Commit Graph

2394 Commits

Author SHA1 Message Date
Martijn de Gouw
c464ec5570 newuidmap,newgidmap: Relax gid checking to allow running under alternative group ID
Signed-off-by: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
2021-02-08 13:32:18 +01:00
Serge Hallyn
ae169c4046
Merge pull request #306 from hallyn/2021-01-01/nosubids
useradd: don't try to create 0 subuids
2021-01-01 13:10:53 -06:00
Serge Hallyn
0dffc7c612 useradd: don't try to create 0 subuids
Closes #289

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-01 13:10:12 -06:00
Serge Hallyn
5d53e0bf07
Merge pull request #305 from hallyn/2021-01-01/static-dynamic
libsubid: move libmisc.a to last LIBADD entry
2021-01-01 13:05:33 -06:00
Serge Hallyn
b5fb1b38ee libsubid: move libmisc.a to last LIBADD entry
Closes #297

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-01 13:01:54 -06:00
Serge Hallyn
c917ed7b76
Merge pull request #302 from whzhe51/br_master
useradd.c:fix memleaks of grp
2020-12-27 00:37:46 -06:00
Serge Hallyn
08f5577018
Merge pull request #301 from whzhe51/br_whzhe
useradd.c:fix memleak in get_groups
2020-12-27 00:31:30 -06:00
Serge Hallyn
1021195bfe
Merge pull request #299 from lnussel/master
useradd: use built-in settings by default
2020-12-27 00:26:47 -06:00
Serge Hallyn
a8361e7410
Merge pull request #296 from ikerexxe/log_exit_code
useradd: log exit code when failing
2020-12-27 00:18:12 -06:00
Serge Hallyn
7384865775
Merge pull request #295 from ikerexxe/newusers_clarification
newusers: doesn't create parent home directories
2020-12-27 00:16:18 -06:00
whzhe
fd9d79a1a3 useradd.c:fix memleak in get_groups
Signed-off-by: whzhe <wanghongzhe@huawei.com>
2020-12-20 22:05:03 -05:00
whzhe51
c44b71cec2 useradd.c:fix memleaks of grp
Signed-off-by: whzhe51 <wanghongzhe@huawei.com>
2020-12-20 20:14:49 -05:00
Ludwig Nussel
bbf4b79bc4 useradd: use built-in settings by default
Avoids installing inconsistent settings. The correct ones would be
written as soon as an admin uses useradd -D to modify the defaults.
2020-12-04 09:20:18 +01:00
ikerexxe
abb5c99114 useradd: log exit code when failing
src/useradd.c: log exit code when failing
2020-11-17 16:58:40 +01:00
ikerexxe
88128000c9 newusers: doesn't create parent home directories
man/newusers.8.xml: clarify that newusers doesn't create parent
directories of the new user's home directory.
2020-11-17 16:46:10 +01:00
Serge Hallyn
599cc003da
Merge pull request #293 from ikerexxe/sync_file_write
commonio: force lock file sync
2020-11-08 16:36:36 -06:00
Serge Hallyn
e7938d5a30
Merge pull request #291 from ikerexxe/covscan_issues
Two covscan issues
2020-11-08 16:33:55 -06:00
Serge Hallyn
bd32c1c8fc
Merge pull request #290 from jamincollins/master
add parsing support for advertised force long opt
2020-11-08 16:29:29 -06:00
ikerexxe
fb0f702cbf commonio: force lock file sync
lib/commonio.c: after writing to the lock file, force a file sync to
the storage system.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1862056
2020-11-05 17:15:56 +01:00
Jamin W. Collins
a04287cf24 update groupdel man page for the --force option
Signed-off-by: Jamin W. Collins <jamin.collins@gmail.com>
2020-11-01 21:22:54 -07:00
ikerexxe
569bd1d54f useradd: free grp to avoid leak
covscan issue:
Error: RESOURCE_LEAK (CWE-772): [#def39] [important]
src/useradd.c:728: alloc_fn: Storage is returned from allocation function "get_local_group".
src/useradd.c:728: var_assign: Assigning: "grp" = storage returned from "get_local_group(list)".
src/useradd.c:728: overwrite_var: Overwriting "grp" in "grp = get_local_group(list)" leaks the storage that "grp" points to.
726|   		 * GID values, otherwise the string is looked up as is.
727|   		 */
728|-> 		grp = get_local_group (list);
729|
730|   		/*
2020-10-27 11:42:34 +01:00
ikerexxe
2df8c0728d newgrp: delete dead code
covscan issue:
Error: CLANG_WARNING: [#def31]
src/newgrp.c:448:2: warning: Value stored to 'gid' is never read [deadcode.DeadStores]
	gid = getgid ();
2020-10-27 11:42:08 +01:00
Jamin W. Collins
bd4dc81a82 add parsing support for advertised force long opt
Existing help output advertises --force as a long opt.

