|
|
5ab9c0 |
commit 408b8a548243aebaa6d773beeae8ddf4bb6100f0
|
|
|
5ab9c0 |
Author: Tomas Mraz <tmraz@fedoraproject.org>
|
|
|
5ab9c0 |
Date: Thu May 2 14:33:06 2019 +0200
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
Use the lckpwdf() again if prefix is not set
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
The implementation of prefix option dropped the use of lckpwdf().
|
|
|
5ab9c0 |
However that is incorrect as other tools manipulating the shadow passwords
|
|
|
5ab9c0 |
such as PAM use lckpwdf() and do not know anything about the
|
|
|
5ab9c0 |
shadow's own locking mechanism.
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
This reverts the implementation to use lckpwdf() if prefix option
|
|
|
5ab9c0 |
is not used.
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
diff --git a/lib/commonio.c b/lib/commonio.c
|
|
|
5ab9c0 |
index 26e518f2..94dda779 100644
|
|
|
5ab9c0 |
--- a/lib/commonio.c
|
|
|
5ab9c0 |
+++ b/lib/commonio.c
|
|
|
5ab9c0 |
@@ -364,6 +364,7 @@ static void free_linked_list (struct commonio_db *db)
|
|
|
5ab9c0 |
int commonio_setname (struct commonio_db *db, const char *name)
|
|
|
5ab9c0 |
{
|
|
|
5ab9c0 |
snprintf (db->filename, sizeof (db->filename), "%s", name);
|
|
|
5ab9c0 |
+ db->setname = true;
|
|
|
5ab9c0 |
return 1;
|
|
|
5ab9c0 |
}
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
@@ -414,37 +415,39 @@ cleanup_ENOMEM:
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
int commonio_lock (struct commonio_db *db)
|
|
|
5ab9c0 |
{
|
|
|
5ab9c0 |
-/*#ifdef HAVE_LCKPWDF*/ /* not compatible with prefix option*/
|
|
|
5ab9c0 |
-#if 0
|
|
|
5ab9c0 |
- /*
|
|
|
5ab9c0 |
- * only if the system libc has a real lckpwdf() - the one from
|
|
|
5ab9c0 |
- * lockpw.c calls us and would cause infinite recursion!
|
|
|
5ab9c0 |
- */
|
|
|
5ab9c0 |
+ int i;
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
+#ifdef HAVE_LCKPWDF
|
|
|
5ab9c0 |
/*
|
|
|
5ab9c0 |
- * Call lckpwdf() on the first lock.
|
|
|
5ab9c0 |
- * If it succeeds, call *_lock() only once
|
|
|
5ab9c0 |
- * (no retries, it should always succeed).
|
|
|
5ab9c0 |
+ * Only if the system libc has a real lckpwdf() - the one from
|
|
|
5ab9c0 |
+ * lockpw.c calls us and would cause infinite recursion!
|
|
|
5ab9c0 |
+ * It is also not used with the prefix option.
|
|
|
5ab9c0 |
*/
|
|
|
5ab9c0 |
- if (0 == lock_count) {
|
|
|
5ab9c0 |
- if (lckpwdf () == -1) {
|
|
|
5ab9c0 |
- if (geteuid () != 0) {
|
|
|
5ab9c0 |
- (void) fprintf (stderr,
|
|
|
5ab9c0 |
- "%s: Permission denied.\n",
|
|
|
5ab9c0 |
- Prog);
|
|
|
5ab9c0 |
+ if (!db->setname) {
|
|
|
5ab9c0 |
+ /*
|
|
|
5ab9c0 |
+ * Call lckpwdf() on the first lock.
|
|
|
5ab9c0 |
+ * If it succeeds, call *_lock() only once
|
|
|
5ab9c0 |
+ * (no retries, it should always succeed).
