Commit Graph

365 Commits

Author SHA1 Message Date
Nicolas François
316bc6b3f4 Fix wording: secondary -> subordinate.
* libmisc/find_new_sub_gids.c: Fix wording: secondary ->
	subordinate.
	* libmisc/find_new_sub_uids.c: Likewise.
2013-08-07 01:01:33 +02:00
Nicolas François
ac53650da5 Remove duplicate check.
* libmisc/find_new_sub_gids.c: Remove duplicate check (duplicate
	at least in its intent).
2013-08-06 23:59:09 +02:00
Serge Hallyn
c0ce911b5e userns: add argument sanity checking
In find_new_sub_{u,g}ids, check for min, count and max values.

In idmapping.c:get_map_ranges(), make sure that the value passed
in for ranges did not overflow.  Couldn't happen with the current
code, but this is a sanity check for any future potential mis-uses.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:46 -05:00
Eric W. Biederman
673c2a6f9a newuidmap,newgidmap: New suid helpers for using subordinate uids and gids
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:46 -05:00
Eric W. Biederman
89f7b0868c Add support for detecting busy subordinate user ids
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
a8f26262cf Implement find_new_sub_uids find_new_sub_gids
Functions for finding new subordinate uid and gids ranges for use
with useradd.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Nicolas François
60fc4bbf57 Debian bug 677275 - random() max value
* libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX
	on GNU). As it is not clear whether on some systems the max value
	can exceed this number and whether some systems have max values
	which would be lower, we take this into account when defining the
	salt size and number of rounds for SHA encrypted passwords. Higher
	values are favored.
2013-08-05 14:19:23 +02:00
Nicolas François
a168d046f3 Fix typo in comment. 2013-08-04 15:56:32 +02:00
Nicolas François
ee1952424d Fix memory leak.
* libmisc/setupenv.c: Free pw_dir and pw_shell before reallocating
	them.
2013-08-02 20:28:24 +02:00
Nicolas François
b6c1a8579e Fix segfaults
* libmisc/setupenv.c: xstrdup the static char* temp_pw_dir /
	temp_pw_shell. That way we can continue to use pw_free() without
	segving. Thanks to Serge Hallyn for the patch.
2013-08-02 20:24:20 +02:00
Michael Scherer
4e65be1211 use chdir() before calling chroot() 2013-07-29 11:05:16 +02:00
mancha
52a38d5509 crypt() in glibc/eglibc 2.17 now fails if passed
a salt that violates specs. On Linux, crypt() also fails with
DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
we send them back to the caller for appropriate handling.
2013-07-28 18:41:11 +02:00
bubulle
945eb8f50b if using the static char* for pw_dir, strdup it so pw_free() can be used. (Closes: Debian#691459) 2013-07-28 14:16:09 +02:00
nekral-guest
f243d4077d * NEWS, src/login.c: Log in utmp / utmpx / wtmp also when PAM is
enabled. This is not done by pam_lastlog. This was broken on
	2011-07-23.
	* NEWS, libmisc/utmp.c: Do not log in wtmp when PAM is enabled.
	This is done by pam_lastlog.
2012-05-18 17:57:52 +00:00
nekral-guest
011c5155fa 2012-02-13 Mike Frysinger <vapier@gentoo.org>
* libmisc/copydir.c: Add missing #include <stdarg.h>
2012-02-13 19:16:29 +00:00
nekral-guest
2c24c012bd * lib/prototypes.h, lib/Makefile.am, po/POTFILES.in,
libmisc/copydir.c, lib/selinux.c: Move set_selinux_file_context()
	and reset_selinux_file_context() from libmisc/copydir.c to
	lib/selinux.c.
	* lib/commonio.c: Use set_selinux_file_context() and
	reset_selinux_file_context() instead of using the existing
	database SELinux context to set the context for the newly created
	files.
2011-12-09 22:13:02 +00:00
nekral-guest
e570b8ded4 * libmisc/copydir.c: Ignore errors to copy ACLs if the operation
is not supported.
