Commit Graph

2825 Commits

Author SHA1 Message Date
Lars Wendler
19bac44dde
build: Make build/installation of su and its support files optional
Enabled by default
This is necessary because coreutils and util-linux can also provide su

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
2019-11-19 11:28:45 +01:00
Christian Brauner
b49712ed32
Merge pull request #191 from topimiettinen/sync-passwd-5-and-shadow-5
man: sync and reorder password field descriptions
2019-11-16 15:06:03 +01:00
Topi Miettinen
cdbe1310cc
man: sync and reorder password field descriptions
Synchronize how passwd(5) and shadow(5) describe the password field.
Reorder the descriptions more logically.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2019-11-16 15:35:08 +02:00
Serge Hallyn
b462f5335f
Merge pull request #190 from jubalh/fixtypo
Fix typo in access of shell command
2019-11-12 07:12:06 -06:00
Michael Vetter
115a4e89e2 Fix typo in access of shell command
Fix typo in 88fa0651bf.
For some reason my git push -f seems not to have worked.
2019-11-12 08:38:08 +01:00
Serge Hallyn
9d935d9be1
Merge pull request #189 from hallyn/2019-11-11/vpiw
Fix vipw not resuming correctly when suspended
2019-11-11 20:22:49 -06:00
Todd C. Miller
7eca1112fb Fix vipw not resuming correctly when suspended
Closes #185

If vipw is suspended (e.g. via control-Z) and then resumed, it often gets
immediately suspended. This is easier to reproduce on a multi-core system.

root@buster:~# /usr/sbin/vipw

[1]+  Stopped                 /usr/sbin/vipw
root@buster:~# fg
/usr/sbin/vipw

[1]+  Stopped                 /usr/sbin/vipw

root@buster:~# fg
[vipw resumes on the second fg]

The problem is that vipw forks a child process and calls waitpid() with the
WUNTRACED flag. When the child process (running the editor) is suspended, the
parent sends itself SIGSTOP to suspend the main vipw process. However, because
the main vipw is in the same process group as the editor which received the ^Z,
the kernel already sent the main vipw SIGTSTP.

If the main vipw receives SIGTSTP before the child, it will be suspended and
then, once resumed, will proceed to suspend itself again.

To fix this, run the child process in its own process group as the foreground
process group. That way, control-Z will only affect the child process and the
parent can use the existing logic to suspend the parent.
2019-11-11 20:19:57 -06:00
Serge Hallyn
fe2a266c50
Merge pull request #188 from rbalint/pot
Allow translation of new strings by adding new files to POTFILES.in
2019-11-11 18:12:36 -06:00
Serge Hallyn
e97df9b1ec
Merge pull request #187 from jubalh/useradd-s
useradd: check for valid shell argument
2019-11-11 18:10:56 -06:00
Miroslav Kure
d048459d36 [i18n] Allow translation of new strings by adding new files to POTFILES.in 2019-11-11 16:44:04 +01:00
Michael Vetter
88fa0651bf useradd: check for valid shell argument
Check whether shell argument given with `-s` is actually present and executable.
And is not a directory.

Fix https://github.com/shadow-maint/shadow/issues/186
2019-11-11 13:46:25 +01:00
Serge Hallyn
4e038f3ae7
Merge pull request #184 from FRidh/itstool
man: generate translations using itstool instead of xml2po
2019-11-05 08:58:13 -06:00
Frederik Rietdijk
6c6c8d3a33 man: generate translations using itstool instead of xml2po
This patch was taken from Fedora Rawhide
b41cff1956/f/shadow-4.6-use-itstool.patch
2019-11-03 13:04:17 +01:00
Serge Hallyn
a8a921184f
Merge pull request #183 from cgzones/selinux
migrate to new SELinux api
2019-10-28 23:40:06 -05:00
Christian Göttsche
cbd2472b7c migrate to new SELinux api
Using hard-coded access vector ids is deprecated and can lead to issues with custom SELinux policies.
Switch to `selinux_check_access()`.