|
|
|
5ab9c0 |
+ */
|
|
|
5ab9c0 |
+ if (0 == lock_count) {
|
|
|
5ab9c0 |
+ if (lckpwdf () == -1) {
|
|
|
5ab9c0 |
+ if (geteuid () != 0) {
|
|
|
5ab9c0 |
+ (void) fprintf (stderr,
|
|
|
5ab9c0 |
+ "%s: Permission denied.\n",
|
|
|
5ab9c0 |
+ Prog);
|
|
|
5ab9c0 |
+ }
|
|
|
5ab9c0 |
+ return 0; /* failure */
|
|
|
5ab9c0 |
}
|
|
|
5ab9c0 |
- return 0; /* failure */
|
|
|
5ab9c0 |
}
|
|
|
5ab9c0 |
- }
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
- if (commonio_lock_nowait (db, true) != 0) {
|
|
|
5ab9c0 |
- return 1; /* success */
|
|
|
5ab9c0 |
- }
|
|
|
5ab9c0 |
+ if (commonio_lock_nowait (db, true) != 0) {
|
|
|
5ab9c0 |
+ return 1; /* success */
|
|
|
5ab9c0 |
+ }
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
- ulckpwdf ();
|
|
|
5ab9c0 |
- return 0; /* failure */
|
|
|
5ab9c0 |
-#else /* !HAVE_LCKPWDF */
|
|
|
5ab9c0 |
- int i;
|
|
|
5ab9c0 |
+ ulckpwdf ();
|
|
|
5ab9c0 |
+ return 0; /* failure */
|
|
|
5ab9c0 |
+ }
|
|
|
5ab9c0 |
+#endif /* !HAVE_LCKPWDF */
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
/*
|
|
|
5ab9c0 |
* lckpwdf() not used - do it the old way.
|
|
|
5ab9c0 |
@@ -471,7 +474,6 @@ int commonio_lock (struct commonio_db *db)
|
|
|
5ab9c0 |
}
|
|
|
5ab9c0 |
}
|
|
|
5ab9c0 |
return 0; /* failure */
|
|
|
5ab9c0 |
-#endif /* !HAVE_LCKPWDF */
|
|
|
5ab9c0 |
}
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
static void dec_lock_count (void)
|
|
|
5ab9c0 |
diff --git a/lib/commonio.h b/lib/commonio.h
|
|
|
5ab9c0 |
index 40e5708f..64e83073 100644
|
|
|
5ab9c0 |
--- a/lib/commonio.h
|
|
|
5ab9c0 |
+++ b/lib/commonio.h
|
|
|
5ab9c0 |
@@ -143,6 +143,7 @@ struct commonio_db {
|
|
|
5ab9c0 |
bool isopen:1;
|
|
|
5ab9c0 |
bool locked:1;
|
|
|
5ab9c0 |
bool readonly:1;
|
|
|
5ab9c0 |
+ bool setname:1;
|
|
|
5ab9c0 |
};
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
extern int commonio_setname (struct commonio_db *, const char *);
|
|
|
5ab9c0 |
diff --git a/lib/groupio.c b/lib/groupio.c
|
|
|
5ab9c0 |
index ae2302b5..bffb06e0 100644
|
|
|
5ab9c0 |
--- a/lib/groupio.c
|
|
|
5ab9c0 |
+++ b/lib/groupio.c
|
|
|
5ab9c0 |
@@ -139,7 +139,8 @@ static /*@owned@*/struct commonio_db group_db = {
|
|
|
5ab9c0 |
false, /* changed */
|
|
|
5ab9c0 |
false, /* isopen */
|
|
|
5ab9c0 |
false, /* locked */
|
|
|
5ab9c0 |
- false /* readonly */
|
|
|
5ab9c0 |
+ false, /* readonly */
|
|
|
5ab9c0 |
+ false /* setname */
|
|
|
5ab9c0 |
};
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
int gr_setdbname (const char *filename)
|
|
|
5ab9c0 |
diff --git a/lib/pwio.c b/lib/pwio.c
|
|
|
5ab9c0 |
index 7ee85377..127719cb 100644
|
|
|
5ab9c0 |
--- a/lib/pwio.c
|
|
|
5ab9c0 |
