Make shadow_logfd and Prog not extern

Closes #444
Closes #465

Signed-off-by: Serge Hallyn <serge@hallyn.com>
pull/471/head
Serge Hallyn 1 year ago
parent b8c67c320c
commit 79157cbad8
  1. 2
      lib/Makefile.am
  2. 1
      lib/commonio.c
  3. 1
      lib/encrypt.c
  4. 1
      lib/getdef.c
  5. 1
      lib/nscd.c
  6. 1
      lib/nss.c
  7. 3
      lib/prototypes.h
  8. 1
      lib/run_part.c
  9. 2
      lib/selinux.c
  10. 1
      lib/semanage.c
  11. 28
      lib/shadowlog.c
  12. 41
      lib/shadowlog.h
  13. 2
      lib/shadowlog_internal.h
  14. 2
      lib/spawn.c
  15. 2
      lib/sssd.c
  16. 2
      lib/tcbfuncs.c
  17. 2
      libmisc/addgrps.c
  18. 3
      libmisc/audit_help.c
  19. 2
      libmisc/chowntty.c
  20. 25
      libmisc/cleanup_group.c
  21. 17
      libmisc/cleanup_user.c
  22. 8
      libmisc/copydir.c
  23. 3
      libmisc/env.c
  24. 37
      libmisc/find_new_gid.c
  25. 9
      libmisc/find_new_sub_gids.c
  26. 9
      libmisc/find_new_sub_uids.c
  27. 37
      libmisc/find_new_uid.c
  28. 2
      libmisc/gettime.c
  29. 41
      libmisc/idmapping.c
  30. 3
      libmisc/limits.c
  31. 2
      libmisc/pam_pass.c
  32. 19
      libmisc/pam_pass_non_interactive.c
  33. 13
      libmisc/prefix_flag.c
  34. 3
      libmisc/pwdcheck.c
  35. 29
      libmisc/root_flag.c
  36. 7
      libmisc/salt.c
  37. 3
      libmisc/setupenv.c
  38. 13
      libmisc/user_busy.c
  39. 7
      libmisc/xgetXXbyYY.c
  40. 5
      libmisc/xmalloc.c
  41. 8
      libsubid/api.c
  42. 5
      src/chage.c
  43. 5
      src/check_subid_range.c
  44. 5
      src/chfn.c
  45. 5
      src/chgpasswd.c
  46. 5
      src/chpasswd.c
  47. 5
      src/chsh.c
  48. 5
      src/expiry.c
  49. 5
      src/faillog.c
  50. 5
      src/free_subid_range.c
  51. 5
      src/get_subid_owners.c
  52. 5
      src/getsubids.c
  53. 5
      src/gpasswd.c
  54. 5
      src/groupadd.c
  55. 5
      src/groupdel.c
  56. 5
      src/groupmems.c
  57. 5
      src/groupmod.c
  58. 5
      src/groups.c
  59. 5
      src/grpck.c
  60. 5
      src/grpconv.c
  61. 5
      src/grpunconv.c
  62. 5
      src/lastlog.c
  63. 5
      src/login.c
  64. 5
      src/logoutd.c
  65. 5
      src/new_subid_range.c
  66. 5
      src/newgidmap.c
  67. 5
      src/newgrp.c
  68. 5
      src/newuidmap.c
  69. 5
      src/newusers.c
  70. 5
      src/passwd.c
  71. 5
      src/pwck.c
  72. 5
      src/pwconv.c
  73. 5
      src/pwunconv.c
  74. 5
      src/su.c
  75. 5
      src/sulogin.c
  76. 5
      src/useradd.c
  77. 5
      src/userdel.c
  78. 5
      src/usermod.c
  79. 5
      src/vipw.c

@ -36,6 +36,8 @@ libshadow_la_SOURCES = \
nss.c \
nscd.c \
nscd.h \
shadowlog.c \
shadowlog.h \
sssd.c \
sssd.h \
pam_defs.h \

