mirror of
https://github.com/shadow-maint/shadow.git
synced 2024-12-05 07:53:34 +08:00
Merge pull request #4 from xnox/master
Make shadow more robust in hostile environments
This commit is contained in:
commit
e01bad7d3c
@ -393,3 +393,8 @@ USERGROUPS_ENAB yes
|
||||
#
|
||||
#CREATE_HOME yes
|
||||
|
||||
#
|
||||
# Force use shadow, even if shadow passwd & shadow group files are
|
||||
# missing.
|
||||
#
|
||||
#FORCE_SHADOW yes
|
||||
|
@ -968,11 +968,10 @@ int commonio_close (struct commonio_db *db)
|
||||
} else {
|
||||
/*
|
||||
* Default permissions for new [g]shadow files.
|
||||
* (passwd and group always exist...)
|
||||
*/
|
||||
sb.st_mode = 0400;
|
||||
sb.st_uid = 0;
|
||||
sb.st_gid = 0;
|
||||
sb.st_mode = db->st_mode;
|
||||
sb.st_uid = db->st_uid;
|
||||
sb.st_gid = db->st_gid;
|
||||
}
|
||||
|
||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
||||
|
@ -123,6 +123,12 @@ struct commonio_db {
|
||||
#ifdef WITH_SELINUX
|
||||
/*@null@*/security_context_t scontext;
|
||||
#endif
|
||||
/*
|
||||
* Default permissions and owner for newly created data file.
|
||||
*/
|
||||
mode_t st_mode;
|
||||
uid_t st_uid;
|
||||
gid_t st_gid;
|
||||
/*
|
||||
* Head, tail, current position in linked list.
|
||||
*/
|
||||
|
80
lib/getdef.c
80
lib/getdef.c
@ -49,6 +49,32 @@ struct itemdef {
|
||||
/*@null@*/char *value; /* value given, or NULL if no value */
|
||||
};
|
||||
|
||||
#define PAMDEFS \
|
||||
{"CHFN_AUTH", NULL}, \
|
||||
{"CHSH_AUTH", NULL}, \
|
||||
{"CRACKLIB_DICTPATH", NULL}, \
|
||||
{"ENV_HZ", NULL}, \
|
||||
{"ENVIRON_FILE", NULL}, \
|
||||
{"ENV_TZ", NULL}, \
|
||||
{"FAILLOG_ENAB", NULL}, \
|
||||
{"FTMP_FILE", NULL}, \
|
||||
{"ISSUE_FILE", NULL}, \
|
||||
{"LASTLOG_ENAB", NULL}, \
|
||||
{"LOGIN_STRING", NULL}, \
|
||||
{"MAIL_CHECK_ENAB", NULL}, \
|
||||
{"MOTD_FILE", NULL}, \
|
||||
{"NOLOGINS_FILE", NULL}, \
|
||||
{"OBSCURE_CHECKS_ENAB", NULL}, \
|
||||
{"PASS_ALWAYS_WARN", NULL}, \
|
||||
{"PASS_CHANGE_TRIES", NULL}, \
|
||||
{"PASS_MAX_LEN", NULL}, \
|
||||
{"PASS_MIN_LEN", NULL}, \
|
||||
{"PORTTIME_CHECKS_ENAB", NULL}, \
|
||||
{"QUOTAS_ENAB", NULL}, \
|
||||
{"SU_WHEEL_ONLY", NULL}, \
|
||||
{"ULIMIT", NULL},
|
||||
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
{"CHFN_RESTRICT", NULL},
|
||||
@ -102,29 +128,7 @@ static struct itemdef def_table[] = {
|
||||
{"USERDEL_CMD", NULL},
|
||||
{"USERGROUPS_ENAB", NULL},
|
||||
#ifndef USE_PAM
|
||||
{"CHFN_AUTH", NULL},
|
||||
{"CHSH_AUTH", NULL},
|
||||
{"CRACKLIB_DICTPATH", NULL},
|
||||
{"ENV_HZ", NULL},
|
||||
{"ENVIRON_FILE", NULL},
|
||||
{"ENV_TZ", NULL},
|
||||
{"FAILLOG_ENAB", NULL},
|
||||
{"FTMP_FILE", NULL},
|
||||
{"ISSUE_FILE", NULL},
|
||||
{"LASTLOG_ENAB", NULL},
|
||||
{"LOGIN_STRING", NULL},
|
||||
{"MAIL_CHECK_ENAB", NULL},
|
||||
{"MOTD_FILE", NULL},
|
||||
{"NOLOGINS_FILE", NULL},
|
||||
{"OBSCURE_CHECKS_ENAB", NULL},
|
||||
{"PASS_ALWAYS_WARN", NULL},
|
||||
{"PASS_CHANGE_TRIES", NULL},
|
||||
{"PASS_MAX_LEN", NULL},
|
||||
{"PASS_MIN_LEN", NULL},
|
||||
{"PORTTIME_CHECKS_ENAB", NULL},
|
||||
{"QUOTAS_ENAB", NULL},
|
||||
{"SU_WHEEL_ONLY", NULL},
|
||||
{"ULIMIT", NULL},
|
||||
PAMDEFS
|
||||
#endif
|
||||
#ifdef USE_SYSLOG
|
||||
{"SYSLOG_SG_ENAB", NULL},
|
||||
@ -135,9 +139,17 @@ static struct itemdef def_table[] = {
|
||||
{"TCB_SYMLINKS", NULL},
|
||||
{"USE_TCB", NULL},
|
||||
#endif
|
||||
{"FORCE_SHADOW", NULL},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
#define NUMKNOWNDEFS (sizeof(knowndef_table)/sizeof(knowndef_table[0]))
|
||||
static struct itemdef knowndef_table[] = {
|
||||
#ifdef USE_PAM
|
||||
PAMDEFS
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifndef LOGINDEFS
|
||||
#define LOGINDEFS "/etc/login.defs"
|
||||
#endif
|
||||
@ -397,10 +409,17 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
|
||||
* Item was never found.
|
||||
*/
|
||||
