emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* src/vipw.c: Document the sections closed by #endif

Browse Source 
* src/vipw.c: Avoid implicit conversion of pointers or integers to
	booleans.
	* src/vipw.c: Added brackets and parenthesis.
	* src/vipw.c: Limit the definition of some variables and macros to
	the WITH_TCB scope.
	* src/vipw.c: Avoid assignment in comparisons.
	* src/vipw.c: Replace PASSWD_FILE (resp. GROUP_FILE and
	SGROUP_FILE) by pw_dbname () (resp. gr_dbname () and sgr_dbname ()).
	This is more consistent with the shadow file handling and may be
	useful to allow edition of another partition's files.
This commit is contained in:
nekral-guest 2010-03-11 22:03:37 +00:00
parent f9b8a95b92
commit e7d57e1a77
2 changed files with 93 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ChangeLog
View File

@ -1,3 +1,18 @@
2010-03-11 Nicolas François <nicolas.francois@centraliens.net>
* src/vipw.c: Document the sections closed by #endif
* src/vipw.c: Avoid implicit conversion of pointers or integers to
booleans.
* src/vipw.c: Added brackets and parenthesis.
* src/vipw.c: Limit the definition of some variables and macros to
the WITH_TCB scope.
* src/vipw.c: Avoid assignment in comparisons.
* src/vipw.c: Replace PASSWD_FILE (resp. GROUP_FILE and
SGROUP_FILE) by pw_dbname () (resp. gr_dbname () and sgr_dbname ()).
This is more consistent with the shadow file handling and may be
useful to allow edition of another partition's files.
2010-03-11 Nicolas François <nicolas.francois@centraliens.net> 2010-03-11 Nicolas François <nicolas.francois@centraliens.net>
* src/usermod.c: Re-indent. * src/usermod.c: Re-indent.

137
src/vipw.c
View File

@ -31,7 +31,7 @@
#include <getopt.h> #include <getopt.h>
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
#include <selinux/selinux.h> #include <selinux/selinux.h>
#endif #endif /* WITH_SELINUX */
#include <signal.h> #include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -51,7 +51,7 @@
#ifdef WITH_TCB #ifdef WITH_TCB
#include <tcb.h> #include <tcb.h>
#include "tcbfuncs.h" #include "tcbfuncs.h"
#endif #endif /* WITH_TCB */
#define MSG_WARN_EDIT_OTHER_FILE _( \ #define MSG_WARN_EDIT_OTHER_FILE _( \
"You have modified %s.\n"\ "You have modified %s.\n"\
@ -66,8 +66,11 @@ static bool filelocked = false;
static bool createedit = false; static bool createedit = false;
static int (*unlock) (void); static int (*unlock) (void);
static bool quiet = false; static bool quiet = false;
#ifdef WITH_TCB
static const char *user = NULL; static const char *user = NULL;
static bool tcb_mode = false; static bool tcb_mode = false;
#define SHADOWTCB_SCRATCHDIR ":tmp"
#endif /* WITH_TCB */
/* local function prototypes */ /* local function prototypes */
static void usage (int status); static void usage (int status);
@ -91,7 +94,7 @@ static void usage (int status)
" -s, --shadow edit shadow or gshadow database\n" " -s, --shadow edit shadow or gshadow database\n"
#ifdef WITH_TCB #ifdef WITH_TCB
" -u, --user which user's tcb shadow file to edit\n" " -u, --user which user's tcb shadow file to edit\n"
#endif #endif /* WITH_TCB */
"\n"), (E_SUCCESS != status) ? stderr : stdout); "\n"), (E_SUCCESS != status) ? stderr : stdout);
exit (status); exit (status);
} }
@ -184,8 +187,6 @@ static void vipwexit (const char *msg, int syserr, int ret)
#define DEFAULT_EDITOR "vi" #define DEFAULT_EDITOR "vi"
#endif #endif
