emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Fix compiler warnings:

Browse Source 
* libmisc/audit_help.c: Include prototypes.h to get the prototype
	of audit_help_open.
	* libmisc/salt.c: Use booleans instead of negating integers.
	* src/passwd.c: Declare the check_selinux_access prototype and
	avoid name clashes (change_user -> changed_user; change_uid ->
	changed_uid; access -> requested_access)
This commit is contained in:
nekral-guest 2008-05-24 13:08:58 +00:00
parent eeb9592ded
commit d99423405c
4 changed files with 36 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -1,3 +1,13 @@
2008-05-24 Nicolas François <nicolas.francois@centraliens.net>
Fix compiler warnings:
* libmisc/audit_help.c: Include prototypes.h to get the prototype
of audit_help_open.
* libmisc/salt.c: Use booleans instead of negating integers.
* src/passwd.c: Declare the check_selinux_access prototype and
avoid name clashes (change_user -> changed_user; change_uid ->
changed_uid; access -> requested_access)
2008-05-23 Nicolas François <nicolas.francois@centraliens.net> 2008-05-23 Nicolas François <nicolas.francois@centraliens.net>
* libmisc/pam_pass.c: Use fputs rather than fprintf for constant * libmisc/pam_pass.c: Use fputs rather than fprintf for constant

1
libmisc/audit_help.c
View File

@ -44,6 +44,7 @@
#include <libaudit.h> #include <libaudit.h>
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
#include "prototypes.h"
int audit_fd; int audit_fd;
void audit_help_open (void) void audit_help_open (void)

6
libmisc/salt.c
View File

@ -220,14 +220,14 @@ char *crypt_make_salt (const char *meth, void *arg)
method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES"; method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
} }
if (!strcmp (method, "MD5")) { if (0 == strcmp (method, "MD5")) {
MAGNUM(result, '1'); MAGNUM(result, '1');
#ifdef USE_SHA_CRYPT #ifdef USE_SHA_CRYPT
} else if (!strcmp (method, "SHA256")) { } else if (0 == strcmp (method, "SHA256")) {
MAGNUM(result, '5'); MAGNUM(result, '5');
strcat(result, SHA_salt_rounds((int *)arg)); strcat(result, SHA_salt_rounds((int *)arg));
salt_len = SHA_salt_size(); salt_len = SHA_salt_size();
} else if (!strcmp (method, "SHA512")) { } else if (0 == strcmp (method, "SHA512")) {
MAGNUM(result, '6'); MAGNUM(result, '6');
strcat(result, SHA_salt_rounds((int *)arg)); strcat(result, SHA_salt_rounds((int *)arg));
salt_len = SHA_salt_size(); salt_len = SHA_salt_size();

37
src/passwd.c
View File

@ -142,6 +142,11 @@ static void update_noshadow (void);
static void update_shadow (void); static void update_shadow (void);
static long getnumber (const char *); static long getnumber (const char *);
#ifdef WITH_SELINUX
static int check_selinux_access (const char *changed_user,
uid_t changed_uid,
access_vector_t requested_access);
#endif
/* /*
* usage - print command usage and exit * usage - print command usage and exit
@ -619,8 +624,9 @@ static long getnumber (const char *numstr)
} }
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
int static int check_selinux_access (const char *changed_user,
check_selinux_access(const char *change_user, int change_uid, unsigned int access) uid_t changed_uid,
access_vector_t requested_access)
{ {
int status = -1; int status = -1;
security_context_t user_context; security_context_t user_context;
@ -642,15 +648,18 @@ check_selinux_access(const char *change_user, int change_uid, unsigned int acces
/* if changing a password for an account with UID==0 or for an account /* if changing a password for an account with UID==0 or for an account
where the identity matches then return success */ where the identity matches then return success */
if (change_uid != 0 && strcmp(change_user, user) == 0) { if (changed_uid != 0 && strcmp(changed_user, user) == 0) {
status = 0; status = 0;
} else { } else {
struct av_decision avd; struct av_decision avd;
int retval; int retval;
retval = security_compute_av(user_context, user_context, retval = security_compute_av(user_context,
SECCLASS_PASSWD, access, &avd); user_context,
SECCLASS_PASSWD,
requested_access,
&avd);
if ((retval == 0) && if ((retval == 0) &&
((access & avd.allowed) == access)) { ((requested_access & avd.allowed) == requested_access)) {
status = 0; status = 0;
} }
} }
@ -897,23 +906,21 @@ int main (int argc, char **argv)
/* only do this check when getuid()==0 because it's a pre-condition for /* only do this check when getuid()==0 because it's a pre-condition for
changing a password without entering the old one */ changing a password without entering the old one */
if ((is_selinux_enabled() > 0) && (getuid() == 0) && if ((is_selinux_enabled() > 0) && (getuid() == 0) &&
(check_selinux_access(name, pw->pw_uid, PASSWD__PASSWD) != 0)) (check_selinux_access (name, pw->pw_uid, PASSWD__PASSWD) != 0)) {
{
security_context_t user_context; security_context_t user_context;
if (getprevcon(&user_context) < 0) { if (getprevcon(&user_context) < 0) {
user_context = strdup("Unknown user context"); user_context = strdup("Unknown user context");
} }
syslog(LOG_ALERT, syslog(LOG_ALERT,
"%s is not authorized to change the password of %s", "%s is not authorized to change the password of %s",
user_context, name); user_context, name);
fprintf(stderr, _("%s: %s is not authorized to change the " fprintf(stderr,
"password of %s\n"), _("%s: %s is not authorized to change the password of %s\n"),
Prog, user_context, name); Prog, user_context, name);
freecon(user_context); freecon(user_context);
exit(1); exit(1);
} }
#endif /* WITH_SELINUX */
#endif
/* /*
* If the UID of the user does not match the current real UID, * If the UID of the user does not match the current real UID,