AM_CONDITIONAL(BUILD_NEWGRP, test "x$build_newgrp" = xyes)
-AC_ARG_ENABLE([chfn-chsh],
- AS_HELP_STRING([--enable-chfn-chsh], [build chfn and chsh]),
- [], enable_chfn_chsh=no
-)
-UL_BUILD_INIT([chfn_chsh])
-UL_REQUIRES_HAVE([chfn_chsh], [security_pam_misc_h], [PAM header file])
-AM_CONDITIONAL(BUILD_CHFN_CHSH, test "x$build_chfn_chsh" = xyes)
-
-AC_ARG_ENABLE([chsh-only-listed],
-AS_HELP_STRING([--disable-chsh-only-listed], [chsh: allow shells not in /etc/shells]),
-[], enable_chsh_only_listed=yes
-)
-
-AC_ARG_WITH([libuser], AS_HELP_STRING([--without-libuser], [compile without libuser (remote chsh)]),
+AC_ARG_WITH([user], AS_HELP_STRING([--without-user], [compile without libuser (remote chsh)]),
[], with_user=auto
)
-
if test "x$with_user" = xno; then
AM_CONDITIONAL(HAVE_USER, false)
else
esac
fi
+AC_ARG_ENABLE([chfn-chsh-password],
+ AS_HELP_STRING([--disable-chfn-chsh-password], [do not require the user to enter the password in chfn and chsh]),
+ [], enable_chfn_chsh_password=yes
+)
+
+AC_ARG_ENABLE([chfn-chsh],
+ AS_HELP_STRING([--enable-chfn-chsh], [build chfn and chsh]),
+ [], enable_chfn_chsh=no
+)
+UL_BUILD_INIT([chfn_chsh])
+
+if test "x$enable_chfn_chsh_password" = xyes -o "x$have_user" = xyes; then
+ UL_REQUIRES_HAVE([chfn_chsh], [security_pam_misc_h], [PAM header file])
+ AC_DEFINE(CHFN_CHSH_PASSWORD, 1, [Should chfn and chsh require the user to enter the password?])
+fi
+AM_CONDITIONAL(BUILD_CHFN_CHSH, test "x$build_chfn_chsh" = xyes)
+AM_CONDITIONAL(CHFN_CHSH_PASSWORD, test "x$enable_chfn_chsh_password" = xyes)
+
+AC_ARG_ENABLE([chsh-only-listed],
+AS_HELP_STRING([--disable-chsh-only-listed], [chsh: allow shells not in /etc/shells]),
+[], enable_chsh_only_listed=yes
+)
if test "x$enable_chsh_only_listed" = xyes; then
AC_DEFINE(ONLY_LISTED_SHELLS, 1, [Should chsh allow only shells in /etc/shells?])
fi
-AC_ARG_ENABLE([require-password],
- AS_HELP_STRING([--disable-require-password], [do not require the user to enter the password in chfn and chsh]),
- [], enable_require_password=yes
-)
-
-if test "x$enable_require_password" = xyes; then
- AC_DEFINE(REQUIRE_PASSWORD, 1, [Should chfn and chsh require the user to enter the password?])
-fi
-
-
AC_DEFUN([FS_PATHS_DEFAULT], [/sbin:/sbin/fs.d:/sbin/fs])
AC_ARG_ENABLE([fs-paths-default],
AS_HELP_STRING([--enable-fs-paths-default=paths], [default search path for fs helpers @<:@FS_PATHS_DEFAULT@:>@]),
login-utils/chfn.1 \
login-utils/chsh.1
-chfn_chsh_sources = \
- login-utils/islocal.c \
- login-utils/islocal.h \
- login-utils/auth.c \
- login-utils/auth.h \
- login-utils/setpwnam.c \
- login-utils/setpwnam.h
+chfn_chsh_sources =
chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)
chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS)
-chfn_chsh_ldadd = libcommon.la -lpam -lpam_misc
+chfn_chsh_ldadd = libcommon.la
+
+if CHFN_CHSH_PASSWORD
+chfn_chsh_ldadd += -lpam -lpam_misc
+chfn_chsh_sources += \
+ login-utils/auth.c \
+ login-utils/auth.h
+endif
if HAVE_USER
chfn_chsh_ldflags += $(LIBUSER_LIBS)
chfn_chsh_sources+= \
login-utils/libuser.c \
login-utils/libuser.h
+else
+chfn_chsh_sources += \
+ login-utils/islocal.c \
+ login-utils/islocal.h \
+ login-utils/setpwnam.c \
+ login-utils/setpwnam.h
endif
if HAVE_SELINUX
*/
#include "auth.h"
-
#include "pamfail.h"
-int auth_pam(const char *service_name, uid_t uid, const char *username) {
