]> git.ipfire.org Git - thirdparty/shadow.git/log
thirdparty/shadow.git
8 months agolib/idmapping.c: Unconditionally include <sys/prctl.h>
Alejandro Colomar [Tue, 12 Nov 2024 13:42:12 +0000 (14:42 +0100)] 
lib/idmapping.c: Unconditionally include <sys/prctl.h>

It's a widely available header.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agolib/: Use __has_include(<security/openpam.h>) instead of HAVE_SECURITY_OPENPAM_H
Alejandro Colomar [Tue, 12 Nov 2024 13:39:03 +0000 (14:39 +0100)] 
lib/: Use __has_include(<security/openpam.h>) instead of HAVE_SECURITY_OPENPAM_H

Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agolib/: Use __has_include(<security/pam_misc.h>) instead of HAVE_SECURITY_PAM_MISC_H
Alejandro Colomar [Tue, 12 Nov 2024 13:38:10 +0000 (14:38 +0100)] 
lib/: Use __has_include(<security/pam_misc.h>) instead of HAVE_SECURITY_PAM_MISC_H

Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agoconfigure.ac, lib/: Use __has_include(<sys/random.h>) instead of HAVE_SYS_RANDOM_H
Alejandro Colomar [Tue, 12 Nov 2024 13:34:36 +0000 (14:34 +0100)] 
configure.ac, lib/: Use __has_include(<sys/random.h>) instead of HAVE_SYS_RANDOM_H

Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agoconfigure.ac, lib/: Use __has_include(<crypt.h>) instead of HAVE_CRYPT_H
Alejandro Colomar [Tue, 12 Nov 2024 13:32:33 +0000 (14:32 +0100)] 
configure.ac, lib/: Use __has_include(<crypt.h>) instead of HAVE_CRYPT_H

Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agolib/, src/: motd(): Report errors instead of exiting from library code
Alejandro Colomar [Fri, 15 Nov 2024 22:55:18 +0000 (23:55 +0100)] 
lib/, src/: motd(): Report errors instead of exiting from library code

Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agolib/motd.c: motd(): Invert logic to reduce indentation
Alejandro Colomar [Fri, 15 Nov 2024 22:50:57 +0000 (23:50 +0100)] 
lib/motd.c: motd(): Invert logic to reduce indentation

Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agolib/, src/, doc/: Remove pw_auth()'s $3 as dead code
Alejandro Colomar [Thu, 30 Jan 2025 12:19:03 +0000 (13:19 +0100)] 
lib/, src/, doc/: Remove pw_auth()'s $3 as dead code

We don't read the parameter at all.  Remove it.

As a consequence, all the PW_* constants are also removed (as they are
now unused).

Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agolib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code
Alejandro Colomar [Wed, 29 Jan 2025 16:21:33 +0000 (17:21 +0100)] 
lib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code

These values aren't being set anywhere.

Reviewed-by: Sam James <sam@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agolib/, src/, doc/: Remove dead code
Alejandro Colomar [Wed, 29 Jan 2025 15:37:51 +0000 (16:37 +0100)] 
lib/, src/, doc/: Remove dead code

pw_auth()'s $4 was always being specified as NULL.  Remove the
parameter.  Instead, set a local variable to NULL at function entry, and
remove code that never runs (conditional on $4 != NULL).

Reviewed-by: Sam James <sam@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
8 months agosrc/vipw.c: Restore the original terminal pgrp after editing
Todd C. Miller [Fri, 24 Jan 2025 02:11:09 +0000 (19:11 -0700)] 
src/vipw.c: Restore the original terminal pgrp after editing

This fixes a problem when the shell is not in monitor mode (job control
enabled) which resulted in the terminal pgrp being set to an invalid
value once vipw exited.

Fixes: 7eca1112fbd7 (2019-11-11; "Fix vipw not resuming correctly when suspended")
Closes: <https://github.com/shadow-maint/shadow/issues/1194>
Reported-by: <https://github.com/yonecle>
Tested-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Use agetgroups() instead of its pattern
Alejandro Colomar [Tue, 19 Nov 2024 00:20:56 +0000 (01:20 +0100)] 
lib/, src/: Use agetgroups() instead of its pattern

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/shadow/grp/: agetgroups(): Add function
Alejandro Colomar [Tue, 19 Nov 2024 00:20:56 +0000 (01:20 +0100)] 
lib/shadow/grp/: agetgroups(): Add function

