]> granicus.if.org Git - shadow/log
shadow
6 years agoMerge pull request #136 from giuseppe/fcap-newuidmap-newgidmap
Serge Hallyn [Sat, 27 Oct 2018 16:26:31 +0000 (11:26 -0500)]
Merge pull request #136 from giuseppe/fcap-newuidmap-newgidmap

newuidmap/newgidmap: install with file capabilities

6 years agoMerge pull request #132 from giuseppe/no-cap-sys-admin
Serge Hallyn [Sat, 27 Oct 2018 16:22:37 +0000 (11:22 -0500)]
Merge pull request #132 from giuseppe/no-cap-sys-admin

newuidmap/newgidmap: do not require CAP_SYS_ADMIN in the parent user namespace

6 years agonewuidmap/newgidmap: install with file capabilities
Giuseppe Scrivano [Wed, 24 Oct 2018 09:08:28 +0000 (11:08 +0200)]
newuidmap/newgidmap: install with file capabilities

do not install newuidmap/newgidmap as suid binaries.  Running these
tools with the same euid as the owner of the user namespace to
configure requires only CAP_SETUID and CAP_SETGID instead of requiring
CAP_SYS_ADMIN when it is installed as a suid binary.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
6 years agoMerge pull request #118 from AdelieLinux/utmpx-only-support
Serge Hallyn [Wed, 24 Oct 2018 03:35:19 +0000 (22:35 -0500)]
Merge pull request #118 from AdelieLinux/utmpx-only-support

[WIP] Support systems that only have utmpx

6 years agoMerge pull request #133 from t8m/trivial
Serge Hallyn [Wed, 24 Oct 2018 03:21:12 +0000 (22:21 -0500)]
Merge pull request #133 from t8m/trivial

Fix some issues found in Coverity scan.

6 years agonew[ug]idmap: not require CAP_SYS_ADMIN in the parent userNS
Giuseppe Scrivano [Mon, 8 Oct 2018 16:18:18 +0000 (18:18 +0200)]
new[ug]idmap: not require CAP_SYS_ADMIN in the parent userNS

if the euid!=owner of the userns, the kernel returns EPERM when trying
to write the uidmap and there is no CAP_SYS_ADMIN in the parent
namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
6 years agoMerge pull request #128 from jhrozek/sssd
Serge Hallyn [Thu, 18 Oct 2018 19:26:38 +0000 (12:26 -0700)]
Merge pull request #128 from jhrozek/sssd

Flush sssd caches in addition to nscd caches

6 years agouseradd: fix segfault trying to overwrite const data with mkstemp
Tomas Mraz [Fri, 12 Oct 2018 08:14:02 +0000 (10:14 +0200)]
useradd: fix segfault trying to overwrite const data with mkstemp

Also fix memory leaks in error paths.

6 years agoFix some issues found in Coverity scan.
Tomas Mraz [Wed, 10 Oct 2018 10:22:04 +0000 (12:22 +0200)]
Fix some issues found in Coverity scan.

6 years agoFlush sssd caches in addition to nscd caches
Jakub Hrozek [Wed, 12 Sep 2018 12:22:11 +0000 (14:22 +0200)]
Flush sssd caches in addition to nscd caches

Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
    passwd: sss files
    group:  sss files

The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.

Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.

More details about why Fedora chose to use sss before files can be found
on e.g.:
    https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
    https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html

Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
    getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.

This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.

6 years agoMerge pull request #122 from ivladdalvi/nologin-uid
Serge Hallyn [Mon, 13 Aug 2018 23:37:02 +0000 (18:37 -0500)]
Merge pull request #122 from ivladdalvi/nologin-uid

Log UID in nologin

6 years agoLog UID in nologin
Vladimir Ivanov [Fri, 3 Aug 2018 01:44:16 +0000 (09:44 +0800)]
Log UID in nologin

Sometimes getlogin() may fail, e.g., in a chroot() environment or due to NSS
misconfiguration. Loggin UID allows for investigation and troubleshooting in
such situation.

6 years agoMerge pull request #116 from LionNatsu/master
Serge Hallyn [Sat, 11 Aug 2018 05:40:02 +0000 (00:40 -0500)]
Merge pull request #116 from LionNatsu/master

po/zh_CN: update

6 years agoMerge pull request #119 from mvo5/su-l
Serge Hallyn [Sat, 11 Aug 2018 05:39:07 +0000 (00:39 -0500)]
Merge pull request #119 from mvo5/su-l

su.c: run pam_getenvlist() after setup_env

6 years agosu.c: run pam_getenvlist() after setup_env
Michael Vogt [Mon, 25 Jun 2018 14:00:17 +0000 (16:00 +0200)]
su.c: run pam_getenvlist() after setup_env

When "su -l" is used the behaviour is described as similar to
a direct login. However login.c is doing a setup_env(pw) and then a
pam_getenvlist() in this scenario. But su.c is doing it the other
way around. Which means that the value of PATH from /etc/environment
is overriden. I think this is a bug because:

The man-page claims that "-l": "provides an environment similar
to what the user would expect had the user logged in directly."

