand();
}
/* /*
* Fast Random Integer Generation in an Interval * Fast Random Integer Generation in an Interval
* ACM Transactions on Modeling and Computer Simulation 29 (1), 2019 * ACM Transactions on Modeling and Computer Simulation 29 (1), 2019
@@ -108,12 +116,12 @@ csrand_uniform32(uint32_t n)
uint64_t r, mult; uint64_t r, mult;
if (n == 0) if (n == 0)
return csrand(); return csrand32();
bound = -n % n; // analogous to `2^32 % n`, since `x % y == (x-y) % y` bound = -n % n; // analogous to `2^32 % n`, since `x % y == (x-y) % y`
do { do {
r = csrand(); r = csrand32();
mult = r * n; mult = r * n;
rem = mult; // analogous to `mult % 2^32` rem = mult; // analogous to `mult % 2^32`
} while (rem < bound); // p = (2^32 % n) / 2^32; W.C.: n=2^31+1, p=0.5 } while (rem < bound); // p = (2^32 % n) / 2^32; W.C.: n=2^31+1, p=0.5
+41
View File
@@ -0,0 +1,41 @@
// SPDX-FileCopyrightText: 2024, Skyler Ferrante <sjf5462@rit.edu>
// SPDX-License-Identifier: BSD-3-Clause
/**
* To protect against file descriptor omission attacks, we open the std file
* descriptors with /dev/null if they are not already open. Code is based on
* fix_fds from sudo.c.
*/
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
#include "prototypes.h"
static void check_fd(int fd);
void
check_fds(void)
{
/**
* Make sure stdin, stdout, stderr are open
* If they are closed, set them to /dev/null
*/
check_fd(STDIN_FILENO);
check_fd(STDOUT_FILENO);
check_fd(STDERR_FILENO);
}
static void
check_fd(int fd)
{
int devnull;
if (fcntl(fd, F_GETFL, 0) != -1)
return;
devnull = open("/dev/null", O_RDWR);
if (devnull != fd)
abort();
}
+3
View File
@@ -127,6 +127,9 @@ extern void initenv (void);
extern void set_env (int, char *const *); extern void set_env (int, char *const *);
extern void sanitize_env (void); extern void sanitize_env (void);
/* fd.c */
extern void check_fds (void);
/* fields.c */ /* fields.c */
extern void change_field (char *, size_t, const char *); extern void change_field (char *, size_t, const char *);
extern int valid_field (const char *, const char *); extern int valid_field (const char *, const char *);
+1 -1
View File
@@ -2610,7 +2610,7 @@ msgstr ""
#: useradd.8.xml:641(para) #: useradd.8.xml:641(para)
msgid "Usernames may only be up to 32 characters long." msgid "Usernames may only be up to 32 characters long."
msgstr "Les noms d'utilisateur sont limités à 16 caractères." msgstr "Les noms d'utilisateur sont limités à 32 caractères."
#: useradd.8.xml:30(term) login.defs.5.xml:30(term) #: useradd.8.xml:30(term) login.defs.5.xml:30(term)
msgid "<option>CREATE_HOME</option> (boolean)" msgid "<option>CREATE_HOME</option> (boolean)"
+6 -8
View File
@@ -41,7 +41,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "chage";
static bool static bool
dflg = false, /* set last password change date */ dflg = false, /* set last password change date */
@@ -511,7 +511,7 @@ static void check_perms (void)
exit (E_NOPERM); exit (E_NOPERM);
} }
retval = pam_start ("chage", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -762,14 +762,12 @@ int main (int argc, char **argv)
gid_t rgid; gid_t rgid;
const struct passwd *pw; const struct passwd *pw;
/* sanitize_env ();
* Get the program name so that error messages can use it. check_fds ();
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
sanitize_env ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
@@ -780,7 +778,7 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
OPENLOG ("chage"); OPENLOG (Prog);
ruid = getuid (); ruid = getuid ();
rgid = getgid (); rgid = getgid ();
+1 -2
View File
@@ -18,14 +18,13 @@
#include "idmapping.h" #include "idmapping.h"
#include "shadowlog.h" #include "shadowlog.h"
const char *Prog; static const char Prog[] = "check_subid_range";
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
char *owner; char *owner;
unsigned long start, count; unsigned long start, count;
bool check_uids; bool check_uids;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+8 -11
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables. * Global variables.
