Commit Graph

1852 Commits

Author SHA1 Message Date
Tobias Stoeckmann
df5dafe049 Clear passwords on __gr_dup/__pw_dup errors.
The functions __gr_dup and __pw_dup do not explicitly zero the
memory which hold the passwords after free. The gr_free and pw_free
functions do this explicitly.

To guarantee same behaviour, it's possible to call these *_free
functions directly from __*_dup, because the memory is initialized
with zeros at the beginning. Calling free(NULL) has no negative
effect and can be considered safe these days.
2015-07-11 13:00:13 +02:00
Jesse W. Hathaway
3c32fd4a29 Allow deleting the group even if it is the primary group of a user
This is helpful when using configuration management tools such as
Puppet, where you are managing the groups in a central location and you
don't need this safeguard.

Signed-off-by: "Jesse W. Hathaway" <jesse@mbuki-mvuki.org>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-06-16 14:18:44 -05:00
Serge Hallyn
ecb6f0c3e3 newgidmap manpage: remove wrongly added extra pid arg
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-06-04 23:45:58 -05:00
Hank Leininger
884895ae25 Expand the error message when newuidmap / newgidmap do not like the user/group ownership of their target process.
Currently the error is just:

newuidmap: Target [pid] is owned by a different user

With this patch it will be like:

newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99

Why is this useful?  Well, in my case...

The grsecurity kernel-hardening patch includes an option to make parts
of /proc unreadable, such as /proc/pid/ dirs for processes not owned by
the current uid.  This comes with an option to make /proc/pid/
directories readable by a specific gid; sysadmins and the like are then
put into that group so they can see a full 'ps'.

This means that the check in new[ug]idmap fails, as in the above quoted
error - /proc/[targetpid] is owned by root, but the group is 99 so that
users in group 99 can see the process.

Some Googling finds dozens of people hitting this problem, but not
*knowing* that they have hit this problem, because the errors and
circumstances are non-obvious.

Some graceful way of handling this and not failing, will be next ;)  But
in the meantime it'd be nice to have new[ug]idmap emit a more useful
error, so that it's easier to troubleshoot.

Thanks!

Signed-off-by: Hank Leininger <hlein@korelogic.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-04-06 08:23:36 -05:00
Serge Hallyn
464456fa31 Merge pull request #3 from vapier/master
man: useradd(8): fix typo in German translation
2015-03-16 17:08:55 +00:00
Duncan Eastoe
17887b216d Suppress pwconv passwd- chmod failure message
Prevent chmod failure message from displaying if the failure
was due to the backup file not existing.

If there is no backup file present and if no changes have been
made, then this error would always appear since the backup
file isn't created in this situation.

Signed-off-by: Duncan Eastoe <deastoe@Brocade.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-02-17 10:15:02 -06:00
Mike Frysinger
01eab0c3b9 man: useradd(8): fix typo in German translation
When referring to USERGROUPS_ENAB, the German mentions /etc/default/useradd
when it should be /etc/login.defs (like the original English does).

Reported-by: Stefan Kiesler <heavymetal@gmx.de>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2015-02-14 00:21:14 -05:00
Nicolas François
6b65c6aeae Test userdel/usermod when homedir is a symlink 2014-09-21 00:36:24 +02:00
Nicolas François
3fb292f3c7 Extend checks for changing U/GID in home directory
Add files with user or group owner different from the user.
2014-09-21 00:36:23 +02:00
Nicolas François
a8bf8af5aa Extend checks for moving home directory
Add hard link to files inside or outside the home directory)
Add files with user or group owner different from the user.
2014-09-21 00:36:16 +02:00
Nicolas François
d8c8e8b4b6 subids options added to usermod's usage 2014-09-21 00:17:30 +02:00
Nicolas François
930e76ad0d Provides coverage with traceability to test cases 2014-09-21 00:17:29 +02:00
Nicolas François
83b5a746d9 Add missing configuration files 2014-09-21 00:17:27 +02:00
Nicolas François
a7f8176be6 useradd now uses link rather than rename 2014-09-21 00:17:26 +02:00
Nicolas François
1b4db814ea Add support for syscall failure tests 2014-09-21 00:17:25 +02:00
Nicolas François
9ae9ca833a Add cleanup script 2014-09-21 00:17:24 +02:00
Nicolas François
66f87b8caf Add config to disable execution of failure tests 2014-09-21 00:17:23 +02:00
Nicolas François
bba85fcae3 Add tests for subids handling 2014-09-21 00:16:57 +02:00
Nicolas François
a0104a9ed8 Use build_path from common/config.sh 2014-09-20 15:46:14 +02:00
Nicolas François
112e015f05 Force removal of files when restoring system config 2014-09-20 15:40:46 +02:00
Nicolas François
e6246599eb Update list of files in login and passwd packages 2014-09-20 15:39:32 +02:00
Bostjan Skufca
1d049b6aed sub[ug]id: compare range before comparing username/UID, to avoid unnecessary syscalls
Change suggested by Nicolas François as performance optimization.
Performance penalty would be really noticeable when usernames are
stored in remote databases (ldap).

