]> granicus.if.org Git - shadow/log
shadow
10 years agonewuidmap/newgidmap: added support for user matching by UID in /etc/sub[ug]id
Bostjan Skufca [Fri, 5 Sep 2014 21:21:03 +0000 (21:21 +0000)]
newuidmap/newgidmap: added support for user matching by UID in /etc/sub[ug]id

Until now only exact username specification in /etc/sub[ug]id file allowed the
mapping. This prevented normal use for those users who use multiple usernames
with the same UID, as it rejected mapping even though it was allowed for
another username with the same UID.

This patch initially retains the old behaviour, for performance's sake. In the
first pass, new[ug]idmap only searches for exact username match.
If that yields no valid results, it continues into another loop, which does UID
resolution and comparison. If either definition (numeric UID mapping
specification or mapping specification for another username with the same UID as
current username) is found, it is used.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
10 years agoAdd tests from the old svn tree
Serge Hallyn [Wed, 17 Sep 2014 19:42:55 +0000 (14:42 -0500)]
Add tests from the old svn tree

We're losing the svn history (which we could probably keep if we tried
hard enough) but don't consider that worthwhile.

Note these tests are destructive, so run them only in a throwaway
environment like a chroot, container, or vm.

The tests/run.all script should be the one which launches all the tests.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
10 years agoCheck size of uid_t and gid_t using AC_CHECK_SIZEOF
James Le Cuirot [Sat, 23 Aug 2014 08:46:39 +0000 (09:46 +0100)]
Check size of uid_t and gid_t using AC_CHECK_SIZEOF

This built-in check is simpler than the previous method and, most
importantly, works when cross-compiling.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
10 years agoFix building without subordinate IDs support
James Le Cuirot [Sat, 23 Aug 2014 08:46:38 +0000 (09:46 +0100)]
Fix building without subordinate IDs support

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
10 years agoFrom: Svante Signell <svante.signell@gmail.com>
Serge Hallyn [Thu, 26 Jun 2014 21:48:56 +0000 (16:48 -0500)]
From: Svante Signell <svante.signell@gmail.com>

Currently shadow fails to build from source and is flagged as
out-of-date. This is due to a usage of PATH_MAX, which is not defined
on GNU/Hurd. The attached patch solves this problem by allocating a
fixed number of 32 bytes for the string proc_dir_name in files
src/procuidmap.c and src/procgidmap.c. (In fact only 18 bytes are
needed)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
10 years agoman: newuid and newgid: point out that root must be allocated subuids
Serge Hallyn [Mon, 9 Jun 2014 22:37:16 +0000 (17:37 -0500)]
man: newuid and newgid: point out that root must be allocated subuids

Users may otherwise be confused and think that because the kernel
does not restrict uid mappings to the root user (within his
current uid mappings), newuidmap will ignore /etc/subuid for the
root user.  It will not.

Reported-by: Philippe Grégoire <gregoirep@hotmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agonewuidmap,newgidmap: Correct the range size sanity check in get_map_ranges 4.2.1
Eric W. Biederman [Sun, 8 Sep 2013 09:49:52 +0000 (02:49 -0700)]
newuidmap,newgidmap: Correct the range size sanity check in get_map_ranges

The number of ranges should be the ceiling of the number of arguments divided
by three.

Without this fix newuidmap and newgidmap always report and error and fail,
which is very much not what we want.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agoImprove vipw error report when editor fails
Nicolas François [Sun, 25 Aug 2013 14:27:58 +0000 (16:27 +0200)]
Improve vipw error report when editor fails

* src/vipw.c: After waitpid(), use errno only if waitpid returned
-1. Debian#688260
* src/vipw.c: Likewise for system().

