emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
e97df9b1ec
shadow/lib
History
Christian Göttsche cbd2472b7c migrate to new SELinux api 
Using hard-coded access vector ids is deprecated and can lead to issues with custom SELinux policies.
Switch to `selinux_check_access()`.

Also use the libselinux log callback and log if available to audit.
This makes it easier for users to catch SELinux denials.

Drop legacy shortcut logic for passwd, which avoided a SELinux check if uid 0 changes a password of a user which username equals the current SELinux user identifier.
Nowadays usernames rarely match SELinux user identifiers and the benefit of skipping a SELinux check is negligible.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2019-10-22 14:56:31 +02:00
..
.indent.pro
commonio.c Do not fail locking if there is a stale lockfile. 2019-05-02 14:39:01 +02:00
commonio.h Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
defines.h gettime: Use secure_getenv over getenv. 2019-03-31 16:00:01 +01:00
encrypt.c
exitcodes.h
faillog.h
fields.c
fputsx.c
get_gid.c
get_pid.c
get_uid.c
getdef.c Add support for a vendor directory and libeconf 2019-10-05 22:17:49 -05:00
getdef.h
getlong.c
getulong.c Simplify getulong 2016-08-03 11:51:07 -05:00
groupio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
groupio.h
groupmem.c
gshadow_.h
gshadow.c
lockpw.c Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
Makefile.am Add support for a vendor directory and libeconf 2019-10-05 22:17:49 -05:00
nscd.c
nscd.h * configure.in, lib/nscd.h, lib/nscd.c: Added --with-nscd flag to 2008-08-30 18:30:36 +00:00
pam_defs.h * README, NEWS, configure.in, lib/pam_defs.h, src/login.c: Add 2008-07-21 21:14:06 +00:00
port.c
port.h Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
prototypes.h migrate to new SELinux api 2019-10-22 14:56:31 +02:00
pwauth.c
pwauth.h
pwio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
pwio.h
pwmem.c
selinux.c migrate to new SELinux api 2019-10-22 14:56:31 +02:00
semanage.c
sgetgrent.c lib/sgetgrent.c: change to warn when data remains 2019-10-04 18:30:41 -05:00
sgetpwent.c sgetpwent.c/sgetgrent.c: check for additional data at end of line 2019-10-04 18:30:38 -05:00
sgetspent.c * lib/sgetspent.c: Only compile ifndef HAVE_SGETSPENT 2009-04-10 22:35:07 +00:00
sgroupio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
sgroupio.h
shadow.c
shadowio.c Use the lckpwdf() again if prefix is not set 2019-05-02 14:33:06 +02:00
shadowio.h
shadowmem.c Add splint annotations. 2013-08-13 19:13:45 +02:00
spawn.c lib/spawn.c run_command: don't loop forever if waitpid() is returning ECHILD 2019-05-06 14:26:14 -04:00
sssd.c Flush sssd caches in addition to nscd caches 2018-09-13 14:20:02 +02:00
sssd.h Flush sssd caches in addition to nscd caches 2018-09-13 14:20:02 +02:00
subordinateio.c remove unused fn commonio_next 2019-10-12 20:03:51 -05:00
subordinateio.h
tcbfuncs.c
tcbfuncs.h * lib/tcbfuncs.h: Re-indent. 2010-03-18 19:23:00 +00:00
utent.c * lib/utent.c (getutline): Remove getutline(). This function is 2010-03-23 08:56:52 +00:00