Index: rsbac-admin-v1.2.4/src/scripts/rsbac_netdev_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_netdev_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_netdev_menu (Arbeitskopie) @@ -71,7 +71,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -79,12 +101,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_rc_role_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_rc_role_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_rc_role_menu (Arbeitskopie) @@ -83,7 +83,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then declare -i LINES=25 ; fi if test -z "$COLUMNS" ; then declare -i COLUMNS=80 ; fi export LINES @@ -91,12 +113,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_fd_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_fd_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_fd_menu (Arbeitskopie) @@ -65,7 +65,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -73,12 +95,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_nettemp_def_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_nettemp_def_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_nettemp_def_menu (Arbeitskopie) @@ -74,7 +74,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -83,12 +105,6 @@ declare -i BC=$COLUMNS-4 declare -i MAXWIDTH=$BC-26 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_acl_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_acl_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_acl_menu (Arbeitskopie) @@ -55,7 +55,29 @@ fi fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -64,12 +86,6 @@ declare -i BC=$COLUMNS-4 declare -i MAXWIDTH=$BC-26 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_settings_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_settings_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_settings_menu (Arbeitskopie) @@ -64,7 +64,29 @@ fi fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -72,12 +94,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} setonoff () { if echo $RSBACMOD | grep -q $1 Index: rsbac-admin-v1.2.4/src/scripts/rsbac_rc_type_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_rc_type_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_rc_type_menu (Arbeitskopie) @@ -79,7 +79,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then declare -i LINES=25 ; fi if test -z "$COLUMNS" ; then declare -i COLUMNS=80 ; fi export LINES @@ -87,12 +109,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_acl_group_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_acl_group_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_acl_group_menu (Arbeitskopie) @@ -57,6 +57,21 @@ exit fi +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + # test for LINES and COLUMNS (should be exported e.g. in /etc/profile) if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi @@ -66,12 +81,6 @@ declare -i BC=$COLUMNS-4 declare -i MAXWIDTH=$BC-26 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_nettemp_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_nettemp_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_nettemp_menu (Arbeitskopie) @@ -72,7 +72,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -80,12 +102,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_user_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_user_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_user_menu (Arbeitskopie) @@ -72,7 +72,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -80,12 +102,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_process_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_process_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_process_menu (Arbeitskopie) @@ -64,7 +64,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -72,12 +94,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_dev_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_dev_menu (Revision 183) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_dev_menu (Arbeitskopie) @@ -70,7 +70,29 @@ exit fi -# test for LINES and COLUMNS (should be exported e.g. in /etc/profile) +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + +gl () +{ + if test $1 -gt $MAXLINES + then echo $MAXLINES + else echo $1 + fi +} + if test -z "$LINES" ; then LINES=25 ; fi if test -z "$COLUMNS" ; then COLUMNS=80 ; fi export LINES @@ -78,12 +100,6 @@ declare -i BL=$LINES-4 declare -i BC=$COLUMNS-4 declare -i MAXLINES=$LINES-10 -gl () { - if test $1 -gt $MAXLINES - then echo $MAXLINES - else echo $1 - fi -} if test -z "$BACKTITLE" then BACKTITLE="RSBAC Administration Tools v1.2.4" Index: rsbac-admin-v1.2.4/src/scripts/rsbac_menu =================================================================== --- rsbac-admin-v1.2.4/src/scripts/rsbac_menu (Revision 220) +++ rsbac-admin-v1.2.4/src/scripts/rsbac_menu (Arbeitskopie) @@ -68,13 +68,21 @@ fi # test for LINES and COLUMNS (should be exported e.g. in /etc/profile) -if test -z "$LINES" ; then LINES=25 ; fi -if test -z "$COLUMNS" ; then COLUMNS=80 ; fi -export LINES -export COLUMNS -declare -i BL=$LINES-4 -declare -i BC=$COLUMNS-4 -declare -i MAXLINES=$LINES-10 +set_geometry () +{ + BL=${1:-24} + BC=${2:-80} + [ $BL = 0 ] && BL=24 + [ $BC = 0 ] && BC=80 + export LINES=$BL + export COLUMNS=$BC + BL=$((BL-4)) + BC=$((BC-5)) + MAXLINES=$((LINES-10)) +} + +set_geometry `stty size 2>/dev/null` + gl () { if test $1 -gt $MAXLINES then echo $MAXLINES Index: rsbac-admin-v1.2.4/src/attr_get_process.c =================================================================== --- rsbac-admin-v1.2.4/src/attr_get_process.c (Revision 183) +++ rsbac-admin-v1.2.4/src/attr_get_process.c (Arbeitskopie) @@ -136,6 +136,7 @@ case A_current_sec_level: case A_min_write_open: case A_max_read_open: + case A_auth_may_setuid: case A_cap_process_hiding: case A_fake_root_uid: printf("%u\n",value.u_char_dummy); Index: rsbac-admin-v1.2.4/src/rsbac_passwd.c =================================================================== --- rsbac-admin-v1.2.4/src/rsbac_passwd.c (Revision 183) +++ rsbac-admin-v1.2.4/src/rsbac_passwd.c (Arbeitskopie) @@ -19,8 +19,8 @@ char * progname; rsbac_uid_t user = RSBAC_NO_USER; int verbose = 0; + int noold = 0; int err; - progname = argv[0]; char * old_pass; char * new_pass; char * new_pass2; @@ -28,6 +28,7 @@ struct termios tmp_term; locale_init(); + progname = argv[0]; while((argc > 1) && (argv[1][0] == '-')) { @@ -41,10 +42,15 @@ verbose++; break; + case 'n': + noold = 1; + break; + case 'h': printf(gettext("%s (RSBAC %s)\n***\n"), argv[0], VERSION); printf(gettext("Use: %s [flags] [username]\n"), progname); printf(gettext(" -v = verbose,\n")); + printf(gettext(" -n = do not ask for old password\n")); exit(0); default: @@ -78,27 +84,46 @@ error_exit(res); memcpy(&tmp_term, &old_term, sizeof(old_term)); tmp_term.c_lflag &= ~(ECHO); - res = tcsetattr(STDIN_FILENO, TCSAFLUSH, &tmp_term); - error_exit(res); } - old_pass = malloc(RSBAC_MAXNAMELEN); - if(argc > 1) - printf("Old RSBAC password for user %s (uid %u): ", argv[1], user); + if(noold) + old_pass = NULL; else - printf("Old RSBAC password for user %u: ", user); - res = scanf("%254s", old_pass); - if(isatty(STDIN_FILENO)) - tcsetattr(STDIN_FILENO, TCSAFLUSH, &old_term); - printf("\n"); - if(res <= 0) { - fprintf(stderr, gettext("%s: invalid old password!