11 years agoDocument the subuid related functions in subordinateio.c
Serge Hallyn [Thu, 22 Aug 2013 19:21:34 +0000 (14:21 -0500)]
Document the subuid related functions in subordinateio.c

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agoUpdated Japanese translation to 558t
victory [Fri, 23 Aug 2013 20:31:00 +0000 (22:31 +0200)]
Updated Japanese translation to 558t

* po/ja.po: Updated to 558t

11 years agonewuidmap.1 and newgidmap.1: note limitation
Serge Hallyn [Thu, 22 Aug 2013 18:38:59 +0000 (13:38 -0500)]
newuidmap.1 and newgidmap.1: note limitation

Note that they may be used only once for a given process.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agoUpdate translation files.
Nicolas François [Fri, 23 Aug 2013 00:02:36 +0000 (02:02 +0200)]
Update translation files.

* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.

11 years agoFix encoding.
Nicolas François [Thu, 22 Aug 2013 23:57:01 +0000 (01:57 +0200)]
Fix encoding.

* man/newgrp.1.xml: Fix encoding.
* man/sg.1.xml: Likewise.

11 years agoUnfuzzy according to previous change.
Nicolas François [Thu, 22 Aug 2013 22:02:41 +0000 (00:02 +0200)]
Unfuzzy according to previous change.

* man/po/da.po: Unfuzzy according to previous change.
* man/po/de.po: Likewise.
* man/po/fr.po: Likewise.
* man/po/it.po: Likewise.
* man/po/pl.po: Likewise.
* man/po/ru.po: Likewise.
* man/po/sv.po: Likewise.
* man/po/zh_CN.po: Likewise.

11 years agoAvoid spaces between <option> and <replaceable>
Nicolas François [Thu, 22 Aug 2013 21:54:34 +0000 (23:54 +0200)]
Avoid spaces between <option> and <replaceable>

* man/chage.1.xml: Add a non breaking space between options and
their parameter because xml2po removes those spaces. Alioth#314401
* man/chfn.1.xml: Likewise.
* man/chgpasswd.8.xml: Likewise.
* man/chpasswd.8.xml: Likewise.
* man/chsh.1.xml: Likewise.
* man/faillog.8.xml: Likewise.
* man/gpasswd.1.xml: Likewise.
* man/groupadd.8.xml: Likewise.
* man/groupdel.8.xml: Likewise.
* man/groupmems.8.xml: Likewise.
* man/groupmod.8.xml: Likewise.
* man/grpck.8.xml: Likewise.
* man/lastlog.8.xml: Likewise.
* man/newusers.8.xml: Likewise.
* man/passwd.1.xml: Likewise.
* man/pwck.8.xml: Likewise.
* man/pwconv.8.xml: Likewise.
* man/su.1.xml: Likewise.
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/vipw.8.xml: Likewise.

11 years agoCreate baseline for changing manpage options.
Nicolas François [Thu, 22 Aug 2013 21:15:26 +0000 (23:15 +0200)]
Create baseline for changing manpage options.

* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.

11 years agoFix encoding.
Nicolas François [Thu, 22 Aug 2013 22:54:26 +0000 (00:54 +0200)]
Fix encoding.

* man/po/de.po: Fix encoding.

11 years agoFix subordinate_next() return value.
Nicolas François [Mon, 19 Aug 2013 19:29:50 +0000 (21:29 +0200)]
Fix subordinate_next() return value.

* lib/subordinateio.c (subordinate_next): Fix return value.

11 years agoInclude <stdio.h>
Nicolas François [Thu, 15 Aug 2013 23:13:20 +0000 (01:13 +0200)]
Include <stdio.h>

* libmisc/idmapping.c: Include <stdio.h> needed for fprintf() and
stderr.

11 years agoRemove debug info.
Nicolas François [Thu, 15 Aug 2013 23:11:50 +0000 (01:11 +0200)]
Remove debug info.

11 years agoImprove documentation.
Nicolas François [Thu, 15 Aug 2013 15:21:44 +0000 (17:21 +0200)]
Improve documentation.

* man/login.defs.d/SUB_GID_COUNT.xml: Document newusers behavior
when the user already have subordinate group IDs.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo (MAX<->MIN).
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.

11 years agoImprove diagnostic.
Nicolas François [Thu, 15 Aug 2013 15:09:38 +0000 (17:09 +0200)]
Improve diagnostic.

* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
when option -v/-V (-w/-W) are provided.

11 years agoFix parse of ranges.
Nicolas François [Thu, 15 Aug 2013 15:07:04 +0000 (17:07 +0200)]
Fix parse of ranges.

* src/usermod.c: Fix parse of ranges. The hyphen might be followed
by a negative integer.

11 years agoFix boundary conditions.
Nicolas François [Thu, 15 Aug 2013 15:03:18 +0000 (17:03 +0200)]
Fix boundary conditions.

* lib/subordinateio.c (find_free_range): max is allowed for new
ranges.

11 years agoRemove dead code.
Nicolas François [Thu, 15 Aug 2013 14:46:51 +0000 (16:46 +0200)]
Remove dead code.

* libmisc/find_new_sub_gids.c: Remove dead code.
find_new_sub_gids() is always called with *range_count set to 0.
It's more difficult to keep the subordinate GIDs and UIDs
synchronized, than for the user's UID/GId because the count of
subordinate IDs may differ.
* libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Remove APIs that are
no more needed: is_sub_uid_range_free(), is_sub_gid_range_free(),
is_range_free().

11 years agoSubordinate IDs require 32bit uid_t/gid_t
Nicolas François [Wed, 14 Aug 2013 18:21:32 +0000 (20:21 +0200)]
Subordinate IDs require 32bit uid_t/gid_t

* configure.in: Check if sizeof uid_t and gid_t is larger than 32
bit to support subordinate IDs.

11 years agoAlign coding style.
Nicolas François [Tue, 13 Aug 2013 22:03:59 +0000 (00:03 +0200)]
Align coding style.

* lib/subordinateio.c: Avoid implicit conversion of pointers and
integers to booleans.
* lib/subordinateio.c: Added brackets.

11 years agoAdd schematics with ranges to help reviews.
Nicolas François [Tue, 13 Aug 2013 21:57:14 +0000 (23:57 +0200)]
Add schematics with ranges to help reviews.

* lib/subordinateio.c: Add schematics with ranges to help reviews.

11 years agoAvoid dead branches.
Nicolas François [Tue, 13 Aug 2013 21:55:48 +0000 (23:55 +0200)]
Avoid dead branches.

* lib/subordinateio.c: Avoid dead branches.

Note: code is equivalent.

11 years agoFix copyright dates.
Nicolas François [Tue, 13 Aug 2013 21:13:26 +0000 (23:13 +0200)]
Fix copyright dates.

11 years agoFail in case arguments are provided after options.
Nicolas François [Tue, 13 Aug 2013 21:13:09 +0000 (23:13 +0200)]
Fail in case arguments are provided after options.

* src/vipw.c: Fail in case arguments are provided after options.
Debian#677812

11 years agoFix count for ranges truncated in remove_range().
Nicolas François [Tue, 13 Aug 2013 20:29:16 +0000 (22:29 +0200)]
Fix count for ranges truncated in remove_range().

* lib/subordinateio.c: Fix count for ranges truncated in
remove_range().

11 years agoTerminate the child before closing the PAM session.
Nicolas François [Tue, 13 Aug 2013 17:48:53 +0000 (19:48 +0200)]
Terminate the child before closing the PAM session.

* src/su.c: Terminate the child (if needed) before closing the PAM
session. This is probably more correct, and avoid reporting
termination from signals possibly sent by PAM modules (e.g. former
versions of pam_systemd). Debian#670132

11 years agoReset caught variable when signal is handled by su.
Nicolas François [Tue, 13 Aug 2013 17:42:50 +0000 (19:42 +0200)]
Reset caught variable when signal is handled by su.

* src/su.c: When a SIGTSTP is caught, reset caught to 0. There is
no need to kill the child in such case after su is resumed. This
remove the "Session terminated, terminating shell...
...terminated." messages in such case.

