]> granicus.if.org Git - shadow/log
shadow
7 years agoRemove unnecessary static variable usage
Adam Majer [Mon, 20 Feb 2017 13:46:18 +0000 (14:46 +0100)]
Remove unnecessary static variable usage

7 years agoAdd error handling in case exec fails
Josef Möllers [Mon, 20 Feb 2017 13:32:37 +0000 (14:32 +0100)]
Add error handling in case exec fails

We should print error message if exec fails, for some reason.

7 years agoUpdate changelog
Serge Hallyn [Sat, 11 Feb 2017 15:03:56 +0000 (09:03 -0600)]
Update changelog

7 years agouseradd: Read defaults after changing root directories
David Michael [Wed, 8 Feb 2017 23:48:36 +0000 (15:48 -0800)]
useradd: Read defaults after changing root directories

This reverts the behavior of "useradd --root" to using the settings
from login.defs in the target root directory, not the root of the
executed useradd command.

7 years agoDeleted a misplaced semicolon.
Josef Moellers [Fri, 10 Feb 2017 13:52:26 +0000 (14:52 +0100)]
Deleted a misplaced semicolon.

7 years agoUpdate Kazakh translation
Baurzhan Muftakhidinov [Tue, 7 Feb 2017 12:09:54 +0000 (17:09 +0500)]
Update Kazakh translation

Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoMerge pull request #59 from rbalint/master
Serge Hallyn [Sun, 5 Feb 2017 02:27:17 +0000 (20:27 -0600)]
Merge pull request #59 from rbalint/master

Patches from the Debian BTS

7 years agoUpdate changelog
Serge Hallyn [Sun, 29 Jan 2017 20:49:03 +0000 (14:49 -0600)]
Update changelog

7 years agoDon't crash on bogus keys in login.defs if PAM is enabled
Bernhard Rosenkränzer [Thu, 26 Jan 2017 15:48:48 +0000 (16:48 +0100)]
Don't crash on bogus keys in login.defs if PAM is enabled

Without this patch, PAM enabled builds crash when encountering an
invalid key in login.defs or key overrides because of array overflows

To reproduce, simply
useradd -K Windows=broken

Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agozh_TW.po: Remove duplicated Plural-Forms
Jakub Wilk [Tue, 24 Jan 2017 20:21:48 +0000 (21:21 +0100)]
zh_TW.po: Remove duplicated Plural-Forms

Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoChangelog for last commit
Serge Hallyn [Sun, 29 Jan 2017 20:38:44 +0000 (14:38 -0600)]
Changelog for last commit

7 years agoMake the group and user allocation more effective.
Tomas Mraz [Tue, 15 Nov 2016 14:43:54 +0000 (15:43 +0100)]
Make the group and user allocation more effective.

Previously, the allocation was optimized for an outdated
deployment style (that of /etc/group alongside nss_db). The issue
here is that this results in extremely poor performance when using
SSSD, Winbind or nss_ldap.

There were actually two serious bugs here that have been addressed:

1) Running getgrent() loops won't work in most SSSD or Winbind
environments, as full group enumeration is disabled by default.
This could easily result in auto-allocating a group that was
already in use. (This might result in a security issue as well, if
the shared GID is a privileged group).

2) For system groups, the loop was always iterating through the
complete SYS_GID_MIN->SYS_GID_MAX range. On SSSD and Winbind, this
means hundreds of round-trips to LDAP (unless the GIDs were
specifically configured to be ignored by the SSSD or winbindd).
To a user with a slow connection to their LDAP server, this would
appear as if groupadd -r was hung. (Though it would eventually
complete).

This patch changes the algorithm to be more favorable for LDAP
environments, at the expense of some performance when using nss_db.
Given that the DB is a local service, this should have a negligible
effect from a user's perspective.

With the new algorithm, we simply first iterate through all entries
in the local database with gr_next(), recording the IDs that are in
use. We then start from the highest presumed-available entry and
call getgrgid() to see if it is available. We continue this until
we come to the first unused GID. We then select that and return it.

If we make it through all the remaining IDs without finding a free
one, we start over from the beginning of the range and try to find
room in one of the gaps in the range.

