2007-10-07 17:14:02 +05:30
|
|
|
/*
|
2008-04-27 06:10:09 +05:30
|
|
|
* Copyright (c) 1991 - 1994, Julianne Frances Haugh
|
|
|
|
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
|
|
|
|
* Copyright (c) 2000 - 2006, Tomasz Kłoczko
|
2011-06-05 04:08:57 +05:30
|
|
|
* Copyright (c) 2007 - 2011, Nicolas François
|
2007-10-07 17:14:02 +05:30
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2008-04-27 06:10:09 +05:30
|
|
|
* 3. The name of the copyright holders or contributors may not be used to
|
|
|
|
* endorse or promote products derived from this software without
|
|
|
|
* specific prior written permission.
|
2007-10-07 17:14:02 +05:30
|
|
|
*
|
2008-04-27 06:10:09 +05:30
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2007-11-11 05:16:11 +05:30
|
|
|
#ident "$Id$"
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#include <errno.h>
|
|
|
|
#include <fcntl.h>
|
2007-10-07 17:17:33 +05:30
|
|
|
#include <getopt.h>
|
2007-10-07 17:17:01 +05:30
|
|
|
#include <grp.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/stat.h>
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
#ifdef ACCT_TOOLS_SETUID
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
2007-10-07 17:17:11 +05:30
|
|
|
#include "pam_defs.h"
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* USE_PAM */
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
#endif /* ACCT_TOOLS_SETUID */
|
2007-10-07 17:14:02 +05:30
|
|
|
#include "defines.h"
|
|
|
|
#include "getdef.h"
|
2007-10-07 17:17:01 +05:30
|
|
|
#include "groupio.h"
|
2007-10-07 17:15:23 +05:30
|
|
|
#include "nscd.h"
|
2007-10-07 17:17:01 +05:30
|
|
|
#include "prototypes.h"
|
|
|
|
#include "pwauth.h"
|
|
|
|
#include "pwio.h"
|
|
|
|
#include "shadowio.h"
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
#include "sgroupio.h"
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
#ifdef WITH_TCB
|
|
|
|
#include <tcb.h>
|
|
|
|
#include "tcbfuncs.h"
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_TCB */
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-05-01 03:09:38 +05:30
|
|
|
/*@-exitarg@*/
|
|
|
|
#include "exitcodes.h"
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* exit status values
|
|
|
|
*/
|
|
|
|
#define E_PW_UPDATE 1 /* can't update password file */
|
|
|
|
#define E_NOTFOUND 6 /* specified user doesn't exist */
|
|
|
|
#define E_USER_BUSY 8 /* user currently logged in */
|
|
|
|
#define E_GRP_UPDATE 10 /* can't update group file */
|
|
|
|
#define E_HOMEDIR 12 /* can't remove home directory */
|
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
2008-09-06 18:21:53 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Global variables
|
|
|
|
*/
|
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/chage.c,
src/groupadd.c, src/login.c, src/grpconv.c, src/groups.c,
src/grpunconv.c, src/chsh.c: Prog changed to a constant string.
2010-08-23 01:06:09 +05:30
|
|
|
const char *Prog;
|
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
2008-09-06 18:21:53 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
static char *user_name;
|
|
|
|
static uid_t user_id;
|
2011-06-05 17:53:59 +05:30
|
|
|
static gid_t user_gid;
|
2007-10-07 17:14:02 +05:30
|
|
|
static char *user_home;
|
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
static bool fflg = false;
|
|
|
|
static bool rflg = false;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
static bool is_shadow_pwd;
|
2007-10-07 17:16:25 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef SHADOWGRP
|
2008-06-10 00:40:44 +05:30
|
|
|
static bool is_shadow_grp;
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
static bool sgr_locked = false;
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* SHADOWGRP */
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
static bool pw_locked = false;
|
|
|
|
static bool gr_locked = false;
|
|
|
|
static bool spw_locked = false;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/* local function prototypes */
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-05 04:32:33 +05:30
|
|
|
static void usage (int status);
|
2007-10-07 17:14:59 +05:30
|
|
|
static void update_groups (void);
|
2011-06-05 17:53:59 +05:30
|
|
|
static void remove_usergroup (void);
|
2007-10-07 17:14:59 +05:30
|
|
|
static void close_files (void);
|
|
|
|
static void fail_exit (int);
|
|
|
|
static void open_files (void);
|
|
|
|
static void update_user (void);
|
|
|
|
static void user_cancel (const char *);
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef EXTRA_CHECK_HOME_DIR
|
2008-06-10 00:40:44 +05:30
|
|
|
static bool path_prefix (const char *, const char *);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* EXTRA_CHECK_HOME_DIR */
|
2007-10-07 17:14:59 +05:30
|
|
|
static int is_owner (uid_t, const char *);
|
2009-05-22 16:11:10 +05:30
|
|
|
static int remove_mailbox (void);
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
#ifdef WITH_TCB
|
|
|
|
static int remove_tcbdir (const char *user_name, uid_t user_id);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_TCB */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* usage - display usage message and exit
|
|
|
|
*/
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-05 04:32:33 +05:30
|
|
|
static void usage (int status)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2011-11-07 00:07:32 +05:30
|
|
|
FILE *usageout = (E_SUCCESS != status) ? stderr : stdout;
|
|
|
|
(void) fprintf (usageout,
|
|
|
|
_("Usage: %s [options] LOGIN\n"
|
|
|
|
"\n"
|
|
|
|
"Options:\n"),
|
|
|
|
Prog);
|
|
|
|
(void) fputs (_(" -f, --force force removal of files,\n"
|
|
|
|
" even if not owned by user\n"),
|
|
|
|
usageout);
|
|
|
|
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
|
|
|
(void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout);
|
|
|
|
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
|
|
|
|
(void) fputs ("\n", usageout);
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-05 04:32:33 +05:30
|
|
|
exit (status);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* update_groups - delete user from secondary group set
|
|
|
|
*
|
|
|
|
* update_groups() takes the user name that was given and searches
|
|
|
|
* the group files for membership in any group.
|
2007-10-07 17:14:14 +05:30
|
|
|
*
|
|
|
|
* we also check to see if they have any groups they own (the same
|
|
|
|
* name is their user name) and delete them too (only if USERGROUPS_ENAB
|
|
|
|
* is enabled).