11 years agoDocument checks performed by newgidmap/newuidmap
Nicolas François [Tue, 13 Aug 2013 17:38:41 +0000 (19:38 +0200)]
Document checks performed by newgidmap/newuidmap

* man/newgidmap.1.xml: Document the checks performed before
setting the mapping in /proc.
* man/newuidmap.1.xml: Likewise.

11 years agoDocument the semantic of ranges.
Nicolas François [Tue, 13 Aug 2013 17:28:07 +0000 (19:28 +0200)]
Document the semantic of ranges.

* libmisc/idmapping.h: Document what the upper and lower fields
are in struct map_range.
* man/newgidmap.1.xml: Document when the gid, gidlower and count
argument are.
* man/newuidmap.1.xml: Likewise for uid, uidlower and count.

11 years ago(shadow_random): Use long instead of size_t.
Nicolas François [Tue, 13 Aug 2013 17:16:24 +0000 (19:16 +0200)]
(shadow_random): Use long instead of size_t.

* libmisc/salt.c (shadow_random): Use long instead of size_t.
Compatibility with size_t is easier to check since it's used for
smaller numbers (salt size).

11 years agoAdd splint annotations.
Nicolas François [Tue, 13 Aug 2013 17:13:45 +0000 (19:13 +0200)]
Add splint annotations.

* lib/groupmem.c: Add splint annotations. The added memset makes
splint think data was allocated.
* lib/pwmem.c: Likewise.
* lib/sgroupio.c: Likewise.
* lib/shadowmem.c: Likewise.

11 years agoImprove documentation.
Nicolas François [Mon, 12 Aug 2013 22:21:02 +0000 (00:21 +0200)]
Improve documentation.

* man/login.defs.d/SUB_GID_COUNT.xml: Document that the behavior
of useradd and newusers depends on the existence of /etc/subgid.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise for /etc/subuid.

11 years agoImprove error reporting.
Nicolas François [Mon, 12 Aug 2013 22:13:12 +0000 (00:13 +0200)]
Improve error reporting.

* src/useradd.c: Change message in case of find_new_sub_uids /
find_new_sub_gids failure. This complements the messages already
provided by these APIs.

11 years agoFix handling of boundaries.
Nicolas François [Mon, 12 Aug 2013 22:11:24 +0000 (00:11 +0200)]
Fix handling of boundaries.

* lib/subordinateio.c: Fix handling of boundaries.
* libmisc/find_new_sub_uids.c: Likewise.
* libmisc/find_new_sub_gids.c: Likewise.

11 years agoFix removal of ranges.
Nicolas François [Mon, 12 Aug 2013 21:57:32 +0000 (23:57 +0200)]
Fix removal of ranges.

* lib/subordinateio.c: Fix removal of ranges. The database needs
to be marked as changed or commonio_close will discard any change.

11 years agoManpages improvement for subordinate IDs.
Nicolas François [Sun, 11 Aug 2013 14:05:26 +0000 (16:05 +0200)]
Manpages improvement for subordinate IDs.

* man/newusers.8.xml: Include documentation of SUB_GID_MIN,
SUB_GID_MAX, SUB_GID_COUNT, SUB_UID_MIN, SUB_UID_MAX,
SUB_UID_COUNT.
* man/useradd.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/newusers.8.xml: Document usage of /etc/subgid /etc/subuid.
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/newusers.8.xml: Add references to subgid(5) and subuid(5).
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/subgid.5.xml: Sort references alphabetically.
* man/subuid.5.xml: Likewise.
* man/subgid.5.xml: Add references to newusers(8), useradd(8),
userdel(8), usermod(8), user_namespaces(7).
* man/subuid.5.xml: Likewise.

11 years agoSort references alphabetically.
Nicolas François [Sun, 11 Aug 2013 13:48:57 +0000 (15:48 +0200)]
Sort references alphabetically.

* man/newgidmap.1.xml: Sort references alphabetically.
* man/newuidmap.1.xml: Likewise.

11 years agoAllow disabling of subordinate IDs.
Nicolas François [Sun, 11 Aug 2013 12:54:22 +0000 (14:54 +0200)]
Allow disabling of subordinate IDs.

* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.

11 years agoIgnore generated newgidmap and newuidmap
Nicolas François [Sun, 11 Aug 2013 12:48:39 +0000 (14:48 +0200)]
Ignore generated newgidmap and newuidmap

11 years agoFix typo.
Nicolas François [Sat, 10 Aug 2013 22:53:50 +0000 (00:53 +0200)]
Fix typo.

11 years agoRemove unused variable.
Nicolas François [Fri, 9 Aug 2013 12:12:01 +0000 (14:12 +0200)]
Remove unused variable.

* libmisc/salt.c: Remove unused variable.

11 years agoFix for Alioth#314271 (musl libc)
Nicolas François [Wed, 7 Aug 2013 00:17:52 +0000 (02:17 +0200)]
Fix for Alioth#314271 (musl libc)

* libmisc/utmp.c: Add include files needed for getaddrinfo().
See Alioth#314271

11 years agocheck for ruserok existence
Mike Frysinger [Tue, 6 Aug 2013 23:44:24 +0000 (01:44 +0200)]
check for ruserok existence

rlogin support is old school code, so newer C libraries drop support for
ruserok (like uClibc, optionally).  But shadow doesn't build with that,
so have it check for ruserok to optionally enable rlogin.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
11 years agoEditorial changes to usermod(8)
Nicolas François [Tue, 6 Aug 2013 23:32:56 +0000 (01:32 +0200)]
Editorial changes to usermod(8)

* man/usermod.8.xml: Fix typos and wording.
* man/usermod.8.xml: Add references to subgid(5) and subuid(5).

11 years agoFix wording: secondary -> subordinate.
Nicolas François [Tue, 6 Aug 2013 23:01:33 +0000 (01:01 +0200)]
Fix wording: secondary -> subordinate.

* libmisc/find_new_sub_gids.c: Fix wording: secondary ->
subordinate.
* libmisc/find_new_sub_uids.c: Likewise.

11 years agoRemove duplicate check.
Nicolas François [Tue, 6 Aug 2013 21:59:09 +0000 (23:59 +0200)]
Remove duplicate check.

* libmisc/find_new_sub_gids.c: Remove duplicate check (duplicate
at least in its intent).

11 years agoFix typos.
Nicolas François [Tue, 6 Aug 2013 20:29:40 +0000 (22:29 +0200)]
Fix typos.

* src/usermod.c: Fix typos.

11 years agoI find it clearer with the words in that order.
Nicolas François [Tue, 6 Aug 2013 20:25:08 +0000 (22:25 +0200)]
I find it clearer with the words in that order.

* man/subgid.5.xml: Reorder words.
* man/subuid.5.xml: Likewise.

11 years agoFix typos.
Nicolas François [Tue, 6 Aug 2013 20:11:41 +0000 (22:11 +0200)]
Fix typos.

* man/subgid.5.xml: Fix typos.
* man/subuid.5.xml: Likewise.
* man/subgid.5.xml: Fix copy-paste errors from subuid.5.xml.

11 years agoRemove copy-pasted NOTE.
Nicolas François [Tue, 6 Aug 2013 19:01:53 +0000 (21:01 +0200)]
Remove copy-pasted NOTE.

* man/newgidmap.1.xml: Remove copy-pasted NOTE.
* man/newuidmap.1.xml: Likewise.

11 years agoRemove unused variables.
Nicolas François [Tue, 6 Aug 2013 18:59:52 +0000 (20:59 +0200)]
Remove unused variables.

* lib/subordinateio.c: Remove unused variables.

11 years agoFix typos.
Nicolas François [Tue, 6 Aug 2013 18:32:59 +0000 (20:32 +0200)]
Fix typos.

* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/login.defs.d/SUB_UID_COUNT.xml: Fix copy-paste issue from
SUB_GID_COUNT.
* man/newgidmap.1.xml: Fix Typo.
* src/useradd.c: Fix typos.
* lib/subordinateio.c: Fix typos.

