ahill/shadow
1
0
Fork 0
mirror of https://github.com/shadow-maint/shadow.git synced 2026-01-26 22:12:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

lib/shadowlog_internal.h: Drop shadow_logfd

Browse Source 
Accessing this variable directly is a recipe for disaster, because
binaries and libraries can have different versions in them due to how
libshadow_la linking is performed.

Make sure that at least NULL check is always performed by calling the
proper getter function.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This commit is contained in:
Tobias Stoeckmann 2026-01-11 12:28:46 +01:00 committed by Alejandro Colomar
parent 828f465cd2
commit ecaae2f8cd
17 changed files with 131 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/addgrps.c
View File

@ -37,7 +37,6 @@ int
add_groups(const char *list)
{
char *dup;
FILE *shadow_logfd = log_get_logfd();
gid_t *gids;
size_t n;
@ -62,7 +61,7 @@ add_groups(const char *list)
grp = getgrnam(g); /* local, no need for xgetgrnam */
if (NULL == grp) {
fprintf(shadow_logfd, _("Warning: unknown group %s\n"), g);
fprintf(log_get_logfd(), _("Warning: unknown group %s\n"), g);
continue;
}
@ -72,7 +71,7 @@ add_groups(const char *list)
free(dup);
if (setgroups(n, gids) == -1) {
fprintf(shadow_logfd, "setgroups: %s\n", strerrno());
fprintf(log_get_logfd(), "setgroups: %s\n", strerrno());
goto free_gids;
}

3
lib/chowntty.c
View File

@ -53,9 +53,8 @@ void chown_tty (const struct passwd *info)
if ( (fchown (STDIN_FILENO, info->pw_uid, gid) != 0)
|| (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) {
int err = errno;
FILE *shadow_logfd = log_get_logfd();
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Unable to change owner or mode of tty stdin: %s"),
strerror (err));
SYSLOG ((LOG_WARN,

31
lib/commonio.c
View File

@ -32,6 +32,7 @@
#include <tcb.h>
#endif /* WITH_TCB */
#include "prototypes.h"
#include "shadowlog.h"
#include "shadowlog_internal.h"
#include "sssd.h"
#include "string/memset/memzero.h"
@ -101,7 +102,7 @@ static int check_link_count (const char *file, bool log)
if (stat (file, &sb) != 0) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: %s file stat error: %s\n",
shadow_progname, file, strerrno());
}
@ -110,7 +111,7 @@ static int check_link_count (const char *file, bool log)
if (sb.st_nlink != 2) {
if (log) {
fprintf(shadow_logfd,
fprintf(log_get_logfd(),
"%s: %s: lock file already used (nlink: %ju)\n",
shadow_progname, file, (uintmax_t) sb.st_nlink);
}
@ -132,7 +133,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600);
if (-1 == fd) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: %s: %s\n",
shadow_progname, file, strerrno());
}
@ -144,7 +145,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
len = (ssize_t) strlen (buf) + 1;
if (write_full(fd, buf, len) == -1) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: %s file write error: %s\n",
shadow_progname, file, strerrno());
}
@ -154,7 +155,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
}
if (fdatasync (fd) == -1) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: %s file sync error: %s\n",
shadow_progname, file, strerrno());
}
@ -173,7 +174,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
fd = open (lock, O_RDWR);
if (-1 == fd) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: %s: %s\n",
shadow_progname, lock, strerrno());
}
@ -185,7 +186,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
close (fd);
if (len <= 0) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: existing lock file %s without a PID\n",
shadow_progname, lock);
}
@ -196,7 +197,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
stpcpy(&buf[len], "");
if (get_pid(buf, &pid) == -1) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: existing lock file %s with an invalid PID '%s'\n",
shadow_progname, lock, buf);
}
@ -206,7 +207,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
}
if (kill (pid, 0) == 0) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: lock %s already used by PID %lu\n",
shadow_progname, lock, (unsigned long) pid);
}
@ -216,7 +217,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
}
if (unlink (lock) != 0) {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: cannot get lock %s: %s\n",
shadow_progname, lock, strerrno());
}
@ -229,7 +230,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
retval = check_link_count (file, log);
} else {
if (log) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: cannot get lock %s: %s\n",
shadow_progname, lock, strerrno());
}
@ -402,7 +403,7 @@ int commonio_lock (struct commonio_db *db)
if (0 == lock_count) {
if (lckpwdf () == -1) {
if (geteuid () != 0) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
"%s: Permission denied.\n",
shadow_progname);
}
@ -438,7 +439,7 @@ int commonio_lock (struct commonio_db *db)
}
/* no unnecessary retries on "permission denied" errors */
if (geteuid () != 0) {
(void) fprintf (shadow_logfd, "%s: Permission denied.\n",
(void) fprintf (log_get_logfd(), "%s: Permission denied.\n",
shadow_progname);
return 0;
}
@ -1045,7 +1046,7 @@ int commonio_update (struct commonio_db *db, const void *eptr)
p = find_entry_by_name(db, db->ops->cio_getname(eptr));
if (NULL != p) {
if (next_entry_by_name(db, p->next, db->ops->cio_getname(eptr)) != NULL) {
fprintf(shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->cio_getname(eptr), db->filename);
fprintf(log_get_logfd(), _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->cio_getname(eptr), db->filename);
db->ops->cio_free(nentry);
return 0;
}
@ -1150,7 +1151,7 @@ int commonio_remove (struct commonio_db *db, const char *name)
return 0;
}
if (next_entry_by_name (db, p->next, name) != NULL) {
fprintf (shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename);
fprintf (log_get_logfd(), _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename);
return 0;
}

