2008-04-27 00:40:09 +00:00
|
|
|
/*
|
2021-12-05 09:35:27 -06:00
|
|
|
* SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
|
|
|
|
* SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
|
|
|
|
* SPDX-FileCopyrightText: 2003 - 2006, Tomasz Kłoczko
|
|
|
|
* SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
|
2008-04-27 00:40:09 +00:00
|
|
|
*
|
2021-12-05 09:35:27 -06:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
2008-04-27 00:40:09 +00:00
|
|
|
*/
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/*
|
|
|
|
* prototypes.h
|
|
|
|
*
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
* prototypes of libmisc functions, and private lib functions.
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
2007-11-10 23:46:11 +00:00
|
|
|
* $Id$
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _PROTOTYPES_H
|
|
|
|
#define _PROTOTYPES_H
|
|
|
|
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 14:54:22 +02:00
|
|
|
#include <config.h>
|
|
|
|
|
2022-12-22 15:26:01 +01:00
|
|
|
#include <sys/socket.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <utmp.h>
|
2008-08-30 18:30:58 +00:00
|
|
|
#include <sys/types.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
#include <pwd.h>
|
|
|
|
#include <grp.h>
|
2008-01-05 13:07:54 +00:00
|
|
|
#include <shadow.h>
|
2008-01-05 17:20:45 +00:00
|
|
|
#include <lastlog.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
#include "defines.h"
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
#include "commonio.h"
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* addgrps.c */
|
2009-04-05 22:29:42 +00:00
|
|
|
#if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
|
2007-10-07 11:46:07 +00:00
|
|
|
extern int add_groups (const char *);
|
2009-04-05 22:29:42 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* age.c */
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern void agecheck (/*@null@*/const struct spwd *);
|
2009-04-23 17:43:27 +00:00
|
|
|
extern int expire (const struct passwd *, /*@null@*/const struct spwd *);
|
libmisc: agetpass(), erase_pass(): Add functions for getting passwords safely
There are several issues with getpass(3).
Many implementations of it share the same issues that the infamous
gets(3). In glibc it's not so terrible, since it's a wrapper
around getline(3). But it still has an important bug:
If the password is long enough, getline(3) will realloc(3) memory,
and prefixes of the password will be laying around in some
deallocated memory.
See the getpass(3) manual page for more details, and especially
the commit that marked it as deprecated, which links to a long
discussion in the linux-man@ mailing list.
So, readpassphrase(3bsd) is preferrable, which is provided by
libbsd on GNU systems. However, using readpassphrase(3) directly
is a bit verbose, so we can write our own wrapper with a simpler
interface similar to that of getpass(3).
One of the benefits of writing our own interface around
readpassphrase(3) is that we can hide there any checks that should
be done always and which would be error-prone to repeat every
time. For example, check that there was no truncation in the
password.
Also, use malloc(3) to get the buffer, instead of using a global
buffer. We're not using a multithreaded program (and it wouldn't
make sense to do so), but it's nice to know that the visibility of
our passwords is as limited as possible.
erase_pass() is a clean-up function that handles all clean-up
correctly, including zeroing the entire buffer, and then
free(3)ing the memory. By using [[gnu::malloc(erase_pass)]], we
make sure that we don't leak the buffers in any case, since the
compiler will be able to enforce clean up.
Link: <https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit?id=7ca189099d73bde954eed2d7fc21732bcc8ddc6b>
Reported-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2022-09-26 22:22:24 +02:00
|
|
|
|
|
|
|
/* agetpass.c */
|
|
|
|
extern void erase_pass(char *pass);
|
2022-09-28 23:09:19 +02:00
|
|
|
ATTR_MALLOC(erase_pass)
|
libmisc: agetpass(), erase_pass(): Add functions for getting passwords safely
There are several issues with getpass(3).
Many implementations of it share the same issues that the infamous
gets(3). In glibc it's not so terrible, since it's a wrapper
around getline(3). But it still has an important bug:
If the password is long enough, getline(3) will realloc(3) memory,
and prefixes of the password will be laying around in some
deallocated memory.
See the getpass(3) manual page for more details, and especially
the commit that marked it as deprecated, which links to a long
discussion in the linux-man@ mailing list.
So, readpassphrase(3bsd) is preferrable, which is provided by
libbsd on GNU systems. However, using readpassphrase(3) directly
is a bit verbose, so we can write our own wrapper with a simpler
interface similar to that of getpass(3).
One of the benefits of writing our own interface around
readpassphrase(3) is that we can hide there any checks that should
be done always and which would be error-prone to repeat every
time. For example, check that there was no truncation in the
password.
Also, use malloc(3) to get the buffer, instead of using a global
buffer. We're not using a multithreaded program (and it wouldn't
make sense to do so), but it's nice to know that the visibility of
our passwords is as limited as possible.
erase_pass() is a clean-up function that handles all clean-up
correctly, including zeroing the entire buffer, and then
free(3)ing the memory. By using [[gnu::malloc(erase_pass)]], we
make sure that we don't leak the buffers in any case, since the
compiler will be able to enforce clean up.
