From: Tobias Stoeckmann Date: Sun, 11 Jan 2026 11:28:46 +0000 (+0100) Subject: lib/shadowlog_internal.h: Drop shadow_logfd X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecaae2f8cdc52676eea2d2e9592cc7b2b6588e7a;p=thirdparty%2Fshadow.git lib/shadowlog_internal.h: Drop shadow_logfd Accessing this variable directly is a recipe for disaster, because binaries and libraries can have different versions in them due to how libshadow_la linking is performed. Make sure that at least NULL check is always performed by calling the proper getter function. Signed-off-by: Tobias Stoeckmann --- diff --git a/lib/addgrps.c b/lib/addgrps.c index b90828e1e..a8fbbb508 100644 --- a/lib/addgrps.c +++ b/lib/addgrps.c @@ -37,7 +37,6 @@ int add_groups(const char *list) { char *dup; - FILE *shadow_logfd = log_get_logfd(); gid_t *gids; size_t n; @@ -62,7 +61,7 @@ add_groups(const char *list) grp = getgrnam(g); /* local, no need for xgetgrnam */ if (NULL == grp) { - fprintf(shadow_logfd, _("Warning: unknown group %s\n"), g); + fprintf(log_get_logfd(), _("Warning: unknown group %s\n"), g); continue; } @@ -72,7 +71,7 @@ add_groups(const char *list) free(dup); if (setgroups(n, gids) == -1) { - fprintf(shadow_logfd, "setgroups: %s\n", strerrno()); + fprintf(log_get_logfd(), "setgroups: %s\n", strerrno()); goto free_gids; } diff --git a/lib/chowntty.c b/lib/chowntty.c index 1f99d2de3..e0271108a 100644 --- a/lib/chowntty.c +++ b/lib/chowntty.c @@ -53,9 +53,8 @@ void chown_tty (const struct passwd *info) if ( (fchown (STDIN_FILENO, info->pw_uid, gid) != 0) || (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) { int err = errno; - FILE *shadow_logfd = log_get_logfd(); - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Unable to change owner or mode of tty stdin: %s"), strerror (err)); SYSLOG ((LOG_WARN, diff --git a/lib/commonio.c b/lib/commonio.c index 2c6a1a20f..c93b302cf 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -32,6 +32,7 @@ #include #endif /* WITH_TCB */ #include "prototypes.h" +#include "shadowlog.h" #include "shadowlog_internal.h" #include "sssd.h" #include "string/memset/memzero.h" @@ -101,7 +102,7 @@ static int check_link_count (const char *file, bool log) if (stat (file, &sb) != 0) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: %s file stat error: %s\n", shadow_progname, file, strerrno()); } @@ -110,7 +111,7 @@ static int check_link_count (const char *file, bool log) if (sb.st_nlink != 2) { if (log) { - fprintf(shadow_logfd, + fprintf(log_get_logfd(), "%s: %s: lock file already used (nlink: %ju)\n", shadow_progname, file, (uintmax_t) sb.st_nlink); } @@ -132,7 +133,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600); if (-1 == fd) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: %s: %s\n", shadow_progname, file, strerrno()); } @@ -144,7 +145,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) len = (ssize_t) strlen (buf) + 1; if (write_full(fd, buf, len) == -1) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: %s file write error: %s\n", shadow_progname, file, strerrno()); } @@ -154,7 +155,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) } if (fdatasync (fd) == -1) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: %s file sync error: %s\n", shadow_progname, file, strerrno()); } @@ -173,7 +174,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) fd = open (lock, O_RDWR); if (-1 == fd) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: %s: %s\n", shadow_progname, lock, strerrno()); } @@ -185,7 +186,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) close (fd); if (len <= 0) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: existing lock file %s without a PID\n", shadow_progname, lock); } @@ -196,7 +197,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) stpcpy(&buf[len], ""); if (get_pid(buf, &pid) == -1) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: existing lock file %s with an invalid PID '%s'\n", shadow_progname, lock, buf); } @@ -206,7 +207,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) } if (kill (pid, 0) == 0) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: lock %s already used by PID %lu\n", shadow_progname, lock, (unsigned long) pid); } @@ -216,7 +217,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) } if (unlink (lock) != 0) { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: cannot get lock %s: %s\n", shadow_progname, lock, strerrno()); } @@ -229,7 +230,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) retval = check_link_count (file, log); } else { if (log) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: cannot get lock %s: %s\n", shadow_progname, lock, strerrno()); } @@ -402,7 +403,7 @@ int commonio_lock (struct commonio_db *db) if (0 == lock_count) { if (lckpwdf () == -1) { if (geteuid () != 0) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), "%s: Permission denied.\n", shadow_progname); } @@ -438,7 +439,7 @@ int commonio_lock (struct commonio_db *db) } /* no unnecessary retries on "permission denied" errors */ if (geteuid () != 0) { - (void) fprintf (shadow_logfd, "%s: Permission denied.\n", + (void) fprintf (log_get_logfd(), "%s: Permission denied.\n", shadow_progname); return 0; } @@ -1045,7 +1046,7 @@ int commonio_update (struct commonio_db *db, const void *eptr) p = find_entry_by_name(db, db->ops->cio_getname(eptr)); if (NULL != p) { if (next_entry_by_name(db, p->next, db->ops->cio_getname(eptr)) != NULL) { - fprintf(shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->cio_getname(eptr), db->filename); + fprintf(log_get_logfd(), _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->cio_getname(eptr), db->filename); db->ops->cio_free(nentry); return 0; } @@ -1150,7 +1151,7 @@ int commonio_remove (struct commonio_db *db, const char *name) return 0; } if (next_entry_by_name (db, p->next, name) != NULL) { - fprintf (shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename); + fprintf (log_get_logfd(), _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename); return 0; } diff --git a/lib/copydir.c b/lib/copydir.c index f04cd51b1..058a79221 100644 --- a/lib/copydir.c +++ b/lib/copydir.c @@ -94,7 +94,6 @@ static void error_acl(struct error_context *, const char *fmt, ...) { va_list ap; - FILE *shadow_logfd = log_get_logfd(); /* ignore the case when destination does not support ACLs * or extended attributes */ @@ -104,11 +103,11 @@ error_acl(struct error_context *, const char *fmt, ...) } va_start (ap, fmt); - (void) fprintf (shadow_logfd, _("%s: "), log_get_progname()); - if (vfprintf (shadow_logfd, fmt, ap) != 0) { - (void) fputs (_(": "), shadow_logfd); + (void) fprintf (log_get_logfd(), _("%s: "), log_get_progname()); + if (vfprintf (log_get_logfd(), fmt, ap) != 0) { + (void) fputs (_(": "), log_get_logfd()); } - (void) fprintf(shadow_logfd, "%s\n", strerrno()); + (void) fprintf(log_get_logfd(), "%s\n", strerrno()); va_end (ap); } diff --git a/lib/encrypt.c b/lib/encrypt.c index 9a7d4aae2..d21f962f3 100644 --- a/lib/encrypt.c +++ b/lib/encrypt.c @@ -16,7 +16,7 @@ #include "prototypes.h" #include "defines.h" -#include "shadowlog_internal.h" +#include "shadowlog.h" #include "string/strcmp/strprefix.h" @@ -64,7 +64,7 @@ method = &nummethod[0]; } } - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), _("crypt method not supported by libcrypt? (%s)\n"), method); errno = EINVAL; diff --git a/lib/getdef.c b/lib/getdef.c index 930b350bd..f67e00e48 100644 --- a/lib/getdef.c +++ b/lib/getdef.c @@ -26,7 +26,7 @@ #include "defines.h" #include "getdef.h" #include "prototypes.h" -#include "shadowlog_internal.h" +#include "shadowlog.h" #include "sizeof.h" #include "string/sprintf/aprintf.h" #include "string/strcmp/strcaseeq.h" @@ -255,7 +255,7 @@ getdef_num(const char *item, int dflt) } if (a2si(&val, d->value, NULL, 0, -1, INT_MAX) == -1) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("configuration error - cannot parse %s value: '%s'"), item, d->value); return dflt; @@ -289,7 +289,7 @@ getdef_unum(const char *item, unsigned int dflt) } if (a2ui(&val, d->value, NULL, 0, 0, UINT_MAX) == -1) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("configuration error - cannot parse %s value: '%s'"), item, d->value); return dflt; @@ -322,7 +322,7 @@ long getdef_long (const char *item, long dflt) } if (a2sl(&val, d->value, NULL, 0, -1, LONG_MAX) == -1) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("configuration error - cannot parse %s value: '%s'"), item, d->value); return dflt; @@ -354,7 +354,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt) } if (str2ul(&val, d->value) == -1) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("configuration error - cannot parse %s value: '%s'"), item, d->value); return dflt; @@ -391,7 +391,7 @@ int putdef_str (const char *name, const char *value, const char *srcfile) cp = strdup (value); if (NULL == cp) { (void) fputs (_("Could not allocate space for config info.