Commit Graph

2439 Commits

Author SHA1 Message Date
Serge Hallyn
b215e9d02c
Merge pull request #268 from stoeckmann/chfn
chfn: Prevent buffer overflow.
2020-08-10 13:45:15 -05:00
Christian Brauner
994a3b463c
Merge pull request #272 from ikerexxe/useradd_covscan
useradd: check return value from chmod and log it
2020-08-10 12:34:52 +02:00
ikerexxe
508b968cb1 useradd: check return value from chmod and log it
covscan was complaining abot calling chmod and ignoring the return
value:
Error: CHECKED_RETURN (CWE-252):
shadow-4.6/src/useradd.c:2084: check_return: Calling
"chmod(prefix_user_home, mode)" without checking return value. This
library function may fail and return an error code.
2082|   		mode_t mode = getdef_num ("HOME_MODE",
2083|   		                          0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
2084|-> 		chmod (prefix_user_home, mode);
2085|   		home_added = true;
2086|   #ifdef WITH_AUDIT
2020-08-10 11:44:00 +02:00
Christian Brauner
6afa2aaf9d
Merge pull request #271 from hallyn/2020-08-08/groupmembers
add -U option to groupadd and groupmod
2020-08-10 10:22:45 +02:00
Serge Hallyn
342c934a35 add -U option to groupadd and groupmod
Add a -U option which adds new usernames as members.  For groupmod,
also add -a (append), without which existing members are removed.

Closes #265
2020-08-09 22:11:33 -05:00
Aleksei Nikiforov
49930bd3a6 Fix potential resource leak in set_selinux_file_context function 2020-08-04 10:24:46 +03:00
Serge Hallyn
7ea342579e useradd: suggest --badnames when given a bad name
Closes #266
2020-07-31 21:29:21 -05:00
Tobias Stoeckmann
875d2d49c1 chfn: Prevent buffer overflow.
This is a stability fix, not a security fix, because the affected -o
option can only be used by root and it takes a modified passwd file.

If a gecos field for a user has BUFSIZ characters without commas and an
equals sign (i.e. a huge slop/extra field) and chfn is called with -o,
then a buffer overflow occurs.

It is not possible to trigger this with shadow tools. Therefore, the
passwd file must be modified manually.

I have fixed this unlikely case the easiest and cleanest way possible.
Since chfn bails out if more than 80 characters excluding commas are
supposed to be written into gecos field, we can stop processing early on
if -o argument is too long.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2020-07-12 19:09:14 +02:00
Tobias Stoeckmann
83aa88466d chage: Prevent signed integer overflows.
This is merely a stability fix, not a security fix.

As the root user, it is possible to set time values which later on
result in signed integer overflows.

For this to work, an sgetspent implementation must be used which
supports long values (glibc on amd64 only parses 32 bit, not 64).
Either use musl or simply call configure with following environment
variable:

$ ac_cv_func_sgetspent=no ./configure

Also it is recommended to compile with -fsanitize=undefined or
-ftrapv to see these issues easily.

Examples to trigger issues when calling "chage -l user":

$ chage -d 9223372036854775807 user

$ chage -d 106751991167300 user
$ chage -M 9999 user

$ chage -d 90000000000000 user
$ chage -I 90000000000000 user
$ chage -M 9999 user

$ chage -E 9223372036854775807 user

While at it, I fixed casting issues which could lead to signed integer
overflows on systems which still have a 32 bit time_t.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2020-07-12 17:56:38 +02:00
Serge Hallyn
607f1dd549 libsubid: fix a prototype in api.h
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-06-19 22:09:20 -05:00
Serge Hallyn
6baeb25038
Merge pull request #234 from edneville/79_userdel
Adding run-parts for userdel
2020-06-10 00:31:10 -05:00
ed
32cfa176f2 Adding run-parts style for pre and post useradd/del
Signed-off-by: ed neville <ed@s5h.net>
2020-06-10 00:26:55 -05:00
Serge Hallyn
b01bd3b139
Merge pull request #250 from hallyn/libsubid
[strawman] Implement libsubid
2020-06-08 00:10:16 -05:00
Serge Hallyn
0a7888b1fa Create a new libsubid
Closes #154

Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.

I might be mistaken about what -disable-man means;  some of
the code suggests it means just don't re-generate them, but
not totally ignore them.  But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.

Remove --disable-shared.  I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.

Create a tests/run_some, a shorter version of run_all.  I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.

Also, don't touch man/ if not -enable-man.

Changelog:
	Apr 22: change the subid list api as recomended by Dan Walsh.
	Apr 23: implement get_subid_owner
	Apr 24: implement range add/release
	Apr 25: finish tests and rebase
	May 10: make @owner const

