Commit Graph

2398 Commits

Author SHA1 Message Date
Serge Hallyn
88c1a6d98d Update README to point to new alioth list urls
Closes #195.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-01-11 14:50:55 -06:00
Serge Hallyn
ef095ceef1
Merge pull request #206 from edneville/123_log_ssh_original_command_in_nologin
Adding logging of SSH_ORIGINAL_COMMAND to nologin.
2020-01-11 14:47:57 -06:00
ed
4c9ec2f5a4 Adding logging of SSH_ORIGINAL_COMMAND to nologin.
If SSH_ORIGINAL_COMMAND is set, it will be added to the syslog entry.

Closes #123.

Changelog: (SEH squashed commit): Fixing indentation
Changelog: (SEH) break up long line
2020-01-11 14:46:52 -06:00
Serge Hallyn
d7add53f06 add changelog entry about account-tools-setuid
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-12-20 00:14:13 -06:00
Serge Hallyn
2aa7427e2b
Merge pull request #205 from Blub/2019-12-19/bail-on-error-in-for-loops
Makefile: bail out on error in for-loops
2019-12-20 00:08:32 -06:00
Serge Hallyn
1ec36eabb2
Merge pull request #199 from falconindy/master
Don't auto-enable ACCT_TOOLS_SETUID if PAM is detected
2019-12-20 00:07:23 -06:00
Serge Hallyn
bd3c39f1c8
Merge pull request #201 from michaelweiser/groupmems-man
man: Don't suggest making groupmems user-writeable
2019-12-19 14:49:45 -06:00
Wolfgang Bumiller
258944e331 Makefile: bail out on error in for-loops
`make` runs each line in a shell and bails out on error,
however, the shell is not started with `-e`, so commands in
`for` loops can fail without the error actually causing
`make` to bail out with a failure status.

For instance, the following make snippet will end
successfully, printing 'SUCCESS', despite the first `chmod`
failing:

    all:
        touch a b
        for i in a-missing-file a b; do \
            chmod 666 $$i; \
        done
        @echo SUCCESS

To prevent wrong paths in install scripts from remaining
unnoticed, let's activate `set -e` in the `for` loop
subshells.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-12-19 18:54:30 +01:00
Christian Brauner
51d65f37e5
Merge pull request #203 from Rushi98/master
Deduplicate usermod manual (fixes #202)
2019-12-18 11:46:20 +01:00
Rushikesh Jogdand
0f332f48bc Deduplicate usermod manual (fixes #202)
Changelog:
1) modified:   man/usermod.8.xml
   Removed duplicate "badnames" options entry.
2019-12-18 11:20:40 +05:30
Michael Weiser
a73d4aee75 man: Don't suggest making groupmems user-writeable
Suggesting mode 2770 is dangerous because it makes the binary writeable
by all members of the owning group which is supposed to be normal
end-users. Suggest 2710 instead as is usual for s[ug]id binaries,
allowing execution but neither reading nor writing.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
2019-12-17 21:27:46 +01:00
Christian Brauner
7f53048875
Merge pull request #200 from jubalh/sel1
selinux: include stdio
2019-12-17 13:43:56 +01:00
Michael Vetter
b1a5cda91e selinux: include stdio
We use fprintf(), stderr etc, so we should include stdio.h.
2019-12-17 13:40:47 +01:00
Dave Reisner
66b7bc0dcf Don't auto-enable ACCT_TOOLS_SETUID if PAM is detected
Here's a sad story:

* 70971457 is merged into shadow, allowing newgidmap/newuidmap to be
installed with file caps rather than setuid.
* https://bugs.archlinux.org/task/63248 is filed to take advantage of
this.
* The arch maintainer of the 'shadow' package notices that this doesn't
work, and submits a pull request to fix this in shadow.
* edf7547ad5 is merged, fixing the post install hooks.

The problem here is that distros have been building shadow with PAM for
O(years), but the install hooks have silently failed due to the
combination of the directory mismatch (suidubins vs suidsbins) and later
success with setuid'ing newgidmap/newuidmap.

With the install hooks fixed, those of us (Arch[1] and Gentoo[2] so far)
who never built shadow explicitly with --enable-account-tools-setuid are
now getting setuid account tools, and don't have PAM configuration
suitable for use with setuid account management tools.

