diff options
author | Balint Reczey <balint@balintreczey.hu> | 2021-11-07 15:18:49 +0100 |
---|---|---|
committer | Balint Reczey <balint@balintreczey.hu> | 2021-11-07 15:18:49 +0100 |
commit | 749c1780621163ca5108f164861324bafa9e0ae8 (patch) | |
tree | 51001872624a692018c45bf39276df94b603fb19 /src | |
parent | d906ecd3b652d95af6ffb974a2f6669501bb9496 (diff) | |
download | shadow-749c1780621163ca5108f164861324bafa9e0ae8.tar.gz |
New upstream version 4.9upstream/4.9
Diffstat (limited to 'src')
40 files changed, 1587 insertions, 601 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index f175928a..35027013 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -78,7 +78,7 @@ shadowsgidubins = passwd endif LDADD = $(INTLLIBS) \ - $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/libmisc/libmisc.la \ $(top_builddir)/lib/libshadow.la \ $(LIBTCB) @@ -95,18 +95,18 @@ LIBCRYPT_NOPAM = $(LIBCRYPT) endif chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) +newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl +newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) expiry_LDADD = $(LDADD) $(LIBECONF) gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl +groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) @@ -116,7 +116,7 @@ login_SOURCES = \ login_nopam.c login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) $(LIBECONF) -newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl nologin_LDADD = passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF) pwck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) @@ -127,9 +127,9 @@ su_SOURCES = \ suauth.c su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) -useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) +useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl +userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl +usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) install-am: all-am @@ -156,4 +156,74 @@ if FCAPS setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap endif + +noinst_PROGRAMS += list_subid_ranges \ + get_subid_owners \ + new_subid_range \ + free_subid_range \ + check_subid_range + +MISCLIBS = \ + $(LIBAUDIT) \ + $(LIBSELINUX) \ + $(LIBSEMANAGE) \ + $(LIBCRYPT_NOPAM) \ + $(LIBSKEY) \ + $(LIBMD) \ + $(LIBECONF) \ + $(LIBCRYPT) \ + $(LIBTCB) + +list_subid_ranges_LDADD = \ + $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/libsubid/libsubid.la \ + $(MISCLIBS) -ldl + +list_subid_ranges_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ + -I$(top_srcdir)/libsubid + +get_subid_owners_LDADD = \ + $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/libsubid/libsubid.la \ + $(MISCLIBS) -ldl + +get_subid_owners_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ + -I$(top_srcdir)/libsubid + +new_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ + -I$(top_srcdir)/libsubid + +new_subid_range_LDADD = \ + $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/libsubid/libsubid.la \ + $(MISCLIBS) -ldl + +free_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ + -I$(top_srcdir)/libsubid + +free_subid_range_LDADD = \ + $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/libsubid/libsubid.la \ + $(MISCLIBS) -ldl + +check_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc + +check_subid_range_LDADD = \ + $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la \ + $(MISCLIBS) -ldl endif diff --git a/src/Makefile.in b/src/Makefile.in index d66e6e85..c820270f 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -92,7 +92,7 @@ bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) $(am__EXEEXT_1) sbin_PROGRAMS = nologin$(EXEEXT) ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \ chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \ - newgrp$(EXEEXT) passwd$(EXEEXT) $(am__EXEEXT_2) + newgrp$(EXEEXT) passwd$(EXEEXT) $(am__EXEEXT_3) @ENABLE_SUBIDS_TRUE@am__append_1 = newgidmap newuidmap @WITH_SU_TRUE@am__append_2 = su usbin_PROGRAMS = chgpasswd$(EXEEXT) chpasswd$(EXEEXT) \ @@ -102,15 +102,27 @@ usbin_PROGRAMS = chgpasswd$(EXEEXT) chpasswd$(EXEEXT) \ pwck$(EXEEXT) pwconv$(EXEEXT) pwunconv$(EXEEXT) \ useradd$(EXEEXT) userdel$(EXEEXT) usermod$(EXEEXT) \ vipw$(EXEEXT) -noinst_PROGRAMS = id$(EXEEXT) sulogin$(EXEEXT) +noinst_PROGRAMS = id$(EXEEXT) sulogin$(EXEEXT) $(am__EXEEXT_2) @WITH_SU_TRUE@am__append_3 = su @WITH_TCB_FALSE@am__append_4 = passwd @ACCT_TOOLS_SETUID_TRUE@am__append_5 = chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod @ENABLE_SUBIDS_TRUE@@FCAPS_FALSE@am__append_6 = newgidmap newuidmap +@ENABLE_SUBIDS_TRUE@am__append_7 = list_subid_ranges \ +@ENABLE_SUBIDS_TRUE@ get_subid_owners \ +@ENABLE_SUBIDS_TRUE@ new_subid_range \ +@ENABLE_SUBIDS_TRUE@ free_subid_range \ +@ENABLE_SUBIDS_TRUE@ check_subid_range + subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -121,7 +133,12 @@ CONFIG_CLEAN_VPATH_FILES = @WITH_SU_TRUE@am__EXEEXT_1 = su$(EXEEXT) am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(ubindir)" "$(DESTDIR)$(usbindir)" -@ENABLE_SUBIDS_TRUE@am__EXEEXT_2 = newgidmap$(EXEEXT) \ +@ENABLE_SUBIDS_TRUE@am__EXEEXT_2 = list_subid_ranges$(EXEEXT) \ +@ENABLE_SUBIDS_TRUE@ get_subid_owners$(EXEEXT) \ +@ENABLE_SUBIDS_TRUE@ new_subid_range$(EXEEXT) \ +@ENABLE_SUBIDS_TRUE@ free_subid_range$(EXEEXT) \ +@ENABLE_SUBIDS_TRUE@ check_subid_range$(EXEEXT) +@ENABLE_SUBIDS_TRUE@am__EXEEXT_3 = newgidmap$(EXEEXT) \ @ENABLE_SUBIDS_TRUE@ newuidmap$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS) \ $(ubin_PROGRAMS) $(usbin_PROGRAMS) @@ -129,7 +146,7 @@ chage_SOURCES = chage.c chage_OBJECTS = chage.$(OBJEXT) am__DEPENDENCIES_1 = am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) \ - $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/libmisc/libmisc.la \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) @ACCT_TOOLS_SETUID_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1) chage_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ @@ -139,9 +156,25 @@ AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = +check_subid_range_SOURCES = check_subid_range.c +check_subid_range_OBJECTS = \ + check_subid_range-check_subid_range.$(OBJEXT) +@USE_PAM_FALSE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1) +@ENABLE_SUBIDS_TRUE@am__DEPENDENCIES_5 = $(am__DEPENDENCIES_1) \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_1) \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_1) \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_4) \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_1) \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_1) \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_1) \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_1) \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_1) +@ENABLE_SUBIDS_TRUE@check_subid_range_DEPENDENCIES = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_5) chfn_SOURCES = chfn.c chfn_OBJECTS = chfn.$(OBJEXT) -@USE_PAM_FALSE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1) chfn_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_4) $(am__DEPENDENCIES_1) \ @@ -169,8 +202,24 @@ faillog_SOURCES = faillog.c faillog_OBJECTS = faillog.$(OBJEXT) faillog_LDADD = $(LDADD) faillog_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/libmisc/libmisc.la \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) +free_subid_range_SOURCES = free_subid_range.c +free_subid_range_OBJECTS = \ + free_subid_range-free_subid_range.$(OBJEXT) +@ENABLE_SUBIDS_TRUE@free_subid_range_DEPENDENCIES = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libsubid/libsubid.la \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_5) +get_subid_owners_SOURCES = get_subid_owners.c +get_subid_owners_OBJECTS = \ + get_subid_owners-get_subid_owners.$(OBJEXT) +@ENABLE_SUBIDS_TRUE@get_subid_owners_DEPENDENCIES = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libsubid/libsubid.la \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_5) gpasswd_SOURCES = gpasswd.c gpasswd_OBJECTS = gpasswd.$(OBJEXT) gpasswd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ @@ -200,7 +249,7 @@ groups_SOURCES = groups.c groups_OBJECTS = groups.$(OBJEXT) groups_LDADD = $(LDADD) groups_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/libmisc/libmisc.la \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) grpck_SOURCES = grpck.c grpck_OBJECTS = grpck.$(OBJEXT) @@ -218,12 +267,20 @@ id_SOURCES = id.c id_OBJECTS = id.$(OBJEXT) id_LDADD = $(LDADD) id_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/libmisc/libmisc.la \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) lastlog_SOURCES = lastlog.c lastlog_OBJECTS = lastlog.$(OBJEXT) lastlog_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) +list_subid_ranges_SOURCES = list_subid_ranges.c +list_subid_ranges_OBJECTS = \ + list_subid_ranges-list_subid_ranges.$(OBJEXT) +@ENABLE_SUBIDS_TRUE@list_subid_ranges_DEPENDENCIES = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libsubid/libsubid.la \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_5) am_login_OBJECTS = login.$(OBJEXT) login_nopam.$(OBJEXT) login_OBJECTS = $(am_login_OBJECTS) login_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ @@ -234,8 +291,15 @@ logoutd_SOURCES = logoutd.c logoutd_OBJECTS = logoutd.$(OBJEXT) logoutd_LDADD = $(LDADD) logoutd_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/libmisc/libmisc.la \ $(top_builddir)/lib/libshadow.la $(am__DEPENDENCIES_1) +new_subid_range_SOURCES = new_subid_range.c +new_subid_range_OBJECTS = new_subid_range-new_subid_range.$(OBJEXT) +@ENABLE_SUBIDS_TRUE@new_subid_range_DEPENDENCIES = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libsubid/libsubid.la \ +@ENABLE_SUBIDS_TRUE@ $(am__DEPENDENCIES_5) newgidmap_SOURCES = newgidmap.c newgidmap_OBJECTS = newgidmap.$(OBJEXT) newgidmap_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ @@ -319,25 +383,7 @@ am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp -am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/chage.Po ./$(DEPDIR)/chfn.Po \ - ./$(DEPDIR)/chgpasswd.Po ./$(DEPDIR)/chpasswd.Po \ - ./$(DEPDIR)/chsh.Po ./$(DEPDIR)/expiry.Po \ - ./$(DEPDIR)/faillog.Po ./$(DEPDIR)/gpasswd.Po \ - ./$(DEPDIR)/groupadd.Po ./$(DEPDIR)/groupdel.Po \ - ./$(DEPDIR)/groupmems.Po ./$(DEPDIR)/groupmod.Po \ - ./$(DEPDIR)/groups.Po ./$(DEPDIR)/grpck.Po \ - ./$(DEPDIR)/grpconv.Po ./$(DEPDIR)/grpunconv.Po \ - ./$(DEPDIR)/id.Po ./$(DEPDIR)/lastlog.Po ./$(DEPDIR)/login.Po \ - ./$(DEPDIR)/login_nopam.Po ./$(DEPDIR)/logoutd.Po \ - ./$(DEPDIR)/newgidmap.Po ./$(DEPDIR)/newgrp.Po \ - ./$(DEPDIR)/newuidmap.Po ./$(DEPDIR)/newusers.Po \ - ./$(DEPDIR)/nologin.Po ./$(DEPDIR)/passwd.Po \ - ./$(DEPDIR)/pwck.Po ./$(DEPDIR)/pwconv.Po \ - ./$(DEPDIR)/pwunconv.Po ./$(DEPDIR)/su.Po \ - ./$(DEPDIR)/suauth.Po ./$(DEPDIR)/sulogin.Po \ - ./$(DEPDIR)/useradd.Po ./$(DEPDIR)/userdel.Po \ - ./$(DEPDIR)/usermod.Po ./$(DEPDIR)/vipw.Po +am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -357,20 +403,22 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = chage.c chfn.c chgpasswd.c chpasswd.c chsh.c expiry.c \ - faillog.c gpasswd.c groupadd.c groupdel.c groupmems.c \ +SOURCES = chage.c check_subid_range.c chfn.c chgpasswd.c chpasswd.c \ + chsh.c expiry.c faillog.c free_subid_range.c \ + get_subid_owners.c gpasswd.c groupadd.c groupdel.c groupmems.c \ groupmod.c groups.c grpck.c grpconv.c grpunconv.c id.c \ - lastlog.c $(login_SOURCES) logoutd.c newgidmap.c newgrp.c \ - newuidmap.c newusers.c nologin.c passwd.c pwck.c pwconv.c \ - pwunconv.c $(su_SOURCES) sulogin.c useradd.c userdel.c \ - usermod.c vipw.c -DIST_SOURCES = chage.c chfn.c chgpasswd.c chpasswd.c chsh.c expiry.c \ - faillog.c gpasswd.c groupadd.c groupdel.c groupmems.c \ + lastlog.c list_subid_ranges.c $(login_SOURCES) logoutd.c \ + new_subid_range.c newgidmap.c newgrp.c newuidmap.c newusers.c \ + nologin.c passwd.c pwck.c pwconv.c pwunconv.c $(su_SOURCES) \ + sulogin.c useradd.c userdel.c usermod.c vipw.c +DIST_SOURCES = chage.c check_subid_range.c chfn.c chgpasswd.c \ + chpasswd.c chsh.c expiry.c faillog.c free_subid_range.c \ + get_subid_owners.c gpasswd.c groupadd.c groupdel.c groupmems.c \ groupmod.c groups.c grpck.c grpconv.c grpunconv.c id.c \ - lastlog.c $(login_SOURCES) logoutd.c newgidmap.c newgrp.c \ - newuidmap.c newusers.c nologin.c passwd.c pwck.c pwconv.c \ - pwunconv.c $(su_SOURCES) sulogin.c useradd.c userdel.c \ - usermod.c vipw.c + lastlog.c list_subid_ranges.c $(login_SOURCES) logoutd.c \ + new_subid_range.c newgidmap.c newgrp.c newuidmap.c newusers.c \ + nologin.c passwd.c pwck.c pwconv.c pwunconv.c $(su_SOURCES) \ + sulogin.c useradd.c userdel.c usermod.c vipw.c am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -423,7 +471,6 @@ ECONF_CPPFLAGS = @ECONF_CPPFLAGS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ -GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -452,9 +499,14 @@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBSEMANAGE = @LIBSEMANAGE@ LIBSKEY = @LIBSKEY@ +LIBSUBID_ABI = @LIBSUBID_ABI@ +LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@ +LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@ +LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@ LIBTCB = @LIBTCB@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ +LIYESCRYPT = @LIYESCRYPT@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ @@ -492,7 +544,6 @@ VENDORDIR = @VENDORDIR@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ -XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ @@ -570,7 +621,7 @@ suidubins = chage chfn chsh expiry gpasswd newgrp $(am__append_4) \ $(am__append_6) @WITH_TCB_TRUE@shadowsgidubins = passwd LDADD = $(INTLLIBS) \ - $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/libmisc/libmisc.la \ $(top_builddir)/lib/libshadow.la \ $(LIBTCB) @@ -579,18 +630,18 @@ LDADD = $(INTLLIBS) \ @USE_PAM_FALSE@LIBCRYPT_NOPAM = $(LIBCRYPT) @USE_PAM_TRUE@LIBCRYPT_NOPAM = chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) +newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl +newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) expiry_LDADD = $(LDADD) $(LIBECONF) gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl +groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) @@ -601,7 +652,7 @@ login_SOURCES = \ login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) $(LIBECONF) -newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl nologin_LDADD = passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF) pwck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) @@ -613,10 +664,74 @@ su_SOURCES = \ su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) -useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) +useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl +userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl +usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +@ENABLE_SUBIDS_TRUE@MISCLIBS = \ +@ENABLE_SUBIDS_TRUE@ $(LIBAUDIT) \ +@ENABLE_SUBIDS_TRUE@ $(LIBSELINUX) \ +@ENABLE_SUBIDS_TRUE@ $(LIBSEMANAGE) \ +@ENABLE_SUBIDS_TRUE@ $(LIBCRYPT_NOPAM) \ +@ENABLE_SUBIDS_TRUE@ $(LIBSKEY) \ +@ENABLE_SUBIDS_TRUE@ $(LIBMD) \ +@ENABLE_SUBIDS_TRUE@ $(LIBECONF) \ +@ENABLE_SUBIDS_TRUE@ $(LIBCRYPT) \ +@ENABLE_SUBIDS_TRUE@ $(LIBTCB) + +@ENABLE_SUBIDS_TRUE@list_subid_ranges_LDADD = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libsubid/libsubid.la \ +@ENABLE_SUBIDS_TRUE@ $(MISCLIBS) -ldl + +@ENABLE_SUBIDS_TRUE@list_subid_ranges_CPPFLAGS = \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/lib \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libmisc \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libsubid + +@ENABLE_SUBIDS_TRUE@get_subid_owners_LDADD = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libsubid/libsubid.la \ +@ENABLE_SUBIDS_TRUE@ $(MISCLIBS) -ldl + +@ENABLE_SUBIDS_TRUE@get_subid_owners_CPPFLAGS = \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/lib \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libmisc \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libsubid + +@ENABLE_SUBIDS_TRUE@new_subid_range_CPPFLAGS = \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/lib \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libmisc \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libsubid + +@ENABLE_SUBIDS_TRUE@new_subid_range_LDADD = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libsubid/libsubid.la \ +@ENABLE_SUBIDS_TRUE@ $(MISCLIBS) -ldl + +@ENABLE_SUBIDS_TRUE@free_subid_range_CPPFLAGS = \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/lib \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libmisc \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libsubid + +@ENABLE_SUBIDS_TRUE@free_subid_range_LDADD = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libsubid/libsubid.la \ +@ENABLE_SUBIDS_TRUE@ $(MISCLIBS) -ldl + +@ENABLE_SUBIDS_TRUE@check_subid_range_CPPFLAGS = \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/lib \ +@ENABLE_SUBIDS_TRUE@ -I$(top_srcdir)/libmisc + +@ENABLE_SUBIDS_TRUE@check_subid_range_LDADD = \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/lib/libshadow.la \ +@ENABLE_SUBIDS_TRUE@ $(top_builddir)/libmisc/libmisc.la \ +@ENABLE_SUBIDS_TRUE@ $(MISCLIBS) -ldl + all: all-am .SUFFIXES: @@ -638,8 +753,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -860,6 +975,10 @@ chage$(EXEEXT): $(chage_OBJECTS) $(chage_DEPENDENCIES) $(EXTRA_chage_DEPENDENCIE @rm -f chage$(EXEEXT) $(AM_V_CCLD)$(LINK) $(chage_OBJECTS) $(chage_LDADD) $(LIBS) +check_subid_range$(EXEEXT): $(check_subid_range_OBJECTS) $(check_subid_range_DEPENDENCIES) $(EXTRA_check_subid_range_DEPENDENCIES) + @rm -f check_subid_range$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(check_subid_range_OBJECTS) $(check_subid_range_LDADD) $(LIBS) + chfn$(EXEEXT): $(chfn_OBJECTS) $(chfn_DEPENDENCIES) $(EXTRA_chfn_DEPENDENCIES) @rm -f chfn$(EXEEXT) $(AM_V_CCLD)$(LINK) $(chfn_OBJECTS) $(chfn_LDADD) $(LIBS) @@ -884,6 +1003,14 @@ faillog$(EXEEXT): $(faillog_OBJECTS) $(faillog_DEPENDENCIES) $(EXTRA_faillog_DEP @rm -f faillog$(EXEEXT) $(AM_V_CCLD)$(LINK) $(faillog_OBJECTS) $(faillog_LDADD) $(LIBS) +free_subid_range$(EXEEXT): $(free_subid_range_OBJECTS) $(free_subid_range_DEPENDENCIES) $(EXTRA_free_subid_range_DEPENDENCIES) + @rm -f free_subid_range$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(free_subid_range_OBJECTS) $(free_subid_range_LDADD) $(LIBS) + +get_subid_owners$(EXEEXT): $(get_subid_owners_OBJECTS) $(get_subid_owners_DEPENDENCIES) $(EXTRA_get_subid_owners_DEPENDENCIES) + @rm -f get_subid_owners$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(get_subid_owners_OBJECTS) $(get_subid_owners_LDADD) $(LIBS) + gpasswd$(EXEEXT): $(gpasswd_OBJECTS) $(gpasswd_DEPENDENCIES) $(EXTRA_gpasswd_DEPENDENCIES) @rm -f gpasswd$(EXEEXT) $(AM_V_CCLD)$(LINK) $(gpasswd_OBJECTS) $(gpasswd_LDADD) $(LIBS) @@ -928,6 +1055,10 @@ lastlog$(EXEEXT): $(lastlog_OBJECTS) $(lastlog_DEPENDENCIES) $(EXTRA_lastlog_DEP @rm -f lastlog$(EXEEXT) $(AM_V_CCLD)$(LINK) $(lastlog_OBJECTS) $(lastlog_LDADD) $(LIBS) +list_subid_ranges$(EXEEXT): $(list_subid_ranges_OBJECTS) $(list_subid_ranges_DEPENDENCIES) $(EXTRA_list_subid_ranges_DEPENDENCIES) + @rm -f list_subid_ranges$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(list_subid_ranges_OBJECTS) $(list_subid_ranges_LDADD) $(LIBS) + login$(EXEEXT): $(login_OBJECTS) $(login_DEPENDENCIES) $(EXTRA_login_DEPENDENCIES) @rm -f login$(EXEEXT) $(AM_V_CCLD)$(LINK) $(login_OBJECTS) $(login_LDADD) $(LIBS) @@ -936,6 +1067,10 @@ logoutd$(EXEEXT): $(logoutd_OBJECTS) $(logoutd_DEPENDENCIES) $(EXTRA_logoutd_DEP @rm -f logoutd$(EXEEXT) $(AM_V_CCLD)$(LINK) $(logoutd_OBJECTS) $(logoutd_LDADD) $(LIBS) +new_subid_range$(EXEEXT): $(new_subid_range_OBJECTS) $(new_subid_range_DEPENDENCIES) $(EXTRA_new_subid_range_DEPENDENCIES) + @rm -f new_subid_range$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(new_subid_range_OBJECTS) $(new_subid_range_LDADD) $(LIBS) + newgidmap$(EXEEXT): $(newgidmap_OBJECTS) $(newgidmap_DEPENDENCIES) $(EXTRA_newgidmap_DEPENDENCIES) @rm -f newgidmap$(EXEEXT) $(AM_V_CCLD)$(LINK) $(newgidmap_OBJECTS) $(newgidmap_LDADD) $(LIBS) @@ -1002,49 +1137,48 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chage.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chfn.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chgpasswd.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpasswd.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chsh.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/expiry.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillog.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpasswd.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupadd.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupdel.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupmems.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupmod.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groups.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpck.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpconv.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpunconv.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lastlog.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login_nopam.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logoutd.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newgidmap.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newgrp.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newuidmap.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newusers.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nologin.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passwd.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwck.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwconv.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwunconv.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/su.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/suauth.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sulogin.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/useradd.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/userdel.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/usermod.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vipw.Po@am__quote@ # am--include-marker - -$(am__depfiles_remade): - @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ - -am--depfiles: $(am__depfiles_remade) +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chage.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check_subid_range-check_subid_range.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chfn.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chgpasswd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpasswd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chsh.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/expiry.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillog.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/free_subid_range-free_subid_range.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_subid_owners-get_subid_owners.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpasswd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupadd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupdel.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupmems.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groupmod.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/groups.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpck.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpconv.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grpunconv.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lastlog.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/list_subid_ranges-list_subid_ranges.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login_nopam.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logoutd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/new_subid_range-new_subid_range.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newgidmap.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newgrp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newuidmap.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newusers.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nologin.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passwd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwck.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwconv.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwunconv.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/su.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/suauth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sulogin.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/useradd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/userdel.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/usermod.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vipw.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -1067,6 +1201,76 @@ am--depfiles: $(am__depfiles_remade) @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< +check_subid_range-check_subid_range.o: check_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(check_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT check_subid_range-check_subid_range.o -MD -MP -MF $(DEPDIR)/check_subid_range-check_subid_range.Tpo -c -o check_subid_range-check_subid_range.o `test -f 'check_subid_range.c' || echo '$(srcdir)/'`check_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/check_subid_range-check_subid_range.Tpo $(DEPDIR)/check_subid_range-check_subid_range.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='check_subid_range.c' object='check_subid_range-check_subid_range.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(check_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o check_subid_range-check_subid_range.o `test -f 'check_subid_range.c' || echo '$(srcdir)/'`check_subid_range.c + +check_subid_range-check_subid_range.obj: check_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(check_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT check_subid_range-check_subid_range.obj -MD -MP -MF $(DEPDIR)/check_subid_range-check_subid_range.Tpo -c -o check_subid_range-check_subid_range.obj `if test -f 'check_subid_range.c'; then $(CYGPATH_W) 'check_subid_range.c'; else $(CYGPATH_W) '$(srcdir)/check_subid_range.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/check_subid_range-check_subid_range.Tpo $(DEPDIR)/check_subid_range-check_subid_range.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='check_subid_range.c' object='check_subid_range-check_subid_range.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(check_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o check_subid_range-check_subid_range.obj `if test -f 'check_subid_range.c'; then $(CYGPATH_W) 'check_subid_range.c'; else $(CYGPATH_W) '$(srcdir)/check_subid_range.c'; fi` + +free_subid_range-free_subid_range.o: free_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(free_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT free_subid_range-free_subid_range.o -MD -MP -MF $(DEPDIR)/free_subid_range-free_subid_range.Tpo -c -o free_subid_range-free_subid_range.o `test -f 'free_subid_range.c' || echo '$(srcdir)/'`free_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/free_subid_range-free_subid_range.Tpo $(DEPDIR)/free_subid_range-free_subid_range.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='free_subid_range.c' object='free_subid_range-free_subid_range.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(free_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o free_subid_range-free_subid_range.o `test -f 'free_subid_range.c' || echo '$(srcdir)/'`free_subid_range.c + +free_subid_range-free_subid_range.obj: free_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(free_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT free_subid_range-free_subid_range.obj -MD -MP -MF $(DEPDIR)/free_subid_range-free_subid_range.Tpo -c -o free_subid_range-free_subid_range.obj `if test -f 'free_subid_range.c'; then $(CYGPATH_W) 'free_subid_range.c'; else $(CYGPATH_W) '$(srcdir)/free_subid_range.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/free_subid_range-free_subid_range.Tpo $(DEPDIR)/free_subid_range-free_subid_range.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='free_subid_range.c' object='free_subid_range-free_subid_range.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(free_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o free_subid_range-free_subid_range.obj `if test -f 'free_subid_range.c'; then $(CYGPATH_W) 'free_subid_range.c'; else $(CYGPATH_W) '$(srcdir)/free_subid_range.c'; fi` + +get_subid_owners-get_subid_owners.o: get_subid_owners.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(get_subid_owners_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT get_subid_owners-get_subid_owners.o -MD -MP -MF $(DEPDIR)/get_subid_owners-get_subid_owners.Tpo -c -o get_subid_owners-get_subid_owners.o `test -f 'get_subid_owners.c' || echo '$(srcdir)/'`get_subid_owners.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/get_subid_owners-get_subid_owners.Tpo $(DEPDIR)/get_subid_owners-get_subid_owners.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='get_subid_owners.c' object='get_subid_owners-get_subid_owners.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(get_subid_owners_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o get_subid_owners-get_subid_owners.o `test -f 'get_subid_owners.c' || echo '$(srcdir)/'`get_subid_owners.c + +get_subid_owners-get_subid_owners.obj: get_subid_owners.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(get_subid_owners_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT get_subid_owners-get_subid_owners.obj -MD -MP -MF $(DEPDIR)/get_subid_owners-get_subid_owners.Tpo -c -o get_subid_owners-get_subid_owners.obj `if test -f 'get_subid_owners.c'; then $(CYGPATH_W) 'get_subid_owners.c'; else $(CYGPATH_W) '$(srcdir)/get_subid_owners.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/get_subid_owners-get_subid_owners.Tpo $(DEPDIR)/get_subid_owners-get_subid_owners.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='get_subid_owners.c' object='get_subid_owners-get_subid_owners.