From 675b462b64b213647d0f5c56b1e8440be5890c8a Mon Sep 17 00:00:00 2001 From: Balint Reczey Date: Sat, 20 Aug 2022 18:17:16 +0200 Subject: New upstream version 4.12.2+dfsg1 --- lib/Makefile.in | 27 +++++++------- lib/commonio.c | 2 -- lib/defines.h | 93 ++++++++++++------------------------------------ lib/getdef.c | 1 - lib/nss.c | 8 +++-- lib/prototypes.h | 24 ++++++------- lib/pwauth.h | 5 +++ lib/run_part.c | 9 ++--- lib/run_part.h | 9 +++-- lib/selinux.c | 2 +- lib/semanage.c | 1 + lib/sgetpwent.c | 4 +-- lib/sgetspent.c | 3 +- lib/shadow.c | 3 +- lib/shadowlog.h | 1 - lib/shadowlog_internal.h | 5 +++ lib/subordinateio.c | 52 ++++++++++++++++++++++++++- 17 files changed, 133 insertions(+), 116 deletions(-) (limited to 'lib') diff --git a/lib/Makefile.in b/lib/Makefile.in index c93fd73c..9eef01cd 100644 --- a/lib/Makefile.in +++ b/lib/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -93,13 +93,14 @@ host_triplet = @host@ subdir = lib ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -237,8 +238,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ @@ -254,6 +253,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = DEPDIR = @DEPDIR@ @@ -265,8 +266,10 @@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ ECONF_CPPFLAGS = @ECONF_CPPFLAGS@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -340,6 +343,7 @@ VENDORDIR = @VENDORDIR@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ @@ -849,7 +853,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am diff --git a/lib/commonio.c b/lib/commonio.c index 9e0fde60..80288d64 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -65,7 +65,6 @@ int lrename (const char *old, const char *new) int res; char *r = NULL; -#if defined(S_ISLNK) #ifndef __GLIBC__ char resolved_path[PATH_MAX]; #endif /* !__GLIBC__ */ @@ -82,7 +81,6 @@ int lrename (const char *old, const char *new) new = r; } } -#endif /* S_ISLNK */ res = rename (old, new); diff --git a/lib/defines.h b/lib/defines.h index fc1521cb..ee33aa0d 100644 --- a/lib/defines.h +++ b/lib/defines.h @@ -22,8 +22,6 @@ typedef unsigned char _Bool; # define __bool_true_false_are_defined 1 #endif -#define ISDIGIT_LOCALE(c) (IN_CTYPE_DOMAIN (c) && isdigit (c)) - /* Take care of NLS matters. */ #ifdef S_SPLINT_S extern char *setlocale(int categories, const char *locale); @@ -61,16 +59,8 @@ extern char * textdomain (const char * domainname); #endif #endif -#if STDC_HEADERS -# include -# include -#else /* not STDC_HEADERS */ -# ifndef HAVE_STRCHR -# define strchr index -# define strrchr rindex -# endif -char *strchr (), *strrchr (), *strtok (); -#endif /* not STDC_HEADERS */ +#include +#include #if HAVE_ERRNO_H # include @@ -78,15 +68,7 @@ char *strchr (), *strrchr (), *strtok (); #include #include -#if HAVE_SYS_WAIT_H -# include -#endif -#ifndef WEXITSTATUS -# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) -#endif -#ifndef WIFEXITED -# define WIFEXITED(stat_val) (((stat_val) & 255) == 0) -#endif +#include #if HAVE_UNISTD_H # include @@ -100,35 +82,26 @@ char *strchr (), *strrchr (), *strtok (); # include #endif -#if TIME_WITH_SYS_TIME -# include -# include -#else /* not TIME_WITH_SYS_TIME */ -# if HAVE_SYS_TIME_H -# include -# else -# include -# endif -#endif /* not TIME_WITH_SYS_TIME */ +#include +#include + +#ifdef HAVE_MEMSET_S +# define memzero(ptr, size) memset_s((ptr), 0, (size)) +#elif defined HAVE_EXPLICIT_BZERO /* !HAVE_MEMSET_S */ +# define memzero(ptr, size) explicit_bzero((ptr), (size)) +#else /* !HAVE_MEMSET_S && HAVE_EXPLICIT_BZERO */ +static inline void memzero(void *ptr, size_t size) +{ + volatile unsigned char * volatile p = ptr; + while (size--) { + *p++ = '\0'; + } +} +#endif /* !HAVE_MEMSET_S && !HAVE_EXPLICIT_BZERO */ -#define memzero(ptr, size) memset((void *)(ptr), 0, (size)) #define strzero(s) memzero(s, strlen(s)) /* warning: evaluates twice */ -#ifdef HAVE_DIRENT_H /* DIR_SYSV */ -# include -# define DIRECT dirent -#else -# ifdef HAVE_SYS_NDIR_H /* DIR_XENIX */ -# include -# endif -# ifdef HAVE_SYS_DIR_H /* DIR_??? */ -# include -# endif -# ifdef HAVE_NDIR_H /* DIR_BSD */ -# include -# endif -# define DIRECT direct -#endif +#include /* * Possible cases: @@ -232,30 +205,6 @@ char *strchr (), *strrchr (), *strtok (); # define SEEK_END 2 #endif -#ifdef STAT_MACROS_BROKEN -# define S_ISDIR(x) ((x) & S_IFMT) == S_IFDIR) -# define S_ISREG(x) ((x) & S_IFMT) == S_IFREG) -# ifdef S_IFLNK -# define S_ISLNK(x) ((x) & S_IFMT) == S_IFLNK) -# endif -#endif - -#ifndef S_ISLNK -#define S_ISLNK(x) (0) -#endif - -#if HAVE_LCHOWN -#define LCHOWN lchown -#else -#define LCHOWN chown -#endif - -#if HAVE_LSTAT -#define LSTAT lstat -#else -#define LSTAT stat -#endif - #if HAVE_TERMIOS_H # include # define STTY(fd, termio) tcsetattr(fd, TCSANOW, termio) @@ -355,8 +304,10 @@ extern char *strerror (); /* To be used for verified unused parameters */ #if defined(__GNUC__) && !defined(__STRICT_ANSI__) # define unused __attribute__((unused)) +# define format_attr(type, index, check) __attribute__((format (type, index, check))) #else # define unused +# define format_attr(type, index, check) #endif /* ! Arguments evaluated twice ! */ diff --git a/lib/getdef.c b/lib/getdef.c index fbaea2e1..2e6022fa 100644 --- a/lib/getdef.c +++ b/lib/getdef.c @@ -345,7 +345,6 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt) } if (getulong (d->value, &val) == 0) { - /* FIXME: we should have a getulong */ fprintf (shadow_logfd, _("configuration error - cannot parse %s value: '%s'"), item, d->value); diff --git a/lib/nss.c b/lib/nss.c index af3e95ac..06fa48e5 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -9,6 +9,7 @@ #include "prototypes.h" #include "../libsubid/subid.h" #include "shadowlog_internal.h" +#include "shadowlog.h" #define NSSWITCH "/etc/nsswitch.conf" @@ -29,7 +30,7 @@ bool nss_is_initialized() { return atomic_load(&nss_init_completed); } -void nss_exit() { +static void nss_exit(void) { if (nss_is_initialized() && subid_nss) { dlclose(subid_nss->handle); free(subid_nss); @@ -38,10 +39,11 @@ void nss_exit() { } // nsswitch_path is an argument only to support testing. -void nss_init(char *nsswitch_path) { +void nss_init(const char *nsswitch_path) { FILE *nssfp = NULL; char *line = NULL, *p, *token, *saveptr; size_t len = 0; + FILE *shadow_logfd = log_get_logfd(); if (atomic_flag_test_and_set(&nss_init_started)) { // Another thread has started nss_init, wait for it to complete @@ -57,7 +59,7 @@ void nss_init(char *nsswitch_path) { // subid: files nssfp = fopen(nsswitch_path, "r"); if (!nssfp) { - fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); + fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path); atomic_store(&nss_init_completed, true); return; } diff --git a/lib/prototypes.h b/lib/prototypes.h index 6f80df82..bd832f49 100644 --- a/lib/prototypes.h +++ b/lib/prototypes.h @@ -159,12 +159,12 @@ extern int getlong (const char *numstr, /*@out@*/long int *result); extern int get_pid (const char *pidstr, pid_t *pid); /* getrange */ -extern int getrange (char *range, +extern int getrange (const char *range, unsigned long *min, bool *has_min, unsigned long *max, bool *has_max); /* gettime.c */ -extern time_t gettime (); +extern time_t gettime (void); /* get_uid.c */ extern int get_uid (const char *uidstr, uid_t *uid); @@ -242,8 +242,8 @@ extern /*@null@*//*@only@*/struct passwd *get_my_pwent (void); /* nss.c */ #include -extern void nss_init(char *nsswitch_path); -extern bool nss_is_initialized(); +extern void nss_init(const char *nsswitch_path); +extern bool nss_is_initialized(void); struct subid_nss_ops { /* @@ -293,7 +293,7 @@ struct subid_nss_ops { void *handle; }; -extern struct subid_nss_ops *get_subid_nss_handle(); +extern struct subid_nss_ops *get_subid_nss_handle(void); /* pam_pass_non_interactive.c */ @@ -324,12 +324,12 @@ extern struct passwd *prefix_getpwuid(uid_t uid); extern struct passwd *prefix_getpwnam(const char* name); extern struct spwd *prefix_getspnam(const char* name); extern struct group *prefix_getgr_nam_gid(const char *grname); -extern void prefix_setpwent(); -extern struct passwd* prefix_getpwent(); -extern void prefix_endpwent(); -extern void prefix_setgrent(); -extern struct group* prefix_getgrent(); -extern void prefix_endgrent(); +extern void prefix_setpwent(void); +extern struct passwd* prefix_getpwent(void); +extern void prefix_endpwent(void); +extern void prefix_setgrent(void); +extern struct group* prefix_getgrent(void); +extern void prefix_endgrent(void); /* pwd2spwd.c */ #ifndef USE_PAM @@ -480,7 +480,7 @@ extern int setutmpx (struct utmpx *utx); extern bool valid (const char *, const struct passwd *); /* xmalloc.c */ -extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size) +extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/void *xmalloc (size_t size) /*@ensures MaxSet(result) == (size - 1); @*/; extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *); extern void xfree(void *ap); diff --git a/lib/pwauth.h b/lib/pwauth.h index fb205b71..b610025d 100644 --- a/lib/pwauth.h +++ b/lib/pwauth.h @@ -11,6 +11,9 @@ * $Id$ */ +#ifndef _PWAUTH_H +#define _PWAUTH_H + #ifndef USE_PAM int pw_auth (const char *cipher, const char *user, @@ -41,3 +44,5 @@ int pw_auth (const char *cipher, #define PW_RLOGIN 202 #define PW_FTP 203 #define PW_REXEC 204 + +#endif /* _PWAUTH_H */ diff --git a/lib/run_part.c b/lib/run_part.c index 1ce06be0..bce11d37 100644 --- a/lib/run_part.c +++ b/lib/run_part.c @@ -8,9 +8,10 @@ #include #include #include +#include "run_part.h" #include "shadowlog_internal.h" -int run_part (char *script_path, char *name, char *action) +int run_part (char *script_path, const char *name, const char *action) { int pid; int wait_status; @@ -39,15 +40,15 @@ int run_part (char *script_path, char *name, char *action) return (1); } -int run_parts (char *directory, char *name, char *action) +int run_parts (const char *directory, const char *name, const char *action) { struct dirent **namelist; int scanlist; int n; - int execute_result; + int execute_result = 0; scanlist = scandir (directory, &namelist, 0, alphasort); - if (scanlist<0) { + if (scanlist<=0) { return (0); } diff --git a/lib/run_part.h b/lib/run_part.h index d3d80663..6422134c 100644 --- a/lib/run_part.h +++ b/lib/run_part.h @@ -1,2 +1,7 @@ -int run_part (char *script_path, char *name, char *action); -int run_parts (char *directory, char *name, char *action); +#ifndef _RUN_PART_H +#define _RUN_PART_H + +int run_part (char *script_path, const char *name, const char *action); +int run_parts (const char *directory, const char *name, const char *action); + +#endif /* _RUN_PART_H */ diff --git a/lib/selinux.c b/lib/selinux.c index f97b1fe5..ad639bd3 100644 --- a/lib/selinux.c +++ b/lib/selinux.c @@ -109,7 +109,7 @@ int reset_selinux_file_context (void) /* * Log callback for libselinux internal error reporting. */ -__attribute__((__format__ (printf, 2, 3))) +format_attr(printf, 2, 3) static int selinux_log_cb (int type, const char *fmt, ...) { va_list ap; char *buf; diff --git a/lib/semanage.c b/lib/semanage.c index 12401608..54f99623 100644 --- a/lib/semanage.c +++ b/lib/semanage.c @@ -27,6 +27,7 @@ #endif +format_attr(printf, 3, 4) static void semanage_error_callback (unused void *varg, semanage_handle_t *handle, const char *fmt, ...) diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c index 84a653d7..c6e5944c 100644 --- a/lib/sgetpwent.c +++ b/lib/sgetpwent.c @@ -35,8 +35,8 @@ struct passwd *sgetpwent (const char *buf) { static struct passwd pwent; static char pwdbuf[1024]; - register int i; - register char *cp; + int i; + char *cp; char *fields[NFIELDS]; /* diff --git a/lib/sgetspent.c b/lib/sgetspent.c index a35b6759..cbadb7e6 100644 --- a/lib/sgetspent.c +++ b/lib/sgetspent.c @@ -171,8 +171,7 @@ struct spwd *sgetspent (const char *string) if (fields[8][0] == '\0') { spwd.sp_flag = SHADOW_SP_FLAG_UNSET; - } else if (getlong (fields[8], &spwd.sp_flag) == 0) { - /* FIXME: add a getulong function */ + } else if (getulong (fields[8], &spwd.sp_flag) == 0) { return 0; } diff --git a/lib/shadow.c b/lib/shadow.c index 9e86b908..b628b657 100644 --- a/lib/shadow.c +++ b/lib/shadow.c @@ -305,8 +305,7 @@ static struct spwd *my_sgetspent (const char *string) if (fields[8][0] == '\0') { spwd.sp_flag = SHADOW_SP_FLAG_UNSET; } else { - if (getlong (fields[8], &spwd.sp_flag) == 0) { - /* FIXME: add a getulong function */ + if (getulong (fields[8], &spwd.sp_flag) == 0) { #ifdef USE_NIS if (nis_used) { spwd.sp_flag = SHADOW_SP_FLAG_UNSET; diff --git a/lib/shadowlog.h b/lib/shadowlog.h index bf8be855..52a0912f 100644 --- a/lib/shadowlog.h +++ b/lib/shadowlog.h @@ -36,6 +36,5 @@ extern void log_set_progname(const char *); extern const char *log_get_progname(void); extern void log_set_logfd(FILE *fd); extern FILE *log_get_logfd(void); -extern void log_dolog(char *, ...); #endif diff --git a/lib/shadowlog_internal.h b/lib/shadowlog_internal.h index 7f25407b..72a0e0c3 100644 --- a/lib/shadowlog_internal.h +++ b/lib/shadowlog_internal.h @@ -1,2 +1,7 @@ +#ifndef _SHADOWLOG_INTERNAL_H +#define _SHADOWLOG_INTERNAL_H + extern const char *shadow_progname; /* Program name showed in error messages */ extern FILE *shadow_logfd; /* file descripter to which error messages are printed */ + +#endif /* _SHADOWLOG_INTERNAL_H */ diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 9ca70b8b..bd1af26b 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -17,6 +17,8 @@ #include #include +#define ID_SIZE 31 + /* * subordinate_dup: create a duplicate range * @@ -155,7 +157,7 @@ static struct commonio_ops subordinate_ops = { * * Returns true if @owner owns any subuid ranges, false otherwise. */ -static const bool range_exists(struct commonio_db *db, const char *owner) +static bool range_exists(struct commonio_db *db, const char *owner) { const struct subordinate_range *range; commonio_rewind(db); @@ -745,6 +747,40 @@ gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count) return start == ULONG_MAX ? (gid_t) -1 : start; } +static bool get_owner_id(const char *owner, enum subid_type id_type, char *id) +{ + struct passwd *pw; + struct group *gr; + int ret = 0; + + switch (id_type) { + case ID_TYPE_UID: + pw = getpwnam(owner); + if (pw == NULL) { + return false; + } + ret = snprintf(id, ID_SIZE, "%u", pw->pw_uid); + if (ret < 0 || ret >= ID_SIZE) { + return false; + } + break; + case ID_TYPE_GID: + gr = getgrnam(owner); + if (gr == NULL) { + return false; + } + ret = snprintf(id, ID_SIZE, "%u", gr->gr_gid); + if (ret < 0 || ret >= ID_SIZE) { + return false; + } + break; + default: + return false; + } + + return true; +} + /* * int list_owner_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges) * @@ -770,6 +806,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r enum subid_status status; int count = 0; struct subid_nss_ops *h; + char id[ID_SIZE]; + bool have_owner_id; *in_ranges = NULL; @@ -798,6 +836,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r return -1; } + have_owner_id = get_owner_id(owner, id_type, id); + commonio_rewind(db); while ((range = commonio_next(db)) != NULL) { if (0 == strcmp(range->owner, owner)) { @@ -808,6 +848,16 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r goto out; } } + + // Let's also compare with the ID + if (have_owner_id == true && 0 == strcmp(range->owner, id)) { + if (!append_range(&ranges, range, count++)) { + free(ranges); + ranges = NULL; + count = -1; + goto out; + } + } } out: -- cgit v1.2.1