#define SHADOWTCB_SCRATCHDIR ":tmp"
/* /*
* *
*/ */
@ -197,24 +198,29 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
struct stat st1, st2; struct stat st1, st2;
int status; int status;
FILE *f; FILE *f;
/* FIXME: the following should have variable sizes */
char filebackup[1024], fileedit[1024]; char filebackup[1024], fileedit[1024];
char *to_rename; char *to_rename;
snprintf (filebackup, sizeof filebackup, "%s-", file); snprintf (filebackup, sizeof filebackup, "%s-", file);
#ifdef WITH_TCB #ifdef WITH_TCB
if (tcb_mode) { if (tcb_mode) {
if (mkdir(TCB_DIR "/" SHADOWTCB_SCRATCHDIR, 0700) && errno != EEXIST) if ( (mkdir (TCB_DIR "/" SHADOWTCB_SCRATCHDIR, 0700) != 0)
&& (errno != EEXIST)) {
vipwexit (_("failed to create scratch directory"), errno, 1); vipwexit (_("failed to create scratch directory"), errno, 1);
if (!shadowtcb_drop_priv()) }
if (shadowtcb_drop_priv () == 0) {
vipwexit (_("failed to drop privileges"), errno, 1); vipwexit (_("failed to drop privileges"), errno, 1);
snprintf(fileedit, sizeof fileedit, }
TCB_DIR "/" SHADOWTCB_SCRATCHDIR "/.vipw.shadow.%s", user); snprintf (fileedit, sizeof fileedit,
TCB_DIR "/" SHADOWTCB_SCRATCHDIR "/.vipw.shadow.%s",
user);
} else { } else {
#endif #endif /* WITH_TCB */
snprintf (fileedit, sizeof fileedit, "%s.edit", file); snprintf (fileedit, sizeof fileedit, "%s.edit", file);
#ifdef WITH_TCB #ifdef WITH_TCB
} }
#endif #endif /* WITH_TCB */
unlock = file_unlock; unlock = file_unlock;
filename = file; filename = file;
fileeditname = fileedit; fileeditname = fileedit;
@ -237,19 +243,21 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
vipwexit (_("setfscreatecon () failed"), errno, 1); vipwexit (_("setfscreatecon () failed"), errno, 1);
} }
} }
#endif #endif /* WITH_SELINUX */
#ifdef WITH_TCB #ifdef WITH_TCB
if (tcb_mode && !shadowtcb_gain_priv()) if (tcb_mode && (shadowtcb_gain_priv () == 0)) {
vipwexit (_("failed to gain privileges"), errno, 1); vipwexit (_("failed to gain privileges"), errno, 1);
#endif }
#endif /* WITH_TCB */
if (file_lock () == 0) { if (file_lock () == 0) {
vipwexit (_("Couldn't lock file"), errno, 5); vipwexit (_("Couldn't lock file"), errno, 5);
} }
filelocked = true; filelocked = true;
#ifdef WITH_TCB #ifdef WITH_TCB
if (tcb_mode && !shadowtcb_drop_priv()) if (tcb_mode && (shadowtcb_drop_priv () == 0)) {
vipwexit (_("failed to drop privileges"), errno, 1); vipwexit (_("failed to drop privileges"), errno, 1);
#endif }
#endif /* WITH_TCB */
/* edited copy has same owners, perm */ /* edited copy has same owners, perm */
if (stat (file, &st1) != 0) { if (stat (file, &st1) != 0) {
@ -260,9 +268,9 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
vipwexit (file, 1, 1); vipwexit (file, 1, 1);
} }
#ifdef WITH_TCB #ifdef WITH_TCB
if (tcb_mode && !shadowtcb_gain_priv()) if (tcb_mode && (shadowtcb_gain_priv () == 0))
vipwexit (_("failed to gain privileges"), errno, 1); vipwexit (_("failed to gain privileges"), errno, 1);
#endif #endif /* WITH_TCB */
if (create_backup_file (f, fileedit, &st1) != 0) { if (create_backup_file (f, fileedit, &st1) != 0) {
vipwexit (_("Couldn't make backup"), errno, 1); vipwexit (_("Couldn't make backup"), errno, 1);
} }
@ -302,7 +310,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
if ((pid != -1) && (WIFSTOPPED (status) != 0)) { if ((pid != -1) && (WIFSTOPPED (status) != 0)) {
/* The child (editor) was suspended. /* The child (editor) was suspended.