\n"), - shadow_logfd); + log_get_logfd()); SYSLOG ((LOG_ERR, "could not allocate space for config info")); return -1; } @@ -435,7 +435,7 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name, cons goto out; } } - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("configuration error - unknown item '%s' (notify administrator)\n"), name); if (srcfile != NULL) diff --git a/lib/gettime.c b/lib/gettime.c index 97b873ef2..0d1d59086 100644 --- a/lib/gettime.c +++ b/lib/gettime.c @@ -29,7 +29,6 @@ gettime(void) { char *source_date_epoch; - FILE *shadow_logfd = log_get_logfd(); time_t fallback, epoch; fallback = time (NULL); @@ -39,7 +38,7 @@ gettime(void) return fallback; if (a2i(time_t, &epoch, source_date_epoch, NULL, 10, 0, fallback) == -1) { - fprintf(shadow_logfd, + fprintf(log_get_logfd(), _("Environment variable $SOURCE_DATE_EPOCH: a2i(\"%s\"): %s"), source_date_epoch, strerrno()); return fallback; diff --git a/lib/nscd.c b/lib/nscd.c index e2bb44e3f..ae3321fe1 100644 --- a/lib/nscd.c +++ b/lib/nscd.c @@ -10,6 +10,7 @@ #include "defines.h" #include "prototypes.h" #include "nscd.h" +#include "shadowlog.h" #include "shadowlog_internal.h" #define MSG_NSCD_FLUSH_CACHE_FAILED "%s: Failed to flush the nscd cache.\n" @@ -26,13 +27,13 @@ int nscd_flush_cache (const char *service) if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) { /* run_command writes its own more detailed message. */ - (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname); + (void) fprintf (log_get_logfd(), _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname); return -1; } code = WEXITSTATUS (status); if (!WIFEXITED (status)) { - (void) fprintf (shadow_logfd, + (void) fprintf (log_get_logfd(), _("%s: nscd did not terminate normally (signal %d)\n"), shadow_progname, WTERMSIG (status)); return -1; @@ -44,9 +45,9 @@ int nscd_flush_cache (const char *service) /* nscd is installed, but it isn't active. */ return 0; } else if (code != 0) { - (void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"), + (void) fprintf (log_get_logfd(), _("%s: nscd exited with status %d\n"), shadow_progname, code); - (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname); + (void) fprintf (log_get_logfd(), _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname); return -1; } diff --git a/lib/nss.c b/lib/nss.c index f2112d08b..f6e5146d1 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -55,7 +55,6 @@ nss_init(const char *nsswitch_path) { char *line = NULL, *p; char libname[64]; FILE *nssfp = NULL; - FILE *shadow_logfd = log_get_logfd(); void *h; size_t len = 0; @@ -74,7 +73,7 @@ nss_init(const char *nsswitch_path) { nssfp = fopen(nsswitch_path, "r"); if (!nssfp) { if (errno != ENOENT) - fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path); + fprintf(log_get_logfd(), "Failed opening %s: %m\n", nsswitch_path); atomic_store(&nss_init_completed, true); return; @@ -97,7 +96,7 @@ nss_init(const char *nsswitch_path) { goto null_subid; } if (stpsep(p, " \t\n") == NULL) { - fprintf(shadow_logfd, "No usable subid NSS module found, using files\n"); + fprintf(log_get_logfd(), "No usable subid NSS module found, using files\n"); // subid_nss has to be null here, but to ease reviews: goto null_subid; } @@ -105,15 +104,15 @@ nss_init(const char *nsswitch_path) { goto null_subid; } if (strlen(p) > 50) { - fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", p); - fprintf(shadow_logfd, "Using files\n"); + fprintf(log_get_logfd(), "Subid NSS module name too long (longer than 50 characters): %s\n", p); + fprintf(log_get_logfd(), "Using files\n"); goto null_subid; } stprintf_a(libname, "libsubid_%s.so", p); h = dlopen(libname, RTLD_LAZY); if (!h) { - fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror()); - fprintf(shadow_logfd, "Using