Link: <https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit?id=7ca189099d73bde954eed2d7fc21732bcc8ddc6b>
Reported-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2022-09-26 22:22:24 +02:00
|
|
|
extern char *agetpass(const char *prompt);
|
|
|
|
|
2009-04-23 17:43:27 +00:00
|
|
|
/* isexpired.c */
|
|
|
|
extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2019-01-21 09:32:36 +01:00
|
|
|
/* btrfs.c */
|
2019-01-23 16:17:05 +01:00
|
|
|
#ifdef WITH_BTRFS
|
2019-01-21 09:32:36 +01:00
|
|
|
extern int btrfs_create_subvolume(const char *path);
|
|
|
|
extern int btrfs_remove_subvolume(const char *path);
|
|
|
|
extern int btrfs_is_subvolume(const char *path);
|
|
|
|
extern int is_btrfs(const char *path);
|
2019-01-23 16:17:05 +01:00
|
|
|
#endif
|
2019-01-21 09:32:36 +01:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* basename() renamed to Basename() to avoid libc name space confusion */
|
|
|
|
/* basename.c */
|
2011-09-18 21:02:43 +00:00
|
|
|
extern /*@observer@*/const char *Basename (const char *str);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* chowndir.c */
|
2010-04-04 20:55:46 +00:00
|
|
|
extern int chown_tree (const char *root,
|
|
|
|
uid_t old_uid, uid_t new_uid,
|
|
|
|
gid_t old_gid, gid_t new_gid);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* chowntty.c */
|
2008-11-22 23:56:51 +00:00
|
|
|
extern void chown_tty (const struct passwd *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2008-12-22 21:52:43 +00:00
|
|
|
/* cleanup.c */
|
2011-10-18 20:23:33 +00:00
|
|
|
typedef /*@null@*/void (*cleanup_function) (/*@null@*/void *arg);
|
|
|
|
void add_cleanup (/*@notnull@*/cleanup_function pcf, /*@null@*/void *arg);
|
|
|
|
void del_cleanup (/*@notnull@*/cleanup_function pcf);
|
2008-12-22 21:52:43 +00:00
|
|
|
void do_cleanups (void);
|
|
|
|
|
|
|
|
/* cleanup_group.c */
|
|
|
|
struct cleanup_info_mod {
|
|
|
|
char *audit_msg;
|
|
|
|
char *action;
|
2011-09-18 21:02:43 +00:00
|
|
|
/*@observer@*/const char *name;
|
2008-12-22 21:52:43 +00:00
|
|
|
};
|
|
|
|
void cleanup_report_add_group (void *group_name);
|
|
|
|
void cleanup_report_add_group_group (void *group_name);
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
void cleanup_report_add_group_gshadow (void *group_name);
|
|
|
|
#endif
|
|
|
|
void cleanup_report_del_group (void *group_name);
|
|
|
|
void cleanup_report_del_group_group (void *group_name);
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
void cleanup_report_del_group_gshadow (void *group_name);
|
|
|
|
#endif
|
|
|
|
void cleanup_report_mod_passwd (void *cleanup_info);
|
|
|
|
void cleanup_report_mod_group (void *cleanup_info);
|
|
|
|
void cleanup_report_mod_gshadow (void *cleanup_info);
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
void cleanup_unlock_group (/*@null@*/void *unused);
|
2008-12-22 21:52:43 +00:00
|
|
|
#ifdef SHADOWGRP
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
void cleanup_unlock_gshadow (/*@null@*/void *unused);
|
2008-12-22 21:52:43 +00:00
|
|
|
#endif
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
void cleanup_unlock_passwd (/*@null@*/void *unused);
|
2008-12-22 21:52:43 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* console.c */
|
2008-06-10 20:02:47 +00:00
|
|
|
extern bool console (const char *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* copydir.c */
|
2008-01-01 14:31:00 +00:00
|
|
|
extern int copy_tree (const char *src_root, const char *dst_root,
|
2010-04-04 20:55:46 +00:00
|
|
|
bool copy_root,
|
2010-08-21 17:31:45 +00:00
|
|
|
bool reset_selinux,
|
2010-04-04 20:55:46 +00:00
|
|
|
uid_t old_uid, uid_t new_uid,
|
|
|
|
gid_t old_gid, gid_t new_gid);
|
2009-04-11 15:34:10 +00:00
|
|
|
|
2021-12-22 15:32:17 +01:00
|
|
|
/* date_to_str.c */
|
|
|
|
extern void date_to_str (size_t size, char buf[size], long date);
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* encrypt.c */
|
2013-08-03 23:07:06 +02:00
|
|
|
extern /*@exposed@*//*@null@*/char *pw_encrypt (const char *, const char *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* entry.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void pw_entry (const char *, struct passwd *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* env.c */
|
2009-04-23 17:43:27 +00:00
|
|
|
extern void addenv (const char *, /*@null@*/const char *);
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void initenv (void);
|
|
|
|
extern void set_env (int, char *const *);
|
|
|
|
extern void sanitize_env (void);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* fields.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void change_field (char *, size_t, const char *);
|
2008-06-14 21:11:19 +00:00
|
|
|
extern int valid_field (const char *, const char *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2008-06-15 18:33:52 +00:00
|
|
|
/* find_new_gid.c */
|
2009-04-23 17:43:27 +00:00
|
|
|
extern int find_new_gid (bool sys_group,
|
|
|
|
gid_t *gid,
|
|
|
|
/*@null@*/gid_t const *preferred_gid);
|
2008-02-03 16:53:07 +00:00
|
|
|
|
