It seems like overkill to provide this #ifdef. For example coreutils
use "char *" for all selinux contexts (since 2014).
Signed-off-by: Karel Zak <kzak@redhat.com>
When readline is called to get user input, it is called without
a prompt argument. As a result, if the user does not enter anything
for a given field, then the next field is displayed on the same
line, yielding the following output:
$ chfn
Changing finger information for user.
Password:
Name []: Office []: Office Phone []: Home Phone []:
instead of the expected:
$ chfn
Changing finger information for user.
Password:
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
This patch restores the expected behavior by feeding readline with
a character to display as "prompt".
[kzak@redhat.com: - do the same change in chsh
- use ' ' rather than '\n' for non-readline code]
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
changed in include/c.h and applied via sed:
sed -i 's/fprintf.*\(USAGE_MAN_TAIL.*\)/printf(\1/' $(git ls-files -- "*.c")
sed -i 's/print_usage_help_options\(.*\);/printf(USAGE_HELP_OPTIONS\1);/' $(git ls-files -- "*.c")
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Now we are always using the same text also for commands
which had still hardcoded descriptions or where we can't
use the standard print_usage_help_options macro.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
The default readline tab completion that offers file listing from current
directory does not make any sense in this context.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The readline offers editing capabilities while the user is entering the
line, unlike fgets(3) and getline(3) that were used earlier.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
text-utils/tailf.c:69:21: warning: Using plain integer as NULL pointer
Since many 'struct option' has used zero as NULL make them more readable in
same go by reindenting, and using named argument requirements.
Reference: https://lwn.net/Articles/93577/
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* selinux/av_permissions.h and magic constants are deprecated, the
recommended solution is to use string_to_security_class() and
string_to_av_perm() to get access vector
* it also seems that selinux_check_passwd_access() does exactly the
same as our checkAccess(), let's use it.
Signed-off-by: Karel Zak <kzak@redhat.com>
The utils when compiled WITHOUT libuser then mkostemp()ing
"/etc/%s.XXXXXX" where the filename prefix is argv[0] basename.
An attacker could repeatedly execute the util with modified argv[0]
and after many many attempts mkostemp() may generate suffix which
makes sense. The result maybe temporary file with name like rc.status
ld.so.preload or krb5.keytab, etc.
Note that distros usually use libuser based ch{sh,fn} or stuff from
shadow-utils.
It's probably very minor security bug.
Addresses: CVE-2015-5224
Signed-off-by: Karel Zak <kzak@redhat.com>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
The add_missing() and find_field() functions are needed when input data
is incomplete, such as in case when chfn is instructed to change only
selected fields with command line options.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This change is a little bit messy, and requires a comment the struct
finfo should not have 'struct passwd *pw' as it's member. The earlier
struct design would have been burden to maintain, and confusing to use.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Commit db433bf737 changed -u for --help to
-h, that is not true. The -h is short hand for --home-phone. And the
--version is accompanied with -v not -V.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The left and right white space trimming can be done with strutils.h
[lr]trim_whitespace() functions.
As a minor fix when user input exceeds maxium allowed gecos field length
the remaining characters in stdin are purged so that re-prompting works
correctly.
Additionally the prompt() is made to add message to check_gecos_string(),
so that there are less similar strings for translation project to deal.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Translating these text elements should happen only once, which is
more likely when the text macros are used properly.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Fixing plain typos, miswordings, inconsistent periods, some missing
angular brackets, and a proper pluralization (even when it involves
a constant, because for some languages the precise value matters).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
* rename --disable-require-password to --disable-chsh-chfn-password
* is_local() is really unnecessary when linked with libuser
* fix set_value_libuser() returns codes
* fix chfn.c, there is no 'pw', but oldf.pw
* don't link with PAM when--disable-chsh-chfn-password
Signed-off-by: Karel Zak <kzak@redhat.com>
This makes it easier to add support for libuser, which needs the same PAM
authentication. Also removes duplicate code between chsh and chfn.
Signed-off-by: Cody Maloney <cmaloney@theoreticalchaos.com>
The old version in some cases (but not always) returns -1 (255) on
error. It seems better to cleanup the code and don't return internal
return codes by exit().
Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak
Damien Goutte-Gattat
Rosen Penev
Ruediger Meier
Sami Kerola
Benno Schulenberg
Cody Maloney