]> git.pld-linux.org Git - packages/shadow.git/blame - shadow-selinux.patch
projects / packages / shadow.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- release 3
[packages/shadow.git] / shadow-selinux.patch
CommitLineData
38a55db2 1--- shadow-4.0.3.orig/lib/prototypes.h
2+++ shadow-4.0.3/lib/prototypes.h
3@@ -37,6 +37,10 @@
4 extern int isexpired(const struct passwd *);
5 #endif
6
7+#ifdef CONFIG_FLASK
8+#include <linux/flask/flask_types.h>
9+#endif
10+
11 /* basename() renamed to Basename() to avoid libc name space confusion */
12 /* basename.c */
13 extern char *Basename(char *str);
14@@ -48,7 +52,11 @@
15 extern int chown_tree(const char *, uid_t, uid_t, gid_t, gid_t);
16
17 /* chowntty.c */
18-extern void chown_tty(const char *, const struct passwd *);
19+extern void chown_tty(const char *, const struct passwd *
20+#ifdef CONFIG_FLASK
21+, int FLASK_flag, security_id_t user_sid, security_id_t *ttyn_sid
22+#endif
23+);
24
25 /* console.c */
26 extern int console(const char *);
27@@ -179,8 +187,16 @@
28 /* setupenv.c */
29 extern void setup_env(struct passwd *);
30
31+#ifdef CONFIG_FLASK
32+#include <linux/flask/flask_types.h>
33+#endif
34+
35 /* shell.c */
36-extern void shell(const char *, const char *);
37+extern void shell(const char *, const char *
38+#ifdef CONFIG_FLASK
39+ , int FLASK_flag, security_id_t user_sid
40+#endif
41+ );
42
43 #ifdef SHADOWPWD
44 /* spdbm.c */
45--- shadow-4.0.3.orig/src/su.c
46+++ shadow-4.0.3/src/su.c
47@@ -49,6 +49,7 @@
48 #include <grp.h>
49 #include <signal.h>
50 #include <pwd.h>
51+#include <getopt.h>
52 #include "pwauth.h"
53 #include "getdef.h"
54
55@@ -79,6 +80,18 @@
56
57 /* local function prototypes */
58
59+/* If nonzero, change some environment vars to indicate the user su'd to. */
60+static int change_environment;
61+
62+static struct option const longopts[] =
63+{
64+ {"command", required_argument, 0, 'c'},
65+ {"preserve-environment", no_argument, 0, 'p'},
66+ {"shell", required_argument, 0, 's'},
67+ {"help", no_argument, 0, 'h'},
68+ {0, 0, 0, 0}
69+};
70+
71 #ifndef USE_PAM
72
73 static RETSIGTYPE die (int);
74@@ -118,6 +131,96 @@
75 }
76 #endif /* !USE_PAM */
77
78+/* borrowed from GNU sh-utils' "su.c" */
79+static int
80+restricted_shell (const char *shell)
81+{
82+ char *line;
83+
84+ setusershell ();
85+ while ((line = getusershell ()) != NULL) {
86+ if (*line != '#' && strcmp (line, shell) == 0) {
87+ endusershell ();
88+ return 0;
89+ }
90+ }
91+ endusershell ();
92+ return 1;
93+}
94+
95+/* borrowed from GNU sh-utils' "su.c" */
96+static int
97+elements (char **arr)
98+{
99+ int n = 0;
100+
101+ for (n = 0; *arr; ++arr)
102+ ++n;
103+ return n;
104+}
105+
106+/* borrowed from GNU sh-utils' "su.c" */
107+static void
108+run_shell (char *shell, const char *command, char **additional_args, int login)
109+{
110+ const char **args;
111+ int argno = 1;
112+ char cmd[BUFSIZ];
113+ int cmd_len_left = sizeof(cmd) - 1;
114+
115+ cmd[0] = '\0';
116+
117+ if (additional_args)
118+ args = (const char **) xmalloc (sizeof (char *)
119+ * (10 + elements (additional_args)));
120+ else
121+ args = (const char **) xmalloc (sizeof (char *) * 10);
122+
123+ if (login)
124+ {
125+ char *arg0;
126+ char *shell_basename;
127+
128+ shell_basename = getdef_str("SU_NAME");
129+ if (!shell_basename)
130+ shell_basename = Basename(shell);
131+
132+ arg0 = xmalloc (strlen (shell_basename) + 2);
133+ arg0[0] = '-';
134+ strcpy (arg0 + 1, shell_basename);
135+ args[0] = arg0;
136+ }
137+ else
138+ args[0] = Basename(shell);
139+ if (command || additional_args)
140+ args[argno++] = "-c";
141+ if (command) {
142+ if (strlen(command) > cmd_len_left) {
143+ fprintf(stderr, _("Command line args too long\n"));
144+ exit(1);
145+ }
146+ strcat(cmd, command);
147+ cmd_len_left -= strlen(command);
148+ }
149+ if (additional_args)
150+ for (; *additional_args; ++additional_args) {
151+ if ((strlen(*additional_args) + 1) > cmd_len_left) {
152+ fprintf(stderr, _("Command line args too long\n"));
153+ exit(1);
154+ }
155+ if (cmd[0]) {
156+ strcat(cmd, " ");
157+ cmd_len_left--;
158+ }
159+ strcat(cmd, *additional_args);
160+ cmd_len_left -= strlen(*additional_args);
161+ }
162+ if (cmd[0]) args[argno++] = cmd;
163+ args[argno] = NULL;
164+ execv (shell, (char **) args);
165+ fprintf (stderr, _("No shell\n"));
166+ SYSLOG((LOG_WARN, "Cannot execute %s\n", shell));
167+}
168
169 static void su_failure (const char *tty)
170 {
171@@ -153,13 +256,14 @@
172 {
173 char *cp;
174 const char *tty = 0; /* Name of tty SU is run from */
175- int doshell = 0;
176 int fakelogin = 0;
177 int amroot = 0;
178 uid_t my_uid;
179 struct passwd *pw = 0;
180 char **envp = environ;
181-
182+ char *command = 0, *shell = 0, **additional_args = 0;
183+ int optc;
184+ char *tmp_name;
185 #ifdef USE_PAM
186 int ret;
187 #else /* !USE_PAM */
188@@ -174,12 +278,14 @@
189 #endif
190 #endif /* !USE_PAM */
191
192- sanitize_env ();
193+ /* sanitize_env (); */
194
195 setlocale (LC_ALL, "");
196 bindtextdomain (PACKAGE, LOCALEDIR);
197 textdomain (PACKAGE);
198
199+ change_environment = 1;
200+
201 /*
202 * Get the program name. The program name is used as a prefix to
203 * most error messages.
204@@ -224,14 +330,66 @@
205 * Process the command line arguments.
206 */
207
208- argc--;
209- argv++; /* shift out command name */
210-
211- if (argc > 0 && strcmp (argv[0], "-") == 0) {
212+ while ((optc = getopt_long (argc, argv, "c:mps:h", longopts, NULL)) != -1) {
213+ switch (optc) {
214+ case 0:
215+ break;
216+ case 'c':
217+ command = optarg;
218+ break;
219+ case 'm':
220+ case 'p':
221+ change_environment = 0;
222+ break;
223+ case 's':
224+ shell = optarg;
225+ break;
226+ default:
227+ fprintf(stderr, _("\
228+Usage: su [OPTS] [-] [username [ARGS]]\n\
229+ - make this a login shell\n\
230+ -c, --command=<command>\n\
231+ pass command to the invoked shell using its -c\n\
232+ option\n\
233+ -m, -p, --preserve-environment\n\
234+ do not reset environment variables, and keep the\n\
235+ same shell\n\
236+ -s, --shell=<shell>\n\
237+ use shell instead of the default in /etc/passwd\n"));
238+ exit(1);
239+ }
240+ }
241+
242+ if (optind < argc && !strcmp (argv[optind], "-")) {
243 fakelogin = 1;
244- argc--;
245- argv++; /* shift ... */
246+ ++optind;
247+ }
248+
249+ if (optind < argc)
250+ strncpy(name, argv[optind++], sizeof(name) - 1);
251+ else {
252+ struct passwd *root_pw = getpwuid(0);
253+ if (root_pw == NULL) {
254+ SYSLOG((LOG_CRIT, "There is no UID 0 user."));
255+ su_failure(tty);
256+ }
257+ strcpy(name, root_pw->pw_name);
258+ }
259+
260+ if (optind < argc)
261+ additional_args = argv + optind;
262+
263+ /*
264+ * Get the user's real name. The current UID is used to determine
265+ * who has executed su. That user ID must exist.
266+ */
267+
268+ pw = get_my_pwent();
269+ if (!pw) {
270+ SYSLOG((LOG_CRIT, "Unknown UID: %d\n", (int) my_uid));
271+ su_failure(tty);
272 }
273+ STRFCPY(oldname, pw->pw_name);
274
275 /*
276 * If a new login is being set up, the old environment will be
277@@ -257,35 +415,6 @@
278 addenv (*envp++, NULL);
279 }
280
281- /*
282- * The next argument must be either a user ID, or some flag to a
283- * subshell. Pretty sticky since you can't have an argument which
284- * doesn't start with a "-" unless you specify the new user name.
285- * Any remaining arguments will be passed to the user's login shell.
286- */
287-
288- if (argc > 0 && argv[0][0] != '-') {
289- STRFCPY (name, argv[0]); /* use this login id */
290- argc--;
291- argv++; /* shift ... */
292- }
293- if (!name[0]) /* use default user ID */
294- (void) strcpy (name, "root");
295-
296- doshell = argc == 0; /* any arguments remaining? */
297-
298- /*
299- * Get the user's real name. The current UID is used to determine
300- * who has executed su. That user ID must exist.
301- */
302-
303- pw = get_my_pwent ();
304- if (!pw) {
305- SYSLOG ((LOG_CRIT, "Unknown UID: %u", my_uid));
306- su_failure (tty);
307- }
308- STRFCPY (oldname, pw->pw_name);
309-
310 #ifndef USE_PAM
311 #ifdef SU_ACCESS
312 /*
313@@ -399,9 +528,17 @@
314 * Set the default shell.
315 */
316
317- if (pwent.pw_shell[0] == '\0')
318- pwent.pw_shell = "/bin/sh"; /* XXX warning: const */
319+ if (pwent.pw_shell == NULL || pwent.pw_shell[0] == '\0')
320+ pwent.pw_shell = (char *) "/bin/sh";
321
322+ if (shell == 0 && change_environment == 0)
323+ shell = getenv ("SHELL");
324+ if (shell != 0 && getuid () && restricted_shell (pwent.pw_shell))
325+ shell = 0;
326+ if (shell == 0)
327+ shell = (char *) strdup (pwent.pw_shell);
328+
329+ signal(SIGINT, SIG_IGN);
330 #ifdef USE_PAM
331 ret = pam_authenticate (pamh, 0);
332 if (ret != PAM_SUCCESS) {
333@@ -427,6 +564,14 @@
334 su_failure (tty);
335 }
336 }
337+ ret = pam_get_item(pamh, PAM_USER, (const void **) &tmp_name);
338+ if (ret != PAM_SUCCESS) {
339+ SYSLOG((LOG_ERR, "pam_get_item: internal PAM error\n"));
340+ fprintf(stderr, "%s: Internal PAM error retrieving username\n", Prog);
341+ pam_end(pamh, ret);
342+ su_failure(tty);
343+ }
344+ strncpy(name, tmp_name, sizeof(name) - 1);
345 #else /* !USE_PAM */
346 /*
347 * Set up a signal handler in case the user types QUIT.
348@@ -507,10 +652,14 @@
349 }
350 #endif
351
352- environ = newenvp; /* make new environment active */
353-
354- if (getenv ("IFS")) /* don't export user IFS ... */
355- addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
356+ if (change_environment || restricted_shell(pwent.pw_shell)) {
357+ environ = newenvp; /* make new environment active */
358+ if (getenv ("IFS")) /* don't export user IFS ... */
359+ addenv("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
360+ } else {
361+ if (getenv ("IFS"))
362+ putenv("IFS= \t\n");
363+ }
364
365 if (pwent.pw_shell[0] == '*') { /* subsystem root required */
366 pwent.pw_shell++; /* skip the '*' */
367@@ -554,17 +703,56 @@
368 pam_end (pamh, ret);
369 exit (1);
370 }
371+ ret = pam_open_session(pamh, 0);
372+ if (ret != PAM_SUCCESS) {
373+ SYSLOG((LOG_ERR, "pam_open_session: %s\n", pam_strerror(pamh, ret)));
374+ fprintf(stderr, "%s: %s\n", Prog, pam_strerror(pamh, ret));
375+ pam_setcred(pamh, PAM_DELETE_CRED);
376+ pam_end(pamh, ret);
377+ exit(1);
378+ }
379+ /* We must fork before setuid() because we need to call
380+ * pam_close_session() as root.
381+ */
382+
383+ /* We let the admin configure whether they need to keep login
384+ around to close sessions */
385+ if (getdef_bool("CLOSE_SESSIONS")) {
386+ pid_t pid;
387+ int status;
388+
389+ signal(SIGINT, SIG_IGN);
390+ pid = fork();
391+
392+ switch(pid) {
393+ case -1:
394+ SYSLOG((LOG_ERR, "su: fork failure: %m"));
395+ perror("su: fork failure");
396+ pam_setcred(pamh, PAM_DELETE_CRED);
397+ pam_close_session(pamh, 0);
398+ pam_end(pamh, PAM_ABORT);
399+ exit(1);
400+ case 0: /* child */
401+ signal(SIGINT, SIG_DFL);
402+ break;
403+ default: /* parent */
404+ waitpid(pid, &status, 0);
405+ /* now we are done using PAM */
406+ pam_setcred(pamh, PAM_DELETE_CRED);
407+ ret = pam_close_session(pamh, 0);
408+ pam_end(pamh, ret);
409+ exit(WEXITSTATUS(status));
410+ }
411+ }
412
413 /* become the new user */
414 if (change_uid (&pwent)) {
415+ pam_close_session(pamh, 0);
416 pam_setcred (pamh, PAM_DELETE_CRED);
417 pam_end (pamh, PAM_ABORT);
418 exit (1);
419 }
420
421- /* now we are done using PAM */
422- pam_end (pamh, PAM_SUCCESS);
423-
424 #else /* !USE_PAM */
425 if (!amroot) /* no limits if su from root */
426 setup_limits (&pwent);
427@@ -573,11 +761,14 @@
428 exit (1);
429 #endif /* !USE_PAM */
430
431- if (fakelogin)
432- setup_env (&pwent);
433+ if (fakelogin && (change_environment || restricted_shell(pwent.pw_shell)))
434+ setup_env(&pwent);
435 #if 1 /* Suggested by Joey Hess. XXX - is this right? */
436- else
437- addenv ("HOME", pwent.pw_dir);
438+ else if (change_environment || restricted_shell(pwent.pw_shell)) {
439+ addenv("HOME", pwent.pw_dir);
440+ addenv("USER", pwent.pw_name);
441+ addenv("SHELL", shell);
442+ }
443 #endif
444
445 /*
446@@ -589,46 +780,6 @@
447 */
448 closelog ();
449
450- /*
451- * See if the user has extra arguments on the command line. In that
452- * case they will be provided to the new user's shell as arguments.
453- */
454-
455- if (fakelogin) {
456- char *arg0;
457-
458-#if 0 /* XXX - GNU su doesn't do this. --marekm */
459- if (!hushed (&pwent)) {
460- motd ();
461- mailcheck ();
462- }
463-#endif
464- cp = getdef_str ("SU_NAME");
465- if (!cp)
466- cp = Basename (pwent.pw_shell);
467-
468- arg0 = xmalloc (strlen (cp) + 2);
469- arg0[0] = '-';
470- strcpy (arg0 + 1, cp);
471- cp = arg0;
472- } else
473- cp = Basename (pwent.pw_shell);
474-
475- if (!doshell) {
476-
477- /*
478- * Use new user's shell from /etc/passwd and create an argv
479- * with the rest of the command line included.