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-06-07 12:11:58 -05:00
Serge Hallyn
43a917cce5 configure: define abi versions
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-06-07 12:07:23 -05:00
Serge Hallyn
089cf55e2c drop svn complications from test runner
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-06-07 12:07:14 -05:00
Serge Hallyn
316a153abb tests: use git to determine top_dir
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-06-07 12:07:09 -05:00
Serge Hallyn
6e6494680d trivial: drop useless version-info from libshadow_la_LDFLAGS
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-06-07 12:07:00 -05:00
Serge Hallyn
6155e91f4e
Merge pull request #262 from andydna/master
correct grammar in shadow(5)
2020-06-06 12:59:59 -05:00
andydna
967bfb0376 correct grammar in shadow(5) 2020-06-04 22:29:15 -05:00
Serge Hallyn
9cb21c2bdf
Merge pull request #259 from Inrin/lastlog_MaxPadding
Add maximum padding to fit IPv6-Addresses
2020-05-28 14:45:23 -05:00
Serge Hallyn
5cb839d977
Merge pull request #257 from Frans-Spiesschaert/new_dutch_po_branch
(nl) updated Dutch translation
2020-05-26 14:48:48 -05:00
Inrin
b128222477
Add maximum padding to fit IPv6-Addresses
We use a fixed padding for the From column to fit the maximum of a
minimized IPv6-LL-Address and it's interface.
2020-05-24 23:48:25 +02:00
Frans Spiesschaert
fc95155aa4 (nl) updated Dutch translation 2020-05-24 15:26:06 +02:00
Serge Hallyn
320707fcb0
Merge pull request #251 from lifecrisis/nonexistent
Add "NONEXISTENT" to "login.defs"
2020-05-11 09:13:34 -05:00
Jason Franklin
4086aed1ed
Update the "README" file 2020-05-11 09:27:01 -04:00
Jason Franklin
096dad6305
Add "NONEXISTENT.xml" to "man/Makefile.am" 2020-05-11 09:27:00 -04:00
Jason Franklin
4772689d27
Name "NONEXISTENT" in the man page for "pwck" 2020-05-11 09:27:00 -04:00
Jason Franklin
1566921dd8
Add detailed documentation for "NONEXISTENT" 2020-05-11 09:26:45 -04:00
Jason Franklin
04062cda11
Add "NONEXISTENT" to the "login.defs" man page 2020-05-11 09:26:43 -04:00
Jason Franklin
c040058fe3
Check for "NONEXISTENT" in "src/pwck.c" 2020-05-11 09:26:43 -04:00
Jason Franklin
c56fe7117b
Add "NONEXISTENT" to def_table 2020-05-11 09:26:42 -04:00
Jason Franklin
e2f74c347b
Add "NONEXISTENT" to "etc/login.defs" 2020-05-11 09:26:04 -04:00
Serge Hallyn
f929bfd90b
Merge pull request #237 from ikerexxe/usermod_fails
Check only local groups when adding new supplementary groups to a user
2020-05-01 22:26:41 -05:00
Serge Hallyn
c889ebc2c9
Merge pull request #249 from brauner/coverity
travis: reorder sections and add regenerated coverity token
2020-04-25 12:32:13 -05:00
Christian Brauner
a3a1cf6536
travis: reorder sections and add regenerated coverity token
Also remove the openssl section since both lxc and lxcfs don't need it
either.

Signed-off-by: Christian Brauner <christian@brauner.io>
2020-04-25 18:45:24 +02:00
Serge Hallyn
7e0e931519
Merge pull request #248 from brauner/coverity
travis: add more architectures + enable Coverity
2020-04-25 11:32:23 -05:00
Christian Brauner
97a76bd9e6
travis: add more architectures and Coverity support
Now that travis supports more architectures let's make sure we test on
all of them and that we enable Coverity too.

Signed-off-by: Christian Brauner <christian@brauner.io>
2020-04-25 12:59:25 +02:00
Christian Brauner
69332884b1
Merge pull request #247 from jubalh/unusedcpp
Remove unused variables
2020-04-25 12:34:49 +02:00
Michael Vetter
992c1723af Remove unused 'buf' in shadow.c 2020-04-25 12:23:10 +02:00
Michael Vetter
8eee5d03fd Remove unused variable 'cpp' 2020-04-25 12:10:39 +02:00
Serge Hallyn
77be9c35c7
Merge pull request #244 from sthibaul/master
Fix hurd build
2020-04-23 10:56:48 -05:00
Christian Brauner
f7ae4d48f4
Merge pull request #246 from blueskycs2c/stderr-pr
check_uid_range : warnings go to stderr
2020-04-20 10:01:27 +02:00
blueskycs2c
1d8487d851 check_uid_range : warnings go to stderr 2020-04-20 10:16:19 +08:00
Christian Brauner
52aba825af
Merge pull request #245 from hallyn/2020-04-17/libmisc
remove unused and misleading 'owner' argument from find_new_sub*
2020-04-18 12:32:38 +02:00
Serge Hallyn
25b1a8d591 remove unused and misleading 'owner' argument from find_new_sub*
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-04-17 16:32:44 -05:00
Samuel Thibault
5de28353d4 Fix hurd build
Do not include <sys/prctl.h> we don't have <sys/capability.h>, we don't
need prctl in that case anyway.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2020-04-17 21:50:48 +02:00
Serge Hallyn
7b36b160f7
Merge pull request #243 from blueskycs2c/uid-pr
print a warning from useradd if -u is used with uid number outside ra…
2020-04-16 11:48:21 -05:00
blueskycs2c
00e629c0ba print a warning from useradd if -u is used with uid number outside range. 2020-04-11 22:45:54 +08:00
Christian Brauner
942f1945bb
Merge pull request #242 from topimiettinen/login-defs-modernize
login.defs: warn about weak choices
2020-04-10 16:58:29 +02:00