[svn-upgrade] Integrating new upstream version, shadow (4.0.3)
This commit is contained in:
nekral-guest
@@ -47,14 +47,15 @@ groupmod_LDADD = $(LDADD) $(LIBPAM)
|
||||
login_LDADD = $(LDADD) $(LIBPAM)
|
||||
newusers_LDADD = $(LDADD) $(LIBPAM)
|
||||
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK)
|
||||
su_SOURCES = su.c suauth.c
|
||||
su_LDADD = $(LDADD) $(LIBPAM)
|
||||
useradd_LDADD = $(LDADD) $(LIBPAM)
|
||||
userdel_LDADD = $(LDADD) $(LIBPAM)
|
||||
usermod_LDADD = $(LDADD) $(LIBPAM)
|
||||
|
||||
install-exec-hook:
|
||||
$(LN_S) newgrp $(DESTDIR)$(bindir)/sg
|
||||
$(LN_S) vigr $(DESTDIR)$(bindir)/vipw
|
||||
ln -sf newgrp $(DESTDIR)$(bindir)/sg
|
||||
ln -sf vigr $(DESTDIR)$(bindir)/vipw
|
||||
for i in $(suidbins); do \
|
||||
chmod 4755 $(DESTDIR)$(bindir)/$$i; \
|
||||
done
|
||||
|
||||
@@ -158,6 +158,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM)
|
||||
login_LDADD = $(LDADD) $(LIBPAM)
|
||||
newusers_LDADD = $(LDADD) $(LIBPAM)
|
||||
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK)
|
||||
su_SOURCES = su.c suauth.c
|
||||
su_LDADD = $(LDADD) $(LIBPAM)
|
||||
useradd_LDADD = $(LDADD) $(LIBPAM)
|
||||
userdel_LDADD = $(LDADD) $(LIBPAM)
|
||||
@@ -326,8 +327,8 @@ pwunconv_LDADD = $(LDADD)
|
||||
pwunconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \
|
||||
$(top_builddir)/lib/libshadow.la
|
||||
pwunconv_LDFLAGS =
|
||||
su_SOURCES = su.c
|
||||
su_OBJECTS = su.$(OBJEXT)
|
||||
am_su_OBJECTS = su.$(OBJEXT) suauth.$(OBJEXT)
|
||||
su_OBJECTS = $(am_su_OBJECTS)
|
||||
su_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \
|
||||
$(top_builddir)/lib/libshadow.la
|
||||
su_LDFLAGS =
|
||||
@@ -376,9 +377,10 @@ depcomp = $(SHELL) $(top_srcdir)/depcomp
|
||||
@AMDEP_TRUE@ $(DEPDIR)/newgrp.Po $(DEPDIR)/newusers.Po \
|
||||
@AMDEP_TRUE@ $(DEPDIR)/passwd.Po $(DEPDIR)/pwck.Po \
|
||||
@AMDEP_TRUE@ $(DEPDIR)/pwconv.Po $(DEPDIR)/pwunconv.Po \
|
||||
@AMDEP_TRUE@ $(DEPDIR)/su.Po $(DEPDIR)/sulogin.Po \
|
||||
@AMDEP_TRUE@ $(DEPDIR)/useradd.Po $(DEPDIR)/userdel.Po \
|
||||
@AMDEP_TRUE@ $(DEPDIR)/usermod.Po $(DEPDIR)/vipw.Po
|
||||
@AMDEP_TRUE@ $(DEPDIR)/su.Po $(DEPDIR)/suauth.Po \
|
||||
@AMDEP_TRUE@ $(DEPDIR)/sulogin.Po $(DEPDIR)/useradd.Po \
|
||||
@AMDEP_TRUE@ $(DEPDIR)/userdel.Po $(DEPDIR)/usermod.Po \
|
||||
@AMDEP_TRUE@ $(DEPDIR)/vipw.Po
|
||||
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
||||
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
||||
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
|
||||
@@ -391,9 +393,10 @@ DIST_SOURCES = chage.c chfn.c chpasswd.c chsh.c dpasswd.c expiry.c \
|
||||
faillog.c gpasswd.c groupadd.c groupdel.c groupmod.c groups.c \
|
||||
grpck.c grpconv.c grpunconv.c id.c lastlog.c login.c logoutd.c \
|
||||
mkpasswd.c newgrp.c newusers.c passwd.c pwck.c pwconv.c \
|
||||
pwunconv.c su.c sulogin.c useradd.c userdel.c usermod.c vipw.c
|
||||
pwunconv.c $(su_SOURCES) sulogin.c useradd.c userdel.c \
|
||||
usermod.c vipw.c
|
||||
