From 32cfa176f27a137caf22093d9c54b240c9d7d68b Mon Sep 17 00:00:00 2001 From: ed Date: Thu, 12 Mar 2020 21:14:57 +0000 Subject: [PATCH] Adding run-parts style for pre and post useradd/del Signed-off-by: ed neville --- lib/Makefile.am | 2 + lib/run_part.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++ lib/run_part.h | 2 + man/useradd.8.xml | 6 +++ man/userdel.8.xml | 6 +++ src/useradd.c | 11 +++++ src/userdel.c | 17 +++++--- 7 files changed, 140 insertions(+), 5 deletions(-) create mode 100644 lib/run_part.c create mode 100644 lib/run_part.h diff --git a/lib/Makefile.am b/lib/Makefile.am index a40c08a1..705ef449 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -45,6 +45,8 @@ libshadow_la_SOURCES = \ pwio.c \ pwio.h \ pwmem.c \ + run_part.h \ + run_part.c \ subordinateio.h \ subordinateio.c \ selinux.c \ diff --git a/lib/run_part.c b/lib/run_part.c new file mode 100644 index 00000000..ab0bcc1f --- /dev/null +++ b/lib/run_part.c @@ -0,0 +1,101 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +int run_part (char *script_path, char *name, char *action) +{ + int pid; + int wait_status; + int pid_status; + char *args[] = { script_path, NULL }; + + pid=fork(); + if (pid==-1){ + perror ("Could not fork"); + return 1; + } + if (pid==0) { + setenv ("ACTION",action,1); + setenv ("SUBJECT",name,1); + execv (script_path,args); + perror ("execv"); + exit(1); + } + + pid_status = wait (&wait_status); + if (pid_status == pid) { + return (wait_status); + } + + perror ("waitpid"); + return (1); +} + +int run_parts (char *directory, char *name, char *action) +{ + struct dirent **namelist; + int scanlist; + int n; + int execute_result; + + scanlist = scandir (directory, &namelist, 0, alphasort); + if (scanlist<0) { + return (0); + } + + for (n=0; nd_name) + 2; + char *s = (char*)malloc(path_length); + if (!s) { + printf ("could not allocate memory\n"); + for (; nd_name); + + execute_result = 0; + if (stat (s, &sb) == -1) { + perror ("stat"); + free (s); + for (; nd_name); + for (; n + /etc/shadow-maint/useradd-pre.d/*, /etc/shadow-maint/useradd-post.d/* + + Run-part files to execute during user addition. The environment variable ACTION will be populated with useradd and SUBJECT with the username. useradd-pre.d will be executed prior to any user addition. useradd-post.d will execute after user addition. If a script exits non-zero then execution will terminate. + + + /etc/skel/ Directory containing default files. diff --git a/man/userdel.8.xml b/man/userdel.8.xml index b086383b..520a60b4 100644 --- a/man/userdel.8.xml +++ b/man/userdel.8.xml @@ -228,6 +228,12 @@ Secure user account information. + + /etc/shadow-maint/userdel-pre.d/*, /etc/shadow-maint/userdel-post.d/* + + Run-part files to execute during user deletion. The environment variable ACTION will be populated with userdel and SUBJECT with the username. userdel-pre.d will be executed prior to any user deletion. userdel-post.d will execute after user deletion. If a script exits non-zero then execution will terminate. + + /etc/subgid diff --git a/src/useradd.c b/src/useradd.c index 645d4a40..e84eeefb 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -64,6 +64,7 @@ #include "prototypes.h" #include "pwauth.h" #include "pwio.h" +#include "run_part.h" #ifdef SHADOWGRP #include "sgroupio.h" #endif @@ -2318,6 +2319,11 @@ int main (int argc, char **argv) (!user_id || (user_id <= uid_max && user_id >= uid_min)); #endif /* ENABLE_SUBIDS */ + if (run_parts ("/etc/shadow-maint/useradd-pre.d", (char*)user_name, + "useradd")) { + exit(1); + } + #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM { @@ -2530,6 +2536,11 @@ int main (int argc, char **argv) } #endif /* WITH_SELINUX */ + if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name, + "useradd")) { + exit(1); + } + nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); diff --git a/src/userdel.c b/src/userdel.c index cc951e58..2a09f459 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -31,19 +31,17 @@ */ #include - -#ident "$Id$" - #include +#include #include #include #include #include #include #include -#include -#include #include +#include +#include #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM #include "pam_defs.h" @@ -65,6 +63,7 @@ #include #include "tcbfuncs.h" #endif /* WITH_TCB */ +#include "run_part.h" /*@-exitarg@*/ #include "exitcodes.h" #ifdef ENABLE_SUBIDS @@ -1143,6 +1142,10 @@ int main (int argc, char **argv) { const struct passwd *pwd; + if (run_parts ("/etc/shadow-maint/userdel-pre.d", user_name, + "userdel")) { + exit(1); + } pw_open(O_RDONLY); pwd = pw_locate (user_name); /* we care only about local users */ if (NULL == pwd) { @@ -1342,6 +1345,10 @@ int main (int argc, char **argv) user_cancel (user_name); close_files (); + if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) { + exit(1); + } + #ifdef WITH_TCB errors += remove_tcbdir (user_name, user_id); #endif /* WITH_TCB */