|
||||
for (ptr = knowndef_table; NULL != ptr->name; ptr++) {
|
||||
if (strcmp (ptr->name, name) == 0) {
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
fprintf (stderr,
|
||||
_("configuration error - unknown item '%s' (notify administrator)\n"),
|
||||
name);
|
||||
SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
|
||||
|
||||
out:
|
||||
return (struct itemdef *) NULL;
|
||||
}
|
||||
|
||||
@ -416,23 +435,26 @@ static void def_load (void)
|
||||
FILE *fp;
|
||||
char buf[1024], *name, *value, *s;
|
||||
|
||||
/*
|
||||
* Set the initialized flag.
|
||||
* (do it early to prevent recursion in putdef_str())
|
||||
*/
|
||||
def_loaded = true;
|
||||
|
||||
/*
|
||||
* Open the configuration definitions file.
|
||||
*/
|
||||
fp = fopen (def_fname, "r");
|
||||
if (NULL == fp) {
|
||||
if (errno == ENOENT)
|
||||
return;
|
||||
|
||||
int err = errno;
|
||||
SYSLOG ((LOG_CRIT, "cannot open login definitions %s [%s]",
|
||||
def_fname, strerror (err)));
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the initialized flag.
|
||||
* (do it early to prevent recursion in putdef_str())
|
||||
*/
|
||||
def_loaded = true;
|
||||
|
||||
/*
|
||||
* Go through all of the lines in the file.
|
||||
*/
|
||||
|
@ -130,6 +130,9 @@ static /*@owned@*/struct commonio_db group_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
0644, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
NULL, /* tail */
|
||||
NULL, /* cursor */
|
||||
|
@ -105,6 +105,9 @@ static struct commonio_db passwd_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
0644, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
NULL, /* tail */
|
||||
NULL, /* cursor */
|
||||
|
@ -228,6 +228,9 @@ static struct commonio_db gshadow_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
0400, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
NULL, /* tail */
|
||||
NULL, /* cursor */
|
||||
@ -249,6 +252,8 @@ int sgr_setdbname (const char *filename)
|
||||
|
||||
bool sgr_file_present (void)
|
||||
{
|
||||
if (getdef_bool ("FORCE_SHADOW"))
|
||||
return true;
|
||||
return commonio_present (&gshadow_db);
|
||||
}
|
||||
|
||||
|
@ -104,6 +104,9 @@ static struct commonio_db shadow_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif /* WITH_SELINUX */
|
||||
0400, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
NULL, /* tail */
|
||||
NULL, /* cursor */
|
||||
@ -125,6 +128,8 @@ int spw_setdbname (const char *filename)
|
||||
|
||||
bool spw_file_present (void)
|
||||
{
|
||||
if (getdef_bool ("FORCE_SHADOW"))
|
||||
return true;
|
||||
return commonio_present (&shadow_db);
|
||||
}
|
||||
|
||||
|
@ -541,6 +541,9 @@ static struct commonio_db subordinate_uid_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
0644, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
NULL, /* tail */
|
||||
NULL, /* cursor */
|
||||
@ -619,6 +622,9 @@ static struct commonio_db subordinate_gid_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
0644, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
NULL, /* tail */
|
||||
NULL, /* cursor */
|
||||
|
@ -592,7 +592,7 @@ static void open_files (bool readonly)
|
||||
}
|
||||
pw_locked = true;
|
||||
}
|
||||
if (pw_open (readonly ? O_RDONLY: O_RDWR) == 0) {
|
||||
if (pw_open (readonly ? O_RDONLY: O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||
SYSLOG ((LOG_WARN, "cannot open %s", pw_dbname ()));
|
||||
fail_exit (E_NOPERM);
|
||||
@ -613,7 +613,7 @@ static void open_files (bool readonly)
|
||||
}
|
||||
spw_locked = true;
|
||||
}
|
||||
if (spw_open (readonly ? O_RDONLY: O_RDWR) == 0) {
|
||||
if (spw_open (readonly ? O_RDONLY: O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, spw_dbname ());
|
||||
SYSLOG ((LOG_WARN, "cannot open %s", spw_dbname ()));
|
||||
|
@ -463,7 +463,7 @@ static void update_gecos (const char *user, char *gecos)
|
||||