And login.c is using the PATH from /etc/environment.

This will fix:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/984390

6 years agoSupport systems that only have utmpx
A. Wilcox [Sun, 24 Jun 2018 05:13:12 +0000 (00:13 -0500)]
Support systems that only have utmpx

This allows shadow-utils to build on systems like Adélie, which have no
<utmp.h> header or `struct utmp`.  We use a <utmpx.h>-based daemon,
utmps[1], which uses `struct utmpx` only.

Tested both `login` and `logoutd` with utmps and both work correctly.

[1]: http://skarnet.org/software/utmps/

6 years agoMerge pull request #117 from rindeal/ENABLE_SUBIDS
Serge Hallyn [Tue, 19 Jun 2018 12:17:57 +0000 (08:17 -0400)]
Merge pull request #117 from rindeal/ENABLE_SUBIDS

fix unguarded ENABLE_SUBIDS code

6 years agofix unguarded ENABLE_SUBIDS code
Jan Chren (rindeal) [Mon, 18 Jun 2018 13:51:27 +0000 (15:51 +0200)]
fix unguarded ENABLE_SUBIDS code

6 years agopo/zh_CN: update
Lion Yang [Sat, 16 Jun 2018 10:26:28 +0000 (18:26 +0800)]
po/zh_CN: update

6 years agoMerge pull request #112 from jubalh/useradd-mkdirs
Serge Hallyn [Wed, 23 May 2018 14:57:40 +0000 (09:57 -0500)]
Merge pull request #112 from jubalh/useradd-mkdirs

Create parent dirs for useradd -m

6 years agoCreate parent dirs for useradd -m
Michael Vetter [Tue, 15 May 2018 15:25:52 +0000 (17:25 +0200)]
Create parent dirs for useradd -m

Equivalent of `mkdir -p`. It will create all parent directories.
Example: `useradd -d /home2/testu1 -m testu1`

Based on https://github.com/shadow-maint/shadow/pull/2 by Thorsten Kukuk
and Thorsten Behrens which was Code from pwdutils 3.2.2 with slight adaptations.

Adapted to so it applies to current code.

6 years agousermod: prevent a segv
Serge Hallyn [Wed, 9 May 2018 02:37:55 +0000 (21:37 -0500)]
usermod: prevent a segv

in the case where prefix does not exist.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
6 years agoFix usermod crash
fariouche [Wed, 9 May 2018 02:17:46 +0000 (21:17 -0500)]
Fix usermod crash

Return newly allocated pointers when the caller will free them.

Closes #110

6 years agorelease 4.6 4.6
Serge Hallyn [Sun, 29 Apr 2018 16:41:41 +0000 (11:41 -0500)]
release 4.6

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
6 years agoMerge pull request #103 from HarmtH/be-predictable
Serge Hallyn [Fri, 30 Mar 2018 06:10:51 +0000 (23:10 -0700)]
Merge pull request #103 from HarmtH/be-predictable

su.c: be more predictable

6 years agoMerge pull request #21 from fariouche/master
Serge Hallyn [Fri, 30 Mar 2018 05:36:28 +0000 (22:36 -0700)]
Merge pull request #21 from fariouche/master

Add --prefix argument

6 years agoMerge pull request #102 from HarmtH/fix-dashdash-slurp
Serge Hallyn [Thu, 29 Mar 2018 22:45:54 +0000 (15:45 -0700)]
Merge pull request #102 from HarmtH/fix-dashdash-slurp

su.c: fix '--' slurping

6 years agoadd --prefix option: some fixes + fixed pwd.lock file location
fariouche [Wed, 28 Mar 2018 19:14:12 +0000 (21:14 +0200)]
add --prefix option: some fixes + fixed pwd.lock file location

6 years agoMerge remote-tracking branch 'upstream/master'
fariouche [Wed, 28 Mar 2018 19:11:36 +0000 (21:11 +0200)]
Merge remote-tracking branch 'upstream/master'

6 years agosu.c: be more predictable
Harm te Hennepe [Mon, 26 Mar 2018 22:45:03 +0000 (00:45 +0200)]
su.c: be more predictable

Always parse first non-option as username.

