diff options
author | Skyler Ferrante <sjf5462@rit.edu> | 2024-03-03 00:54:05 -0500 |
---|---|---|
committer | Alejandro Colomar <alx@kernel.org> | 2024-03-07 22:54:04 +0100 |
commit | a28371336e17a22c6959f40b4647b8e54923c433 (patch) | |
tree | 08147c408bfc742079609e09954ec002241b6e4f | |
parent | 71080e790011f2bce502b26ba1463e42cb2212fe (diff) |
src/: Hardcode Prog to known value
Set Prog (program name) based on hardcoded value instead of argv[0].
This is to help prevent escape sequence injection.
Cherry-picked-from: e6c2e4393784 ("Hardcoding Prog to known value")
Link: <https://github.com/shadow-maint/shadow/issues/959>
Link: <https://github.com/shadow-maint/shadow/pull/960>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Karel Zak <kzak@redhat.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
-rw-r--r-- | src/chage.c | 7 | ||||
-rw-r--r-- | src/check_subid_range.c | 3 | ||||
-rw-r--r-- | src/chfn.c | 15 | ||||
-rw-r--r-- | src/chgpasswd.c | 7 | ||||
-rw-r--r-- | src/chpasswd.c | 9 | ||||
-rw-r--r-- | src/chsh.c | 15 | ||||
-rw-r--r-- | src/expiry.c | 5 | ||||
-rw-r--r-- | src/faillog.c | 7 | ||||
-rw-r--r-- | src/free_subid_range.c | 3 | ||||
-rw-r--r-- | src/get_subid_owners.c | 3 | ||||
-rw-r--r-- | src/getsubids.c | 3 | ||||
-rw-r--r-- | src/gpasswd.c | 5 | ||||
-rw-r--r-- | src/groupadd.c | 14 | ||||
-rw-r--r-- | src/groupdel.c | 14 | ||||
-rw-r--r-- | src/groupmems.c | 10 | ||||
-rw-r--r-- | src/groupmod.c | 10 | ||||
-rw-r--r-- | src/groups.c | 6 | ||||
-rw-r--r-- | src/grpck.c | 8 | ||||
-rw-r--r-- | src/grpconv.c | 5 | ||||
-rw-r--r-- | src/grpunconv.c | 5 | ||||
-rw-r--r-- | src/lastlog.c | 3 | ||||
-rw-r--r-- | src/login.c | 7 | ||||
-rw-r--r-- | src/logoutd.c | 5 | ||||
-rw-r--r-- | src/new_subid_range.c | 3 | ||||
-rw-r--r-- | src/newgidmap.c | 3 | ||||
-rw-r--r-- | src/newgrp.c | 2 | ||||
-rw-r--r-- | src/newuidmap.c | 3 | ||||
-rw-r--r-- | src/newusers.c | 3 | ||||
-rw-r--r-- | src/passwd.c | 11 | ||||
-rw-r--r-- | src/pwck.c | 8 | ||||
-rw-r--r-- | src/pwconv.c | 5 | ||||
-rw-r--r-- | src/pwunconv.c | 5 | ||||
-rw-r--r-- | src/su.c | 11 | ||||
-rw-r--r-- | src/sulogin.c | 3 | ||||
-rw-r--r-- | src/useradd.c | 10 | ||||
-rw-r--r-- | src/userdel.c | 10 | ||||
-rw-r--r-- | src/usermod.c | 10 |
37 files changed, 85 insertions, 171 deletions
diff --git a/src/chage.c b/src/chage.c index 8a6d3584..b64961f6 100644 --- a/src/chage.c +++ b/src/chage.c @@ -41,7 +41,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "chage"; static bool dflg = false, /* set last password change date */ @@ -511,7 +511,7 @@ static void check_perms (void) exit (E_NOPERM); } - retval = pam_start ("chage", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); @@ -765,7 +765,6 @@ int main (int argc, char **argv) /* * Get the program name so that error messages can use it. */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -780,7 +779,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT audit_help_open (); #endif - OPENLOG ("chage"); + OPENLOG (Prog); ruid = getuid (); rgid = getgid (); diff --git a/src/check_subid_range.c b/src/check_subid_range.c index 38703b60..63bc882f 100644 --- a/src/check_subid_range.c +++ b/src/check_subid_range.c @@ -18,14 +18,13 @@ #include "idmapping.h" #include "shadowlog.h" -const char *Prog; +static const char Prog[] = "check_subid_range"; int main(int argc, char **argv) { char *owner; unsigned long start, count; bool check_uids; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -36,7 +36,7 @@ /* * Global variables. */ -const char *Prog; +static const char Prog[] = "chfn"; static char fullnm[BUFSIZ]; static char roomno[BUFSIZ]; static char workph[BUFSIZ]; @@ -362,7 +362,7 @@ static void check_perms (const struct passwd *pw) * check if the change is allowed by SELinux policy. */ if ((pw->pw_uid != getuid ()) - && (check_selinux_permit ("chfn") != 0)) { + && (check_selinux_permit (Prog) != 0)) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); closelog (); exit (E_NOPERM); @@ -377,7 +377,7 @@ static void check_perms (const struct passwd *pw) * --marekm */ if (!amroot && getdef_bool ("CHFN_AUTH")) { - passwd_check (pw->pw_name, pw->pw_passwd, "chfn"); + passwd_check (pw->pw_name, pw->pw_passwd, Prog); } #else /* !USE_PAM */ @@ -389,7 +389,7 @@ static void check_perms (const struct passwd *pw) exit (E_NOPERM); } - retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); @@ -616,11 +616,6 @@ int main (int argc, char **argv) char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */ char *user; - /* - * Get the program name. The program name is used as a - * prefix to most error messages. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -637,7 +632,7 @@ int main (int argc, char **argv) */ amroot = (getuid () == 0); - OPENLOG ("chfn"); + OPENLOG (Prog); /* parse the command line options */ process_flags (argc, argv); diff --git a/src/chgpasswd.c b/src/chgpasswd.c index 7b773e2f..89e9a6dc 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -36,7 +36,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "chgpasswd"; static bool eflg = false; static bool md5flg = false; #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) @@ -303,7 +303,7 @@ static void check_perms (void) exit (1); } - retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); @@ -423,7 +423,6 @@ int main (int argc, char **argv) int errors = 0; int line = 0; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -441,7 +440,7 @@ int main (int argc, char **argv) process_flags (argc, argv); - OPENLOG ("chgpasswd"); + OPENLOG (Prog); check_perms (); diff --git a/src/chpasswd.c b/src/chpasswd.c index 21d3018f..64070bc1 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -35,7 +35,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "chpasswd"; static bool eflg = false; static bool md5flg = false; #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) @@ -302,7 +302,7 @@ static void check_perms (void) exit (1); } - retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); @@ -450,7 +450,6 @@ int main (int argc, char **argv) int errors = 0; int line = 0; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -476,7 +475,7 @@ int main (int argc, char **argv) } #endif /* USE_PAM */ - OPENLOG ("chpasswd"); + OPENLOG (Prog); check_perms (); @@ -546,7 +545,7 @@ int main (int argc, char **argv) #ifdef USE_PAM if (use_pam) { - if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) { + if (do_pam_passwd_non_interactive (Prog, name, newpwd) != 0) { fprintf (stderr, _("%s: (line %d, user %s) password not changed\n"), Prog, line, name); @@ -45,7 +45,7 @@ /* * Global variables */ -const char *Prog; /* Program name */ +static const char Prog[] = "chsh"; /* Program name */ static bool amroot; /* Real UID is root */ static char loginsh[BUFSIZ]; /* Name of new login shell */ /* command line options */ @@ -320,7 +320,7 @@ static void check_perms (const struct passwd *pw) * check if the change is allowed by SELinux policy. */ if ((pw->pw_uid != getuid ()) - && (check_selinux_permit("chsh") != 0)) { + && (check_selinux_permit(Prog) != 0)) { SYSLOG ((LOG_WARN, "can't change shell for '%s'", pw->pw_name)); fprintf (stderr, _("You may not change the shell for '%s'.\n"), @@ -337,7 +337,7 @@ static void check_perms (const struct passwd *pw) * chfn/chsh. --marekm */ if (!amroot && getdef_bool ("CHSH_AUTH")) { - passwd_check (pw->pw_name, pw->pw_passwd, "chsh"); + passwd_check (pw->pw_name, pw->pw_passwd, Prog); } #else /* !USE_PAM */ @@ -349,7 +349,7 @@ static void check_perms (const struct passwd *pw) exit (E_NOPERM); } - retval = pam_start ("chsh", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); @@ -474,11 +474,6 @@ int main (int argc, char **argv) sanitize_env (); - /* - * Get the program name. The program name is used as a prefix to - * most error messages. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -493,7 +488,7 @@ int main (int argc, char **argv) */ amroot = (getuid () == 0); - OPENLOG ("chsh"); + OPENLOG (Prog); /* parse the command line options */ process_flags (argc, argv); diff --git a/src/expiry.c b/src/expiry.c index b980b656..673cbc3c 100644 --- a/src/expiry.c +++ b/src/expiry.c @@ -23,7 +23,7 @@ #include "shadowlog.h" /* Global variables */ -const char *Prog; +static const char Prog[] = "expiry"; static bool cflg = false; /* local function prototypes */ @@ -123,7 +123,6 @@ int main (int argc, char **argv) struct passwd *pwd; struct spwd *spwd; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -145,7 +144,7 @@ int main (int argc, char **argv) (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); - OPENLOG ("expiry"); + OPENLOG (Prog); process_flags (argc, argv); diff --git a/src/faillog.c b/src/faillog.c index dbcf5a5f..60d56d02 100644 --- a/src/faillog.c +++ b/src/faillog.c @@ -39,7 +39,7 @@ static void reset (void); /* * Global variables */ -const char *Prog; /* Program name */ +static const char Prog[] = "faillog"; /* Program name */ static FILE *fail; /* failure file stream */ static time_t seconds; /* that number of days in seconds */ static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ @@ -543,11 +543,6 @@ int main (int argc, char **argv) short fail_max = 0; // initialize to silence compiler warning long days = 0; - /* - * Get the program name. The program name is used as a prefix to - * most error messages. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); diff --git a/src/free_subid_range.c b/src/free_subid_range.c index d9a2cd8d..441c2277 100644 --- a/src/free_subid_range.c +++ b/src/free_subid_range.c @@ -9,7 +9,7 @@ /* Test program for the subid freeing routine */ -const char *Prog; +static const char Prog[] = "free_subid_range"; static void usage(void) { @@ -25,7 +25,6 @@ int main(int argc, char *argv[]) struct subordinate_range range; bool group = false; // get subuids by default - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); while ((c = getopt(argc, argv, "g")) != EOF) { diff --git a/src/get_subid_owners.c b/src/get_subid_owners.c index 36974b84..e1c1e795 100644 --- a/src/get_subid_owners.c +++ b/src/get_subid_owners.c @@ -6,7 +6,7 @@ #include "prototypes.h" #include "shadowlog.h" -const char *Prog; +static const char Prog[] = "get_subid_owners"; static void usage(void) { @@ -21,7 +21,6 @@ int main(int argc, char *argv[]) int i, n; uid_t *uids; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); if (argc < 2) { diff --git a/src/getsubids.c b/src/getsubids.c index c91ae39e..fb645b19 100644 --- a/src/getsubids.c +++ b/src/getsubids.c @@ -7,7 +7,7 @@ #include "prototypes.h" #include "shadowlog.h" -const char *Prog; +static const char Prog[] = "getsubids"; static void usage(void) { @@ -23,7 +23,6 @@ int main(int argc, char *argv[]) struct subid_range *ranges; const char *owner; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); if (argc < 2) diff --git a/src/gpasswd.c b/src/gpasswd.c index 3b76ff8e..34205cc7 100644 --- a/src/gpasswd.c +++ b/src/gpasswd.c @@ -37,7 +37,7 @@ * Global variables */ /* The name of this command, as it is invoked */ -const char *Prog; +static const char Prog[] = "gpasswd"; #ifdef SHADOWGRP /* Indicate if shadow groups are enabled on the system @@ -968,11 +968,10 @@ int main (int argc, char **argv) * with this command. */ bywho = getuid (); - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); - OPENLOG ("gpasswd"); + OPENLOG (Prog); setbuf (stdout, NULL); setbuf (stderr, NULL); diff --git a/src/groupadd.c b/src/groupadd.c index 2eda1c68..c30a2008 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -50,7 +50,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "groupadd"; static /*@null@*/char *group_name; static gid_t group_id; @@ -542,7 +542,7 @@ static void check_perms (void) exit (1); } - retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); @@ -571,10 +571,6 @@ static void check_perms (void) */ int main (int