ed neville
3c9836a298
Removing trailing n typo
...
Signed-off-by: ed neville <ed@s5h.net>
2020-08-12 17:53:28 +01:00
Serge Hallyn
a271076041
Merge pull request #263 from edneville/261_grpck_questionable_warning
...
Option to suppress group/gshadow inconsistencies
2020-08-11 13:58:22 -05:00
ed neville
e8c44a4c12
Option to suppress group/gshadow inconsistencies
...
'gshadow' man page suggests that "You should use the same list of users
as in /etc/group", but not must.
Closes #261
2020-08-11 13:53:48 -05:00
Serge Hallyn
d041eec354
Merge pull request #270 from darktemplarbasealt/fix_resource_leak
...
Fix potential resource leak in set_selinux_file_context function
2020-08-10 20:34:50 -05:00
Serge Hallyn
b215e9d02c
Merge pull request #268 from stoeckmann/chfn
...
chfn: Prevent buffer overflow.
2020-08-10 13:45:15 -05:00
Christian Brauner
994a3b463c
Merge pull request #272 from ikerexxe/useradd_covscan
...
useradd: check return value from chmod and log it
2020-08-10 12:34:52 +02:00
ikerexxe
508b968cb1
useradd: check return value from chmod and log it
...
covscan was complaining abot calling chmod and ignoring the return
value:
Error: CHECKED_RETURN (CWE-252):
shadow-4.6/src/useradd.c:2084: check_return: Calling
"chmod(prefix_user_home, mode)" without checking return value. This
library function may fail and return an error code.
2082| mode_t mode = getdef_num ("HOME_MODE",
2083| 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
2084|-> chmod (prefix_user_home, mode);
2085| home_added = true;
2086| #ifdef WITH_AUDIT
2020-08-10 11:44:00 +02:00
Christian Brauner
6afa2aaf9d
Merge pull request #271 from hallyn/2020-08-08/groupmembers
...
add -U option to groupadd and groupmod
2020-08-10 10:22:45 +02:00
Serge Hallyn
342c934a35
add -U option to groupadd and groupmod
...
Add a -U option which adds new usernames as members. For groupmod,
also add -a (append), without which existing members are removed.
Closes #265
2020-08-09 22:11:33 -05:00
Aleksei Nikiforov
49930bd3a6
Fix potential resource leak in set_selinux_file_context function
2020-08-04 10:24:46 +03:00
Serge Hallyn
7ea342579e
useradd: suggest --badnames when given a bad name
...
Closes #266
2020-07-31 21:29:21 -05:00
Tobias Stoeckmann
875d2d49c1
chfn: Prevent buffer overflow.
...
This is a stability fix, not a security fix, because the affected -o
option can only be used by root and it takes a modified passwd file.
If a gecos field for a user has BUFSIZ characters without commas and an
equals sign (i.e. a huge slop/extra field) and chfn is called with -o,
then a buffer overflow occurs.
It is not possible to trigger this with shadow tools. Therefore, the
passwd file must be modified manually.
I have fixed this unlikely case the easiest and cleanest way possible.
Since chfn bails out if more than 80 characters excluding commas are
supposed to be written into gecos field, we can stop processing early on
if -o argument is too long.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2020-07-12 19:09:14 +02:00
Serge Hallyn
607f1dd549
libsubid: fix a prototype in api.h
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-06-19 22:09:20 -05:00
Serge Hallyn
6baeb25038
Merge pull request #234 from edneville/79_userdel
...
Adding run-parts for userdel
2020-06-10 00:31:10 -05:00
ed
32cfa176f2
Adding run-parts style for pre and post useradd/del
...
Signed-off-by: ed neville <ed@s5h.net>
2020-06-10 00:26:55 -05:00
Serge Hallyn
b01bd3b139
Merge pull request #250 from hallyn/libsubid
...
[strawman] Implement libsubid
2020-06-08 00:10:16 -05:00
Serge Hallyn
0a7888b1fa
Create a new libsubid
...
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-06-07 12:11:58 -05:00
Serge Hallyn
43a917cce5
configure: define abi versions
...
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-06-07 12:07:23 -05:00
Serge Hallyn
089cf55e2c
drop svn complications from test runner
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-06-07 12:07:14 -05:00
Serge Hallyn
316a153abb
tests: use git to determine top_dir
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-06-07 12:07:09 -05:00
Serge Hallyn
6e6494680d
trivial: drop useless version-info from libshadow_la_LDFLAGS
...
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-06-07 12:07:00 -05:00
Serge Hallyn
6155e91f4e
Merge pull request #262 from andydna/master
...
correct grammar in shadow(5)
2020-06-06 12:59:59 -05:00
andydna
967bfb0376
correct grammar in shadow(5)
2020-06-04 22:29:15 -05:00
Serge Hallyn
9cb21c2bdf
Merge pull request #259 from Inrin/lastlog_MaxPadding
...
