shadow/libmisc/sub.c

/*
 * SPDX-FileCopyrightText: 1989 - 1991, Julianne Frances Haugh
 * SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
 * SPDX-FileCopyrightText: 2003 - 2006, Tomasz Kłoczko
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

#include <config.h>

#ident "$Id$"

#include <pwd.h>
#include <stdio.h>
#include <sys/types.h>
#include "prototypes.h"
#include "defines.h"
#define	BAD_SUBROOT2	"invalid root `%s' for user `%s'\n"
#define	NO_SUBROOT2	"no subsystem root `%s' for user `%s'\n"
/*
 * subsystem - change to subsystem root
 *
 *	A subsystem login is indicated by the presence of a "*" as
 *	the first character of the login shell.  The given home
 *	directory will be used as the root of a new filesystem which
 *	the user is actually logged into.
 */
void subsystem (const struct passwd *pw)
{
	/*
	 * The new root directory must begin with a "/" character.
	 */

	if (pw->pw_dir[0] != '/') {
		printf (_("Invalid root directory '%s'\n"), pw->pw_dir);
		SYSLOG ((LOG_WARN, BAD_SUBROOT2, pw->pw_dir, pw->pw_name));
		closelog ();
		exit (EXIT_FAILURE);
	}

	/*
	 * The directory must be accessible and the current process
	 * must be able to change into it.
	 */

	if (   (chdir (pw->pw_dir) != 0)
	    || (chroot (pw->pw_dir) != 0)) {
		(void) printf (_("Can't change root directory to '%s'\n"),
		               pw->pw_dir);
		SYSLOG ((LOG_WARN, NO_SUBROOT2, pw->pw_dir, pw->pw_name));
		closelog ();
		exit (EXIT_FAILURE);
	}
}
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`/*`
Update licensing info Closes #238 Update all files to list SPDX license shortname. Most files are BSD 3 clause license. The exceptions are: serge@sl ~/src/shadow$ git grep SPDX-License \| grep -v BSD-3-Clause contrib/atudel:# SPDX-License-Identifier: BSD-4-Clause lib/tcbfuncs.c: * SPDX-License-Identifier: 0BSD libmisc/salt.c: * SPDX-License-Identifier: Unlicense src/login_nopam.c: * SPDX-License-Identifier: Unlicense src/nologin.c: * SPDX-License-Identifier: BSD-2-Clause src/vipw.c: * SPDX-License-Identifier: GPL-2.0-or-later Signed-off-by: Serge Hallyn <serge@hallyn.com> 2021-12-05 21:05:27 +05:30			`* SPDX-FileCopyrightText: 1989 - 1991, Julianne Frances Haugh`
			`* SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz`
			`* SPDX-FileCopyrightText: 2003 - 2006, Tomasz Kłoczko`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`*`
Update licensing info Closes #238 Update all files to list SPDX license shortname. Most files are BSD 3 clause license. The exceptions are: serge@sl ~/src/shadow$ git grep SPDX-License \| grep -v BSD-3-Clause contrib/atudel:# SPDX-License-Identifier: BSD-4-Clause lib/tcbfuncs.c: * SPDX-License-Identifier: 0BSD libmisc/salt.c: * SPDX-License-Identifier: Unlicense src/login_nopam.c: * SPDX-License-Identifier: Unlicense src/nologin.c: * SPDX-License-Identifier: BSD-2-Clause src/vipw.c: * SPDX-License-Identifier: GPL-2.0-or-later Signed-off-by: Serge Hallyn <serge@hallyn.com> 2021-12-05 21:05:27 +05:30			`* SPDX-License-Identifier: BSD-3-Clause`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`*/`

			`#include <config.h>`

Added the subversion svn:keywords property (Id) for proper identification. 2007-11-11 05:16:11 +05:30			`#ident "$Id$"`
[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30
[svn-upgrade] Integrating new upstream version, shadow (4.0.11) 2007-10-07 17:16:34 +05:30			`#include <pwd.h>`
			`#include <stdio.h>`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`#include <sys/types.h>`
			`#include "prototypes.h"`
			`#include "defines.h"`
			#define BAD_SUBROOT2 "invalid root `%s' for user `%s'\n"
			#define NO_SUBROOT2 "no subsystem root `%s' for user `%s'\n"
			`/*`
			`* subsystem - change to subsystem root`
			`*`
Fix typo in comment. 2013-08-04 19:26:32 +05:30			`* A subsystem login is indicated by the presence of a "*" as`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`* the first character of the login shell. The given home`
			`* directory will be used as the root of a new filesystem which`
			`* the user is actually logged into.`
			`*/`
[svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 17:15:23 +05:30			`void subsystem (const struct passwd *pw)`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`{`
			`/*`
			`* The new root directory must begin with a "/" character.`
			`*/`

			`if (pw->pw_dir[0] != '/') {`
[svn-upgrade] Integrating new upstream version, shadow (4.0.16) 2007-10-07 17:17:33 +05:30			`printf (_("Invalid root directory '%s'\n"), pw->pw_dir);`
[svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 17:15:23 +05:30			`SYSLOG ((LOG_WARN, BAD_SUBROOT2, pw->pw_dir, pw->pw_name));`
			`closelog ();`
* lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. * libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c, src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c, src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c, libmisc/limits.c: Return EXIT_FAILURE instead of 1, and EXIT_SUCCESS instead of 0. * libmisc/audit_help.c: Replace an fprintf() by fputs(). * libmisc/audit_help.c: Remove documentation of the audit_logger returned values. The function returns void. * libmisc/system.c: Only return status if waitpid succeeded. Return -1 otherwise. 2009-05-01 02:38:49 +05:30			`exit (EXIT_FAILURE);`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`}`