480- */
481-
482- argv[-1] = pwent.pw_shell;
483- (void) execv (pwent.pw_shell, &argv[-1]);
484- (void) fprintf (stderr, _("No shell\n"));
485- SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell));
486- closelog ();
487- exit (1);
488- }
489-
490- shell (pwent.pw_shell, cp);
491+ run_shell (shell, command, additional_args, fakelogin);
492 /*NOTREACHED*/ exit (1);
493 }
494--- shadow-4.0.3.orig/src/groupadd.c
495+++ shadow-4.0.3/src/groupadd.c
496@@ -29,6 +29,8 @@
497
498 #include <config.h>
499
500+#undef USE_PAM
501+
502 #include "rcsid.h"
503 RCSID (PKG_VER "$Id$")
504 #include <sys/types.h>
505--- shadow-4.0.3.orig/src/groupdel.c
506+++ shadow-4.0.3/src/groupdel.c
507@@ -29,6 +29,8 @@
508
509 #include <config.h>
510
511+#undef USE_PAM
512+
513 #include "rcsid.h"
514 RCSID(PKG_VER "$Id$")
515
516--- shadow-4.0.3.orig/src/groupmod.c
517+++ shadow-4.0.3/src/groupmod.c
518@@ -29,6 +29,8 @@
519
520 #include <config.h>
521
522+#undef USE_PAM
523+
524 #include "rcsid.h"
525 RCSID (PKG_VER "$Id$")
526 #include <sys/types.h>
527--- shadow-4.0.3.orig/src/chpasswd.c
528+++ shadow-4.0.3/src/chpasswd.c
529@@ -29,6 +29,8 @@
530
531 #include <config.h>
532
533+#undef USE_PAM
534+
535 #include "rcsid.h"
536 RCSID (PKG_VER "$Id$")
537 #include <stdio.h>
538--- shadow-4.0.3.orig/src/newusers.c
539+++ shadow-4.0.3/src/newusers.c
540@@ -35,6 +35,8 @@
541
542 #include <config.h>
543
544+#undef USE_PAM
545+
546 #include "rcsid.h"
547 RCSID (PKG_VER "$Id$")
548 #include <sys/types.h>
549--- shadow-4.0.3.orig/src/login.c
550+++ shadow-4.0.3/src/login.c
551@@ -58,6 +58,11 @@
552 #include <sys/proc.h>
553 #include <sys/sysi86.h>
554 #endif
555+
556+#ifndef MAXHOSTNAMELEN
557+#define MAXHOSTNAMELEN 64
558+#endif
559+
560 #ifdef RADIUS
561 /*
562 * Support for RADIUS authentication based on a hacked util-linux login
563@@ -289,6 +294,8 @@
564 for (arg = 1; arg < argc; arg++) {
565 if (argv[arg][0] == '-' && strlen (argv[arg]) > 2)
566 usage ();
567+ if (!strcmp(argv[arg], "--"))
568+ break; /* stop checking on a "--" */
569 }
570 }
571
572@@ -424,11 +431,39 @@
573 static char temp_pw[2];
574 static char temp_shell[] = "/bin/sh";
575
576+#ifdef CONFIG_FLASK
577+#include <linux/flask/flask_types.h>
578+#include <selinux/flask_util.h>
579+#include <selinux/fs_secure.h>
580+#include <selinux/ss.h>
581+#include <selinux/get_user_sid.h>
582+#endif
583+
584 #ifdef USE_PAM
585 int retcode;
586 pid_t child;
587 char *pam_user;
588 #endif /* USE_PAM */
589+#ifdef CONFIG_FLASK
590+#define CONTEXTLEN 255
591+ security_context_t user_context;
592+ int user_context_len = CONTEXTLEN;
593+ security_id_t user_sid;
594+ security_id_t* sidlist;
595+#define SIDLISTLEN 10
596+ int sidlistlen = SIDLISTLEN;
597+ int num_sids = 0;
598+ security_id_t ttyn_sid; /* The current sid of ttyn device */
599+ int FLASK_flag;
600+#ifdef CHOWNCVS
601+ security_id_t vcsn_sid; /* The current sid of vcsn device */
602+ security_id_t vcsan_sid; /* The current sid of vcsan device */
603+#endif
604+ security_id_t newdev_sid; /* The new sid of a device */
605+ struct stat statbuf;
606+ int flask_enabled;
607+ int rc;
608+#endif
609 #if defined(SHADOWPWD) && !defined(USE_PAM)
610 struct spwd *spwd = NULL;
611 #endif
612@@ -466,7 +501,7 @@
613
614 check_flags (argc, argv);
615
616- while ((flag = getopt (argc, argv, "d:f:h:pr:")) != EOF) {
617+ while ((flag = getopt (argc, argv, "d:f::h:pr:")) != EOF) {
618 switch (flag) {
619 case 'p':
620 pflg++;
621@@ -475,11 +510,16 @@
622 /*
623 * username must be a separate token
624 * (-f root, *not* -froot). --marekm
625+ *
626+ * if -f has an arg, use that, else use the
627+ * normal user name passed after all options
628+ * --benc
629 */
630- if (optarg != argv[optind - 1])
631+ if (optarg != NULL && optarg != argv[optind - 1])
632 usage ();
633 fflg++;
634- STRFCPY (username, optarg);
635+ if (optarg)
636+ STRFCPY (username, optarg);
637 break;
638 #ifdef RLOGIN
639 case 'r':
640@@ -633,7 +673,7 @@
641 init_env ();
642
643 if (optind < argc) { /* get the user name */
644- if (rflg || fflg)
645+ if (rflg || (fflg && username[0]))
646 usage ();
647
648 #ifdef SVR4
649@@ -763,49 +803,98 @@
650 * MAX_LOGIN_TRIES?
651 */
652
653- retcode = pam_authenticate (pamh, 0);
654- while ((failcount++ < retries) &&
655- ((retcode == PAM_AUTH_ERR) ||
656- (retcode == PAM_USER_UNKNOWN) ||
657- (retcode == PAM_CRED_INSUFFICIENT) ||
658- (retcode == PAM_AUTHINFO_UNAVAIL))) {
659- pam_get_item (pamh, PAM_USER,
660- (const void **) &pam_user);
661- syslog (LOG_NOTICE,
662- "FAILED LOGIN %d FROM %s FOR %s, %s",
663- failcount, hostname, pam_user,
664- pam_strerror (pamh, retcode));
665-#ifdef HAVE_PAM_FAIL_DELAY
666- pam_fail_delay (pamh, 1000000 * delay);
667+ failcount = 0;
668+ while (1) {
669+ const char *failent_user;
670+ failed = 0;
671+
672+ failcount++;
673+ if (delay > 0)
674+ retcode = pam_fail_delay(pamh, 1000000*delay);
675+
676+ retcode = pam_authenticate (pamh, 0);
677+
678+ pam_get_item (pamh, PAM_USER,
679+ (const void **) &pam_user);
680+
681+ if (pam_user && pam_user[0]) {
682+ pwd = getpwnam(pam_user);
683+ if (pwd) {
684+ pwent = *pwd;
685+ failent_user = pwent.pw_name;
686+ } else {
687+ if (getdef_bool("LOG_UNKFAIL_ENAB") && pam_user)
688+ failent_user = pam_user;
689+ else
690+ failent_user = "UNKNOWN";
691+ }
692+ } else {
693+ pwd = NULL;
694+ failent_user = "UNKNOWN";
695+ }
696+
697+ if (retcode == PAM_MAXTRIES || failcount >= retries) {
698+ syslog (LOG_NOTICE,
699+ _("TOO MANY LOGIN TRIES (%d)%s FOR `%s'"),
700+ failcount, fromhost, failent_user);
701+#ifndef USE_PAM
702+ if (pwd && getdef_bool("FAILLOG_ENAB"))
703+ failure (pwent.pw_uid, tty, &faillog);
704+#endif
705+ fprintf(stderr,
706+ _("Maximum number of tries exceeded (%d)\n"),
707+ failcount);
708+ PAM_END;
709+ exit(0);
710+ } else if (retcode == PAM_ABORT) {
711+ /* Serious problems, quit now */
712+ fprintf(stderr,_("login: abort requested by PAM\n"));
713+ syslog(LOG_ERR,_("PAM_ABORT returned from pam_authenticate()"));
714+ PAM_END;
715+ exit(99);
716+ } else if (retcode != PAM_SUCCESS) {
717+ syslog(LOG_NOTICE,_("FAILED LOGIN (%d)%s FOR `%s', %s"),
718+ failcount, fromhost, failent_user,
719+ pam_strerror (pamh, retcode));
720+ failed = 1;
721+ }
722+#ifndef USE_PAM
723+ if (pwd && getdef_bool("FAILLOG_ENAB") &&
724+ ! failcheck (pwent.pw_uid, &faillog, failed)) {
725+ SYSLOG((LOG_CRIT, FAILURE_CNT, failent_user, fromhost));
726+ failed = 1;
727+ }
728 #endif
729- fprintf (stderr, "Login incorrect\n\n");
730- pam_set_item (pamh, PAM_USER, NULL);
731- retcode = pam_authenticate (pamh, 0);
732- }
733
734- if (retcode != PAM_SUCCESS) {
735- pam_get_item (pamh, PAM_USER,
736- (const void **) &pam_user);
737-
738- if (retcode == PAM_MAXTRIES)
739- syslog (LOG_NOTICE,
740- "TOO MANY LOGIN TRIES (%d) FROM %s FOR %s, %s",
741- failcount, hostname,
742- pam_user,
743- pam_strerror (pamh,
744- retcode));
745- else
746- syslog (LOG_NOTICE,
747- "FAILED LOGIN SESSION FROM %s FOR %s, %s",
748- hostname, pam_user,
749- pam_strerror (pamh,
750- retcode));
751-
752- fprintf (stderr, "\nLogin incorrect\n");
753- pam_end (pamh, retcode);
754- exit (0);
755+ if (!failed)
756+ break;
757+
758+ fprintf(stderr,"Login incorrect\n\n");
759+#ifndef USE_PAM
760+ if (pwd && getdef_bool("FAILLOG_ENAB"))
761+ failure (pwent.pw_uid, tty, &faillog);
762+#endif
763+ if (getdef_str("FTMP_FILE") != NULL) {
764+#if HAVE_UTMPX_H
765+ failent = utxent;
766+ gettimeofday(&(failent.ut_tv), NULL);
767+#else
768+ failent = utent;
769+ time(&failent.ut_time);
770+#endif
771+ strncpy(failent.ut_user, failent_user, sizeof(failent.ut_user));
772+#ifdef USER_PROCESS
773+ failent.ut_type = USER_PROCESS;
774+#endif
775+ failtmp(&failent);
776+ }
777+
778+ /* Let's give it another go around */
779+ pam_set_item(pamh,PAM_USER,NULL);
780 }
781
782+ /* We don't get here unless they were authenticated above */
783+ alarm(0);
784 retcode = pam_acct_mgmt (pamh, 0);
785
786 if (retcode == PAM_NEW_AUTHTOK_REQD) {
787@@ -828,11 +917,14 @@
788
789 if (!pwd || setup_groups (pwd))
790 exit (1);
791+ else
792+ pwent = *pwd;
793
794 retcode = pam_setcred (pamh, PAM_ESTABLISH_CRED);
795 PAM_FAIL_CHECK;
796
797- retcode = pam_open_session (pamh, 0);
798+ retcode = pam_open_session (pamh,
799+ hushed(&pwent) ? PAM_SILENT : 0);
800 PAM_FAIL_CHECK;
801
802 #else /* ! USE_PAM */
803@@ -1002,6 +1094,7 @@
804 failed = 1;
805 }
806 #endif
807+#ifndef USE_PAM
808 if (pwd && getdef_bool ("FAILLOG_ENAB") &&
809 !failcheck (pwent.pw_uid, &faillog, failed)) {
810 SYSLOG ((LOG_CRIT,
811@@ -1009,12 +1102,15 @@
812 username, fromhost));
813 failed = 1;
814 }
815+#endif
816 if (!failed)
817 break;
818
819+#ifndef USE_PAM
820 /* don't log non-existent users */
821 if (pwd && getdef_bool ("FAILLOG_ENAB"))
822 failure (pwent.pw_uid, tty, &faillog);
823+#endif
824 if (getdef_str ("FTMP_FILE") != NULL) {
825 const char *failent_user;
826
827@@ -1078,6 +1174,66 @@
828 } /* while (1) */
829 #endif /* ! USE_PAM */
830 alarm (0); /* turn off alarm clock */
831+
832+#ifdef CONFIG_FLASK
833+ /* Make sure FLASK is really installed on this system */
834+ if( (FLASK_flag = is_flask_enabled()) )
835+ {
836+ /* Get security context and SID for user */
837+ sidlistlen = SIDLISTLEN;
838+ sidlist = malloc (sidlistlen*sizeof(security_id_t));
839+ if (sidlist == 0) {
840+ fprintf(stderr, "login: no memory for SID list.\n");
841+ exit (0);
842+ }
843+
844+ num_sids = get_ordered_sid_list (pam_user, 0, sidlist, &sidlistlen);
845+ if (num_sids <= 0 && sidlistlen > SIDLISTLEN) {
846+ security_id_t *tmplist;
847+ tmplist = realloc (sidlist, sidlistlen*sizeof(security_id_t));
848+ if (tmplist) {
849+ sidlist = tmplist;
850+ num_sids = get_ordered_sid_list (pam_user, 0, sidlist, &sidlistlen);
851+ }
852+ }
853+
854+ if (num_sids <= 0) {
855+ fprintf(stderr, "login: unable to obtain SIDs for %s.\n", pam_user);
856+ if (manual_user_enter_sid (pam_user, &user_sid))
857+ {
858+ syslog (LOG_ERR, "UNABLE TO GET VALID SID FOR %s", pam_user);
859+ exit(0);
860+ }
861+ }
862+ else
863+ {
864+ query_user_sid (sidlist, num_sids, &user_sid);
865+ }
866+ free (sidlist);
867+ user_context_len = CONTEXTLEN;
868+ user_context = malloc(user_context_len);
869+ if (!user_context) {
870+ fprintf(stderr, "login: no memory for security context.\n");
871+ exit (0);
872+ }
873+ rc = security_sid_to_context(user_sid,user_context,&user_context_len);
874+ if (rc < 0 && user_context_len > CONTEXTLEN)
875+ {
876+ security_context_t tmpcon;
877+ tmpcon = realloc (user_context, user_context_len);
878+ if (tmpcon) {
879+ user_context = tmpcon;
880+ rc = security_sid_to_context (user_sid, user_context, &user_context_len);
881+ }
882+ }
883+ if (rc < 0) {
884+ free (user_context);
885+ syslog (LOG_ERR, "PROBLEM OBTAINING CONTEXT FOR %s", pam_user);
886+ exit (0);
887+ }
888+ }
889+#endif
890+
891 #ifndef USE_PAM /* PAM does this */
892 /*
893 * porttime checks moved here, after the user has been
894@@ -1172,7 +1328,11 @@
895 #endif
896 setup_limits (&pwent); /* nice, ulimit etc. */
897 #endif /* ! USE_PAM */
898- chown_tty (tty, &pwent);
899+ chown_tty(tty, &pwent
900+#ifdef CONFIG_FLASK
901+ , FLASK_flag, user_sid, &ttyn_sid
902+#endif
903+ );
904
905 #ifdef LOGIN_FBTAB
906 /*
907@@ -1338,6 +1498,16 @@
908 * session
909 */
910 wait (NULL);
911+#ifdef CONFIG_FLASK
912+ if (FLASK_flag)
913+ {
914+ /* We need to change the contexts of the
915+ * terminal devices back to the system when
916+ * the user's session ends. */
917+ if(chsid(tty, ttyn_sid) != 0)
918+ perror("chsid");
919+ }
920+#endif
921 PAM_END;
922 exit (0);
923 }
924@@ -1354,10 +1524,33 @@
925 #ifdef SHADOWGRP
926 endsgent (); /* stop access to shadow group file */
927 #endif
928+#ifdef CONFIG_FLASK
929+ if(FLASK_flag)
930+ {
931+ if(pwent.pw_uid == 0)
932+ SYSLOG((LOG_NOTICE, "ROOT LOGIN %s", fromhost));
933+ else if(getdef_bool("LOG_OK_LOGINS"))
934+#ifdef USE_PAM
935+ SYSLOG((LOG_INFO, "`%s' logged in %s", pam_user, fromhost, user_context));
936+#else
937+ SYSLOG((LOG_INFO, "`%s' logged in %s", username, fromhost, user_context));
938+#endif
939+ free(user_context);
940+ }
941+ else
942+ {
943+#endif
944 if (pwent.pw_uid == 0)
945 SYSLOG ((LOG_NOTICE, "ROOT LOGIN %s", fromhost));
946 else if (getdef_bool ("LOG_OK_LOGINS"))
947+#ifdef USE_PAM
948+ SYSLOG ((LOG_INFO, "`%s' logged in %s", pam_user, fromhost));
949+#else
950 SYSLOG ((LOG_INFO, "`%s' logged in %s", username, fromhost));
951+#endif
952+#ifdef CONFIG_FLASK
953+ }
954+#endif
955 closelog ();
956 #ifdef RADIUS
957 if (is_rad_login) {
958@@ -1367,8 +1560,16 @@
959 }
960 #endif
961 if ((tmp = getdef_str ("FAKE_SHELL")) != NULL) {
962- shell (tmp, pwent.pw_shell); /* fake shell */
963+ shell (tmp, pwent.pw_shell
964+#ifdef CONFIG_FLASK
965+ , FLASK_flag, user_sid
966+#endif
967+ ); /* fake shell */
968 }
969- shell (pwent.pw_shell, (char *) 0); /* exec the shell finally. */
970+ shell(pwent.pw_shell, (char *) 0
971+#ifdef CONFIG_FLASK
972+ , FLASK_flag, user_sid
973+#endif
974+ ); /* exec the shell finally. */
975 /*NOTREACHED*/ return 0;
976 }
977--- shadow-4.0.3.orig/src/passwd.c
978+++ shadow-4.0.3/src/passwd.c
979@@ -1173,8 +1173,8 @@
980
981 if (!amroot && pw->pw_uid != getuid ()) {
982 fprintf (stderr,
983- _("You may not change the password for %s.\n"),
984- name);
985+ _("%s: You may not view or modify password information for %s.\n"),
986+ Prog, name);
987 SYSLOG ((LOG_WARN, "can't change pwd for `%s'", name));
988 closelog ();
989 exit (E_NOPERM);
990--- shadow-4.0.3.orig/src/cppw.c
991+++ shadow-4.0.3/src/cppw.c
992@@ -0,0 +1,200 @@
993+/*
994+ cppw, cpgr copy with locking given file over the password or group file
995+ with -s will copy with locking given file over shadow or gshadow file
996+
997+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net>
998+
999+ Based on vipw, vigr by:
1000+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu>
1001+
1002+ This program is free software; you can redistribute it and/or modify
1003+ it under the terms of the GNU General Public License as published by
1004+ the Free Software Foundation; either version 2 of the License, or
1005+ (at your option) any later version.
