chsh-chfn: fix bugs, improve compilation

* rename --disable-require-password to --disable-chsh-chfn-password * is_local() is really unnecessary when linked with libuser * fix set_value_libuser() returns codes * fix chfn.c, there is no 'pw', but oldf.pw * don't link with PAM when--disable-chsh-chfn-password Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak 2013-02-13 13:44:34 +0100
committer: Karel Zak 2013-02-13 13:44:34 +0100
commit: d86918b6eb854de38a6e02b81466fcc0419cef98 (patch)
tree: cd3c94684bbe241411918306bbfb76b2af7d9cc8 /login-utils
parent: libmount: correctly propagate ambivalent blkid probing results (diff)
download: kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.tar.gz
kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.tar.xz
kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.zip
5 files changed, 38 insertions, 27 deletions
diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
index 0c5711841..8283935f9 100644
--- a/login-utils/Makemodule.am
+++ b/login-utils/Makemodule.am
@@ -59,16 +59,17 @@ dist_man_MANS += \
 	login-utils/chfn.1 \
 	login-utils/chsh.1
 
-chfn_chsh_sources = \
-	login-utils/islocal.c \
-	login-utils/islocal.h \
-	login-utils/auth.c \
-	login-utils/auth.h \
-	login-utils/setpwnam.c \
-	login-utils/setpwnam.h
+chfn_chsh_sources =
 chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)
 chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS)
-chfn_chsh_ldadd = libcommon.la -lpam -lpam_misc
+chfn_chsh_ldadd = libcommon.la
+
+if CHFN_CHSH_PASSWORD
+chfn_chsh_ldadd += -lpam -lpam_misc
+chfn_chsh_sources += \
+	login-utils/auth.c \
+	login-utils/auth.h
+endif
 
 if HAVE_USER
 chfn_chsh_ldflags += $(LIBUSER_LIBS)
@@ -76,6 +77,12 @@ chfn_chsh_cflags += $(LIBUSER_CFLAGS)
 chfn_chsh_sources+= \
 	login-utils/libuser.c \
 	login-utils/libuser.h
+else
+chfn_chsh_sources += \
+	login-utils/islocal.c \
+	login-utils/islocal.h \
+	login-utils/setpwnam.c \
+	login-utils/setpwnam.h
 endif
 
 if HAVE_SELINUX
diff --git a/login-utils/auth.c b/login-utils/auth.c
index 373bd22c1..18312d4f1 100644
--- a/login-utils/auth.c
+++ b/login-utils/auth.c
@@ -9,11 +9,10 @@
  */
 
 #include "auth.h"
-
 #include "pamfail.h"
 
-int auth_pam(const char *service_name, uid_t uid, const char *username) {
-#ifdef REQUIRE_PASSWORD
+int auth_pam(const char *service_name, uid_t uid, const char *username)
+{
 	if (uid != 0) {
 		pam_handle_t *pamh = NULL;
 		struct pam_conv conv = { misc_conv, NULL };
@@ -43,5 +42,4 @@ int auth_pam(const char *service_name, uid_t uid, const char *username) {
 		 * session-oriented activity...  */
 	}
 	return TRUE;
-#endif	/* REQUIRE_PASSWORD */
 }
diff --git a/login-utils/chfn.c b/login-utils/chfn.c
index 7ea3f3e3b..95e8d9d59 100644
--- a/login-utils/chfn.c
+++ b/login-utils/chfn.c
@@ -50,7 +50,7 @@
 #ifdef HAVE_LIBUSER
 # include <libuser/user.h>
 # include "libuser.h"
-#else
+#elif CHFN_CHSH_PASSWORD
 # include "auth.h"
 #endif
 
@@ -133,8 +133,10 @@ int main(int argc, char **argv)
 			     newf.username);
 	}
 
+#ifndef HAVE_LIBUSER
 	if (!(is_local(oldf.username)))
 		errx(EXIT_FAILURE, _("can only change local entries"));
+#endif
 
 #ifdef HAVE_LIBSELINUX
 	if (is_selinux_enabled() > 0) {
@@ -158,18 +160,18 @@ int main(int argc, char **argv)
 
 #ifdef HAVE_LIBUSER
 	/* If we're setuid and not really root, disallow the password change. */
-	if (geteuid() != getuid() && uid != pw->pw_uid) {
+	if (geteuid() != getuid() && uid != oldf.pw->pw_uid) {
 #else
-	if (uid != 0 && uid != pw->pw_uid) {
+	if (uid != 0 && uid != oldf.pw->pw_uid) {
 #endif
 		errno = EACCES;
 		err(EXIT_FAILURE, _("running UID doesn't match UID of user we're "
-		      "altering, change denied")););
+		      "altering, change denied"));
 	}
 
 	printf(_("Changing finger information for %s.\n"), oldf.username);
 
