From 11f9734993fa17767014ba24e50f31d1042b88eb Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Tue, 10 Dec 2024 03:23:30 +0100 Subject: [PATCH 1/9] lib/, src/: Reduce scope of local variables Signed-off-by: Alejandro Colomar --- lib/prefix_flag.c | 10 ++++------ lib/root_flag.c | 10 ++++------ src/chpasswd.c | 3 ++- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/lib/prefix_flag.c b/lib/prefix_flag.c index c09b8d082..bcf5d504f 100644 --- a/lib/prefix_flag.c +++ b/lib/prefix_flag.c @@ -53,13 +53,11 @@ static FILE* fp_grent = NULL; */ extern const char* process_prefix_flag (const char* short_opt, int argc, char **argv) { - /* - * Parse the command line options. - */ - int i; - const char *prefix = NULL, *val; + const char *prefix = NULL; + + for (int i = 0; i < argc; i++) { + const char *val; - for (i = 0; i < argc; i++) { val = NULL; if ( streq(argv[i], "--prefix") || ((strncmp (argv[i], "--prefix=", 9) == 0) diff --git a/lib/root_flag.c b/lib/root_flag.c index f63aa6496..84a659807 100644 --- a/lib/root_flag.c +++ b/lib/root_flag.c @@ -34,13 +34,11 @@ static void change_root (const char* newroot); */ extern void process_root_flag (const char* short_opt, int argc, char **argv) { - /* - * Parse the command line options. - */ - int i; - const char *newroot = NULL, *val; + const char *newroot = NULL; + + for (int i = 0; i < argc; i++) { + const char *val; - for (i = 0; i < argc; i++) { val = NULL; if ( streq(argv[i], "--root") || ((strncmp (argv[i], "--root=", 7) == 0) diff --git a/src/chpasswd.c b/src/chpasswd.c index 5d9c42c10..edab544ec 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -446,7 +446,6 @@ int main (int argc, char **argv) char buf[BUFSIZ]; char *name; char *newpwd; - char *cp; const char *salt; #ifdef USE_PAM @@ -503,6 +502,8 @@ int main (int argc, char **argv) * present. */ while (fgets (buf, sizeof buf, stdin) != NULL) { + char *cp; + line++; if (stpsep(buf, "\n") == NULL) { if (feof (stdin) == 0) { From 0cb53ee9767bee22901a8742a6d963a7a9734ba2 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Fri, 26 Jul 2024 11:13:37 +0200 Subject: [PATCH 2/9] lib/string/strcmp/: strprefix(): Add API Signed-off-by: Alejandro Colomar --- lib/Makefile.am | 2 ++ lib/string/strcmp/strprefix.c | 10 +++++++ lib/string/strcmp/strprefix.h | 52 +++++++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+) create mode 100644 lib/string/strcmp/strprefix.c create mode 100644 lib/string/strcmp/strprefix.h diff --git a/lib/Makefile.am b/lib/Makefile.am index dc67df9e8..17d5a2920 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -206,6 +206,8 @@ libshadow_la_SOURCES = \ string/strchr/strrspn.h \ string/strcmp/streq.c \ string/strcmp/streq.h \ + string/strcmp/strprefix.c \ + string/strcmp/strprefix.h \ string/strcpy/stpecpy.c \ string/strcpy/stpecpy.h \ string/strcpy/strncat.c \ diff --git a/lib/string/strcmp/strprefix.c b/lib/string/strcmp/strprefix.c new file mode 100644 index 000000000..31209cfa4 --- /dev/null +++ b/lib/string/strcmp/strprefix.c @@ -0,0 +1,10 @@ +// SPDX-FileCopyrightText: 2024, Alejandro Colomar +// SPDX-License-Identifier: BSD-3-Clause + + +#include + +#include "string/strcmp/strprefix.h" + + +extern inline const char *strprefix_(const char *s, const char *prefix); diff --git a/lib/string/strcmp/strprefix.h b/lib/string/strcmp/strprefix.h new file mode 100644 index 000000000..c24555f58 --- /dev/null +++ b/lib/string/strcmp/strprefix.h @@ -0,0 +1,52 @@ +// SPDX-FileCopyrightText: 2024, Alejandro Colomar +// SPDX-License-Identifier: BSD-3-Clause + + +#ifndef SHADOW_INCLUDE_LIB_STRING_STRCMP_STRPREFIX_H_ +#define SHADOW_INCLUDE_LIB_STRING_STRCMP_STRPREFIX_H_ + + +#include + +#include +#include + +#include "attr.h" +#include "cast.h" + + +#define strprefix(s, prefix) \ +({ \ + const char *p_; \ + \ + p_ = strprefix_(s, prefix); \ + \ + _Generic(s, \ + const char *: p_, \ + const void *: p_, \ + char *: const_cast(char *, p_), \ + void *: const_cast(char *, p_) \ + ); \ +}) + + +ATTR_STRING(1) +ATTR_STRING(2) +inline const char *strprefix_(const char *s, const char *prefix); + + +/* + * Return NULL if s does not start with prefix. + * Return `s + strlen(prefix)` if s starts with prefix. + */ +inline const char * +strprefix_(const char *s, const char *prefix) +{ + if (strncmp(s, prefix, strlen(prefix)) != 0) + return NULL; + + return s + strlen(prefix); +} + + +#endif // include guard From 416a4dfd35c43801854cb72decd5f67bd0199fea Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Tue, 10 Dec 2024 04:38:45 +0100 Subject: [PATCH 3/9] lib/, src/: Use s=strprefix(s,p)?:s instead of its pattern This skips an optional prefix. Signed-off-by: Alejandro Colomar --- lib/console.c | 5 ++--- lib/limits.c | 5 ++--- lib/strtoday.c | 5 ++--- lib/user_busy.c | 5 ++--- lib/utmp.c | 6 ++---- src/newgrp.c | 5 +++-- 6 files changed, 13 insertions(+), 18 deletions(-) diff --git a/lib/console.c b/lib/console.c index 283893311..23d775de8 100644 --- a/lib/console.c +++ b/lib/console.c @@ -17,6 +17,7 @@ #include "getdef.h" #include "prototypes.