Commit Graph

2253 Commits

Author SHA1 Message Date
Serge Hallyn
5a6ddf3b57 man: add missing author entries
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-01-12 07:24:04 -06:00
Serge Hallyn
0512c187c8
Merge pull request #204 from edneville/198_user_add_tty_logging
Adding tty logging to the useradd command
2020-01-12 07:19:18 -06:00
ed
f32d4a359b Adding tty logging to the useradd command
This commit adds a from= field to the end of the useradd log entry.
Casting user_name to tallylog_reset to silence a compiler warning.

Changelog: Fixing tabs
Changelog: Changing function prototype to const char* to match user_name declaration.
2020-01-12 07:08:05 -06:00
Serge Hallyn
401d0743af
Merge pull request #208 from Duncaen/umask-home
add new UMASK_HOME login.defs option
2020-01-11 16:20:13 -06:00
Duncan Overbruck
a847899b52
add new HOME_MODE login.defs(5) option
This option can be used to set a separate mode for useradd(8) and
newusers(8) to create the home directories with.
If this option is not set, the current behavior of using UMASK
or the default umask is preserved.

There are many distributions that set UMASK to 077 by default just
to create home directories not readable by others and use things like
/etc/profile, bashrc or sudo configuration files to set a less
restrictive
umask. This has always resulted in bug reports because it is hard
to follow as users tend to change files like bashrc and are not about
setting the umask to counteract the umask set in /etc/login.defs.

A recent change in sudo has also resulted in many bug reports about
this. sudo now tries to respect the umask set by pam modules and on
systems where pam does not set a umask, the login.defs UMASK value is
used.
2020-01-11 22:27:39 +01:00
Serge Hallyn
88c1a6d98d Update README to point to new alioth list urls
Closes #195.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-01-11 14:50:55 -06:00
Serge Hallyn
ef095ceef1
Merge pull request #206 from edneville/123_log_ssh_original_command_in_nologin
Adding logging of SSH_ORIGINAL_COMMAND to nologin.
2020-01-11 14:47:57 -06:00
ed
4c9ec2f5a4 Adding logging of SSH_ORIGINAL_COMMAND to nologin.
If SSH_ORIGINAL_COMMAND is set, it will be added to the syslog entry.

Closes #123.

Changelog: (SEH squashed commit): Fixing indentation
Changelog: (SEH) break up long line
2020-01-11 14:46:52 -06:00
Serge Hallyn
d7add53f06 add changelog entry about account-tools-setuid
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-12-20 00:14:13 -06:00
Serge Hallyn
2aa7427e2b
Merge pull request #205 from Blub/2019-12-19/bail-on-error-in-for-loops
Makefile: bail out on error in for-loops
2019-12-20 00:08:32 -06:00
Serge Hallyn
1ec36eabb2
Merge pull request #199 from falconindy/master
Don't auto-enable ACCT_TOOLS_SETUID if PAM is detected
2019-12-20 00:07:23 -06:00
Serge Hallyn
bd3c39f1c8
Merge pull request #201 from michaelweiser/groupmems-man
man: Don't suggest making groupmems user-writeable
2019-12-19 14:49:45 -06:00
Wolfgang Bumiller
258944e331 Makefile: bail out on error in for-loops
`make` runs each line in a shell and bails out on error,
however, the shell is not started with `-e`, so commands in
`for` loops can fail without the error actually causing
`make` to bail out with a failure status.

For instance, the following make snippet will end
successfully, printing 'SUCCESS', despite the first `chmod`
failing:

    all:
        touch a b
        for i in a-missing-file a b; do \
            chmod 666 $$i; \
        done
        @echo SUCCESS

To prevent wrong paths in install scripts from remaining
unnoticed, let's activate `set -e` in the `for` loop
subshells.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-12-19 18:54:30 +01:00
Christian Brauner
51d65f37e5
Merge pull request #203 from Rushi98/master
Deduplicate usermod manual (fixes #202)
2019-12-18 11:46:20 +01:00
Rushikesh Jogdand
0f332f48bc Deduplicate usermod manual (fixes #202)
Changelog:
1) modified:   man/usermod.8.xml
   Removed duplicate "badnames" options entry.
2019-12-18 11:20:40 +05:30
Michael Weiser
a73d4aee75 man: Don't suggest making groupmems user-writeable
Suggesting mode 2770 is dangerous because it makes the binary writeable
by all members of the owning group which is supposed to be normal
end-users. Suggest 2710 instead as is usual for s[ug]id binaries,
allowing execution but neither reading nor writing.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
2019-12-17 21:27:46 +01:00
Christian Brauner
7f53048875
Merge pull request #200 from jubalh/sel1
selinux: include stdio
2019-12-17 13:43:56 +01:00
Michael Vetter
b1a5cda91e selinux: include stdio
We use fprintf(), stderr etc, so we should include stdio.h.
2019-12-17 13:40:47 +01:00
Dave Reisner
66b7bc0dcf Don't auto-enable ACCT_TOOLS_SETUID if PAM is detected
Here's a sad story:

