diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-26 16:18:37 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-26 16:18:37 +0000 |
commit | b6b00dd55e035bfbe311a527b567962ffa77ee43 (patch) | |
tree | cafc4d13785448e5a78bd40a51697ee07f07ac12 /contrib | |
parent | Adding debian version 1:4.13+dfsg1-5. (diff) | |
download | shadow-b6b00dd55e035bfbe311a527b567962ffa77ee43.tar.xz shadow-b6b00dd55e035bfbe311a527b567962ffa77ee43.zip |
Merging upstream version 1:4.15.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/Makefile.am | 4 | ||||
-rw-r--r-- | contrib/Makefile.in | 22 | ||||
-rw-r--r-- | contrib/README | 3 | ||||
-rw-r--r-- | contrib/adduser.c | 4 | ||||
-rw-r--r-- | contrib/groupmems.shar | 465 | ||||
-rw-r--r-- | contrib/pwdauth.c | 308 | ||||
-rw-r--r-- | contrib/shadow-anonftp.patch | 147 | ||||
-rw-r--r-- | contrib/udbachk.tgz | bin | 17571 -> 0 bytes |
8 files changed, 20 insertions, 933 deletions
diff --git a/contrib/Makefile.am b/contrib/Makefile.am index 5c45cb7..dc3ccd2 100644 --- a/contrib/Makefile.am +++ b/contrib/Makefile.am @@ -1,6 +1,4 @@ # This is a dummy Makefile.am to get automake work flawlessly, # and also cooperate to make a distribution for `make dist' -EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \ - atudel groupmems.shar pwdauth.c shadow-anonftp.patch \ - udbachk.tgz +EXTRA_DIST = README adduser.c adduser.sh adduser2.sh diff --git a/contrib/Makefile.in b/contrib/Makefile.in index 84f3e30..44fa7cb 100644 --- a/contrib/Makefile.in +++ b/contrib/Makefile.in @@ -141,6 +141,8 @@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CSCOPE = @CSCOPE@ @@ -159,6 +161,7 @@ EGREP = @EGREP@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ @@ -174,9 +177,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBACL = @LIBACL@ +LIBADD_DL = @LIBADD_DL@ +LIBADD_DLD_LINK = @LIBADD_DLD_LINK@ +LIBADD_DLOPEN = @LIBADD_DLOPEN@ +LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@ LIBATTR = @LIBATTR@ LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ +LIBBSD = @LIBBSD@ +LIBBSD_CFLAGS = @LIBBSD_CFLAGS@ +LIBBSD_LIBS = @LIBBSD_LIBS@ LIBCRYPT = @LIBCRYPT@ LIBECONF = @LIBECONF@ LIBICONV = @LIBICONV@ @@ -192,6 +201,7 @@ LIBSUBID_ABI = @LIBSUBID_ABI@ LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@ LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@ LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@ +LIBSYSTEMD = @LIBSYSTEMD@ LIBTCB = @LIBTCB@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -200,6 +210,8 @@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ +LT_DLLOADERS = @LT_DLLOADERS@ +LT_DLPREOPEN = @LT_DLPREOPEN@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ @@ -222,6 +234,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ RANLIB = @RANLIB@ SED = @SED@ @@ -293,10 +308,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \ - atudel groupmems.shar pwdauth.c shadow-anonftp.patch \ - udbachk.tgz - +EXTRA_DIST = README adduser.c adduser.sh adduser2.sh all: all-am .SUFFIXES: diff --git a/contrib/README b/contrib/README index c4d1bc0..6002923 100644 --- a/contrib/README +++ b/contrib/README @@ -2,9 +2,6 @@ People keep sending various adduser programs and scripts... They are all in this directory. I haven't tested them, use at your own risk. Anyway, the best one I've seen so far is adduser-3.x from Debian. -atudel is a perl script to remove at jobs owned by the specified user -(atrm in at-2.9 for Linux can't do that). - udbachk.tgz is a passwd/group/shadow file integrity checker. --marekm diff --git a/contrib/adduser.c b/contrib/adduser.c index deebd4c..584e098 