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(get_subid_owners_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o get_subid_owners-get_subid_owners.obj `if test -f 'get_subid_owners.c'; then $(CYGPATH_W) 'get_subid_owners.c'; else $(CYGPATH_W) '$(srcdir)/get_subid_owners.c'; fi` + +list_subid_ranges-list_subid_ranges.o: list_subid_ranges.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(list_subid_ranges_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT list_subid_ranges-list_subid_ranges.o -MD -MP -MF $(DEPDIR)/list_subid_ranges-list_subid_ranges.Tpo -c -o list_subid_ranges-list_subid_ranges.o `test -f 'list_subid_ranges.c' || echo '$(srcdir)/'`list_subid_ranges.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/list_subid_ranges-list_subid_ranges.Tpo $(DEPDIR)/list_subid_ranges-list_subid_ranges.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='list_subid_ranges.c' object='list_subid_ranges-list_subid_ranges.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(list_subid_ranges_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o list_subid_ranges-list_subid_ranges.o `test -f 'list_subid_ranges.c' || echo '$(srcdir)/'`list_subid_ranges.c + +list_subid_ranges-list_subid_ranges.obj: list_subid_ranges.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(list_subid_ranges_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT list_subid_ranges-list_subid_ranges.obj -MD -MP -MF $(DEPDIR)/list_subid_ranges-list_subid_ranges.Tpo -c -o list_subid_ranges-list_subid_ranges.obj `if test -f 'list_subid_ranges.c'; then $(CYGPATH_W) 'list_subid_ranges.c'; else $(CYGPATH_W) '$(srcdir)/list_subid_ranges.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/list_subid_ranges-list_subid_ranges.Tpo $(DEPDIR)/list_subid_ranges-list_subid_ranges.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='list_subid_ranges.c' object='list_subid_ranges-list_subid_ranges.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(list_subid_ranges_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o list_subid_ranges-list_subid_ranges.obj `if test -f 'list_subid_ranges.c'; then $(CYGPATH_W) 'list_subid_ranges.c'; else $(CYGPATH_W) '$(srcdir)/list_subid_ranges.c'; fi` + +new_subid_range-new_subid_range.o: new_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(new_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT new_subid_range-new_subid_range.o -MD -MP -MF $(DEPDIR)/new_subid_range-new_subid_range.Tpo -c -o new_subid_range-new_subid_range.o `test -f 'new_subid_range.c' || echo '$(srcdir)/'`new_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/new_subid_range-new_subid_range.Tpo $(DEPDIR)/new_subid_range-new_subid_range.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='new_subid_range.c' object='new_subid_range-new_subid_range.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(new_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o new_subid_range-new_subid_range.o `test -f 'new_subid_range.c' || echo '$(srcdir)/'`new_subid_range.c + +new_subid_range-new_subid_range.obj: new_subid_range.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(new_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT new_subid_range-new_subid_range.obj -MD -MP -MF $(DEPDIR)/new_subid_range-new_subid_range.Tpo -c -o new_subid_range-new_subid_range.obj `if test -f 'new_subid_range.c'; then $(CYGPATH_W) 'new_subid_range.c'; else $(CYGPATH_W) '$(srcdir)/new_subid_range.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/new_subid_range-new_subid_range.Tpo $(DEPDIR)/new_subid_range-new_subid_range.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='new_subid_range.c' object='new_subid_range-new_subid_range.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(new_subid_range_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o new_subid_range-new_subid_range.obj `if test -f 'new_subid_range.c'; then $(CYGPATH_W) 'new_subid_range.c'; else $(CYGPATH_W) '$(srcdir)/new_subid_range.c'; fi` + mostlyclean-libtool: -rm -f *.lo @@ -1125,10 +1329,7 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -distdir-am: $(DISTFILES) +distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -1199,43 +1400,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool \ clean-usbinPROGRAMS mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/chage.Po - -rm -f ./$(DEPDIR)/chfn.Po - -rm -f ./$(DEPDIR)/chgpasswd.Po - -rm -f ./$(DEPDIR)/chpasswd.Po - -rm -f ./$(DEPDIR)/chsh.Po - -rm -f ./$(DEPDIR)/expiry.Po - -rm -f ./$(DEPDIR)/faillog.Po - -rm -f ./$(DEPDIR)/gpasswd.Po - -rm -f ./$(DEPDIR)/groupadd.Po - -rm -f ./$(DEPDIR)/groupdel.Po - -rm -f ./$(DEPDIR)/groupmems.Po - -rm -f ./$(DEPDIR)/groupmod.Po - -rm -f ./$(DEPDIR)/groups.Po - -rm -f ./$(DEPDIR)/grpck.Po - -rm -f ./$(DEPDIR)/grpconv.Po - -rm -f ./$(DEPDIR)/grpunconv.Po - -rm -f ./$(DEPDIR)/id.Po - -rm -f ./$(DEPDIR)/lastlog.Po - -rm -f ./$(DEPDIR)/login.Po - -rm -f ./$(DEPDIR)/login_nopam.Po - -rm -f ./$(DEPDIR)/logoutd.Po - -rm -f ./$(DEPDIR)/newgidmap.Po - -rm -f ./$(DEPDIR)/newgrp.Po - -rm -f ./$(DEPDIR)/newuidmap.Po - -rm -f ./$(DEPDIR)/newusers.Po - -rm -f ./$(DEPDIR)/nologin.Po - -rm -f ./$(DEPDIR)/passwd.Po - -rm -f ./$(DEPDIR)/pwck.Po - -rm -f ./$(DEPDIR)/pwconv.Po - -rm -f ./$(DEPDIR)/pwunconv.Po - -rm -f ./$(DEPDIR)/su.Po - -rm -f ./$(DEPDIR)/suauth.Po - -rm -f ./$(DEPDIR)/sulogin.Po - -rm -f ./$(DEPDIR)/useradd.Po - -rm -f ./$(DEPDIR)/userdel.Po - -rm -f ./$(DEPDIR)/usermod.Po - -rm -f ./$(DEPDIR)/vipw.Po + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1281,43 +1446,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/chage.Po - -rm -f ./$(DEPDIR)/chfn.Po - -rm -f ./$(DEPDIR)/chgpasswd.Po - -rm -f ./$(DEPDIR)/chpasswd.Po - -rm -f ./$(DEPDIR)/chsh.Po - -rm -f ./$(DEPDIR)/expiry.Po - -rm -f ./$(DEPDIR)/faillog.Po - -rm -f ./$(DEPDIR)/gpasswd.Po - -rm -f ./$(DEPDIR)/groupadd.Po - -rm -f ./$(DEPDIR)/groupdel.Po - -rm -f ./$(DEPDIR)/groupmems.Po - -rm -f ./$(DEPDIR)/groupmod.Po - -rm -f ./$(DEPDIR)/groups.Po - -rm -f ./$(DEPDIR)/grpck.Po - -rm -f ./$(DEPDIR)/grpconv.Po - -rm -f ./$(DEPDIR)/grpunconv.Po - -rm -f ./$(DEPDIR)/id.Po - -rm -f ./$(DEPDIR)/lastlog.Po - -rm -f ./$(DEPDIR)/login.Po - -rm -f ./$(DEPDIR)/login_nopam.Po - -rm -f ./$(DEPDIR)/logoutd.Po - -rm -f ./$(DEPDIR)/newgidmap.Po - -rm -f ./$(DEPDIR)/newgrp.Po - -rm -f ./$(DEPDIR)/newuidmap.Po - -rm -f ./$(DEPDIR)/newusers.Po - -rm -f ./$(DEPDIR)/nologin.Po - -rm -f ./$(DEPDIR)/passwd.Po - -rm -f ./$(DEPDIR)/pwck.Po - -rm -f ./$(DEPDIR)/pwconv.Po - -rm -f ./$(DEPDIR)/pwunconv.Po - -rm -f ./$(DEPDIR)/su.Po - -rm -f ./$(DEPDIR)/suauth.Po - -rm -f ./$(DEPDIR)/sulogin.Po - -rm -f ./$(DEPDIR)/useradd.Po - -rm -f ./$(DEPDIR)/userdel.Po - -rm -f ./$(DEPDIR)/usermod.Po - -rm -f ./$(DEPDIR)/vipw.Po + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1339,7 +1468,7 @@ uninstall-am: uninstall-binPROGRAMS uninstall-sbinPROGRAMS \ .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ clean-binPROGRAMS clean-generic clean-libtool \ clean-noinstPROGRAMS clean-sbinPROGRAMS clean-ubinPROGRAMS \ clean-usbinPROGRAMS cscopelist-am ctags ctags-am distclean \ diff --git a/src/chage.c b/src/chage.c index bcc58c95..f0dc0067 100644 --- a/src/chage.c +++ b/src/chage.c @@ -62,6 +62,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool dflg = false, /* set last password change date */ @@ -203,10 +204,10 @@ static int new_fields (void) return 0; } - if (-1 == lstchgdate) { + if (-1 == lstchgdate || lstchgdate > LONG_MAX / SCALE) { strcpy (buf, "-1"); } else { - date_to_str (buf, sizeof buf, (time_t) lstchgdate * SCALE); + date_to_str (buf, sizeof buf, (time_t) (lstchgdate * SCALE)); } change_field (buf, sizeof buf, _("Last Password Change (YYYY-MM-DD)")); @@ -234,10 +235,10 @@ static int new_fields (void) return 0; } - if (-1 == expdate) { + if (-1 == expdate || LONG_MAX / SCALE < expdate) { strcpy (buf, "-1"); } else { - date_to_str (buf, sizeof buf, (time_t) expdate * SCALE); + date_to_str (buf, sizeof buf, (time_t) (expdate * SCALE)); } change_field (buf, sizeof buf, @@ -309,7 +310,7 @@ static void list_fields (void) * was last modified. The date is the number of days since 1/1/1970. */ (void) fputs (_("Last password change\t\t\t\t\t: "), stdout); - if (lstchgdate < 0) { + if (lstchgdate < 0 || lstchgdate > LONG_MAX / SCALE) { (void) puts (_("never")); } else if (lstchgdate == 0) { (void) puts (_("password must be changed")); @@ -327,7 +328,8 @@ static void list_fields (void) (void) puts (_("password must be changed")); } else if ( (lstchgdate < 0) || (maxdays >= (10000 * (DAY / SCALE))) - || (maxdays < 0)) { + || (maxdays < 0) + || ((LONG_MAX - changed) / SCALE < maxdays)) { (void) puts (_("never")); } else { expires = changed + maxdays * SCALE; @@ -346,7 +348,9 @@ static void list_fields (void) } else if ( (lstchgdate < 0) || (inactdays < 0) || (maxdays >= (10000 * (DAY / SCALE))) - || (maxdays < 0)) { + || (maxdays < 0) + || (maxdays > LONG_MAX - inactdays) + || ((LONG_MAX - changed) / SCALE < maxdays + inactdays)) { (void) puts (_("never")); } else { expires = changed + (maxdays + inactdays) * SCALE; @@ -358,7 +362,7 @@ static void list_fields (void) * password expiring or not. */ (void) fputs (_("Account expires\t\t\t\t\t\t: "), stdout); - if (expdate < 0) { + if (expdate < 0 || LONG_MAX / SCALE < expdate) { (void) puts (_("never")); } else { expires = expdate * SCALE; @@ -811,6 +815,7 @@ int main (int argc, char **argv) * Get the program name so that error messages can use it. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; sanitize_env (); (void) setlocale (LC_ALL, ""); diff --git a/src/check_subid_range.c b/src/check_subid_range.c new file mode 100644 index 00000000..8a9d5258 --- /dev/null +++ b/src/check_subid_range.c @@ -0,0 +1,50 @@ +// This program is for testing purposes only. +// usage is "[program] owner [u|g] start count +// Exits 0 if owner has subid range starting start, of size count +// Exits 1 otherwise. + +#include <config.h> +#include <stdio.h> +#include <string.h> +#include <errno.h> +#include <stdbool.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include "defines.h" +#include "prototypes.h" +#include "subordinateio.h" +#include "idmapping.h" + +const char *Prog; +FILE *shadow_logfd = NULL; + +int main(int argc, char **argv) +{ + char *owner; + unsigned long start, count; + bool check_uids; + Prog = Basename (argv[0]); + shadow_logfd = stderr; + + if (argc != 5) + exit(1); + + owner = argv[1]; + check_uids = argv[2][0] == 'u'; + start = strtoul(argv[3], NULL, 10); + if (start == ULONG_MAX && errno == ERANGE) + exit(1); + count = strtoul(argv[4], NULL, 10); + if (count == ULONG_MAX && errno == ERANGE) + exit(1); + if (check_uids) { + if (have_sub_uids(owner, start, count)) + exit(0); + exit(1); + } + if (have_sub_gids(owner, start, count)) + exit(0); + exit(1); +} @@ -57,11 +57,12 @@ * Global variables. */ const char *Prog; +FILE *shadow_logfd = NULL; static char fullnm[BUFSIZ]; static char roomno[BUFSIZ]; static char workph[BUFSIZ]; static char homeph[BUFSIZ]; -static char slop[BUFSIZ]; +static char slop[BUFSIZ + 1 + 80]; static bool amroot; /* Flags */ static bool fflg = false; /* -f - set full name */ @@ -311,6 +312,11 @@ static void process_flags (int argc, char **argv) exit (E_NOPERM); } oflg = true; + if (strlen (optarg) > (unsigned int) 80) { + fprintf (stderr, + _("%s: fields too long\n"), Prog); + exit (E_NOPERM); + } STRFCPY (slop, optarg); break; case 'r': @@ -634,6 +640,7 @@ int main (int argc, char **argv) * prefix to most error messages. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; sanitize_env (); (void) setlocale (LC_ALL, ""); diff --git a/src/chgpasswd.c b/src/chgpasswd.c index 4013abb3..56f3e882 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -59,11 +59,12 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool eflg = false; static bool md5flg = false; -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) static bool sflg = false; -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ static /*@null@*//*@observer@*/const char *crypt_method = NULL; #define cflg (NULL != crypt_method) @@ -73,6 +74,9 @@ static long sha_rounds = 5000; #ifdef USE_BCRYPT static long bcrypt_rounds = 13; #endif +#ifdef USE_YESCRYPT +static long yescrypt_cost = 5; +#endif #ifdef SHADOWGRP static bool is_shadow_grp; @@ -128,14 +132,15 @@ static /*@noreturn@*/void usage (int status) Prog); (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), -#if !defined(USE_SHA_CRYPT) && !defined(USE_BCRYPT) "NONE DES MD5" -#elif defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) - "NONE DES MD5 SHA256 SHA512 BCRYPT" -#elif defined(USE_SHA_CRYPT) - "NONE DES MD5 SHA256 SHA512" -#else - "NONE DES MD5 BCRYPT" +#if defined(USE_SHA_CRYPT) + " SHA256 SHA512" +#endif +#if defined(USE_BCRYPT) + " BCRYPT" +#endif +#if defined(USE_YESCRYPT) + " YESCRYPT" #endif ); (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout); @@ -144,11 +149,11 @@ static /*@noreturn@*/void usage (int status) " the MD5 algorithm\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) - (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA or BCRYPT\n" - " crypt algorithms\n"), +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) + (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n" + " or YESCRYPT crypt algorithms\n"), usageout); -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ (void) fputs ("\n", usageout); exit (status); @@ -162,19 +167,22 @@ static /*@noreturn@*/void usage (int status) static void process_flags (int argc, char **argv) { int c; +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) + int bad_s; +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ static struct option long_options[] = { {"crypt-method", required_argument, NULL, 'c'}, {"encrypted", no_argument, NULL, 'e'}, {"help", no_argument, NULL, 'h'}, {"md5", no_argument, NULL, 'm'}, {"root", required_argument, NULL, 'R'}, -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) {"sha-rounds", required_argument, NULL, 's'}, -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) "c:ehmR:s:", #else "c:ehmR:", @@ -195,40 +203,36 @@ static void process_flags (int argc, char **argv) break; case 'R': /* no-op, handled in process_root_flag () */ break; -#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) case 's': sflg = true; + bad_s = 0; +#if defined(USE_SHA_CRYPT) if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) - && (0 == getlong(optarg, &sha_rounds))) - || ( (0 == strcmp (crypt_method, "BCRYPT")) + && (0 == getlong(optarg, &sha_rounds)))) { + bad_s = 1; + } +#endif /* USE_SHA_CRYPT */ +#if defined(USE_BCRYPT) + if (( (0 == strcmp (crypt_method, "BCRYPT")) && (0 == getlong(optarg, &bcrypt_rounds)))) { + bad_s = 1; + } +#endif /* USE_BCRYPT */ +#if defined(USE_YESCRYPT) + if (( (0 == strcmp (crypt_method, "YESCRYPT")) + && (0 == getlong(optarg, &yescrypt_cost)))) { + bad_s = 1; + } +#endif /* USE_YESCRYPT */ + if (bad_s != 0) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, optarg); usage (E_USAGE); } break; -#elif defined(USE_SHA_CRYPT) - case 's': - sflg = true; - if (0 == getlong(optarg, &sha_rounds)) { - fprintf (stderr, - _("%s: invalid numeric argument '%s'\n"), - Prog, optarg); - usage (E_USAGE); - } - break; -#elif