fail_exit (E_NOPERM);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||
fail_exit (E_NOPERM);
|
||||
|
@ -316,7 +316,7 @@ static void open_files (void)
|
||||
fail_exit (1);
|
||||
}
|
||||
gr_locked = true;
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
fail_exit (1);
|
||||
@ -332,7 +332,7 @@ static void open_files (void)
|
||||
fail_exit (1);
|
||||
}
|
||||
sgr_locked = true;
|
||||
if (sgr_open (O_RDWR) == 0) {
|
||||
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"),
|
||||
Prog, sgr_dbname ());
|
||||
fail_exit (1);
|
||||
|
@ -313,7 +313,7 @@ static void open_files (void)
|
||||
fail_exit (1);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||
fail_exit (1);
|
||||
@ -328,7 +328,7 @@ static void open_files (void)
|
||||
fail_exit (1);
|
||||
}
|
||||
spw_locked = true;
|
||||
if (spw_open (O_RDWR) == 0) {
|
||||
if (spw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, spw_dbname ());
|
||||
|
@ -373,7 +373,7 @@ static void update_shell (const char *user, char *newshell)
|
||||
fail_exit (1);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||
SYSLOG ((LOG_WARN, "cannot open %s", pw_dbname ()));
|
||||
fail_exit (1);
|
||||
|
@ -370,7 +370,7 @@ static void open_files (void)
|
||||
|
||||
add_cleanup (log_gpasswd_failure_system, NULL);
|
||||
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, gr_dbname ());
|
||||
@ -380,7 +380,7 @@ static void open_files (void)
|
||||
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadowgrp) {
|
||||
if (sgr_open (O_RDWR) == 0) {
|
||||
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sgr_dbname ());
|
||||
|
@ -346,7 +346,7 @@ static void open_files (void)
|
||||
add_cleanup (cleanup_report_add_group, group_name);
|
||||
|
||||
/* And now open the databases */
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
|
||||
exit (E_GRP_UPDATE);
|
||||
@ -354,7 +354,7 @@ static void open_files (void)
|
||||
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadow_grp) {
|
||||
if (sgr_open (O_RDWR) == 0) {
|
||||
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sgr_dbname ());
|
||||
|
@ -248,7 +248,7 @@ static void open_files (void)
|
||||
add_cleanup (cleanup_report_del_group, group_name);
|
||||
|
||||
/* An now open the databases */
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, gr_dbname ());
|
||||
@ -257,7 +257,7 @@ static void open_files (void)
|
||||
}
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadow_grp) {
|
||||
if (sgr_open (O_RDWR) == 0) {
|
||||
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sgr_dbname ());
|
||||
|
@ -536,14 +536,14 @@ static void open_files (void)
|
||||
#endif
|
||||
}
|
||||
|
||||
if (gr_open (list ? O_RDONLY : O_RDWR) == 0) {
|
||||
if (gr_open (list ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
fail_exit (EXIT_GROUP_FILE);
|
||||
}
|
||||
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadowgrp) {
|
||||
if (sgr_open (list ? O_RDONLY : O_RDWR) == 0) {
|
||||
if (sgr_open (list ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ());
|
||||
fail_exit (EXIT_GROUP_FILE);
|
||||
}
|
||||
|
@ -663,7 +663,7 @@ static void lock_files (void)
|
||||
*/
|
||||
static void open_files (void)
|
||||
{
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
|
||||
exit (E_GRP_UPDATE);
|
||||
@ -672,7 +672,7 @@ static void open_files (void)
|
||||
#ifdef SHADOWGRP
|
||||
if ( is_shadow_grp
|
||||
&& (pflg || nflg)) {
|
||||
if (sgr_open (O_RDWR) == 0) {
|
||||
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sgr_dbname ());
|
||||
@ -683,7 +683,7 @@ static void open_files (void)
|
||||
#endif /* SHADOWGRP */
|
||||
|
||||
if (gflg) {
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, pw_dbname ());
|
||||
|
@ -299,7 +299,7 @@ static void open_files (void)
|
||||
* Open the files. Use O_RDONLY if we are in read_only mode,
|
||||
* O_RDWR otherwise.
