emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* configure.in: Added option --enable-account-tools-setuid to

Browse Source 
enable/disable the usage of PAM to authenticate the callers of
	account management tools: chage, chgpasswd, chpasswd, groupadd,
	groupdel, groupmod, useradd, userdel, usermod.
	* src/Makefile.am: Do not link the above tools with libpam if
	account-tools-setuid is disabled.
	* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
	src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
	src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
	(--enable-account-tools-setuid).
	* etc/pam.d/Makefile.am: Install the pam service file for the
	above tools only when needed.
	* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
	needed to initialize retval to PAM_SUCCESS.
This commit is contained in:
nekral-guest 2008-09-06 21:35:37 +00:00
parent bbae92e76f
commit f8aef607ae
14 changed files with 129 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ChangeLog
View File

@ -1,3 +1,18 @@
2008-09-06 Nicolas François <nicolas.francois@centraliens.net>
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
2008-09-06 Nicolas François <nicolas.francois@centraliens.net> 2008-09-06 Nicolas François <nicolas.francois@centraliens.net>
* libmisc/tz.c: tz() is only used when USE_PAM is not defined. * libmisc/tz.c: tz() is only used when USE_PAM is not defined.
@ -32,6 +47,8 @@
src/chsh.c: Simplify the PAM error handling. Do not keep the pamh src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
handle, but terminate the PAM transaction as soon as possible if handle, but terminate the PAM transaction as soon as possible if
there are no PAM session opened. there are no PAM session opened.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-06 Nicolas François <nicolas.francois@centraliens.net> 2008-09-06 Nicolas François <nicolas.francois@centraliens.net>

25
configure.in
View File

@ -219,6 +219,18 @@ AC_ARG_ENABLE(man,
[enable_man=no] [enable_man=no]
) )
AC_ARG_ENABLE(account-tools-setuid,
[AC_HELP_STRING([--enable-account-tools-setuid],
[Install the user and group management tools setuid and authenticate the callers. This requires --with-pam.])],
[case "${enableval}" in
yes) enable_acct_tools_setuid="yes" ;;
no) enable_acct_tools_setuid="no" ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
;;
esac],
[enable_acct_tools_setuid="yes"]
)
AC_ARG_WITH(audit, AC_ARG_WITH(audit,
[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])], [AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
[with_audit=$withval], [with_audit=maybe]) [with_audit=$withval], [with_audit=maybe])
@ -417,6 +429,16 @@ else
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
fi fi
if test "$enable_acct_tools_setuid" = "yes"; then
if test "$with_libpam" != "yes"; then
AC_MSG_ERROR(PAM support is required for --enable-account-tools-setuid)
fi
AC_DEFINE(ACCT_TOOLS_SETUID,
1,
[Define if account management tools should be installed setuid and authenticate the callers])
fi
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
AC_SUBST(LIBSKEY) AC_SUBST(LIBSKEY)
AC_SUBST(LIBMD) AC_SUBST(LIBMD)
if test "$with_skey" = "yes"; then if test "$with_skey" = "yes"; then
@ -475,6 +497,9 @@ echo
echo " auditing support: $with_audit" echo " auditing support: $with_audit"
echo " CrackLib support: $with_libcrack" echo " CrackLib support: $with_libcrack"
echo " PAM support: $with_libpam" echo " PAM support: $with_libpam"
if test "$with_libpam" = "yes"; then
echo " suid account management tools: $enable_acct_tools_setuid"
fi
echo " SELinux support: $with_selinux" echo " SELinux support: $with_selinux"
echo " shadow group support: $enable_shadowgrp" echo " shadow group support: $enable_shadowgrp"
echo " S/Key support: $with_skey" echo " S/Key support: $with_skey"

16
etc/pam.d/Makefile.am
View File

@ -2,22 +2,26 @@
# and also cooperate to make a distribution for `make dist' # and also cooperate to make a distribution for `make dist'
pamd_files = \ pamd_files = \
chage \
chfn \ chfn \
chsh \
groupmems \
login \
passwd \
su
if ACCT_TOOLS_SETUID
pamd_files += \
chage \
chgpasswd \ chgpasswd \
chpasswd \ chpasswd \
chsh \
groupadd \ groupadd \
groupdel \ groupdel \
groupmems \
groupmod \ groupmod \
login \
newusers \ newusers \
passwd \
su \
useradd \ useradd \
userdel \ userdel \
usermod usermod
endif
if USE_PAM if USE_PAM
pamddir = $(sysconfdir)/pam.d pamddir = $(sysconfdir)/pam.d

