Commit Graph

209 Commits

Author SHA1 Message Date
Jeremy Whiting b5aba2624b Fix E_NAME_IN_USE documentation.
Since code gives this error if username or group name is already
used the documentation should reflect that.
2022-08-06 11:10:54 -05:00
Masatake YAMATO 3f7a72e967 useradd: add -F option for updating /etc/sub[ig]id for system accounts
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2022-08-01 15:45:10 +02:00
Masatake YAMATO fb96d3f84d useradd: make the option specstr passed to getopt_long extensible
It was hard to extend the option specification string passed to
getopt_long as the third argument.

The origian code had a branch with WITH_SELINUX ifdef condition. If
one wants to add one more option char with another ifdef condition
like ENABLE_SUBIDS to the spec, the one must enumerate the specs for
all combinations of the conditions:

*  WITH_SELINUX &&  ENABLE_SUBIDS
*  WITH_SELINUX && !ENABLE_SUBIDS
* !WITH_SELINUX &&  ENABLE_SUBIDS
* !WITH_SELINUX && !ENABLE_SUBIDS

With this change, you can append an option char to the spec.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2022-08-01 15:45:10 +02:00
Iker Pedrosa 45d6746219 src: correct "badname" option
Change "badnames" to "badname" as this is the accepted option name.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2022-05-06 10:13:51 -05:00
Iker Pedrosa f1f1678e13 useradd: modify check ID range for system users
useradd warns that a system user ID less than SYS_UID_MIN is outside the
expected range, even though that ID has been specifically selected with
the "-u" option.

In my opinion all the user ID's below SYS_UID_MAX are for the system,
thus I change the condition to take that into account.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2004911

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2022-01-19 10:02:55 -06:00
Christian Göttsche a8166a86ed Declare read-only arguments of run_part(s) const
run_part() and run_parts() do not modify their directory, name and
action arguments.
Also include the header in the implementation to provide the prototypes.

useradd.c:2495:59: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
 2495 |         if (run_parts ("/etc/shadow-maint/useradd-pre.d", (char*)user_name,
      |                                                           ^
useradd.c:2495:24: warning: passing argument 1 of ‘run_parts’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 2495 |         if (run_parts ("/etc/shadow-maint/useradd-pre.d", (char*)user_name,
      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from useradd.c:45:
../lib/run_part.h:2:22: note: expected ‘char *’ but argument is of type ‘const char *’
    2 | int run_parts (char *directory, char *name, char *action);
      |                ~~~~~~^~~~~~~~~
useradd.c:2496:25: warning: passing argument 3 of ‘run_parts’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 2496 |                         "useradd")) {
      |                         ^~~~~~~~~
2022-01-03 15:09:17 +01:00
Serge Hallyn e8a2cfa7dc Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
Xi Ruoyao 6f266a30ff fix segfault running useradd -D 2021-12-29 17:06:39 +08:00
Serge Hallyn f93cf255d4 Update licensing info
Closes #238

Update all files to list SPDX license shortname.  Most files are
BSD 3 clause license.

The exceptions are:

serge@sl ~/src/shadow$ git grep SPDX-License | grep -v BSD-3-Clause
contrib/atudel:# SPDX-License-Identifier: BSD-4-Clause
lib/tcbfuncs.c: * SPDX-License-Identifier: 0BSD
libmisc/salt.c: * SPDX-License-Identifier: Unlicense
src/login_nopam.c: * SPDX-License-Identifier: Unlicense
src/nologin.c: * SPDX-License-Identifier: BSD-2-Clause
src/vipw.c: * SPDX-License-Identifier: GPL-2.0-or-later

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-12-23 19:36:50 -06:00
Serge Hallyn 79157cbad8 Make shadow_logfd and Prog not extern
Closes #444
Closes #465

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-12-23 15:18:07 -06:00
Serge Hallyn 19f08785f0 Merge pull request #231 from gjzkrug/useradd-maildir-fix
Removed hard-coded default mail spool in useradd
2021-12-04 22:26:51 -06:00
Ludwig Nussel d12d300c98 useradd: assume uid 0 == root as fallback
In absence of /etc/passwd, eg when bootstrapping a chroot, resolving
uid 0 to a name may not work. Therefore just assume "root".
2021-11-30 17:14:14 +01:00
Iker Pedrosa 06eb4e4d76 useradd: change SELinux labels for home files
Change SELinux labels for files copied from the skeleton directory to
the home directory.