* Suspend vipw. */ * Suspend vipw. */
kill (getpid (), WSTOPSIG(status)); kill (getpid (), WSTOPSIG (status));
/* wake child when resumed */ /* wake child when resumed */
kill (pid, SIGCONT); kill (pid, SIGCONT);
} else { } else {
@ -329,7 +337,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
vipwexit (_("setfscreatecon () failed"), errno, 1); vipwexit (_("setfscreatecon () failed"), errno, 1);
} }
} }
#endif #endif /* WITH_SELINUX */
/* /*
* XXX - here we should check fileedit for errors; if there are any, * XXX - here we should check fileedit for errors; if there are any,
@ -339,46 +347,55 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
createedit = false; createedit = false;
#ifdef WITH_TCB #ifdef WITH_TCB
if (tcb_mode) { if (tcb_mode) {
if (!(f = fopen(fileedit, "r"))) f = fopen (fileedit, "r");
if (NULL == f) {
vipwexit (_("failed to open scratch file"), errno, 1); vipwexit (_("failed to open scratch file"), errno, 1);
if (unlink(fileedit)) }
if (unlink (fileedit) != 0) {
vipwexit (_("failed to unlink scratch file"), errno, 1); vipwexit (_("failed to unlink scratch file"), errno, 1);
if (!shadowtcb_drop_priv()) }
if (shadowtcb_drop_priv () == 0) {
vipwexit (_("failed to drop privileges"), errno, 1); vipwexit (_("failed to drop privileges"), errno, 1);
if (stat(file, &st1)) }
if (stat (file, &st1) != 0) {
vipwexit (_("failed to stat edited file"), errno, 1); vipwexit (_("failed to stat edited file"), errno, 1);
to_rename = malloc(strlen(file) + 2); }
if (!to_rename) to_rename = malloc (strlen (file) + 2);
if (NULL == to_rename) {
vipwexit (_("failed to allocate memory"), errno, 1); vipwexit (_("failed to allocate memory"), errno, 1);
snprintf(to_rename, strlen(file) + 2, "%s+", file); }
if (create_backup_file(f, to_rename, &st1)) { snprintf (to_rename, strlen (file) + 2, "%s+", file);
free(to_rename); if (create_backup_file (f, to_rename, &st1) != 0) {
free (to_rename);
vipwexit (_("failed to create backup file"), errno, 1); vipwexit (_("failed to create backup file"), errno, 1);
} }
} else { } else {
#endif #endif /* WITH_TCB */
to_rename = fileedit; to_rename = fileedit;
#ifdef WITH_TCB #ifdef WITH_TCB
} }
#endif #endif /* WITH_TCB */
unlink (filebackup); unlink (filebackup);
link (file, filebackup); link (file, filebackup);
if (rename (to_rename, file) == -1) { if (rename (to_rename, file) == -1) {
fprintf (stderr, fprintf (stderr,
_("%s: can't restore %s: %s (your changes are in %s)\n"), _("%s: can't restore %s: %s (your changes are in %s)\n"),
progname, file, strerror (errno), to_rename); progname, file, strerror (errno), to_rename);
if (tcb_mode) #ifdef WITH_TCB
free(to_rename); if (tcb_mode) {
free (to_rename);
}
#endif /* WITH_TCB */
vipwexit (0, 0, 1); vipwexit (0, 0, 1);
} }
#ifdef WITH_TCB #ifdef WITH_TCB
if (tcb_mode) { if (tcb_mode) {
free(to_rename); free (to_rename);
if (!shadowtcb_gain_priv()) if (shadowtcb_gain_priv () == 0)
vipwexit (_("failed to gain privileges"), errno, 1); vipwexit (_("failed to gain privileges"), errno, 1);
} }
#endif #endif /* WITH_TCB */