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:24 -05:00
Bostjan Skufca
37e2a687e3 sub[ug]id manpages: add note about performance when using login names versus UIDs
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:17 -05:00
Bostjan Skufca
a113b87c45 newuidmap/newgidmap: added support for user matching by UID in /etc/sub[ug]id
Until now only exact username specification in /etc/sub[ug]id file allowed the
mapping. This prevented normal use for those users who use multiple usernames
with the same UID, as it rejected mapping even though it was allowed for
another username with the same UID.

This patch initially retains the old behaviour, for performance's sake. In the
first pass, new[ug]idmap only searches for exact username match.
If that yields no valid results, it continues into another loop, which does UID
resolution and comparison. If either definition (numeric UID mapping
specification or mapping specification for another username with the same UID as
current username) is found, it is used.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:10 -05:00
Serge Hallyn
b999d48941 Add tests from the old svn tree
We're losing the svn history (which we could probably keep if we tried
hard enough) but don't consider that worthwhile.

Note these tests are destructive, so run them only in a throwaway
environment like a chroot, container, or vm.

The tests/run.all script should be the one which launches all the tests.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 14:42:55 -05:00
James Le Cuirot
2cb54158b8 Check size of uid_t and gid_t using AC_CHECK_SIZEOF
This built-in check is simpler than the previous method and, most
importantly, works when cross-compiling.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-04 17:29:27 -05:00
James Le Cuirot
420943657c Fix building without subordinate IDs support
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-04 17:29:23 -05:00
Serge Hallyn
4911773b77 From: Svante Signell <svante.signell@gmail.com>
Currently shadow fails to build from source and is flagged as
out-of-date. This is due to a usage of PATH_MAX, which is not defined
on GNU/Hurd. The attached patch solves this problem by allocating a
fixed number of 32 bytes for the string proc_dir_name in files
src/procuidmap.c and src/procgidmap.c. (In fact only 18 bytes are
needed)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-06-26 16:48:56 -05:00
Serge Hallyn
980c804153 man: newuid and newgid: point out that root must be allocated subuids
Users may otherwise be confused and think that because the kernel
does not restrict uid mappings to the root user (within his
current uid mappings), newuidmap will ignore /etc/subuid for the
root user.  It will not.

Reported-by: Philippe Grégoire <gregoirep@hotmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2014-06-13 09:41:09 -05:00
Eric W. Biederman
578947e661 newuidmap,newgidmap: Correct the range size sanity check in get_map_ranges
The number of ranges should be the ceiling of the number of arguments divided
by three.