\n"), progname); - exit(1); + if(isatty(STDIN_FILENO)) + { + res = tcsetattr(STDIN_FILENO, TCSAFLUSH, &tmp_term); + error_exit(res); + } + old_pass = malloc(RSBAC_MAXNAMELEN); + if(argc > 1) + printf("Old RSBAC password for user %s (uid %u): ", argv[1], user); + else + printf("Old RSBAC password for user %u: ", user); + res = scanf("%254s", old_pass); + if(isatty(STDIN_FILENO)) + tcsetattr(STDIN_FILENO, TCSAFLUSH, &old_term); + printf("\n"); + if(res <= 0) + { + fprintf(stderr, gettext("%s: invalid old password!\n"), progname); + exit(1); + } } new_pass = malloc(RSBAC_MAXNAMELEN); - printf("New password: "); + if(noold) + { + if(argc > 1) + printf("New RSBAC password for user %s (uid %u): ", argv[1], user); + else + printf("New RSBAC password for user %u: ", user); + } + else + printf("New password: "); if(isatty(STDIN_FILENO)) - tcsetattr(STDIN_FILENO, TCSAFLUSH, &tmp_term); + { + res = tcsetattr(STDIN_FILENO, TCSAFLUSH, &tmp_term); + error_exit(res); + } res = scanf("%254s", new_pass); if(isatty(STDIN_FILENO)) tcsetattr(STDIN_FILENO, TCSAFLUSH, &old_term); Index: rsbac-admin-v1.2.4/src/rsbac_gpasswd.c =================================================================== --- rsbac-admin-v1.2.4/src/rsbac_gpasswd.c (Revision 183) +++ rsbac-admin-v1.2.4/src/rsbac_gpasswd.c (Arbeitskopie) @@ -22,12 +22,12 @@ char * userdelstring = NULL; int verbose = 0; int err; - progname = argv[0]; char * new_pass; char * new_pass2; rsbac_list_ta_number_t ta_number = 0; locale_init(); + progname = argv[0]; { char * env = getenv("RSBAC_TA"); Index: rsbac-admin-v1.2.4/src/rsbac_groupadd.c =================================================================== --- rsbac-admin-v1.2.4/src/rsbac_groupadd.c (Revision 183) +++ rsbac-admin-v1.2.4/src/rsbac_groupadd.c (Arbeitskopie) @@ -94,7 +94,7 @@ fprintf(stderr, "Lookup group %s member %s: ", name, *gm_pp); show_error(res); } - if(res == -RSBAC_EEXISTS) + else { res = rsbac_um_add_gm(ta_number, tmp_uid, group, ttl); if(res) Index: rsbac-admin-v1.2.4/src/rsbac_login.c =================================================================== --- rsbac-admin-v1.2.4/src/rsbac_login.c (Revision 183) +++ rsbac-admin-v1.2.4/src/rsbac_login.c (Arbeitskopie) @@ -24,7 +24,6 @@ int verbose = 0; int preserve = 0; int err; - progname = argv[0]; char * pass; char * username; union rsbac_um_mod_data_t um_data; @@ -33,6 +32,7 @@ struct termios tmp_term; locale_init(); + progname = argv[0]; while((argc > 1) && (argv[1][0] == '-')) { Index: rsbac-admin-v1.2.4/contrib/pam_rsbac/pam_rsbac.c =================================================================== --- rsbac-admin-v1.2.4/contrib/pam_rsbac/pam_rsbac.c (Revision 183) +++ rsbac-admin-v1.2.4/contrib/pam_rsbac/pam_rsbac.c (Arbeitskopie) @@ -160,7 +160,7 @@ retval = NULL; curr_tty = ttyname(0); - if (curr_tty != NULL) { + if (curr_tty != NULL && (strlen(curr_tty) > 5)) { D(("PAM_getlogin ttyname: %s", curr_tty)); curr_tty += 5; setutent(); @@ -172,7 +172,8 @@ } endutent(); } - D(("PAM_getlogin retval: %s", retval)); + if(retval) + D(("PAM_getlogin retval: %s", retval)); return retval; } @@ -289,6 +290,7 @@ user); _make_remark(pamh, ctrl, PAM_ERROR_MSG, "User not authenticated"); + pam_set_item (pamh, PAM_AUTHTOK, NULL); return PAM_AUTH_ERR; case -RSBAC_ENOTFOUND: _log_err(LOG_NOTICE, pamh, @@ -320,6 +322,7 @@ user); _make_remark(pamh, ctrl, PAM_ERROR_MSG, "Your account has expired, please contact system administrator"); + pam_set_item (pamh, PAM_AUTHTOK, NULL); return PAM_ACCT_EXPIRED; default: @@ -504,102 +507,113 @@ } } - /* prepare to converse */ - snprintf(prompt1, RSBAC_MAXNAMELEN - 1, "Old password for user %s: ", user); - prompt1[RSBAC_MAXNAMELEN - 1] = 0; - i = 0; + retval = pam_get_item (pamh, PAM_OLDAUTHTOK, (void *) &p_old); + if(retval != PAM_SUCCESS || !p_old) + { + /* prepare to converse */ + snprintf(prompt1, RSBAC_MAXNAMELEN - 1, "Old password for user %s: ", user); + prompt1[RSBAC_MAXNAMELEN - 1] = 0; + i = 0; - pmsg[i] = &msg[i]; - msg[i].msg_style = PAM_PROMPT_ECHO_OFF; - msg[i++].msg = prompt1; - replies = 1; - /* so call the conversation expecting i responses */ - resp = NULL; - retval = converse(pamh, ctrl, i, pmsg, &resp); + pmsg[i] = &msg[i]; + msg[i].msg_style = PAM_PROMPT_ECHO_OFF; + msg[i++].msg = prompt1; + replies = 1; + /* so call the conversation expecting i responses */ + resp = NULL; + retval = converse(pamh, ctrl, i, pmsg, &resp); - if (resp != NULL) { - /* interpret the response */ + if (resp != NULL) { + /* interpret the response */ + if (retval == PAM_SUCCESS) { /* a good conversation */ - if (retval == PAM_SUCCESS) { /* a good conversation */ + token = x_strdup(resp[i - replies].resp); + if (token != NULL) { + p_old = token; + } else { + _log_err(LOG_NOTICE, pamh + ,"could not recover authentication token"); + } + } + /* + * tidy up the conversation (resp_retcode) is ignored + * -- what is it for anyway? AGM + */ - token = x_strdup(resp[i - replies].resp); - if (token != NULL) { - p_old = token; - } else { - _log_err(LOG_NOTICE, pamh - ,"could not recover authentication token"); - } + _pam_drop_reply(resp, i); + if(!token) + return PAM_AUTHTOK_RECOVER_ERR; - } - /* - * tidy up the conversation (resp_retcode) is ignored - * -- what is it for anyway? AGM - */ - - _pam_drop_reply(resp, i); - if(!token) - return PAM_AUTHTOK_RECOVER_ERR; - - } else { - retval = (retval == PAM_SUCCESS) - ? PAM_AUTHTOK_RECOVER_ERR : retval; - return retval; - } - /* prepare to converse */ - snprintf(prompt1, RSBAC_MAXNAMELEN - 1, "New password for user %s: ", user); - prompt1[RSBAC_MAXNAMELEN - 1] = 0; - i = 0; - - pmsg[i] = &msg[i]; - msg[i].msg_style = PAM_PROMPT_ECHO_OFF; - msg[i++].msg = prompt1; - pmsg[i] = &msg[i]; - msg[i].msg_style = PAM_PROMPT_ECHO_OFF; - msg[i++].msg = prompt2; - replies = 2; - - /* so call the conversation expecting i responses */ - resp = NULL; - retval = converse(pamh, ctrl, i, pmsg, &resp); - - if (resp != NULL) { - /* interpret the response */ - - if (retval == PAM_SUCCESS) { /* a good conversation */ - - token = x_strdup(resp[i - replies].resp); - if (token != NULL) { - /* verify that password entered correctly */ - if (!resp[i - 1].resp - || strcmp(token, resp[i - 1].resp)) { - _pam_delete(token); /* mistyped */ - retval = PAM_AUTHTOK_RECOVER_ERR; - _make_remark(pamh, ctrl - ,PAM_ERROR_MSG, MISTYPED_PASS); - _pam_drop_reply(resp, i); - return