e5e5df1966
Assume getpwuid_r(3) exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
e788001977
Assume getpwnam_r(3) exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
a082a3975f
Assume fsync(2) exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
e71c23586a
Assume fchown(2) exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
9c86e07067
Assume fchmod(2) exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
55c62b663f
Assume l64a(3) exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
48391fb862
Assume <netdb.h> exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
b76d9b540a
Remove preprocessor conditionals that are always true
...
Since the last commit, LIMITS is always defined. Remove the dummy
macro, and all conditionals on it.
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
9d695340b4
Assume <sys/resource.h> exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
cdaa04e460
Remove uses of ulimit(3)
...
The function is obsolete. It is recommended to use getrlimit(2) instead
(see the manual page for ulimit(3) or the POSIX manual for it). Since
getrlimit(2) is required by POSIX.1-2001, we can rely on it.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
0527fa677b
Add indentation to heavy use of preprocessor conditionals
...
This clarifies which code is under which conditions,
for further clenaup.
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
7b1fc83e9b
Remove unused check for <utime.h>
...
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
eecd021c04
Remove unused check for <syslog.h>
...
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
5777e583cd
Assume <termios.h> exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
b47aa1e9aa
Assume <utmpx.h> exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
85d2688d62
Remove unused check for <sys/time.h>
...
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
578f286215
Assume <unistd.h> exists
...
It is required by POSIX.1-2001.
Cc: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
28e565aa83
Remove unused check for <fcntl.h>
...
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-15 16:22:05 -06:00
d7baafb2eb
Assume strstr(3) exists
...
ISO C99 requires strstr(3).
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
0793782d31
Assume snprintf(3) exists
...
ISO C99 requires snprintf(3).
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
7d3213741e
Assume rename(2) exists
...
ISO C99 requires rename(2).
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
9d8c3df93c
Assume NULL exists
...
ISO C99 requires NULL.
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
3a32f5278d
Assume strerror(3) exists
...
ISO C99 requires strerror(3).
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
5e8df2b2b5
Assume fputs(3) exists
...
ISO C99 requires fputs(3).
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
c26b682381
Assume <locale.h> exists
...
ISO C99 requires <locale.h>.
Other files in the project already include <locale.h> unconditionally,
so it's reasonable to assume that it is always available.
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
d34c834ea8
Remove unused check for <limits.h>
...
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
1eaa30756e
Assume <errno.h> exists
...
ISO C99 requires <errno.h>.
Many files in the project already include <errno.h> unconditionally,
so it's reasonable to assume that it is always available.
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
c4d9dcacc9
Assume <stdbool.h> exists
...
ISO C99 requires <stdbool.h>.
Many files in the project already include <stdbool.h> unconditionally,
so it's reasonable to assume that it is always available.
Link: <https://github.com/shadow-maint/shadow/pull/600 >
Cc: Christian Göttsche <cgzones@googlemail.com >
Cc: Iker Pedrosa <ipedrosa@redhat.com >
Cc: Mike Frysinger <vapier@gentoo.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-12 09:16:43 +01:00
ed6c505312
Add '62_usermod_remove_supplementary_groups' test case to test runner scripts (run_some)
2022-12-11 10:58:37 -06:00
f2bcb7a1b8
Add '62_usermod_remove_supplementary_groups' test case to test runner scripts (run_all, run_all.coverage)
2022-12-11 10:58:37 -06:00
20f8ead9ec
Add regression test for 'usermod -rG' -- it should not add users to groups they did not previously belong to
2022-12-11 10:58:37 -06:00
899f7a43b1
Preparation / clarity: rename existing usermod test from 'remove_supplemental_groups' to 'clear_supplemental_groups'
2022-12-11 10:58:37 -06:00
2a5b8810bb
agetpass: Hook into build-system
...
Signed-off-by: Guillem Jover <guillem@hadrons.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-05 10:47:19 +01:00
ab91ec10b4
Hide [[gnu::malloc(deallocator)]] in a macro
...
Clang doesn't implement this attribute and reports an error. Work
around it by hiding it in a macro that will be empty in clang.
Reported-by: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-05 10:47:19 +01:00
554f86bafa
Replace the deprecated getpass(3) by our agetpass()
...
getpass(3) is broken in all implementations; in some, more than
others, but somewhat broken in all of them. Check the immediate
previous commit, which added the functions, for more details.
Check also the Linux man-pages commit that marked it as
deprecated, for more details:
7ca189099d73bde954eed2d7fc21732bcc8ddc6b.
Link: <https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit?id=7ca189099d73bde954eed2d7fc21732bcc8ddc6b >
Reported-by: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-05 10:47:19 +01:00
155c9421b9
libmisc: agetpass(), erase_pass(): Add functions for getting passwords safely
...
There are several issues with getpass(3).
