From d5638a5b2b7b9038fe3436d3ffb9b973ad479176 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sun, 11 Jan 2026 12:34:46 +0100 Subject: [PATCH] lib/shadowlog_internal.h: Hide shadow_progname Accessing and setting shadow_progname is not as straight-forward as it might seem due to the way of linking libshadow_la with libsubid and programs. Enforce the usage of log_get_progname to make this less messy. With last entry of shadowlog_internal.h gone, remove the file entirely. Signed-off-by: Tobias Stoeckmann --- lib/Makefile.am | 1 - lib/commonio.c | 27 ++++++++------- lib/nscd.c | 9 +++-- lib/nss.c | 1 - lib/selinux.c | 3 +- lib/shadow/passwd/sgetpwent.c | 1 - lib/shadow/shadow/sgetspent.c | 1 - lib/shadowlog.c | 4 +-- lib/shadowlog_internal.h | 6 ---- lib/spawn.c | 7 ++-- lib/sssd.c | 9 +++-- lib/tcbfuncs.c | 63 +++++++++++++++++------------------ 12 files changed, 57 insertions(+), 75 deletions(-) delete mode 100644 lib/shadowlog_internal.h diff --git a/lib/Makefile.am b/lib/Makefile.am index c402ff02a..bf9cda724 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -179,7 +179,6 @@ libshadow_la_SOURCES = \ shadowio.h \ shadowlog.c \ shadowlog.h \ - shadowlog_internal.h \ shadowmem.c \ shell.c \ sizeof.h \ diff --git a/lib/commonio.c b/lib/commonio.c index c93b302cf..2f278df26 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -33,7 +33,6 @@ #endif /* WITH_TCB */ #include "prototypes.h" #include "shadowlog.h" -#include "shadowlog_internal.h" #include "sssd.h" #include "string/memset/memzero.h" #include "string/sprintf/aprintf.h" @@ -104,7 +103,7 @@ static int check_link_count (const char *file, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: %s file stat error: %s\n", - shadow_progname, file, strerrno()); + log_get_progname(), file, strerrno()); } return 0; } @@ -113,7 +112,7 @@ static int check_link_count (const char *file, bool log) if (log) { fprintf(log_get_logfd(), "%s: %s: lock file already used (nlink: %ju)\n", - shadow_progname, file, (uintmax_t) sb.st_nlink); + log_get_progname(), file, (uintmax_t) sb.st_nlink); } return 0; } @@ -135,7 +134,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: %s: %s\n", - shadow_progname, file, strerrno()); + log_get_progname(), file, strerrno()); } return 0; } @@ -147,7 +146,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: %s file write error: %s\n", - shadow_progname, file, strerrno()); + log_get_progname(), file, strerrno()); } (void) close (fd); unlink (file); @@ -157,7 +156,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: %s file sync error: %s\n", - shadow_progname, file, strerrno()); + log_get_progname(), file, strerrno()); } (void) close (fd); unlink (file); @@ -176,7 +175,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: %s: %s\n", - shadow_progname, lock, strerrno()); + log_get_progname(), lock, strerrno()); } unlink (file); errno = EINVAL; @@ -188,7 +187,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: existing lock file %s without a PID\n", - shadow_progname, lock); + log_get_progname(), lock); } unlink (file); errno = EINVAL; @@ -199,7 +198,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: existing lock file %s with an invalid PID '%s'\n", - shadow_progname, lock, buf); + log_get_progname(), lock, buf); } unlink (file); errno = EINVAL; @@ -209,7 +208,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: lock %s already used by PID %lu\n", - shadow_progname, lock, (unsigned long) pid); + log_get_progname(), lock, (unsigned long) pid); } unlink (file); errno = EEXIST; @@ -219,7 +218,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: cannot get lock %s: %s\n", - shadow_progname, lock, strerrno()); + log_get_progname(), lock, strerrno()); } unlink (file); return 0; @@ -232,7 +231,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) if (log) { (void) fprintf (log_get_logfd(), "%s: cannot get lock %s: %s\n", - shadow_progname, lock, strerrno()); + log_get_progname(), lock, strerrno()); } } @@ -405,7 +404,7 @@ int commonio_lock (struct commonio_db *db) if (geteuid () != 0) { (void) fprintf (log_get_logfd(), "%s: Permission denied.