2007-10-07 11:44:02 +00:00
|
|
|
/*
|
|
|
|
* Copyright 1989 - 1993, Julianne Frances Haugh
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
2007-10-07 11:44:59 +00:00
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
2007-10-07 11:44:02 +00:00
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2007-11-10 23:46:11 +00:00
|
|
|
#ident "$Id$"
|
2007-10-07 11:47:01 +00:00
|
|
|
|
2007-10-07 11:46:52 +00:00
|
|
|
#include <getopt.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
#include <pwd.h>
|
2007-10-07 11:46:52 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/types.h>
|
2007-10-07 11:44:02 +00:00
|
|
|
#include <time.h>
|
|
|
|
#include "defines.h"
|
2007-10-07 11:46:52 +00:00
|
|
|
#include "exitcodes.h"
|
2007-10-07 11:44:02 +00:00
|
|
|
#include "faillog.h"
|
2007-10-07 11:46:52 +00:00
|
|
|
#include "prototypes.h"
|
2007-10-07 11:47:01 +00:00
|
|
|
/*
|
|
|
|
* Global variables
|
|
|
|
*/
|
2007-10-07 11:44:59 +00:00
|
|
|
static FILE *fail; /* failure file stream */
|
|
|
|
static uid_t user; /* one single user, specified on command line */
|
|
|
|
static int days; /* number of days to consider for print command */
|
|
|
|
static time_t seconds; /* that number of days in seconds */
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
static int
|
2007-10-07 11:44:59 +00:00
|
|
|
aflg = 0, /* set if all users are to be printed always */
|
2007-10-07 11:45:58 +00:00
|
|
|
uflg = 0, /* set if user is a valid user id */
|
|
|
|
tflg = 0; /* print is restricted to most recent days */
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
static struct stat statbuf; /* fstat buffer for file size */
|
|
|
|
|
|
|
|
#define NOW (time((time_t *) 0))
|
|
|
|
|
2007-10-07 11:44:59 +00:00
|
|
|
static void usage (void)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2008-01-24 20:42:12 +00:00
|
|
|
fputs (_("Usage: faillog [options]\n"
|
2008-01-24 20:54:42 +00:00
|
|
|
"\n"
|
|
|
|
"Options:\n"
|
|
|
|
" -a, --all display faillog records for all users\n"
|
|
|
|
" -h, --help display this help message and exit\n"
|
|
|
|
" -l, --lock-time SEC after failed login lock accout to SEC seconds\n"
|
|
|
|
" -m, --maximum MAX set maximum failed login counters to MAX\n"
|
|
|
|
" -r, --reset reset the counters of login failures\n"
|
|
|
|
" -t, --time DAYS display faillog records more recent than DAYS\n"
|
|
|
|
" -u, --user LOGIN display faillog record or maintains failure\n"
|
|
|
|
" counters and limits (if used with -r, -m or -l\n"
|
|
|
|
" options) only for user with LOGIN\n"
|
|
|
|
"\n"), stderr);
|
2007-10-07 11:46:52 +00:00
|
|
|
exit (E_USAGE);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
|
2007-10-07 11:44:59 +00:00
|
|
|
static void print_one (const struct faillog *fl, uid_t uid)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2007-10-07 11:44:59 +00:00
|
|
|
static int once;
|
|
|
|
char *cp;
|
|
|
|
struct tm *tm;
|
2007-10-07 11:44:02 +00:00
|
|
|
time_t now;
|
2007-10-07 11:44:59 +00:00
|
|
|
struct passwd *pwent;
|
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
#ifdef HAVE_STRFTIME
|
|
|
|
char ptime[80];
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (!once) {
|
2008-01-24 20:42:12 +00:00
|
|
|
puts (_("Login Failures Maximum Latest On\n"));
|
2007-10-07 11:44:02 +00:00
|
|
|
once++;
|
|
|
|
}
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
pwent = getpwuid (uid); /* local, no need for xgetpwuid */
|
2007-10-07 11:44:59 +00:00
|
|
|
time (&now);
|
|
|
|
tm = localtime (&fl->fail_time);
|
2007-10-07 11:44:02 +00:00
|
|
|
#ifdef HAVE_STRFTIME
|
2007-10-07 11:46:07 +00:00
|
|
|
strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
|
2007-10-07 11:44:02 +00:00
|
|
|
cp = ptime;
|
|
|
|
#endif
|
|
|
|
if (pwent) {
|
2007-10-07 11:46:07 +00:00
|
|
|
printf ("%-9s %5d %5d ",
|
2007-10-07 11:44:02 +00:00
|
|
|
pwent->pw_name, fl->fail_cnt, fl->fail_max);
|
|
|
|
if (fl->fail_time) {
|
2007-10-07 11:46:07 +00:00
|
|
|
printf ("%s %s", cp, fl->fail_line);
|
2007-10-07 11:44:59 +00:00
|
|
|
if (fl->fail_locktime) {
|
|
|
|
if (fl->fail_time + fl->fail_locktime > now
|
|
|
|
&& fl->fail_cnt)
|
|
|
|
printf (_(" [%lds left]"),
|
|
|
|
fl->fail_time +
|
|
|
|
fl->fail_locktime - now);
|
|
|
|
else
|
|
|
|
printf (_(" [%lds lock]"),
|
|
|
|
fl->fail_locktime);
|
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2007-10-07 11:44:59 +00:00
|
|
|
putchar ('\n');
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 11:44:59 +00:00
|
|
|
static int reset_one (uid_t uid)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2007-10-07 11:44:59 +00:00
|
|
|
off_t offset;
|
|
|
|
struct faillog faillog;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
offset = uid * sizeof faillog;
|
2007-10-07 11:44:59 +00:00
|
|
|
if (fstat (fileno (fail), &statbuf)) {
|
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (offset >= statbuf.st_size)
|
|
|
|
return 0;
|
|
|
|
|
2007-10-07 11:45:58 +00:00
|
|
|
if (fseeko (fail, offset, SEEK_SET) != 0) {
|
2007-10-07 11:44:59 +00:00
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2007-10-07 11:44:59 +00:00
|
|
|
if (fread ((char *) &faillog, sizeof faillog, 1, fail) != 1) {
|
|
|
|
if (!feof (fail))
|
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (faillog.fail_cnt == 0)
|
|
|
|
return 1; /* don't fill in no holes ... */
|
|
|
|
|
|
|
|
faillog.fail_cnt = 0;
|
|
|
|
|
2007-10-07 11:45:58 +00:00
|
|
|
if (fseeko (fail, offset, SEEK_SET) == 0
|
2007-10-07 11:44:59 +00:00
|
|
|
&& fwrite ((char *) &faillog, sizeof faillog, 1, fail) == 1) {
|
|
|
|
fflush (fail);
|
2007-10-07 11:44:02 +00:00
|
|
|
return 1;
|
|
|
|
} else {
|
2007-10-07 11:44:59 +00:00
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2007-10-07 11:45:58 +00:00
|
|
|
static void reset (void)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2007-10-07 11:45:58 +00:00
|
|
|
uid_t uid;
|
|
|
|
|
|
|
|
if (uflg)
|
|
|
|
reset_one (user);
|
2008-03-05 00:10:25 +00:00
|
|
|
else {
|
|
|
|
struct passwd *pwent;
|
|
|
|
|
|
|
|
setpwent ();
|
2008-03-17 23:05:59 +00:00
|
|
|
while ( (pwent = getpwent ()) != NULL ) {
|
2008-03-05 00:10:25 +00:00
|
|
|
reset_one (pwent->pw_uid);
|
|
|
|
}
|
Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
2008-04-16 21:52:46 +00:00
|
|
|
endpwent ();
|
2008-03-05 00:10:25 +00:00
|
|
|
}
|
2007-10-07 11:45:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void print (void)
|
|
|
|
{
|
|
|
|
uid_t uid;
|
|
|
|
off_t offset;
|
|
|
|
struct faillog faillog;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
if (uflg) {
|
2007-10-07 11:45:58 +00:00
|
|
|
offset = user * sizeof faillog;
|
|
|
|
if (fstat (fileno (fail), &statbuf)) {
|
|
|
|
perror (FAILLOG_FILE);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (offset >= statbuf.st_size)
|
|
|
|
return;
|
|
|
|
|
|
|
|
fseeko (fail, (off_t) user * sizeof faillog, SEEK_SET);
|
2007-10-07 11:46:07 +00:00
|
|
|
if (fread ((char *) &faillog, sizeof faillog, 1, fail) == 1)
|
2007-10-07 11:45:58 +00:00
|
|
|
print_one (&faillog, user);
|
|
|
|
else
|
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
} else {
|
2007-10-07 11:45:58 +00:00
|
|
|
for (uid = 0;
|
|
|
|
fread ((char *) &faillog, sizeof faillog, 1,
|
|
|
|
fail) == 1; uid++) {
|
|
|
|
|
|
|
|