files\n"); + fprintf(log_get_logfd(), "Error opening %s: %s\n", libname, dlerror()); + fprintf(log_get_logfd(), "Using files\n"); goto null_subid; } subid_nss = malloc_T(1, struct subid_nss_ops); @@ -122,22 +121,22 @@ nss_init(const char *nsswitch_path) { } subid_nss->has_range = dlsym(h, "shadow_subid_has_range"); if (!subid_nss->has_range) { - fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname); + fprintf(log_get_logfd(), "%s did not provide @has_range@\n", libname); goto close_lib; } subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges"); if (!subid_nss->list_owner_ranges) { - fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname); + fprintf(log_get_logfd(), "%s did not provide @list_owner_ranges@\n", libname); goto close_lib; } subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners"); if (!subid_nss->find_subid_owners) { - fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname); + fprintf(log_get_logfd(), "%s did not provide @find_subid_owners@\n", libname); goto close_lib; } subid_nss->free = dlsym(h, "shadow_subid_free"); if (!subid_nss->free) { - fprintf(shadow_logfd, "%s did not provide @subid_free@\n", libname); + fprintf(log_get_logfd(), "%s did not provide @subid_free@\n", libname); goto close_lib; } subid_nss->handle = h; diff --git a/lib/pam_pass.c b/lib/pam_pass.c index 5df10f199..d6372e1a2 100644 --- a/lib/pam_pass.c +++ b/lib/pam_pass.c @@ -32,7 +32,6 @@ void do_pam_passwd (const char *user, bool silent, bool change_expired) { pam_handle_t *pamh = NULL; int flags = 0, ret; - FILE *shadow_logfd = log_get_logfd(); if (silent) flags |= PAM_SILENT; @@ -41,20 +40,20 @@ void do_pam_passwd (const char *user, bool silent, bool change_expired) ret = pam_start ("passwd", user, &conv, &pamh); if (ret != PAM_SUCCESS) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("passwd: pam_start() failed, error %d\n"), ret); exit (E_PAM_ERR); } ret = pam_chauthtok (pamh, flags); if (ret != PAM_SUCCESS) { - fprintf (shadow_logfd, _("passwd: %s\n"), pam_strerror (pamh, ret)); - fputs (_("passwd: password unchanged\n"), shadow_logfd); + fprintf (log_get_logfd(), _("passwd: %s\n"), pam_strerror (pamh, ret)); + fputs (_("passwd: password unchanged\n"), log_get_logfd()); pam_end (pamh, ret); exit (E_PAM_ERR); } - fputs (_("passwd: password updated successfully\n"), shadow_logfd); + fputs (_("passwd: password updated successfully\n"), log_get_logfd()); (void) pam_end (pamh, PAM_SUCCESS); } #else /* !USE_PAM */ diff --git a/lib/run_part.c b/lib/run_part.c index f3ac46dbf..97b520663 100644 --- a/lib/run_part.c +++ b/lib/run_part.c @@ -12,7 +12,7 @@ #include #include "run_part.h" -#include "shadowlog_internal.h" +#include "shadowlog.h" #include "string/sprintf/aprintf.h" #include "string/strerrno.h" @@ -26,14 +26,14 @@ static int run_part(char *script_path, const char *name, const char *action) pid=fork(); if (pid==-1) { - fprintf(shadow_logfd, "fork: %s\n", strerrno()); + fprintf(log_get_logfd(), "fork: %s\n", strerrno()); return 1; } if (pid==0) { setenv("ACTION",action,1); setenv("SUBJECT",name,1); execv(script_path,args); - fprintf(shadow_logfd, "execv: %s\n", strerrno()); + fprintf(log_get_logfd(), "execv: %s\n", strerrno()); _exit(1); } @@ -42,7 +42,7 @@ static int run_part(char *script_path, const char *name, const char *action) return (wait_status); } - fprintf(shadow_logfd, "wait: %s\n", strerrno()); + fprintf(log_get_logfd(), "wait: %s\n", strerrno()); return (1); } @@ -64,7 +64,7 @@ int run_parts(const char *directory, const char *name, const char *action) s = aprintf("%s/%s", directory, namelist[n]->d_name); if (s == NULL) { - fprintf(shadow_logfd, "aprintf: %s\n", strerrno()); + fprintf(log_get_logfd(), "aprintf: %s\n", strerrno()); for (; nd_name); for (; n #include "prototypes.h" +#include "shadowlog.h" #include "shadowlog_internal.h" #include "string/sprintf/aprintf.h" #include "string/strerrno.h" @@ -138,7 +139,7 @@ static int selinux_log_cb (int type, const char *fmt, ...) { && (errno != EAFNOSUPPORT)) { (void) fputs (_("Cannot open audit interface.