The patch was originally written by Stephen Gallagher and applied
identically also to the user allocation by Tomáš Mráz.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoFix some spelling issues in the Norwegian translation
Lars Bahner [Thu, 19 Jan 2017 16:50:24 +0000 (17:50 +0100)]
Fix some spelling issues in the Norwegian translation

7 years agoFrench manpage translation
Thomas Blein [Thu, 19 Jan 2017 16:39:42 +0000 (17:39 +0100)]
French manpage translation

7 years agoUpdate for German man pages
Holger Wansing [Thu, 19 Jan 2017 16:34:34 +0000 (17:34 +0100)]
Update for German man pages

7 years agoUpdated Czech translation
Miroslav Kuře [Thu, 19 Jan 2017 16:26:22 +0000 (17:26 +0100)]
Updated Czech translation

7 years agoDutch translation update
Frans Spiesschaert [Thu, 19 Jan 2017 16:15:11 +0000 (17:15 +0100)]
Dutch translation update

7 years agoLast bits of enabling subuids
Micah Anderson [Wed, 18 Jan 2017 17:06:05 +0000 (18:06 +0100)]
Last bits of enabling subuids

This patch has been carried by Debian, originally
submitted to BTS in #739981

7 years agoTypos fix in german translation of man pages
Simon Kainz [Wed, 18 Jan 2017 16:24:04 +0000 (17:24 +0100)]
Typos fix in german translation of man pages

Reported to Debian BTS in #734609

7 years agoReplace user´s -> user's to make login.def files valid ASCII instead of UTF-8
Balint Reczey [Wed, 18 Jan 2017 15:54:51 +0000 (16:54 +0100)]
Replace user´s -> user's to make login.def files valid ASCII instead of UTF-8

The Unicode character caused issues in LANG=C environment.
See Debian bug #850338 for details.

7 years agoUpdate changelog
Serge Hallyn [Wed, 21 Dec 2016 18:58:05 +0000 (12:58 -0600)]
Update changelog

7 years agoUpdate _COMMONIO_H and _SHADOWIO_H to drop leading underscore
Serge Hallyn [Wed, 21 Dec 2016 18:44:59 +0000 (12:44 -0600)]
Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore

Closes #23

Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoMerge pull request #58 from juiceme/master
Serge Hallyn [Wed, 21 Dec 2016 18:41:39 +0000 (12:41 -0600)]
Merge pull request #58 from juiceme/master

shadow: Add auditing support to su

7 years agoFix s/from/to/ in usermod.c error message
Serge Hallyn [Wed, 21 Dec 2016 18:40:03 +0000 (12:40 -0600)]
Fix s/from/to/ in usermod.c error message

Closes #49

Signed-off-by: Serge Hallyn <serge@hallyn.com>
7 years agoReset user in tallylog
Michael Vetter [Wed, 19 Oct 2016 12:40:59 +0000 (14:40 +0200)]
Reset user in tallylog

The useradd application resets the user data in /var/log/faillog, if it
exists and a new user is created.

pam_tally2 is used in many distributions.

Check for /var/log/tallylog and reset the user there.

Patch was written by Josef Moellers <jmoellers@suse.de>.

https://bugzilla.suse.com/show_bug.cgi?id=980486

7 years agoshadow: Add auditing support to su
Jussi Ohenoja [Tue, 13 Dec 2016 16:44:19 +0000 (18:44 +0200)]
shadow: Add auditing support to su

This patch extends the auditing feature used in login to su.

Signed-off-by: Jussi Ohenoja <jussi.ohenoja@nokia.com>
7 years agoMerge pull request #17 from wking/includes-to-am-cppflags
Serge Hallyn [Wed, 7 Dec 2016 06:01:54 +0000 (00:01 -0600)]
Merge pull request #17 from wking/includes-to-am-cppflags

*/Makefile.am: Replace INCLUDES with AM_CPPFLAGS

7 years agoRevert "Add files via upload"
Serge Hallyn [Wed, 7 Dec 2016 05:31:58 +0000 (23:31 -0600)]
Revert "Add files via upload"

This has caused build errors.  Please feel free to re-submit.

This reverts commit 93e3044c6d2f984ec262bd7e1452ffb3da74964f.

