diff options
| author | Balint Reczey <balint@balintreczey.hu> | 2022-08-20 18:17:16 +0200 |
|---|---|---|
| committer | Balint Reczey <balint@balintreczey.hu> | 2022-08-20 18:17:16 +0200 |
| commit | 675b462b64b213647d0f5c56b1e8440be5890c8a (patch) | |
| tree | 1cd63eec7594d03a622575136c61d8c813f59503 /src | |
| parent | 0c04b92a9afe5e09a20307d8a5ec98d97ed00f47 (diff) | |
| download | shadow-675b462b64b213647d0f5c56b1e8440be5890c8a.tar.gz | |
New upstream version 4.12.2+dfsg1
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.in | 27 | ||||
| -rw-r--r-- | src/chage.c | 10 | ||||
| -rw-r--r-- | src/chpasswd.c | 97 | ||||
| -rw-r--r-- | src/expiry.c | 4 | ||||
| -rw-r--r-- | src/faillog.c | 4 | ||||
| -rw-r--r-- | src/free_subid_range.c | 2 | ||||
| -rw-r--r-- | src/get_subid_owners.c | 2 | ||||
| -rw-r--r-- | src/getsubids.c | 2 | ||||
| -rw-r--r-- | src/gpasswd.c | 4 | ||||
| -rw-r--r-- | src/grpck.c | 8 | ||||
| -rw-r--r-- | src/lastlog.c | 21 | ||||
| -rw-r--r-- | src/login.c | 4 | ||||
| -rw-r--r-- | src/logoutd.c | 2 | ||||
| -rw-r--r-- | src/new_subid_range.c | 2 | ||||
| -rw-r--r-- | src/newgidmap.c | 5 | ||||
| -rw-r--r-- | src/newgrp.c | 4 | ||||
| -rw-r--r-- | src/newuidmap.c | 2 | ||||
| -rw-r--r-- | src/newusers.c | 10 | ||||
| -rw-r--r-- | src/passwd.c | 2 | ||||
| -rw-r--r-- | src/pwck.c | 15 | ||||
| -rw-r--r-- | src/su.c | 10 | ||||
| -rw-r--r-- | src/sulogin.c | 4 | ||||
| -rw-r--r-- | src/useradd.c | 47 | ||||
| -rw-r--r-- | src/usermod.c | 20 | ||||
| -rw-r--r-- | src/vipw.c | 1 |
25 files changed, 168 insertions, 141 deletions
diff --git a/src/Makefile.in b/src/Makefile.in index 5aeb65c1..da31572f 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -117,13 +117,14 @@ noinst_PROGRAMS = id$(EXEEXT) sulogin$(EXEEXT) $(am__EXEEXT_3) subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -464,8 +465,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ @@ -481,6 +480,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -492,8 +493,10 @@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ ECONF_CPPFLAGS = @ECONF_CPPFLAGS@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -567,6 +570,7 @@ VENDORDIR = @VENDORDIR@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ @@ -1363,7 +1367,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am diff --git a/src/chage.c b/src/chage.c index ced3a3e8..8cf67794 100644 --- a/src/chage.c +++ b/src/chage.c @@ -223,20 +223,12 @@ static void print_date (time_t date) { struct tm *tp; char buf[80]; - char format[80]; - - if (iflg) { - (void) snprintf (format, 80, "%%Y-%%m-%%d"); - } - else { - (void) snprintf (format, 80, "%%b %%d, %%Y"); - } tp = gmtime (&date); if (NULL == tp) { (void) printf ("time_t: %lu\n", (unsigned long)date); } else { - (void) strftime (buf, sizeof buf, format, tp); + (void) strftime (buf, sizeof buf, iflg ? "%%Y-%%m-%%d" : "%%b %%d, %%Y", tp); (void) puts (buf); } } diff --git a/src/chpasswd.c b/src/chpasswd.c index cd2d1cf0..48d5178b 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -30,6 +30,8 @@ #include "exitcodes.h" #include "shadowlog.h" +#define IS_CRYPT_METHOD(str) ((crypt_method != NULL && strcmp(crypt_method, str) == 0) ? true : false) + /* * Global variables */ @@ -179,20 +181,20 @@ static void process_flags (int argc, char **argv) sflg = true; bad_s = 0; #if defined(USE_SHA_CRYPT) - if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) - && (0 == getlong(optarg, &sha_rounds)))) { + if ((IS_CRYPT_METHOD("SHA256") || IS_CRYPT_METHOD("SHA512")) + && (0 == getlong(optarg, &sha_rounds))) { bad_s = 1; } #endif /* USE_SHA_CRYPT */ #if defined(USE_BCRYPT) - if (( (0 == strcmp (crypt_method, "BCRYPT")) - && (0 == getlong(optarg, &bcrypt_rounds)))) { + if (IS_CRYPT_METHOD("BCRYPT") + && (0 == getlong(optarg, &bcrypt_rounds))) { bad_s = 1; } #endif /* USE_BCRYPT */ #if defined(USE_YESCRYPT) - if (( (0 == strcmp (crypt_method, "YESCRYPT")) - && (0 == getlong(optarg, &yescrypt_cost)))) { + if (IS_CRYPT_METHOD("YESCRYPT") + && (0 == getlong(optarg, &yescrypt_cost))) { bad_s = 1; } #endif /* USE_YESCRYPT */ @@ -240,18 +242,18 @@ static void check_flags (void) } if (cflg) { - if ( (0 != strcmp (crypt_method, "DES")) - && (0 != strcmp (crypt_method, "MD5")) - && (0 != strcmp (crypt_method, "NONE")) + if ((!IS_CRYPT_METHOD("DES")) + &&(!IS_CRYPT_METHOD("MD5")) + &&(!IS_CRYPT_METHOD("NONE")) #ifdef USE_SHA_CRYPT - && (0 != strcmp (crypt_method, "SHA256")) - && (0 != strcmp (crypt_method, "SHA512")) + &&(!IS_CRYPT_METHOD("SHA256")) + &&(!IS_CRYPT_METHOD("SHA512")) #endif /* USE_SHA_CRYPT */ #ifdef USE_BCRYPT - && (0 != strcmp (crypt_method, "BCRYPT")) + &&(!IS_CRYPT_METHOD("BCRYPT")) #endif /* USE_BCRYPT */ #ifdef USE_YESCRYPT - && (0 != strcmp (crypt_method, "YESCRYPT")) + &&(!IS_CRYPT_METHOD("YESCRYPT")) #endif /* USE_YESCRYPT */ ) { fprintf (stderr, @@ -392,12 +394,46 @@ static void close_files (void) pw_locked = false; } +static const char *get_salt(void) +{ + void *arg = NULL; + + if (eflg || IS_CRYPT_METHOD("NONE")) { + return NULL; + } + + if (md5flg) { + crypt_method = "MD5"; + } +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) + if (sflg) { +#if defined(USE_SHA_CRYPT) + if (IS_CRYPT_METHOD("SHA256") || IS_CRYPT_METHOD("SHA512")) { + arg = &sha_rounds; + } +#endif /* USE_SHA_CRYPT */ +#if defined(USE_BCRYPT) + if (IS_CRYPT_METHOD("BCRYPT")) { + arg = &bcrypt_rounds; + } +#endif /* USE_BCRYPT */ +#if defined(USE_YESCRYPT) + if (IS_CRYPT_METHOD("YESCRYPT")) { + arg = &yescrypt_cost; + } +#endif /* USE_YESCRYPT */ + } +#endif + return crypt_make_salt (crypt_method, arg); +} + int main (int argc, char **argv) { char buf[BUFSIZ]; char *name; char *newpwd; char *cp; + const char *salt; #ifdef USE_PAM bool use_pam = true; @@ -414,10 +450,11 @@ int main (int argc, char **argv) (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); - process_root_flag ("-R", argc, argv); - process_flags (argc, argv); + salt = get_salt(); + process_root_flag ("-R", argc, argv); + #ifdef USE_PAM if (md5flg || eflg || cflg) { use_pam = false; @@ -508,35 +545,7 @@ int main (int argc, char **argv) const struct passwd *pw; struct passwd newpw; - if ( !eflg - && ( (NULL == crypt_method) - || (0 != strcmp (crypt_method, "NONE")))) { - void *arg = NULL; - const char *salt; - if (md5flg) { - crypt_method = "MD5"; - } -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) - if (sflg) { -#if defined(USE_SHA_CRYPT) - if ( (0 == strcmp (crypt_method, "SHA256")) - || (0 == strcmp (crypt_method, "SHA512"))) { - arg = &sha_rounds; - } -#endif /* USE_SHA_CRYPT */ -#if defined(USE_BCRYPT) - if (0 == strcmp (crypt_method, "BCRYPT")) { - arg = &bcrypt_rounds; - } -#endif /* USE_BCRYPT */ -#if defined(USE_YESCRYPT) - if (0 == strcmp (crypt_method, "YESCRYPT")) { - arg = &yescrypt_cost; - } -#endif /* USE_YESCRYPT */ - } -#endif - salt = crypt_make_salt (crypt_method, arg); + if (salt) { cp = pw_encrypt (newpwd, salt); if (NULL == cp) { fprintf (stderr, diff --git a/src/expiry.c b/src/expiry.c index 112c08c2..dc20b90e 100644 --- a/src/expiry.c +++ b/src/expiry.c @@ -27,14 +27,14 @@ const char *Prog; static bool cflg = false; /* local function prototypes */ -static RETSIGTYPE