From: Jaroslav Jindrak Date: Wed, 3 May 2023 20:38:28 +0000 (+0200) Subject: passwd: fall back to non-PAM code when prefix is used X-Git-Tag: 4.14.0-rc1~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68bf73f3196b3a05846e2eabcb1e472ede8265f0;p=thirdparty%2Fshadow.git passwd: fall back to non-PAM code when prefix is used Prefix does not make sense when we use PAM, so when the option is used behave as if --with-libpam=no was used to configure the project. --- diff --git a/lib/prototypes.h b/lib/prototypes.h index 7d9299b0c..747899b7d 100644 --- a/lib/prototypes.h +++ b/lib/prototypes.h @@ -308,9 +308,7 @@ extern int do_pam_passwd_non_interactive (const char *pam_service, #endif /* USE_PAM */ /* obscure.c */ -#ifndef USE_PAM extern bool obscure (const char *, const char *, const struct passwd *); -#endif /* pam_pass.c */ #ifdef USE_PAM @@ -338,9 +336,7 @@ extern struct group* prefix_getgrent(void); extern void prefix_endgrent(void); /* pwd2spwd.c */ -#ifndef USE_PAM extern struct spwd *pwd_to_spwd (const struct passwd *); -#endif /* pwdcheck.c */ #ifndef USE_PAM diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am index 6086b45b5..47ad5c53e 100644 --- a/libmisc/Makefile.am +++ b/libmisc/Makefile.am @@ -5,7 +5,13 @@ AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS) noinst_LTLIBRARIES = libmisc.la -libmisc_la_CFLAGS = $(LIBBSD_CFLAGS) +if USE_PAM +LIBCRYPT_PAM = $(LIBCRYPT) +else +LIBCRYPT_PAM = +endif + +libmisc_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) libmisc_la_SOURCES = \ addgrps.c \ age.c \ diff --git a/libmisc/obscure.c b/libmisc/obscure.c index 5787b35d3..40aa8efc6 100644 --- a/libmisc/obscure.c +++ b/libmisc/obscure.c @@ -9,8 +9,6 @@ #include -#ifndef USE_PAM - #ident "$Id$" @@ -247,7 +245,3 @@ bool obscure (const char *old, const char *new, const struct passwd *pwdp) } return true; } - -#else /* !USE_PAM */ -extern int ISO_C_forbids_an_empty_translation_unit; -#endif /* !USE_PAM */ diff --git a/libmisc/pwd2spwd.c b/libmisc/pwd2spwd.c index ce2064369..5f87cc53d 100644 --- a/libmisc/pwd2spwd.c +++ b/libmisc/pwd2spwd.c @@ -11,8 +11,6 @@ #ident "$Id$" -#ifndef USE_PAM - #include #include "prototypes.h" #include "defines.h" @@ -61,7 +59,4 @@ struct spwd *pwd_to_spwd (const struct passwd *pw) return &sp; } -#else /* USE_PAM */ -extern int ISO_C_forbids_an_empty_translation_unit; -#endif /* !USE_PAM */ diff --git a/src/passwd.c b/src/passwd.c index 0fbec22c0..5d59e8c4b 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -78,14 +78,16 @@ static long age_max = 0; /* Maximum days until change */ static long warn = 0; /* Warning days before change */ static long inact = 0; /* Days without change before locked */ -#ifndef USE_PAM static bool do_update_age = false; -#endif /* ! USE_PAM */ +#ifdef USE_PAM +static bool use_pam = true; +#else +static bool use_pam = false; +#endif /* USE_PAM */ static bool pw_locked = false; static bool spw_locked = false; -#ifndef USE_PAM /* * Size of the biggest passwd: * $6$ 3 @@ -101,7 +103,6 @@ static bool spw_locked = false; */ static char crypt_passwd[256]; static bool do_update_pwd = false; -#endif /* !USE_PAM */ /* * External identifiers @@ -110,12 +111,10 @@ static bool do_update_pwd = false; /* local function prototypes */ NORETURN static void usage (int); -#ifndef USE_PAM static bool reuse (const char *, const struct passwd *); static int new_password (const struct passwd *); static void check_password (const struct passwd *, const struct spwd *); -#endif /* !USE_PAM */ static /*@observer@*/const char *pw_status (const char *); static void print_status (const struct passwd *); NORETURN static void fail_exit (int); @@ -161,7 +160,6 @@ usage (int status) exit (status); } -#ifndef USE_PAM static bool reuse (const char *pass, const struct passwd *pw) { #ifdef HAVE_LIBCRACK_HIST @@ -431,7 +429,6 @@ static void check_password (const struct passwd *pw, const struct spwd *sp) } } } -#endif /* !USE_PAM */ static /*@observer@*/const char *pw_status (const char *pass) { @@ -506,11 +503,12 @@ oom (void) static char *update_crypt_pw (char *cp) { -#ifndef USE_PAM - if (do_update_pwd) { - cp = xstrdup (crypt_passwd); + if (!use_pam) + { + if (do_update_pwd) { + cp = xstrdup (crypt_passwd); + } } -#endif /* !USE_PAM */ if (dflg) { *cp = '\0'; @@ -533,11 +531,12 @@ static char *update_crypt_pw (char *cp) strcpy (newpw, "!"); strcat (newpw, cp); -#ifndef USE_PAM - if (do_update_pwd) { - free (cp); + if (!use_pam) + { + if (do_update_pwd) { + free (cp); + } } -#endif /* USE_PAM */ cp = newpw; } return cp; @@ -649,16 +648,17 @@ static void update_shadow (void) if (iflg) { nsp->sp_inact = (inact * DAY) / SCALE; } -#ifndef USE_PAM - if (do_update_age) { - nsp->sp_lstchg = gettime () / SCALE; - if (0 == nsp->sp_lstchg) { - /* Better disable aging than requiring a password - * change */ - nsp->sp_lstchg = -1; + if (!use_pam) + { + if (do_update_age) { + nsp->sp_lstchg = gettime () / SCALE; + if (0 == nsp->sp_lstchg) { + /* Better disable aging than requiring a password + * change */ + nsp->sp_lstchg = -1; + } } } -#endif /* !USE_PAM */ /* * Force change on next login, like SunOS 4.x passwd -e or Solaris @@ -725,11 +725,9 @@ int main (int argc, char **argv) { const struct passwd *pw; /* Password file entry for user */ -#ifndef USE_PAM char *cp; /* Miscellaneous character pointing */ const struct spwd *sp; /* Shadow file entry for user */ -#endif /* !USE_PAM */ sanitize_env (); @@ -748,6 +746,11 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); prefix = process_prefix_flag ("-P", argc, argv); + if (prefix[0]) { + use_pam = false; + do_update_age = true; + } + /* * The program behaves differently when executed by root than when * executed by a normal user. @@ -1003,53 +1006,55 @@ int main (int argc, char **argv) print_status (pw); exit (E_SUCCESS); } -#ifndef USE_PAM - /* - * The user name is valid, so let's get the shadow file entry. - */ - sp = prefix_getspnam (name); /* !USE_PAM, no need for xprefix_getspnam */ - if (NULL == sp) { - if (errno == EACCES) { - (void) fprintf (stderr, - _("%s: Permission denied.\n"), - Prog); - exit (E_NOPERM); - } - sp = pwd_to_spwd (pw); - } - - cp = sp->sp_pwdp; - - /* - * If there are no other flags, just change the password. - */ - if (!anyflag) { - STRFCPY (crypt_passwd, cp); - + if (!use_pam) + { /* - * See if the user is permitted to change the password. - * Otherwise, go ahead and set a new password. + * The user name is valid, so let's get the shadow file entry. */ - check_password (pw, sp); + sp = prefix_getspnam (name); /* !use_pam, no need for xprefix_getspnam */ + if (NULL == sp) { + if (errno == EACCES) { + (void) fprintf (stderr, + _("%s: Permission denied.\n"), + Prog); + exit (E_NOPERM); + } + sp = pwd_to_spwd (pw); + } + + cp = sp->sp_pwdp; /* - * Let the user know whose password is being changed. + * If there are no other flags, just change the password. */ - if (!qflg) { - (void) printf (_("Changing password for %s\n"), name); - } + if (!anyflag) { + STRFCPY (crypt_passwd, cp); + + /* + * See if the user is permitted to change the password. + * Otherwise, go ahead and set a new password. + */ + check_password (pw, sp); + + /* + * Let the user know whose password is being changed. + */ + if (!qflg) { + (void) printf (_("Changing password for %s\n"), name); + } - if (new_password (pw) != 0) { - (void) fprintf (stderr, - _("The password for %s is unchanged.\n"), - name); - closelog (); - exit (E_NOPERM); + if (new_password (pw) != 0) { + (void) fprintf (stderr, + _("The password for %s is unchanged.\n"), + name); + closelog (); + exit (E_NOPERM); + } + do_update_pwd = true; + do_update_age = true; } - do_update_pwd = true; - do_update_age = true; } -#endif /* !USE_PAM */ + /* * Before going any further, raise the ulimit to prevent colliding * into a lowered ulimit, and set the real UID to root to protect @@ -1062,7 +1067,7 @@ int main (int argc, char **argv) /* * Don't set the real UID for PAM... */ - if (!anyflag) { + if (!anyflag && use_pam) { do_pam_passwd (name, qflg, kflg); exit (E_SUCCESS); }