emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

[svn-upgrade] Integrating new upstream version, shadow (4.0.15)

Browse Source
This commit is contained in:
nekral-guest
2007-10-07 11:47:22 +00:00
parent 24178ad677
commit 591830e43b
236 changed files with 9504 additions and 3729 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/Makefile.am
View File

@@ -23,6 +23,7 @@ INCLUDES = \
bin_PROGRAMS = groups login su
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
usbin_PROGRAMS = \
chgpasswd \
chpasswd \
groupadd \
groupdel \
@@ -51,29 +52,37 @@ LDADD = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\"
chage_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
chfn_LDADD = $(LDADD) $(LIBPAM)
chsh_LDADD = $(LDADD) $(LIBPAM)
chpasswd_LDADD = $(LDADD) $(LIBPAM)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT)
groupadd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
groupdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
groupmod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
login_SOURCES = \
chage_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
chgpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
groupadd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
groupdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
groupmod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
login_SOURCES = \
login.c \
login_nopam.c
login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
newusers_LDADD = $(LDADD) $(LIBPAM)
newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
nologin_LDADD =
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT)
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX)
pwck_LDADD = $(LDADD) $(LIBSELINUX)
pwconv_LDADD = $(LDADD) $(LIBSELINUX)
pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
su_SOURCES = \
su.c \
suauth.c
su_LDADD = $(LDADD) $(LIBPAM)
useradd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
userdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
usermod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
useradd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
userdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
usermod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
vipw_LDADD = $(LDADD) $(LIBSELINUX)
install-am: all-am
$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am

129
src/Makefile.in
View File

@@ -40,12 +40,13 @@ bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) su$(EXEEXT)
ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \
chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \
newgrp$(EXEEXT) passwd$(EXEEXT)
usbin_PROGRAMS = chpasswd$(EXEEXT) groupadd$(EXEEXT) groupdel$(EXEEXT) \
groupmod$(EXEEXT) grpck$(EXEEXT) grpconv$(EXEEXT) \
grpunconv$(EXEEXT) logoutd$(EXEEXT) newusers$(EXEEXT) \
nologin$(EXEEXT) pwck$(EXEEXT) pwconv$(EXEEXT) \
pwunconv$(EXEEXT) useradd$(EXEEXT) userdel$(EXEEXT) \
usermod$(EXEEXT) vipw$(EXEEXT)
usbin_PROGRAMS = chgpasswd$(EXEEXT) chpasswd$(EXEEXT) \
groupadd$(EXEEXT) groupdel$(EXEEXT) groupmod$(EXEEXT) \
grpck$(EXEEXT) grpconv$(EXEEXT) grpunconv$(EXEEXT) \
logoutd$(EXEEXT) newusers$(EXEEXT) nologin$(EXEEXT) \
pwck$(EXEEXT) pwconv$(EXEEXT) pwunconv$(EXEEXT) \
useradd$(EXEEXT) userdel$(EXEEXT) usermod$(EXEEXT) \
vipw$(EXEEXT)
noinst_PROGRAMS = id$(EXEEXT) sulogin$(EXEEXT)
subdir = src
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
@@ -70,16 +71,23 @@ am__DEPENDENCIES_1 = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
am__DEPENDENCIES_2 =
chage_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2)
chfn_SOURCES = chfn.c
chfn_OBJECTS = chfn.$(OBJEXT)
chfn_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
chfn_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
chgpasswd_SOURCES = chgpasswd.c
chgpasswd_OBJECTS = chgpasswd.$(OBJEXT)
chgpasswd_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
chpasswd_SOURCES = chpasswd.c
chpasswd_OBJECTS = chpasswd.$(OBJEXT)
chpasswd_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
chpasswd_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
chsh_SOURCES = chsh.c
chsh_OBJECTS = chsh.$(OBJEXT)
chsh_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
chsh_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
expiry_SOURCES = expiry.c
expiry_OBJECTS = expiry.$(OBJEXT)
expiry_LDADD = $(LDADD)
@@ -92,19 +100,20 @@ faillog_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
gpasswd_SOURCES = gpasswd.c
gpasswd_OBJECTS = gpasswd.$(OBJEXT)
gpasswd_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
gpasswd_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
groupadd_SOURCES = groupadd.c
groupadd_OBJECTS = groupadd.$(OBJEXT)
groupadd_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2)
groupdel_SOURCES = groupdel.c
groupdel_OBJECTS = groupdel.$(OBJEXT)
groupdel_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2)
groupmod_SOURCES = groupmod.c
groupmod_OBJECTS = groupmod.$(OBJEXT)
groupmod_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2)
groups_SOURCES = groups.c
groups_OBJECTS = groups.$(OBJEXT)
groups_LDADD = $(LDADD)
@@ -112,19 +121,13 @@ groups_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
grpck_SOURCES = grpck.c
grpck_OBJECTS = grpck.$(OBJEXT)
grpck_LDADD = $(LDADD)
grpck_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
grpck_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
grpconv_SOURCES = grpconv.c
grpconv_OBJECTS = grpconv.$(OBJEXT)
grpconv_LDADD = $(LDADD)
grpconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
grpconv_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
grpunconv_SOURCES = grpunconv.c
grpunconv_OBJECTS = grpunconv.$(OBJEXT)
grpunconv_LDADD = $(LDADD)
grpunconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
grpunconv_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
id_SOURCES = id.c
id_OBJECTS = id.$(OBJEXT)
id_LDADD = $(LDADD)
@@ -150,29 +153,25 @@ newgrp_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
newusers_SOURCES = newusers.c
newusers_OBJECTS = newusers.$(OBJEXT)
newusers_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
newusers_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
nologin_SOURCES = nologin.c
nologin_OBJECTS = nologin.$(OBJEXT)
nologin_DEPENDENCIES =
passwd_SOURCES = passwd.c
passwd_OBJECTS = passwd.$(OBJEXT)
passwd_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2)
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
pwck_SOURCES = pwck.c
pwck_OBJECTS = pwck.$(OBJEXT)
pwck_LDADD = $(LDADD)
pwck_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
pwck_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
pwconv_SOURCES = pwconv.c
pwconv_OBJECTS = pwconv.$(OBJEXT)
pwconv_LDADD = $(LDADD)
pwconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
pwconv_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
pwunconv_SOURCES = pwunconv.c
pwunconv_OBJECTS = pwunconv.$(OBJEXT)
pwunconv_LDADD = $(LDADD)
pwunconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
pwunconv_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
am_su_OBJECTS = su.$(OBJEXT) suauth.$(OBJEXT)
su_OBJECTS = $(am_su_OBJECTS)
su_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
@@ -184,20 +183,18 @@ sulogin_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
useradd_SOURCES = useradd.c
useradd_OBJECTS = useradd.$(OBJEXT)
useradd_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2)
userdel_SOURCES = userdel.c
userdel_OBJECTS = userdel.$(OBJEXT)
userdel_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2)
usermod_SOURCES = usermod.c
usermod_OBJECTS = usermod.$(OBJEXT)
usermod_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_2)
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_2)
vipw_SOURCES = vipw.c
vipw_OBJECTS = vipw.$(OBJEXT)
vipw_LDADD = $(LDADD)
vipw_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
vipw_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -209,15 +206,15 @@ LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
SOURCES = chage.c chfn.c chpasswd.c chsh.c expiry.c faillog.c \
gpasswd.c groupadd.c groupdel.c groupmod.c groups.c grpck.c \
grpconv.c grpunconv.c id.c lastlog.c $(login_SOURCES) \
SOURCES = chage.c chfn.c chgpasswd.c chpasswd.c chsh.c expiry.c \
faillog.c gpasswd.c groupadd.c groupdel.c groupmod.c groups.c \
grpck.c grpconv.c grpunconv.c id.c lastlog.c $(login_SOURCES) \
logoutd.c newgrp.c newusers.c nologin.c passwd.c pwck.c \
pwconv.c pwunconv.c $(su_SOURCES) sulogin.c useradd.c \
userdel.c usermod.c vipw.c
DIST_SOURCES = chage.c chfn.c chpasswd.c chsh.c expiry.c faillog.c \
gpasswd.c groupadd.c groupdel.c groupmod.c groups.c grpck.c \
grpconv.c grpunconv.c id.c lastlog.c $(login_SOURCES) \
DIST_SOURCES = chage.c chfn.c chgpasswd.c chpasswd.c chsh.c expiry.c \
faillog.c gpasswd.c groupadd.c groupdel.c groupmod.c groups.c \
grpck.c grpconv.c grpunconv.c id.c lastlog.c $(login_SOURCES) \
logoutd.c newgrp.c newusers.c nologin.c passwd.c pwck.c \
pwconv.c pwunconv.c $(su_SOURCES) sulogin.c useradd.c \
userdel.c usermod.c vipw.c
@@ -301,6 +298,8 @@ SHELL = @SHELL@
STRIP = @STRIP@
U = @U@
USE_NLS = @USE_NLS@
USE_NLS_FALSE = @USE_NLS_FALSE@
USE_NLS_TRUE = @USE_NLS_TRUE@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XMLCATALOG = @XMLCATALOG@
@@ -365,31 +364,39 @@ LDADD = $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la
AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\"
chage_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
chfn_LDADD = $(LDADD) $(LIBPAM)
chsh_LDADD = $(LDADD) $(LIBPAM)
chpasswd_LDADD = $(LDADD) $(LIBPAM)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT)
groupadd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
groupdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
groupmod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
chage_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
chgpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX)
groupadd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
groupdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
groupmod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
login_SOURCES = \
login.c \
login_nopam.c
login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
newusers_LDADD = $(LDADD) $(LIBPAM)
newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
nologin_LDADD =
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT)
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX)
pwck_LDADD = $(LDADD) $(LIBSELINUX)
pwconv_LDADD = $(LDADD) $(LIBSELINUX)
pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
su_SOURCES = \
su.c \
suauth.c
su_LDADD = $(LDADD) $(LIBPAM)
useradd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
userdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
usermod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT)
useradd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
userdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
usermod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX)
vipw_LDADD = $(LDADD) $(LIBSELINUX)
all: all-am
.SUFFIXES:
@@ -520,6 +527,9 @@ chage$(EXEEXT): $(chage_OBJECTS) $(chage_DEPENDENCIES)
chfn$(EXEEXT): $(chfn_OBJECTS) $(chfn_DEPENDENCIES)
@rm -f chfn$(EXEEXT)
$(LINK) $(chfn_LDFLAGS) $(chfn_OBJECTS) $(chfn_LDADD) $(LIBS)
chgpasswd$(EXEEXT): $(chgpasswd_OBJECTS) $(chgpasswd_DEPENDENCIES)
@rm -f chgpasswd$(EXEEXT)
$(LINK) $(chgpasswd_LDFLAGS) $(chgpasswd_OBJECTS) $(chgpasswd_LDADD) $(LIBS)
chpasswd$(EXEEXT): $(chpasswd_OBJECTS) $(chpasswd_DEPENDENCIES)
@rm -f chpasswd$(EXEEXT)
$(LINK) $(chpasswd_LDFLAGS) $(chpasswd_OBJECTS) $(chpasswd_LDADD) $(LIBS)
@@ -616,6 +626,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chage.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chfn.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chgpasswd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpasswd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chsh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/expiry.Po@am__quote@

