Let's make it possible to use debug.h without environment variables.
Suggested-by: J William Piggott <elseifthen@gmx.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
We have command line option -H to disable hostname in login prompt.
Unfortunately, in same cases (e.g. telnetd) it's impossible to specify
login(1) command line options due to hardcoded execl()...
This patch introduces LOGIN_PLAIN_PROMPT boolean for /etc/login.defs
to suppress hostname in the prompt.
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems better to deallocate logindefs.conf stuff in long time
running (=waiting) processes like login(1) and su(1).
Signed-off-by: Karel Zak <kzak@redhat.com>
* Start the ISO format flags at bit 0 instead of bit 1.
* Remove unnecessary _8601 from ISO format flag names to
avoid line wrapping and to ease readability.
* ISO timestamps have date-time-timzone in common, so move
the TIMEZONE flag to bit 2 causing all timestamp masks
to have the first three bits set and the last four bits
as timestamp 'options'.
* Change the 'SPACE' flag to a 'T' flag, because it makes
the code and comments more concise.
* Add common ISO timestamp masks.
* Implement the ISO timestamp masks in all applicable code
using the strxxx_iso() functions.
Signed-off-by: J William Piggott <elseifthen@gmx.com>
This new function returns the GMT offset relative to its
argument. It is used in this patch to fix two bugs:
1) On platforms that the tm struct excludes tm_gmtoff,
hwclock assumes a one hour DST offset. This can cause
an incorrect kernel timezone setting. For example:
Master branch tested with tm_gmtoff illustrates the correct offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494204.192398, -660)
Master branch tested without tm_gmtoff has an incorrect offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494249.193852, -690)
Patched tested without tm_gmtoff has the correct offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494260.194208, -660)
2) ISO 8601 'extended' format requires all time elements
to use a colon (:).
Current invalid ISO 8601:
$ hwclock
2017-10-08 16:25:17.895462-0400
Patched:
$ hwclock
2017-10-08 16:25:34.141895-04:00
Also required by this change:
login-utils/last.c: increase ISO out_len and in_len by one to
accommodate the addition of the timezone colon.
Signed-off-by: J William Piggott <elseifthen@gmx.com>
The functions warnx(3) and gettext(3) are not safe to use within signal
handlers and should be avoided. Preparing the message beforehand and
calling write(2) as well as calling _exit(2) solves the problem.
[kzak@redhat.com: - use program_invocation_short_name rather than argv[0],
- use ignore_result() to keep compiler happy]
Signed-off-by: Karel Zak <kzak@redhat.com>
We want to use waitpid() only when child is terminated or stopped to
pick up child status, otherwise PTY proxy has to be active. This is
difference between "su" and "su --pty". For "su" we keep parent all
time in waitpid().
It would be possible to use separate code based on signalfd_siginfo,
but it seems better to keep all this stuff on one place -- it means
wait_for_child().
Signed-off-by: Karel Zak <kzak@redhat.com>
Not sure why I have problem with this years ago for script(1), but it
seems .fd=-1 is really enough to the ignore the FD.
Reported-by: Vaclav Dolezal <vdolezal@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
The signal mask is used by pty_init_slave(), but it has never been
uninitialized before fork(), so child gets 0 as a mask :-(
Note that script(1) has no this issue because it opens signal-fd
before fork().
Reported-by: Vaclav Dolezal <vdolezal@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Add conditional -lutil to runuser when needed to avoid linking error.
login-utils/su-common.o: In function `pty_create':
login-utils/su-common.c:269: undefined reference to `openpty'
login-utils/su-common.c:273: undefined reference to `openpty'
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This patch a little bit reorders signals initialization. The original
code unblocks SIGINT SIGQUIT before signal handler is set for the
signals. It means there is a small possible race.
It seems better to compose wanted mask, setup handlers and then
unblock all the wanted signals.
Signed-off-by: Karel Zak <kzak@redhat.com>
The patch from master branch, somehow lost during su refactoring
rebase.
Reported-by: Tobias Stöckmann <tobias@stoeckmann.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
* setup logindefs loader by function rather than by global pointer
* move basic booleans to the su_context struct
Signed-off-by: Karel Zak <kzak@redhat.com>
Yes, I know... this patch is horrible. We all hate this in git
history, but the original indention from coreutils has been so
crazy...