1006+
1007+ This program is distributed in the hope that it will be useful, but
1008+ WITHOUT ANY WARRANTY; without even the implied warranty of
1009+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1010+ General Public License for more details.
1011+
1012+ You should have received a copy of the GNU General Public License
1013+ along with this program; if not, write to the Free Software
1014+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
1015+
1016+ */
1017+
1018+#include <config.h>
1019+#include "defines.h"
1020+
1021+#include <errno.h>
1022+#include <sys/stat.h>
1023+#include <unistd.h>
1024+#include <stdio.h>
1025+#include <stdlib.h>
1026+#include <sys/types.h>
1027+#include <signal.h>
1028+#include <utime.h>
1029+#include "prototypes.h"
1030+#include "pwio.h"
1031+#include "shadowio.h"
1032+#include "groupio.h"
1033+#include "sgroupio.h"
1034+
1035+
1036+static const char *progname, *filename, *filenewname;
1037+static int filelocked = 0;
1038+static int (*unlock)();
1039+
1040+/* local function prototypes */
1041+static int create_backup_file (FILE *, const char *, struct stat *);
1042+static void cppwexit (const char *, int, int);
1043+static void cppwcopy (const char *, const char *, int (*) (void), int (*) (void));
1044+int main (int, char **);
1045+
1046+static int
1047+create_backup_file(FILE *fp, const char *backup, struct stat *sb)
1048+{
1049+ struct utimbuf ub;
1050+ FILE *bkfp;
1051+ int c;
1052+ mode_t mask;
1053+
1054+ mask = umask(077);
1055+ bkfp = fopen(backup, "w");
1056+ umask(mask);
1057+ if (!bkfp) return -1;
1058+
1059+ rewind(fp);
1060+ while ((c = getc(fp)) != EOF) {
1061+ if (putc(c, bkfp) == EOF) break;
1062+ }
1063+
1064+ if (c != EOF || fflush(bkfp)) {
1065+ fclose(bkfp);
1066+ unlink(backup);
1067+ return -1;
1068+ }
1069+ if (fclose(bkfp)) {
1070+ unlink(backup);
1071+ return -1;
1072+ }
1073+
1074+ ub.actime = sb->st_atime;
1075+ ub.modtime = sb->st_mtime;
1076+ if (utime(backup, &ub) ||
1077+ chmod(backup, sb->st_mode) ||
1078+ chown(backup, sb->st_uid, sb->st_gid)) {
1079+ unlink(backup);
1080+ return -1;
1081+ }
1082+ return 0;
1083+}
1084+
1085+static void
1086+cppwexit(const char *msg, int syserr, int ret)
1087+{
1088+ int err = errno;
1089+ if (filelocked) (*unlock)();
1090+ if (msg) fprintf(stderr, "%s: %s", progname, msg);
1091+ if (syserr) fprintf(stderr, ": %s", strerror(err));
1092+ fprintf(stderr, "\n%s: %s is unchanged\n", progname, filename);
1093+ exit(ret);
1094+}
1095+
1096+static void
1097+cppwcopy(const char *file, const char *in_file, int (*file_lock) (void), int (*file_unlock) (void))
1098+{
1099+ struct stat st1;
1100+ FILE *f;
1101+ char filenew[1024];
1102+
1103+ snprintf(filenew, sizeof filenew, "%s.new", file);
1104+ unlock = file_unlock;
1105+ filename = file;
1106+ filenewname = filenew;
1107+
1108+ if (access(file, F_OK)) cppwexit(file, 1, 1);
1109+ if (!file_lock()) cppwexit("Couldn't lock file", errno, 5);
1110+ filelocked = 1;
1111+
1112+ /* file to copy has same owners, perm */
1113+ if (stat(file, &st1)) cppwexit(file, 1, 1);
1114+ if (!(f = fopen(in_file, "r"))) cppwexit(file, 1, 1);
1115+ if (create_backup_file(f, filenew, &st1))
1116+ cppwexit("Couldn't make backup", errno, 1);
1117+
1118+ /* XXX - here we should check filenew for errors; if there are any,
1119+ fail w/ an appropriate error code and let the user manually fix
1120+ it. Use pwck or grpck to do the check. - Stephen (Shamelessly
1121+ stolen from '--marekm's comment) */
1122+
1123+ if (rename(filenew, file) == -1) {
1124+ fprintf(stderr, "%s: can't copy %s: %s)\n",
1125+ progname, filenew, strerror(errno));
1126+ cppwexit(0,0,1);
1127+ }
1128+
1129+ (*file_unlock)();
1130+}
1131+
1132+
1133+int
1134+main(int argc, char **argv)
1135+{
1136+ int flag;
1137+ int cpshadow = 0;
1138+ char *in_file;
1139+ char *c;
1140+ int e = 1;
1141+ int do_cppw;
1142+
1143+ progname = ((c = strrchr(*argv, '/')) ? c+1 : *argv);
1144+ do_cppw = (strcmp(progname, "cpgr") != 0);
1145+
1146+ while ((flag = getopt(argc, argv, "ghps")) != EOF) {
1147+ switch (flag) {
1148+ case 'p':
1149+ do_cppw = 1;
1150+ break;
1151+ case 'g':
1152+ do_cppw = 0;
1153+ break;
1154+ case 's':
1155+ cpshadow = 1;
1156+ break;
1157+ case 'h':
1158+ e = 0;
1159+ default:
1160+ printf("Usage:\n\
1161+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\
1162+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\
1163+");
1164+ exit(e);
1165+ }
1166+ }
1167+
1168+ if (optind >= argc) {
1169+ cppwexit ("missing file argument, -h for usage",0,1);
1170+ }
1171+
1172+ in_file = argv[argc - 1];
1173+
1174+ if (do_cppw) {
1175+#ifdef SHADOWPWD
1176+ if (cpshadow)
1177+ cppwcopy(SHADOW_FILE, in_file, spw_lock, spw_unlock);
1178+ else
1179+#endif
1180+ cppwcopy(PASSWD_FILE, in_file, pw_lock, pw_unlock);
1181+ }
1182+ else {
1183+#ifdef SHADOWGRP
1184+ if (cpshadow)
1185+ cppwcopy(SGROUP_FILE, in_file, sgr_lock, sgr_unlock);
1186+ else
1187+#endif
1188+ cppwcopy(GROUP_FILE, in_file, gr_lock, gr_unlock);
1189+ }
1190+
1191+ return 0;
1192+}
1193--- shadow-4.0.3.orig/src/Makefile.am
1194+++ shadow-4.0.3/src/Makefile.am
1195@@ -25,7 +25,7 @@
1196 ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
1197 usbin_PROGRAMS = chpasswd dpasswd groupadd groupdel groupmod \
1198 logoutd mkpasswd newusers useradd userdel usermod grpck \
1199- pwck vipw grpconv grpunconv pwconv pwunconv
1200+ pwck vipw grpconv grpunconv pwconv pwunconv cppw
1201
1202 noinst_PROGRAMS = id sulogin
1203
1204@@ -34,7 +34,9 @@
1205 suidbins = su
1206 suidubins = chage chfn chsh expiry gpasswd newgrp passwd
1207
1208-LDADD = $(top_builddir)/libmisc/libmisc.la \
1209+LDADD =
1210+
1211+LDADD += $(top_builddir)/libmisc/libmisc.la \
1212 $(top_builddir)/lib/libshadow.la
1213
1214 chpasswd_LDADD = $(LDADD) $(LIBPAM)
1215@@ -44,17 +46,18 @@
1216 groupadd_LDADD = $(LDADD) $(LIBPAM)
1217 groupdel_LDADD = $(LDADD) $(LIBPAM)
1218 groupmod_LDADD = $(LDADD) $(LIBPAM)
1219-login_LDADD = $(LDADD) $(LIBPAM)
1220+login_LDADD = $(LDADD) $(LIBPAM) $(SEC_LDADD)
1221 newusers_LDADD = $(LDADD) $(LIBPAM)
1222 passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK)
1223 su_SOURCES = su.c suauth.c
1224-su_LDADD = $(LDADD) $(LIBPAM)
1225+su_LDADD = $(LDADD) $(LIBPAM) $(SEC_LDADD)
1226 useradd_LDADD = $(LDADD) $(LIBPAM)
1227 userdel_LDADD = $(LDADD) $(LIBPAM)
1228 usermod_LDADD = $(LDADD) $(LIBPAM)
1229+newgrp_LDADD = $(LDADD) $(LIBPAM) $(SEC_LDADD)
1230+sulogin_LDADD = $(LDADD) $(LIBPAM) $(SEC_LDADD)
1231
1232 install-exec-hook:
1233- ln -sf newgrp $(DESTDIR)$(bindir)/sg
1234 ln -sf vigr $(DESTDIR)$(bindir)/vipw
1235 for i in $(suidbins); do \
1236 chmod 4755 $(DESTDIR)$(bindir)/$$i; \
1237--- shadow-4.0.3.orig/src/grpck.c
1238+++ shadow-4.0.3/src/grpck.c
1239@@ -146,6 +146,7 @@
1240 int errors = 0;
1241 int deleted = 0;
1242 int i;
1243+ int prune = 0;
1244 struct commonio_entry *gre, *tgre;
1245 struct group *grp;
1246 int sort_mode = 0;
1247@@ -172,7 +173,7 @@
1248 * Parse the command line arguments
1249 */
1250
1251- while ((arg = getopt (argc, argv, "qrs")) != EOF) {
1252+ while ((arg = getopt (argc, argv, "qprs")) != EOF) {
1253 switch (arg) {
1254 case 'q':
1255 /* quiet - ignored for now */
1256@@ -183,6 +184,9 @@
1257 case 's':
1258 sort_mode = 1;
1259 break;
1260+ case 'p':
1261+ prune = 1;
1262+ break;
1263 default:
1264 usage ();
1265 }
1266@@ -315,9 +319,13 @@
1267 /*
1268 * prompt the user to delete the entry or not
1269 */
1270-
1271- if (!yes_or_no ())
1272+ if (!prune) {
1273+ if (!yes_or_no ())
1274+ continue;
1275+ } else {
1276+ puts("Yes");
1277 continue;
1278+ }
1279
1280 /*
1281 * All group file deletions wind up here. This code
1282--- shadow-4.0.3.orig/src/newgrp.c
1283+++ shadow-4.0.3/src/newgrp.c
1284@@ -91,7 +91,7 @@
1285
1286 #if ENABLE_NLS
1287 /* XXX - remove when gettext is safe to use in setuid programs */
1288- sanitize_env ();
1289+ /* sanitize_env ();*/
1290 #endif
1291
1292 setlocale (LC_ALL, "");
1293@@ -386,8 +386,13 @@
1294 SYSLOG ((LOG_INFO, "user `%s' switched to group `%s'",
1295 name, group));
1296 if (getdef_bool ("SYSLOG_SG_ENAB")) {
1297- char *loginname = xstrdup (getlogin ());
1298- char *tty = xstrdup (ttyname (0));
1299+ char *loginname = getlogin ();
1300+ char *tty = ttyname (0);
1301+
1302+ if (loginname != NULL)
1303+ loginname = xstrdup (loginname);
1304+ if (tty != NULL)
1305+ tty = xstrdup (tty);
1306
1307 if (loginname == NULL)
1308 loginname = "???";
1309@@ -586,7 +591,11 @@
1310 * the previous environment which should be the user's login shell.
1311 */
1312
1313- shell (prog, initflag ? (char *) 0 : cp);
1314+ shell(prog, initflag ? (char *) 0 : cp
1315+#ifdef CONFIG_FLASK
1316+ , 0, 0
1317+#endif
1318+ );
1319 /*NOTREACHED*/ failure:
1320
1321 /*
1322--- shadow-4.0.3.orig/src/useradd.c
1323+++ shadow-4.0.3/src/useradd.c
1324@@ -29,6 +29,8 @@
1325
1326 #include <config.h>
1327
1328+#undef USE_PAM
1329+
1330 #include "rcsid.h"
1331 RCSID (PKG_VER "$Id$")
1332 #include "prototypes.h"
1333--- shadow-4.0.3.orig/src/userdel.c
1334+++ shadow-4.0.3/src/userdel.c
1335@@ -29,6 +29,8 @@
1336
1337 #include <config.h>
1338
1339+#undef USE_PAM
1340+
1341 #include "rcsid.h"
1342 RCSID (PKG_VER "$Id$")
1343 #include <sys/stat.h>
1344@@ -147,6 +149,7 @@
1345 struct group *ngrp;
1346
1347 #ifdef SHADOWGRP
1348+ int deleted_user_group = 0;
1349 const struct sgrp *sgrp;
1350 struct sgrp *nsgrp;
1351 #endif /* SHADOWGRP */
1352@@ -209,6 +212,10 @@
1353
1354 gr_remove (grp->gr_name);
1355
1356+#ifdef SHADOWGRP
1357+ deleted_user_group = 1;
1358+#endif
1359+
1360 /*
1361 * Update the DBM group file with the new entry as well.
1362 */
1363@@ -279,6 +286,10 @@
1364 SYSLOG ((LOG_INFO, "delete `%s' from shadow group `%s'\n",
1365 user_name, nsgrp->sg_name));
1366 }
1367+
1368+ if (deleted_user_group)
1369+ sgr_remove(user_name);
1370+
1371 #ifdef NDBM
1372 endsgent ();
1373 #endif /* NDBM */
1374--- shadow-4.0.3.orig/src/usermod.c
1375+++ shadow-4.0.3/src/usermod.c
1376@@ -29,6 +29,8 @@
1377
1378 #include <config.h>
1379
1380+#undef USE_PAM
1381+
1382 #include "rcsid.h"
1383 RCSID (PKG_VER "$Id$")
1384 #include <sys/types.h>
1385@@ -1544,9 +1546,14 @@
1386 if (copy_tree (user_home, user_newhome,
1387 uflg ? user_newid : -1,
1388 gflg ? user_newgid : -1) ==
1389- 0 && remove_tree (user_home) == 0
1390- && rmdir (user_home) == 0)
1391- return;
1392+ 0) {
1393+ if (remove_tree (user_home) != 0 ||
1394+ rmdir (user_home) != 0)
1395+ fprintf (stderr,
1396+ _("%s: warning: failed to completely remove old home directory %s"),
1397+ Prog, user_home);
1398+ return;
1399+ }
1400
1401 (void) remove_tree (user_newhome);
1402 (void) rmdir (user_newhome);
1403--- shadow-4.0.3.orig/src/sulogin.c
1404+++ shadow-4.0.3/src/sulogin.c
1405@@ -268,6 +268,10 @@
1406 #ifdef USE_SYSLOG
1407 closelog ();
1408 #endif
1409- shell (pwent.pw_shell, (char *) 0); /* exec the shell finally. */
1410+ shell(pwent.pw_shell, (char *) 0
1411+#ifdef CONFIG_FLASK
1412+ , 0, 0
1413+#endif
1414+ ); /* exec the shell finally. */
1415 /*NOTREACHED*/ return (0);
1416 }
1417--- shadow-4.0.3.orig/src/chage.c
1418+++ shadow-4.0.3/src/chage.c
1419@@ -29,6 +29,8 @@
1420
1421 #include <config.h>
1422
1423+#undef USE_PAM
1424+
1425 #include "rcsid.h"
1426 RCSID (PKG_VER "$Id$")
1427 #include <sys/types.h>
1428--- shadow-4.0.3.orig/libmisc/sub.c
1429+++ shadow-4.0.3/libmisc/sub.c
1430@@ -75,4 +75,8 @@
1431 closelog();
1432 exit (1);
1433 }
1434+
1435+ /* Now fixup the shell to get rid of that '*' */
1436+ if (*pw->pw_shell == '*')
1437+ pw->pw_shell++;
1438 }
1439--- shadow-4.0.3.orig/libmisc/pam_pass.c
1440+++ shadow-4.0.3/libmisc/pam_pass.c
1441@@ -51,6 +51,7 @@
1442 exit(10); /* XXX */
1443 }
1444
1445+ fputs("passwd: password updated successfully\n", stderr);
1446 pam_end(pamh, PAM_SUCCESS);
1447 }
1448 #else /* !USE_PAM */
1449--- shadow-4.0.3.orig/libmisc/shell.c
1450+++ shadow-4.0.3/libmisc/shell.c
1451@@ -55,7 +55,11 @@
1452 */
1453
1454 void
1455-shell(const char *file, const char *arg)
1456+shell(const char *file, const char *arg
1457+#ifdef CONFIG_FLASK
1458+ , int FLASK_flag, security_id_t user_sid
1459+#endif
1460+ )
1461 {
1462 char arg0[1024];
1463 int err;
1464@@ -84,6 +88,11 @@
1465 * grief.