6 years agosu.c: fix '--' slurping
Harm te Hennepe [Mon, 26 Mar 2018 20:37:56 +0000 (22:37 +0200)]
su.c: fix '--' slurping

All arguments are already reordered and parsed by getopt_long since e663c69, so manual '--' slurping is wrong.

Closes #101

6 years agopwconv and grpconv: rewind after deleting an entry
Serge Hallyn [Sun, 25 Mar 2018 14:18:22 +0000 (09:18 -0500)]
pwconv and grpconv: rewind after deleting an entry

Otherwise our spw_next() will cause us to skip an entry.
Ideally we'd be able to do an swp_rewind(1), but I don't
see a helper for this.

Closes #60

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
6 years agouserdel: fix wrong variable name in tcb case
Serge Hallyn [Sun, 25 Mar 2018 04:44:09 +0000 (23:44 -0500)]
userdel: fix wrong variable name in tcb case

Found in mandriva distro patch, and with a test build.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
6 years agosrc/Makefile.am: tcb fixes from mandriva
Serge Hallyn [Sun, 25 Mar 2018 04:41:23 +0000 (23:41 -0500)]
src/Makefile.am: tcb fixes from mandriva

1. suidubins -= was breaking build with WITH_TCB.
2. stick libtcb at end of ldlibs list.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
6 years agopwck.c: do not pass O_CREAT
Serge Hallyn [Sun, 25 Mar 2018 01:29:48 +0000 (20:29 -0500)]
pwck.c: do not pass O_CREAT

It causes a crash later when we try to close files.

Closes #96

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
6 years agosrc/Makefile.am: drop duplicate inclusion of chage
Serge Hallyn [Sat, 24 Mar 2018 21:27:20 +0000 (16:27 -0500)]
src/Makefile.am: drop duplicate inclusion of chage

Closes #80

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
6 years agoMerge pull request #98 from jsoref/spelling
Serge Hallyn [Sat, 24 Mar 2018 20:54:51 +0000 (15:54 -0500)]
Merge pull request #98 from jsoref/spelling

Spelling

6 years agoMerge pull request #100 from akrosikam/patch-1
Serge Hallyn [Sat, 24 Mar 2018 20:54:22 +0000 (15:54 -0500)]
Merge pull request #100 from akrosikam/patch-1

Complete translation to Norwegian bokmål

6 years agoComplete translation to Norwegian bokmål
akrosikam [Mon, 12 Mar 2018 07:39:16 +0000 (08:39 +0100)]
Complete translation to Norwegian bokmål

Translate remaining strings to Norwegian bokmål (nb). Also, cure previous translation of excessive anglicism and apply a more consistent use of actual Norwegian syntax.

6 years agoMerge pull request #93 from rahul1809/master
Serge Hallyn [Mon, 19 Feb 2018 20:45:13 +0000 (14:45 -0600)]
Merge pull request #93 from rahul1809/master

Double freeing up pointers , Causing Segmentation fault

6 years agoMerge pull request #97 from cyphar/newgidmap-secure-setgroups
Serge Hallyn [Fri, 16 Feb 2018 14:40:39 +0000 (08:40 -0600)]
Merge pull request #97 from cyphar/newgidmap-secure-setgroups

newgidmap: enforce setgroups=deny if self-mapping a group

6 years agoREADME: add Aleksa Sarai to author list
Aleksa Sarai [Thu, 15 Feb 2018 14:37:42 +0000 (01:37 +1100)]
README: add Aleksa Sarai to author list

Signed-off-by: Aleksa Sarai <asarai@suse.de>
6 years agonewgidmap: enforce setgroups=deny if self-mapping a group
Aleksa Sarai [Thu, 15 Feb 2018 12:49:40 +0000 (23:49 +1100)]
newgidmap: enforce setgroups=deny if self-mapping a group

This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by dropping supplementary groups that were "blacklisted" from
certain paths.

This is the simplest fix for the underlying issue, and effectively makes
it so that unless a user has a valid mapping set in /etc/subgid (which
only administrators can modify) -- and they are currently trying to use
that mapping -- then /proc/$pid/setgroups will be set to deny. This
workaround is only partial, because ideally it should be possible to set
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
administrators to further restrict newgidmap(1).

We also don't write anything in the "allow" case because "allow" is the
default, and users may have already written "deny" even if they
technically are allowed to use setgroups. And we don't write anything if
the setgroups policy is already "deny".

Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
Fixes: CVE-2018-7169
Reported-by: Craig Furman <craig.furman89@gmail.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
7 years agoupstream merge
fariouche [Tue, 23 Jan 2018 22:10:19 +0000 (23:10 +0100)]
upstream merge

7 years agoindentation fix
rahul [Mon, 22 Jan 2018 11:37:27 +0000 (17:07 +0530)]
indentation fix

7 years agoadded a check to avoid freeing null pointer
rahul [Mon, 22 Jan 2018 11:35:52 +0000 (17:05 +0530)]
added a check to avoid freeing null pointer

7 years agoMerge pull request #92 from IronicBadger/master
Serge Hallyn [Fri, 19 Jan 2018 04:42:12 +0000 (22:42 -0600)]
Merge pull request #92 from IronicBadger/master

Fixes mispelling of MAX_DAYS help text

7 years agoFixes mispelling of MAX_DAYS help text
Alex Kretzschmar [Wed, 17 Jan 2018 12:21:48 +0000 (12:21 +0000)]
Fixes mispelling of MAX_DAYS help text

7 years agoMerge pull request #90 from t8m/userdel-chroot
Serge Hallyn [Tue, 9 Jan 2018 04:57:43 +0000 (22:57 -0600)]
Merge pull request #90 from t8m/userdel-chroot

Make userdel to work with -R.

7 years agoMerge pull request #91 from kloeri/master
Serge Hallyn [Tue, 9 Jan 2018 04:56:23 +0000 (22:56 -0600)]
Merge pull request #91 from kloeri/master

Add note to passwd(1) that --maxdays -1 disables the setting.

7 years agoAdd note to passwd(1) that --maxdays -1 disables the setting.
Bryan Østergaard [Wed, 3 Jan 2018 17:32:44 +0000 (18:32 +0100)]
Add note to passwd(1) that --maxdays -1 disables the setting.

This note already exists in chage(1).

7 years agoMake userdel to work with -R.
Tomas Mraz [Thu, 21 Dec 2017 08:12:58 +0000 (09:12 +0100)]
Make userdel to work with -R.

The userdel checks for users with getpwnam() which might not work
properly in chroot. Check for the user's presence in local files only.

7 years agospelling: within
Josh Soref [Sun, 22 Oct 2017 21:37:53 +0000 (21:37 +0000)]
spelling: within

7 years agospelling: various
Josh Soref [Sun, 22 Oct 2017 21:33:42 +0000 (21:33 +0000)]
spelling: various

7 years agospelling: using
Josh Soref [Sun, 22 Oct 2017 21:31:09 +0000 (21:31 +0000)]
spelling: using

7 years agospelling: username
Josh Soref [Sun, 22 Oct 2017 21:31:35 +0000 (21:31 +0000)]
spelling: username

7 years agospelling: unrecognized
Josh Soref [Sun, 22 Oct 2017 21:30:30 +0000 (21:30 +0000)]
spelling: unrecognized

7 years agospelling: typical
Josh Soref [Sun, 22 Oct 2017 21:28:58 +0000 (21:28 +0000)]
spelling: typical

7 years agospelling: thanks
Josh Soref [Sun, 22 Oct 2017 21:24:49 +0000 (21:24 +0000)]
spelling: thanks

7 years agospelling: success
Josh Soref [Sun, 22 Oct 2017 21:23:13 +0000 (21:23 +0000)]
spelling: success

7 years agospelling: succeeded
Josh Soref [Sun, 22 Oct 2017 21:23:22 +0000 (21:23 +0000)]
spelling: succeeded

7 years agospelling: submitting
Josh Soref [Sun, 22 Oct 2017 21:23:03 +0000 (21:23 +0000)]
spelling: submitting

7 years agospelling: spotted
Josh Soref [Sun, 22 Oct 2017 21:16:50 +0000 (21:16 +0000)]
spelling: spotted

7 years agospelling: spectacularly
Josh Soref [Sun, 22 Oct 2017 21:16:07 +0000 (21:16 +0000)]
spelling: spectacularly

7 years agospelling: similar
Josh Soref [Sun, 22 Oct 2017 21:14:37 +0000 (21:14 +0000)]
spelling: similar

7 years agospelling: session
Josh Soref [Sun, 22 Oct 2017 21:13:32 +0000 (21:13 +0000)]
spelling: session

7 years agospelling: security
Josh Soref [Sun, 22 Oct 2017 21:13:23 +0000 (21:13 +0000)]
spelling: security

7 years agospelling: rewritten
Josh Soref [Sun, 22 Oct 2017 21:11:59 +0000 (21:11 +0000)]
spelling: rewritten

7 years agospelling: remove
Josh Soref [Sun, 22 Oct 2017 21:12:29 +0000 (21:12 +0000)]
spelling: remove

7 years agospelling: really
Josh Soref [Sun, 22 Oct 2017 21:06:22 +0000 (21:06 +0000)]
spelling: really