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
static void update_groups (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
|
|
|
const struct group *grp;
|
|
|
|
struct group *ngrp;
|
2007-10-07 17:14:59 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef SHADOWGRP
|
|
|
|
const struct sgrp *sgrp;
|
|
|
|
struct sgrp *nsgrp;
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Scan through the entire group file looking for the groups that
|
|
|
|
* the user is a member of.
|
|
|
|
*/
|
2008-06-10 00:40:44 +05:30
|
|
|
for (gr_rewind (), grp = gr_next (); NULL != grp; grp = gr_next ()) {
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* See if the user specified this group as one of their
|
|
|
|
* concurrent groups.
|
|
|
|
*/
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
if (!is_on_list (grp->gr_mem, user_name)) {
|
2007-10-07 17:14:02 +05:30
|
|
|
continue;
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2010-03-12 03:34:06 +05:30
|
|
|
/*
|
2007-10-07 17:14:02 +05:30
|
|
|
* Delete the username from the list of group members and
|
|
|
|
* update the group entry to reflect the change.
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
ngrp = __gr_dup (grp);
|
2008-06-10 00:40:44 +05:30
|
|
|
if (NULL == ngrp) {
|
2007-11-17 05:09:42 +05:30
|
|
|
fprintf (stderr,
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
_("%s: Out of memory. Cannot update %s.\n"),
|
|
|
|
Prog, gr_dbname ());
|
2007-10-07 17:14:59 +05:30
|
|
|
exit (13); /* XXX */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
|
2008-06-10 00:40:44 +05:30
|
|
|
if (gr_update (ngrp) == 0) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
* src/groupmems.c: Check the return value of gr_update().
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c,
src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the error
message sent to stderr in case of *_update () failure.
* src/chage.c, src/chsh.c, src/groupadd.c, src/passwd.c: Do not
log to syslog when pw_update() or spw_update() fail.
* src/newusers.c: Do not log specific error message to stderr when
sgr_update() fails.
* src/pwconv.c: Remove duplicated definition of Prog.
2008-08-30 23:57:34 +05:30
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
Prog, gr_dbname (), ngrp->gr_name);
|
2007-11-17 04:56:56 +05:30
|
|
|
exit (E_GRP_UPDATE);
|
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Update the DBM group file with the new entry as well.
|
|
|
|
*/
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting user from group",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
* src/chfn.c, src/chsh.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/login.c, src/logoutd.c,
src/newgrp.c, src/newusers.c, src/passwd.c, src/pwck.c,
src/suauth.c, src/useradd.c, src/userdel.c, src/usermod.c,
src/vipw.c: Complete the switch from the `' quotation style to ''.
Do it also in SYSLOG messages. Quote some parameters. All this
permits to merge some messages.
2008-08-06 21:21:52 +05:30
|
|
|
SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n",
|
2007-10-07 17:14:59 +05:30
|
|
|
user_name, ngrp->gr_name));
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2011-06-05 17:53:59 +05:30
|
|
|
if (getdef_bool ("USERGROUPS_ENAB")) {
|
|
|
|
remove_usergroup ();
|
2007-10-07 17:14:14 +05:30
|
|
|
}
|
2011-06-05 17:53:59 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef SHADOWGRP
|
2008-06-10 00:40:44 +05:30
|
|
|
if (!is_shadow_grp) {
|
2007-10-07 17:14:02 +05:30
|
|
|
return;
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Scan through the entire shadow group file looking for the groups
|
2007-10-07 17:14:59 +05:30
|
|
|
* that the user is a member of. Both the administrative list and
|
2007-10-07 17:14:02 +05:30
|
|
|
* the ordinary membership list is checked.
|
|
|
|
*/
|
2008-06-10 00:40:44 +05:30
|
|
|
for (sgr_rewind (), sgrp = sgr_next ();
|
|
|
|
NULL != sgrp;
|
|
|
|
sgrp = sgr_next ()) {
|
|
|
|
bool was_member, was_admin;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* See if the user specified this group as one of their
|
|
|
|
* concurrent groups.
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
was_member = is_on_list (sgrp->sg_mem, user_name);
|
|
|
|
was_admin = is_on_list (sgrp->sg_adm, user_name);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
if (!was_member && !was_admin) {
|
2007-10-07 17:14:02 +05:30
|
|
|
continue;
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
nsgrp = __sgr_dup (sgrp);
|
2008-06-10 00:40:44 +05:30
|
|
|
if (NULL == nsgrp) {
|
2007-11-17 05:09:42 +05:30
|
|
|
fprintf (stderr,
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
_("%s: Out of memory. Cannot update %s.\n"),
|
|
|
|
Prog, sgr_dbname ());
|
2007-10-07 17:14:59 +05:30
|
|
|
exit (13); /* XXX */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
if (was_member) {
|
2007-10-07 17:16:07 +05:30
|
|
|
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
if (was_admin) {
|
2007-10-07 17:16:07 +05:30
|
|
|
nsgrp->sg_adm = del_list (nsgrp->sg_adm, user_name);
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
if (sgr_update (nsgrp) == 0) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
* src/groupmems.c: Check the return value of gr_update().
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c,
src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the error
message sent to stderr in case of *_update () failure.
* src/chage.c, src/chsh.c, src/groupadd.c, src/passwd.c: Do not
log to syslog when pw_update() or spw_update() fail.
* src/newusers.c: Do not log specific error message to stderr when
sgr_update() fails.
* src/pwconv.c: Remove duplicated definition of Prog.
2008-08-30 23:57:34 +05:30
|
|
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
|
|
|
Prog, sgr_dbname (), nsgrp->sg_name);
|
2007-11-17 04:56:56 +05:30
|
|
|
exit (E_GRP_UPDATE);
|
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting user from shadow group",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
* src/chfn.c, src/chsh.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/login.c, src/logoutd.c,
src/newgrp.c, src/newusers.c, src/passwd.c, src/pwck.c,
src/suauth.c, src/useradd.c, src/userdel.c, src/usermod.c,
src/vipw.c: Complete the switch from the `' quotation style to ''.