+++ b/lib/pwio.c
|
|
|
5ab9c0 |
@@ -114,7 +114,8 @@ static struct commonio_db passwd_db = {
|
|
|
5ab9c0 |
false, /* changed */
|
|
|
5ab9c0 |
false, /* isopen */
|
|
|
5ab9c0 |
false, /* locked */
|
|
|
5ab9c0 |
- false /* readonly */
|
|
|
5ab9c0 |
+ false, /* readonly */
|
|
|
5ab9c0 |
+ false /* setname */
|
|
|
5ab9c0 |
};
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
int pw_setdbname (const char *filename)
|
|
|
5ab9c0 |
diff --git a/lib/sgroupio.c b/lib/sgroupio.c
|
|
|
5ab9c0 |
index 5423626a..ffbdb263 100644
|
|
|
5ab9c0 |
--- a/lib/sgroupio.c
|
|
|
5ab9c0 |
+++ b/lib/sgroupio.c
|
|
|
5ab9c0 |
@@ -238,7 +238,8 @@ static struct commonio_db gshadow_db = {
|
|
|
5ab9c0 |
false, /* changed */
|
|
|
5ab9c0 |
false, /* isopen */
|
|
|
5ab9c0 |
false, /* locked */
|
|
|
5ab9c0 |
- false /* readonly */
|
|
|
5ab9c0 |
+ false, /* readonly */
|
|
|
5ab9c0 |
+ false /* setname */
|
|
|
5ab9c0 |
};
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
int sgr_setdbname (const char *filename)
|
|
|
5ab9c0 |
diff --git a/lib/shadowio.c b/lib/shadowio.c
|
|
|
5ab9c0 |
index 5fa3d312..676b1f1a 100644
|
|
|
5ab9c0 |
--- a/lib/shadowio.c
|
|
|
5ab9c0 |
+++ b/lib/shadowio.c
|
|
|
5ab9c0 |
@@ -114,7 +114,8 @@ static struct commonio_db shadow_db = {
|
|
|
5ab9c0 |
false, /* changed */
|
|
|
5ab9c0 |
false, /* isopen */
|
|
|
5ab9c0 |
false, /* locked */
|
|
|
5ab9c0 |
- false /* readonly */
|
|
|
5ab9c0 |
+ false, /* readonly */
|
|
|
5ab9c0 |
+ false /* setname */
|
|
|
5ab9c0 |
};
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
int spw_setdbname (const char *filename)
|
|
|
5ab9c0 |
diff --git a/lib/subordinateio.c b/lib/subordinateio.c
|
|
|
5ab9c0 |
index a662e67e..dd779c59 100644
|
|
|
5ab9c0 |
--- a/lib/subordinateio.c
|
|
|
5ab9c0 |
+++ b/lib/subordinateio.c
|
|
|
5ab9c0 |
@@ -550,7 +550,8 @@ static struct commonio_db subordinate_uid_db = {
|
|
|
5ab9c0 |
false, /* changed */
|
|
|
5ab9c0 |
false, /* isopen */
|
|
|
5ab9c0 |
false, /* locked */
|
|
|
5ab9c0 |
- false /* readonly */
|
|
|
5ab9c0 |
+ false, /* readonly */
|
|
|
5ab9c0 |
+ false /* setname */
|
|
|
5ab9c0 |
};
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
int sub_uid_setdbname (const char *filename)
|
|
|
5ab9c0 |
@@ -631,7 +632,8 @@ static struct commonio_db subordinate_gid_db = {
|
|
|
5ab9c0 |
false, /* changed */
|
|
|
5ab9c0 |
false, /* isopen */
|
|
|
5ab9c0 |
false, /* locked */
|
|
|
5ab9c0 |
- false /* readonly */
|
|
|
5ab9c0 |
+ false, /* readonly */
|
|
|
5ab9c0 |
+ false /* setname */
|
|
|
5ab9c0 |
};
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
int sub_gid_setdbname (const char *filename)
|