\n"), - shadow_logfd); + log_get_logfd()); SYSLOG ((LOG_WARN, "Cannot open audit interface.")); } } @@ -191,7 +192,7 @@ int check_selinux_permit (const char *perm_name) selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) { .func_log = selinux_log_cb }); if (getprevcon_raw (&user_context_raw) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: can not get previous SELinux process context: %s\n"), shadow_progname, strerrno()); SYSLOG ((LOG_WARN, diff --git a/lib/semanage.c b/lib/semanage.c index e20fea6ef..0018536be 100644 --- a/lib/semanage.c +++ b/lib/semanage.c @@ -23,7 +23,7 @@ #include "attr.h" #include "prototypes.h" -#include "shadowlog_internal.h" +#include "shadowlog.h" #include "string/sprintf/aprintf.h" @@ -44,7 +44,7 @@ static void semanage_error_callback (void *, switch (semanage_msg_get_level (handle)) { case SEMANAGE_MSG_ERR: case SEMANAGE_MSG_WARN: - fprintf (shadow_logfd, _("[libsemanage]: %s\n"), message); + fprintf (log_get_logfd(), _("[libsemanage]: %s\n"), message); break; case SEMANAGE_MSG_INFO: /* nop */ @@ -62,7 +62,7 @@ static semanage_handle_t *semanage_init (void) handle = semanage_handle_create (); if (NULL == handle) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Cannot create SELinux management handle\n")); return NULL; } @@ -71,26 +71,26 @@ static semanage_handle_t *semanage_init (void) ret = semanage_is_managed (handle); if (ret != 1) { - fprintf (shadow_logfd, _("SELinux policy not managed\n")); + fprintf (log_get_logfd(), _("SELinux policy not managed\n")); goto fail; } ret = semanage_access_check (handle); if (ret < SEMANAGE_CAN_READ) { - fprintf (shadow_logfd, _("Cannot read SELinux policy store\n")); + fprintf (log_get_logfd(), _("Cannot read SELinux policy store\n")); goto fail; } ret = semanage_connect (handle); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Cannot establish SELinux management connection\n")); goto fail; } ret = semanage_begin_transaction (handle); if (ret != 0) { - fprintf (shadow_logfd, _("Cannot begin SELinux transaction\n")); + fprintf (log_get_logfd(), _("Cannot begin SELinux transaction\n")); goto fail; } @@ -115,7 +115,7 @@ static int semanage_user_mod (semanage_handle_t *handle, semanage_seuser_query (handle, key, &seuser); if (NULL == seuser) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Could not query seuser for %s\n"), login_name); ret = 1; goto done; @@ -124,7 +124,7 @@ static int semanage_user_mod (semanage_handle_t *handle, if (serange && semanage_mls_enabled(handle)) { ret = semanage_seuser_set_mlsrange (handle, seuser, serange); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Could not set serange for %s to %s\n"), login_name, serange); ret = 1; @@ -134,7 +134,7 @@ static int semanage_user_mod (semanage_handle_t *handle, ret = semanage_seuser_set_sename (handle, seuser, seuser_name); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Could not set sename for %s\n"), login_name); ret = 1; @@ -143,7 +143,7 @@ static int semanage_user_mod (semanage_handle_t *handle, ret = semanage_seuser_modify_local (handle, key, seuser); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Could not modify login mapping for %s\n"), login_name); ret = 1; @@ -168,7 +168,7 @@ static int semanage_user_add (semanage_handle_t *handle, ret = semanage_seuser_create (handle, &seuser); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Cannot create SELinux login mapping for %s\n"), login_name); ret = 1; @@ -177,7 +177,7 @@ static int semanage_user_add (semanage_handle_t *handle, ret = semanage_seuser_set_name (handle, seuser, login_name); if (ret != 0) { - fprintf (shadow_logfd, _("Could not set name for %s\n"), login_name); + fprintf (log_get_logfd(), _("Could not set name for %s\n"), login_name); ret = 1; goto done; } @@ -185,7 +185,7 @@ static int semanage_user_add (semanage_handle_t *handle, if (serange && semanage_mls_enabled(handle)) { ret = semanage_seuser_set_mlsrange (handle, seuser, serange); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Could not set serange for %s to %s\n"), login_name, serange); ret = 1; @@ -195,7 +195,7 @@ static int semanage_user_add (semanage_handle_t *handle, ret = semanage_seuser_set_sename (handle, seuser, seuser_name); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Could not set SELinux user for %s\n"), login_name); ret = 1; @@ -204,7 +204,7 @@ static int semanage_user_add (semanage_handle_t *handle, ret = semanage_seuser_modify_local (handle, key, seuser); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Could not add login mapping for %s\n"), login_name); ret = 1; @@ -232,21 +232,21 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser handle = semanage_init (); if (NULL == handle) { - fprintf (shadow_logfd, _("Cannot init SELinux management\n")); + fprintf (log_get_logfd(), _("Cannot init SELinux management\n")); ret = 1; goto done; } ret = semanage_seuser_key_create (handle, login_name, &key); if (ret != 0) { - fprintf (shadow_logfd, _("Cannot create SELinux user key\n")); + fprintf (log_get_logfd(), _("Cannot create SELinux user key\n")); ret = 1; goto done; } ret = semanage_seuser_exists (handle, key, &seuser_exists); if (ret < 0) { - fprintf (shadow_logfd, _("Cannot verify the SELinux user\n")); + fprintf (log_get_logfd(), _("Cannot verify the SELinux user\n")); ret = 1; goto done; } @@ -254,7 +254,7 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser if (0 != seuser_exists) { ret = semanage_user_mod (handle, key, login_name, seuser_name, serange); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Cannot modify SELinux user mapping\n")); ret = 1; goto done; @@ -262,7 +262,7 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser } else { ret = semanage_user_add (handle, key, login_name, seuser_name, serange); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Cannot add SELinux user mapping\n")); ret = 1; goto done; @@ -271,7 +271,7 @@ int set_seuser (const char *login_name, const char *seuser_name, const char *ser ret = semanage_commit (handle); if (ret < 0) { - fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n")); + fprintf (log_get_logfd(), _("Cannot commit SELinux transaction\n")); ret = 1; goto done; } @@ -297,27 +297,27 @@ int del_seuser (const char *login_name) handle = semanage_init (); if (NULL == handle) { - fprintf (shadow_logfd, _("Cannot init SELinux management\n")); + fprintf (log_get_logfd(), _("Cannot init SELinux management\n")); ret = 1; goto done; } ret = semanage_seuser_key_create (handle, login_name, &key); if (ret != 0) { - fprintf (shadow_logfd, _("Cannot create SELinux user key\n")); + fprintf (log_get_logfd(), _("Cannot create SELinux user key\n")); ret = 1; goto done; } ret = semanage_seuser_exists (handle, key, &exists); if (ret < 0) { - fprintf (shadow_logfd, _("Cannot verify the SELinux user\n")); + fprintf (log_get_logfd(), _("Cannot verify the SELinux user\n")); ret = 1; goto done; } if (0 == exists) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Login mapping for %s is not defined, OK if default mapping was used\n"), login_name); ret = 0; /* probably default mapping */ @@ -326,13 +326,13 @@ int del_seuser (const char *login_name) ret = semanage_seuser_exists_local (handle, key, &exists); if (ret < 0) { - fprintf (shadow_logfd, _("Cannot verify the SELinux user\n")); + fprintf (log_get_logfd(), _("Cannot verify the SELinux user\n")); ret = 1; goto done; } if (0 == exists) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Login mapping for %s is defined in policy, cannot be deleted\n"), login_name); ret = 0; /* Login mapping defined in policy can't be deleted */ @@ -341,7 +341,7 @@ int del_seuser (const char *login_name) ret = semanage_seuser_del_local (handle, key); if (ret != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("Could not delete login mapping for %s"), login_name); ret = 1; @@ -350,7 +350,7 @@ int del_seuser (const char *login_name) ret = semanage_commit (handle); if (ret < 0) { - fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n")); + fprintf (log_get_logfd(), _("Cannot commit SELinux transaction\n")); ret = 1; goto done; } diff --git a/lib/shadowlog.c b/lib/shadowlog.c index 7bcc63cab..4c8dddd7e 100644 --- a/lib/shadowlog.c +++ b/lib/shadowlog.c @@ -3,7 +3,7 @@ #include "lib/shadowlog_internal.h" const char *shadow_progname = "libshadow"; -FILE *shadow_logfd = NULL; +static FILE *shadow_logfd = NULL; void log_set_progname(const char *progname) { diff --git a/lib/shadowlog_internal.h b/lib/shadowlog_internal.h index 2ed7932be..1d2d16761 100644 --- a/lib/shadowlog_internal.h +++ b/lib/shadowlog_internal.h @@ -2,6 +2,5 @@ #define _SHADOWLOG_INTERNAL_H