This could cause gnome's graphical user adding to fail without copying
the full skeleton files.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2022658

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-12 15:27:16 +01:00
Iker Pedrosa 09c752f00f useradd: create directories after the SELinux user
Create the home and mail folders after the SELinux user has been set for
the added user. This will allow the folders to be created with the
SELinux user label.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-10-25 09:55:27 +02:00
Andy Zaugg 7e2b522a15 Added a new configurable LOG_INIT to useradd
In some circumstances I want the default behaviour of useradd to
not add user entries to the lastlog and faillog databases. Allowing
this options behaviour to be controlled by the config file
/etc/default/useradd.
2021-10-15 16:20:52 -05:00
a1346054 7687ae4dbd fix spelling and unify whitespace 2021-08-18 18:06:02 +00:00
Serge Hallyn 4624e9fca1 Revert "useradd.c:fix memleaks of grp"
In some cases, the value which was being freed is not actually
safe to free.

Closes #394

This reverts commit c44b71cec2.
2021-08-14 19:37:24 -05:00
Serge Hallyn 049b08481a useradd.c: Fix undeclared subuid_count when not using subids
subuid_count won't get used by usr_update(), but since we're passing it
as an argument we have to make sure it's always defined.  So just define
it as pre-set to 0.

Closes #402

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-08-14 19:25:51 -05:00
Iker Pedrosa 9dd720a285 useradd: avoid generating an empty subid range
useradd generates an empty subid range when adding a new user. This is
caused because there are two variables, one local and the other one
global, that have a very similar name and they are used indistinctly in
the code. The local variable loads the SUB_*ID_COUNT configuration from
the login.defs file, while the global variable, which holds a value of
0, is used to generate the subid range. Causing the empty subid range
problem.

I've merged the two variables in the local one and removed the global
variable. I prefer to do it this way to reduce the scope of it but I'm
open to doing it the other way round.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1990653

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-08-10 10:04:39 +02:00
Serge Hallyn 33c33a32a2 useradd: create /etc/default saving defaults.
Since bbf4b79, we stopped shipping /etc/default/useradd, and therefore
install of shadow does not auto-create /etc/default.  So when useradd
tries to save a new default, it needs to create the directory.

Closes #390.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-07-25 16:19:56 -05:00
Iker Pedrosa 1aed7ae945 useradd.c: fix covscan RESOURCE_LEAK
Error: RESOURCE_LEAK (CWE-772): [#def28]
shadow-4.8.1/src/useradd.c:1905: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/src/useradd.c:1905: var_assign: Assigning: "fd" = handle returned from "open("/var/log/faillog", 2)".
shadow-4.8.1/src/useradd.c:1906: noescape: Resource "fd" is not freed or pointed-to in "lseek".
shadow-4.8.1/src/useradd.c:1917: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
 1915|   		/* continue */
 1916|   	}
 1917|-> }
 1918|
 1919|   static void lastlog_reset (uid_t uid)

Error: RESOURCE_LEAK (CWE-772): [#def29]
shadow-4.8.1/src/useradd.c:1938: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/src/useradd.c:1938: var_assign: Assigning: "fd" = handle returned from "open("/var/log/lastlog", 2)".
shadow-4.8.1/src/useradd.c:1939: noescape: Resource "fd" is not freed or pointed-to in "lseek".
shadow-4.8.1/src/useradd.c:1950: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
 1948|   		/* continue */
 1949|   	}
 1950|-> }
 1951|
 1952|   static void tallylog_reset (const char *user_name)

Error: RESOURCE_LEAK (CWE-772): [#def30]
shadow-4.8.1/src/useradd.c:2109: alloc_fn: Storage is returned from allocation function "strdup".
shadow-4.8.1/src/useradd.c:2109: var_assign: Assigning: "bhome" = storage returned from "strdup(prefix_user_home)".
shadow-4.8.1/src/useradd.c:2131: noescape: Resource "bhome" is not freed or pointed-to in "strtok".
shadow-4.8.1/src/useradd.c:2207: leaked_storage: Variable "bhome" going out of scope leaks the storage it points to.
 2205|   		}
 2206|   #endif
 2207|-> 	}
 2208|   }
 2209|
2021-06-15 09:40:40 +02:00
Serge Hallyn 8eb6f8ace4 Merge pull request #327 from squat/bugfix_relative_prefix_path
fix: create relative home path correctly
2021-05-29 14:16:46 -05:00
Serge Hallyn 663824ef4c Fix useradd with SUB_UID_COUNT=0
Closes #298

Fix useradd when SUB_UID_COUNT=0 in login.defs.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-05-22 11:42:02 -05:00
Serge Hallyn 2b22a6909d libsubid: don't print error messages on stderr by default
Closes #325

Add a new subid_init() function which can be used to specify the
stream on which error messages should be printed.  (If you want to
get fancy you can redirect that to memory :)  If subid_init() is
not called, use stderr.  If NULL is passed, then /dev/null will
be used.