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strcpy/strtcpy.h" #include "string/strtok/stpsep.h" @@ -103,9 +104,7 @@ is_listed(const char *cfgin, const char *tty, bool def) bool console (const char *tty) { - if (strncmp (tty, "/dev/", 5) == 0) { - tty += 5; - } + tty = strprefix(tty, "/dev/") ?: tty; return is_listed ("CONSOLE", tty, true); } diff --git a/lib/limits.c b/lib/limits.c index 9fb1a1ffb..3983638cb 100644 --- a/lib/limits.c +++ b/lib/limits.c @@ -38,6 +38,7 @@ #include "string/memset/memzero.h" #include "string/strchr/stpspn.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "typetraits.h" @@ -473,9 +474,7 @@ void setup_limits (const struct passwd *info) } } for (cp = info->pw_gecos; cp != NULL; cp = strchr (cp, ',')) { - if (',' == *cp) { - cp++; - } + cp = strprefix(cp, ",") ?: cp; if (strncmp (cp, "pri=", 4) == 0) { int inc; diff --git a/lib/strtoday.c b/lib/strtoday.c index 01f2e9b7e..00f7da5b1 100644 --- a/lib/strtoday.c +++ b/lib/strtoday.c @@ -16,6 +16,7 @@ #include "prototypes.h" #include "string/strchr/stpspn.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" /* @@ -50,9 +51,7 @@ long strtoday (const char *str) /* If a numerical value is provided, this is already a number of * days since EPOCH. */ - if ('-' == *s) { - s++; - } + s = strprefix(s, "-") ?: s; s = stpspn(s, " "); while (isnum && !streq(s, "")) { if (!isdigit (*s)) { diff --git a/lib/user_busy.c b/lib/user_busy.c index 73c380bcc..e4b19afe4 100644 --- a/lib/user_busy.c +++ b/lib/user_busy.c @@ -29,6 +29,7 @@ #include "shadowlog.h" #include "string/sprintf/snprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #ifdef __linux__ @@ -204,9 +205,7 @@ static int user_busy_processes (const char *name, uid_t uid) || streq(tmp_d_name, "..")) { continue; } - if (*tmp_d_name == '.') { - tmp_d_name++; - } + tmp_d_name = strprefix(tmp_d_name, ".") ?: tmp_d_name; /* Check if this is a valid PID */ if (get_pid(tmp_d_name, &pid) == -1) { diff --git a/lib/utmp.c b/lib/utmp.c index 6dc1f5df2..09fc2c9eb 100644 --- a/lib/utmp.c +++ b/lib/utmp.c @@ -27,6 +27,7 @@ #include "alloc/x/xmalloc.h" #include "sizeof.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strcpy/strncpy.h" #include "string/strcpy/strtcpy.h" #include "string/strdup/xstrdup.h" @@ -261,10 +262,7 @@ prepare_utmp(const char *name, const char *line, const char *host, hostname = XSTRNDUP(ut->ut_host); #endif - if (strncmp(line, "/dev/", 5) == 0) { - line += 5; - } - + line = strprefix(line, "/dev/") ?: line; utent = XCALLOC(1, struct utmpx); diff --git a/src/newgrp.c b/src/newgrp.c index 6e05277f6..500d44012 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -30,6 +30,7 @@ #include "shadowlog.h" #include "string/sprintf/snprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strdup/xstrdup.h" #include @@ -259,9 +260,9 @@ static void syslog_sg (const char *name, const char *group) } if (tty == NULL) { tty = "???"; - } else if (strncmp (tty, "/dev/", 5) == 0) { - tty += 5; } + tty = strprefix(tty, "/dev/") ?: tty; + SYSLOG ((LOG_INFO, "user '%s' (login '%s' on %s) switched to group '%s'", name, loginname, tty, group)); From 70bfb775c3119ef2000a148af694d1e015618ca1 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Tue, 10 Dec 2024 04:58:12 +0100 Subject: [PATCH 4/9] lib/, src/: Use strprefix() instead of its pattern Signed-off-by: Alejandro Colomar --- lib/copydir.c | 3 ++- lib/env.c | 5 +++-- src/newgidmap.c | 9 ++++++--- src/userdel.c | 3 ++- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/copydir.c b/lib/copydir.c index 6312399e5..3a6c132b5 100644 --- a/lib/copydir.c +++ b/lib/copydir.c @@ -40,6 +40,7 @@ #include "shadowlog.h" #include "string/sprintf/xasprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" static /*@null@*/const char *src_orig; @@ -576,7 +577,7 @@ static int copy_symlink (const struct path_info *src, const struct path_info *ds * create a link to the corresponding entry in the dst_orig * directory. */ - if (strncmp(oldlink, src_orig, strlen(src_orig)) == 0) { + if (strprefix(oldlink, src_orig)) { char *dummy; xasprintf(&dummy, "%s%s", dst_orig, oldlink + strlen(src_orig)); diff --git a/lib/env.c b/lib/env.c index 9cb313712..df1a2c08a 100644 --- a/lib/env.c +++ b/lib/env.c @@ -23,6 +23,7 @@ #include "shadowlog.h" #include "string/sprintf/snprintf.h" #include "string/sprintf/xasprintf.h" +#include "string/strcmp/strprefix.h" #include "string/strdup/xstrdup.h" @@ -175,7 +176,7 @@ void set_env (int argc, char *const *argv) const char *const *p; for (p = forbid; NULL != *p; p++) { - if (strncmp (*argv, *p, strlen (*p)) == 0) { + if (strprefix(*argv, *p)) { break; } } @@ -210,7 +211,7 @@ void sanitize_env (void) for (cur = envp; NULL != *cur; cur++) { for (bad = forbid; NULL != *bad; bad++) { - if (strncmp (*cur, *bad, strlen (*bad)) == 0) { + if (strprefix(*cur, *bad)) { for (move = cur; NULL != *move; move++) { *move = *(move + 1); } diff --git a/src/newgidmap.c b/src/newgidmap.c index b1bf80e2c..f6510550f 100644 --- a/src/newgidmap.c +++ b/src/newgidmap.c @@ -13,12 +13,15 @@ #include #include #include + #include "defines.h" -#include "prototypes.h" -#include "subordinateio.h" #include "getdef.h" #include "idmapping.h" +#include "prototypes.h" #include "shadowlog.h" +#include "string/strcmp/strprefix.h" +#include "subordinateio.h" + /* * Global variables @@ -116,7 +119,7 @@ static void write_setgroups(int proc_dir_fd, bool allow_setgroups) strerror(errno)); exit(EXIT_FAILURE); } - if (!strncmp(policy_buffer, policy, strlen(policy))) + if (strprefix(policy_buffer, policy)) goto out; /* Write the policy. */ diff --git a/src/userdel.c b/src/userdel.c index a267ae1d0..d9248e4ac 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -53,6 +53,7 @@ #include "shadowlog.h" #include "string/sprintf/xasprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strdup/xstrdup.h" @@ -759,7 +760,7 @@ static void user_cancel (const char *user) #ifdef EXTRA_CHECK_HOME_DIR static bool path_prefix (const char *s1, const char *s2) { - return ( (strncmp (s2, s1, strlen (s1)) == 0) + return ( strprefix(s2, s1) && ( ('\0' == s2[strlen (s1)]) || ('/' == s2[strlen (s1)]))); } From 8756b3a749497e2db84c23cb7f5bf1cf78ac7afd Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Tue, 10 Dec 2024 05:10:02 +0100 Subject: [PATCH 5/9] lib/env.c: sanitize_env(): Use !strprefix() instead of its pattern Signed-off-by: Alejandro Colomar --- lib/env.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/env.c b/lib/env.c index df1a2c08a..9a21a368e 100644 --- a/lib/env.c +++ b/lib/env.c @@ -223,7 +223,7 @@ void sanitize_env (void) for (cur = envp; NULL != *cur; cur++) { for (bad = noslash; NULL != *bad; bad++) { - if (strncmp (*cur, *bad, strlen (*bad)) != 0) { + if (!strprefix(*cur, *bad)) { continue; } if (strchr (*cur, '/') == NULL) { From 99a02a19b50489f65f37d47f22a2096c34fc3e2d Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Tue, 10 Dec 2024 03:00:18 +0100 Subject: [PATCH 6/9] lib/: Use strprefix() instead of its pattern Signed-off-by: Alejandro Colomar --- lib/getdate.y | 3 ++- lib/limits.c | 19 +++++++++++++------ lib/prefix_flag.c | 7 ++++--- lib/root_flag.c | 10 ++++++---- lib/user_busy.c | 2 +- src/login_nopam.c | 10 +++++----- src/newgidmap.c | 2 +- src/newgrp.c | 10 ++++++---- src/newuidmap.c | 9 ++++++--- 9 files changed, 44 insertions(+), 28 deletions(-) diff --git a/lib/getdate.y b/lib/getdate.y index a6f9bc674..6fcd8e2eb 100644 --- a/lib/getdate.y +++ b/lib/getdate.y @@ -33,6 +33,7 @@ #include "getdate.h" #include "string/strchr/stpspn.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" /* Some old versions of bison generate parsers that use bcopy. @@ -657,7 +658,7 @@ static int LookupWord (char *buff) { if (abbrev) { - if (strncmp (buff, tp->name, 3) == 0) + if (strprefix(tp->name, buff)) { yylval.Number = tp->value; return tp->type; diff --git a/lib/limits.c b/lib/limits.c index 3983638cb..b0846b163 100644 --- a/lib/limits.c +++ b/lib/limits.c @@ -474,12 +474,15 @@ void setup_limits (const struct passwd *info) } } for (cp = info->pw_gecos; cp != NULL; cp = strchr (cp, ',')) { + char *val; + cp = strprefix(cp, ",") ?: cp; - if (strncmp (cp, "pri=", 4) == 0) { + val = strprefix(cp, "pri="); + if (val != NULL) { int inc; - if (a2si(&inc, cp + 4, NULL, 0, -20, 20) == 0) { + if (a2si(&inc, val, NULL, 0, -20, 20) == 0) { errno = 0; if ( (nice (inc) != -1) || (0 != errno)) { @@ -494,10 +497,12 @@ void setup_limits (const struct passwd *info) continue; } - if (strncmp (cp, "ulimit=", 7) == 0) { + + val = strprefix(cp, "ulimit="); + if (val != NULL) { int blocks; - if ( (str2si(&blocks, cp + 7) == -1) + if ( (str2si(&blocks, val) == -1) || (set_filesize_limit (blocks) != 0)) { SYSLOG ((LOG_WARN, "Can't set the ulimit for user %s", @@ -505,10 +510,12 @@ void setup_limits (const struct passwd *info) } continue; } - if (strncmp (cp, "umask=", 6) == 0) { + + val = strprefix(cp, "umask="); + if (val != NULL) { mode_t