emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
2,324 Commits 1 Branch 1 Tag
089cf55e2c35d2c3ae98b3a8adfe24019f8950e4
Commit Graph

2324 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Serge Hallyn 67ec1a5266 Merge pull request #117 from rindeal/ENABLE_SUBIDS 
fix unguarded ENABLE_SUBIDS code
 2018-06-19 08:17:57 -04:00
Jan Chren (rindeal) 2fd5815546 fix unguarded ENABLE_SUBIDS code 2018-06-18 15:51:27 +02:00
Lion Yang cba31b52b3 po/zh_CN: update 2018-06-16 18:26:28 +08:00
Serge Hallyn eadcb472e1 Merge pull request #112 from jubalh/useradd-mkdirs 
Create parent dirs for useradd -m
 2018-05-23 09:57:40 -05:00
Michael Vetter b3b6d9d77c Create parent dirs for useradd -m 
Equivalent of `mkdir -p`. It will create all parent directories.
Example: `useradd -d /home2/testu1 -m testu1`

Based on https://github.com/shadow-maint/shadow/pull/2 by Thorsten Kukuk
and Thorsten Behrens which was Code from pwdutils 3.2.2 with slight adaptations.

Adapted to so it applies to current code.
 2018-05-15 17:30:34 +02:00
Serge Hallyn 48dcf7852e usermod: prevent a segv 
in the case where prefix does not exist.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-05-08 21:37:55 -05:00
fariouche 73a876a056 Fix usermod crash 
Return newly allocated pointers when the caller will free them.

Closes #110
 2018-05-08 21:17:46 -05:00
Serge Hallyn f50603a5fc release 4.6 
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-04-29 11:41:41 -05:00
Serge Hallyn 164dcfe65b Merge pull request #103 from HarmtH/be-predictable 
su.c: be more predictable
 2018-03-29 23:10:51 -07:00
Serge Hallyn fb356b1344 Merge pull request #21 from fariouche/master 
Add --prefix argument
 2018-03-29 22:36:28 -07:00
Serge Hallyn a3d91ae318 Merge pull request #102 from HarmtH/fix-dashdash-slurp 
su.c: fix '--' slurping
 2018-03-29 15:45:54 -07:00
fariouche 65b4f58703 add --prefix option: some fixes + fixed pwd.lock file location 2018-03-28 21:14:12 +02:00
fariouche 54551c7d6e Merge remote-tracking branch 'upstream/master' 2018-03-28 21:11:36 +02:00
Harm te Hennepe d877e3fcac su.c: be more predictable 
Always parse first non-option as username.
 2018-03-27 00:57:21 +02:00
Harm te Hennepe dbfe7dd42e su.c: fix '--' slurping 
All arguments are already reordered and parsed by getopt_long since e663c69, so manual '--' slurping is wrong.

Closes #101
 2018-03-26 22:37:56 +02:00
Serge Hallyn 45b4187596 pwconv and grpconv: rewind after deleting an entry 
Otherwise our spw_next() will cause us to skip an entry.
Ideally we'd be able to do an swp_rewind(1), but I don't
see a helper for this.

Closes #60

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-03-25 09:18:22 -05:00
Serge Hallyn 44c63795a7 userdel: fix wrong variable name in tcb case 
Found in mandriva distro patch, and with a test build.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-03-24 23:44:09 -05:00
Serge Hallyn 36244ac1ff src/Makefile.am: tcb fixes from mandriva 
1. suidubins -= was breaking build with WITH_TCB.
2. stick libtcb at end of ldlibs list.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-03-24 23:41:23 -05:00
Serge Hallyn d3790feac0 pwck.c: do not pass O_CREAT 
It causes a crash later when we try to close files.

Closes #96

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-03-24 20:29:48 -05:00
Serge Hallyn b63aca9a2c src/Makefile.am: drop duplicate inclusion of chage 
Closes #80