9
lib/copydir.c
View File

@ -94,7 +94,6 @@ static void
error_acl(struct error_context *, const char *fmt, ...)
{
va_list ap;
FILE *shadow_logfd = log_get_logfd();
/* ignore the case when destination does not support ACLs
* or extended attributes */
@ -104,11 +103,11 @@ error_acl(struct error_context *, const char *fmt, ...)
}
va_start (ap, fmt);
(void) fprintf (shadow_logfd, _("%s: "), log_get_progname());
if (vfprintf (shadow_logfd, fmt, ap) != 0) {
(void) fputs (_(": "), shadow_logfd);
(void) fprintf (log_get_logfd(), _("%s: "), log_get_progname());
if (vfprintf (log_get_logfd(), fmt, ap) != 0) {
(void) fputs (_(": "), log_get_logfd());
}
(void) fprintf(shadow_logfd, "%s\n", strerrno());
(void) fprintf(log_get_logfd(), "%s\n", strerrno());
va_end (ap);
}

4
lib/encrypt.c
View File

@ -16,7 +16,7 @@
#include "prototypes.h"
#include "defines.h"
#include "shadowlog_internal.h"
#include "shadowlog.h"
#include "string/strcmp/strprefix.h"
@ -64,7 +64,7 @@
method = &nummethod[0];
}
}
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("crypt method not supported by libcrypt? (%s)\n"),
method);
errno = EINVAL;

14
lib/getdef.c
View File

@ -26,7 +26,7 @@
#include "defines.h"
#include "getdef.h"
#include "prototypes.h"
#include "shadowlog_internal.h"
#include "shadowlog.h"
#include "sizeof.h"
#include "string/sprintf/aprintf.h"
#include "string/strcmp/strcaseeq.h"
@ -255,7 +255,7 @@ getdef_num(const char *item, int dflt)
}
if (a2si(&val, d->value, NULL, 0, -1, INT_MAX) == -1) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
return dflt;
@ -289,7 +289,7 @@ getdef_unum(const char *item, unsigned int dflt)
}
if (a2ui(&val, d->value, NULL, 0, 0, UINT_MAX) == -1) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
return dflt;
@ -322,7 +322,7 @@ long getdef_long (const char *item, long dflt)
}
if (a2sl(&val, d->value, NULL, 0, -1, LONG_MAX) == -1) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
return dflt;
@ -354,7 +354,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
}
if (str2ul(&val, d->value) == -1) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
return dflt;
@ -391,7 +391,7 @@ int putdef_str (const char *name, const char *value, const char *srcfile)
cp = strdup (value);
if (NULL == cp) {
(void) fputs (_("Could not allocate space for config info.\n"),
shadow_logfd);
log_get_logfd());
SYSLOG ((LOG_ERR, "could not allocate space for config info"));
return -1;
}
@ -435,7 +435,7 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name, cons
goto out;
}
}
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("configuration error - unknown item '%s' (notify administrator)\n"),
name);
if (srcfile != NULL)

