diff options
author | Andreas Henriksson <andreas@fatal.se> | 2019-12-05 13:29:31 +0100 |
---|---|---|
committer | Andreas Henriksson <andreas@fatal.se> | 2019-12-05 13:29:31 +0100 |
commit | 69d932140c70455a282b6e7115d9caf0cc56d6ff (patch) | |
tree | eda18bc82cc58e5d193e608f00543b2b5b537d49 /src | |
parent | b28d45d2bd2462414b9dbbe38e6c7f3d5f7b462b (diff) | |
download | shadow-69d932140c70455a282b6e7115d9caf0cc56d6ff.tar.gz |
New upstream version 4.8upstream/4.8
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 79 | ||||
-rw-r--r-- | src/Makefile.in | 362 | ||||
-rw-r--r-- | src/chage.c | 26 | ||||
-rw-r--r-- | src/chfn.c | 7 | ||||
-rw-r--r-- | src/chgpasswd.c | 79 | ||||
-rw-r--r-- | src/chpasswd.c | 86 | ||||
-rw-r--r-- | src/chsh.c | 7 | ||||
-rw-r--r-- | src/newgidmap.c | 2 | ||||
-rw-r--r-- | src/newuidmap.c | 2 | ||||
-rw-r--r-- | src/newusers.c | 122 | ||||
-rw-r--r-- | src/passwd.c | 85 | ||||
-rw-r--r-- | src/pwck.c | 29 | ||||
-rw-r--r-- | src/useradd.c | 19 | ||||
-rw-r--r-- | src/userdel.c | 2 | ||||
-rw-r--r-- | src/usermod.c | 11 | ||||
-rw-r--r-- | src/vipw.c | 47 |
16 files changed, 643 insertions, 322 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 34690ced..f31fd7ab 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,8 +2,8 @@ EXTRA_DIST = \ .indent.pro -ubindir = ${prefix}/bin -usbindir = ${prefix}/sbin +ubindir = ${bindir} +usbindir = ${sbindir} suidperms = 4755 sgidperms = 2755 @@ -23,12 +23,15 @@ AM_CPPFLAGS = \ # and installation would be much simpler (just two directories, # $prefix/bin and $prefix/sbin, no install-data hacks...) -bin_PROGRAMS = groups login su +bin_PROGRAMS = groups login sbin_PROGRAMS = nologin ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd if ENABLE_SUBIDS ubin_PROGRAMS += newgidmap newuidmap endif +if WITH_SU +bin_PROGRAMS += su +endif usbin_PROGRAMS = \ chgpasswd \ chpasswd \ @@ -52,13 +55,17 @@ usbin_PROGRAMS = \ # id and groups are from gnu, sulogin from sysvinit noinst_PROGRAMS = id sulogin -suidbins = su +suidusbins = +suidbins = suidubins = chage chfn chsh expiry gpasswd newgrp +if WITH_SU +suidbins += su +endif if !WITH_TCB suidubins += passwd endif if ACCT_TOOLS_SETUID -suidubins += chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod +suidusbins += chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod endif if ENABLE_SUBIDS if !FCAPS @@ -87,42 +94,43 @@ else LIBCRYPT_NOPAM = $(LIBCRYPT) endif -chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -newuidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP) -newgidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP) -chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) -chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) -chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) -chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) -gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) -groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) -groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -grpck_LDADD = $(LDADD) $(LIBSELINUX) -grpconv_LDADD = $(LDADD) $(LIBSELINUX) -grpunconv_LDADD = $(LDADD) $(LIBSELINUX) -lastlog_LDADD = $(LDADD) $(LIBAUDIT) +chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) +newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) +chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +expiry_LDADD = $(LDADD) $(LIBECONF) +gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +lastlog_LDADD = $(LDADD) $(LIBAUDIT) $(LIBECONF) login_SOURCES = \ login.c \ login_nopam.c -login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) -newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) -newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) +login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) $(LIBECONF) +newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) nologin_LDADD = -passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) -pwck_LDADD = $(LDADD) $(LIBSELINUX) -pwconv_LDADD = $(LDADD) $(LIBSELINUX) -pwunconv_LDADD = $(LDADD) $(LIBSELINUX) +passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF) +pwck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +pwconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +pwunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) su_SOURCES = \ su.c \ suauth.c -su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) -sulogin_LDADD = $(LDADD) $(LIBCRYPT) -useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) -usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -vipw_LDADD = $(LDADD) $(LIBSELINUX) +su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) +useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) +userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) +usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) +vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) install-am: all-am $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am @@ -134,6 +142,9 @@ install-am: all-am for i in $(suidubins); do \ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \ done + for i in $(suidusbins); do \ + chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \ + done if WITH_TCB for i in $(shadowsgidubins); do \ chown root:shadow $(DESTDIR)$(ubindir)/$$i; \ diff --git a/src/Makefile.in b/src/Makefile.in index 4eb8b30a..69ee6253 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2017 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -88,12 +88,13 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) su$(EXEEXT) +bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) $(am__EXEEXT_1) sbin_PROGRAMS = nologin$(EXEEXT) ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \ chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \ - newgrp$(EXEEXT) passwd$(EXEEXT) $(am__EXEEXT_1) + newgrp$(EXEEXT) passwd$(EXEEXT) $(am__EXEEXT_2) @ENABLE_SUBIDS_TRUE@am__append_1 = newgidmap newuidmap +@WITH_SU_TRUE@am__append_2 = su usbin_PROGRAMS = chgpasswd$(EXEEXT) chpasswd$(EXEEXT) \ groupadd$(EXEEXT) groupdel$(EXEEXT) groupmems$(EXEEXT) \ groupmod$(EXEEXT) grpck$(EXEEXT) grpconv$(EXEEXT) \ @@ -102,9 +103,10 @@ usbin_PROGRAMS = chgpasswd$(EXEEXT) chpasswd$(EXEEXT) \ useradd$(EXEEXT) userdel$(EXEEXT) usermod$(EXEEXT) \ vipw$(EXEEXT) noinst_PROGRAMS = id$(EXEEXT) sulogin$(EXEEXT) -@WITH_TCB_FALSE@am__append_2 = passwd -@ACCT_TOOLS_SETUID_TRUE@am__append_3 = chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod -@ENABLE_SUBIDS_TRUE@@FCAPS_FALSE@am__append_4 = newgidmap newuidmap +@WITH_SU_TRUE@am__append_3 = su +@WITH_TCB_FALSE@am__append_4 = passwd +@ACCT_TOOLS_SETUID_TRUE@am__append_5 = chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod +@ENABLE_SUBIDS_TRUE@@FCAPS_FALSE@am__append_6 = newgidmap newuidmap subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ @@ -116,9 +118,10 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = +@WITH_SU_TRUE@am__EXEEXT_1 = su$(EXEEXT) am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(ubindir)" "$(DESTDIR)$(usbindir)" -@ENABLE_SUBIDS_TRUE@am__EXEEXT_1 = newgidmap$(EXEEXT) \ +@ENABLE_SUBIDS_TRUE@am__EXEEXT_2 = newgidmap$(EXEEXT) \ @ENABLE_SUBIDS_TRUE@ newuidmap$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS) \ $(ubin_PROGRAMS) $(usbin_PROGRAMS) @@ -130,7 +133,8 @@ am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) @ACCT_TOOLS_SETUID_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1) chage_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -139,27 +143,28 @@ chfn_SOURCES = chfn.c chfn_OBJECTS = chfn.