You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

264 lines
7.7 KiB

diff -up shadow-4.1.5.1/man/lastlog.8.xml.unexpire shadow-4.1.5.1/man/lastlog.8.xml
--- shadow-4.1.5.1/man/lastlog.8.xml.unexpire 2012-05-25 13:45:28.000000000 +0200
+++ shadow-4.1.5.1/man/lastlog.8.xml 2016-04-28 15:09:11.026084219 +0200
@@ -105,6 +105,17 @@
</varlistentry>
<varlistentry>
<term>
+ <option>-C</option>, <option>--clear</option>
+ </term>
+ <listitem>
+ <para>
+ Clear lastlog record of an user. This option can be used only together
+ with <option>-u</option> (<option>--user</option>)).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>-h</option>, <option>--help</option>
</term>
<listitem>
@@ -124,6 +135,17 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>-S</option>, <option>--set</option>
+ </term>
+ <listitem>
+ <para>
+ Set lastlog record of an user to the current time. This option can be
+ used only together with <option>-u</option> (<option>--user</option>)).
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>
<option>-t</option>, <option>--time</option>
diff -up shadow-4.1.5.1/src/lastlog.c.unexpire shadow-4.1.5.1/src/lastlog.c
--- shadow-4.1.5.1/src/lastlog.c.unexpire 2011-11-06 21:54:18.000000000 +0100
+++ shadow-4.1.5.1/src/lastlog.c 2016-04-28 15:49:30.253371990 +0200
@@ -55,6 +55,13 @@
#endif
/*
+ * Needed for systems with older audit library.
+ */
+#ifndef AUDIT_ACCT_UNLOCK
+#define AUDIT_ACCT_UNLOCK 1136
+#endif
+
+/*
* Global variables
*/
const char *Prog; /* Program name */
@@ -71,6 +78,8 @@ static struct stat statbuf; /* fstat buf
static bool uflg = false; /* print only an user of range of users */
static bool tflg = false; /* print is restricted to most recent days */
static bool bflg = false; /* print excludes most recent days */
+static bool Cflg = false; /* clear record for user */
+static bool Sflg = false; /* set record for user */
#define NOW (time ((time_t *) 0))
@@ -83,8 +92,10 @@ static /*@noreturn@*/void usage (int sta
"Options:\n"),
Prog);
(void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout);
+ (void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+ (void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout);
(void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout);
(void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout);
(void) fputs ("\n", usageout);
@@ -194,6 +205,80 @@ static void print (void)
}
}
+static void update_one (/*@null@*/const struct passwd *pw)
+{
+ off_t offset;
+ struct lastlog ll;
+ int err;
+
+ if (NULL == pw) {
+ return;
+ }
+
+ offset = (off_t) pw->pw_uid * sizeof (ll);
+ /* fseeko errors are not really relevant for us. */
+ err = fseeko (lastlogfile, offset, SEEK_SET);
+ assert (0 == err);
+
+ memzero (&ll, sizeof (ll));
+
+ if (Sflg) {
+ ll.ll_time = NOW;
+#ifdef HAVE_LL_HOST
+ strcpy (ll.ll_host, "localhost");
+#endif
+ strcpy (ll.ll_line, "lastlog");
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+ "clearing-lastlog",
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+#endif
+ }
+#ifdef WITH_AUDIT
+ else {
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+ "refreshing-lastlog",
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+ }
+#endif
+
+ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
+ fprintf (stderr,
+ _("%s: Failed to update the entry for UID %lu\n"),
+ Prog, (unsigned long int)pw->pw_uid);
+ exit (EXIT_FAILURE);
+ }
+}
+
+static void update (void)
+{
+ const struct passwd *pwent;
+
+ if (!uflg) /* safety measure */
+ return;
+
+ if (has_umin && has_umax && (umin == umax)) {
+ update_one (getpwuid ((uid_t)umin));
+ } else {
+ setpwent ();
+ while ( (pwent = getpwent ()) != NULL ) {
+ if ((has_umin && (pwent->pw_uid < (uid_t)umin))
+ || (has_umax && (pwent->pw_uid > (uid_t)umax))) {
+ continue;
+ }
+ update_one (pwent);
+ }
+ endpwent ();
+ }
+
+ if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
+ fprintf (stderr,
+ _("%s: Failed to update the lastlog file\n"),
+ Prog);
+ exit (EXIT_FAILURE);
+ }
+}
+
int main (int argc, char **argv)
{
/*
@@ -208,18 +293,24 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv);
+#ifdef WITH_AUDIT
+ audit_help_open ();
+#endif
+
{
int c;
static struct option const longopts[] = {
{"before", required_argument, NULL, 'b'},
+ {"clear", no_argument, NULL, 'C'},
{"help", no_argument, NULL, 'h'},
{"root", required_argument, NULL, 'R'},
+ {"set", no_argument, NULL, 'S'},
{"time", required_argument, NULL, 't'},
{"user", required_argument, NULL, 'u'},
{NULL, 0, NULL, '\0'}
};
- while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
+ while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
NULL)) != -1) {
switch (c) {
case 'b':
@@ -235,11 +326,21 @@ int main (int argc, char **argv)
bflg = true;
break;
}
+ case 'C':
+ {
+ Cflg = true;
+ break;
+ }
case 'h':
usage (EXIT_SUCCESS);
/*@notreached@*/break;
case 'R': /* no-op, handled in process_root_flag () */
break;
+ case 'S':
+ {
+ Sflg = true;
+ break;
+ }
case 't':
{
unsigned long days;
@@ -294,9 +395,21 @@ int main (int argc, char **argv)
Prog, argv[optind]);
usage (EXIT_FAILURE);
}
+ if (Cflg && Sflg) {
+ fprintf (stderr,
+ _("%s: Option -C cannot be used together with option -S\n"),
+ Prog);
+ usage (EXIT_FAILURE);
+ }
+ if ((Cflg || Sflg) && !uflg) {
+ fprintf (stderr,
+ _("%s: Options -C and -S require option -u to specify the user\n"),
+ Prog);
+ usage (EXIT_FAILURE);
+ }
}
- lastlogfile = fopen (LASTLOG_FILE, "r");
+ lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
if (NULL == lastlogfile) {
perror (LASTLOG_FILE);
exit (EXIT_FAILURE);
@@ -310,7 +423,10 @@ int main (int argc, char **argv)
exit (EXIT_FAILURE);
}
- print ();
+ if (Cflg || Sflg)
+ update ();
+ else
+ print ();
(void) fclose (lastlogfile);
diff -up shadow-4.1.5.1/src/Makefile.am.unexpire shadow-4.1.5.1/src/Makefile.am
--- shadow-4.1.5.1/src/Makefile.am.unexpire 2011-11-18 22:23:30.000000000 +0100
+++ shadow-4.1.5.1/src/Makefile.am 2016-04-28 15:09:11.027084241 +0200
@@ -90,6 +90,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID)
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
login_SOURCES = \
login.c \
login_nopam.c
diff -up shadow-4.1.5.1/src/Makefile.in.unexpire shadow-4.1.5.1/src/Makefile.in
--- shadow-4.1.5.1/src/Makefile.in.unexpire 2012-05-25 13:56:51.000000000 +0200
+++ shadow-4.1.5.1/src/Makefile.in 2016-04-28 15:09:11.027084241 +0200
@@ -162,7 +162,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1)
$(top_builddir)/lib/libshadow.la
lastlog_SOURCES = lastlog.c
lastlog_OBJECTS = lastlog.$(OBJEXT)
-lastlog_LDADD = $(LDADD)
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la