* 70971457 is merged into shadow, allowing newgidmap/newuidmap to be
installed with file caps rather than setuid.
* https://bugs.archlinux.org/task/63248 is filed to take advantage of
this.
* The arch maintainer of the 'shadow' package notices that this doesn't
work, and submits a pull request to fix this in shadow.
* edf7547ad5 is merged, fixing the post install hooks.

The problem here is that distros have been building shadow with PAM for
O(years), but the install hooks have silently failed due to the
combination of the directory mismatch (suidubins vs suidsbins) and later
success with setuid'ing newgidmap/newuidmap.

With the install hooks fixed, those of us (Arch[1] and Gentoo[2] so far)
who never built shadow explicitly with --enable-account-tools-setuid are
now getting setuid account tools, and don't have PAM configuration
suitable for use with setuid account management tools.

It's entirely unclear to me why you'd want this, but I assume there's
some reason out there for it existing. Regardless, setuid binaries are
dangerous and shouldn't be enabled by default without good reason.

[1] https://bugs.archlinux.org/task/64836
[2] https://bugs.gentoo.org/702252
2019-12-16 14:22:32 -05:00
Serge Hallyn
eaaac67d4f
Merge pull request #197 from chutz/revert-bindir-sbindir-change
Revert "Honor --sbindir and --bindir for binary installation"
2019-12-01 20:28:21 -06:00
Patrick McLean
3cc3948d71 Revert "Honor --sbindir and --bindir for binary installation"
This reverts commit e293aa9cfc.

See https://github.com/shadow-maint/shadow/issues/196

Some distros still care about `/bin` vs `/usr/bin`. This commit makes
it so all binaries are always installed to `/bin`/`/sbin`. The only way to
restore the previous behaviour of installing some binaries to
`/usr/bin`/`/usr/sbin` is to revert the patch.
2019-12-01 13:59:52 -08:00
Serge Hallyn
08096ed24a
Merge pull request #194 from jubalh/contr
Add myself to contributors
2019-12-01 11:46:13 -06:00
Michael Vetter
92a678c250 Add myself to contributors 2019-12-01 18:37:38 +01:00
Serge Hallyn
81de782d1e Release 4.8
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-12-01 11:36:13 -06:00
Serge Hallyn
d83eccdded fix type in po/POTFILES.in
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-12-01 11:36:13 -06:00
Serge Hallyn
681b66b13c
Merge pull request #179 from seitokaichou/master
WIP: Initial bcrypt support
2019-12-01 11:02:23 -06:00
prez
2958bd050b Initial bcrypt support 2019-12-01 11:00:57 -06:00
Serge Hallyn
38f493aff2
Merge pull request #192 from Polynomial-C/optional_su
build: Make build/installation of su and its support files optional
2019-12-01 10:51:21 -06:00
Lars Wendler
19bac44dde
build: Make build/installation of su and its support files optional
Enabled by default
This is necessary because coreutils and util-linux can also provide su

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
2019-11-19 11:28:45 +01:00
Christian Brauner
b49712ed32
Merge pull request #191 from topimiettinen/sync-passwd-5-and-shadow-5
man: sync and reorder password field descriptions
2019-11-16 15:06:03 +01:00
Topi Miettinen
cdbe1310cc
man: sync and reorder password field descriptions
Synchronize how passwd(5) and shadow(5) describe the password field.
Reorder the descriptions more logically.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2019-11-16 15:35:08 +02:00
Serge Hallyn
b462f5335f
Merge pull request #190 from jubalh/fixtypo
Fix typo in access of shell command
2019-11-12 07:12:06 -06:00
Michael Vetter
115a4e89e2 Fix typo in access of shell command
Fix typo in 88fa0651bf.
For some reason my git push -f seems not to have worked.
2019-11-12 08:38:08 +01:00
Serge Hallyn
9d935d9be1
Merge pull request #189 from hallyn/2019-11-11/vpiw
Fix vipw not resuming correctly when suspended
2019-11-11 20:22:49 -06:00
Todd C. Miller
7eca1112fb Fix vipw not resuming correctly when suspended
Closes #185

