Commit Graph

334 Commits

Author SHA1 Message Date
Jakub Hrozek
4aaf05d72e Flush sssd caches in addition to nscd caches
Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
    passwd: sss files
    group:  sss files

The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.

Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.

More details about why Fedora chose to use sss before files can be found
on e.g.:
    https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
    https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html

Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
    getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.

This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.
2018-09-13 14:20:02 +02:00
fariouche
65b4f58703 add --prefix option: some fixes + fixed pwd.lock file location 2018-03-28 21:14:12 +02:00
fariouche
54551c7d6e Merge remote-tracking branch 'upstream/master' 2018-03-28 21:11:36 +02:00
fariouche
acaed3deab upstream merge 2018-01-23 23:10:19 +01:00
Josh Soref
ea1a6e814b spelling: success 2017-10-22 21:23:13 +00:00
Josh Soref
57cb36333b spelling: queried 2017-10-22 21:05:52 +00:00
Josh Soref
414816064f spelling: match 2017-10-22 20:33:00 +00:00
Josh Soref
74fcf6f28d spelling: interactive 2017-10-22 20:24:32 +00:00
Josh Soref
452b9c26e4 spelling: categories 2017-10-22 08:08:07 +00:00
Chris Lamb
cb610d54b4 Make the sp_lstchg shadow field reproducible.
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

   username:17238:0:99999:7:::

whilst creating the same user tomorrow will result in:

    username:17239:0:99999:7:::

This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.

 [0] https://reproducible-builds.org/
 [1] https://reproducible-builds.org/specs/source-date-epoch/

Signed-off-by: Chris Lamb <lamby@debian.org>
2017-04-10 22:29:21 +01:00
Tomas Mraz
954e3d2e71 Fix buffer overflow if NULL line is present in db.
If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
2017-03-31 16:25:06 +02:00
fariouche
b6b2c756c9 add --prefix option 2017-03-01 22:51:09 +01:00
Bernhard Rosenkränzer
c33ceddc26 Don't crash on bogus keys in login.defs if PAM is enabled
Without this patch, PAM enabled builds crash when encountering an
invalid key in login.defs or key overrides because of array overflows

To reproduce, simply
	useradd -K Windows=broken

Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:47:24 -06:00
Serge Hallyn
5701e147ef Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore
Closes #23

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2016-12-21 12:45:50 -06:00
Mike Frysinger
32c0b283ef include getdef.h for getdef_bool prototype
Otherwise we get build warnings like:
sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
2016-12-05 17:15:29 -05:00
Tomas Mraz
6401c5b4ee snprintf() always terminates output with \0 2016-11-15 16:05:44 +01:00
Tomas Mraz
4471e5419d Keep the permissions of the original file when creating a backup. 2016-11-15 16:04:24 +01:00
Sebastian Krahmer
1d5a926cc2 Simplify getulong
Use strtoul to read an unsigned long, rather than reading
a signed long long and casting it.

https://bugzilla.suse.com/show_bug.cgi?id=979282
2016-08-03 11:51:07 -05:00
Serge Hallyn
e01bad7d3c Merge pull request #4 from xnox/master
Make shadow more robust in hostile environments
2015-11-12 23:07:29 -06:00
Tobias Stoeckmann
c17f5ec460 Free memory on error path
When multiple entries with the same name are encountered, nentry is
not properly freed, which results in a memory leak.
2015-07-12 14:30:32 +02:00
Tobias Stoeckmann
df5dafe049 Clear passwords on __gr_dup/__pw_dup errors.
The functions __gr_dup and __pw_dup do not explicitly zero the
memory which hold the passwords after free. The gr_free and pw_free
functions do this explicitly.

To guarantee same behaviour, it's possible to call these *_free
functions directly from __*_dup, because the memory is initialized
with zeros at the beginning. Calling free(NULL) has no negative
effect and can be considered safe these days.
2015-07-11 13:00:13 +02:00
Dimitri John Ledkov
bab349b46e
Create dbs with correct permissions. 2015-02-27 17:01:31 +00:00
Dimitri John Ledkov
46a72bc342
Force use shadow, even if missing. 2015-02-27 17:01:30 +00:00
Dimitri John Ledkov
71c6165dcd
Do not report unknown settings, when compiled with PAM.
When compiled with PAM certain settings are not used, however they are
still defined in the stock login.defs file. Thus every command reports
them as "unknown setting contact administrator".

