shadow/libmisc/Makefile.am


EXTRA_DIST = .indent.pro xgetXXbyYY.c

AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)

noinst_LTLIBRARIES = libmisc.la

libmisc_la_CFLAGS = $(LIBBSD_CFLAGS)
libmisc_la_SOURCES = \
	addgrps.c \
	age.c \
	agetpass.c \
	alloc.c \
	audit_help.c \
	basename.c \
	bit.c \
	chkname.c \
	chkname.h \
	chowndir.c \
	chowntty.c \
	cleanup.c \
	cleanup_group.c \
	cleanup_user.c \
	console.c \
	copydir.c \
	date_to_str.c \
	entry.c \
	env.c \
	failure.c \
	failure.h \
	find_new_gid.c \
	find_new_uid.c \
	find_new_sub_gids.c \
	find_new_sub_uids.c \
	getdate.h \
	getdate.y \
	getgr_nam_gid.c \
	getrange.c \
	gettime.c \
	hushed.c \
	idmapping.h \
	idmapping.c \
	isexpired.c \
	limits.c \
	list.c log.c \
	loginprompt.c \
	mail.c \
	mempcpy.c \
	motd.c \
	myname.c \
	obscure.c \
	pam_pass.c \
	pam_pass_non_interactive.c \
	prefix_flag.c \
	pwd2spwd.c \
	pwdcheck.c \
	pwd_init.c \
	csrand.c \
	remove_tree.c \
	rlogin.c \
	root_flag.c \
	salt.c \
	setugid.c \
	setupenv.c \
	shell.c \
	stpecpy.c \
	stpeprintf.c \
	strtoday.c \
	sub.c \
	sulog.c \
	ttytype.c \
	tz.c \
	ulimit.c \
	user_busy.c \
	utmp.c \
	valid.c \
	xgetpwnam.c \
	xgetpwuid.c \
	xgetgrnam.c \
	xgetgrgid.c \
	xgetspnam.c \
	yesno.c

if WITH_BTRFS
libmisc_la_SOURCES += btrfs.c
endif
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
* lib/prototypes.h, configure.in, libmisc/Makefile.am, libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c, libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(), xgetgrgid(), and xgetspnam(). They allocate memory for the returned structure and are more robust to successive calls. They are implemented with the libc's getxxyyy_r() functions if available. * libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c, libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c, libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c, src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c, src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c, src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/groupadd.c, src/chage.c, src/login.c, src/suauth.c, src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the usage of one of the getpwnam(), getpwuid(), getgrnam(), getgrgid(), and getspnam() functions. It was noticed on http://bugs.debian.org/341230 that chfn and chsh use a passwd structure after calling a pam function, which result in using information from the passwd structure requested by pam, not the original one. It is much easier to use the new xget... functions to avoid these issues. I've checked which call to the original get... functions could be left (reducing the scope of the structure if possible), and I've left comments to ease future reviews (e.g. /* local, no need for xgetpwnam /). Note: the getpwent/getgrent calls should probably be checked also. src/groupdel.c, src/expiry.c: Fix typos in comments. * src/groupmod.c: Re-indent. * libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c, lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup functions (used by the xget... functions) from the <xx>io.c files to the new <xx>mem.c files. This avoid linking some utils against the SELinux library. 2007-11-19 04:45:26 +05:30			`EXTRA_DIST = .indent.pro xgetXXbyYY.c`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
Fix out of tree builds with respect to libsubid includes There's a better way to do this, and I hope to clean that up, but this fixes out of tree builds for me right now. Closes #386 Signed-off-by: Serge Hallyn <serge@hallyn.com> 2021-07-24 04:21:13 +05:30			`AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
try again to fix libmisc sharing problem Issue #297 reported seeing * Warning: Linking the shared library libsubid.la against the * static library ../libmisc/libmisc.a is not portable! which commit b5fb1b38eea2fb0489ed088c82daf6700e72363e was supposed to fix. But a few commits later it's back. So try to fix it in the way the bug reporter suggested. This broke builds some other ways, namely a few missing library specifications, so add those. Signed-off-by: Serge Hallyn <serge@hallyn.com> 2021-02-01 10:14:09 +05:30			`noinst_LTLIBRARIES = libmisc.la`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
agetpass: Hook into build-system Signed-off-by: Guillem Jover <guillem@hadrons.org> Signed-off-by: Alejandro Colomar <alx@kernel.org> 2022-11-21 18:30:13 +05:30			`libmisc_la_CFLAGS = $(LIBBSD_CFLAGS)`
try again to fix libmisc sharing problem Issue #297 reported seeing * Warning: Linking the shared library libsubid.la against the * static library ../libmisc/libmisc.a is not portable! which commit b5fb1b38eea2fb0489ed088c82daf6700e72363e was supposed to fix. But a few commits later it's back. So try to fix it in the way the bug reporter suggested. This broke builds some other ways, namely a few missing library specifications, so add those. Signed-off-by: Serge Hallyn <serge@hallyn.com> 2021-02-01 10:14:09 +05:30			`libmisc_la_SOURCES = \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`addgrps.c \`