12
src/chage.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: chage.c,v 1.68 2005/12/02 19:42:25 kloczek Exp $"
#ident "$Id: chage.c,v 1.71 2006/02/21 22:44:35 kloczek Exp $"
#include <ctype.h>
#include <fcntl.h>
@@ -235,7 +235,7 @@ static void list_fields (void)
if (lastday < 0) {
printf (_("never\n"));
} else if (lastday == 0) {
printf (_("password must be changed"));
printf (_("password must be changed\n"));
} else {
changed = lastday * SCALE;
print_date (changed);
@@ -337,7 +337,6 @@ static void cleanup (int state)
int main (int argc, char **argv)
{
int flag;
const struct spwd *sp;
struct spwd spwd;
uid_t ruid;
@@ -361,11 +360,10 @@ int main (int argc, char **argv)
textdomain (PACKAGE);
ruid = getuid ();
#ifdef WITH_SELINUX
amroot = (ruid == 0
&& selinux_check_passwd_access (PASSWD__ROOTOK) == 0);
#else
amroot = (ruid == 0);
#ifdef WITH_SELINUX
if (amroot && is_selinux_enabled () > 0)
amroot = (selinux_check_passwd_access (PASSWD__ROOTOK) == 0);
#endif
/*

3
src/chfn.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: chfn.c,v 1.38 2005/10/19 15:21:07 kloczek Exp $"
#ident "$Id: chfn.c,v 1.39 2006/02/21 22:44:35 kloczek Exp $"
#include <fcntl.h>
#include <pwd.h>
@@ -373,6 +373,7 @@ int main (int argc, char **argv)
* check if the change is allowed by SELinux policy.
*/
if ((pw->pw_uid != getuid ())
&& (is_selinux_enabled () > 0)
&& (selinux_check_passwd_access (PASSWD__CHFN) != 0)) {
fprintf (stderr, _("%s: Permission denied.\n"), Prog);
closelog ();