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2018-03-24 16:27:20 -05:00
Serge Hallyn 8f2f2a0d9d Merge pull request #98 from jsoref/spelling 
Spelling
 2018-03-24 15:54:51 -05:00
Serge Hallyn 5d57ca10d9 Merge pull request #100 from akrosikam/patch-1 
Complete translation to Norwegian bokmål
 2018-03-24 15:54:22 -05:00
akrosikam a5913d98e1 Complete translation to Norwegian bokmål 
Translate remaining strings to Norwegian bokmål (nb). Also, cure previous translation of excessive anglicism and apply a more consistent use of actual Norwegian syntax.
 2018-03-12 08:39:16 +01:00
Serge Hallyn 5f3e3c2c62 Merge pull request #93 from rahul1809/master 
Double freeing up pointers , Causing Segmentation fault
 2018-02-19 14:45:13 -06:00
Serge Hallyn c53e4c1d77 Merge pull request #97 from cyphar/newgidmap-secure-setgroups 
newgidmap: enforce setgroups=deny if self-mapping a group
 2018-02-16 08:40:39 -06:00
Aleksa Sarai 6d8be68071 README: add Aleksa Sarai to author list 
Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2018-02-16 17:56:36 +11:00
Aleksa Sarai fb28c99b8a newgidmap: enforce setgroups=deny if self-mapping a group 
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by dropping supplementary groups that were "blacklisted" from
certain paths.

This is the simplest fix for the underlying issue, and effectively makes
it so that unless a user has a valid mapping set in /etc/subgid (which
only administrators can modify) -- and they are currently trying to use
that mapping -- then /proc/$pid/setgroups will be set to deny. This
workaround is only partial, because ideally it should be possible to set
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
administrators to further restrict newgidmap(1).

We also don't write anything in the "allow" case because "allow" is the
default, and users may have already written "deny" even if they
technically are allowed to use setgroups. And we don't write anything if
the setgroups policy is already "deny".

Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
Fixes: CVE-2018-7169
Reported-by: Craig Furman <craig.furman89@gmail.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2018-02-16 17:56:35 +11:00
fariouche acaed3deab upstream merge 2018-01-23 23:10:19 +01:00
rahul bb47fdf25e indentation fix 2018-01-22 17:07:27 +05:30
rahul 97bb5b2b6d added a check to avoid freeing null pointer 2018-01-22 17:05:52 +05:30
Serge Hallyn c0f0c67864 Merge pull request #92 from IronicBadger/master 
Fixes mispelling of MAX_DAYS help text
 2018-01-18 22:42:12 -06:00
Alex Kretzschmar e91b0f0517 Fixes mispelling of MAX_DAYS help text 2018-01-17 12:21:48 +00:00
Serge Hallyn 3f1f999e2d Merge pull request #90 from t8m/userdel-chroot 
Make userdel to work with -R.
 2018-01-08 22:57:43 -06:00
Serge Hallyn c63bc6bfaa Merge pull request #91 from kloeri/master 
Add note to passwd(1) that --maxdays -1 disables the setting.
 2018-01-08 22:56:23 -06:00
Bryan Østergaard a54907dce3 Add note to passwd(1) that --maxdays -1 disables the setting. 
This note already exists in chage(1).
 2018-01-03 18:36:40 +01:00
Tomas Mraz 2c57c399bf Make userdel to work with -R. 
The userdel checks for users with getpwnam() which might not work
properly in chroot. Check for the user's presence in local files only.
 2017-12-21 09:12:58 +01:00
Josh Soref a063580dbb spelling: within 2017-10-22 21:37:53 +00:00
Josh Soref a2c6e429b3 spelling: various 2017-10-22 21:33:42 +00:00
Josh Soref f3e07f105e spelling: using 2017-10-22 21:31:09 +00:00
Josh Soref f21700d876 spelling: username 2017-10-22 21:31:35 +00:00
Josh Soref 34669aa651 spelling: unrecognized 2017-10-22 21:30:30 +00:00
Josh Soref 08248f0859 spelling: typical 2017-10-22 21:28:58 +00:00
Josh Soref 722be83a14 spelling: thanks 2017-10-22 21:24:49 +00:00
Josh Soref ea1a6e814b spelling: success 2017-10-22 21:23:13 +00:00
Josh Soref 2c930b19ba spelling: succeeded 2017-10-22 21:23:22 +00:00
Josh Soref 75e8eaad78 spelling: submitting 2017-10-22 21:23:03 +00:00
Josh Soref b74d6cfb98 spelling: spotted 2017-10-22 21:16:50 +00:00
Josh Soref a95d4ac1b5 spelling: spectacularly 2017-10-22 21:16:07 +00:00
Josh Soref b9c9d411ff spelling: similar 2017-10-22 21:14:37 +00:00
Josh Soref 05cc753275 spelling: session 2017-10-22 21:13:32 +00:00