Commit Graph

276 Commits

Author SHA1 Message Date
Iker Pedrosa 8903b94c86 useradd: fix write_full() return value
write_full() returns -1 on error and useradd was checking another value.

Closes: https://github.com/shadow-maint/shadow/issues/1072
Fixes: f45498a6c2 ("libmisc/write_full.c: Improve write_full()")

Reported-by: <https://github.com/brown-midas>
Suggested-by: <https://github.com/brown-midas>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2024-09-13 09:44:51 +02:00
Alejandro Colomar 1f11a5ce5a src/: Recommend --badname only if it is useful
(Review with -w (--ignore-all-space).)

Closes: <https://github.com/shadow-maint/shadow/issues/1067>
Reported-by: Anselm Schüler <mail@anselmschueler.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-09-01 08:17:11 -05:00
Alejandro Colomar 87a5145719 lib/: Move memzero.[ch] under lib/string/memset/
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-08-30 21:44:07 -05:00
Alejandro Colomar 745281f295 lib/atoi/, *: Split files 2024-07-11 22:42:58 -05:00
Alejandro Colomar a7b169be18 src/useradd.c: Use stpsep() to simplify
This allows using plain strcmp(3) instead of MATCH().

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-08 20:25:01 -05:00
Alejandro Colomar d91b22cc2f lib/, src/: Use stpsep() instead of its pattern
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-08 20:25:01 -05:00
Alejandro Colomar 59e5eef38f contrib, lib/, src/, tests/: Use stpcpy(3) instead of its pattern
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-03 10:03:12 -05:00
Alejandro Colomar b178fed180 src/useradd.c: Simplify, by calling a2sl() instead of str2sl()
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-02 22:52:31 +02:00
Alejandro Colomar 3049bef9c3 lib/alloc/, lib/, src/, tests/: Organize the allocation APIs in a new subdirectory
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar 29f4f03def lib/string/strdup/xstrdup.[ch], lib/, src/: Move xstrdup() to its own file
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar 16cb664865 lib/, src/: Use strsep(3) instead of its pattern
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar 8176e309ed src/useradd.c: tallylog_reset(): Use Basename() instead of its pattern
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar 964df6ed6e lib/, src/: Use strchrnul(3) instead of its pattern
In the files where #include <string.h> is missing, add it, and sort the
includes.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar 22272347b6 lib/string/sprintf/, lib/, src/, tests/: Move all sprintf(3)-like APIs to a subdirectory
And have a separate file for each pair of APIs.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar 509e3bcbf8 lib/: Don't open-code get_gid()
These functions were open-coding get_gid().  Use the actual function.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-06-29 20:00:18 +02:00
Alejandro Colomar 1ee066ae1e src/useradd.c: set_defaults(): Fix FILE* leak
Report:
> shadow-4.15.0/src/useradd.c:575:2: alloc_fn: Storage is returned from allocation function "fdopen".
> shadow-4.15.0/src/useradd.c:575:2: var_assign: Assigning: "ofp" = storage returned from "fdopen(ofd, "w")".
> shadow-4.15.0/src/useradd.c:734:2: leaked_storage: Variable "ofp" going out of scope leaks the storage it points to.
> 732|           }
> 733|
> 734|->         return ret;
> 735|   }
> 736|

Link: <https://issues.redhat.com/browse/RHEL-35383>
Reported-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-05-18 01:15:10 +02:00
Alejandro Colomar e7d1508e07 src/useradd.c: Add fmkstemp() to fix file-descriptor leak
This function creates a temporary file, and returns a FILE pointer to
it.  This avoids dealing with both a file descriptor and a FILE pointer,
and correctly deallocating the resources on error.

The code before this patch was leaking the file descriptor if fdopen(3)
failed.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-05-18 01:15:10 +02:00
Alejandro Colomar a74c4b6ae1 src/useradd.c: De-duplicate code
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-05-18 01:15:10 +02:00
Alejandro Colomar 701fe4cf1a src/useradd.c: set_defaults(): Do not free(3) the result of asprintf(3) if it failed
See asprintf(3):

