Commit Graph

1963 Commits

Author SHA1 Message Date
90c0525c7e Remove unnecessary static variable usage 2017-02-20 14:48:55 +01:00
5ac4918bdd Add error handling in case exec fails
We should print error message if exec fails, for some reason.
2017-02-20 14:32:37 +01:00
3f9af9deb9 Update changelog 2017-02-11 09:03:56 -06:00
c6b0664f52 useradd: Read defaults after changing root directories
This reverts the behavior of "useradd --root" to using the settings
from login.defs in the target root directory, not the root of the
executed useradd command.
2017-02-11 08:59:49 -06:00
e36c0a418a Deleted a misplaced semicolon. 2017-02-11 08:55:07 -06:00
efc8c61f75 Update Kazakh translation
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-02-08 16:40:53 -06:00
44c690cd9a Merge pull request #59 from rbalint/master
Patches from the Debian BTS
2017-02-04 20:27:17 -06:00
f84a88a824 Update changelog 2017-01-29 14:49:03 -06:00
c33ceddc26 Don't crash on bogus keys in login.defs if PAM is enabled
Without this patch, PAM enabled builds crash when encountering an
invalid key in login.defs or key overrides because of array overflows

To reproduce, simply
	useradd -K Windows=broken

Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:47:24 -06:00
6a750c7a50 zh_TW.po: Remove duplicated Plural-Forms
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:42:35 -06:00
f288c4fcef Changelog for last commit 2017-01-29 14:38:44 -06:00
ee9e506af2 Make the group and user allocation more effective.
Previously, the allocation was optimized for an outdated
deployment style (that of /etc/group alongside nss_db). The issue
here is that this results in extremely poor performance when using
SSSD, Winbind or nss_ldap.

There were actually two serious bugs here that have been addressed:

1) Running getgrent() loops won't work in most SSSD or Winbind
environments, as full group enumeration is disabled by default.
This could easily result in auto-allocating a group that was
already in use. (This might result in a security issue as well, if
the shared GID is a privileged group).

2) For system groups, the loop was always iterating through the
complete SYS_GID_MIN->SYS_GID_MAX range. On SSSD and Winbind, this
means hundreds of round-trips to LDAP (unless the GIDs were
specifically configured to be ignored by the SSSD or winbindd).
To a user with a slow connection to their LDAP server, this would
appear as if groupadd -r was hung. (Though it would eventually
complete).

This patch changes the algorithm to be more favorable for LDAP
environments, at the expense of some performance when using nss_db.
Given that the DB is a local service, this should have a negligible
effect from a user's perspective.

With the new algorithm, we simply first iterate through all entries
in the local database with gr_next(), recording the IDs that are in
use. We then start from the highest presumed-available entry and
call getgrgid() to see if it is available. We continue this until
we come to the first unused GID. We then select that and return it.

If we make it through all the remaining IDs without finding a free
one, we start over from the beginning of the range and try to find
room in one of the gaps in the range.

The patch was originally written by Stephen Gallagher and applied
identically also to the user allocation by Tomáš Mráz.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:37:21 -06:00
8a122a90fa Fix some spelling issues in the Norwegian translation 2017-01-19 18:44:54 +01:00
45f141ce69 French manpage translation 2017-01-19 17:39:42 +01:00
a9824dc6a3 Update for German man pages 2017-01-19 17:36:55 +01:00
84228eaeda Updated Czech translation 2017-01-19 17:26:22 +01:00
c739407f92 Dutch translation update 2017-01-19 17:15:11 +01:00
578d495f91 Last bits of enabling subuids
This patch has been carried by Debian, originally
submitted to BTS in #739981
2017-01-18 18:06:05 +01:00
bdd68116b7 Typos fix in german translation of man pages
Reported to Debian BTS in #734609
2017-01-18 17:24:44 +01:00
c8508fabd0 Replace user´s -> user's to make login.def files valid ASCII instead of UTF-8
The Unicode character caused issues in LANG=C environment.
See Debian bug #850338 for details.
2017-01-18 16:54:51 +01:00
36bc770ed4 Update changelog 2016-12-21 12:58:05 -06:00
5701e147ef Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore
Closes #23

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2016-12-21 12:45:50 -06:00
5fc99f02cf Merge pull request #58 from juiceme/master
shadow: Add auditing support to su
2016-12-21 12:41:39 -06:00
411f540590 Fix s/from/to/ in usermod.c error message
Closes #49

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2016-12-21 12:40:08 -06:00
b2bd56a012 Reset user in tallylog
The useradd application resets the user data in /var/log/faillog, if it
exists and a new user is created.

pam_tally2 is used in many distributions.