2011-11-21 19:34:22 +00:00
nekral-guest
82d767d121 * libmisc/root_flag.c, src/gpasswd.c, src/chsh.c: Add splint
annotations.
	* src/pwconv.c, src/pwunconv.c, src/grpconv.c, src/grpunconv.c:
	Ignore return value of spw_rewind, pw_rewind, sgr_rewind, and
	gr_rewind.
	* lib/commonio.h: Both head and tail cannot be owned. Set tail as
	dependent.
	* src/expiry.c: Ignore return value of expire ().
	* src/expiry.c: The catch_signals function does not use its sig
	parameter.
	* src/userdel.c: Last audit_logger parameter is a
	shadow_audit_result, use SHADOW_AUDIT_FAILURE instead of 0.
2011-11-19 21:51:52 +00:00
nekral-guest
29050eadb5 * NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
	safe_system().
	* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
	lib/Makefile.am: Added helper functions for semanage.
	* README, src/useradd.c, src/usermod.c, src/userdel.c,
	configure.in: Use libsemanage instead of semanage.
2011-11-17 21:51:07 +00:00
nekral-guest
2e1652fdec 2011-11-16 Peter Vrabec <pvrabec@redhat.com>
* libmisc/copydir.c: Ignore perm_copy_file() errors with errno set
	to ENOTSUP.
2011-11-16 21:00:43 +00:00
nekral-guest
72ba5c4de7 * libmisc/root_flag.c: Add missing #include <stdio.h> 2011-11-16 19:34:39 +00:00
nekral-guest
2ecea675ee Fix cut&paste issue from yesterday. 2011-11-13 16:24:49 +00:00
nekral-guest
3c608e56f6 * libmisc/root_flag.c: Drop privileges before changing root. The
--root option should not be used by regular users for suid utils.
	* libmisc/root_flag.c: Improve error messages.
2011-11-11 12:09:58 +00:00
nekral-guest
3bb7c43694 * libmisc/copydir.c: Avoid conflict with glibc. Rename error to
error_acl.
2011-11-11 11:59:21 +00:00
nekral-guest
7861eaa5ec Re-indent. 2011-11-06 18:40:06 +00:00
nekral-guest
e4fbf98b18 * man/limits.5.xml, libmisc/limits.c: Sort limit identifiers.
* libmisc/limits.c: Fix support for the K limit identifier.
	* libmisc/limits.c: Add missing default limit for L and U.
2011-11-06 18:39:47 +00:00
nekral-guest
0b5574c28a * lib/prototypes.h, libmisc/Makefile.am, libmisc/root_flag.c,
po/POTFILES.in: Add process_root_flag() to process the --root
	option and chroot so that the chroot config is used and changes
	are applied to the chroot.
2011-11-06 18:37:19 +00:00
nekral-guest
704f28df98 * lib/prototypes.h, libmisc/cleanup.c, lib/spawn.c, src/chage.c:
Add splint annotations.
2011-10-18 20:23:33 +00:00
nekral-guest
f870cc7eab Miscellaneous:
* lib/prototypes, libmisc/basename.c (Basename): Input is a
	constant string.
	* lib/prototypes.h, lib/spawn.h, lib/spawn.c, src/userdel.c,
	lib/nscd.c, lib/Makefile.am: Delete spawn.h. Move from spawn.h to
	prototypes.h.
	* src/userdel.c: Remove unused variables.
	* lib/nscd.c: Remove unused header files.
	* lib/nscd.c: Add the program name to error messages.
	* lib/nscd.c: Indicate when nscd does not terminate normally (signal).
	* lib/spawn.c: Updated header.
	* lib/spawn.c: Flush stdout and stderr to avoid inheriting from
	ongoing buffers.
	* lib/spawn.c: Avoid implicit conversion of pointer to boolean.
	* lib/spawn.c: Replace perror by a complete message.
	* lib/spawn.c: Continue to wait for the child if another child
	terminates.