Do it also in SYSLOG messages. Quote some parameters. All this
permits to merge some messages.
2008-08-06 21:21:52 +05:30
|
|
|
SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
|
2011-06-05 17:53:59 +05:30
|
|
|
user_name, nsgrp->sg_name));
|
|
|
|
}
|
|
|
|
#endif /* SHADOWGRP */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* remove_usergroup - delete the user's group if it is a usergroup
|
|
|
|
*
|
|
|
|
* An usergroup is removed if
|
|
|
|
* + it has the same name as the user
|
|
|
|
* + it is the primary group of the user
|
|
|
|
* + it has no other members
|
|
|
|
* + it is not the primary group of any other user
|
|
|
|
*/
|
|
|
|
static void remove_usergroup (void)
|
|
|
|
{
|
|
|
|
const struct group *grp;
|
|
|
|
const struct passwd *pwd = NULL;
|
|
|
|
|
|
|
|
grp = gr_locate (user_name);
|
|
|
|
if (NULL == grp) {
|
|
|
|
/* This user has no usergroup. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (grp->gr_gid != user_gid) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: group %s not removed because it is not the primary group of user %s.\n"),
|
|
|
|
Prog, grp->gr_name, user_name);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (NULL != grp->gr_mem[0]) {
|
|
|
|
/* The usergroup has other members. */
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: group %s not removed because it has other members.\n"),
|
|
|
|
Prog, grp->gr_name);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!fflg) {
|
|
|
|
/*
|
|
|
|
* Scan the passwd file to check if this group is still
|
|
|
|
* used as a primary group.
|
|
|
|
*/
|
|
|
|
setpwent ();
|
|
|
|
while ((pwd = getpwent ()) != NULL) {
|
|
|
|
if (strcmp (pwd->pw_name, user_name) == 0) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (pwd->pw_gid == grp->gr_gid) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: group %s is the primary group of another user and is not removed.\n"),
|
|
|
|
Prog, grp->gr_name);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
endpwent ();
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:16:25 +05:30
|
|
|
|
2011-06-05 17:53:59 +05:30
|
|
|
if (NULL == pwd) {
|
|
|
|
/*
|
|
|
|
* We can remove this group, it is not the primary
|
|
|
|
* group of any remaining user.
|
|
|
|
*/
|
|
|
|
if (gr_remove (grp->gr_name) == 0) {
|
2008-08-07 14:14:06 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: cannot remove entry '%s' from %s\n"),
|
2011-06-05 17:53:59 +05:30
|
|
|
Prog, grp->gr_name, gr_dbname ());
|
2008-08-07 14:14:06 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
}
|
2011-06-05 17:53:59 +05:30
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
|
"deleting group",
|
|
|
|
grp->gr_name, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
#endif /* WITH_AUDIT */
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"removed group '%s' owned by '%s'\n",
|
|
|
|
grp->gr_name, user_name));
|
|
|
|
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
if (sgr_locate (user_name) != NULL) {
|
|
|
|
if (sgr_remove (user_name) == 0) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: cannot remove entry '%s' from %s\n"),
|
|
|
|
Prog, user_name, sgr_dbname ());
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
}
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
audit_logger (AUDIT_DEL_GROUP, Prog,
|
|
|
|
"deleting shadow group",
|
|
|
|
grp->gr_name, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
|
|
|
#endif /* WITH_AUDIT */
|
|
|
|
SYSLOG ((LOG_INFO,
|
|
|
|
"removed shadow group '%s' owned by '%s'\n",
|
|
|
|
grp->gr_name, user_name));
|
|
|
|
|
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2011-06-05 17:53:59 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* close_files - close all of the files that were opened
|
|
|
|
*
|
|
|
|
* close_files() closes all of the files that were opened for this
|
2007-10-07 17:14:59 +05:30
|
|
|
* new user. This causes any modified entries to be written out.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
static void close_files (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
if (pw_close () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
|
2008-08-07 14:14:06 +05:30
|
|
|
SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
|
|
|
|
fail_exit (E_PW_UPDATE);
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
}
|
2008-08-07 14:14:06 +05:30
|
|
|
if (pw_unlock () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
|
|
|
/* continue */
|
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
pw_locked = false;
|
2008-08-07 14:14:06 +05:30
|
|
|
|
|
|
|
if (is_shadow_pwd) {
|
|
|
|
if (spw_close () == 0) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
|
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
}
|
|
|
|
if (spw_unlock () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
|
|
|
/* continue */
|
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
spw_locked = false;
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
}
|
2008-08-07 14:14:06 +05:30
|
|
|
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
if (gr_close () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
|
2008-08-07 14:14:06 +05:30
|
|
|
SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
}
|
2008-08-07 14:14:06 +05:30
|
|
|
if (gr_unlock () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
|
|
|
/* continue */
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
gr_locked = false;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-08-07 14:14:06 +05:30
|
|
|
#ifdef SHADOWGRP
|
2008-06-10 00:40:44 +05:30
|
|
|
if (is_shadow_grp) {
|
2008-08-07 14:14:06 +05:30
|
|
|
if (sgr_close () == 0) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
|
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sgr_unlock () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
|
|
|
/* continue */
|
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
sgr_locked = false;
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* fail_exit - exit with a failure code after unlocking the files
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
static void fail_exit (int code)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
if (pw_locked) {
|
2008-08-07 14:14:06 +05:30
|
|
|
if (pw_unlock () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
|
|
|
/* continue */
|
|
|
|
}
|
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
if (gr_locked) {
|
2008-08-07 14:14:06 +05:30
|
|
|
if (gr_unlock () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
|
|
|
/* continue */
|
|
|
|
}
|
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
if (spw_locked) {
|
2008-08-07 14:14:06 +05:30
|
|
|
if (spw_unlock () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
|
|
|
/* continue */
|
|
|
|
}
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef SHADOWGRP
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
if (sgr_locked) {
|
2008-08-07 14:14:06 +05:30
|
|
|
if (sgr_unlock () == 0) {
|
|
|
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
|
|
|
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
|
|
|
/* continue */
|
|
|
|
}
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2008-08-07 14:14:06 +05:30
|
|
|
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting user",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2008-08-07 14:14:06 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
exit (code);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* open_files - lock and open the password files
|
|
|
|
*
|
|
|
|
* open_files() opens the two password files.
|
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
static void open_files (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2008-06-10 00:40:44 +05:30
|
|
|
if (pw_lock () == 0) {
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
2008-08-22 07:50:53 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
Prog, pw_dbname ());
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"locking password file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2008-08-07 14:14:06 +05:30
|
|
|
fail_exit (E_PW_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
pw_locked = true;
|
2008-06-10 00:40:44 +05:30
|
|
|
if (pw_open (O_RDWR) == 0) {
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"opening password file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2007-10-07 17:14:59 +05:30
|
|
|
fail_exit (E_PW_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2008-08-07 14:14:06 +05:30
|
|
|
if (is_shadow_pwd) {
|
|
|
|
if (spw_lock () == 0) {
|
|
|
|
fprintf (stderr,
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
2008-08-22 07:50:53 +05:30
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
Prog, spw_dbname ());
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-08-07 14:14:06 +05:30
|
|
|
"locking shadow password file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2008-08-07 14:14:06 +05:30
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
spw_locked = true;
|
2008-08-07 14:14:06 +05:30
|
|
|
if (spw_open (O_RDWR) == 0) {
|
|
|
|
fprintf (stderr,
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
2008-08-22 07:50:53 +05:30
|
|
|
_("%s: cannot open %s\n"),
|
|
|
|
Prog, spw_dbname ());
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-08-07 14:14:06 +05:30
|
|
|
"opening shadow password file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2008-08-07 14:14:06 +05:30
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2008-06-10 00:40:44 +05:30
|
|
|
if (gr_lock () == 0) {
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
fprintf (stderr,
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
2008-08-22 07:50:53 +05:30
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
Prog, gr_dbname ());
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"locking group file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2007-10-07 17:14:59 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
gr_locked = true;
|
2008-06-10 00:40:44 +05:30
|
|
|
if (gr_open (O_RDWR) == 0) {
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"opening group file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2007-10-07 17:14:59 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
#ifdef SHADOWGRP
|
2008-08-07 14:14:06 +05:30
|
|
|
if (is_shadow_grp) {
|
|
|
|
if (sgr_lock () == 0) {
|
|
|
|
fprintf (stderr,
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
2008-08-22 07:50:53 +05:30
|
|
|
_("%s: cannot lock %s; try again later.\n"),
|
|
|
|
Prog, sgr_dbname ());
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-08-07 14:14:06 +05:30
|
|
|
"locking shadow group file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2008-08-07 14:14:06 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
}
|
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
2008-08-22 07:52:34 +05:30
|
|
|
sgr_locked= true;
|
2008-08-07 14:14:06 +05:30
|
|
|
if (sgr_open (O_RDWR) == 0) {
|
|
|
|
fprintf (stderr, _("%s: cannot open %s\n"),
|
|
|
|
Prog, sgr_dbname ());
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-08-07 14:14:06 +05:30
|
|
|
"opening shadow group file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2008-08-07 14:14:06 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* update_user - delete the user entries
|
|
|
|
*
|
|
|
|
* update_user() deletes the password file entries for this user
|
|
|
|
* and will update the group entries as required.
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
static void update_user (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2008-06-10 00:40:44 +05:30
|
|
|
if (pw_remove (user_name) == 0) {
|
2007-10-07 17:15:23 +05:30
|
|
|
fprintf (stderr,
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
_("%s: cannot remove entry '%s' from %s\n"),
|
|
|
|
Prog, user_name, pw_dbname ());
|
2007-11-17 04:56:56 +05:30
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
}
|
2009-03-16 02:59:16 +05:30
|
|
|
if ( is_shadow_pwd
|
|
|
|
&& (spw_locate (user_name) != NULL)
|
|
|
|
&& (spw_remove (user_name) == 0)) {
|
2007-10-07 17:15:23 +05:30
|
|
|
fprintf (stderr,
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
_("%s: cannot remove entry '%s' from %s\n"),
|
|
|
|
Prog, user_name, spw_dbname ());
|
2007-11-17 04:56:56 +05:30
|
|
|
fail_exit (E_PW_UPDATE);
|
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting user entries",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
* src/chfn.c, src/chsh.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/login.c, src/logoutd.c,
src/newgrp.c, src/newusers.c, src/passwd.c, src/pwck.c,
src/suauth.c, src/useradd.c, src/userdel.c, src/usermod.c,
src/vipw.c: Complete the switch from the `' quotation style to ''.
Do it also in SYSLOG messages. Quote some parameters. All this
permits to merge some messages.
2008-08-06 21:21:52 +05:30
|
|
|
SYSLOG ((LOG_INFO, "delete user '%s'\n", user_name));
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2010-03-12 03:34:06 +05:30
|
|
|
/*
|
2007-10-07 17:14:02 +05:30
|
|
|
* user_cancel - cancel cron and at jobs
|
|
|
|
*
|
2009-05-13 00:53:46 +05:30
|
|
|
* user_cancel calls a script for additional cleanups like removal of
|
|
|
|
* cron, at, or print jobs.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
static void user_cancel (const char *user)
|
|
|
|
{
|
* libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c,
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
libmisc/loginprompt.c, libmisc/ttytype.c,
libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
lib/commonio.c, lib/commonio.h: Fix some const issues.
* libmisc/motd.c: Avoid multi-statements lines.
* libmisc/motd.c: Support long MOTD_FILE.
* libmisc/list.c, lib/prototypes.h: Revert previous change.
dup_list and is_on_list are used with members as defined for the
group structure, and thus even if the list is not modified, the
list elements cannot be constant strings.
* libmisc/system.c: Avoid C++ comments.
* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
string. Split the Usage string.
* lib/commonio.h: Re-indent.
2010-08-21 21:02:53 +05:30
|
|
|
const char *cmd;
|
2011-08-20 19:03:38 +05:30
|
|
|
const char *argv[3];
|
2007-10-07 17:15:23 +05:30
|
|
|
int status;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
cmd = getdef_str ("USERDEL_CMD");
|
2008-06-14 01:53:26 +05:30
|
|
|
if (NULL == cmd) {
|
2007-10-07 17:15:23 +05:30
|
|
|
return;
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2011-08-20 19:03:38 +05:30
|
|
|
argv[0] = cmd;
|
|
|
|
argv[1] = user;
|
|
|
|
argv[2] = (char *)0;
|
|
|
|
(void) run_command (cmd, argv, NULL, &status);
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
#ifdef EXTRA_CHECK_HOME_DIR
|
2008-06-10 00:40:44 +05:30
|
|
|
static bool path_prefix (const char *s1, const char *s2)
|
2007-10-07 17:15:23 +05:30
|
|
|
{
|
2008-06-10 00:40:44 +05:30
|
|
|
return ( (strncmp (s2, s1, strlen (s1)) == 0)
|
|
|
|
&& ( ('\0' == s2[strlen (s1)])
|
|
|
|
|| ('/' == s2[strlen (s1)])));
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* EXTRA_CHECK_HOME_DIR */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2009-05-22 16:11:10 +05:30
|
|
|
/*
|
|
|
|
* is_owner - Check if path is owned by uid
|
|
|
|
*
|
|
|
|
* Return
|
|
|
|
* 1: path exists and is owned by uid
|
* libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
2010-08-23 00:43:53 +05:30
|
|
|
* 0: path is not owned by uid, or a failure occurred
|
2009-05-22 16:11:10 +05:30
|
|
|
* -1: path does not exist
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
static int is_owner (uid_t uid, const char *path)
|
|
|
|
{
|
|
|
|
struct stat st;
|
|
|
|
|
2009-05-22 16:11:10 +05:30
|
|
|
errno = 0;
|
2008-06-10 00:40:44 +05:30
|
|
|
if (stat (path, &st) != 0) {
|
2009-05-22 16:11:10 +05:30
|
|
|
if ((ENOENT == errno) || (ENOTDIR == errno)) {
|
|
|
|
/* The file or directory does not exist */
|
|
|
|
return -1;
|
|
|
|
} else {
|
|
|
|
return 0;
|
|
|
|
}
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
* libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
2010-08-23 00:43:53 +05:30
|
|
|
return (st.st_uid == uid) ? 1 : 0;
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2009-05-22 16:11:10 +05:30
|
|
|
static int remove_mailbox (void)
|
2007-10-07 17:15:23 +05:30
|
|
|
{
|
|
|
|
const char *maildir;
|
|
|
|
char mailfile[1024];
|
|
|
|
int i;
|
2009-05-22 16:11:10 +05:30
|
|
|
int errors = 0;
|
2007-10-07 17:15:23 +05:30
|
|
|
|
|
|
|
maildir = getdef_str ("MAIL_DIR");
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef MAIL_SPOOL_DIR
|
2008-06-10 00:40:44 +05:30
|
|
|
if ((NULL == maildir) && (getdef_str ("MAIL_FILE") == NULL)) {
|
2007-10-07 17:15:23 +05:30
|
|
|
maildir = MAIL_SPOOL_DIR;
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* MAIL_SPOOL_DIR */
|
2008-06-10 00:40:44 +05:30
|
|
|
if (NULL == maildir) {
|
2009-05-22 16:11:10 +05:30
|
|
|
return 0;
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
snprintf (mailfile, sizeof mailfile, "%s/%s", maildir, user_name);
|
2011-06-05 04:08:57 +05:30
|
|
|
|
|
|
|
if (access (mailfile, F_OK) != 0) {
|
|
|
|
if (ENOENT == errno) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: %s mail spool (%s) not found\n"),
|
2011-07-09 01:20:42 +05:30
|
|
|
Prog, user_name, mailfile);
|
2011-06-05 04:08:57 +05:30
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: warning: can't remove %s: %s\n"),
|
|
|
|
Prog, mailfile, strerror (errno));
|
|
|
|
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
"deleting mail file",
|
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
|
|
|
#endif /* WITH_AUDIT */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
if (fflg) {
|
2008-09-04 02:52:04 +05:30
|
|
|
if (unlink (mailfile) != 0) {
|
2009-05-22 16:11:10 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: warning: can't remove %s: %s\n"),
|
|
|
|
Prog, mailfile, strerror (errno));
|
2008-09-04 02:52:04 +05:30
|
|
|
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:52:04 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
"deleting mail file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2009-05-22 16:11:10 +05:30
|
|
|
errors = 1;
|
2008-09-04 02:52:04 +05:30
|
|
|
/* continue */
|
|
|
|
}
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
else
|
|
|
|
{
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
"deleting mail file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2008-09-04 02:52:04 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2009-05-22 16:11:10 +05:30
|
|
|
return errors;
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
|
|
|
i = is_owner (user_id, mailfile);
|
|
|
|
if (i == 0) {
|
|
|
|
fprintf (stderr,
|
2008-06-14 01:53:26 +05:30
|
|
|
_("%s: %s not owned by %s, not removing\n"),
|
|
|
|
Prog, mailfile, user_name);
|
2009-05-22 16:11:10 +05:30
|
|
|
SYSLOG ((LOG_ERR,
|
|
|
|
"%s not owned by %s, not removed",
|
|
|
|
mailfile, strerror (errno)));
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting mail file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2009-05-22 16:11:10 +05:30
|
|
|
return 1;
|
2008-08-30 23:57:59 +05:30
|
|
|
} else if (i == -1) {
|
2009-05-22 16:11:10 +05:30
|
|
|
return 0; /* mailbox doesn't exist */
|
2008-08-30 23:57:59 +05:30
|
|
|
}
|
2008-06-10 00:40:44 +05:30
|
|
|
if (unlink (mailfile) != 0) {
|
2009-05-22 16:11:10 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: warning: can't remove %s: %s\n"),
|
|
|
|
Prog, mailfile, strerror (errno));
|
2008-08-30 23:57:59 +05:30
|
|
|
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
|
2008-09-04 02:32:32 +05:30