Alternative would be to parse stock login.defs and comment out/remove
settings that are not applied, when compiled with PAM.
2015-02-27 17:01:28 +00:00
Dimitri John Ledkov
51c1fc93e3
Do not bail out on missing login.defs.
For most operations tools have compiled-in defaults, and thus can
operate without login.defs present.
2015-02-27 17:01:27 +00:00
Bostjan Skufca
1d049b6aed sub[ug]id: compare range before comparing username/UID, to avoid unnecessary syscalls
Change suggested by Nicolas François as performance optimization.
Performance penalty would be really noticeable when usernames are
stored in remote databases (ldap).

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:24 -05:00
Bostjan Skufca
a113b87c45 newuidmap/newgidmap: added support for user matching by UID in /etc/sub[ug]id
Until now only exact username specification in /etc/sub[ug]id file allowed the
mapping. This prevented normal use for those users who use multiple usernames
with the same UID, as it rejected mapping even though it was allowed for
another username with the same UID.

This patch initially retains the old behaviour, for performance's sake. In the
first pass, new[ug]idmap only searches for exact username match.
If that yields no valid results, it continues into another loop, which does UID
resolution and comparison. If either definition (numeric UID mapping
specification or mapping specification for another username with the same UID as
current username) is found, it is used.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:10 -05:00
Serge Hallyn
d409947e9a Document the subuid related functions in subordinateio.c
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-23 16:00:36 -05:00
Nicolas François
115aeef1c4 Fix subordinate_next() return value.
* lib/subordinateio.c (subordinate_next): Fix return value.
2013-08-19 21:32:27 +02:00
Nicolas François
5917347c6f Fix boundary conditions.
* lib/subordinateio.c (find_free_range): max is allowed for new
	ranges.
2013-08-15 17:30:19 +02:00
Nicolas François
7d5732cb49 Remove dead code.
* libmisc/find_new_sub_gids.c: Remove dead code.
	find_new_sub_gids() is always called with *range_count set to 0.
	It's more difficult to keep the subordinate GIDs and UIDs
	synchronized, than for the user's UID/GId because the count of
	subordinate IDs may differ.
	* libmisc/find_new_sub_uids.c: Likewise.
	* lib/subordinateio.h, lib/subordinateio.c: Remove APIs that are
	no more needed: is_sub_uid_range_free(), is_sub_gid_range_free(),
	is_range_free().
2013-08-15 17:30:19 +02:00
Nicolas François
0f26591422 Align coding style.
* lib/subordinateio.c: Avoid implicit conversion of pointers and
	integers to booleans.
	* lib/subordinateio.c: Added brackets.
2013-08-14 00:19:19 +02:00
Nicolas François
cd1bd8bf4c Add schematics with ranges to help reviews.
* lib/subordinateio.c: Add schematics with ranges to help reviews.
2013-08-14 00:19:19 +02:00
Nicolas François
b84b918464 Avoid dead branches.
* lib/subordinateio.c: Avoid dead branches.