1466 */
1467
1468+#ifdef CONFIG_FLASK
1469+ if(FLASK_flag)
1470+ execle_secure(file, user_sid, arg, (char *) 0, newenvp);
1471+ else
1472+#endif
1473 execle (file, arg, (char *) 0, newenvp);
1474 err = errno;
1475
1476@@ -103,6 +112,11 @@
1477 if ((fp = fopen (file, "r"))) {
1478 if (getc (fp) == '#' && getc (fp) == '!') {
1479 fclose (fp);
1480+#ifdef CONFIG_FLASK
1481+ if(FLASK_flag)
1482+ execle ("/bin/sh", user_sid, "sh", file, (char *) 0, newenvp);
1483+ else
1484+#endif
1485 execle ("/bin/sh", "sh",
1486 file, (char *) 0, newenvp);
1487 err = errno;
1488--- shadow-4.0.3.orig/libmisc/getdate.c
1489+++ shadow-4.0.3/libmisc/getdate.c
1490@@ -1,26 +1,24 @@
1491-
1492-/* A Bison parser, made from getdate.y
1493- by GNU Bison version 1.25
1494- */
1495+/* A Bison parser, made from getdate.y
1496+ by GNU bison 1.33. */
1497
1498 #define YYBISON 1 /* Identify Bison output. */
1499
1500-#define tAGO 258
1501-#define tDAY 259
1502-#define tDAY_UNIT 260
1503-#define tDAYZONE 261
1504-#define tDST 262
1505-#define tHOUR_UNIT 263
1506-#define tID 264
1507-#define tMERIDIAN 265
1508-#define tMINUTE_UNIT 266
1509-#define tMONTH 267
1510-#define tMONTH_UNIT 268
1511-#define tSEC_UNIT 269
1512-#define tSNUMBER 270
1513-#define tUNUMBER 271
1514-#define tYEAR_UNIT 272
1515-#define tZONE 273
1516+# define tAGO 257
1517+# define tDAY 258
1518+# define tDAY_UNIT 259
1519+# define tDAYZONE 260
1520+# define tDST 261
1521+# define tHOUR_UNIT 262
1522+# define tID 263
1523+# define tMERIDIAN 264
1524+# define tMINUTE_UNIT 265
1525+# define tMONTH 266
1526+# define tMONTH_UNIT 267
1527+# define tSEC_UNIT 268
1528+# define tSNUMBER 269
1529+# define tUNUMBER 270
1530+# define tYEAR_UNIT 271
1531+# define tZONE 272
1532
1533 #line 1 "getdate.y"
1534
1535@@ -197,16 +195,15 @@
1536
1537
1538 #line 175 "getdate.y"
1539+#ifndef YYSTYPE
1540 typedef union {
1541 int Number;
1542 enum _MERIDIAN Meridian;
1543-} YYSTYPE;
1544-#include <stdio.h>
1545-
1546-#ifndef __cplusplus
1547-#ifndef __STDC__
1548-#define const
1549+} yystype;
1550+# define YYSTYPE yystype
1551 #endif
1552+#ifndef YYDEBUG
1553+# define YYDEBUG 0
1554 #endif
1555
1556
1557@@ -215,159 +212,187 @@
1558 #define YYFLAG -32768
1559 #define YYNTBASE 22
1560
1561-#define YYTRANSLATE(x) ((unsigned)(x) <= 273 ? yytranslate[x] : 32)
1562+/* YYTRANSLATE(YYLEX) -- Bison token number corresponding to YYLEX. */
1563+#define YYTRANSLATE(x) ((unsigned)(x) <= 272 ? yytranslate[x] : 32)
1564
1565-static const char yytranslate[] = { 0,
1566- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1567- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1568- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1569- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1570- 2, 2, 2, 20, 2, 2, 21, 2, 2, 2,
1571- 2, 2, 2, 2, 2, 2, 2, 19, 2, 2,
1572- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1573- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1574- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1575- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1576- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1577- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1578- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1579- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1580- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1581- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1582- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1583- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1584- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1585- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1586- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1587- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1588- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1589- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1590- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1591- 2, 2, 2, 2, 2, 1, 2, 3, 4, 5,
1592- 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
1593- 16, 17, 18
1594+/* YYTRANSLATE[YYLEX] -- Bison token number corresponding to YYLEX. */
1595+static const char yytranslate[] =
1596+{
1597+ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1598+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1599+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1600+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1601+ 2, 2, 2, 2, 20, 2, 2, 21, 2, 2,
1602+ 2, 2, 2, 2, 2, 2, 2, 2, 19, 2,
1603+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1604+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1605+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1606+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1607+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1608+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1609+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1610+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1611+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1612+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1613+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1614+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1615+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1616+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1617+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1618+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1619+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1620+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1621+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
1622+ 2, 2, 2, 2, 2, 2, 1, 3, 4, 5,
1623+ 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
1624+ 16, 17, 18
1625 };
1626
1627-#if YYDEBUG != 0
1628-static const short yyprhs[] = { 0,
1629- 0, 1, 4, 6, 8, 10, 12, 14, 16, 19,
1630- 24, 29, 36, 43, 45, 47, 50, 52, 55, 58,
1631- 62, 68, 72, 76, 79, 84, 87, 91, 94, 96,
1632- 99, 102, 104, 107, 110, 112, 115, 118, 120, 123,
1633- 126, 128, 131, 134, 136, 139, 142, 144, 146, 147
1634+#if YYDEBUG
1635+static const short yyprhs[] =
1636+{
1637+ 0, 0, 1, 4, 6, 8, 10, 12, 14, 16,
1638+ 19, 24, 29, 36, 43, 45, 47, 50, 52, 55,
1639+ 58, 62, 68, 72, 76, 79, 84, 87, 91, 94,
1640+ 96, 99, 102, 104, 107, 110, 112, 115, 118, 120,
1641+ 123, 126, 128, 131, 134, 136, 139, 142, 144, 146,
1642+ 147
1643 };
1644-
1645-static const short yyrhs[] = { -1,
1646- 22, 23, 0, 24, 0, 25, 0, 27, 0, 26,
1647- 0, 28, 0, 30, 0, 16, 10, 0, 16, 19,
1648- 16, 31, 0, 16, 19, 16, 15, 0, 16, 19,
1649- 16, 19, 16, 31, 0, 16, 19, 16, 19, 16,
1650- 15, 0, 18, 0, 6, 0, 18, 7, 0, 4,
1651- 0, 4, 20, 0, 16, 4, 0, 16, 21, 16,
1652- 0, 16, 21, 16, 21, 16, 0, 16, 15, 15,
1653- 0, 16, 12, 15, 0, 12, 16, 0, 12, 16,
1654- 20, 16, 0, 16, 12, 0, 16, 12, 16, 0,
1655- 29, 3, 0, 29, 0, 16, 17, 0, 15, 17,
1656- 0, 17, 0, 16, 13, 0, 15, 13, 0, 13,
1657- 0, 16, 5, 0, 15, 5, 0, 5, 0, 16,
1658- 8, 0, 15, 8, 0, 8, 0, 16, 11, 0,
1659- 15, 11, 0, 11, 0, 16, 14, 0, 15, 14,
1660- 0, 14, 0, 16, 0, 0, 10, 0
1661+static const short yyrhs[] =
1662+{
1663+ -1, 22, 23, 0, 24, 0, 25, 0, 27, 0,
1664+ 26, 0, 28, 0, 30, 0, 16, 10, 0, 16,
1665+ 19, 16, 31, 0, 16, 19, 16, 15, 0, 16,
1666+ 19, 16, 19, 16, 31, 0, 16, 19, 16, 19,
1667+ 16, 15, 0, 18, 0, 6, 0, 18, 7, 0,
1668+ 4, 0, 4, 20, 0, 16, 4, 0, 16, 21,
1669+ 16, 0, 16, 21, 16, 21, 16, 0, 16, 15,
1670+ 15, 0, 16, 12, 15, 0, 12, 16, 0, 12,
1671+ 16, 20, 16, 0, 16, 12, 0, 16, 12, 16,
1672+ 0, 29, 3, 0, 29, 0, 16, 17, 0, 15,
1673+ 17, 0, 17, 0, 16, 13, 0, 15, 13, 0,
1674+ 13, 0, 16, 5, 0, 15, 5, 0, 5, 0,
1675+ 16, 8, 0, 15, 8, 0, 8, 0, 16, 11,
1676+ 0, 15, 11, 0, 11, 0, 16, 14, 0, 15,
1677+ 14, 0, 14, 0, 16, 0, 0, 10, 0
1678 };
1679
1680 #endif
1681
1682-#if YYDEBUG != 0
1683-static const short yyrline[] = { 0,
1684- 191, 192, 195, 198, 201, 204, 207, 210, 213, 219,
1685- 225, 234, 240, 252, 255, 258, 264, 268, 272, 278,
1686- 282, 300, 306, 312, 316, 321, 325, 332, 340, 343,
1687- 346, 349, 352, 355, 358, 361, 364, 367, 370, 373,
1688- 376, 379, 382, 385, 388, 391, 394, 399, 432, 436
1689+#if YYDEBUG
1690+/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
1691+static const short yyrline[] =
1692+{
1693+ 0, 191, 192, 195, 198, 201, 204, 207, 210, 213,
1694+ 219, 225, 234, 240, 252, 255, 258, 264, 268, 272,
1695+ 278, 282, 300, 306, 312, 316, 321, 325, 332, 340,
1696+ 343, 346, 349, 352, 355, 358, 361, 364, 367, 370,
1697+ 373, 376, 379, 382, 385, 388, 391, 394, 399, 432,
1698+ 436
1699 };
1700 #endif
1701
1702
1703-#if YYDEBUG != 0 || defined (YYERROR_VERBOSE)
1704+#if (YYDEBUG) || defined YYERROR_VERBOSE
1705
1706-static const char * const yytname[] = { "$","error","$undefined.","tAGO","tDAY",
1707-"tDAY_UNIT","tDAYZONE","tDST","tHOUR_UNIT","tID","tMERIDIAN","tMINUTE_UNIT",
1708-"tMONTH","tMONTH_UNIT","tSEC_UNIT","tSNUMBER","tUNUMBER","tYEAR_UNIT","tZONE",
1709-"':'","','","'/'","spec","item","time","zone","day","date","rel","relunit","number",
1710-"o_merid", NULL
1711+/* YYTNAME[TOKEN_NUM] -- String name of the token TOKEN_NUM. */
1712+static const char *const yytname[] =
1713+{
1714+ "$", "error", "$undefined.", "tAGO", "tDAY", "tDAY_UNIT", "tDAYZONE",
1715+ "tDST", "tHOUR_UNIT", "tID", "tMERIDIAN", "tMINUTE_UNIT", "tMONTH",
1716+ "tMONTH_UNIT", "tSEC_UNIT", "tSNUMBER", "tUNUMBER", "tYEAR_UNIT",
1717+ "tZONE", "':'", "','", "'/'", "spec", "item", "time", "zone", "day",
1718+ "date", "rel", "relunit", "number", "o_merid", NULL
1719 };
1720 #endif
1721
1722-static const short yyr1[] = { 0,
1723- 22, 22, 23, 23, 23, 23, 23, 23, 24, 24,
1724- 24, 24, 24, 25, 25, 25, 26, 26, 26, 27,
1725- 27, 27, 27, 27, 27, 27, 27, 28, 28, 29,
1726- 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
1727- 29, 29, 29, 29, 29, 29, 29, 30, 31, 31
1728+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
1729+static const short yyr1[] =
1730+{
1731+ 0, 22, 22, 23, 23, 23, 23, 23, 23, 24,
1732+ 24, 24, 24, 24, 25, 25, 25, 26, 26, 26,
1733+ 27, 27, 27, 27, 27, 27, 27, 27, 28, 28,
1734+ 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
1735+ 29, 29, 29, 29, 29, 29, 29, 29, 30, 31,
1736+ 31
1737 };
1738
1739-static const short yyr2[] = { 0,
1740- 0, 2, 1, 1, 1, 1, 1, 1, 2, 4,
1741- 4, 6, 6, 1, 1, 2, 1, 2, 2, 3,
1742- 5, 3, 3, 2, 4, 2, 3, 2, 1, 2,
1743- 2, 1, 2, 2, 1, 2, 2, 1, 2, 2,
1744- 1, 2, 2, 1, 2, 2, 1, 1, 0, 1
1745+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
1746+static const short yyr2[] =
1747+{
1748+ 0, 0, 2, 1, 1, 1, 1, 1, 1, 2,
1749+ 4, 4, 6, 6, 1, 1, 2, 1, 2, 2,
1750+ 3, 5, 3, 3, 2, 4, 2, 3, 2, 1,
1751+ 2, 2, 1, 2, 2, 1, 2, 2, 1, 2,
1752+ 2, 1, 2, 2, 1, 2, 2, 1, 1, 0,
1753+ 1
1754 };
1755
1756-static const short yydefact[] = { 1,
1757- 0, 17, 38, 15, 41, 44, 0, 35, 47, 0,
1758- 48, 32, 14, 2, 3, 4, 6, 5, 7, 29,
1759- 8, 18, 24, 37, 40, 43, 34, 46, 31, 19,
1760- 36, 39, 9, 42, 26, 33, 45, 0, 30, 0,
1761- 0, 16, 28, 0, 23, 27, 22, 49, 20, 25,
1762- 50, 11, 0, 10, 0, 49, 21, 13, 12, 0,
1763- 0
1764+/* YYDEFACT[S] -- default rule to reduce with in state S when YYTABLE
1765+ doesn't specify something else to do. Zero means the default is an
1766+ error. */
1767+static const short yydefact[] =
1768+{
1769+ 1, 0, 17, 38, 15, 41, 44, 0, 35, 47,
1770+ 0, 48, 32, 14, 2, 3, 4, 6, 5, 7,
1771+ 29, 8, 18, 24, 37, 40, 43, 34, 46, 31,
1772+ 19, 36, 39, 9, 42, 26, 33, 45, 0, 30,
1773+ 0, 0, 16, 28, 0, 23, 27, 22, 49, 20,
1774+ 25, 50, 11, 0, 10, 0, 49, 21, 13, 12,
1775+ 0, 0
1776 };
1777
1778-static const short yydefgoto[] = { 1,
1779- 14, 15, 16, 17, 18, 19, 20, 21, 54
1780+static const short yydefgoto[] =
1781+{
1782+ 1, 14, 15, 16, 17, 18, 19, 20, 21, 54
1783 };
1784
1785-static const short yypact[] = {-32768,
1786- 0, -19,-32768,-32768,-32768,-32768, -13,-32768,-32768, 30,
1787- 15,-32768, 14,-32768,-32768,-32768,-32768,-32768,-32768, 19,
1788--32768,-32768, 4,-32768,-32768,-32768,-32768,-32768,-32768,-32768,
1789--32768,-32768,-32768,-32768, -6,-32768,-32768, 16,-32768, 17,
1790- 23,-32768,-32768, 24,-32768,-32768,-32768, 27, 28,-32768,
1791--32768,-32768, 29,-32768, 32, -8,-32768,-32768,-32768, 50,
1792--32768
1793+static const short yypact[] =
1794+{
1795+ -32768, 0, -19,-32768,-32768,-32768,-32768, -13,-32768,-32768,
1796+ 30, 15,-32768, 14,-32768,-32768,-32768,-32768,-32768,-32768,
1797+ 19,-32768,-32768, 4,-32768,-32768,-32768,-32768,-32768,-32768,
1798+ -32768,-32768,-32768,-32768,-32768, -6,-32768,-32768, 16,-32768,
1799+ 17, 23,-32768,-32768, 24,-32768,-32768,-32768, 27, 28,
1800+ -32768,-32768,-32768, 29,-32768, 32, -8,-32768,-32768,-32768,
1801+ 50,-32768
1802 };
1803
1804-static const short yypgoto[] = {-32768,
1805--32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768, -5
1806+static const short yypgoto[] =
1807+{
1808+ -32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768, -5
1809 };
1810
1811
1812 #define YYLAST 51
1813
1814
1815-static const short yytable[] = { 60,
1816- 22, 51, 23, 2, 3, 4, 58, 5, 45, 46,
1817- 6, 7, 8, 9, 10, 11, 12, 13, 30, 31,
1818- 42, 43, 32, 44, 33, 34, 35, 36, 37, 38,
1819- 47, 39, 48, 40, 24, 41, 51, 25, 49, 50,
1820- 26, 52, 27, 28, 56, 53, 29, 57, 55, 61,
1821- 59
1822+static const short yytable[] =
1823+{
1824+ 60, 22, 51, 23, 2, 3, 4, 58, 5, 45,
1825+ 46, 6, 7, 8, 9, 10, 11, 12, 13, 30,
1826+ 31, 42, 43, 32, 44, 33, 34, 35, 36, 37,
1827+ 38, 47, 39, 48, 40, 24, 41, 51, 25, 49,
1828+ 50, 26, 52, 27, 28, 56, 53, 29, 57, 55,
1829+ 61, 59
1830 };
1831
1832-static const short yycheck[] = { 0,
1833- 20, 10, 16, 4, 5, 6, 15, 8, 15, 16,
1834- 11, 12, 13, 14, 15, 16, 17, 18, 4, 5,
1835- 7, 3, 8, 20, 10, 11, 12, 13, 14, 15,
1836- 15, 17, 16, 19, 5, 21, 10, 8, 16, 16,
1837- 11, 15, 13, 14, 16, 19, 17, 16, 21, 0,
1838- 56
1839+static const short yycheck[] =
1840+{
1841+ 0, 20, 10, 16, 4, 5, 6, 15, 8, 15,
1842+ 16, 11, 12, 13, 14, 15, 16, 17, 18, 4,
1843+ 5, 7, 3, 8, 20, 10, 11, 12, 13, 14,
1844+ 15, 15, 17, 16, 19, 5, 21, 10, 8, 16,
1845+ 16, 11, 15, 13, 14, 16, 19, 17, 16, 21,
1846+ 0, 56
1847 };
1848 /* -*-C-*- Note some compilers choke on comments on `#line' lines. */
1849-#line 3 "/usr/share/bison.simple"
1850+#line 3 "/usr/share/bison/bison.simple"
1851
1852 /* Skeleton output parser for bison,
1853- Copyright (C) 1984, 1989, 1990 Free Software Foundation, Inc.