defined(USE_BCRYPT) - case 's': - sflg = true; - if (0 == getlong(optarg, &bcrypt_rounds)) { - fprintf (stderr, - _("%s: invalid numeric argument '%s'\n"), - Prog, optarg); - usage (E_USAGE); - } - break; -#endif +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ default: usage (E_USAGE); @@ -247,7 +251,7 @@ static void process_flags (int argc, char **argv) */ static void check_flags (void) { -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), @@ -271,10 +275,13 @@ static void check_flags (void) #ifdef USE_SHA_CRYPT && (0 != strcmp (crypt_method, "SHA256")) && (0 != strcmp (crypt_method, "SHA512")) -#endif +#endif /* USE_SHA_CRYPT */ #ifdef USE_BCRYPT && (0 != strcmp (crypt_method, "BCRYPT")) -#endif +#endif /* USE_BCRYPT */ +#ifdef USE_YESCRYPT + && (0 != strcmp (crypt_method, "YESCRYPT")) +#endif /* USE_YESCRYPT */ ) { fprintf (stderr, _("%s: unsupported crypt method: %s\n"), @@ -431,6 +438,7 @@ int main (int argc, char **argv) int line = 0; Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); @@ -497,23 +505,24 @@ int main (int argc, char **argv) if (md5flg) { crypt_method = "MD5"; } -#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) if (sflg) { +#if defined(USE_SHA_CRYPT) if ( (0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) { arg = &sha_rounds; } - else if (0 == strcmp (crypt_method, "BCRYPT")) { +#endif /* USE_SHA_CRYPT */ +#if defined(USE_BCRYPT) + if (0 == strcmp (crypt_method, "BCRYPT")) { arg = &bcrypt_rounds; } - } -#elif defined(USE_SHA_CRYPT) - if (sflg) { - arg = &sha_rounds; - } -#elif defined(USE_BCRYPT) - if (sflg) { - arg = &bcrypt_rounds; +#endif /* USE_BCRYPT */ +#if defined(USE_YESCRYPT) + if (0 == strcmp (crypt_method, "YESCRYPT")) { + arg = &yescrypt_cost; + } +#endif /* USE_YESCRYPT */ } #endif salt = crypt_make_salt (crypt_method, arg); diff --git a/src/chpasswd.c b/src/chpasswd.c index be61e038..8a012273 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -56,9 +56,10 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool eflg = false; static bool md5flg = false; -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) static bool sflg = false; #endif @@ -70,6 +71,9 @@ static long sha_rounds = 5000; #ifdef USE_BCRYPT static long bcrypt_rounds = 13; #endif +#ifdef USE_YESCRYPT +static long yescrypt_cost = 5; +#endif static bool is_shadow_pwd; static bool pw_locked = false; @@ -121,14 +125,15 @@ static /*@noreturn@*/void usage (int status) Prog); (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), -#if !defined(USE_SHA_CRYPT) && !defined(USE_BCRYPT) "NONE DES MD5" -#elif defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) - "NONE DES MD5 SHA256 SHA512 BCRYPT" -#elif defined(USE_SHA_CRYPT) - "NONE DES MD5 SHA256 SHA512" -#else - "NONE DES MD5 BCRYPT" +#if defined(USE_SHA_CRYPT) + " SHA256 SHA512" +#endif +#if defined(USE_BCRYPT) + " BCRYPT" +#endif +#if defined(USE_YESCRYPT) + " YESCRYPT" #endif ); (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout); @@ -137,11 +142,11 @@ static /*@noreturn@*/void usage (int status) " the MD5 algorithm\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) - (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA or BCRYPT\n" - " crypt algorithms\n"), +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) + (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n" + " or YESCRYPT crypt algorithms\n"), usageout); -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ (void) fputs ("\n", usageout); exit (status); @@ -155,20 +160,23 @@ static /*@noreturn@*/void usage (int status) static void process_flags (int argc, char **argv) { int c; +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) + int bad_s; +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ static struct option long_options[] = { {"crypt-method", required_argument, NULL, 'c'}, {"encrypted", no_argument, NULL, 'e'}, {"help", no_argument, NULL, 'h'}, {"md5", no_argument, NULL, 'm'}, {"root", required_argument, NULL, 'R'}, -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) {"sha-rounds", required_argument, NULL, 's'}, -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) "c:ehmR:s:", #else "c:ehmR:", @@ -189,40 +197,36 @@ static void process_flags (int argc, char **argv) break; case 'R': /* no-op, handled in process_root_flag () */ break; -#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) case 's': sflg = true; + bad_s = 0; +#if defined(USE_SHA_CRYPT) if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) - && (0 == getlong(optarg, &sha_rounds))) - || ( (0 == strcmp (crypt_method, "BCRYPT")) + && (0 == getlong(optarg, &sha_rounds)))) { + bad_s = 1; + } +#endif /* USE_SHA_CRYPT */ +#if defined(USE_BCRYPT) + if (( (0 == strcmp (crypt_method, "BCRYPT")) && (0 == getlong(optarg, &bcrypt_rounds)))) { + bad_s = 1; + } +#endif /* USE_BCRYPT */ +#if defined(USE_YESCRYPT) + if (( (0 == strcmp (crypt_method, "YESCRYPT")) + && (0 == getlong(optarg, &yescrypt_cost)))) { + bad_s = 1; + } +#endif /* USE_YESCRYPT */ + if (bad_s != 0) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, optarg); usage (E_USAGE); } break; -#elif defined(USE_SHA_CRYPT) - case 's': - sflg = true; - if (0 == getlong(optarg, &sha_rounds)) { - fprintf (stderr, - _("%s: invalid numeric argument '%s'\n"), - Prog, optarg); - usage (E_USAGE); - } - break; -#elif defined(USE_BCRYPT) - case 's': - sflg = true; - if (0 == getlong(optarg, &bcrypt_rounds)) { - fprintf (stderr, - _("%s: invalid numeric argument '%s'\n"), - Prog, optarg); - usage (E_USAGE); - } - break; -#endif +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ default: usage (E_USAGE); @@ -241,7 +245,7 @@ static void process_flags (int argc, char **argv) */ static void check_flags (void) { -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), @@ -269,6 +273,9 @@ static void check_flags (void) #ifdef USE_BCRYPT && (0 != strcmp (crypt_method, "BCRYPT")) #endif /* USE_BCRYPT */ +#ifdef USE_YESCRYPT + && (0 != strcmp (crypt_method, "YESCRYPT")) +#endif /* USE_YESCRYPT */ ) { fprintf (stderr, _("%s: unsupported crypt method: %s\n"), @@ -423,6 +430,7 @@ int main (int argc, char **argv) int line = 0; Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); @@ -530,23 +538,24 @@ int main (int argc, char **argv) if (md5flg) { crypt_method = "MD5"; } -#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) if (sflg) { +#if defined(USE_SHA_CRYPT) if ( (0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) { arg = &sha_rounds; } - else if (0 == strcmp (crypt_method, "BCRYPT")) { +#endif /* USE_SHA_CRYPT */ +#if defined(USE_BCRYPT) + if (0 == strcmp (crypt_method, "BCRYPT")) { arg = &bcrypt_rounds; } - } -#elif defined(USE_SHA_CRYPT) - if (sflg) { - arg = &sha_rounds; - } -#elif defined(USE_BCRYPT) - if (sflg) { - arg = &bcrypt_rounds; +#endif /* USE_BCRYPT */ +#if defined(USE_YESCRYPT) + if (0 == strcmp (crypt_method, "YESCRYPT")) { + arg = &yescrypt_cost; + } +#endif /* USE_YESCRYPT */ } #endif salt = crypt_make_salt (crypt_method, arg); @@ -59,6 +59,7 @@ * Global variables */ const char *Prog; /* Program name */ +FILE *shadow_logfd = NULL; static bool amroot; /* Real UID is root */ static char loginsh[BUFSIZ]; /* Name of new login shell */ /* command line options */ @@ -441,6 +442,7 @@ int main (int argc, char **argv) * most error messages. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/expiry.c b/src/expiry.c index 41add942..1d200716 100644 --- a/src/expiry.c +++ b/src/expiry.c @@ -46,6 +46,7 @@ /* Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool cflg = false; /* local function prototypes */ @@ -144,6 +145,7 @@ int main (int argc, char **argv) struct spwd *spwd; Prog = Basename (argv[0]); + shadow_logfd = stderr; sanitize_env (); diff --git a/src/faillog.c b/src/faillog.c index 1309dad4..d09f1511 100644 --- a/src/faillog.c +++ b/src/faillog.c @@ -62,6 +62,7 @@ static void reset (void); * Global variables */ const char *Prog; /* Program name */ +FILE *shadow_logfd = NULL; static FILE *fail; /* failure file stream */ static time_t seconds; /* that number of days in seconds */ static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ @@ -163,6 +164,10 @@ static void print_one (/*@null@*/const struct passwd *pw, bool force) } tm = localtime (&fl.fail_time); + if (!tm) { + fprintf (stderr, "Cannot read time from faillog.\n"); + return; + } #ifdef HAVE_STRFTIME strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm); cp = ptime; @@ -569,6 +574,7 @@ int main (int argc, char **argv) * most error messages. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/free_subid_range.c b/src/free_subid_range.c new file mode 100644 index 00000000..1e666371 --- /dev/null +++ b/src/free_subid_range.c @@ -0,0 +1,52 @@ +#include <stdio.h> +#include <unistd.h> +#include "subid.h" +#include "stdlib.h" +#include "prototypes.h" + +/* Test program for the subid freeing routine */ + +const char *Prog; +FILE *shadow_logfd = NULL; + +void usage(void) +{ + fprintf(stderr, "Usage: %s [-g] user start count\n", Prog); + fprintf(stderr, " Release a user's subuid (or with -g, subgid) range\n"); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) +{ + int c; + bool ok; + struct subordinate_range range; + bool group = false; // get subuids by default + + Prog = Basename (argv[0]); + shadow_logfd = stderr; + while ((c = getopt(argc, argv, "g")) != EOF) { + switch(c) { + case 'g': group = true; break; + default: usage(); + } + } + argv = &argv[optind]; + argc = argc - optind; + if (argc < 3) + usage(); + range.owner = argv[0]; + range.start = atoi(argv[1]); + range.count = atoi(argv[2]); + if (group) + ok = ungrant_subgid_range(&range); + else + ok = ungrant_subuid_range(&range); + + if (!ok) { + fprintf(stderr, "Failed freeing id range\n"); + exit(EXIT_FAILURE); + } + + return 0; +} diff --git a/src/get_subid_owners.c b/src/get_subid_owners.c new file mode 100644 index 00000000..f9a266ba --- /dev/null +++ b/src/get_subid_owners.c @@ -0,0 +1,42 @@ +#include <stdio.h> +#include "subid.h" +#include "stdlib.h" +#include "prototypes.h" + +const char *Prog; +FILE *shadow_logfd = NULL; + +void usage(void) +{ + fprintf(stderr, "Usage: [-g] %s subuid\n", Prog); + fprintf(stderr, " list uids who own the given subuid\n"); + fprintf(stderr, " pass -g to query a subgid\n"); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) +{ + int i, n; + uid_t *uids; + + Prog = Basename (argv[0]); + shadow_logfd = stderr; + if (argc < 2) { + usage(); + } + if (argc == 3 && strcmp(argv[1], "-g") == 0) + n = get_subgid_owners(atoi(argv[2]), &uids); + else if (argc == 2 && strcmp(argv[1], "-h") == 0) + usage(); + else + n = get_subuid_owners(atoi(argv[1]), &uids); + if (n < 0) { + fprintf(stderr, "No owners found\n"); + exit(1); + } + for (i = 0; i < n; i++) { + printf("%d\n", uids[i]); + } + free(uids); + return 0; +} diff --git a/src/gpasswd.c b/src/gpasswd.c index 4d75af96..a43d9a59 100644 --- a/src/gpasswd.c +++ b/src/gpasswd.c @@ -58,6 +58,7 @@ */ /* The name of this command, as it is invoked */ const char *Prog; +FILE *shadow_logfd = NULL; #ifdef SHADOWGRP /* Indicate if shadow groups are enabled on the system @@ -988,6 +989,7 @@ int main (int argc, char **argv) */ bywho = getuid (); Prog = Basename (argv[0]); + shadow_logfd = stderr; OPENLOG ("gpasswd"); setbuf (stdout, NULL); @@ -1204,6 +1206,17 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_GROUP); +#ifdef SHADOWGRP + if (sgent.sg_adm) { + xfree(sgent.sg_adm); + } + if (sgent.sg_mem) { + xfree(sgent.sg_mem); + } +#endif + if (grent.gr_mem) { + xfree(grent.gr_mem); + } exit (E_SUCCESS); } diff --git a/src/groupadd.c b/src/groupadd.c index 2dd8eec9..d7f68b1a 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -72,6 +72,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static /*@null@*/char *group_name; static gid_t group_id; @@ -79,6 +80,7 @@ static /*@null@*/char *group_passwd; static /*@null@*/char *empty_list = NULL; static const char *prefix = ""; +static char *user_list; static bool oflg = false; /* permit non-unique group ID to be specified with -g */ static bool gflg = false; /* ID value for the new group */ @@ -126,7 +128,8 @@ static /*@noreturn@*/void usage (int status) (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); (void) fputs (_(" -r, --system create a system account\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout); + (void) fputs (_(" -P, --prefix PREFIX_DI directory prefix\n"), usageout); + (void) fputs (_(" -U, --users USERS list of user members of this group\n"), usageout); (void) fputs ("\n", usageout); exit (status); } @@ -207,6 +210,19 @@ static void grp_update (void) } #endif /* SHADOWGRP */ + if (user_list) { + char *token; + token = strtok(user_list, ","); + while (token) { + if (prefix_getpwnam (token) == NULL) { + fprintf (stderr, _("Invalid member username %s\n"), token); + exit (E_GRP_UPDATE); + } + grp.gr_mem = add_list(grp.gr_mem, token); + token = strtok(NULL, ","); + } + } + /* * Write out the new group file entry. */ @@ -391,10 +407,11 @@ static void process_flags (int argc, char **argv) {"system", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, {"prefix", required_argument, NULL, 'P'}, + {"users", required_argument, NULL, 'U'}, {NULL, 0, NULL, '\0'} }; - while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:", + while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:U:", long_options, NULL)) != -1) { switch (c) { case 'f': @@ -453,6 +470,9 @@ static void process_flags (int argc, char **argv) break; case 'P': /* no-op, handled in process_prefix_flag () */ break; + case 'U': + user_list = optarg; + break; default: usage (E_USAGE); } @@ -579,6 +599,7 @@ int main (int argc, char **argv) * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/groupdel.c b/src/groupdel.c index f941a84a..5c893128 100644 --- a/src/groupdel.c +++ b/src/groupdel.c @@ -58,6 +58,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static char *group_name; static gid_t group_id = -1; @@ -323,6 +324,7 @@ static void process_flags (int argc, char **argv) int c; static struct option long_options[] = { {"help", no_argument, NULL, 'h'}, + {"force", no_argument, NULL, 'f'}, {"root", required_argument, NULL, 'R'}, {"prefix", required_argument, NULL, 'P'}, {NULL, 0, NULL, '\0'} @@ -375,6 +377,7 @@ int main (int argc, char **argv) * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/groupmems.c b/src/groupmems.c index fc91c8b1..654a8f3a 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -65,6 +65,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static char *adduser = NULL; static char *deluser = NULL; @@ -595,6 +596,7 @@ int main (int argc, char **argv) * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/groupmod.c b/src/groupmod.c index 1dca5fc9..acd6f350 100644 --- a/src/groupmod.c +++ b/src/groupmod.c @@ -76,6 +76,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; #ifdef SHADOWGRP static bool is_shadow_grp; @@ -87,6 +88,7 @@ static gid_t group_id; static gid_t group_newid; static const char* prefix = ""; +static char *user_list; static struct cleanup_info_mod info_passwd; static struct cleanup_info_mod info_group; @@ -95,6 +97,7 @@ static struct cleanup_info_mod