This patch also fixes up the 'Prog', which previously had to be
defined by any program linking against libsubid.  Now, by default
in libsubid it will show (subid).  Once subid_init() is called,
it will use the first variable passed to subid_init().

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-05-15 12:38:55 -05:00
Christian Göttsche eb1d2de0e9 set_selinux_file_context(): prepare context for actual file type
Search the SELinux selabel database for the file type to be created.
Not specifying the file mode can cause an incorrect file context to be
returned.

Also prepare contexts in commonio_close() for the generic database
filename, not with the backup suffix appended, to ensure the desired
file context after the final rename.

Closes: #322

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
2021-05-06 16:58:10 +02:00
Christian Göttsche 6e4b2fe25d struct commonio_db[selinux]: do not use deprecated type security_context_t
The typedef security_context_t is deprecated, see
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
2021-05-06 16:58:10 +02:00
Lucas Servén Marín 2c542f6c65 fix: create relative home path correctly
Currently, supplying a relative path via the --prefix flag to the
useradd command triggers a bug in the creation of home directories. The
code seems to unintentionally prepend a leading "/" to all paths,
quietly transforming a relative prefixed home path into an absolute
path. This can be seen in the following strace logs from running
"useradd --create-home --prefix tmp/root squat":

```
access("tmp/root//home/squat", F_OK)    = -1 ENOENT (No such file or directory)
access("/mp", F_OK)                     = 0
access("/mp/root", F_OK)                = 0
access("/mp/root/home", F_OK)           = 0
access("/mp/root/home/squat", F_OK)     = -1 ENOENT (No such file or directory)
mkdir("/mp/root/home/squat", 000)       = 0
chown("/mp/root/home/squat", 0, 0)      = 0
chmod("/mp/root/home/squat", 0755)      = 0
chown("tmp/root//home/squat", 1000, 1000) = -1 ENOENT (No such file or directory)
chmod("tmp/root//home/squat", 0700)     = -1 ENOENT (No such file or directory)
```

Note that the relative path is correctly probed in the beginning and it
is only during the recursive creation that the path is turned into an
absolute path. This invocation results in the creation of a "/mp"
hierarchy in the root of the filesystem.

Similar problems occur when using `--prefix ./tmp/root`.

This commit fixes the handling of relative paths by not assuming that
the given path is anchored with a "/".

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-04-29 15:06:53 +02:00
Serge Hallyn 0dffc7c612 useradd: don't try to create 0 subuids
Closes #289