			`age.c \`
libmisc: agetpass(), erase_pass(): Add functions for getting passwords safely There are several issues with getpass(3). Many implementations of it share the same issues that the infamous gets(3). In glibc it's not so terrible, since it's a wrapper around getline(3). But it still has an important bug: If the password is long enough, getline(3) will realloc(3) memory, and prefixes of the password will be laying around in some deallocated memory. See the getpass(3) manual page for more details, and especially the commit that marked it as deprecated, which links to a long discussion in the linux-man@ mailing list. So, readpassphrase(3bsd) is preferrable, which is provided by libbsd on GNU systems. However, using readpassphrase(3) directly is a bit verbose, so we can write our own wrapper with a simpler interface similar to that of getpass(3). One of the benefits of writing our own interface around readpassphrase(3) is that we can hide there any checks that should be done always and which would be error-prone to repeat every time. For example, check that there was no truncation in the password. Also, use malloc(3) to get the buffer, instead of using a global buffer. We're not using a multithreaded program (and it wouldn't make sense to do so), but it's nice to know that the visibility of our passwords is as limited as possible. erase_pass() is a clean-up function that handles all clean-up correctly, including zeroing the entire buffer, and then free(3)ing the memory. By using [[gnu::malloc(erase_pass)]], we make sure that we don't leak the buffers in any case, since the compiler will be able to enforce clean up. Link: <https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit?id=7ca189099d73bde954eed2d7fc21732bcc8ddc6b> Reported-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> 2022-09-27 01:52:24 +05:30			`agetpass.c \`
libmisc: Move xmalloc.c to alloc.c We'll expand the contents in a following commit, so let's move the file to a more generic name, have a dedicated header, and update includes. Signed-off-by: Alejandro Colomar <alx@kernel.org> Use the new header for xstrdup() Signed-off-by: Alejandro Colomar <alx@kernel.org> 2023-02-20 01:10:16 +05:30			`alloc.c \`
[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30			`audit_help.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`basename.c \`
Add bit manipulation functions We do need the unoptimized version of csrand_uniform() for high values of `n`, since the optimized version depends on having __int128, and it's not available on several platforms, including ARMv7, IA32, and MK68k. This reverts commit 848f53c1d3c1362c86d3baab6906e1e4419d2634; however, I applied some tweaks to the reverted commit. Reported-by: Adam Sampson <ats@offog.org> Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> 2023-01-30 17:13:34 +05:30			`bit.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`chkname.c \`
[svn-upgrade] Integrating new upstream version, shadow (4.0.0) 2007-10-07 17:14:51 +05:30			`chkname.h \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`chowndir.c \`
			`chowntty.c \`
* libmisc/audit_help.c: Added audit_logger_message() to log messages not related to an account. * lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c, libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of cleanup functions to be executed on exit. * NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only report success to audit and syslog when the changes are committed to the system. Do not log failure for on-memory changes to audit or syslog. Make sure failures and inconsistencies will be reported in case of unexpected failures (e.g. malloc failures). Only specify an audit message if it is not implicitly implied by the type argument. Removed fail_exit (replaced by atexit(do_cleanups)). 2008-12-23 03:22:43 +05:30			`cleanup.c \`
			`cleanup_group.c \`
			`cleanup_user.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`console.c \`
			`copydir.c \`
Have a single definition of date_to_str() PARAMETERS: According to the C2x charter, I reordered the parameters 'size' and 'buf' from previously existing date_to_str() definitions. C2x charter: > 15. Application Programming Interfaces (APIs) should be > self-documenting when possible. In particular, the order of > parameters in function declarations should be arranged such that > the size of an array appears before the array. The purpose is to > allow Variable-Length Array (VLA) notation to be used. This not > only makes the code's purpose clearer to human readers, but also > makes static analysis easier. Any new APIs added to the Standard > should take this into consideration. I used 'long' for the date parameter, as some uses of the function need to pass a negative value meaning "never". FUNCTION BODY: I didn't check '#ifdef HAVE_STRFTIME', which old definitions did, since strftime(3) is guaranteed by the C89 standard, and all of the conversion specifiers that we use are also specified by that standard, so we don't need any extensions at all. Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> 2021-12-22 20:02:17 +05:30			`date_to_str.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`entry.c \`