*/ */
const char *Prog; static const char Prog[] = "chfn";
static char fullnm[BUFSIZ]; static char fullnm[BUFSIZ];
static char roomno[BUFSIZ]; static char roomno[BUFSIZ];
static char workph[BUFSIZ]; static char workph[BUFSIZ];
@@ -362,7 +362,7 @@ static void check_perms (const struct passwd *pw)
* check if the change is allowed by SELinux policy. * check if the change is allowed by SELinux policy.
*/ */
if ((pw->pw_uid != getuid ()) if ((pw->pw_uid != getuid ())
&& (check_selinux_permit ("chfn") != 0)) { && (check_selinux_permit (Prog) != 0)) {
fprintf (stderr, _("%s: Permission denied.\n"), Prog); fprintf (stderr, _("%s: Permission denied.\n"), Prog);
closelog (); closelog ();
exit (E_NOPERM); exit (E_NOPERM);
@@ -377,7 +377,7 @@ static void check_perms (const struct passwd *pw)
* --marekm * --marekm
*/ */
if (!amroot && getdef_bool ("CHFN_AUTH")) { if (!amroot && getdef_bool ("CHFN_AUTH")) {
passwd_check (pw->pw_name, pw->pw_passwd, "chfn"); passwd_check (pw->pw_name, pw->pw_passwd, Prog);
} }
#else /* !USE_PAM */ #else /* !USE_PAM */
@@ -389,7 +389,7 @@ static void check_perms (const struct passwd *pw)
exit (E_NOPERM); exit (E_NOPERM);
} }
retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -616,15 +616,12 @@ int main (int argc, char **argv)
char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */ char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */
char *user; char *user;
/* sanitize_env ();
* Get the program name. The program name is used as a check_fds ();
* prefix to most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
sanitize_env ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
@@ -637,7 +634,7 @@ int main (int argc, char **argv)
*/ */
amroot = (getuid () == 0); amroot = (getuid () == 0);
OPENLOG ("chfn"); OPENLOG (Prog);
/* parse the command line options */ /* parse the command line options */
process_flags (argc, argv); process_flags (argc, argv);
+3 -4
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "chgpasswd";
static bool eflg = false; static bool eflg = false;
static bool md5flg = false; static bool md5flg = false;
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
@@ -303,7 +303,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -423,7 +423,6 @@ int main (int argc, char **argv)
int errors = 0; int errors = 0;
int line = 0; int line = 0;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -441,7 +440,7 @@ int main (int argc, char **argv)
process_flags (argc, argv); process_flags (argc, argv);
OPENLOG ("chgpasswd"); OPENLOG (Prog);
check_perms (); check_perms ();
+4 -5
View File
@@ -35,7 +35,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "chpasswd";
static bool eflg = false; static bool eflg = false;
static bool md5flg = false; static bool md5flg = false;
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
@@ -302,7 +302,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -450,7 +450,6 @@ int main (int argc, char **argv)
int errors = 0; int errors = 0;
int line = 0; int line = 0;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -476,7 +475,7 @@ int main (int argc, char **argv)
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
OPENLOG ("chpasswd"); OPENLOG (Prog);
check_perms (); check_perms ();
@@ -546,7 +545,7 @@ int main (int argc, char **argv)
#ifdef USE_PAM #ifdef USE_PAM
if (use_pam) { if (use_pam) {
if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) { if (do_pam_passwd_non_interactive (Prog, name, newpwd) != 0) {
fprintf (stderr, fprintf (stderr,
_("%s: (line %d, user %s) password not changed\n"), _("%s: (line %d, user %s) password not changed\n"),
Prog, line, name); Prog, line, name);
+6 -10
View File
@@ -45,7 +45,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; /* Program name */ static const char Prog[] = "chsh"; /* Program name */
static bool amroot; /* Real UID is root */ static bool amroot; /* Real UID is root */
static char loginsh[BUFSIZ]; /* Name of new login shell */ static char loginsh[BUFSIZ]; /* Name of new login shell */
/* command line options */ /* command line options */
@@ -320,7 +320,7 @@ static void check_perms (const struct passwd *pw)
* check if the change is allowed by SELinux policy. * check if the change is allowed by SELinux policy.