2008-06-15 18:33:52 +00:00
|
|
|
/* find_new_uid.c */
|
2009-04-23 17:43:27 +00:00
|
|
|
extern int find_new_uid (bool sys_user,
|
|
|
|
uid_t *uid,
|
|
|
|
/*@null@*/uid_t const *preferred_uid);
|
2008-06-15 18:33:52 +00:00
|
|
|
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 14:54:22 +02:00
|
|
|
#ifdef ENABLE_SUBIDS
|
2013-01-22 01:15:05 -08:00
|
|
|
/* find_new_sub_gids.c */
|
2020-04-17 16:31:56 -05:00
|
|
|
extern int find_new_sub_gids (gid_t *range_start, unsigned long *range_count);
|
2013-01-22 01:15:05 -08:00
|
|
|
|
|
|
|
/* find_new_sub_uids.c */
|
2020-04-17 16:31:56 -05:00
|
|
|
extern int find_new_sub_uids (uid_t *range_start, unsigned long *range_count);
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 14:54:22 +02:00
|
|
|
#endif /* ENABLE_SUBIDS */
|
2013-01-22 01:15:05 -08:00
|
|
|
|
|
|
|
|
2009-03-08 20:26:56 +00:00
|
|
|
/* get_gid.c */
|
|
|
|
extern int get_gid (const char *gidstr, gid_t *gid);
|
|
|
|
|
2009-04-10 22:34:10 +00:00
|
|
|
/* getgr_nam_gid.c */
|
2011-08-14 13:16:26 +00:00
|
|
|
extern /*@only@*//*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname);
|
2009-04-10 22:34:10 +00:00
|
|
|
|
2007-11-23 20:11:00 +00:00
|
|
|
/* getlong.c */
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern int getlong (const char *numstr, /*@out@*/long int *result);
|
2007-11-23 20:11:00 +00:00
|
|
|
|
2009-04-24 23:35:57 +00:00
|
|
|
/* get_pid.c */
|
|
|
|
extern int get_pid (const char *pidstr, pid_t *pid);
|
|
|
|
|
2008-06-14 21:11:19 +00:00
|
|
|
/* getrange */
|
2022-08-05 17:40:26 +02:00
|
|
|
extern int getrange (const char *range,
|
2009-03-08 20:26:56 +00:00
|
|
|
unsigned long *min, bool *has_min,
|
|
|
|
unsigned long *max, bool *has_max);
|
|
|
|
|
2017-03-15 10:36:21 +00:00
|
|
|
/* gettime.c */
|
2022-01-03 12:43:01 +01:00
|
|
|
extern time_t gettime (void);
|
2017-03-15 10:36:21 +00:00
|
|
|
|
2009-03-08 20:26:56 +00:00
|
|
|
/* get_uid.c */
|
|
|
|
extern int get_uid (const char *uidstr, uid_t *uid);
|
2008-06-14 21:11:19 +00:00
|
|
|
|
2009-04-24 23:35:57 +00:00
|
|
|
/* getulong.c */
|
|
|
|
extern int getulong (const char *numstr, /*@out@*/unsigned long int *result);
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* fputsx.c */
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern /*@null@*/char *fgetsx (/*@returned@*/ /*@out@*/char *, int, FILE *);
|
2007-10-07 11:46:07 +00:00
|
|
|
extern int fputsx (const char *, FILE *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
/* groupio.c */
|
|
|
|
extern void __gr_del_entry (const struct commonio_entry *ent);
|
2009-04-24 23:35:57 +00:00
|
|
|
extern /*@observer@*/const struct commonio_db *__gr_get_db (void);
|
|
|
|
extern /*@dependent@*/ /*@null@*/struct commonio_entry *__gr_get_head (void);
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
extern void __gr_set_changed (void);
|
|
|
|
|
|
|
|
/* groupmem.c */
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct group *__gr_dup (const struct group *grent);
|
2020-08-09 16:44:30 -05:00
|
|
|
extern void gr_free_members (struct group *grent);
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern void gr_free (/*@out@*/ /*@only@*/struct group *grent);
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* hushed.c */
|
2009-04-20 11:48:59 +00:00
|
|
|
extern bool hushed (const char *username);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2007-10-07 11:47:01 +00:00
|
|
|
/* audit_help.c */
|
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
extern int audit_fd;
|
2007-10-07 11:47:22 +00:00
|
|
|
extern void audit_help_open (void);
|
2008-06-13 21:57:47 +00:00
|
|
|
/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
|
|
|
|
#define AUDIT_NO_ID ((unsigned int) -1)
|
2008-09-04 19:35:48 +00:00
|
|
|
typedef enum {
|
|
|
|
SHADOW_AUDIT_FAILURE = 0,
|
|
|
|
SHADOW_AUDIT_SUCCESS = 1} shadow_audit_result;
|
2007-10-07 11:47:22 +00:00
|
|
|
extern void audit_logger (int type, const char *pgname, const char *op,
|
2008-09-04 19:35:48 +00:00
|
|
|
const char *name, unsigned int id,
|
|
|
|
shadow_audit_result result);
|
2008-12-22 21:52:43 +00:00
|
|
|
void audit_logger_message (const char *message, shadow_audit_result result);
|
2007-10-07 11:47:01 +00:00
|
|
|
#endif
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* limits.c */
|
2008-09-06 16:42:41 +00:00
|
|
|
#ifndef USE_PAM
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void setup_limits (const struct passwd *);
|
2008-09-06 16:42:41 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* list.c */
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern /*@only@*/ /*@out@*/char **add_list (/*@returned@*/ /*@only@*/char **, const char *);
|
|
|
|
extern /*@only@*/ /*@out@*/char **del_list (/*@returned@*/ /*@only@*/char **, const char *);
|
* libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c,
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
libmisc/loginprompt.c, libmisc/ttytype.c,
libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
lib/commonio.c, lib/commonio.h: Fix some const issues.
