a271076041
Merge pull request #263 from edneville/261_grpck_questionable_warning
...
Option to suppress group/gshadow inconsistencies
2020-08-11 13:58:22 -05:00
e8c44a4c12
Option to suppress group/gshadow inconsistencies
...
'gshadow' man page suggests that "You should use the same list of users
as in /etc/group", but not must.
Closes #261
2020-08-11 13:53:48 -05:00
d041eec354
Merge pull request #270 from darktemplarbasealt/fix_resource_leak
...
Fix potential resource leak in set_selinux_file_context function
2020-08-10 20:34:50 -05:00
b215e9d02c
Merge pull request #268 from stoeckmann/chfn
...
chfn: Prevent buffer overflow.
2020-08-10 13:45:15 -05:00
994a3b463c
Merge pull request #272 from ikerexxe/useradd_covscan
...
useradd: check return value from chmod and log it
2020-08-10 12:34:52 +02:00
508b968cb1
useradd: check return value from chmod and log it
...
covscan was complaining abot calling chmod and ignoring the return
value:
Error: CHECKED_RETURN (CWE-252):
shadow-4.6/src/useradd.c:2084: check_return: Calling
"chmod(prefix_user_home, mode)" without checking return value. This
library function may fail and return an error code.
2082| mode_t mode = getdef_num ("HOME_MODE",
2083| 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
2084|-> chmod (prefix_user_home, mode);
2085| home_added = true;
2086| #ifdef WITH_AUDIT
2020-08-10 11:44:00 +02:00
6afa2aaf9d
Merge pull request #271 from hallyn/2020-08-08/groupmembers
...
add -U option to groupadd and groupmod
2020-08-10 10:22:45 +02:00
342c934a35
add -U option to groupadd and groupmod
...
Add a -U option which adds new usernames as members. For groupmod,
also add -a (append), without which existing members are removed.
Closes #265
2020-08-09 22:11:33 -05:00
49930bd3a6
Fix potential resource leak in set_selinux_file_context function
2020-08-04 10:24:46 +03:00
7ea342579e
useradd: suggest --badnames when given a bad name
...
Closes #266
2020-07-31 21:29:21 -05:00
875d2d49c1
chfn: Prevent buffer overflow.
...
This is a stability fix, not a security fix, because the affected -o
option can only be used by root and it takes a modified passwd file.
If a gecos field for a user has BUFSIZ characters without commas and an
equals sign (i.e. a huge slop/extra field) and chfn is called with -o,
then a buffer overflow occurs.
It is not possible to trigger this with shadow tools. Therefore, the
passwd file must be modified manually.
I have fixed this unlikely case the easiest and cleanest way possible.
Since chfn bails out if more than 80 characters excluding commas are
supposed to be written into gecos field, we can stop processing early on
if -o argument is too long.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org >
2020-07-12 19:09:14 +02:00
607f1dd549
libsubid: fix a prototype in api.h
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com >
2020-06-19 22:09:20 -05:00
6baeb25038
Merge pull request #234 from edneville/79_userdel
...
Adding run-parts for userdel
2020-06-10 00:31:10 -05:00
32cfa176f2
Adding run-parts style for pre and post useradd/del
...
Signed-off-by: ed neville <ed@s5h.net >
2020-06-10 00:26:55 -05:00
b01bd3b139
Merge pull request #250 from hallyn/libsubid
...
[strawman] Implement libsubid
2020-06-08 00:10:16 -05:00
0a7888b1fa
Create a new libsubid
...
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com >
2020-06-07 12:11:58 -05:00
43a917cce5
configure: define abi versions
...
Signed-off-by: Serge Hallyn <serge@hallyn.com >
2020-06-07 12:07:23 -05:00
089cf55e2c
drop svn complications from test runner
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com >
2020-06-07 12:07:14 -05:00
316a153abb
tests: use git to determine top_dir
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com >
2020-06-07 12:07:09 -05:00
6e6494680d
trivial: drop useless version-info from libshadow_la_LDFLAGS
...
Signed-off-by: Serge Hallyn <serge@hallyn.com >
2020-06-07 12:07:00 -05:00
6155e91f4e
Merge pull request #262 from andydna/master
...
correct grammar in shadow(5)
2020-06-06 12:59:59 -05:00
967bfb0376
correct grammar in shadow(5)
2020-06-04 22:29:15 -05:00
9cb21c2bdf
Merge pull request #259 from Inrin/lastlog_MaxPadding
...