3
lib/gettime.c
View File

@ -29,7 +29,6 @@
gettime(void)
{
char *source_date_epoch;
FILE *shadow_logfd = log_get_logfd();
time_t fallback, epoch;
fallback = time (NULL);
@ -39,7 +38,7 @@ gettime(void)
return fallback;
if (a2i(time_t, &epoch, source_date_epoch, NULL, 10, 0, fallback) == -1) {
fprintf(shadow_logfd,
fprintf(log_get_logfd(),
_("Environment variable $SOURCE_DATE_EPOCH: a2i(\"%s\"): %s"),
source_date_epoch, strerrno());
return fallback;

9
lib/nscd.c
View File

@ -10,6 +10,7 @@
#include "defines.h"
#include "prototypes.h"
#include "nscd.h"
#include "shadowlog.h"
#include "shadowlog_internal.h"
#define MSG_NSCD_FLUSH_CACHE_FAILED "%s: Failed to flush the nscd cache.\n"
@ -26,13 +27,13 @@ int nscd_flush_cache (const char *service)
if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) {
/* run_command writes its own more detailed message. */
(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
(void) fprintf (log_get_logfd(), _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
return -1;
}
code = WEXITSTATUS (status);
if (!WIFEXITED (status)) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("%s: nscd did not terminate normally (signal %d)\n"),
shadow_progname, WTERMSIG (status));
return -1;
@ -44,9 +45,9 @@ int nscd_flush_cache (const char *service)
/* nscd is installed, but it isn't active. */
return 0;
} else if (code != 0) {
(void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"),
(void) fprintf (log_get_logfd(), _("%s: nscd exited with status %d\n"),
shadow_progname, code);
(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
(void) fprintf (log_get_logfd(), _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
return -1;
}

21
lib/nss.c
View File

@ -55,7 +55,6 @@ nss_init(const char *nsswitch_path) {
char *line = NULL, *p;
char libname[64];
FILE *nssfp = NULL;
FILE *shadow_logfd = log_get_logfd();
void *h;
size_t len = 0;
@ -74,7 +73,7 @@ nss_init(const char *nsswitch_path) {
nssfp = fopen(nsswitch_path, "r");
if (!nssfp) {
if (errno != ENOENT)
fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
fprintf(log_get_logfd(), "Failed opening %s: %m\n", nsswitch_path);
atomic_store(&nss_init_completed, true);
return;
@ -97,7 +96,7 @@ nss_init(const char *nsswitch_path) {
goto null_subid;
}
if (stpsep(p, " \t\n") == NULL) {
fprintf(shadow_logfd, "No usable subid NSS module found, using files\n");
fprintf(log_get_logfd(), "No usable subid NSS module found, using files\n");
// subid_nss has to be null here, but to ease reviews:
goto null_subid;
}
@ -105,15 +104,15 @@ nss_init(const char *nsswitch_path) {
goto null_subid;
}
if (strlen(p) > 50) {
fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", p);
fprintf(shadow_logfd, "Using files\n");
fprintf(log_get_logfd(), "Subid NSS module name too long (longer than 50 characters): %s\n", p);
fprintf(log_get_logfd(), "Using files\n");
goto null_subid;
}
stprintf_a(libname, "libsubid_%s.so", p);
h = dlopen(libname, RTLD_LAZY);
if (!h) {
fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
fprintf(shadow_logfd, "Using files\n");
fprintf(log_get_logfd(), "Error opening %s: %s\n", libname, dlerror());
fprintf(log_get_logfd(), "Using files\n");
goto null_subid;
}
subid_nss = malloc_T(1, struct subid_nss_ops);
@ -122,22 +121,22 @@ nss_init(const char *nsswitch_path) {
}
subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
if (!subid_nss->has_range) {
fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
fprintf(log_get_logfd(), "%s did not provide @has_range@\n", libname);
goto close_lib;
}
subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
if (!subid_nss->list_owner_ranges) {
fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
fprintf(log_get_logfd(), "%s did not provide @list_owner_ranges@\n", libname);
goto close_lib;
}
subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
if (!subid_nss->find_subid_owners) {
fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
fprintf(log_get_logfd(), "%s did not provide @find_subid_owners@\n", libname);
goto close_lib;
}
subid_nss->free = dlsym(h, "shadow_subid_free");
if (!subid_nss->free) {
fprintf(shadow_logfd, "%s did not provide @subid_free@\n", libname);
fprintf(log_get_logfd(), "%s did not provide @subid_free@\n", libname);
goto close_lib;
}
subid_nss->handle = h;

