usermod, newusers, prefix: enforce absolute paths for homedir

useradd already was enforcing this, but these were not.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
This commit is contained in:
Serge Hallyn 2021-06-01 22:11:37 -05:00
parent bd920ab36a
commit 9d37173b24
3 changed files with 19 additions and 0 deletions

View File

@ -109,6 +109,12 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
return ""; /* if prefix is "/" then we ignore the flag option */ return ""; /* if prefix is "/" then we ignore the flag option */
/* should we prevent symbolic link from being used as a prefix? */ /* should we prevent symbolic link from being used as a prefix? */
if ( prefix[0] != '/') {
fprintf (shadow_logfd,
_("%s: prefix must be an absolute path\n"),
Prog);
exit (E_BAD_ARG);
}
size_t len; size_t len;
len = strlen(prefix) + strlen(PASSWD_FILE) + 2; len = strlen(prefix) + strlen(PASSWD_FILE) + 2;
passwd_db_file = xmalloc(len); passwd_db_file = xmalloc(len);

View File

@ -1250,6 +1250,13 @@ int main (int argc, char **argv)
/* FIXME: should check for directory */ /* FIXME: should check for directory */
mode_t mode = getdef_num ("HOME_MODE", mode_t mode = getdef_num ("HOME_MODE",
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
if (newpw.pw_dir[0] != '/') {
fprintf(stderr,
_("%s: line %d: homedir must be an absolute path\n"),
Prog, line);
errors++;
continue;
};
if (mkdir (newpw.pw_dir, mode) != 0) { if (mkdir (newpw.pw_dir, mode) != 0) {
fprintf (stderr, fprintf (stderr,
_("%s: line %d: mkdir %s failed: %s\n"), _("%s: line %d: mkdir %s failed: %s\n"),

View File

@ -1110,6 +1110,12 @@ static void process_flags (int argc, char **argv)
} }
dflg = true; dflg = true;
user_newhome = optarg; user_newhome = optarg;
if (user_newhome[0] != '/') {
fprintf (stderr,
_("%s: homedir must be an absolute path\n"),
Prog);
exit (E_BAD_ARG);
}
break; break;
case 'e': case 'e':
if ('\0' != *optarg) { if ('\0' != *optarg) {