Add maximum padding to fit IPv6-Addresses
2020-05-28 14:45:23 -05:00
5cb839d977
Merge pull request #257 from Frans-Spiesschaert/new_dutch_po_branch
...
(nl) updated Dutch translation
2020-05-26 14:48:48 -05:00
b128222477
Add maximum padding to fit IPv6-Addresses
...
We use a fixed padding for the From column to fit the maximum of a
minimized IPv6-LL-Address and it's interface.
2020-05-24 23:48:25 +02:00
fc95155aa4
(nl) updated Dutch translation
2020-05-24 15:26:06 +02:00
320707fcb0
Merge pull request #251 from lifecrisis/nonexistent
...
Add "NONEXISTENT" to "login.defs"
2020-05-11 09:13:34 -05:00
4086aed1ed
Update the "README" file
2020-05-11 09:27:01 -04:00
096dad6305
Add "NONEXISTENT.xml" to "man/Makefile.am"
2020-05-11 09:27:00 -04:00
4772689d27
Name "NONEXISTENT" in the man page for "pwck"
2020-05-11 09:27:00 -04:00
1566921dd8
Add detailed documentation for "NONEXISTENT"
2020-05-11 09:26:45 -04:00
04062cda11
Add "NONEXISTENT" to the "login.defs" man page
2020-05-11 09:26:43 -04:00
c040058fe3
Check for "NONEXISTENT" in "src/pwck.c"
2020-05-11 09:26:43 -04:00
c56fe7117b
Add "NONEXISTENT" to def_table
2020-05-11 09:26:42 -04:00
e2f74c347b
Add "NONEXISTENT" to "etc/login.defs"
2020-05-11 09:26:04 -04:00
f929bfd90b
Merge pull request #237 from ikerexxe/usermod_fails
...
Check only local groups when adding new supplementary groups to a user
2020-05-01 22:26:41 -05:00
c889ebc2c9
Merge pull request #249 from brauner/coverity
...
travis: reorder sections and add regenerated coverity token
2020-04-25 12:32:13 -05:00
a3a1cf6536
travis: reorder sections and add regenerated coverity token
...
Also remove the openssl section since both lxc and lxcfs don't need it
either.
Signed-off-by: Christian Brauner <christian@brauner.io >
2020-04-25 18:45:24 +02:00
7e0e931519
Merge pull request #248 from brauner/coverity
...
travis: add more architectures + enable Coverity
2020-04-25 11:32:23 -05:00
97a76bd9e6
travis: add more architectures and Coverity support
...
Now that travis supports more architectures let's make sure we test on
all of them and that we enable Coverity too.
Signed-off-by: Christian Brauner <christian@brauner.io >
2020-04-25 12:59:25 +02:00
69332884b1
Merge pull request #247 from jubalh/unusedcpp
...
Remove unused variables
2020-04-25 12:34:49 +02:00
992c1723af
Remove unused 'buf' in shadow.c
2020-04-25 12:23:10 +02:00
8eee5d03fd
Remove unused variable 'cpp'
2020-04-25 12:10:39 +02:00
77be9c35c7
Merge pull request #244 from sthibaul/master
...
Fix hurd build
2020-04-23 10:56:48 -05:00
f7ae4d48f4
Merge pull request #246 from blueskycs2c/stderr-pr
...
check_uid_range : warnings go to stderr
2020-04-20 10:01:27 +02:00
1d8487d851
check_uid_range : warnings go to stderr
2020-04-20 10:16:19 +08:00
52aba825af
Merge pull request #245 from hallyn/2020-04-17/libmisc
...
remove unused and misleading 'owner' argument from find_new_sub*
2020-04-18 12:32:38 +02:00
25b1a8d591
remove unused and misleading 'owner' argument from find_new_sub*
...
Signed-off-by: Serge Hallyn <shallyn@cisco.com >
2020-04-17 16:32:44 -05:00
5de28353d4
Fix hurd build
...
Do not include <sys/prctl.h> we don't have <sys/capability.h>, we don't
need prctl in that case anyway.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org >
2020-04-17 21:50:48 +02:00
7b36b160f7
Merge pull request #243 from blueskycs2c/uid-pr
...
print a warning from useradd if -u is used with uid number outside ra…
2020-04-16 11:48:21 -05:00