  -f, --force                   delete group even if it is the primary group of a user

But errors when the long opt is used.

groupdel: unrecognized option '--force'

Signed-off-by: Jamin W. Collins <jamin.collins@gmail.com>
2020-10-17 09:18:30 -07:00
Serge Hallyn
f8642a1986
Merge pull request #288 from whzhe51/br_whzhe
xfree: move xfree() function to xmalloc.c
2020-10-16 09:59:34 -05:00
w00475903
e24700fd5d xfree: move xfree() function to xmalloc.c
Signed-off-by: whzhe <wanghongzhe@huawei.com>
2020-10-15 21:52:06 -04:00
Serge Hallyn
18c5c6139d
Merge pull request #286 from karelzak/defs
getdefs: add foreign (non-shadow-utils) items
2020-10-12 08:40:50 -05:00
Serge Hallyn
af0f55a625
Merge pull request #285 from masmullin2000/master
Fix the undefined xfree issue
2020-10-12 08:36:33 -05:00
Karel Zak
3f09f7b6fb getdefs: add foreign (non-shadow-utils) items
The login.defs is shared between more upstream projects (util-linux,
etc.). We need to improve compatibility between the projects do not
report valid, but foreign items.

Addresses: https://github.com/shadow-maint/shadow/issues/276
Signed-off-by: Karel Zak <kzak@redhat.com>
2020-10-08 12:30:53 +02:00
Michael Mullin
dfd19fc35b Use {} to kep more in line with code style 2020-10-03 14:23:06 -04:00
Michael Mullin
0407fa8813 Fix the undefined xfree issue 2020-10-03 14:19:46 -04:00
Serge Hallyn
e84df9e163
Merge pull request #282 from ikerexxe/sssd_cache_error
lib/sssd: redirect warning message to file
2020-10-02 19:38:35 -05:00
Serge Hallyn
46ad1856ac
Merge pull request #277 from whzhe51/br_whzhe
gpasswd.c: fix memory leak in sg_adm
2020-10-02 19:37:20 -05:00
ikerexxe
87257a49a1 lib/sssd: redirect warning message to file
Instead of printing warning in stderr print it to file. This way the
user is not spammed with unnecessary messages when updating packages.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1749001
2020-10-02 16:09:42 +02:00
Serge Hallyn
9d3546c695
Merge pull request #281 from towerpark/fix-newxidmap-man
Fix the inaccurate description about ID range in man new{u,g}idmap
2020-10-01 13:26:11 -05:00
towerpark
287a9041a1 Fix the inaccurate description about the ID range to be verified against /etc/sub{u,g}id. 2020-09-26 21:01:01 +09:00
w00475903
22bfaf9e26 gpasswd.c: fix memory leak in sg_adm
Signed-off-by: whzhe <wanghongzhe@huawei.com>
2020-09-24 23:29:53 -04:00
Serge Hallyn
2748b4230a
Merge pull request #279 from juergenhoetzel/fix-de-translation
Fix incorrect translation (de)
2020-09-24 21:59:58 -05:00
Serge Hallyn
6bd08f7d18
Merge pull request #278 from edneville/104_su_waitpid
loop until waitpid returns pid_child or error
2020-09-24 21:58:35 -05:00
Juergen Hoetzel
00f01dd416 Fix incorrect translation (de) 2020-09-23 18:00:00 +02:00
ed neville
01a8df79b3 loop until waitpid returns pid_child or error
closes #104