100644 --- a/contrib/adduser.c +++ b/contrib/adduser.c @@ -60,7 +60,7 @@ ** Added in the password date field, which should always reflect the last ** date the password was changed, for expiry purposes. "passwd" always ** updates this field, so the adduser program should set it up right -** initially (or a user could keep thier initial password forever ;) +** initially (or a user could keep their initial password forever ;) ** The number is in days since Jan 1st, 1970. ** ** Have fun with it, and someone please make @@ -489,7 +489,7 @@ safeget (char *buf, int maxlen) while ((c = getc (stdin)) != EOF && (c != '\n') && (++i < maxlen)) { bad = (!isalnum (c) && (c != '_') && (c != ' ')); - *(buf++) = (char) c; + *(buf++) = c; } *buf = '\0'; diff --git a/contrib/groupmems.shar b/contrib/groupmems.shar deleted file mode 100644 index 62e9b48..0000000 --- a/contrib/groupmems.shar +++ /dev/null @@ -1,465 +0,0 @@ -#!/bin/sh -# This is a shell archive (produced by GNU sharutils 4.2.1). -# To extract the files from this archive, save it to some FILE, remove -# everything before the `!/bin/sh' line above, then type `sh FILE'. -# -# Made on 2000-05-25 14:41 CDT by <gk4@gnu.austin.ibm.com>. -# Source directory was `/home/gk4/src/groupmem'. -# -# Existing files will *not* be overwritten unless `-c' is specified. -# -# This shar contains: -# length mode name -# ------ ---------- ------------------------------------------ -# 1960 -rw-r--r-- Makefile -# 6348 -rw-r--r-- groupmems.c -# 3372 -rw------- groupmems.8 -# -save_IFS="${IFS}" -IFS="${IFS}:" -gettext_dir=FAILED -locale_dir=FAILED -first_param="$1" -for dir in $PATH -do - if test "$gettext_dir" = FAILED && test -f $dir/gettext \ - && ($dir/gettext --version >/dev/null 2>&1) - then - set `$dir/gettext --version 2>&1` - if test "$3" = GNU - then - gettext_dir=$dir - fi - fi - if test "$locale_dir" = FAILED && test -f $dir/shar \ - && ($dir/shar --print-text-domain-dir >/dev/null 2>&1) - then - locale_dir=`$dir/shar --print-text-domain-dir` - fi -done -IFS="$save_IFS" -if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED -then - echo=echo -else - TEXTDOMAINDIR=$locale_dir - export TEXTDOMAINDIR - TEXTDOMAIN=sharutils - export TEXTDOMAIN - echo="$gettext_dir/gettext -s" -fi -if touch -am -t 200112312359.59 $$.touch >/dev/null 2>&1 && test ! -f 200112312359.59 -a -f $$.touch; then - shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"' -elif touch -am 123123592001.59 $$.touch >/dev/null 2>&1 && test ! -f 123123592001.59 -a ! -f 123123592001.5 -a -f $$.touch; then - shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"' -elif touch -am 1231235901 $$.touch >/dev/null 2>&1 && test ! -f 1231235901 -a -f $$.touch; then - shar_touch='touch -am $3$4$5$6$2 "$8"' -else - shar_touch=: - echo - $echo 'WARNING: not restoring timestamps. Consider getting and' - $echo "installing GNU \`touch', distributed in GNU File Utilities..." - echo -fi -rm -f 200112312359.59 123123592001.59 123123592001.5 1231235901 $$.touch -# -if mkdir _sh10937; then - $echo 'x -' 'creating lock directory' -else - $echo 'failed to create lock directory' - exit 1 -fi -# ============= Makefile ============== -if test -f 'Makefile' && test "$first_param" != -c; then - $echo 'x -' SKIPPING 'Makefile' '(file already exists)' -else - $echo 'x -' extracting 'Makefile' '(text)' - sed 's/^X//' << 'SHAR_EOF' > 'Makefile' && -/* -# SPDX-FileCopyrightText: 2000, International Business Machines, Inc. -# SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com -# SPDX-License-Identifier: BSD-3-Clause -# -X -all: groupmems -X -groupmems: groupmems.c -X cc -g -o groupmems groupmems.c -L. -lshadow -X -install: groupmems -X -/usr/sbin/groupadd groups -X install -o root -g groups -m 4770 groupmems /usr/bin -X -install.man: groupmems.8 -X install -o root -g root -m 644 groupmems.8 /usr/man/man8 -X -SHAR_EOF - (set 20 00 05 25 14 40 28 'Makefile'; eval "$shar_touch") && - chmod 0644 'Makefile' || - $echo 'restore of' 'Makefile' 'failed' - if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \ - && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then - md5sum -c << SHAR_EOF >/dev/null 2>&1 \ - || $echo 'Makefile:' 'MD5 check failed' -b46cf7ef8d59149093c011ced3f3103c Makefile -SHAR_EOF - else - shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'Makefile'`" - test 1960 -eq "$shar_count" || - $echo 'Makefile:' 'original size' '1960,' 'current size' "$shar_count!" - fi -fi -# ============= groupmems.c ============== -if test -f 'groupmems.c' && test "$first_param" != -c; then - $echo 'x -' SKIPPING 'groupmems.c' '(file already exists)' -else - $echo 'x -' extracting 'groupmems.c' '(text)' - sed 's/^X//' << 'SHAR_EOF' > 'groupmems.c' && -/* -X * SPDX-FileCopyrightText: 2000, International Business Machines, Inc. -X * SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com -X * SPDX-License-Identifier: BSD-3-Clause -X */ -/* -** -** Utility "groupmem" adds and deletes members from a user's group. -** -** Setup (as "root"): -** -** groupadd -r groups -** chmod 2770 groupmems -** chown root.groups groupmems -** groupmems -g groups -a gk4 -** -** Usage (as "gk4"): -** -** groupmems -a olive -** groupmems -a jordan -** groupmems -a meghan -** groupmems -a morgan -** groupmems -a jake -** groupmems -l -** groupmems -d jake -** groupmems -l -*/ -X -#include <stdio.h> -#include <pwd.h> -#include <grp.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include "defines.h" -#include "groupio.h" -X -/* Exit Status Values */ -X -#define EXIT_SUCCESS 0 /* success */ -#define EXIT_USAGE 1 /* invalid command syntax */ -#define EXIT_GROUP_FILE 2 /* group file access problems */ -#define EXIT_NOT_ROOT 3 /* not superuser */ -#define EXIT_NOT_EROOT 4 /* not effective superuser */ -#define EXIT_NOT_PRIMARY 5 /* not primary owner of group */ -#define EXIT_NOT_MEMBER 6 /* member of group does not exist */ -#define EXIT_MEMBER_EXISTS 7 /* member of group already exists */ -X -#define TRUE 1 -#define FALSE 0 -X -/* Globals */ -X -extern int optind; -extern char *optarg; -static char *adduser = NULL; -static char *deluser = NULL; -static char *thisgroup = NULL; -static int purge = FALSE; -static int list = FALSE; -static int exclusive = 0; -X -static int isroot(void) { -X return getuid() ? FALSE : TRUE; -} -X -static int isgroup(void) { -X gid_t g = getgid(); -X struct group *grp = getgrgid(g); -X -X return TRUE; -} -X -static char *whoami(void) { -X struct group *grp = getgrgid(getgid()); -X struct passwd *usr = getpwuid(getuid()); -X -X if (0 == strcmp(usr->pw_name, grp->gr_name)) { -X return (char *)strdup(usr->pw_name); -X } else { -X return NULL; -X } -} -X -static void -addtogroup(char *user, char **members) { -X int i; -X char **pmembers; -X -X for (i = 0; NULL != members[i]; i++ ) { -X if (0 == strcmp(user, members[i])) { -X fprintf(stderr, "Member already exists\n"); -X exit(EXIT_MEMBER_EXISTS); -X } -X } -X -X if (0 == i) { -X pmembers = (char **)calloc(2, sizeof(char *)); -X } else { -X pmembers = (char **)realloc(members, sizeof(char *)*(i+1)); -X } -X -X *members = *pmembers; -X members[i] = user; -X members[i+1] = NULL; -} -X -static void -rmfromgroup(char *user, char **members) { -X int i; -X int found = FALSE; -X -X i = 0; -X while (!found && NULL != members[i]) { -X if (0 == strcmp(user, members[i])) { -X found = TRUE; -X } else { -X i++; -X } -X } -X -X while (found && NULL != members[i]) { -X members[i] = members[++i]; -X } -X -X if (!found) { -X fprintf(stderr, "Member to remove could not be found\n"); -X exit(EXIT_NOT_MEMBER); -X } -} -X -static void -nomembers(char **members) { -X int i; -X -X for (i = 0; NULL != members[i]; i++ ) { -X members[i] = NULL; -X } -} -X -static void -members(char **members) { -X int i; -X -X for (i = 0; NULL != members[i]; i++ ) { -X printf("%s ", members[i]); -X -X if (NULL == members[i+1]) { -X printf("\n"); -X } else { -X printf(" "); -X } -X } -} -X -static void usage(void) { -X fprintf(stderr, "usage: groupmems -a username | -d username | -D | -l [-g groupname]\n"); -X exit(EXIT_USAGE); -} -X -main(int argc, char **argv) { -X int arg, i; -X char *name; -X struct group *grp; -X -X while ((arg = getopt(argc, argv, "a:d:g:Dl")) != EOF) { -X switch (arg) { -X case 'a': -X adduser = strdup(optarg); -X ++exclusive; -X break; -X case 'd': -X deluser = strdup(optarg); -X ++exclusive; -X break; -X case 'g': -X thisgroup = strdup(optarg); -X break; -X case 'D': -X purge = TRUE; -X ++exclusive; -X break; -X case 'l': -X list = TRUE; -X ++exclusive; -X break; -X default: -X usage(); -X } -X } -X -X if (exclusive > 1 || optind < argc) { -X usage(); -X } -X -X if (!isroot() && NULL != thisgroup) { -X fprintf(stderr, "Only root can add members to different groups\n"); -X exit(EXIT_NOT_ROOT); -X } else if (isroot() && NULL != thisgroup) { -X name = thisgroup; -X } else if (!isgroup()) { -X fprintf(stderr, "Group access is required\n"); -X exit(EXIT_NOT_EROOT); -X } else if (NULL == (name = whoami())) { -X fprintf(stderr, "Not primary owner of current group\n"); -X exit(EXIT_NOT_PRIMARY); -X } -X -X if (!gr_lock()) { -X fprintf(stderr, "Unable to lock group file\n"); -X exit(EXIT_GROUP_FILE); -X } -X -X if (!gr_open(O_RDWR)) { -X fprintf(stderr, "Unable to open group file\n"); -X exit(EXIT_GROUP_FILE); -X } -X -X grp = (struct group *)gr_locate(name); -X -X if (NULL != adduser) { -X addtogroup(adduser, grp->gr_mem); -X gr_update(grp); -X } else if (NULL != deluser) { -X rmfromgroup(deluser, grp->gr_mem); -X gr_update(grp); -X } else if (purge) { -X nomembers(grp->gr_mem); -X gr_update(grp); -X } else if (list) { -X members(grp->gr_mem); -X } -X -X if (!gr_close()) { -X fprintf(stderr, "Cannot close group file\n"); -X exit(EXIT_GROUP_FILE); -X } -X -X gr_unlock(); -X -X exit(EXIT_SUCCESS); -} -X -/* EOF */ -SHAR_EOF - (set 20 00 05 25 14 36 38 'groupmems.c'; eval "$shar_touch") && - chmod 0644 'groupmems.c' || - $echo 'restore of' 'groupmems.c' 'failed' - if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \ - && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then - md5sum -c << SHAR_EOF >/dev/null 2>&1 \ - || $echo 'groupmems.c:' 'MD5 check failed' -f0dd68f8d762d89d24d3ce1f4141f981 groupmems.c -SHAR_EOF - else - shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.c'`" - test 6348 -eq "$shar_count" || - $echo 'groupmems.c:' 'original size' '6348,' 'current size' "$shar_count!" - fi -fi -# ============= groupmems.8 ============== -if test -f 'groupmems.8' && test "$first_param" != -c; then - $echo 'x -' SKIPPING 'groupmems.8' '(file already exists)' -else - $echo 'x -' extracting 'groupmems.8' '(text)' - sed 's/^X//' << 'SHAR_EOF' > 'groupmems.8' && -X.\" -X.\" SPDX-FileCopyrightText: 2000, International Business Machines, Inc. -X.\" SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com -X.\" SPDX-License-Identifier: BSD-3-Clause -X.\" -X.\" $Id$ -X.\" -X.TH GROUPMEMS 8 -X.SH NAME -groupmems \- Administer members of a user's primary group -X.SH SYNOPSIS -X.B groupmems -\fB-a\fI user_name \fR | -\fB-d\fI user_name \fR | -\fB-l\fR | -\fB-D\fR | -[\fB-g\fI group_name \fR] -X.SH DESCRIPTION -The \fBgroupmems\fR utility allows a user to administer their own -group membership list without the requirement of superuser privileges. -The \fBgroupmems\fR utility is for systems that configure its users to -be in their own name sake primary group (i.e., guest / guest). -X.P -Only the superuser, as administrator, can use \fBgroupmems\fR to alter -the memberships of other groups. -X.IP "\fB-a \fIuser_name\fR" -Add a new user to the group membership list. -X.IP "\fB-d \fIuser_name\fR" -Delete a user from the group membership list. -X.IP "\fB-l\fR" -List the group membership list. -X.IP "\fB-D\fR" -Delete all users from the group membership list. -X.IP "\fB-g \fIgroup_name\fR" -The superuser can specify which group membership list to modify. -X.SH SETUP -The \fBgroupmems\fR executable should be in mode \fB2770\fR as user \fBroot\fR -and in group \fBgroups\fR. The system administrator can add users to -group groups to allow or disallow them using the \fBgroupmems\fR utility -to manager their own group membership list. -X.P -X $ groupadd -r groups -X.br -X $ chmod 2770 groupmems -X.br -X $ chown root.groups groupmems -X.br -X $ groupmems -g groups -a gk4 -X.SH FILES -/etc/group -X.br -/etc/gshadow -X.SH SEE ALSO -X.BR chfn (1), -X.BR chsh (1), -X.BR useradd (8), -X.BR userdel (8), -X.BR usermod (8), -X.BR passwd (1), -X.BR groupadd (8), -X.BR groupdel (8) -X.SH AUTHOR -George Kraft IV (gk4@us.ibm.com) -X.\" EOF -SHAR_EOF - (set 20 00 05 25 14 38 23 'groupmems.8'; eval "$shar_touch") && - chmod 0600 'groupmems.8' || - $echo 'restore of' 'groupmems.8' 'failed' - if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \ - && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then - md5sum -c << SHAR_EOF >/dev/null 2>&1 \ - || $echo 'groupmems.8:' 'MD5 check failed' -181e6cd3a3c9d3df320197fa2cde2b4a groupmems.8 -SHAR_EOF - else - shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.8'`" - test 3372 -eq "$shar_count" || - $echo 'groupmems.8:' 'original size' '3372,' 'current size' "$shar_count!" - fi -fi -rm -fr _sh10937 -exit 0 diff --git a/contrib/pwdauth.c b/contrib/pwdauth.c deleted file mode 100644 index ca15495..0000000 --- a/contrib/pwdauth.c +++ /dev/null @@ -1,308 +0,0 @@ -/* - * pwdauth.c - program to verify a given username/password pair. - * - * Run it with username in argv[1] (may be omitted - default is the - * current user), and send it the password over a pipe on stdin. - * Exit status: 0 - correct password, 1 - wrong password, >1 - other - * errors. For use with shadow passwords, this program should be - * installed setuid root. - * - * This can be used, for example, by xlock - you don't have to install - * this large and complex (== possibly insecure) program setuid root, - * just modify it to run this simple program to do the authentication. - * - * Recent versions (xlockmore-3.9) are cleaner, and drop privileges as - * soon as possible after getting the user's encrypted password. - * Using this program probably doesn't make it more secure, and has one - * disadvantage: since we don't get the encrypted user's password at - * startup (but at the time the user is authenticated), it is not clear - * how we should handle errors (like