-#ifdef REQUIRE_PASSWORD
+int auth_pam(const char *service_name, uid_t uid, const char *username)
+{
if (uid != 0) {
pam_handle_t *pamh = NULL;
struct pam_conv conv = { misc_conv, NULL };
* session-oriented activity... */
}
return TRUE;
-#endif /* REQUIRE_PASSWORD */
}
#ifdef HAVE_LIBUSER
# include <libuser/user.h>
# include "libuser.h"
-#else
+#elif CHFN_CHSH_PASSWORD
# include "auth.h"
#endif
newf.username);
}
+#ifndef HAVE_LIBUSER
if (!(is_local(oldf.username)))
errx(EXIT_FAILURE, _("can only change local entries"));
+#endif
#ifdef HAVE_LIBSELINUX
if (is_selinux_enabled() > 0) {
#ifdef HAVE_LIBUSER
/* If we're setuid and not really root, disallow the password change. */
- if (geteuid() != getuid() && uid != pw->pw_uid) {
+ if (geteuid() != getuid() && uid != oldf.pw->pw_uid) {
#else
- if (uid != 0 && uid != pw->pw_uid) {
+ if (uid != 0 && uid != oldf.pw->pw_uid) {
#endif
errno = EACCES;
err(EXIT_FAILURE, _("running UID doesn't match UID of user we're "
- "altering, change denied")););
+ "altering, change denied"));
}
printf(_("Changing finger information for %s.\n"), oldf.username);
-#ifndef HAVE_LIBUSER
+#if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD)
if(!auth_pam("chfn", uid, oldf.username)) {
return EXIT_FAILURE;
}
}
#ifdef HAVE_LIBUSER
- if(set_value_libuser("chfn", pinfo->pw->pw_name, pinfo->pw->pw_uid,
- LU_GECOS, gecos)) {
+ if (set_value_libuser("chfn", pinfo->pw->pw_name, pinfo->pw->pw_uid,
+ LU_GECOS, gecos) < 0) {
#else /* HAVE_LIBUSER */
/* write the new struct passwd to the passwd file. */
pinfo->pw->pw_gecos = gecos;
if (setpwnam(pinfo->pw) < 0) {
+ warn("setpwnam failed");
#endif
- warn("setpwnam");
printf(_
("Finger information *NOT* changed. Try again later.\n"));
return -1;
#ifdef HAVE_LIBUSER
# include <libuser/user.h>
# include "libuser.h"
-#else
+#elif CHFN_CHSH_PASSWORD
# include "auth.h"
#endif
info.username);
}
+#ifndef HAVE_LIBUSER
if (!(is_local(pw->pw_name)))
errx(EXIT_FAILURE, _("can only change local entries."));
+#endif
#ifdef HAVE_LIBSELINUX
if (is_selinux_enabled() > 0) {
printf(_("Changing shell for %s.\n"), pw->pw_name);
-#ifndef HAVE_LIBUSER
+#if !defined(HAVE_LIBUSER) && defined(CHFN_CHSH_PASSWORD)
if(!auth_pam("chsh", uid, pw->pw_name)) {
return EXIT_FAILURE;
}
#endif
-
if (!shell) {
shell = prompt(_("New shell"), oldshell);
if (!shell)
errx(EXIT_SUCCESS, _("Shell not changed."));
#ifdef HAVE_LIBUSER
- set_value_libuser("chsh", pw->pw_name, uid, LU_LOGINSHELL, shell);
+ if (set_value_libuser("chsh", pw->pw_name, uid,
+ LU_LOGINSHELL, shell) < 0)
+ errx(EXIT_FAILURE, _("Shell *NOT* changed. Try again later."));
#else
pw->pw_shell = shell;
if (setpwnam(pw) < 0)
static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid,
const char *username) {
- if(!lu_uses_elevated_privileges(ctx)) {
+ if (!lu_uses_elevated_privileges(ctx)) {
/* Drop privileges */
if (setegid(getgid()) == -1)
err(EXIT_FAILURE, _("Couldn't drop group privileges"));
errx(EXIT_FAILURE, _("libuser initialization failed: %s."),
lu_strerror(error));
- if(!auth_lu(service_name, ctx, uid, username)) {
+ if (!auth_lu(service_name, ctx, uid, username)) {
errno = EACCES;
err(EXIT_FAILURE, _("changing user attribute failed"));
}
}
lu_ent_free(ent);
lu_end(ctx);
- return TRUE;
+
+ return 0;
}
projects / thirdparty / util-linux.git / commitdiff
