shadow/lib
Christian Göttsche cbd2472b7c migrate to new SELinux api
Using hard-coded access vector ids is deprecated and can lead to issues with custom SELinux policies.
Switch to `selinux_check_access()`.

Also use the libselinux log callback and log if available to audit.
This makes it easier for users to catch SELinux denials.

Drop legacy shortcut logic for passwd, which avoided a SELinux check if uid 0 changes a password of a user which username equals the current SELinux user identifier.
Nowadays usernames rarely match SELinux user identifiers and the benefit of skipping a SELinux check is negligible.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2019-10-22 14:56:31 +02:00
..
.indent.pro [svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 11:46:07 +00:00
commonio.c Do not fail locking if there is a stale lockfile. 2019-05-02 14:39:01 +02:00
commonio.h Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
defines.h gettime: Use secure_getenv over getenv. 2019-03-31 16:00:01 +01:00
encrypt.c Review 52a38d5509 2013-08-04 00:27:53 +02:00
exitcodes.h * lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. 2009-04-30 21:08:49 +00:00
faillog.h Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
fields.c * lib/fields.c: Fixed typo from 2010-02-15. field insteadof cp 2011-07-08 19:56:18 +00:00
fputsx.c * lib/fputsx.c: Compare the result of fgets() with the provided 2009-06-12 20:20:45 +00:00
get_gid.c * libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c, 2009-04-30 21:12:33 +00:00
get_pid.c * libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c, 2009-04-30 21:12:33 +00:00
get_uid.c * libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c, 2009-04-30 21:12:33 +00:00
getdef.c Add support for a vendor directory and libeconf 2019-10-05 22:17:49 -05:00
getdef.h add --prefix option 2017-03-01 22:51:09 +01:00
getlong.c * lib/getlong.c: Do not check for NULL string but empty string. 2009-04-24 23:27:12 +00:00
getulong.c Simplify getulong 2016-08-03 11:51:07 -05:00
groupio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
groupio.h * lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h, 2009-04-23 21:19:02 +00:00
groupmem.c Clear passwords on __gr_dup/__pw_dup errors. 2015-07-11 13:00:13 +02:00
gshadow_.h * lib/gshadow_.h: Fix typo in comment. 2011-08-14 13:16:54 +00:00
gshadow.c 2010-02-14 Michael Bunk <mb@computer-leipzig.com> 2010-03-10 22:30:03 +00:00
lockpw.c Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
Makefile.am Add support for a vendor directory and libeconf 2019-10-05 22:17:49 -05:00
nscd.c 2012-02-13 Mike Frysinger <vapier@gentoo.org> 2012-02-13 20:09:59 +00:00
nscd.h * configure.in, lib/nscd.h, lib/nscd.c: Added --with-nscd flag to 2008-08-30 18:30:36 +00:00
pam_defs.h * README, NEWS, configure.in, lib/pam_defs.h, src/login.c: Add 2008-07-21 21:14:06 +00:00
port.c * libmisc/console.c, libmisc/hushed.c, libmisc/yesno.c, 2008-06-13 18:11:09 +00:00
port.h Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
prototypes.h migrate to new SELinux api 2019-10-22 14:56:31 +02:00
pwauth.c Review 52a38d5509 2013-08-04 00:27:53 +02:00
pwauth.h * libmisc/find_new_gid.c, libmisc/find_new_uid.c, 2009-04-23 17:43:27 +00:00
pwio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
pwio.h * lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h, 2009-04-23 21:19:02 +00:00
pwmem.c Clear passwords on __gr_dup/__pw_dup errors. 2015-07-11 13:00:13 +02:00
selinux.c migrate to new SELinux api 2019-10-22 14:56:31 +02:00
semanage.c * lib/selinux.c, lib/semanage.c: prototypes.h was not included. 2012-01-08 16:06:57 +00:00
sgetgrent.c lib/sgetgrent.c: change to warn when data remains 2019-10-04 18:30:41 -05:00
sgetpwent.c sgetpwent.c/sgetgrent.c: check for additional data at end of line 2019-10-04 18:30:38 -05:00
sgetspent.c * lib/sgetspent.c: Only compile ifndef HAVE_SGETSPENT 2009-04-10 22:35:07 +00:00
sgroupio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
sgroupio.h * lib/sgroupio.h: Harmonize splint annotations of sgr_locate() 2009-09-07 18:59:03 +00:00
shadow.c * lib/utent.c (getutline): Remove getutline(). This function is 2010-03-23 08:56:52 +00:00
shadowio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
shadowio.h Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore 2016-12-21 12:45:50 -06:00
shadowmem.c Add splint annotations. 2013-08-13 19:13:45 +02:00
spawn.c lib/spawn.c run_command: don't loop forever if waitpid() is returning ECHILD 2019-05-06 14:26:14 -04:00
sssd.c Flush sssd caches in addition to nscd caches 2018-09-13 14:20:02 +02:00
sssd.h Flush sssd caches in addition to nscd caches 2018-09-13 14:20:02 +02:00
subordinateio.c remove unused fn commonio_next 2019-10-12 20:03:51 -05:00
subordinateio.h Remove dead code. 2013-08-15 17:30:19 +02:00
tcbfuncs.c Reverse comparison for consistency. 2010-03-18 18:58:52 +00:00
tcbfuncs.h * lib/tcbfuncs.h: Re-indent. 2010-03-18 19:23:00 +00:00
utent.c * lib/utent.c (getutline): Remove getutline(). This function is 2010-03-23 08:56:52 +00:00