Commit Graph

1968 Commits

Author SHA1 Message Date
Serge Hallyn
c0ce911b5e userns: add argument sanity checking
In find_new_sub_{u,g}ids, check for min, count and max values.

In idmapping.c:get_map_ranges(), make sure that the value passed
in for ranges did not overflow.  Couldn't happen with the current
code, but this is a sanity check for any future potential mis-uses.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:46 -05:00
Eric W. Biederman
673c2a6f9a newuidmap,newgidmap: New suid helpers for using subordinate uids and gids
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:46 -05:00
Serge Hallyn
2cffa14105 fix typo in subxid.5
login.defs, not logindefs.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Serge Hallyn
c485cfabd8 usermod: add v:w:V:W: to getopt
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Serge Hallyn
3b3c8001fe subordinateio: Fix subordinate_parse to have an internal static buffer
subordinate_parse is supposed to return a static structure that
represents one line in /etc/subuid or /etc/subgid.  I goofed and
failed to make the variable rangebuf that holds the username of
in the returned structure static.

Add this missing static specification.

Author: <Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Serge Hallyn
5f2e4b18f8 Add LIBSELINUX to newuidmap and newgidmap LDADD
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
2cc8c2c0dc newusers: Add support for assiging subordinate uids and gids.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
d5b3092331 usermod: Add support for subordinate uids and gids.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
89f7b0868c Add support for detecting busy subordinate user ids
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
87253ca906 useradd: Add support for subordinate user identifiers
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
7296cbdbfe userdel: Add support for removing subordinate user and group ids.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
a8f26262cf Implement find_new_sub_uids find_new_sub_gids
Functions for finding new subordinate uid and gids ranges for use
with useradd.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
f28ad4b251 Add backend support for suboridnate uids and gids
These files list the set of subordinate uids and gids that users are allowed
to use.   The expect use case is with the user namespace but other uses are
allowed.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
5620c5ab5d Implement commonio_append.
To support files that do not have a simple unique key implement
commonio_append to allow new entries to be added.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
23fd6cb1da login.defs.5: Document the new variables in login.defs
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
a881a2c8d4 Documentation for /etc/subuid and /etc/subgid
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Nicolas François
60fc4bbf57 Debian bug 677275 - random() max value
* libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX
	on GNU). As it is not clear whether on some systems the max value
	can exceed this number and whether some systems have max values
	which would be lower, we take this into account when defining the
	salt size and number of rounds for SHA encrypted passwords. Higher
	values are favored.
2013-08-05 14:19:23 +02:00
Nicolas François
7903a1b767 Fix su/1 documentation of -
* man/su.1.xml: With getopt, '-' does not need to be the last
	option, but it is recommended for portability.
	Closes https://bugs.launchpad.net/bugs/1100775
2013-08-04 23:45:31 +02:00
Nicolas François
4dbca60435 Add NEWS entries. 2013-08-04 23:29:06 +02:00
Nicolas François
a168d046f3 Fix typo in comment. 2013-08-04 15:56:32 +02:00
Nicolas François
08489a4e22 Fix translations (--home became --home-dir)
* man/po/da.po: Fix translation (--home became --home-dir).
	* man/po/de.po: Likewise.
	* man/po/fr.po: Likewise.
	* man/po/pl.po: Likewise.
	* man/po/ru.po: Likewise.
	* man/po/sv.po: Likewise.
2013-08-04 15:52:00 +02:00
Nicolas François
0d66002c95 Do not allocate more than necessary
Review b10cba0e0a and 7a16f4582d:
	* lib/groupio.c (merge_group_entries): Do not allocate more than
	necessary (sizeof char* instead of char).
	Thanks for Tomáš Mráz (alioth#313962)
	* lib/groupio.c (merge_group_entries): Document that new_members
	is correctly NULL terminated. (alioth:#313940)

