VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,132 Commits 10 Branches 149 Tags
1c330177f0575c735f95a8b5a46723b4f209c5bb
Commit Graph

3132 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alejandro Colomar 1c330177f0 lib, libmisc: Move source files to lib (where their headers were) 
Scripted change:

$ find lib/ -type f \
| grep '\.h$' \
| sed 's,lib/,libmisc/,' \
| sed 's,\.h$,.c,' \
| xargs find 2>/dev/null \
| xargs mv -t lib/;

Plus updating the Makefiles.

Closes: <https://github.com/shadow-maint/shadow/issues/791>
Closes: <https://bugs.gentoo.org/912446>
Link: <https://github.com/shadow-maint/shadow/issues/763#issuecomment-1664383425>
Link: <https://github.com/shadow-maint/shadow/pull/776>
Link: <https://github.com/shadow-maint/shadow/commit/d0518cc250afeaceb772a7f50a900cfc9b3ab937>
Reported-by: Christian Bricart <christian@bricart.de>
Reported-by: Robert Marmorstein <robert@marmorstein.org>
Cc: Sam James <sam@gentoo.org>
[ jubalh tested the openSUSE package ]
Tested-by: Michael Vetter <jubalh@iodoru.org>
Acked-by: Michael Vetter <jubalh@iodoru.org>
[ Robert F. tested the Gentoo package ]
Tested-by: Robert Förster <Dessa@gmake.de>
Cc: David Seifert <soap@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2023-09-10 14:12:54 +02:00
Serge Hallyn 014536f5d5 release 4.14.0 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
4.14.0 		2023-08-15 21:38:30 -05:00
Serge Hallyn ca0f828e7a pre-release 4.14.0-rc5 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
4.14.0-rc5 		2023-08-14 11:51:36 -05:00
Serge Hallyn ebad5f840a configure.ac: check for strlcpy 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2023-08-14 09:08:35 -05:00
Michael Vetter ae2a4507ed Remove intree website 
AFAIK these files were not used in a while.
On 2023-04-27 we also archived the GitHub pages based repo:
https://github.com/shadow-maint/shadow-www

In https://github.com/shadow-maint/shadow/commit/1654f42194ba7804c99d5ac96346a1a19fb793d7 we mention the regular repo URL as our home page.

Also see:
https://github.com/shadow-maint/shadow/issues/114
 2023-08-14 07:06:51 -05:00
Serge Hallyn c1924dc5a1 4.14.0-rc4 pre-release 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
4.14.0-rc4 		2023-08-12 23:17:52 -05:00
Serge Hallyn ee3e6112d3 Releases: add etc/shadow-maint to distfiles 
Closes #784

Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2023-08-12 23:16:56 -05:00
Serge Hallyn 2492fc00d4 4.14.0-rc3 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
4.14.0-rc3 		2023-08-10 09:33:07 -05:00
Iker Pedrosa 776bbd0ccb libmisc: include freezero 
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-10 09:29:17 -05:00
Iker Pedrosa 0e0a310acf libmisc: add freezero source code 
If shadow is built without libbsd support, then freezero() needs to be
provided from the project.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-10 09:29:17 -05:00
Iker Pedrosa 7d5eeb2135 libmisc: add readpassphrase source code 
If shadow is built without libbsd support, then readpassphrase() needs
to be provided from the project.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-10 09:29:17 -05:00
Iker Pedrosa c408c4ad3d configure: add with-libbsd option 
It enables the build with libbsd support. By default it is enabled.

Resolves: https://github.com/shadow-maint/shadow/issues/779

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-10 09:29:17 -05:00
Iker Pedrosa 6ddd10482b man: include shadow-man.xsl in tarball 
This will help generate man pages from tarball.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-09 21:33:21 -05:00
Iker Pedrosa 8e17459fa1 man: include its.rules in tarball 
This will help generate the man pages from tarball.