*/ */
if ((pw->pw_uid != getuid ()) if ((pw->pw_uid != getuid ())
&& (check_selinux_permit("chsh") != 0)) { && (check_selinux_permit(Prog) != 0)) {
SYSLOG ((LOG_WARN, "can't change shell for '%s'", pw->pw_name)); SYSLOG ((LOG_WARN, "can't change shell for '%s'", pw->pw_name));
fprintf (stderr, fprintf (stderr,
_("You may not change the shell for '%s'.\n"), _("You may not change the shell for '%s'.\n"),
@@ -337,7 +337,7 @@ static void check_perms (const struct passwd *pw)
* chfn/chsh. --marekm * chfn/chsh. --marekm
*/ */
if (!amroot && getdef_bool ("CHSH_AUTH")) { if (!amroot && getdef_bool ("CHSH_AUTH")) {
passwd_check (pw->pw_name, pw->pw_passwd, "chsh"); passwd_check (pw->pw_name, pw->pw_passwd, Prog);
} }
#else /* !USE_PAM */ #else /* !USE_PAM */
@@ -349,7 +349,7 @@ static void check_perms (const struct passwd *pw)
exit (E_NOPERM); exit (E_NOPERM);
} }
retval = pam_start ("chsh", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -473,12 +473,8 @@ int main (int argc, char **argv)
const struct passwd *pw; /* Password entry from /etc/passwd */ const struct passwd *pw; /* Password entry from /etc/passwd */
sanitize_env (); sanitize_env ();
check_fds ();
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -493,7 +489,7 @@ int main (int argc, char **argv)
*/ */
amroot = (getuid () == 0); amroot = (getuid () == 0);
OPENLOG ("chsh"); OPENLOG (Prog);
/* parse the command line options */ /* parse the command line options */
process_flags (argc, argv); process_flags (argc, argv);
+5 -5
View File
@@ -23,7 +23,7 @@
#include "shadowlog.h" #include "shadowlog.h"
/* Global variables */ /* Global variables */
const char *Prog; static const char Prog[] = "expiry";
static bool cflg = false; static bool cflg = false;
/* local function prototypes */ /* local function prototypes */
@@ -123,12 +123,12 @@ int main (int argc, char **argv)
struct passwd *pwd; struct passwd *pwd;
struct spwd *spwd; struct spwd *spwd;
Prog = Basename (argv[0]); sanitize_env ();
check_fds ();
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
sanitize_env ();
/* /*
* Start by disabling all of the keyboard signals. * Start by disabling all of the keyboard signals.
*/ */
@@ -145,7 +145,7 @@ int main (int argc, char **argv)
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
OPENLOG ("expiry"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+1 -6
View File
@@ -39,7 +39,7 @@ static void reset (void);
/* /*
* Global variables * Global variables
*/ */
const char *Prog; /* Program name */ static const char Prog[] = "faillog"; /* Program name */
static FILE *fail; /* failure file stream */ static FILE *fail; /* failure file stream */
static time_t seconds; /* that number of days in seconds */ static time_t seconds; /* that number of days in seconds */
static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */
@@ -543,11 +543,6 @@ int main (int argc, char **argv)
short fail_max = 0; // initialize to silence compiler warning short fail_max = 0; // initialize to silence compiler warning
long days = 0; long days = 0;
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+1 -2
View File
@@ -9,7 +9,7 @@
/* Test program for the subid freeing routine */ /* Test program for the subid freeing routine */
const char *Prog; static const char Prog[] = "free_subid_range";
static void usage(void) static void usage(void)
{ {
@@ -25,7 +25,6 @@ int main(int argc, char *argv[])
struct subordinate_range range; struct subordinate_range range;
bool group = false; // get subuids by default bool group = false; // get subuids by default
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
while ((c = getopt(argc, argv, "g")) != EOF) { while ((c = getopt(argc, argv, "g")) != EOF) {
+1 -2
View File
@@ -6,7 +6,7 @@
#include "prototypes.h" #include "prototypes.h"
#include "shadowlog.h" #include "shadowlog.h"
const char *Prog; static const char Prog[] = "get_subid_owners";
static void usage(void) static void usage(void)
{ {
@@ -21,7 +21,6 @@ int main(int argc, char *argv[])
int i, n; int i, n;
uid_t *uids; uid_t *uids;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
if (argc < 2) { if (argc < 2) {
+1 -2
View File
@@ -7,7 +7,7 @@
#include "prototypes.h" #include "prototypes.h"
