diff options
author | Karel Zak | 2013-02-13 13:44:34 +0100 |
---|---|---|
committer | Karel Zak | 2013-02-13 13:44:34 +0100 |
commit | d86918b6eb854de38a6e02b81466fcc0419cef98 (patch) | |
tree | cd3c94684bbe241411918306bbfb76b2af7d9cc8 /login-utils | |
parent | libmount: correctly propagate ambivalent blkid probing results (diff) | |
download | kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.tar.gz kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.tar.xz kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.zip |
chsh-chfn: fix bugs, improve compilation
* rename --disable-require-password to --disable-chsh-chfn-password
* is_local() is really unnecessary when linked with libuser
* fix set_value_libuser() returns codes
* fix chfn.c, there is no 'pw', but oldf.pw
* don't link with PAM when--disable-chsh-chfn-password
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils')
-rw-r--r-- | login-utils/Makemodule.am | 23 | ||||
-rw-r--r-- | login-utils/auth.c | 6 | ||||
-rw-r--r-- | login-utils/chfn.c | 18 | ||||
-rw-r--r-- | login-utils/chsh.c | 11 | ||||
-rw-r--r-- | login-utils/libuser.c | 7 |
5 files changed, 38 insertions, 27 deletions
diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am index 0c5711841..8283935f9 100644 --- a/login-utils/Makemodule.am +++ b/login-utils/Makemodule.am @@ -59,16 +59,17 @@ dist_man_MANS += \ login-utils/chfn.1 \ login-utils/chsh.1 -chfn_chsh_sources = \ - login-utils/islocal.c \ - login-utils/islocal.h \ - login-utils/auth.c \ - login-utils/auth.h \ - login-utils/setpwnam.c \ - login-utils/setpwnam.h +chfn_chsh_sources = chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS) chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS) -chfn_chsh_ldadd = libcommon.la -lpam -lpam_misc +chfn_chsh_ldadd = libcommon.la + +if CHFN_CHSH_PASSWORD +chfn_chsh_ldadd += -lpam -lpam_misc +chfn_chsh_sources += \ + login-utils/auth.c \ + login-utils/auth.h +endif if HAVE_USER chfn_chsh_ldflags += $(LIBUSER_LIBS) @@ -76,6 +77,12 @@ chfn_chsh_cflags += $(LIBUSER_CFLAGS) chfn_chsh_sources+= \ login-utils/libuser.c \ login-utils/libuser.h +else +chfn_chsh_sources += \ + login-utils/islocal.c \ + login-utils/islocal.h \ + login-utils/setpwnam.c \ + login-utils/setpwnam.h endif if HAVE_SELINUX diff --git a/login-utils/auth.c b/login-utils/auth.c index 373bd22c1..18312d4f1 100644 --- a/login-utils/auth.c +++ b/login-utils/auth.c @@ -9,11 +9,10 @@ */ #include "auth.h" - #include "pamfail.h" -int auth_pam(const char *service_name, uid_t uid, const char *username) { -#ifdef REQUIRE_PASSWORD +int auth_pam(const char *service_name, uid_t uid, const char *username) +{ if (uid != 0) { pam_handle_t *pamh = NULL; struct pam_conv conv = { misc_conv, NULL }; @@ -43,5 +42,4 @@ int auth_pam(const char *service_name, uid_t uid, const char *username) { * session-oriented activity... */ } return TRUE; -#endif /* REQUIRE_PASSWORD */ } diff --git a/login-utils/chfn.c b/login-utils/chfn.c index 7ea3f3e3b..95e8d9d59 100644 --- a/login-utils/chfn.c +++ b/login-utils/chfn.c @@ -50,7 +50,7 @@ #ifdef HAVE_LIBUSER # include <libuser/user.h> # include "libuser.h" -#else +#elif CHFN_CHSH_PASSWORD # include "auth.h" #endif @@ -133,8 +133,10 @@ int main(int argc, char **argv) newf.username); } +#ifndef HAVE_LIBUSER if (!