info_gshadow; #endif static bool + aflg = false, /* append -U members rather than replace them */ oflg = false, /* permit non-unique group ID to be specified with -g */ gflg = false, /* new ID value for the group */ nflg = false, /* a new name has been specified for the group */ @@ -117,6 +120,7 @@ static void open_files (void); static void close_files (void); static void update_primary_groups (gid_t ogid, gid_t ngid); + /* * usage - display usage message and exit */ @@ -129,6 +133,8 @@ static void usage (int status) "\n" "Options:\n"), Prog); + (void) fputs (_(" -a, --append append the users mentioned by -U option to the group \n" + " without removing existing user members\n"), usageout); (void) fputs (_(" -g, --gid GID change the group ID to GID\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -n, --new-name NEW_GROUP change the name to NEW_GROUP\n"), usageout); @@ -137,6 +143,7 @@ static void usage (int status) " PASSWORD\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -U, --users USERS list of user members of this group\n"), usageout); (void) fputs ("\n", usageout); exit (status); } @@ -255,6 +262,32 @@ static void grp_update (void) update_primary_groups (ogrp->gr_gid, group_newid); } + if (user_list) { + char *token; + + if (!aflg) { + // requested to replace the existing groups + if (NULL != grp.gr_mem[0]) + gr_free_members(&grp); + grp.gr_mem = (char **)xmalloc(sizeof(char *)); + grp.gr_mem[0] = (char *)0; + } else { + // append to existing groups + if (NULL != grp.gr_mem[0]) + grp.gr_mem = dup_list (grp.gr_mem); + } + + token = strtok(user_list, ","); + while (token) { + if (prefix_getpwnam (token) == NULL) { + fprintf (stderr, _("Invalid member username %s\n"), token); + exit (E_GRP_UPDATE); + } + grp.gr_mem = add_list(grp.gr_mem, token); + token = strtok(NULL, ","); + } + } + /* * Write out the new group file entry. */ @@ -379,6 +412,7 @@ static void process_flags (int argc, char **argv) { int c; static struct option long_options[] = { + {"append", no_argument, NULL, 'a'}, {"gid", required_argument, NULL, 'g'}, {"help", no_argument, NULL, 'h'}, {"new-name", required_argument, NULL, 'n'}, @@ -386,11 +420,15 @@ static void process_flags (int argc, char **argv) {"password", required_argument, NULL, 'p'}, {"root", required_argument, NULL, 'R'}, {"prefix", required_argument, NULL, 'P'}, + {"users", required_argument, NULL, 'U'}, {NULL, 0, NULL, '\0'} }; - while ((c = getopt_long (argc, argv, "g:hn:op:R:P:", + while ((c = getopt_long (argc, argv, "ag:hn:op:R:P:U:", long_options, NULL)) != -1) { switch (c) { + case 'a': + aflg = true; + break; case 'g': gflg = true; if ( (get_gid (optarg, &group_newid) == 0) @@ -419,6 +457,9 @@ static void process_flags (int argc, char **argv) break; case 'P': /* no-op, handled in process_prefix_flag () */ break; + case 'U': + user_list = optarg; + break; default: usage (E_USAGE); } @@ -752,6 +793,7 @@ int main (int argc, char **argv) * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/groups.c b/src/groups.c index fcd669b0..3bfd4830 100644 --- a/src/groups.c +++ b/src/groups.c @@ -43,6 +43,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; /* local function prototypes */ static void print_groups (const char *member); @@ -126,6 +127,7 @@ int main (int argc, char **argv) * Get the program name so that error messages can use it. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; if (argc == 1) { diff --git a/src/grpck.c b/src/grpck.c index e6216efa..b594851b 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -33,8 +33,6 @@ #include <config.h> -#ident "$Id$" - #include <fcntl.h> #include <grp.h> #include <pwd.h> @@ -68,6 +66,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static const char *grp_file = GROUP_FILE; static bool use_system_grp_file = true; @@ -82,6 +81,7 @@ static bool gr_locked = false; /* Options */ static bool read_only = false; static bool sort_mode = false; +static bool silence_warnings = false; /* local function prototypes */ static void fail_exit (int status); @@ -158,6 +158,7 @@ static /*@noreturn@*/void usage (int status) " but do not change files\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); (void) fputs (_(" -s, --sort sort entries by UID\n"), usageout); + (void) fputs (_(" -S, --silence-warnings silence controversial/paranoid warnings\n"), usageout); (void) fputs ("\n", usageout); exit (status); } @@ -193,18 +194,19 @@ static void process_flags (int argc, char **argv) { int c; static struct option long_options[] = { - {"help", no_argument, NULL, 'h'}, - {"quiet", no_argument, NULL, 'q'}, - {"read-only", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, - {"sort", no_argument, NULL, 's'}, + {"help", no_argument, NULL, 'h'}, + {"quiet", no_argument, NULL, 'q'}, + {"read-only", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, + {"silence-warnings", no_argument, NULL, 'S'}, + {"sort", no_argument, NULL, 's'}, {NULL, 0, NULL, '\0'} }; /* * Parse the command line arguments */ - while ((c = getopt_long (argc, argv, "hqrR:s", + while ((c = getopt_long (argc, argv, "hqrR:sS", long_options, NULL)) != -1) { switch (c) { case 'h': @@ -221,6 +223,9 @@ static void process_flags (int argc, char **argv) case 's': sort_mode = true; break; + case 'S': + silence_warnings = true; + break; default: usage (E_USAGE); } @@ -456,7 +461,7 @@ static void compare_members_lists (const char *groupname, break; } } - if (*other_pmem == NULL) { + if (!silence_warnings && *other_pmem == NULL) { printf ("'%s' is a member of the '%s' group in %s but not in %s\n", *pmem, groupname, file, other_file); @@ -836,6 +841,7 @@ int main (int argc, char **argv) * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/grpconv.c b/src/grpconv.c index 5e5eaaca..aecafa40 100644 --- a/src/grpconv.c +++ b/src/grpconv.c @@ -59,6 +59,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool gr_locked = false; static bool sgr_locked = false; @@ -146,6 +147,7 @@ int main (int argc, char **argv) struct sgrp sgent; Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/grpunconv.c b/src/grpunconv.c index e4105c26..d750e2bd 100644 --- a/src/grpunconv.c +++ b/src/grpunconv.c @@ -59,6 +59,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool gr_locked = false; static bool sgr_locked = false; @@ -145,6 +146,7 @@ int main (int argc, char **argv) const struct sgrp *sg; Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/lastlog.c b/src/lastlog.c index c1caedb0..1b1803e1 100644 --- a/src/lastlog.c +++ b/src/lastlog.c @@ -42,6 +42,9 @@ #include <sys/types.h> #include <time.h> #include <assert.h> +#ifdef HAVE_LL_HOST +#include <net/if.h> +#endif #include "defines.h" #include "prototypes.h" #include "getdef.h" @@ -59,6 +62,7 @@ * Global variables */ const char *Prog; /* Program name */ +FILE *shadow_logfd = NULL; static FILE *lastlogfile; /* lastlog file stream */ static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ static bool has_umin = false; @@ -109,6 +113,10 @@ static void print_one (/*@null@*/const struct passwd *pw) char ptime[80]; #endif +#ifdef HAVE_LL_HOST + int maxIPv6Addrlen; +#endif + if (NULL == pw) { return; } @@ -150,7 +158,17 @@ static void print_one (/*@null@*/const struct passwd *pw) /* Print the header only once */ if (!once) { #ifdef HAVE_LL_HOST - puts (_("Username Port From Latest")); + /* + * ll_host is in minimized form, thus the maximum IPv6 address possible is + * 8*4+7 = 39 characters. + * RFC 4291 2.5.6 states that for LL-addresses fe80+only the interface ID is set, + * thus having a maximum size of 25+1+IFNAMSIZ. + * POSIX says IFNAMSIZ should be 16 characters long including the null byte, thus + * 25+1+IFNAMSIZ >= 42 > 39 + */ + /* Link-Local address + % + Interfacename */ + maxIPv6Addrlen = 25+1+IFNAMSIZ; + printf (_("Username Port From%*sLatest\n"), maxIPv6Addrlen-3, " "); #else puts (_("Username Port Latest")); #endif @@ -172,8 +190,8 @@ static void print_one (/*@null@*/const struct passwd *pw) } #ifdef HAVE_LL_HOST - printf ("%-16s %-8.8s %-16.16s %s\n", - pw->pw_name, ll.ll_line, ll.ll_host, cp); + printf ("%-16s %-8.8s %*s%s\n", + pw->pw_name, ll.ll_line, -maxIPv6Addrlen, ll.ll_host, cp); #else printf ("%-16s\t%-8.8s %s\n", pw->pw_name, ll.ll_line, cp); @@ -300,6 +318,7 @@ int main (int argc, char **argv) * most error messages. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/list_subid_ranges.c b/src/list_subid_ranges.c new file mode 100644 index 00000000..f649a002 --- /dev/null +++ b/src/list_subid_ranges.c @@ -0,0 +1,45 @@ +#include <stdio.h> +#include "subid.h" +#include "stdlib.h" +#include "prototypes.h" + +const char *Prog; +FILE *shadow_logfd = NULL; + +void usage(void) +{ + fprintf(stderr, "Usage: %s [-g] user\n", Prog); + fprintf(stderr, " list subuid ranges for user\n"); + fprintf(stderr, " pass -g to list subgid ranges\n"); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) +{ + int i, count=0; + struct subid_range *ranges; + const char *owner; + + Prog = Basename (argv[0]); + shadow_logfd = stderr; + if (argc < 2) + usage(); + owner = argv[1]; + if (argc == 3 && strcmp(argv[1], "-g") == 0) { + owner = argv[2]; + count = get_subgid_ranges(owner, &ranges); + } else if (argc == 2 && strcmp(argv[1], "-h") == 0) { + usage(); + } else { + count = get_subuid_ranges(owner, &ranges); + } + if (!ranges) { + fprintf(stderr, "Error fetching ranges\n"); + exit(1); + } + for (i = 0; i < count; i++) { + printf("%d: %s %lu %lu\n", i, owner, + ranges[i].start, ranges[i].count); + } + return 0; +} diff --git a/src/login.c b/src/login.c index 00508cd5..7ec2401e 100644 --- a/src/login.c +++ b/src/login.c @@ -83,6 +83,7 @@ static pam_handle_t *pamh = NULL; * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static const char *hostname = ""; static /*@null@*/ /*@only@*/char *username = NULL; @@ -577,6 +578,7 @@ int main (int argc, char **argv) amroot = (getuid () == 0); Prog = Basename (argv[0]); + shadow_logfd = stderr; if (geteuid() != 0) { fprintf (stderr, _("%s: Cannot possibly work without effective root\n"), Prog); @@ -978,6 +980,19 @@ int main (int argc, char **argv) || ('*' == user_passwd[0])) { failed = true; } + + if (strcmp (user_passwd, "") == 0) { + char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH"); + if(prevent_no_auth == NULL) { + prevent_no_auth = "superuser"; + } + if(strcmp(prevent_no_auth, "yes") == 0) { + failed = true; + } else if( (pwd->pw_uid == 0) + && (strcmp(prevent_no_auth, "superuser") == 0)) { + failed = true; + } + } } if (strcmp (user_passwd, SHADOW_PASSWD_STRING) == 0) { diff --git a/src/logoutd.c b/src/logoutd.c index 1503a743..780c29f8 100644 --- a/src/logoutd.c +++ b/src/logoutd.c @@ -44,6 +44,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; #ifndef DEFAULT_HUP_MESG #define DEFAULT_HUP_MESG _("login time exceeded\n\n") @@ -187,6 +188,7 @@ int main (int argc, char **argv) * Start syslogging everything */ Prog = Basename (argv[0]); + shadow_logfd = stderr; OPENLOG ("logoutd"); diff --git a/src/new_subid_range.c b/src/new_subid_range.c new file mode 100644 index 00000000..721f9547 --- /dev/null +++ b/src/new_subid_range.c @@ -0,0 +1,59 @@ +#include <stdio.h> +#include <unistd.h> +#include "subid.h" +#include "stdlib.h" +#include "prototypes.h" + +/* Test program for the subid creation routine */ + +const char *Prog; +FILE *shadow_logfd = NULL; + +void usage(void) +{ + fprintf(stderr, "Usage: %s [-g] [-n] user count\n", Prog); + fprintf(stderr, " Find a subuid (or with -g, subgid) range for user\n"); + fprintf(stderr, " If -n is given, a new range will be created even if one exists\n"); + fprintf(stderr, " count defaults to 65536\n"); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) +{ + int c; + struct subordinate_range range; + bool makenew = false; // reuse existing by default + bool group = false; // get subuids by default + bool ok; + + Prog = Basename (argv[0]); + shadow_logfd = stderr; + while ((c = getopt(argc, argv, "gn")) != EOF) { + switch(c) { + case 'n': makenew = true; break; + case 'g': group = true; break; + default: usage(); + } + } + argv = &argv[optind]; + argc = argc - optind; + if (argc == 0) + usage(); + range.owner = argv[0]; + range.start = 0; + range.count = 65536; + if (argc > 1) + range.count = atoi(argv[1]); + if (group) + ok = grant_subgid_range(&range, !makenew); + else + ok = grant_subuid_range(&range, !makenew); + + if (!ok) { + fprintf(stderr, "Failed creating new id range\n"); + exit(EXIT_FAILURE); + } + printf("Subuid range %lu:%lu\n", range.start, range.count); + + return 0; +} diff --git a/src/newgidmap.c b/src/newgidmap.c index 7fcb459f..51a2eb44 100644 --- a/src/newgidmap.c +++ b/src/newgidmap.c @@ -39,12 +39,14 @@ #include "defines.h" #include "prototypes.h" #include "subordinateio.h" +#include "getdef.h" #include "idmapping.h" /* * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) @@ -60,7 +62,7 @@ static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow } /* Allow a process to map its own gid. */ - if ((range->count == 1) && (pw->pw_gid == range->lower)) { + if ((range->count == 1) && (getgid() == range->lower)) { /* noop -- if setgroups is enabled already we won't disable it. */ return true; } @@ -175,6 +177,7 @@ int main(int argc, char **argv) bool allow_setgroups = false; Prog = Basename (argv[0]); + shadow_logfd = stderr; /* * The valid syntax are @@ -228,9 +231,9 @@ int main(int argc, char **argv) * mappings we have been asked to set. */ if ((getuid() != pw->pw_uid) || - (getgid() != pw->pw_gid) || + (!getdef_bool("GRANT_AUX_GROUP_SUBIDS") && (getgid() != pw->pw_gid)) || (pw->pw_uid != st.st_uid) || - (pw->pw_gid != st.st_gid)) { + (getgid() != st.st_gid)) { fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ), Prog, target, (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid, diff --git a/src/newgrp.c b/src/newgrp.c index e3c44e14..2b9293b4 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -49,6 +49,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; extern char **newenvp; extern char **environ; @@ -161,8 +162,9 @@ static void check_perms (const struct group *grp, */ spwd = xgetspnam (pwd->pw_name); if (NULL != spwd) { - pwd->pw_passwd = spwd->sp_pwdp; + pwd->pw_passwd = xstrdup (spwd->sp_pwdp); } + spw_free (spwd); if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) { needspasswd = true; @@ -443,9 +445,9 @@ int main (int argc, char **argv) * don't need to re-exec anything. -- JWP */ Prog = Basename (argv[0]); + shadow_logfd = stderr; is_newgrp = (strcmp (Prog, "newgrp") == 0); OPENLOG (is_newgrp ? "newgrp" : "sg"); - gid = getgid (); argc--; argv++; diff --git a/src/newuidmap.c b/src/newuidmap.c index 55d84ba8..bdd9cadf 100644 --- a/src/newuidmap.c +++ b/src/newuidmap.c @@ -39,12 +39,14 @@ #include "defines.h" #include "prototypes.h" #include "subordinateio.h" +#include "getdef.h" #include "idmapping.h" /* * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool verify_range(struct passwd *pw, struct map_range *range) { @@ -105,6 +107,7 @@ int main(int argc, char **argv) int written; Prog = Basename (argv[0]); + shadow_logfd = stderr; /* * The valid syntax are @@ -158,9 +161,9 @@ int main(int argc, char **argv) * mappings we have