7 years agoMerge pull request #55 from glensc/travis2
Serge Hallyn [Wed, 7 Dec 2016 05:27:19 +0000 (23:27 -0600)]
Merge pull request #55 from glensc/travis2

enable travis integration

7 years agoMerge pull request #52 from vapier/master
Serge Hallyn [Wed, 7 Dec 2016 05:24:42 +0000 (23:24 -0600)]
Merge pull request #52 from vapier/master

autotools refresh

7 years agoMerge pull request #53 from vapier/prototypes
Serge Hallyn [Wed, 7 Dec 2016 05:23:17 +0000 (23:23 -0600)]
Merge pull request #53 from vapier/prototypes

include getdef.h for getdef_bool prototype

7 years agorun travis
Elan Ruusamäe [Mon, 5 Dec 2016 22:30:17 +0000 (00:30 +0200)]
run travis

7 years agoinclude getdef.h for getdef_bool prototype
Mike Frysinger [Mon, 5 Dec 2016 22:15:29 +0000 (17:15 -0500)]
include getdef.h for getdef_bool prototype

Otherwise we get build warnings like:
sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]

7 years agoenable silent build output by default
Mike Frysinger [Mon, 5 Dec 2016 21:02:55 +0000 (16:02 -0500)]
enable silent build output by default

Enable the automake feature to produce silent output by default.
When compiling code, we now see things like:
$ make
  CC       addgrps.o
  CC       age.o
  CC       audit_help.o
...

This can be disabled via configure's --disable-silent-rules or
by passing V=1 to make.

Custom output (like in the man subdirs) don't (yet) respect this
feature.  More work will be needed to clean those up.

7 years agoman: make clean-local more robust
Mike Frysinger [Mon, 5 Dec 2016 21:02:19 +0000 (16:02 -0500)]
man: make clean-local more robust

If the subdirs aren't empty, the rmdir calls can fail.  Simplify this
code by just using `rm -rf` since that matches what we really want.

7 years agoswitch bz2 dist to xz
Mike Frysinger [Mon, 5 Dec 2016 20:57:34 +0000 (15:57 -0500)]
switch bz2 dist to xz

Since xz is fairly common nowadays, and is typically smaller/faster than
bzip2 for people to decompress, switch shadow over too.  We also merge
the two init locations into configure.ac to match newer autotools style.

The min automake version is bumped to 1.11 too since that's when xz was
released.

7 years agoignore config.cache & dist files
Mike Frysinger [Mon, 5 Dec 2016 20:48:10 +0000 (15:48 -0500)]
ignore config.cache & dist files

config.cache is generated when running `./configure -C`.

The tarballs are generated when running `make dist`.

7 years agoconfigure: avoid deprecated AC_INIT/AM_INIT_AUTOMAKE invocation
Mike Frysinger [Mon, 5 Dec 2016 20:43:20 +0000 (15:43 -0500)]
configure: avoid deprecated AC_INIT/AM_INIT_AUTOMAKE invocation

The autoconf/automake guys want AC_INIT to be passed the details of the
package directly rather than going through AM_INIT_AUTOMAKE.  Update them
both to use the newer style.

This also allows us to pass in contact details for the project.

We set the minimum autoconf version to 2.64 as that's the first one to
support passing the homepage URL in to AC_INIT.  That's a pretty old
release by now, so it shouldn't be a problem.

7 years agoupdate Changelog
Serge Hallyn [Fri, 2 Dec 2016 22:15:28 +0000 (16:15 -0600)]
update Changelog

7 years agoMerge pull request #48 from t8m/fedora
Serge Hallyn [Fri, 2 Dec 2016 22:14:24 +0000 (16:14 -0600)]
Merge pull request #48 from t8m/fedora

Four simple patches from the Fedora package to merge

7 years agoupdate changelog, finally
Serge Hallyn [Fri, 2 Dec 2016 19:41:49 +0000 (13:41 -0600)]
update changelog, finally

7 years agoMerge pull request #50 from m4sk1n/master
Serge Hallyn [Fri, 25 Nov 2016 17:58:14 +0000 (11:58 -0600)]
Merge pull request #50 from m4sk1n/master

update Polish translation

7 years agoMerge pull request #1 from m4sk1n/pl-translation-update
m4sk1n [Thu, 24 Nov 2016 08:16:48 +0000 (09:16 +0100)]
Merge pull request #1 from m4sk1n/pl-translation-update