DIST_COMMON = Makefile.am Makefile.in
|
||||
SOURCES = chage.c chfn.c chpasswd.c chsh.c dpasswd.c expiry.c faillog.c gpasswd.c groupadd.c groupdel.c groupmod.c groups.c grpck.c grpconv.c grpunconv.c id.c lastlog.c login.c logoutd.c mkpasswd.c newgrp.c newusers.c passwd.c pwck.c pwconv.c pwunconv.c su.c sulogin.c useradd.c userdel.c usermod.c vipw.c
|
||||
SOURCES = chage.c chfn.c chpasswd.c chsh.c dpasswd.c expiry.c faillog.c gpasswd.c groupadd.c groupdel.c groupmod.c groups.c grpck.c grpconv.c grpunconv.c id.c lastlog.c login.c logoutd.c mkpasswd.c newgrp.c newusers.c passwd.c pwck.c pwconv.c pwunconv.c $(su_SOURCES) sulogin.c useradd.c userdel.c usermod.c vipw.c
|
||||
|
||||
all: all-am
|
||||
|
||||
@@ -620,6 +623,7 @@ distclean-compile:
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/pwconv.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/pwunconv.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/su.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/suauth.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/sulogin.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/useradd.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/userdel.Po@am__quote@
|
||||
@@ -794,8 +798,8 @@ uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
|
||||
|
||||
|
||||
install-exec-hook:
|
||||
$(LN_S) newgrp $(DESTDIR)$(bindir)/sg
|
||||
$(LN_S) vigr $(DESTDIR)$(bindir)/vipw
|
||||
ln -sf newgrp $(DESTDIR)$(bindir)/sg
|
||||
ln -sf vigr $(DESTDIR)$(bindir)/vipw
|
||||
for i in $(suidbins); do \
|
||||
chmod 4755 $(DESTDIR)$(bindir)/$$i; \
|
||||
done
|
||||
|
||||
12
src/login.c
12
src/login.c
@@ -30,7 +30,7 @@
|
||||
#include <config.h>
|
||||
|
||||
#include "rcsid.h"
|
||||
RCSID (PKG_VER "$Id: login.c,v 1.25 2002/01/05 15:41:43 kloczek Exp $")
|
||||
RCSID (PKG_VER "$Id: login.c,v 1.26 2002/03/08 04:30:28 kloczek Exp $")
|
||||
#include "prototypes.h"
|
||||
#include "defines.h"
|
||||
#include <sys/stat.h>
|
||||
@@ -99,14 +99,16 @@ static pam_handle_t *pamh = NULL;
|
||||
|
||||
const char *hostname = "";
|
||||
|
||||
struct passwd pwent;
|
||||
static struct passwd pwent;
|
||||
|
||||
#if HAVE_UTMPX_H
|
||||
struct utmpx utxent, failent;
|
||||
struct utmp utent;
|
||||
extern struct utmpx utxent;
|
||||
struct utmpx failent;
|
||||
#else
|
||||
struct utmp utent, failent;
|
||||
struct utmp failent;
|
||||
#endif
|
||||
extern struct utmp utent;
|
||||
|
||||
struct lastlog lastlog;
|
||||
static int pflg = 0;
|
||||
static int fflg = 0;
|
||||
|
||||
4
src/su.c
4
src/su.c
@@ -30,7 +30,7 @@
|
||||
#include <config.h>
|
||||
|
||||
#include "rcsid.h"
|
||||
RCSID (PKG_VER "$Id: su.c,v 1.21 2002/01/05 15:41:44 kloczek Exp $")
|
||||
RCSID (PKG_VER "$Id: su.c,v 1.22 2002/03/08 04:30:28 kloczek Exp $")
|
||||
#include <sys/types.h>
|
||||
#include <stdio.h>
|
||||
#ifdef USE_PAM
|
||||
@@ -66,7 +66,7 @@ static char oldname[BUFSIZ];
|
||||
|
||||
static char *Prog;
|
||||
|
||||
struct passwd pwent;