been asked to set. */ if ((getuid() != pw->pw_uid) || - (getgid() != pw->pw_gid) || + (!getdef_bool("GRANT_AUX_GROUP_SUBIDS") && (getgid() != pw->pw_gid)) || (pw->pw_uid != st.st_uid) || - (pw->pw_gid != st.st_gid)) { + (getgid() != st.st_gid)) { fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ), Prog, target, (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid, diff --git a/src/newusers.c b/src/newusers.c index e9fe0e27..16bf7229 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -75,6 +75,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool rflg = false; /* create a system account */ #ifndef USE_PAM @@ -89,6 +90,9 @@ static long sha_rounds = 5000; #ifdef USE_BCRYPT static long bcrypt_rounds = 13; #endif /* USE_BCRYPT */ +#ifdef USE_YESCRYPT +static long yescrypt_cost = 5; +#endif /* USE_YESCRYPT */ #endif /* !USE_PAM */ static bool is_shadow; @@ -139,14 +143,15 @@ static void usage (int status) #ifndef USE_PAM (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), -#if !defined(USE_SHA_CRYPT) && !defined(USE_BCRYPT) - "NONE DES MD5" -#elif defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) - "NONE DES MD5 SHA256 SHA512 BCRYPT" -#elif defined(USE_SHA_CRYPT) - "NONE DES MD5 SHA256 SHA512" -#else - "NONE DES MD5 BCRYPT" + "NONE DES MD5" +#if defined(USE_SHA_CRYPT) + " SHA256 SHA512" +#endif +#if defined(USE_BCRYPT) + " BCRYPT" +#endif +#if defined(USE_YESCRYPT) + " YESCRYPT" #endif ); #endif /* !USE_PAM */ @@ -154,11 +159,11 @@ static void usage (int status) (void) fputs (_(" -r, --system create system accounts\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); #ifndef USE_PAM -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) - (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA or BCRYPT\n" - " crypt algorithms\n"), +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) + (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n" + " or YESCRYPT crypt algorithms\n"), usageout); -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ #endif /* !USE_PAM */ (void) fputs ("\n", usageout); @@ -433,25 +438,28 @@ static int update_passwd (struct passwd *pwd, const char *password) void *crypt_arg = NULL; char *cp; if (NULL != crypt_method) { -#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) if (sflg) { if ( (0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) { crypt_arg = &sha_rounds; } - else if (0 == strcmp (crypt_method, "BCRYPT")) { - crypt_arg = &bcrypt_rounds; - } } -#elif defined(USE_SHA_CRYPT) +#endif /* USE_SHA_CRYPT */ +#if defined(USE_BCRYPT) if (sflg) { - crypt_arg = &sha_rounds; + if (0 == strcmp (crypt_method, "BCRYPT")) { + crypt_arg = &bcrypt_rounds; + } } -#elif defined(USE_BCRYPT) +#endif /* USE_BCRYPT */ +#if defined(USE_YESCRYPT) if (sflg) { - crypt_arg = &bcrypt_rounds; + if (0 == strcmp (crypt_method, "YESCRYPT")) { + crypt_arg = &yescrypt_cost; + } } -#endif +#endif /* USE_YESCRYPT */ } if ((NULL != crypt_method) && (0 == strcmp(crypt_method, "NONE"))) { @@ -484,25 +492,28 @@ static int add_passwd (struct passwd *pwd, const char *password) #ifndef USE_PAM void *crypt_arg = NULL; if (NULL != crypt_method) { -#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) if (sflg) { if ( (0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) { crypt_arg = &sha_rounds; } - else if (0 == strcmp (crypt_method, "BCRYPT")) { - crypt_arg = &bcrypt_rounds; - } } -#elif defined(USE_SHA_CRYPT) +#endif /* USE_SHA_CRYPT */ +#if defined(USE_BCRYPT) if (sflg) { - crypt_arg = &sha_rounds; + if (0 == strcmp (crypt_method, "BCRYPT")) { + crypt_arg = &bcrypt_rounds; + } } -#elif defined(USE_BCRYPT) +#endif /* USE_BCRYPT */ +#if defined(USE_YESCRYPT) if (sflg) { - crypt_arg = &bcrypt_rounds; + if (0 == strcmp (crypt_method, "YESCRYPT")) { + crypt_arg = &yescrypt_cost; + } } -#endif +#endif /* USE_PAM */ } /* @@ -619,6 +630,9 @@ static int add_passwd (struct passwd *pwd, const char *password) static void process_flags (int argc, char **argv) { int c; +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) + int bad_s; +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ static struct option long_options[] = { {"badnames", no_argument, NULL, 'b'}, #ifndef USE_PAM @@ -628,20 +642,20 @@ static void process_flags (int argc, char **argv) {"system", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, #ifndef USE_PAM -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) {"sha-rounds", required_argument, NULL, 's'}, -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ #endif /* !USE_PAM */ {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, #ifndef USE_PAM -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) "c:bhrs:", -#else /* !USE_SHA_CRYPT && !USE_BCRYPT */ +#else /* !USE_SHA_CRYPT && !USE_BCRYPT && !USE_YESCRYPT */ "c:bhr", -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ #else /* USE_PAM */ "bhr", #endif @@ -664,40 +678,36 @@ static void process_flags (int argc, char **argv) case 'R': /* no-op, handled in process_root_flag () */ break; #ifndef USE_PAM -#if defined(USE_SHA_CRYPT) && defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) case 's': sflg = true; + bad_s = 0; +#if defined(USE_SHA_CRYPT) if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) - && (0 == getlong(optarg, &sha_rounds))) - || ( (0 == strcmp (crypt_method, "BCRYPT")) + && (0 == getlong(optarg, &sha_rounds)))) { + bad_s = 1; + } +#endif /* USE_SHA_CRYPT */ +#if defined(USE_BCRYPT) + if (( (0 == strcmp (crypt_method, "BCRYPT")) && (0 == getlong(optarg, &bcrypt_rounds)))) { + bad_s = 1; + } +#endif /* USE_BCRYPT */ +#if defined(USE_YESCRYPT) + if (( (0 == strcmp (crypt_method, "YESCRYPT")) + && (0 == getlong(optarg, &yescrypt_cost)))) { + bad_s = 1; + } +#endif /* USE_YESCRYPT */ + if (bad_s != 0) { fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, optarg); usage (EXIT_FAILURE); } break; -#elif defined(USE_SHA_CRYPT) - case 's': - sflg = true; - if (0 == getlong(optarg, &sha_rounds)) { - fprintf (stderr, - _("%s: invalid numeric argument '%s'\n"), - Prog, optarg); - usage (EXIT_FAILURE); - } - break; -#elif defined(USE_BCRYPT) - case 's': - sflg = true; - if (0 == getlong(optarg, &bcrypt_rounds)) { - fprintf (stderr, - _("%s: invalid numeric argument '%s'\n"), - Prog, optarg); - usage (EXIT_FAILURE); - } - break; -#endif +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ #endif /* !USE_PAM */ default: usage (EXIT_FAILURE); @@ -731,14 +741,14 @@ static void process_flags (int argc, char **argv) static void check_flags (void) { #ifndef USE_PAM -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), Prog, "-s", "-c"); usage (EXIT_FAILURE); } -#endif +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ if (cflg) { if ( (0 != strcmp (crypt_method, "DES")) @@ -751,6 +761,9 @@ static void check_flags (void) #ifdef USE_BCRYPT && (0 != strcmp (crypt_method, "BCRYPT")) #endif /* USE_BCRYPT */ +#ifdef USE_YESCRYPT + && (0 != strcmp (crypt_method, "YESCRYPT")) +#endif /* USE_YESCRYPT */ ) { fprintf (stderr, _("%s: unsupported crypt method: %s\n"), @@ -1020,6 +1033,24 @@ static void close_files (void) #endif /* ENABLE_SUBIDS */ } +static bool want_subuids(void) +{ + if (get_subid_nss_handle() != NULL) + return false; + if (getdef_ulong ("SUB_UID_COUNT", 65536) == 0) + return false; + return true; +} + +static bool want_subgids(void) +{ + if (get_subid_nss_handle() != NULL) + return false; + if (getdef_ulong ("SUB_GID_COUNT", 65536) == 0) + return false; + return true; +} + int main (int argc, char **argv) { char buf[BUFSIZ]; @@ -1040,6 +1071,7 @@ int main (int argc, char **argv) #endif /* USE_PAM */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); @@ -1218,6 +1250,13 @@ int main (int argc, char **argv) /* FIXME: should check for directory */ mode_t mode = getdef_num ("HOME_MODE", 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); + if (newpw.pw_dir[0] != '/') { + fprintf(stderr, + _("%s: line %d: homedir must be an absolute path\n"), + Prog, line); + errors++; + continue; + }; if (mkdir (newpw.pw_dir, mode) != 0) { fprintf (stderr, _("%s: line %d: mkdir %s failed: %s\n"), @@ -1248,10 +1287,10 @@ int main (int argc, char **argv) /* * Add subordinate uids if the user does not have them. */ - if (is_sub_uid && !sub_uid_assigned(fields[0])) { + if (is_sub_uid && want_subuids() && !local_sub_uid_assigned(fields[0])) { uid_t sub_uid_start = 0; unsigned long sub_uid_count = 0; - if (find_new_sub_uids(fields[0], &sub_uid_start, &sub_uid_count) == 0) { + if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) == 0) { if (sub_uid_add(fields[0], sub_uid_start, sub_uid_count) == 0) { fprintf (stderr, _("%s: failed to prepare new %s entry\n"), @@ -1268,10 +1307,10 @@ int main (int argc, char **argv) /* * Add subordinate gids if the user does not have them. */ - if (is_sub_gid && !sub_gid_assigned(fields[0])) { + if (is_sub_gid && want_subgids() && !local_sub_gid_assigned(fields[0])) { gid_t sub_gid_start = 0; unsigned long sub_gid_count = 0; - if (find_new_sub_gids(fields[0], &sub_gid_start, &sub_gid_count) == 0) { + if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) == 0) { if (sub_gid_add(fields[0], sub_gid_start, sub_gid_count) == 0) { fprintf (stderr, _("%s: failed to prepare new %s entry\n"), diff --git a/src/passwd.c b/src/passwd.c index 13619b16..9d7df331 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -66,6 +66,7 @@ * Global variables */ const char *Prog; /* Program name */ +FILE *shadow_logfd = NULL; static char *name; /* The name of user whose password is being changed */ static char *myname; /* The current user's name */ @@ -282,7 +283,10 @@ static int new_password (const struct passwd *pw) #endif /* USE_SHA_CRYPT */ #ifdef USE_BCRYPT || (strcmp (method, "BCRYPT") == 0) -#endif /* USE_SHA_CRYPT */ +#endif /* USE_BCRYPT*/ +#ifdef USE_YESCRYPT + || (strcmp (method, "YESCRYPT") == 0) +#endif /* USE_YESCRYPT*/ ) { pass_max_len = -1; @@ -549,6 +553,11 @@ static char *update_crypt_pw (char *cp) strcpy (newpw, "!"); strcat (newpw, cp); +#ifndef USE_PAM + if (do_update_pwd) { + free (cp); + } +#endif /* USE_PAM */ cp = newpw; } return cp; @@ -749,6 +758,7 @@ int main (int argc, char **argv) * most error messages. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); @@ -70,6 +70,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool use_system_pw_file = true; static bool use_system_spw_file = true; @@ -527,12 +528,16 @@ static void check_pw_file (int *errors, bool *changed) * Make sure the home directory exists */ if (!quiet && (access (pwd->pw_dir, F_OK) != 0)) { + const char *nonexistent = getdef_str("NONEXISTENT"); + /* - * Home directory doesn't exist, give a warning + * Home directory does not exist, give a warning (unless intentional) */ - printf (_("user '%s': directory '%s' does not exist\n"), - pwd->pw_name, pwd->pw_dir); - *errors += 1; + if (NULL == nonexistent || strcmp (pwd->pw_dir, nonexistent) != 0) { + printf (_("user '%s': directory '%s' does not exist\n"), + pwd->pw_name, pwd->pw_dir); + *errors += 1; + } } } diff --git a/src/pwconv.c b/src/pwconv.c index f932f266..85ad9699 100644 --- a/src/pwconv.c +++ b/src/pwconv.c @@ -89,6 +89,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool spw_locked = false; static bool pw_locked = false; @@ -176,6 +177,7 @@ int main (int argc, char **argv) struct spwd spent; Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/src/pwunconv.c b/src/pwunconv.c index e11ea494..a5ee999e 100644 --- a/src/pwunconv.c +++ b/src/pwunconv.c @@ -53,6 +53,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static bool spw_locked = false; static bool pw_locked = false; @@ -137,6 +138,7 @@ int main (int argc, char **argv) const struct spwd *spwd; Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); @@ -82,6 +82,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */ static bool caller_is_root = false; static uid_t caller_uid; @@ -354,7 +355,9 @@ static void prepare_pam_close_session (void) pid_t pid; stop = true; - pid = waitpid (-1, &status, WUNTRACED); + do { + pid = waitpid (-1, &status, WUNTRACED); + } while (pid != -1 && pid != pid_child); /* When interrupted by signal, the signal will be * forwarded to the child, and termination will be @@ -503,6 +506,21 @@ static void check_perms_nopam (const struct passwd *pw) return; } + if (strcmp (pw->pw_passwd, "") == 0) { + char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH"); + if(prevent_no_auth == NULL) { + prevent_no_auth = "superuser"; + } + if(strcmp(prevent_no_auth, "yes") == 0) { + fprintf(stderr, _("Password field is empty, this is forbidden for all accounts.\n")); + exit(1); + } else if( (pw->pw_uid == 0) + && (strcmp(prevent_no_auth, "superuser") == 0)) { + fprintf(stderr, _("Password field is empty, this is forbidden for super-user.\n")); + exit(1); + } + } + /* * BSD systems only allow "wheel" to SU to root. USG systems don't, * so we make this a configurable option. @@ -699,6 +717,7 @@ static void save_caller_context (char **argv) * most error messages. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; caller_uid = getuid (); caller_is_root = (caller_uid == 0); diff --git a/src/sulogin.c b/src/sulogin.c index 4264099b..8f181505 100644 --- a/src/sulogin.c +++ b/src/sulogin.c @@ -50,6 +50,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static char name[BUFSIZ]; static char pass[BUFSIZ]; @@ -106,6 +107,7 @@ static RETSIGTYPE catch_signals (unused int sig) #endif Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); diff --git a/src/useradd.c b/src/useradd.c index a679392d..127177e2 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -64,10 +64,14 @@ #include "prototypes.h" #include "pwauth.h" #include "pwio.h" +#include "run_part.h" #ifdef SHADOWGRP #include "sgroupio.h" #endif #include "shadowio.h" +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#endif /* WITH_SELINUX */ #ifdef ENABLE_SUBIDS #include "subordinateio.h" #endif /* ENABLE_SUBIDS */ @@ -92,16 +96,17 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; /* * These defaults are used if there is no defaults file. */ -static gid_t def_group = 100; +static gid_t def_group = 1000; static const char *def_gname = "other"; static const char *def_home = "/home"; -static const char *def_shell = ""; +static const char *def_shell = "/bin/bash"; static const char *def_template = SKEL_DIR; -static const char *def_create_mail_spool = "no"; +static const char *def_create_mail_spool = "yes"; static long def_inactive = -1; static const char *def_expire = ""; @@ -190,6 +195,7 @@ static bool home_added = false; #define E_NAME_IN_USE 9 /* username already in use */ #define E_GRP_UPDATE 10 /* can't update group file */ #define E_HOMEDIR 12 /* can't create home directory */ +#define E_MAILBOXFILE 13 /* can't create mailbox file */ #define E_SE_UPDATE 14 /* can't update SELinux user mapping */ #ifdef ENABLE_SUBIDS #define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */ @@ -210,6 +216,7 @@ static void get_defaults (void); static void show_defaults (void); static int set_defaults (void); static int get_groups (char *); +static struct group * get_local_group (char * grp_name); static void usage (int status); static void new_pwent (struct passwd *); @@ -219,7 +226,10 @@ static void grp_update (void); static void process_flags (int argc, char **argv); static void close_files (void); +static void close_group_files (void); +static void unlock_group_files (void); static void open_files (void); +static void open_group_files (void); static void open_shadow (void); static void faillog_reset (uid_t); static void lastlog_reset (uid_t); @@ -227,6 +237,7 @@ static void tallylog_reset (const char *); static void usr_update (void); static void create_home (void); static void create_mail (void); +static void check_uid_range(int rflg, uid_t user_id); /* * fail_exit - undo as much as possible @@ -331,7 +342,7 @@ static void fail_exit (int code) user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif - SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name)); + SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code)); exit (code); } @@ -404,6 +415,7 @@ static void get_defaults (void) } else { def_group = grp->gr_gid; def_gname = xstrdup (grp->gr_name); + gr_free(grp); } } @@ -722,7 +734,7 @@ static int set_defaults (void) static int get_groups (char *list) { char *cp; - const struct group *grp; + struct group *grp; int errors = 0; int ngroups = 0; @@ -731,6 +743,11 @@ static int get_groups (char *list) } /* + * Open the group files + */ + open_group_files (); + + /* * So long as there is some data to be converted, strip off * each name and look it up. A mix of numerical and string * values for group identifiers is permitted. @@ -748,7 +765,7 @@ static int get_groups (char *list) * Names starting with digits are treated as numerical * GID values, otherwise the string is looked up as is. */ - grp = prefix_getgr_nam_gid (list); + grp = get_local_group (list); /* * There must be a match, either by GID value or by @@ -781,6 +798,7 @@ static int get_groups (char *list) fprintf (stderr, _("%s: group '%s' is a NIS group.