9
lib/pam_pass.c
View File

@ -32,7 +32,6 @@ void do_pam_passwd (const char *user, bool silent, bool change_expired)
{
pam_handle_t *pamh = NULL;
int flags = 0, ret;
FILE *shadow_logfd = log_get_logfd();
if (silent)
flags |= PAM_SILENT;
@ -41,20 +40,20 @@ void do_pam_passwd (const char *user, bool silent, bool change_expired)
ret = pam_start ("passwd", user, &conv, &pamh);
if (ret != PAM_SUCCESS) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("passwd: pam_start() failed, error %d\n"), ret);
exit (E_PAM_ERR);
}
ret = pam_chauthtok (pamh, flags);
if (ret != PAM_SUCCESS) {
fprintf (shadow_logfd, _("passwd: %s\n"), pam_strerror (pamh, ret));
fputs (_("passwd: password unchanged\n"), shadow_logfd);
fprintf (log_get_logfd(), _("passwd: %s\n"), pam_strerror (pamh, ret));
fputs (_("passwd: password unchanged\n"), log_get_logfd());
pam_end (pamh, ret);
exit (E_PAM_ERR);
}
fputs (_("passwd: password updated successfully\n"), shadow_logfd);
fputs (_("passwd: password updated successfully\n"), log_get_logfd());
(void) pam_end (pamh, PAM_SUCCESS);
}
#else /* !USE_PAM */

14
lib/run_part.c
View File

@ -12,7 +12,7 @@
#include <lib/prototypes.h>
#include "run_part.h"
#include "shadowlog_internal.h"
#include "shadowlog.h"
#include "string/sprintf/aprintf.h"
#include "string/strerrno.h"
@ -26,14 +26,14 @@ static int run_part(char *script_path, const char *name, const char *action)
pid=fork();
if (pid==-1) {
fprintf(shadow_logfd, "fork: %s\n", strerrno());
fprintf(log_get_logfd(), "fork: %s\n", strerrno());
return 1;
}
if (pid==0) {
setenv("ACTION",action,1);
setenv("SUBJECT",name,1);
execv(script_path,args);
fprintf(shadow_logfd, "execv: %s\n", strerrno());
fprintf(log_get_logfd(), "execv: %s\n", strerrno());
_exit(1);
}
@ -42,7 +42,7 @@ static int run_part(char *script_path, const char *name, const char *action)
return (wait_status);
}
fprintf(shadow_logfd, "wait: %s\n", strerrno());
fprintf(log_get_logfd(), "wait: %s\n", strerrno());
return (1);
}
@ -64,7 +64,7 @@ int run_parts(const char *directory, const char *name, const char *action)
s = aprintf("%s/%s", directory, namelist[n]->d_name);
if (s == NULL) {
fprintf(shadow_logfd, "aprintf: %s\n", strerrno());
fprintf(log_get_logfd(), "aprintf: %s\n", strerrno());
for (; n<scanlist; n++) {
free(namelist[n]);
}
@ -74,7 +74,7 @@ int run_parts(const char *directory, const char *name, const char *action)
execute_result = 0;
if (stat(s, &sb) == -1) {
fprintf(shadow_logfd, "stat: %s\n", strerrno());
fprintf(log_get_logfd(), "stat: %s\n", strerrno());
free(s);
for (; n<scanlist; n++) {
free(namelist[n]);
@ -90,7 +90,7 @@ int run_parts(const char *directory, const char *name, const char *action)
free(s);
if (execute_result!=0) {
fprintf(shadow_logfd,
fprintf(log_get_logfd(),
"%s: did not exit cleanly.\n",
namelist[n]->d_name);
for (; n<scanlist; n++) {

