2024-04-03 07:49:58 +00:00
|
|
|
diff -up shadow-4.15.0/src/chpasswd.c.account-tools-setuid shadow-4.15.0/src/chpasswd.c
|
|
|
|
--- shadow-4.15.0/src/chpasswd.c.account-tools-setuid 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
+++ shadow-4.15.0/src/chpasswd.c 2024-03-11 11:21:57.561150382 +0100
|
2023-11-27 10:51:16 +00:00
|
|
|
@@ -443,9 +443,11 @@ int main (int argc, char **argv)
|
|
|
|
char *cp;
|
|
|
|
const char *salt;
|
|
|
|
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
bool use_pam = true;
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
|
|
|
|
int errors = 0;
|
|
|
|
int line = 0;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -469,19 +471,23 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
process_root_flag ("-R", argc, argv);
|
|
|
|
prefix = process_prefix_flag ("-P", argc, argv);
|
|
|
|
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
if (md5flg || eflg || cflg || prefix[0]) {
|
|
|
|
use_pam = false;
|
|
|
|
}
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
OPENLOG (Prog);
|
2023-11-27 10:51:16 +00:00
|
|
|
|
|
|
|
check_perms ();
|
|
|
|
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
if (!use_pam)
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
{
|
|
|
|
is_shadow_pwd = spw_file_present ();
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -543,6 +549,7 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
}
|
|
|
|
newpwd = cp;
|
|
|
|
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
if (use_pam) {
|
2024-04-03 07:49:58 +00:00
|
|
|
if (do_pam_passwd_non_interactive (Prog, name, newpwd) != 0) {
|
|
|
|
@@ -553,6 +560,7 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
}
|
|
|
|
} else
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
{
|
|
|
|
const struct spwd *sp;
|
|
|
|
struct spwd newsp;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -672,9 +680,11 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
* password database.
|
|
|
|
*/
|
|
|
|
if (0 != errors) {
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
if (!use_pam)
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
{
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: error detected, changes ignored\n"),
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -683,9 +693,11 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
fail_exit (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
if (!use_pam)
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
{
|
|
|
|
/* Save the changes */
|
|
|
|
close_files ();
|
2024-04-03 07:49:58 +00:00
|
|
|
diff -up shadow-4.15.0/src/groupmems.c.account-tools-setuid shadow-4.15.0/src/groupmems.c
|
|
|
|
--- shadow-4.15.0/src/groupmems.c.account-tools-setuid 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
+++ shadow-4.15.0/src/groupmems.c 2024-03-11 11:16:18.365408572 +0100
|
2023-11-27 10:51:16 +00:00
|
|
|
@@ -14,9 +14,11 @@
|
|
|
|
#include <grp.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
#include "pam_defs.h"
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
#include <pwd.h>
|
|
|
|
|
|
|
|
#include "alloc.h"
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -430,6 +432,7 @@ static void process_flags (int argc, cha
|
2023-11-27 10:51:16 +00:00
|
|
|
static void check_perms (void)
|
|
|
|
{
|
|
|
|
if (!list) {
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
pam_handle_t *pamh = NULL;
|
|
|
|
int retval;
|
|
|
|
@@ -463,7 +466,8 @@ static void check_perms (void)
|
|
|
|
fail_exit (1);
|
|
|
|
}
|
|
|
|
(void) pam_end (pamh, retval);
|
|
|
|
-#endif
|
|
|
|
+#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-04-03 07:49:58 +00:00
|
|
|
diff -up shadow-4.15.0/src/newusers.c.account-tools-setuid shadow-4.15.0/src/newusers.c
|
|
|
|
--- shadow-4.15.0/src/newusers.c.account-tools-setuid 2024-03-08 22:27:04.000000000 +0100
|
|
|
|
+++ shadow-4.15.0/src/newusers.c 2024-03-11 11:20:07.198909046 +0100
|
2023-11-27 10:51:16 +00:00
|
|
|
@@ -59,6 +59,7 @@
|
2024-04-03 07:49:58 +00:00
|
|
|
static const char Prog[] = "newusers";
|
2023-11-27 10:51:16 +00:00
|
|
|
|
|
|
|
static bool rflg = false; /* create a system account */
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
static /*@null@*//*@observer@*/char *crypt_method = NULL;