(is_local(oldf.username))) errx(EXIT_FAILURE, _("can only change local entries")); +#endif #ifdef HAVE_LIBSELINUX if (is_selinux_enabled() > 0) { @@ -158,18 +160,18 @@ int main(int argc, char **argv) #ifdef HAVE_LIBUSER /* If we're setuid and not really root, disallow the password change. */ - if (geteuid() != getuid() && uid != pw->pw_uid) { + if (geteuid() != getuid() && uid != oldf.pw->pw_uid) { #else - if (uid != 0 && uid != pw->pw_uid) { + if (uid != 0 && uid != oldf.pw->pw_uid) { #endif errno = EACCES; err(EXIT_FAILURE, _("running UID doesn't match UID of user we're " - "altering, change denied"));); + "altering, change denied")); } printf(_("Changing finger information for %s.\n"), oldf.username); -#ifndef HAVE_LIBUSER +#if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD) if(!auth_pam("chfn", uid, oldf.username)) { return EXIT_FAILURE; } @@ -460,14 +462,14 @@ static int save_new_data(struct finfo *pinfo) } #ifdef HAVE_LIBUSER - if(set_value_libuser("chfn", pinfo->pw->pw_name, pinfo->pw->pw_uid, - LU_GECOS, gecos)) { + if (set_value_libuser("chfn", pinfo->pw->pw_name, pinfo->pw->pw_uid, + LU_GECOS, gecos) < 0) { #else /* HAVE_LIBUSER */ /* write the new struct passwd to the passwd file. */ pinfo->pw->pw_gecos = gecos; if (setpwnam(pinfo->pw) < 0) { + warn("setpwnam failed"); #endif - warn("setpwnam"); printf(_ ("Finger information *NOT* changed. Try again later.\n")); return -1; diff --git a/login-utils/chsh.c b/login-utils/chsh.c index 66800ca94..e14efe088 100644 --- a/login-utils/chsh.c +++ b/login-utils/chsh.c @@ -52,7 +52,7 @@ #ifdef HAVE_LIBUSER # include <libuser/user.h> # include "libuser.h" -#else +#elif CHFN_CHSH_PASSWORD # include "auth.h" #endif @@ -110,8 +110,10 @@ int main(int argc, char **argv) info.username); } +#ifndef HAVE_LIBUSER if (!(is_local(pw->pw_name))) errx(EXIT_FAILURE, _("can only change local entries.")); +#endif #ifdef HAVE_LIBSELINUX if (is_selinux_enabled() > 0) { @@ -160,12 +162,11 @@ int main(int argc, char **argv) printf(_("Changing shell for %s.\n"), pw->pw_name); -#ifndef HAVE_LIBUSER +#if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD) if(!auth_pam("chsh", uid, pw->pw_name)) { return EXIT_FAILURE; } #endif - if (!shell) { shell = prompt(_("New shell"), oldshell); if (!shell) @@ -179,7 +180,9 @@ int main(int argc, char **argv) errx(EXIT_SUCCESS, _("Shell not changed.")); #ifdef HAVE_LIBUSER - set_value_libuser("chsh", pw->pw_name, uid, LU_LOGINSHELL, shell); + if (set_value_libuser("chsh", pw->pw_name, uid, + LU_LOGINSHELL, shell) < 0) + errx(EXIT_FAILURE, _("Shell *NOT* changed. Try again later.")); #else pw->pw_shell = shell; if (setpwnam(pw) < 0) diff --git a/login-utils/libuser.c b/login-utils/libuser.c index 53c7ac9e2..b11fadc1c 100644 --- a/login-utils/libuser.c +++ b/login-utils/libuser.c @@ -23,7 +23,7 @@ static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid, static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid, const char *username) { - if(!lu_uses_elevated_privileges(ctx)) { + if (!lu_uses_elevated_privileges(ctx)) { /* Drop privileges */ if (setegid(getgid()) == -1) err(EXIT_FAILURE, _("Couldn't drop group privileges")); @@ -47,7 +47,7 @@ int set_value_libuser(const char *service_name, const char *username, uid_t uid, errx(EXIT_FAILURE, _("libuser initialization failed: %s."), lu_strerror(error)); - if(!auth_lu(service_name, ctx, uid, username)) { + if (!auth_lu(service_name, ctx, uid, username)) { errno = EACCES; err(EXIT_FAILURE, _("changing user attribute failed")); } @@ -67,5 +67,6 @@ int set_value_libuser(const char *service_name, const char *username, uid_t uid, } lu_ent_free(ent); lu_end(ctx); - return TRUE; + + return 0; } |