	* lib/prototypes.h: The name field from cleanup_info_mod is a
	constant string. (username).
2011-09-18 21:02:43 +00:00
nekral-guest
05b55446da * libmisc/cleanup.c: Spawn children should no trigger cleanup
actions. Make sure only the parent (initial caller) perform the
	cleanup actions.
2011-09-18 20:43:28 +00:00
nekral-guest
f1db2383fc * libmisc/salt.c (SHA_salt_rounds): It is statically ensured that
the format fits in rounds_prefix.
	* libmisc/loginprompt.c: Likewise.
2011-09-18 20:41:38 +00:00
nekral-guest
cd10be6c91 * libmisc/salt.c (SHA_salt_rounds): It is statically ensured that
the format fits in rounds_prefix.
2011-09-18 20:40:50 +00:00
nekral-guest
a9c38f4902 * src/chgpasswd.c: Add splint annotations.
* src/chpasswd.c: Likewise.
	* src/newusers.c: Likewise.
	* libmisc/salt.c, lib/prototypes.h (crypt_make_salt): Likewise.
2011-08-14 14:37:17 +00:00
nekral-guest
e2bdb4ff83 * libmisc/chowndir.c: Add splint annotations. 2011-08-14 14:00:14 +00:00
nekral-guest
5f37d13405 * lib/prototypes.h, libmisc/getgr_nam_gid.c: getgr_nam_gid()
returns an allocated structure.
2011-08-14 13:16:26 +00:00
nekral-guest
019048c555 * libmisc/find_new_uid.c: free (used_uids) on return.
* libmisc/find_new_gid.c: free (used_gids) on return.
2011-07-30 01:38:07 +00:00
nekral-guest
275ffe2e01 * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of
invalid configuration. 
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
	comments.
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
	on the loop stop conditions. Stop if we passed the limit, even if
	the limit itself was never noticed.
2011-07-22 21:53:01 +00:00
nekral-guest
75f4b049a6 * libmisc/isexpired.c: Added parenthesis.
* libmisc/env.c: Added comments.
	* libmisc/env.c: Avoid implicit conversion of pointer to boolean.
2011-06-16 21:25:36 +00:00
nekral-guest
c9281b5bb9 Harmonize message. 2011-06-03 21:09:27 +00:00
nekral-guest
f406d16b7b * libmisc/xmalloc.c: Harmonize message. 2011-06-02 18:41:05 +00:00
nekral-guest
58baa7aa61 * libmisc/find_new_uid.c, libmisc/find_new_gid.c: Add missing
memory allocation check.
2011-06-02 18:40:06 +00:00
nekral-guest
f140c3a0e5 * NEWS, libmisc/addgrps.c: Fix allocator loop. Continue to
getgroups() when getgroups fails (-1) with errno==EINVAL.
2011-06-02 15:36:29 +00:00
nekral-guest
d7fa77f03b * lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check
entry validity before commits to databases.
	* libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
	lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
	lib.
2011-02-16 20:32:16 +00:00
nekral-guest
8b4f07692e * NEWS, libmisc/console.c: Fix CONSOLE parser. This caused login
to hang when CONSOLE was configured with a colon separated list of
	TTYs.  See http://bugs.gentoo.org/show_bug.cgi?id=324419
2010-11-19 21:54:41 +00:00
nekral-guest
dffc624b37 Integrate review comments from Julien Cristau
* libmisc/copydir.c: Missing parenthesis in comment.
	* libmisc/chowndir.c: Fixed memory leak on failed realloc().
	* libmisc/chowndir.c: Make sure the buffer for the path is large
	enough.
	* libmisc/remove_tree.c: Remove check for NULL before free().
2010-09-05 15:34:42 +00:00
nekral-guest
1d336d3a1e * lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
selinux_file_context renamed set_selinux_file_context.
	* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
	Added reset_selinux_file_context.
	* src/useradd.c: Check the return value of
	set_selinux_file_context and reset_selinux_file_context.