Add maximum padding to fit IPv6-Addresses
2020-05-28 14:45:23 -05:00
Serge Hallyn
5cb839d977
Merge pull request #257 from Frans-Spiesschaert/new_dutch_po_branch
...
(nl) updated Dutch translation
2020-05-26 14:48:48 -05:00
Inrin
b128222477
Add maximum padding to fit IPv6-Addresses
...
We use a fixed padding for the From column to fit the maximum of a
minimized IPv6-LL-Address and it's interface.
2020-05-24 23:48:25 +02:00
Frans Spiesschaert
fc95155aa4
(nl) updated Dutch translation
2020-05-24 15:26:06 +02:00
Serge Hallyn
320707fcb0
Merge pull request #251 from lifecrisis/nonexistent
...
Add "NONEXISTENT" to "login.defs"
2020-05-11 09:13:34 -05:00
Jason Franklin
4086aed1ed
Update the "README" file
2020-05-11 09:27:01 -04:00
Jason Franklin
096dad6305
Add "NONEXISTENT.xml" to "man/Makefile.am"
2020-05-11 09:27:00 -04:00
Jason Franklin
4772689d27
Name "NONEXISTENT" in the man page for "pwck"
2020-05-11 09:27:00 -04:00
Jason Franklin
1566921dd8
Add detailed documentation for "NONEXISTENT"
2020-05-11 09:26:45 -04:00
Jason Franklin
04062cda11
Add "NONEXISTENT" to the "login.defs" man page
2020-05-11 09:26:43 -04:00
Jason Franklin
c040058fe3
Check for "NONEXISTENT" in "src/pwck.c"
2020-05-11 09:26:43 -04:00
Jason Franklin
c56fe7117b
Add "NONEXISTENT" to def_table
2020-05-11 09:26:42 -04:00
Jason Franklin
e2f74c347b
Add "NONEXISTENT" to "etc/login.defs"
2020-05-11 09:26:04 -04:00
Serge Hallyn
f929bfd90b
Merge pull request #237 from ikerexxe/usermod_fails
...
Check only local groups when adding new supplementary groups to a user
2020-05-01 22:26:41 -05:00
Serge Hallyn
c889ebc2c9
Merge pull request #249 from brauner/coverity
...
travis: reorder sections and add regenerated coverity token
2020-04-25 12:32:13 -05:00
Christian Brauner
a3a1cf6536
travis: reorder sections and add regenerated coverity token
...
Also remove the openssl section since both lxc and lxcfs don't need it
either.
Signed-off-by: Christian Brauner <christian@brauner.io>
2020-04-25 18:45:24 +02:00
Serge Hallyn
7e0e931519
Merge pull request #248 from brauner/coverity
...
travis: add more architectures + enable Coverity
2020-04-25 11:32:23 -05:00
Christian Brauner
97a76bd9e6
travis: add more architectures and Coverity support
...
Now that travis supports more architectures let's make sure we test on
all of them and that we enable Coverity too.
Signed-off-by: Christian Brauner <christian@brauner.io>
2020-04-25 12:59:25 +02:00
Christian Brauner
69332884b1
Merge pull request #247 from jubalh/unusedcpp
...
Remove unused variables
2020-04-25 12:34:49 +02:00
Michael Vetter
992c1723af
Remove unused 'buf' in shadow.c
2020-04-25 12:23:10 +02:00
Michael Vetter
8eee5d03fd
Remove unused variable 'cpp'
2020-04-25 12:10:39 +02:00
Serge Hallyn
77be9c35c7
Merge pull request #244 from sthibaul/master
...
Fix hurd build
2020-04-23 10:56:48 -05:00
Christian Brauner
f7ae4d48f4
Merge pull request #246 from blueskycs2c/stderr-pr
...
check_uid_range : warnings go to stderr
2020-04-20 10:01:27 +02:00
blueskycs2c
1d8487d851
check_uid_range : warnings go to stderr
2020-04-20 10:16:19 +08:00
Christian Brauner
52aba825af
Merge pull request #245 from hallyn/2020-04-17/libmisc
...
remove unused and misleading 'owner' argument from find_new_sub*
2020-04-18 12:32:38 +02:00
Serge Hallyn
25b1a8d591
remove unused and misleading 'owner' argument from find_new_sub*
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-04-17 16:32:44 -05:00
Samuel Thibault
5de28353d4
Fix hurd build
...
Do not include <sys/prctl.h> we don't have <sys/capability.h>, we don't
need prctl in that case anyway.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2020-04-17 21:50:48 +02:00