29
src/Makefile.am
View File

@ -49,22 +49,31 @@ noinst_PROGRAMS = id sulogin
suidbins = su suidbins = su
suidubins = chage chfn chsh expiry gpasswd newgrp passwd suidubins = chage chfn chsh expiry gpasswd newgrp passwd
if ACCT_TOOLS_SETUID
suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
endif
LDADD = $(INTLLIBS) \ LDADD = $(INTLLIBS) \
$(top_builddir)/libmisc/libmisc.a \ $(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la $(top_builddir)/lib/libshadow.la
AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\" AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\"
chage_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) if ACCT_TOOLS_SETUID
LIBPAM_SUID = $(LIBPAM)
else
LIBPAM_SUID =
endif
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD) chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
chgpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD) chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) chpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
groupadd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
groupdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
groupmod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
grpck_LDADD = $(LDADD) $(LIBSELINUX) grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX) grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX) grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
@ -73,7 +82,7 @@ login_SOURCES = \
login_nopam.c login_nopam.c
login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT) $(LIBSKEY) $(LIBMD) login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT) newgrp_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT)
newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) newusers_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
nologin_LDADD = nologin_LDADD =
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
pwck_LDADD = $(LDADD) $(LIBSELINUX) pwck_LDADD = $(LDADD) $(LIBSELINUX)
@ -84,9 +93,9 @@ su_SOURCES = \
suauth.c suauth.c
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT) $(LIBSKEY) $(LIBMD) su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT) $(LIBSKEY) $(LIBMD)
sulogin_LDADD = $(LDADD) $(LIBCRYPT) sulogin_LDADD = $(LDADD) $(LIBCRYPT)
useradd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
userdel_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
usermod_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
vipw_LDADD = $(LDADD) $(LIBSELINUX) vipw_LDADD = $(LDADD) $(LIBSELINUX)
install-am: all-am install-am: all-am

8
src/chage.c
View File

@ -42,9 +42,11 @@
#include <stdlib.h> #include <stdlib.h>
#include <sys/types.h> #include <sys/types.h>
#include <time.h> #include <time.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include <pwd.h> #include <pwd.h>
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
#include <selinux/selinux.h> #include <selinux/selinux.h>
@ -484,11 +486,13 @@ static void check_flags (int argc, int opt_index)
*/ */
static void check_perms (void) static void check_perms (void)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
struct passwd *pampw; struct passwd *pampw;
int retval; int retval;
#endif #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
/* /*
* An unprivileged user can ask for their own aging information, but * An unprivileged user can ask for their own aging information, but
@ -501,6 +505,7 @@ static void check_perms (void)
fail_exit (E_NOPERM); fail_exit (E_NOPERM);
} }
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) { if (NULL == pampw) {
@ -525,6 +530,7 @@ static void check_perms (void)
fail_exit (E_NOPERM); fail_exit (E_NOPERM);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
} }
/* /*

4
src/chgpasswd.c
View File

@ -39,9 +39,11 @@
#include <pwd.h> #include <pwd.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include "defines.h" #include "defines.h"
#include "exitcodes.h" #include "exitcodes.h"
#include "nscd.h" #include "nscd.h"
@ -246,6 +248,7 @@ static void check_flags (void)
*/ */
static void check_perms (void) static void check_perms (void)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
@ -274,6 +277,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
} }
/* /*

4
src/chpasswd.c
View File

@ -39,9 +39,11 @@
#include <pwd.h> #include <pwd.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include "defines.h" #include "defines.h"
#include "exitcodes.h" #include "exitcodes.h"
#include "nscd.h" #include "nscd.h"
@ -240,6 +242,7 @@ static void check_flags (void)
*/ */
static void check_perms (void) static void check_perms (void)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
@ -268,6 +271,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
} }
/* /*

4
src/groupadd.c
View File

@ -41,10 +41,12 @@
#include <grp.h> #include <grp.h>
#include <stdio.h> #include <stdio.h>
#include <sys/types.h> #include <sys/types.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#include <pwd.h> #include <pwd.h>
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include "chkname.h" #include "chkname.h"
#include "defines.h" #include "defines.h"
#include "getdef.h" #include "getdef.h"
@ -565,6 +567,7 @@ static void check_flags (void)
*/ */
static void check_perms (void) static void check_perms (void)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
@ -593,6 +596,7 @@ static void check_perms (void)
exit (1); exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
} }
/* /*