* libmisc/motd.c: Avoid multi-statements lines.
* libmisc/motd.c: Support long MOTD_FILE.
* libmisc/list.c, lib/prototypes.h: Revert previous change.
dup_list and is_on_list are used with members as defined for the
group structure, and thus even if the list is not modified, the
list elements cannot be constant strings.
* libmisc/system.c: Avoid C++ comments.
* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
string. Split the Usage string.
* lib/commonio.h: Re-indent.
2010-08-21 15:32:53 +00:00
|
|
|
extern /*@only@*/ /*@out@*/char **dup_list (char *const *);
|
|
|
|
extern bool is_on_list (char *const *list, const char *member);
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern /*@only@*/char **comma_to_list (const char *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2008-01-05 16:44:28 +00:00
|
|
|
/* log.c */
|
2009-04-27 20:15:09 +00:00
|
|
|
extern void dolastlog (
|
|
|
|
struct lastlog *ll,
|
|
|
|
const struct passwd *pw,
|
|
|
|
/*@unique@*/const char *line,
|
|
|
|
/*@unique@*/const char *host);
|
2008-01-05 16:44:28 +00:00
|
|
|
|
2008-03-17 23:04:46 +00:00
|
|
|
/* login_nopam.c */
|
|
|
|
extern int login_access (const char *user, const char *from);
|
|
|
|
|
2008-01-05 16:44:28 +00:00
|
|
|
/* loginprompt.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void login_prompt (const char *, char *, int);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* mail.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void mailcheck (void);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* motd.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void motd (void);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* myname.c */
|
2011-08-15 09:25:58 +00:00
|
|
|
extern /*@null@*//*@only@*/struct passwd *get_my_pwent (void);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
subids: support nsswitch
Closes #154
When starting any operation to do with subuid delegation, check
nsswitch for a module to use. If none is specified, then use
the traditional /etc/subuid and /etc/subgid files.
Currently only one module is supported, and there is no fallback
to the files on errors. Several possibilities could be considered:
1. in case of connection error, fall back to files
2. in case of unknown user, also fall back to files
etc...
When non-files nss module is used, functions to edit the range
are not supported. It may make sense to support it, but it also
may make sense to require another tool to be used.
libsubordinateio also uses the nss_ helpers. This is how for instance
lxc could easily be converted to supporting nsswitch.
Add a set of test cases, including a dummy libsubid_zzz module. This
hardcodes values such that:
'ubuntu' gets 200000 - 300000
'user1' gets 100000 - 165536
'error' emulates an nss module error
'unknown' emulates a user unknown to the nss module
'conn' emulates a connection error ot the nss module
Changes to libsubid:
Change the list_owner_ranges api: return a count instead of making the array
null terminated.
This is a breaking change, so bump the libsubid abi major number.
Rename free_subuid_range and free_subgid_range to ungrant_subuid_range,
because otherwise it's confusing with free_subid_ranges which frees
memory.
Run libsubid tests in jenkins
Switch argument order in find_subid_owners
Move the db locking into subordinateio.c
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-31 17:38:20 -06:00
|
|
|
/* nss.c */
|
|
|
|
#include <libsubid/subid.h>
|
2022-01-03 12:49:02 +01:00
|
|
|
extern void nss_init(const char *nsswitch_path);
|
2022-01-03 12:43:01 +01:00
|
|
|
extern bool nss_is_initialized(void);
|
subids: support nsswitch
Closes #154
When starting any operation to do with subuid delegation, check
nsswitch for a module to use. If none is specified, then use
the traditional /etc/subuid and /etc/subgid files.
Currently only one module is supported, and there is no fallback
to the files on errors. Several possibilities could be considered:
1. in case of connection error, fall back to files
2. in case of unknown user, also fall back to files
etc...
When non-files nss module is used, functions to edit the range
are not supported. It may make sense to support it, but it also
may make sense to require another tool to be used.
libsubordinateio also uses the nss_ helpers. This is how for instance
lxc could easily be converted to supporting nsswitch.
Add a set of test cases, including a dummy libsubid_zzz module. This
hardcodes values such that:
'ubuntu' gets 200000 - 300000
'user1' gets 100000 - 165536
'error' emulates an nss module error
'unknown' emulates a user unknown to the nss module
'conn' emulates a connection error ot the nss module
Changes to libsubid:
Change the list_owner_ranges api: return a count instead of making the array
null terminated.