#include "shadowlog.h" #include "shadowlog.h"
const char *Prog; static const char Prog[] = "getsubids";
static void usage(void) static void usage(void)
{ {
@@ -23,7 +23,6 @@ int main(int argc, char *argv[])
struct subid_range *ranges; struct subid_range *ranges;
const char *owner; const char *owner;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
if (argc < 2) if (argc < 2)
+4 -3
View File
@@ -37,7 +37,7 @@
* Global variables * Global variables
*/ */
/* The name of this command, as it is invoked */ /* The name of this command, as it is invoked */
const char *Prog; static const char Prog[] = "gpasswd";
#ifdef SHADOWGRP #ifdef SHADOWGRP
/* Indicate if shadow groups are enabled on the system /* Indicate if shadow groups are enabled on the system
@@ -956,6 +956,8 @@ int main (int argc, char **argv)
#endif #endif
sanitize_env (); sanitize_env ();
check_fds ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
@@ -968,11 +970,10 @@ int main (int argc, char **argv)
* with this command. * with this command.
*/ */
bywho = getuid (); bywho = getuid ();
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
OPENLOG ("gpasswd"); OPENLOG (Prog);
setbuf (stdout, NULL); setbuf (stdout, NULL);
setbuf (stderr, NULL); setbuf (stderr, NULL);
+5 -9
View File
@@ -50,7 +50,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groupadd";
static /*@null@*/char *group_name; static /*@null@*/char *group_name;
static gid_t group_id; static gid_t group_id;
@@ -542,7 +542,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -571,10 +571,6 @@ static void check_perms (void)
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -585,7 +581,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("groupadd"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -605,7 +601,7 @@ int main (int argc, char **argv)
check_perms (); check_perms ();
if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name, if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name,
"groupadd")) { Prog)) {
exit(1); exit(1);
} }
@@ -628,7 +624,7 @@ int main (int argc, char **argv)
grp_update (); grp_update ();
close_files (); close_files ();
if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name, if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name,
"groupadd")) { Prog)) {
exit(1); exit(1);
} }
+5 -9
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groupdel";
static char *group_name; static char *group_name;
static gid_t group_id = -1; static gid_t group_id = -1;
@@ -349,10 +349,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -363,7 +359,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("groupdel"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -389,7 +385,7 @@ int main (int argc, char **argv)
exit (1); exit (1);
} }
retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
@@ -463,7 +459,7 @@ int main (int argc, char **argv)
} }
if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name, if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name,
"groupdel")) { Prog)) {
exit(1); exit(1);
} }
@@ -478,7 +474,7 @@ int main (int argc, char **argv)
close_files (); close_files ();
if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name, if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name,
"groupdel")) { Prog)) {
exit(1); exit(1);
} }
+3 -7
View File
@@ -44,7 +44,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groupmems";
static char *adduser = NULL; static char *adduser = NULL;
static char *deluser = NULL; static char *deluser = NULL;
@@ -443,7 +443,7 @@ static void check_perms (void)
fail_exit (1); fail_exit (1);
} }
retval = pam_start ("groupmems", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0); retval = pam_authenticate (pamh, 0);
@@ -573,10 +573,6 @@ int main (int argc, char **argv)
char *name; char *name;
const struct group *grp; const struct group *grp;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -586,7 +582,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("groupmems"); OPENLOG (Prog);
#ifdef SHADOWGRP #ifdef SHADOWGRP
is_shadowgrp = sgr_file_present (); is_shadowgrp = sgr_file_present ();
+3 -7
View File
@@ -58,7 +58,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groupmod";
#ifdef SHADOWGRP #ifdef SHADOWGRP
static bool is_shadow_grp; static bool is_shadow_grp;