@ -51,6 +51,7 @@
#endif /* WITH_TCB */
#include "prototypes.h"
#include "commonio.h"
#include "shadowlog_internal.h"
/* local function prototypes */
static int lrename (const char *, const char *);

@ -39,6 +39,7 @@
#include "prototypes.h"
#include "defines.h"
#include "shadowlog_internal.h"
/*@exposed@*//*@null@*/char *pw_encrypt (const char *clear, const char *salt)
{

@ -44,6 +44,7 @@
#include <libeconf.h>
#endif
#include "getdef.h"
#include "shadowlog_internal.h"
/*
* A configuration item definition.
*/

@ -10,6 +10,7 @@
#include "defines.h"
#include "prototypes.h"
#include "nscd.h"
#include "shadowlog_internal.h"
#define MSG_NSCD_FLUSH_CACHE_FAILED "%s: Failed to flush the nscd cache.\n"

@ -8,6 +8,7 @@
#include <stdatomic.h>
#include "prototypes.h"
#include "../libsubid/subid.h"
#include "shadowlog_internal.h"
#define NSSWITCH "/etc/nsswitch.conf"

@ -59,9 +59,6 @@
#include "defines.h"
#include "commonio.h"
extern /*@observer@*/ const char *Prog; /* Program name showed in error messages */
extern FILE *shadow_logfd; /* file descripter to which error messages are printed */
/* addgrps.c */
#if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
extern int add_groups (const char *);

@ -8,6 +8,7 @@
#include <sys/wait.h>
#include <unistd.h>
#include <lib/prototypes.h>
#include "shadowlog_internal.h"
int run_part (char *script_path, char *name, char *action)
{

@ -38,6 +38,8 @@
#include <selinux/label.h>
#include "prototypes.h"
#include "shadowlog_internal.h"
static bool selinux_checked = false;
static bool selinux_enabled;
static /*@null@*/struct selabel_handle *selabel_hnd = NULL;

@ -43,6 +43,7 @@
#include <semanage/semanage.h>
#include "prototypes.h"
#include "shadowlog_internal.h"
#ifndef DEFAULT_SERANGE
#define DEFAULT_SERANGE "s0"

@ -0,0 +1,28 @@
#include "shadowlog.h"
#include "lib/shadowlog_internal.h"
void log_set_progname(const char *progname)
{
Prog = progname;
}
const char *log_get_progname(void)
{
return Prog;
}
void log_set_logfd(FILE *fd)
{
if (NULL != fd)
shadow_logfd = fd;
else
shadow_logfd = stderr;
}
FILE *log_get_logfd(void)
{
if (shadow_logfd != NULL)
return shadow_logfd;
return stderr;
}

@ -0,0 +1,41 @@
/*
* Copyright (c) 2021 , Serge Hallyn
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the copyright holders or contributors may not be used to
* endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* $Id$ */
#ifndef _LOG_H
#define _LOG_H
#include <stdio.h>
extern void log_set_progname(const char *);
extern const char *log_get_progname(void);
extern void log_set_logfd(FILE *fd);
extern FILE *log_get_logfd(void);
extern void log_dolog(char *, ...);
#endif

@ -0,0 +1,2 @@
const char *Prog; /* Program name showed in error messages */
FILE *shadow_logfd; /* file descripter to which error messages are printed */

@ -38,6 +38,8 @@
#include "exitcodes.h"
#include "prototypes.h"
#include "shadowlog_internal.h"
int run_command (const char *cmd, const char *argv[],
/*@null@*/const char *envp[], /*@out@*/int *status)
{

@ -11,6 +11,8 @@
#include "prototypes.h"
#include "sssd.h"
#include "shadowlog_internal.h"
#define MSG_SSSD_FLUSH_CACHE_FAILED "%s: Failed to flush the sssd cache."
int sssd_flush_cache (int dbflags)

@ -38,6 +38,8 @@
#include "shadowio.h"
#include "tcbfuncs.h"
#include "shadowlog_internal.h"
#define SHADOWTCB_HASH_BY 1000
#define SHADOWTCB_LOCK_SUFFIX ".lock"

@ -40,6 +40,7 @@
#include <stdio.h>
#include <grp.h>
#include <errno.h>
#include "shadowlog.h"
#ident "$Id$"
@ -58,6 +59,7 @@ int add_groups (const char *list)
char *token;
char buf[1024];
int ret;
FILE *shadow_logfd = log_get_logfd();
if (strlen (list) >= sizeof (buf)) {
errno = EINVAL;

@ -45,6 +45,7 @@
#include <errno.h>
#include <stdio.h>
#include "prototypes.h"
#include "shadowlog.h"
int audit_fd;
void audit_help_open (void)
@ -59,7 +60,7 @@ void audit_help_open (void)
return;
}
(void) fputs (_("Cannot open audit interface - aborting.\n"),
shadow_logfd);
log_get_logfd());
exit (EXIT_FAILURE);
}
}

@ -43,6 +43,7 @@
#include "defines.h"
#include <pwd.h>
#include "getdef.h"
#include "shadowlog.h"
/*
* chown_tty() sets the login tty to be owned by the new user ID
@ -75,6 +76,7 @@ void chown_tty (const struct passwd *info)
if ( (fchown (STDIN_FILENO, info->pw_uid, gid) != 0)
|| (fchmod (STDIN_FILENO, (mode_t)getdef_num ("TTYPERM", 0600)) != 0)) {
int err = errno;
FILE *shadow_logfd = log_get_logfd();
fprintf (shadow_logfd,
_("Unable to change owner or mode of tty stdin: %s"),

@ -36,6 +36,7 @@
#include "groupio.h"
#include "sgroupio.h"
#include "prototypes.h"
#include "shadowlog.h"
/*
* cleanup_report_add_group - Report failure to add a group to the system
@ -48,7 +49,7 @@ void cleanup_report_add_group (void *group_name)
SYSLOG ((LOG_ERR, "failed to add group %s", name));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -66,7 +67,7 @@ void cleanup_report_del_group (void *group_name)
SYSLOG ((LOG_ERR, "failed to remove group %s", name));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_GROUP, Prog,
audit_logger (AUDIT_DEL_GROUP, log_get_progname(),
"",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -83,7 +84,7 @@ void cleanup_report_mod_group (void *cleanup_info)
gr_dbname (),
info->action));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
audit_logger (AUDIT_USER_ACCT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -101,7 +102,7 @@ void cleanup_report_mod_gshadow (void *cleanup_info)
sgr_dbname (),
info->action));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
audit_logger (AUDIT_USER_ACCT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -121,7 +122,7 @@ void cleanup_report_add_group_group (void *group_name)
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"adding group to /etc/group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -141,7 +142,7 @@ void cleanup_report_add_group_gshadow (void *group_name)
SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"adding group to /etc/gshadow",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -164,7 +165,7 @@ void cleanup_report_del_group_group (void *group_name)
"failed to remove group %s from %s",
name, gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"removing group from /etc/group",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -187,7 +188,7 @@ void cleanup_report_del_group_gshadow (void *group_name)
"failed to remove group %s from %s",
name, sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
audit_logger (AUDIT_ADD_GROUP, log_get_progname(),
"removing group from /etc/gshadow",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -203,9 +204,9 @@ void cleanup_report_del_group_gshadow (void *group_name)
void cleanup_unlock_group (unused void *arg)
{
if (gr_unlock () == 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: failed to unlock %s\n"),
Prog, gr_dbname ());
log_get_progname(), gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking group file",
@ -223,9 +224,9 @@ void cleanup_unlock_group (unused void *arg)
void cleanup_unlock_gshadow (unused void *arg)
{
if (sgr_unlock () == 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: failed to unlock %s\n"),
Prog, sgr_dbname ());
log_get_progname(), sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking gshadow file",