1854+
1855+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002 Free Software
1856+ Foundation, Inc.
1857
1858 This program is free software; you can redistribute it and/or modify
1859 it under the terms of the GNU General Public License as published by
1860@@ -381,183 +406,328 @@
1861
1862 You should have received a copy of the GNU General Public License
1863 along with this program; if not, write to the Free Software
1864- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
1865+ Foundation, Inc., 59 Temple Place - Suite 330,
1866+ Boston, MA 02111-1307, USA. */
1867
1868 /* As a special exception, when this file is copied by Bison into a
1869 Bison output file, you may use that output file without restriction.
1870 This special exception was added by the Free Software Foundation
1871 in version 1.24 of Bison. */
1872
1873-#ifndef alloca
1874-#ifdef __GNUC__
1875-#define alloca __builtin_alloca
1876-#else /* not GNU C. */
1877-#if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi)
1878-#include <alloca.h>
1879-#else /* not sparc */
1880-#if defined (MSDOS) && !defined (__TURBOC__)
1881-#include <malloc.h>
1882-#else /* not MSDOS, or __TURBOC__ */
1883-#if defined(_AIX)
1884-#include <malloc.h>
1885- #pragma alloca
1886-#else /* not MSDOS, __TURBOC__, or _AIX */
1887-#ifdef __hpux
1888+/* This is the parser code that is written into each bison parser when
1889+ the %semantic_parser declaration is not specified in the grammar.
1890+ It was written by Richard Stallman by simplifying the hairy parser
1891+ used when %semantic_parser is specified. */
1892+
1893+/* All symbols defined below should begin with yy or YY, to avoid
1894+ infringing on user name space. This should be done even for local
1895+ variables, as they might otherwise be expanded by user macros.
1896+ There are some unavoidable exceptions within include files to
1897+ define necessary library symbols; they are noted "INFRINGES ON
1898+ USER NAME SPACE" below. */
1899+
1900 #ifdef __cplusplus
1901-extern "C" {
1902-void *alloca (unsigned int);
1903+# define YYSTD(x) std::x
1904+#else
1905+# define YYSTD(x) x
1906+#endif
1907+
1908+#if ! defined (yyoverflow) || defined (YYERROR_VERBOSE)
1909+
1910+/* The parser invokes alloca or malloc; define the necessary symbols. */
1911+
1912+# if YYSTACK_USE_ALLOCA
1913+# define YYSTACK_ALLOC alloca
1914+# else
1915+# ifndef YYSTACK_USE_ALLOCA
1916+# if defined (alloca) || defined (_ALLOCA_H)
1917+# define YYSTACK_ALLOC alloca
1918+# else
1919+# ifdef __GNUC__
1920+# define YYSTACK_ALLOC __builtin_alloca
1921+# endif
1922+# endif
1923+# endif
1924+# endif
1925+
1926+# ifdef YYSTACK_ALLOC
1927+ /* Pacify GCC's `empty if-body' warning. */
1928+# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
1929+# else
1930+# ifdef __cplusplus
1931+# include <cstdlib> /* INFRINGES ON USER NAME SPACE */
1932+# define YYSIZE_T std::size_t
1933+# else
1934+# ifdef __STDC__
1935+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
1936+# define YYSIZE_T size_t
1937+# endif
1938+# endif
1939+# define YYSTACK_ALLOC YYSTD (malloc)
1940+# define YYSTACK_FREE YYSTD (free)
1941+# endif
1942+
1943+/* A type that is properly aligned for any stack member. */
1944+union yyalloc
1945+{
1946+ short yyss;
1947+ YYSTYPE yyvs;
1948+# if YYLSP_NEEDED
1949+ YYLTYPE yyls;
1950+# endif
1951 };
1952-#else /* not __cplusplus */
1953-void *alloca ();
1954-#endif /* not __cplusplus */
1955-#endif /* __hpux */
1956-#endif /* not _AIX */
1957-#endif /* not MSDOS, or __TURBOC__ */
1958-#endif /* not sparc. */
1959-#endif /* not GNU C. */
1960-#endif /* alloca not defined. */
1961-
1962-/* This is the parser code that is written into each bison parser
1963- when the %semantic_parser declaration is not specified in the grammar.
1964- It was written by Richard Stallman by simplifying the hairy parser
1965- used when %semantic_parser is specified. */
1966-
1967-/* Note: there must be only one dollar sign in this file.
1968- It is replaced by the list of actions, each action
1969- as one case of the switch. */
1970+
1971+/* The size of the maximum gap between one aligned stack and the next. */
1972+# define YYSTACK_GAP_MAX (sizeof (union yyalloc) - 1)
1973+
1974+/* The size of an array large to enough to hold all stacks, each with
1975+ N elements. */
1976+# if YYLSP_NEEDED
1977+# define YYSTACK_BYTES(N) \
1978+ ((N) * (sizeof (short) + sizeof (YYSTYPE) + sizeof (YYLTYPE)) \
1979+ + 2 * YYSTACK_GAP_MAX)
1980+# else
1981+# define YYSTACK_BYTES(N) \
1982+ ((N) * (sizeof (short) + sizeof (YYSTYPE)) \
1983+ + YYSTACK_GAP_MAX)
1984+# endif
1985+
1986+/* Relocate the TYPE STACK from its old location to the new one. The
1987+ local variables YYSIZE and YYSTACKSIZE give the old and new number of
1988+ elements in the stack, and YYPTR gives the new location of the
1989+ stack. Advance YYPTR to a properly aligned location for the next
1990+ stack. */
1991+# define YYSTACK_RELOCATE(Type, Stack) \
1992+ do \
1993+ { \
1994+ YYSIZE_T yynewbytes; \
1995+ yymemcpy ((char *) yyptr, (char *) (Stack), \
1996+ yysize * (YYSIZE_T) sizeof (Type)); \
1997+ Stack = &yyptr->Stack; \
1998+ yynewbytes = yystacksize * sizeof (Type) + YYSTACK_GAP_MAX; \
1999+ yyptr += yynewbytes / sizeof (*yyptr); \
2000+ } \
2001+ while (0)
2002+
2003+#endif /* ! defined (yyoverflow) || defined (YYERROR_VERBOSE) */
2004+
2005+
2006+#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
2007+# define YYSIZE_T __SIZE_TYPE__
2008+#endif
2009+#if ! defined (YYSIZE_T) && defined (size_t)
2010+# define YYSIZE_T size_t
2011+#endif
2012+#if ! defined (YYSIZE_T)
2013+# ifdef __cplusplus
2014+# include <cstddef> /* INFRINGES ON USER NAME SPACE */
2015+# define YYSIZE_T std::size_t
2016+# else
2017+# ifdef __STDC__
2018+# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
2019+# define YYSIZE_T size_t
2020+# endif
2021+# endif
2022+#endif
2023+#if ! defined (YYSIZE_T)
2024+# define YYSIZE_T unsigned int
2025+#endif
2026
2027 #define yyerrok (yyerrstatus = 0)
2028 #define yyclearin (yychar = YYEMPTY)
2029 #define YYEMPTY -2
2030 #define YYEOF 0
2031-#define YYACCEPT return(0)
2032-#define YYABORT return(1)
2033+#define YYACCEPT goto yyacceptlab
2034+#define YYABORT goto yyabortlab
2035 #define YYERROR goto yyerrlab1
2036-/* Like YYERROR except do call yyerror.
2037- This remains here temporarily to ease the
2038- transition to the new meaning of YYERROR, for GCC.
2039+/* Like YYERROR except do call yyerror. This remains here temporarily
2040+ to ease the transition to the new meaning of YYERROR, for GCC.
2041 Once GCC version 2 has supplanted version 1, this can go. */
2042 #define YYFAIL goto yyerrlab
2043 #define YYRECOVERING() (!!yyerrstatus)
2044-#define YYBACKUP(token, value) \
2045+#define YYBACKUP(Token, Value) \
2046 do \
2047 if (yychar == YYEMPTY && yylen == 1) \
2048- { yychar = (token), yylval = (value); \
2049+ { \
2050+ yychar = (Token); \
2051+ yylval = (Value); \
2052 yychar1 = YYTRANSLATE (yychar); \
2053 YYPOPSTACK; \
2054 goto yybackup; \
2055 } \
2056 else \
2057- { yyerror ("syntax error: cannot back up"); YYERROR; } \
2058+ { \
2059+ yyerror ("syntax error: cannot back up"); \
2060+ YYERROR; \
2061+ } \
2062 while (0)
2063
2064 #define YYTERROR 1
2065 #define YYERRCODE 256
2066
2067-#ifndef YYPURE
2068-#define YYLEX yylex()
2069-#endif
2070
2071-#ifdef YYPURE
2072-#ifdef YYLSP_NEEDED
2073-#ifdef YYLEX_PARAM
2074-#define YYLEX yylex(&yylval, &yylloc, YYLEX_PARAM)
2075-#else
2076-#define YYLEX yylex(&yylval, &yylloc)
2077-#endif
2078-#else /* not YYLSP_NEEDED */
2079-#ifdef YYLEX_PARAM
2080-#define YYLEX yylex(&yylval, YYLEX_PARAM)
2081-#else
2082-#define YYLEX yylex(&yylval)
2083-#endif
2084-#endif /* not YYLSP_NEEDED */
2085-#endif
2086-
2087-/* If nonreentrant, generate the variables here */
2088+/* YYLLOC_DEFAULT -- Compute the default location (before the actions
2089+ are run).
2090
2091-#ifndef YYPURE
2092-
2093-int yychar; /* the lookahead symbol */
2094-YYSTYPE yylval; /* the semantic value of the */
2095- /* lookahead symbol */
2096-
2097-#ifdef YYLSP_NEEDED
2098-YYLTYPE yylloc; /* location data for the lookahead */
2099- /* symbol */
2100+ When YYLLOC_DEFAULT is run, CURRENT is set the location of the
2101+ first token. By default, to implement support for ranges, extend
2102+ its range to the last symbol. */
2103+
2104+#ifndef YYLLOC_DEFAULT
2105+# define YYLLOC_DEFAULT(Current, Rhs, N) \
2106+ Current.last_line = Rhs[N].last_line; \
2107+ Current.last_column = Rhs[N].last_column;
2108 #endif
2109
2110-int yynerrs; /* number of parse errors so far */
2111-#endif /* not YYPURE */
2112
2113-#if YYDEBUG != 0
2114-int yydebug; /* nonzero means print parse trace */
2115-/* Since this is uninitialized, it does not stop multiple parsers
2116- from coexisting. */
2117-#endif
2118+/* YYLEX -- calling `yylex' with the right arguments. */
2119+
2120+#if YYPURE
2121+# if YYLSP_NEEDED
2122+# ifdef YYLEX_PARAM
2123+# define YYLEX yylex (&yylval, &yylloc, YYLEX_PARAM)
2124+# else
2125+# define YYLEX yylex (&yylval, &yylloc)
2126+# endif
2127+# else /* !YYLSP_NEEDED */
2128+# ifdef YYLEX_PARAM
2129+# define YYLEX yylex (&yylval, YYLEX_PARAM)
2130+# else
2131+# define YYLEX yylex (&yylval)
2132+# endif
2133+# endif /* !YYLSP_NEEDED */
2134+#else /* !YYPURE */
2135+# define YYLEX yylex ()
2136+#endif /* !YYPURE */
2137+
2138+
2139+/* Enable debugging if requested. */
2140+#if YYDEBUG
2141+
2142+# ifndef YYFPRINTF
2143+# ifdef __cplusplus
2144+# include <cstdio> /* INFRINGES ON USER NAME SPACE */
2145+# else
2146+# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
2147+# endif
2148+# define YYFPRINTF YYSTD (fprintf)
2149+# endif
2150
2151-/* YYINITDEPTH indicates the initial size of the parser's stacks */
2152+# define YYDPRINTF(Args) \
2153+do { \
2154+ if (yydebug) \
2155+ YYFPRINTF Args; \
2156+} while (0)
2157+/* Nonzero means print parse trace. [The following comment makes no
2158+ sense to me. Could someone clarify it? --akim] Since this is
2159+ uninitialized, it does not stop multiple parsers from coexisting.
2160+ */
2161+int yydebug;
2162+#else /* !YYDEBUG */
2163+# define YYDPRINTF(Args)
2164+#endif /* !YYDEBUG */
2165
2166+/* YYINITDEPTH -- initial size of the parser's stacks. */
2167 #ifndef YYINITDEPTH
2168-#define YYINITDEPTH 200
2169+# define YYINITDEPTH 200
2170 #endif
2171
2172-/* YYMAXDEPTH is the maximum size the stacks can grow to
2173- (effective only if the built-in stack extension method is used). */
2174+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
2175+ if the built-in stack extension method is used).