It's entirely unclear to me why you'd want this, but I assume there's
some reason out there for it existing. Regardless, setuid binaries are
dangerous and shouldn't be enabled by default without good reason.

[1] https://bugs.archlinux.org/task/64836
[2] https://bugs.gentoo.org/702252
2019-12-16 14:22:32 -05:00
Serge Hallyn
eaaac67d4f
Merge pull request #197 from chutz/revert-bindir-sbindir-change
Revert "Honor --sbindir and --bindir for binary installation"
2019-12-01 20:28:21 -06:00
Patrick McLean
3cc3948d71 Revert "Honor --sbindir and --bindir for binary installation"
This reverts commit e293aa9cfc.

See https://github.com/shadow-maint/shadow/issues/196

Some distros still care about `/bin` vs `/usr/bin`. This commit makes
it so all binaries are always installed to `/bin`/`/sbin`. The only way to
restore the previous behaviour of installing some binaries to
`/usr/bin`/`/usr/sbin` is to revert the patch.
2019-12-01 13:59:52 -08:00
Serge Hallyn
08096ed24a
Merge pull request #194 from jubalh/contr
Add myself to contributors
2019-12-01 11:46:13 -06:00
Michael Vetter
92a678c250 Add myself to contributors 2019-12-01 18:37:38 +01:00
Serge Hallyn
81de782d1e Release 4.8
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-12-01 11:36:13 -06:00
Serge Hallyn
d83eccdded fix type in po/POTFILES.in
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-12-01 11:36:13 -06:00
Serge Hallyn
681b66b13c
Merge pull request #179 from seitokaichou/master
WIP: Initial bcrypt support
2019-12-01 11:02:23 -06:00
prez
2958bd050b Initial bcrypt support 2019-12-01 11:00:57 -06:00
Serge Hallyn
38f493aff2
Merge pull request #192 from Polynomial-C/optional_su
build: Make build/installation of su and its support files optional
2019-12-01 10:51:21 -06:00
Lars Wendler
19bac44dde
build: Make build/installation of su and its support files optional
Enabled by default
This is necessary because coreutils and util-linux can also provide su

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
2019-11-19 11:28:45 +01:00
Christian Brauner
b49712ed32
Merge pull request #191 from topimiettinen/sync-passwd-5-and-shadow-5
man: sync and reorder password field descriptions
2019-11-16 15:06:03 +01:00
Topi Miettinen
cdbe1310cc
man: sync and reorder password field descriptions
Synchronize how passwd(5) and shadow(5) describe the password field.
Reorder the descriptions more logically.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2019-11-16 15:35:08 +02:00
Serge Hallyn
b462f5335f
Merge pull request #190 from jubalh/fixtypo
Fix typo in access of shell command
2019-11-12 07:12:06 -06:00
Michael Vetter
115a4e89e2 Fix typo in access of shell command
Fix typo in 88fa0651bf.
For some reason my git push -f seems not to have worked.
2019-11-12 08:38:08 +01:00
Serge Hallyn
9d935d9be1
Merge pull request #189 from hallyn/2019-11-11/vpiw
Fix vipw not resuming correctly when suspended
2019-11-11 20:22:49 -06:00
Todd C. Miller
7eca1112fb Fix vipw not resuming correctly when suspended
Closes #185

If vipw is suspended (e.g. via control-Z) and then resumed, it often gets
immediately suspended. This is easier to reproduce on a multi-core system.

root@buster:~# /usr/sbin/vipw

[1]+  Stopped                 /usr/sbin/vipw
root@buster:~# fg
/usr/sbin/vipw

[1]+  Stopped                 /usr/sbin/vipw

root@buster:~# fg
[vipw resumes on the second fg]

The problem is that vipw forks a child process and calls waitpid() with the
WUNTRACED flag. When the child process (running the editor) is suspended, the
parent sends itself SIGSTOP to suspend the main vipw process. However, because
the main vipw is in the same process group as the editor which received the ^Z,
the kernel already sent the main vipw SIGTSTP.

If the main vipw receives SIGTSTP before the child, it will be suspended and
then, once resumed, will proceed to suspend itself again.