11 years agoFix Debian bug #675824
Nicolas François [Tue, 6 Aug 2013 14:30:38 +0000 (16:30 +0200)]
Fix Debian bug #675824

* lib/groupmem.c (__gr_dup): Support libc which define other
fields in struct group.
* lib/pwmem.c: Likewise for struct passwd.
* lib/shadowmem.c: Likewise for struct spwd.
* lib/sgroupio.c: Apply same logic, even if this structure is
defined internally.

11 years agoRevert b10cba0e0af5b1e3e8cda0201d5563f085aab2a4
Nicolas François [Mon, 5 Aug 2013 21:16:00 +0000 (23:16 +0200)]
Revert b10cba0e0af5b1e3e8cda0201d5563f085aab2a4

The length of the concatenated 2 lines was correct.

11 years agouserns: add argument sanity checking
Serge Hallyn [Fri, 21 Jun 2013 16:47:36 +0000 (11:47 -0500)]
userns: add argument sanity checking

In find_new_sub_{u,g}ids, check for min, count and max values.

In idmapping.c:get_map_ranges(), make sure that the value passed
in for ranges did not overflow.  Couldn't happen with the current
code, but this is a sanity check for any future potential mis-uses.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agonewuidmap,newgidmap: New suid helpers for using subordinate uids and gids
Eric W. Biederman [Tue, 22 Jan 2013 09:20:07 +0000 (01:20 -0800)]
newuidmap,newgidmap: New suid helpers for using subordinate uids and gids

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agofix typo in subxid.5
Serge Hallyn [Thu, 6 Jun 2013 15:44:23 +0000 (17:44 +0200)]
fix typo in subxid.5

login.defs, not logindefs.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agousermod: add v:w:V:W: to getopt
Serge Hallyn [Thu, 6 Jun 2013 15:43:29 +0000 (17:43 +0200)]
usermod: add v:w:V:W: to getopt

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agosubordinateio: Fix subordinate_parse to have an internal static buffer
Serge Hallyn [Thu, 6 Jun 2013 15:42:36 +0000 (17:42 +0200)]
subordinateio: Fix subordinate_parse to have an internal static buffer

subordinate_parse is supposed to return a static structure that
represents one line in /etc/subuid or /etc/subgid.  I goofed and
failed to make the variable rangebuf that holds the username of
in the returned structure static.

Add this missing static specification.

Author: <Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agoAdd LIBSELINUX to newuidmap and newgidmap LDADD
Serge Hallyn [Thu, 6 Jun 2013 15:41:58 +0000 (17:41 +0200)]
Add LIBSELINUX to newuidmap and newgidmap LDADD

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
11 years agonewusers: Add support for assiging subordinate uids and gids.
Eric W. Biederman [Tue, 22 Jan 2013 09:19:28 +0000 (01:19 -0800)]
newusers: Add support for assiging subordinate uids and gids.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agousermod: Add support for subordinate uids and gids.
Eric W. Biederman [Tue, 22 Jan 2013 09:18:24 +0000 (01:18 -0800)]
usermod: Add support for subordinate uids and gids.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agoAdd support for detecting busy subordinate user ids
Eric W. Biederman [Tue, 22 Jan 2013 09:17:50 +0000 (01:17 -0800)]
Add support for detecting busy subordinate user ids

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agouseradd: Add support for subordinate user identifiers
Eric W. Biederman [Tue, 22 Jan 2013 09:17:30 +0000 (01:17 -0800)]
useradd: Add support for subordinate user identifiers

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agouserdel: Add support for removing subordinate user and group ids.
Eric W. Biederman [Tue, 22 Jan 2013 09:16:51 +0000 (01:16 -0800)]
userdel: Add support for removing subordinate user and group ids.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agoImplement find_new_sub_uids find_new_sub_gids
Eric W. Biederman [Tue, 22 Jan 2013 09:15:05 +0000 (01:15 -0800)]
Implement find_new_sub_uids find_new_sub_gids

Functions for finding new subordinate uid and gids ranges for use
with useradd.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agoAdd backend support for suboridnate uids and gids
Eric W. Biederman [Tue, 22 Jan 2013 09:14:35 +0000 (01:14 -0800)]
Add backend support for suboridnate uids and gids

These files list the set of subordinate uids and gids that users are allowed
to use.   The expect use case is with the user namespace but other uses are
allowed.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agoImplement commonio_append.
Eric W. Biederman [Tue, 22 Jan 2013 09:13:26 +0000 (01:13 -0800)]
Implement commonio_append.