if ((*file_unlock) () == 0) { if ((*file_unlock) () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), progname, fileeditname); fprintf (stderr, _("%s: failed to unlock %s\n"), progname, fileeditname);
@ -416,16 +433,16 @@ int main (int argc, char **argv)
{"shadow", no_argument, NULL, 's'}, {"shadow", no_argument, NULL, 's'},
#ifdef WITH_TCB #ifdef WITH_TCB
{"user", required_argument, NULL, 'u'}, {"user", required_argument, NULL, 'u'},
#endif #endif /* WITH_TCB */
{NULL, 0, NULL, '\0'} {NULL, 0, NULL, '\0'}
}; };
while ((c = getopt_long (argc, argv, while ((c = getopt_long (argc, argv,
#ifdef WITH_TCB #ifdef WITH_TCB
"ghpqsu:", "ghpqsu:",
#else #else /* !WITH_TCB */
"ghpqs", "ghpqs",
#endif #endif /* !WITH_TCB */
long_options, NULL)) != -1) { long_options, NULL)) != -1) {
switch (c) { switch (c) {
case 'g': case 'g':
do_vipw = false; do_vipw = false;
@ -442,9 +459,11 @@ int main (int argc, char **argv)
case 's': case 's':
editshadow = true; editshadow = true;
break; break;
#ifdef WITH_TCB
case 'u': case 'u':
user = optarg; user = optarg;
break; break;
#endif /* WITH_TCB */
default: default:
usage (E_USAGE); usage (E_USAGE);
} }
@ -454,50 +473,50 @@ int main (int argc, char **argv)
if (do_vipw) { if (do_vipw) {
if (editshadow) { if (editshadow) {
#ifdef WITH_TCB #ifdef WITH_TCB
if (getdef_bool("USE_TCB") && user) { if (getdef_bool ("USE_TCB") && (NULL != user)) {
if (!shadowtcb_set_user(user)) { if (shadowtcb_set_user (user) == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: failed to find tcb directory for %s\n"), _("%s: failed to find tcb directory for %s\n"),
progname, user); progname, user);
return E_SHADOW_NOTFOUND; return E_SHADOW_NOTFOUND;
} }
tcb_mode = true; tcb_mode = true;
} }
#endif #endif /* WITH_TCB */
vipwedit (spw_dbname (), spw_lock, spw_unlock); vipwedit (spw_dbname (), spw_lock, spw_unlock);
printf (MSG_WARN_EDIT_OTHER_FILE, printf (MSG_WARN_EDIT_OTHER_FILE,
spw_dbname (), spw_dbname (),
PASSWD_FILE, pw_dbname (),
"vipw"); "vipw");
} else { } else {
vipwedit (PASSWD_FILE, pw_lock, pw_unlock); vipwedit (pw_dbname (), pw_lock, pw_unlock);
if (spw_file_present ()) { if (spw_file_present ()) {
printf (MSG_WARN_EDIT_OTHER_FILE, printf (MSG_WARN_EDIT_OTHER_FILE,
PASSWD_FILE, pw_dbname (),
SHADOW_FILE, spw_dbname (),
"vipw -s"); "vipw -s");
} }
} }
} else { } else {
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (editshadow) { if (editshadow) {
vipwedit (SGROUP_FILE, sgr_lock, sgr_unlock); vipwedit (sgr_dbname (), sgr_lock, sgr_unlock);
printf (MSG_WARN_EDIT_OTHER_FILE, printf (MSG_WARN_EDIT_OTHER_FILE,
SGROUP_FILE, sgr_dbname (),
GROUP_FILE, gr_dbname (),
"vigr"); "vigr");
} else { } else {
#endif #endif /* SHADOWGRP */
vipwedit (GROUP_FILE, gr_lock, gr_unlock); vipwedit (gr_dbname (), gr_lock, gr_unlock);
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (sgr_file_present ()) { if (sgr_file_present ()) {
printf (MSG_WARN_EDIT_OTHER_FILE, printf (MSG_WARN_EDIT_OTHER_FILE,
GROUP_FILE, gr_dbname (),
SGROUP_FILE, sgr_dbname (),
"vigr -s"); "vigr -s");
} }
} }
#endif #endif /* SHADOWGRP */
} }
nscd_flush_cache ("passwd"); nscd_flush_cache ("passwd");