[Pkg-shadow-commits] r2101 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Tue Jun 10 18:56:23 UTC 2008
Author: nekral-guest
Date: 2008-06-10 18:56:23 +0000 (Tue, 10 Jun 2008)
New Revision: 2101
Modified:
upstream/trunk/ChangeLog
upstream/trunk/src/login.c
Log:
* src/login.c: Avoid multi-statements lines.
* src/login.c: Ignore the return value of pam_end() before
exiting.
* src/login.c: Use a bool when possible instead of int integers.
* src/login.c: Add brackets and parenthesis.
* src/login.c: Ignore the return values of fflush(), putchar(), puts().
* src/login.c: Ignore the return value of fclose() for read-only
files.
* src/login.c: Avoid assignments in comparisons.
* src/login.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-06-10 17:56:53 UTC (rev 2100)
+++ upstream/trunk/ChangeLog 2008-06-10 18:56:23 UTC (rev 2101)
@@ -1,5 +1,19 @@
2008-06-10 Nicolas François <nicolas.francois at centraliens.net>
+ * src/login.c: Avoid multi-statements lines.
+ * src/login.c: Ignore the return value of pam_end() before
+ exiting.
+ * src/login.c: Use a bool when possible instead of int integers.
+ * src/login.c: Add brackets and parenthesis.
+ * src/login.c: Ignore the return values of fflush(), putchar(), puts().
+ * src/login.c: Ignore the return value of fclose() for read-only
+ files.
+ * src/login.c: Avoid assignments in comparisons.
+ * src/login.c: Ignore return value of setlocale(),
+ bindtextdomain(), and textdomain().
+
+2008-06-10 Nicolas François <nicolas.francois at centraliens.net>
+
* src/chage.c: Use a bool when possible instead of int integers.
* src/chage.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
Modified: upstream/trunk/src/login.c
===================================================================
--- upstream/trunk/src/login.c 2008-06-10 17:56:53 UTC (rev 2100)
+++ upstream/trunk/src/login.c 2008-06-10 18:56:23 UTC (rev 2101)
@@ -60,10 +60,11 @@
#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
SYSLOG((LOG_ERR,"%s",pam_strerror(pamh, retcode))); \
- pam_end(pamh, retcode); exit(1); \
+ (void) pam_end(pamh, retcode); \
+ exit(1); \
}
#define PAM_END { retcode = pam_close_session(pamh,0); \
- pam_end(pamh,retcode); }
+ (void) pam_end(pamh,retcode); }
#endif /* USE_PAM */
@@ -90,23 +91,23 @@
extern struct utmp utent;
struct lastlog lastlog;
-static int pflg = 0;
-static int fflg = 0;
+static bool pflg = false;
+static bool fflg = false;
#ifdef RLOGIN
-static int rflg = 0;
+static bool rflg = false;
#else
-#define rflg 0
+#define rflg false
#endif
-static int hflg = 0;
-static int preauth_flag = 0;
+static bool hflg = false;
+static bool preauth_flag = false;
/*
* Global variables.
*/
static char *Prog;
-static int amroot;
+static bool amroot;
static int timeout;
/*
@@ -151,8 +152,9 @@
static void usage (void)
{
fprintf (stderr, _("Usage: %s [-p] [name]\n"), Prog);
- if (!amroot)
+ if (!amroot) {
exit (1);
+ }
fprintf (stderr, _(" %s [-p] [-h host] [-f name]\n"), Prog);
#ifdef RLOGIN
fprintf (stderr, _(" %s [-p] -r host\n"), Prog);
@@ -190,8 +192,8 @@
*/
static void bad_time_notify (void)
{
- puts (_("Invalid login time"));
- fflush (stdout);
+ (void) puts (_("Invalid login time"));
+ (void) fflush (stdout);
}
static void check_nologin (void)
@@ -206,7 +208,7 @@
* forgotten about it ...
*/
fname = getdef_str ("NOLOGINS_FILE");
- if (fname != NULL && access (fname, F_OK) == 0) {
+ if ((NULL != fname) && (access (fname, F_OK) == 0)) {
FILE *nlfp;
int c;
@@ -214,17 +216,20 @@
* Cat the file if it can be opened, otherwise just
* print a default message
*/
- if ((nlfp = fopen (fname, "r"))) {
+ nlfp = fopen (fname, "r");
+ if (NULL != nlfp) {
while ((c = getc (nlfp)) != EOF) {
- if (c == '\n')
- putchar ('\r');
+ if (c == '\n') {
+ (void) putchar ('\r');
+ }
- putchar (c);
+ (void) putchar (c);
}
- fflush (stdout);
- fclose (nlfp);
- } else
- puts (_("\nSystem closed for routine maintenance"));
+ (void) fflush (stdout);
+ (void) fclose (nlfp);
+ } else {
+ (void) puts (_("\nSystem closed for routine maintenance"));
+ }
/*
* Non-root users must exit. Root gets the message, but
* gets to login.
@@ -249,8 +254,9 @@
* clever rlogin, telnet, and getty holes.
*/
for (arg = 1; arg < argc; arg++) {
- if (argv[arg][0] == '-' && strlen (argv[arg]) > 2)
+ if (argv[arg][0] == '-' && strlen (argv[arg]) > 2) {
usage ();
+ }
if (strcmp(argv[arg], "--") == 0) {
break; /* stop checking on a "--" */
}
@@ -265,7 +271,8 @@
#endif
char *tmp;
- if ((tmp = getenv ("LANG"))) {
+ tmp = getenv ("LANG");
+ if (NULL != tmp) {
addenv ("LANG", tmp);
}
@@ -273,23 +280,33 @@
* Add the timezone environmental variable so that time functions
* work correctly.
*/
- if ((tmp = getenv ("TZ"))) {
+ tmp = getenv ("TZ");
+ if (NULL != tmp) {
addenv ("TZ", tmp);
}
#ifndef USE_PAM
- else if ((cp = getdef_str ("ENV_TZ")))
- addenv (*cp == '/' ? tz (cp) : cp, NULL);
+ else {
+ cp = getdef_str ("ENV_TZ");
+ if (NULL != cp) {
+ addenv (('/' == *cp) ? tz (cp) : cp, NULL);
+ }
+ }
#endif /* !USE_PAM */
/*
* Add the clock frequency so that profiling commands work
* correctly.
*/
- if ((tmp = getenv ("HZ"))) {
+ tmp = getenv ("HZ");
+ if (NULL != tmp) {
addenv ("HZ", tmp);
}
#ifndef USE_PAM
- else if ((cp = getdef_str ("ENV_HZ")))
- addenv (cp, NULL);
+ else {
+ cp = getdef_str ("ENV_HZ");
+ if (NULL != cp) {
+ addenv (cp, NULL);
+ }
+ }
#endif /* !USE_PAM */
}
@@ -332,11 +349,11 @@
int reason = PW_LOGIN;
int delay;
int retries;
- int failed;
+ bool failed;
int flag;
- int subroot = 0;
+ bool subroot = false;
#ifndef USE_PAM
- int is_console;
+ bool is_console;
#endif
int err;
const char *cp;
@@ -361,9 +378,9 @@
sanitize_env ();
- setlocale (LC_ALL, "");
- bindtextdomain (PACKAGE, LOCALEDIR);
- textdomain (PACKAGE);
+ (void) setlocale (LC_ALL, "");
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
+ (void) textdomain (PACKAGE);
initenv ();
@@ -387,26 +404,28 @@
* normal user name passed after all options
* --benc
*/
- if (optarg != NULL && optarg != argv[optind - 1])
+ if (optarg != NULL && optarg != argv[optind - 1]) {
usage ();
- fflg++;
- if (optarg)
+ }
+ fflg = true;
+ if (optarg) {
STRFCPY (username, optarg);
+ }
break;
case 'h':
- hflg++;
+ hflg = true;
hostname = optarg;
reason = PW_TELNET;
break;
#ifdef RLOGIN
case 'r':
- rflg++;
+ rflg = true;
hostname = optarg;
reason = PW_RLOGIN;
break;
#endif
case 'p':
- pflg++;
+ pflg = true;
break;
default:
usage ();
@@ -418,8 +437,9 @@
* Neither -h nor -f should be combined with -r.
*/
- if (rflg && (hflg || fflg))
+ if (rflg && (hflg || fflg)) {
usage ();
+ }
#endif
/*
@@ -431,8 +451,9 @@
exit (1);
}
- if (!isatty (0) || !isatty (1) || !isatty (2))
+ if ((isatty (0) == 0) || (isatty (1) == 0) || (isatty (2) == 0)) {
exit (1); /* must be a terminal */
+ }
/*
* Be picky if run by normal users (possible if installed setuid
@@ -460,7 +481,8 @@
* gethostbyname() is not 100% reliable (the remote host may
* be unknown, etc.). --marekm
*/
- if ((he = gethostbyname (hostname))) {
+ he = gethostbyname (hostname);
+ if (NULL != he) {
utent.ut_addr = *((int32_t *) (he->h_addr_list[0]));
#endif
#ifdef UT_HOST
@@ -482,18 +504,22 @@
* workaround for init/getty leaving junk in ut_host at least in
* some version of RedHat. --marekm
*/
- else if (amroot)
+ else if (amroot) {
memzero (utent.ut_host, sizeof utent.ut_host);
+ }
#endif
- if (fflg)
- preauth_flag++;
- if (hflg)
+ if (fflg) {
+ preauth_flag = true;
+ }
+ if (hflg) {
reason = PW_RLOGIN;
+ }
#ifdef RLOGIN
- if (rflg
+ if ( rflg
&& do_rlogin (hostname, username, sizeof username,
- term, sizeof term))
- preauth_flag++;
+ term, sizeof term)) {
+ preauth_flag = true;
+ }
#endif
OPENLOG ("login");
@@ -512,8 +538,9 @@
*/
long limit = getdef_long ("ULIMIT", -1L);
- if (limit != -1)
+ if (limit != -1) {
set_filesize_limit (limit);
+ }
}
#endif
@@ -521,60 +548,78 @@
* The entire environment will be preserved if the -p flag
* is used.
*/
- if (pflg)
- while (*envp) /* add inherited environment, */
- addenv (*envp++, NULL); /* some variables change later */
+ if (pflg) {
+ while (NULL != *envp) { /* add inherited environment, */
+ addenv (*envp, NULL); /* some variables change later */
+ envp++;
+ }
+ }
#ifdef RLOGIN
- if (term[0] != '\0')
+ if (term[0] != '\0') {
addenv ("TERM", term);
- else
+ } else
#endif
+ {
/* preserve TERM from getty */
- if (!pflg && (tmp = getenv ("TERM")))
- addenv ("TERM", tmp);
+ if (!pflg) {
+ tmp = getenv ("TERM");
+ if (NULL != tmp) {
+ addenv ("TERM", tmp);
+ }
+ }
+ }
init_env ();
if (optind < argc) { /* get the user name */
- if (rflg || (fflg && username[0]))
+ if (rflg || (fflg && ('\0' != username[0]))) {
usage ();
+ }
STRFCPY (username, argv[optind]);
strzero (argv[optind]);
++optind;
}
- if (optind < argc) /* now set command line variables */
+ if (optind < argc) { /* now set command line variables */
set_env (argc - optind, &argv[optind]);
+ }
- if (rflg || hflg)
+ if (rflg || hflg) {
cp = hostname;
- else
+ } else {
+ /* FIXME: What is the priority:
+ * UT_HOST or HAVE_UTMPX_H? */
#ifdef UT_HOST
- if (utent.ut_host[0])
- cp = utent.ut_host;
- else
+ if ('\0' != utent.ut_host[0]) {
+ cp = utent.ut_host;
+ } else
#endif
#if HAVE_UTMPX_H
- if (utxent.ut_host[0])
- cp = utxent.ut_host;
- else
+ if ('\0' != utxent.ut_host[0]) {
+ cp = utxent.ut_host;
+ } else
#endif
- cp = "";
+ {
+ cp = "";
+ }
+ }
- if (*cp)
+ if ('\0' != *cp) {
snprintf (fromhost, sizeof fromhost,
" on '%.100s' from '%.200s'", tty, cp);
- else
+ } else {
snprintf (fromhost, sizeof fromhost,
" on '%.100s'", tty);
+ }
top:
/* only allow ALARM sec. for login */
signal (SIGALRM, alarm_handler);
timeout = getdef_num ("LOGIN_TIMEOUT", ALARM);
- if (timeout > 0)
+ if (timeout > 0) {
alarm (timeout);
+ }
environ = newenvp; /* make new environment active */
delay = getdef_num ("FAIL_DELAY", 1);
@@ -604,20 +649,21 @@
retcode = pam_fail_delay (pamh, 1000000 * delay);
PAM_FAIL_CHECK;
#endif
- /* if fflg == 1, then the user has already been authenticated */
+ /* if fflg, then the user has already been authenticated */
if (!fflg || (getuid () != 0)) {
int failcount = 0;
char hostn[256];
char loginprompt[256]; /* That's one hell of a prompt :) */
/* Make the login prompt look like we want it */
- if (!gethostname (hostn, sizeof (hostn)))
+ if (gethostname (hostn, sizeof (hostn)) == 0) {
snprintf (loginprompt,
sizeof (loginprompt),
_("%s login: "), hostn);
- else
+ } else {
snprintf (loginprompt,
sizeof (loginprompt), _("login: "));
+ }
retcode =
pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
@@ -627,8 +673,9 @@
set it to NULL */
pam_get_item (pamh, PAM_USER,
(const void **)ptr_pam_user);
- if (pam_user[0] == '\0')
+ if (pam_user[0] == '\0') {
pam_set_item (pamh, PAM_USER, NULL);
+ }
/*
* There may be better ways to deal with some of
@@ -639,29 +686,32 @@
* MAX_LOGIN_TRIES?
*/
failcount = 0;
- while (1) {
+ while (true) {
const char *failent_user;
- failed = 0;
+ failed = false;
failcount++;
- if (delay > 0)
+ if (delay > 0) {
retcode = pam_fail_delay(pamh, 1000000*delay);
+ }
retcode = pam_authenticate (pamh, 0);
pam_get_item (pamh, PAM_USER,
(const void **) ptr_pam_user);
- if (pam_user && pam_user[0]) {
+ if ((NULL != pam_user) && ('\0' != pam_user[0])) {
pwd = xgetpwnam(pam_user);
- if (pwd) {
+ if (NULL != pwd) {
pwent = *pwd;
failent_user = pwent.pw_name;
} else {
- if (getdef_bool("LOG_UNKFAIL_ENAB") && pam_user)
+ if ( getdef_bool("LOG_UNKFAIL_ENAB")
+ && (NULL != pam_user)) {
failent_user = pam_user;
- else
+ } else {
failent_user = "UNKNOWN";
+ }
}
} else {
pwd = NULL;
@@ -687,11 +737,12 @@
SYSLOG ((LOG_NOTICE,"FAILED LOGIN (%d)%s FOR `%s', %s",
failcount, fromhost, failent_user,
pam_strerror (pamh, retcode)));
- failed = 1;
+ failed = true;
}
- if (!failed)
+ if (!failed) {
break;
+ }
#ifdef WITH_AUDIT
{
@@ -701,7 +752,7 @@
audit_fd = audit_open ();
/* local, no need for xgetpwnam */
pw = getpwnam (username);
- if (pw) {
+ if (NULL != pw) {
snprintf (buf, sizeof (buf),
"uid=%d", pw->pw_uid);
audit_log_user_message
@@ -720,10 +771,10 @@
}
#endif /* WITH_AUDIT */
- fprintf(stderr,"\nLogin incorrect\n");
+ fprintf (stderr, "\nLogin incorrect\n");
/* Let's give it another go around */
- pam_set_item(pamh,PAM_USER,NULL);
+ pam_set_item (pamh, PAM_USER, NULL);
}
/* We don't get here unless they were authenticated above */
@@ -745,7 +796,7 @@
retcode =
pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
pwd = xgetpwnam (pam_user);
- if (!pwd) {
+ if (NULL == pwd) {
SYSLOG ((LOG_ERR, "xgetpwnam(%s) failed",
getdef_bool ("LOG_UNKFAIL_ENAB") ?
pam_user : "UNKNOWN"));
@@ -757,8 +808,9 @@
PAM_FAIL_CHECK;
}
- if (setup_groups (pwd))
+ if (setup_groups (pwd) != 0) {
exit (1);
+ }
pwent = *pwd;
@@ -770,14 +822,14 @@
PAM_FAIL_CHECK;
#else /* ! USE_PAM */
- while (1) { /* repeatedly get login/password pairs */
- failed = 0; /* haven't failed authentication yet */
- if (!username[0]) { /* need to get a login id */
+ while (true) { /* repeatedly get login/password pairs */
+ failed = false; /* haven't failed authentication yet */
+ if ('\0' == username[0]) { /* need to get a login id */
if (subroot) {
closelog ();
exit (1);
}
- preauth_flag = 0;
+ preauth_flag = false;
login_prompt (_("\n%s login: "), username,
sizeof username);
continue;
@@ -785,32 +837,36 @@
#endif /* ! USE_PAM */
#ifdef USE_PAM
- if (!(pwd = xgetpwnam (pam_user))) {
+ pwd = xgetpwnam (pam_user);
+ if (NULL == pwd) {
pwent.pw_name = pam_user;
#else
- if (!(pwd = xgetpwnam (username))) {
+ pwd = xgetpwnam (username);
+ if (NULL == pwd) {
pwent.pw_name = username;
#endif
strcpy (temp_pw, "!");
pwent.pw_passwd = temp_pw;
pwent.pw_shell = temp_shell;
- preauth_flag = 0;
- failed = 1;
+ preauth_flag = false;
+ failed = true;
} else {
pwent = *pwd;
}
#ifndef USE_PAM
spwd = NULL;
- if (pwd && strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) == 0) {
+ if ( (NULL != pwd)
+ && (strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) == 0)) {
/* !USE_PAM, no need for xgetspnam */
spwd = getspnam (username);
- if (spwd)
+ if (NULL != spwd) {
pwent.pw_passwd = spwd->sp_pwdp;
- else
+ } else {
SYSLOG ((LOG_WARN,
"no shadow password for `%s'%s",
username, fromhost));
+ }
}
/*
@@ -818,19 +874,23 @@
* is locked and the user cannot login, even if they have
* been "pre-authenticated."
*/
- if (pwent.pw_passwd[0] == '!' || pwent.pw_passwd[0] == '*')
- failed = 1;
+ if ( ('!' == pwent.pw_passwd[0])
+ || ('*' == pwent.pw_passwd[0])) {
+ failed = true;
+ }
/*
* The -r and -f flags provide a name which has already
* been authenticated by some server.
*/
- if (preauth_flag)
+ if (preauth_flag) {
goto auth_ok;
+ }
- if (pw_auth
- (pwent.pw_passwd, username, reason, (char *) 0) == 0)
+ if (pw_auth (pwent.pw_passwd, username,
+ reason, (char *) 0) == 0) {
goto auth_ok;
+ }
/*
* Don't log unknown usernames - I mistyped the password for
@@ -838,10 +898,10 @@
* for those who really want to log them. --marekm
*/
SYSLOG ((LOG_WARN, "invalid password for `%s' %s",
- (pwd
+ ( (NULL != pwd)
|| getdef_bool ("LOG_UNKFAIL_ENAB")) ?
username : "UNKNOWN", fromhost));
- failed = 1;
+ failed = true;
auth_ok:
/*
@@ -849,39 +909,44 @@
* If you reach this far, your password has been
* authenticated and so on.
*/
- if (!failed && pwent.pw_name && pwent.pw_uid == 0
+ if ( !failed
+ && (NULL != pwent.pw_name)
+ && (0 == pwent.pw_uid)
&& !is_console) {
SYSLOG ((LOG_CRIT, "ILLEGAL ROOT LOGIN %s", fromhost));
- failed = 1;
+ failed = true;
}
- if (!failed
+ if ( !failed
&& !login_access (username, *hostname ? hostname : tty)) {
SYSLOG ((LOG_WARN, "LOGIN `%s' REFUSED %s",
username, fromhost));
- failed = 1;
+ failed = true;
}
- if (pwd && getdef_bool ("FAILLOG_ENAB") &&
- !failcheck (pwent.pw_uid, &faillog, failed)) {
+ if ( (NULL != pwd)
+ && getdef_bool ("FAILLOG_ENAB")
+ && !failcheck (pwent.pw_uid, &faillog, failed)) {
SYSLOG ((LOG_CRIT,
"exceeded failure limit for `%s' %s",
username, fromhost));
- failed = 1;
+ failed = true;
}
- if (!failed)
+ if (!failed) {
break;
+ }
/* don't log non-existent users */
- if (pwd && getdef_bool ("FAILLOG_ENAB"))
+ if ((NULL != pwd) && getdef_bool ("FAILLOG_ENAB")) {
failure (pwent.pw_uid, tty, &faillog);
+ }
if (getdef_str ("FTMP_FILE") != NULL) {
const char *failent_user;
#if HAVE_UTMPX_H
failent = utxent;
- if (sizeof (failent.ut_tv) == sizeof (struct timeval))
- gettimeofday ((struct timeval *)
- &failent.ut_tv, NULL);
- else {
+ if (sizeof (failent.ut_tv) == sizeof (struct timeval)) {
+ gettimeofday ((struct timeval *) &failent.ut_tv,
+ NULL);
+ } else {
struct timeval tv;
gettimeofday (&tv, NULL);
@@ -892,13 +957,14 @@
failent = utent;
failent.ut_time = time (NULL);
#endif
- if (pwd) {
+ if (NULL != pwd) {
failent_user = pwent.pw_name;
} else {
- if (getdef_bool ("LOG_UNKFAIL_ENAB"))
+ if (getdef_bool ("LOG_UNKFAIL_ENAB")) {
failent_user = username;
- else
+ } else {
failent_user = "UNKNOWN";
+ }
}
strncpy (failent.ut_user, failent_user,
sizeof (failent.ut_user));
@@ -907,9 +973,11 @@
}
memzero (username, sizeof username);
- if (--retries <= 0)
+ retries--;
+ if (retries <= 0) {
SYSLOG ((LOG_CRIT, "REPEATED login failures%s",
fromhost));
+ }
/*
* If this was a passwordless account and we get here, login
* was denied (securetty, faillog, etc.). There was no
@@ -917,21 +985,23 @@
* guys won't see that the passwordless account exists at
* all). --marekm
*/
- if (pwent.pw_passwd[0] == '\0')
+ if (pwent.pw_passwd[0] == '\0') {
pw_auth ("!", username, reason, (char *) 0);
+ }
/*
* Wait a while (a la SVR4 /usr/bin/login) before attempting
* to login the user again. If the earlier alarm occurs
* before the sleep() below completes, login will exit.
*/
- if (delay > 0)
+ if (delay > 0) {
sleep (delay);
+ }
puts (_("Login incorrect"));
/* allow only one attempt with -r or -f */
- if (rflg || fflg || retries <= 0) {
+ if (rflg || fflg || (retries <= 0)) {
closelog ();
exit (1);
}
@@ -944,8 +1014,8 @@
* authenticated. now prints a message, as suggested
* by Ivan Nejgebauer <ian at unsux.ns.ac.yu>. --marekm
*/
- if (getdef_bool ("PORTTIME_CHECKS_ENAB") &&
- !isttytime (pwent.pw_name, tty, time ((time_t *) 0))) {
+ if ( getdef_bool ("PORTTIME_CHECKS_ENAB")
+ && !isttytime (pwent.pw_name, tty, time ((time_t *) 0))) {
SYSLOG ((LOG_WARN, "invalid login time for `%s'%s",
username, fromhost));
closelog ();
@@ -956,8 +1026,9 @@
check_nologin ();
#endif
- if (getenv ("IFS")) /* don't export user IFS ... */
+ if (getenv ("IFS")) { /* don't export user IFS ... */
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
+ }
#ifdef USE_PAM
setutmp (pam_user, tty, hostname); /* make entry in utmp & wtmp files */
@@ -967,7 +1038,7 @@
if (pwent.pw_shell[0] == '*') { /* subsystem root */
pwent.pw_shell++; /* skip the '*' */
subsystem (&pwent); /* figure out what to execute */
- subroot++; /* say I was here again */
+ subroot = true; /* say I was here again */
endpwent (); /* close all of the file which were */
endgrent (); /* open in the original rooted file */
endspent (); /* system. they will be re-opened */
@@ -990,8 +1061,9 @@
#endif /* WITH_AUDIT */
#ifndef USE_PAM /* pam_lastlog handles this */
- if (getdef_bool ("LASTLOG_ENAB")) /* give last login and log this one */
+ if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */
dolastlog (&lastlog, &pwent, utent.ut_line, hostname);
+ }
#endif
#ifndef USE_PAM /* PAM handles this as well */
@@ -1007,8 +1079,9 @@
pwd = getpwnam (username);
/* !USE_PAM, no need for xgetspnam */
spwd = getspnam (username);
- if (pwd)
+ if (pwd) {
pwent = *pwd;
+ }
}
}
setup_limits (&pwent); /* nice, ulimit etc. */
@@ -1028,7 +1101,7 @@
Prog, strerror (errno));
PAM_END;
exit (0);
- } else if (child) {
+ } else if (child != 0) {
/*
* parent - wait for child to finish, then cleanup
* session
@@ -1042,8 +1115,9 @@
/* If we were init, we need to start a new session */
if (getppid() == 1) {
setsid();
- if (ioctl(0, TIOCSCTTY, 1))
- fprintf(stderr,_("TIOCSCTTY failed on %s"),tty);
+ if (ioctl(0, TIOCSCTTY, 1) != 0) {
+ fprintf (stderr,_("TIOCSCTTY failed on %s"),tty);
+ }
}
/* We call set_groups() above because this clobbers pam_groups.so */
@@ -1052,7 +1126,9 @@
#else
if (change_uid (&pwent))
#endif
+ {
exit (1);
+ }
setup_env (&pwent); /* set env vars, cd to the home dir */
@@ -1061,7 +1137,7 @@
const char *const *env;
env = (const char *const *) pam_getenvlist (pamh);
- while (env && *env) {
+ while ((NULL != env) && (NULL != *env)) {
addenv (*env, NULL);
env++;
}
@@ -1080,12 +1156,12 @@
*/
#ifndef USE_PAM
motd (); /* print the message of the day */
- if (getdef_bool ("FAILLOG_ENAB")
- && faillog.fail_cnt != 0) {
+ if ( getdef_bool ("FAILLOG_ENAB")
+ && (0 != faillog.fail_cnt)) {
failprint (&faillog);
/* Reset the lockout times if logged in */
- if (faillog.fail_max &&
- faillog.fail_cnt >= faillog.fail_max) {
+ if ( (0 != faillog.fail_max)
+ && (faillog.fail_cnt >= faillog.fail_max)) {
puts (_
("Warning: login re-enabled after temporary lockout."));
SYSLOG ((LOG_WARN,
@@ -1093,8 +1169,8 @@
username, (int) faillog.fail_cnt));
}
}
- if (getdef_bool ("LASTLOG_ENAB")
- && lastlog.ll_time != 0) {
+ if ( getdef_bool ("LASTLOG_ENAB")
+ && (lastlog.ll_time != 0)) {
time_t ll_time = lastlog.ll_time;
#ifdef HAVE_STRFTIME
@@ -1108,10 +1184,11 @@
ctime (&ll_time), lastlog.ll_line);
#endif
#ifdef HAVE_LL_HOST /* __linux__ || SUN4 */
- if (lastlog.ll_host[0])
+ if ('\0' != lastlog.ll_host[0]) {
printf (_(" from %.*s"),
(int) sizeof lastlog.
ll_host, lastlog.ll_host);
+ }
#endif
printf (".\n");
}
@@ -1119,11 +1196,14 @@
mailcheck (); /* report on the status of mail */
#endif /* !USE_PAM */
- } else
+ } else {
addenv ("HUSHLOGIN=TRUE", NULL);
+ }
- if (getdef_str ("TTYTYPE_FILE") != NULL && getenv ("TERM") == NULL)
+ if ( (NULL != getdef_str ("TTYTYPE_FILE"))
+ && (NULL == getenv ("TERM"))) {
ttytype (tty);
+ }
signal (SIGQUIT, SIG_DFL); /* default quit signal */
signal (SIGTERM, SIG_DFL); /* default terminate signal */
@@ -1137,21 +1217,25 @@
#ifdef SHADOWGRP
endsgent (); /* stop access to shadow group file */
#endif
- if (pwent.pw_uid == 0)
+ if (0 == pwent.pw_uid) {
SYSLOG ((LOG_NOTICE, "ROOT LOGIN %s", fromhost));
- else if (getdef_bool ("LOG_OK_LOGINS"))
+ } else if (getdef_bool ("LOG_OK_LOGINS")) {
#ifdef USE_PAM
SYSLOG ((LOG_INFO, "`%s' logged in %s", pam_user, fromhost));
#else
SYSLOG ((LOG_INFO, "`%s' logged in %s", username, fromhost));
#endif
+ }
closelog ();
- if ((tmp = getdef_str ("FAKE_SHELL")) != NULL)
+ tmp = getdef_str ("FAKE_SHELL");
+ if (NULL != tmp) {
err = shell (tmp, pwent.pw_shell, newenvp); /* fake shell */
- else
+ } else {
/* exec the shell finally */
err = shell (pwent.pw_shell, (char *) 0, newenvp);
+ }
exit (err == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
/* NOT REACHED */
return 0;
}
+
More information about the Pkg-shadow-commits
mailing list