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
"deleting mail file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2009-05-22 16:11:10 +05:30
|
|
|
errors = 1;
|
2008-08-30 23:57:59 +05:30
|
|
|
/* continue */
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:52:04 +05:30
|
|
|
else
|
|
|
|
{
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting mail file",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2007-10-07 17:17:01 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2009-05-22 16:11:10 +05:30
|
|
|
return errors;
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
#ifdef WITH_TCB
|
|
|
|
static int remove_tcbdir (const char *user_name, uid_t user_id)
|
|
|
|
{
|
|
|
|
char *buf;
|
|
|
|
int ret = 0;
|
2010-03-12 03:31:59 +05:30
|
|
|
size_t bufsize = (sizeof TCB_DIR) + strlen (user_name) + 2;
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
|
2010-03-12 03:34:06 +05:30
|
|
|
if (!getdef_bool ("USE_TCB")) {
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
return 0;
|
2010-03-12 03:34:06 +05:30
|
|
|
}
|
|
|
|
|
2010-03-12 03:31:59 +05:30
|
|
|
buf = malloc (buflen);
|
|
|
|
if (NULL == buf) {
|
2010-03-17 00:44:54 +05:30
|
|
|
fprintf (stderr, _("%s: Can't allocate memory, "
|
|
|
|
"tcb entry for %s not removed.\n"),
|
|
|
|
Prog, user_name);
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
return 1;
|
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
snprintf (buf, buflen, TCB_DIR "/%s", user_name);
|
2010-03-18 14:51:27 +05:30
|
|
|
if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
|
2010-03-17 00:44:54 +05:30
|
|
|
fprintf (stderr, _("%s: Cannot drop privileges: %s\n"),
|
|
|
|
Prog, strerror (errno));
|
2010-03-17 00:43:53 +05:30
|
|
|
shadowtcb_gain_priv ();
|
2010-03-12 03:31:59 +05:30
|
|
|
free (buf);
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
/* Only remove directory contents with dropped privileges.
|
|
|
|
* We will regain them and remove the user's tcb directory afterwards.
|
|
|
|
*/
|
2010-03-12 03:34:06 +05:30
|
|
|
if (remove_tree (buf, false) != 0) {
|
2010-03-17 00:44:54 +05:30
|
|
|
fprintf (stderr, _("%s: Cannot remove the content of %s: %s\n"),
|
|
|
|
Prog, buf, strerror (errno));
|
2010-03-12 03:31:59 +05:30
|
|
|
shadowtcb_gain_priv ();
|
|
|
|
free (buf);
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
return 1;
|
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
shadowtcb_gain_priv ();
|
|
|
|
free (buf);
|
2010-03-18 14:51:27 +05:30
|
|
|
if (shadowtcb_remove (user_name) == SHADOWTCB_FAILURE) {
|
2010-03-17 00:44:54 +05:30
|
|
|
fprintf (stderr, _("%s: Cannot remove tcb files for %s: %s\n"),
|
|
|
|
Prog, user_name, strerror (errno));
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
ret = 1;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_TCB */
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* main - userdel command
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
int main (int argc, char **argv)
|
|
|
|
{
|
2008-09-04 02:52:04 +05:30
|
|
|
int errors = 0; /* Error in the removal of the home directory */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
#ifdef ACCT_TOOLS_SETUID
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
2007-10-07 17:15:23 +05:30
|
|
|
pam_handle_t *pamh = NULL;
|
|
|
|
int retval;
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
#endif /* USE_PAM */
|
|
|
|
#endif /* ACCT_TOOLS_SETUID */
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
/*
|
|
|
|
* Get my name so that I can use it to report errors.
|
|
|
|
*/
|
|
|
|
Prog = Basename (argv[0]);
|
2008-06-10 00:40:44 +05:30
|
|
|
(void) setlocale (LC_ALL, "");
|
|
|
|
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
|
(void) textdomain (PACKAGE);
|
2007-10-07 17:15:40 +05:30
|
|
|
|
2011-11-07 00:07:32 +05:30
|
|
|
process_root_flag ("-R", argc, argv);
|
|
|
|
|
|
|
|
OPENLOG ("userdel");
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
audit_help_open ();
|
|
|
|
#endif /* WITH_AUDIT */
|
|
|
|
|
2007-10-07 17:17:33 +05:30
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Parse the command line options.
|
|
|
|
*/
|
|
|
|
int c;
|
|
|
|
static struct option long_options[] = {
|
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/faillog.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmems.c, src/groupmod.c, src/grpconv.c, src/grpunconv.c,
src/lastlog.c, src/newusers.c, src/passwd.c, src/pwconv.c,
src/pwunconv.c, src/su.c, src/useradd.c, src/userdel.c,
src/usermod.c, src/vipw.c: Align and sort options.
2011-11-07 00:09:59 +05:30
|
|
|
{"force", no_argument, NULL, 'f'},
|
|
|
|
{"help", no_argument, NULL, 'h'},
|
|
|
|
{"remove", no_argument, NULL, 'r'},
|
|
|
|
{"root", required_argument, NULL, 'R'},
|
2007-10-07 17:17:33 +05:30
|
|
|
{NULL, 0, NULL, '\0'}
|
|
|
|
};
|
2011-11-07 00:07:32 +05:30
|
|
|
while ((c = getopt_long (argc, argv, "fhrR:",
|
2008-06-10 00:40:44 +05:30
|
|
|
long_options, NULL)) != -1) {
|
2007-10-07 17:17:33 +05:30
|
|
|
switch (c) {
|
|
|
|
case 'f': /* force remove even if not owned by user */
|
2008-06-10 00:40:44 +05:30
|
|
|
fflg = true;
|
2007-10-07 17:17:33 +05:30
|
|
|
break;
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-05 04:32:33 +05:30
|
|
|
case 'h':
|
|
|
|
usage (E_SUCCESS);
|
* src/userdel.c, src/lastlog.c, src/gpasswd.c, src/newusers.c,
src/chpasswd.c, src/groupmems.c, src/usermod.c, src/chgpasswd.c,
src/vipw.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c,
src/groupadd.c, src/chage.c, src/faillog.c, src/chsh.c: Use
booleans for tests.