retval; - } - p_new = token; - } else { - _log_err(LOG_NOTICE, pamh - ,"could not recover authentication token"); - } - - } - /* - * tidy up the conversation (resp_retcode) is ignored - * -- what is it for anyway? AGM - */ - - _pam_drop_reply(resp, i); - if(!token) - return PAM_AUTHTOK_RECOVER_ERR; - - } else { - retval = (retval == PAM_SUCCESS) - ? PAM_AUTHTOK_RECOVER_ERR : retval; - return retval; - } + } else { + retval = (retval == PAM_SUCCESS) + ? PAM_AUTHTOK_RECOVER_ERR : retval; + return retval; + } + retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) p_old); + if (retval != PAM_SUCCESS) { + _log_err(LOG_CRIT, pamh, + "failed to set PAM_OLDAUTHTOK"); + } + } + retval = pam_get_item (pamh, PAM_AUTHTOK, (void *) &p_new); + if(retval != PAM_SUCCESS) + { + /* prepare to converse */ + snprintf(prompt1, RSBAC_MAXNAMELEN - 1, "New password for user %s: ", user); + prompt1[RSBAC_MAXNAMELEN - 1] = 0; + i = 0; + + pmsg[i] = &msg[i]; + msg[i].msg_style = PAM_PROMPT_ECHO_OFF; + msg[i++].msg = prompt1; + pmsg[i] = &msg[i]; + msg[i].msg_style = PAM_PROMPT_ECHO_OFF; + msg[i++].msg = prompt2; + replies = 2; + + /* so call the conversation expecting i responses */ + resp = NULL; + retval = converse(pamh, ctrl, i, pmsg, &resp); + + if (resp != NULL) { + /* interpret the response */ + + if (retval == PAM_SUCCESS) { /* a good conversation */ + + token = x_strdup(resp[i - replies].resp); + if (token != NULL) { + /* verify that password entered correctly */ + if (!resp[i - 1].resp + || strcmp(token, resp[i - 1].resp)) { + _pam_delete(token); /* mistyped */ + retval = PAM_AUTHTOK_RECOVER_ERR; + _make_remark(pamh, ctrl + ,PAM_ERROR_MSG, MISTYPED_PASS); + _pam_drop_reply(resp, i); + return retval; + } + p_new = token; + } else { + _log_err(LOG_NOTICE, pamh + ,"could not recover authentication token"); + } + + } + /* + * tidy up the conversation (resp_retcode) is ignored + * -- what is it for anyway? AGM + */ + + _pam_drop_reply(resp, i); + if(!token) + return PAM_AUTHTOK_RECOVER_ERR; + + } else { + retval = (retval == PAM_SUCCESS) + ? PAM_AUTHTOK_RECOVER_ERR : retval; + return retval; + } + } if(user) { retval = rsbac_um_set_pass_name((char *) user, p_old, p_new); @@ -677,7 +691,7 @@ int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc ,const char **argv) { - char *user_name, *service; + char *user_name, *service, *login; int retval; retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); @@ -695,9 +709,10 @@ "open_session - error recovering service"); return PAM_SESSION_ERR; } + login = PAM_getlogin(); _log_err(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)", user_name, - PAM_getlogin() == NULL ? "" : PAM_getlogin(), getuid()); + login == NULL ? "*unknown*" : login, getuid()); return PAM_SUCCESS; } Index: rsbac-admin-v1.2.4/contrib/nss_rsbac/config.status =================================================================== --- rsbac-admin-v1.2.4/contrib/nss_rsbac/config.status (Revision 183) +++ rsbac-admin-v1.2.4/contrib/nss_rsbac/config.status (Arbeitskopie) @@ -470,11 +470,11 @@ s,@build_alias@,,;t t s,@host_alias@,,;t t s,@target_alias@,,;t t -s,@DEFS@,-DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"libnss-rsbac\" -DVERSION=\"1.0.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_UNISTD_H=1 -DHAVE_NSS_H=1 -DHAVE_DLFCN_H=1 ,;t t +s,@DEFS@,-DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"libnss-rsbac\" -DVERSION=\"1.0.