\n"), Prog, grp->gr_name); + gr_free(grp); continue; } #endif @@ -789,6 +807,7 @@ static int get_groups (char *list) fprintf (stderr, _("%s: too many groups specified (max %d).\n"), Prog, ngroups); + gr_free(grp); break; } @@ -796,8 +815,12 @@ static int get_groups (char *list) * Add the group name to the user's list of groups. */ user_groups[ngroups++] = xstrdup (grp->gr_name); + gr_free (grp); } while (NULL != list); + close_group_files (); + unlock_group_files (); + user_groups[ngroups] = (char *) 0; /* @@ -811,6 +834,44 @@ static int get_groups (char *list) } /* + * get_local_group - checks if a given group name exists locally + * + * get_local_group() checks if a given group name exists locally. + * If the name exists the group information is returned, otherwise NULL is + * returned. + */ +static struct group * get_local_group(char * grp_name) +{ + const struct group *grp; + struct group *result_grp = NULL; + long long int gid; + char *endptr; + + gid = strtoll (grp_name, &endptr, 10); + if ( ('\0' != *grp_name) + && ('\0' == *endptr) + && (ERANGE != errno) + && (gid == (gid_t)gid)) { + grp = gr_locate_gid ((gid_t) gid); + } + else { + grp = gr_locate(grp_name); + } + + if (grp != NULL) { + result_grp = __gr_dup (grp); + if (NULL == result_grp) { + fprintf (stderr, + _("%s: Out of memory. Cannot find group '%s'.\n"), + Prog, grp_name); + fail_exit (E_GRP_UPDATE); + } + } + + return result_grp; +} + +/* * usage - display usage message and exit */ static void usage (int status) @@ -1447,7 +1508,7 @@ static void process_flags (int argc, char **argv) user_name = argv[optind]; if (!is_valid_user_name (user_name)) { fprintf (stderr, - _("%s: invalid user name '%s'\n"), + _("%s: invalid user name '%s': use --badname to ignore\n"), Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1529,23 +1590,9 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ())); fail_exit (E_PW_UPDATE); } - if (do_grp_update) { - if (gr_close () == 0) { - fprintf (stderr, - _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); - SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); - fail_exit (E_GRP_UPDATE); - } -#ifdef SHADOWGRP - if (is_shadow_grp && (sgr_close () == 0)) { - fprintf (stderr, - _("%s: failure while writing changes to %s\n"), - Prog, sgr_dbname ()); - SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ())); - fail_exit (E_GRP_UPDATE); - } -#endif - } + + close_group_files (); + #ifdef ENABLE_SUBIDS if (is_sub_uid && (sub_uid_close () == 0)) { fprintf (stderr, @@ -1586,34 +1633,9 @@ static void close_files (void) /* continue */ } pw_locked = false; - if (gr_unlock () == 0) { - fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); - SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "unlocking group file", - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -#endif - /* continue */ - } - gr_locked = false; -#ifdef SHADOWGRP - if (is_shadow_grp) { - if (sgr_unlock () == 0) { - fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); - SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "unlocking gshadow file", - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -#endif - /* continue */ - } - sgr_locked = false; - } -#endif + + unlock_group_files (); + #ifdef ENABLE_SUBIDS if (is_sub_uid) { if (sub_uid_unlock () == 0) { @@ -1647,6 +1669,71 @@ static void close_files (void) } /* + * close_group_files - close all of the files that were opened + * + * close_group_files() closes all of the files that were opened related + * with groups. This causes any modified entries to be written out. + */ +static void close_group_files (void) +{ + if (do_grp_update) { + if (gr_close () == 0) { + fprintf (stderr, + _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); + SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); + fail_exit (E_GRP_UPDATE); + } +#ifdef SHADOWGRP + if (is_shadow_grp && (sgr_close () == 0)) { + fprintf (stderr, + _("%s: failure while writing changes to %s\n"), + Prog, sgr_dbname ()); + SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ())); + fail_exit (E_GRP_UPDATE); + } +#endif /* SHADOWGRP */ + } +} + +/* + * unlock_group_files - unlock all of the files that were locked + * + * unlock_group_files() unlocks all of the files that were locked related + * with groups. This causes any modified entries to be written out. + */ +static void unlock_group_files (void) +{ + if (gr_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); + SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); +#ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, + "unlocking-group-file", + user_name, AUDIT_NO_ID, + SHADOW_AUDIT_FAILURE); +#endif /* WITH_AUDIT */ + /* continue */ + } + gr_locked = false; +#ifdef SHADOWGRP + if (is_shadow_grp) { + if (sgr_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); + SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); +#ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, + "unlocking-gshadow-file", + user_name, AUDIT_NO_ID, + SHADOW_AUDIT_FAILURE); +#endif /* WITH_AUDIT */ + /* continue */ + } + sgr_locked = false; + } +#endif /* SHADOWGRP */ +} + +/* * open_files - lock and open the password files * * open_files() opens the two password files. @@ -1667,37 +1754,8 @@ static void open_files (void) /* shadow file will be opened by open_shadow(); */ - /* - * Lock and open the group file. - */ - if (gr_lock () == 0) { - fprintf (stderr, - _("%s: cannot lock %s; try again later.\n"), - Prog, gr_dbname ()); - fail_exit (E_GRP_UPDATE); - } - gr_locked = true; - if (gr_open (O_CREAT | O_RDWR) == 0) { - fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); - fail_exit (E_GRP_UPDATE); - } -#ifdef SHADOWGRP - if (is_shadow_grp) { - if (sgr_lock () == 0) { - fprintf (stderr, - _("%s: cannot lock %s; try again later.\n"), - Prog, sgr_dbname ()); - fail_exit (E_GRP_UPDATE); - } - sgr_locked = true; - if (sgr_open (O_CREAT | O_RDWR) == 0) { - fprintf (stderr, - _("%s: cannot open %s\n"), - Prog, sgr_dbname ()); - fail_exit (E_GRP_UPDATE); - } - } -#endif + open_group_files (); + #ifdef ENABLE_SUBIDS if (is_sub_uid) { if (sub_uid_lock () == 0) { @@ -1732,6 +1790,39 @@ static void open_files (void) #endif /* ENABLE_SUBIDS */ } +static void open_group_files (void) +{ + if (gr_lock () == 0) { + fprintf (stderr, + _("%s: cannot lock %s; try again later.\n"), + Prog, gr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + gr_locked = true; + if (gr_open (O_CREAT | O_RDWR) == 0) { + fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + +#ifdef SHADOWGRP + if (is_shadow_grp) { + if (sgr_lock () == 0) { + fprintf (stderr, + _("%s: cannot lock %s; try again later.\n"), + Prog, sgr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + sgr_locked = true; + if (sgr_open (O_CREAT | O_RDWR) == 0) { + fprintf (stderr, + _("%s: cannot open %s\n"), + Prog, sgr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + } +#endif /* SHADOWGRP */ +} + static void open_shadow (void) { if (!is_shadow_pwd) { @@ -1873,16 +1964,26 @@ static void faillog_reset (uid_t uid) memzero (&fl, sizeof (fl)); fd = open (FAILLOG_FILE, O_RDWR); - if ( (-1 == fd) - || (lseek (fd, offset_uid, SEEK_SET) != offset_uid) + if (-1 == fd) { + fprintf (stderr, + _("%s: failed to open the faillog file for UID %lu: %s\n"), + Prog, (unsigned long) uid, strerror (errno)); + SYSLOG ((LOG_WARN, "failed to open the faillog file for UID %lu", (unsigned long) uid)); + return; + } + if ( (lseek (fd, offset_uid, SEEK_SET) != offset_uid) || (write (fd, &fl, sizeof (fl)) != (ssize_t) sizeof (fl)) - || (fsync (fd) != 0) - || (close (fd) != 0)) { + || (fsync (fd) != 0)) { fprintf (stderr, _("%s: failed to reset the faillog entry of UID %lu: %s\n"), Prog, (unsigned long) uid, strerror (errno)); SYSLOG ((LOG_WARN, "failed to reset the faillog entry of UID %lu", (unsigned long) uid)); - /* continue */ + } + if (close (fd) != 0) { + fprintf (stderr, + _("%s: failed to close the faillog file for UID %lu: %s\n"), + Prog, (unsigned long) uid, strerror (errno)); + SYSLOG ((LOG_WARN, "failed to close the faillog file for UID %lu", (unsigned long) uid)); } } @@ -1906,17 +2007,29 @@ static void lastlog_reset (uid_t uid) memzero (&ll, sizeof (ll)); fd = open (LASTLOG_FILE, O_RDWR); - if ( (-1 == fd) - || (lseek (fd, offset_uid, SEEK_SET) != offset_uid) + if (-1 == fd) { + fprintf (stderr, + _("%s: failed to open the lastlog file for UID %lu: %s\n"), + Prog, (unsigned long) uid, strerror (errno)); + SYSLOG ((LOG_WARN, "failed to open the lastlog file for UID %lu", (unsigned long) uid)); + return; + } + if ( (lseek (fd, offset_uid, SEEK_SET) != offset_uid) || (write (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll)) - || (fsync (fd) != 0) - || (close (fd) != 0)) { + || (fsync (fd) != 0)) { fprintf (stderr, _("%s: failed to reset the lastlog entry of UID %lu: %s\n"), Prog, (unsigned long) uid, strerror (errno)); SYSLOG ((LOG_WARN, "failed to reset the lastlog entry of UID %lu", (unsigned long) uid)); /* continue */ } + if (close (fd) != 0) { + fprintf (stderr, + _("%s: failed to close the lastlog file for UID %lu: %s\n"), + Prog, (unsigned long) uid, strerror (errno)); + SYSLOG ((LOG_WARN, "failed to close the lastlog file for UID %lu", (unsigned long) uid)); + /* continue */ + } } static void tallylog_reset (const char *user_name) @@ -2084,10 +2197,9 @@ static void create_home (void) Prog, user_home); fail_exit (E_HOMEDIR); } - ++bhome; #ifdef WITH_SELINUX - if (set_selinux_file_context (prefix_user_home) != 0) { + if (set_selinux_file_context (prefix_user_home, S_IFDIR) != 0) { fprintf (stderr, _("%s: cannot set SELinux context for home directory %s\n"), Prog, user_home); @@ -2101,7 +2213,11 @@ static void create_home (void) */ cp = strtok (bhome, "/"); while (cp) { - strcat (path, "/"); + /* Avoid turning a relative path into an absolute path. + */ + if (bhome[0] == '/' || strlen (path) != 0) { + strcat (path, "/"); + } strcat (path, cp); if (access (path, F_OK) != 0) { /* Check if parent directory is BTRFS, fail if requesting @@ -2160,11 +2276,15 @@ static void create_home (void) } cp = strtok (NULL, "/"); } + free (bhome); (void) chown (prefix_user_home, user_id, user_gid); mode_t mode = getdef_num ("HOME_MODE", 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); - chmod (prefix_user_home, mode); + if (chmod (prefix_user_home, mode)) { + fprintf (stderr, _("%s: warning: chown on '%s' failed: %m\n"), + Prog, path); + } home_added = true; #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -2210,6 +2330,16 @@ static void create_mail (void) sprintf (file, "%s/%s/%s", prefix, spool, user_name); else sprintf (file, "%s/%s", spool, user_name); + +#ifdef WITH_SELINUX + if (set_selinux_file_context (file, S_IFREG) != 0) { + fprintf (stderr, + _("%s: cannot set SELinux context for mailbox file %s\n"), + Prog, file); + fail_exit (E_MAILBOXFILE); + } +#endif + fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0); if (fd < 0) { perror (_("Creating mailbox file")); @@ -2234,9 +2364,39 @@ static void create_mail (void) fsync (fd); close (fd); +#ifdef WITH_SELINUX + /* Reset SELinux to create files with default contexts */ + if (reset_selinux_file_context () != 0) { + fprintf (stderr, + _("%s: cannot reset SELinux file creation context\n"), + Prog); + fail_exit (E_MAILBOXFILE); + } +#endif } } +static void check_uid_range(int rflg, uid_t user_id) +{ + uid_t uid_min ; + uid_t uid_max ; + if(rflg){ + uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL); + uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1); + if(uid_min <= uid_max){ + if(user_id < uid_min || user_id >uid_max) + fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max); + } + }else{ + uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL); + uid_max = (uid_t)getdef_ulong("UID_MAX", 6000UL); + if(uid_min <= uid_max){ + if(user_id < uid_min || user_id >uid_max) + fprintf(stderr, _("%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max); + } + } + +} /* * main - useradd command */ @@ -2252,12 +2412,15 @@ int main (int argc, char **argv) #ifdef ENABLE_SUBIDS uid_t uid_min; uid_t uid_max; + unsigned long subuid_count; + unsigned long subgid_count; #endif /* * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); @@ -2292,12 +2455,19 @@ int main (int argc, char **argv) #ifdef ENABLE_SUBIDS uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); - is_sub_uid = sub_uid_file_present () && !rflg && + subuid_count = getdef_ulong ("SUB_UID_COUNT", 65536); + subgid_count = getdef_ulong ("SUB_GID_COUNT", 65536); + is_sub_uid = subuid_count > 0 && sub_uid_file_present () && !rflg && (!user_id || (user_id <= uid_max && user_id >= uid_min)); - is_sub_gid = sub_gid_file_present () && !rflg && + is_sub_gid = subgid_count > 0 && sub_gid_file_present () && !rflg && (!user_id || (user_id <= uid_max && user_id >= uid_min)); #endif /* ENABLE_SUBIDS */ + if (run_parts ("/etc/shadow-maint/useradd-pre.d", (char*)user_name, + "useradd")) { + exit(1); + } + #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM { @@ -2419,6 +2589,8 @@ int main (int argc, char **argv) } } + if(uflg) + check_uid_range(rflg,user_id); #ifdef WITH_TCB if (getdef_bool ("USE_TCB")) { if (shadowtcb_create (user_name, user_id) == SHADOWTCB_FAILURE) { @@ -2444,16 +2616,16 @@ int main (int argc, char **argv) } #ifdef ENABLE_SUBIDS - if (is_sub_uid) { - if (find_new_sub_uids(user_name, &sub_uid_start, &sub_uid_count) < 0) { + if (is_sub_uid && sub_uid_count != 0) { + if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) { fprintf (stderr, _("%s: can't create subordinate user IDs\n"), Prog); fail_exit(E_SUB_UID_UPDATE); } } - if (is_sub_gid) { - if (find_new_sub_gids(user_name, &sub_gid_start, &sub_gid_count) < 0) { + if (is_sub_gid && sub_gid_count != 0) { + if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) { fprintf (stderr, _("%s: can't create subordinate group IDs\n"), Prog); @@ -2510,6 +2682,11 @@ int main (int argc, char **argv) } #endif /* WITH_SELINUX */ + if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name, + "useradd")) { + exit(1); + } + nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); diff --git a/src/userdel.c b/src/userdel.c index cc951e58..79a7c899 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -31,19 +31,17 @@ */ #include <config.h> - -#ident "$Id$" - #include <assert.h> +#include <dirent.h> #include <errno.h> #include <fcntl.h> #include <getopt.h> #include <grp.h> #include <pwd.h> #include <stdio.h> -#include <stdio.h> -#include <sys/stat.h> #include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM #include "pam_defs.h" @@ -61,10 +59,14 @@ #ifdef SHADOWGRP #include "sgroupio.h" #endif /* SHADOWGRP */ +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#endif /* WITH_SELINUX */ #ifdef WITH_TCB #include <tcb.h> #include "tcbfuncs.h" #endif /* WITH_TCB */ +#include "run_part.h" /*@-exitarg@*/ #include "exitcodes.h" #ifdef ENABLE_SUBIDS @@ -89,6 +91,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static char *user_name; static uid_t user_id; @@ -150,8 +153,9 @@ static void usage (int status) "\n" "Options:\n"), Prog); - (void) fputs (_(" -f, --force force removal of files,\n" - " even if not owned by user\n"), + (void) fputs (_(" -f, --force force some actions that would fail otherwise\n" + " e.g. removal of user still logged in\n" + " or files, even if not owned by the user\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout); @@ -1012,6 +1016,7 @@ int main (int argc, char **argv) * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); @@ -1143,6 +1148,10 @@ int main (int argc, char **argv) { const struct passwd *pwd; + if (run_parts ("/etc/shadow-maint/userdel-pre.d", user_name, + "userdel")) { + exit(1); + } pw_open(O_RDONLY); pwd = pw_locate (user_name); /* we care only about local users */ if (NULL == pwd) { @@ -1342,6 +1351,10 @@ int main (int argc, char **argv) user_cancel (user_name); close_files (); + if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) { + exit(1); + } + #ifdef WITH_TCB errors += remove_tcbdir (user_name, user_id); #endif /* WITH_TCB */ diff --git a/src/usermod.c b/src/usermod.c index 05b98715..03bb9b9d 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -68,6 +68,9 @@ #ifdef ENABLE_SUBIDS #include "subordinateio.h" #endif /* ENABLE_SUBIDS */ +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#endif /* WITH_SELINUX */ #ifdef WITH_TCB #include "tcbfuncs.h" #endif @@ -102,6 +105,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static char *user_name; static char *user_newname; @@ -183,6 +187,7 @@ static bool sub_gid_locked = false; static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize, long int date); static int get_groups (char *); +static struct group * get_local_group (char * grp_name); static /*@noreturn@*/void usage (int status); static void new_pwent (struct passwd *); static void new_spent (struct spwd *); @@ -196,7 +201,9 @@ static void grp_update (void); static void process_flags (int, char **); static void close_files (void); +static void close_group_files (void); static void open_files (void); +static void open_group_files (void); static void usr_update (void); static void move_home (void); static void update_lastlog (void); @@ -254,6 +261,11 @@ static int get_groups (char *list) } /* + * Open the group files + */ + open_group_files (); + + /* * So long as there is some data to be converted, strip off each * name and look it up. A mix of numerical and string values for * group identifiers is permitted. @@ -272,7 +284,7 @@ static int get_groups (char *list) * Names starting with digits are treated as numerical GID * values, otherwise the string is looked up as is. */ - grp = prefix_getgr_nam_gid (list); + grp = get_local_group (list); /* * There must be a match, either by GID value or by @@ -322,6 +334,8 @@ static int get_groups (char *list) gr_free ((struct group *)grp); } while (NULL != list); + close_group_files (); + user_groups[ngroups] = (char *) 0; /* @@ -334,6 +348,44 @@ static int get_groups (char *list) return 0; } +/* + * get_local_group - checks if a given group name exists locally + * + * get_local_group() checks if a given group name exists locally. + * If the name exists the group information is returned, otherwise NULL is + * returned. + */ +static struct group * get_local_group(char * grp_name) +{ + const struct group *grp; + struct group *result_grp = NULL; + long long int gid; + char *endptr; + + gid = strtoll (grp_name, &endptr, 10); + if ( ('\0' != *grp_name) + && ('\0' == *endptr) + && (ERANGE != errno) + && (gid == (gid_t)gid)) { + grp = gr_locate_gid ((gid_t) gid); + } + else { + grp = gr_locate(grp_name); + } + + if (grp != NULL) { + result_grp = __gr_dup (grp); + if (NULL == result_grp) { + fprintf (stderr, + _("%s: Out of memory. Cannot find group '%s'.\n"), + Prog, grp_name); + fail_exit (E_GRP_UPDATE); + } + } + + return result_grp; +} + #ifdef ENABLE_SUBIDS struct ulong_range { @@ -819,6 +871,8 @@ static void update_group (void) SYSLOG ((LOG_WARN, "failed to prepare the new %s entry '%s'", gr_dbname (), ngrp->gr_name)); fail_exit (E_GRP_UPDATE); } + + gr_free(ngrp); } } @@ -954,6 +1008,8 @@ static void update_gshadow (void) sgr_dbname (), nsgrp->sg_name)); fail_exit (E_GRP_UPDATE); } + + free (nsgrp); } } #endif /* SHADOWGRP */ @@ -984,7 +1040,7 @@ static void grp_update (void) static void process_flags (int argc, char **argv) { const struct group *grp; - + struct stat st; bool anyflag = false; { @@ -1058,6 +1114,12 @@ static void process_flags (int argc, char **argv) } dflg = true; user_newhome = optarg; + if (user_newhome[0] != '/') { + fprintf (stderr, + _("%s: homedir must be an absolute path\n"), + Prog); + exit (E_BAD_ARG); + } break; case 'e': if ('\0' != *optarg) { @@ -1094,6 +1156,7 @@ static void process_flags (int argc, char **argv) } user_newgid = grp->gr_gid; gflg = true; + gr_free (grp); break; case 'G': if (get_groups (optarg) != 0) { @@ -1132,12 +1195,25 @@ static void process_flags (int argc, char **argv) case 'P': /* no-op, handled in process_prefix_flag () */ break; case 's': - if (!VALID (optarg)) { + if ( ( !VALID (optarg) ) + || ( ('\0' != optarg[0]) + && ('/' != optarg[0]) + && ('*' != optarg[0]) )) { fprintf (stderr, - _("%s: invalid field '%s'\n"), + _("%s: invalid shell '%s'\n"), Prog, optarg); exit (E_BAD_ARG); } + if ( '\0' != optarg[0] + && '*' != optarg[0] + && strcmp(optarg, "/sbin/nologin") != 0 + && ( stat(optarg, &st) != 0 + || S_ISDIR(st.st_mode) + || access(optarg, X_OK) != 0)) { + fprintf (stderr, + _("%s: Warning: missing or non-executable shell '%s'\n"), + Prog, optarg); + } user_newshell = optarg; sflg = true; break; @@ -1447,50 +1523,7 @@ static void close_files (void) } if (Gflg || lflg) { - if (gr_close () == 0) { - fprintf (stderr, - _("%s: failure while writing changes to %s\n"), - Prog, gr_dbname ()); - SYSLOG ((LOG_ERR, - "failure while writing changes to %s", - gr_dbname ())); - fail_exit (E_GRP_UPDATE); - } -#ifdef SHADOWGRP - if (is_shadow_grp) { - if (sgr_close () == 0) { - fprintf (stderr, - _("%s: failure while writing changes to %s\n"), - Prog, sgr_dbname ()); - SYSLOG ((LOG_ERR, - "failure while writing changes to %s", - sgr_dbname ())); - fail_exit (E_GRP_UPDATE); - } - } -#endif -#ifdef SHADOWGRP - if (is_shadow_grp) { - if (sgr_unlock () == 0) { - fprintf (stderr, - _("%s: failed to unlock %s\n"), - Prog, sgr_dbname ()); - SYSLOG ((LOG_ERR, - "failed to unlock %s", - sgr_dbname ())); - /* continue */ - } - } -#endif - if (gr_unlock () == 0) { - fprintf (stderr, - _("%s: failed to unlock %s\n"), - Prog, gr_dbname ()); - SYSLOG ((LOG_ERR, - "failed to unlock %s", - gr_dbname ())); - /* continue */ - } + close_group_files (); } if (is_shadow_pwd) { @@ -1560,6 +1593,60 @@ static void close_files (void) } /* + * close_group_files - close all of the files that were opened + * + * close_group_files() closes all of the files that were opened related + * with groups. This causes any modified entries to be written out. + */ +static void close_group_files (void) +{ + if (gr_close () == 0) { + fprintf (stderr, + _("%s: failure while writing changes to %s\n"), + Prog, gr_dbname ()); + SYSLOG ((LOG_ERR, + "failure while writing changes to %s", + gr_dbname ())); + fail_exit (E_GRP_UPDATE); + } +#ifdef SHADOWGRP + if (is_shadow_grp) { + if (sgr_close () == 0) { + fprintf (stderr, + _("%s: failure while writing changes to %s\n"), + Prog, sgr_dbname ()); + SYSLOG ((LOG_ERR, + "failure while writing changes to %s", + sgr_dbname ())); + fail_exit (E_GRP_UPDATE); + } + } +#endif +#ifdef SHADOWGRP + if (is_shadow_grp) { + if (sgr_unlock () == 0) { + fprintf (stderr, + _("%s: failed to unlock %s\n"), + Prog, sgr_dbname ()); + SYSLOG ((LOG_ERR, + "failed to unlock %s", + sgr_dbname ())); + /* continue */ + } + } +#endif + if (gr_unlock () == 0) { + fprintf (stderr, + _("%s: failed to unlock %s\n"), + Prog, gr_dbname ()); + SYSLOG ((LOG_ERR, + "failed to unlock %s", + gr_dbname ())); + /* continue */ + } +} + +/* * open_files - lock and open the password files * * open_files() opens the two password files. @@ -1594,38 +1681,7 @@ static void open_files (void) } if (Gflg || lflg) { - /* - * Lock and open the group file. This will load all of the - * group entries. - */ - if (gr_lock () == 0) { - fprintf (stderr, - _("%s: cannot lock %s; try again later.\n"), - Prog, gr_dbname ()); - fail_exit (E_GRP_UPDATE); - } - gr_locked = true; - if (gr_open (O_CREAT | O_RDWR) == 0) { - fprintf (stderr, - _("%s: cannot open %s\n"), - Prog, gr_dbname ()); - fail_exit (E_GRP_UPDATE); - } -#ifdef SHADOWGRP - if (is_shadow_grp && (sgr_lock () == 0)) { - fprintf (stderr, - _("%s: cannot lock %s; try again later.\n"), - Prog, sgr_dbname ()); - fail_exit (E_GRP_UPDATE); - } - sgr_locked = true; - if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { - fprintf (stderr, - _("%s: cannot open %s\n"), - Prog, sgr_dbname ()); - fail_exit (E_GRP_UPDATE); - } -#endif + open_group_files (); } #ifdef ENABLE_SUBIDS if (vflg || Vflg) { @@ -1662,6 +1718,44 @@ static void open_files (void) } /* + * open_group_files - lock and open the group files + * + * open_group_files() loads all of the group entries. + */ +static void open_group_files (void) +{ + if (gr_lock () == 0) { + fprintf (stderr, + _("%s: cannot lock %s; try again later.\n"), + Prog, gr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + gr_locked = true; + if (gr_open (O_CREAT | O_RDWR) == 0) { + fprintf (stderr, + _("%s: cannot open %s\n"), + Prog, gr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + +#ifdef SHADOWGRP + if (is_shadow_grp && (sgr_lock () == 0)) { + fprintf (stderr, + _("%s: cannot lock %s; try again later.\n"), + Prog, sgr_dbname ()); + fail_exit (E_GRP_UPDATE); + } + sgr_locked = true; + if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { + fprintf (stderr, + _("%s: cannot open %s\n"), + Prog, sgr_dbname ()); + fail_exit (E_GRP_UPDATE); + } +#endif +} + +/* * usr_update - create the user entries * * usr_update() creates the password file entries for this user and @@ -1906,8 +2000,7 @@ static void update_lastlog (void) /* Copy the old entry to its new location */ if ( (lseek (fd, off_newuid, SEEK_SET) != off_newuid) || (write (fd, &ll, sizeof ll) != (ssize_t) sizeof ll) - || (fsync (fd) != 0) - || (close (fd) != 0)) { + || (fsync (fd) != 0)) { fprintf (stderr, _("%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"), Prog, (unsigned long) user_id, (unsigned long) user_newid, strerror (errno)); @@ -1923,16 +2016,15 @@ static void update_lastlog (void) memzero (&ll, sizeof (ll)); if ( (lseek (fd, off_newuid, SEEK_SET) != off_newuid) || (write (fd, &ll, sizeof ll) != (ssize_t) sizeof ll) - || (fsync (fd) != 0) - || (close (fd) != 0)) { + || (fsync (fd) != 0)) { fprintf (stderr, _("%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"), Prog, (unsigned long) user_id, (unsigned long) user_newid, strerror (errno)); } - } else { - (void) close (fd); } } + + (void) close (fd); } /* @@ -1967,8 +2059,7 @@ static void update_faillog (void) /* Copy the old entry to its new location */ if ( (lseek (fd, off_newuid, SEEK_SET) != off_newuid) || (write (fd, &fl, sizeof fl) != (ssize_t) sizeof fl) - || (fsync (fd) != 0) - || (close (fd) != 0)) { + || (fsync (fd) != 0)) { fprintf (stderr, _("%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"), Prog, (unsigned long) user_id, (unsigned long) user_newid, strerror (errno)); @@ -1983,16 +2074,15 @@ static void update_faillog (void) /* Reset the new uid's faillog entry */ memzero (&fl, sizeof (fl)); if ( (lseek (fd, off_newuid, SEEK_SET) != off_newuid) - || (write (fd, &fl, sizeof fl) != (ssize_t) sizeof fl) - || (close (fd) != 0)) { + || (write (fd, &fl, sizeof fl) != (ssize_t) sizeof fl)) { fprintf (stderr, _("%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"), Prog, (unsigned long) user_id, (unsigned long) user_newid, strerror (errno)); } - } else { - (void) close (fd); } } + + (void) close (fd); } #ifndef NO_MOVE_MAILBOX @@ -2118,6 +2208,7 @@ int main (int argc, char **argv) * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); @@ -63,6 +63,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static const char *filename, *fileeditname; static bool filelocked = false; @@ -243,13 +244,13 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) /* if SE Linux is enabled then set the context of all new files to be the context of the file we are editing */ if (is_selinux_enabled () != 0) { - security_context_t passwd_context=NULL; + char *passwd_context_raw = NULL; int ret = 0; - if (getfilecon (file, &passwd_context) < 0) { + if (getfilecon_raw (file, &passwd_context_raw) < 0) { vipwexit (_("Couldn't get file context"), errno, 1); } - ret = setfscreatecon (passwd_context); - freecon (passwd_context); + ret = setfscreatecon_raw (passwd_context_raw); + freecon (passwd_context_raw); if (0 != ret) { vipwexit (_("setfscreatecon () failed"), errno, 1); } @@ -401,7 +402,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) #ifdef WITH_SELINUX /* unset the fscreatecon */ if (is_selinux_enabled () != 0) { - if (setfscreatecon (NULL) != 0) { + if (setfscreatecon_raw (NULL) != 0) { vipwexit (_("setfscreatecon () failed"), errno, 1); } } @@ -481,6 +482,7 @@ int main (int argc, char **argv) bool do_vipw; Prog = Basename (argv[0]); + shadow_logfd = stderr; (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); |