VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,954 Commits 10 Branches 149 Tags
efbbcade43ff2dca2b7a271dcbd186be08ac1913
Commit Graph

133 Commits

Author SHA1 Message Date
Alejandro Colomar
709e6b4497 Add stpecpy() 
strncat(3), strlcpy(3), and many other functions are often misused for
catenating strings, when they should never be used for that.  strlcat(3)
is good.  However, there's no equivalent to strlcat(3) similar to
snprintf(3).  Let's add stpecpy(), which is similar to strlcat(3), but
it is also the only function compatible with stpeprintf(), which makes
it more useful than strlcat(3).

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2023-02-16 11:29:33 +01:00
Alejandro Colomar
e0e9e57a72 Add mempcpy(3) 
We'll use it for implementing stpecpy(), and may be interesting to have
it around.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2023-02-16 11:29:33 +01:00
Alejandro Colomar
7e213cfb50 Add stpeprintf() 
[v]stpeprintf() are similar to [v]snprintf(3), but they allow chaining.
[v]snprintf(3) are very dangerous for catenating strings, since the
obvious ways to do it invoke Undefined Behavior, and the ways that avoid
UB are very error-prone.

Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2023-02-16 11:29:33 +01:00
Alejandro Colomar
e762ab8b54 Assume getutent(3) exists (remove dead code) 
Recently, we removed support for 'struct utmpx'.  We did it because utmp
and utmpx are identical, and while POSIX specifies utmpx (and not utmp),
GNU/Linux documentation seems to favor utmp.  Also, this project
defaulted to utmp, so changing to utmpx would be more dangerous than
keeping old defaults, even if it's supposed to be the same.

Now, I just found more code that didn't make much sense: lib/utent.c
provides definitions for getutent(3) and friends in case the system
doesn't provide them, but we don't provide prototypes for those
definitions, so code using the functions would have never compiled.

Let's just remove these definitions as dead code.

Fixes: 3be7b9d75a ("Remove traces of utmpx")
Fixes: 170b76cdd1 ("Disable utmpx permanently")
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2023-02-08 17:21:34 +01:00
Stefan Schubert
a27d5c51f1 Supporting vendor given -shells- configuration file 2023-01-26 22:45:32 -06:00
Christian Göttsche
90ead3cfb8 Replace flawed memset_s usage 
memset_s() has a different signature than memset(3) or explicit_bzero(),
thus the current code would not compile.  Also memset_s()
implementations are quite rare.
Use the C23 standardized version memset_explicit(3).

Fixes: 7a799ebb ("Ensure memory cleaning")
 2023-01-25 11:07:25 +01:00
Alejandro Colomar
647d46507d Assume struct tm is defined in <time.h> 
It has been a requirement since at least C90, according to tm(3type).

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-22 09:49:02 -06:00
Alejandro Colomar
d96bb2868d Assume struct stat has st_atim and st_mtim fields 
That's required by POSIX.1-2008.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-22 09:49:02 -06:00
Alejandro Colomar
5d7a3b80e9 Remove USE_SYSLOG preprocessor conditional, which was always defined 
Reported-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-22 11:44:36 +01:00
Alejandro Colomar
3be7b9d75a Remove traces of utmpx 
-  USER_NAME_MAX_LENGTH was being calculated in terms of utmpx.  Do it
   in terms of utmp.
-  Remove utmpx support from the whishlist.
-  Remove unused tests about utmpx members.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-22 10:31:43 +01:00
Alejandro Colomar
170b76cdd1 Disable utmpx permanently 
On Linux, utmpx and utmp are identical.  However, documentation (manual
pages) covers utmp, and just says about utmpx that it's identical to
utmp.  It seems that it's preferred to use utmp, at least by reading the
manual pages.

Moreover, we were defaulting to utmp (utmpx had to be explicitly enabled
at configuration time).  So, it seems safer to just make it permanent,
which should not affect default builds.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-22 10:31:43 +01:00
Alejandro Colomar
2da7607ea6 Assume <utmpx.h> always exists 
We already made that assumption in commit b47aa1e9aa.  While the
header is not required by POSIX (it is an XSI extension), it is defined
in systems that are of interest to this project (GNU/Linux).

