Commit Graph

2541 Commits

Author SHA1 Message Date
Serge Hallyn
82b5983301 Add Christian Brauner to SECURITY.md
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-10-25 14:26:37 -05:00
Serge Hallyn
cdc8c1e25b
Create SECURITY.md
Barebones to unblock current reporters.
2021-10-23 09:34:48 -05:00
Serge Hallyn
4bec156db1
Merge pull request #426 from hallyn/2021-10-15/man 2021-10-20 15:16:06 -05:00
Serge Hallyn
33f85e93a1 manpages: fix 'File Formats and Conversions"
Closes #416

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-10-15 16:28:12 -05:00
Serge Hallyn
6be18d45e1 initial github actions attempt
Closes #415
2021-10-15 16:21:19 -05:00
Andy Zaugg
7e2b522a15 Added a new configurable LOG_INIT to useradd
In some circumstances I want the default behaviour of useradd to
not add user entries to the lastlog and faillog databases. Allowing
this options behaviour to be controlled by the config file
/etc/default/useradd.
2021-10-15 16:20:52 -05:00
Andy Zaugg
d7e2bd6fe1 Added documentation around CREATE_MAIL_SPOOL
Adding documentation aroud the parameter CREATE_MAIL_SPOOL in the
/etc/default/useradd file
2021-10-15 16:20:52 -05:00
Serge Hallyn
4ad2697cc4
Merge pull request #412 from ljmf00/fix-trailing-whitespaces
treewide: remove trailing whitespaces
2021-09-27 10:12:24 -05:00
Serge Hallyn
5bb28a0a7f
Merge pull request #417 from jubalh/doublefree
Only free sgent if it was initialized
2021-09-27 10:10:22 -05:00
Serge Hallyn
4b85dc66d4
Merge pull request #420 from AZaugg/issue419
Fix parentheses in configure.ac
2021-09-27 08:48:24 -05:00
Andy Zaugg
049f9a7f6b Fix parentheses in configure.ac
Resolving issue https://github.com/shadow-maint/shadow/issues/419
2021-09-22 09:42:15 -07:00
Michael Vetter
117bc66c6f Only free sgent if it was initialized
`sgent` is only initialized in `get_group()` if `is_shadowgrp` is true.
So we should also only attempt to free it if this is actually the case.

Can otherwise lead to:
```
free() double free detected in tcache 2 (gpasswd)
```
2021-09-20 11:04:50 +02:00
Serge Hallyn
26bbee8c86
Merge pull request #414 from Frans-Spiesschaert/new_dutch_po_branch
updated Dutch translation
2021-09-14 10:01:17 -05:00
Frans Spiesschaert
ab9fad7943 updated Dutch translation 2021-09-13 21:05:45 +02:00
Luís Ferreira
7903557988
treewide: remove trailing whitespaces
Signed-off-by: Luís Ferreira <contact@lsferreira.net>
2021-09-13 17:23:17 +01:00
Serge Hallyn
0e0101043b
Merge pull request #405 from a1346054/master
Minor cleanups
2021-09-13 10:57:38 -05:00
Serge Hallyn
fb582ce72f
Merge pull request #411 from ljmf00/ignore-check-subid
git: ignore generated check_subid_range
2021-09-13 10:37:59 -05:00
Luís Ferreira
679a29da7e
git: ignore generated check_subid_range
Signed-off-by: Luís Ferreira <contact@lsferreira.net>
2021-09-13 16:17:49 +01:00
a1346054
d7c9550b7f fix spelling 2021-09-13 15:11:40 +00:00
Serge Hallyn
e385338ee8
Merge pull request #410 from paulmenzel/use-https-urls-in-readme
Use HTTPS URLs in README, where possible
2021-09-12 10:50:09 -05:00
Paul Menzel
2b6312b337 README: Use HTTPS URLs where possible
The GitHub and Debian permanently moved to HTTPS URLs and redirect
there. The Gentoo URL does not redirect to HTTPS, but still use it to
address certain kinds of attacks. Lastly, the NetBSD URL is only
available using HTTP.
2021-09-12 12:06:02 +02:00
a1346054
ecfcaed0b5 fix some shellcheck-identified issues in scripts 2021-08-18 18:21:06 +00:00
a1346054
f20c688a18 use a geographically close URL 2021-08-18 18:07:50 +00:00
a1346054
7687ae4dbd fix spelling and unify whitespace 2021-08-18 18:06:02 +00:00
Serge Hallyn
4624e9fca1 Revert "useradd.c:fix memleaks of grp"
In some cases, the value which was being freed is not actually
safe to free.