getpwnam() returning NULL). - * - fail the authentication? Problem: no way to unlock (other than kill - * the process from somewhere else) if the NIS server stops responding. - * - succeed and unlock? Problem: it's too easy to unlock by unplugging - * the box from the network and waiting until NIS times out... - * - * This program is Copyright (C) 1996 Marek Michalkiewicz - * <marekm@i17linuxb.ists.pwr.wroc.pl>. - * - * It may be used and distributed freely for any purposes. There is no - * warranty - use at your own risk. I am not liable for any damages etc. - * If you improve it, please send me your changes. - */ - -static char rcsid[] = "$Id$"; - -/* - * Define USE_SYSLOG to use syslog() to log successful and failed - * authentication. This should be safe even if your system has - * the infamous syslog buffer overrun security problem... - */ -#define USE_SYSLOG - -/* - * Define HAVE_GETSPNAM to get shadow passwords using getspnam(). - * Some systems don't have getspnam(), but getpwnam() returns - * encrypted passwords only if running as root. - * - * According to the xlock source (not tested, except Linux) - - * define: Linux, Solaris 2.x, SVR4, ... - * undef: HP-UX with Secured Passwords, FreeBSD, NetBSD, QNX. - * Known not supported (yet): Ultrix, OSF/1, SCO. - */ -#define HAVE_GETSPNAM - -/* - * Define HAVE_PW_ENCRYPT to use pw_encrypt() instead of crypt(). - * pw_encrypt() is like the standard crypt(), except that it may - * support better password hashing algorithms. - * - * Define if linking with libshadow.a from the shadow password - * suite (Linux, SunOS 4.x?). - */ -#undef HAVE_PW_ENCRYPT - -/* - * Define HAVE_AUTH_METHODS to support the shadow suite specific - * extension: the encrypted password field contains a list of - * administrator defined authentication methods, separated by - * semicolons. This program only supports the standard password - * authentication method (a string that doesn't start with '@'). - */ -#undef HAVE_AUTH_METHODS - -/* - * FAIL_DELAY - number of seconds to sleep before exiting if the - * password was wrong, to slow down password guessing attempts. - */ -#define FAIL_DELAY 2 - -/* No user-serviceable parts below :-). */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/types.h> -#include <sys/wait.h> -#include <unistd.h> -#include <pwd.h> - -#ifdef USE_SYSLOG -#include <syslog.h> -#ifndef LOG_AUTHPRIV -#define LOG_AUTHPRIV LOG_AUTH -#endif -#endif - -#ifdef HAVE_GETSPNAM -#include <shadow.h> -#endif - -#ifdef HAVE_PW_ENCRYPT -extern char *pw_encrypt(); -#define crypt pw_encrypt -#endif - -/* - * Read the password (one line) from fp. We don't turn off echo - * because we expect input from a pipe. - */ -static char * -get_line(fp) - FILE *fp; -{ - static char buf[128]; - char *cp; - int ch; - - cp = buf; - while ((ch = getc(fp)) != EOF && ch != '\0' && ch != '\n') { - if (cp >= buf + sizeof buf - 1) - break; - *cp++ = ch; - } - *cp = '\0'; - return buf; -} - -/* - * Get the password file entry for the current user. If the name - * returned by getlogin() is correct (matches the current real uid), - * return the entry for that user. Otherwise, return the entry (if - * any) matching the current real uid. Return NULL on failure. - */ -static struct passwd * -get_my_pwent() -{ - uid_t uid = getuid(); - char *name = getlogin(); - - if (name && *name) { - struct passwd *pw = getpwnam(name); - - if (pw && pw->pw_uid == uid) - return pw; - } - return getpwuid(uid); -} - -/* - * Verify the password. The system-dependent shadow support is here. - */ -static int -password_auth_ok(pw, pass) - const struct passwd *pw; - const char *pass; -{ - int result; - char *cp; -#ifdef HAVE_AUTH_METHODS - char *buf; -#endif -#ifdef HAVE_GETSPNAM - struct spwd *sp; -#endif - - if (pw) { -#ifdef HAVE_GETSPNAM - sp = getspnam(pw->pw_name); - if (sp) - cp = sp->sp_pwdp; - else -#endif - cp = pw->pw_passwd; - } else - cp = "xx"; - -#ifdef HAVE_AUTH_METHODS - buf = strdup(cp); /* will be modified by strtok() */ - if (!buf) { - fprintf(stderr, "Out of memory.