334
src/chgpasswd.c Normal file
View File

@@ -0,0 +1,334 @@
/*
* Copyright 1990 - 1994, Julianne Frances Haugh
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Julianne F. Haugh nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <config.h>
#ident "$Id: chgpasswd.c,v 1.1 2006/03/05 22:12:38 kloczek Exp $"
#include <fcntl.h>
#include <getopt.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#ifdef USE_PAM
#include "pam_defs.h"
#endif /* USE_PAM */
#include "defines.h"
#include "nscd.h"
#include "prototypes.h"
#include "groupio.h"
#include "sgroupio.h"
/*
* Global variables
*/
static char *Prog;
static int eflg = 0;
static int md5flg = 0;
static int is_shadow_pwd;
/* local function prototypes */
static void usage (void);
/*
* usage - display usage message and exit
*/
static void usage (void)
{
fprintf (stderr, _("Usage: chgpasswd [options]\n"
"\n"
"Options:\n"
" -e, --encrypted supplied passwords are encrypted\n"
" -h, --help display this help message and exit\n"
" -m, --md5 use MD5 encryption instead DES when the supplied\n"
" passwords are not encrypted\n"));
exit (1);
}
int main (int argc, char **argv)
{
char buf[BUFSIZ];
char *name;
char *newpwd;
char *cp;
const struct sgrp *sg;
struct sgrp newsg;
const struct group *gr;
struct group newgr;
int errors = 0;
int line = 0;
long now = time ((long *) 0) / (24L * 3600L);
int ok;
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
struct passwd *pampw;
int retval;
#endif
Prog = Basename (argv[0]);
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
{
int option_index = 0;
int c;
static struct option long_options[] = {
{"encrypted", no_argument, NULL, 'e'},
{"help", no_argument, NULL, 'h'},
{"md5", no_argument, NULL, 'm'},
{NULL, 0, NULL, '\0'}
};
while ((c =
getopt_long (argc, argv, "ehm", long_options,
&option_index)) != -1) {
switch (c) {
case 'e':
eflg = 1;
break;
case 'h':
usage ();
break;
case 'm':
md5flg = 1;
break;
case 0:
/* long option */
break;
default:
usage ();
break;
}
}
}
#ifdef USE_PAM
retval = PAM_SUCCESS;
pampw = getpwuid (getuid ());
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
if (retval == PAM_SUCCESS) {
retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh);
}
if (retval == PAM_SUCCESS) {
retval = pam_authenticate (pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end (pamh, retval);
}
}
if (retval == PAM_SUCCESS) {
retval = pam_acct_mgmt (pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end (pamh, retval);
}
}
if (retval != PAM_SUCCESS) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
#endif /* USE_PAM */
/*
* Lock the group file and open it for reading. This will bring
* all of the entries into memory where they may be updated.
*/
if (!gr_lock ()) {
fprintf (stderr, _("%s: can't lock group file\n"), Prog);
exit (1);
}
if (!gr_open (O_RDWR)) {
fprintf (stderr, _("%s: can't open group file\n"), Prog);
gr_unlock ();
exit (1);
}
is_shadow_pwd = sgr_file_present ();
if (is_shadow_pwd) {
if (!sgr_lock ()) {
fprintf (stderr, _("%s: can't lock gshadow file\n"),
Prog);
gr_unlock ();
exit (1);
}
if (!sgr_open (O_RDWR)) {
fprintf (stderr, _("%s: can't open shadow file\n"),
Prog);
gr_unlock ();
sgr_unlock ();
exit (1);
}
}
/*
* Read each line, separating the group name from the password. The
* password entry for each group will be looked up in the appropriate
* file (gshadow or group) and the password changed.
*/
while (fgets (buf, sizeof buf, stdin) != (char *) 0) {
line++;
if ((cp = strrchr (buf, '\n'))) {
*cp = '\0';
} else {
fprintf (stderr, _("%s: line %d: line too long\n"),
Prog, line);
errors++;
continue;
}
/*
* The groupname is the first field. It is separated from the
* password with a ":" character which is replaced with a
* NUL to give the new password. The new password will then
* be encrypted in the normal fashion with a new salt
* generated, unless the '-e' is given, in which case it is
* assumed to already be encrypted.
*/
name = buf;
if ((cp = strchr (name, ':'))) {
*cp++ = '\0';
} else {
fprintf (stderr,
_("%s: line %d: missing new password\n"),
Prog, line);
errors++;
continue;
}
newpwd = cp;
if (!eflg) {
if (md5flg) {
char salt[12] = "$1$";
strcat (salt, crypt_make_salt ());
cp = pw_encrypt (newpwd, salt);
} else
cp = pw_encrypt (newpwd, crypt_make_salt ());
}
/*
* Get the password file entry for this user. The user must
* already exist.
*/
gr = gr_locate (name);
if (!gr) {
fprintf (stderr,
_("%s: line %d: unknown group %s\n"), Prog,
line, name);
errors++;
continue;
}
if (is_shadow_pwd)
sg = sgr_locate (name);
else
sg = NULL;
/*
* The freshly encrypted new password is merged into the
* user's password file entry and the last password change
* date is set to the current date.
*/
if (sg) {
newsg = *sg;
newsg.sg_passwd = cp;
} else {
newgr = *gr;
newgr.gr_passwd = cp;
}
/*
* The updated password file entry is then put back and will
* be written to the password file later, after all the
* other entries have been updated as well.
*/
if (sg)
ok = sgr_update (&newsg);
else
ok = gr_update (&newgr);
if (!ok) {
fprintf (stderr,
_
("%s: line %d: cannot update password entry\n"),
Prog, line);
errors++;
continue;
}
}
/*
* Any detected errors will cause the entire set of changes to be
* aborted. Unlocking the password file will cause all of the
* changes to be ignored. Otherwise the file is closed, causing the
* changes to be written out all at once, and then unlocked
* afterwards.
*/
if (errors) {
fprintf (stderr,
_("%s: error detected, changes ignored\n"), Prog);
if (is_shadow_pwd)
sgr_unlock ();
gr_unlock ();
exit (1);
}
if (is_shadow_pwd) {
if (!sgr_close ()) {
fprintf (stderr,
_("%s: error updating shadow file\n"), Prog);
gr_unlock ();
exit (1);
}
sgr_unlock ();
}
if (!gr_close ()) {
fprintf (stderr, _("%s: error updating password file\n"), Prog);
exit (1);
}
nscd_flush_cache ("group");
gr_unlock ();
#ifdef USE_PAM
if (retval == PAM_SUCCESS)
pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
return (0);
}

6
src/chsh.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: chsh.c,v 1.37 2006/01/02 23:31:59 kloczek Exp $"
#ident "$Id: chsh.c,v 1.39 2006/02/21 22:44:35 kloczek Exp $"
#include <fcntl.h>
#include <pwd.h>
@@ -68,6 +68,7 @@ static char loginsh[BUFSIZ]; /* Name of new login shell */
/* local function prototypes */
static void usage (void);
static void new_fields (void);
static int check_shell (const char *);
static int restricted_shell (const char *);
/*
@@ -117,7 +118,7 @@ static int restricted_shell (const char *sh)
* If getusershell() is available (Linux, *BSD, possibly others), use it
* instead of re-implementing it.
*/
int check_shell (const char *sh)
static int check_shell (const char *sh)
{
char *cp;
int found = 0;
@@ -298,6 +299,7 @@ int main (int argc, char **argv)
* check if the change is allowed by SELinux policy.
*/
if ((pw->pw_uid != getuid ())
&& (is_selinux_enabled () > 0)
&& (selinux_check_passwd_access (PASSWD__CHSH) != 0)) {
SYSLOG ((LOG_WARN, "can't change shell for `%s'", user));
closelog ();