-#ifndef HAVE_LIBUSER
+#if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD)
 	if(!auth_pam("chfn", uid, oldf.username)) {
 		return EXIT_FAILURE;
 	}
@@ -460,14 +462,14 @@ static int save_new_data(struct finfo *pinfo)
 	}
 
 #ifdef HAVE_LIBUSER
-	if(set_value_libuser("chfn", pinfo->pw->pw_name, pinfo->pw->pw_uid,
-			LU_GECOS, gecos)) {
+	if (set_value_libuser("chfn", pinfo->pw->pw_name, pinfo->pw->pw_uid,
+			LU_GECOS, gecos) < 0) {
 #else /* HAVE_LIBUSER */
 	/* write the new struct passwd to the passwd file. */
 	pinfo->pw->pw_gecos = gecos;
 	if (setpwnam(pinfo->pw) < 0) {
+		warn("setpwnam failed");
 #endif
-		warn("setpwnam");
 		printf(_
 		       ("Finger information *NOT* changed.  Try again later.\n"));
 		return -1;
diff --git a/login-utils/chsh.c b/login-utils/chsh.c
index 66800ca94..e14efe088 100644
--- a/login-utils/chsh.c
+++ b/login-utils/chsh.c
@@ -52,7 +52,7 @@
 #ifdef HAVE_LIBUSER
 # include <libuser/user.h>
 # include "libuser.h"
-#else
+#elif CHFN_CHSH_PASSWORD
 # include "auth.h"
 #endif
 
@@ -110,8 +110,10 @@ int main(int argc, char **argv)
 			     info.username);
 	}
 
+#ifndef HAVE_LIBUSER
 	if (!(is_local(pw->pw_name)))
 		errx(EXIT_FAILURE, _("can only change local entries."));
+#endif
 
 #ifdef HAVE_LIBSELINUX
 	if (is_selinux_enabled() > 0) {
@@ -160,12 +162,11 @@ int main(int argc, char **argv)
 
 	printf(_("Changing shell for %s.\n"), pw->pw_name);
 
-#ifndef HAVE_LIBUSER
+#if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD)
 	if(!auth_pam("chsh", uid, pw->pw_name)) {
 		return EXIT_FAILURE;
 	}
 #endif
-
 	if (!shell) {
 		shell = prompt(_("New shell"), oldshell);
 		if (!shell)
@@ -179,7 +180,9 @@ int main(int argc, char **argv)
 		errx(EXIT_SUCCESS, _("Shell not changed."));
 
 #ifdef HAVE_LIBUSER
-	set_value_libuser("chsh", pw->pw_name, uid, LU_LOGINSHELL, shell);
+	if (set_value_libuser("chsh", pw->pw_name, uid,
+	    LU_LOGINSHELL, shell) < 0)
+		errx(EXIT_FAILURE, _("Shell *NOT* changed.  Try again later."));
 #else
 	pw->pw_shell = shell;
 	if (setpwnam(pw) < 0)
diff --git a/login-utils/libuser.c b/login-utils/libuser.c
index 53c7ac9e2..b11fadc1c 100644
--- a/login-utils/libuser.c
+++ b/login-utils/libuser.c
@@ -23,7 +23,7 @@ static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid,
 
 static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid,
 			const char *username) {
-	if(!lu_uses_elevated_privileges(ctx)) {
+	if (!lu_uses_elevated_privileges(ctx)) {
 		/* Drop privileges */
 		if (setegid(getgid()) == -1)
 			err(EXIT_FAILURE, _("Couldn't drop group privileges"));
@@ -47,7 +47,7 @@ int set_value_libuser(const char *service_name, const char *username, uid_t uid,
 		errx(EXIT_FAILURE, _("libuser initialization failed: %s."),
 			lu_strerror(error));
 
-	if(!auth_lu(service_name, ctx, uid, username)) {
+	if (!auth_lu(service_name, ctx, uid, username)) {
 		errno = EACCES;
 		err(EXIT_FAILURE, _("changing user attribute failed"));
 	}
@@ -67,5 +67,6 @@ int set_value_libuser(const char *service_name, const char *username, uid_t uid,
 	}
 	lu_ent_free(ent);
 	lu_end(ctx);
-	return TRUE;
+
+	return 0;
 }
author	Karel Zak	2013-02-13 13:44:34 +0100
committer	Karel Zak	2013-02-13 13:44:34 +0100
commit	d86918b6eb854de38a6e02b81466fcc0419cef98 (patch)
tree	cd3c94684bbe241411918306bbfb76b2af7d9cc8 /login-utils
parent	libmount: correctly propagate ambivalent blkid probing results (diff)
download	kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.tar.gz kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.tar.xz kernel-qcow2-util-linux-d86918b6eb854de38a6e02b81466fcc0419cef98.zip