@@ -750,10 +750,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -764,7 +760,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("groupmod"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -790,7 +786,7 @@ int main (int argc, char **argv)
exit (E_PAM_USERNAME); exit (E_PAM_USERNAME);
} }
retval = pam_start ("groupmod", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
+1 -5
View File
@@ -23,7 +23,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "groups";
/* local function prototypes */ /* local function prototypes */
static void print_groups (const char *member); static void print_groups (const char *member);
@@ -97,10 +97,6 @@ int main (int argc, char **argv)
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
/*
* Get the program name so that error messages can use it.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+2 -6
View File
@@ -43,7 +43,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "grpck";
static const char *grp_file = GROUP_FILE; static const char *grp_file = GROUP_FILE;
static bool use_system_grp_file = true; static bool use_system_grp_file = true;
@@ -816,10 +816,6 @@ int main (int argc, char **argv)
int errors = 0; int errors = 0;
bool changed = false; bool changed = false;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -829,7 +825,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("grpck"); OPENLOG (Prog);
/* Parse the command line arguments */ /* Parse the command line arguments */
process_flags (argc, argv); process_flags (argc, argv);
+2 -3
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "grpconv";
static bool gr_locked = false; static bool gr_locked = false;
static bool sgr_locked = false; static bool sgr_locked = false;
@@ -123,7 +123,6 @@ int main (int argc, char **argv)
const struct sgrp *sg; const struct sgrp *sg;
struct sgrp sgent; struct sgrp sgent;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -133,7 +132,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("grpconv"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+2 -3
View File
@@ -36,7 +36,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "grpunconv";
static bool gr_locked = false; static bool gr_locked = false;
static bool sgr_locked = false; static bool sgr_locked = false;
@@ -122,7 +122,6 @@ int main (int argc, char **argv)
struct group grent; struct group grent;
const struct sgrp *sg; const struct sgrp *sg;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -132,7 +131,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("grpunconv"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+1 -2
View File
@@ -39,7 +39,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; /* Program name */ static const char Prog[] = "lastlog"; /* Program name */
static FILE *lastlogfile; /* lastlog file stream */ static FILE *lastlogfile; /* lastlog file stream */
static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */
static bool has_umin = false; static bool has_umin = false;
@@ -290,7 +290,6 @@ int main (int argc, char **argv)
* Get the program name. The program name is used as a prefix to * Get the program name. The program name is used as a prefix to
* most error messages. * most error messages.
*/ */
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+3 -4
View File
@@ -64,7 +64,7 @@ static pam_handle_t *pamh = NULL;
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "login";
static const char *hostname = ""; static const char *hostname = "";
static /*@null@*/ /*@only@*/char *username = NULL; static /*@null@*/ /*@only@*/char *username = NULL;
@@ -520,7 +520,6 @@ int main (int argc, char **argv)
initenv (); initenv ();
amroot = (getuid () == 0); amroot = (getuid () == 0);
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -587,7 +586,7 @@ int main (int argc, char **argv)
} }
#endif /* RLOGIN */ #endif /* RLOGIN */
OPENLOG ("login"); OPENLOG (Prog);
setup_tty (); setup_tty ();
@@ -673,7 +672,7 @@ int main (int argc, char **argv)
retries = getdef_unum ("LOGIN_RETRIES", RETRIES); retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM #ifdef USE_PAM
retcode = pam_start ("login", username, &conv, &pamh); retcode = pam_start (Prog, username, &conv, &pamh);