\n"); - exit(13); - } - cp = strtok(buf, ";"); - while (cp && *cp == '@') - cp = strtok(NULL, ";"); - - /* fail if no password authentication for this user */ - if (!cp) - cp = "xx"; -#endif - - if (*pass || *cp) - result = (strcmp(crypt(pass, cp), cp) == 0); - else - result = 1; /* user with no password */ - -#ifdef HAVE_AUTH_METHODS - free(buf); -#endif - return result; -} - -/* - * Main program. - */ -int -main(argc, argv) - int argc; - char **argv; -{ - struct passwd *pw; - char *pass, *name; - char myname[32]; - -#ifdef USE_SYSLOG - openlog("pwdauth", LOG_PID | LOG_CONS, LOG_AUTHPRIV); -#endif - pw = get_my_pwent(); - if (!pw) { -#ifdef USE_SYSLOG - syslog(LOG_ERR, "can't get login name for uid %d.\n", - (int) getuid()); -#endif - fprintf(stderr, "Who are you?\n"); - exit(2); - } - strncpy(myname, pw->pw_name, sizeof myname - 1); - myname[sizeof myname - 1] = '\0'; - name = myname; - - if (argc > 1) { - name = argv[1]; - pw = getpwnam(name); - } - - pass = get_line(stdin); - if (password_auth_ok(pw, pass)) { -#ifdef USE_SYSLOG - syslog(pw->pw_uid ? LOG_INFO : LOG_NOTICE, - "user `%s' entered correct password for `%.32s'.\n", - myname, name); -#endif - exit(0); - } -#ifdef USE_SYSLOG - /* be careful not to overrun the syslog buffer */ - syslog((!pw || pw->pw_uid) ? LOG_NOTICE : LOG_WARNING, - "user `%s' entered incorrect password for `%.32s'.\n", - myname, name); -#endif -#ifdef FAIL_DELAY - sleep(FAIL_DELAY); -#endif - fprintf(stderr, "Wrong password.\n"); - exit(1); -} - -#if 0 -/* - * You can use code similar to the following to run this program. - * Return values: >=0 - program exit status (use the <sys/wait.h> - * macros to get the exit code, it is shifted left by 8 bits), - * -1 - check errno. - */ -int -verify_password(const char *username, const char *password) -{ - int pipe_fd[2]; - int pid, wpid, status; - - if (pipe(pipe_fd)) - return -1; - - if ((pid = fork()) == 0) { - char *arg[3]; - char *env[1]; - - /* child */ - close(pipe_fd[1]); - if (pipe_fd[0] != 0) { - if (dup2(pipe_fd[0], 0) != 0) - _exit(127); - close(pipe_fd[0]); - } - arg[0] = "/usr/bin/pwdauth"; - arg[1] = username; - arg[2] = NULL; - env[0] = NULL; - execve(arg[0], arg, env); - _exit(127); - } else if (pid == -1) { - /* error */ - close(pipe_fd[0]); - close(pipe_fd[1]); - return -1; - } - /* parent */ - close(pipe_fd[0]); - write(pipe_fd[1], password, strlen(password)); - write(pipe_fd[1], "\n", 1); - close(pipe_fd[1]); - - while ((wpid = wait(&status)) != pid) { - if (wpid == -1) - return -1; - } - return status; -} -#endif diff --git a/contrib/shadow-anonftp.patch b/contrib/shadow-anonftp.patch deleted file mode 100644 index e09647d..0000000 --- a/contrib/shadow-anonftp.patch +++ /dev/null @@ -1,147 +0,0 @@ -Hello Marek, - -I have created a diffile against the 980403 release that adds -functionality to newusers for automatic handling of users with only -anonymous ftp login (using the guestgroup feature in ftpaccess, which -means that the users home directory looks like '/home/user/./'). It also -adds a commandline argument to specify an initial directory structure -for such