This is a breaking change, so bump the libsubid abi major number.
Rename free_subuid_range and free_subgid_range to ungrant_subuid_range,
because otherwise it's confusing with free_subid_ranges which frees
memory.
Run libsubid tests in jenkins
Switch argument order in find_subid_owners
Move the db locking into subordinateio.c
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-31 17:38:20 -06:00
|
|
|
|
|
|
|
struct subid_nss_ops {
|
|
|
|
/*
|
|
|
|
* nss_has_range: does a user own a given subid range
|
|
|
|
*
|
|
|
|
* @owner: username
|
|
|
|
* @start: first subid in queried range
|
|
|
|
* @count: number of subids in queried range
|
|
|
|
* @idtype: subuid or subgid
|
|
|
|
* @result: true if @owner has been allocated the subid range.
|
|
|
|
*
|
|
|
|
* returns success if the module was able to determine an answer (true or false),
|
|
|
|
* else an error status.
|
|
|
|
*/
|
|
|
|
enum subid_status (*has_range)(const char *owner, unsigned long start, unsigned long count, enum subid_type idtype, bool *result);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* nss_list_owner_ranges: list the subid ranges delegated to a user.
|
|
|
|
*
|
|
|
|
* @owner - string representing username being queried
|
|
|
|
* @id_type - subuid or subgid
|
2021-05-22 12:16:50 -05:00
|
|
|
* @ranges - pointer to an array of struct subid_range, or NULL. The
|
|
|
|
* returned array must be freed by the caller.
|
subids: support nsswitch
Closes #154
When starting any operation to do with subuid delegation, check
nsswitch for a module to use. If none is specified, then use
the traditional /etc/subuid and /etc/subgid files.
Currently only one module is supported, and there is no fallback
to the files on errors. Several possibilities could be considered:
1. in case of connection error, fall back to files
2. in case of unknown user, also fall back to files
etc...
When non-files nss module is used, functions to edit the range
are not supported. It may make sense to support it, but it also
may make sense to require another tool to be used.
libsubordinateio also uses the nss_ helpers. This is how for instance
lxc could easily be converted to supporting nsswitch.
Add a set of test cases, including a dummy libsubid_zzz module. This
hardcodes values such that:
'ubuntu' gets 200000 - 300000
'user1' gets 100000 - 165536
'error' emulates an nss module error
'unknown' emulates a user unknown to the nss module
'conn' emulates a connection error ot the nss module
Changes to libsubid:
Change the list_owner_ranges api: return a count instead of making the array
null terminated.
This is a breaking change, so bump the libsubid abi major number.
Rename free_subuid_range and free_subgid_range to ungrant_subuid_range,
because otherwise it's confusing with free_subid_ranges which frees
memory.
Run libsubid tests in jenkins
Switch argument order in find_subid_owners
Move the db locking into subordinateio.c
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-31 17:38:20 -06:00
|
|
|
* @count - pointer to an integer into which the number of returned ranges
|
|
|
|
* is written.
|
|
|
|
|
|
|
|
* returns success if the module was able to determine an answer,
|
|
|
|
* else an error status.
|
|
|
|
*/
|
2021-05-22 12:16:50 -05:00
|
|
|
enum subid_status (*list_owner_ranges)(const char *owner, enum subid_type id_type, struct subid_range **ranges, int *count);
|
subids: support nsswitch
Closes #154
When starting any operation to do with subuid delegation, check
nsswitch for a module to use. If none is specified, then use
the traditional /etc/subuid and /etc/subgid files.
Currently only one module is supported, and there is no fallback
to the files on errors. Several possibilities could be considered:
1. in case of connection error, fall back to files
2. in case of unknown user, also fall back to files
etc...
When non-files nss module is used, functions to edit the range
are not supported. It may make sense to support it, but it also
may make sense to require another tool to be used.
libsubordinateio also uses the nss_ helpers. This is how for instance
lxc could easily be converted to supporting nsswitch.
Add a set of test cases, including a dummy libsubid_zzz module. This
hardcodes values such that:
'ubuntu' gets 200000 - 300000
'user1' gets 100000 - 165536
'error' emulates an nss module error
'unknown' emulates a user unknown to the nss module
'conn' emulates a connection error ot the nss module
Changes to libsubid:
Change the list_owner_ranges api: return a count instead of making the array
null terminated.
This is a breaking change, so bump the libsubid abi major number.
Rename free_subuid_range and free_subgid_range to ungrant_subuid_range,
because otherwise it's confusing with free_subid_ranges which frees
memory.
