Commit Graph

3010 Commits

Author SHA1 Message Date
Christian Göttsche
c80788a3ac useradd/usermod: add --selinux-range argument
Add a command line argument to useradd(8) and usermod(8) to specify the
MLS range for a SELinux user mapping.

Improves: #676
2023-04-19 09:19:19 +02:00
Alejandro Colomar
97f79e3b27 CI: Make build logs more readable
If make fails in a multi-process invocation, the log is pretty much
unreadable.  To make it readable, build as much as can be built without
failing.  Then run a single-process make again.  If we succeeded
previously, this should be a no-op.  If not, this run will stop at the
first error, which should be more readable, and will only print the few
lines we're interested in.

This has some side effects:  Now we build as much as we can, instead of
failing as early as possible; this may make CI a bit slower.  However,
it also has the benefit that you see _all_ the error messages that could
be given, instead of needing to fix the first error to see the next and
so on.

Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-04-18 09:21:09 +02:00
Iker Pedrosa
075ed522be ci: remove explicit fedora dependencies
libbsd-devel libeconf-devel have already been added to the spec file and
they should be installed by the `dnf builddep` command.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-13 13:05:32 +02:00
Iker Pedrosa
e047a3acc6 README: add reference to contribution guidelines
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-03 10:42:22 -05:00
Iker Pedrosa
981bb8f9d1 doc: add contributions introduction
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-03 10:42:22 -05:00
Iker Pedrosa
f6f14a2a83 doc: add license
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-03 10:42:22 -05:00
Iker Pedrosa
29df94eb4a doc: add releases
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-03 10:42:22 -05:00
Iker Pedrosa
6ceddd9205 doc: add Continuous Integration
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-03 10:42:22 -05:00
Iker Pedrosa
77c6cc9857 doc: add tests
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-03 10:42:22 -05:00
Iker Pedrosa
d40c58dc3b doc: add coding style
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-03 10:42:22 -05:00
Iker Pedrosa
1f15ea5955 doc: add build & install
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-04-03 10:42:22 -05:00
Serge Hallyn
30f3ea4bd3 trivial: vipw.8: fix grammar
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2023-04-03 13:06:14 +02:00
Christian Göttsche
2eee4c67f5 sssd: skip flushing if executable does not exist
Avoid unnecessary syslog output, like:

    Apr 01 13:35:09 dlaptop userdel[45872]: userdel: sss_cache exited with status 1
    Apr 01 13:35:09 dlaptop userdel[45872]: userdel: Failed to flush the sssd cache.
2023-04-03 13:05:30 +02:00
Christian Göttsche
2eaea70111 Overhaul valid_field()
e5905c4b ("Added control character check") introduced checking for
control characters but had the logic inverted, so it rejects all
characters that are not control ones.

Cast the character to `unsigned char` before passing to the character
checking functions to avoid UB.

Use strpbrk(3) for the illegal character test and return early.
2023-03-31 09:53:40 -05:00
Martin Kletzander
a5f9ef8b7f semanage: Do not set default SELinux range
Both semanage and libsemanage actually set the user's mls range to the
default of the seuser, which makes more sense and removes a bit of code
for usermod and useradd.  More fine-grained details must always be set
with some other tool
(semanage) anyway.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-31 16:13:02 +02:00
Michael Vetter
b44d7f78e0 Fix typo in groupadd usage 2023-03-31 16:04:42 +02:00
Christian Göttsche
189a01f7a7 ci: update Differential ShellCheck
Run on pushes and drop unnecessary write access.

Should avoid pull-requests comments like
https://github.com/shadow-maint/shadow/pull/695#issuecomment-1491876950
2023-03-31 15:54:39 +02:00
tomspiderlabs
e5905c4b84 Added control character check
Added control character check, returning -1 (to "err") if control characters are present.
2023-03-30 19:23:00 -05:00
Mike Gilbert
bd2d0079c9 usermod: respect --prefix for --gid option
The --gid option accepts a group name or id. When a name is provided, it
is resolved to an id by looking up the name in the group database
(/etc/group).

The --prefix option overides the location of the passwd and group
databases. I suspect the --gid option was overlooked when wiring up the
--prefix option.

useradd --gid already respects --prefix; this change makes usermod
behave the same way.

Fixes: b6b2c756c9
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
2023-03-29 09:05:23 +02:00
Alejandro Colomar
4c210a29bc Fix su(1) silent truncation
*  src/su.c (check_perms): Do not silently truncate user name.

Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Co-developed-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
Alejandro Colomar
1d7d94ed7d Simplify is_my_tty()
This commit will serve to document why we shouldn't worry about the
truncation in the call to strlcpy(3).  Since we have one more byte in
tmptty than in full_tty, truncation will produce a string that is at
least one byte longer than full_tty.  Such a string could never compare
equal, so we're actually handling the truncation in a clever way.  Maybe
too clever, but that's why I'm documenting it here.

Now, about the simplification itself:

Since we made sure that both full_tty and tmptty are null-terminated, we
can call strcmp(3) instead of strncmp(3).  We can also simplify the
return logic avoiding one branch.