mask; - if (str2i(mode_t, &mask, cp + 6) == -1) { + if (str2i(mode_t, &mask, val) == -1) { SYSLOG ((LOG_WARN, "Can't set umask value for user %s", info->pw_name)); diff --git a/lib/prefix_flag.c b/lib/prefix_flag.c index bcf5d504f..53c13fafb 100644 --- a/lib/prefix_flag.c +++ b/lib/prefix_flag.c @@ -30,6 +30,7 @@ #include "shadowlog.h" #include "string/sprintf/xasprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" static char *passwd_db_file = NULL; @@ -58,10 +59,10 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char ** for (int i = 0; i < argc; i++) { const char *val; - val = NULL; + val = strprefix(argv[i], "--prefix="); + if ( streq(argv[i], "--prefix") - || ((strncmp (argv[i], "--prefix=", 9) == 0) - && (val = argv[i] + 9)) + || val != NULL || streq(argv[i], short_opt)) { if (NULL != prefix) { diff --git a/lib/root_flag.c b/lib/root_flag.c index 84a659807..e8a5a6d26 100644 --- a/lib/root_flag.c +++ b/lib/root_flag.c @@ -17,6 +17,7 @@ #include "prototypes.h" #include "shadowlog.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include @@ -39,11 +40,12 @@ extern void process_root_flag (const char* short_opt, int argc, char **argv) for (int i = 0; i < argc; i++) { const char *val; - val = NULL; + val = strprefix(argv[i], "--root="); + if ( streq(argv[i], "--root") - || ((strncmp (argv[i], "--root=", 7) == 0) - && (val = argv[i] + 7)) - || streq(argv[i], short_opt)) { + || val != NULL + || streq(argv[i], short_opt)) + { if (NULL != newroot) { fprintf (log_get_logfd(), _("%s: multiple --root options\n"), diff --git a/lib/user_busy.c b/lib/user_busy.c index e4b19afe4..d689d34d6 100644 --- a/lib/user_busy.c +++ b/lib/user_busy.c @@ -127,7 +127,7 @@ static int check_status (const char *name, const char *sname, uid_t uid) return 0; } while (fgets (line, sizeof (line), sfile) == line) { - if (strncmp (line, "Uid:\t", 5) == 0) { + if (strprefix(line, "Uid:\t")) { unsigned long ruid, euid, suid; assert (uid == (unsigned long) uid); diff --git a/src/login_nopam.c b/src/login_nopam.c index 896ab9410..2a1292e39 100644 --- a/src/login_nopam.c +++ b/src/login_nopam.c @@ -61,6 +61,7 @@ #include "sizeof.h" #include "string/strchr/strrspn.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strtok/stpsep.h" @@ -287,8 +288,6 @@ static const char *resolve_hostname (const char *string) static bool from_match (char *tok, const char *string) { - size_t tok_len; - /* * If a token has the magic value "ALL" the match always succeeds. Return * true if the token fully matches the string. If the token is a domain @@ -305,7 +304,8 @@ static bool from_match (char *tok, const char *string) if (string_match (tok, string)) { /* ALL or exact match */ return true; } else if (tok[0] == '.') { /* domain: match last fields */ - size_t str_len; + size_t str_len, tok_len; + str_len = strlen (string); tok_len = strlen (tok); if ( (str_len > tok_len) @@ -316,8 +316,8 @@ static bool from_match (char *tok, const char *string) if (strchr (string, '.') == NULL) { return true; } - } else if ( (!streq(tok, "") && tok[(tok_len = strlen(tok)) - 1] == '.') /* network */ - && (strncmp (tok, resolve_hostname (string), tok_len) == 0)) { + } else if ( (!streq(tok, "") && tok[strlen(tok) - 1] == '.') /* network */ + && strprefix(resolve_hostname(string), tok)) { return true; } return false; diff --git a/src/newgidmap.c b/src/newgidmap.c index f6510550f..208e8da96 100644 --- a/src/newgidmap.c +++ b/src/newgidmap.c @@ -169,7 +169,7 @@ int main(int argc, char **argv) */ target_str = argv[1]; - if (strlen(target_str) > 3 && strncmp(target_str, "fd:", 3) == 0) { + if (strlen(target_str) > 3 && strprefix(target_str, "fd:")) { /* the user passed in a /proc/pid fd for the process */ target_str = &target_str[3]; proc_dir_fd = get_pidfd_from_fd(target_str); diff --git a/src/newgrp.c b/src/newgrp.c index 500d44012..6eb698cb6 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -780,11 +780,13 @@ int main (int argc, char **argv) } while (NULL != *envp) { - if (strncmp (*envp, "PATH=", 5) == 0 || - strncmp (*envp, "HOME=", 5) == 0 || - strncmp (*envp, "SHELL=", 6) == 0 || - strncmp (*envp, "TERM=", 5) == 0) + if (strprefix(*envp, "PATH=") || + strprefix(*envp, "HOME=") || + strprefix(*envp, "SHELL=") || + strprefix(*envp, "TERM=")) + { addenv (*envp, NULL); + } envp++; } diff --git a/src/newuidmap.c b/src/newuidmap.c index 8deb06f0b..40c64c777 100644 --- a/src/newuidmap.c +++ b/src/newuidmap.c @@ -13,12 +13,15 @@ #include #include #include + #include "defines.h" -#include "prototypes.h" -#include "subordinateio.h" #include "getdef.h" #include "idmapping.h" +#include "prototypes.h" #include "shadowlog.h" +#include "string/strcmp/strprefix.h" +#include "subordinateio.h" + /* * Global variables @@ -94,7 +97,7 @@ int main(int argc, char **argv) /* Find the process that needs its user namespace * uid mapping set. */ - if (strlen(target_str) > 3 && strncmp(target_str, "fd:", 3) == 0) { + if (strlen(target_str) > 3 && strprefix(target_str, "fd:")) { /* the user passed in a /proc/pid fd for the process */ target_str = &target_str[3]; proc_dir_fd = get_pidfd_from_fd(target_str); From fe82e6dd6a8a0fd64e4cffefff3fb98e3f407f53 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Tue, 10 Dec 2024 15:24:45 +0100 Subject: [PATCH 7/9] lib/: Use !strprefix() instead of its pattern Signed-off-by: Alejandro Colomar --- lib/port.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/port.c b/lib/port.c index b19ecd6be..a30e68189 100644 --- a/lib/port.c +++ b/lib/port.c @@ -50,7 +50,7 @@ static int portcmp (const char *pattern, const char *port) if (streq(orig, "SU")) return 1; - return (*pattern == '*') ? 0 : 1; + return !strprefix(pattern, "*"); } /* From 09a331cddd6c4984c7b604e5a85787b95884bac7 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Tue, 10 Dec 2024 15:52:14 +0100 Subject: [PATCH 8/9] src/check_subid_range.c: main(): Remove local variable Signed-off-by: Alejandro Colomar --- src/check_subid_range.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/check_subid_range.c b/src/check_subid_range.c index 482267581..f9b624159 100644 --- a/src/check_subid_range.c +++ b/src/check_subid_range.c @@ -27,7 +27,6 @@ static const char Prog[] = "check_subid_range"; int main(int argc, char **argv) { - bool check_uids; char *owner; uid_t start; unsigned long count; @@ -39,12 +38,11 @@ main(int argc, char **argv) exit(1); owner = argv[1]; - check_uids = argv[2][0] == 'u'; if (get_uid(argv[3], &start) == -1) exit(1); if (str2ul(&count, argv[4]) == -1) exit(1); - if (check_uids) { + if (argv[2][0] == 'u') { if (have_sub_uids(owner, start, count)) exit(0); exit(1); From 0b8d02a45c2155abc30b30b51f2ee930918d3362 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Tue, 10 Dec 2024 14:27:02 +0100 Subject: [PATCH 9/9] lib/, src/: Use strprefix() instead of its pattern Signed-off-by: Alejandro Colomar --- contrib/adduser.c | 3 ++- lib/commonio.c | 3 ++- lib/encrypt.c | 4 +++- lib/getdef.c | 3 ++- lib/limits.c | 6 +++--- lib/nss.c | 3 ++- lib/port.c | 3 ++- lib/setupenv.c | 3 ++- lib/ttytype.c | 3 ++- lib/yesno.c | 7 ++++--- src/check_subid_range.c | 7 ++++--- src/grpck.c | 3 ++- src/login.c | 11 ++++++----- src/login_nopam.c | 10 +++++----- src/newgrp.c | 2 +- src/passwd.c | 7 ++++--- src/pwck.c | 5 +++-- src/su.c | 5 +++-- src/suauth.c | 3 ++- src/sulogin.c | 3 ++- src/useradd.c | 3 ++- src/usermod.c | 3 ++- 22 files changed, 60 insertions(+), 40 deletions(-) diff --git a/contrib/adduser.c b/contrib/adduser.c index 8061c76a4..8efec7aa3 100644 --- a/contrib/adduser.c +++ b/contrib/adduser.c @@ -119,6 +119,7 @@ #include #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #define IMMEDIATE_CHANGE /* Expire newly created password, must be changed @@ -389,7 +390,7 @@ main (void) fflush (stdout); safeget (foo, sizeof (foo)); - done = bad = correct = (foo[0] == 'y' || foo[0] == 'Y'); + done = bad = correct = (strprefix(foo, "y") || strprefix(foo, "Y")); if (bad != 1) printf ("\nUser [%s] not added\n", usrname); diff --git a/lib/commonio.c b/lib/commonio.c index b7c9a2d41..e2fc18d7c 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -37,6 +37,7 @@ #include "string/memset/memzero.h" #include "string/sprintf/snprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strtok/stpsep.h" @@ -524,7 +525,7 @@ static void add_one_entry (struct commonio_db *db, static bool name_is_nis (const char *name) { - return (('+' == name[0]) || ('-' == name[0])); + return strprefix(name, "+") || strprefix(name, "-"); } diff --git a/lib/encrypt.c b/lib/encrypt.c index 9c1cb4067..1abe0a623 100644 --- a/lib/encrypt.c +++ b/lib/encrypt.c @@ -17,6 +17,8 @@ #include "prototypes.h" #include "defines.h" #include "shadowlog_internal.h" +#include "string/strcmp/strprefix.h" + /*@exposed@*//*@null@*/char *pw_encrypt (const char *clear, const char *salt) { @@ -35,7 +37,7 @@ /* Some crypt() do not return NULL if the algorithm is not * supported, and return a DES encrypted password. */ - if ((NULL != salt) && (salt[0] == '$') && (strlen (cp) <= 13)) + if ((NULL != salt) && strprefix(salt, "$") && (strlen (cp) <= 13)) { /*@observer@*/const char *method; switch (salt[1]) diff --git a/lib/getdef.c b/lib/getdef.c index d234fe18b..da3627b08 100644 --- a/lib/getdef.c +++ b/lib/getdef.c @@ -33,6 +33,7 @@ #include "string/strchr/stpspn.h" #include "string/strchr/strrspn.