2176+
2177+ Do not make this value too large; the results are undefined if
2178+ SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
2179+ evaluated with infinite-precision integer arithmetic. */
2180
2181 #if YYMAXDEPTH == 0
2182-#undef YYMAXDEPTH
2183+# undef YYMAXDEPTH
2184 #endif
2185
2186 #ifndef YYMAXDEPTH
2187-#define YYMAXDEPTH 10000
2188-#endif
2189-
2190-/* Prevent warning if -Wstrict-prototypes. */
2191-#ifdef __GNUC__
2192-int yyparse (void);
2193+# define YYMAXDEPTH 10000
2194 #endif
2195 \f
2196-#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */
2197-#define __yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT)
2198-#else /* not GNU C or C++ */
2199-#ifndef __cplusplus
2200+#if ! defined (yyoverflow) && ! defined (yymemcpy)
2201+# if __GNUC__ > 1 /* GNU C and GNU C++ define this. */
2202+# define yymemcpy __builtin_memcpy
2203+# else /* not GNU C or C++ */
2204
2205 /* This is the most reliable way to avoid incompatibilities
2206 in available built-in functions on various systems. */
2207 static void
2208-__yy_memcpy (to, from, count)
2209- char *to;
2210- char *from;
2211- int count;
2212-{
2213- register char *f = from;
2214- register char *t = to;
2215- register int i = count;
2216+# if defined (__STDC__) || defined (__cplusplus)
2217+yymemcpy (char *yyto, const char *yyfrom, YYSIZE_T yycount)
2218+# else
2219+yymemcpy (yyto, yyfrom, yycount)
2220+ char *yyto;
2221+ const char *yyfrom;
2222+ YYSIZE_T yycount;
2223+# endif
2224+{
2225+ register const char *yyf = yyfrom;
2226+ register char *yyt = yyto;
2227+ register YYSIZE_T yyi = yycount;
2228
2229- while (i-- > 0)
2230- *t++ = *f++;
2231+ while (yyi-- != 0)
2232+ *yyt++ = *yyf++;
2233 }
2234+# endif
2235+#endif
2236
2237-#else /* __cplusplus */
2238+#ifdef YYERROR_VERBOSE
2239
2240-/* This is the most reliable way to avoid incompatibilities
2241- in available built-in functions on various systems. */
2242-static void
2243-__yy_memcpy (char *to, char *from, int count)
2244+# ifndef yystrlen
2245+# if defined (__GLIBC__) && defined (_STRING_H)
2246+# define yystrlen strlen
2247+# else
2248+/* Return the length of YYSTR. */
2249+static YYSIZE_T
2250+# if defined (__STDC__) || defined (__cplusplus)
2251+yystrlen (const char *yystr)
2252+# else
2253+yystrlen (yystr)
2254+ const char *yystr;
2255+# endif
2256 {
2257- register char *f = from;
2258- register char *t = to;
2259- register int i = count;
2260+ register const char *yys = yystr;
2261
2262- while (i-- > 0)
2263- *t++ = *f++;
2264+ while (*yys++ != '\0')
2265+ continue;
2266+
2267+ return yys - yystr - 1;
2268 }
2269+# endif
2270+# endif
2271
2272-#endif
2273+# ifndef yystpcpy
2274+# if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE)
2275+# define yystpcpy stpcpy
2276+# else
2277+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
2278+ YYDEST. */
2279+static char *
2280+# if defined (__STDC__) || defined (__cplusplus)
2281+yystpcpy (char *yydest, const char *yysrc)
2282+# else
2283+yystpcpy (yydest, yysrc)
2284+ char *yydest;
2285+ const char *yysrc;
2286+# endif
2287+{
2288+ register char *yyd = yydest;
2289+ register const char *yys = yysrc;
2290+
2291+ while ((*yyd++ = *yys++) != '\0')
2292+ continue;
2293+
2294+ return yyd - 1;
2295+}
2296+# endif
2297+# endif
2298 #endif
2299 \f
2300-#line 196 "/usr/share/bison.simple"
2301+#line 341 "/usr/share/bison/bison.simple"
2302+
2303
2304 /* The user can define YYPARSE_PARAM as the name of an argument to be passed
2305 into yyparse. The argument should have type void *.
2306@@ -566,66 +736,121 @@
2307 to the proper pointer type. */
2308
2309 #ifdef YYPARSE_PARAM
2310-#ifdef __cplusplus
2311-#define YYPARSE_PARAM_ARG void *YYPARSE_PARAM
2312-#define YYPARSE_PARAM_DECL
2313-#else /* not __cplusplus */
2314-#define YYPARSE_PARAM_ARG YYPARSE_PARAM
2315-#define YYPARSE_PARAM_DECL void *YYPARSE_PARAM;
2316-#endif /* not __cplusplus */
2317-#else /* not YYPARSE_PARAM */
2318-#define YYPARSE_PARAM_ARG
2319-#define YYPARSE_PARAM_DECL
2320-#endif /* not YYPARSE_PARAM */
2321+# ifdef __cplusplus
2322+# define YYPARSE_PARAM_ARG void *YYPARSE_PARAM
2323+# define YYPARSE_PARAM_DECL
2324+# else /* !__cplusplus */
2325+# define YYPARSE_PARAM_ARG YYPARSE_PARAM
2326+# define YYPARSE_PARAM_DECL void *YYPARSE_PARAM;
2327+# endif /* !__cplusplus */
2328+#else /* !YYPARSE_PARAM */
2329+# define YYPARSE_PARAM_ARG
2330+# define YYPARSE_PARAM_DECL
2331+#endif /* !YYPARSE_PARAM */
2332+
2333+/* Prevent warning if -Wstrict-prototypes. */
2334+#ifdef __GNUC__
2335+# ifdef YYPARSE_PARAM
2336+int yyparse (void *);
2337+# else
2338+int yyparse (void);
2339+# endif
2340+#endif
2341+
2342+/* YY_DECL_VARIABLES -- depending whether we use a pure parser,
2343+ variables are global, or local to YYPARSE. */
2344+
2345+#define YY_DECL_NON_LSP_VARIABLES \
2346+/* The lookahead symbol. */ \
2347+int yychar; \
2348+ \
2349+/* The semantic value of the lookahead symbol. */ \
2350+YYSTYPE yylval; \
2351+ \
2352+/* Number of parse errors so far. */ \
2353+int yynerrs;
2354+
2355+#if YYLSP_NEEDED
2356+# define YY_DECL_VARIABLES \
2357+YY_DECL_NON_LSP_VARIABLES \
2358+ \
2359+/* Location data for the lookahead symbol. */ \
2360+YYLTYPE yylloc;
2361+#else
2362+# define YY_DECL_VARIABLES \
2363+YY_DECL_NON_LSP_VARIABLES
2364+#endif
2365+
2366+
2367+/* If nonreentrant, generate the variables here. */
2368+
2369+#if !YYPURE
2370+YY_DECL_VARIABLES
2371+#endif /* !YYPURE */
2372
2373 int
2374-yyparse(YYPARSE_PARAM_ARG)
2375+yyparse (YYPARSE_PARAM_ARG)
2376 YYPARSE_PARAM_DECL
2377 {
2378+ /* If reentrant, generate the variables here. */
2379+#if YYPURE
2380+ YY_DECL_VARIABLES
2381+#endif /* !YYPURE */
2382+
2383 register int yystate;
2384 register int yyn;
2385+ int yyresult;
2386+ /* Number of tokens to shift before error messages enabled. */
2387+ int yyerrstatus;
2388+ /* Lookahead token as an internal (translated) token number. */
2389+ int yychar1 = 0;
2390+
2391+ /* Three stacks and their tools:
2392+ `yyss': related to states,
2393+ `yyvs': related to semantic values,
2394+ `yyls': related to locations.
2395+
2396+ Refer to the stacks thru separate pointers, to allow yyoverflow
2397+ to reallocate them elsewhere. */
2398+
2399+ /* The state stack. */
2400+ short yyssa[YYINITDEPTH];
2401+ short *yyss = yyssa;
2402 register short *yyssp;
2403- register YYSTYPE *yyvsp;
2404- int yyerrstatus; /* number of tokens to shift before error messages enabled */
2405- int yychar1 = 0; /* lookahead token as an internal (translated) token number */
2406-
2407- short yyssa[YYINITDEPTH]; /* the state stack */
2408- YYSTYPE yyvsa[YYINITDEPTH]; /* the semantic value stack */
2409
2410- short *yyss = yyssa; /* refer to the stacks thru separate pointers */
2411- YYSTYPE *yyvs = yyvsa; /* to allow yyoverflow to reallocate them elsewhere */
2412+ /* The semantic value stack. */
2413+ YYSTYPE yyvsa[YYINITDEPTH];
2414+ YYSTYPE *yyvs = yyvsa;
2415+ register YYSTYPE *yyvsp;
2416
2417-#ifdef YYLSP_NEEDED
2418- YYLTYPE yylsa[YYINITDEPTH]; /* the location stack */
2419+#if YYLSP_NEEDED
2420+ /* The location stack. */
2421+ YYLTYPE yylsa[YYINITDEPTH];
2422 YYLTYPE *yyls = yylsa;
2423 YYLTYPE *yylsp;
2424+#endif
2425
2426-#define YYPOPSTACK (yyvsp--, yyssp--, yylsp--)
2427+#if YYLSP_NEEDED
2428+# define YYPOPSTACK (yyvsp--, yyssp--, yylsp--)
2429 #else
2430-#define YYPOPSTACK (yyvsp--, yyssp--)
2431+# define YYPOPSTACK (yyvsp--, yyssp--)
2432 #endif
2433
2434- int yystacksize = YYINITDEPTH;
2435+ YYSIZE_T yystacksize = YYINITDEPTH;
2436
2437-#ifdef YYPURE
2438- int yychar;
2439- YYSTYPE yylval;
2440- int yynerrs;
2441-#ifdef YYLSP_NEEDED
2442- YYLTYPE yylloc;
2443-#endif
2444-#endif
2445
2446- YYSTYPE yyval; /* the variable used to return */
2447- /* semantic values from the action */
2448- /* routines */
2449+ /* The variables used to return semantic value and location from the
2450+ action routines. */
2451+ YYSTYPE yyval;
2452+#if YYLSP_NEEDED
2453+ YYLTYPE yyloc;
2454+#endif
2455
2456+ /* When reducing, the number of symbols on the RHS of the reduced
2457+ rule. */
2458 int yylen;
2459
2460-#if YYDEBUG != 0
2461- if (yydebug)
2462- fprintf(stderr, "Starting parse\n");
2463-#endif
2464+ YYDPRINTF ((stderr, "Starting parse\n"));
2465
2466 yystate = 0;
2467 yyerrstatus = 0;
2468@@ -637,96 +862,106 @@
2469 so that they stay on the same level as the state stack.
2470 The wasted elements are never initialized. */
2471
2472- yyssp = yyss - 1;
2473+ yyssp = yyss;
2474 yyvsp = yyvs;
2475-#ifdef YYLSP_NEEDED
2476+#if YYLSP_NEEDED
2477 yylsp = yyls;
2478 #endif
2479+ goto yysetstate;
2480
2481-/* Push a new state, which is found in yystate . */
2482-/* In all cases, when you get here, the value and location stacks
2483- have just been pushed. so pushing a state here evens the stacks. */
2484-yynewstate:
2485+/*------------------------------------------------------------.
2486+| yynewstate -- Push a new state, which is found in yystate. |
2487+`------------------------------------------------------------*/
2488+ yynewstate:
2489+ /* In all cases, when you get here, the value and location stacks
2490+ have just been pushed. so pushing a state here evens the stacks.
2491+ */
2492+ yyssp++;
2493
2494- *++yyssp = yystate;
2495+ yysetstate:
2496+ *yyssp = yystate;
2497
2498 if (yyssp >= yyss + yystacksize - 1)
2499 {
2500- /* Give user a chance to reallocate the stack */
2501- /* Use copies of these so that the &'s don't force the real ones into memory. */
2502- YYSTYPE *yyvs1 = yyvs;
2503- short *yyss1 = yyss;
2504-#ifdef YYLSP_NEEDED
2505- YYLTYPE *yyls1 = yyls;
2506-#endif
2507-
2508 /* Get the current used size of the three stacks, in elements. */
2509- int size = yyssp - yyss + 1;
2510+ YYSIZE_T yysize = yyssp - yyss + 1;
2511
2512 #ifdef yyoverflow
2513- /* Each stack pointer address is followed by the size of
2514- the data in use in that stack, in bytes. */
2515-#ifdef YYLSP_NEEDED
2516- /* This used to be a conditional around just the two extra args,
2517- but that might be undefined if yyoverflow is a macro. */
2518- yyoverflow("parser stack overflow",
2519- &yyss1, size * sizeof (*yyssp),
2520- &yyvs1, size * sizeof (*yyvsp),
2521- &yyls1, size * sizeof (*yylsp),
2522- &yystacksize);
2523-#else
2524- yyoverflow("parser stack overflow",
2525- &yyss1, size * sizeof (*yyssp),
2526- &yyvs1, size * sizeof (*yyvsp),
2527- &yystacksize);
2528-#endif
2529-
2530- yyss = yyss1; yyvs = yyvs1;
2531-#ifdef YYLSP_NEEDED
2532- yyls = yyls1;
2533-#endif
2534+ {
2535+ /* Give user a chance to reallocate the stack. Use copies of
2536+ these so that the &'s don't force the real ones into
2537+ memory. */
2538+ YYSTYPE *yyvs1 = yyvs;
2539+ short *yyss1 = yyss;
2540+
2541+ /* Each stack pointer address is followed by the size of the
2542+ data in use in that stack, in bytes. */
2543+# if YYLSP_NEEDED
2544+ YYLTYPE *yyls1 = yyls;
2545+ /* This used to be a conditional around just the two extra args,
2546+ but that might be undefined if yyoverflow is a macro. */
2547+ yyoverflow ("parser stack overflow",
2548+ &yyss1, yysize * sizeof (*yyssp),
2549+ &yyvs1, yysize * sizeof (*yyvsp),
2550+ &yyls1, yysize * sizeof (*yylsp),
2551+ &yystacksize);
2552+ yyls = yyls1;
2553+# else
2554+ yyoverflow ("parser stack overflow",
2555+ &yyss1, yysize * sizeof (*yyssp),
2556+ &yyvs1, yysize * sizeof (*yyvsp),
2557+ &yystacksize);
2558+# endif
2559+ yyss = yyss1;
2560+ yyvs = yyvs1;
2561+ }
2562 #else /* no yyoverflow */
2563 /* Extend the stack our own way. */
2564 if (yystacksize >= YYMAXDEPTH)
2565- {
2566- yyerror("parser stack overflow");
2567- return 2;
2568- }
2569+ goto yyoverflowlab;
2570 yystacksize *= 2;
2571 if (yystacksize > YYMAXDEPTH)
2572 yystacksize = YYMAXDEPTH;
2573- yyss = (short *) alloca (yystacksize * sizeof (*yyssp));
2574- __yy_memcpy ((char *)yyss, (char *)yyss1, size * sizeof (*yyssp));
2575- yyvs = (YYSTYPE *) alloca (yystacksize * sizeof (*yyvsp));
2576- __yy_memcpy ((char *)yyvs, (char *)yyvs1, size * sizeof (*yyvsp));
2577-#ifdef YYLSP_NEEDED
2578- yyls = (YYLTYPE *) alloca (yystacksize * sizeof (*yylsp));
2579- __yy_memcpy ((char *)yyls, (char *)yyls1, size * sizeof (*yylsp));
2580-#endif
2581+
2582+ {
2583+ short *yyss1 = yyss;
2584+ union yyalloc *yyptr =
2585+ (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
2586+ if (! yyptr)
2587+ goto yyoverflowlab;
2588+ YYSTACK_RELOCATE (short, yyss);
2589+ YYSTACK_RELOCATE (YYSTYPE, yyvs);
2590+# if YYLSP_NEEDED
2591+ YYSTACK_RELOCATE (YYLTYPE, yyls);
2592+# endif
2593+# undef YYSTACK_RELOCATE
2594+ if (yyss1 != yyssa)
2595+ YYSTACK_FREE (yyss1);
2596+ }
2597 #endif /* no yyoverflow */
2598
2599- yyssp = yyss + size - 1;
2600- yyvsp = yyvs + size - 1;
2601-#ifdef YYLSP_NEEDED
2602- yylsp = yyls + size - 1;
2603+ yyssp = yyss + yysize - 1;
2604+ yyvsp = yyvs + yysize - 1;
2605+#if YYLSP_NEEDED
2606+ yylsp = yyls + yysize - 1;
2607 #endif
2608
2609-#if YYDEBUG != 0
2610- if (yydebug)
2611- fprintf(stderr, "Stack size increased to %d\n", yystacksize);
2612-#endif
2613+ YYDPRINTF ((stderr, "Stack size increased to %lu\n",
2614+ (unsigned long int) yystacksize));
2615
2616 if (yyssp >= yyss + yystacksize - 1)
2617 YYABORT;
2618 }
2619
2620-#if YYDEBUG != 0
2621- if (yydebug)
2622- fprintf(stderr, "Entering state %d\n", yystate);
2623-#endif
2624+ YYDPRINTF ((stderr, "Entering state %d\n", yystate));
2625
2626 goto yybackup;
2627- yybackup:
2628+
2629+
2630+/*-----------.