Cc: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
Alejandro Colomar
e27ca53091 Fix is_my_tty() buffer overrun
*  libmisc/utmp.c (is_my_tty): Declare the parameter as a char array,
   not char *, as it is not necessarily null-terminated.
   Avoid a read overrun when reading 'tty', which comes from
   'ut_utname'.

Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Co-developed-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
Alejandro Colomar
664d361fa5 Add STRLEN(): a constexpr strlen(3) for string literals
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
Alejandro Colomar
03af2940f7 Fix crash with large timestamps
*  libmisc/date_to_str.c (date_to_str): Do not crash if gmtime(3)
   returns NULL because the timestamp is far in the future.

Reported-by: Paul Eggert <eggert@cs.ucla.edu>
Co-developed-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
Paul Eggert
ea3d49506f Prefer strcpy(3) to strlcpy(3) when either works
* lib/gshadow.c (sgetsgent): Use strcpy(3) not strlcpy(3),
since the string is known to fit.

Signed-off-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
Paul Eggert
a926a26f0c Fix change_field() buffer underrun
* lib/fields.c (change_field): Don't point
before array start; that has undefined behavior.

Signed-off-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
Paul Eggert
690ca8c238 Omit unneeded test in change_field()
* fields.c (change_field): Omit unnecessary test.

Signed-off-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
Paul Eggert
5686d9162e Simplify change_field() by using strcpy
* lib/fields.c (change_field): Since we know the string fits,
use strcpy(3) rather than strlcpy(3).

Signed-off-by: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-28 13:00:38 +02:00
skyler-ferrante
c089196e15 Fix null dereference in basename
On older kernels (<=linux-5.17), argv[0] can be null. Basename would
call strrchr with null if argc==0. Fixes issue #680
2023-03-27 10:10:37 -05:00
Iker Pedrosa
300d6ef45c CI: script for local container build
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-26 12:45:34 -05:00
Iker Pedrosa
d4f31a5b3e CI: build project in containers
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-26 12:45:34 -05:00
Iker Pedrosa
411a66476d container: add fedora
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-26 12:45:34 -05:00
Iker Pedrosa
3efab2039f container: add debian
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-26 12:45:34 -05:00
Iker Pedrosa
baff19767d container: add alpine
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-26 12:45:34 -05:00
Iker Pedrosa
53a4bda9ba SECURITY.md: add Iker Pedrosa
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2023-03-20 10:54:45 -05:00
Christian Göttsche
f2c4949707 selinux: use type safe function pointer assignment 2023-03-20 08:47:52 +01:00
Christian Göttsche
37bf59067f Use strict prototype in definition
gettime.c:25:30: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes]
    /*@observer@*/time_t gettime ()
                                 ^
                                  void
2023-03-20 08:47:52 +01:00
Vinícius dos Santos Oliveira
e638841f5a Add .editorconfig 2023-03-02 16:33:06 -06:00
Serge Hallyn
61ca915ac5 run_some: fix shellcheck warning
shellcheck warns against using echo with flags, as posix sh won't
support it.  It suggests using printf, so let's do that.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-27 21:38:45 -06:00
Serge Hallyn
6d03bbea96 fail on any run_some test failure
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-27 21:38:45 -06:00
Serge Hallyn
add4ab4bf0 ignore first test in run_some
bc github...

For some reason, the first test - ONLY on github - seems to not
give the '$ ' prompt expected when you spawn 'su testsuite'.
So just run the first test twice, and ignore the first failure.
2023-02-27 21:38:45 -06:00
Serge Hallyn
4da831c02f swap first two tests - does the first one still fail?
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-27 21:38:45 -06:00
Serge Hallyn
421c6cf951 tests: remove some github runner PATH tweaking
It messes with the expected results.

We can do better than this in the expect scripts, but let's
get things running for now.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-27 21:38:45 -06:00
Alejandro Colomar
a72065a108 tests: Support git-worktree(1)
git-worktree(1) uses a regular file for <.git>, instead of a directory.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-02-27 14:16:50 -06:00
Serge Hallyn
4445cee19d tests: newuidmap and newgidmap: update expected fail message
The failure message got changed, but the tests looking for it did
not.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-24 21:46:29 -06:00
Serge Hallyn
aa15bc445e libsubid: include alloc.h
Fixes: efbbcade43: Use safer allocation macros
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-24 21:27:02 -06:00
Serge Hallyn
9a9e163e71 run_some: log stderr
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-24 20:11:14 -06:00
Vinícius dos Santos Oliveira
05e2adf509 Validate fds created by the user
write_mapping() will do the following:

openat(proc_dir_fd, map_file, O_WRONLY);

An attacker could create a directory containing a symlink named
"uid_map" pointing to any file owned by root, and thus allow him to
overwrite any root-owned file.
2023-02-24 16:20:57 -06:00
Serge Hallyn
7ff33fae6f get_pidfd_from_fd: return -1 on error, not 0
Fixes: 6974df39a: newuidmap and newgidmap: support passing pid as fd
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-24 13:54:54 -06:00
Serge Hallyn
17efd59252 g-h-a workflow: workaround
Skip updating grub packages that are currently breaking
apt-get dist-upgrade.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2023-02-24 13:27:57 -06:00