Many implementations of it share the same issues that the infamous
gets(3). In glibc it's not so terrible, since it's a wrapper
around getline(3). But it still has an important bug:
If the password is long enough, getline(3) will realloc(3) memory,
and prefixes of the password will be laying around in some
deallocated memory.
See the getpass(3) manual page for more details, and especially
the commit that marked it as deprecated, which links to a long
discussion in the linux-man@ mailing list.
So, readpassphrase(3bsd) is preferrable, which is provided by
libbsd on GNU systems. However, using readpassphrase(3) directly
is a bit verbose, so we can write our own wrapper with a simpler
interface similar to that of getpass(3).
One of the benefits of writing our own interface around
readpassphrase(3) is that we can hide there any checks that should
be done always and which would be error-prone to repeat every
time. For example, check that there was no truncation in the
password.
Also, use malloc(3) to get the buffer, instead of using a global
buffer. We're not using a multithreaded program (and it wouldn't
make sense to do so), but it's nice to know that the visibility of
our passwords is as limited as possible.
erase_pass() is a clean-up function that handles all clean-up
correctly, including zeroing the entire buffer, and then
free(3)ing the memory. By using [[gnu::malloc(erase_pass)]], we
make sure that we don't leak the buffers in any case, since the
compiler will be able to enforce clean up.
Link: <https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit?id=7ca189099d73bde954eed2d7fc21732bcc8ddc6b >
Reported-by: Christian Göttsche <cgzones@googlemail.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-05 10:47:19 +01:00
8cce4557e0
Don't 'else' after a 'noreturn' call
...
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-12-05 10:47:19 +01:00
99ce21a313
CI: add libbsd and pkg-config dependencies
...
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com >
Co-developed-by: Alejandro Colomar <alx@kernel.org >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-11-28 09:07:41 -06:00
a281f241b5
Fix HAVE_SHADOWGRP configure check
...
The missing #include <gshadow.h> causes the configure check to fail
spuriously, resulting in HAVE_SHADOWGRP not being defined even
on systems that actually have sgetsgent (such as current glibc).
2022-11-21 08:06:14 -06:00
e8d2bc8d8b
Allow supplementary groups to be added via config file
...
Allow supplementary groups to be set via the /etc/default/useradd config
file. Allowing an administrator to set additonal groups via the GROUPS
configurable and control the default behaviour of useradd.
2022-11-18 15:10:56 -06:00
e0524e813a
useradd: check if subid range exists for user
...
Check if a user already has a subid range before assigning one.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2012929
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com >
2022-11-18 09:04:42 -06:00
24b44b686e
Release 4.13
...
Signed-off-by: Serge Hallyn <serge@hallyn.com >
2022-11-08 10:29:30 -06:00
690bd8a878
update changelog
2022-11-08 10:28:10 -06:00
90424e7c20
Don't warn when failed to open /etc/nsswitch.conf
...
Maybe we should have a debug mode where it's still printed, but
we don't, so let's be quieter.
Closes #557
2022-11-08 10:18:17 -06:00
eaebea55a4
useradd: Fix buffer overflow when using a prefix
...
The buffer length did not count the string's trailing null byte.
Signed-off-by: David Michael <fedora.dm0@gmail.com >
2022-10-24 16:15:13 -05:00
0336454503
adduser-old.c: Remove program
...
This program has 10 calls to gets(3) according to grep(1). That
makes it a very unsafe program which should not be used at all.
Let's kill the program already.
See what gets(3) has to say:
SYNOPSIS
#include <stdio.h>
[[deprecated]] char *gets(char *s);
DESCRIPTION
Never use this function.
...
BUGS
Never use gets(). Because it is impossible to tell with‐
out knowing the data in advance how many characters
gets() will read, and because gets() will continue to
store characters past the end of the buffer, it is ex‐
tremely dangerous to use. It has been used to break com‐
puter security. Use fgets() instead.
For more information, see CWE‐242 (aka "Use of Inherently
Dangerous Function") at http://cwe.mitre.org/data/defini‐
tions/242.html
Acked-by: "Serge E. Hallyn" <serge@hallyn.com >
Signed-off-by: Alejandro Colomar <alx@kernel.org >
2022-10-17 09:06:08 -05:00
16afe18142
Raise limit for passwd and shadow entry length
...
Moreover, include checks to prevent writing entries longer than the
length limit.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1422497
Signed-off-by: Tomáš Mráz <tm@t8m.info >
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com >
2022-10-14 10:41:40 +02:00
fbf275da19
lastlog: check for localtime() return value
...
Signed-off-by: Tomáš Mráz <tm@t8m.info >
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com >
2022-10-07 09:53:02 -05:00
1e5f9a72b0
man: add missing space in useradd.8.xml
...
Resolves: https://github.com/shadow-maint/shadow/issues/580
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com >
2022-10-07 12:35:35 +02:00
e5db28a4bf
fix usermod -rG x y while user y is not in group x will cause user y add into group x
2022-10-06 20:29:44 -05:00