@ -36,6 +36,7 @@
#include "pwio.h"
#include "shadowio.h"
#include "prototypes.h"
#include "shadowlog.h"
/*
* cleanup_report_add_user - Report failure to add an user to the system
@ -48,7 +49,7 @@ void cleanup_report_add_user (void *user_name)
SYSLOG ((LOG_ERR, "failed to add user %s", name));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
audit_logger (AUDIT_ADD_USER, log_get_progname(),
"",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -65,7 +66,7 @@ void cleanup_report_mod_passwd (void *cleanup_info)
pw_dbname (),
info->action));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_ACCT, Prog,
audit_logger (AUDIT_USER_ACCT, log_get_progname(),
info->audit_msg,
info->name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -85,7 +86,7 @@ void cleanup_report_add_user_passwd (void *user_name)
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
audit_logger (AUDIT_ADD_USER, log_get_progname(),
"adding user to /etc/passwd",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -105,7 +106,7 @@ void cleanup_report_add_user_shadow (void *user_name)
SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
audit_logger (AUDIT_ADD_USER, log_get_progname(),
"adding user to /etc/shadow",
name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
@ -120,9 +121,9 @@ void cleanup_report_add_user_shadow (void *user_name)
void cleanup_unlock_passwd (unused void *arg)
{
if (pw_unlock () == 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: failed to unlock %s\n"),
Prog, pw_dbname ());
log_get_progname(), pw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking passwd file",
@ -139,9 +140,9 @@ void cleanup_unlock_passwd (unused void *arg)
void cleanup_unlock_shadow (unused void *arg)
{
if (spw_unlock () == 0) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: failed to unlock %s\n"),
Prog, spw_dbname ());
log_get_progname(), spw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
#ifdef WITH_AUDIT
audit_logger_message ("unlocking shadow file",

@ -55,6 +55,7 @@
#ifdef WITH_ATTR
#include <attr/libattr.h>
#endif /* WITH_ATTR */
#include "shadowlog.h"
static /*@null@*/const char *src_orig;
@ -116,6 +117,7 @@ static int fchown_if_needed (int fdst, const struct stat *statp,
static void error_acl (struct error_context *ctx, const char *fmt, ...)
{
va_list ap;
FILE *shadow_logfd = log_get_logfd();
/* ignore the case when destination does not support ACLs
* or extended attributes */
@ -125,7 +127,7 @@ static void error_acl (struct error_context *ctx, const char *fmt, ...)
}
va_start (ap, fmt);
(void) fprintf (shadow_logfd, _("%s: "), Prog);
(void) fprintf (shadow_logfd, _("%s: "), log_get_progname());
if (vfprintf (shadow_logfd, fmt, ap) != 0) {
(void) fputs (_(": "), shadow_logfd);
}
@ -248,9 +250,9 @@ int copy_tree (const char *src_root, const char *dst_root,
}
if (!S_ISDIR (sb.st_mode)) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
"%s: %s is not a directory",
Prog, src_root);
log_get_progname(), src_root);
return -1;
}

@ -40,6 +40,7 @@
#include <string.h>
#include "prototypes.h"
#include "defines.h"
#include "shadowlog.h"
/*
* NEWENVP_STEP must be a power of two. This is the number
* of (char *) pointers to allocate at a time, to avoid using
@ -171,7 +172,7 @@ void addenv (const char *string, /*@null@*/const char *value)
}
newenvp = __newenvp;
} else {
(void) fputs (_("Environment overflow\n"), shadow_logfd);
(void) fputs (_("Environment overflow\n"), log_get_logfd());
newenvc--;
free (newenvp[newenvc]);
}