Run libsubid tests in jenkins
Switch argument order in find_subid_owners
Move the db locking into subordinateio.c
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-31 17:38:20 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* nss_find_subid_owners: find uids who own a given subuid or subgid.
|
|
|
|
*
|
|
|
|
* @id - the delegated id (subuid or subgid) being queried
|
|
|
|
* @id_type - subuid or subgid
|
|
|
|
* @uids - pointer to an array of uids which will be allocated by
|
|
|
|
* nss_find_subid_owners()
|
|
|
|
* @count - number of uids found
|
|
|
|
*
|
|
|
|
* returns success if the module was able to determine an answer,
|
|
|
|
* else an error status.
|
|
|
|
*/
|
|
|
|
enum subid_status (*find_subid_owners)(unsigned long id, enum subid_type id_type, uid_t **uids, int *count);
|
|
|
|
|
|
|
|
/* The dlsym handle to close */
|
|
|
|
void *handle;
|
|
|
|
};
|
|
|
|
|
2022-01-03 12:43:01 +01:00
|
|
|
extern struct subid_nss_ops *get_subid_nss_handle(void);
|
subids: support nsswitch
Closes #154
When starting any operation to do with subuid delegation, check
nsswitch for a module to use. If none is specified, then use
the traditional /etc/subuid and /etc/subgid files.
Currently only one module is supported, and there is no fallback
to the files on errors. Several possibilities could be considered:
1. in case of connection error, fall back to files
2. in case of unknown user, also fall back to files
etc...
When non-files nss module is used, functions to edit the range
are not supported. It may make sense to support it, but it also
may make sense to require another tool to be used.
libsubordinateio also uses the nss_ helpers. This is how for instance
lxc could easily be converted to supporting nsswitch.
Add a set of test cases, including a dummy libsubid_zzz module. This
hardcodes values such that:
'ubuntu' gets 200000 - 300000
'user1' gets 100000 - 165536
'error' emulates an nss module error
'unknown' emulates a user unknown to the nss module
'conn' emulates a connection error ot the nss module
Changes to libsubid:
Change the list_owner_ranges api: return a count instead of making the array
null terminated.
This is a breaking change, so bump the libsubid abi major number.
Rename free_subuid_range and free_subgid_range to ungrant_subuid_range,
because otherwise it's confusing with free_subid_ranges which frees
memory.
Run libsubid tests in jenkins
Switch argument order in find_subid_owners
Move the db locking into subordinateio.c
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-31 17:38:20 -06:00
|
|
|
|
|
|
|
|
2017-10-22 20:24:32 +00:00
|
|
|
/* pam_pass_non_interactive.c */
|
2009-05-09 13:15:38 +00:00
|
|
|
#ifdef USE_PAM
|
2017-10-22 20:24:32 +00:00
|
|
|
extern int do_pam_passwd_non_interactive (const char *pam_service,
|
2009-05-09 13:15:25 +00:00
|
|
|
const char *username,
|
2009-05-09 13:15:38 +00:00
|
|
|
const char* password);
|
|
|
|
#endif /* USE_PAM */
|
2009-04-28 20:06:46 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* obscure.c */
|
2008-09-06 16:42:41 +00:00
|
|
|
#ifndef USE_PAM
|
2010-08-22 12:49:07 +00:00
|
|
|
extern bool obscure (const char *, const char *, const struct passwd *);
|
2008-09-06 16:42:41 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* pam_pass.c */
|
2008-09-06 16:42:41 +00:00
|
|
|
#ifdef USE_PAM
|
2008-05-26 08:56:34 +00:00
|
|
|
extern void do_pam_passwd (const char *user, bool silent, bool change_expired);
|
2008-09-06 16:42:41 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* port.c */
|
2008-06-10 20:02:47 +00:00
|
|
|
extern bool isttytime (const char *, const char *, time_t);
|
2016-05-15 15:49:39 +02:00
|
|
|
|
|
|
|
/* prefix_flag.c */
|
|
|
|
extern const char* process_prefix_flag (const char* short_opt, int argc, char **argv);
|
|
|
|
extern struct group *prefix_getgrnam(const char *name);
|
|
|
|
extern struct group *prefix_getgrgid(gid_t gid);
|
|
|
|
extern struct passwd *prefix_getpwuid(uid_t uid);
|
|
|
|
extern struct passwd *prefix_getpwnam(const char* name);
|
|
|
|
extern struct spwd *prefix_getspnam(const char* name);
|
|
|
|
extern struct group *prefix_getgr_nam_gid(const char *grname);
|
2022-01-03 12:43:01 +01:00
|
|
|
extern void prefix_setpwent(void);
|
|
|
|
extern struct passwd* prefix_getpwent(void);
|
|
|
|
extern void prefix_endpwent(void);
|
|
|
|
extern void prefix_setgrent(void);
|
|
|
|
extern struct group* prefix_getgrent(void);
|
|
|
|
extern void prefix_endgrent(void);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* pwd2spwd.c */
|
2009-04-10 22:34:29 +00:00
|
|
|
#ifndef USE_PAM
|
2007-10-07 11:46:07 +00:00
|
|
|
extern struct spwd *pwd_to_spwd (const struct passwd *);
|
2009-04-05 22:29:42 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* pwdcheck.c */
|
2008-09-06 16:42:41 +00:00
|
|
|
#ifndef USE_PAM
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void passwd_check (const char *, const char *, const char *);
|
2008-09-06 16:42:41 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* pwd_init.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void pwd_init (void);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
/* pwio.c */
|
|
|
|
extern void __pw_del_entry (const struct commonio_entry *ent);
|
|
|
|
extern struct commonio_db *__pw_get_db (void);
|
2009-04-24 23:35:57 +00:00
|
|
|
extern /*@dependent@*/ /*@null@*/struct commonio_entry *__pw_get_head (void);
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
|
|
|
|
/* pwmem.c */
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct passwd *__pw_dup (const struct passwd *pwent);
|
|
|
|
extern void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent);
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
|
2022-12-30 19:46:09 +01:00
|
|
|
/* csrand.c */
|
|
|
|
unsigned long csrand (void);
|
Add csrand_uniform()
This API is similar to arc4random_uniform(3). However, for an input of
0, this function is equivalent to csrand(), while arc4random_uniform(0)
returns 0.