extern const char *shadow_progname; /* Program name shown in error messages */ -extern FILE *shadow_logfd; /* file descriptor to which error messages are printed */ #endif /* _SHADOWLOG_INTERNAL_H */ diff --git a/lib/spawn.c b/lib/spawn.c index 2bcbc4451..4b6169e5b 100644 --- a/lib/spawn.c +++ b/lib/spawn.c @@ -15,6 +15,7 @@ #include "exitcodes.h" #include "prototypes.h" +#include "shadowlog.h" #include "shadowlog_internal.h" #include "string/strerrno.h" @@ -30,7 +31,7 @@ run_command(const char *cmd, const char *argv[], } (void) fflush (stdout); - (void) fflush (shadow_logfd); + (void) fflush (log_get_logfd()); pid = fork (); if (0 == pid) { @@ -39,11 +40,11 @@ run_command(const char *cmd, const char *argv[], if (ENOENT == errno) { _exit (E_CMD_NOTFOUND); } - fprintf (shadow_logfd, "%s: cannot execute %s: %s\n", + fprintf (log_get_logfd(), "%s: cannot execute %s: %s\n", shadow_progname, cmd, strerrno()); _exit (E_CMD_NOEXEC); } else if ((pid_t)-1 == pid) { - fprintf (shadow_logfd, "%s: cannot execute %s: %s\n", + fprintf (log_get_logfd(), "%s: cannot execute %s: %s\n", shadow_progname, cmd, strerrno()); return -1; } @@ -56,7 +57,7 @@ run_command(const char *cmd, const char *argv[], || ((pid_t)-1 != wpid && wpid != pid)); if ((pid_t)-1 == wpid) { - fprintf (shadow_logfd, "%s: waitpid (status: %d): %s\n", + fprintf (log_get_logfd(), "%s: waitpid (status: %d): %s\n", shadow_progname, *status, strerrno()); return -1; } diff --git a/lib/tcbfuncs.c b/lib/tcbfuncs.c index 269ae0d04..ee8f57682 100644 --- a/lib/tcbfuncs.c +++ b/lib/tcbfuncs.c @@ -23,6 +23,7 @@ #include "prototypes.h" #include "tcbfuncs.h" #include "shadowio.h" +#include "shadowlog.h" #include "shadowlog_internal.h" #include "string/sprintf/aprintf.h" #include "string/strcmp/streq.h" @@ -64,8 +65,8 @@ shadowtcb_status shadowtcb_gain_priv (void) * to exit soon. */ #define OUT_OF_MEMORY do { \ - fprintf (shadow_logfd, _("%s: out of memory\n"), shadow_progname); \ - (void) fflush (shadow_logfd); \ + fprintf (log_get_logfd(), _("%s: out of memory\n"), shadow_progname); \ + (void) fflush (log_get_logfd()); \ } while (false) /* Returns user's tcb directory path relative to TCB_DIR. */ @@ -102,7 +103,7 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name) return NULL; } if (lstat (path, &st) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), shadow_progname, path, strerrno()); free (path); @@ -118,14 +119,14 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name) return rval; } if (!S_ISLNK (st.st_mode)) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: %s is neither a directory, nor a symlink.\n"), shadow_progname, path); free (path); return NULL; } if (readlinknul_a(path, link) == -1) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot read symbolic link %s: %s\n"), shadow_progname, path, strerrno()); free (path); @@ -186,7 +187,7 @@ static shadowtcb_status mkdir_leading (const char *name, uid_t uid) } ptr = path; if (stat (TCB_DIR, &st) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), shadow_progname, TCB_DIR, strerrno()); goto out_free_path; @@ -199,19 +200,19 @@ static shadowtcb_status mkdir_leading (const char *name, uid_t uid) return SHADOWTCB_FAILURE; } if ((mkdir (dir, 0700) != 0) && (errno != EEXIST)) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot create directory %s: %s\n"), shadow_progname, dir, strerrno()); goto out_free_dir; } if (chown (dir, 0, st.st_gid) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), shadow_progname, dir, strerrno()); goto out_free_dir; } if (chmod (dir, 0711) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), shadow_progname, dir, strerrno()); goto out_free_dir; @@ -242,7 +243,7 @@ static shadowtcb_status unlink_suffs (const char *user) return SHADOWTCB_FAILURE; } if ((unlink (tmp) != 0) && (errno != ENOENT)) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: unlink: %s: %s\n"), shadow_progname, tmp, strerrno()); free (tmp); @@ -272,7 +273,7 @@ rmdir_leading(const char *relpath) if (rmdir(path) != 0) { if (errno != ENOTEMPTY) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot remove directory %s: %s\n"), shadow_progname, path, strerrno()); ret = SHADOWTCB_FAILURE; @@ -306,7 +307,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid) goto