emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
7eca1112fb
shadow/lib
History
Christian Göttsche cbd2472b7c migrate to new SELinux api 
Using hard-coded access vector ids is deprecated and can lead to issues with custom SELinux policies.
Switch to `selinux_check_access()`.

Also use the libselinux log callback and log if available to audit.
This makes it easier for users to catch SELinux denials.

Drop legacy shortcut logic for passwd, which avoided a SELinux check if uid 0 changes a password of a user which username equals the current SELinux user identifier.
Nowadays usernames rarely match SELinux user identifiers and the benefit of skipping a SELinux check is negligible.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2019-10-22 14:56:31 +02:00
..
.indent.pro
commonio.c Do not fail locking if there is a stale lockfile. 2019-05-02 14:39:01 +02:00
commonio.h Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
defines.h gettime: Use secure_getenv over getenv. 2019-03-31 16:00:01 +01:00
encrypt.c Review 52a38d5509 2013-08-04 00:27:53 +02:00
exitcodes.h
faillog.h
fields.c
fputsx.c
get_gid.c
get_pid.c
get_uid.c
getdef.c Add support for a vendor directory and libeconf 2019-10-05 22:17:49 -05:00
getdef.h add --prefix option 2017-03-01 22:51:09 +01:00
getlong.c
getulong.c Simplify getulong 2016-08-03 11:51:07 -05:00
groupio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
groupio.h
groupmem.c Clear passwords on __gr_dup/__pw_dup errors. 2015-07-11 13:00:13 +02:00
gshadow_.h
gshadow.c
lockpw.c
Makefile.am Add support for a vendor directory and libeconf 2019-10-05 22:17:49 -05:00
nscd.c
nscd.h
pam_defs.h
port.c
port.h
prototypes.h migrate to new SELinux api 2019-10-22 14:56:31 +02:00
pwauth.c Review 52a38d5509 2013-08-04 00:27:53 +02:00
pwauth.h
pwio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
pwio.h
pwmem.c Clear passwords on __gr_dup/__pw_dup errors. 2015-07-11 13:00:13 +02:00
selinux.c migrate to new SELinux api 2019-10-22 14:56:31 +02:00
semanage.c
sgetgrent.c lib/sgetgrent.c: change to warn when data remains 2019-10-04 18:30:41 -05:00
sgetpwent.c sgetpwent.c/sgetgrent.c: check for additional data at end of line 2019-10-04 18:30:38 -05:00
sgetspent.c
sgroupio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
sgroupio.h
shadow.c
shadowio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
shadowio.h Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore 2016-12-21 12:45:50 -06:00
shadowmem.c Add splint annotations. 2013-08-13 19:13:45 +02:00
spawn.c lib/spawn.c run_command: don't loop forever if waitpid() is returning ECHILD 2019-05-06 14:26:14 -04:00
sssd.c Flush sssd caches in addition to nscd caches 2018-09-13 14:20:02 +02:00
sssd.h Flush sssd caches in addition to nscd caches 2018-09-13 14:20:02 +02:00
subordinateio.c remove unused fn commonio_next 2019-10-12 20:03:51 -05:00
subordinateio.h Remove dead code. 2013-08-15 17:30:19 +02:00
tcbfuncs.c
tcbfuncs.h
utent.c