catch_signals (unused int sig); +static void catch_signals (unused int sig); static /*@noreturn@*/void usage (int status); static void process_flags (int argc, char **argv); /* * catch_signals - signal catcher */ -static RETSIGTYPE catch_signals (unused int sig) +static void catch_signals (unused int sig) { _exit (10); } diff --git a/src/faillog.c b/src/faillog.c index d33fe9b6..0f94836f 100644 --- a/src/faillog.c +++ b/src/faillog.c @@ -537,9 +537,9 @@ static void set_locktime (long locktime) int main (int argc, char **argv) { - long fail_locktime; + long fail_locktime = 0; short fail_max = 0; // initialize to silence compiler warning - long days; + long days = 0; /* * Get the program name. The program name is used as a prefix to diff --git a/src/free_subid_range.c b/src/free_subid_range.c index a2d2e8e0..d9a2cd8d 100644 --- a/src/free_subid_range.c +++ b/src/free_subid_range.c @@ -11,7 +11,7 @@ const char *Prog; -void usage(void) +static void usage(void) { fprintf(stderr, "Usage: %s [-g] user start count\n", Prog); fprintf(stderr, " Release a user's subuid (or with -g, subgid) range\n"); diff --git a/src/get_subid_owners.c b/src/get_subid_owners.c index b0f46397..36974b84 100644 --- a/src/get_subid_owners.c +++ b/src/get_subid_owners.c @@ -8,7 +8,7 @@ const char *Prog; -void usage(void) +static void usage(void) { fprintf(stderr, "Usage: [-g] %s subuid\n", Prog); fprintf(stderr, " list uids who own the given subuid\n"); diff --git a/src/getsubids.c b/src/getsubids.c index 4384cfae..c91ae39e 100644 --- a/src/getsubids.c +++ b/src/getsubids.c @@ -9,7 +9,7 @@ const char *Prog; -void usage(void) +static void usage(void) { fprintf(stderr, "Usage: %s [-g] user\n", Prog); fprintf(stderr, " list subuid ranges for user\n"); diff --git a/src/gpasswd.c b/src/gpasswd.c index c7c9477d..85fb1d17 100644 --- a/src/gpasswd.c +++ b/src/gpasswd.c @@ -74,7 +74,7 @@ static uid_t bywho; /* local function prototypes */ static void usage (int status); -static RETSIGTYPE catch_signals (int killed); +static void catch_signals (int killed); static bool is_valid_user_list (const char *users); static void process_flags (int argc, char **argv); static void check_flags (int argc, int opt_index); @@ -137,7 +137,7 @@ static void usage (int status) * calls catch_signals() with a signal number, the terminal modes are * then reset. */ -static RETSIGTYPE catch_signals (int killed) +static void catch_signals (int killed) { static TERMIO sgtty; diff --git a/src/grpck.c b/src/grpck.c index 7accac94..881fb4de 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -455,7 +455,7 @@ static void check_grp_file (int *errors, bool *changed) struct commonio_entry *gre, *tgre; struct group *grp; #ifdef SHADOWGRP - struct sgrp *sgr; + const struct sgrp *sgr; #endif /* @@ -596,7 +596,7 @@ static void check_grp_file (int *errors, bool *changed) */ if (is_shadow) { - sgr = (struct sgrp *) sgr_locate (grp->gr_name); + sgr = sgr_locate (grp->gr_name); if (sgr == NULL) { printf (_("no matching group file entry in %s\n"), sgr_file); @@ -663,7 +663,7 @@ static void check_grp_file (int *errors, bool *changed) */ static void check_sgr_file (int *errors, bool *changed) { - struct group *grp; + const struct group *grp; struct commonio_entry *sge, *tsge; struct sgrp *sgr; @@ -758,7 +758,7 @@ static void check_sgr_file (int *errors, bool *changed) /* * Make sure this entry exists in the /etc/group file. */ - grp = (struct group *) gr_locate (sgr->sg_name); + grp = gr_locate (sgr->sg_name); if (grp == NULL) { printf (_("no matching group file entry in %s\n"), grp_file); diff --git