Commit Graph

75 Commits

Author SHA1 Message Date
64d7688acb Do not fail locking if there is a stale lockfile.
As the lockfiles have PID in the name, there can be no conflict
in the name with other process, so there is no point in using
O_EXCL and it only can fail if there is a stale lockfile from
previous execution that crashed for some reason.
2019-05-02 14:39:01 +02:00
408b8a5482 Use the lckpwdf() again if prefix is not set
The implementation of prefix option dropped the use of lckpwdf().
However that is incorrect as other tools manipulating the shadow passwords
such as PAM use lckpwdf() and do not know anything about the
shadow's own locking mechanism.

This reverts the implementation to use lckpwdf() if prefix option
is not used.
2019-05-02 14:33:06 +02:00
d6276066dd Do not crash in commonio_close if database FILE not opened.
The db->fp can be NULL if commonio_unlock() is called when the
shadow file is opened but did not exist before.
2019-03-25 14:51:26 +01:00
83f1380600 Merge pull request #133 from t8m/trivial
Fix some issues found in Coverity scan.
2018-10-23 22:21:12 -05:00
fb97da1ce1 Fix some issues found in Coverity scan. 2018-10-10 12:22:04 +02:00
4aaf05d72e Flush sssd caches in addition to nscd caches
Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
    passwd: sss files
    group:  sss files

The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.

Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.

More details about why Fedora chose to use sss before files can be found
on e.g.:
    https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
    https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html

Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
    getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.