if (retcode != PAM_SUCCESS) { if (retcode != PAM_SUCCESS) {
fprintf (stderr, fprintf (stderr,
_("login: PAM Failure, aborting: %s\n"), _("login: PAM Failure, aborting: %s\n"),
+2 -3
View File
@@ -22,7 +22,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "logoutd";
#ifndef DEFAULT_HUP_MESG #ifndef DEFAULT_HUP_MESG
#define DEFAULT_HUP_MESG _("login time exceeded\n\n") #define DEFAULT_HUP_MESG _("login time exceeded\n\n")
@@ -157,11 +157,10 @@ main(int argc, char **argv)
/* /*
* Start syslogging everything * Start syslogging everything
*/ */
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
OPENLOG ("logoutd"); OPENLOG (Prog);
/* /*
* Scan the utmp file once per minute looking for users that * Scan the utmp file once per minute looking for users that
+1 -2
View File
@@ -9,7 +9,7 @@
/* Test program for the subid creation routine */ /* Test program for the subid creation routine */
const char *Prog; static const char Prog[] = "new_subid_range";
static void usage(void) static void usage(void)
{ {
@@ -28,7 +28,6 @@ int main(int argc, char *argv[])
bool group = false; // get subuids by default bool group = false; // get subuids by default
bool ok; bool ok;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
while ((c = getopt(argc, argv, "gn")) != EOF) { while ((c = getopt(argc, argv, "gn")) != EOF) {
+1 -2
View File
@@ -23,7 +23,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "newgidmap";
static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
@@ -151,7 +151,6 @@ int main(int argc, char **argv)
struct passwd *pw; struct passwd *pw;
bool allow_setgroups = false; bool allow_setgroups = false;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+4 -1
View File
@@ -28,7 +28,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char *Prog;
extern char **newenvp; extern char **newenvp;
@@ -390,6 +390,9 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
check_fds ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
+1 -2
View File
@@ -23,7 +23,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "newuidmap";
static bool verify_range(struct passwd *pw, struct map_range *range) static bool verify_range(struct passwd *pw, struct map_range *range)
{ {
@@ -80,7 +80,6 @@ int main(int argc, char **argv)
struct stat st; struct stat st;
struct passwd *pw; struct passwd *pw;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+1 -2
View File
@@ -54,7 +54,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "newusers";
static bool rflg = false; /* create a system account */ static bool rflg = false; /* create a system account */
#ifndef USE_PAM #ifndef USE_PAM
@@ -1056,7 +1056,6 @@ int main (int argc, char **argv)
unsigned int nusers = 0; unsigned int nusers = 0;
#endif /* USE_PAM */ #endif /* USE_PAM */
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
+4 -8
View File
@@ -45,7 +45,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; /* Program name */ static const char Prog[] = "passwd"; /* Program name */
static char *name; /* The name of user whose password is being changed */ static char *name; /* The name of user whose password is being changed */
static char *myname; /* The current user's name */ static char *myname; /* The current user's name */
@@ -730,12 +730,8 @@ int main (int argc, char **argv)
const struct spwd *sp; /* Shadow file entry for user */ const struct spwd *sp; /* Shadow file entry for user */
sanitize_env (); sanitize_env ();
check_fds ();
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -757,7 +753,7 @@ int main (int argc, char **argv)
*/ */
amroot = (getuid () == 0); amroot = (getuid () == 0);
OPENLOG ("passwd"); OPENLOG (Prog);
{ {
/* /*
@@ -976,7 +972,7 @@ int main (int argc, char **argv)
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
/* only do this check when getuid()==0 because it's a pre-condition for /* only do this check when getuid()==0 because it's a pre-condition for
changing a password without entering the old one */ changing a password without entering the old one */
if (amroot && (check_selinux_permit ("passwd") != 0)) { if (amroot && (check_selinux_permit (Prog) != 0)) {
SYSLOG ((LOG_ALERT, SYSLOG ((LOG_ALERT,
"root is not authorized by SELinux to change the password of %s", "root is not authorized by SELinux to change the password of %s",
