rpms / shadow-utils

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 lastlog_doc main rawhide
  1.   f40
  2.   shadow-4.15.0-account-tools-setuid.patch
Blob Blame History Raw 
diff -up shadow-4.15.0/src/chpasswd.c.account-tools-setuid shadow-4.15.0/src/chpasswd.c
--- shadow-4.15.0/src/chpasswd.c.account-tools-setuid	2024-03-08 22:27:04.000000000 +0100
+++ shadow-4.15.0/src/chpasswd.c	2024-03-11 11:21:57.561150382 +0100
@@ -443,9 +443,11 @@ int main (int argc, char **argv)
 	char *cp;
 	const char *salt;
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	bool use_pam = true;
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 
 	int errors = 0;
 	int line = 0;
@@ -469,19 +471,23 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
 	prefix = process_prefix_flag ("-P", argc, argv);
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	if (md5flg || eflg || cflg || prefix[0]) {
 		use_pam = false;
 	}
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 
 	OPENLOG (Prog);
 
 	check_perms ();
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	if (!use_pam)
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 	{
 		is_shadow_pwd = spw_file_present ();
 
@@ -543,6 +549,7 @@ int main (int argc, char **argv)
 		}
 		newpwd = cp;
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		if (use_pam) {
 			if (do_pam_passwd_non_interactive (Prog, name, newpwd) != 0) {
@@ -553,6 +560,7 @@ int main (int argc, char **argv)
 			}
 		} else
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 		{
 		const struct spwd *sp;
 		struct spwd newsp;
@@ -672,9 +680,11 @@ int main (int argc, char **argv)
 	 * password database.
 	 */
 	if (0 != errors) {
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		if (!use_pam)
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 		{
 			fprintf (stderr,
 			         _("%s: error detected, changes ignored\n"),
@@ -683,9 +693,11 @@ int main (int argc, char **argv)
 		fail_exit (1);
 	}
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	if (!use_pam)
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 	{
 	/* Save the changes */
 		close_files ();
diff -up shadow-4.15.0/src/groupmems.c.account-tools-setuid shadow-4.15.0/src/groupmems.c
--- shadow-4.15.0/src/groupmems.c.account-tools-setuid	2024-03-08 22:27:04.000000000 +0100
+++ shadow-4.15.0/src/groupmems.c	2024-03-11 11:16:18.365408572 +0100
@@ -14,9 +14,11 @@
 #include <grp.h>
 #include <stdio.h>
 #include <sys/types.h>
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 #include <pwd.h>
 
 #include "alloc.h"
@@ -430,6 +432,7 @@ static void process_flags (int argc, cha
 static void check_perms (void)
 {
 	if (!list) {
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		pam_handle_t *pamh = NULL;
 		int retval;
@@ -463,7 +466,8 @@ static void check_perms (void)
 			fail_exit (1);
 		}
 		(void) pam_end (pamh, retval);
-#endif
+#endif /* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 	}
 }
 
diff -up shadow-4.15.0/src/newusers.c.account-tools-setuid shadow-4.15.0/src/newusers.c
--- shadow-4.15.0/src/newusers.c.account-tools-setuid	2024-03-08 22:27:04.000000000 +0100
+++ shadow-4.15.0/src/newusers.c	2024-03-11 11:20:07.198909046 +0100
@@ -59,6 +59,7 @@
 static const char Prog[] = "newusers";
 
 static bool rflg = false;	/* create a system account */
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 static /*@null@*//*@observer@*/char *crypt_method = NULL;
 #define cflg (NULL != crypt_method)
@@ -75,6 +76,7 @@ static long bcrypt_rounds = 13;
 static long yescrypt_cost = 5;
 #endif				/* USE_YESCRYPT */
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 
 static bool is_shadow;
 #ifdef SHADOWGRP
@@ -97,9 +99,11 @@ NORETURN static void fail_exit (int);
 static int add_group (const char *, const char *, gid_t *, gid_t);
 static int get_user_id (const char *, uid_t *);
 static int add_user (const char *, uid_t, gid_t);
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 static int update_passwd (struct passwd *, const char *);
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 static int add_passwd (struct passwd *, const char *);
 static void process_flags (int argc, char **argv);
 static void check_flags (void);
@@ -121,6 +125,7 @@ static void usage (int status)
 	                  "Options:\n"),
 	                Prog);
 	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 	(void) fprintf (usageout,
 	                _("  -c, --crypt-method METHOD     the crypt method (one of %s)\n"),
@@ -136,9 +141,11 @@ static void usage (int status)
 #endif
 	               );
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
 	(void) fputs (_("  -r, --system                  create system accounts\n"), usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 	(void) fputs (_("  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
@@ -146,6 +153,7 @@ static void usage (int status)
 	              usageout);
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 	(void) fputs ("\n", usageout);
 
 	exit (status);
@@ -405,6 +413,7 @@ static int add_user (const char *name, u
 	return (pw_update (&pwent) == 0) ? -1 : 0;
 }
 