\n", - shadow_progname); + log_get_progname()); } return 0; /* failure */ } @@ -440,7 +439,7 @@ int commonio_lock (struct commonio_db *db) /* no unnecessary retries on "permission denied" errors */ if (geteuid () != 0) { (void) fprintf (log_get_logfd(), "%s: Permission denied.\n", - shadow_progname); + log_get_progname()); return 0; } } diff --git a/lib/nscd.c b/lib/nscd.c index ae3321fe1..732164cea 100644 --- a/lib/nscd.c +++ b/lib/nscd.c @@ -11,7 +11,6 @@ #include "prototypes.h" #include "nscd.h" #include "shadowlog.h" -#include "shadowlog_internal.h" #define MSG_NSCD_FLUSH_CACHE_FAILED "%s: Failed to flush the nscd cache.\n" @@ -27,7 +26,7 @@ int nscd_flush_cache (const char *service) if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) { /* run_command writes its own more detailed message. */ - (void) fprintf (log_get_logfd(), _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname); + (void) fprintf (log_get_logfd(), _(MSG_NSCD_FLUSH_CACHE_FAILED), log_get_progname()); return -1; } @@ -35,7 +34,7 @@ int nscd_flush_cache (const char *service) if (!WIFEXITED (status)) { (void) fprintf (log_get_logfd(), _("%s: nscd did not terminate normally (signal %d)\n"), - shadow_progname, WTERMSIG (status)); + log_get_progname(), WTERMSIG (status)); return -1; } else if (code == E_CMD_NOTFOUND) { /* nscd is not installed, or it is installed but uses an @@ -46,8 +45,8 @@ int nscd_flush_cache (const char *service) return 0; } else if (code != 0) { (void) fprintf (log_get_logfd(), _("%s: nscd exited with status %d\n"), - shadow_progname, code); - (void) fprintf (log_get_logfd(), _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname); + log_get_progname(), code); + (void) fprintf (log_get_logfd(), _(MSG_NSCD_FLUSH_CACHE_FAILED), log_get_progname()); return -1; } diff --git a/lib/nss.c b/lib/nss.c index f6e5146d1..595739074 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -12,7 +12,6 @@ #include "alloc/malloc.h" #include "prototypes.h" #include "../libsubid/subid.h" -#include "shadowlog_internal.h" #include "shadowlog.h" #include "string/sprintf/snprintf.h" #include "string/strcmp/strcaseprefix.h" diff --git a/lib/selinux.c b/lib/selinux.c index 3d3263603..918be770e 100644 --- a/lib/selinux.c +++ b/lib/selinux.c @@ -16,7 +16,6 @@ #include "prototypes.h" #include "shadowlog.h" -#include "shadowlog_internal.h" #include "string/sprintf/aprintf.h" #include "string/strerrno.h" @@ -194,7 +193,7 @@ int check_selinux_permit (const char *perm_name) if (getprevcon_raw (&user_context_raw) != 0) { fprintf (log_get_logfd(), _("%s: can not get previous SELinux process context: %s\n"), - shadow_progname, strerrno()); + log_get_progname(), strerrno()); SYSLOG ((LOG_WARN, "can not get previous SELinux process context: %s", strerrno())); diff --git a/lib/shadow/passwd/sgetpwent.c b/lib/shadow/passwd/sgetpwent.c index 02760e556..531b4aac1 100644 --- a/lib/shadow/passwd/sgetpwent.c +++ b/lib/shadow/passwd/sgetpwent.c @@ -19,7 +19,6 @@ #include "atoi/getnum.h" #include "defines.h" #include "prototypes.h" -#include "shadowlog_internal.h" #include "string/strcmp/streq.h" #include "string/strtok/stpsep.h" #include "string/strtok/strsep2arr.h" diff --git a/lib/shadow/shadow/sgetspent.c b/lib/shadow/shadow/sgetspent.c index bd778cdc1..1c2fbe22b 100644 --- a/lib/shadow/shadow/sgetspent.c +++ b/lib/shadow/shadow/sgetspent.c @@ -21,7 +21,6 @@ #include "atoi/a2i.h" #include "defines.h" #include "prototypes.h" -#include "shadowlog_internal.h" #include "sizeof.h" #include "string/strcmp/streq.h" #include "string/strtok/stpsep.h" diff --git a/lib/shadowlog.c b/lib/shadowlog.c index 4c8dddd7e..2f4b06f00 100644 --- a/lib/shadowlog.c +++ b/lib/shadowlog.c @@ -1,8 +1,6 @@ #include "shadowlog.h" -#include "lib/shadowlog_internal.h" - -const char *shadow_progname = "libshadow"; +static const char *shadow_progname = "libshadow"; static FILE *shadow_logfd = NULL; void log_set_progname(const char *progname) diff --git a/lib/shadowlog_internal.h b/lib/shadowlog_internal.h deleted file mode 100644 index 1d2d16761..000000000 --- a/lib/shadowlog_internal.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef _SHADOWLOG_INTERNAL_H -#define _SHADOWLOG_INTERNAL_H - -extern const char *shadow_progname; /* Program name shown in error messages */ - -#endif /* _SHADOWLOG_INTERNAL_H */ diff --git a/lib/spawn.c b/lib/spawn.c index 4b6169e5b..ff81cc920 100644 --- a/lib/spawn.c +++ b/lib/spawn.c @@ -16,7 +16,6 @@ #include "exitcodes.h" #include "prototypes.h" #include "shadowlog.h" -#include "shadowlog_internal.h" #include "string/strerrno.h" @@ -41,11 +40,11 @@ run_command(const char *cmd, const char *argv[], _exit (E_CMD_NOTFOUND); } fprintf (log_get_logfd(), "%s: cannot execute %s: %s\n", - shadow_progname, cmd, strerrno()); + log_get_progname(), cmd, strerrno()); _exit (E_CMD_NOEXEC); } else if ((pid_t)-1 == pid) { fprintf (log_get_logfd(), "%s: cannot execute %s: %s\n", - shadow_progname, cmd, strerrno()); + log_get_progname(), cmd, strerrno()); return -1; } @@ -58,7 +57,7 @@ run_command(const char *cmd, const char *argv[], if ((pid_t)-1 == wpid) { fprintf (log_get_logfd(), "%s: waitpid (status: %d): %s\n", - shadow_progname, *status, strerrno()); + log_get_progname(), *status, strerrno()); return -1; } diff --git a/lib/sssd.c b/lib/sssd.c index b915b80a6..92d689b95 100644 --- a/lib/sssd.c +++ b/lib/sssd.c @@ -14,7 +14,6 @@ #include "exitcodes.h" #include "defines.h" #include "prototypes.h" -#include "shadowlog_internal.h" #include "string/strcmp/streq.h" @@ -57,22 +56,22 @@ sssd_flush_cache(int dbflags) free(sss_cache_args); if (rv != 0) { /* run_command writes its own more detailed message. */ - SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname)); + SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, log_get_progname())); return -1; } code = WEXITSTATUS (status); if (!WIFEXITED (status)) { SYSLOG ((LOG_WARN, "%s: sss_cache did not terminate normally (signal %d)", - shadow_progname, WTERMSIG (status))); + log_get_progname(), WTERMSIG (status))); return -1; } else if (code == E_CMD_NOTFOUND) { /* sss_cache is not installed, or it is installed but uses an interpreter that is missing. Probably the former. */ return 0; } else if (code != 0) { - SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", shadow_progname, code)); - SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname)); + SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", log_get_progname(), code)); + SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, log_get_progname())); return -1; } diff --git a/lib/tcbfuncs.c b/lib/tcbfuncs.c index ee8f57682..627bc6336 100644 --- a/lib/tcbfuncs.c +++ b/lib/tcbfuncs.c @@ -24,7 +24,6 @@ #include "tcbfuncs.h" #include "shadowio.h" #include "shadowlog.h" -#include "shadowlog_internal.h" #include "string/sprintf/aprintf.h" #include "string/strcmp/streq.h" #include "string/strcmp/strprefix.h" @@ -65,7 +64,7 @@ shadowtcb_status shadowtcb_gain_priv (void) * to exit soon. */ #define OUT_OF_MEMORY do { \ - fprintf (log_get_logfd(), _("%s: out of memory\n"), shadow_progname); \ + fprintf (log_get_logfd(), _("%s: out of memory\n"), log_get_progname()); \ (void) fflush (log_get_logfd()); \ } while (false) @@ -105,7 +104,7 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name) if (lstat (path, &st) != 0) { fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), - shadow_progname, path, strerrno()); + log_get_progname(), path, strerrno()); free (path); return NULL; } @@ -121,14 +120,14 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name) if (!S_ISLNK (st.st_mode)) { fprintf (log_get_logfd(), _("%s: %s is neither a directory, nor a symlink.