Also use the libselinux log callback and log if available to audit.
This makes it easier for users to catch SELinux denials.

Drop legacy shortcut logic for passwd, which avoided a SELinux check if uid 0 changes a password of a user which username equals the current SELinux user identifier.
Nowadays usernames rarely match SELinux user identifiers and the benefit of skipping a SELinux check is negligible.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2019-10-22 14:56:31 +02:00
Serge Hallyn
a0efca4581 remove unused fn commonio_next
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:51 -05:00
Serge Hallyn
4e1da34601 compile warnings: Zflg unused when !selinux
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:51 -05:00
Serge Hallyn
b03df41906 remove unused variables
parent, user_id, and group_id are unused.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:32 -05:00
Serge Hallyn
8ca6eea938
Merge pull request #181 from pan93412/master
l10n(zh_TW): update translations
2019-10-07 09:00:19 -05:00
pan93412
1c2ad5e6b9 l10n(zh_TW): update translations 2019-10-07 18:26:33 +08:00
Serge Hallyn
991fee82df
Merge pull request #180 from thkukuk/libeconf
Add support for a vendor directory and libeconf
2019-10-05 22:34:29 -05:00
Thorsten Kukuk
b52ce71c27 Add support for a vendor directory and libeconf
With this, it is possible for Linux distributors to store their
supplied default configuration files somewhere below /usr, while
/etc only contains the changes made by the user. The new option
--enable-vendordir defines where the shadow suite should additional
look for login.defs if this file is not in /etc.
libeconf is a key/value configuration file reading library, which
handles the split of configuration files in different locations
and merges them transparently for the application.
2019-10-05 22:17:49 -05:00
Serge Hallyn
e78d22469f
Merge pull request #177 from edneville/conflicts_between_system_users_useradd_and_pwck
pwck.c: only check home dirs if set and not a system user
2019-10-05 22:08:08 -05:00
ed
c4e8b411d4 pwck.c: only check home dirs if set and not a system user
Closes #126

Changelog: pwck, better to look at array than to use strnlen.
2019-10-05 22:04:37 -05:00
Serge Hallyn
3a51b90145
Merge pull request #176 from edneville/force_bad_name
chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that…
2019-10-04 16:41:39 -07:00
ed
a2cd3e9ef0 chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that do not conform to standards
Closes #121.

Changelog: squashed commits fixing tab style
Changelog: update 'return true' to match file's style (no parens).
2019-10-04 18:40:41 -05:00
ed@s5h.net
1cbb562c23 lib/sgetgrent.c: change to warn when data remains 2019-10-04 18:30:41 -05:00
ed@s5h.net
558977bb2b sgetpwent.c/sgetgrent.c: check for additional data at end of line 2019-10-04 18:30:38 -05:00
Serge Hallyn
332709da65 Merge branch 'master' of git+ssh://github.com/shadow-maint/shadow 2019-10-04 18:28:34 -05:00
Serge Hallyn
a74587a4ea
Merge pull request #173 from edneville/issue_105_106
useradd.c: including directory name in directory existence error message
2019-08-07 22:44:51 -05:00
Serge Hallyn
1e13749483
Merge pull request #172 from edneville/master
chage.c: add support for YYYY-MM-DD date printing
2019-08-07 22:42:03 -05:00
Serge Hallyn
1a1b8fcc36
Merge pull request #171 from falconindy/master
Honor --sbindir and --bindir for binary installation
2019-08-07 22:39:08 -05:00
ed
23262b249c src/useradd.c: including directory name in dir existence error. Prefixing output lines with program name. 2019-08-07 19:41:12 +01:00
ed
5687be5f31 chage.c: add support for YYYY-MM-DD date printing 2019-08-06 19:40:36 +01:00
Dave Reisner
e293aa9cfc Honor --sbindir and --bindir for binary installation
Some distros don't care about the split between /bin, /sbin, /usr/bin,
and /usr/sbin, so let them easily stuff binaries wherever they want.
2019-08-02 18:45:19 -04:00
Dave Reisner
edf7547ad5 Fix failing chmod calls on installation for suidubins
suidubins should be suidusbins, since these binaries are installed
${prefix}/sbin. This historically hasn't broken the build because
chmod of newgidmap/newuidmap succeeds, causing make to think the command
succeeded. Configuring shadow with --with-fcaps removes these final two
entries and exposes the chmod failure to make.
2019-08-02 18:42:34 -04:00
Dave Reisner
2cac079ef4 Honor --sbindir and --bindir for binary installation
Some distros don't care about the split between /bin, /sbin, /usr/bin,
and /usr/sbin, so let them easily stuff binaries wherever they want.