5
lib/selinux.c
View File

@ -15,6 +15,7 @@
#include <selinux/label.h>
#include "prototypes.h"
#include "shadowlog.h"
#include "shadowlog_internal.h"
#include "string/sprintf/aprintf.h"
#include "string/strerrno.h"
@ -138,7 +139,7 @@ static int selinux_log_cb (int type, const char *fmt, ...) {
&& (errno != EAFNOSUPPORT)) {
(void) fputs (_("Cannot open audit interface.\n"),
shadow_logfd);
log_get_logfd());
SYSLOG ((LOG_WARN, "Cannot open audit interface."));
}
}
@ -191,7 +192,7 @@ int check_selinux_permit (const char *perm_name)
selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) { .func_log = selinux_log_cb });
if (getprevcon_raw (&user_context_raw) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: can not get previous SELinux process context: %s\n"),
shadow_progname, strerrno());
SYSLOG ((LOG_WARN,

60
lib/semanage.c
View File

@ -23,7 +23,7 @@
#include "attr.h"
#include "prototypes.h"
#include "shadowlog_internal.h"
#include "shadowlog.h"
#include "string/sprintf/aprintf.h"
@ -44,7 +44,7 @@ static void semanage_error_callback (void *,
switch (semanage_msg_get_level (handle)) {
case SEMANAGE_MSG_ERR:
case SEMANAGE_MSG_WARN:
fprintf (shadow_logfd, _("[libsemanage]: %s\n"), message);
fprintf (log_get_logfd(), _("[libsemanage]: %s\n"), message);
break;
case SEMANAGE_MSG_INFO:
/* nop */
@ -62,7 +62,7 @@ static semanage_handle_t *semanage_init (void)
handle = semanage_handle_create ();
if (NULL == handle) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Cannot create SELinux management handle\n"));
return NULL;
}
@ -71,26 +71,26 @@ static semanage_handle_t *semanage_init (void)
ret = semanage_is_managed (handle);
if (ret != 1) {
fprintf (shadow_logfd, _("SELinux policy not managed\n"));
fprintf (log_get_logfd(), _("SELinux policy not managed\n"));
goto fail;
}
ret = semanage_access_check (handle);
if (ret < SEMANAGE_CAN_READ) {
fprintf (shadow_logfd, _("Cannot read SELinux policy store\n"));
fprintf (log_get_logfd(), _("Cannot read SELinux policy store\n"));
goto fail;
}
ret = semanage_connect (handle);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Cannot establish SELinux management connection\n"));
goto fail;
}
ret = semanage_begin_transaction (handle);
if (ret != 0) {
fprintf (shadow_logfd, _("Cannot begin SELinux transaction\n"));
fprintf (log_get_logfd(), _("Cannot begin SELinux transaction\n"));
goto fail;
}
@ -115,7 +115,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
semanage_seuser_query (handle, key, &seuser);
if (NULL == seuser) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Could not query seuser for %s\n"), login_name);
ret = 1;
goto done;
@ -124,7 +124,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
if (serange && semanage_mls_enabled(handle)) {
ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Could not set serange for %s to %s\n"),
login_name, serange);
ret = 1;
@ -134,7 +134,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Could not set sename for %s\n"),
login_name);
ret = 1;
@ -143,7 +143,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
ret = semanage_seuser_modify_local (handle, key, seuser);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Could not modify login mapping for %s\n"),
login_name);
ret = 1;
@ -168,7 +168,7 @@ static int semanage_user_add (semanage_handle_t *handle,
ret = semanage_seuser_create (handle, &seuser);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Cannot create SELinux login mapping for %s\n"),
login_name);
ret = 1;
@ -177,7 +177,7 @@ static int semanage_user_add (semanage_handle_t *handle,
ret = semanage_seuser_set_name (handle, seuser, login_name);
if (ret != 0) {
fprintf (shadow_logfd, _("Could not set name for %s\n"), login_name);
fprintf (log_get_logfd(), _("Could not set name for %s\n"), login_name);
ret = 1;
goto done;
}
@ -185,7 +185,7 @@ static int semanage_user_add (semanage_handle_t *handle,
if (serange && semanage_mls_enabled(handle)) {
ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Could not set serange for %s to %s\n"),
login_name, serange);
ret = 1;
@ -195,7 +195,7 @@ static int semanage_user_add (semanage_handle_t *handle,
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Could not set SELinux user for %s\n"),