|
|
|
|
#define cflg (NULL != crypt_method)
|
|
|
|
@@ -75,6 +76,7 @@ static long bcrypt_rounds = 13;
|
|
|
|
static long yescrypt_cost = 5;
|
|
|
|
#endif /* USE_YESCRYPT */
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
|
|
|
|
static bool is_shadow;
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
@@ -97,9 +99,11 @@ NORETURN static void fail_exit (int);
|
|
|
|
static int add_group (const char *, const char *, gid_t *, gid_t);
|
|
|
|
static int get_user_id (const char *, uid_t *);
|
|
|
|
static int add_user (const char *, uid_t, gid_t);
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
static int update_passwd (struct passwd *, const char *);
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
static int add_passwd (struct passwd *, const char *);
|
|
|
|
static void process_flags (int argc, char **argv);
|
|
|
|
static void check_flags (void);
|
|
|
|
@@ -121,6 +125,7 @@ static void usage (int status)
|
|
|
|
"Options:\n"),
|
|
|
|
Prog);
|
|
|
|
(void) fputs (_(" -b, --badname allow bad names\n"), usageout);
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
(void) fprintf (usageout,
|
|
|
|
_(" -c, --crypt-method METHOD the crypt method (one of %s)\n"),
|
|
|
|
@@ -136,9 +141,11 @@ static void usage (int status)
|
|
|
|
#endif
|
|
|
|
);
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
|
|
|
(void) fputs (_(" -r, --system create system accounts\n"), usageout);
|
|
|
|
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
|
|
|
|
(void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n"
|
|
|
|
@@ -146,6 +153,7 @@ static void usage (int status)
|
|
|
|
usageout);
|
|
|
|
#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
(void) fputs ("\n", usageout);
|
|
|
|
|
|
|
|
exit (status);
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -405,6 +413,7 @@ static int add_user (const char *name, u
|
2023-11-27 10:51:16 +00:00
|
|
|
return (pw_update (&pwent) == 0) ? -1 : 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
/*
|
|
|
|
* update_passwd - update the password in the passwd entry
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -457,6 +466,7 @@ static int update_passwd (struct passwd
|
2023-11-27 10:51:16 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* add_passwd - add or update the encrypted password
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -465,10 +475,13 @@ static int add_passwd (struct passwd *pw
|
2023-11-27 10:51:16 +00:00
|
|
|
{
|
|
|
|
const struct spwd *sp;
|
|
|
|
struct spwd spent;
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
char *cp;
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
void *crypt_arg = NULL;
|
|
|
|
if (NULL != crypt_method) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -505,13 +518,14 @@ static int add_passwd (struct passwd *pw
|
2023-11-27 10:51:16 +00:00
|
|
|
return update_passwd (pwd, password);
|
|
|
|
}
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do the first and easiest shadow file case. The user already
|
|
|
|
* exists in the shadow password file.
|
|
|
|
*/
|
|
|
|
sp = spw_locate (pwd->pw_name);
|
|
|
|
-#ifndef USE_PAM
|
|
|
|
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
|
|
|
|
if (NULL != sp) {
|
|
|
|
spent = *sp;
|
|
|
|
if ( (NULL != crypt_method)
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -547,7 +561,7 @@ static int add_passwd (struct passwd *pw
|
2023-11-27 10:51:16 +00:00
|
|
|
if (strcmp (pwd->pw_passwd, "x") != 0) {
|
|
|
|
return update_passwd (pwd, password);
|
|
|
|
}
|
|
|
|
-#else /* USE_PAM */
|
|
|
|
+#else /* !ACCT_TOOLS_SETUID && !USE_PAM */
|
|
|
|
/*
|
|
|
|
* If there is already a shadow entry, do not touch it.
|
|
|
|
* If there is already a passwd entry with a password, do not
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -558,14 +572,14 @@ static int add_passwd (struct passwd *pw
|
2023-11-27 10:51:16 +00:00
|
|
|
|| (strcmp (pwd->pw_passwd, "x") != 0)) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
-#endif /* USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID && !USE_PAM */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now the really hard case - I need to create an entirely new
|
|
|
|
* shadow password file entry.