RETURN VALUE
     When successful,  these  functions  return  the  number  of  bytes
     printed, just like sprintf(3).  If memory allocation wasn’t possi‐
     ble,  or  some other error occurs, these functions will return -1,
     and the contents of strp are undefined.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-05-18 01:15:10 +02:00
Alejandro Colomar 37ae8827a0 src/useradd.c: set_defaults(): Rename goto label
This will help add other labels in the following commits.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-05-18 01:15:10 +02:00
Alejandro Colomar f8fc6371f6 src/useradd.c: set_defaults(): Fix order of clean-ups
Resources should be freed in the inverse order of the allocation.
This refactor prepares for the following commits, which fix some leaks.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-05-18 01:15:10 +02:00
Alejandro Colomar 98aefe8772 lib/, src/: Rename some local variables
'endptr' is appropriate internally in strtol(3) because it's a pointer
to 'end', and 'end' itself is a pointer to one-after-the-last character
of the numeric string.  In other words,

	endptr == &end

However, naming the pointer whose address we pass to strtol(3)'s
'endptr' feels wrong, and causes me trouble while parsing the code; I
need to double check the number of dereferences, because something feels
wrong in my head.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-05-04 17:22:57 -05:00
Alejandro Colomar f39ac101ff lib/, src/: str2*(): Rename functions and reorder parameters
This makes them compatible with liba2i's functions.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-29 14:29:13 -05:00
Alejandro Colomar 27e236ca79 lib/, src/, po/: get[u]long(): Move functions to lib/atoi/str2i.h
And make them inline.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-29 14:29:13 -05:00
Alejandro Colomar 33825ab57d lib/, src/: Remove all code wrapped in defined(USE_NIS)
I don't find any way to enable USE_NIS, so it looks like it's all
dead code.  Bury it.

Closes: <https://github.com/shadow-maint/shadow/issues/909>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-14 16:12:51 -05:00
Skyler Ferrante e6c2e43937 Hardcoding Prog to known value
See #959. We now set Prog (program name) based on hardcoded value instead
of argv[0]. This is to help prevent escape sequence injection.
2024-03-07 22:23:04 +01:00
Alejandro Colomar 5a5cd85bd2 src/useradd.c: get_defaults(): Use const temporary pointer to fix const correctness
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-26 09:40:10 +01:00
Alejandro Colomar 18c428a6c9 lib/, src/: get_uid(): Use the usual -1 as an error code
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-05 16:54:55 -06:00
Alejandro Colomar 2d581cb337 lib/, src/: getlong(): Use the usual -1 as an error code
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-05 16:54:55 -06:00
Tobias Stoeckmann ecc3508877 lib/, src/: Remove SCALE definition
SCALE is always DAY (and has to be always DAY), so replace it with DAY
in source code and remove unneeded calculations.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-05 15:41:12 -06:00
Alejandro Colomar cf9cc6963c lib/, src/: Use SNPRINTF() instead of its pattern
The variable declarations for the buffers have been aligned in this
commit, so that they appear in the diff, making it easier to review.

Some important but somewhat tangent changes included in this commit:

-  lib/nss.c: The size was being defined as 65, but then used as 64.
   That was a bug, although not an important one; we were just wasting
   one byte.  Fix that while we replace snprintf() by SNPRINTF(), which
   will get the size from sizeof(), and thus will use the real size.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-12-15 16:41:47 +01:00
Christian Göttsche cdb2490ab6 Update close(2) checking
Check for close(2) failure at more places closing a file descriptor
written to.

Also ignore failures with errno set to EINTR (see man:close(2) for
details).
2023-12-14 07:40:40 -06:00
Christian Göttsche 92b889b671 src/useradd: free string
useradd.c:2329:10: warning: Potential leak of memory pointed to by 'btrfs_check' [unix.Malloc]
2023-12-14 07:40:40 -06:00
Christian Göttsche 0d7cb003b7 src/useradd: avoid usage of sprintf
sprintf(3) does not take the destination buffer into account. Although
the destination in these case is large enough, sprintf(3) indicates a
code smell.

Use the xasprintf() wrapper.
2023-12-14 07:40:40 -06:00
Alejandro Colomar 76bbce3564 lib/, src/: Align variable definitions
This is just a cosmetic patch in preparation for others.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-12-13 10:06:34 -06:00
Alejandro Colomar dbb37b1b31 lib/string/: Move string-related files to string/ subdir
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-12-03 12:22:11 -06:00
Alejandro Colomar 4f16458b6c lib/, src/: Say 'long' instead of 'long int'
We were using 'long' in most places, so be consistent and use it
everywhere.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-12-03 09:58:19 -06:00
Serge Hallyn fa68441bc4 Improve the login.defs unknown item error message
Closes #746

Only print the 'unknown item' message to syslog if we are
actually parsing a login.defs.  Prefix it with "shadow:" to make
it clear in syslog where it came from.