Align previous ChangeLog entries.
2013-08-04 15:36:13 +02:00
Nicolas François
e8ab31d009 Review 52a38d5509
* Changelog: Update documentation of 2013-07-28  mancha entry.
	* lib/prototypes.h, lib/encrypt.c: Update splint marker,
	pw_encrypt can return NULL.
	* lib/encrypt.c: Fix outdated statement on GNU crypt.
	* src/chgpasswd.c: Improve diagnostic to user when pw_encrypt
	fails and use fail_exit() instead of exit().
	* src/chpasswd.c: Likewise.
	* src/newusers.c: Likewise.
	* src/passwd.c: Likewise when new password is encrypted.
	* src/newgrp.c: Improve diagnostic to user and syslog when
	pw_encrypt fails.  Do not apply 1s penalty as this is not an
	invalid password issue.
	* src/passwd.c: Likewise when password is checked.
2013-08-04 00:27:53 +02:00
Nicolas François
ee1952424d Fix memory leak.
* libmisc/setupenv.c: Free pw_dir and pw_shell before reallocating
	them.
2013-08-02 20:28:24 +02:00
Nicolas François
b6c1a8579e Fix segfaults
* libmisc/setupenv.c: xstrdup the static char* temp_pw_dir /
	temp_pw_shell. That way we can continue to use pw_free() without
	segving. Thanks to Serge Hallyn for the patch.
2013-08-02 20:24:20 +02:00
Yuri Kozlov
64ddc26bbf Completed Russian translation 2013-08-01 21:24:46 +02:00
Michael Scherer
4e65be1211 use chdir() before calling chroot() 2013-07-29 11:05:16 +02:00
bubulle
9be164101d Replace "--home" by "--home-dir" in useradd(8) manpage (and
translations)
2013-07-29 10:58:50 +02:00
Ville Skyttä
48b2c4bff4 Syntax fix in Japanese manpage 2013-07-29 10:18:41 +02:00
Brad Hubbard
7a16f4582d fix uninitialised memory in merge_group_entries causes segfault in useradd by
changing a call to malloc to a call to calloc
2013-07-29 10:13:12 +02:00
Brad Hubbard
b10cba0e0a add newline char when two lines are concatenated 2013-07-29 10:05:52 +02:00
bubulle
d3b95d1d26 Mention Alioth bug fixes 2013-07-29 10:01:23 +02:00
Guido Trentalancia
04b950b824 fix typographic errors and use a better format 2013-07-28 19:04:50 +02:00
Simon Brandmair
4145b98314 German manpages translation update 2013-07-28 18:57:18 +02:00
mancha
52a38d5509 crypt() in glibc/eglibc 2.17 now fails if passed
a salt that violates specs. On Linux, crypt() also fails with
DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
we send them back to the caller for appropriate handling.
2013-07-28 18:41:11 +02:00
bubulle
a6769c050b FIx date in changelog 2013-07-28 18:39:10 +02:00
Colin Watson
d172cccd07 Kill the child process group, rather than just the immediate child;
this is needed now that su no longer starts a controlling terminal
when not running an interactive shell (closes: Debian#713979)
2013-07-28 14:38:12 +02:00
bubulle
945eb8f50b if using the static char* for pw_dir, strdup it so pw_free() can be used. (Closes: Debian#691459) 2013-07-28 14:16:09 +02:00
bubulle
c11132a3a1 Prepare for next point release 4.2 2013-07-28 12:27:15 +02:00
nekral-guest
32726af23a 2012-04-15 Robert Luberda <robert@debian.org>
* man/po/pl.po: Complete translation of logoutd(8) in Polish.
2012-05-25 14:05:30 +00:00
nekral-guest
1c78e3f3b8 * man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2012-05-25 13:40:31 +00:00
nekral-guest
9151e673e4 * NEWS: Set release date. 2012-05-25 11:51:53 +00:00
nekral-guest
042d6c48b3 * man/*.xml: Add author based on copyright statement.
* man/<ll>/*.[1358], man/<ll>/man[1358]/*.[1358],
	man/<ll>/Makefile.am: Sort manpages per section as the generated
	manpages.
2012-05-25 11:45:21 +00:00
nekral-guest
cdd3ebfcf1 * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-05-20 21:03:11 +00:00
nekral-guest
faaa8daffb * man/Makefile.am, man/generate_mans.mak: Update clean targets,
due to the generation in separate sub folders.
2012-05-20 21:01:24 +00:00
nekral-guest
e108f473ec * man/su.1.xml: Document author to avoid warnings during
generation. This needs to be rolled out to other manpages.
	* man/generate_mans.mak: Do not add a AUTHOR section in the man
	pages.
2012-05-20 17:40:23 +00:00
nekral-guest
f100b5ea7e * src/su.c: non PAM enabled versions: do not fail if su is called
without a controlling terminal. Ignore ENXIO errors when opening
	/dev/tty.
2012-05-20 16:15:14 +00:00
nekral-guest
8690c74d6a * src/useradd.c: Cleanup, return code 13 no more used.
* man/useradd.8.xml: Document return code 14, and remove return
	code 13.
2012-05-20 12:26:54 +00:00
nekral-guest
788374bd8c * NEWS, man/generate_mans.mak: Generate manpages in man1, man3,
man5, man8 subdirectories. This fix the generation of .so links
	which did not point to a path relative to the top-level manual
	hierarchy.
	* man/generate_mans.mak: Update man paths accordingly.
	* man/Makefile.am: Likewise.
	* man/da/Makefile.am: Likewise.
	* man/de/Makefile.am: Likewise.
	* man/fr/Makefile.am: Likewise.
	* man/it/Makefile.am: Likewise.
	* man/pl/Makefile.am: Likewise.
	* man/ru/Makefile.am: Likewise.
	* man/sv/Makefile.am: Likewise.
	* man/zh_CN/Makefile.am: Likewise.
2012-05-20 10:18:33 +00:00
nekral-guest
d755279fad * configure.in: Prepare for next point release 4.1.5.1. 2012-05-20 10:07:55 +00:00