Check for /var/log/tallylog and reset the user there.

Patch was written by Josef Moellers <jmoellers@suse.de>.

https://bugzilla.suse.com/show_bug.cgi?id=980486
2016-12-21 12:36:11 -06:00
a3bf32fe87 shadow: Add auditing support to su
This patch extends the auditing feature used in login to su.

Signed-off-by: Jussi Ohenoja <jussi.ohenoja@nokia.com>
2016-12-13 18:44:19 +02:00
9e93c984f7 Merge pull request #17 from wking/includes-to-am-cppflags
*/Makefile.am: Replace INCLUDES with AM_CPPFLAGS
2016-12-07 00:01:54 -06:00
d7ce9430ca Revert "Add files via upload"
This has caused build errors.  Please feel free to re-submit.

This reverts commit 93e3044c6d.
2016-12-06 23:31:58 -06:00
0fb53623a5 Merge pull request #55 from glensc/travis2
enable travis integration
2016-12-06 23:27:19 -06:00
9ad34243aa Merge pull request #52 from vapier/master
autotools refresh
2016-12-06 23:24:42 -06:00
06f719e501 Merge pull request #53 from vapier/prototypes
include getdef.h for getdef_bool prototype
2016-12-06 23:23:17 -06:00
f439149cb3 run travis 2016-12-06 01:09:17 +02:00
32c0b283ef include getdef.h for getdef_bool prototype
Otherwise we get build warnings like:
sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
2016-12-05 17:15:29 -05:00
6e91297fa2 enable silent build output by default
Enable the automake feature to produce silent output by default.
When compiling code, we now see things like:
$ make
  CC       addgrps.o
  CC       age.o
  CC       audit_help.o
...

This can be disabled via configure's --disable-silent-rules or
by passing V=1 to make.

Custom output (like in the man subdirs) don't (yet) respect this
feature.  More work will be needed to clean those up.
2016-12-05 16:02:55 -05:00
752ca15da4 man: make clean-local more robust
If the subdirs aren't empty, the rmdir calls can fail.  Simplify this
code by just using `rm -rf` since that matches what we really want.
2016-12-05 16:02:19 -05:00
e33cb8ae12 switch bz2 dist to xz
Since xz is fairly common nowadays, and is typically smaller/faster than
bzip2 for people to decompress, switch shadow over too.  We also merge
the two init locations into configure.ac to match newer autotools style.

The min automake version is bumped to 1.11 too since that's when xz was
released.
2016-12-05 15:57:34 -05:00
10bd7bab14 ignore config.cache & dist files
config.cache is generated when running `./configure -C`.

The tarballs are generated when running `make dist`.
2016-12-05 15:48:10 -05:00
84f0ae00d2 configure: avoid deprecated AC_INIT/AM_INIT_AUTOMAKE invocation
The autoconf/automake guys want AC_INIT to be passed the details of the
package directly rather than going through AM_INIT_AUTOMAKE.  Update them
both to use the newer style.

This also allows us to pass in contact details for the project.

We set the minimum autoconf version to 2.64 as that's the first one to
support passing the homepage URL in to AC_INIT.  That's a pretty old
release by now, so it shouldn't be a problem.
2016-12-05 15:43:20 -05:00
e3f213305b update Changelog 2016-12-02 16:15:28 -06:00
d886cf40ef Merge pull request #48 from t8m/fedora
Four simple patches from the Fedora package to merge
2016-12-02 16:14:24 -06:00
d572e3b1f9 update changelog, finally 2016-12-02 13:41:49 -06:00
816bd48c83 Merge pull request #50 from m4sk1n/master
update Polish translation
2016-11-25 11:58:14 -06:00
05563a7832 Merge pull request #1 from m4sk1n/pl-translation-update
Add files via upload
2016-11-24 09:16:48 +01:00
93e3044c6d Add files via upload
81% completed
2016-11-24 09:07:41 +01:00
6825e6c90a Merge pull request #43 from Blub/suidbins-rule-fixup
buildsys: fix suidubins assignments
2016-11-18 20:13:48 -06:00
6401c5b4ee snprintf() always terminates output with \0 2016-11-15 16:05:44 +01:00
4471e5419d Keep the permissions of the original file when creating a backup. 2016-11-15 16:04:24 +01:00
2b820c534d Audit the home directory ownership change. 2016-11-15 16:03:40 +01:00
765993846d Print error message if SELinux file context manipulation fails. 2016-11-15 16:00:51 +01:00
d9073bb033 Merge pull request #44 from evgeni/man-subuid-spelling
man: fix --{add,del}-sub{g,u}ids spelling
2016-11-09 17:05:33 -06:00