This function will be used to reimplement csrand_interval() as a wrapper
around this one.
The current implementation of csrand_interval() doesn't produce very good
random numbers. It has a bias. And that comes from performing some
unnecessary floating-point calculations that overcomplicate the problem.
Looping until the random number hits within bounds is unbiased, and
truncating unwanted bits makes the overhead of the loop very small.
We could reduce loop overhead even more, by keeping unused bits of the
random number, if the width of the mask is not greater than
ULONG_WIDTH/2, however, that complicates the code considerably, and I
prefer to be a bit slower but have simple code.
BTW, Björn really deserves the copyright for csrand() (previously known
as read_random_bytes()), since he rewrote it almost from scratch last
year, and I kept most of its contents. Since he didn't put himself in
the copyright back then, and BSD-3-Clause doesn't allow me to attribute
derived works, I won't add his name, but if he asks, he should be put in
the copyright too.
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Cristian Rodríguez <crrodriguez@opensuse.org>
Cc: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: Björn Esser <besser82@fedoraproject.org>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Cc: Joseph Myers <joseph@codesourcery.com>
Cc: Sam James <sam@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2022-12-30 19:46:09 +01:00
|
|
|
unsigned long csrand_uniform (unsigned long n);
|
2022-12-30 19:46:09 +01:00
|
|
|
unsigned long csrand_interval (unsigned long min, unsigned long max);
|
2022-12-30 19:46:09 +01:00
|
|
|
|
2010-03-30 21:54:29 +00:00
|
|
|
/* remove_tree.c */
|
|
|
|
extern int remove_tree (const char *root, bool remove_root);
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* rlogin.c */
|
2008-06-13 21:57:47 +00:00
|
|
|
extern int do_rlogin (const char *remote_host, char *name, size_t namelen,
|
|
|
|
char *term, size_t termlen);
|
2007-10-07 11:44:14 +00:00
|
|
|
|
2011-11-06 18:37:19 +00:00
|
|
|
/* root_flag.c */
|
|
|
|
extern void process_root_flag (const char* short_opt, int argc, char **argv);
|
|
|
|
|
2007-10-07 11:44:14 +00:00
|
|
|
/* salt.c */
|
2011-08-14 14:37:17 +00:00
|
|
|
extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const char *meth, /*@null@*/void *arg);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2011-12-09 22:13:02 +00:00
|
|
|
/* selinux.c */
|
2012-01-08 16:04:27 +00:00
|
|
|
#ifdef WITH_SELINUX
|
2021-04-09 18:21:00 +02:00
|
|
|
extern int set_selinux_file_context (const char *dst_name, mode_t mode);
|
2021-10-08 13:13:13 +02:00
|
|
|
extern void reset_selinux_handle (void);
|
2011-12-09 22:13:02 +00:00
|
|
|
extern int reset_selinux_file_context (void);
|
2019-10-15 23:33:54 +02:00
|
|
|
extern int check_selinux_permit (const char *perm_name);
|
2012-01-08 16:04:27 +00:00
|
|
|
#endif
|
2011-12-09 22:13:02 +00:00
|
|
|
|
2011-12-09 21:30:19 +00:00
|
|
|
/* semanage.c */
|
2012-01-08 16:04:27 +00:00
|
|
|
#ifdef WITH_SELINUX
|
2011-12-09 21:30:19 +00:00
|
|
|
extern int set_seuser(const char *login_name, const char *seuser_name);
|
|
|
|
extern int del_seuser(const char *login_name);
|
2012-01-08 16:04:27 +00:00
|
|
|
#endif
|
* NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
safe_system().
* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
lib/Makefile.am: Added helper functions for semanage.
* README, src/useradd.c, src/usermod.c, src/userdel.c,
configure.in: Use libsemanage instead of semanage.
