diff options
author | Balint Reczey <balint.reczey@canonical.com> | 2020-02-06 23:14:47 +0100 |
---|---|---|
committer | Balint Reczey <balint.reczey@canonical.com> | 2020-02-06 23:14:47 +0100 |
commit | d906ecd3b652d95af6ffb974a2f6669501bb9496 (patch) | |
tree | 178a8f140927896970f47930dae9213161268f10 /src | |
parent | 69d932140c70455a282b6e7115d9caf0cc56d6ff (diff) | |
download | shadow-d906ecd3b652d95af6ffb974a2f6669501bb9496.tar.gz |
New upstream version 4.8.1upstream/4.8.1
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 12 | ||||
-rw-r--r-- | src/Makefile.in | 12 | ||||
-rw-r--r-- | src/faillog.c | 2 | ||||
-rw-r--r-- | src/login.c | 4 | ||||
-rw-r--r-- | src/newgrp.c | 5 | ||||
-rw-r--r-- | src/newusers.c | 6 | ||||
-rw-r--r-- | src/nologin.c | 7 | ||||
-rw-r--r-- | src/useradd.c | 31 |
8 files changed, 48 insertions, 31 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index f31fd7ab..f175928a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,8 +2,8 @@ EXTRA_DIST = \ .indent.pro -ubindir = ${bindir} -usbindir = ${sbindir} +ubindir = ${prefix}/bin +usbindir = ${prefix}/sbin suidperms = 4755 sgidperms = 2755 @@ -136,17 +136,17 @@ install-am: all-am $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am ln -sf newgrp $(DESTDIR)$(ubindir)/sg ln -sf vipw $(DESTDIR)$(usbindir)/vigr - for i in $(suidbins); do \ + set -e; for i in $(suidbins); do \ chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \ done - for i in $(suidubins); do \ + set -e; for i in $(suidubins); do \ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \ done - for i in $(suidusbins); do \ + set -e; for i in $(suidusbins); do \ chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \ done if WITH_TCB - for i in $(shadowsgidubins); do \ + set -e; for i in $(shadowsgidubins); do \ chown root:shadow $(DESTDIR)$(ubindir)/$$i; \ chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \ done diff --git a/src/Makefile.in b/src/Makefile.in index 69ee6253..d66e6e85 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -555,8 +555,8 @@ top_srcdir = @top_srcdir@ EXTRA_DIST = \ .indent.pro -ubindir = ${bindir} -usbindir = ${sbindir} +ubindir = ${prefix}/bin +usbindir = ${prefix}/sbin suidperms = 4755 sgidperms = 2755 AM_CPPFLAGS = \ @@ -1365,16 +1365,16 @@ install-am: all-am $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am ln -sf newgrp $(DESTDIR)$(ubindir)/sg ln -sf vipw $(DESTDIR)$(usbindir)/vigr - for i in $(suidbins); do \ + set -e; for i in $(suidbins); do \ chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \ done - for i in $(suidubins); do \ + set -e; for i in $(suidubins); do \ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \ done - for i in $(suidusbins); do \ + set -e; for i in $(suidusbins); do \ chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \ done -@WITH_TCB_TRUE@ for i in $(shadowsgidubins); do \ +@WITH_TCB_TRUE@ set -e; for i in $(shadowsgidubins); do \ @WITH_TCB_TRUE@ chown root:shadow $(DESTDIR)$(ubindir)/$$i; \ @WITH_TCB_TRUE@ chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \ @WITH_TCB_TRUE@ done diff --git a/src/faillog.c b/src/faillog.c index 073561c5..1309dad4 100644 --- a/src/faillog.c +++ b/src/faillog.c @@ -561,7 +561,7 @@ static void set_locktime (long locktime) int main (int argc, char **argv) { long fail_locktime; - short fail_max; + short fail_max = 0; // initialize to silence compiler warning long days; /* diff --git a/src/login.c b/src/login.c index 492021a1..00508cd5 100644 --- a/src/login.c +++ b/src/login.c @@ -235,7 +235,7 @@ static void bad_time_notify (void) static void check_nologin (bool login_to_root) { - char *fname; + const char *fname; /* * Check to see if system is turned off for non-root users. @@ -375,7 +375,7 @@ static void process_flags (int argc, char *const *argv) static void init_env (void) { #ifndef USE_PAM - char *cp; + const char *cp; #endif char *tmp; diff --git a/src/newgrp.c b/src/newgrp.c index 2ca5e822..e3c44e14 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -400,6 +400,7 @@ int main (int argc, char **argv) int err = 0; gid_t gid; char *cp; + char *progbase; const char *name, *prog; char *group = NULL; char *command = NULL; @@ -806,7 +807,7 @@ int main (int argc, char **argv) * Now I try to find the basename of the login shell. This will * become argv[0] of the spawned command. */ - cp = Basename ((char *) prog); + progbase = (char *) Basename ((char *) prog); /* * Switch back to her home directory if i am doing login @@ -844,7 +845,7 @@ int main (int argc, char **argv) * Exec the login shell and go away. We are trying to get back to * the previous environment which should be the user's login shell. */ - err = shell (prog, initflag ? (char *) 0 : cp, newenvp); + err = shell (prog, initflag ? (char *) 0 : progbase, newenvp); exit ((err == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC); /*@notreached@*/ failure: diff --git a/src/newusers.c b/src/newusers.c index 99c69f78..e9fe0e27 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -1216,9 +1216,9 @@ int main (int argc, char **argv) if ( ('\0' != fields[5][0]) && (access (newpw.pw_dir, F_OK) != 0)) { /* FIXME: should check for directory */ - mode_t msk = 0777 & ~getdef_num ("UMASK", - GETDEF_DEFAULT_UMASK); - if (mkdir (newpw.pw_dir, msk) != 0) { + mode_t mode = getdef_num ("HOME_MODE", + 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); + if (mkdir (newpw.pw_dir, mode) != 0) { fprintf (stderr, _("%s: line %d: mkdir %s failed: %s\n"), Prog, line, newpw.pw_dir, diff --git a/src/nologin.c b/src/nologin.c index 98989d26..b137f9cd 100644 --- a/src/nologin.c +++ b/src/nologin.c @@ -45,9 +45,14 @@ int main (void) if (NULL == user) { user = "UNKNOWN"; } + + char *ssh_origcmd = getenv("SSH_ORIGINAL_COMMAND"); uid = getuid (); /* getuid() is always successful */ openlog ("nologin", LOG_CONS, LOG_AUTH); - syslog (LOG_CRIT, "Attempted login by %s (UID: %d) on %s", user, uid, tty); + syslog (LOG_CRIT, "Attempted login by %s (UID: %d) on %s%s%s", + user, uid, tty, + (ssh_origcmd ? " SSH_ORIGINAL_COMMAND=" : ""), + (ssh_origcmd ? ssh_origcmd : "")); closelog (); printf ("%s", "This account is currently not available.\n"); diff --git a/src/useradd.c b/src/useradd.c index 4af0f7c6..a679392d 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -223,7 +223,7 @@ static void open_files (void); static void open_shadow (void); static void faillog_reset (uid_t); static void lastlog_reset (uid_t); -static void tallylog_reset (char *); +static void tallylog_reset (const char *); static void usr_update (void); static void create_home (void); static void create_mail (void); @@ -1328,15 +1328,22 @@ static void process_flags (int argc, char **argv) if ( ( !VALID (optarg) ) || ( ('\0' != optarg[0]) && ('/' != optarg[0]) - && ('*' != optarg[0]) ) - || (stat(optarg, &st) != 0) - || (S_ISDIR(st.st_mode)) - || (access(optarg, X_OK) != 0)) { + && ('*' != optarg[0]) )) { fprintf (stderr, _("%s: invalid shell '%s'\n"), Prog, optarg); exit (E_BAD_ARG); } + if ( '\0' != optarg[0] + && '*' != optarg[0] + && strcmp(optarg, "/sbin/nologin") != 0 + && ( stat(optarg, &st) != 0 + || S_ISDIR(st.st_mode) + || access(optarg, X_OK) != 0)) { + fprintf (stderr, + _("%s: Warning: missing or non-executable shell '%s'\n"), + Prog, optarg); + } user_shell = optarg; def_shell = optarg; sflg = true; @@ -1912,7 +1919,7 @@ static void lastlog_reset (uid_t uid) } } -static void tallylog_reset (char *user_name) +static void tallylog_reset (const char *user_name) { const char pam_tally2[] = "/sbin/pam_tally2"; const char *pname; @@ -1968,6 +1975,7 @@ static void usr_update (void) { struct passwd pwent; struct spwd spent; + char *tty; /* * Fill in the password structure with any new fields, making @@ -1980,10 +1988,12 @@ static void usr_update (void) * Create a syslog entry. We need to do this now in case anything * happens so we know what we were trying to accomplish. */ + tty=ttyname (STDIN_FILENO); SYSLOG ((LOG_INFO, - "new user: name=%s, UID=%u, GID=%u, home=%s, shell=%s", + "new user: name=%s, UID=%u, GID=%u, home=%s, shell=%s, from=%s", user_name, (unsigned int) user_id, - (unsigned int) user_gid, user_home, user_shell)); + (unsigned int) user_gid, user_home, user_shell, + tty ? tty : "none" )); /* * Initialize faillog and lastlog entries for this UID in case @@ -2152,8 +2162,9 @@ static void create_home (void) } (void) chown (prefix_user_home, user_id, user_gid); - chmod (prefix_user_home, - 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); + mode_t mode = getdef_num ("HOME_MODE", + 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); + chmod (prefix_user_home, mode); home_added = true; #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, |