	* libmisc/copydir.c: Check the return value of
	reset_selinux_file_context.
2010-08-28 19:58:00 +00:00
nekral-guest
07e462f01f * libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
	* libmisc/basename.c: Avoid implicit conversion of pointer to
	boolean.
	* libmisc/basename.c, lib/prototypes.h (Basename): Return a
	constant string.
	* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
	libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
	libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
	splint annotations.
	* libmisc/chowndir.c: Avoid memory leak.
	* libmisc/chowndir.c: Do not check *printf/*puts return value.
	* libmisc/chowntty.c: Avoid implicit conversion between integer
	types.
	* libmisc/obscure.c: Return a bool when possible instead of int.
	* libmisc/shell.c: Do not check *printf/*puts return value.
	* libmisc/shell.c: Do not check execle return value.
	* libmisc/setupenv.c: Avoid implicit conversion between integer
	types.
	* libmisc/xmalloc.c: size should not be zero to avoid returning
	NULL pointers.
	* libmisc/hushed.c: Do not check *printf/*puts return value.
	* libmisc/system.c: Avoid implicit conversion of integer to
	boolean. safe_system last argument is a boolean.
	* libmisc/system.c: Check return value of dup2.
	* libmisc/system.c: Do not check *printf/*puts return value.
	* libmisc/system.c: Do not check execve return value. 
	* libmisc/salt.c: Do not check *printf/*puts return value.
	* libmisc/loginprompt.c: Do not check gethostname return value.
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
	gr_rewind/pw_rewind return value.
	* libmisc/ttytype.c: Limit the number of parsed characters in the
	sscanf format.
	* libmisc/ttytype.c: Test if a type was really read.
	* libmisc/sub.c: Do not check *printf/*puts return value.
	* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
	* src/userdel.c: Fix typo in comment.
	* src/userdel.c: Avoid implicit conversion of boolean to integer.
	* src/userdel.c: safe_system last argument is a boolean.
	* src/newusers.c: Avoid implicit conversion of boolean to integer.
	* src/newusers.c: Avoid implicit conversion of integer to boolean.
	* src/usermod.c: Add brackets.
	* src/usermod.c: Avoid implicit conversion of characters or
	integers to booleans.
	* src/vipw.c: Avoid implicit conversion of integer to boolean.
	* src/su.c: Avoid implicit conversion of integer to boolean.
	* src/su.c: Add brackets.
	* src/useradd.c: Avoid implicit conversion of characters or
	integers to booleans.
2010-08-22 19:13:53 +00:00
nekral-guest
7eb6a4b3a4 Updated copyrights. 2010-08-22 13:04:54 +00:00
nekral-guest
471a2df3a6 * libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool
instead of an int.
	* libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c,
	libmisc/copydir.c, lib/prototypes.h: Add splint annotations.
	* libmisc/tz.c: Fix some const issues.
	* libmisc/tz.c: Avoid multi-statements lines.
	* libmisc/tz.c: Add brackets.
	* libmisc/copydir.c: Do not check *printf/*puts return value.
	* libmisc/copydir.c: Fail if we cannot set or reset the SELinux
	fscreate context.
	* libmisc/copydir.c: Use xmalloc instead of malloc.
	* libmisc/copydir.c: Do not check lutimes return value
	* src/vipw.c: Avoid implicit conversion of integer to boolean.
	* src/su.c (iswheel): Return a bool instead of an int.
	* src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead.
	* src/passwd.c: Return constant strings when sufficient.
	* src/passwd.c: Do not check *printf/*puts return value.
	* src/passwd.c: Avoid implicit conversion of character to boolean.
	* src/passwd.c: Do not check sleep return value.
	* src/sulogin.c: Do not check *printf/*puts return value.
	* lib/encrypt.c: Do not check fprintf return value.
2010-08-22 12:49:07 +00:00
nekral-guest
c56d59c90b Fix additional const issues. 2010-08-21 19:22:32 +00:00