This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.
2018-09-13 14:20:02 +02:00
65b4f58703 add --prefix option: some fixes + fixed pwd.lock file location 2018-03-28 21:14:12 +02:00
acaed3deab upstream merge 2018-01-23 23:10:19 +01:00
954e3d2e71 Fix buffer overflow if NULL line is present in db.
If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
2017-03-31 16:25:06 +02:00
b6b2c756c9 add --prefix option 2017-03-01 22:51:09 +01:00
4471e5419d Keep the permissions of the original file when creating a backup. 2016-11-15 16:04:24 +01:00
e01bad7d3c Merge pull request #4 from xnox/master
Make shadow more robust in hostile environments
2015-11-12 23:07:29 -06:00
c17f5ec460 Free memory on error path
When multiple entries with the same name are encountered, nentry is
not properly freed, which results in a memory leak.
2015-07-12 14:30:32 +02:00
bab349b46e Create dbs with correct permissions. 2015-02-27 17:01:31 +00:00
d611d54ed4 Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
	--disable-subordinate-ids. Enabled by default.
	* lib/prototypes.h: Include <config.h> before using its macros.
	* lib/commonio.h, lib/commonio.c: Define commonio_append only when
	ENABLE_SUBIDS is defined.
	* lib/prototypes.h, libmisc/find_new_sub_gids.c,
	libmisc/find_new_sub_uids.c: Likewise.
	* lib/subordinateio.h, lib/subordinateio.c: Likewise.
	* libmisc/user_busy.c: Only check if subordinate IDs are in use if
	ENABLE_SUBIDS is defined.
	* src/Makefile.am: Create newgidmap and newuidmap only if
	ENABLE_SUBIDS is defined.
	* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
	subordinate IDs.
	* src/useradd.c: Likewise.
	* src/userdel.c: Likewise.
	* src/usermod.c: Likewise.
	* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
	* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 (not translated yet).
	* man/generate_mans.mak: Add xsltproc conditionals
	subids/no_subids.
	* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
	condition.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/usermod.8.xml: Document options for subordinate IDs and
	reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 15:46:59 +02:00
5620c5ab5d Implement commonio_append.
To support files that do not have a simple unique key implement
commonio_append to allow new entries to be added.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
56845ad1c1 * lib/commonio.c: Fix labeling of /etc/{passwd,shadow,group,gshadow}.
It will basically label them with same context as
	/etc/{passwd+,shadow+,group+,gshadow+}
2012-05-18 19:44:53 +00:00
2c24c012bd * lib/prototypes.h, lib/Makefile.am, po/POTFILES.in,
libmisc/copydir.c, lib/selinux.c: Move set_selinux_file_context()
	and reset_selinux_file_context() from libmisc/copydir.c to
	lib/selinux.c.
	* lib/commonio.c: Use set_selinux_file_context() and
	reset_selinux_file_context() instead of using the existing
	database SELinux context to set the context for the newly created
	files.
2011-12-09 22:13:02 +00:00
bd4a6c9966 * src/passwd.c: Add missing cast.
* lib/commonio.c: Avoid multiple statements per line.
	* lib/commonio.c: Ignore fclose return value when the file was
	open read only or was not changed, or if an error is already
	reported.
2011-11-19 22:00:00 +00:00
1f4f00acad * lib/commonio.c: Display PID as unsigned long. 2011-07-30 01:48:42 +00:00
6223c40c2d * lib/commonio.c: Fix NIS commit from 2011-07-14. 2011-07-28 15:19:40 +00:00
39cecdab06 * NEWS, lib/commonio.h, lib/commonio.c: Additional messages to
indicate why locking failed.
	* NEWS, lib/commonio.c: Fix the sort algorithm in case of NIS. NIS
	entries were dropped.
	* lib/commonio.c: NIS entries can start by '+' or '-'.
2011-07-14 13:58:17 +00:00
7eb6a4b3a4 Updated copyrights. 2010-08-22 13:04:54 +00:00
f7a00a2334 * libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c,
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
	libmisc/loginprompt.c, libmisc/ttytype.c,
	libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
	lib/commonio.c, lib/commonio.h: Fix some const issues.
	* libmisc/motd.c: Avoid multi-statements lines.
	* libmisc/motd.c: Support long MOTD_FILE.
	* libmisc/list.c, lib/prototypes.h: Revert previous change.
	dup_list and is_on_list are used with members as defined for the
	group structure, and thus even if the list is not modified, the
	list elements cannot be constant strings.
	* libmisc/system.c: Avoid C++ comments.
	* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
	string. Split the Usage string.
	* lib/commonio.h: Re-indent.
2010-08-21 15:32:53 +00:00
22294bfac8 * lib/commonio.c: Make sure there are no NULL pointer dereference. 2010-08-20 20:34:44 +00:00
6b74294844 * lib/commonio.c: Avoid multi-statements lines. 2010-08-20 18:09:14 +00:00
68b6e6d2be * src/useradd.c, lib/commonio.c, po/POTFILES.in: Fix typos. 2010-03-19 11:01:32 +00:00
e19c7200eb * lib/commonio.c: Stop sorting entries when we reach the first
NIS line.
2010-03-18 23:21:21 +00:00
43211abb65 * lib/commonio.c: Ignore the return value of close when a
failure is reported.
2010-03-18 00:00:05 +00:00
fe71812b1d * lib/commonio.c: Avoid implicit conversion of pointers to
booleans.
	* lib/commonio.c: Ignore the return value of close when a
	failure is reported.
2010-03-17 23:59:47 +00:00
f13f60504a * lib/commonio.c: Re-indent.
* lib/commonio.c: Document the sections closed by #endif
	* lib/commonio.c: Added brackets.
	* lib/commonio.c: Avoid implicit conversion of integer to
	booleans.
2010-03-11 22:04:14 +00:00
391a384715 2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
	* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
	support TCB.
	* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
	parameter remove_root.
	* configure.in: Add conditional WITH_TCB.
	* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
	remove_tree().
	* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
	* src/vipw.c: Add support for TCB. Update call to remove_tree().
	* src/useradd.c: Add support for TCB. Open the shadow file outside
	of open_files().
	* src/chage.c: Add support for TCB.
	* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
	* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
	man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
	man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
	man/generate_mans.deps, man/Makefile.am: New configuration
	parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
	* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 18:11:13 +00:00
1e51ab0b23 * lib/commonio.c: Avoid pre-decrement operator (--n). Add some
comments.
	* libmisc/cleanup.c: Fix off by one in an assertion.
2009-09-08 21:00:12 +00:00
750093a3ed * lib/commonio.c: Avoid PATH_MAX. On glibc, we can use realpath
with a NULL argument.
	* src/useradd.c: Replace PATH_MAX by a fixed constant. The buffer
	was not meant as a storage for a path.
	* src/useradd.c, src/newusers.c, src/chpasswd.c: Better detection
	of fgets errors. Lines shall end with a \n, unless we reached the
	end of file.
	* libmisc/copydir.c: Avoid PATH_MAX. Support file paths with any
	length. Added readlink_malloc().
2009-05-10 13:49:03 +00:00
ba65b06b4a * lib/commonio.c: Ignore teh return values of fclose() and
unlink() in case of failure of fopen_set_perms() or
	create_backup().
	* lib/commonio.c: Should the backup file be unlink'ed in case of
	failure of create_backup()?
2009-04-30 21:53:54 +00:00
69307a1f2b * src/groupadd.c, lib/commonio.c, lib/groupio.c: Added missing
include of <assert.h>
2009-04-27 20:18:00 +00:00
4fd672c5b9 * lib/commonio.c: Added splint annotations.
* lib/commonio.c: old_context should be local to commonio_close(),
	not global.
2009-04-26 16:48:51 +00:00
44869516d3 Updated splint annotations. 2009-04-25 15:18:49 +00:00
06d5369fdb Updated splint annotations. 2009-04-25 14:16:22 +00:00
71f7f777ec * lib/commonio.c: Do not assumes eptr is always notnull.
Updated splint annotations.
2009-04-25 13:41:52 +00:00
3a37388d43 Updated splint annotations. 2009-04-25 13:13:50 +00:00
4c1d96e8e0 * lib/commonio.h, lib/commonio.c: Added splint annotations. 2009-04-25 12:43:27 +00:00
fc656ad7bd * lib/commonio.c: Use get_pid() instead of strtol.
* lib/commonio.c: Replace an int by a size_t.
2009-04-24 23:35:01 +00:00
6e357e14fc * lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h,
lib/pwio.c, lib/pwio.h, lib/shadowio.c, lib/shadowio.h: Added
	splint annotations. The *_locate() and *_next() functions
	currently return an observer. As the structure are often modified
	by the caller, it could maybe be changed to exposed later. (and
	non-const).
2009-04-23 21:19:02 +00:00
2c0f3ef707 * libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
	lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
	lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
e27f4a91b9 Tag one of the remaining strtol. 2009-04-11 16:08:00 +00:00
5dd5f51700 * lib/commonio.c: Call fsync before closing the backup file. This
ensures that the backup file is flushed to the storage medium.
2009-03-21 19:12:00 +00:00
0833bc3cc0 * lib/commonio.c: Ignore the return value of umask() when the mask
is set to the old value.
2008-09-13 11:55:50 +00:00
d65354efcf * lib/commonio.c: len should be typed ssize_t as it is the return
of read(), and is compared to 0. Cast to size_t when necessary.
2008-06-13 21:53:41 +00:00
182731d6eb * lib/commonio.c: Add brackets and parenthesis.
* lib/commonio.c: Check the result of fgets().
	* lib/commonio.c: Avoid implicit conversion of pointers to
	booleans.
2008-06-10 20:27:16 +00:00