a/src/lastlog.c b/src/lastlog.c index 3c0fc9c6..0d4b5fd2 100644 --- a/src/lastlog.c +++ b/src/lastlog.c @@ -88,7 +88,16 @@ static void print_one (/*@null@*/const struct passwd *pw) char ptime[80]; #ifdef HAVE_LL_HOST - int maxIPv6Addrlen; + /* + * ll_host is in minimized form, thus the maximum IPv6 address possible is + * 8*4+7 = 39 characters. + * RFC 4291 2.5.6 states that for LL-addresses fe80+only the interface ID is set, + * thus having a maximum size of 25+1+IFNAMSIZ. + * POSIX says IFNAMSIZ should be 16 characters long including the null byte, thus + * 25+1+IFNAMSIZ >= 42 > 39 + */ + /* Link-Local address + % + Interfacename */ + const int maxIPv6Addrlen = 25+1+IFNAMSIZ; #endif if (NULL == pw) { @@ -132,16 +141,6 @@ static void print_one (/*@null@*/const struct passwd *pw) /* Print the header only once */ if (!once) { #ifdef HAVE_LL_HOST - /* - * ll_host is in minimized form, thus the maximum IPv6 address possible is - * 8*4+7 = 39 characters. - * RFC 4291 2.5.6 states that for LL-addresses fe80+only the interface ID is set, - * thus having a maximum size of 25+1+IFNAMSIZ. - * POSIX says IFNAMSIZ should be 16 characters long including the null byte, thus - * 25+1+IFNAMSIZ >= 42 > 39 - */ - /* Link-Local address + % + Interfacename */ - maxIPv6Addrlen = 25+1+IFNAMSIZ; printf (_("Username Port From%*sLatest\n"), maxIPv6Addrlen-3, " "); #else puts (_("Username Port Latest")); diff --git a/src/login.c b/src/login.c index bb85c758..d1198756 100644 --- a/src/login.c +++ b/src/login.c @@ -124,7 +124,7 @@ static void get_pam_user (char **ptr_pam_user); #endif static void init_env (void); -static RETSIGTYPE alarm_handler (int); +static void alarm_handler (int); /* * usage - print login command usage and exit @@ -397,7 +397,7 @@ static void init_env (void) } -static RETSIGTYPE alarm_handler (unused int sig) +static void alarm_handler (unused int sig) { write (STDERR_FILENO, tmsg, strlen (tmsg)); _exit (0); diff --git a/src/logoutd.c b/src/logoutd.c index d369acf4..03680f3f 100644 --- a/src/logoutd.c +++ b/src/logoutd.c @@ -228,7 +228,7 @@ int main (int argc, char **argv) tty_name[0] = '\0'; } - strcat (tty_name, ut->ut_line); + strncat (tty_name, ut->ut_line, UT_LINESIZE); #ifndef O_NOCTTY #define O_NOCTTY 0 #endif diff --git a/src/new_subid_range.c b/src/new_subid_range.c index 6cb294d4..523d480a 100644 --- a/src/new_subid_range.c +++ b/src/new_subid_range.c @@ -11,7 +11,7 @@ const char *Prog; -void usage(void) +static void usage(void) { fprintf(stderr, "Usage: %s [-g] [-n] user count\n", Prog); fprintf(stderr, " Find a subuid (or with -g, subgid) range for user\n"); diff --git a/src/newgidmap.c b/src/newgidmap.c index ebf16cde..5b42431b 100644 --- a/src/newgidmap.c +++ b/src/newgidmap.c @@ -73,10 +73,11 @@ static void usage(void) exit(EXIT_FAILURE); } -void write_setgroups(int proc_dir_fd, bool allow_setgroups) +static void write_setgroups(int proc_dir_fd, bool allow_setgroups) { int setgroups_fd; - char *policy, policy_buffer[4096]; + const char *policy; + char policy_buffer[4096]; /* * Default is "deny", and any "allow" will out-rank a "deny". We don't diff --git a/src/newgrp.c b/src/newgrp.c index cb88f6d7..99820832 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -379,7 +379,7 @@ int main (int argc, char **argv) int err = 0; gid_t gid; char *cp; - char *progbase; + const char *progbase; const char *name, *prog; char *group = NULL; char *command = NULL; @@ -787,7 +787,7 @@ int main (int argc, char **argv) * Now I try to find the basename of the login shell. This will * become argv[0] of the spawned