login_name);
ret = 1;
@ -204,7 +204,7 @@ static int semanage_user_add (semanage_handle_t *handle,
ret = semanage_seuser_modify_local (handle, key, seuser);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Could not add login mapping for %s\n"),
login_name);
ret = 1;
@ -232,21 +232,21 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser
handle = semanage_init ();
if (NULL == handle) {
fprintf (shadow_logfd, _("Cannot init SELinux management\n"));
fprintf (log_get_logfd(), _("Cannot init SELinux management\n"));
ret = 1;
goto done;
}
ret = semanage_seuser_key_create (handle, login_name, &key);
if (ret != 0) {
fprintf (shadow_logfd, _("Cannot create SELinux user key\n"));
fprintf (log_get_logfd(), _("Cannot create SELinux user key\n"));
ret = 1;
goto done;
}
ret = semanage_seuser_exists (handle, key, &seuser_exists);
if (ret < 0) {
fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
fprintf (log_get_logfd(), _("Cannot verify the SELinux user\n"));
ret = 1;
goto done;
}
@ -254,7 +254,7 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser
if (0 != seuser_exists) {
ret = semanage_user_mod (handle, key, login_name, seuser_name, serange);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Cannot modify SELinux user mapping\n"));
ret = 1;
goto done;
@ -262,7 +262,7 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser
} else {
ret = semanage_user_add (handle, key, login_name, seuser_name, serange);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Cannot add SELinux user mapping\n"));
ret = 1;
goto done;
@ -271,7 +271,7 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser
ret = semanage_commit (handle);
if (ret < 0) {
fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n"));
fprintf (log_get_logfd(), _("Cannot commit SELinux transaction\n"));
ret = 1;
goto done;
}
@ -297,27 +297,27 @@ int del_seuser (const char *login_name)
handle = semanage_init ();
if (NULL == handle) {
fprintf (shadow_logfd, _("Cannot init SELinux management\n"));
fprintf (log_get_logfd(), _("Cannot init SELinux management\n"));
ret = 1;
goto done;
}
ret = semanage_seuser_key_create (handle, login_name, &key);
if (ret != 0) {
fprintf (shadow_logfd, _("Cannot create SELinux user key\n"));
fprintf (log_get_logfd(), _("Cannot create SELinux user key\n"));
ret = 1;
goto done;
}
ret = semanage_seuser_exists (handle, key, &exists);
if (ret < 0) {
fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
fprintf (log_get_logfd(), _("Cannot verify the SELinux user\n"));
ret = 1;
goto done;
}
if (0 == exists) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Login mapping for %s is not defined, OK if default mapping was used\n"),
login_name);
ret = 0; /* probably default mapping */
@ -326,13 +326,13 @@ int del_seuser (const char *login_name)
ret = semanage_seuser_exists_local (handle, key, &exists);
if (ret < 0) {
fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
fprintf (log_get_logfd(), _("Cannot verify the SELinux user\n"));
ret = 1;
goto done;
}
if (0 == exists) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Login mapping for %s is defined in policy, cannot be deleted\n"),
login_name);
ret = 0; /* Login mapping defined in policy can't be deleted */
@ -341,7 +341,7 @@ int del_seuser (const char *login_name)
ret = semanage_seuser_del_local (handle, key);
if (ret != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("Could not delete login mapping for %s"),
login_name);
ret = 1;
@ -350,7 +350,7 @@ int del_seuser (const char *login_name)
ret = semanage_commit (handle);
if (ret < 0) {
fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n"));
fprintf (log_get_logfd(), _("Cannot commit SELinux transaction\n"));
ret = 1;
goto done;
}

2
lib/shadowlog.c
View File

@ -3,7 +3,7 @@
#include "lib/shadowlog_internal.h"
const char *shadow_progname = "libshadow";
FILE *shadow_logfd = NULL;
static FILE *shadow_logfd = NULL;
void log_set_progname(const char *progname)
{

1
lib/shadowlog_internal.h
View File

@ -2,6 +2,5 @@
#define _SHADOWLOG_INTERNAL_H
extern const char *shadow_progname; /* Program name shown in error messages */
extern FILE *shadow_logfd; /* file descriptor to which error messages are printed */
#endif /* _SHADOWLOG_INTERNAL_H */