Closes #394

This reverts commit c44b71cec2.
2021-08-14 19:37:24 -05:00
Serge Hallyn
009e09fd58
Merge pull request #400 from floppym/sha-rounds
libmisc: fix default value in SHA_get_salt_rounds()
2021-08-14 19:29:54 -05:00
Serge Hallyn
a5bf83d2e7
Merge pull request #401 from hallyn/2021-08-14/dropxml2po
man/po/Makefile.in: switch from xml2po to itstool
2021-08-14 19:28:18 -05:00
Serge Hallyn
4bcbe13689
Merge pull request #403 from hallyn/2021-08-14/fixnosubuidbuild
useradd.c: Fix undeclared subuid_count when not using subids
2021-08-14 19:28:07 -05:00
Serge Hallyn
049b08481a useradd.c: Fix undeclared subuid_count when not using subids
subuid_count won't get used by usr_update(), but since we're passing it
as an argument we have to make sure it's always defined.  So just define
it as pre-set to 0.

Closes #402

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-08-14 19:25:51 -05:00
Serge Hallyn
02b200c9aa man/po/Makefile.in: switch from xml2po to itstool
xml2po is deprecated.  We've previously replaced xml2po with
itstool in man/generate_translations.mak, but there was still
an instance of it that only is exercised for 'make dist'.
Update that one.  Now 'make dist' succeeds on a ubuntu focal
or newer host where xml2po is not available.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-08-14 14:51:08 -05:00
Mike Gilbert
234e8fa7b1 libmisc: fix default value in SHA_get_salt_rounds()
If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
use SHA_ROUNDS_DEFAULT.

Previously, the code fell through, calling shadow_random(-1, -1). This
ultimately set rounds = (unsigned long) -1, which ends up being a very
large number! This then got capped to SHA_ROUNDS_MAX later in the
function.

The new behavior matches BCRYPT_get_salt_rounds().

Bug: https://bugs.gentoo.org/808195
Fixes: https://github.com/shadow-maint/shadow/issues/393
2021-08-14 13:43:26 -04:00
Serge Hallyn
c4539fc4f9
Merge pull request #399 from ikerexxe/useradd_empty_subid_range
useradd: avoid generating an empty subid range
2021-08-14 09:23:26 -05:00
Iker Pedrosa
9dd720a285 useradd: avoid generating an empty subid range
useradd generates an empty subid range when adding a new user. This is
caused because there are two variables, one local and the other one
global, that have a very similar name and they are used indistinctly in
the code. The local variable loads the SUB_*ID_COUNT configuration from
the login.defs file, while the global variable, which holds a value of
0, is used to generate the subid range. Causing the empty subid range
problem.

I've merged the two variables in the local one and removed the global
variable. I prefer to do it this way to reduce the scope of it but I'm
open to doing it the other way round.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1990653

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-08-10 10:04:39 +02:00
Serge Hallyn
1c1e0b0c68
Merge pull request #397 from ikerexxe/revert_local_groups_check
usermod: allow all group types with -G option
2021-08-04 10:41:56 -05:00
Serge Hallyn
adb83f7796
Merge pull request #398 from Dzejrou/master
passwd: handle NULL pw_passwd when printing password status
2021-08-04 10:38:30 -05:00
Serge Hallyn
28a02dc83e
Merge pull request #396 from floppym/libcrack
libsubid: fix build with libcrack
2021-08-04 10:37:08 -05:00
Serge Hallyn
e318bb9b06
Merge pull request #395 from ikerexxe/downstream_4_9
Makefile: include libeconf dependency in new*idmap
2021-08-04 10:36:44 -05:00
Jaroslav Jindrak
05388f748d passwd: handle NULL pw_passwd when printing password status
When the -S and -a options are used for passwd to list the status
of all passwords, there is a chance the pw_passwd field of struct
passwd will be NULL. This can be due to 'files compat' being set
for passwd in /etc/nsswitch.conf and the usage of some features
not available in the 'files' mode (e.g. a plus sign at the start
of a line).

Example:

germ161:~ # grep passwd /etc/nsswitch.conf
passwd: files compat
germ161:~ # rpm -qa shadow
shadow-4.2.1-34.20.x86_64
germ161:~ # grep passwd /etc/nsswitch.conf
passwd: files compat
germ161:~ # grep + /etc/passwd
+@nisgroup
germ161:~ # passwd -S -a > /dev/null
Segmentation fault (core dumped)

With this commit:

germ161:~ # passwd -S -a > /dev/null
passwd: malformed password data obtained for user +@nisgroup
2021-08-03 20:03:46 +02:00
Iker Pedrosa
e481437ab9 usermod: allow all group types with -G option
The only way of removing a group from the supplementary list is to use
-G option, and list all groups that the user is a member of except for
the one that wants to be removed. The problem lies when there's a user
that contains both local and remote groups, and the group to be removed
is a local one. As we need to include the remote group with -G option
the command will fail.

This reverts commit 140510de9d. This way,
it would be possible to remove the remote groups from the supplementary
list.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967641
Resolves: https://github.com/shadow-maint/shadow/issues/338

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-08-03 11:14:09 +02:00
Mike Gilbert
6becc82e26 libsubid: fix build with libcrack
Fixes a link failure:

  ../libsubid/.libs/libsubid.so: undefined reference to `FascistCheck'

Bug: https://bugs.gentoo.org/806124
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
2021-08-02 12:00:48 -04:00
Iker Pedrosa
c6847011e8 Makefile: include libeconf dependency in new*idmap
new*idmap has a dependency with libeconf since commit
c464ec5570. I'm just adding it to the
Makefile to be able to compile in distributions that include libeconf.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-08-02 15:54:20 +02:00
Christian Brauner
065aae682c
Merge pull request #392 from hallyn/2021-07-25/useradd-defaults
useradd: create /etc/default saving defaults.
2021-07-26 10:20:56 +02:00
Serge Hallyn
33c33a32a2 useradd: create /etc/default saving defaults.
Since bbf4b79, we stopped shipping /etc/default/useradd, and therefore
install of shadow does not auto-create /etc/default.  So when useradd
tries to save a new default, it needs to create the directory.

Closes #390.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-07-25 16:19:56 -05:00
Serge Hallyn
cd551ef728
Merge pull request #391 from hallyn/2021-07-25/static
Respect --enable-static=no in libsubid
2021-07-25 14:01:11 -05:00
Serge Hallyn
fa986b1d73 Respect --enable-static=no in libsubid
libsubid's Makefile.am was always setting enable-shared in its LDFLAGS.
Do that only if not building static.

Closes #387

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2021-07-25 12:21:55 -05:00
Serge Hallyn
4616fe71e7
Merge pull request #388 from hallyn/2021-07-23/outoftreebuild
Fix out of tree builds with respect to libsubid includes
2021-07-23 18:11:51 -05:00
Serge Hallyn
537b8cd90b Fix out of tree builds with respect to libsubid includes
There's a better way to do this, and I hope to clean that up,
but this fixes out of tree builds for me right now.

Closes #386

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-07-23 17:51:13 -05:00
Serge Hallyn
d4b6d1549b
Merge pull request #385 from xry111/ftbfs-fix
libsubid: link to PAM libraries
2021-07-23 04:53:34 -05:00
Xi Ruoyao
f4a84efb46
libsubid: link to PAM libraries
libsubid.so links to libmisc.a, which contains several routines referring to
PAM functions.
2021-07-23 14:38:08 +08:00
Serge Hallyn
6f9124b7f7 configure.ac: get ready to release 4.9
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-07-22 16:50:51 -05:00