16
src/expiry.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: expiry.c,v 1.18 2005/09/07 15:00:45 kloczek Exp $"
#ident "$Id: expiry.c,v 1.19 2006/02/08 10:53:16 kloczek Exp $"
#include <pwd.h>
#include <signal.h>
@@ -38,13 +38,13 @@
#include "defines.h"
#include "prototypes.h"
/* local function prototypes */
static RETSIGTYPE catch (int);
static RETSIGTYPE catch_signals (int);
static void usage (void);
/*
* catch - signal catcher
* catch_signals - signal catcher
*/
static RETSIGTYPE catch (int sig)
static RETSIGTYPE catch_signals (int sig)
{
exit (10);
}
@@ -76,11 +76,11 @@ int main (int argc, char **argv)
/*
* Start by disabling all of the keyboard signals.
*/
signal (SIGHUP, catch);
signal (SIGINT, catch);
signal (SIGQUIT, catch);
signal (SIGHUP, catch_signals);
signal (SIGINT, catch_signals);
signal (SIGQUIT, catch_signals);
#ifdef SIGTSTP
signal (SIGTSTP, catch);
signal (SIGTSTP, catch_signals);
#endif
/*

28
src/gpasswd.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: gpasswd.c,v 1.34 2005/09/07 15:00:45 kloczek Exp $"
#ident "$Id: gpasswd.c,v 1.36 2006/02/08 10:58:46 kloczek Exp $"
#include <errno.h>
#include <fcntl.h>
@@ -41,6 +41,7 @@
#include "defines.h"
#include "exitcodes.h"
#include "groupio.h"
#include "nscd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
@@ -65,7 +66,7 @@ unsigned int bywho = -1;
/* local function prototypes */
static void usage (void);
static RETSIGTYPE die (int);
static RETSIGTYPE catch_signals (int);
static int check_list (const char *);
/*
@@ -86,13 +87,14 @@ static void usage (void)
}
/*
* die - set or reset termio modes.
* catch_signals - set or reset termio modes.
*
* die() is called before processing begins. signal() is then called
* with die() as the signal handler. If signal later calls die() with a
* signal number, the terminal modes are then reset.
* catch_signals() is called before processing begins. signal() is then
* called with catch_signals() as the signal handler. If signal later
* calls catch_signals() with a signal number, the terminal modes are
* then reset.
*/
static RETSIGTYPE die (int killed)
static RETSIGTYPE catch_signals (int killed)
{
static TERMIO sgtty;
@@ -555,14 +557,14 @@ int main (int argc, char **argv)
exit (1);
}
die (0); /* save tty modes */
catch_signals (0); /* save tty modes */
signal (SIGHUP, die);
signal (SIGINT, die);
signal (SIGQUIT, die);
signal (SIGTERM, die);
signal (SIGHUP, catch_signals);
signal (SIGINT, catch_signals);
signal (SIGQUIT, catch_signals);
signal (SIGTERM, catch_signals);
#ifdef SIGTSTP
signal (SIGTSTP, die);
signal (SIGTSTP, catch_signals);
#endif
/*

3
src/groupadd.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: groupadd.c,v 1.50 2005/12/06 20:24:03 kloczek Exp $"
#ident "$Id: groupadd.c,v 1.51 2006/01/18 19:55:15 kloczek Exp $"
#include <ctype.h>
#include <fcntl.h>
@@ -85,7 +85,6 @@ static void new_sgent (struct sgrp *);
static void grp_update (void);
static void find_new_gid (void);
static void check_new_name (void);
static void process_flags (int, char **);
static void close_files (void);
static void open_files (void);
static void fail_exit (int);

3
src/groupdel.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: groupdel.c,v 1.30 2005/10/19 15:21:07 kloczek Exp $"
#ident "$Id: groupdel.c,v 1.31 2006/01/18 19:55:15 kloczek Exp $"
#include <ctype.h>
#include <fcntl.h>
@@ -345,4 +345,5 @@ int main (int argc, char **argv)
#endif
exit (errors == 0 ? E_SUCCESS : E_GRP_UPDATE);
/* NOT REACHED */
return 0;
}

4
src/groups.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: groups.c,v 1.13 2005/09/07 15:00:45 kloczek Exp $"
#ident "$Id: groups.c,v 1.15 2006/02/07 22:41:56 kloczek Exp $"
#include <grp.h>
#include <pwd.h>
@@ -103,7 +103,7 @@ int main (int argc, char **argv)
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
#ifdef HAVE_GETGROUPS
groups = malloc (sys_ngroups * sizeof (GETGROUPS_T));
groups = (GETGROUPS_T *) malloc (sys_ngroups * sizeof (GETGROUPS_T));
#endif
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);

3
src/grpck.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: grpck.c,v 1.28 2005/09/07 15:00:45 kloczek Exp $"
#ident "$Id: grpck.c,v 1.29 2006/01/18 19:55:15 kloczek Exp $"
#include <fcntl.h>
#include <grp.h>
@@ -39,6 +39,7 @@
#include "commonio.h"
#include "defines.h"
#include "groupio.h"
#include "nscd.h"
#include "prototypes.h"
extern void __gr_del_entry (const struct commonio_entry *);
extern struct commonio_entry *__gr_get_head (void);

3
src/grpconv.c
View File

@@ -9,7 +9,7 @@
*/
#include <config.h>
#ident "$Id: grpconv.c,v 1.19 2005/08/31 17:25:00 kloczek Exp $"
#ident "$Id: grpconv.c,v 1.20 2006/01/18 19:55:15 kloczek Exp $"
#include <errno.h>
#include <fcntl.h>
@@ -19,6 +19,7 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
#include "nscd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "groupio.h"

3
src/grpunconv.c
View File

@@ -10,7 +10,7 @@
#include <config.h>
#ident "$Id: grpunconv.c,v 1.17 2005/08/31 17:25:00 kloczek Exp $"
#ident "$Id: grpunconv.c,v 1.18 2006/01/18 19:55:15 kloczek Exp $"
#include <stdio.h>
#include <stdlib.h>
@@ -19,6 +19,7 @@
#include <time.h>
#include <unistd.h>
#include <grp.h>
#include "nscd.h"
#include "prototypes.h"
#ifdef SHADOWGRP
#include "groupio.h"

4
src/id.c
View File

@@ -37,7 +37,7 @@
#include <config.h>
#ident "$Id: id.c,v 1.18 2005/09/07 15:00:45 kloczek Exp $"
#ident "$Id: id.c,v 1.19 2006/02/07 22:55:41 kloczek Exp $"
#include <grp.h>
#include <pwd.h>
@@ -91,7 +91,7 @@ static void usage (void)
*/
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
#ifdef HAVE_GETGROUPS
groups = malloc (sys_ngroups * sizeof (GETGROUPS_T));
groups = (GETGROUPS_T *) malloc (sys_ngroups * sizeof (GETGROUPS_T));
/*
* See if the -a flag has been given to print out the concurrent
* group set.