To fix this, run the child process in its own process group as the foreground
process group. That way, control-Z will only affect the child process and the
parent can use the existing logic to suspend the parent.
2019-11-11 20:19:57 -06:00
Serge Hallyn
fe2a266c50
Merge pull request #188 from rbalint/pot
Allow translation of new strings by adding new files to POTFILES.in
2019-11-11 18:12:36 -06:00
Serge Hallyn
e97df9b1ec
Merge pull request #187 from jubalh/useradd-s
useradd: check for valid shell argument
2019-11-11 18:10:56 -06:00
Miroslav Kure
d048459d36 [i18n] Allow translation of new strings by adding new files to POTFILES.in 2019-11-11 16:44:04 +01:00
Michael Vetter
88fa0651bf useradd: check for valid shell argument
Check whether shell argument given with `-s` is actually present and executable.
And is not a directory.

Fix https://github.com/shadow-maint/shadow/issues/186
2019-11-11 13:46:25 +01:00
Serge Hallyn
4e038f3ae7
Merge pull request #184 from FRidh/itstool
man: generate translations using itstool instead of xml2po
2019-11-05 08:58:13 -06:00
Frederik Rietdijk
6c6c8d3a33 man: generate translations using itstool instead of xml2po
This patch was taken from Fedora Rawhide
b41cff1956/f/shadow-4.6-use-itstool.patch
2019-11-03 13:04:17 +01:00
Serge Hallyn
a8a921184f
Merge pull request #183 from cgzones/selinux
migrate to new SELinux api
2019-10-28 23:40:06 -05:00
Christian Göttsche
cbd2472b7c migrate to new SELinux api
Using hard-coded access vector ids is deprecated and can lead to issues with custom SELinux policies.
Switch to `selinux_check_access()`.

Also use the libselinux log callback and log if available to audit.
This makes it easier for users to catch SELinux denials.

Drop legacy shortcut logic for passwd, which avoided a SELinux check if uid 0 changes a password of a user which username equals the current SELinux user identifier.
Nowadays usernames rarely match SELinux user identifiers and the benefit of skipping a SELinux check is negligible.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2019-10-22 14:56:31 +02:00
Serge Hallyn
a0efca4581 remove unused fn commonio_next
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:51 -05:00
Serge Hallyn
4e1da34601 compile warnings: Zflg unused when !selinux
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:51 -05:00
Serge Hallyn
b03df41906 remove unused variables
parent, user_id, and group_id are unused.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:32 -05:00
Serge Hallyn
8ca6eea938
Merge pull request #181 from pan93412/master
l10n(zh_TW): update translations
2019-10-07 09:00:19 -05:00
pan93412
1c2ad5e6b9 l10n(zh_TW): update translations 2019-10-07 18:26:33 +08:00
Serge Hallyn
991fee82df
Merge pull request #180 from thkukuk/libeconf
Add support for a vendor directory and libeconf
2019-10-05 22:34:29 -05:00
Thorsten Kukuk
b52ce71c27 Add support for a vendor directory and libeconf
With this, it is possible for Linux distributors to store their
supplied default configuration files somewhere below /usr, while
/etc only contains the changes made by the user. The new option
--enable-vendordir defines where the shadow suite should additional
look for login.defs if this file is not in /etc.
libeconf is a key/value configuration file reading library, which
handles the split of configuration files in different locations
and merges them transparently for the application.
2019-10-05 22:17:49 -05:00
Serge Hallyn
e78d22469f
Merge pull request #177 from edneville/conflicts_between_system_users_useradd_and_pwck
pwck.c: only check home dirs if set and not a system user
2019-10-05 22:08:08 -05:00
ed
c4e8b411d4 pwck.c: only check home dirs if set and not a system user
Closes #126

Changelog: pwck, better to look at array than to use strnlen.
2019-10-05 22:04:37 -05:00
Serge Hallyn
3a51b90145
Merge pull request #176 from edneville/force_bad_name
chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that…
2019-10-04 16:41:39 -07:00
ed
a2cd3e9ef0 chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that do not conform to standards
Closes #121.

Changelog: squashed commits fixing tab style
Changelog: update 'return true' to match file's style (no parens).
2019-10-04 18:40:41 -05:00
ed@s5h.net
1cbb562c23 lib/sgetgrent.c: change to warn when data remains 2019-10-04 18:30:41 -05:00