From 57f9d5ae9ce460fd580f6f7b2cd0909fc530218b Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Sun, 13 Nov 2011 16:24:57 +0000 Subject: [PATCH] * src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c, src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c, src/newusers.c, src/useradd.c, src/userdel.c, src/usermod.c: Provide the PAM error message instead of our own, and log error to syslog. * src/groupmems.c: Exit with exit rather than fail_exit in usage(). * src/newusers.c: Check the number of arguments. * src/newusers.c: Do not create the home directory when it is not changed. * src/useradd.c: Set the group password to "!" rather "x" if there are no gshadow file. --- ChangeLog | 14 ++++++++++++++ src/chage.c | 11 +++++++---- src/chfn.c | 11 +++++++---- src/chgpasswd.c | 11 +++++++---- src/chpasswd.c | 11 +++++++---- src/chsh.c | 11 +++++++---- src/groupadd.c | 11 +++++++---- src/groupdel.c | 11 +++++++---- src/groupmems.c | 13 ++++++++----- src/groupmod.c | 11 +++++++---- src/newusers.c | 18 +++++++++++++----- src/useradd.c | 17 ++++++++++++----- src/userdel.c | 11 +++++++---- src/usermod.c | 11 +++++++---- 14 files changed, 117 insertions(+), 55 deletions(-) diff --git a/ChangeLog b/ChangeLog index 317719bc..89e2ae33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,17 @@ +2011-11-12 Nicolas François + + * src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c, + src/chsh.c, src/groupadd.c, src/groupdel.c, src/groupmems.c, + src/groupmod.c, src/newusers.c, src/useradd.c, src/userdel.c, + src/usermod.c: Provide the PAM error + message instead of our own, and log error to syslog. + * src/groupmems.c: Exit with exit rather than fail_exit in usage(). + * src/newusers.c: Check the number of arguments. + * src/newusers.c: Do not create the home directory when it is not + changed. + * src/useradd.c: Set the group password to "!" rather "x" if there + are no gshadow file. + 2011-11-11 Nicolas François * src/pwck.c: Removed pw_opened. diff --git a/src/chage.c b/src/chage.c index 47027835..b840e778 100644 --- a/src/chage.c +++ b/src/chage.c @@ -556,13 +556,16 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } fail_exit (E_NOPERM); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ } diff --git a/src/chfn.c b/src/chfn.c index 40d6750b..a022c1a3 100644 --- a/src/chfn.c +++ b/src/chfn.c @@ -416,13 +416,16 @@ static void check_perms (const struct passwd *pw) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (E_NOPERM); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ } diff --git a/src/chgpasswd.c b/src/chgpasswd.c index af533387..dab8574a 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -286,13 +286,16 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (1); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ } diff --git a/src/chpasswd.c b/src/chpasswd.c index ef54a486..9ebfabe6 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -283,13 +283,16 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (1); } + (void) pam_end (pamh, retval); #endif /* ACCT_TOOLS_SETUID */ #endif /* USE_PAM */ } diff --git a/src/chsh.c b/src/chsh.c index c038f697..4bb47f5a 100644 --- a/src/chsh.c +++ b/src/chsh.c @@ -325,13 +325,16 @@ static void check_perms (const struct passwd *pw) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (E_NOPERM); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ } diff --git a/src/groupadd.c b/src/groupadd.c index b4c057cd..39b4ec02 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -549,13 +549,16 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (1); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ } diff --git a/src/groupdel.c b/src/groupdel.c index 9bf5863f..da993475 100644 --- a/src/groupdel.c +++ b/src/groupdel.c @@ -407,13 +407,16 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (1); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ diff --git a/src/groupmems.c b/src/groupmems.c index e1f77b7e..e4f107f9 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -379,7 +379,7 @@ static /*@noreturn@*/void usage (int status) (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -p, --purge purge all members from the group\n"), usageout); (void) fputs (_(" -l, --list list the members of the group\n"), usageout); - fail_exit (status); + exit (status); } /* @@ -471,13 +471,16 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } fail_exit (1); } + (void) pam_end (pamh, retval); #endif } } diff --git a/src/groupmod.c b/src/groupmod.c index 96de082a..d9d38071 100644 --- a/src/groupmod.c +++ b/src/groupmod.c @@ -784,13 +784,16 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (1); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ diff --git a/src/newusers.c b/src/newusers.c index 2e46ecbf..447676f3 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -584,6 +584,11 @@ static void process_flags (int argc, char **argv) } } + if ( (optind != argc) + && (optind + 1 != argc)) { + usage (EXIT_FAILURE); + } + if (argv[optind] != NULL) { if (freopen (argv[optind], "r", stdin) == NULL) { char buf[BUFSIZ]; @@ -668,13 +673,16 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } fail_exit (EXIT_FAILURE); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ } @@ -1006,7 +1014,7 @@ int main (int argc, char **argv) newpw.pw_shell = fields[6]; } - if ( ('\0' != newpw.pw_dir[0]) + if ( ('\0' != fields[5][0]) && (access (newpw.pw_dir, F_OK) != 0)) { /* FIXME: should check for directory */ mode_t msk = 0777 & ~getdef_num ("UMASK", diff --git a/src/useradd.c b/src/useradd.c index da3cd97a..e32f4fa2 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1519,7 +1519,11 @@ static void new_grent (struct group *grent) { memzero (grent, sizeof *grent); grent->gr_name = (char *) user_name; - grent->gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */ + if (is_shadow_grp) { + grent->gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */ + } else { + grent->gr_passwd = "!"; /* XXX warning: const */ + } grent->gr_gid = user_gid; grent->gr_mem = &empty_list; } @@ -1929,13 +1933,16 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } fail_exit (1); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ diff --git a/src/userdel.c b/src/userdel.c index c2091cda..41813076 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -923,13 +923,16 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (E_PW_UPDATE); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ diff --git a/src/usermod.c b/src/usermod.c index 0c0f464e..19781aad 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1849,13 +1849,16 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (NULL != pamh) { - (void) pam_end (pamh, retval); - } if (PAM_SUCCESS != retval) { - fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); + fprintf (stderr, _("%s: PAM: %s\n"), + Prog, pam_strerror (pamh, retval)); + SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } exit (1); } + (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ -- 2.40.0