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strtok/stpsep.h" @@ -567,7 +568,7 @@ static void def_load (void) * Break the line into two fields. */ name = stpspn(buf, " \t"); /* first nonwhite */ - if (streq(name, "") || *name == '#') + if (streq(name, "") || strprefix(name, "#")) continue; /* comment or empty */ s = stpsep(name, " \t"); /* next field */ diff --git a/lib/limits.c b/lib/limits.c index b0846b163..1fba0fcef 100644 --- a/lib/limits.c +++ b/lib/limits.c @@ -63,7 +63,7 @@ static int setrlimit_value (unsigned int resource, /* The "-" is special, not belonging to a strange negative limit. * It is infinity, in a controlled way. */ - if ('-' == value[0]) { + if (strprefix(value, "-")) { limit = RLIM_INFINITY; } else { @@ -371,7 +371,7 @@ static int setup_user_limits (const char *uname) * FIXME: A better (smarter) checking should be done */ while (fgets (buf, 1024, fil) != NULL) { - if (('#' == buf[0]) || ('\n' == buf[0])) { + if (strprefix(buf, "#") || strprefix(buf, "\n")) { continue; } MEMZERO(tempbuf); @@ -402,7 +402,7 @@ static int setup_user_limits (const char *uname) break; } else if (streq(name, "*")) { strcpy (deflimits, tempbuf); - } else if (name[0] == '@') { + } else if (strprefix(name, "@")) { /* If the user is in the group, the group * limits apply unless later a line for * the specific user is found. diff --git a/lib/nss.c b/lib/nss.c index f1cf1351b..598809073 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -17,6 +17,7 @@ #include "string/sprintf/snprintf.h" #include "string/strchr/stpspn.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strtok/stpsep.h" @@ -79,7 +80,7 @@ nss_init(const char *nsswitch_path) { } p = NULL; while (getline(&line, &len, nssfp) != -1) { - if (line[0] == '#') + if (strprefix(line, "#")) continue; if (strlen(line) < 8) continue; diff --git a/lib/port.c b/lib/port.c index a30e68189..7e1a7b70e 100644 --- a/lib/port.c +++ b/lib/port.c @@ -20,6 +20,7 @@ #include "port.h" #include "prototypes.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strtok/stpsep.h" @@ -140,7 +141,7 @@ getportent(void) errno = saveerr; return NULL; } - if ('#' == buf[0]) + if (strprefix(buf, "#")) goto next; stpsep(buf, "\n"); diff --git a/lib/setupenv.c b/lib/setupenv.c index 63f7fb95d..5af2809b6 100644 --- a/lib/setupenv.c +++ b/lib/setupenv.c @@ -29,6 +29,7 @@ #include "string/sprintf/xasprintf.h" #include "string/strchr/stpspn.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strdup/xstrdup.h" #include "string/strtok/stpsep.h" @@ -61,7 +62,7 @@ static void read_env_file (const char *filename) cp = buf; /* ignore whitespace and comments */ cp = stpspn(cp, " \t"); - if (streq(cp, "") || ('#' == *cp)) { + if (streq(cp, "") || strprefix(cp, "#")) { continue; } /* diff --git a/lib/ttytype.c b/lib/ttytype.c index 740510421..3514f2941 100644 --- a/lib/ttytype.c +++ b/lib/ttytype.c @@ -18,6 +18,7 @@ #include "getdef.h" #include "prototypes.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strtok/stpsep.h" @@ -47,7 +48,7 @@ void ttytype (const char *line) return; } while (fgets (buf, sizeof buf, fp) == buf) { - if (buf[0] == '#') { + if (strprefix(buf, "#")) { continue; } diff --git a/lib/yesno.c b/lib/yesno.c index 029cd815e..27f156bca 100644 --- a/lib/yesno.c +++ b/lib/yesno.c @@ -14,7 +14,9 @@ #include #include #include + #include "prototypes.h" +#include "string/strcmp/strprefix.h" /* @@ -76,10 +78,9 @@ yes_or_no(bool read_only) static int rpmatch(const char *response) { - if (response[0] == 'y' || response[0] == 'Y') + if (strprefix(response, "y") || strprefix(response, "Y")) return 1; - - if (response[0] == 'n' || response[0] == 'n') + if (strprefix(response, "n") || strprefix(response, "N")) return 0; return -1; diff --git a/src/check_subid_range.c b/src/check_subid_range.c index f9b624159..3223f5c33 100644 --- a/src/check_subid_range.c +++ b/src/check_subid_range.c @@ -15,10 +15,11 @@ #include "atoi/getnum.h" #include "atoi/str2i/str2u.h" #include "defines.h" -#include "prototypes.h" -#include "subordinateio.h" #include "idmapping.h" +#include "prototypes.h" #include "shadowlog.h" +#include "string/strcmp/strprefix.h" +#include "subordinateio.h" static const char Prog[] = "check_subid_range"; @@ -42,7 +43,7 @@ main(int argc, char **argv) exit(1); if (str2ul(&count, argv[4]) == -1) exit(1); - if (argv[2][0] == 'u') { + if (strprefix(argv[2], "u")) { if (have_sub_uids(owner, start, count)) exit(0); exit(1); diff --git a/src/grpck.c b/src/grpck.c index d3f2baee6..5fcf6fadf 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -25,6 +25,7 @@ #include "shadowlog.h" #include "sssd.