Resolves: https://github.com/shadow-maint/shadow/issues/781

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-09 21:33:21 -05:00
Iker Pedrosa c89b326350 autogen: enable lastlog build 
Add "--enable-lastlog" to include lastlog man pages in tarball.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-07 09:42:11 -05:00
Christian Göttsche 969549fdf0 Add wrapper for write(2) 
write(2) may not write the complete given buffer.  Add a wrapper to
avoid short writes.
 2023-08-04 17:15:42 -05:00
Serge Hallyn d63f3a0c0a tag 4.14.0-rc2 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
4.14.0-rc2 		2023-08-04 16:24:54 -05:00
Michael Vetter d0518cc250 Add new files to libmisc_la_SOURCES 
Resolves https://github.com/shadow-maint/shadow/issues/763
 2023-08-04 15:39:55 -05:00
Serge Hallyn 4107c49ecd Add a make dist CI test 
Add a CI test to check that make dist builds a usable tarball.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2023-08-04 14:15:49 -05:00
Serge Hallyn 95296dfd67 4.14.0-rc1 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
4.14.0-rc1 		2023-08-03 11:28:59 -05:00
Serge Hallyn cf5596fc79 remove xmalloc.c from POTFILES.in 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2023-08-03 11:28:54 -05:00
Iker Pedrosa f2155fadf1 logoutd: add missing <utmp.h> include 
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa 02e3e04205 CI: compile old utmp interface in Fedora 
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa 50affc546f src: add SELINUX library 
With the recent changes both login and su compilation fail because there
are some missing dependencies from SELINUX library. Thus, add LIBSELINUX
to su and login for those cases where the library is used.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa 78c09e3afe libmisc: conditionally compile utmp.c and logind.c 
Depending on the configuration option selected.

Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa 3b7cc05387 lib: replace USER_NAME_MAX_LENGTH macro 
Replace it by `sysconf(_SC_LOGIN_NAME_MAX)`, which is the maximum
username length supported by the kernel.

Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa fb8f44d73f libmisc: call active_sessions_count() 
Replace the utmp dependent code with the call to
`active_sessions_count()`.

Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa ede0665a5a libmisc: implement active_sessions_count() 
Implement `active_sessions_count()` in `utmp.c` and `logind.c`.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa 1f368e1c18 utmp: update update_utmp() 
Remove `utmp` structure as an argument and include its logic inside the
function. This will help remove any reference to utmp from login.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa 6b7108e347 utmp: move update_utmp 
The functionality from this function is related to utmp. Restrict access
to `setutmp()` to the same file.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa b6ca83ea4c utmp: move failtmp() 
The functionality from this function is related to btmp.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa f40bdfa66a libmisc: implement get_session_host() 
Implement `get_session_host()` in `utmp.c` and `logind.c`.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
Iker Pedrosa fb35ad15ae configure: new option enable-logind 
Create new configuration option `enable-logind` to select which session
support functionality to build, logind or utmp. By default the option is
logind.

Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-08-02 10:13:28 -05:00
xiongshenglan 7bced397c9 shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh 
In some embedded systems, users only use the ps
provided by the busybox. But the ps provided by
the busybox does not support the -eo option by
default. As a result, an error is reported when
the userdel is used. So add a judgment on ps.
If there is no ps -eo, traverse the process directly.

The error information is as follows:
 # userdel xsl
ps: invalid option -- 'e'

Signed-off-by: xiongshenglan <xiongshenglan@huawei.com>
 2023-07-28 21:24:36 -05:00
Michael Vetter a692c880f1 chsh: warn if root sets a shell not listed in /etc/shells 
Print a warning even for the root user if the provided shell isn't
listed in /etc/shells, but continue to execute the action.
In case of non root user exit.

See https://github.com/shadow-maint/shadow/issues/535
 2023-07-27 12:35:27 -05:00
Michael Vetter e5f05d7812 doc: mention ci workflow file to learn about deps 
Fix https://github.com/shadow-maint/shadow/issues/38
 2023-07-27 10:03:28 -05:00
Serge Hallyn 35e91daba0 man/po/Makefile: add a comment to shadow-man-pages.pot 
Add a comment at the top of that file explaining how to
regenerate it.

