[Pkg-shadow-commits] r2003 - in upstream/trunk: . libmisc src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat May 24 13:09:00 UTC 2008
Author: nekral-guest
Date: 2008-05-24 13:08:58 +0000 (Sat, 24 May 2008)
New Revision: 2003
Modified:
upstream/trunk/ChangeLog
upstream/trunk/libmisc/audit_help.c
upstream/trunk/libmisc/salt.c
upstream/trunk/src/passwd.c
Log:
Fix compiler warnings:
* libmisc/audit_help.c: Include prototypes.h to get the prototype
of audit_help_open.
* libmisc/salt.c: Use booleans instead of negating integers.
* src/passwd.c: Declare the check_selinux_access prototype and
avoid name clashes (change_user -> changed_user; change_uid ->
changed_uid; access -> requested_access)
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-05-23 20:55:11 UTC (rev 2002)
+++ upstream/trunk/ChangeLog 2008-05-24 13:08:58 UTC (rev 2003)
@@ -1,3 +1,13 @@
+2008-05-24 Nicolas François <nicolas.francois at centraliens.net>
+
+ Fix compiler warnings:
+ * libmisc/audit_help.c: Include prototypes.h to get the prototype
+ of audit_help_open.
+ * libmisc/salt.c: Use booleans instead of negating integers.
+ * src/passwd.c: Declare the check_selinux_access prototype and
+ avoid name clashes (change_user -> changed_user; change_uid ->
+ changed_uid; access -> requested_access)
+
2008-05-23 Nicolas François <nicolas.francois at centraliens.net>
* libmisc/pam_pass.c: Use fputs rather than fprintf for constant
Modified: upstream/trunk/libmisc/audit_help.c
===================================================================
--- upstream/trunk/libmisc/audit_help.c 2008-05-23 20:55:11 UTC (rev 2002)
+++ upstream/trunk/libmisc/audit_help.c 2008-05-24 13:08:58 UTC (rev 2003)
@@ -44,6 +44,7 @@
#include <libaudit.h>
#include <errno.h>
#include <stdio.h>
+#include "prototypes.h"
int audit_fd;
void audit_help_open (void)
Modified: upstream/trunk/libmisc/salt.c
===================================================================
--- upstream/trunk/libmisc/salt.c 2008-05-23 20:55:11 UTC (rev 2002)
+++ upstream/trunk/libmisc/salt.c 2008-05-24 13:08:58 UTC (rev 2003)
@@ -220,14 +220,14 @@
method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
}
- if (!strcmp (method, "MD5")) {
+ if (0 == strcmp (method, "MD5")) {
MAGNUM(result, '1');
#ifdef USE_SHA_CRYPT
- } else if (!strcmp (method, "SHA256")) {
+ } else if (0 == strcmp (method, "SHA256")) {
MAGNUM(result, '5');
strcat(result, SHA_salt_rounds((int *)arg));
salt_len = SHA_salt_size();
- } else if (!strcmp (method, "SHA512")) {
+ } else if (0 == strcmp (method, "SHA512")) {
MAGNUM(result, '6');
strcat(result, SHA_salt_rounds((int *)arg));
salt_len = SHA_salt_size();
Modified: upstream/trunk/src/passwd.c
===================================================================
--- upstream/trunk/src/passwd.c 2008-05-23 20:55:11 UTC (rev 2002)
+++ upstream/trunk/src/passwd.c 2008-05-24 13:08:58 UTC (rev 2003)
@@ -142,6 +142,11 @@
static void update_shadow (void);
static long getnumber (const char *);
+#ifdef WITH_SELINUX
+static int check_selinux_access (const char *changed_user,
+ uid_t changed_uid,
+ access_vector_t requested_access);
+#endif
/*
* usage - print command usage and exit
@@ -619,8 +624,9 @@
}
#ifdef WITH_SELINUX
-int
-check_selinux_access(const char *change_user, int change_uid, unsigned int access)
+static int check_selinux_access (const char *changed_user,
+ uid_t changed_uid,
+ access_vector_t requested_access)
{
int status = -1;
security_context_t user_context;
@@ -642,15 +648,18 @@
/* if changing a password for an account with UID==0 or for an account
where the identity matches then return success */
- if (change_uid != 0 && strcmp(change_user, user) == 0) {
+ if (changed_uid != 0 && strcmp(changed_user, user) == 0) {
status = 0;
} else {
struct av_decision avd;
int retval;
- retval = security_compute_av(user_context, user_context,
- SECCLASS_PASSWD, access, &avd);
+ retval = security_compute_av(user_context,
+ user_context,
+ SECCLASS_PASSWD,
+ requested_access,
+ &avd);
if ((retval == 0) &&
- ((access & avd.allowed) == access)) {
+ ((requested_access & avd.allowed) == requested_access)) {
status = 0;
}
}
@@ -897,24 +906,22 @@
/* only do this check when getuid()==0 because it's a pre-condition for
changing a password without entering the old one */
if ((is_selinux_enabled() > 0) && (getuid() == 0) &&
- (check_selinux_access(name, pw->pw_uid, PASSWD__PASSWD) != 0))
- {
+ (check_selinux_access (name, pw->pw_uid, PASSWD__PASSWD) != 0)) {
security_context_t user_context;
if (getprevcon(&user_context) < 0) {
user_context = strdup("Unknown user context");
}
syslog(LOG_ALERT,
- "%s is not authorized to change the password of %s",
- user_context, name);
- fprintf(stderr, _("%s: %s is not authorized to change the "
- "password of %s\n"),
- Prog, user_context, name);
+ "%s is not authorized to change the password of %s",
+ user_context, name);
+ fprintf(stderr,
+ _("%s: %s is not authorized to change the password of %s\n"),
+ Prog, user_context, name);
freecon(user_context);
exit(1);
}
+#endif /* WITH_SELINUX */
-#endif
-
/*
* If the UID of the user does not match the current real UID,
* check if I'm root.
More information about the Pkg-shadow-commits
mailing list