* src/userdel.c, src/gpasswd.c, src/groupmems.c, src/usermod.c,
src/groupmod.c, src/passwd.c: Use a break even after usage().
2009-09-06 04:01:29 +05:30
|
|
|
break;
|
2007-10-07 17:17:33 +05:30
|
|
|
case 'r': /* remove home dir and mailbox */
|
2008-06-10 00:40:44 +05:30
|
|
|
rflg = true;
|
2007-10-07 17:17:33 +05:30
|
|
|
break;
|
2011-11-07 00:07:32 +05:30
|
|
|
case 'R': /* no-op, handled in process_root_flag () */
|
|
|
|
break;
|
2007-10-07 17:17:33 +05:30
|
|
|
default:
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-05 04:32:33 +05:30
|
|
|
usage (E_USAGE);
|
2007-10-07 17:17:33 +05:30
|
|
|
}
|
2007-10-07 17:15:40 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
if ((optind + 1) != argc) {
|
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-05 04:32:33 +05:30
|
|
|
usage (E_USAGE);
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2007-10-07 17:15:40 +05:30
|
|
|
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
#ifdef ACCT_TOOLS_SETUID
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
{
|
|
|
|
struct passwd *pampw;
|
|
|
|
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
|
|
|
|
if (pampw == NULL) {
|
Additional PAM cleanup:
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: If the username cannot be determined, report it as
such (not a PAM authentication failure).
2008-09-07 05:16:44 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: Cannot determine your user name.\n"),
|
|
|
|
Prog);
|
|
|
|
exit (E_PW_UPDATE);
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
}
|
Additional PAM cleanup:
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: If the username cannot be determined, report it as
such (not a PAM authentication failure).
2008-09-07 05:16:44 +05:30
|
|
|
|
|
|
|
retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh);
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
}
|
2007-10-07 17:14:38 +05:30
|
|
|
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
if (PAM_SUCCESS == retval) {
|
2007-10-07 17:15:23 +05:30
|
|
|
retval = pam_authenticate (pamh, 0);
|
|
|
|
}
|
|
|
|
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
if (PAM_SUCCESS == retval) {
|
2007-10-07 17:15:23 +05:30
|
|
|
retval = pam_acct_mgmt (pamh, 0);
|
|
|
|
}
|
|
|
|
|
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
handle, but terminate the PAM transaction as soon as possible if
there are no PAM session opened.
2008-09-06 18:58:02 +05:30
|
|
|
if (NULL != pamh) {
|
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
2008-08-06 21:27:31 +05:30
|
|
|
(void) pam_end (pamh, retval);
|
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
handle, but terminate the PAM transaction as soon as possible if
there are no PAM session opened.
2008-09-06 18:58:02 +05:30
|
|
|
}
|
|
|
|
if (PAM_SUCCESS != retval) {
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
2007-10-07 17:15:40 +05:30
|
|
|
exit (E_PW_UPDATE);
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* USE_PAM */
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
#endif /* ACCT_TOOLS_SETUID */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
is_shadow_pwd = spw_file_present ();
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef SHADOWGRP
|
2007-10-07 17:15:23 +05:30
|
|
|
is_shadow_grp = sgr_file_present ();
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 17:16:07 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
/*
|
|
|
|
* Start with a quick check to see if the user exists.
|
|
|
|
*/
|
|
|
|
user_name = argv[argc - 1];
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
{
|
|
|
|
struct passwd *pwd;
|
2008-06-10 00:40:44 +05:30
|
|
|
pwd = getpwnam (user_name); /* local, no need for xgetpwnam */
|
|
|
|
if (NULL == pwd) {
|
* src/chfn.c, src/chsh.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/login.c, src/logoutd.c,
src/newgrp.c, src/newusers.c, src/passwd.c, src/pwck.c,
src/suauth.c, src/useradd.c, src/userdel.c, src/usermod.c,
src/vipw.c: Complete the switch from the `' quotation style to ''.
Do it also in SYSLOG messages. Quote some parameters. All this
permits to merge some messages.
2008-08-06 21:21:52 +05:30
|
|
|
fprintf (stderr, _("%s: user '%s' does not exist\n"),
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
Prog, user_name);
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting user not found",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
exit (E_NOTFOUND);
|
|
|
|
}
|
|
|
|
user_id = pwd->pw_uid;
|
2011-06-05 17:53:59 +05:30
|
|
|
user_gid = pwd->pw_gid;
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
user_home = xstrdup (pwd->pw_dir);
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
#ifdef WITH_TCB
|
2010-03-18 14:51:27 +05:30
|
|
|
if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) {
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
exit (E_NOTFOUND);
|
2010-03-12 03:34:06 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_TCB */
|
2007-10-07 17:14:59 +05:30
|
|
|
#ifdef USE_NIS
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
/*
|
|
|
|
* Now make sure it isn't an NIS user.
|
|
|
|
*/
|
|
|
|
if (__ispwNIS ()) {
|
|
|
|
char *nis_domain;
|
|
|
|
char *nis_master;
|
|
|
|
|
|
|
|
fprintf (stderr,
|
2010-03-17 00:44:54 +05:30
|
|
|
_("%s: user %s is a NIS user\n"), Prog, user_name);
|
2008-06-10 00:40:44 +05:30
|
|
|
if ( !yp_get_default_domain (&nis_domain)
|
2007-10-07 17:16:07 +05:30
|
|
|
&& !yp_master (nis_domain, "passwd.byname", &nis_master)) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
2010-03-17 00:44:54 +05:30
|
|
|
_("%s: %s is the NIS master\n"),
|
|
|
|
Prog, nis_master);
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
|
|
|
exit (E_NOTFOUND);
|
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* USE_NIS */
|
2007-10-07 17:15:23 +05:30
|
|
|
/*
|
|
|
|
* Check to make certain the user isn't logged in.
|
2009-05-19 00:02:17 +05:30
|
|
|
* Note: This is a best effort basis. The user may log in between,
|
|
|
|
* a cron job may be started on her behalf, etc.
