[Pkg-shadow-commits] r2003 - in upstream/trunk: . libmisc src

Sat May 24 13:09:00 UTC 2008

Author: nekral-guest
Date: 2008-05-24 13:08:58 +0000 (Sat, 24 May 2008)
New Revision: 2003

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/libmisc/audit_help.c
   upstream/trunk/libmisc/salt.c
   upstream/trunk/src/passwd.c
Log:
	Fix compiler warnings:
	* libmisc/audit_help.c: Include prototypes.h to get the prototype
	of audit_help_open.
	* libmisc/salt.c: Use booleans instead of negating integers.
	* src/passwd.c: Declare the check_selinux_access prototype and
	avoid name clashes (change_user -> changed_user; change_uid ->
	changed_uid; access -> requested_access)


Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2008-05-23 20:55:11 UTC (rev 2002)
+++ upstream/trunk/ChangeLog	2008-05-24 13:08:58 UTC (rev 2003)
@@ -1,3 +1,13 @@
+2008-05-24  Nicolas François  <nicolas.francois at centraliens.net>
+
+	Fix compiler warnings:
+	* libmisc/audit_help.c: Include prototypes.h to get the prototype
+	of audit_help_open.
+	* libmisc/salt.c: Use booleans instead of negating integers.
+	* src/passwd.c: Declare the check_selinux_access prototype and
+	avoid name clashes (change_user -> changed_user; change_uid ->
+	changed_uid; access -> requested_access)
+
 2008-05-23  Nicolas François  <nicolas.francois at centraliens.net>
 
 	* libmisc/pam_pass.c: Use fputs rather than fprintf for constant

Modified: upstream/trunk/libmisc/audit_help.c
===================================================================
--- upstream/trunk/libmisc/audit_help.c	2008-05-23 20:55:11 UTC (rev 2002)
+++ upstream/trunk/libmisc/audit_help.c	2008-05-24 13:08:58 UTC (rev 2003)
@@ -44,6 +44,7 @@
 #include <libaudit.h>
 #include <errno.h>
 #include <stdio.h>
+#include "prototypes.h"
 int audit_fd;
 
 void audit_help_open (void)

Modified: upstream/trunk/libmisc/salt.c
===================================================================
--- upstream/trunk/libmisc/salt.c	2008-05-23 20:55:11 UTC (rev 2002)
+++ upstream/trunk/libmisc/salt.c	2008-05-24 13:08:58 UTC (rev 2003)
@@ -220,14 +220,14 @@
 		method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
 	}
 
-	if (!strcmp (method, "MD5")) {
+	if (0 == strcmp (method, "MD5")) {
 		MAGNUM(result, '1');
 #ifdef USE_SHA_CRYPT
-	} else if (!strcmp (method, "SHA256")) {
+	} else if (0 == strcmp (method, "SHA256")) {
 		MAGNUM(result, '5');
 		strcat(result, SHA_salt_rounds((int *)arg));
 		salt_len = SHA_salt_size();
-	} else if (!strcmp (method, "SHA512")) {
+	} else if (0 == strcmp (method, "SHA512")) {
 		MAGNUM(result, '6');
 		strcat(result, SHA_salt_rounds((int *)arg));
 		salt_len = SHA_salt_size();

Modified: upstream/trunk/src/passwd.c
===================================================================
--- upstream/trunk/src/passwd.c	2008-05-23 20:55:11 UTC (rev 2002)
+++ upstream/trunk/src/passwd.c	2008-05-24 13:08:58 UTC (rev 2003)
@@ -142,6 +142,11 @@
 
 static void update_shadow (void);
 static long getnumber (const char *);
+#ifdef WITH_SELINUX
+static int check_selinux_access (const char *changed_user,
+                                 uid_t changed_uid,
+                                 access_vector_t requested_access);
+#endif
 
 /*
  * usage - print command usage and exit
@@ -619,8 +624,9 @@
 }
 
 #ifdef WITH_SELINUX
-int
-check_selinux_access(const char *change_user, int change_uid, unsigned int access)
+static int check_selinux_access (const char *changed_user,
+                                 uid_t changed_uid,
+                                 access_vector_t requested_access)
 {
 	int status = -1;
 	security_context_t user_context;
@@ -642,15 +648,18 @@
 
 	/* if changing a password for an account with UID==0 or for an account
 	   where the identity matches then return success */
-	if (change_uid != 0 && strcmp(change_user, user) == 0) {
+	if (changed_uid != 0 && strcmp(changed_user, user) == 0) {
 		status = 0;
 	} else {
 		struct av_decision avd;
 		int retval;
-		retval = security_compute_av(user_context, user_context,
-				SECCLASS_PASSWD, access, &avd);
+		retval = security_compute_av(user_context,
+		                             user_context,
+		                             SECCLASS_PASSWD,
+		                             requested_access,
+		                             &avd);
 		if ((retval == 0) &&
-    			((access & avd.allowed) == access)) {
+		    ((requested_access & avd.allowed) == requested_access)) {
 			status = 0;
 		}
 	}
@@ -897,24 +906,22 @@
 	/* only do this check when getuid()==0 because it's a pre-condition for
 	   changing a password without entering the old one */
 	if ((is_selinux_enabled() > 0) && (getuid() == 0) &&
-	  (check_selinux_access(name, pw->pw_uid, PASSWD__PASSWD) != 0))
-	{
+	    (check_selinux_access (name, pw->pw_uid, PASSWD__PASSWD) != 0)) {
 		security_context_t user_context;
 		if (getprevcon(&user_context) < 0) {
 			user_context = strdup("Unknown user context");
 		}
 		syslog(LOG_ALERT,
-		"%s is not authorized to change the password of %s",
-		user_context, name);
-		fprintf(stderr, _("%s: %s is not authorized to change the "
-			"password of %s\n"),
-		Prog, user_context, name);
+		       "%s is not authorized to change the password of %s",
+		       user_context, name);
+		fprintf(stderr,
+		        _("%s: %s is not authorized to change the password of %s\n"),
+		        Prog, user_context, name);
 		freecon(user_context);
 		exit(1);
 	}
+#endif /* WITH_SELINUX */
 
-#endif
-
 	/*
 	 * If the UID of the user does not match the current real UID,
 	 * check if I'm root.