Without this fix newuidmap and newgidmap always report and error and fail,
which is very much not what we want.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-09-10 17:51:40 -05:00
Nicolas François
5e87ff0615 Improve vipw error report when editor fails
* src/vipw.c: After waitpid(), use errno only if waitpid returned
	-1. Debian#688260
	* src/vipw.c: Likewise for system().
2013-08-25 16:27:58 +02:00
Serge Hallyn
d409947e9a Document the subuid related functions in subordinateio.c
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-23 16:00:36 -05:00
victory
ba527c728e Updated Japanese translation to 558t
* po/ja.po: Updated to 558t
2013-08-23 22:31:00 +02:00
Serge Hallyn
50bb452dd1 newuidmap.1 and newgidmap.1: note limitation
Note that they may be used only once for a given process.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-23 15:16:43 -05:00
Nicolas François
90ac3a3207 Update translation files.
* man/po/shadow-man-pages.pot: Regenerated.
	* man/po/*.po: Updated PO files.
2013-08-23 20:29:43 +02:00
Nicolas François
684de2abff Fix encoding.
* man/newgrp.1.xml: Fix encoding.
	* man/sg.1.xml: Likewise.
2013-08-23 20:29:42 +02:00
Nicolas François
44faa3b796 Unfuzzy according to previous change.
* man/po/da.po: Unfuzzy according to previous change.
	* man/po/de.po: Likewise.
	* man/po/fr.po: Likewise.
	* man/po/it.po: Likewise.
	* man/po/pl.po: Likewise.
	* man/po/ru.po: Likewise.
	* man/po/sv.po: Likewise.
	* man/po/zh_CN.po: Likewise.
2013-08-23 20:29:41 +02:00
Nicolas François
138682fd30 Avoid spaces between <option> and <replaceable>
* man/chage.1.xml: Add a non breaking space between options and
	their parameter because xml2po removes those spaces. Alioth#314401
	* man/chfn.1.xml: Likewise.
	* man/chgpasswd.8.xml: Likewise.
	* man/chpasswd.8.xml: Likewise.
	* man/chsh.1.xml: Likewise.
	* man/faillog.8.xml: Likewise.
	* man/gpasswd.1.xml: Likewise.
	* man/groupadd.8.xml: Likewise.
	* man/groupdel.8.xml: Likewise.
	* man/groupmems.8.xml: Likewise.
	* man/groupmod.8.xml: Likewise.
	* man/grpck.8.xml: Likewise.
	* man/lastlog.8.xml: Likewise.
	* man/newusers.8.xml: Likewise.
	* man/passwd.1.xml: Likewise.
	* man/pwck.8.xml: Likewise.
	* man/pwconv.8.xml: Likewise.
	* man/su.1.xml: Likewise.
	* man/useradd.8.xml: Likewise.
	* man/userdel.8.xml: Likewise.
	* man/usermod.8.xml: Likewise.
	* man/vipw.8.xml: Likewise.
2013-08-23 20:29:40 +02:00
Nicolas François
373dd2dc3d Create baseline for changing manpage options.
* man/po/shadow-man-pages.pot: Regenerated.
	* man/po/*.po: Updated PO files.
2013-08-23 20:29:39 +02:00
Nicolas François
3ea09ae998 Fix encoding.
* man/po/de.po: Fix encoding.
2013-08-23 20:29:33 +02:00
Nicolas François
115aeef1c4 Fix subordinate_next() return value.
* lib/subordinateio.c (subordinate_next): Fix return value.
2013-08-19 21:32:27 +02:00
Nicolas François
2883ff6ad5 Include <stdio.h>
* libmisc/idmapping.c: Include <stdio.h> needed for fprintf() and
	stderr.
2013-08-16 01:13:20 +02:00
Nicolas François
c3b6417226 Remove debug info. 2013-08-16 01:11:50 +02:00
Nicolas François
eceedf43cf Improve documentation.
* man/login.defs.d/SUB_GID_COUNT.xml: Document newusers behavior
	when the user already have subordinate group IDs.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo (MAX<->MIN).
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
2013-08-15 17:30:20 +02:00
Nicolas François
6f8dd000f6 Improve diagnostic.
* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
	when option -v/-V (-w/-W) are provided.
2013-08-15 17:30:19 +02:00
Nicolas François
2e46882a9b Fix parse of ranges.
* src/usermod.c: Fix parse of ranges. The hyphen might be followed
	by a negative integer.
2013-08-15 17:30:19 +02:00
Nicolas François
5917347c6f Fix boundary conditions.
* lib/subordinateio.c (find_free_range): max is allowed for new
	ranges.
2013-08-15 17:30:19 +02:00
Nicolas François
7d5732cb49 Remove dead code.
* libmisc/find_new_sub_gids.c: Remove dead code.
	find_new_sub_gids() is always called with *range_count set to 0.
	It's more difficult to keep the subordinate GIDs and UIDs
	synchronized, than for the user's UID/GId because the count of
	subordinate IDs may differ.
	* libmisc/find_new_sub_uids.c: Likewise.
	* lib/subordinateio.h, lib/subordinateio.c: Remove APIs that are
	no more needed: is_sub_uid_range_free(), is_sub_gid_range_free(),
	is_range_free().
2013-08-15 17:30:19 +02:00
Nicolas François
1a8d386288 Subordinate IDs require 32bit uid_t/gid_t
* configure.in: Check if sizeof uid_t and gid_t is larger than 32
	bit to support subordinate IDs.
2013-08-14 20:22:15 +02:00
Nicolas François
0f26591422 Align coding style.
* lib/subordinateio.c: Avoid implicit conversion of pointers and
	integers to booleans.
	* lib/subordinateio.c: Added brackets.
2013-08-14 00:19:19 +02:00