To support files that do not have a simple unique key implement
commonio_append to allow new entries to be added.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agologin.defs.5: Document the new variables in login.defs
Eric W. Biederman [Tue, 22 Jan 2013 09:12:58 +0000 (01:12 -0800)]
login.defs.5: Document the new variables in login.defs

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agoDocumentation for /etc/subuid and /etc/subgid
Eric W. Biederman [Tue, 22 Jan 2013 09:12:23 +0000 (01:12 -0800)]
Documentation for /etc/subuid and /etc/subgid

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
11 years agoDebian bug 677275 - random() max value
Nicolas François [Mon, 5 Aug 2013 12:19:23 +0000 (14:19 +0200)]
Debian bug 677275 - random() max value

* libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX
on GNU). As it is not clear whether on some systems the max value
can exceed this number and whether some systems have max values
which would be lower, we take this into account when defining the
salt size and number of rounds for SHA encrypted passwords. Higher
values are favored.

11 years agoFix su/1 documentation of -
Nicolas François [Sun, 4 Aug 2013 21:45:31 +0000 (23:45 +0200)]
Fix su/1 documentation of -

* man/su.1.xml: With getopt, '-' does not need to be the last
option, but it is recommended for portability.
Closes https://bugs.launchpad.net/bugs/1100775

11 years agoAdd NEWS entries.
Nicolas François [Sun, 4 Aug 2013 21:29:06 +0000 (23:29 +0200)]
Add NEWS entries.

11 years agoFix typo in comment.
Nicolas François [Sun, 4 Aug 2013 13:56:32 +0000 (15:56 +0200)]
Fix typo in comment.

11 years agoFix translations (--home became --home-dir)
Nicolas François [Sun, 4 Aug 2013 13:50:57 +0000 (15:50 +0200)]
Fix translations (--home became --home-dir)

* man/po/da.po: Fix translation (--home became --home-dir).
* man/po/de.po: Likewise.
* man/po/fr.po: Likewise.
* man/po/pl.po: Likewise.
* man/po/ru.po: Likewise.
* man/po/sv.po: Likewise.

11 years agoDo not allocate more than necessary
Nicolas François [Sun, 4 Aug 2013 13:36:13 +0000 (15:36 +0200)]
Do not allocate more than necessary

Review b10cba0e0af5b1e3e8cda0201d5563f085aab2a4 and 7a16f4582da2b854a0adcba445bf6f8d750b2919:
* lib/groupio.c (merge_group_entries): Do not allocate more than
necessary (sizeof char* instead of char).
Thanks for Tomáš Mráz (alioth#313962)
* lib/groupio.c (merge_group_entries): Document that new_members
is correctly NULL terminated. (alioth:#313940)

Align previous ChangeLog entries.

11 years agoReview 52a38d55097bf0532b0eaa97552e001203808e88
Nicolas François [Sat, 3 Aug 2013 21:07:06 +0000 (23:07 +0200)]
Review 52a38d55097bf0532b0eaa97552e001203808e88

* Changelog: Update documentation of 2013-07-28  mancha entry.
* lib/prototypes.h, lib/encrypt.c: Update splint marker,
pw_encrypt can return NULL.
* lib/encrypt.c: Fix outdated statement on GNU crypt.
* src/chgpasswd.c: Improve diagnostic to user when pw_encrypt
fails and use fail_exit() instead of exit().
* src/chpasswd.c: Likewise.
* src/newusers.c: Likewise.
* src/passwd.c: Likewise when new password is encrypted.
* src/newgrp.c: Improve diagnostic to user and syslog when
pw_encrypt fails.  Do not apply 1s penalty as this is not an
invalid password issue.
* src/passwd.c: Likewise when password is checked.