Note: code is equivalent.
2013-08-14 00:19:19 +02:00
Nicolas François
0094abea6e Fix count for ranges truncated in remove_range().
* lib/subordinateio.c: Fix count for ranges truncated in
	remove_range().
2013-08-13 22:29:16 +02:00
Nicolas François
64fe2f7db6 Add splint annotations.
* lib/groupmem.c: Add splint annotations. The added memset makes
	splint think data was allocated.
	* lib/pwmem.c: Likewise.
	* lib/sgroupio.c: Likewise.
	* lib/shadowmem.c: Likewise.
2013-08-13 19:13:45 +02:00
Nicolas François
bfbd83239e Fix handling of boundaries.
* lib/subordinateio.c: Fix handling of boundaries.
	* libmisc/find_new_sub_uids.c: Likewise.
	* libmisc/find_new_sub_gids.c: Likewise.
2013-08-13 00:11:24 +02:00
Nicolas François
d9d1bb4acb Fix removal of ranges.
* lib/subordinateio.c: Fix removal of ranges. The database needs
	to be marked as changed or commonio_close will discard any change.
2013-08-12 23:57:32 +02:00
Nicolas François
d611d54ed4 Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
	--disable-subordinate-ids. Enabled by default.
	* lib/prototypes.h: Include <config.h> before using its macros.
	* lib/commonio.h, lib/commonio.c: Define commonio_append only when
	ENABLE_SUBIDS is defined.
	* lib/prototypes.h, libmisc/find_new_sub_gids.c,
	libmisc/find_new_sub_uids.c: Likewise.
	* lib/subordinateio.h, lib/subordinateio.c: Likewise.
	* libmisc/user_busy.c: Only check if subordinate IDs are in use if
	ENABLE_SUBIDS is defined.
	* src/Makefile.am: Create newgidmap and newuidmap only if
	ENABLE_SUBIDS is defined.
	* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
	subordinate IDs.
	* src/useradd.c: Likewise.
	* src/userdel.c: Likewise.
	* src/usermod.c: Likewise.
	* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
	* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 (not translated yet).
	* man/generate_mans.mak: Add xsltproc conditionals
	subids/no_subids.
	* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
	condition.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/usermod.8.xml: Document options for subordinate IDs and
	reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 15:46:59 +02:00
Nicolas François
bae65562ef Remove unused variables.
* lib/subordinateio.c: Remove unused variables.
2013-08-06 20:59:52 +02:00
Nicolas François
95d1e146b2 Fix typos.
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/login.defs.d/SUB_UID_COUNT.xml: Fix copy-paste issue from
	SUB_GID_COUNT.
	* man/newgidmap.1.xml: Fix Typo.
	* src/useradd.c: Fix typos.
	* lib/subordinateio.c: Fix typos.
2013-08-06 20:59:13 +02:00
Nicolas François
fcb7222b1a Fix Debian bug #675824
* lib/groupmem.c (__gr_dup): Support libc which define other
	fields in struct group.
	* lib/pwmem.c: Likewise for struct passwd.
	* lib/shadowmem.c: Likewise for struct spwd.
	* lib/sgroupio.c: Apply same logic, even if this structure is
	defined internally.
2013-08-06 16:33:27 +02:00
Nicolas François
5d491ef9da Revert b10cba0e0a
The length of the concatenated 2 lines was correct.
2013-08-05 23:16:00 +02:00
Serge Hallyn
3b3c8001fe subordinateio: Fix subordinate_parse to have an internal static buffer
subordinate_parse is supposed to return a static structure that
represents one line in /etc/subuid or /etc/subgid.  I goofed and
failed to make the variable rangebuf that holds the username of
in the returned structure static.

Add this missing static specification.

Author: <Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
a8f26262cf Implement find_new_sub_uids find_new_sub_gids
Functions for finding new subordinate uid and gids ranges for use
with useradd.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
f28ad4b251 Add backend support for suboridnate uids and gids
These files list the set of subordinate uids and gids that users are allowed
to use.   The expect use case is with the user namespace but other uses are
allowed.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
5620c5ab5d Implement commonio_append.
To support files that do not have a simple unique key implement
commonio_append to allow new entries to be added.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Nicolas François
0d66002c95 Do not allocate more than necessary
Review b10cba0e0a and 7a16f4582d:
	* lib/groupio.c (merge_group_entries): Do not allocate more than
	necessary (sizeof char* instead of char).
	Thanks for Tomáš Mráz (alioth#313962)
	* lib/groupio.c (merge_group_entries): Document that new_members
	is correctly NULL terminated. (alioth:#313940)

Align previous ChangeLog entries.
2013-08-04 15:36:13 +02:00
Nicolas François
e8ab31d009 Review 52a38d5509
* Changelog: Update documentation of 2013-07-28  mancha entry.
	* lib/prototypes.h, lib/encrypt.c: Update splint marker,
	pw_encrypt can return NULL.
	* lib/encrypt.c: Fix outdated statement on GNU crypt.
	* src/chgpasswd.c: Improve diagnostic to user when pw_encrypt
	fails and use fail_exit() instead of exit().
	* src/chpasswd.c: Likewise.
	* src/newusers.c: Likewise.
	* src/passwd.c: Likewise when new password is encrypted.
	* src/newgrp.c: Improve diagnostic to user and syslog when
	pw_encrypt fails.  Do not apply 1s penalty as this is not an
	invalid password issue.
	* src/passwd.c: Likewise when password is checked.
2013-08-04 00:27:53 +02:00
Brad Hubbard
7a16f4582d fix uninitialised memory in merge_group_entries causes segfault in useradd by
changing a call to malloc to a call to calloc
2013-07-29 10:13:12 +02:00