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #ifdef SHADOWGRP #include "sgroupio.h" @@ -470,7 +471,7 @@ static void check_grp_file (bool *errors, bool *changed) * Skip all NIS entries. */ - if ((gre->line[0] == '+') || (gre->line[0] == '-')) { + if (strprefix(gre->line, "+") || strprefix(gre->line, "-")) { continue; } diff --git a/src/login.c b/src/login.c index 2866b1523..57e106b82 100644 --- a/src/login.c +++ b/src/login.c @@ -41,6 +41,7 @@ #include "string/memset/memzero.h" #include "string/sprintf/snprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strcpy/strtcpy.h" #include "string/strdup/xstrdup.h" #include "string/strftime.h" @@ -267,7 +268,7 @@ static void process_flags (int argc, char *const *argv) * clever telnet, and getty holes. */ for (arg = 1; arg < argc; arg++) { - if (argv[arg][0] == '-' && strlen (argv[arg]) > 2) { + if (strprefix(argv[arg], "-") && strlen(argv[arg]) > 2) { usage (); } if (streq(argv[arg], "--")) { @@ -348,7 +349,7 @@ static void init_env (void) else { cp = getdef_str ("ENV_TZ"); if (NULL != cp) { - addenv (('/' == *cp) ? tz (cp) : cp, NULL); + addenv(strprefix(cp, "/") ? tz(cp) : cp, NULL); } } #endif /* !USE_PAM */ @@ -856,8 +857,8 @@ int main (int argc, char **argv) * login, even if they have been * "pre-authenticated." */ - if ( ('!' == user_passwd[0]) - || ('*' == user_passwd[0])) { + if ( strprefix(user_passwd, "!") + || strprefix(user_passwd, "*")) { failed = true; } @@ -1015,7 +1016,7 @@ int main (int argc, char **argv) addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */ } - if (pwd->pw_shell[0] == '*') { /* subsystem root */ + if (strprefix(pwd->pw_shell, "*")) { /* subsystem root */ pwd->pw_shell++; /* skip the '*' */ subsystem (pwd); /* figure out what to execute */ subroot = true; /* say I was here again */ diff --git a/src/login_nopam.c b/src/login_nopam.c index 2a1292e39..0e1e6b871 100644 --- a/src/login_nopam.c +++ b/src/login_nopam.c @@ -109,7 +109,7 @@ login_access(const char *user, const char *from) TABLE, lineno)); continue; } - if (line[0] == '#') { + if (strprefix(line, "#")) { continue; /* comment line */ } stpcpy(strrspn(line, " \t"), ""); @@ -140,7 +140,7 @@ login_access(const char *user, const char *from) int err = errno; SYSLOG ((LOG_ERR, "cannot open %s: %s", TABLE, strerror (err))); } - return (!match || (line[0] == '+'))?1:0; + return (!match || strprefix(line, "+"))?1:0; } /* list_match - match an item against a list of tokens with exceptions */ @@ -224,7 +224,7 @@ static bool user_match (char *tok, const char *string) if (host != NULL) { return user_match(tok, string) && from_match(host, myhostname()); #if HAVE_INNETGR - } else if (tok[0] == '@') { /* netgroup */ + } else if (strprefix(tok, "@")) { /* netgroup */ return (netgroup_match (tok + 1, NULL, string)); #endif } else if (string_match (tok, string)) { /* ALL or exact match */ @@ -297,13 +297,13 @@ static bool from_match (char *tok, const char *string) * if it matches the head of the string. */ #if HAVE_INNETGR - if (tok[0] == '@') { /* netgroup */ + if (strprefix(tok, "@")) { /* netgroup */ return (netgroup_match (tok + 1, string, NULL)); } else #endif if (string_match (tok, string)) { /* ALL or exact match */ return true; - } else if (tok[0] == '.') { /* domain: match last fields */ + } else if (strprefix(tok, ".")) { /* domain: match last fields */ size_t str_len, tok_len; str_len = strlen (string); diff --git a/src/newgrp.c b/src/newgrp.c index 6eb698cb6..3d228a5bf 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -520,7 +520,7 @@ int main (int argc, char **argv) * Do the command line for "newgrp". It's just making sure * there aren't any flags and getting the new group name. */ - if ((argc > 0) && (argv[0][0] == '-')) { + if ((argc > 0) && strprefix(argv[0], "-")) { usage (); goto failure; } else if (argv[0] != NULL) { diff --git a/src/passwd.c b/src/passwd.c index cc79960a5..7656c315c 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -35,6 +35,7 @@ #include "string/memset/memzero.h" #include "string/sprintf/xasprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strcpy/strtcpy.h" #include "string/strdup/xstrdup.h" #include "time/day_to_str.h" @@ -401,7 +402,7 @@ static void check_password (const struct passwd *pw, const struct spwd *sp) * changed. Passwords which have been inactive too long cannot be * changed. */ - if ( (sp->sp_pwdp[0] == '!') + if ( strprefix(sp->sp_pwdp, "!") || (exp_status > 1) || ( (sp->sp_max >= 0) && (sp->sp_min > sp->sp_max))) { @@ -438,7 +439,7 @@ static void check_password (const struct passwd *pw, const struct spwd *sp) static /*@observer@*/const char *pw_status (const char *pass) { - if (*pass == '*' || *pass == '!') { + if (strprefix(pass, "*") || strprefix(pass, "!")) { return "L"; } if (streq(pass, "")) { @@ -519,7 +520,7 @@ static char *update_crypt_pw (char *cp) if (dflg) strcpy(cp, ""); - if (uflg && *cp == '!') { + if (uflg && strprefix(cp, "!")) { if (cp[1] == '\0') { (void) fprintf (stderr, _("%s: unlocking the password would result in a passwordless account.