Signed-off-by: Karel Zak <kzak@redhat.com>
Less code, less bugs. And if there are bugs at least share them with all
other programs that use getusershell(3) from libc.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This should make leaking end of /etc/shadow file more unlikely.
Notice that there is now way to tell to editors they should ensure none it
does not leak any buffers, drop cores, and so on, when editing sensitive
data. In short this change is addressing the issue only partially.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* 'help' of https://github.com/rudimeier/util-linux:
setpriv: silence compiler warning
misc: consolidate macro style USAGE_HELP_OPTIONS
blockdev: correct man page name in --help
Under strange circumstances, the output of command 'last reboot'
showed the last time as a negative time, with both the hours and the
mins value having a minus sign. Example, taken from my workstation:
$last reboot
[...]
reboot system boot 4.4.0-79-generic Wed Jun 14 09:20 - 07:33 (-1:-47)
[...]
I am aware this should happen only infrequently. Nevertheless, I
propose a more robust behaviour: show a minus sign only for the most
significant value (days or hours) and show the rest always as
positive. In the special case of ((secs < 0) && (secs >= -59)), print
mins as "-00".
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems that on some systems (e.g. RHEL7) the libc function
getaddrinfo() is not able to translate ::ffff: address to IPv4. The
result is 0.0.0.0 host address in the last(1) and utmpdump(1) output.
/sbin/login -h "::ffff:192.168.1.7"
utmpdump:
[7] [03926] [1 ] [user1 ] [pts/1 ] [::ffff:192.168.1.7 ] [0.0.0.0 ] [Thu May 12 17:49:50 2016 ]
Not sure if this is about order of the getaddrinfo() results, system
configuration or libc version. It's irrelevant for login(1). We have
to be robust enough to write usable address to log files everywhere.
The solution is to detect IPv4-mapping-to-IPv6 and use IPv4 for utmp.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1296233
Signed-off-by: Karel Zak <kzak@redhat.com>
changed in include/c.h and applied via sed:
sed -i 's/fprintf.*\(USAGE_MAN_TAIL.*\)/printf(\1/' $(git ls-files -- "*.c")
sed -i 's/print_usage_help_options\(.*\);/printf(USAGE_HELP_OPTIONS\1);/' $(git ls-files -- "*.c")
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Now we are always using the same text also for commands
which had still hardcoded descriptions or where we can't
use the standard print_usage_help_options macro.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Consolidate --help and --version descriptions. We are
now able to align them to the other options.
We changed include/c.h. The rest of this patch was
generated by sed, plus manually setting the right
alignment numbers. We do not change anything but
white spaces in the --help output.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
This patch is trivial and changes nothing, because
we were always using usage(stdout)
Now all our usage() functions look very similar. If wanted we
could auto-generate another big cosmetical patch to remove all
the useless "FILE *out" constants and use printf and puts
rather than their f* friends. Such patch could be automatically
synchronized with the translation project (newlines!) to not
make the translators sick.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
We are using better/shorter error messages and somtimes
also errtryhelp().
Here we fix all cases where the usage function took
an int argument for exit_code.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
* '170622' of github.com:jwpi/util-linux:
Docs: move option naming to howto-contribute.txt
Docs: update howto-usage-function.txt
Docs: add a comment for constants to boilerplate.c
include/c.h: add USAGE_COMMANDS and USAGE_COLUMNS
Also we don't print the usage text on stderr anymore.
Note, the usage text could be improved, currently it
does not describe any options. I have only added a
pointer to the man page.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
* add --disable-makeinstall-chown to travis non-root mode
* use "if MAKEINSTALL_DO_SETUID" for chown root:root
Signed-off-by: Karel Zak <kzak@redhat.com>
(Original patch and commit message edited by Rudi.)
gcc-7 adds -Wimplicit-fallthrough=3 to our default flag -Wextra.
This warning can be silenced by using comment /* fallthrough */
which is also recognized by other tools like coverity. There are
also other valid comments (see man gcc-7) but we consolidate this
style now.
We could have also used __attribute__((fallthrough)) but the comment
looks nice and does not need to be ifdef'ed for compatibility.