This also fixes a problem during installation where-in a loop of 'chmod
4755' calls will mostly fail. However, because the last two succeed
(newuidmap/newgidmap), make considers the command to be a success.
Somewhat not-amusingly, configuring shadow with --with-fcaps will cause
installation to fail because the final chmod call is now a failing one.
2019-08-01 20:36:41 -05:00
Serge Hallyn
5afc1c5b5f
Merge pull request #170 from stanislav-brabec/master
Fixes of LASTLOG_UID_MAX and login.defs
2019-07-31 10:40:43 -05:00
Stanislav Brabec
3025fefc41 login.defs: Cosmetic space change
Fix formatting of login.defs comments. Variables are preceeded by "#"
without space, comments are preceeded by "# ". It makes the file machine
parseable again.

Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
2019-07-26 22:47:05 +02:00
Stanislav Brabec
00a5cff244 login.defs: Really add LASTLOG_UID_MAX
However 46331648 mentions adding of LASTLOG_UID_MAX to login.defs, it did
not happen.

Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
2019-07-26 22:34:59 +02:00
Stanislav Brabec
fc0ed79e5d usermod.c: Fix invalid variable name
Fix invalid LASTLOG_MAX_UID variable name to correct LASTLOG_UID_MAX.

Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
2019-07-26 21:39:42 +02:00
Serge Hallyn
13c618465d
Merge pull request #167 from yizhao1/fix
configure.ac: fix configure error with dash
2019-06-17 09:06:43 -05:00
Yi Zhao
3c52a84ff8 configure.ac: fix configure error with dash
A configure error occurs when /bin/sh -> dash:
  checking for is_selinux_enabled in -lselinux... yes
  checking for semanage_connect in -lsemanage... yes
  configure: 16322: test: yesyes: unexpected operator

Use "=" instead of "==" since dash doesn't support this operator.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2019-06-17 15:42:07 +08:00
Serge Hallyn
2bb99b8fe6 release 4.7
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-06-13 11:38:49 -05:00
Serge Hallyn
d2808b1b51 github pages takes an index.html
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2019-06-09 00:02:45 -05:00
Serge Hallyn
b679cdbd3e add README.md for the homepage
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2019-06-08 23:51:32 -05:00
Christian Brauner
a5f034f272
Merge pull request #161 from tabraham/master
lib/spawn.c run_command: don't loop forever if waitpid() is returning ECHILD
2019-06-04 13:31:08 +02:00
Thomas Abraham
82fa6eccf9 lib/spawn.c run_command: don't loop forever if waitpid() is returning ECHILD
If SIGCHILD is being ignored, waitpid() will forever error with ECHILD and
this loop with never end, so don't loop if it errors with ECHILD.
2019-05-06 14:26:14 -04:00
Thomas Abraham
8d39357c84 Revert "lib/spawn.c run_command: don't loop forever if waitpid() is returning ECHILD"
This reverts commit 1697c192ac.
2019-05-06 14:23:58 -04:00
Serge Hallyn
aff40d8515 libmisc/btrfs: no sense trying to calculate 'btrfs' string
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-05-03 22:40:14 -07:00