\n" diff --git a/src/pwck.c b/src/pwck.c index b485a5a87..6272839fd 100644 --- a/src/pwck.c +++ b/src/pwck.c @@ -29,6 +29,7 @@ #include "shadowlog.h" #include "sssd.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #ifdef WITH_TCB #include "tcbfuncs.h" #endif /* WITH_TCB */ @@ -383,7 +384,7 @@ static void check_pw_file (bool *errors, bool *changed) * If this is a NIS line, skip it. You can't "know" what NIS * is going to do without directly asking NIS ... */ - if (('+' == pfe->line[0]) || ('-' == pfe->line[0])) { + if (strprefix(pfe->line, "+") || strprefix(pfe->line, "-")) { continue; } @@ -708,7 +709,7 @@ static void check_spw_file (bool *errors, bool *changed) * If this is a NIS line, skip it. You can't "know" what NIS * is going to do without directly asking NIS ... */ - if (('+' == spe->line[0]) || ('-' == spe->line[0])) { + if (strprefix(spe->line, "+") || strprefix(spe->line, "-")) { continue; } diff --git a/src/su.c b/src/su.c index 970ff1b3c..0902c49a6 100644 --- a/src/su.c +++ b/src/su.c @@ -62,6 +62,7 @@ #include "string/sprintf/snprintf.h" #include "string/sprintf/xasprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strcpy/strtcpy.h" #include "string/strdup/xstrdup.h" @@ -714,7 +715,7 @@ static /*@only@*/struct passwd * do_check_perms (void) * the shell specified in /etc/passwd (not the one specified with * --shell, which will be the one executed in the chroot later). */ - if ('*' == pw->pw_shell[0]) { /* subsystem root required */ + if (strprefix(pw->pw_shell, "*")) { /* subsystem root required */ subsystem (pw); /* change to the subsystem root */ endpwent (); /* close the old password databases */ endspent (); @@ -915,7 +916,7 @@ static void set_environment (struct passwd *pw) #ifndef USE_PAM cp = getdef_str ("ENV_TZ"); if (NULL != cp) { - addenv (('/' == *cp) ? tz (cp) : cp, NULL); + addenv(strprefix(cp, "/") ? tz(cp) : cp, NULL); } /* diff --git a/src/suauth.c b/src/suauth.c index aab7e9867..556e7ae93 100644 --- a/src/suauth.c +++ b/src/suauth.c @@ -22,6 +22,7 @@ #include "string/strchr/stpspn.h" #include "string/strchr/strrspn.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strtok/stpsep.h" @@ -87,7 +88,7 @@ check_su_auth(const char *actual_id, const char *wanted_id, bool su_to_root) stpcpy(strrspn(temp, " \t"), ""); p = stpspn(temp, " \t"); - if (*p == '#' || streq(p, "")) + if (strprefix(p, "#") || streq(p, "")) continue; to_users = strsep(&p, ":"); diff --git a/src/sulogin.c b/src/sulogin.c index 655a583ab..e2e491aec 100644 --- a/src/sulogin.c +++ b/src/sulogin.c @@ -28,6 +28,7 @@ #include "exitcodes.h" #include "shadowlog.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strdup/xstrdup.h" @@ -117,7 +118,7 @@ main(int argc, char *argv[]) #ifndef USE_PAM env = getdef_str ("ENV_TZ"); if (NULL != env) { - addenv (('/' == *env) ? tz (env) : env, NULL); + addenv(strprefix(env, "/") ? tz(env) : env, NULL); } env = getdef_str ("ENV_HZ"); if (NULL != env) { diff --git a/src/useradd.c b/src/useradd.c index 562ba44fc..8aecfa5e1 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -68,6 +68,7 @@ #include "string/sprintf/snprintf.h" #include "string/sprintf/xasprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strdup/xstrdup.h" #include "string/strtok/stpsep.h" @@ -2259,7 +2260,7 @@ static void create_home (void) */ for (cp = strtok(bhome, "/"); cp != NULL; cp = strtok(NULL, "/")) { /* Avoid turning a relative path into an absolute path. */ - if (bhome[0] == '/' || !streq(path, "")) + if (strprefix(bhome, "/") || !streq(path, "")) strcat(path, "/"); strcat(path, cp); diff --git a/src/usermod.c b/src/usermod.c index 7ea1a7244..ef37458b8 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -65,6 +65,7 @@ #include "string/memset/memzero.h" #include "string/sprintf/xasprintf.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #include "string/strdup/xstrdup.h" #include "time/day_to_str.h" @@ -436,7 +437,7 @@ static char *new_pw_passwd (char *pw_pass) SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname)); xasprintf(&buf, "!%s", pw_pass); pw_pass = buf; - } else if (Uflg && pw_pass[0] == '!') { + } else if (Uflg && strprefix(pw_pass, "!")) { if (pw_pass[1] == '\0') { fprintf (stderr, _("%s: unlocking the user's password would result in a passwordless account.\n"