|
||||
extern struct passwd pwent;
|
||||
|
||||
/*
|
||||
* External identifiers
|
||||
|
||||
202
src/suauth.c
Normal file
202
src/suauth.c
Normal file
@@ -0,0 +1,202 @@
|
||||
#include <config.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
#include <sys/types.h>
|
||||
#include <errno.h>
|
||||
#include "prototypes.h"
|
||||
#include "defines.h"
|
||||
|
||||
#ifndef SUAUTHFILE
|
||||
#define SUAUTHFILE "/etc/suauth"
|
||||
#endif
|
||||
|
||||
#define NOACTION 0
|
||||
#define NOPWORD 1
|
||||
#define DENY -1
|
||||
#define OWNPWORD 2
|
||||
|
||||
struct passwd pwent;
|
||||
|
||||
#ifdef SU_ACCESS
|
||||
|
||||
/* Really, I could do with a few const char's here defining all the
|
||||
* strings output to the user or the syslog. -- chris
|
||||
*/
|
||||
|
||||
static int applies(const char *, char *);
|
||||
|
||||
int check_su_auth(const char *, const char *);
|
||||
int isgrp(const char *, const char *);
|
||||
|
||||
static int lines = 0;
|
||||
|
||||
|
||||
int
|
||||
check_su_auth(const char *actual_id, const char *wanted_id)
|
||||
{
|
||||
int posn, endline;
|
||||
const char field[] = ":";
|
||||
FILE *authfile_fd;
|
||||
char temp[1024];
|
||||
char *to_users;
|
||||
char *from_users;
|
||||
char *action;
|
||||
|
||||
if (!(authfile_fd = fopen(SUAUTHFILE, "r"))) {
|
||||
/*
|
||||
* If the file doesn't exist - default to the standard su
|
||||
* behaviour (no access control). If open fails for some
|
||||
* other reason - maybe someone is trying to fool us with
|
||||
* file descriptors limit etc., so deny access. --marekm
|
||||
*/
|
||||
if (errno == ENOENT)
|
||||
return NOACTION;
|
||||
SYSLOG((LOG_ERR, "could not open/read config file '%s': %m\n",
|
||||
SUAUTHFILE));
|
||||
return DENY;
|
||||
}
|
||||
|
||||
while (fgets(temp, sizeof(temp), authfile_fd) != NULL) {
|
||||
lines++;
|
||||
|
||||
if (temp[endline = strlen(temp) - 1] != '\n') {
|
||||
SYSLOG((LOG_ERR,
|
||||
"%s, line %d: line too long or missing newline",
|
||||
SUAUTHFILE, lines));
|
||||
continue;
|
||||
}
|
||||
|
||||
while (endline > 0 && (temp[endline-1] == ' '
|
||||
|| temp[endline-1] == '\t' || temp[endline-1] == '\n'))
|
||||
endline--;
|
||||
temp[endline] = '\0';
|
||||
|
||||
posn = 0;
|
||||
while (temp[posn] == ' ' || temp[posn] == '\t')
|
||||
posn++;
|
||||
|
||||
if (temp[posn] == '\n' || temp[posn] == '#' || temp[posn] == '\0') {
|
||||
continue;
|
||||
}
|
||||
if (!(to_users = strtok(temp + posn, field))
|
||||
|| !(from_users = strtok((char *)NULL, field))
|
||||
|| !(action = strtok((char *)NULL, field))
|
||||
|| strtok((char *)NULL, field)) {
|
||||
SYSLOG((LOG_ERR, "%s, line %d. Bad number of fields.\n",
|
||||
SUAUTHFILE, lines));
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!applies(wanted_id, to_users))
|
||||
continue;
|
||||
if (!applies(actual_id, from_users))
|
||||
continue;
|
||||
if (!strcmp(action, "DENY")) {
|
||||
SYSLOG((pwent.pw_uid ? LOG_NOTICE : LOG_WARN,
|
||||