2011-11-17 21:51:07 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* setugid.c */
|
2008-05-26 08:56:34 +00:00
|
|
|
extern int setup_groups (const struct passwd *info);
|
|
|
|
extern int change_uid (const struct passwd *info);
|
2009-04-05 22:29:42 +00:00
|
|
|
#if (defined HAVE_INITGROUPS) && (! defined USE_PAM)
|
2008-05-26 08:56:34 +00:00
|
|
|
extern int setup_uid_gid (const struct passwd *info, bool is_console);
|
2009-04-05 22:29:42 +00:00
|
|
|
#else
|
|
|
|
extern int setup_uid_gid (const struct passwd *info);
|
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* setup.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void setup (struct passwd *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* setupenv.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void setup_env (struct passwd *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
/* sgetgrent.c */
|
|
|
|
extern struct group *sgetgrent (const char *buf);
|
|
|
|
|
|
|
|
/* sgetpwent.c */
|
|
|
|
extern struct passwd *sgetpwent (const char *buf);
|
|
|
|
|
2009-04-10 22:35:43 +00:00
|
|
|
/* sgetspent.c */
|
|
|
|
#ifndef HAVE_SGETSPENT
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern struct spwd *sgetspent (const char *string);
|
2009-04-10 22:35:43 +00:00
|
|
|
#endif
|
|
|
|
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
/* sgroupio.c */
|
|
|
|
extern void __sgr_del_entry (const struct commonio_entry *ent);
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent);
|
|
|
|
extern void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent);
|
2009-04-24 23:35:57 +00:00
|
|
|
extern /*@dependent@*/ /*@null@*/struct commonio_entry *__sgr_get_head (void);
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
extern void __sgr_set_changed (void);
|
|
|
|
|
|
|
|
/* shadowio.c */
|
2009-04-24 23:35:57 +00:00
|
|
|
extern /*@dependent@*/ /*@null@*/struct commonio_entry *__spw_get_head (void);
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
extern void __spw_del_entry (const struct commonio_entry *ent);
|
|
|
|
|
|
|
|
/* shadowmem.c */
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct spwd *__spw_dup (const struct spwd *spent);
|
|
|
|
extern void spw_free (/*@out@*/ /*@only@*/struct spwd *spent);
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* shell.c */
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern int shell (const char *file, /*@null@*/const char *arg, char *const envp[]);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2011-09-18 21:02:43 +00:00
|
|
|
/* spawn.c */
|
|
|
|
extern int run_command (const char *cmd, const char *argv[],
|
2011-10-18 20:23:33 +00:00
|
|
|
/*@null@*/const char *envp[], /*@out@*/int *status);
|
2011-09-18 21:02:43 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* strtoday.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern long strtoday (const char *);
|
2007-10-07 11:44:14 +00:00
|
|
|
|
|
|
|
/* suauth.c */
|
2011-06-13 18:26:26 +00:00
|
|
|
extern int check_su_auth (const char *actual_id,
|
|
|
|
const char *wanted_id,
|
|
|
|
bool su_to_root);
|
2007-10-07 11:44:14 +00:00
|
|
|
|
|
|
|
/* sulog.c */
|
2008-05-26 08:56:34 +00:00
|
|
|
extern void sulog (const char *tty,
|
|
|
|
bool success,
|
|
|
|
const char *oldname,
|
|
|
|
const char *name);
|
2007-10-07 11:44:14 +00:00
|
|
|
|
|
|
|
/* sub.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void subsystem (const struct passwd *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* ttytype.c */
|
2007-10-07 11:46:07 +00:00
|
|
|
extern void ttytype (const char *);
|
2007-10-07 11:44:14 +00:00
|
|
|
|
|
|
|
/* tz.c */
|
2008-09-06 16:42:41 +00:00
|
|
|
#ifndef USE_PAM
|
2010-08-22 12:49:07 +00:00
|
|
|
extern /*@observer@*/const char *tz (const char *);
|
2008-09-06 16:42:41 +00:00
|
|
|
#endif
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* ulimit.c */
|
2008-06-15 21:59:41 +00:00
|
|
|
extern int set_filesize_limit (int blocks);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2009-05-18 18:32:17 +00:00
|
|
|
/* user_busy.c */
|
|
|
|
extern int user_busy (const char *name, uid_t uid);
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/* utmp.c */
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
extern /*@null@*/struct utmp *get_current_utmp (void);
|
2009-04-21 22:39:14 +00:00
|
|
|
extern struct utmp *prepare_utmp (const char *name,
|
|
|
|
const char *line,
|
|
|
|
const char *host,
|
* libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
|
|
|
/*@null@*/const struct utmp *ut);
|
2009-04-21 22:39:14 +00:00
|
|
|
extern int setutmp (struct utmp *ut);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* valid.c */
|
2008-06-14 21:11:19 +00:00
|
|
|
extern bool valid (const char *, const struct passwd *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/* xmalloc.c */
|
2022-08-05 17:40:28 +02:00
|
|
|
extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/void *xmalloc (size_t size)
|
2009-04-24 23:35:57 +00:00
|
|
|
/*@ensures MaxSet(result) == (size - 1); @*/;
|
* libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
2010-08-22 19:13:53 +00:00
|
|
|
extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
/* xgetpwnam.c */
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
/* xgetpwuid.c */
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct passwd *xgetpwuid (uid_t);
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
/* xgetgrnam.c */
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct group *xgetgrnam (const char *);
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
/* xgetgrgid.c */
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct group *xgetgrgid (gid_t);
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
/* xgetspnam.c */
|
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
lib/fputsx.c, lib/prototypes.h: Added splint annotations.
* lib/groupio.c: Avoid implicit conversion of pointers to
booleans.
* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
|
|
|
extern /*@null@*/ /*@only@*/struct spwd *xgetspnam(const char *);
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
|
2007-12-26 16:50:38 +00:00
|
|
|
/* yesno.c */
|
2008-05-26 08:56:34 +00:00
|
|
|
extern bool yes_or_no (bool read_only);
|
2007-12-26 16:50:38 +00:00
|
|
|
|
2007-10-07 11:46:07 +00:00
|
|
|
#endif /* _PROTOTYPES_H */
|