argc, char **argv) { - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -585,7 +581,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); prefix = process_prefix_flag ("-P", argc, argv); - OPENLOG ("groupadd"); + OPENLOG (Prog); #ifdef WITH_AUDIT audit_help_open (); #endif @@ -605,7 +601,7 @@ int main (int argc, char **argv) check_perms (); if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name, - "groupadd")) { + Prog)) { exit(1); } @@ -628,7 +624,7 @@ int main (int argc, char **argv) grp_update (); close_files (); if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name, - "groupadd")) { + Prog)) { exit(1); } diff --git a/src/groupdel.c b/src/groupdel.c index bae4367b..3e3905fb 100644 --- a/src/groupdel.c +++ b/src/groupdel.c @@ -36,7 +36,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "groupdel"; static char *group_name; static gid_t group_id = -1; @@ -349,10 +349,6 @@ int main (int argc, char **argv) #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -363,7 +359,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); prefix = process_prefix_flag ("-P", argc, argv); - OPENLOG ("groupdel"); + OPENLOG (Prog); #ifdef WITH_AUDIT audit_help_open (); #endif @@ -389,7 +385,7 @@ int main (int argc, char **argv) exit (1); } - retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { @@ -463,7 +459,7 @@ int main (int argc, char **argv) } if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name, - "groupdel")) { + Prog)) { exit(1); } @@ -478,7 +474,7 @@ int main (int argc, char **argv) close_files (); if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name, - "groupdel")) { + Prog)) { exit(1); } diff --git a/src/groupmems.c b/src/groupmems.c index 1ac937ea..9c449086 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -44,7 +44,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "groupmems"; static char *adduser = NULL; static char *deluser = NULL; @@ -443,7 +443,7 @@ static void check_perms (void) fail_exit (1); } - retval = pam_start ("groupmems", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); @@ -573,10 +573,6 @@ int main (int argc, char **argv) char *name; const struct group *grp; - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -586,7 +582,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); - OPENLOG ("groupmems"); + OPENLOG (Prog); #ifdef SHADOWGRP is_shadowgrp = sgr_file_present (); diff --git a/src/groupmod.c b/src/groupmod.c index 7fd02d6f..5438342d 100644 --- a/src/groupmod.c +++ b/src/groupmod.c @@ -58,7 +58,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "groupmod"; #ifdef SHADOWGRP static bool is_shadow_grp; @@ -750,10 +750,6 @@ int main (int argc, char **argv) #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -764,7 +760,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); prefix = process_prefix_flag ("-P", argc, argv); - OPENLOG ("groupmod"); + OPENLOG (Prog); #ifdef WITH_AUDIT audit_help_open (); #endif @@ -790,7 +786,7 @@ int main (int argc, char **argv) exit (E_PAM_USERNAME); } - retval = pam_start ("groupmod", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { diff --git a/src/groups.c b/src/groups.c index a62f2f56..97c2843f 100644 --- a/src/groups.c +++ b/src/groups.c @@ -23,7 +23,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "groups"; /* local function prototypes */ static void print_groups (const char *member); @@ -97,10 +97,6 @@ int main (int argc, char **argv) (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); - /* - * Get the program name so that error messages can use it. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); diff --git a/src/grpck.c b/src/grpck.c index ec092b2c..4ef1b154 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -43,7 +43,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "grpck"; static const char *grp_file = GROUP_FILE; static bool use_system_grp_file = true; @@ -816,10 +816,6 @@ int main (int argc, char **argv) int errors = 0; bool changed = false; - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -829,7 +825,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); - OPENLOG ("grpck"); + OPENLOG (Prog); /* Parse the command line arguments */ process_flags (argc, argv); diff --git a/src/grpconv.c b/src/grpconv.c index 57d8d58e..591c8b10 100644 --- a/src/grpconv.c +++ b/src/grpconv.c @@ -36,7 +36,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "grpconv"; static bool gr_locked = false; static bool sgr_locked = false; @@ -123,7 +123,6 @@ int main (int argc, char **argv) const struct sgrp *sg; struct sgrp sgent; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -133,7 +132,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); - OPENLOG ("grpconv"); + OPENLOG (Prog); process_flags (argc, argv); diff --git a/src/grpunconv.c b/src/grpunconv.c index fc6cecf9..fbffbf53 100644 --- a/src/grpunconv.c +++ b/src/grpunconv.c @@ -36,7 +36,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "grpunconv"; static bool gr_locked = false; static bool sgr_locked = false; @@ -122,7 +122,6 @@ int main (int argc, char **argv) struct group grent; const struct sgrp *sg; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -132,7 +131,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); - OPENLOG ("grpunconv"); + OPENLOG (Prog); process_flags (argc, argv); diff --git a/src/lastlog.c b/src/lastlog.c index 1db66887..ed0c78c4 100644 --- a/src/lastlog.c +++ b/src/lastlog.c @@ -39,7 +39,7 @@ /* * Global variables */ -const char *Prog; /* Program name */ +static const char Prog[] = "lastlog"; /* Program name */ static FILE *lastlogfile; /* lastlog file stream */ static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ static bool has_umin = false; @@ -290,7 +290,6 @@ int main (int argc, char **argv) * Get the program name. The program name is used as a prefix to * most error messages. */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); diff --git a/src/login.c b/src/login.c index c0ae3a1b..c7d29483 100644 --- a/src/login.c +++ b/src/login.c @@ -64,7 +64,7 @@ static pam_handle_t *pamh = NULL; /* * Global variables */ -const char *Prog; +static const char Prog[] = "login"; static const char *hostname = ""; static /*@null@*/ /*@only@*/char *username = NULL; @@ -520,7 +520,6 @@ int main (int argc, char **argv) initenv (); amroot = (getuid () == 0); - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -587,7 +586,7 @@ int main (int argc, char **argv) } #endif /* RLOGIN */ - OPENLOG ("login"); + OPENLOG (Prog); setup_tty (); @@ -673,7 +672,7 @@ int main (int argc, char **argv) retries = getdef_unum ("LOGIN_RETRIES", RETRIES); #ifdef USE_PAM - retcode = pam_start ("login", username, &conv, &pamh); + retcode = pam_start (Prog, username, &conv, &pamh); if (retcode != PAM_SUCCESS) { fprintf (stderr, _("login: PAM Failure, aborting: %s\n"), diff --git a/src/logoutd.c b/src/logoutd.c index 3cfecaee..d10887bc 100644 --- a/src/logoutd.c +++ b/src/logoutd.c @@ -22,7 +22,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "logoutd"; #ifndef DEFAULT_HUP_MESG #define DEFAULT_HUP_MESG _("login time exceeded\n\n") @@ -157,11 +157,10 @@ main(int argc, char **argv) /* * Start syslogging everything */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); - OPENLOG ("logoutd"); + OPENLOG (Prog); /* * Scan the utmp file once per minute looking for users that diff --git a/src/new_subid_range.c b/src/new_subid_range.c index 523d480a..1ef71f36 100644 --- a/src/new_subid_range.c +++ b/src/new_subid_range.c @@ -9,7 +9,7 @@ /* Test program for the subid creation routine */ -const char *Prog; +static const char Prog[] = "new_subid_range"; static void usage(void) { @@ -28,7 +28,6 @@ int main(int argc, char *argv[]) bool group = false; // get subuids by default bool ok; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); while ((c = getopt(argc, argv, "gn")) != EOF) { diff --git a/src/newgidmap.c b/src/newgidmap.c index d6d29725..1d349598 100644 --- a/src/newgidmap.c +++ b/src/newgidmap.c @@ -23,7 +23,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "newgidmap"; static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) @@ -151,7 +151,6 @@ int main(int argc, char **argv) struct passwd *pw; bool allow_setgroups = false; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); diff --git a/src/newgrp.c b/src/newgrp.c index f786a96f..68e80fe9 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -28,7 +28,7 @@ /* * Global variables */ -const char *Prog; +static const char *Prog; extern char **newenvp; diff --git a/src/newuidmap.c b/src/newuidmap.c index e99655c9..5dd984f6 100644 --- a/src/newuidmap.c +++ b/src/newuidmap.c @@ -23,7 +23,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "newuidmap"; static bool verify_range(struct passwd *pw, struct map_range *range) { @@ -80,7 +80,6 @@ int main(int argc, char **argv) struct stat st; struct passwd *pw; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); diff --git a/src/newusers.c b/src/newusers.c index 2a3dd79e..3cc912e0 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -54,7 +54,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "newusers"; static bool rflg = false; /* create a system account */ #ifndef USE_PAM @@ -1056,7 +1056,6 @@ int main (int argc, char **argv) unsigned int nusers = 0; #endif /* USE_PAM */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); diff --git a/src/passwd.c b/src/passwd.c index 4549d95d..3ef0cf3f 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -45,7 +45,7 @@ /* * Global variables */ -const char *Prog; /* Program name */ +static const char Prog[] = "passwd"; /* Program name */ static char *name; /* The name of user whose password is being changed */ static char *myname; /* The current user's name */ @@ -731,11 +731,6 @@ int main (int argc, char **argv) sanitize_env (); - /* - * Get the program name. The program name is used as a prefix to - * most error messages. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -757,7 +752,7 @@ int main (int argc, char **argv) */ amroot = (getuid () == 0); - OPENLOG ("passwd"); + OPENLOG (Prog); { /* @@ -976,7 +971,7 @@ int main (int argc, char **argv) #ifdef WITH_SELINUX /* only do this check when getuid()==0 because it's a pre-condition for changing a password without entering the old one */ - if (amroot && (check_selinux_permit ("passwd") != 0)) { + if (amroot && (check_selinux_permit (Prog) != 0)) { SYSLOG ((LOG_ALERT, "root is not authorized by SELinux to change the password of %s", name)); @@ -47,7 +47,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "pwck"; static bool use_system_pw_file = true; static bool use_system_spw_file = true; @@ -833,10 +833,6 @@ int main (int argc, char **argv) int errors = 0; bool changed = false; - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -846,7 +842,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); - OPENLOG ("pwck"); + OPENLOG (Prog); /* Parse the command line arguments */ process_flags (argc, argv); diff --git a/src/pwconv.c b/src/pwconv.c index 0788d076..13d80ca6 100644 --- a/src/pwconv.c +++ b/src/pwconv.c @@ -66,7 +66,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "pwconv"; static bool spw_locked = false; static bool pw_locked = false; @@ -153,7 +153,6 @@ int main (int argc, char **argv) const struct spwd *sp; struct spwd spent; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -163,7 +162,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); - OPENLOG ("pwconv"); + OPENLOG (Prog); process_flags (argc, argv); diff --git a/src/pwunconv.c b/src/pwunconv.c index b8624359..9bc0ab6b 100644 --- a/src/pwunconv.c +++ b/src/pwunconv.c @@ -30,7 +30,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "pwunconv"; static bool spw_locked = false; static bool pw_locked = false; @@ -114,7 +114,6 @@ int main (int argc, char **argv) struct passwd pwent; const struct spwd *spwd; - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -124,7 +123,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); - OPENLOG ("pwunconv"); + OPENLOG (Prog); process_flags (argc, argv); @@ -61,7 +61,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "su"; static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */ static bool caller_is_root = false; static uid_t caller_uid; @@ -730,11 +730,6 @@ static void save_caller_context (char **argv) const char *password = NULL; #endif /* SU_ACCESS */ #endif /* !USE_PAM */ - /* - * Get the program name. The program name is used as a prefix to - * most error messages. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -1010,14 +1005,14 @@ int main (int argc, char **argv) save_caller_context (argv); - OPENLOG ("su"); + OPENLOG (Prog); process_flags (argc, argv); initenv (); #ifdef USE_PAM - ret = pam_start ("su", name, &conv, &pamh); + ret = pam_start (Prog, name, &conv, &pamh); if (PAM_SUCCESS != ret) { SYSLOG ((LOG_ERR, "pam_start: error %d", ret); fprintf (stderr, diff --git a/src/sulogin.c b/src/sulogin.c index 080b92f1..d7fe5fb8 100644 --- a/src/sulogin.c +++ b/src/sulogin.c @@ -27,7 +27,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "sulogin"; static char pass[BUFSIZ]; @@ -63,7 +63,6 @@ static void catch_signals (unused int sig) termio.c_lflag |= (ECHO | ECHOE | ECHOK | ICANON | ISIG); tcsetattr (0, TCSANOW, &termio); - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); (void) setlocale (LC_ALL, ""); diff --git a/src/useradd.c b/src/useradd.c index 5c62dbaf..896ff0dd 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -82,7 +82,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "useradd"; /* * These defaults are used if there is no defaults file. @@ -2518,10 +2518,6 @@ int main (int argc, char **argv) unsigned long subuid_count = 0; unsigned long subgid_count = 0; - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -2533,7 +2529,7 @@ int main (int argc, char **argv) prefix = process_prefix_flag("-P", argc, argv); - OPENLOG ("useradd"); + OPENLOG (Prog); #ifdef WITH_AUDIT audit_help_open (); #endif @@ -2585,7 +2581,7 @@ int main (int argc, char **argv) fail_exit (1); } - retval = pam_start ("useradd", pampw?pampw->pw_name:"root", &conv, &pamh); + retval = pam_start (Prog, pampw?pampw->pw_name:"root", &conv, &pamh); } if (PAM_SUCCESS == retval) { diff --git a/src/userdel.c b/src/userdel.c index f68b91ec..69c6d741 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -70,7 +70,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "userdel"; static char *user_name; static uid_t user_id; @@ -969,10 +969,6 @@ int main (int argc, char **argv) #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); (void) setlocale (LC_ALL, ""); @@ -982,7 +978,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); prefix = process_prefix_flag ("-P", argc, argv); - OPENLOG ("userdel"); + OPENLOG (Prog); #ifdef WITH_AUDIT audit_help_open (); #endif /* WITH_AUDIT */ @@ -1066,7 +1062,7 @@ int main (int argc, char **argv) exit (E_PW_UPDATE); } - retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { diff --git a/src/usermod.c b/src/usermod.c index 502d31be..59bd4495 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -86,7 +86,7 @@ /* * Global variables */ -const char *Prog; +static const char Prog[] = "usermod"; static char *user_name; static char *user_newname; @@ -2153,10 +2153,6 @@ int main (int argc, char **argv) #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ - /* - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); log_set_progname(Prog); log_set_logfd(stderr); @@ -2167,7 +2163,7 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); prefix = process_prefix_flag ("-P", argc, argv); - OPENLOG ("usermod"); + OPENLOG (Prog); #ifdef WITH_AUDIT audit_help_open (); #endif @@ -2213,7 +2209,7 @@ int main (int argc, char **argv) exit (1); } - retval = pam_start ("usermod", pampw->pw_name, &conv, &pamh); + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { |