It seems like overkill to provide this #ifdef. For example coreutils
use "char *" for all selinux contexts (since 2014).
Signed-off-by: Karel Zak <kzak@redhat.com>
When calling variadic functions, NULL must be explicitly cast to a
desired type.
This is noted in the exec(3) manpage.
The call in newgrp.c was changed for consistency.
Signed-off-by: Egor Chelak <egor.chelak@gmail.com>
[login-utils/sulogin.c:398] -> [login-utils/sulogin.c:171]: (style) Local
variable set shadows outer function
[login-utils/sulogin.c:398] -> [login-utils/sulogin.c:830]: (style) Local
variable set shadows outer function
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* removes unnecessary variable
* the current code restores signals always when shell has not been
executed -- this is correct as function sushell() modify signal
mask, but in all another cases we do not need touch the mask.
Especially when we ask for the password in endless while() loop...
Signed-off-by: Karel Zak <kzak@redhat.com>
changed in include/c.h and applied via sed:
sed -i 's/fprintf.*\(USAGE_MAN_TAIL.*\)/printf(\1/' $(git ls-files -- "*.c")
sed -i 's/print_usage_help_options\(.*\);/printf(USAGE_HELP_OPTIONS\1);/' $(git ls-files -- "*.c")
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Consolidate --help and --version descriptions. We are
now able to align them to the other options.
We changed include/c.h. The rest of this patch was
generated by sed, plus manually setting the right
alignment numbers. We do not change anything but
white spaces in the --help output.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
(Original patch and commit message edited by Rudi.)
gcc-7 adds -Wimplicit-fallthrough=3 to our default flag -Wextra.
This warning can be silenced by using comment /* fallthrough */
which is also recognized by other tools like coverity. There are
also other valid comments (see man gcc-7) but we consolidate this
style now.
We could have also used __attribute__((fallthrough)) but the comment
looks nice and does not need to be ifdef'ed for compatibility.
Reference: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=7652
Reference: https://developers.redhat.com/blog/2017/03/10/wimplicit-fallthrough-in-gcc-7/
Reviewed-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Suggested-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Hopefully these changes are unreachable code, but better safe than sorry
when dealing with setuid root code that is installed everywhere. Quite
obviously the introduced abort() calls protect from impossible inputs.
Secondly set all possible data to be read-only in attempt to make it more
difficult to alter anything at all.
Reference: https://www.securecoding.cert.org/confluence/display/c/DCL00-C.+Const-qualify+immutable+objects
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
text-utils/tailf.c:69:21: warning: Using plain integer as NULL pointer
Since many 'struct option' has used zero as NULL make them more readable in
same go by reindenting, and using named argument requirements.
Reference: https://lwn.net/Articles/93577/
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* the variable definition with hidden type is always horrible, for
example:
int func() {
LIST_HEAD(foo);
...
}
the more readable is:
int func() {
struct list_head foo;
INIT_LIST_HEAD(&foo);
...
}
* the name LIST_HEAD conflict with /usr/include/sys/queue.h
* we use it only on two places in sulogin
Signed-off-by: Karel Zak <kzak@redhat.com>
If timeout happens while waiting in prompt, bail out instead
of retrying.
Reported-by: Bjørn Mork <bjorn@mork.no>
Addresses: http://bugs.debian.org/846107
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
This makes the caller bail out early instead of evaluating the
input as a password.
Reported-by: Bjørn Mork <bjorn@mork.no>
Addresses: http://bugs.debian.org/846112
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Fix various typos in error messages, warnings, debug strings,
comments and names of static functions.
Signed-off-by: Sebastian Rasmussen <sebras@gmail.com>
The plymouth support depends on Linux specific SOCK_* flags and all
the feature is probably unnecessary in some cases (non-plymouth
distros, etc.)
Signed-off-by: Karel Zak <kzak@redhat.com>
for stopping plymouthd. That do not depend on the existence of
the plymouth binary if it e.g. becomes uninstalled or an other
service is providing plymouthd facilities.
[kzak@redhat.com: - fix compiler warnings [-Wpointer-sign]
- use sizeof() for write_all()
- cast to char* for read_all]
Signed-off-by: Werner Fink <werner@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
If the root account is locked and no password was provided then the terminal
line is not set back to do echo of the input. This correct a small overlook
in commit 7ff1162e67
Signed-off-by: Werner Fink <werner@suse.de>
This happens on Debian kFreeBSD and probably on Hurd too since
cde7699c. One should review this issue to fix it properly.
CC: Werner Fink <werner@suse.de>
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
This small patch improves the console detection code and also avoids not
existing device nodes due strdup() which is used in canonicalize_path().
Beside this now the code for emergeny mount does work if enabled at
configure time.
Signed-off-by: Werner Fink <werner@suse.de>
Some installations and distributions don't use a root account password
for security reasons and use sudo instead. In that case, asking for the
password makes no sense, and it is not even considered as valid as it's just
"*" or "!".
In these cases --force is required to just start a root shell and no
ask for password.
I don't think it's a good idea to automatically start root shell when
locked account is detected. It's possible that the machine is on
public place and for example Ubuntu uses root account disabled by
default (and also Fedora when installed by yum/dnf without anaconda).
The --force option forces admins to think about it...
The distro maintainers can also use --force in their initscripts or
systemd emergency.service if they believe that promiscuous setting is
the right thing for the distro.
Addresses: https://bugs.debian.org/326678
Signed-off-by: Karel Zak <kzak@redhat.com>
* according to "man getpwnam" 16384 bytes is enough to store one
passwd entry (let's use 2*BUFSIZE to avoid magic numbers in code)
* don't use strcpy() to set empty password
Signed-off-by: Karel Zak <kzak@redhat.com>
As said in include/c.h the usleep() is marked as obsolete, so do the same
that most of the other util-linux calls do with this interface.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
For this approach do not use the ioctl TIOCMGET anymore as this
is for real serial lines only. But switch over to use the ioctl
KDGKBMODE as this is unique to the virtual console lines only.
Signed-off-by: Werner Fink <werner@suse.de>
That is that there are several consoles, the /dev/ttyS0 which
is type of ibm3215 and a dumb terminal, then there is the device
/dev/3270/tty1 which can handle ANSI color escape sequences and is
a ibm327x terminal, and the /dev/ttyS1 which is a vt220 terminal.
The macro is_speed() in agetty.c allows to distinguish between the
terminal line (/dev)3270/tty1 and the speed options on the command
line used in
/run/systemd/generator/getty.target.wants/serial-getty@3270-tty1.service
which is a symbolic link to /usr/lib/systemd/system/serial-getty@.service
Signed-off-by: Werner Fink <werner@suse.de>
The nowadays used plymouth locks the devices used for the system
console which causes that agetty as well as sulogin can not modify
the termios settings of e.g. the serial devices of the systenm console.
Signed-off-by: Werner Fink <werner@suse.de>
Let's use nanosleep() although if usleep() exists. The nanosleep
function does no interact with signals and other timers.
The patch introduces xusleep() as replacement to libc (or our fallback)
usleep(). Yes, we don't want to use struct timespec + nanosleep()
everywhere in code as nano-time resolution is useless for us.
The patch also enlarges delays in some busy wait loops. It seems
enough to try read/write 4x per second.
Signed-off-by: Karel Zak <kzak@redhat.com>
sulogin(8) should not run if there is no /etc/{passwd,shadow} entry
and --force command line option is no specified otherwise NULL pointer
dereference is possible.
Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak
Werner Fink
Ville Skyttä
Egor Chelak
Sami Kerola
Ruediger Meier
Andreas Henriksson
Sebastian Rasmussen
Ruediger Meier
Benno Schulenberg
Samuel Thibault