			`env.c \`
			`failure.c \`
[svn-upgrade] Integrating new upstream version, shadow (4.0.0) 2007-10-07 17:14:51 +05:30			`failure.h \`
* libmisc/find_new_ids.c, libmisc/find_new_gid.c, libmisc/find_new_uid.c, libmisc/Makefile.am, lib/prototypes.h: Split find_new_ids.c into find_new_gid.c and find_new_uid.c to ease the description of login.defs variables in the different tools. 2008-06-16 00:03:52 +05:30			`find_new_gid.c \`
			`find_new_uid.c \`
Implement find_new_sub_uids find_new_sub_gids Functions for finding new subordinate uid and gids ranges for use with useradd. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> 2013-01-22 14:45:05 +05:30			`find_new_sub_gids.c \`
			`find_new_sub_uids.c \`
[svn-upgrade] Integrating new upstream version, shadow (4.0.0) 2007-10-07 17:14:51 +05:30			`getdate.h \`
[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30			`getdate.y \`
* src/useradd.c, src/usermod.c, libmisc/getgr_nam_gid.c, libmisc/Makefile.am, lib/prototypes.h: Moved getgr_nam_gid() from src/useradd.c and src/usermod.c to libmisc/getgr_nam_gid.c. 2009-04-11 04:04:10 +05:30			`getgr_nam_gid.c \`
* libmisc/Makefile.am, libmisc/getrange.c: Added function to parse a range (useful for lastlog). 2008-06-15 02:31:11 +05:30			`getrange.c \`
Make the sp_lstchg shadow field reproducible. The third field in the /etc/shadow file (sp_lstchg) contains the date of the last password change expressed as the number of days since Jan 1, 1970. As this is a relative time, creating a user today will result in: username:17238:0:99999:7::: whilst creating the same user tomorrow will result in: username:17239:0:99999:7::: This has an impact for the Reproducible Builds[0] project where we aim to be independent of as many elements the build environment as possible, including the current date. This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1] environment variable (instead of Jan 1, 1970) if valid. [0] https://reproducible-builds.org/ [1] https://reproducible-builds.org/specs/source-date-epoch/ Signed-off-by: Chris Lamb <lamby@debian.org> 2017-03-15 16:06:21 +05:30			`gettime.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`hushed.c \`
newuidmap,newgidmap: New suid helpers for using subordinate uids and gids Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> 2013-01-22 14:50:07 +05:30			`idmapping.h \`
			`idmapping.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`isexpired.c \`
			`limits.c \`
			`list.c log.c \`
			`loginprompt.c \`
			`mail.c \`
Add mempcpy(3) We'll use it for implementing stpecpy(), and may be interesting to have it around. Signed-off-by: Alejandro Colomar <alx@kernel.org> 2023-02-11 02:46:21 +05:30			`mempcpy.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`motd.c \`
			`myname.c \`
			`obscure.c \`
			`pam_pass.c \`
spelling: interactive 2017-10-23 01:54:32 +05:30			`pam_pass_non_interactive.c \`
add --prefix option 2016-05-15 19:19:39 +05:30			`prefix_flag.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`pwd2spwd.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001016) 2007-10-07 17:14:44 +05:30			`pwdcheck.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`pwd_init.c \`
Move csrand() to a new file csrand.c A set of APIs similar to arc4random(3) is complex enough to deserve its own file. Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Cristian Rodríguez <crrodriguez@opensuse.org> Cc: Adhemerval Zanella <adhemerval.zanella@linaro.org> Cc: Björn Esser <besser82@fedoraproject.org> Cc: Yann Droneaud <ydroneaud@opteya.com> Cc: Joseph Myers <joseph@codesourcery.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> 2022-12-31 00:16:09 +05:30			`csrand.c \`
* po/POTFILES.in, libmisc/Makefile.am, lib/prototypes.h, libmisc/remove_tree.c, libmisc/copydir.c: Split remove_tree() outside of copydir.c to avoid linking against libacl or libattr. 2010-03-31 03:24:29 +05:30			`remove_tree.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`rlogin.c \`
* lib/prototypes.h, libmisc/Makefile.am, libmisc/root_flag.c, po/POTFILES.in: Add process_root_flag() to process the --root option and chroot so that the chroot config is used and changes are applied to the chroot. 2011-11-07 00:07:19 +05:30			`root_flag.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`salt.c \`