8
src/lastlog.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: lastlog.c,v 1.23 2005/08/31 17:25:00 kloczek Exp $"
#ident "$Id: lastlog.c,v 1.25 2006/03/05 22:06:58 kloczek Exp $"
#include <getopt.h>
#include <lastlog.h>
@@ -213,6 +213,12 @@ int main (int argc, char **argv)
break;
}
}
if (argc > optind) {
fprintf (stderr,
_("lastlog: unexpected argument: %s\n"),
argv[optind]);
usage();
}
}
if ((lastlogfile = fopen (LASTLOG_FILE, "r")) == (FILE *) 0) {

139
src/login.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: login.c,v 1.77 2005/12/13 14:04:54 kloczek Exp $"
#ident "$Id: login.c,v 1.83 2006/03/07 15:47:32 kloczek Exp $"
#include <errno.h>
#include <grp.h>
@@ -47,6 +47,7 @@
#include "getdef.h"
#include "prototypes.h"
#include "pwauth.h"
#include "exitcodes.h"
#ifdef USE_PAM
#include "pam_defs.h"
@@ -258,7 +259,10 @@ static void check_flags (int argc, char *const *argv)
static void init_env (void)
{
char *cp, *tmp;
#ifndef USE_PAM
char *cp;
#endif
char *tmp;
if ((tmp = getenv ("LANG"))) {
addenv ("LANG", tmp);
@@ -331,6 +335,7 @@ int main (int argc, char **argv)
int flag;
int subroot = 0;
int is_console;
int err;
const char *cp;
char *tmp;
char fromhost[512];
@@ -490,7 +495,7 @@ int main (int argc, char **argv)
setup_tty ();
#ifndef USE_PAM
umask (getdef_num ("UMASK", 077));
umask (getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
{
/*
@@ -603,10 +608,10 @@ int main (int argc, char **argv)
if (!gethostname (hostn, sizeof (hostn)))
snprintf (login_prompt,
sizeof (login_prompt),
"%s login: ", hostn);
_("%s login: "), hostn);
else
snprintf (login_prompt,
sizeof (login_prompt), "login: ");
sizeof (login_prompt), _("login: "));
retcode =
pam_set_item (pamh, PAM_USER_PROMPT, login_prompt);
@@ -627,68 +632,60 @@ int main (int argc, char **argv)
* pay attention to failure count and get rid of
* MAX_LOGIN_TRIES?
*/
retcode = pam_authenticate (pamh, 0);
while ((failcount++ < retries) &&
((retcode == PAM_AUTH_ERR) ||
(retcode == PAM_USER_UNKNOWN) ||
(retcode == PAM_CRED_INSUFFICIENT) ||
(retcode == PAM_AUTHINFO_UNAVAIL))) {
pam_get_item (pamh, PAM_USER,
(const void **) &pam_user);
SYSLOG ((LOG_NOTICE,
"FAILED LOGIN %d FROM %s FOR %s, %s",
failcount, hostname, pam_user,
pam_strerror (pamh, retcode)));
#ifdef HAVE_PAM_FAIL_DELAY
pam_fail_delay (pamh, 1000000 * delay);
#endif
#ifdef WITH_AUDIT
{
struct passwd *pw;
char buf[64];
failcount = 0;
while (1) {
const char *failent_user;
failed = 0;
audit_fd = audit_open ();
pw = getpwnam (username);
if (pw) {
snprintf (buf, sizeof (buf),
"uid=%d", pw->pw_uid);
audit_log_user_message
(audit_fd, AUDIT_USER_LOGIN,
buf, hostname, NULL,
tty, 0);
} else {
snprintf (buf, sizeof (buf),
"acct=%s", username);
audit_log_user_message
(audit_fd, AUDIT_USER_LOGIN,
buf, hostname, NULL,
tty, 0);
}
close (audit_fd);
}
#endif /* WITH_AUDIT */
failcount++;
if (delay > 0)
retcode = pam_fail_delay(pamh, 1000000*delay);
fprintf (stderr, _("\nLogin incorrect\n"));
pam_set_item (pamh, PAM_USER, NULL);
retcode = pam_authenticate (pamh, 0);
}
retcode = pam_authenticate (pamh, 0);
if (retcode != PAM_SUCCESS) {
pam_get_item (pamh, PAM_USER,
(const void **) &pam_user);
pam_get_item (pamh, PAM_USER,
(const void **) &pam_user);
if (retcode == PAM_MAXTRIES)
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%d) FROM %s FOR %s, %s",
failcount, hostname,
pam_user,
pam_strerror (pamh, retcode)));
else
SYSLOG ((LOG_NOTICE,
"FAILED LOGIN SESSION FROM %s FOR %s, %s",
hostname, pam_user,
pam_strerror (pamh, retcode)));
if (pam_user && pam_user[0]) {
pwd = getpwnam(pam_user);
if (pwd) {
pwent = *pwd;
failent_user = pwent.pw_name;
} else {
if (getdef_bool("LOG_UNKFAIL_ENAB") && pam_user)
failent_user = pam_user;
else
failent_user = "UNKNOWN";
}
} else {
pwd = NULL;
failent_user = "UNKNOWN";
}
if (retcode == PAM_MAXTRIES || failcount >= retries) {
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%d)%s FOR `%s'",
failcount, fromhost, failent_user));
fprintf(stderr,
_("Maximum number of tries exceeded (%d)\n"),
failcount);
PAM_END;
exit(0);
} else if (retcode == PAM_ABORT) {
/* Serious problems, quit now */
fprintf(stderr,_("login: abort requested by PAM\n"));
SYSLOG ((LOG_ERR,"PAM_ABORT returned from pam_authenticate()"));
PAM_END;
exit(99);
} else if (retcode != PAM_SUCCESS) {
SYSLOG ((LOG_NOTICE,"FAILED LOGIN (%d)%s FOR `%s', %s",
failcount, fromhost, failent_user,
pam_strerror (pamh, retcode)));
failed = 1;
}
if (!failed)
break;
#ifdef WITH_AUDIT
{
@@ -716,11 +713,13 @@ int main (int argc, char **argv)
}
#endif /* WITH_AUDIT */
fprintf (stderr, "\nLogin incorrect\n");
pam_end (pamh, retcode);
exit (0);
fprintf(stderr,"\nLogin incorrect\n");
/* Let's give it another go around */
pam_set_item(pamh,PAM_USER,NULL);
}
/* We don't get here unless they were authenticated above */
retcode = pam_acct_mgmt (pamh, 0);
if (retcode == PAM_NEW_AUTHTOK_REQD) {
@@ -1127,10 +1126,12 @@ int main (int argc, char **argv)
SYSLOG ((LOG_INFO, "`%s' logged in %s", username, fromhost));
#endif
closelog ();
if ((tmp = getdef_str ("FAKE_SHELL")) != NULL) {
shell (tmp, pwent.pw_shell); /* fake shell */
}
shell (pwent.pw_shell, (char *) 0); /* exec the shell finally. */
if ((tmp = getdef_str ("FAKE_SHELL")) != NULL)
err = shell (tmp, pwent.pw_shell, newenvp); /* fake shell */
else
/* exec the shell finally */
err = shell (pwent.pw_shell, (char *) 0, newenvp);
exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
/* NOT REACHED */
return 0;
}

