Serge Hallyn
48dcf7852e
usermod: prevent a segv
...
in the case where prefix does not exist.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2018-05-08 21:37:55 -05:00
fariouche
73a876a056
Fix usermod crash
...
Return newly allocated pointers when the caller will free them.
Closes #110
2018-05-08 21:17:46 -05:00
Serge Hallyn
f50603a5fc
release 4.6
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2018-04-29 11:41:41 -05:00
Serge Hallyn
164dcfe65b
Merge pull request #103 from HarmtH/be-predictable
...
su.c: be more predictable
2018-03-29 23:10:51 -07:00
Serge Hallyn
fb356b1344
Merge pull request #21 from fariouche/master
...
Add --prefix argument
2018-03-29 22:36:28 -07:00
Serge Hallyn
a3d91ae318
Merge pull request #102 from HarmtH/fix-dashdash-slurp
...
su.c: fix '--' slurping
2018-03-29 15:45:54 -07:00
fariouche
65b4f58703
add --prefix option: some fixes + fixed pwd.lock file location
2018-03-28 21:14:12 +02:00
fariouche
54551c7d6e
Merge remote-tracking branch 'upstream/master'
2018-03-28 21:11:36 +02:00
Harm te Hennepe
d877e3fcac
su.c: be more predictable
...
Always parse first non-option as username.
2018-03-27 00:57:21 +02:00
Harm te Hennepe
dbfe7dd42e
su.c: fix '--' slurping
...
All arguments are already reordered and parsed by getopt_long since e663c69, so manual '--' slurping is wrong.
Closes #101
2018-03-26 22:37:56 +02:00
Serge Hallyn
45b4187596
pwconv and grpconv: rewind after deleting an entry
...
Otherwise our spw_next() will cause us to skip an entry.
Ideally we'd be able to do an swp_rewind(1), but I don't
see a helper for this.
Closes #60
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2018-03-25 09:18:22 -05:00
Serge Hallyn
44c63795a7
userdel: fix wrong variable name in tcb case
...
Found in mandriva distro patch, and with a test build.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2018-03-24 23:44:09 -05:00
Serge Hallyn
36244ac1ff
src/Makefile.am: tcb fixes from mandriva
...
1. suidubins -= was breaking build with WITH_TCB.
2. stick libtcb at end of ldlibs list.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2018-03-24 23:41:23 -05:00
Serge Hallyn
d3790feac0
pwck.c: do not pass O_CREAT
...
It causes a crash later when we try to close files.
Closes #96
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2018-03-24 20:29:48 -05:00
Serge Hallyn
b63aca9a2c
src/Makefile.am: drop duplicate inclusion of chage
...
Closes #80
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2018-03-24 16:27:20 -05:00
Serge Hallyn
8f2f2a0d9d
Merge pull request #98 from jsoref/spelling
...
Spelling
2018-03-24 15:54:51 -05:00
Serge Hallyn
5d57ca10d9
Merge pull request #100 from akrosikam/patch-1
...
Complete translation to Norwegian bokmål
2018-03-24 15:54:22 -05:00
akrosikam
a5913d98e1
Complete translation to Norwegian bokmål
...
Translate remaining strings to Norwegian bokmål (nb). Also, cure previous translation of excessive anglicism and apply a more consistent use of actual Norwegian syntax.
2018-03-12 08:39:16 +01:00
Serge Hallyn
5f3e3c2c62
Merge pull request #93 from rahul1809/master
...
Double freeing up pointers , Causing Segmentation fault
2018-02-19 14:45:13 -06:00
Serge Hallyn
c53e4c1d77
Merge pull request #97 from cyphar/newgidmap-secure-setgroups
...
newgidmap: enforce setgroups=deny if self-mapping a group
2018-02-16 08:40:39 -06:00
Aleksa Sarai
6d8be68071
README: add Aleksa Sarai to author list
...
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2018-02-16 17:56:36 +11:00
Aleksa Sarai
fb28c99b8a
newgidmap: enforce setgroups=deny if self-mapping a group
...
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by dropping supplementary groups that were "blacklisted" from
certain paths.