We should add a README, but I don't have time to draft one
right now.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2023-07-21 23:34:32 -05:00
Vegard Nossum 9df4801e0b newgrp: fix potential string injection 
Since newgrp is setuid-root, any write() system calls it does in order
to print error messages will be done as the root user.

Unprivileged users can get newgrp to print essentially arbitrary strings
to any open file in this way by passing those strings as argv[0] when
calling execve(). For example:

    $ setpid() { (exec -a $1$'\n:' newgrp '' 2>/proc/sys/kernel/ns_last_pid & wait) >/dev/null; }
    $ setpid 31000
    $ readlink /proc/self
    31001

This is not a vulnerability in newgrp; it is a bug in the Linux kernel.

However, this type of bug is not new [1] and it makes sense to try to
mitigate these types of bugs in userspace where possible.

[1]: https://lwn.net/Articles/476947/

Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
 2023-07-21 23:32:19 -05:00
Todd Zullinger 2643f27b36 lastlog: fix alignment of Latest header 
b1282224 (Add maximum padding to fit IPv6-Addresses, 2020-05-24) pads
the From field header using `maxIPv6Addrlen - 3`.  This leaves the
Latest field header misaligned.  Subtract 4 (the length of "From").
 2023-07-18 10:49:13 -05:00
Iker Pedrosa 6f4dc321c3 configure: fix lastlog check 
Fixes: 1bdcfa8d37 ("lastlog: stop building by
default")

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-07-17 13:01:34 -05:00
Alan D. Salewski 65255ea304 subuid.5: reference newusers(8) rather than newusers(1) 
Resolves: https://github.com/shadow-maint/shadow/issues/752

Signed-off-by: Alan D. Salewski <ads@salewski.email>
 2023-07-17 10:10:01 +02:00
Iker Pedrosa c69fd917e3 CI: build lastlog in Fedora 
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-07-15 07:39:53 -05:00
Iker Pedrosa acea93eda9 man: conditionally build lastlog documentation 
Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-07-15 07:39:53 -05:00
Iker Pedrosa 03251ffbc0 usermod: conditionally build lastlog functionality 
Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-07-15 07:39:53 -05:00
Iker Pedrosa d60595d8f2 useradd: conditionally build lastlog functionality 
Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-07-15 07:39:53 -05:00
Iker Pedrosa 84a10ca019 login: conditionally build lastlog functionality 
Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-07-15 07:39:53 -05:00
Iker Pedrosa 1bdcfa8d37 lastlog: stop building by default 
Created a new configuration option `--enable-lastlog` to conditionally
build the lastlog binary. By default the option is disabled.

Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-07-15 07:39:53 -05:00
Iker Pedrosa a0eeb9fbf2 CI: update debian repos 
Latest debian version changed the location and format for the repos
file.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
 2023-07-14 11:49:40 +02:00
Bernd Kuhls 29da702491 Fix yescrypt support 
Fixes build error:
newusers.c: In function 'update_passwd':
newusers.c:433:21: error: 'sflg' undeclared (first use in this function); did you mean 'rflg'?

introduced by
https://github.com/shadow-maint/shadow/commit/5cd04d03f94622c12220d4a6352824af081b8531
which forgot to define sflg for these configure options:

--without-sha-crypt --without-bcrypt --with-yescrypt
 2023-07-12 08:31:51 -05:00
Jeffrey Bencteux 53a17c1742 chgpasswd: fix segfault in command-line options 
Using the --sha-rounds option without first giving a crypt method via the --crypt-method option results in comparisons with a NULL pointer and thus make chgpasswd segfault:

$ chgpasswd -s 1
zsh: segmentation fault  chgpasswd -s 1

Current patch add a sanity check before these comparisons to ensure there is a defined encryption method.
 2023-06-22 14:51:34 -05:00