2631+| yybackup. |
2632+`-----------*/
2633+yybackup:
2634
2635 /* Do appropriate processing given the current state. */
2636 /* Read a lookahead token if we need one and don't already have one. */
2637@@ -745,10 +980,7 @@
2638
2639 if (yychar == YYEMPTY)
2640 {
2641-#if YYDEBUG != 0
2642- if (yydebug)
2643- fprintf(stderr, "Reading a token: ");
2644-#endif
2645+ YYDPRINTF ((stderr, "Reading a token: "));
2646 yychar = YYLEX;
2647 }
2648
2649@@ -759,25 +991,25 @@
2650 yychar1 = 0;
2651 yychar = YYEOF; /* Don't call YYLEX any more */
2652
2653-#if YYDEBUG != 0
2654- if (yydebug)
2655- fprintf(stderr, "Now at end of input.\n");
2656-#endif
2657+ YYDPRINTF ((stderr, "Now at end of input.\n"));
2658 }
2659 else
2660 {
2661- yychar1 = YYTRANSLATE(yychar);
2662+ yychar1 = YYTRANSLATE (yychar);
2663
2664-#if YYDEBUG != 0
2665+#if YYDEBUG
2666+ /* We have to keep this `#if YYDEBUG', since we use variables
2667+ which are defined only if `YYDEBUG' is set. */
2668 if (yydebug)
2669 {
2670- fprintf (stderr, "Next token is %d (%s", yychar, yytname[yychar1]);
2671- /* Give the individual parser a way to print the precise meaning
2672- of a token, for further debugging info. */
2673-#ifdef YYPRINT
2674+ YYFPRINTF (stderr, "Next token is %d (%s",
2675+ yychar, yytname[yychar1]);
2676+ /* Give the individual parser a way to print the precise
2677+ meaning of a token, for further debugging info. */
2678+# ifdef YYPRINT
2679 YYPRINT (stderr, yychar, yylval);
2680-#endif
2681- fprintf (stderr, ")\n");
2682+# endif
2683+ YYFPRINTF (stderr, ")\n");
2684 }
2685 #endif
2686 }
2687@@ -809,88 +1041,110 @@
2688 YYACCEPT;
2689
2690 /* Shift the lookahead token. */
2691-
2692-#if YYDEBUG != 0
2693- if (yydebug)
2694- fprintf(stderr, "Shifting token %d (%s), ", yychar, yytname[yychar1]);
2695-#endif
2696+ YYDPRINTF ((stderr, "Shifting token %d (%s), ",
2697+ yychar, yytname[yychar1]));
2698
2699 /* Discard the token being shifted unless it is eof. */
2700 if (yychar != YYEOF)
2701 yychar = YYEMPTY;
2702
2703 *++yyvsp = yylval;
2704-#ifdef YYLSP_NEEDED
2705+#if YYLSP_NEEDED
2706 *++yylsp = yylloc;
2707 #endif
2708
2709- /* count tokens shifted since error; after three, turn off error status. */
2710- if (yyerrstatus) yyerrstatus--;
2711+ /* Count tokens shifted since error; after three, turn off error
2712+ status. */
2713+ if (yyerrstatus)
2714+ yyerrstatus--;
2715
2716 yystate = yyn;
2717 goto yynewstate;
2718
2719-/* Do the default action for the current state. */
2720-yydefault:
2721
2722+/*-----------------------------------------------------------.
2723+| yydefault -- do the default action for the current state. |
2724+`-----------------------------------------------------------*/
2725+yydefault:
2726 yyn = yydefact[yystate];
2727 if (yyn == 0)
2728 goto yyerrlab;
2729+ goto yyreduce;
2730+
2731
2732-/* Do a reduction. yyn is the number of a rule to reduce with. */
2733+/*-----------------------------.
2734+| yyreduce -- Do a reduction. |
2735+`-----------------------------*/
2736 yyreduce:
2737+ /* yyn is the number of a rule to reduce with. */
2738 yylen = yyr2[yyn];
2739- if (yylen > 0)
2740- yyval = yyvsp[1-yylen]; /* implement default value of the action */
2741
2742-#if YYDEBUG != 0
2743+ /* If YYLEN is nonzero, implement the default value of the action:
2744+ `$$ = $1'.
2745+
2746+ Otherwise, the following line sets YYVAL to the semantic value of
2747+ the lookahead token. This behavior is undocumented and Bison
2748+ users should not rely upon it. Assigning to YYVAL
2749+ unconditionally makes the parser a bit smaller, and it avoids a
2750+ GCC warning that YYVAL may be used uninitialized. */
2751+ yyval = yyvsp[1-yylen];
2752+
2753+#if YYLSP_NEEDED
2754+ /* Similarly for the default location. Let the user run additional
2755+ commands if for instance locations are ranges. */
2756+ yyloc = yylsp[1-yylen];
2757+ YYLLOC_DEFAULT (yyloc, (yylsp - yylen), yylen);
2758+#endif
2759+
2760+#if YYDEBUG
2761+ /* We have to keep this `#if YYDEBUG', since we use variables which
2762+ are defined only if `YYDEBUG' is set. */
2763 if (yydebug)
2764 {
2765- int i;
2766+ int yyi;
2767
2768- fprintf (stderr, "Reducing via rule %d (line %d), ",
2769- yyn, yyrline[yyn]);
2770+ YYFPRINTF (stderr, "Reducing via rule %d (line %d), ",
2771+ yyn, yyrline[yyn]);
2772
2773 /* Print the symbols being reduced, and their result. */
2774- for (i = yyprhs[yyn]; yyrhs[i] > 0; i++)
2775- fprintf (stderr, "%s ", yytname[yyrhs[i]]);
2776- fprintf (stderr, " -> %s\n", yytname[yyr1[yyn]]);
2777+ for (yyi = yyprhs[yyn]; yyrhs[yyi] > 0; yyi++)
2778+ YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]);
2779+ YYFPRINTF (stderr, " -> %s\n", yytname[yyr1[yyn]]);
2780 }
2781 #endif
2782
2783-
2784 switch (yyn) {
2785
2786 case 3:
2787 #line 195 "getdate.y"
2788 {
2789 yyHaveTime++;
2790- ;
2791- break;}
2792+ }
2793+ break;
2794 case 4:
2795 #line 198 "getdate.y"
2796 {
2797 yyHaveZone++;
2798- ;
2799- break;}
2800+ }
2801+ break;
2802 case 5:
2803 #line 201 "getdate.y"
2804 {
2805 yyHaveDate++;
2806- ;
2807- break;}
2808+ }
2809+ break;
2810 case 6:
2811 #line 204 "getdate.y"
2812 {
2813 yyHaveDay++;
2814- ;
2815- break;}
2816+ }
2817+ break;
2818 case 7:
2819 #line 207 "getdate.y"
2820 {
2821 yyHaveRel++;
2822- ;
2823- break;}
2824+ }
2825+ break;
2826 case 9:
2827 #line 213 "getdate.y"
2828 {
2829@@ -898,8 +1152,8 @@
2830 yyMinutes = 0;
2831 yySeconds = 0;
2832 yyMeridian = yyvsp[0].Meridian;
2833- ;
2834- break;}
2835+ }
2836+ break;
2837 case 10:
2838 #line 219 "getdate.y"
2839 {
2840@@ -907,8 +1161,8 @@
2841 yyMinutes = yyvsp[-1].Number;
2842 yySeconds = 0;
2843 yyMeridian = yyvsp[0].Meridian;
2844- ;
2845- break;}
2846+ }
2847+ break;
2848 case 11:
2849 #line 225 "getdate.y"
2850 {
2851@@ -919,8 +1173,8 @@
2852 yyTimezone = (yyvsp[0].Number < 0
2853 ? -yyvsp[0].Number % 100 + (-yyvsp[0].Number / 100) * 60
2854 : - (yyvsp[0].Number % 100 + (yyvsp[0].Number / 100) * 60));
2855- ;
2856- break;}
2857+ }
2858+ break;
2859 case 12:
2860 #line 234 "getdate.y"
2861 {
2862@@ -928,8 +1182,8 @@
2863 yyMinutes = yyvsp[-3].Number;
2864 yySeconds = yyvsp[-1].Number;
2865 yyMeridian = yyvsp[0].Meridian;
2866- ;
2867- break;}
2868+ }
2869+ break;
2870 case 13:
2871 #line 240 "getdate.y"
2872 {
2873@@ -941,54 +1195,54 @@
2874 yyTimezone = (yyvsp[0].Number < 0
2875 ? -yyvsp[0].Number % 100 + (-yyvsp[0].Number / 100) * 60
2876 : - (yyvsp[0].Number % 100 + (yyvsp[0].Number / 100) * 60));
2877- ;
2878- break;}
2879+ }
2880+ break;
2881 case 14:
2882 #line 252 "getdate.y"
2883 {
2884 yyTimezone = yyvsp[0].Number;
2885- ;
2886- break;}
2887+ }
2888+ break;
2889 case 15:
2890 #line 255 "getdate.y"
2891 {
2892 yyTimezone = yyvsp[0].Number - 60;
2893- ;
2894- break;}
2895+ }
2896+ break;
2897 case 16:
2898 #line 259 "getdate.y"
2899 {
2900 yyTimezone = yyvsp[-1].Number - 60;
2901- ;
2902- break;}
2903+ }
2904+ break;
2905 case 17:
2906 #line 264 "getdate.y"
2907 {
2908 yyDayOrdinal = 1;
2909 yyDayNumber = yyvsp[0].Number;
2910- ;
2911- break;}
2912+ }
2913+ break;
2914 case 18:
2915 #line 268 "getdate.y"
2916 {
2917 yyDayOrdinal = 1;
2918 yyDayNumber = yyvsp[-1].Number;
2919- ;
2920- break;}
2921+ }
2922+ break;
2923 case 19:
2924 #line 272 "getdate.y"
2925 {
2926 yyDayOrdinal = yyvsp[-1].Number;
2927 yyDayNumber = yyvsp[0].Number;
2928- ;
2929- break;}
2930+ }
2931+ break;
2932 case 20:
2933 #line 278 "getdate.y"
2934 {
2935 yyMonth = yyvsp[-2].Number;
2936 yyDay = yyvsp[0].Number;
2937- ;
2938- break;}
2939+ }
2940+ break;
2941 case 21:
2942 #line 282 "getdate.y"
2943 {
2944@@ -1008,8 +1262,8 @@
2945 yyDay = yyvsp[-2].Number;
2946 yyYear = yyvsp[0].Number;
2947 }
2948- ;
2949- break;}
2950+ }
2951+ break;
2952 case 22:
2953 #line 300 "getdate.y"
2954 {
2955@@ -1017,8 +1271,8 @@
2956 yyYear = yyvsp[-2].Number;
2957 yyMonth = -yyvsp[-1].Number;
2958 yyDay = -yyvsp[0].Number;
2959- ;
2960- break;}
2961+ }
2962+ break;
2963 case 23:
2964 #line 306 "getdate.y"
2965 {
2966@@ -1026,38 +1280,38 @@
2967 yyDay = yyvsp[-2].Number;
2968 yyMonth = yyvsp[-1].Number;
2969 yyYear = -yyvsp[0].Number;
2970- ;
2971- break;}
2972+ }
2973+ break;
2974 case 24:
2975 #line 312 "getdate.y"
2976 {
2977 yyMonth = yyvsp[-1].Number;
2978 yyDay = yyvsp[0].Number;
2979- ;
2980- break;}
2981+ }
2982+ break;
2983 case 25:
2984 #line 316 "getdate.y"
2985 {
2986 yyMonth = yyvsp[-3].Number;
2987 yyDay = yyvsp[-2].Number;
2988 yyYear = yyvsp[0].Number;
2989- ;
2990- break;}
2991+ }
2992+ break;
2993 case 26:
2994 #line 321 "getdate.y"
2995 {
2996 yyMonth = yyvsp[0].Number;
2997 yyDay = yyvsp[-1].Number;
2998- ;
2999- break;}
3000+ }
3001+ break;
3002 case 27:
3003 #line 325 "getdate.y"
3004 {
3005 yyMonth = yyvsp[-1].Number;
3006 yyDay = yyvsp[-2].Number;
3007 yyYear = yyvsp[0].Number;
3008- ;
3009- break;}
3010+ }
3011+ break;
3012 case 28:
3013 #line 332 "getdate.y"
3014 {
3015@@ -1067,116 +1321,116 @@
3016 yyRelDay = -yyRelDay;
3017 yyRelMonth = -yyRelMonth;
3018 yyRelYear = -yyRelYear;
3019- ;
3020- break;}
3021+ }
3022+ break;
3023 case 30:
3024 #line 343 "getdate.y"
3025 {
3026 yyRelYear += yyvsp[-1].Number * yyvsp[0].Number;
3027- ;
3028- break;}
3029+ }
3030+ break;
3031 case 31:
3032 #line 346 "getdate.y"
3033 {
3034 yyRelYear += yyvsp[-1].Number * yyvsp[0].Number;
3035- ;
3036- break;}
3037+ }
3038+ break;
3039 case 32:
3040 #line 349 "getdate.y"
3041 {
3042 yyRelYear++;
3043- ;
3044- break;}
3045+ }
3046+ break;
3047 case 33:
3048 #line 352 "getdate.y"
3049 {
3050 yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number;
3051- ;
3052- break;}
3053+ }
3054+ break;
3055 case 34:
3056 #line 355 "getdate.y"
3057 {
3058 yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number;
3059- ;
3060- break;}
3061+ }
3062+ break;
3063 case 35:
3064 #line 358 "getdate.y"
3065 {
3066 yyRelMonth++;
3067- ;
3068- break;}
3069+ }
3070+ break;
3071 case 36:
3072 #line 361 "getdate.y"
3073 {
3074 yyRelDay += yyvsp[-1].Number * yyvsp[0].Number;
3075- ;
3076- break;}
3077+ }
3078+ break;
3079 case 37:
3080 #line 364 "getdate.y"
3081 {
3082 yyRelDay += yyvsp[-1].Number * yyvsp[0].Number;
3083- ;
3084- break;}
3085+ }
3086+ break;
3087 case 38:
3088 #line 367 "getdate.y"
3089 {
3090 yyRelDay++;
3091- ;
3092- break;}
3093+ }
3094+ break;
3095 case 39:
3096 #line 370 "getdate.y"
3097 {
3098 yyRelHour += yyvsp[-1].Number * yyvsp[0].Number;
3099- ;
3100- break;}
3101+ }
3102+ break;
3103 case 40:
3104 #line 373 "getdate.y"
3105 {
3106 yyRelHour += yyvsp[-1].Number * yyvsp[0].Number;
3107- ;
3108- break;}
3109+ }
3110+ break;
3111 case 41:
3112 #line 376 "getdate.y"
3113 {
3114 yyRelHour++;
3115- ;
3116- break;}
3117+ }
3118+ break;
3119 case 42:
3120 #line 379 "getdate.y"
3121 {
3122 yyRelMinutes += yyvsp[-1].Number * yyvsp[0].Number;
3123- ;
3124- break;}
3125+ }
3126+ break;
3127 case 43:
3128 #line 382 "getdate.y"
3129 {
3130 yyRelMinutes += yyvsp[-1].Number * yyvsp[0].Number;
3131- ;
3132- break;}
3133+ }
3134+ break;
3135 case 44:
3136 #line 385 "getdate.y"
3137 {
3138 yyRelMinutes++;
3139- ;
3140- break;}
3141+ }
3142+ break;
3143 case 45:
3144 #line 388 "getdate.y"
3145 {
3146 yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number;
3147- ;
3148- break;}
3149+ }
3150+ break;
3151 case 46:
3152 #line 391 "getdate.y"
3153 {
3154 yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number;
3155- ;
3156- break;}
3157+ }
3158+ break;
3159 case 47:
3160 #line 394 "getdate.y"
3161 {
3162 yyRelSeconds++;
3163- ;
3164- break;}
3165+ }
3166+ break;
3167 case 48:
3168 #line 400 "getdate.y"
3169 {
3170@@ -1208,64 +1462,50 @@
3171 yyMeridian = MER24;
3172 }
3173 }
3174- ;
3175- break;}
3176+ }
3177+ break;
3178 case 49:
3179 #line 433 "getdate.y"
3180 {
3181 yyval.Meridian = MER24;
3182- ;
3183- break;}
3184+ }
3185+ break;
3186 case 50:
3187 #line 437 "getdate.y"
3188 {
3189 yyval.Meridian = yyvsp[0].Meridian;
3190- ;
3191- break;}
3192+ }
3193+ break;
3194 }
3195- /* the action file gets copied in in place of this dollarsign */
3196-#line 498 "/usr/share/bison.simple"
3197+
3198+#line 727 "/usr/share/bison/bison.simple"
3199+
3200 \f
3201 yyvsp -= yylen;
3202 yyssp -= yylen;
3203-#ifdef YYLSP_NEEDED
3204+#if YYLSP_NEEDED
3205 yylsp -= yylen;
3206 #endif
3207
3208-#if YYDEBUG != 0
3209+#if YYDEBUG
3210 if (yydebug)
3211 {
3212- short *ssp1 = yyss - 1;
3213- fprintf (stderr, "state stack now");
3214- while (ssp1 != yyssp)
3215- fprintf (stderr, " %d", *++ssp1);
3216- fprintf (stderr, "\n");
3217+ short *yyssp1 = yyss - 1;
3218+ YYFPRINTF (stderr, "state stack now");
3219+ while (yyssp1 != yyssp)
3220+ YYFPRINTF (stderr, " %d", *++yyssp1);
3221+ YYFPRINTF (stderr, "\n");
3222 }
3223 #endif
3224
3225 *++yyvsp = yyval;
3226-
3227-#ifdef YYLSP_NEEDED
3228- yylsp++;
3229- if (yylen == 0)
3230- {
3231- yylsp->first_line = yylloc.first_line;
3232- yylsp->first_column = yylloc.first_column;
3233- yylsp->last_line = (yylsp-1)->last_line;
3234- yylsp->last_column = (yylsp-1)->last_column;
3235- yylsp->text = 0;
3236- }
3237- else
3238- {
3239- yylsp->last_line = (yylsp+yylen-1)->last_line;
3240- yylsp->last_column = (yylsp+yylen-1)->last_column;
3241- }
3242+#if YYLSP_NEEDED
3243+ *++yylsp = yyloc;
3244 #endif
3245
3246- /* Now "shift" the result of the reduction.