Fixes: b47aa1e9aa ("Assume <utmpx.h> exists")
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-22 10:31:43 +01:00
Alejandro Colomar
428a2078b6 Ping? :) 
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
5669b34891 Assume socket(2) exists 
It is required by POSIX.1-2001.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
3d32dd05bb Assume inet_ntoa(3) exists 
It is required by POSIX.1-2001.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
143e346dd5 Assume strdup(3) exists 
It is required by POSIX.1-2001.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
56e989ccf7 Assume strcasecmp(3) exists 
It is required by POSIX.1-2001.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
06f4acee99 Assume rmdir(2) exists 
It is required by POSIX.1-2001.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
dfc93b35cc Assume mkdir(2) exists 
It is required by POSIX.1-2001.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
cbc363f671 Assume getgrgid_r(3) exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
88eb38f4ab Assume getgrnam_r(3) exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
e5e5df1966 Assume getpwuid_r(3) exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
e788001977 Assume getpwnam_r(3) exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
a082a3975f Assume fsync(2) exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
e71c23586a Assume fchown(2) exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
9c86e07067 Assume fchmod(2) exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
55c62b663f Assume l64a(3) exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
48391fb862 Assume <netdb.h> exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
9d695340b4 Assume <sys/resource.h> exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
cdaa04e460 Remove uses of ulimit(3) 
The function is obsolete.  It is recommended to use getrlimit(2) instead
(see the manual page for ulimit(3) or the POSIX manual for it).  Since
getrlimit(2) is required by POSIX.1-2001, we can rely on it.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
7b1fc83e9b Remove unused check for <utime.h> 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
eecd021c04 Remove unused check for <syslog.h> 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
5777e583cd Assume <termios.h> exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
b47aa1e9aa Assume <utmpx.h> exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
85d2688d62 Remove unused check for <sys/time.h> 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
578f286215 Assume <unistd.h> exists 
It is required by POSIX.1-2001.

Cc: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
28e565aa83 Remove unused check for <fcntl.h> 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-15 16:22:05 -06:00
Alejandro Colomar
d7baafb2eb Assume strstr(3) exists 
ISO C99 requires strstr(3).

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-12 09:16:43 +01:00
Alejandro Colomar
0793782d31 Assume snprintf(3) exists 
ISO C99 requires snprintf(3).

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-12 09:16:43 +01:00
Alejandro Colomar
7d3213741e Assume rename(2) exists 
ISO C99 requires rename(2).

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-12 09:16:43 +01:00
Alejandro Colomar
3a32f5278d Assume strerror(3) exists 
ISO C99 requires strerror(3).

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-12 09:16:43 +01:00
Alejandro Colomar
c26b682381 Assume <locale.h> exists 
ISO C99 requires <locale.h>.

Other files in the project already include <locale.h> unconditionally,
so it's reasonable to assume that it is always available.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-12 09:16:43 +01:00
Alejandro Colomar
d34c834ea8 Remove unused check for <limits.h> 
Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-12 09:16:43 +01:00
Alejandro Colomar
1eaa30756e Assume <errno.h> exists 
ISO C99 requires <errno.h>.

Many files in the project already include <errno.h> unconditionally,
so it's reasonable to assume that it is always available.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-12 09:16:43 +01:00
Alejandro Colomar
c4d9dcacc9 Assume <stdbool.h> exists 
ISO C99 requires <stdbool.h>.

Many files in the project already include <stdbool.h> unconditionally,
so it's reasonable to assume that it is always available.

Link: <https://github.com/shadow-maint/shadow/pull/600>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-12 09:16:43 +01:00
Guillem Jover
2a5b8810bb agetpass: Hook into build-system 
Signed-off-by: Guillem Jover <guillem@hadrons.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2022-12-05 10:47:19 +01:00
Florian Weimer
a281f241b5 Fix HAVE_SHADOWGRP configure check 
The missing #include <gshadow.h> causes the configure check to fail
spuriously, resulting in HAVE_SHADOWGRP not being defined even
on systems that actually have sgetsgent (such as current glibc).
 2022-11-21 08:06:14 -06:00
Serge Hallyn
24b44b686e Release 4.13 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2022-11-08 10:29:30 -06:00
Serge Hallyn
238aa92948 Release 4.12.2 with CVE fix 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2022-08-18 16:54:21 -05:00
Christian Göttsche
dab764d019 Require symlink support 
Require lstat(2), lchown(2), S_IFLNK and S_ISLNK from POSIX.1-2001.

Already unconditionally used in lib/tcbfuncs.c and lib/run_part.c.
 2022-08-17 12:34:01 -05:00