@ -38,6 +38,7 @@
#include "prototypes.h"
#include "groupio.h"
#include "getdef.h"
#include "shadowlog.h"
/*
* get_ranges - Get the minimum and maximum ID ranges for the search
@ -74,10 +75,10 @@ static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
/* Check that the ranges make sense */
if (*max_id < *min_id) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("%s: Invalid configuration: SYS_GID_MIN (%lu), "
"GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
Prog, (unsigned long) *min_id,
log_get_progname(), (unsigned long) *min_id,
getdef_ulong ("GID_MIN", 1000UL),
(unsigned long) *max_id);
return EINVAL;
@ -97,10 +98,10 @@ static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
/* Check that the ranges make sense */
if (*max_id < *min_id) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("%s: Invalid configuration: GID_MIN (%lu), "
"GID_MAX (%lu)\n"),
Prog, (unsigned long) *min_id,
log_get_progname(), (unsigned long) *min_id,
(unsigned long) *max_id);
return EINVAL;
}
@ -213,10 +214,10 @@ int find_new_gid (bool sys_group,
* more likely to want to stop and address the
* issue.
*/
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Encountered error attempting to use "
"preferred GID: %s\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
return -1;
}
}
@ -243,9 +244,9 @@ int find_new_gid (bool sys_group,
/* Create an array to hold all of the discovered GIDs */
used_gids = malloc (sizeof (bool) * (gid_max +1));
if (NULL == used_gids) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: failed to allocate memory: %s\n"),
Prog, strerror (errno));
log_get_progname(), strerror (errno));
return -1;
}
memset (used_gids, false, sizeof (bool) * (gid_max + 1));
@ -323,10 +324,10 @@ int find_new_gid (bool sys_group,
*
*/
if (!nospam) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique system GID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available GIDs: %s",
strerror (result)));
@ -366,10 +367,10 @@ int find_new_gid (bool sys_group,
*
*/
if (!nospam) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique system GID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available GIDs: %s",
strerror (result)));
@ -426,10 +427,10 @@ int find_new_gid (bool sys_group,
*
*/
if (!nospam) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique GID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available GIDs: %s",
strerror (result)));
@ -469,10 +470,10 @@ int find_new_gid (bool sys_group,
*
*/
if (!nospam) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique GID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available GIDs: %s",
strerror (result)));
@ -488,9 +489,9 @@ int find_new_gid (bool sys_group,
}
/* The code reached here and found no available IDs in the range */
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique GID (no more available GIDs)\n"),
Prog);
log_get_progname());
SYSLOG ((LOG_WARN, "no more available GIDs on the system"));
free (used_gids);
return -1;

@ -37,6 +37,7 @@
#include "prototypes.h"
#include "subordinateio.h"
#include "getdef.h"
#include "shadowlog.h"
/*
* find_new_sub_gids - Find a new unused range of GIDs.
@ -60,18 +61,18 @@ int find_new_sub_gids (gid_t *range_start, unsigned long *range_count)
count = getdef_ulong ("SUB_GID_COUNT", 65536);
if (min > max || count >= max || (min + count - 1) > max) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("%s: Invalid configuration: SUB_GID_MIN (%lu),"
" SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"),
Prog, min, max, count);
log_get_progname(), min, max, count);
return -1;
}
start = sub_gid_find_free_range(min, max, count);
if (start == (gid_t)-1) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique subordinate GID range\n"),
Prog);
log_get_progname());
SYSLOG ((LOG_WARN, "no more available subordinate GIDs on the system"));
return -1;
}

@ -37,6 +37,7 @@
#include "prototypes.h"
#include "subordinateio.h"
#include "getdef.h"
#include "shadowlog.h"
/*
* find_new_sub_uids - Find a new unused range of UIDs.
@ -60,18 +61,18 @@ int find_new_sub_uids (uid_t *range_start, unsigned long *range_count)
count = getdef_ulong ("SUB_UID_COUNT", 65536);
if (min > max || count >= max || (min + count - 1) > max) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("%s: Invalid configuration: SUB_UID_MIN (%lu),"
" SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"),
Prog, min, max, count);
log_get_progname(), min, max, count);
return -1;
}
start = sub_uid_find_free_range(min, max, count);
if (start == (uid_t)-1) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique subordinate UID range\n"),
Prog);
log_get_progname());
SYSLOG ((LOG_WARN, "no more available subordinate UIDs on the system"));
return -1;
}