3247- Determine what state that goes to,
3248- based on the state we popped back to
3249- and the rule number reduced by. */
3250+ /* Now `shift' the result of the reduction. Determine what state
3251+ that goes to, based on the state we popped back to and the rule
3252+ number reduced by. */
3253
3254 yyn = yyr1[yyn];
3255
3256@@ -1277,10 +1517,13 @@
3257
3258 goto yynewstate;
3259
3260-yyerrlab: /* here on detecting error */
3261
3262- if (! yyerrstatus)
3263- /* If not already recovering from an error, report this error. */
3264+/*------------------------------------.
3265+| yyerrlab -- here on detecting error |
3266+`------------------------------------*/
3267+yyerrlab:
3268+ /* If not already recovering from an error, report this error. */
3269+ if (!yyerrstatus)
3270 {
3271 ++yynerrs;
3272
3273@@ -1289,102 +1532,121 @@
3274
3275 if (yyn > YYFLAG && yyn < YYLAST)
3276 {
3277- int size = 0;
3278- char *msg;
3279- int x, count;
3280-
3281- count = 0;
3282- /* Start X at -yyn if nec to avoid negative indexes in yycheck. */
3283- for (x = (yyn < 0 ? -yyn : 0);
3284- x < (sizeof(yytname) / sizeof(char *)); x++)
3285- if (yycheck[x + yyn] == x)
3286- size += strlen(yytname[x]) + 15, count++;
3287- msg = (char *) malloc(size + 15);
3288- if (msg != 0)
3289+ YYSIZE_T yysize = 0;
3290+ char *yymsg;
3291+ int yyx, yycount;
3292+
3293+ yycount = 0;
3294+ /* Start YYX at -YYN if negative to avoid negative indexes in
3295+ YYCHECK. */
3296+ for (yyx = yyn < 0 ? -yyn : 0;
3297+ yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++)
3298+ if (yycheck[yyx + yyn] == yyx)
3299+ yysize += yystrlen (yytname[yyx]) + 15, yycount++;
3300+ yysize += yystrlen ("parse error, unexpected ") + 1;
3301+ yysize += yystrlen (yytname[YYTRANSLATE (yychar)]);
3302+ yymsg = (char *) YYSTACK_ALLOC (yysize);
3303+ if (yymsg != 0)
3304 {
3305- strcpy(msg, "parse error");
3306+ char *yyp = yystpcpy (yymsg, "parse error, unexpected ");
3307+ yyp = yystpcpy (yyp, yytname[YYTRANSLATE (yychar)]);
3308
3309- if (count < 5)
3310+ if (yycount < 5)
3311 {
3312- count = 0;
3313- for (x = (yyn < 0 ? -yyn : 0);
3314- x < (sizeof(yytname) / sizeof(char *)); x++)
3315- if (yycheck[x + yyn] == x)
3316+ yycount = 0;
3317+ for (yyx = yyn < 0 ? -yyn : 0;
3318+ yyx < (int) (sizeof (yytname) / sizeof (char *));
3319+ yyx++)
3320+ if (yycheck[yyx + yyn] == yyx)
3321 {
3322- strcat(msg, count == 0 ? ", expecting `" : " or `");
3323- strcat(msg, yytname[x]);
3324- strcat(msg, "'");
3325- count++;
3326+ const char *yyq = ! yycount ? ", expecting " : " or ";
3327+ yyp = yystpcpy (yyp, yyq);
3328+ yyp = yystpcpy (yyp, yytname[yyx]);
3329+ yycount++;
3330 }
3331 }
3332- yyerror(msg);
3333- free(msg);
3334+ yyerror (yymsg);
3335+ YYSTACK_FREE (yymsg);
3336 }
3337 else
3338- yyerror ("parse error; also virtual memory exceeded");
3339+ yyerror ("parse error; also virtual memory exhausted");
3340 }
3341 else
3342-#endif /* YYERROR_VERBOSE */
3343- yyerror("parse error");
3344+#endif /* defined (YYERROR_VERBOSE) */
3345+ yyerror ("parse error");
3346 }
3347-
3348 goto yyerrlab1;
3349-yyerrlab1: /* here on error raised explicitly by an action */
3350
3351+
3352+/*--------------------------------------------------.
3353+| yyerrlab1 -- error raised explicitly by an action |
3354+`--------------------------------------------------*/
3355+yyerrlab1:
3356 if (yyerrstatus == 3)
3357 {
3358- /* if just tried and failed to reuse lookahead token after an error, discard it. */
3359+ /* If just tried and failed to reuse lookahead token after an
3360+ error, discard it. */
3361
3362 /* return failure if at end of input */
3363 if (yychar == YYEOF)
3364 YYABORT;
3365-
3366-#if YYDEBUG != 0
3367- if (yydebug)
3368- fprintf(stderr, "Discarding token %d (%s).\n", yychar, yytname[yychar1]);
3369-#endif
3370-
3371+ YYDPRINTF ((stderr, "Discarding token %d (%s).\n",
3372+ yychar, yytname[yychar1]));
3373 yychar = YYEMPTY;
3374 }
3375
3376- /* Else will try to reuse lookahead token
3377- after shifting the error token. */
3378+ /* Else will try to reuse lookahead token after shifting the error
3379+ token. */
3380
3381 yyerrstatus = 3; /* Each real token shifted decrements this */
3382
3383 goto yyerrhandle;
3384
3385-yyerrdefault: /* current state does not do anything special for the error token. */
3386
3387+/*-------------------------------------------------------------------.
3388+| yyerrdefault -- current state does not do anything special for the |
3389+| error token. |
3390+`-------------------------------------------------------------------*/
3391+yyerrdefault:
3392 #if 0
3393 /* This is wrong; only states that explicitly want error tokens
3394 should shift them. */
3395- yyn = yydefact[yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/
3396- if (yyn) goto yydefault;
3397+
3398+ /* If its default is to accept any token, ok. Otherwise pop it. */
3399+ yyn = yydefact[yystate];
3400+ if (yyn)
3401+ goto yydefault;
3402 #endif
3403
3404-yyerrpop: /* pop the current state because it cannot handle the error token */
3405
3406- if (yyssp == yyss) YYABORT;
3407+/*---------------------------------------------------------------.
3408+| yyerrpop -- pop the current state because it cannot handle the |
3409+| error token |
3410+`---------------------------------------------------------------*/
3411+yyerrpop:
3412+ if (yyssp == yyss)
3413+ YYABORT;
3414 yyvsp--;
3415 yystate = *--yyssp;
3416-#ifdef YYLSP_NEEDED
3417+#if YYLSP_NEEDED
3418 yylsp--;
3419 #endif
3420
3421-#if YYDEBUG != 0
3422+#if YYDEBUG
3423 if (yydebug)
3424 {
3425- short *ssp1 = yyss - 1;
3426- fprintf (stderr, "Error: state stack now");
3427- while (ssp1 != yyssp)
3428- fprintf (stderr, " %d", *++ssp1);
3429- fprintf (stderr, "\n");
3430+ short *yyssp1 = yyss - 1;
3431+ YYFPRINTF (stderr, "Error: state stack now");
3432+ while (yyssp1 != yyssp)
3433+ YYFPRINTF (stderr, " %d", *++yyssp1);
3434+ YYFPRINTF (stderr, "\n");
3435 }
3436 #endif
3437
3438+/*--------------.
3439+| yyerrhandle. |
3440+`--------------*/
3441 yyerrhandle:
3442-
3443 yyn = yypact[yystate];
3444 if (yyn == YYFLAG)
3445 goto yyerrdefault;
3446@@ -1407,18 +1669,45 @@
3447 if (yyn == YYFINAL)
3448 YYACCEPT;
3449
3450-#if YYDEBUG != 0
3451- if (yydebug)
3452- fprintf(stderr, "Shifting error token, ");
3453-#endif
3454+ YYDPRINTF ((stderr, "Shifting error token, "));
3455
3456 *++yyvsp = yylval;
3457-#ifdef YYLSP_NEEDED
3458+#if YYLSP_NEEDED
3459 *++yylsp = yylloc;
3460 #endif
3461
3462 yystate = yyn;
3463 goto yynewstate;
3464+
3465+
3466+/*-------------------------------------.
3467+| yyacceptlab -- YYACCEPT comes here. |
3468+`-------------------------------------*/
3469+yyacceptlab:
3470+ yyresult = 0;
3471+ goto yyreturn;
3472+
3473+/*-----------------------------------.
3474+| yyabortlab -- YYABORT comes here. |
3475+`-----------------------------------*/
3476+yyabortlab:
3477+ yyresult = 1;
3478+ goto yyreturn;
3479+
3480+/*---------------------------------------------.
3481+| yyoverflowab -- parser overflow comes here. |
3482+`---------------------------------------------*/
3483+yyoverflowlab:
3484+ yyerror ("parser stack overflow");
3485+ yyresult = 2;
3486+ /* Fall through. */
3487+
3488+yyreturn:
3489+#ifndef yyoverflow
3490+ if (yyss != yyssa)
3491+ YYSTACK_FREE (yyss);
3492+#endif
3493+ return yyresult;
3494 }
3495 #line 442 "getdate.y"
3496
3497--- shadow-4.0.3.orig/libmisc/chowntty.c
3498+++ shadow-4.0.3/libmisc/chowntty.c
3499@@ -44,6 +44,11 @@
3500 #include <pwd.h>
3501 #include "getdef.h"
3502
3503+#ifdef CONFIG_FLASK
3504+#include <selinux/ss.h>
3505+#include <selinux/fs_secure.h>
3506+#endif
3507+
3508 /*
3509 * is_my_tty -- determine if "tty" is the same as TTY stdin is using
3510 */
3511@@ -68,12 +73,20 @@
3512 */
3513
3514 void
3515-chown_tty(const char *tty, const struct passwd *info)
3516+chown_tty(const char *tty, const struct passwd *info
3517+#ifdef CONFIG_FLASK
3518+, int FLASK_flag, security_id_t user_sid, security_id_t *ttyn_sid
3519+#endif
3520+)
3521 {
3522 char buf[200], full_tty[200];
3523 char *group; /* TTY group name or number */
3524 struct group *grent;
3525 gid_t gid;
3526+#ifdef CONFIG_FLASK
3527+ security_id_t newdev_sid; /* The new sid of a device */
3528+ struct stat statbuf;
3529+#endif
3530
3531 /*
3532 * See if login.defs has some value configured for the port group
3533@@ -116,9 +129,29 @@
3534 tty, info->pw_name));
3535 closelog();
3536
3537- if (!(err == EROFS && info->pw_uid == 0))
3538+ if (err != EROFS)
3539 exit(1);
3540 }
3541+#ifdef CONFIG_FLASK
3542+ if(FLASK_flag)
3543+ {
3544+ if(stat_secure(tty, &statbuf, ttyn_sid) != 0)
3545+ {
3546+ perror("stat_secure");
3547+ exit (0);
3548+ }
3549+ if(security_change_sid (user_sid, *ttyn_sid, SECCLASS_CHR_FILE, &newdev_sid) != 0)
3550+ {
3551+ perror("security_change_sid");
3552+ exit (0);
3553+ }
3554+ if(chsid(tty, newdev_sid) != 0)
3555+ {
3556+ perror("chsid");
3557+ exit(0);
3558+ }
3559+ }
3560+#endif
3561
3562 #ifdef __linux__
3563 /*
3564--- shadow-4.0.3.orig/libmisc/failure.c
3565+++ shadow-4.0.3/libmisc/failure.c
3566@@ -39,7 +39,11 @@
3567 #include "getdef.h"
3568 #include "failure.h"
3569
3570+#ifdef HAVE_UTMPX_H
3571+#include <utmpx.h>
3572+#else
3573 #include <utmp.h>
3574+#endif
3575
3576 #define YEAR (365L*DAY)
3577
3578@@ -248,7 +252,13 @@
3579 */
3580
3581 void
3582-failtmp(const struct utmp *failent)
3583+failtmp(
3584+#ifdef HAVE_UTMPX_H
3585+ const struct utmpx *failent
3586+#else
3587+ const struct utmp *failent
3588+#endif
3589+)
3590 {
3591 char *ftmp;
3592 int fd;
3593--- shadow-4.0.3.orig/libmisc/failure.h
3594+++ shadow-4.0.3/libmisc/failure.h
3595@@ -4,7 +4,11 @@
3596
3597 #include "defines.h"
3598 #include "faillog.h"
3599+#ifdef HAVE_UTMPX_H
3600+#include <utmpx.h>
3601+#else
3602 #include <utmp.h>
3603+#endif
3604
3605 /*
3606 * failure - make failure entry
3607@@ -38,7 +42,11 @@
3608 * failtmp updates the (struct utmp) formatted failure log which
3609 * maintains a record of all login failures.
3610 */
3611+#ifdef HAVE_UTMPX_H
3612+extern void failtmp(const struct utmpx *);
3613+#else
3614 extern void failtmp(const struct utmp *);
3615+#endif
3616
3617 #endif
3618
3619--- shadow-4.0.3.orig/configure.in
3620+++ shadow-4.0.3/configure.in
3621@@ -138,7 +138,7 @@
3622 fi
3623
3624 AC_MSG_CHECKING(location of shared mail directory)
3625-for maildir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail NONE; do
3626+for maildir in /var/mail /var/spool/mail /usr/spool/mail /usr/mail NONE; do
3627 if test "$maildir" = "NONE"; then
3628 AC_MSG_RESULT(None)
3629 elif test -d $maildir; then
3630@@ -211,6 +211,7 @@
3631 AC_ARG_WITH(libpam, [ --with-libpam use libpam for PAM support])
3632 AC_ARG_WITH(libskey, [ --with-libskey use libskey for S/Key support])
3633 AC_ARG_WITH(libtcfs, [ --with-libtcfs use libtcfs for TCFS support])
3634+AC_ARG_WITH(selinux, [ --with-selinux use SE Linux support])
3635
3636 dnl Check for some functions in libc first, only if not found check for
3637 dnl other libraries. This should prevent linking libnsl if not really
3638@@ -260,14 +261,20 @@
3639 AC_CHECK_LIB(tcfs, tcfs_encrypt_key, AC_DEFINE(HAVE_TCFS) AC_DEFINE(TCFS_GDBM_SUPPORT) LIBTCFS="-ltcfs -lgdbm", , -lgdbm)
3640 fi
3641
3642+AC_SUBST(SEC_LDADD)
3643+if test "$with_libpam" = "yes"; then
3644+ SEC_LDADD=-lselinux
3645+ CFLAGS="$CFLAGS -DCONFIG_FLASK -I/usr/include/selinux"
3646+fi
3647 AC_SUBST(LIBPAM)
3648 if test "$with_libpam" = "yes"; then
3649 AC_CHECK_LIB(pam, pam_start,
3650 [AC_DEFINE(USE_PAM)
3651 LIBPAM="-lpam"
3652- AC_CHECK_LIB(pam_misc, main,
3653+ AC_CHECK_LIB(pam_misc, misc_conv,
3654 [LIBPAM="$LIBPAM -lpam_misc"],
3655- AC_MSG_ERROR(libpam_misc is missing)
3656+ AC_MSG_ERROR(libpam_misc is missing),
3657+ -lpam
3658 )]
3659 [AC_MSG_CHECKING(use login access checking if PAM not used)
3660 AC_DEFINE(LOGIN_ACCESS)
3661@@ -305,7 +312,6 @@
3662 lib/Makefile
3663 src/Makefile
3664 contrib/Makefile
3665- debian/Makefile
3666 etc/Makefile
3667 etc/pam.d/Makefile
3668 shadow.spec])
3669--- shadow-4.0.3.orig/Makefile.am
3670+++ shadow-4.0.3/Makefile.am
3671@@ -5,4 +5,4 @@
3672 AUTOMAKE_OPTIONS = 1.5 dist-bzip2 foreign
3673
3674 SUBDIRS = intl po man libmisc lib src \
3675- contrib debian doc etc
3676+ contrib doc etc
Shadow password file utilities for Linux
This page took 0.622372 seconds and 4 git commands to generate.