if (aflg == 0 && faillog.fail_cnt == 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (aflg == 0 && tflg &&
|
|
|
|
NOW - faillog.fail_time > seconds)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (aflg && faillog.fail_time == 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
print_one (&faillog, uid);
|
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 11:44:59 +00:00
|
|
|
static void setmax_one (uid_t uid, int max)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2007-10-07 11:44:59 +00:00
|
|
|
off_t offset;
|
|
|
|
struct faillog faillog;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
offset = uid * sizeof faillog;
|
|
|
|
|
2007-10-07 11:45:58 +00:00
|
|
|
if (fseeko (fail, offset, SEEK_SET) != 0) {
|
2007-10-07 11:44:59 +00:00
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
return;
|
|
|
|
}
|
2007-10-07 11:44:59 +00:00
|
|
|
if (fread ((char *) &faillog, sizeof faillog, 1, fail) != 1) {
|
|
|
|
if (!feof (fail))
|
|
|
|
perror (FAILLOG_FILE);
|
|
|
|
memzero (&faillog, sizeof faillog);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
faillog.fail_max = max;
|
|
|
|
|
2007-10-07 11:45:58 +00:00
|
|
|
if (fseeko (fail, offset, SEEK_SET) == 0
|
2007-10-07 11:44:59 +00:00
|
|
|
&& fwrite ((char *) &faillog, sizeof faillog, 1, fail) == 1)
|
|
|
|
fflush (fail);
|
2007-10-07 11:44:02 +00:00
|
|
|
else
|
2007-10-07 11:44:59 +00:00
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
|
2007-10-07 11:45:58 +00:00
|
|
|
static void setmax (int max)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2007-10-07 11:44:59 +00:00
|
|
|
struct passwd *pwent;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
if (uflg) {
|
2007-10-07 11:45:58 +00:00
|
|
|
setmax_one (user, max);
|
2007-10-07 11:44:02 +00:00
|
|
|
} else {
|
2007-10-07 11:44:59 +00:00
|
|
|
setpwent ();
|
Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
2008-04-16 21:52:46 +00:00
|
|
|
while ( (pwent = getpwent ()) != NULL ) {
|
2007-10-07 11:45:58 +00:00
|
|
|
setmax_one (pwent->pw_uid, max);
|
Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
2008-04-16 21:52:46 +00:00
|
|
|
}
|
|
|
|
endpwent ();
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 11:44:59 +00:00
|
|
|
static void set_locktime_one (uid_t uid, long locktime)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2007-10-07 11:44:59 +00:00
|
|
|
off_t offset;
|
|
|
|
struct faillog faillog;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
offset = uid * sizeof faillog;
|
|
|
|
|
2007-10-07 11:45:58 +00:00
|
|
|
if (fseeko (fail, offset, SEEK_SET) != 0) {
|
2007-10-07 11:44:59 +00:00
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
return;
|
|
|
|
}
|
2007-10-07 11:44:59 +00:00
|
|
|
if (fread ((char *) &faillog, sizeof faillog, 1, fail) != 1) {
|
|
|
|
if (!feof (fail))
|
|
|
|
perror (FAILLOG_FILE);
|
|
|
|
memzero (&faillog, sizeof faillog);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
faillog.fail_locktime = locktime;
|
|
|
|
|
2007-10-07 11:45:58 +00:00
|
|
|
if (fseeko (fail, offset, SEEK_SET) == 0
|
2007-10-07 11:44:59 +00:00
|
|
|
&& fwrite ((char *) &faillog, sizeof faillog, 1, fail) == 1)
|
|
|
|
fflush (fail);
|
2007-10-07 11:44:02 +00:00
|
|
|
else
|
2007-10-07 11:44:59 +00:00
|
|
|
perror (FAILLOG_FILE);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2007-10-07 11:45:58 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX - this needs to be written properly some day, right now it is
|
|
|
|
* a quick cut-and-paste hack from the above two functions. --marekm
|
|
|
|
*/
|
|
|
|
static void set_locktime (long locktime)
|
|
|
|
{
|
|
|
|
struct passwd *pwent;