@ -38,6 +38,7 @@
#include "prototypes.h"
#include "pwio.h"
#include "getdef.h"
#include "shadowlog.h"
/*
* get_ranges - Get the minimum and maximum ID ranges for the search
@ -74,10 +75,10 @@ static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
/* Check that the ranges make sense */
if (*max_id < *min_id) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("%s: Invalid configuration: SYS_UID_MIN (%lu), "
"UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
Prog, (unsigned long) *min_id,
log_get_progname(), (unsigned long) *min_id,
getdef_ulong ("UID_MIN", 1000UL),
(unsigned long) *max_id);
return EINVAL;
@ -97,10 +98,10 @@ static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
/* Check that the ranges make sense */
if (*max_id < *min_id) {
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("%s: Invalid configuration: UID_MIN (%lu), "
"UID_MAX (%lu)\n"),
Prog, (unsigned long) *min_id,
log_get_progname(), (unsigned long) *min_id,
(unsigned long) *max_id);
return EINVAL;
}
@ -213,10 +214,10 @@ int find_new_uid(bool sys_user,
* more likely to want to stop and address the
* issue.
*/
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Encountered error attempting to use "
"preferred UID: %s\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
return -1;
}
}
@ -243,9 +244,9 @@ int find_new_uid(bool sys_user,
/* Create an array to hold all of the discovered UIDs */
used_uids = malloc (sizeof (bool) * (uid_max +1));
if (NULL == used_uids) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: failed to allocate memory: %s\n"),
Prog, strerror (errno));
log_get_progname(), strerror (errno));
return -1;
}
memset (used_uids, false, sizeof (bool) * (uid_max + 1));
@ -323,10 +324,10 @@ int find_new_uid(bool sys_user,
*
*/
if (!nospam) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique system UID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available UIDs: %s",
strerror (result)));
@ -366,10 +367,10 @@ int find_new_uid(bool sys_user,
*
*/
if (!nospam) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique system UID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
SYSLOG((LOG_ERR,
"Error checking available UIDs: %s",
strerror (result)));
@ -426,10 +427,10 @@ int find_new_uid(bool sys_user,
*
*/
if (!nospam) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique UID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available UIDs: %s",
strerror (result)));
@ -469,10 +470,10 @@ int find_new_uid(bool sys_user,
*
*/
if (!nospam) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique UID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
log_get_progname(), strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available UIDs: %s",
strerror (result)));
@ -488,9 +489,9 @@ int find_new_uid(bool sys_user,
}
/* The code reached here and found no available IDs in the range */
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: Can't get unique UID (no more available UIDs)\n"),
Prog);
log_get_progname());
SYSLOG ((LOG_WARN, "no more available UIDs on the system"));
free (used_uids);
return -1;

@ -36,6 +36,7 @@
#include <stdio.h>
#include "defines.h"
#include "prototypes.h"
#include "shadowlog.h"
/*
* gettime() returns the time as the number of seconds since the Epoch
@ -50,6 +51,7 @@
char *source_date_epoch;
time_t fallback;
unsigned long long epoch;
FILE *shadow_logfd = log_get_logfd();
fallback = time (NULL);
source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH");