$(OBJEXT) @USE_PAM_FALSE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1) chfn_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_4) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) chgpasswd_SOURCES = chgpasswd.c chgpasswd_OBJECTS = chgpasswd.$(OBJEXT) chgpasswd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) chpasswd_SOURCES = chpasswd.c chpasswd_OBJECTS = chpasswd.$(OBJEXT) chpasswd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) chsh_SOURCES = chsh.c chsh_OBJECTS = chsh.$(OBJEXT) chsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_4) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) expiry_SOURCES = expiry.c expiry_OBJECTS = expiry.$(OBJEXT) -expiry_LDADD = $(LDADD) -expiry_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(top_builddir)/libmisc/libmisc.a \ - $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) +expiry_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) faillog_SOURCES = faillog.c faillog_OBJECTS = faillog.$(OBJEXT) faillog_LDADD = $(LDADD) @@ -169,23 +174,28 @@ faillog_DEPENDENCIES = $(am__DEPENDENCIES_1) \ gpasswd_SOURCES = gpasswd.c gpasswd_OBJECTS = gpasswd.$(OBJEXT) gpasswd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) groupadd_SOURCES = groupadd.c groupadd_OBJECTS = groupadd.$(OBJEXT) groupadd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) groupdel_SOURCES = groupdel.c groupdel_OBJECTS = groupdel.$(OBJEXT) groupdel_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) groupmems_SOURCES = groupmems.c groupmems_OBJECTS = groupmems.$(OBJEXT) groupmems_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) groupmod_SOURCES = groupmod.c groupmod_OBJECTS = groupmod.$(OBJEXT) groupmod_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) groups_SOURCES = groups.c groups_OBJECTS = groups.$(OBJEXT) groups_LDADD = $(LDADD) @@ -194,13 +204,16 @@ groups_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) grpck_SOURCES = grpck.c grpck_OBJECTS = grpck.$(OBJEXT) -grpck_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +grpck_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) grpconv_SOURCES = grpconv.c grpconv_OBJECTS = grpconv.$(OBJEXT) -grpconv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +grpconv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) grpunconv_SOURCES = grpunconv.c grpunconv_OBJECTS = grpunconv.$(OBJEXT) -grpunconv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +grpunconv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) id_SOURCES = id.c id_OBJECTS = id.$(OBJEXT) id_LDADD = $(LDADD) @@ -209,12 +222,14 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) lastlog_SOURCES = lastlog.c lastlog_OBJECTS = lastlog.$(OBJEXT) -lastlog_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +lastlog_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) am_login_OBJECTS = login.$(OBJEXT) login_nopam.$(OBJEXT) login_OBJECTS = $(am_login_OBJECTS) login_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) logoutd_SOURCES = logoutd.c logoutd_OBJECTS = logoutd.$(OBJEXT) logoutd_LDADD = $(LDADD) @@ -223,17 +238,20 @@ logoutd_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) newgidmap_SOURCES = newgidmap.c newgidmap_OBJECTS = newgidmap.$(OBJEXT) -newgidmap_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +newgidmap_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) newgrp_SOURCES = newgrp.c newgrp_OBJECTS = newgrp.$(OBJEXT) newgrp_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) newuidmap_SOURCES = newuidmap.c newuidmap_OBJECTS = newuidmap.$(OBJEXT) -newuidmap_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +newuidmap_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) newusers_SOURCES = newusers.c newusers_OBJECTS = newusers.$(OBJEXT) newusers_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) nologin_SOURCES = nologin.c nologin_OBJECTS = nologin.$(OBJEXT) @@ -242,44 +260,51 @@ passwd_SOURCES = passwd.c passwd_OBJECTS = passwd.$(OBJEXT) passwd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) \ + $(am__DEPENDENCIES_1) pwck_SOURCES = pwck.c pwck_OBJECTS = pwck.$(OBJEXT) -pwck_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +pwck_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) pwconv_SOURCES = pwconv.c pwconv_OBJECTS = pwconv.$(OBJEXT) -pwconv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +pwconv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) pwunconv_SOURCES = pwunconv.c pwunconv_OBJECTS = pwunconv.$(OBJEXT) -pwunconv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +pwunconv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_su_OBJECTS = su.$(OBJEXT) suauth.$(OBJEXT) su_OBJECTS = $(am_su_OBJECTS) su_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) sulogin_SOURCES = sulogin.c sulogin_OBJECTS = sulogin.$(OBJEXT) -sulogin_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +sulogin_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) useradd_SOURCES = useradd.c useradd_OBJECTS = useradd.$(OBJEXT) useradd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) userdel_SOURCES = userdel.c userdel_OBJECTS = userdel.$(OBJEXT) userdel_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) usermod_SOURCES = usermod.c usermod_OBJECTS = usermod.$(OBJEXT) usermod_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) vipw_SOURCES = vipw.c vipw_OBJECTS = vipw.$(OBJEXT) -vipw_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +vipw_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -294,7 +319,25 @@ am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/chage.Po ./$(DEPDIR)/chfn.Po \ + ./$(DEPDIR)/chgpasswd.Po ./$(DEPDIR)/chpasswd.Po \ + ./$(DEPDIR)/chsh.Po ./$(DEPDIR)/expiry.Po \ + ./$(DEPDIR)/faillog.Po ./$(DEPDIR)/gpasswd.Po \ + ./$(DEPDIR)/groupadd.Po ./$(DEPDIR)/groupdel.Po \ + ./$(DEPDIR)/groupmems.Po ./$(DEPDIR)/groupmod.Po \ + ./$(DEPDIR)/groups.Po ./$(DEPDIR)/grpck.Po \ + ./$(DEPDIR)/grpconv.Po ./$(DEPDIR)/grpunconv.Po \ + ./$(DEPDIR)/id.Po ./$(DEPDIR)/lastlog.Po ./$(DEPDIR)/login.Po \ + ./$(DEPDIR)/login_nopam.Po ./$(DEPDIR)/logoutd.Po \ + ./$(DEPDIR)/newgidmap.Po ./$(DEPDIR)/newgrp.Po \ + ./$(DEPDIR)/newuidmap.Po ./$(DEPDIR)/newusers.Po \ + ./$(DEPDIR)/nologin.Po ./$(DEPDIR)/passwd.Po \ + ./$(DEPDIR)/pwck.Po ./$(DEPDIR)/pwconv.Po \ + ./$(DEPDIR)/pwunconv.Po ./$(DEPDIR)/su.Po \ + ./$(DEPDIR)/suauth.Po ./$(DEPDIR)/sulogin.Po \ + ./$(DEPDIR)/useradd.Po ./$(DEPDIR)/userdel.Po \ + ./$(DEPDIR)/usermod.Po ./$(DEPDIR)/vipw.