Add files via upload

7 years agoAdd files via upload
m4sk1n [Thu, 24 Nov 2016 08:07:41 +0000 (09:07 +0100)]
Add files via upload

81% completed

7 years agoMerge pull request #43 from Blub/suidbins-rule-fixup
Serge Hallyn [Sat, 19 Nov 2016 02:13:48 +0000 (20:13 -0600)]
Merge pull request #43 from Blub/suidbins-rule-fixup

buildsys: fix suidubins assignments

7 years agosnprintf() always terminates output with \0
Tomas Mraz [Tue, 15 Nov 2016 15:05:44 +0000 (16:05 +0100)]
snprintf() always terminates output with \0

7 years agoKeep the permissions of the original file when creating a backup.
Tomas Mraz [Tue, 15 Nov 2016 15:04:24 +0000 (16:04 +0100)]
Keep the permissions of the original file when creating a backup.

7 years agoAudit the home directory ownership change.
Tomas Mraz [Tue, 15 Nov 2016 15:03:40 +0000 (16:03 +0100)]
Audit the home directory ownership change.

7 years agoPrint error message if SELinux file context manipulation fails.
Tomas Mraz [Tue, 15 Nov 2016 15:00:51 +0000 (16:00 +0100)]
Print error message if SELinux file context manipulation fails.

8 years agoMerge pull request #44 from evgeni/man-subuid-spelling
Serge Hallyn [Wed, 9 Nov 2016 23:05:33 +0000 (17:05 -0600)]
Merge pull request #44 from evgeni/man-subuid-spelling

man: fix --{add,del}-sub{g,u}ids spelling

8 years agoman: fix --{add,del}-sub{g,u}ids spelling
Evgeni Golov [Wed, 9 Nov 2016 21:23:18 +0000 (22:23 +0100)]
man: fix --{add,del}-sub{g,u}ids spelling

docs wrongly had a hyphen between sub and uids/gids

8 years agobuildsys: fix suidubins assignments
Wolfgang Bumiller [Sat, 5 Nov 2016 14:51:13 +0000 (15:51 +0100)]
buildsys: fix suidubins assignments

These assignments were pasted as is into the Makefile and
ended up as part of a rule. (Usually the .PRECIOUS rule
which is why the build system never attempted to execute it
as commands, hiding the problem.)

Signed-off-by: Wolfgang Bumiller <wry.git@bumiller.com>
Reported-by: Rahel A <ra00177@surrey.ac.uk>
8 years agoMerge pull request #42 from jubalh/maint
Serge Hallyn [Fri, 4 Nov 2016 14:01:16 +0000 (09:01 -0500)]
Merge pull request #42 from jubalh/maint

Update README with current maintainer

8 years agoUpdate README with current maintainer
Michael Vetter [Wed, 2 Nov 2016 08:30:05 +0000 (09:30 +0100)]
Update README with current maintainer

8 years agoMerge pull request #41 from selkfoster/master
Serge Hallyn [Thu, 20 Oct 2016 00:29:43 +0000 (19:29 -0500)]
Merge pull request #41 from selkfoster/master

Remove non-POSIX option in chmod(1) used for src/Makefile.am

8 years agoRemove non-POSIX option in chmod(1) used for src/Makefile.am
Matias A. Fonzo [Tue, 18 Oct 2016 18:46:27 +0000 (15:46 -0300)]
Remove non-POSIX option in chmod(1) used for src/Makefile.am

8 years agoUpdate Vietnamese translations
Trần Ngọc Quân [Thu, 6 Oct 2016 17:15:19 +0000 (12:15 -0500)]
Update Vietnamese translations

8 years agoMerge pull request #33 from t8m/master
Serge Hallyn [Wed, 21 Sep 2016 14:12:15 +0000 (09:12 -0500)]
Merge pull request #33 from t8m/master

Fix regression in useradd not loading defaults properly.

8 years agoMerge pull request #36 from atsampson/master
Serge Hallyn [Tue, 20 Sep 2016 13:14:28 +0000 (08:14 -0500)]
Merge pull request #36 from atsampson/master

Add missing size args to snprintf calls.