|
|
|
|
*/
|
|
|
|
spent.sp_namp = pwd->pw_name;
|
|
|
|
-#ifndef USE_PAM
|
|
|
|
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
|
|
|
|
if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
|
|
|
|
spent.sp_pwdp = (char *)password;
|
|
|
|
} else {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -610,35 +624,41 @@ static int add_passwd (struct passwd *pw
|
2023-11-27 10:51:16 +00:00
|
|
|
static void process_flags (int argc, char **argv)
|
|
|
|
{
|
|
|
|
int c;
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
|
|
|
|
int bad_s;
|
|
|
|
#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
static struct option long_options[] = {
|
|
|
|
{"badname", no_argument, NULL, 'b'},
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
{"crypt-method", required_argument, NULL, 'c'},
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
{"help", no_argument, NULL, 'h'},
|
|
|
|
{"system", no_argument, NULL, 'r'},
|
|
|
|
{"root", required_argument, NULL, 'R'},
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
|
|
|
|
{"sha-rounds", required_argument, NULL, 's'},
|
|
|
|
#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
{NULL, 0, NULL, '\0'}
|
|
|
|
};
|
|
|
|
|
|
|
|
while ((c = getopt_long (argc, argv,
|
|
|
|
-#ifndef USE_PAM
|
|
|
|
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
|
|
|
|
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
|
|
|
|
"c:bhrs:",
|
|
|
|
#else /* !USE_SHA_CRYPT && !USE_BCRYPT && !USE_YESCRYPT */
|
|
|
|
"c:bhr",
|
|
|
|
#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
|
|
|
|
-#else /* USE_PAM */
|
|
|
|
+#else /* !ACCT_TOOLS_SETUID && !USE_PAM */
|
|
|
|
"bhr",
|
|
|
|
#endif
|
|
|
|
long_options, NULL)) != -1) {
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -646,11 +666,13 @@ static void process_flags (int argc, cha
|
2023-11-27 10:51:16 +00:00
|
|
|
case 'b':
|
|
|
|
allow_bad_names = true;
|
|
|
|
break;
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
case 'c':
|
|
|
|
crypt_method = optarg;
|
|
|
|
break;
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
case 'h':
|
|
|
|
usage (EXIT_SUCCESS);
|
|
|
|
break;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -659,6 +681,7 @@ static void process_flags (int argc, cha
|
2023-11-27 10:51:16 +00:00
|
|
|
break;
|
|
|
|
case 'R': /* no-op, handled in process_root_flag () */
|
|
|
|
break;
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
|
|
|
|
case 's':
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -698,6 +721,7 @@ static void process_flags (int argc, cha
|
2023-11-27 10:51:16 +00:00
|
|
|
break;
|
|
|
|
#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
default:
|
|
|
|
usage (EXIT_FAILURE);
|
|
|
|
break;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -730,6 +754,7 @@ static void process_flags (int argc, cha
|
2023-11-27 10:51:16 +00:00
|
|
|
*/
|
|
|
|
static void check_flags (void)
|
|
|
|
{
|
|
|
|
+#ifndef ACCT_TOOLS_SETUID
|
|
|
|
#ifndef USE_PAM
|
|
|
|
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
|
|
|
|
if (sflg && !cflg) {
|
|
|
|
@@ -762,6 +787,7 @@ static void check_flags (void)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* !USE_PAM */
|
|
|
|
+#endif /* !ACCT_TOOLS_SETUID */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
@@ -1052,12 +1078,14 @@ int main (int argc, char **argv)
|
|
|
|
int line = 0;
|
|
|
|
uid_t uid;
|
|
|
|
gid_t gid;
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
int *lines = NULL;
|
|
|
|
char **usernames = NULL;
|
|
|
|
char **passwords = NULL;
|
|
|
|
unsigned int nusers = 0;
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
|
|
|
|
log_set_progname(Prog);
|
2024-04-03 07:49:58 +00:00
|
|
|
log_set_logfd(stderr);
|
|
|
|
@@ -1195,6 +1223,7 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
}
|
|
|
|
newpw = *pw;
|
|
|
|
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
/* keep the list of user/password for later update by PAM */
|
|
|
|
nusers++;
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -1211,6 +1240,7 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
usernames[nusers-1] = strdup (fields[0]);
|
|
|
|
passwords[nusers-1] = strdup (fields[1]);
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
if (add_passwd (&newpw, fields[1]) != 0) {
|
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: line %d: can't update password\n"),
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -1327,6 +1357,7 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
nscd_flush_cache ("group");
|
|
|
|
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
|
|
|
|
|
|
|
+#ifdef ACCT_TOOLS_SETUID
|
|
|
|
#ifdef USE_PAM
|
|
|
|
unsigned int i;
|
|
|
|
/* Now update the passwords using PAM */
|
2024-04-03 07:49:58 +00:00
|
|
|
@@ -1339,6 +1370,7 @@ int main (int argc, char **argv)
|
2023-11-27 10:51:16 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* USE_PAM */
|
|
|
|
+#endif /* ACCT_TOOLS_SETUID */
|
|
|
|
|
|
|
|
exit (EXIT_SUCCESS);
|
|
|
|
}
|