7 years agospelling: queried
Josh Soref [Sun, 22 Oct 2017 21:05:52 +0000 (21:05 +0000)]
spelling: queried

7 years agospelling: provided
Josh Soref [Sun, 22 Oct 2017 21:04:46 +0000 (21:04 +0000)]
spelling: provided

7 years agospelling: poor
Josh Soref [Sun, 22 Oct 2017 21:15:45 +0000 (21:15 +0000)]
spelling: poor

7 years agospelling: password
Josh Soref [Sun, 22 Oct 2017 21:03:28 +0000 (21:03 +0000)]
spelling: password

7 years agospelling: partially
Josh Soref [Sun, 22 Oct 2017 21:03:00 +0000 (21:03 +0000)]
spelling: partially

7 years agospelling: overridden
Josh Soref [Sun, 22 Oct 2017 21:01:25 +0000 (21:01 +0000)]
spelling: overridden

7 years agospelling: output
Josh Soref [Sun, 22 Oct 2017 21:00:52 +0000 (21:00 +0000)]
spelling: output

7 years agospelling: originally
Josh Soref [Sun, 22 Oct 2017 20:58:52 +0000 (20:58 +0000)]
spelling: originally

7 years agospelling: options
Josh Soref [Sun, 22 Oct 2017 20:58:25 +0000 (20:58 +0000)]
spelling: options

7 years agospelling: nonexistent
Josh Soref [Sun, 22 Oct 2017 20:54:42 +0000 (20:54 +0000)]
spelling: nonexistent

7 years agospelling: negative
Josh Soref [Sun, 22 Oct 2017 20:48:57 +0000 (20:48 +0000)]
spelling: negative

7 years agospelling: necessary
Josh Soref [Sun, 22 Oct 2017 20:45:06 +0000 (20:45 +0000)]
spelling: necessary

7 years agospelling: multiple
Josh Soref [Sun, 22 Oct 2017 20:41:18 +0000 (20:41 +0000)]
spelling: multiple

7 years agospelling: moment
Josh Soref [Sun, 22 Oct 2017 20:39:14 +0000 (20:39 +0000)]
spelling: moment

7 years agospelling: modification
Josh Soref [Sun, 22 Oct 2017 20:38:52 +0000 (20:38 +0000)]
spelling: modification

7 years agospelling: missing
Josh Soref [Sun, 22 Oct 2017 20:37:31 +0000 (20:37 +0000)]
spelling: missing

7 years agospelling: message
Josh Soref [Sun, 22 Oct 2017 20:34:22 +0000 (20:34 +0000)]
spelling: message

7 years agospelling: maximum
Josh Soref [Sun, 22 Oct 2017 20:33:55 +0000 (20:33 +0000)]
spelling: maximum

7 years agospelling: match
Josh Soref [Sun, 22 Oct 2017 20:33:00 +0000 (20:33 +0000)]
spelling: match

7 years agospelling: mapping
Josh Soref [Sun, 22 Oct 2017 20:32:45 +0000 (20:32 +0000)]
spelling: mapping

7 years agospelling: many
Josh Soref [Sun, 22 Oct 2017 20:30:00 +0000 (20:30 +0000)]
spelling: many

7 years agospelling: logout
Josh Soref [Sun, 22 Oct 2017 20:28:57 +0000 (20:28 +0000)]
spelling: logout

7 years agospelling: locally
Josh Soref [Sun, 22 Oct 2017 20:28:46 +0000 (20:28 +0000)]
spelling: locally

7 years agospelling: interactive
Josh Soref [Sun, 22 Oct 2017 20:24:32 +0000 (20:24 +0000)]
spelling: interactive

7 years agospelling: inserted
Josh Soref [Sun, 22 Oct 2017 20:22:44 +0000 (20:22 +0000)]
spelling: inserted

7 years agospelling: improvements
Josh Soref [Sun, 22 Oct 2017 20:11:27 +0000 (20:11 +0000)]
spelling: improvements

7 years agospelling: if the
Josh Soref [Sun, 22 Oct 2017 19:47:52 +0000 (19:47 +0000)]
spelling: if the

7 years agospelling: if
Josh Soref [Sun, 22 Oct 2017 20:52:44 +0000 (20:52 +0000)]
spelling: if

7 years agospelling: gshadow
Josh Soref [Sun, 22 Oct 2017 19:47:08 +0000 (19:47 +0000)]
spelling: gshadow

7 years agospelling: groupmod
Josh Soref [Sun, 22 Oct 2017 19:33:50 +0000 (19:33 +0000)]
spelling: groupmod