			`/*`
			`* The directory must be accessible and the current process`
			`* must be able to change into it.`
			`*/`

* libmisc/limits.c: Avoid implicit conversion of integer to boolean. * libmisc/basename.c: Avoid implicit conversion of pointer to boolean. * libmisc/basename.c, lib/prototypes.h (Basename): Return a constant string. * libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h, libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c, libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add splint annotations. * libmisc/chowndir.c: Avoid memory leak. * libmisc/chowndir.c: Do not check printf/puts return value. * libmisc/chowntty.c: Avoid implicit conversion between integer types. * libmisc/obscure.c: Return a bool when possible instead of int. * libmisc/shell.c: Do not check printf/puts return value. * libmisc/shell.c: Do not check execle return value. * libmisc/setupenv.c: Avoid implicit conversion between integer types. * libmisc/xmalloc.c: size should not be zero to avoid returning NULL pointers. * libmisc/hushed.c: Do not check printf/puts return value. * libmisc/system.c: Avoid implicit conversion of integer to boolean. safe_system last argument is a boolean. * libmisc/system.c: Check return value of dup2. * libmisc/system.c: Do not check printf/puts return value. * libmisc/system.c: Do not check execve return value. * libmisc/salt.c: Do not check printf/puts return value. * libmisc/loginprompt.c: Do not check gethostname return value. * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check gr_rewind/pw_rewind return value. * libmisc/ttytype.c: Limit the number of parsed characters in the sscanf format. * libmisc/ttytype.c: Test if a type was really read. * libmisc/sub.c: Do not check printf/puts return value. * libmisc/sub.c: Avoid implicit conversion of integer to boolean. * src/userdel.c: Fix typo in comment. * src/userdel.c: Avoid implicit conversion of boolean to integer. * src/userdel.c: safe_system last argument is a boolean. * src/newusers.c: Avoid implicit conversion of boolean to integer. * src/newusers.c: Avoid implicit conversion of integer to boolean. * src/usermod.c: Add brackets. * src/usermod.c: Avoid implicit conversion of characters or integers to booleans. * src/vipw.c: Avoid implicit conversion of integer to boolean. * src/su.c: Avoid implicit conversion of integer to boolean. * src/su.c: Add brackets. * src/useradd.c: Avoid implicit conversion of characters or integers to booleans. 2010-08-23 00:43:53 +05:30			`if ( (chdir (pw->pw_dir) != 0)`
			`\|\| (chroot (pw->pw_dir) != 0)) {`
			`(void) printf (_("Can't change root directory to '%s'\n"),`
			`pw->pw_dir);`
[svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 17:15:23 +05:30			`SYSLOG ((LOG_WARN, NO_SUBROOT2, pw->pw_dir, pw->pw_name));`
			`closelog ();`
* lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. * libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c, src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c, src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c, libmisc/limits.c: Return EXIT_FAILURE instead of 1, and EXIT_SUCCESS instead of 0. * libmisc/audit_help.c: Replace an fprintf() by fputs(). * libmisc/audit_help.c: Remove documentation of the audit_logger returned values. The function returns void. * libmisc/system.c: Only return status if waitpid succeeded. Return -1 otherwise. 2009-05-01 02:38:49 +05:30			`exit (EXIT_FAILURE);`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`}`
			`}`
* libmisc/limits.c: Avoid implicit conversion of integer to boolean. * libmisc/basename.c: Avoid implicit conversion of pointer to boolean. * libmisc/basename.c, lib/prototypes.h (Basename): Return a constant string. * libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h, libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c, libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add splint annotations. * libmisc/chowndir.c: Avoid memory leak. * libmisc/chowndir.c: Do not check printf/puts return value. * libmisc/chowntty.c: Avoid implicit conversion between integer types. * libmisc/obscure.c: Return a bool when possible instead of int. * libmisc/shell.c: Do not check printf/puts return value. * libmisc/shell.c: Do not check execle return value. * libmisc/setupenv.c: Avoid implicit conversion between integer types. * libmisc/xmalloc.c: size should not be zero to avoid returning NULL pointers. * libmisc/hushed.c: Do not check printf/puts return value. * libmisc/system.c: Avoid implicit conversion of integer to boolean. safe_system last argument is a boolean. * libmisc/system.c: Check return value of dup2. * libmisc/system.c: Do not check printf/puts return value. * libmisc/system.c: Do not check execve return value. * libmisc/salt.c: Do not check printf/puts return value. * libmisc/loginprompt.c: Do not check gethostname return value. * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check gr_rewind/pw_rewind return value. * libmisc/ttytype.c: Limit the number of parsed characters in the sscanf format. * libmisc/ttytype.c: Test if a type was really read. * libmisc/sub.c: Do not check printf/puts return value. * libmisc/sub.c: Avoid implicit conversion of integer to boolean. * src/userdel.c: Fix typo in comment. * src/userdel.c: Avoid implicit conversion of boolean to integer. * src/userdel.c: safe_system last argument is a boolean. * src/newusers.c: Avoid implicit conversion of boolean to integer. * src/newusers.c: Avoid implicit conversion of integer to boolean. * src/usermod.c: Add brackets. * src/usermod.c: Avoid implicit conversion of characters or integers to booleans. * src/vipw.c: Avoid implicit conversion of integer to boolean. * src/su.c: Avoid implicit conversion of integer to boolean. * src/su.c: Add brackets. * src/useradd.c: Avoid implicit conversion of characters or integers to booleans. 2010-08-23 00:43:53 +05:30