11 years agoFix memory leak.
Nicolas François [Fri, 2 Aug 2013 18:28:24 +0000 (20:28 +0200)]
Fix memory leak.

* libmisc/setupenv.c: Free pw_dir and pw_shell before reallocating
them.

11 years agoFix segfaults
Nicolas François [Fri, 2 Aug 2013 18:24:20 +0000 (20:24 +0200)]
Fix segfaults

* libmisc/setupenv.c: xstrdup the static char* temp_pw_dir /
temp_pw_shell. That way we can continue to use pw_free() without
segving. Thanks to Serge Hallyn for the patch.

11 years agoCompleted Russian translation
Yuri Kozlov [Thu, 1 Aug 2013 19:24:46 +0000 (21:24 +0200)]
Completed Russian translation

11 years agouse chdir() before calling chroot()
Michael Scherer [Mon, 29 Jul 2013 09:05:16 +0000 (11:05 +0200)]
use chdir() before calling chroot()

11 years agoReplace "--home" by "--home-dir" in useradd(8) manpage (and
bubulle [Mon, 29 Jul 2013 08:58:50 +0000 (10:58 +0200)]
Replace "--home" by "--home-dir" in useradd(8) manpage (and
translations)

11 years agoSyntax fix in Japanese manpage
Ville Skyttä [Mon, 29 Jul 2013 08:18:41 +0000 (10:18 +0200)]
Syntax fix in Japanese manpage

11 years agofix uninitialised memory in merge_group_entries causes segfault in useradd by
Brad Hubbard [Mon, 29 Jul 2013 08:13:12 +0000 (10:13 +0200)]
fix uninitialised memory in merge_group_entries causes segfault in useradd by
changing a call to malloc to a call to calloc

11 years agoadd newline char when two lines are concatenated
Brad Hubbard [Mon, 29 Jul 2013 08:05:52 +0000 (10:05 +0200)]
add newline char when two lines are concatenated

11 years agoMention Alioth bug fixes
bubulle [Mon, 29 Jul 2013 08:01:23 +0000 (10:01 +0200)]
Mention Alioth bug fixes

11 years agofix typographic errors and use a better format
Guido Trentalancia [Sun, 28 Jul 2013 17:04:50 +0000 (19:04 +0200)]
fix typographic errors and use a better format

11 years agoGerman manpages translation update
Simon Brandmair [Sun, 28 Jul 2013 16:57:18 +0000 (18:57 +0200)]
German manpages translation update

11 years agocrypt() in glibc/eglibc 2.17 now fails if passed
mancha [Sun, 28 Jul 2013 16:41:11 +0000 (18:41 +0200)]
crypt() in glibc/eglibc 2.17 now fails if passed
a salt that violates specs. On Linux, crypt() also fails with
DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
we send them back to the caller for appropriate handling.

11 years agoFIx date in changelog
bubulle [Sun, 28 Jul 2013 16:39:10 +0000 (18:39 +0200)]
FIx date in changelog

11 years agoKill the child process group, rather than just the immediate child;
Colin Watson [Sun, 28 Jul 2013 12:38:12 +0000 (14:38 +0200)]
Kill the child process group, rather than just the immediate child;
this is needed now that su no longer starts a controlling terminal
when not running an interactive shell (closes: Debian#713979)

11 years agoif using the static char* for pw_dir, strdup it so pw_free() can be used. (Closes...
bubulle [Sun, 28 Jul 2013 12:16:09 +0000 (14:16 +0200)]
if using the static char* for pw_dir, strdup it so pw_free() can be used. (Closes: Debian#691459)

11 years agoPrepare for next point release 4.2
bubulle [Sun, 28 Jul 2013 10:27:15 +0000 (12:27 +0200)]
Prepare for next point release 4.2