This is the simplest fix for the underlying issue, and effectively makes
it so that unless a user has a valid mapping set in /etc/subgid (which
only administrators can modify) -- and they are currently trying to use
that mapping -- then /proc/$pid/setgroups will be set to deny. This
workaround is only partial, because ideally it should be possible to set
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
administrators to further restrict newgidmap(1).
We also don't write anything in the "allow" case because "allow" is the
default, and users may have already written "deny" even if they
technically are allowed to use setgroups. And we don't write anything if
the setgroups policy is already "deny".
Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
Fixes: CVE-2018-7169
Reported-by: Craig Furman <craig.furman89@gmail.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2018-02-16 17:56:35 +11:00
fariouche
acaed3deab
upstream merge
2018-01-23 23:10:19 +01:00
rahul
bb47fdf25e
indentation fix
2018-01-22 17:07:27 +05:30
rahul
97bb5b2b6d
added a check to avoid freeing null pointer
2018-01-22 17:05:52 +05:30
Serge Hallyn
c0f0c67864
Merge pull request #92 from IronicBadger/master
...
Fixes mispelling of MAX_DAYS help text
2018-01-18 22:42:12 -06:00
Alex Kretzschmar
e91b0f0517
Fixes mispelling of MAX_DAYS help text
2018-01-17 12:21:48 +00:00
Serge Hallyn
3f1f999e2d
Merge pull request #90 from t8m/userdel-chroot
...
Make userdel to work with -R.
2018-01-08 22:57:43 -06:00
Serge Hallyn
c63bc6bfaa
Merge pull request #91 from kloeri/master
...
Add note to passwd(1) that --maxdays -1 disables the setting.
2018-01-08 22:56:23 -06:00
Bryan Østergaard
a54907dce3
Add note to passwd(1) that --maxdays -1 disables the setting.
...
This note already exists in chage(1).
2018-01-03 18:36:40 +01:00
Tomas Mraz
2c57c399bf
Make userdel to work with -R.
...
The userdel checks for users with getpwnam() which might not work
properly in chroot. Check for the user's presence in local files only.
2017-12-21 09:12:58 +01:00
Josh Soref
a063580dbb
spelling: within
2017-10-22 21:37:53 +00:00
Josh Soref
a2c6e429b3
spelling: various
2017-10-22 21:33:42 +00:00
Josh Soref
f3e07f105e
spelling: using
2017-10-22 21:31:09 +00:00
Josh Soref
f21700d876
spelling: username
2017-10-22 21:31:35 +00:00
Josh Soref
34669aa651
spelling: unrecognized
2017-10-22 21:30:30 +00:00
Josh Soref
08248f0859
spelling: typical
2017-10-22 21:28:58 +00:00
Josh Soref
722be83a14
spelling: thanks
2017-10-22 21:24:49 +00:00
Josh Soref
ea1a6e814b
spelling: success
2017-10-22 21:23:13 +00:00
Josh Soref
2c930b19ba
spelling: succeeded
2017-10-22 21:23:22 +00:00
Josh Soref
75e8eaad78
spelling: submitting
2017-10-22 21:23:03 +00:00
Josh Soref
b74d6cfb98
spelling: spotted
2017-10-22 21:16:50 +00:00
Josh Soref
a95d4ac1b5
spelling: spectacularly
2017-10-22 21:16:07 +00:00
Josh Soref
b9c9d411ff
spelling: similar
2017-10-22 21:14:37 +00:00
Josh Soref
05cc753275
spelling: session
2017-10-22 21:13:32 +00:00
Josh Soref
af4a1c4e6b
spelling: security
2017-10-22 21:13:23 +00:00
Josh Soref
ef39098a1b
spelling: rewritten
2017-10-22 21:11:59 +00:00
Josh Soref
6671b44434
spelling: remove
2017-10-22 21:12:29 +00:00
Josh Soref
b2dbde4b8c
spelling: really
2017-10-22 21:06:22 +00:00
Josh Soref
57cb36333b
spelling: queried
2017-10-22 21:05:52 +00:00