out_free_nomem; } if (stat (olddir, &oldmode) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), shadow_progname, olddir, strerrno()); goto out_free; @@ -333,7 +334,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid) goto out_free; } if (rename (real_old_dir, real_new_dir) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot rename %s to %s: %s\n"), shadow_progname, real_old_dir, real_new_dir, strerrno()); goto out_free; @@ -342,7 +343,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid) goto out_free; } if ((unlink (olddir) != 0) && (errno != ENOENT)) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot remove %s: %s\n"), shadow_progname, olddir, strerrno()); goto out_free; @@ -357,7 +358,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid) } if ( !streq(real_new_dir, newdir) && (symlink (real_new_dir_rel, newdir) != 0)) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot create symbolic link %s: %s\n"), shadow_progname, real_new_dir_rel, strerrno()); goto out_free; @@ -461,37 +462,37 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_ return SHADOWTCB_FAILURE; } if (stat (tcbdir, &dirmode) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), shadow_progname, tcbdir, strerrno()); goto out_free; } if (chown (tcbdir, 0, 0) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change owners of %s: %s\n"), shadow_progname, tcbdir, strerrno()); goto out_free; } if (chmod (tcbdir, 0700) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), shadow_progname, tcbdir, strerrno()); goto out_free; } if (lstat (shadow, &filemode) != 0) { if (errno != ENOENT) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot lstat %s: %s\n"), shadow_progname, shadow, strerrno()); goto out_free; } - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Warning, user %s has no tcb shadow file.\n"), shadow_progname, user_newname); } else { if (!S_ISREG (filemode.st_mode) || filemode.st_nlink != 1) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Emergency: %s's tcb shadow is not a " "regular file with st_nlink=1.\n" "The account is left locked.\n"), @@ -499,13 +500,13 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_ goto out_free; } if (chown (shadow, user_newid, filemode.st_gid) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), shadow_progname, shadow, strerrno()); goto out_free; } if (chmod (shadow, filemode.st_mode & 07777) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), shadow_progname, shadow, strerrno()); goto out_free; @@ -515,13 +516,13 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_ goto out_free; } if (chown (tcbdir, user_newid, dirmode.st_gid) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), shadow_progname, tcbdir, strerrno()); goto out_free; } if (chmod (tcbdir, dirmode.st_mode & 07777) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), shadow_progname, tcbdir, strerrno()); goto out_free; @@ -546,7 +547,7 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid) return SHADOWTCB_SUCCESS; } if (stat (TCB_DIR, &tcbdir_stat) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), shadow_progname, TCB_DIR, strerrno()); return SHADOWTCB_FAILURE; @@ -571,37 +572,37 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid) return SHADOWTCB_FAILURE; } if (mkdir (dir, 0700) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: mkdir: %s: %s\n"), shadow_progname, dir, strerrno()); goto out_free; } fd = open (shadow, O_RDWR | O_CREAT | O_TRUNC, 0600); if (fd < 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot open %s: %s\n"), shadow_progname, shadow, strerrno()); goto out_free; } if (fchown (fd, 0, authgid) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), shadow_progname, shadow, strerrno()); goto out_free; } if (fchmod (fd, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), shadow_progname, shadow, strerrno()); goto out_free; } if (chown (dir, 0, authgid) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), shadow_progname, dir, strerrno()); goto out_free; } if (chmod (dir, (mode_t) ((authgid == shadowgid) ? 02700 : 02710)) != 0) { - fprintf (shadow_logfd, + fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), shadow_progname, dir, strerrno()); goto out_free;