|
||||
*/
|
||||
if (gr_open (read_only ? O_RDONLY : O_RDWR) == 0) {
|
||||
if (gr_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog,
|
||||
grp_file);
|
||||
if (use_system_grp_file) {
|
||||
@ -308,7 +308,7 @@ static void open_files (void)
|
||||
fail_exit (E_CANT_OPEN);
|
||||
}
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_RDWR) == 0)) {
|
||||
if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0)) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog,
|
||||
sgr_file);
|
||||
if (use_system_sgr_file) {
|
||||
|
@ -163,7 +163,7 @@ int main (int argc, char **argv)
|
||||
fail_exit (5);
|
||||
}
|
||||
gr_locked = true;
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
fail_exit (1);
|
||||
}
|
||||
|
@ -166,7 +166,7 @@ int main (int argc, char **argv)
|
||||
fail_exit (5);
|
||||
}
|
||||
gr_locked = true;
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
fail_exit (1);
|
||||
|
@ -805,27 +805,27 @@ static void open_files (void)
|
||||
}
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||
fail_exit (EXIT_FAILURE);
|
||||
}
|
||||
if (is_shadow && (spw_open (O_RDWR) == 0)) {
|
||||
if (is_shadow && (spw_open (O_CREAT | O_RDWR) == 0)) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ());
|
||||
fail_exit (EXIT_FAILURE);
|
||||
}
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
fail_exit (EXIT_FAILURE);
|
||||
}
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
|
||||
if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ());
|
||||
fail_exit (EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
#ifdef ENABLE_SUBIDS
|
||||
if (is_sub_uid) {
|
||||
if (sub_uid_open (O_RDWR) == 0) {
|
||||
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sub_uid_dbname ());
|
||||
@ -833,7 +833,7 @@ static void open_files (void)
|
||||
}
|
||||
}
|
||||
if (is_sub_gid) {
|
||||
if (sub_gid_open (O_RDWR) == 0) {
|
||||
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sub_gid_dbname ());
|
||||
|
@ -573,7 +573,7 @@ static void update_noshadow (void)
|
||||
exit (E_PWDBUSY);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, pw_dbname ());
|
||||
@ -627,7 +627,7 @@ static void update_shadow (void)
|
||||
exit (E_PWDBUSY);
|
||||
}
|
||||
spw_locked = true;
|
||||
if (spw_open (O_RDWR) == 0) {
|
||||
if (spw_open (O_CREAT | O_RDWR) == 0) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, spw_dbname ());
|
||||
|
@ -281,7 +281,7 @@ static void open_files (void)
|
||||
* Open the files. Use O_RDONLY if we are in read_only mode, O_RDWR
|
||||
* otherwise.