21
src/newgrp.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: newgrp.c,v 1.42 2005/11/10 16:01:27 kloczek Exp $"
#ident "$Id: newgrp.c,v 1.44 2006/01/18 19:55:15 kloczek Exp $"
#include <errno.h>
#include <grp.h>
@@ -38,9 +38,11 @@
#include "defines.h"
#include "getdef.h"
#include "prototypes.h"
#include "exitcodes.h"
/*
* Global variables
*/
extern char **newenvp;
extern char **environ;
#ifdef HAVE_SETGROUPS
@@ -103,6 +105,7 @@ int main (int argc, char **argv)
int needspasswd = 0;
int i;
int cflag = 0;
int err = 0;
gid_t gid;
char *cp;
const char *cpasswd, *name, *prog;
@@ -482,8 +485,8 @@ int main (int argc, char **argv)
/* wake child when resumed */
kill (child, SIGCONT);
}
} while (pid == child && WIFSTOPPED (cst) ||
pid != child && errno == EINTR);
} while ((pid == child && WIFSTOPPED (cst)) ||
(pid != child && errno == EINTR));
SYSLOG ((LOG_INFO,
"user `%s' (login `%s' on %s) returned to group `%s'",
name, loginname, tty,
@@ -556,13 +559,8 @@ int main (int argc, char **argv)
audit_logger (AUDIT_USER_START, Prog, "changing",
NULL, getuid (), 0);
#endif
if (errno == ENOENT) {
perror ("/bin/sh");
exit (127);
} else {
perror ("/bin/sh");
exit (126);
}
perror ("/bin/sh");
exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
}
/*
@@ -631,7 +629,8 @@ int main (int argc, char **argv)
* Exec the login shell and go away. We are trying to get back to
* the previous environment which should be the user's login shell.
*/
shell (prog, initflag ? (char *) 0 : cp);
err = shell (prog, initflag ? (char *) 0 : cp, newenvp);
exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
/* NOTREACHED */
failure:

16
src/newusers.c
View File

@@ -35,7 +35,7 @@
#include <config.h>
#ident "$Id: newusers.c,v 1.31 2005/10/19 15:21:07 kloczek Exp $"
#ident "$Id: newusers.c,v 1.33 2006/03/07 15:47:32 kloczek Exp $"
#include <sys/types.h>
#include <sys/stat.h>
@@ -49,8 +49,9 @@
#include "prototypes.h"
#include "defines.h"
#include "getdef.h"
#include "pwio.h"
#include "groupio.h"
#include "nscd.h"
#include "pwio.h"
#include "shadowio.h"
/*
* Global variables
@@ -474,15 +475,16 @@ int main (int argc, char **argv)
if (newpw.pw_dir[0] && access (newpw.pw_dir, F_OK)) {
if (mkdir (newpw.pw_dir,
0777 & ~getdef_num ("UMASK", 022)))
0777 & ~getdef_num ("UMASK",
GETDEF_DEFAULT_UMASK)))
fprintf (stderr,
_("%s: line %d: mkdir failed\n"),
Prog, line);
_("%s: line %d: mkdir failed\n"), Prog,
line);
else if (chown
(newpw.pw_dir, newpw.pw_uid, newpw.pw_gid))
fprintf (stderr,
_("%s: line %d: chown failed\n"),
Prog, line);
_("%s: line %d: chown failed\n"), Prog,
line);
}
/*

10
src/passwd.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: passwd.c,v 1.55 2005/12/06 20:19:52 kloczek Exp $"
#ident "$Id: passwd.c,v 1.57 2006/02/21 22:44:35 kloczek Exp $"
#include <errno.h>
#include <fcntl.h>
@@ -603,7 +603,6 @@ static long getnumber (const char *str)
*/
int main (int argc, char **argv)
{
int flag; /* Current option to process */
const struct passwd *pw; /* Password file entry for user */
#ifndef USE_PAM
@@ -803,7 +802,9 @@ int main (int argc, char **argv)
* check if the change is allowed by SELinux policy.
*/
if ((pw->pw_uid != getuid ())
&& (selinux_check_passwd_access (PASSWD__PASSWD) != 0)) {
&& (is_selinux_enabled () > 0 ?
(selinux_check_passwd_access (PASSWD__PASSWD) != 0) :
!amroot)) {
#else
/*
* If the UID of the user does not match the current real UID,
@@ -898,11 +899,12 @@ int main (int argc, char **argv)
SYSLOG ((LOG_INFO, "password for `%s' changed by `%s'", name, myname));
closelog ();
if (!qflg)
if (!qflg) {
if (!eflg)
printf (_("Password changed.\n"));
else
printf (_("Password set to expire.\n"));
}
exit (E_SUCCESS);
/* NOT REACHED */
}

3
src/pwck.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: pwck.c,v 1.32 2005/09/07 15:00:45 kloczek Exp $"
#ident "$Id: pwck.c,v 1.33 2006/01/18 19:55:15 kloczek Exp $"
#include <fcntl.h>
#include <grp.h>
@@ -41,6 +41,7 @@
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
#include "nscd.h"
extern void __pw_del_entry (const struct commonio_entry *);
extern struct commonio_entry *__pw_get_head (void);

3
src/pwconv.c
View File

@@ -28,7 +28,7 @@
#include <config.h>
#ident "$Id: pwconv.c,v 1.21 2005/09/07 15:00:45 kloczek Exp $"
#ident "$Id: pwconv.c,v 1.22 2006/01/18 19:55:15 kloczek Exp $"
#include <errno.h>
#include <fcntl.h>
@@ -43,6 +43,7 @@
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
#include "nscd.h"
/*
* exit status values
*/