|
2007-10-07 17:15:23 +05:30
|
|
|
*/
|
2009-05-19 00:02:17 +05:30
|
|
|
if (user_busy (user_name, user_id) != 0) {
|
|
|
|
if (!fflg) {
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
|
|
|
"deleting user logged in",
|
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2009-05-19 00:02:17 +05:30
|
|
|
exit (E_USER_BUSY);
|
|
|
|
}
|
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
/*
|
|
|
|
* Do the hard stuff - open the files, create the user entries,
|
|
|
|
* create the home directory, then close and update the files.
|
|
|
|
*/
|
|
|
|
open_files ();
|
|
|
|
update_user ();
|
|
|
|
update_groups ();
|
|
|
|
|
2008-06-10 00:40:44 +05:30
|
|
|
if (rflg) {
|
2009-05-22 16:11:10 +05:30
|
|
|
errors += remove_mailbox ();
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2009-05-22 16:11:10 +05:30
|
|
|
if (rflg) {
|
|
|
|
int home_owned = is_owner (user_id, user_home);
|
|
|
|
if (-1 == home_owned) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: %s home directory (%s) not found\n"),
|
|
|
|
Prog, user_name, user_home);
|
|
|
|
rflg = 0;
|
|
|
|
} else if ((0 == home_owned) && !fflg) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: %s not owned by %s, not removing\n"),
|
|
|
|
Prog, user_home, user_name);
|
|
|
|
rflg = 0;
|
|
|
|
errors++;
|
|
|
|
/* continue */
|
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2007-10-07 20:06:51 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef EXTRA_CHECK_HOME_DIR
|
2007-10-07 17:17:01 +05:30
|
|
|
/* This may be slow, the above should be good enough. */
|
2007-10-07 17:15:23 +05:30
|
|
|
if (rflg && !fflg) {
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
struct passwd *pwd;
|
2007-10-07 17:15:23 +05:30
|
|
|
/*
|
|
|
|
* For safety, refuse to remove the home directory if it
|
|
|
|
* would result in removing some other user's home
|
|
|
|
* directory. Still not perfect so be careful, but should
|
|
|
|
* prevent accidents if someone has /home or / as home
|
|
|
|
* directory... --marekm
|
|
|
|
*/
|
|
|
|
setpwent ();
|
|
|
|
while ((pwd = getpwent ())) {
|
2008-06-10 00:40:44 +05:30
|
|
|
if (strcmp (pwd->pw_name, user_name) == 0) {
|
2007-10-07 17:15:23 +05:30
|
|
|
continue;
|
2008-06-10 00:40:44 +05:30
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
if (path_prefix (user_home, pwd->pw_dir)) {
|
|
|
|
fprintf (stderr,
|
2010-03-17 00:44:54 +05:30
|
|
|
_("%s: not removing directory %s (would remove home of user %s)\n"),
|
|
|
|
Prog, user_home, pwd->pw_name);
|
2008-06-10 00:40:44 +05:30
|
|
|
rflg = false;
|
2007-10-07 17:15:23 +05:30
|
|
|
errors++;
|
2008-09-04 02:52:04 +05:30
|
|
|
/* continue */
|
2007-10-07 17:15:23 +05:30
|
|
|
break;
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
endpwent ();
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* EXTRA_CHECK_HOME_DIR */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
if (rflg) {
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
if (remove_tree (user_home, true) != 0) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
2010-03-12 03:34:06 +05:30
|
|
|
_("%s: error removing directory %s\n"),
|
|
|
|
Prog, user_home);
|
2008-09-04 02:52:04 +05:30
|
|
|
errors++;
|
|
|
|
/* continue */
|
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:52:04 +05:30
|
|
|
else
|
|
|
|
{
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting home directory",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, (unsigned int) user_id,
|
|
|
|
SHADOW_AUDIT_SUCCESS);
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2008-09-04 02:52:04 +05:30
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-09-04 02:52:04 +05:30
|
|
|
if (0 != errors) {
|
2008-09-04 02:32:32 +05:30
|
|
|
audit_logger (AUDIT_DEL_USER, Prog,
|
2008-06-14 01:53:26 +05:30
|
|
|
"deleting home directory",
|
2008-09-05 01:05:48 +05:30
|
|
|
user_name, AUDIT_NO_ID,
|
|
|
|
SHADOW_AUDIT_FAILURE);
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_AUDIT */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2009-04-16 02:44:08 +05:30
|
|
|
#ifdef WITH_SELINUX
|
|
|
|
if (is_selinux_enabled () > 0) {
|
|
|
|
const char *args[5];
|
|
|
|
args[0] = "/usr/sbin/semanage";
|
|
|
|
args[1] = "login";
|
|
|
|
args[2] = "-d";
|
|
|
|
args[3] = user_name;
|
|
|
|
args[4] = NULL;
|
* libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
2010-08-23 00:43:53 +05:30
|
|
|
safe_system (args[0], args, NULL, true);
|
2009-04-16 02:44:08 +05:30
|
|
|
}
|
2010-03-12 03:31:59 +05:30
|
|
|
#endif /* WITH_SELINUX */
|
2009-04-16 02:44:08 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
/*
|
|
|
|
* Cancel any crontabs or at jobs. Have to do this before we remove
|
|
|
|
* the entry from /etc/passwd.
|
|
|
|
*/
|
|
|
|
user_cancel (user_name);
|
|
|
|
close_files ();
|
2007-10-07 20:06:51 +05:30
|
|
|
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
#ifdef WITH_TCB
|
2010-03-12 03:31:59 +05:30
|
|
|
errors += remove_tcbdir (user_name, user_id);
|
|
|
|
#endif /* WITH_TCB */
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
|
2007-10-07 20:06:51 +05:30
|
|
|
nscd_flush_cache ("passwd");
|
|
|
|
nscd_flush_cache ("group");
|
|
|
|
|
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-05-01 03:09:38 +05:30
|
|
|
return ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
|
2007-10-07 17:15:23 +05:30
|
|
|
}
|
2008-06-10 00:40:44 +05:30
|
|
|
|