|
||||
*/
|
||||
if (pw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
|
||||
if (pw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"),
|
||||
Prog, pw_dbname ());
|
||||
if (use_system_pw_file) {
|
||||
@ -290,7 +290,7 @@ static void open_files (void)
|
||||
fail_exit (E_CANTOPEN);
|
||||
}
|
||||
if (is_shadow && !use_tcb) {
|
||||
if (spw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
|
||||
if (spw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"),
|
||||
Prog, spw_dbname ());
|
||||
if (use_system_spw_file) {
|
||||
@ -566,7 +566,7 @@ static void check_pw_file (int *errors, bool *changed)
|
||||
continue;
|
||||
}
|
||||
spw_locked = true;
|
||||
if (spw_open (read_only ? O_RDONLY : O_RDWR) == 0) {
|
||||
if (spw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, spw_dbname ());
|
||||
|
@ -200,7 +200,7 @@ int main (int argc, char **argv)
|
||||
fail_exit (E_PWDBUSY);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||
fail_exit (E_MISSING);
|
||||
|
@ -166,7 +166,7 @@ int main (int argc, char **argv)
|
||||
fail_exit (5);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, pw_dbname ());
|
||||
|
@ -1537,7 +1537,7 @@ static void open_files (void)
|
||||
exit (E_PW_UPDATE);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
@ -1554,7 +1554,7 @@ static void open_files (void)
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
gr_locked = true;
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
@ -1567,7 +1567,7 @@ static void open_files (void)
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
sgr_locked = true;
|
||||
if (sgr_open (O_RDWR) == 0) {
|
||||
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sgr_dbname ());
|
||||
@ -1584,7 +1584,7 @@ static void open_files (void)
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
sub_uid_locked = true;
|
||||
if (sub_uid_open (O_RDWR) == 0) {
|
||||
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sub_uid_dbname ());
|
||||
@ -1599,7 +1599,7 @@ static void open_files (void)
|
||||
fail_exit (E_SUB_GID_UPDATE);
|
||||
}
|
||||
sub_gid_locked = true;
|
||||
if (sub_gid_open (O_RDWR) == 0) {
|
||||
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sub_gid_dbname ());
|
||||
@ -1621,7 +1621,7 @@ static void open_shadow (void)
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
spw_locked = true;
|
||||
if (spw_open (O_RDWR) == 0) {
|
||||
if (spw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, spw_dbname ());
|
||||
|
@ -565,7 +565,7 @@ static void open_files (void)
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||
#ifdef WITH_AUDIT
|
||||
@ -590,7 +590,7 @@ static void open_files (void)
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
spw_locked = true;
|
||||
if (spw_open (O_RDWR) == 0) {
|
||||
if (spw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, spw_dbname ());
|
||||
@ -616,7 +616,7 @@ static void open_files (void)
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
gr_locked = true;
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_USER, Prog,
|
||||
@ -641,7 +641,7 @@ static void open_files (void)
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
sgr_locked= true;
|
||||
if (sgr_open (O_RDWR) == 0) {
|
||||
if (sgr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr, _("%s: cannot open %s\n"),
|
||||
Prog, sgr_dbname ());
|
||||
#ifdef WITH_AUDIT
|
||||
@ -669,7 +669,7 @@ static void open_files (void)
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
sub_uid_locked = true;
|
||||
if (sub_uid_open (O_RDWR) == 0) {
|
||||
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
|
||||
#ifdef WITH_AUDIT
|
||||
@ -695,7 +695,7 @@ static void open_files (void)
|
||||
fail_exit (E_SUB_GID_UPDATE);
|
||||
}
|
||||
sub_gid_locked = true;
|
||||
if (sub_gid_open (O_RDWR) == 0) {
|
||||
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
|
||||
#ifdef WITH_AUDIT
|
||||
|
@ -1532,7 +1532,7 @@ static void open_files (void)
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
pw_locked = true;
|
||||
if (pw_open (O_RDWR) == 0) {
|
||||
if (pw_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, pw_dbname ());
|
||||
@ -1545,7 +1545,7 @@ static void open_files (void)
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
spw_locked = true;
|
||||
if (is_shadow_pwd && (spw_open (O_RDWR) == 0)) {
|
||||
if (is_shadow_pwd && (spw_open (O_CREAT | O_RDWR) == 0)) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, spw_dbname ());
|
||||
@ -1564,7 +1564,7 @@ static void open_files (void)
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
gr_locked = true;
|
||||
if (gr_open (O_RDWR) == 0) {
|
||||
if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, gr_dbname ());
|
||||
@ -1578,7 +1578,7 @@ static void open_files (void)
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
sgr_locked = true;
|
||||
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
|
||||
if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sgr_dbname ());
|
||||
@ -1595,7 +1595,7 @@ static void open_files (void)
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
sub_uid_locked = true;
|
||||
if (sub_uid_open (O_RDWR) == 0) {
|
||||
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sub_uid_dbname ());
|
||||
@ -1610,7 +1610,7 @@ static void open_files (void)
|
||||
fail_exit (E_SUB_GID_UPDATE);
|
||||
}
|
||||
sub_gid_locked = true;
|
||||
if (sub_gid_open (O_RDWR) == 0) {
|
||||
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open %s\n"),
|
||||
Prog, sub_gid_dbname ());
|
||||
|
Loading…
Reference in New Issue
Block a user