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -376,6 +419,7 @@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +ECONF_CPPFLAGS = @ECONF_CPPFLAGS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ @@ -398,6 +442,7 @@ LIBATTR = @LIBATTR@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ +LIBECONF = @LIBECONF@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBMD = @LIBMD@ @@ -443,6 +488,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ +VENDORDIR = @VENDORDIR@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ @@ -509,8 +555,8 @@ top_srcdir = @top_srcdir@ EXTRA_DIST = \ .indent.pro -ubindir = ${prefix}/bin -usbindir = ${prefix}/sbin +ubindir = ${bindir} +usbindir = ${sbindir} suidperms = 4755 sgidperms = 2755 AM_CPPFLAGS = \ @@ -518,9 +564,10 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/libmisc \ -DLOCALEDIR=\"$(datadir)/locale\" -suidbins = su -suidubins = chage chfn chsh expiry gpasswd newgrp $(am__append_2) \ - $(am__append_3) $(am__append_4) +suidusbins = $(am__append_5) +suidbins = $(am__append_3) +suidubins = chage chfn chsh expiry gpasswd newgrp $(am__append_4) \ + $(am__append_6) @WITH_TCB_TRUE@shadowsgidubins = passwd LDADD = $(INTLLIBS) \ $(top_builddir)/libmisc/libmisc.a \ @@ -531,44 +578,45 @@ LDADD = $(INTLLIBS) \ @ACCT_TOOLS_SETUID_TRUE@LIBPAM_SUID = $(LIBPAM) @USE_PAM_FALSE@LIBCRYPT_NOPAM = $(LIBCRYPT) @USE_PAM_TRUE@LIBCRYPT_NOPAM = -chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -newuidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP) -newgidmap_LDADD = $(LDADD) $(LIBSELINUX) $(LIBCAP) -chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) -chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) -chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) -chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) -gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) -groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) -groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -grpck_LDADD = $(LDADD) $(LIBSELINUX) -grpconv_LDADD = $(LDADD) $(LIBSELINUX) -grpunconv_LDADD = $(LDADD) $(LIBSELINUX) -lastlog_LDADD = $(LDADD) $(LIBAUDIT) +chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) +newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) +chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +expiry_LDADD = $(LDADD) $(LIBECONF) +gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +lastlog_LDADD = $(LDADD) $(LIBAUDIT) $(LIBECONF) login_SOURCES = \ login.c \ login_nopam.c -login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) -newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) -newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) +login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) $(LIBECONF) +newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) nologin_LDADD = -passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) -pwck_LDADD = $(LDADD) $(LIBSELINUX) -pwconv_LDADD = $(LDADD) $(LIBSELINUX) -pwunconv_LDADD = $(LDADD) $(LIBSELINUX) +passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF) +pwck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +pwconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +pwunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) su_SOURCES = \ su.c \ suauth.c -su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) -sulogin_LDADD = $(LDADD) $(LIBCRYPT) -useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) -usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -vipw_LDADD = $(LDADD) $(LIBSELINUX) +su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) +useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) +userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) +usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) +vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) all: all-am .SUFFIXES: @@ -590,8 +638,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -954,43 +1002,49 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chage.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chfn.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chgpasswd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpasswd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chsh.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/expiry.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillog.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpasswd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupadd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupdel.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupmems.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupmod.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groups.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpck.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpconv.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpunconv.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lastlog.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login_nopam.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logoutd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newgidmap.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newgrp.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newuidmap.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newusers.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nologin.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passwd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwck.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwconv.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwunconv.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/su.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/suauth.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sulogin.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/useradd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/userdel.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/usermod.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vipw.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chage.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chfn.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chgpasswd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpasswd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chsh.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/expiry.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillog.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpasswd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupadd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupdel.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupmems.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupmod.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groups.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpck.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpconv.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpunconv.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lastlog.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login_nopam.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logoutd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newgidmap.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newgrp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newuidmap.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newusers.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nologin.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passwd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwck.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwconv.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwunconv.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/su.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/suauth.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sulogin.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/useradd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/userdel.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/usermod.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vipw.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -1071,7 +1125,10 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -1142,7 +1199,43 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool \ clean-usbinPROGRAMS mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/chage.Po + -rm -f ./$(DEPDIR)/chfn.Po + -rm -f ./$(DEPDIR)/chgpasswd.Po + -rm -f ./$(DEPDIR)/chpasswd.Po + -rm -f ./$(DEPDIR)/chsh.Po + -rm -f ./$(DEPDIR)/expiry.Po + -rm -f ./$(DEPDIR)/faillog.Po + -rm -f ./$(DEPDIR)/gpasswd.Po + -rm -f ./$(DEPDIR)/groupadd.Po + -rm -f ./$(DEPDIR)/groupdel.Po + -rm -f ./$(DEPDIR)/groupmems.Po + -rm -f ./$(DEPDIR)/groupmod.Po + -rm -f ./$(DEPDIR)/groups.Po + -rm -f ./$(DEPDIR)/grpck.Po + -rm -f ./$(DEPDIR)/grpconv.Po + -rm -f ./$(DEPDIR)/grpunconv.Po + -rm -f ./$(DEPDIR)/id.Po + -rm -f ./$(DEPDIR)/lastlog.Po + -rm -f ./$(DEPDIR)/login.Po + -rm -f ./$(DEPDIR)/login_nopam.Po + -rm -f ./$(DEPDIR)/logoutd.Po + -rm -f ./$(DEPDIR)/newgidmap.Po + -rm -f ./$(DEPDIR)/newgrp.Po + -rm -f ./$(DEPDIR)/newuidmap.Po + -rm -f ./$(DEPDIR)/newusers.Po + -rm -f ./$(DEPDIR)/nologin.Po + -rm -f ./$(DEPDIR)/passwd.Po + -rm -f ./$(DEPDIR)/pwck.Po + -rm -f ./$(DEPDIR)/pwconv.Po + -rm -f ./$(DEPDIR)/pwunconv.Po + -rm -f ./$(DEPDIR)/su.Po + -rm -f ./$(DEPDIR)/suauth.Po + -rm -f ./$(DEPDIR)/sulogin.Po + -rm -f ./$(DEPDIR)/useradd.Po + -rm -f ./$(DEPDIR)/userdel.Po + -rm -f ./$(DEPDIR)/usermod.Po + -rm -f ./$(DEPDIR)/vipw.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1188,7 +1281,43 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/chage.Po + -rm -f ./$(DEPDIR)/chfn.Po + -rm -f ./$(DEPDIR)/chgpasswd.Po + -rm -f ./$(DEPDIR)/chpasswd.Po + -rm -f ./$(DEPDIR)/chsh.Po + -rm -f ./$(DEPDIR)/expiry.Po + -rm -f ./$(DEPDIR)/faillog.Po + -rm -f ./$(DEPDIR)/gpasswd.Po + -rm -f ./$(DEPDIR)/groupadd.Po + -rm -f ./$(DEPDIR)/groupdel.Po + -rm -f ./$(DEPDIR)/groupmems.Po + -rm -f ./$(DEPDIR)/groupmod.Po + -rm -f ./$(DEPDIR)/groups.Po + -rm -f ./$(DEPDIR)/grpck.Po + -rm -f ./$(DEPDIR)/grpconv.Po + -rm -f ./$(DEPDIR)/grpunconv.Po + -rm -f ./$(DEPDIR)/id.Po + -rm -f ./$(DEPDIR)/lastlog.Po + -rm -f ./$(DEPDIR)/login.Po + -rm -f ./$(DEPDIR)/login_nopam.Po + -rm -f ./$(DEPDIR)/logoutd.Po + -rm -f ./$(DEPDIR)/newgidmap.Po + -rm -f ./$(DEPDIR)/newgrp.Po + -rm -f ./$(DEPDIR)/newuidmap.Po + -rm -f ./$(DEPDIR)/newusers.Po + -rm -f ./$(DEPDIR)/nologin.Po + -rm -f ./$(DEPDIR)/passwd.Po + -rm -f ./$(DEPDIR)/pwck.Po + -rm -f ./$(DEPDIR)/pwconv.Po + -rm -f ./$(DEPDIR)/pwunconv.Po + -rm -f ./$(DEPDIR)/su.Po + -rm -f ./$(DEPDIR)/suauth.Po + -rm -f ./$(DEPDIR)/sulogin.Po + -rm -f ./$(DEPDIR)/useradd.Po + -rm -f ./$(DEPDIR)/userdel.Po + -rm -f ./$(DEPDIR)/usermod.Po + -rm -f ./$(DEPDIR)/vipw.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1210,7 +1339,7 @@ uninstall-am: uninstall-binPROGRAMS uninstall-sbinPROGRAMS \ .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ clean-binPROGRAMS clean-generic clean-libtool \ clean-noinstPROGRAMS clean-sbinPROGRAMS clean-ubinPROGRAMS \ clean-usbinPROGRAMS cscopelist-am ctags ctags-am distclean \ @@ -1242,6 +1371,9 @@ install-am: all-am for i in $(suidubins); do \ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \ done + for i in $(suidusbins); do \ + chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \ + done @WITH_TCB_TRUE@ for i in $(shadowsgidubins); do \ @WITH_TCB_TRUE@ chown root:shadow $(DESTDIR)$(ubindir)/$$i; \ @WITH_TCB_TRUE@ chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \ diff --git a/src/chage.c b/src/chage.c index 05d2349b..bcc58c95 100644 --- a/src/chage.c +++ b/src/chage.c @@ -48,10 +48,6 @@ #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ #include <pwd.h> -#ifdef WITH_SELINUX -#include <selinux/selinux.h> -#include <selinux/av_permissions.h> -#endif #include "prototypes.h" #include "defines.h" #include "pwio.h" @@ -70,6 +66,7 @@ const char *Prog; static bool dflg = false, /* set last password change date */ Eflg = false, /* set account expiration date */ + iflg = false, /* set iso8601 date formatting */ Iflg = false, /* set password inactive after expiration */ lflg = false, /* show account aging information */ mflg = false, /* set minimum number of days before password change */ @@ -149,6 +146,7 @@ static /*@noreturn@*/void usage (int status) (void) fputs (_(" -d, --lastday LAST_DAY set date of last password change to LAST_DAY\n"), usageout); (void) fputs (_(" -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); + (void) fputs (_(" -i, --iso8601 use YYYY-MM-DD when printing dates\n"), usageout); (void) fputs (_(" -I, --inactive INACTIVE set password inactive after expiration\n" " to INACTIVE\n"), usageout); (void) fputs (_(" -l, --list show account aging information\n"), usageout); @@ -262,12 +260,20 @@ static void print_date (time_t date) #ifdef HAVE_STRFTIME struct tm *tp; char buf[80]; + char format[80]; + + if( iflg ) { + (void) snprintf (format, 80, "%%Y-%%m-%%d"); + } + else { + (void) snprintf (format, 80, "%%b %%d, %%Y"); + } tp = gmtime (&date); if (NULL == tp) { (void) printf ("time_t: %lu\n", (unsigned long)date); } else { - (void) strftime (buf, sizeof buf, "%b %d, %Y", tp); + (void) strftime (buf, sizeof buf, format, tp); (void) puts (buf); } #else @@ -395,10 +401,11 @@ static void process_flags (int argc, char **argv) {"maxdays", required_argument, NULL, 'M'}, {"root", required_argument, NULL, 'R'}, {"warndays", required_argument, NULL, 'W'}, + {"iso8601", no_argument, NULL, 'i'}, {NULL, 0, NULL, '\0'} }; - while ((c = getopt_long (argc, argv, "d:E:hI:lm:M:R:W:", + while ((c = getopt_long (argc, argv, "d:E:hiI:lm:M:R:W:", long_options, NULL)) != -1) { switch (c) { case 'd': @@ -424,6 +431,9 @@ static void process_flags (int argc, char **argv) case 'h': usage (E_SUCCESS); /*@notreached@*/break; + case 'i': + iflg = true; + break; case 'I': Iflg = true; if ( (getlong (optarg, &inactdays) == 0) @@ -818,8 +828,8 @@ int main (int argc, char **argv) rgid = getgid (); amroot = (ruid == 0); #ifdef WITH_SELINUX - if (amroot && (is_selinux_enabled () > 0)) { - amroot = (selinux_check_passwd_access (PASSWD__ROOTOK) == 0); + if (amroot) { + amroot = (check_selinux_permit ("rootok") == 0); } #endif @@ -40,10 +40,6 @@ #include <stdio.h> #include <sys/types.h> #include <getopt.h> -#ifdef WITH_SELINUX -#include <selinux/selinux.h> -#include <selinux/av_permissions.h> -#endif #include "defines.h" #include "getdef.h" #include "nscd.h" @@ -379,8 +375,7 @@ static void check_perms (const struct passwd *pw) * check if the change is allowed by SELinux policy. */ if ((pw->pw_uid != getuid ()) - && (is_selinux_enabled () > 0) - && (selinux_check_passwd_access (PASSWD__CHFN) != 0)) { + && (check_selinux_permit ("chfn") != 0)) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); closelog (); exit (E_NOPERM); diff --git a/src/chgpasswd.c b/src/chgpasswd.c index e5f2eb7e..4013abb3 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -61,15 +61,18 @@ const char *Prog; static bool eflg = false; static bool md5flg = false; -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) static bool sflg = false; -#endif +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ static /*@null@*//*@observer@*/const char *crypt_method = NULL; #define cflg (NULL != crypt_method) #ifdef USE_SHA_CRYPT static long sha_rounds = 5000; #endif +#ifdef USE_BCRYPT +static long bcrypt_rounds = 13; +#endif #ifdef SHADOWGRP static bool is_shadow_grp; @@ -125,11 +128,15 @@ static /*@noreturn@*/void usage (int status) Prog); (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), -#ifndef USE_SHA_CRYPT +#if !defined(USE_SHA_CRYPT) && !defined(USE_BCRYPT) "NONE DES MD5" -#else /* USE_SHA_CRYPT */ +#elif defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + "NONE DES MD5 SHA256 SHA512 BCRYPT" +#elif defined(USE_SHA_CRYPT) "NONE DES MD5 SHA256 SHA512" -#endif /* USE_SHA_CRYPT */ +#else + "NONE DES MD5 BCRYPT" +#endif ); (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); @@ -137,11 +144,11 @@ static /*@noreturn@*/void usage (int status) " the MD5 algorithm\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -#ifdef USE_SHA_CRYPT - (void) fputs (_(" -s, --sha-rounds number of SHA rounds for the SHA*\n" +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) + (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA or BCRYPT\n" " crypt algorithms\n"), usageout); -#endif /* USE_SHA_CRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ (void) fputs ("\n", usageout); exit (status); @@ -161,14 +168,13 @@ static void process_flags (int argc, char **argv) {"help", no_argument, NULL, 'h'}, {"md5", no_argument, NULL, 'm'}, {"root", required_argument, NULL, 'R'}, -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) {"sha-rounds", required_argument, NULL, 's'}, -#endif +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ {NULL, 0, NULL, '\0'} }; - while ((c = getopt_long (argc, argv, -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) "c:ehmR:s:", #else "c:ehmR:", @@ -189,10 +195,33 @@ static void process_flags (int argc, char **argv) break; case 'R': /* no-op, handled in process_root_flag () */ break; -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) case 's': sflg = true; - if (getlong(optarg, &sha_rounds) == 0) { + if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) + && (0 == getlong(optarg, &sha_rounds))) + || ( (0 == strcmp (crypt_method, "BCRYPT")) + && (0 == getlong(optarg, &bcrypt_rounds)))) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (E_USAGE); + } + break; +#elif defined(USE_SHA_CRYPT) + case 's': + sflg = true; + if (0 == getlong(optarg, &sha_rounds)) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (E_USAGE); + } + break; +#elif defined(USE_BCRYPT) + case 's': + sflg = true; + if (0 == getlong(optarg, &bcrypt_rounds)) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, optarg); @@ -200,6 +229,7 @@ static void process_flags (int argc, char **argv) } break; #endif + default: usage (E_USAGE); /*@notreached@*/break; @@ -217,7 +247,7 @@ static void process_flags (int argc, char **argv) */ static void check_flags (void) { -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), @@ -242,6 +272,9 @@ static void check_flags (void) && (0 != strcmp (crypt_method, "SHA256")) && (0 != strcmp (crypt_method, "SHA512")) #endif +#ifdef USE_BCRYPT + && (0 != strcmp (crypt_method, "BCRYPT")) +#endif ) { fprintf (stderr, _("%s: unsupported crypt method: %s\n"), @@ -464,10 +497,24 @@ int main (int argc, char **argv) if (md5flg) { crypt_method = "MD5"; } -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + if (sflg) { + if ( (0 == strcmp (crypt_method, "SHA256")) + || (0 == strcmp (crypt_method, "SHA512"))) { + arg = &sha_rounds; + } + else if (0 == strcmp (crypt_method, "BCRYPT")) { + arg = &bcrypt_rounds; + } + } +#elif defined(USE_SHA_CRYPT) if (sflg) { arg = &sha_rounds; } +#elif defined(USE_BCRYPT) + if (sflg) { + arg = &bcrypt_rounds; + } #endif salt = crypt_make_salt (crypt_method, arg); cp = pw_encrypt (newpwd, salt); diff --git a/src/chpasswd.c b/src/chpasswd.c index d1c1043a..be61e038 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -58,15 +58,18 @@ const char *Prog; static bool eflg = false; static bool md5flg = false; -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) static bool sflg = false; -#endif /* USE_SHA_CRYPT */ +#endif static /*@null@*//*@observer@*/const char *crypt_method = NULL; #define cflg (NULL != crypt_method) #ifdef USE_SHA_CRYPT static long sha_rounds = 5000; -#endif /* USE_SHA_CRYPT */ +#endif +#ifdef USE_BCRYPT +static long bcrypt_rounds = 13; +#endif static bool is_shadow_pwd; static bool pw_locked = false; @@ -118,11 +121,15 @@ static /*@noreturn@*/void usage (int status) Prog); (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), -#ifndef USE_SHA_CRYPT +#if !defined(USE_SHA_CRYPT) && !defined(USE_BCRYPT) "NONE DES MD5" -#else /* USE_SHA_CRYPT */ +#elif defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + "NONE DES MD5 SHA256 SHA512 BCRYPT" +#elif defined(USE_SHA_CRYPT) "NONE DES MD5 SHA256 SHA512" -#endif /* USE_SHA_CRYPT */ +#else + "NONE DES MD5 BCRYPT" +#endif ); (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); @@ -130,11 +137,11 @@ static /*@noreturn@*/void usage (int status) " the MD5 algorithm\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -#ifdef USE_SHA_CRYPT - (void) fputs (_(" -s, --sha-rounds number of SHA rounds for the SHA*\n" +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) + (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA or BCRYPT\n" " crypt algorithms\n"), usageout); -#endif /* USE_SHA_CRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ (void) fputs ("\n", usageout); exit (status); @@ -154,18 +161,18 @@ static void process_flags (int argc, char **argv) {"help", no_argument, NULL, 'h'}, {"md5", no_argument, NULL, 'm'}, {"root", required_argument, NULL, 'R'}, -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) {"sha-rounds", required_argument, NULL, 's'}, -#endif /* USE_SHA_CRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) "c:ehmR:s:", -#else /* !USE_SHA_CRYPT */ +#else "c:ehmR:", -#endif /* !USE_SHA_CRYPT */ +#endif long_options, NULL)) != -1) { switch (c) { case 'c': @@ -182,17 +189,41 @@ static void process_flags (int argc, char **argv) break; case 'R': /* no-op, handled in process_root_flag () */ break; -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) case 's': sflg = true; - if (getlong(optarg, &sha_rounds) == 0) { + if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) + && (0 == getlong(optarg, &sha_rounds))) + || ( (0 == strcmp (crypt_method, "BCRYPT")) + && (0 == getlong(optarg, &bcrypt_rounds)))) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, optarg); usage (E_USAGE); } break; -#endif /* USE_SHA_CRYPT */ +#elif defined(USE_SHA_CRYPT) + case 