name)); name));
+2 -6
View File
@@ -47,7 +47,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "pwck";
static bool use_system_pw_file = true; static bool use_system_pw_file = true;
static bool use_system_spw_file = true; static bool use_system_spw_file = true;
@@ -833,10 +833,6 @@ int main (int argc, char **argv)
int errors = 0; int errors = 0;
bool changed = false; bool changed = false;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -846,7 +842,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("pwck"); OPENLOG (Prog);
/* Parse the command line arguments */ /* Parse the command line arguments */
process_flags (argc, argv); process_flags (argc, argv);
+2 -3
View File
@@ -66,7 +66,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "pwconv";
static bool spw_locked = false; static bool spw_locked = false;
static bool pw_locked = false; static bool pw_locked = false;
@@ -153,7 +153,6 @@ int main (int argc, char **argv)
const struct spwd *sp; const struct spwd *sp;
struct spwd spent; struct spwd spent;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -163,7 +162,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("pwconv"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+2 -3
View File
@@ -30,7 +30,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "pwunconv";
static bool spw_locked = false; static bool spw_locked = false;
static bool pw_locked = false; static bool pw_locked = false;
@@ -114,7 +114,6 @@ int main (int argc, char **argv)
struct passwd pwent; struct passwd pwent;
const struct spwd *spwd; const struct spwd *spwd;
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -124,7 +123,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
OPENLOG ("pwunconv"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
+5 -8
View File
@@ -61,7 +61,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "su";
static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */ static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */
static bool caller_is_root = false; static bool caller_is_root = false;
static uid_t caller_uid; static uid_t caller_uid;
@@ -730,11 +730,6 @@ static void save_caller_context (char **argv)
const char *password = NULL; const char *password = NULL;
#endif /* SU_ACCESS */ #endif /* SU_ACCESS */
#endif /* !USE_PAM */ #endif /* !USE_PAM */
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -1004,20 +999,22 @@ int main (int argc, char **argv)
int ret; int ret;
#endif /* USE_PAM */ #endif /* USE_PAM */
check_fds ();
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
save_caller_context (argv); save_caller_context (argv);
OPENLOG ("su"); OPENLOG (Prog);
process_flags (argc, argv); process_flags (argc, argv);
initenv (); initenv ();
#ifdef USE_PAM #ifdef USE_PAM
ret = pam_start ("su", name, &conv, &pamh); ret = pam_start (Prog, name, &conv, &pamh);
if (PAM_SUCCESS != ret) { if (PAM_SUCCESS != ret) {
SYSLOG ((LOG_ERR, "pam_start: error %d", ret); SYSLOG ((LOG_ERR, "pam_start: error %d", ret);
fprintf (stderr, fprintf (stderr,
+1 -2
View File
@@ -27,7 +27,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "sulogin";
static char pass[BUFSIZ]; static char pass[BUFSIZ];
@@ -63,7 +63,6 @@ static void catch_signals (unused int sig)
termio.c_lflag |= (ECHO | ECHOE | ECHOK | ICANON | ISIG); termio.c_lflag |= (ECHO | ECHOE | ECHOK | ICANON | ISIG);
tcsetattr (0, TCSANOW, &termio); tcsetattr (0, TCSANOW, &termio);
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
+3 -7
View File
@@ -82,7 +82,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "useradd";
/* /*
* These defaults are used if there is no defaults file. * These defaults are used if there is no defaults file.
@@ -2518,10 +2518,6 @@ int main (int argc, char **argv)
unsigned long subuid_count = 0; unsigned long subuid_count = 0;
unsigned long subgid_count = 0; unsigned long subgid_count = 0;
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -2533,7 +2529,7 @@ int main (int argc, char **argv)
prefix = process_prefix_flag("-P", argc, argv); prefix = process_prefix_flag("-P", argc, argv);
OPENLOG ("useradd"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -2585,7 +2581,7 @@ int main (int argc, char **argv)