|
|
|
|
|
|
|
|
if (uflg) {
|
|
|
|
set_locktime_one (user, locktime);
|
|
|
|
} else {
|
|
|
|
setpwent ();
|
Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
2008-04-16 21:52:46 +00:00
|
|
|
while ( (pwent = getpwent ()) != NULL ) {
|
2007-10-07 11:45:58 +00:00
|
|
|
set_locktime_one (pwent->pw_uid, locktime);
|
Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
2008-04-16 21:52:46 +00:00
|
|
|
}
|
|
|
|
endpwent ();
|
2007-10-07 11:45:58 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int main (int argc, char **argv)
|
|
|
|
{
|
|
|
|
int anyflag = 0;
|
|
|
|
|
|
|
|
setlocale (LC_ALL, "");
|
|
|
|
bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
|
textdomain (PACKAGE);
|
|
|
|
|
|
|
|
/* try to open for read/write, if that fails - read only */
|
|
|
|
fail = fopen (FAILLOG_FILE, "r+");
|
|
|
|
if (!fail)
|
|
|
|
fail = fopen (FAILLOG_FILE, "r");
|
|
|
|
if (!fail) {
|
|
|
|
perror (FAILLOG_FILE);
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
int option_index = 0;
|
|
|
|
int c;
|
|
|
|
static struct option long_options[] = {
|
2007-10-07 11:46:07 +00:00
|
|
|
{"all", no_argument, NULL, 'a'},
|
2007-10-07 11:45:58 +00:00
|
|
|
{"help", no_argument, NULL, 'h'},
|
2007-10-07 11:47:45 +00:00
|
|
|
{"lock-secs", required_argument, NULL, 'l'},
|
|
|
|
{"maximum", required_argument, NULL, 'm'},
|
2007-10-07 11:45:58 +00:00
|
|
|
{"reset", no_argument, NULL, 'r'},
|
2007-10-07 11:47:45 +00:00
|
|
|
{"time", required_argument, NULL, 't'},
|
|
|
|
{"user", required_argument, NULL, 'u'},
|
2007-10-07 11:45:58 +00:00
|
|
|
{NULL, 0, NULL, '\0'}
|
|
|
|
};
|
|
|
|
|
|
|
|
while ((c =
|
|
|
|
getopt_long (argc, argv, "ahl:m:rt:u:",
|
|
|
|
long_options, &option_index)) != -1) {
|
2007-10-07 11:46:07 +00:00
|
|
|
switch (c) {
|
2007-10-07 11:45:58 +00:00
|
|
|
case 'a':
|
|
|
|
aflg++;
|
|
|
|
if (uflg)
|
|
|
|
usage ();
|
|
|
|
break;
|
2007-10-07 11:46:07 +00:00
|
|
|
case 'h':
|
|
|
|
usage ();
|
|
|
|
break;
|
2007-10-07 11:45:58 +00:00
|
|
|
case 'l':
|
|
|
|
set_locktime ((long) atoi (optarg));
|
|
|
|
anyflag++;
|
|
|
|
break;
|
|
|
|
case 'm':
|
|
|
|
setmax (atoi (optarg));
|
|
|
|
anyflag++;
|
|
|
|
break;
|
|
|
|
case 'r':
|
|
|
|
reset ();
|
|
|
|
anyflag++;
|
|
|
|
break;
|
2007-10-07 11:46:07 +00:00
|
|
|
case 't':
|
|
|
|
days = atoi (optarg);
|
|
|
|
seconds = days * DAY;
|
|
|
|
tflg++;
|
|
|
|
break;
|
2007-10-07 11:45:58 +00:00
|
|
|
case 'u':
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
{
|
|
|
|
struct passwd *pwent;
|
2007-10-07 11:45:58 +00:00
|
|
|
if (aflg)
|
|
|
|
usage ();
|
|
|
|
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
/* local, no need for xgetpwnam */
|
2007-10-07 11:45:58 +00:00
|
|
|
pwent = getpwnam (optarg);
|
|
|
|
if (!pwent) {
|
2007-10-07 11:46:07 +00:00
|
|
|
fprintf (stderr,
|
|
|
|
_("Unknown User: %s\n"),
|
2007-10-07 11:45:58 +00:00
|
|
|
optarg);
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
uflg++;
|
|
|
|
user = pwent->pw_uid;
|
|
|
|
break;
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-18 23:15:26 +00:00
|
|
|
}
|
2007-10-07 11:45:58 +00:00
|
|
|
default:
|
|
|
|
usage ();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* no flags implies -a -p (= print information for all users) */
|
|
|
|
if (!(anyflag || aflg || tflg || uflg))
|
|
|
|
aflg++;
|
|
|
|
/* (-a or -t days or -u user) and no other flags implies -p
|
|
|
|
(= print information for selected users) */
|
|
|
|
if (!anyflag && (aflg || tflg || uflg))
|
|
|
|
print ();
|
|
|
|
fclose (fail);
|
2007-10-07 11:46:52 +00:00
|
|
|
|
|
|
|
exit (E_SUCCESS);
|
2007-10-07 11:45:58 +00:00
|
|
|
}
|