's': + sflg = true; + if (0 == getlong(optarg, &sha_rounds)) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (E_USAGE); + } + break; +#elif defined(USE_BCRYPT) + case 's': + sflg = true; + if (0 == getlong(optarg, &bcrypt_rounds)) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (E_USAGE); + } + break; +#endif + default: usage (E_USAGE); /*@notreached@*/break; @@ -210,7 +241,7 @@ static void process_flags (int argc, char **argv) */ static void check_flags (void) { -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), @@ -235,6 +266,9 @@ static void check_flags (void) && (0 != strcmp (crypt_method, "SHA256")) && (0 != strcmp (crypt_method, "SHA512")) #endif /* USE_SHA_CRYPT */ +#ifdef USE_BCRYPT + && (0 != strcmp (crypt_method, "BCRYPT")) +#endif /* USE_BCRYPT */ ) { fprintf (stderr, _("%s: unsupported crypt method: %s\n"), @@ -496,10 +530,24 @@ int main (int argc, char **argv) if (md5flg) { crypt_method = "MD5"; } -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + if (sflg) { + if ( (0 == strcmp (crypt_method, "SHA256")) + || (0 == strcmp (crypt_method, "SHA512"))) { + arg = &sha_rounds; + } + else if (0 == strcmp (crypt_method, "BCRYPT")) { + arg = &bcrypt_rounds; + } + } +#elif defined(USE_SHA_CRYPT) if (sflg) { arg = &sha_rounds; } +#elif defined(USE_BCRYPT) + if (sflg) { + arg = &bcrypt_rounds; + } #endif salt = crypt_make_salt (crypt_method, arg); cp = pw_encrypt (newpwd, salt); @@ -39,10 +39,6 @@ #include <pwd.h> #include <stdio.h> #include <sys/types.h> -#ifdef WITH_SELINUX -#include <selinux/selinux.h> -#include <selinux/av_permissions.h> -#endif #include "defines.h" #include "getdef.h" #include "nscd.h" @@ -286,8 +282,7 @@ static void check_perms (const struct passwd *pw) * check if the change is allowed by SELinux policy. */ if ((pw->pw_uid != getuid ()) - && (is_selinux_enabled () > 0) - && (selinux_check_passwd_access (PASSWD__CHSH) != 0)) { + && (check_selinux_permit("chsh") != 0)) { SYSLOG ((LOG_WARN, "can't change shell for '%s'", pw->pw_name)); fprintf (stderr, _("You may not change the shell for '%s'.\n"), diff --git a/src/newgidmap.c b/src/newgidmap.c index 70b87888..7fcb459f 100644 --- a/src/newgidmap.c +++ b/src/newgidmap.c @@ -165,7 +165,7 @@ int main(int argc, char **argv) { char proc_dir_name[32]; char *target_str; - pid_t target, parent; + pid_t target; int proc_dir_fd; int ranges; struct map_range *mappings; diff --git a/src/newuidmap.c b/src/newuidmap.c index 45636a3c..55d84ba8 100644 --- a/src/newuidmap.c +++ b/src/newuidmap.c @@ -96,7 +96,7 @@ int main(int argc, char **argv) { char proc_dir_name[32]; char *target_str; - pid_t target, parent; + pid_t target; int proc_dir_fd; int ranges; struct map_range *mappings; diff --git a/src/newusers.c b/src/newusers.c index 7c3bb1c2..99c69f78 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -80,10 +80,15 @@ static bool rflg = false; /* create a system account */ #ifndef USE_PAM static /*@null@*//*@observer@*/char *crypt_method = NULL; #define cflg (NULL != crypt_method) -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) static bool sflg = false; +#endif +#ifdef USE_SHA_CRYPT static long sha_rounds = 5000; #endif /* USE_SHA_CRYPT */ +#ifdef USE_BCRYPT +static long bcrypt_rounds = 13; +#endif /* USE_BCRYPT */ #endif /* !USE_PAM */ static bool is_shadow; @@ -117,6 +122,8 @@ static void check_perms (void); static void open_files (void); static void close_files (void); +extern int allow_bad_names; + /* * usage - display usage message and exit */ @@ -128,25 +135,30 @@ static void usage (int status) "\n" "Options:\n"), Prog); + (void) fputs (_(" -b, --badnames allow bad names\n"), usageout); #ifndef USE_PAM (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), -#ifndef USE_SHA_CRYPT +#if !defined(USE_SHA_CRYPT) && !defined(USE_BCRYPT) "NONE DES MD5" -#else /* USE_SHA_CRYPT */ +#elif defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + "NONE DES MD5 SHA256 SHA512 BCRYPT" +#elif defined(USE_SHA_CRYPT) "NONE DES MD5 SHA256 SHA512" -#endif /* USE_SHA_CRYPT */ +#else + "NONE DES MD5 BCRYPT" +#endif ); #endif /* !USE_PAM */ (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -r, --system create system accounts\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); #ifndef USE_PAM -#ifdef USE_SHA_CRYPT - (void) fputs (_(" -s, --sha-rounds number of SHA rounds for the SHA*\n" +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) + (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA or BCRYPT\n" " crypt algorithms\n"), usageout); -#endif /* USE_SHA_CRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ #endif /* !USE_PAM */ (void) fputs ("\n", usageout); @@ -420,15 +432,29 @@ static int update_passwd (struct passwd *pwd, const char *password) { void *crypt_arg = NULL; char *cp; - if (crypt_method != NULL) { -#ifdef USE_SHA_CRYPT + if (NULL != crypt_method) { +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + if (sflg) { + if ( (0 == strcmp (crypt_method, "SHA256")) + || (0 == strcmp (crypt_method, "SHA512"))) { + crypt_arg = &sha_rounds; + } + else if (0 == strcmp (crypt_method, "BCRYPT")) { + crypt_arg = &bcrypt_rounds; + } + } +#elif defined(USE_SHA_CRYPT) if (sflg) { crypt_arg = &sha_rounds; } +#elif defined(USE_BCRYPT) + if (sflg) { + crypt_arg = &bcrypt_rounds; + } #endif } - if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) { + if ((NULL != crypt_method) && (0 == strcmp(crypt_method, "NONE"))) { pwd->pw_passwd = (char *)password; } else { const char *salt = crypt_make_salt (crypt_method, crypt_arg); @@ -457,12 +483,26 @@ static int add_passwd (struct passwd *pwd, const char *password) #ifndef USE_PAM void *crypt_arg = NULL; - if (crypt_method != NULL) { -#ifdef USE_SHA_CRYPT + if (NULL != crypt_method) { +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) + if (sflg) { + if ( (0 == strcmp (crypt_method, "SHA256")) + || (0 == strcmp (crypt_method, "SHA512"))) { + crypt_arg = &sha_rounds; + } + else if (0 == strcmp (crypt_method, "BCRYPT")) { + crypt_arg = &bcrypt_rounds; + } + } +#elif defined(USE_SHA_CRYPT) if (sflg) { crypt_arg = &sha_rounds; } -#endif /* USE_SHA_CRYPT */ +#elif defined(USE_BCRYPT) + if (sflg) { + crypt_arg = &bcrypt_rounds; + } +#endif } /* @@ -580,6 +620,7 @@ static void process_flags (int argc, char **argv) { int c; static struct option long_options[] = { + {"badnames", no_argument, NULL, 'b'}, #ifndef USE_PAM {"crypt-method", required_argument, NULL, 'c'}, #endif /* !USE_PAM */ @@ -587,25 +628,28 @@ static void process_flags (int argc, char **argv) {"system", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, #ifndef USE_PAM -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) {"sha-rounds", required_argument, NULL, 's'}, -#endif /* USE_SHA_CRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ #endif /* !USE_PAM */ {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, #ifndef USE_PAM -#ifdef USE_SHA_CRYPT - "c:hrs:", -#else /* !USE_SHA_CRYPT */ - "c:hr", -#endif /* !USE_SHA_CRYPT */ +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) + "c:bhrs:", +#else /* !USE_SHA_CRYPT && !USE_BCRYPT */ + "c:bhr", +#endif /* USE_SHA_CRYPT || USE_BCRYPT */ #else /* USE_PAM */ - "hr", + "bhr", #endif long_options, NULL)) != -1) { switch (c) { + case 'b': + allow_bad_names = true; + break; #ifndef USE_PAM case 'c': crypt_method = optarg; @@ -620,17 +664,40 @@ static void process_flags (int argc, char **argv) case 'R': /* no-op, handled in process_root_flag () */ break; #ifndef USE_PAM -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) case 's': sflg = true; - if (getlong(optarg, &sha_rounds) == 0) { + if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) + && (0 == getlong(optarg, &sha_rounds))) + || ( (0 == strcmp (crypt_method, "BCRYPT")) + && (0 == getlong(optarg, &bcrypt_rounds)))) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, optarg); usage (EXIT_FAILURE); } break; -#endif /* USE_SHA_CRYPT */ +#elif defined(USE_SHA_CRYPT) + case 's': + sflg = true; + if (0 == getlong(optarg, &sha_rounds)) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (EXIT_FAILURE); + } + break; +#elif defined(USE_BCRYPT) + case 's': + sflg = true; + if (0 == getlong(optarg, &bcrypt_rounds)) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (EXIT_FAILURE); + } + break; +#endif #endif /* !USE_PAM */ default: usage (EXIT_FAILURE); @@ -664,14 +731,14 @@ static void process_flags (int argc, char **argv) static void check_flags (void) { #ifndef USE_PAM -#ifdef USE_SHA_CRYPT +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), Prog, "-s", "-c"); usage (EXIT_FAILURE); } -#endif /* USE_SHA_CRYPT */ +#endif if (cflg) { if ( (0 != strcmp (crypt_method, "DES")) @@ -681,6 +748,9 @@ static void check_flags (void) && (0 != strcmp (crypt_method, "SHA256")) && (0 != strcmp (crypt_method, "SHA512")) #endif /* USE_SHA_CRYPT */ +#ifdef USE_BCRYPT + && (0 != strcmp (crypt_method, "BCRYPT")) +#endif /* USE_BCRYPT */ ) { fprintf (stderr, _("%s: unsupported crypt method: %s\n"), diff --git a/src/passwd.c b/src/passwd.c index 5bea2765..13619b16 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -41,12 +41,6 @@ #include <signal.h> #include <stdio.h> #include <sys/types.h> -#ifdef WITH_SELINUX -#include <selinux/selinux.h> -#include <selinux/flask.h> -#include <selinux/av_permissions.h> -#include <selinux/context.h> -#endif /* WITH_SELINUX */ #include <time.h> #include "defines.h" #include "getdef.h" @@ -149,11 +143,6 @@ static char *update_crypt_pw (char *); static void update_noshadow (void); static void update_shadow (void); -#ifdef WITH_SELINUX -static int check_selinux_access (const char *changed_user, - uid_t changed_uid, - access_vector_t requested_access); -#endif /* WITH_SELINUX */ /* * usage - print command usage and exit @@ -290,7 +279,11 @@ static int new_password (const struct passwd *pw) #ifdef USE_SHA_CRYPT || (strcmp (method, "SHA256") == 0) || (strcmp (method, "SHA512") == 0) -#endif /* USE_SHA_CRYPT */ +#endif /* USE_SHA_CRYPT */ +#ifdef USE_BCRYPT + || (strcmp (method, "BCRYPT") == 0) +#endif /* USE_SHA_CRYPT */ + ) { pass_max_len = -1; } else { @@ -710,55 +703,6 @@ static void update_shadow (void) spw_locked = false; } -#ifdef WITH_SELINUX -static int check_selinux_access (const char *changed_user, - uid_t changed_uid, - access_vector_t requested_access) -{ - int status = -1; - security_context_t user_context; - context_t c; - const char *user; - - /* if in permissive mode then allow the operation */ - if (security_getenforce() == 0) { - return 0; - } - - /* get the context of the process which executed passwd */ - if (getprevcon(&user_context) != 0) { - return -1; - } - - /* get the "user" portion of the context (the part before the first - colon) */ - c = context_new(user_context); - user = context_user_get(c); - - /* if changing a password for an account with UID==0 or for an account - where the identity matches then return success */ - if (changed_uid != 0 && strcmp(changed_user, user) == 0) { - status = 0; - } else { - struct av_decision avd; - int retval; - retval = security_compute_av(user_context, - user_context, - SECCLASS_PASSWD, - requested_access, - &avd); - if ((retval == 0) && - ((requested_access & avd.allowed) == requested_access)) { - status = 0; - } - } - context_free(c); - freecon(user_context); - return status; -} - -#endif /* WITH_SELINUX */ - /* * passwd - change a user's password file information * @@ -1034,22 +978,13 @@ int main (int argc, char **argv) #ifdef WITH_SELINUX /* only do this check when getuid()==0 because it's a pre-condition for changing a password without entering the old one */ - if ((is_selinux_enabled() > 0) && (getuid() == 0) && - (check_selinux_access (name, pw->pw_uid, PASSWD__PASSWD) != 0)) { - security_context_t user_context = NULL; - const char *user = "Unknown user context"; - if (getprevcon (&user_context) == 0) { - user = user_context; /* FIXME: use context_user_get? */ - } + if (amroot && (check_selinux_permit ("passwd") != 0)) { SYSLOG ((LOG_ALERT, - "%s is not authorized to change the password of %s", - user, name)); + "root is not authorized by SELinux to change the password of %s", + name)); (void) fprintf(stderr, - _("%s: %s is not authorized to change the password of %s\n"), - Prog, user, name); - if (NULL != user_context) { - freecon (user_context); - } + _("%s: root is not authorized by SELinux to change the password of %s\n"), + Prog, name); exit (E_NOPERM); } #endif /* WITH_SELINUX */ @@ -95,6 +95,8 @@ static void close_files (bool changed); static void check_pw_file (int *errors, bool *changed); static void check_spw_file (int *errors, bool *changed); +extern int allow_bad_names; + /* * fail_exit - do some cleanup and exit with the given error code */ @@ -148,6 +150,7 @@ static /*@noreturn@*/void usage (int status) "Options:\n"), Prog); } + (void) fputs (_(" -b, --badnames allow bad names\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -q, --quiet report errors only\n"), usageout); (void) fputs (_(" -r, --read-only display errors and warnings\n" @@ -172,6 +175,7 @@ static void process_flags (int argc, char **argv) { int c; static struct option long_options[] = { + {"badnames", no_argument, NULL, 'b'}, {"help", no_argument, NULL, 'h'}, {"quiet", no_argument, NULL, 'q'}, {"read-only", no_argument, NULL, 'r'}, @@ -183,9 +187,12 @@ static void process_flags (int argc, char **argv) /* * Parse the command line arguments */ - while ((c = getopt_long (argc, argv, "ehqrR:s", + while ((c = getopt_long (argc, argv, "behqrR:s", long_options, NULL)) != -1) { switch (c) { + case 'b': + allow_bad_names = true; + break; case 'h': usage (E_SUCCESS); /*@notreached@*/break; @@ -382,6 +389,8 @@ static void check_pw_file (int *errors, bool *changed) struct commonio_entry *pfe, *tpfe; struct passwd *pwd; struct spwd *spw; + uid_t min_sys_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL); + uid_t max_sys_id = (uid_t) getdef_ulong ("SYS_UID_MAX", 999UL); /* * Loop through the entire password file. @@ -481,6 +490,7 @@ static void check_pw_file (int *errors, bool *changed) /* * Check for invalid usernames. --marekm */ + if (!is_valid_user_name (pwd->pw_name)) { printf (_("invalid user name '%s'\n"), pwd->pw_name); *errors += 1; @@ -510,15 +520,20 @@ static void check_pw_file (int *errors, bool *changed) } /* - * Make sure the home directory exists + * If uid is system and has a home directory, then check */ - if (!quiet && (access (pwd->pw_dir, F_OK) != 0)) { + if (!