"DENIED su from `%s' to `%s' (%s)\n",
|
||||
actual_id, wanted_id, SUAUTHFILE));
|
||||
fprintf(stderr, _("Access to su to that account DENIED.\n"));
|
||||
fclose(authfile_fd);
|
||||
return DENY;
|
||||
} else if (!strcmp(action, "NOPASS")) {
|
||||
SYSLOG((pwent.pw_uid ? LOG_INFO : LOG_NOTICE,
|
||||
"NO password asked for su from `%s' to `%s' (%s)\n",
|
||||
actual_id, wanted_id, SUAUTHFILE));
|
||||
fprintf(stderr, _("Password authentication bypassed.\n"));
|
||||
fclose(authfile_fd);
|
||||
return NOPWORD;
|
||||
} else if (!strcmp(action, "OWNPASS")) {
|
||||
SYSLOG((pwent.pw_uid ? LOG_INFO : LOG_NOTICE,
|
||||
"su from `%s' to `%s': asking for user's own password (%s)\n",
|
||||
actual_id, wanted_id, SUAUTHFILE));
|
||||
fprintf(stderr, _("Please enter your OWN password as authentication.\n"));
|
||||
fclose(authfile_fd);
|
||||
return OWNPWORD;
|
||||
} else {
|
||||
SYSLOG((LOG_ERR, "%s, line %d: unrecognised action!\n",
|
||||
SUAUTHFILE, lines));
|
||||
}
|
||||
}
|
||||
fclose(authfile_fd);
|
||||
return NOACTION;
|
||||
}
|
||||
|
||||
static int
|
||||
applies(const char *single, char *list)
|
||||
{
|
||||
const char split[] = ", ";
|
||||
char *tok;
|
||||
|
||||
int state = 0;
|
||||
|
||||
for (tok = strtok(list, split); tok != NULL; tok = strtok(NULL, split)) {
|
||||
|
||||
if (!strcmp(tok, "ALL")) {
|
||||
if (state != 0) {
|
||||
SYSLOG((LOG_ERR,
|
||||
"%s, line %d: ALL in bad place\n",
|
||||
SUAUTHFILE, lines));
|
||||
return 0;
|
||||
}
|
||||
state = 1;
|
||||
} else if (!strcmp(tok, "EXCEPT")) {
|
||||
if (state != 1) {
|
||||
SYSLOG((LOG_ERR,
|
||||
"%s, line %d: EXCEPT in bas place\n",
|
||||
SUAUTHFILE, lines));
|
||||
return 0;
|
||||
}
|
||||
state = 2;
|
||||
} else if (!strcmp(tok, "GROUP")) {
|
||||
if ((state != 0) && (state != 2)) {
|
||||
SYSLOG((LOG_ERR,
|
||||
"%s, line %d: GROUP in bad place\n",
|
||||
SUAUTHFILE, lines));
|
||||
return 0;
|
||||
}
|
||||
state = (state == 0) ? 3 : 4;
|
||||
} else {
|
||||
switch (state) {
|
||||
case 0: /* No control words yet */
|
||||
if (!strcmp(tok, single))
|
||||
return 1;
|
||||
break;
|
||||
case 1: /* An all */
|
||||
SYSLOG((LOG_ERR, "%s, line %d: expect another token after ALL\n",
|
||||
SUAUTHFILE, lines));
|
||||
return 0;
|
||||
case 2: /* All except */
|
||||
if (!strcmp(tok, single))
|
||||
return 0;
|
||||
break;
|
||||
case 3: /* Group */
|
||||
if (isgrp(single, tok))
|
||||
return 1;
|
||||
break;
|
||||
case 4: /* All except group */
|
||||
if (isgrp(single, tok))
|
||||
return 0;
|
||||
/* FALL THRU */
|
||||
}
|
||||
}
|
||||
}
|
||||
if ((state != 0) && (state != 3))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
isgrp(const char *name, const char *group)
|
||||
{
|
||||
struct group *grp;
|
||||
|
||||
grp = getgrnam(group);
|
||||
|
||||
if (!grp || !grp->gr_mem)
|
||||
return 0;
|
||||
|
||||
return is_on_list(grp->gr_mem, name);
|
||||
}
|
||||
#endif /* SU_ACCESS */
|
||||
Reference in New Issue
Block a user