@ -40,6 +40,7 @@
#include <sys/prctl.h>
#include <sys/capability.h>
#endif
#include "shadowlog.h"
struct map_range *get_map_ranges(int ranges, int argc, char **argv)
{
@ -47,28 +48,28 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
int idx, argidx;
if (ranges < 0 || argc < 0) {
fprintf(shadow_logfd, "%s: error calculating number of arguments\n", Prog);
fprintf(log_get_logfd(), "%s: error calculating number of arguments\n", log_get_progname());
return NULL;
}
if (ranges != ((argc + 2) / 3)) {
fprintf(shadow_logfd, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc);
fprintf(log_get_logfd(), "%s: ranges: %u is wrong for argc: %d\n", log_get_progname(), ranges, argc);
return NULL;
}
if ((ranges * 3) > argc) {
fprintf(shadow_logfd, "ranges: %u argc: %d\n",
fprintf(log_get_logfd(), "ranges: %u argc: %d\n",
ranges, argc);
fprintf(shadow_logfd,
fprintf(log_get_logfd(),
_( "%s: Not enough arguments to form %u mappings\n"),
Prog, ranges);
log_get_progname(), ranges);
return NULL;
}
mappings = calloc(ranges, sizeof(*mappings));
if (!mappings) {
fprintf(shadow_logfd, _( "%s: Memory allocation failure\n"),
Prog);
fprintf(log_get_logfd(), _( "%s: Memory allocation failure\n"),
log_get_progname());
exit(EXIT_FAILURE);
}
@ -88,24 +89,24 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
return NULL;
}
if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
exit(EXIT_FAILURE);
}
if (mapping->upper > UINT_MAX ||
mapping->lower > UINT_MAX ||
mapping->count > UINT_MAX) {
fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
exit(EXIT_FAILURE);
}
if (mapping->lower + mapping->count > UINT_MAX ||
mapping->upper + mapping->count > UINT_MAX) {
fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
exit(EXIT_FAILURE);
}
if (mapping->lower + mapping->count < mapping->lower ||
mapping->upper + mapping->count < mapping->upper) {
/* this one really shouldn't be possible given previous checks */
fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
exit(EXIT_FAILURE);
}
}
@ -176,19 +177,19 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
} else if (strcmp(map_file, "gid_map") == 0) {
cap = CAP_SETGID;
} else {
fprintf(shadow_logfd, _("%s: Invalid map file %s specified\n"), Prog, map_file);
fprintf(log_get_logfd(), _("%s: Invalid map file %s specified\n"), log_get_progname(), map_file);
exit(EXIT_FAILURE);
}
/* Align setuid- and fscaps-based new{g,u}idmap behavior. */
if (geteuid() == 0 && geteuid() != ruid) {
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) {
fprintf(shadow_logfd, _("%s: Could not prctl(PR_SET_KEEPCAPS)\n"), Prog);
fprintf(log_get_logfd(), _("%s: Could not prctl(PR_SET_KEEPCAPS)\n"), log_get_progname());
exit(EXIT_FAILURE);
}
if (seteuid(ruid) < 0) {
fprintf(shadow_logfd, _("%s: Could not seteuid to %d\n"), Prog, ruid);
fprintf(log_get_logfd(), _("%s: Could not seteuid to %d\n"), log_get_progname(), ruid);
exit(EXIT_FAILURE);
}
}
@ -204,7 +205,7 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
data[0].effective |= CAP_TO_MASK(CAP_SETFCAP);
data[0].permitted = data[0].effective;
if (capset(&hdr, data) < 0) {
fprintf(shadow_logfd, _("%s: Could not set caps\n"), Prog);
fprintf(log_get_logfd(), _("%s: Could not set caps\n"), log_get_progname());
exit(EXIT_FAILURE);
}
#endif
@ -222,7 +223,7 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
mapping->lower,
mapping->count);
if ((written <= 0) || (written >= (bufsize - (pos - buf)))) {
fprintf(shadow_logfd, _("%s: snprintf failed!\n"), Prog);
fprintf(log_get_logfd(), _("%s: snprintf failed!\n"), log_get_progname());
exit(EXIT_FAILURE);
}
pos += written;
@ -231,13 +232,13 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
/* Write the mapping to the mapping file */
fd = openat(proc_dir_fd, map_file, O_WRONLY);
if (fd < 0) {
fprintf(shadow_logfd, _("%s: open of %s failed: %s\n"),
Prog, map_file, strerror(errno));
fprintf(log_get_logfd(), _("%s: open of %s failed: %s\n"),
log_get_progname(), map_file, strerror(errno));
exit(EXIT_FAILURE);
}
if (write(fd, buf, pos - buf) != (pos - buf)) {
fprintf(shadow_logfd, _("%s: write to %s failed: %s\n"),
Prog, map_file, strerror(errno));
fprintf(log_get_logfd(), _("%s: write to %s failed: %s\n"),
log_get_progname(), map_file, strerror(errno));
exit(EXIT_FAILURE);
}
close(fd);