(pwd->pw_uid >= min_sys_id && pwd->pw_uid <= max_sys_id && pwd->pw_dir && pwd->pw_dir[0])) { /* - * Home directory doesn't exist, give a warning + * Make sure the home directory exists */ - printf (_("user '%s': directory '%s' does not exist\n"), - pwd->pw_name, pwd->pw_dir); - *errors += 1; + if (!quiet && (access (pwd->pw_dir, F_OK) != 0)) { + /* + * Home directory doesn't exist, give a warning + */ + printf (_("user '%s': directory '%s' does not exist\n"), + pwd->pw_name, pwd->pw_dir); + *errors += 1; + } } /* diff --git a/src/useradd.c b/src/useradd.c index bdd7fe8c..4af0f7c6 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -148,6 +148,8 @@ static char **user_groups; /* NULL-terminated list */ static long sys_ngroups; static bool do_grp_update = false; /* group files need to be updated */ +extern int allow_bad_names; + static bool bflg = false, /* new default root of home directory */ cflg = false, /* comment (GECOS) field for new account */ @@ -821,6 +823,7 @@ static void usage (int status) "\n" "Options:\n"), Prog, Prog, Prog); + (void) fputs (_(" --badnames do not check for bad names\n"), usageout); (void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n" " new account\n"), usageout); #ifdef WITH_BTRFS @@ -1098,6 +1101,7 @@ static void process_flags (int argc, char **argv) const struct group *grp; bool anyflag = false; char *cp; + struct stat st; { /* @@ -1109,6 +1113,7 @@ static void process_flags (int argc, char **argv) #ifdef WITH_BTRFS {"btrfs-subvolume-home", no_argument, NULL, 200}, #endif + {"badnames", no_argument, NULL, 201}, {"comment", required_argument, NULL, 'c'}, {"home-dir", required_argument, NULL, 'd'}, {"defaults", no_argument, NULL, 'D'}, @@ -1158,6 +1163,9 @@ static void process_flags (int argc, char **argv) case 200: subvolflg = true; break; + case 201: + allow_bad_names = true; + break; case 'c': if (!VALID (optarg)) { fprintf (stderr, @@ -1320,7 +1328,10 @@ static void process_flags (int argc, char **argv) if ( ( !VALID (optarg) ) || ( ('\0' != optarg[0]) && ('/' != optarg[0]) - && ('*' != optarg[0]) )) { + && ('*' != optarg[0]) ) + || (stat(optarg, &st) != 0) + || (S_ISDIR(st.st_mode)) + || (access(optarg, X_OK) != 0)) { fprintf (stderr, _("%s: invalid shell '%s'\n"), Prog, optarg); @@ -2449,9 +2460,9 @@ int main (int argc, char **argv) (uid_t)-1, user_id, (gid_t)-1, user_gid); } else { fprintf (stderr, - _("%s: warning: the home directory already exists.\n" - "Not copying any file from skel directory into it.\n"), - Prog); + _("%s: warning: the home directory %s already exists.\n" + "%s: Not copying any file from skel directory into it.\n"), + Prog, user_home, Prog); } } diff --git a/src/userdel.c b/src/userdel.c index 7be46e8d..cc951e58 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -97,7 +97,9 @@ static char *user_home; static bool fflg = false; static bool rflg = false; +#ifdef WITH_SELINUX static bool Zflg = false; +#endif static bool Rflg = false; static bool is_shadow_pwd; diff --git a/src/usermod.c b/src/usermod.c index c3718864..05b98715 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -206,6 +206,8 @@ static void update_faillog (void); static void move_mailbox (void); #endif +extern int allow_bad_names; + static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize, long int date) { @@ -408,6 +410,7 @@ static /*@noreturn@*/void usage (int status) "\n" "Options:\n"), Prog); + (void) fputs (_(" -b, --badnames allow bad names\n"), usageout); (void) fputs (_(" -c, --comment COMMENT new value of the GECOS field\n"), usageout); (void) fputs (_(" -d, --home HOME_DIR new home directory for the user account\n"), usageout); (void) fputs (_(" -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE\n"), usageout); @@ -991,6 +994,7 @@ static void process_flags (int argc, char **argv) int c; static struct option long_options[] = { {"append", no_argument, NULL, 'a'}, + {"badnames", no_argument, NULL, 'b'}, {"comment", required_argument, NULL, 'c'}, {"home", required_argument, NULL, 'd'}, {"expiredate", required_argument, NULL, 'e'}, @@ -1020,7 +1024,7 @@ static void process_flags (int argc, char **argv) {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, - "ac:d:e:f:g:G:hl:Lmop:R:s:u:UP:" + "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:" #ifdef ENABLE_SUBIDS "v:w:V:W:" #endif /* ENABLE_SUBIDS */ @@ -1032,6 +1036,9 @@ static void process_flags (int argc, char **argv) case 'a': aflg = true; break; + case 'b': + allow_bad_names = true; + break; case 'c': if (!VALID (optarg)) { fprintf (stderr, @@ -1879,7 +1886,7 @@ static void update_lastlog (void) return; } - max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL); + max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL); if (user_newid > max_uid) { /* do not touch lastlog for large uids */ return; @@ -207,6 +207,8 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) struct stat st1, st2; int status; FILE *f; + pid_t orig_pgrp, editor_pgrp = -1; + sigset_t mask, omask; /* FIXME: the following should have variable sizes */ char filebackup[1024], fileedit[1024]; char *to_rename; @@ -294,6 +296,8 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) editor = DEFAULT_EDITOR; } + orig_pgrp = tcgetpgrp(STDIN_FILENO); + pid = fork (); if (-1 == pid) { vipwexit ("fork", 1, 1); @@ -303,6 +307,14 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) char *buf; int status; + /* Wait for parent to make us the foreground pgrp. */ + if (orig_pgrp != -1) { + pid = getpid(); + setpgid(0, 0); + while (tcgetpgrp(STDIN_FILENO) != pid) + continue; + } + buf = (char *) malloc (strlen (editor) + strlen (fileedit) + 2); snprintf (buf, strlen (editor) + strlen (fileedit) + 2, "%s %s", editor, fileedit); @@ -325,19 +337,50 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) } } + /* Run child in a new pgrp and make it the foreground pgrp. */ + if (orig_pgrp != -1) { + setpgid(pid, pid); + tcsetpgrp(STDIN_FILENO, pid); + + /* Avoid SIGTTOU when changing foreground pgrp below. */ + sigemptyset(&mask); + sigaddset(&mask, SIGTTOU); + sigprocmask(SIG_BLOCK, &mask, &omask); + } + for (;;) { pid = waitpid (pid, &status, WUNTRACED); if ((pid != -1) && (WIFSTOPPED (status) != 0)) { /* The child (editor) was suspended. - * Suspend vipw. */ + * Restore terminal pgrp and suspend vipw. */ + if (orig_pgrp != -1) { + editor_pgrp = tcgetpgrp(STDIN_FILENO); + if (editor_pgrp == -1) { + fprintf (stderr, "%s: %s: %s", Prog, + "tcgetpgrp", strerror (errno)); + } + if (tcsetpgrp(STDIN_FILENO, orig_pgrp) == -1) { + fprintf (stderr, "%s: %s: %s", Prog, + "tcsetpgrp", strerror (errno)); + } + } kill (getpid (), SIGSTOP); /* wake child when resumed */ - kill (pid, SIGCONT); + if (editor_pgrp != -1) { + if (tcsetpgrp(STDIN_FILENO, editor_pgrp) == -1) { + fprintf (stderr, "%s: %s: %s", Prog, + "tcsetpgrp", strerror (errno)); + } + } + killpg (pid, SIGCONT); } else { break; } } + if (orig_pgrp != -1) + sigprocmask(SIG_SETMASK, &omask, NULL); + if (-1 == pid) { vipwexit (editor, 1, 1); } else if ( WIFEXITED (status) |