* lib/groupmem.c (__gr_dup): Support libc which define other
fields in struct group.
* lib/pwmem.c: Likewise for struct passwd.
* lib/shadowmem.c: Likewise for struct spwd.
* lib/sgroupio.c: Apply same logic, even if this structure is
defined internally.
Serge Hallyn [Fri, 21 Jun 2013 16:47:36 +0000 (11:47 -0500)]
userns: add argument sanity checking
In find_new_sub_{u,g}ids, check for min, count and max values.
In idmapping.c:get_map_ranges(), make sure that the value passed
in for ranges did not overflow. Couldn't happen with the current
code, but this is a sanity check for any future potential mis-uses.
Serge Hallyn [Thu, 6 Jun 2013 15:42:36 +0000 (17:42 +0200)]
subordinateio: Fix subordinate_parse to have an internal static buffer
subordinate_parse is supposed to return a static structure that
represents one line in /etc/subuid or /etc/subgid. I goofed and
failed to make the variable rangebuf that holds the username of
in the returned structure static.
Add this missing static specification.
Author: <Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
These files list the set of subordinate uids and gids that users are allowed
to use. The expect use case is with the user namespace but other uses are
allowed.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX
on GNU). As it is not clear whether on some systems the max value
can exceed this number and whether some systems have max values
which would be lower, we take this into account when defining the
salt size and number of rounds for SHA encrypted passwords. Higher
values are favored.
* man/su.1.xml: With getopt, '-' does not need to be the last
option, but it is recommended for portability.
Closes https://bugs.launchpad.net/bugs/1100775
Review b10cba0e0af5b1e3e8cda0201d5563f085aab2a4 and 7a16f4582da2b854a0adcba445bf6f8d750b2919:
* lib/groupio.c (merge_group_entries): Do not allocate more than
necessary (sizeof char* instead of char).
Thanks for Tomáš Mráz (alioth#313962)
* lib/groupio.c (merge_group_entries): Document that new_members
is correctly NULL terminated. (alioth:#313940)
* Changelog: Update documentation of 2013-07-28 mancha entry.
* lib/prototypes.h, lib/encrypt.c: Update splint marker,
pw_encrypt can return NULL.
* lib/encrypt.c: Fix outdated statement on GNU crypt.
* src/chgpasswd.c: Improve diagnostic to user when pw_encrypt
fails and use fail_exit() instead of exit().
* src/chpasswd.c: Likewise.
* src/newusers.c: Likewise.
* src/passwd.c: Likewise when new password is encrypted.
* src/newgrp.c: Improve diagnostic to user and syslog when
pw_encrypt fails. Do not apply 1s penalty as this is not an
invalid password issue.
* src/passwd.c: Likewise when password is checked.
* libmisc/setupenv.c: xstrdup the static char* temp_pw_dir /
temp_pw_shell. That way we can continue to use pw_free() without
segving. Thanks to Serge Hallyn for the patch.
crypt() in glibc/eglibc 2.17 now fails if passed
a salt that violates specs. On Linux, crypt() also fails with
DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
we send them back to the caller for appropriate handling.
Colin Watson [Sun, 28 Jul 2013 12:38:12 +0000 (14:38 +0200)]
Kill the child process group, rather than just the immediate child;
this is needed now that su no longer starts a controlling terminal
when not running an interactive shell (closes: Debian#713979)
nekral-guest [Fri, 25 May 2012 11:45:21 +0000 (11:45 +0000)]
* man/*.xml: Add author based on copyright statement.
* man/<ll>/*.[1358], man/<ll>/man[1358]/*.[1358],
man/<ll>/Makefile.am: Sort manpages per section as the generated
manpages.
nekral-guest [Sun, 20 May 2012 17:40:23 +0000 (17:40 +0000)]
* man/su.1.xml: Document author to avoid warnings during
generation. This needs to be rolled out to other manpages.
* man/generate_mans.mak: Do not add a AUTHOR section in the man
pages.
nekral-guest [Sun, 20 May 2012 10:18:33 +0000 (10:18 +0000)]
* NEWS, man/generate_mans.mak: Generate manpages in man1, man3,
man5, man8 subdirectories. This fix the generation of .so links
which did not point to a path relative to the top-level manual
hierarchy.
* man/generate_mans.mak: Update man paths accordingly.
* man/Makefile.am: Likewise.
* man/da/Makefile.am: Likewise.
* man/de/Makefile.am: Likewise.
* man/fr/Makefile.am: Likewise.
* man/it/Makefile.am: Likewise.
* man/pl/Makefile.am: Likewise.
* man/ru/Makefile.am: Likewise.
* man/sv/Makefile.am: Likewise.
* man/zh_CN/Makefile.am: Likewise.
nekral-guest [Fri, 18 May 2012 19:44:53 +0000 (19:44 +0000)]
* lib/commonio.c: Fix labeling of /etc/{passwd,shadow,group,gshadow}.
It will basically label them with same context as
/etc/{passwd+,shadow+,group+,gshadow+}
nekral-guest [Fri, 18 May 2012 19:32:32 +0000 (19:32 +0000)]
* src/pwunconv.c: Do not check spw_close() return value (file is
opened readonly).
* src/grpunconv.c: Do not check sgr_close() return value (file is
opened readonly).
nekral-guest [Fri, 18 May 2012 17:57:52 +0000 (17:57 +0000)]
* NEWS, src/login.c: Log in utmp / utmpx / wtmp also when PAM is
enabled. This is not done by pam_lastlog. This was broken on
2011-07-23.
* NEWS, libmisc/utmp.c: Do not log in wtmp when PAM is enabled.
This is done by pam_lastlog.
nekral-guest [Mon, 13 Feb 2012 20:09:59 +0000 (20:09 +0000)]
2012-02-13 Mike Frysinger <vapier@gentoo.org>
* lib/nscd.c: Add missing newline to error message.
* lib/nscd.c: If nscd is installed but not in use, then running
`nscd -i` will exit(1). We shouldn't warn in this case since this
is not abnormal behavior.
nekral-guest [Fri, 9 Dec 2011 22:13:02 +0000 (22:13 +0000)]
* lib/prototypes.h, lib/Makefile.am, po/POTFILES.in,
libmisc/copydir.c, lib/selinux.c: Move set_selinux_file_context()
and reset_selinux_file_context() from libmisc/copydir.c to
lib/selinux.c.
* lib/commonio.c: Use set_selinux_file_context() and
reset_selinux_file_context() instead of using the existing
database SELinux context to set the context for the newly created
files.