command. */ - progbase = (char *) Basename ((char *) prog); + progbase = Basename (prog); /* * Switch back to her home directory if i am doing login diff --git a/src/newuidmap.c b/src/newuidmap.c index 9aa2ddcc..546856a2 100644 --- a/src/newuidmap.c +++ b/src/newuidmap.c @@ -62,7 +62,7 @@ static void verify_ranges(struct passwd *pw, int ranges, } } -void usage(void) +static void usage(void) { fprintf(stderr, _("usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"), Prog); exit(EXIT_FAILURE); diff --git a/src/newusers.c b/src/newusers.c index c1d29f83..4c6546e8 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -116,7 +116,7 @@ static void usage (int status) "\n" "Options:\n"), Prog); - (void) fputs (_(" -b, --badnames allow bad names\n"), usageout); + (void) fputs (_(" -b, --badname allow bad names\n"), usageout); #ifndef USE_PAM (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), @@ -383,7 +383,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid) /* Check if this is a valid user name */ if (!is_valid_user_name (name)) { fprintf (stderr, - _("%s: invalid user name '%s'\n"), + _("%s: invalid user name '%s': use --badname to ignore\n"), Prog, name); return -1; } @@ -464,7 +464,9 @@ static int add_passwd (struct passwd *pwd, const char *password) { const struct spwd *sp; struct spwd spent; +#ifndef USE_PAM char *cp; +#endif /* !USE_PAM */ #ifndef USE_PAM void *crypt_arg = NULL; @@ -607,11 +609,13 @@ static int add_passwd (struct passwd *pwd, const char *password) static void process_flags (int argc, char **argv) { int c; +#ifndef USE_PAM #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) int bad_s; #endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ +#endif /* !USE_PAM */ static struct option long_options[] = { - {"badnames", no_argument, NULL, 'b'}, + {"badname", no_argument, NULL, 'b'}, #ifndef USE_PAM {"crypt-method", required_argument, NULL, 'c'}, #endif /* !USE_PAM */ diff --git a/src/passwd.c b/src/passwd.c index 80531ec6..8c6f81a9 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -289,6 +289,7 @@ static int new_password (const struct passwd *pw) cp = getpass (_("New password: ")); if (NULL == cp) { memzero (orig, sizeof orig); + memzero (pass, sizeof pass); return -1; } if (warned && (strcmp (pass, cp) != 0)) { @@ -316,6 +317,7 @@ static int new_password (const struct passwd *pw) cp = getpass (_("Re-enter new password: ")); if (NULL == cp) { memzero (orig, sizeof orig); + memzero (pass, sizeof pass); return -1; } if (strcmp (cp, pass) != 0) { @@ -128,7 +128,7 @@ static /*@noreturn@*/void usage (int status) "Options:\n"), Prog); } - (void) fputs (_(" -b, --badnames allow bad names\n"), usageout); + (void) fputs (_(" -b, --badname allow bad names\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -q, --quiet report errors only\n"), usageout); (void) fputs (_(" -r, --read-only display errors and warnings\n" @@ -153,7 +153,7 @@ static void process_flags (int argc, char **argv) { int c; static struct option long_options[] = { - {"badnames", no_argument, NULL, 'b'}, + {"badname", no_argument, NULL, 'b'}, {"help", no_argument, NULL, 'h'}, {"quiet", no_argument, NULL, 'q'}, {"read-only", no_argument, NULL, 'r'}, @@ -366,7 +366,7 @@ static void check_pw_file (int *errors, bool *changed) { struct commonio_entry *pfe, *tpfe; struct passwd *pwd; - struct spwd *spw; + const struct spwd *spw; uid_t min_sys_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL); uid_t max_sys_id = (uid_t) getdef_ulong ("SYS_UID_MAX", 999UL); @@ -470,7 +470,8 @@ static void check_pw_file (int *errors, bool *changed) */ if (!is_valid_user_name (pwd->pw_name)) { - printf (_("invalid user name '%s'\n"), pwd->pw_name); + printf (_("invalid user name '%s': use --badname to ignore\n"), + pwd->pw_name); *errors += 1; } @@ -498,9 +499,9 @@ static void check_pw_file (int *errors, bool *changed) } /* - * If uid is system and has a home directory, then check + * If uid is not system and has a home directory, then check */ - if (!