fail_exit (1); fail_exit (1);
} }
retval = pam_start ("useradd", pampw?pampw->pw_name:"root", &conv, &pamh); retval = pam_start (Prog, pampw?pampw->pw_name:"root", &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
+3 -7
View File
@@ -70,7 +70,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "userdel";
static char *user_name; static char *user_name;
static uid_t user_id; static uid_t user_id;
@@ -969,10 +969,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
(void) setlocale (LC_ALL, ""); (void) setlocale (LC_ALL, "");
@@ -982,7 +978,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("userdel"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif /* WITH_AUDIT */ #endif /* WITH_AUDIT */
@@ -1066,7 +1062,7 @@ int main (int argc, char **argv)
exit (E_PW_UPDATE); exit (E_PW_UPDATE);
} }
retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
+3 -7
View File
@@ -86,7 +86,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char Prog[] = "usermod";
static char *user_name; static char *user_name;
static char *user_newname; static char *user_newname;
@@ -2153,10 +2153,6 @@ int main (int argc, char **argv)
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */ #endif /* ACCT_TOOLS_SETUID */
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -2167,7 +2163,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
prefix = process_prefix_flag ("-P", argc, argv); prefix = process_prefix_flag ("-P", argc, argv);
OPENLOG ("usermod"); OPENLOG (Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
#endif #endif
@@ -2213,7 +2209,7 @@ int main (int argc, char **argv)
exit (1); exit (1);
} }
retval = pam_start ("usermod", pampw->pw_name, &conv, &pamh); retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
} }
if (PAM_SUCCESS == retval) { if (PAM_SUCCESS == retval) {
+30 -30
View File
@@ -52,7 +52,7 @@
/* /*
* Global variables * Global variables
*/ */
const char *Prog; static const char *Prog;
static const char *filename, *fileeditname; static const char *filename, *fileeditname;
static bool filelocked = false; static bool filelocked = false;
@@ -469,10 +469,12 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
bool editshadow = false; bool editshadow = false;
bool do_vipw; bool do_vigr;
Prog = Basename (argv[0]); do_vigr = (strcmp(Basename(argv[0]), "vigr") == 0);
Prog = do_vigr ? "vigr" : "vipw";
log_set_progname(Prog); log_set_progname(Prog);
log_set_logfd(stderr); log_set_logfd(stderr);
@@ -482,9 +484,7 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv); process_root_flag ("-R", argc, argv);
do_vipw = (strcmp (Prog, "vigr") != 0); OPENLOG(Prog);
OPENLOG (do_vipw ? "vipw" : "vigr");
{ {
/* /*
@@ -512,13 +512,13 @@ int main (int argc, char **argv)
long_options, NULL)) != -1) { long_options, NULL)) != -1) {
switch (c) { switch (c) {
case 'g': case 'g':
do_vipw = false; do_vigr = true;
break; break;
case 'h': case 'h':
usage (E_SUCCESS); usage (E_SUCCESS);
break; break;
case 'p': case 'p':
do_vipw = true; do_vigr = false;
break; break;
case 'q': case 'q':
quiet = true; quiet = true;
@@ -543,7 +543,27 @@ int main (int argc, char **argv)
} }
} }
if (do_vipw) { if (do_vigr) {
#ifdef SHADOWGRP
if (editshadow) {
vipwedit (sgr_dbname (), sgr_lock, sgr_unlock);
printf (MSG_WARN_EDIT_OTHER_FILE,
sgr_dbname (),
gr_dbname (),
"vigr");
} else {
#endif /* SHADOWGRP */
vipwedit (gr_dbname (), gr_lock, gr_unlock);
#ifdef SHADOWGRP
if (sgr_file_present ()) {
printf (MSG_WARN_EDIT_OTHER_FILE,
gr_dbname (),
sgr_dbname (),
"vigr -s");
}
}
#endif /* SHADOWGRP */
} else {
if (editshadow) { if (editshadow) {
#ifdef WITH_TCB #ifdef WITH_TCB
if (getdef_bool ("USE_TCB") && (NULL != user)) { if (getdef_bool ("USE_TCB") && (NULL != user)) {
@@ -570,26 +590,6 @@ int main (int argc, char **argv)
"vipw -s"); "vipw -s");
} }
} }
} else {
#ifdef SHADOWGRP
if (editshadow) {
vipwedit (sgr_dbname (), sgr_lock, sgr_unlock);
printf (MSG_WARN_EDIT_OTHER_FILE,
sgr_dbname (),
gr_dbname (),
"vigr");
} else {
#endif /* SHADOWGRP */
vipwedit (gr_dbname (), gr_lock, gr_unlock);
#ifdef SHADOWGRP
if (sgr_file_present ()) {
printf (MSG_WARN_EDIT_OTHER_FILE,
gr_dbname (),
sgr_dbname (),
"vigr -s");
}
}
#endif /* SHADOWGRP */
} }
nscd_flush_cache ("passwd"); nscd_flush_cache ("passwd");