9
lib/spawn.c
View File

@ -15,6 +15,7 @@
#include "exitcodes.h"
#include "prototypes.h"
#include "shadowlog.h"
#include "shadowlog_internal.h"
#include "string/strerrno.h"
@ -30,7 +31,7 @@ run_command(const char *cmd, const char *argv[],
}
(void) fflush (stdout);
(void) fflush (shadow_logfd);
(void) fflush (log_get_logfd());
pid = fork ();
if (0 == pid) {
@ -39,11 +40,11 @@ run_command(const char *cmd, const char *argv[],
if (ENOENT == errno) {
_exit (E_CMD_NOTFOUND);
}
fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
fprintf (log_get_logfd(), "%s: cannot execute %s: %s\n",
shadow_progname, cmd, strerrno());
_exit (E_CMD_NOEXEC);
} else if ((pid_t)-1 == pid) {
fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
fprintf (log_get_logfd(), "%s: cannot execute %s: %s\n",
shadow_progname, cmd, strerrno());
return -1;
}
@ -56,7 +57,7 @@ run_command(const char *cmd, const char *argv[],
|| ((pid_t)-1 != wpid && wpid != pid));
if ((pid_t)-1 == wpid) {
fprintf (shadow_logfd, "%s: waitpid (status: %d): %s\n",
fprintf (log_get_logfd(), "%s: waitpid (status: %d): %s\n",
shadow_progname, *status, strerrno());
return -1;
}