Reference: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=7652
Reference: https://developers.redhat.com/blog/2017/03/10/wimplicit-fallthrough-in-gcc-7/
Reviewed-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Suggested-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
../login-utils/last.c: In function ‘main’:
../login-utils/last.c:624:23: warning: ‘%s’ directive writing up to 31 bytes into a region of size 27 [-Wformat-overflow=]
sprintf(path, "/dev/%s", ut->ut_line);
^~ ~~
../login-utils/last.c:624:3: note: ‘sprintf’ output between 6 and 37 bytes into a destination of size 32
sprintf(path, "/dev/%s", ut->ut_line);
../libblkid/src/devname.c: In function 'probe_one':
../libblkid/src/devname.c:166:29: warning: '%s' directive writing up to 255 bytes into a region of size 245 [-Wformat-overflow=]
sprintf(path, "/sys/block/%s/slaves", de->d_name);
^~
../libblkid/src/devname.c:166:3: note: 'sprintf' output between 19 and 274 bytes into a destination of size 256
sprintf(path, "/sys/block/%s/slaves", de->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
* global variables are always initialized by NULL
* it seems we need it as global variable due to libreadline, then use it as
global everywhere in the same .c file.
Signed-off-by: Karel Zak <kzak@redhat.com>
Let's use two functions is_known_shell() and print_shells() to make
the code more readable and to avoid complex semantic of the original
get_shell_list().
Signed-off-by: Karel Zak <kzak@redhat.com>
sys-utils/prlimit.c: In function 'do_prlimit':
sys-utils/prlimit.c:367:16: warning: format '%ju' expects argument of type 'uintmax_t', but argument 2 has type 'rlim_t {aka long long unsigned int}' [-Wformat=]
printf("<%ju", new->rlim_cur);
lib/plymouth-ctrl.c: In function 'open_un_socket_and_connect':
lib/plymouth-ctrl.c:88:20: warning: passing argument 2 of 'connect' from incompatible pointer type [-Wincompatible-pointer-types]
ret = connect(fd, &su, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(su.sun_path+1));
^
In file included from lib/plymouth-ctrl.c:35:0:
/usr/include/sys/socket.h:314:5: note: expected 'const struct sockaddr *' but argument is of type 'struct sockaddr_un *'
int connect (int, const struct sockaddr *, socklen_t);
login-utils/last.c: In function 'list':
login-utils/last.c:506:54: warning: pointer targets in passing argument 4 of 'dns_lookup' differ in signedness [-Wpointer-sign]
r = dns_lookup(domain, sizeof(domain), ctl->useip, p->ut_addr_v6);
^
login-utils/last.c:291:12: note: expected 'int32_t * {aka int *}' but argument is of type 'unsigned int *'
static int dns_lookup(char *result, int size, int useip, int32_t *a)
^~~~~~~~~~
In file included from sys-utils/hwclock-cmos.c:92:0:
sys-utils/hwclock.h:67:32: warning: 'struct timeval' declared inside parameter list will not be visible outside of this definition or declaration
extern double time_diff(struct timeval subtrahend, struct timeval subtractor);
misc-utils/test_uuidd.c: In function 'create_nthreads':
misc-utils/test_uuidd.c:187:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
proc->pid, (int) th->tid, th->index));
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
The default readline tab completion that offers file listing from current
directory does not make any sense in this context.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The readline offers editing capabilities while the user is entering the
line, unlike fgets(3) and getline(3) that were used earlier.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Hopefully these changes are unreachable code, but better safe than sorry
when dealing with setuid root code that is installed everywhere. Quite
obviously the introduced abort() calls protect from impossible inputs.
Secondly set all possible data to be read-only in attempt to make it more
difficult to alter anything at all.
Reference: https://www.securecoding.cert.org/confluence/display/c/DCL00-C.+Const-qualify+immutable+objects
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Use xstrcpy() to explicitly terminate the domain string.
Reported-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
If the file /etc/hushlogins exists and a line starts with '\0', the
login tools are prone to an off-by-one read.
I see no reliability issue with this, as it would clearly need a
hostile action from a system administrator. But for the sake of
correctness, I've sent this patch nonetheless.
text-utils/tailf.c:69:21: warning: Using plain integer as NULL pointer
Since many 'struct option' has used zero as NULL make them more readable in
same go by reindenting, and using named argument requirements.
Reference: https://lwn.net/Articles/93577/
Signed-off-by: Sami Kerola <kerolasa@iki.fi>