8
src/groupdel.c
View File

@ -38,9 +38,11 @@
#include <fcntl.h> #include <fcntl.h>
#include <grp.h> #include <grp.h>
#include <pwd.h> #include <pwd.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include <stdio.h> #include <stdio.h>
#include <sys/types.h> #include <sys/types.h>
#include "defines.h" #include "defines.h"
@ -309,10 +311,12 @@ static void group_busy (gid_t gid)
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
#endif #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
@ -336,6 +340,7 @@ int main (int argc, char **argv)
OPENLOG ("groupdel"); OPENLOG ("groupdel");
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
{ {
struct passwd *pampw; struct passwd *pampw;
@ -364,6 +369,7 @@ int main (int argc, char **argv)
exit (1); exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#ifdef SHADOWGRP #ifdef SHADOWGRP
is_shadow_grp = sgr_file_present (); is_shadow_grp = sgr_file_present ();

8
src/groupmod.c
View File

@ -40,10 +40,12 @@
#include <grp.h> #include <grp.h>
#include <stdio.h> #include <stdio.h>
#include <sys/types.h> #include <sys/types.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#include <pwd.h> #include <pwd.h>
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include "chkname.h" #include "chkname.h"
#include "defines.h" #include "defines.h"
#include "groupio.h" #include "groupio.h"
@ -679,10 +681,12 @@ void update_primary_groups (gid_t ogid, gid_t ngid)
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
#endif #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
@ -701,6 +705,7 @@ int main (int argc, char **argv)
OPENLOG ("groupmod"); OPENLOG ("groupmod");
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
{ {
struct passwd *pampw; struct passwd *pampw;
@ -729,6 +734,7 @@ int main (int argc, char **argv)
fail_exit (1); fail_exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#ifdef SHADOWGRP #ifdef SHADOWGRP
is_shadow_grp = sgr_file_present (); is_shadow_grp = sgr_file_present ();

4
src/newusers.c
View File

@ -50,9 +50,11 @@
#include <fcntl.h> #include <fcntl.h>
#include <getopt.h> #include <getopt.h>
#include <ctype.h> #include <ctype.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include "prototypes.h" #include "prototypes.h"
#include "defines.h" #include "defines.h"
#include "getdef.h" #include "getdef.h"
@ -561,6 +563,7 @@ static void check_flags (void)
*/ */
static void check_perms (void) static void check_perms (void)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
@ -589,6 +592,7 @@ static void check_perms (void)
fail_exit (1); fail_exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
} }
/* /*

10
src/useradd.c
View File

@ -42,9 +42,11 @@
#include <grp.h> #include <grp.h>
#include <lastlog.h> #include <lastlog.h>
#include <pwd.h> #include <pwd.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include <stdio.h> #include <stdio.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
@ -1748,10 +1750,12 @@ static void create_mail (void)
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
#endif #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
@ -1785,9 +1789,8 @@ int main (int argc, char **argv)
process_flags (argc, argv); process_flags (argc, argv);
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
retval = PAM_SUCCESS;
{ {
struct passwd *pampw; struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
@ -1815,6 +1818,7 @@ int main (int argc, char **argv)
fail_exit (1); fail_exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
/* /*
* See if we are messing with the defaults file, or creating * See if we are messing with the defaults file, or creating

10
src/userdel.c
View File

@ -43,9 +43,11 @@
#include <stdio.h> #include <stdio.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/stat.h> #include <sys/stat.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include "defines.h" #include "defines.h"
#include "getdef.h" #include "getdef.h"
#include "groupio.h" #include "groupio.h"
@ -781,10 +783,12 @@ int main (int argc, char **argv)
{ {
int errors = 0; /* Error in the removal of the home directory */ int errors = 0; /* Error in the removal of the home directory */
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
#endif #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
@ -830,9 +834,8 @@ int main (int argc, char **argv)
OPENLOG ("userdel"); OPENLOG ("userdel");
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
retval = PAM_SUCCESS;
{ {
struct passwd *pampw; struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
@ -860,6 +863,7 @@ int main (int argc, char **argv)
exit (E_PW_UPDATE); exit (E_PW_UPDATE);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
is_shadow_pwd = spw_file_present (); is_shadow_pwd = spw_file_present ();
#ifdef SHADOWGRP #ifdef SHADOWGRP

10
src/usermod.c
View File

@ -41,9 +41,11 @@
#include <grp.h> #include <grp.h>
#include <lastlog.h> #include <lastlog.h>
#include <pwd.h> #include <pwd.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include <stdio.h> #include <stdio.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
@ -1620,10 +1622,12 @@ static void move_mailbox (void)
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval;
#endif #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_help_open (); audit_help_open ();
@ -1651,9 +1655,8 @@ int main (int argc, char **argv)
process_flags (argc, argv); process_flags (argc, argv);
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM #ifdef USE_PAM
retval = PAM_SUCCESS;
{ {
struct passwd *pampw; struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
@ -1681,6 +1684,7 @@ int main (int argc, char **argv)
exit (1); exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
/* /*
* Do the hard stuff - open the files, change the user entries, * Do the hard stuff - open the files, change the user entries,