65
lib/tcbfuncs.c
View File

@ -23,6 +23,7 @@
#include "prototypes.h"
#include "tcbfuncs.h"
#include "shadowio.h"
#include "shadowlog.h"
#include "shadowlog_internal.h"
#include "string/sprintf/aprintf.h"
#include "string/strcmp/streq.h"
@ -64,8 +65,8 @@ shadowtcb_status shadowtcb_gain_priv (void)
* to exit soon.
*/
#define OUT_OF_MEMORY do { \
fprintf (shadow_logfd, _("%s: out of memory\n"), shadow_progname); \
(void) fflush (shadow_logfd); \
fprintf (log_get_logfd(), _("%s: out of memory\n"), shadow_progname); \
(void) fflush (log_get_logfd()); \
} while (false)
/* Returns user's tcb directory path relative to TCB_DIR. */
@ -102,7 +103,7 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name)
return NULL;
}
if (lstat (path, &st) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot stat %s: %s\n"),
shadow_progname, path, strerrno());
free (path);
@ -118,14 +119,14 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name)
return rval;
}
if (!S_ISLNK (st.st_mode)) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: %s is neither a directory, nor a symlink.\n"),
shadow_progname, path);
free (path);
return NULL;
}
if (readlinknul_a(path, link) == -1) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot read symbolic link %s: %s\n"),
shadow_progname, path, strerrno());
free (path);
@ -186,7 +187,7 @@ static shadowtcb_status mkdir_leading (const char *name, uid_t uid)
}
ptr = path;
if (stat (TCB_DIR, &st) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot stat %s: %s\n"),
shadow_progname, TCB_DIR, strerrno());
goto out_free_path;
@ -199,19 +200,19 @@ static shadowtcb_status mkdir_leading (const char *name, uid_t uid)
return SHADOWTCB_FAILURE;
}
if ((mkdir (dir, 0700) != 0) && (errno != EEXIST)) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot create directory %s: %s\n"),
shadow_progname, dir, strerrno());
goto out_free_dir;
}
if (chown (dir, 0, st.st_gid) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change owner of %s: %s\n"),
shadow_progname, dir, strerrno());
goto out_free_dir;
}
if (chmod (dir, 0711) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change mode of %s: %s\n"),
shadow_progname, dir, strerrno());
goto out_free_dir;
@ -242,7 +243,7 @@ static shadowtcb_status unlink_suffs (const char *user)
return SHADOWTCB_FAILURE;
}
if ((unlink (tmp) != 0) && (errno != ENOENT)) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: unlink: %s: %s\n"),
shadow_progname, tmp, strerrno());
free (tmp);
@ -272,7 +273,7 @@ rmdir_leading(const char *relpath)
if (rmdir(path) != 0) {
if (errno != ENOTEMPTY) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot remove directory %s: %s\n"),
shadow_progname, path, strerrno());
ret = SHADOWTCB_FAILURE;
@ -306,7 +307,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid)
goto out_free_nomem;
}
if (stat (olddir, &oldmode) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot stat %s: %s\n"),
shadow_progname, olddir, strerrno());
goto out_free;
@ -333,7 +334,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid)
goto out_free;
}
if (rename (real_old_dir, real_new_dir) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot rename %s to %s: %s\n"),
shadow_progname, real_old_dir, real_new_dir, strerrno());
goto out_free;
@ -342,7 +343,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid)
goto out_free;
}
if ((unlink (olddir) != 0) && (errno != ENOENT)) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot remove %s: %s\n"),
shadow_progname, olddir, strerrno());
goto out_free;
@ -357,7 +358,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid)
}
if ( !streq(real_new_dir, newdir)
&& (symlink (real_new_dir_rel, newdir) != 0)) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot create symbolic link %s: %s\n"),
shadow_progname, real_new_dir_rel, strerrno());
goto out_free;
@ -461,37 +462,37 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_
return SHADOWTCB_FAILURE;
}
if (stat (tcbdir, &dirmode) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot stat %s: %s\n"),
shadow_progname, tcbdir, strerrno());
goto out_free;
}
if (chown (tcbdir, 0, 0) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change owners of %s: %s\n"),
shadow_progname, tcbdir, strerrno());
goto out_free;
}
if (chmod (tcbdir, 0700) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change mode of %s: %s\n"),
shadow_progname, tcbdir, strerrno());
goto out_free;
}
if (lstat (shadow, &filemode) != 0) {
if (errno != ENOENT) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot lstat %s: %s\n"),
shadow_progname, shadow, strerrno());
goto out_free;
}
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Warning, user %s has no tcb shadow file.\n"),
shadow_progname, user_newname);
} else {
if (!S_ISREG (filemode.st_mode) ||
filemode.st_nlink != 1) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Emergency: %s's tcb shadow is not a "
"regular file with st_nlink=1.\n"
"The account is left locked.\n"),
@ -499,13 +500,13 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_
goto out_free;
}
if (chown (shadow, user_newid, filemode.st_gid) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change owner of %s: %s\n"),
shadow_progname, shadow, strerrno());
goto out_free;
}
if (chmod (shadow, filemode.st_mode & 07777) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change mode of %s: %s\n"),
shadow_progname, shadow, strerrno());
goto out_free;
@ -515,13 +516,13 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_
goto out_free;
}
if (chown (tcbdir, user_newid, dirmode.st_gid) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change owner of %s: %s\n"),
shadow_progname, tcbdir, strerrno());
goto out_free;
}
if (chmod (tcbdir, dirmode.st_mode & 07777) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change mode of %s: %s\n"),
shadow_progname, tcbdir, strerrno());
goto out_free;
@ -546,7 +547,7 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
return SHADOWTCB_SUCCESS;
}
if (stat (TCB_DIR, &tcbdir_stat) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot stat %s: %s\n"),
shadow_progname, TCB_DIR, strerrno());
return SHADOWTCB_FAILURE;
@ -571,37 +572,37 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
return SHADOWTCB_FAILURE;
}
if (mkdir (dir, 0700) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: mkdir: %s: %s\n"), shadow_progname, dir, strerrno());
goto out_free;
}
fd = open (shadow, O_RDWR | O_CREAT | O_TRUNC, 0600);
if (fd < 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot open %s: %s\n"),
shadow_progname, shadow, strerrno());
goto out_free;
}
if (fchown (fd, 0, authgid) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change owner of %s: %s\n"),
shadow_progname, shadow, strerrno());
goto out_free;
}
if (fchmod (fd, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change mode of %s: %s\n"),
shadow_progname, shadow, strerrno());
goto out_free;
}
if (chown (dir, 0, authgid) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change owner of %s: %s\n"),
shadow_progname, dir, strerrno());
goto out_free;
}
if (chmod (dir, (mode_t) ((authgid == shadowgid) ? 02700 : 02710)) != 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Cannot change mode of %s: %s\n"),
shadow_progname, dir, strerrno());
goto out_free;