users, with a tarball normally containing the bin,lib,etc -directories used in the chrooted environment. - -I am using it to automatically create chunks of users with only ftp -access for a webserver. - -I have tried to follow your coding standards and I believe it is bug -free but.. well, who knows. :) It's not much code however. - -I hope you find it useful. Do what you like with it, feel free to ask if -anything is unclear. - -Best rgds, - Calle Karlsson - ckn@kash.se - -diff -uNr shadow-980403.orig/src/newusers.c shadow-980403/src/newusers.c ---- shadow-980403.orig/src/newusers.c Fri Jan 30 00:22:43 1998 -+++ shadow-980403/src/newusers.c Fri Apr 17 16:55:33 1998 -@@ -76,11 +76,35 @@ - static void - usage(void) - { -- fprintf(stderr, "Usage: %s [ input ]\n", Prog); -+ fprintf (stderr, "Usage: %s [-p prototype tarfile] [ input ]\n", Prog); -+ fprintf (stderr, "The prototype tarfile is only used for users\n"); -+ fprintf (stderr, "marked as anonymous ftp users. It must be a full pathname.\n"); - exit(1); - } - - /* -+ * createuserdir - create a directory and chmod it -+ */ -+ -+static int -+createuserdir (char * dir, int uid, int gid, int line) -+{ -+ if (mkdir (dir, 0777 & ~getdef_num("UMASK", 077))) { -+ fprintf (stderr, "%s: line %d: mkdir %s failed\n", -+ Prog, line, dir); -+ return -1; -+ } -+ -+ if (chown (dir, uid, gid)) { -+ fprintf (stderr, "%s: line %d: chown %s failed\n", -+ Prog, line, dir); -+ return -1; -+ } -+ -+ return 0; -+} -+ -+/* - * add_group - create a new group or add a user to an existing group - */ - -@@ -328,6 +352,8 @@ - main(int argc, char **argv) - { - char buf[BUFSIZ]; -+ char anonproto[BUFSIZ]; -+ int flag; - char *fields[8]; - int nfields; - char *cp; -@@ -340,12 +366,23 @@ - - Prog = Basename(argv[0]); - -- if (argc > 1 && argv[1][0] == '-') -- usage (); -+ * anonproto = '\0'; -+ -+ while ((flag = getopt (argc, argv, "p:h")) != EOF) { -+ switch (flag) { -+ case 'p': -+ STRFCPY(anonproto, optarg); -+ break; -+ case 'h': -+ default: -+ usage (); -+ break; -+ } -+ } - -- if (argc == 2) { -- if (! freopen (argv[1], "r", stdin)) { -- snprintf(buf, sizeof buf, "%s: %s", Prog, argv[1]); -+ if (optind < argc) { -+ if (! freopen (argv[optind], "r", stdin)) { -+ snprintf(buf, sizeof buf, "%s: %s", Prog, argv[optind]); - perror (buf); - exit (1); - } -@@ -499,15 +536,36 @@ - if (fields[6][0]) - newpw.pw_shell = fields[6]; - -- if (newpw.pw_dir[0] && access(newpw.pw_dir, F_OK)) { -- if (mkdir (newpw.pw_dir, -- 0777 & ~getdef_num("UMASK", 077))) -- fprintf (stderr, "%s: line %d: mkdir failed\n", -- Prog, line); -- else if (chown (newpw.pw_dir, -- newpw.pw_uid, newpw.pw_gid)) -- fprintf (stderr, "%s: line %d: chown failed\n", -- Prog, line); -+ if (newpw.pw_dir[0]) { -+ char * userdir = strdup (newpw.pw_dir); -+ char * anonpart; -+ int rc; -+ -+ if ((anonpart = strstr (userdir, "/./"))) { -+ * anonpart = '\0'; -+ anonpart += 2; -+ } -+ -+ if (access(userdir, F_OK)) -+ rc = createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line); -+ else -+ rc = 0; -+ -+ if (rc == 0 && anonpart) { -+ if (* anonproto) { -+ char cmdbuf [BUFSIZ]; -+ snprintf(cmdbuf, sizeof cmdbuf, -+ "cd %s; tar xf %s", -+ userdir, anonproto); -+ system (cmdbuf); -+ } -+ if (strlen (anonpart) > 1) { -+ strcat (userdir, anonpart); -+ if (access (userdir, F_OK)) -+ createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line); -+ } -+ } -+ free (userdir); - } - - /* diff --git a/contrib/udbachk.tgz b/contrib/udbachk.tgz Binary files differdeleted file mode 100644 index 605ad63..0000000 --- a/contrib/udbachk.tgz +++ /dev/null |