55
src/su.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: su.c,v 1.61 2006/01/02 22:37:47 kloczek Exp $"
#ident "$Id: su.c,v 1.66 2006/02/08 10:52:49 kloczek Exp $"
#include <getopt.h>
#include <grp.h>
@@ -147,7 +147,7 @@ static void su_failure (const char *tty)
#ifdef USE_PAM
/* Signal handler for parent process later */
static void su_catch_sig (int sig)
static void catch_signals (int sig)
{
++caught;
}
@@ -156,7 +156,8 @@ static void su_catch_sig (int sig)
* have been applied. Some work was needed to get it integrated into
* su.c from shadow.
*/
static void run_shell (const char *shellstr, char *args[], int doshell)
static void run_shell (const char *shellstr, char *args[], int doshell,
char *const envp[])
{
int child;
sigset_t ourset;
@@ -168,14 +169,10 @@ static void run_shell (const char *shellstr, char *args[], int doshell)
pam_end (pamh, PAM_SUCCESS);
if (doshell)
shell (shellstr, (char *) args[0]);
(void) shell (shellstr, (char *) args[0], envp);
else
(void) execv (shellstr, (char **) args);
{
int exit_status = (errno == ENOENT ? 127 : 126);
exit (exit_status);
}
(void) execve (shellstr, (char **) args, envp);
exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
} else if (child == -1) {
(void) fprintf (stderr, "%s: Cannot fork user shell\n", Prog);
SYSLOG ((LOG_WARN, "Cannot execute %s", shellstr));
@@ -191,7 +188,7 @@ static void run_shell (const char *shellstr, char *args[], int doshell)
if (!caught) {
struct sigaction action;
action.sa_handler = su_catch_sig;
action.sa_handler = catch_signals;
sigemptyset (&action.sa_mask);
action.sa_flags = 0;
sigemptyset (&ourset);
@@ -256,6 +253,7 @@ static void usage (void)
fprintf (stderr, _("Usage: su [options] [login]\n"
"\n"
"Options:\n"
" -c, --command COMMAND pass COMMAND to the invoked shell\n"
" -h, --help display this help message and exit\n"
" -, -l, --login make the shell a login shell\n"
" -m, -p,\n"
@@ -286,11 +284,13 @@ int main (int argc, char **argv)
uid_t my_uid;
struct passwd *pw = 0;
char **envp = environ;
char *shellstr = 0;
char *shellstr = 0, *command = 0;
#ifdef USE_PAM
int ret;
#else /* !USE_PAM */
int err = 0;
RETSIGTYPE (*oldsig) ();
int is_console = 0;
@@ -328,6 +328,7 @@ int main (int argc, char **argv)
int option_index = 0;
int c;
static struct option long_options[] = {
{"command", required_argument, NULL, 'c'},
{"help", no_argument, NULL, 'h'},
{"login", no_argument, NULL, 'l'},
{"preserve-environment", no_argument, NULL, 'p'},
@@ -336,7 +337,7 @@ int main (int argc, char **argv)
};
while ((c =
getopt_long (argc, argv, "-hlmps:", long_options,
getopt_long (argc, argv, "-c:hlmps:", long_options,
&option_index)) != -1) {
switch (c) {
case 1:
@@ -349,6 +350,9 @@ int main (int argc, char **argv)
optind--;
goto end_su_options;
break; /* NOT REACHED */
case 'c':
command = optarg;
break;
case 'h':
usage ();
break;
@@ -423,6 +427,8 @@ int main (int argc, char **argv)
(void) strcpy (name, "root");
doshell = argc == optind; /* any arguments remaining? */
if (command)
doshell = 0;
/*
* Get the user's real name. The current UID is used to determine
@@ -755,6 +761,7 @@ int main (int argc, char **argv)
SYSLOG ((LOG_ERR, "pam_open_session: %s",
pam_strerror (pamh, ret)));
fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
pam_setcred(pamh, PAM_DELETE_CRED);
pam_end (pamh, ret);
exit (1);
}
@@ -778,6 +785,7 @@ int main (int argc, char **argv)
/* become the new user */
if (change_uid (&pwent)) {
pam_close_session(pamh, 0);
pam_setcred (pamh, PAM_DELETE_CRED);
pam_end (pamh, PAM_ABORT);
exit (1);
@@ -832,25 +840,32 @@ int main (int argc, char **argv)
if (!doshell) {
/* Position argv to the remaining arguments */
argv += optind;
if (command) {
argv -= 2;
argv[0] = "-c";
argv[1] = command;
}
/*
* Use the shell and create an argv
* with the rest of the command line included.
*/
argv[-1] = shellstr;
#ifndef USE_PAM
(void) execv (shellstr, &argv[-1]);
#else
run_shell (shellstr, &argv[-1], 0);
#endif
(void) execve (shellstr, &argv[-1], environ);
err = errno;
(void) fprintf (stderr, _("No shell\n"));
SYSLOG ((LOG_WARN, "Cannot execute %s", shellstr));
closelog ();
exit (1);
exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
#else
run_shell (shellstr, &argv[-1], 0, environ); /* no return */
#endif
}
#ifndef USE_PAM
shell (shellstr, cp);
err = shell (shellstr, cp, environ);
exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
#else
run_shell (shellstr, &cp, 1);
run_shell (shellstr, &cp, 1, environ);
#endif
/* NOT REACHED */
exit (1);

14
src/sulogin.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: sulogin.c,v 1.23 2005/09/07 15:00:45 kloczek Exp $"
#ident "$Id: sulogin.c,v 1.25 2006/02/08 10:53:16 kloczek Exp $"
#include <fcntl.h>
#include <pwd.h>
@@ -39,6 +39,7 @@
#include "getdef.h"
#include "prototypes.h"
#include "pwauth.h"
#include "exitcodes.h"
/*
* Global variables
*/
@@ -57,9 +58,9 @@ extern char **environ;
#endif
/* local function prototypes */
static RETSIGTYPE catch (int);
static RETSIGTYPE catch_signals (int);
static RETSIGTYPE catch (int sig)
static RETSIGTYPE catch_signals (int sig)
{
exit (1);
}
@@ -76,6 +77,7 @@ static RETSIGTYPE catch (int sig)
char *cp;
char **envp = environ;
TERMIO termio;
int err = 0;
#ifdef USE_TERMIO
ioctl (0, TCGETA, &termio);
@@ -153,7 +155,7 @@ static RETSIGTYPE catch (int sig)
(void) strcpy (name, "root"); /* KLUDGE!!! */
signal (SIGALRM, catch); /* exit if the timer expires */
signal (SIGALRM, catch_signals); /* exit if the timer expires */
alarm (ALARM); /* only wait so long ... */
while (1) { /* repeatedly get login/password pairs */
@@ -220,6 +222,8 @@ static RETSIGTYPE catch (int sig)
#ifdef USE_SYSLOG
closelog ();
#endif
shell (pwent.pw_shell, (char *) 0); /* exec the shell finally. */
/* exec the shell finally. */
err = shell (pwent.pw_shell, (char *) 0, environ);
exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
/*NOTREACHED*/ return (0);
}