Also add the source filename to the console message.  I'm not
quite clear on the econf API, so not sure whether in that path we
will end up actually having the path, or printing ''.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-10-20 18:46:23 -05:00
Alejandro Colomar d5e1c1e475 lib/, src/: Use xasprintf() instead of its pattern
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-10-20 21:05:33 +02:00
Alejandro Colomar ad3b31a59e lib/, src/: Use asprintf(3) instead of strlen(3)+malloc(3)+snprintf(3)
asprintf(3) is non-standard, but is provided by GNU, the BSDs, and musl.
That makes it portable enough for us to use.

This function is much simpler than the burdensome code for allocating
the right size.  Being simpler, it's thus safer.

I took the opportunity to fix the style to my preferred one in the
definitions of variables used in these calls, and also in the calls to
free(3) with these pointers.  That isn't gratuituous, but has a reason:
it makes those appear in the diff for this patch, which helps review it.
Oh, well, I had an excuse :)

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-10-20 21:05:33 +02:00
Johannes Segitz 48aa12af31 useradd: Set proper SELinux labels for def_usrtemplate
Fixes: 74c17c716 ("Add support for skeleton files from /usr/etc/skel")

Signed-off-by: Johannes Segitz <jsegitz@suse.com>
2023-10-03 09:24:47 +02:00
Alejandro Colomar 6b11077f09 memzero.h: Move memzero() and strzero() to their own header
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-01 09:39:23 +02:00
Christian Göttsche 35edae5892 Declare usage and failure handler noreturn
Assist static analyzers in understanding final code paths.
2023-08-21 11:43:18 +02:00
Alejandro Colomar f45498a6c2 libmisc/write_full.c: Improve write_full()
Documentation:

-  Correct the comment documenting the function:

   write_full() doesn't write "up to" count bytes (which is write(2)'s
   behavior, and exactly what this function is designed to avoid), but
   rather exactly count bytes (on success).

-  While fixing the documentation, take the time to add a man-page-like
   comment as in other APIs.  Especially, since we'll have to document
   a few other changes from this patch, such as the modified return
   values.

-  Partial writes are still possible on error.  It's the caller's
   responsibility to handle that possibility.

API:

-  In write(2), it's useful to know how many bytes were transferred,
   since it can have short writes.  In this API, since it either writes
   it all or fails, that value is useless, and callers only want to know
   if it succeeded or not.  Thus, just return 0 or -1.

Implementation:

-  Use `== -1` instead of `< 0` to check for write(2) syscall errors.
   This is wisdom from Michael Kerrisk.  This convention is useful
   because it more explicitly tells maintainers that the only value
   which can lead to that path is -1.  Otherwise, a maintainer of the
   code might be confused to think that other negative values are
   possible.  Keep it simple.

-  The path under `if (res == 0)` was unreachable, since the loop
   condition `while (count > 0)` precludes that possibility.  Remove the
   dead code.

-  Use a temporary variable of type `const char *` to avoid a cast.

-  Rename `res`, which just holds the result from write(2), to `w`,
   which more clearly shows that it's just a very-short-lived variable
   (by it's one-letter name), and also relates itself more to write(2).
   I find it more readable.

-  Move the definition of `w` to the top of the function.  Now that the
   function is significantly shorter, the lifetime of the variable is
   clearer, and I find it more readable this way.

Use:

-  Also use `== -1` to check errors.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-08-18 20:35:15 -05:00
Christian Göttsche 969549fdf0 Add wrapper for write(2)
write(2) may not write the complete given buffer.  Add a wrapper to
avoid short writes.
2023-08-04 17:15:42 -05:00
Iker Pedrosa d60595d8f2 useradd: conditionally build lastlog functionality
Resolves: https://github.com/shadow-maint/shadow/issues/674

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-07-15 07:39:53 -05:00
Alejandro Colomar e69d556b63 src/useradd.c: create_mail(): Cosmetic
-  Invert conditional to reduce indentation.
-  Reduce use of whitespace and newlines while unindenting.
-  Reorder variable declarations.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-06-09 19:04:51 -05:00
Alejandro Colomar 0a90118089 src/useradd.c: create_home(): Cosmetic
-  Invert conditional to reduce indentation.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-06-09 19:04:51 -05:00
Alejandro Colomar adf8b3f64f src/useradd.c: create_home(): Cosmetic
-  Invert conditional to reduce indentation.
-  Rewrite while loop calling strtok(3) as a for loop.  This allows
   doing more simplification inside the loop (see next commit).

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-06-09 19:04:47 -05:00
Alejandro Colomar c01664c30c src/useradd.c: create_home(): Cosmetic
-  Fix indentation.  It was very broken.
-  Move variable declaration to the top of the block in which it's used.
-  Reduce use of whitespace and newlines.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-06-09 19:03:57 -05:00