Signed-off-by: ed neville <ed@s5h.net>
2020-09-20 23:04:11 +01:00
Serge Hallyn
9a10373ddb Revert "su.c: replace getopt with ad-hoc flag processing"
This reverts commit dc732e7734.
2020-08-28 15:16:11 -05:00
Serge Hallyn
b065fa4741 Revert "su.c: s/doshell/do_interactive_shell/"
This reverts commit 6f38f43fdd.
2020-08-28 15:16:04 -05:00
Serge Hallyn
3f35983656 Revert "su.c: implement --exec"
This reverts commit 4047d1fe8e.
2020-08-28 15:15:56 -05:00
Serge Hallyn
c32743808d Revert "Update su tests"
This reverts commit cf8101aaae.
2020-08-28 15:15:47 -05:00
Christian Brauner
ec98f190c1
Merge pull request #275 from hallyn/2020-08-27/test-su
Add tests on top of #254
2020-08-28 12:13:49 +02:00
Serge Hallyn
cf8101aaae Update su tests
Some of these tests seem wrong.  The assume that

    su -- -c command

should work, whereas -- should mean pass all remaining arguments
along to the command.

Add some new tests based on examples in Issue 253

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-08-27 23:59:07 -05:00
Vito Caputo
4047d1fe8e su.c: implement --exec
It's now possible to run commands as other users without shell
interpolation by using "--exec":

Read /etc/shadow as root without specifying user:
```
su --exec /bin/cat -- /etc/shadow
```

Or specify user:
```
su --exec /bin/cat root -- /etc/shadow
```
2020-08-27 23:43:32 -05:00
Vito Caputo
6f38f43fdd su.c: s/doshell/do_interactive_shell/
Mechanical rename distinguishing this variable from intended changes
supporting executing commands without using an interpretive shell
(i.e. no '/bin/sh -c').
2020-08-27 23:43:29 -05:00
Vito Caputo
dc732e7734 su.c: replace getopt with ad-hoc flag processing
In preparation for supporting --exec I was testing the robustness
of "--" handling and it became apparent that things are currently
a bit broken in `su`.

Since "--" is currently of limited utility, as the subsequent
words are simply passed to the shell after "-c","command_string",
it seems to have gone unnoticed for ages.

However, with --exec, it's expected that "--" would be an almost
required separator with every such usage, considering the
following flags must be passed verbatim to execve() and will
likely begin with hyphens looking indistinguishable from any
other flags in lieu of shell interpolation to worry about.

For some practical context of the existing situation, this
invocation doesn't work today:
```
  $ su --command ls -- flags for shell
  No passwd entry for user 'flags'
  $
```

This should just run ls as root with "flags","for","shell"
forwarded to the shell after "-c","ls".

The "--" should block "flags" from being treated as the user.
That particular issue isn't a getopt one per-se, it's arguably
just a bug in su.c's implementation.

It *seemed* like an easy fix for this would be to add a check if
argv[optind-1] were "--" before treating argv[optind] as USER.

But testing that fix revealed getopt was rearranging things when
encountering "--", the "--" would always separate the handled
opts from the unhandled ones.  USER would become shifted to
*after* "--" even when it occurred before it!

If we change the command to specify the user, it works as-is:
```
  $ su --command ls root -- flags for shell
  Password:
  testfile
  $

```

But what's rather surprising is how that works; the argv winds up:

"su","--command","ls","--","root","flags","for","shell"

with optind pointing at "root".

That arrangement of argv is indistinguishable from omitting the
user and having "root","flags","for","shell" as the stuff after
"--".

This makes it non-trivial to fix the bug of omitting user
treating the first word after "--" as the user, which one could
argue is a potentially serious security bug if you omit the user,
expect the command to run as root, and the first word after "--"
is a valid user, and what follows that something valid and
potentially destructive not only running in unintended form but
as whatever user happened to be the first word after "--".

So, it seems like something important to fix, and getopt seems to
be getting in the way of fixing it properly without being more
trouble than replacing getopt.

In disbelief of what I was seeing getopt doing with argv here, I
took a glance at the getopt source and found the following:

```
      /* The special ARGV-element '--' means premature end of options.
	 Skip it like a null option,
	 then exchange with previous non-options as if it were an option,
	 then skip everything else like a non-option.  */

      if (d->optind != argc && !strcmp (argv[d->optind], "--"))
```

I basically never use getopt personally because ages ago it
annoyed me with its terrible API for what little it brought to
the table, and this brings it to a whole new level of awful.
2020-08-27 23:43:25 -05:00
Serge Hallyn
291c6fcc87
Merge pull request #267 from stoeckmann/chage
chage: Prevent signed integer overflows.
2020-08-13 00:34:19 -05:00