#include <grp.h>
#include <shadow.h>
#include <getopt.h>
+#include <utmp.h>
#include "util.h"
#include "hashmap.h"
#include "conf-files.h"
#include "copy.h"
#include "utf8.h"
+#include "label.h"
+#include "fileio-label.h"
typedef enum ItemType {
ADD_USER = 'u',
static char *arg_root = NULL;
static const char conf_file_dirs[] =
+ "/etc/sysusers.d\0"
+ "/run/sysusers.d\0"
"/usr/local/lib/sysusers.d\0"
"/usr/lib/sysusers.d\0"
#ifdef HAVE_SPLIT_USR
_cleanup_fclose_ FILE *original = NULL;
group_path = fix_root("/etc/group");
- r = fopen_temporary(group_path, &group, &group_tmp);
+ r = fopen_temporary_label("/etc/group", group_path, &group, &group_tmp);
if (r < 0)
goto finish;
_cleanup_fclose_ FILE *original = NULL;
passwd_path = fix_root("/etc/passwd");
- r = fopen_temporary(passwd_path, &passwd, &passwd_tmp);
+ r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
if (r < 0)
goto finish;
if ((size_t) (i-u) > (size_t) sz)
return false;
+ if ((size_t) (i-u) > UT_NAMESIZE - 1)
+ return false;
+
return true;
}
if (!utf8_is_valid(d))
return false;
- if (strpbrk(d, ":\n"))
+ if (string_has_cc(d, NULL))
+ return false;
+
+ /* Colons are used as field separators, and hence not OK */
+ if (strchr(d, ':'))
return false;
return true;
h = groups;
break;
+ default:
+ return -EBADMSG;
}
i->type = action[0];
return r;
}
-static int take_lock(void) {
-
- struct flock flock = {
- .l_type = F_WRLCK,
- .l_whence = SEEK_SET,
- .l_start = 0,
- .l_len = 0,
- };
-
- const char *path;
- int fd, r;
-
- /* This is roughly the same as lckpwdf(), but not as awful. We
- * don't want to use alarm() and signals, hence we implement
- * our own trivial version of this.
- *
- * Note that shadow-utils also takes per-database locks in
- * addition to lckpwdf(). However, we don't given that they
- * are redundant as they they invoke lckpwdf() first and keep
- * it during everything they do. The per-database locks are
- * awfully racy, and thus we just won't do them. */
-
- path = fix_root("/etc/.pwd.lock");
- fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
- if (fd < 0)
- return -errno;
-
- r = fcntl(fd, F_SETLKW, &flock);
- if (r < 0) {
- safe_close(fd);
- return -errno;
- }
-
- return fd;
-}
-
static void free_database(Hashmap *by_name, Hashmap *by_id) {
char *name;
umask(0022);
+ label_init(NULL);
+
r = 0;
if (optind < argc) {
if (r < 0)
goto finish;
- lock = take_lock();
+ lock = take_password_lock(arg_root);
if (lock < 0) {
log_error("Failed to take lock: %s", strerror(-lock));
goto finish;
~ianmdlvl / elogind.git / blobdiff