@ -50,6 +50,7 @@
#include "defines.h"
#include <pwd.h>
#include "getdef.h"
#include "shadowlog.h"
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#define LIMITS
@ -548,7 +549,7 @@ void setup_limits (const struct passwd *info)
#ifdef LIMITS
if (info->pw_uid != 0) {
if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) {
(void) fputs (_("Too many logins.\n"), shadow_logfd);
(void) fputs (_("Too many logins.\n"), log_get_logfd());
(void) sleep (2); /* XXX: Should be FAIL_DELAY */
exit (EXIT_FAILURE);
}

@ -46,11 +46,13 @@
#include "defines.h"
#include "pam_defs.h"
#include "prototypes.h"
#include "shadowlog.h"
void do_pam_passwd (const char *user, bool silent, bool change_expired)
{
pam_handle_t *pamh = NULL;
int flags = 0, ret;
FILE *shadow_logfd = log_get_logfd();
if (silent)
flags |= PAM_SILENT;

@ -38,6 +38,7 @@
#include <stdlib.h>
#include <security/pam_appl.h>
#include "prototypes.h"
#include "shadowlog.h"
/*@null@*/ /*@only@*/static const char *non_interactive_password = NULL;
static int ni_conv (int num_msg,
@ -76,9 +77,9 @@ static int ni_conv (int num_msg,
switch (msg[count]->msg_style) {
case PAM_PROMPT_ECHO_ON:
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: PAM modules requesting echoing are not supported.\n"),
Prog);
log_get_progname());
goto failed_conversation;
case PAM_PROMPT_ECHO_OFF:
responses[count].resp = strdup (non_interactive_password);
@ -88,7 +89,7 @@ static int ni_conv (int num_msg,
break;
case PAM_ERROR_MSG:
if ( (NULL == msg[count]->msg)
|| (fprintf (shadow_logfd, "%s\n", msg[count]->msg) <0)) {
|| (fprintf (log_get_logfd(), "%s\n", msg[count]->msg) <0)) {
goto failed_conversation;
}
responses[count].resp = NULL;
@ -101,9 +102,9 @@ static int ni_conv (int num_msg,
responses[count].resp = NULL;
break;
default:
(void) fprintf (shadow_logfd,
(void) fprintf (log_get_logfd(),
_("%s: conversation type %d not supported.\n"),
Prog, msg[count]->msg_style);
log_get_progname(), msg[count]->msg_style);
goto failed_conversation;
}
}
@ -143,19 +144,19 @@ int do_pam_passwd_non_interactive (const char *pam_service,
ret = pam_start (pam_service, username, &non_interactive_pam_conv, &pamh);
if (ret != PAM_SUCCESS) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: (user %s) pam_start failure %d\n"),
Prog, username, ret);
log_get_progname(), username, ret);
return 1;
}
non_interactive_password = password;
ret = pam_chauthtok (pamh, 0);
if (ret != PAM_SUCCESS) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: (user %s) pam_chauthtok() failed, error:\n"
"%s\n"),
Prog, username, pam_strerror (pamh, ret));
log_get_progname(), username, pam_strerror (pamh, ret));
}
(void) pam_end (pamh, PAM_SUCCESS);

@ -48,6 +48,7 @@
#include "subordinateio.h"
#endif /* ENABLE_SUBIDS */
#include "getdef.h"
#include "shadowlog.h"
static char *passwd_db_file = NULL;
static char *spw_db_file = NULL;
@ -83,18 +84,18 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
&& (val = argv[i] + 9))
|| (strcmp (argv[i], short_opt) == 0)) {
if (NULL != prefix) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: multiple --prefix options\n"),
Prog);
log_get_progname());
exit (E_BAD_ARG);
}
if (val) {
prefix = val;
} else if (i + 1 == argc) {
fprintf (shadow_logfd,
fprintf (log_get_logfd(),
_("%s: option '%s' requires an argument\n"),
Prog, argv[i]);
log_get_progname(), argv[i]);
exit (E_BAD_ARG);
} else {
prefix = argv[++ i