8 years agoUse sizeof rather than hardcoding snprintf's size argument.
Adam Sampson [Thu, 15 Sep 2016 15:54:42 +0000 (16:54 +0100)]
Use sizeof rather than hardcoding snprintf's size argument.

8 years agorelease 4.4 4.4
Serge Hallyn [Sun, 18 Sep 2016 23:34:57 +0000 (18:34 -0500)]
release 4.4

8 years agosu.c: fix missing length argument to snprintf
Serge Hallyn [Mon, 19 Sep 2016 02:31:18 +0000 (21:31 -0500)]
su.c: fix missing length argument to snprintf

8 years agoupdate translations
Serge Hallyn [Sun, 18 Sep 2016 23:23:49 +0000 (18:23 -0500)]
update translations

8 years agoFix regression in useradd not loading defaults properly.
Tomas Mraz [Thu, 25 Aug 2016 09:20:34 +0000 (11:20 +0200)]
Fix regression in useradd not loading defaults properly.

The get_defaults() has to be called before processing the flags.

Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org>
8 years agoconfigure.ac: release 4.3.1 4.3.1
Serge Hallyn [Mon, 15 Aug 2016 03:59:23 +0000 (22:59 -0500)]
configure.ac: release 4.3.1

Signed-off-by: Serge Hallyn <serge@hallyn.com>
8 years agoidmapping: add more checks for overflow
Serge Hallyn [Sun, 14 Aug 2016 23:05:00 +0000 (18:05 -0500)]
idmapping: add more checks for overflow

At this point they are redundant but should be safe.  Thanks to
Sebastian Krahmer for the first check.

8 years agoalso check upper for wrap
Serge Hallyn [Fri, 5 Aug 2016 22:16:48 +0000 (17:16 -0500)]
also check upper for wrap

8 years agoMerge pull request #30 from jwilk/spelling
Serge Hallyn [Fri, 5 Aug 2016 16:59:45 +0000 (11:59 -0500)]
Merge pull request #30 from jwilk/spelling

man: Fix typos

8 years agoMerge pull request #29 from hemio-ev/lower-su-syslog-priority
Serge Hallyn [Fri, 5 Aug 2016 16:59:15 +0000 (11:59 -0500)]
Merge pull request #29 from hemio-ev/lower-su-syslog-priority

Reduces syslog priority of common usage events

8 years agoman: Fix typos
Jakub Wilk [Fri, 5 Aug 2016 16:50:51 +0000 (18:50 +0200)]
man: Fix typos

8 years agoMerge pull request #24 from stoeckmann/typos
Serge Hallyn [Fri, 5 Aug 2016 04:39:25 +0000 (23:39 -0500)]
Merge pull request #24 from stoeckmann/typos

Fixed typos in new{g,u}idmap tools.

8 years agoMerge pull request #25 from stoeckmann/sigrace
Serge Hallyn [Fri, 5 Aug 2016 04:38:24 +0000 (23:38 -0500)]
Merge pull request #25 from stoeckmann/sigrace

Fixed signal races in shadow tools.

8 years agoReduces syslog priority of common usage events
Michael Herold [Thu, 4 Aug 2016 20:17:31 +0000 (22:17 +0200)]
Reduces syslog priority of common usage events

- Log INFO instead of ERR on `su missing-user`
- Log NOTICE/WARN instead of ERR on pam_authenticate failure (wrong password for example)

8 years agoSimplify getulong
Sebastian Krahmer [Wed, 3 Aug 2016 16:51:07 +0000 (11:51 -0500)]
Simplify getulong

Use strtoul to read an unsigned long, rather than reading
a signed long long and casting it.

https://bugzilla.suse.com/show_bug.cgi?id=979282

8 years agoget_map_ranges: check for overflow
Serge Hallyn [Sun, 31 Jul 2016 17:55:44 +0000 (12:55 -0500)]
get_map_ranges: check for overflow

The kernel accepts u32 values, so make sure that userspace
is not passing large values.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
8 years agoMerge pull request #26 from jubalh/master
Serge Hallyn [Tue, 19 Jul 2016 13:02:31 +0000 (08:02 -0500)]
Merge pull request #26 from jubalh/master

Fix sentence in usermod manual

8 years agoFix sentence in usermod manual
Michael Vetter [Mon, 18 Jul 2016 13:18:08 +0000 (15:18 +0200)]
Fix sentence in usermod manual

Should have been: '[...] but only checkS [...]'.
So there was a missing 's'. Architectures isn't the right word either.
I decided to write the whole sentence new.