If vipw is suspended (e.g. via control-Z) and then resumed, it often gets
immediately suspended. This is easier to reproduce on a multi-core system.

root@buster:~# /usr/sbin/vipw

[1]+  Stopped                 /usr/sbin/vipw
root@buster:~# fg
/usr/sbin/vipw

[1]+  Stopped                 /usr/sbin/vipw

root@buster:~# fg
[vipw resumes on the second fg]

The problem is that vipw forks a child process and calls waitpid() with the
WUNTRACED flag. When the child process (running the editor) is suspended, the
parent sends itself SIGSTOP to suspend the main vipw process. However, because
the main vipw is in the same process group as the editor which received the ^Z,
the kernel already sent the main vipw SIGTSTP.

If the main vipw receives SIGTSTP before the child, it will be suspended and
then, once resumed, will proceed to suspend itself again.

To fix this, run the child process in its own process group as the foreground
process group. That way, control-Z will only affect the child process and the
parent can use the existing logic to suspend the parent.
2019-11-11 20:19:57 -06:00
Serge Hallyn
fe2a266c50
Merge pull request #188 from rbalint/pot
Allow translation of new strings by adding new files to POTFILES.in
2019-11-11 18:12:36 -06:00
Serge Hallyn
e97df9b1ec
Merge pull request #187 from jubalh/useradd-s
useradd: check for valid shell argument
2019-11-11 18:10:56 -06:00
Miroslav Kure
d048459d36 [i18n] Allow translation of new strings by adding new files to POTFILES.in 2019-11-11 16:44:04 +01:00
Michael Vetter
88fa0651bf useradd: check for valid shell argument
Check whether shell argument given with `-s` is actually present and executable.
And is not a directory.

Fix https://github.com/shadow-maint/shadow/issues/186
2019-11-11 13:46:25 +01:00
Serge Hallyn
4e038f3ae7
Merge pull request #184 from FRidh/itstool
man: generate translations using itstool instead of xml2po
2019-11-05 08:58:13 -06:00
Frederik Rietdijk
6c6c8d3a33 man: generate translations using itstool instead of xml2po
This patch was taken from Fedora Rawhide
b41cff1956/f/shadow-4.6-use-itstool.patch
2019-11-03 13:04:17 +01:00
Serge Hallyn
a8a921184f
Merge pull request #183 from cgzones/selinux
migrate to new SELinux api
2019-10-28 23:40:06 -05:00
Christian Göttsche
cbd2472b7c migrate to new SELinux api
Using hard-coded access vector ids is deprecated and can lead to issues with custom SELinux policies.
Switch to `selinux_check_access()`.

Also use the libselinux log callback and log if available to audit.
This makes it easier for users to catch SELinux denials.

Drop legacy shortcut logic for passwd, which avoided a SELinux check if uid 0 changes a password of a user which username equals the current SELinux user identifier.
Nowadays usernames rarely match SELinux user identifiers and the benefit of skipping a SELinux check is negligible.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2019-10-22 14:56:31 +02:00
Serge Hallyn
a0efca4581 remove unused fn commonio_next
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:51 -05:00
Serge Hallyn
4e1da34601 compile warnings: Zflg unused when !selinux
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:51 -05:00
Serge Hallyn
b03df41906 remove unused variables
parent, user_id, and group_id are unused.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2019-10-12 20:03:32 -05:00
Serge Hallyn
8ca6eea938
Merge pull request #181 from pan93412/master
l10n(zh_TW): update translations
2019-10-07 09:00:19 -05:00
pan93412
1c2ad5e6b9 l10n(zh_TW): update translations 2019-10-07 18:26:33 +08:00
Serge Hallyn
991fee82df
Merge pull request #180 from thkukuk/libeconf
Add support for a vendor directory and libeconf
2019-10-05 22:34:29 -05:00
Thorsten Kukuk
b52ce71c27 Add support for a vendor directory and libeconf
With this, it is possible for Linux distributors to store their
supplied default configuration files somewhere below /usr, while
/etc only contains the changes made by the user. The new option
--enable-vendordir defines where the shadow suite should additional
look for login.defs if this file is not in /etc.
libeconf is a key/value configuration file reading library, which
handles the split of configuration files in different locations
and merges them transparently for the application.
2019-10-05 22:17:49 -05:00