(pwd->pw_uid >= min_sys_id && pwd->pw_uid <= max_sys_id && pwd->pw_dir && pwd->pw_dir[0])) { + if (!(pwd->pw_uid >= min_sys_id && pwd->pw_uid <= max_sys_id ) && pwd->pw_dir && pwd->pw_dir[0]) { /* * Make sure the home directory exists */ @@ -584,7 +585,7 @@ static void check_pw_file (int *errors, bool *changed) spw_opened = true; } #endif /* WITH_TCB */ - spw = (struct spwd *) spw_locate (pwd->pw_name); + spw = spw_locate (pwd->pw_name); if (NULL == spw) { printf (_("no matching password file entry in %s\n"), spw_dbname ()); @@ -104,10 +104,10 @@ static void execve_shell (const char *shellname, char *args[], char *const envp[]); #ifdef USE_PAM -static RETSIGTYPE kill_child (int unused(s)); +static void kill_child (int unused(s)); static void prepare_pam_close_session (void); #else /* !USE_PAM */ -static RETSIGTYPE die (int); +static void die (int); static bool iswheel (const char *); #endif /* !USE_PAM */ static bool restricted_shell (const char *shellname); @@ -130,7 +130,7 @@ static void set_environment (struct passwd *pw); * with die() as the signal handler. If signal later calls die() with a * signal number, the terminal modes are then reset. */ -static RETSIGTYPE die (int killed) +static void die (int killed) { static TERMIO sgtty; @@ -157,7 +157,7 @@ static bool iswheel (const char *username) return is_on_list (grp->gr_mem, username); } #else /* USE_PAM */ -static RETSIGTYPE kill_child (int unused(s)) +static void kill_child (int unused(s)) { if (0 != pid_child) { (void) kill (-pid_child, SIGKILL); @@ -494,7 +494,7 @@ static void check_perms_nopam (const struct passwd *pw) { /*@observer@*/const struct spwd *spwd = NULL; /*@observer@*/const char *password = pw->pw_passwd; - RETSIGTYPE (*oldsig) (int); + sighandler_t oldsig; if (caller_is_root) { return; diff --git a/src/sulogin.c b/src/sulogin.c index 4d38daf6..08feade2 100644 --- a/src/sulogin.c +++ b/src/sulogin.c @@ -44,9 +44,9 @@ extern char **environ; #endif /* local function prototypes */ -static RETSIGTYPE catch_signals (int); +static void catch_signals (int); -static RETSIGTYPE catch_signals (unused int sig) +static void catch_signals (unused int sig) { _exit (1); } diff --git a/src/useradd.c b/src/useradd.c index 456b9de5..6eaeb533 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -139,6 +139,9 @@ static bool Dflg = false, /* set/show new user default values */ eflg = false, /* days since 1970-01-01 when account is locked */ fflg = false, /* days until account with expired password is locked */ +#ifdef ENABLE_SUBIDS + Fflg = false, /* update /etc/subuid and /etc/subgid even if -r option is given */ +#endif gflg = false, /* primary group ID for new account */ Gflg = false, /* secondary group set for new account */ kflg = false, /* specify a directory to fill new user directory */ @@ -169,7 +172,7 @@ static bool home_added = false; #define E_BAD_ARG 3 /* invalid argument to option */ #define E_UID_IN_USE 4 /* UID already in use (and no -o) */ #define E_NOTFOUND 6 /* specified group doesn't exist */ -#define E_NAME_IN_USE 9 /* username already in use */ +#define E_NAME_IN_USE 9 /* username or group name already in use */ #define E_GRP_UPDATE 10 /* can't update group file */ #define E_HOMEDIR 12 /* can't create home directory */ #define E_MAILBOXFILE 13 /* can't create mailbox file */ @@ -899,7 +902,7 @@ static void usage (int status) "\n" "Options:\n"), Prog, Prog, Prog); - (void) fputs (_(" --badnames do not check for bad names\n"), usageout); + (void) fputs (_(" --badname do not check for bad names\n"), usageout); (void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n" " new account\n"), usageout); #ifdef WITH_BTRFS @@ -910,6 +913,9 @@ static void usage (int status) (void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout); (void) fputs (_(" -e, --expiredate EXPIRE_DATE expiration date of the new account\n"), usageout); (void) fputs (_(" -f, --inactive INACTIVE password inactivity period of the new account\n"), usageout); +#ifdef ENABLE_SUBIDS + (void) fputs (_(" -F, --add-subids-for-system add entries to sub[ud]id even when adding a system user\n"), usageout); +#endif (void) fputs (_(" -g, --gid GROUP name or ID of the primary group of the new\n" " account\n"), usageout); (void) fputs (_(" -G, --groups GROUPS list of supplementary groups of the new\n" @@ -1189,12 +1195,15 @@ static void process_flags (int argc, char **argv) #ifdef WITH_BTRFS {"btrfs-subvolume-home", no_argument, NULL, 200}, #endif - {"badnames", no_argument, NULL, 201}, + {"badname", no_argument, NULL, 201}, {"comment", required_argument, NULL, 'c'}, {"home-dir", required_argument, NULL, 'd'}, {"defaults", no_argument, NULL, 'D'}, {"expiredate", required_argument, NULL, 'e'}, {"inactive", required_argument, NULL, 'f'}, +#ifdef ENABLE_SUBIDS + {"add-subids-for-system", no_argument,NULL, 'F'}, +#endif {"gid", required_argument, NULL, 'g'}, {"groups", required_argument, NULL, 'G'}, {"help", no_argument, NULL, 'h'}, @@ -1218,11 +1227,14 @@ static void process_flags (int argc, char **argv) {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, + "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U" #ifdef WITH_SELINUX - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:", -#else /* !WITH_SELINUX */ - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U", -#endif /* !WITH_SELINUX */ + "Z:" +#endif /* WITH_SELINUX */ +#ifdef ENABLE_SUBIDS + "F" +#endif /* ENABLE_SUBIDS */ + "", long_options, NULL)) != -1) { switch (c) { case 'b': @@ -1317,6 +1329,11 @@ static void process_flags (int argc, char **argv) } fflg = true; break; +#ifdef ENABLE_SUBIDS + case 'F': + Fflg = true; + break; +#endif case 'g': grp = prefix_getgr_nam_gid (optarg); if (NULL == grp) { @@ -2409,11 +2426,9 @@ static void check_uid_range(int rflg, uid_t user_id) uid_t uid_min ; uid_t uid_max ; if (rflg) { - uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL); uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1); - if (uid_min <= uid_max) { - if (user_id < uid_min || user_id >uid_max) - fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max); + if (user_id > uid_max) { + fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max); } }else{ uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL); @@ -2486,13 +2501,15 @@ int main (int argc, char **argv) uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); subuid_count = getdef_ulong ("SUB_UID_COUNT", 65536); subgid_count = getdef_ulong ("SUB_GID_COUNT", 65536); - is_sub_uid = subuid_count > 0 && sub_uid_file_present () && !rflg && + is_sub_uid = subuid_count > 0 && sub_uid_file_present () && + (!rflg || Fflg) && (!user_id || (user_id <= uid_max && user_id >= uid_min)); - is_sub_gid = subgid_count > 0 && sub_gid_file_present () && !rflg && + is_sub_gid = subgid_count > 0 && sub_gid_file_present () && + (!rflg || Fflg) && (!user_id || (user_id <= uid_max && user_id >= uid_min)); #endif /* ENABLE_SUBIDS */ - if (run_parts ("/etc/shadow-maint/useradd-pre.d", (char*)user_name, + if (run_parts ("/etc/shadow-maint/useradd-pre.d", user_name, "useradd")) { exit(1); } @@ -2715,7 +2732,7 @@ int main (int argc, char **argv) create_mail (); } - if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name, + if (run_parts ("/etc/shadow-maint/useradd-post.d", user_name, "useradd")) { exit(1); } diff --git a/src/usermod.c b/src/usermod.c index 9473a7d7..44e056ae 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -67,7 +67,7 @@ /* #define E_BAD_PWFILE 5 passwd file contains errors */ #define E_NOTFOUND 6 /* specified user/group doesn't exist */ #define E_USER_BUSY 8 /* user to modify is logged in */ -#define E_NAME_IN_USE 9 /* username already in use */ +#define E_NAME_IN_USE 9 /* username or group name already in use */ #define E_GRP_UPDATE 10 /* can't update group file */ /* #define E_NOSPACE 11 insufficient space to move home dir */ #define E_HOMEDIR 12 /* unable to complete home dir move */ @@ -367,7 +367,10 @@ static /*@noreturn@*/void usage (int status) "\n" "Options:\n"), Prog); - (void) fputs (_(" -b, --badnames allow bad names\n"), usageout); + (void) fputs (_(" -a, --append append the user to the supplemental GROUPS\n" + " mentioned by the -G option without removing\n" + " the user from other groups\n"), usageout); + (void) fputs (_(" -b, --badname allow bad names\n"), usageout); (void) fputs (_(" -c, --comment COMMENT new value of the GECOS field\n"), usageout); (void) fputs (_(" -d, --home HOME_DIR new home directory for the user account\n"), usageout); (void) fputs (_(" -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE\n"), usageout); @@ -375,12 +378,6 @@ static /*@noreturn@*/void usage (int status) " to INACTIVE\n"), usageout); (void) fputs (_(" -g, --gid GROUP force use GROUP as new primary group\n"), usageout); (void) fputs (_(" -G, --groups GROUPS new list of supplementary GROUPS\n"), usageout); - (void) fputs (_(" -a, --append append the user to the supplemental GROUPS\n" - " mentioned by the -G option without removing\n" - " the user from other groups\n"), usageout); - (void) fputs (_(" -r, --remove remove the user from only the supplemental GROUPS\n" - " mentioned by the -G option without removing\n" - " the user from other groups\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -l, --login NEW_LOGIN new value of the login name\n"), usageout); (void) fputs (_(" -L, --lock lock the user account\n"), usageout); @@ -388,8 +385,11 @@ static /*@noreturn@*/void usage (int status) " new location (use only with -d)\n"), usageout); (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -r, --remove remove the user from only the supplemental GROUPS\n" + " mentioned by the -G option without removing\n" + " the user from other groups\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout); @@ -1095,7 +1095,7 @@ static void process_flags (int argc, char **argv) case 'l': if (!is_valid_user_name (optarg)) { fprintf (stderr, - _("%s: invalid user name '%s'\n"), + _("%s: invalid user name '%s': use --badname to ignore\n"), Prog, optarg); exit (E_BAD_ARG); } @@ -293,7 +293,6 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) /* use the system() call to invoke the editor so that it accepts command line args in the EDITOR and VISUAL environment vars */ char *buf; - int status; /* Wait for parent to make us the foreground pgrp. */ if (orig_pgrp != -1) { |