8 years agoFixed signal races in shadow tools.
Tobias Stoeckmann [Sat, 2 Jul 2016 16:11:09 +0000 (18:11 +0200)]
Fixed signal races in shadow tools.

Some of the supplied tools use functions which are not signal-safe.

Most of the times it's exit() vs. _exit().

In other times it's how the standard output or standard error is
handled. FILE-related functions shall be avoided, therefore I replaced
them with write().

Also there is no need to call closelog(). At worst, it allows to
trigger a deadlock by issuing different signal types at bad timings.
But as these fixes are about race conditions, expect bad timings in
general for these bugs to be triggered. :)

8 years agoFixed typos in new{g,u}idmap tools.
Tobias Stoeckmann [Sat, 2 Jul 2016 14:39:18 +0000 (16:39 +0200)]
Fixed typos in new{g,u}idmap tools.

Fixed small typos in manual pages and code comments.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
8 years agoMerge pull request #16 from sebras/master
Serge Hallyn [Fri, 20 May 2016 19:05:56 +0000 (14:05 -0500)]
Merge pull request #16 from sebras/master

man: Fix a number of typos for various commands.

8 years agoMerge pull request #19 from brauner/manfix
Serge Hallyn [Thu, 5 May 2016 21:18:15 +0000 (16:18 -0500)]
Merge pull request #19 from brauner/manfix

add long option --no-create-home to -M

8 years agoadd long option --no-create-home to -M
Christian Brauner [Thu, 5 May 2016 10:00:07 +0000 (12:00 +0200)]
add long option --no-create-home to -M

Let's get rid of all the downstream fixes floating around.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
8 years ago*/Makefile.am: Replace INCLUDES with AM_CPPFLAGS
W. Trevor King [Sat, 30 Apr 2016 00:10:23 +0000 (17:10 -0700)]
*/Makefile.am: Replace INCLUDES with AM_CPPFLAGS

Catch up with Automake's [1], which was part of v1.6b, cut 2002-07-28
[2].  Avoids:

  $ autoreconf -v -f --install
  ...
  libmisc/Makefile.am:4: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
  ...
  src/Makefile.am:10: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
  ...

Consolidating with the earlier AM_CPPFLAGS avoids:

  $ autoreconf -v -f --install
  src/Makefile.am:72: warning: AM_CPPFLAGS multiply defined in condition TRUE ...
  src/Makefile.am:10: ... 'AM_CPPFLAGS' previously defined here
  autoreconf-2.69: Leaving directory `.'

[1]: http://git.savannah.gnu.org/cgit/automake.git/commit/?id=1415d22f6203206bc393fc4ea233123ba579222d
     Summary: automake.in (generate_makefile): Suggest using AM_CPPFLAGS instead of INCLUDES
     Date: 2002-07-09
[2]: http://git.savannah.gnu.org/cgit/automake.git/tag/?id=Release-1-6b

8 years agoman: Fix a number of typos for various commands.
Sebastian Rasmussen [Thu, 28 Apr 2016 13:55:15 +0000 (15:55 +0200)]
man: Fix a number of typos for various commands.

8 years agoconfigure.ac: release 4.3 4.3.0
Serge Hallyn [Thu, 17 Mar 2016 00:11:36 +0000 (17:11 -0700)]
configure.ac: release 4.3

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
8 years agoMerge pull request #13 from t8m/master
Serge Hallyn [Sat, 5 Mar 2016 08:07:24 +0000 (00:07 -0800)]
Merge pull request #13 from t8m/master

Add ability to clear or set lastlog record for user via lastlog command

8 years agoAdd ability to clear or set lastlog record for user via lastlog command
Tomas Mraz [Thu, 3 Mar 2016 14:37:01 +0000 (15:37 +0100)]
Add ability to clear or set lastlog record for user via lastlog command

This functionality is useful because there is now a feature
of Linux-PAM's pam_lastlog module to block expired users (users
which did not login recently enough) from login. This commit
complements it so the sysadmin is able to unblock such expired user.

Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org>
8 years agouseradd: respect -r flag when allocating subuids
Serge Hallyn [Thu, 18 Feb 2016 17:20:43 +0000 (09:20 -0800)]
useradd: respect -r flag when allocating subuids

We intend to not create subuids for system users. However we are
checking for command line flags after we check whether -r flag
was set, so it was never found to be true.  Fix that.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
8 years agoMerge pull request #12 from stgraber/master
Serge Hallyn [Mon, 15 Feb 2016 23:27:20 +0000 (15:27 -0800)]
Merge pull request #12 from stgraber/master

Tweak uid/gid map default configuration

8 years agoTweak uid/gid map default configuration
Stéphane Graber [Mon, 15 Feb 2016 23:11:10 +0000 (18:11 -0500)]
Tweak uid/gid map default configuration

 - Use an allocation of 65536 uids and gids to allow for POSIX-compliant
   user owned namespaces.
 - Don't allocate a uid/gid map to system users.
   Unfortunately checking for --system isn't quite enough as some
   distribution wrappers always call useradd without --system and take care
   of choosing a uid and gid themselves, so also check whether the
   requested uid/gid is in the user range.

This is taken from a patch I wrote for Ubuntu a couple years ago and
which somehow didn't make it upstream.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
8 years agoMerge pull request #11 from taizo/typo_in_japanese_usage_desc
Serge Hallyn [Tue, 12 Jan 2016 01:20:57 +0000 (17:20 -0800)]
Merge pull request #11 from taizo/typo_in_japanese_usage_desc

typo in japanese usage description of useradd.

8 years agotypo in japanese usage description of useradd.
Taizo Ito [Mon, 4 Jan 2016 04:27:31 +0000 (13:27 +0900)]
typo in japanese usage description of useradd.

8 years agoFix user busy errors at userdel
Bastian Blank [Tue, 17 Nov 2015 16:52:24 +0000 (10:52 -0600)]
Fix user busy errors at userdel

From: Bastian Blank <bastian.blank@credativ.de>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
8 years agoMerge pull request #4 from xnox/master
Serge Hallyn [Fri, 13 Nov 2015 05:07:29 +0000 (23:07 -0600)]
Merge pull request #4 from xnox/master

Make shadow more robust in hostile environments

8 years agoMerge pull request #9 from shadow-maint/idmapleak
Serge Hallyn [Fri, 13 Nov 2015 05:03:09 +0000 (23:03 -0600)]
Merge pull request #9 from shadow-maint/idmapleak

Idmapleak

8 years agoMerge pull request #8 from shadow-maint/newgrpleak
Serge Hallyn [Fri, 13 Nov 2015 05:02:13 +0000 (23:02 -0600)]
Merge pull request #8 from shadow-maint/newgrpleak

Fix a resource leak in syslog_sg

9 years agoMerge pull request #6 from stoeckmann/master
Serge Hallyn [Mon, 10 Aug 2015 00:57:38 +0000 (19:57 -0500)]
Merge pull request #6 from stoeckmann/master

Clear passwords on __gr_dup/__pw_dup errors and fix memory leak

9 years agoMerge pull request #5 from vapier/master
Serge Hallyn [Mon, 10 Aug 2015 00:51:54 +0000 (19:51 -0500)]
Merge pull request #5 from vapier/master

misc autoool fixes

9 years agoget_map_ranges: initialize argidx to 0 at top of loop
Serge Hallyn [Thu, 6 Aug 2015 05:34:17 +0000 (00:34 -0500)]
get_map_ranges: initialize argidx to 0 at top of loop

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
9 years agoFix a resource leak in syslog_sg
Serge Hallyn [Thu, 6 Aug 2015 05:11:06 +0000 (00:11 -0500)]
Fix a resource leak in syslog_sg

Reported at https://alioth.debian.org/tracker/?func=detail&atid=411478&aid=315135&group_id=30580
by Alejandro Joya (afjoyacr-guest)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>