23
src/useradd.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: useradd.c,v 1.89 2005/12/15 15:06:28 kloczek Exp $"
#ident "$Id: useradd.c,v 1.92 2006/03/07 15:47:33 kloczek Exp $"
#include <ctype.h>
#include <errno.h>
@@ -1271,7 +1271,6 @@ static void close_files (void)
_("%s: cannot rewrite group file\n"), Prog);
fail_exit (E_GRP_UPDATE);
}
gr_unlock ();
#ifdef SHADOWGRP
if (is_shadow_grp && !sgr_close ()) {
fprintf (stderr,
@@ -1280,13 +1279,16 @@ static void close_files (void)
Prog);
fail_exit (E_GRP_UPDATE);
}
if (is_shadow_grp)
sgr_unlock ();
#endif
}
if (is_shadow_pwd)
spw_unlock ();
pw_unlock ();
gr_unlock ();
#ifdef SHADOWGRP
if (is_shadow_grp)
sgr_unlock ();
#endif
}
/*
@@ -1564,7 +1566,8 @@ static void create_home (void)
fail_exit (E_HOMEDIR);
}
chown (user_home, user_id, user_gid);
chmod (user_home, 0777 & ~getdef_num ("UMASK", 022));
chmod (user_home,
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
home_added++;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
@@ -1755,10 +1758,12 @@ int main (int argc, char **argv)
*/
open_files ();
/* first, seek for a valid uid to use for this user.
* We do this because later we can use the uid we found as
* gid too ... --gafton */
find_new_uid ();
if (!oflg) {
/* first, seek for a valid uid to use for this user.
* We do this because later we can use the uid we found as
* gid too ... --gafton */
find_new_uid ();
}
/* do we have to add a group for that user? This is why we need to
* open the group files in the open_files() function --gafton */

84
src/userdel.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: userdel.c,v 1.58 2005/12/01 20:10:48 kloczek Exp $"
#ident "$Id: userdel.c,v 1.61 2006/02/07 20:19:46 kloczek Exp $"
#include <errno.h>
#include <fcntl.h>
@@ -50,6 +50,7 @@
#include "pwauth.h"
#include "pwio.h"
#include "shadowio.h"
#include "exitcodes.h"
#ifdef SHADOWGRP
#include "sgroupio.h"
#endif
@@ -65,9 +66,7 @@
#define E_HOMEDIR 12 /* can't remove home directory */
static char *user_name;
static uid_t user_id;
static gid_t user_gid;
static char *user_home;
static char *user_group;
static char *Prog;
static int fflg = 0, rflg = 0;
@@ -263,65 +262,6 @@ static void update_groups (void)
#endif /* SHADOWGRP */
}
/*
* remove_group - remove the user's group unless it is not really a user-private group
*/
static void remove_group ()
{
char *glist_name;
struct group *gr;
struct passwd *pwd;
if (user_group == NULL || user_name == NULL)
return;
if (strcmp (user_name, user_group)) {
return;
}
glist_name = NULL;
gr = getgrnam (user_group);
if (gr)
glist_name = *(gr->gr_mem);
while (glist_name) {
while (glist_name && *glist_name) {
if (strncmp (glist_name, user_name, 16)) {
return;
}
glist_name++;
}
}
setpwent ();
while ((pwd = getpwent ())) {
if (strcmp (pwd->pw_name, user_name) == 0)
continue;
if (pwd->pw_gid == user_gid) {
return;
}
}
/* now actually do the removal if we haven't already returned */
if (!gr_remove (user_group)) {
fprintf (stderr, _("%s: error removing group entry\n"), Prog);
}
#ifdef SHADOWGRP
/*
* Delete the shadow group entries as well.
*/
if (is_shadow_grp && !sgr_remove (user_group)) {
fprintf (stderr, _("%s: error removing shadow group entry\n"),
Prog);
}
#endif /* SHADOWGRP */
SYSLOG ((LOG_INFO, "remove group `%s'\n", user_group));
return;
}
/*
* close_files - close all of the files that were opened
*
@@ -384,8 +324,7 @@ static void open_files (void)
fprintf (stderr, _("%s: unable to lock password file\n"), Prog);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"locking password file", user_name, user_id, 1,
0);
"locking password file", user_name, user_id, 0);
#endif
exit (E_PW_UPDATE);
}
@@ -572,13 +511,8 @@ static void user_cancel (const char *user)
pid = fork ();
if (pid == 0) {
execl (cmd, cmd, user, (char *) 0);
if (errno == ENOENT) {
perror (cmd);
_exit (127);
} else {
perror (cmd);
_exit (126);
}
perror (cmd);
_exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
} else if (pid == -1) {
perror ("fork");
return;
@@ -657,7 +591,6 @@ static void remove_mailbox (void)
int main (int argc, char **argv)
{
struct passwd *pwd;
struct group *grp;
int arg;
int errors = 0;
@@ -765,10 +698,6 @@ int main (int argc, char **argv)
#endif
user_id = pwd->pw_uid;
user_home = xstrdup (pwd->pw_dir);
user_gid = pwd->pw_gid;
grp = getgrgid (user_gid);
if (grp)
user_group = xstrdup (grp->gr_name);
/*
* Check to make certain the user isn't logged in.
*/
@@ -822,9 +751,6 @@ int main (int argc, char **argv)
}
#endif
/* Remove the user's group if appropriate. */
remove_group ();
if (rflg) {
if (remove_tree (user_home)
|| rmdir (user_home)) {

15
src/usermod.c
View File

@@ -29,7 +29,7 @@
#include <config.h>
#ident "$Id: usermod.c,v 1.64 2005/12/05 18:19:47 kloczek Exp $"
#ident "$Id: usermod.c,v 1.65 2006/01/18 19:55:15 kloczek Exp $"
#include <ctype.h>
#include <errno.h>
@@ -87,19 +87,21 @@ static uid_t user_newid;
static gid_t user_gid;
static gid_t user_newgid;
static char *user_comment;
static char *user_newcomment; /* Audit */
static char *user_home;
static char *user_newhome;
static char *user_shell;
static char *user_newshell; /* Audit */
static long user_expire;
static long user_newexpire; /* Audit */
static long user_inactive;
static long user_newinactive; /* Audit */
static long sys_ngroups;
static char **user_groups; /* NULL-terminated list */
#ifdef WITH_AUDIT
static char *user_newcomment; /* Audit */
static char *user_newshell; /* Audit */
static long user_newexpire; /* Audit */
static long user_newinactive; /* Audit */
#endif
static char *Prog;
static int
@@ -840,7 +842,6 @@ static void process_flags (int argc, char **argv)
const struct spwd *spwd = NULL;
int anyflag = 0;
int arg;
if (argc == 1 || argv[argc - 1][0] == '-')
usage ();

3
src/vipw.c
View File

@@ -22,7 +22,7 @@
#include <config.h>
#ident "$Id: vipw.c,v 1.20 2005/12/13 14:01:08 kloczek Exp $"
#ident "$Id: vipw.c,v 1.21 2006/01/18 19:55:15 kloczek Exp $"
#include <errno.h>
#include <getopt.h>
@@ -235,7 +235,6 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
int main (int argc, char **argv)
{
int flag;
int editshadow = 0;
char *a;
int do_vipw;