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 /*
  * update_passwd - update the password in the passwd entry
@@ -457,6 +466,7 @@ static int update_passwd (struct passwd
 	return 0;
 }
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 
 /*
  * add_passwd - add or update the encrypted password
@@ -465,10 +475,13 @@ static int add_passwd (struct passwd *pw
 {
 	const struct spwd *sp;
 	struct spwd spent;
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 	char *cp;
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 	void *crypt_arg = NULL;
 	if (NULL != crypt_method) {
@@ -505,13 +518,14 @@ static int add_passwd (struct passwd *pw
 		return update_passwd (pwd, password);
 	}
 #endif				/* USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 
 	/*
 	 * Do the first and easiest shadow file case. The user already
 	 * exists in the shadow password file.
 	 */
 	sp = spw_locate (pwd->pw_name);
-#ifndef USE_PAM
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
 	if (NULL != sp) {
 		spent = *sp;
 		if (   (NULL != crypt_method)
@@ -547,7 +561,7 @@ static int add_passwd (struct passwd *pw
 	if (strcmp (pwd->pw_passwd, "x") != 0) {
 		return update_passwd (pwd, password);
 	}
-#else				/* USE_PAM */
+#else				/* !ACCT_TOOLS_SETUID && !USE_PAM */
 	/*
 	 * If there is already a shadow entry, do not touch it.
 	 * If there is already a passwd entry with a password, do not
@@ -558,14 +572,14 @@ static int add_passwd (struct passwd *pw
 	    || (strcmp (pwd->pw_passwd, "x") != 0)) {
 		return 0;
 	}
-#endif				/* USE_PAM */
+#endif				/* !ACCT_TOOLS_SETUID && !USE_PAM */
 
 	/*
 	 * Now the really hard case - I need to create an entirely new
 	 * shadow password file entry.
 	 */
 	spent.sp_namp = pwd->pw_name;
-#ifndef USE_PAM
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
 	if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
 		spent.sp_pwdp = (char *)password;
 	} else {
@@ -610,35 +624,41 @@ static int add_passwd (struct passwd *pw
 static void process_flags (int argc, char **argv)
 {
 	int c;
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
         int bad_s;
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif 				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 	static struct option long_options[] = {
 		{"badname",      no_argument,       NULL, 'b'},
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 		{"crypt-method", required_argument, NULL, 'c'},
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 		{"help",         no_argument,       NULL, 'h'},
 		{"system",       no_argument,       NULL, 'r'},
 		{"root",         required_argument, NULL, 'R'},
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 		{"sha-rounds",   required_argument, NULL, 's'},
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 		{NULL, 0, NULL, '\0'}
 	};
 
 	while ((c = getopt_long (argc, argv,
-#ifndef USE_PAM
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 	                         "c:bhrs:",
 #else				/* !USE_SHA_CRYPT && !USE_BCRYPT && !USE_YESCRYPT */
 	                         "c:bhr",
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
-#else				/* USE_PAM */
+#else				/* !ACCT_TOOLS_SETUID && !USE_PAM */
 	                         "bhr",
 #endif
 	                         long_options, NULL)) != -1) {
@@ -646,11 +666,13 @@ static void process_flags (int argc, cha
 		case 'b':
 			allow_bad_names = true;
 			break;
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 		case 'c':
 			crypt_method = optarg;
 			break;
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 		case 'h':
 			usage (EXIT_SUCCESS);
 			break;
@@ -659,6 +681,7 @@ static void process_flags (int argc, cha
 			break;
 		case 'R': /* no-op, handled in process_root_flag () */
 			break;
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 		case 's':
@@ -698,6 +721,7 @@ static void process_flags (int argc, cha
 			break;
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 		default:
 			usage (EXIT_FAILURE);
 			break;
@@ -730,6 +754,7 @@ static void process_flags (int argc, cha
  */
 static void check_flags (void)
 {
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 	if (sflg && !cflg) {
@@ -762,6 +787,7 @@ static void check_flags (void)
 		}
 	}
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 }
 
 /*
@@ -1052,12 +1078,14 @@ int main (int argc, char **argv)
 	int line = 0;
 	uid_t uid;
 	gid_t gid;
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	int *lines = NULL;
 	char **usernames = NULL;
 	char **passwords = NULL;
 	unsigned int nusers = 0;
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 
 	log_set_progname(Prog);
 	log_set_logfd(stderr);
@@ -1195,6 +1223,7 @@ int main (int argc, char **argv)
 		}
 		newpw = *pw;
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		/* keep the list of user/password for later update by PAM */
 		nusers++;
@@ -1211,6 +1240,7 @@ int main (int argc, char **argv)
 		usernames[nusers-1] = strdup (fields[0]);
 		passwords[nusers-1] = strdup (fields[1]);
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 		if (add_passwd (&newpw, fields[1]) != 0) {
 			fprintf (stderr,
 			         _("%s: line %d: can't update password\n"),
@@ -1327,6 +1357,7 @@ int main (int argc, char **argv)
 	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	unsigned int i;
 	/* Now update the passwords using PAM */
@@ -1339,6 +1370,7 @@ int main (int argc, char **argv)
 		}
 	}
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 
 	exit (EXIT_SUCCESS);
 }
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.