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-01 13:10:12 -06:00
Serge Hallyn c917ed7b76 Merge pull request #302 from whzhe51/br_master
useradd.c:fix memleaks of grp
2020-12-27 00:37:46 -06:00
Serge Hallyn 08f5577018 Merge pull request #301 from whzhe51/br_whzhe
useradd.c:fix memleak in get_groups
2020-12-27 00:31:30 -06:00
Serge Hallyn 1021195bfe Merge pull request #299 from lnussel/master
useradd: use built-in settings by default
2020-12-27 00:26:47 -06:00
whzhe fd9d79a1a3 useradd.c:fix memleak in get_groups
Signed-off-by: whzhe <wanghongzhe@huawei.com>
2020-12-20 22:05:03 -05:00
whzhe51 c44b71cec2 useradd.c:fix memleaks of grp
Signed-off-by: whzhe51 <wanghongzhe@huawei.com>
2020-12-20 20:14:49 -05:00
Ludwig Nussel bbf4b79bc4 useradd: use built-in settings by default
Avoids installing inconsistent settings. The correct ones would be
written as soon as an admin uses useradd -D to modify the defaults.
2020-12-04 09:20:18 +01:00
ikerexxe abb5c99114 useradd: log exit code when failing
src/useradd.c: log exit code when failing
2020-11-17 16:58:40 +01:00
ikerexxe 569bd1d54f useradd: free grp to avoid leak
covscan issue:
Error: RESOURCE_LEAK (CWE-772): [#def39] [important]
src/useradd.c:728: alloc_fn: Storage is returned from allocation function "get_local_group".
src/useradd.c:728: var_assign: Assigning: "grp" = storage returned from "get_local_group(list)".
src/useradd.c:728: overwrite_var: Overwriting "grp" in "grp = get_local_group(list)" leaks the storage that "grp" points to.
726|   		 * GID values, otherwise the string is looked up as is.
727|   		 */
728|-> 		grp = get_local_group (list);
729|
730|   		/*
2020-10-27 11:42:34 +01:00
ikerexxe 508b968cb1 useradd: check return value from chmod and log it
covscan was complaining abot calling chmod and ignoring the return
value:
Error: CHECKED_RETURN (CWE-252):
shadow-4.6/src/useradd.c:2084: check_return: Calling
"chmod(prefix_user_home, mode)" without checking return value. This
library function may fail and return an error code.
2082|   		mode_t mode = getdef_num ("HOME_MODE",
2083|   		                          0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
2084|-> 		chmod (prefix_user_home, mode);
2085|   		home_added = true;
2086|   #ifdef WITH_AUDIT
2020-08-10 11:44:00 +02:00
Serge Hallyn 7ea342579e useradd: suggest --badnames when given a bad name
Closes #266
2020-07-31 21:29:21 -05:00
Serge Hallyn 6baeb25038 Merge pull request #234 from edneville/79_userdel
Adding run-parts for userdel
2020-06-10 00:31:10 -05:00
ed 32cfa176f2 Adding run-parts style for pre and post useradd/del
Signed-off-by: ed neville <ed@s5h.net>
2020-06-10 00:26:55 -05:00
Serge Hallyn f929bfd90b Merge pull request #237 from ikerexxe/usermod_fails
Check only local groups when adding new supplementary groups to a user
2020-05-01 22:26:41 -05:00
blueskycs2c 1d8487d851 check_uid_range : warnings go to stderr 2020-04-20 10:16:19 +08:00
Christian Brauner 52aba825af Merge pull request #245 from hallyn/2020-04-17/libmisc
remove unused and misleading 'owner' argument from find_new_sub*
2020-04-18 12:32:38 +02:00
Serge Hallyn 25b1a8d591 remove unused and misleading 'owner' argument from find_new_sub*
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-04-17 16:32:44 -05:00
blueskycs2c 00e629c0ba print a warning from useradd if -u is used with uid number outside range. 2020-04-11 22:45:54 +08:00
ikerexxe 8762f465d4 useradd: check only local groups with -G option
Check only local groups when adding new supplementary groups to a user

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1727236
2020-03-30 13:08:30 +02:00
Geoffrey Krug 2a991a3ce9 Removed hard-coded default mail spool in useradd
The useradd program should be consistent with userdel and usermod and use the
MAIL_SPOOL_DIR variable as the default spool, if it is defined. Otherwise,
don't create a new mailbox, because it won't be cleaned up by userdel when run
with the -r flag.
2020-03-11 20:00:09 +00:00
ikerexxe 8a1e92aff1 useradd: generate /var/spool/mail/$USER with the proper SELinux user identity
Explanation: use set_selinux_file_context() and reset_selinux_file_context() for create_mail() just as is done for create_home()

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690527
2020-02-19 15:28:41 +01:00
Tomas Mraz 4ed08824e5 Make the check for non-executable shell only a warning.
Although it is a good idea to check for an inadvertent typo
in the shell name it is possible that the shell might not be present
on the system yet when the user is added.
2020-01-16 12:59:29 +01:00
Duncan Overbruck 085d04c3dd add new HOME_MODE login.defs(5) option
This option can be used to set a separate mode for useradd(8) and
newusers(8) to create the home directories with.
If this option is not set, the current behavior of using UMASK
or the default umask is preserved.

There are many distributions that set UMASK to 077 by default just
to create home directories not readable by others and use things like
/etc/profile, bashrc or sudo configuration files to set a less
restrictive
umask. This has always resulted in bug reports because it is hard
to follow as users tend to change files like bashrc and are not about
setting the umask to counteract the umask set in /etc/login.defs.

A recent change in sudo has also resulted in many bug reports about
this. sudo now tries to respect the umask set by pam modules and on
systems where pam does not set a umask, the login.defs UMASK value is
used.
2020-01-12 16:18:32 +01:00