\n"), - shadow_progname, path); + log_get_progname(), path); free (path); return NULL; } if (readlinknul_a(path, link) == -1) { fprintf (log_get_logfd(), _("%s: Cannot read symbolic link %s: %s\n"), - shadow_progname, path, strerrno()); + log_get_progname(), path, strerrno()); free (path); return NULL; } @@ -189,7 +188,7 @@ static shadowtcb_status mkdir_leading (const char *name, uid_t uid) if (stat (TCB_DIR, &st) != 0) { fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), - shadow_progname, TCB_DIR, strerrno()); + log_get_progname(), TCB_DIR, strerrno()); goto out_free_path; } while (NULL != (ind = strchr(ptr, '/'))) { @@ -202,19 +201,19 @@ static shadowtcb_status mkdir_leading (const char *name, uid_t uid) if ((mkdir (dir, 0700) != 0) && (errno != EEXIST)) { fprintf (log_get_logfd(), _("%s: Cannot create directory %s: %s\n"), - shadow_progname, dir, strerrno()); + log_get_progname(), dir, strerrno()); goto out_free_dir; } if (chown (dir, 0, st.st_gid) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), - shadow_progname, dir, strerrno()); + log_get_progname(), dir, strerrno()); goto out_free_dir; } if (chmod (dir, 0711) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), - shadow_progname, dir, strerrno()); + log_get_progname(), dir, strerrno()); goto out_free_dir; } free (dir); @@ -245,7 +244,7 @@ static shadowtcb_status unlink_suffs (const char *user) if ((unlink (tmp) != 0) && (errno != ENOENT)) { fprintf (log_get_logfd(), _("%s: unlink: %s: %s\n"), - shadow_progname, tmp, strerrno()); + log_get_progname(), tmp, strerrno()); free (tmp); return SHADOWTCB_FAILURE; } @@ -275,7 +274,7 @@ rmdir_leading(const char *relpath) if (errno != ENOTEMPTY) { fprintf (log_get_logfd(), _("%s: Cannot remove directory %s: %s\n"), - shadow_progname, path, strerrno()); + log_get_progname(), path, strerrno()); ret = SHADOWTCB_FAILURE; } break; @@ -309,7 +308,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid) if (stat (olddir, &oldmode) != 0) { fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), - shadow_progname, olddir, strerrno()); + log_get_progname(), olddir, strerrno()); goto out_free; } old_uid = oldmode.st_uid; @@ -336,7 +335,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid) if (rename (real_old_dir, real_new_dir) != 0) { fprintf (log_get_logfd(), _("%s: Cannot rename %s to %s: %s\n"), - shadow_progname, real_old_dir, real_new_dir, strerrno()); + log_get_progname(), real_old_dir, real_new_dir, strerrno()); goto out_free; } if (rmdir_leading (real_old_dir_rel) == SHADOWTCB_FAILURE) { @@ -345,7 +344,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid) if ((unlink (olddir) != 0) && (errno != ENOENT)) { fprintf (log_get_logfd(), _("%s: Cannot remove %s: %s\n"), - shadow_progname, olddir, strerrno()); + log_get_progname(), olddir, strerrno()); goto out_free; } newdir = aprintf(TCB_DIR "/%s", user_newname); @@ -360,7 +359,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid) && (symlink (real_new_dir_rel, newdir) != 0)) { fprintf (log_get_logfd(), _("%s: Cannot create symbolic link %s: %s\n"), - shadow_progname, real_new_dir_rel, strerrno()); + log_get_progname(), real_new_dir_rel, strerrno()); goto out_free; } ret = SHADOWTCB_SUCCESS; @@ -464,31 +463,31 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_ if (stat (tcbdir, &dirmode) != 0) { fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), - shadow_progname, tcbdir, strerrno()); + log_get_progname(), tcbdir, strerrno()); goto out_free; } if (chown (tcbdir, 0, 0) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change owners of %s: %s\n"), - shadow_progname, tcbdir, strerrno()); + log_get_progname(), tcbdir, strerrno()); goto out_free; } if (chmod (tcbdir, 0700) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), - shadow_progname, tcbdir, strerrno()); + log_get_progname(), tcbdir, strerrno()); goto out_free; } if (lstat (shadow, &filemode) != 0) { if (errno != ENOENT) { fprintf (log_get_logfd(), _("%s: Cannot lstat %s: %s\n"), - shadow_progname, shadow, strerrno()); + log_get_progname(), shadow, strerrno()); goto out_free; } fprintf (log_get_logfd(), _("%s: Warning, user %s has no tcb shadow file.\n"), - shadow_progname, user_newname); + log_get_progname(), user_newname); } else { if (!S_ISREG (filemode.st_mode) || filemode.st_nlink != 1) { @@ -496,19 +495,19 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_ _("%s: Emergency: %s's tcb shadow is not a " "regular file with st_nlink=1.\n" "The account is left locked.\n"), - shadow_progname, user_newname); + log_get_progname(), user_newname); goto out_free; } if (chown (shadow, user_newid, filemode.st_gid) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), - shadow_progname, shadow, strerrno()); + log_get_progname(), shadow, strerrno()); goto out_free; } if (chmod (shadow, filemode.st_mode & 07777) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), - shadow_progname, shadow, strerrno()); + log_get_progname(), shadow, strerrno()); goto out_free; } } @@ -518,13 +517,13 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_ if (chown (tcbdir, user_newid, dirmode.st_gid) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), - shadow_progname, tcbdir, strerrno()); + log_get_progname(), tcbdir, strerrno()); goto out_free; } if (chmod (tcbdir, dirmode.st_mode & 07777) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), - shadow_progname, tcbdir, strerrno()); + log_get_progname(), tcbdir, strerrno()); goto out_free; } ret = SHADOWTCB_SUCCESS; @@ -549,7 +548,7 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid) if (stat (TCB_DIR, &tcbdir_stat) != 0) { fprintf (log_get_logfd(), _("%s: Cannot stat %s: %s\n"), - shadow_progname, TCB_DIR, strerrno()); + log_get_progname(), TCB_DIR, strerrno()); return SHADOWTCB_FAILURE; } shadowgid = tcbdir_stat.st_gid; @@ -573,38 +572,38 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid) } if (mkdir (dir, 0700) != 0) { fprintf (log_get_logfd(), - _("%s: mkdir: %s: %s\n"), shadow_progname, dir, strerrno()); + _("%s: mkdir: %s: %s\n"), log_get_progname(), dir, strerrno()); goto out_free; } fd = open (shadow, O_RDWR | O_CREAT | O_TRUNC, 0600); if (fd < 0) { fprintf (log_get_logfd(), _("%s: Cannot open %s: %s\n"), - shadow_progname, shadow, strerrno()); + log_get_progname(), shadow, strerrno()); goto out_free; } if (fchown (fd, 0, authgid) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), - shadow_progname, shadow, strerrno()); + log_get_progname(), shadow, strerrno()); goto out_free; } if (fchmod (fd, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), - shadow_progname, shadow, strerrno()); + log_get_progname(), shadow, strerrno()); goto out_free; } if (chown (dir, 0, authgid) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change owner of %s: %s\n"), - shadow_progname, dir, strerrno()); + log_get_progname(), dir, strerrno()); goto out_free; } if (chmod (dir, (mode_t) ((authgid == shadowgid) ? 02700 : 02710)) != 0) { fprintf (log_get_logfd(), _("%s: Cannot change mode of %s: %s\n"), - shadow_progname, dir, strerrno()); + log_get_progname(), dir, strerrno()); goto out_free; } if ( (shadowtcb_set_user (name) == SHADOWTCB_FAILURE) -- 2.47.3