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_UNISTD_H=1 -DHAVE_NSS_H=1 -DHAVE_LIBRSBAC=1 -DHAVE_DLFCN_H=1 ,;t t s,@ECHO_C@,,;t t s,@ECHO_N@,-n,;t t s,@ECHO_T@,,;t t -s,@LIBS@,,;t t +s,@LIBS@,-lrsbac ,;t t s,@INSTALL_PROGRAM@,${INSTALL},;t t s,@INSTALL_SCRIPT@,${INSTALL},;t t s,@INSTALL_DATA@,${INSTALL} -m 644,;t t @@ -492,7 +492,7 @@ s,@ac_ct_STRIP@,strip,;t t s,@INSTALL_STRIP_PROGRAM@,${SHELL} $(install_sh) -c -s,;t t s,@mkdir_p@,mkdir -p -- .,;t t -s,@AWK@,gawk,;t t +s,@AWK@,mawk,;t t s,@SET_MAKE@,,;t t s,@am__leading_dot@,.,;t t s,@CC@,gcc,;t t Index: rsbac-admin-v1.2.4/contrib/nss_rsbac/src/interface.c =================================================================== --- rsbac-admin-v1.2.4/contrib/nss_rsbac/src/interface.c (Revision 183) +++ rsbac-admin-v1.2.4/contrib/nss_rsbac/src/interface.c (Arbeitskopie) @@ -4,7 +4,7 @@ * Copyright (c) 2001 by Joerg Wendland, Bret Mogilefsky * see included file COPYING for details * - * Copyright (c) 2004 by Amon Ott + * Copyright (c) 2004-2005 by Amon Ott * see included file COPYING for license details * */ @@ -299,6 +299,8 @@ int *errnop) { enum nss_status retval = NSS_STATUS_UNAVAIL; + rsbac_uid_t * g_user_array; + int member_count; if(!result || !buffer || !errnop) return retval; @@ -310,8 +312,76 @@ retval = get_copy_group_string(group, UM_name, &result->gr_name, &buffer, &buflen, errnop); if(retval != NSS_STATUS_SUCCESS) return retval; - result->gr_mem = NULL; + member_count = rsbac_um_get_gm_user_list(0, group, NULL, 0); + if(member_count > 0) + { + /* some extra space */ + member_count += 10; + g_user_array = malloc(member_count * sizeof(*g_user_array)); + if(!g_user_array) + { + memset(buffer, 0, sizeof(char *)); + result->gr_mem = (char **) buffer; + buffer += sizeof(char *); + buflen -= sizeof(char *); + } + else + { + member_count = rsbac_um_get_gm_user_list(0, group, + g_user_array, + member_count); + if(member_count > 0) + { + int i; + int res; + int len; + char * pointers = buffer; + union rsbac_um_mod_data_t data; + if(buflen < (member_count + 1) * sizeof(char *)) + { + *errnop = ENOMEM; + return NSS_STATUS_TRYAGAIN; + } + memset(pointers, 0, (member_count + 1) * sizeof(char *)); + buffer += (member_count + 1) * sizeof(char *); + buflen -= (member_count + 1) * sizeof(char *); + for(i=0; igr_mem = (char **) pointers; + } + else + { + memset(buffer, 0, sizeof(char *)); + result->gr_mem = (char **) buffer; + buffer += sizeof(char *); + buflen -= sizeof(char *); + } + free(g_user_array); + } + } + else + { + memset(buffer, 0, sizeof(char *)); + result->gr_mem = (char **) buffer; + buffer += sizeof(char *); + buflen -= sizeof(char *); + } return NSS_STATUS_SUCCESS; } Index: rsbac-admin-v1.2.4/contrib/nss_rsbac/libtool =================================================================== --- rsbac-admin-v1.2.4/contrib/nss_rsbac/libtool (Revision 183) +++ rsbac-admin-v1.2.4/contrib/nss_rsbac/libtool (Arbeitskopie) @@ -44,7 +44,7 @@ # ### BEGIN LIBTOOL CONFIG -# Libtool was configured on host marvin: +# Libtool was configured on host mobil: # Shell to use when invoking shell scripts. SHELL="/bin/sh" @@ -316,10 +316,10 @@ link_all_deplibs=no # Compile-time system search path for libraries -sys_lib_search_path_spec=" /usr/lib/gcc-lib/i486-linux/3.3.4/ /usr/lib/gcc/i486-linux/3.3.4/ /usr/lib/gcc-lib/i486-linux/3.3.4/../../../../i486-linux/lib/i486-linux/3.3.4/ /usr/lib/gcc-lib/i486-linux/3.3.4/../../../../i486-linux/lib/ /usr/lib/gcc-lib/i486-linux/3.3.4/../../../i486-linux/3.3.4/ /usr/lib/gcc-lib/i486-linux/3.3.4/../../../ /lib/i486-linux/3.3.4/ /lib/ /usr/lib/i486-linux/3.3.4/ /usr/lib/" +sys_lib_search_path_spec=" /usr/lib/gcc-lib/i486-linux/3.3.5/ /usr/lib/gcc/i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../../i486-linux/lib/i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../../i486-linux/lib/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../ /lib/i486-linux/3.3.5/ /lib/ /usr/lib/i486-linux/3.3.5/ /usr/lib/" # Run-time system search path for libraries -sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/X11R6/lib /usr/lib/mozilla /usr/local/lib " +sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/X11R6/lib /usr/local/lib " # Fix the shell variable $srcfile for the compiler. fix_srcfile_path="" @@ -6769,7 +6769,7 @@ # End: # ### BEGIN LIBTOOL TAG CONFIG: CXX -# Libtool was configured on host marvin: +# Libtool was configured on host mobil: # Shell to use when invoking shell scripts. SHELL="/bin/sh" @@ -6942,11 +6942,11 @@ # Dependencies to place before the objects being linked to create a # shared library. -predep_objects="/usr/lib/gcc-lib/i486-linux/3.3.4/../../../crti.o /usr/lib/gcc-lib/i486-linux/3.3.4/crtbeginS.o" +predep_objects="/usr/lib/gcc-lib/i486-linux/3.3.5/../../../crti.o /usr/lib/gcc-lib/i486-linux/3.3.5/crtbeginS.o" # Dependencies to place after the objects being linked to create a # shared library. -postdep_objects="/usr/lib/gcc-lib/i486-linux/3.3.4/crtendS.o /usr/lib/gcc-lib/i486-linux/3.3.4/../../../crtn.o" +postdep_objects="/usr/lib/gcc-lib/i486-linux/3.3.5/crtendS.o /usr/lib/gcc-lib/i486-linux/3.3.5/../../../crtn.o" # Dependencies to place before the objects being linked to create a # shared library. @@ -6958,7 +6958,7 @@ # The library search path used internally by the compiler when linking # a shared library. -compiler_lib_search_path="-L/usr/lib/gcc-lib/i486-linux/3.3.4 -L/usr/lib/gcc-lib/i486-linux/3.3.4/../../.." +compiler_lib_search_path="-L/usr/lib/gcc-lib/i486-linux/3.3.5 -L/usr/lib/gcc-lib/i486-linux/3.3.5/../../.." # Method to check whether dependent libraries are shared objects. deplibs_check_method="pass_all" @@ -7038,10 +7038,10 @@ link_all_deplibs=no # Compile-time system search path for libraries -sys_lib_search_path_spec=" /usr/lib/gcc-lib/i486-linux/3.3.4/ /usr/lib/gcc/i486-linux/3.3.4/ /usr/lib/gcc-lib/i486-linux/3.3.4/../../../../i486-linux/lib/i486-linux/3.3.4/ /usr/lib/gcc-lib/i486-linux/3.3.4/../../../../i486-linux/lib/ /usr/lib/gcc-lib/i486-linux/3.3.4/../../../i486-linux/3.3.4/ /usr/lib/gcc-lib/i486-linux/3.3.4/../../../ /lib/i486-linux/3.3.4/ /lib/ /usr/lib/i486-linux/3.3.4/ /usr/lib/" +sys_lib_search_path_spec=" /usr/lib/gcc-lib/i486-linux/3.3.5/ /usr/lib/gcc/i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../../i486-linux/lib/i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../../i486-linux/lib/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../ /lib/i486-linux/3.3.5/ /lib/ /usr/lib/i486-linux/3.3.5/ /usr/lib/" # Run-time system search path for libraries -sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/X11R6/lib /usr/lib/mozilla /usr/local/lib " +sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/X11R6/lib /usr/local/lib " # Fix the shell variable $srcfile for the compiler. fix_srcfile_path=""