			`setugid.c \`
			`setupenv.c \`
			`shell.c \`
Add stpecpy() strncat(3), strlcpy(3), and many other functions are often misused for catenating strings, when they should never be used for that. strlcat(3) is good. However, there's no equivalent to strlcat(3) similar to snprintf(3). Let's add stpecpy(), which is similar to strlcat(3), but it is also the only function compatible with stpeprintf(), which makes it more useful than strlcat(3). Signed-off-by: Alejandro Colomar <alx@kernel.org> 2023-02-11 03:04:37 +05:30			`stpecpy.c \`
Add stpeprintf() [v]stpeprintf() are similar to [v]snprintf(3), but they allow chaining. [v]snprintf(3) are very dangerous for catenating strings, since the obvious ways to do it invoke Undefined Behavior, and the ways that avoid UB are very error-prone. Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org> 2023-01-30 04:49:56 +05:30			`stpeprintf.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`strtoday.c \`
			`sub.c \`
			`sulog.c \`
			`ttytype.c \`
			`tz.c \`
			`ulimit.c \`
* src/userdel.c, libmisc/user_busy.c, libmisc/Makefile.am, lib/prototypes.h: Move user_busy() to libmisc/user_busy.c. * NEWS, libmisc/user_busy.c: On Linux, do not check if an user is logged in with utmp, but check if the user is running some processes. If not on Linux, continue to search for an utmp record, but make sure the process recorded in the utmp entry is still running. 2009-05-19 00:02:17 +05:30			`user_busy.c \`
[svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 17:14:38 +05:30			`utmp.c \`
			`valid.c \`
* lib/prototypes.h, configure.in, libmisc/Makefile.am, libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c, libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(), xgetgrgid(), and xgetspnam(). They allocate memory for the returned structure and are more robust to successive calls. They are implemented with the libc's getxxyyy_r() functions if available. * libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c, libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c, libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c, src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c, src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c, src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/groupadd.c, src/chage.c, src/login.c, src/suauth.c, src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the usage of one of the getpwnam(), getpwuid(), getgrnam(), getgrgid(), and getspnam() functions. It was noticed on http://bugs.debian.org/341230 that chfn and chsh use a passwd structure after calling a pam function, which result in using information from the passwd structure requested by pam, not the original one. It is much easier to use the new xget... functions to avoid these issues. I've checked which call to the original get... functions could be left (reducing the scope of the structure if possible), and I've left comments to ease future reviews (e.g. /* local, no need for xgetpwnam /). Note: the getpwent/getgrent calls should probably be checked also. src/groupdel.c, src/expiry.c: Fix typos in comments. * src/groupmod.c: Re-indent. * libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c, lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup functions (used by the xget... functions) from the <xx>io.c files to the new <xx>mem.c files. This avoid linking some utils against the SELinux library. 2007-11-19 04:45:26 +05:30			`xgetpwnam.c \`
			`xgetpwuid.c \`
			`xgetgrnam.c \`
			`xgetgrgid.c \`
			`xgetspnam.c \`
Merge Debian's patch 466_fflush-prompt * libmisc/Makefile.am, lib/prototypes.h, libmisc/yesno.c, src/grpck.c, src/pwck.c: move yes_or_no() from grpck/pwck to a separate libmisc/yesno.c (with a read_only argument). * libmisc/fields.c, libmisc/yesno.c: Make sure stdout is flushed before reading the user's answer. 2007-12-26 22:20:38 +05:30			`yesno.c`
Add autotools support for BtrFS option Feature is enabled by default, if headers are available. It can be turned off explictly. 2019-01-23 20:47:05 +05:30
			`if WITH_BTRFS`
try again to fix libmisc sharing problem Issue #297 reported seeing * Warning: Linking the shared library libsubid.la against the * static library ../libmisc/libmisc.a is not portable! which commit b5fb1b38eea2fb0489ed088c82daf6700e72363e was supposed to fix. But a few commits later it's back. So try to fix it in the way the bug reporter suggested. This broke builds some other ways, namely a few missing library specifications, so add those. Signed-off-by: Serge Hallyn <serge@hallyn.com> 2021-02-01 10:14:09 +05:30			`libmisc_la_SOURCES += btrfs.c`
Add autotools support for BtrFS option Feature is enabled by default, if headers are available. It can be turned off explictly. 2019-01-23 20:47:05 +05:30			`endif`