This encapsulates the logic for calling getgroups(3), which requires two
calls plus a malloc(3) call to do it correctly.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agoconfigure.ac, lib/, src/: Use gid_t instead of GETGROUPS_T
Alejandro Colomar [Sat, 16 Nov 2024 12:08:12 +0000 (13:08 +0100)] 
configure.ac, lib/, src/: Use gid_t instead of GETGROUPS_T

Autoconf's NEWS file says

*** AC_FUNC_GETGROUPS and AC_TYPE_GETGROUPS no longer run test programs.
  These macros were testing for OS bugs that we believe are at least
  twenty years in the past.  Most operating systems are now trusted to
  provide an accurate prototype for getgroups in unistd.h, and to
  implement it as specified in POSIX.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/adds.h: addslN(): Use QSORT() instead of its pattern
Alejandro Colomar [Thu, 14 Nov 2024 21:08:01 +0000 (22:08 +0100)] 
lib/adds.h: addslN(): Use QSORT() instead of its pattern

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/search/sort/: QSORT(): Add macro
Alejandro Colomar [Thu, 14 Nov 2024 21:04:21 +0000 (22:04 +0100)] 
lib/search/sort/: QSORT(): Add macro

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/addgrps.c: add_groups(): Remove arbitrary limit
Alejandro Colomar [Fri, 15 Nov 2024 14:11:29 +0000 (15:11 +0100)] 
lib/addgrps.c: add_groups(): Remove arbitrary limit

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Rename variables
Alejandro Colomar [Fri, 15 Nov 2024 14:24:05 +0000 (15:24 +0100)] 
lib/, src/: Rename variables

Since 'list' is used for a comma/colon-separated-value list, grouplist
is incorrect and inconsistent.  grouplist is not a list, but an array.
Use the more common convention of just using plural.  Also, use 'gids'
to distinguish it from other group representations.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/addgrps.c: add_groups(): Reallocate at once
Alejandro Colomar [Thu, 14 Nov 2024 18:58:54 +0000 (19:58 +0100)] 
lib/addgrps.c: add_groups(): Reallocate at once

We can calculate an upper bound of the number of added groups by
counting the number of delimiters in the string (plus one for the
element after the last delimiter).  This avoids reallocating +1 in a
loop.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/string/strchr/: strchrscnt(): Add function
Alejandro Colomar [Thu, 14 Nov 2024 18:54:33 +0000 (19:54 +0100)] 
lib/string/strchr/: strchrscnt(): Add function

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/addgrps.c: add_groups(): Split variable to avoid sign-mismatch diagnostics
Alejandro Colomar [Thu, 14 Nov 2024 18:29:04 +0000 (19:29 +0100)] 
lib/addgrps.c: add_groups(): Split variable to avoid sign-mismatch diagnostics

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Use LSEARCH() instead of its pattern
Alejandro Colomar [Thu, 14 Nov 2024 17:43:40 +0000 (18:43 +0100)] 
lib/, src/: Use LSEARCH() instead of its pattern

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/search/l/: LSEARCH(): Add macro
Alejandro Colomar [Thu, 14 Nov 2024 17:24:46 +0000 (18:24 +0100)] 
lib/search/l/: LSEARCH(): Add macro

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Replace redundant checks by actual error handling
Alejandro Colomar [Thu, 14 Nov 2024 18:22:16 +0000 (19:22 +0100)] 
lib/, src/: Replace redundant checks by actual error handling

setgroups(2) already performs a test to check if the number of groups is
too large.  Don't do that ourselves, and also don't do it for every
iteration.  Just let setgroups(2) do it once.

Instead of our check, let's report errors from setgroups(2).

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Unconditionally call setgroups(2)
Alejandro Colomar [Thu, 14 Nov 2024 18:05:31 +0000 (19:05 +0100)] 
lib/, src/: Unconditionally call setgroups(2)

Call it regardless of having added any groups.  If the group list is the
same that getgroups(3) gave us, setgroups(3) will be a no-op, and it
simplifies the surrounding code, by removing the 'added' variable, and
allowing to call lsearch(3) instead of lfind(3).

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/addgrps.c: add_groups(): Simplify redundant code with a goto
Alejandro Colomar [Thu, 14 Nov 2024 17:45:07 +0000 (18:45 +0100)] 
lib/addgrps.c: add_groups(): Simplify redundant code with a goto

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/addgrps.c: add_groups(): Allocate earlier
Alejandro Colomar [Thu, 14 Nov 2024 17:18:40 +0000 (18:18 +0100)] 
lib/addgrps.c: add_groups(): Allocate earlier

This will allow using lsearch(3).

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/addgrps.c: add_groups(): Remove useless cast
Alejandro Colomar [Thu, 14 Nov 2024 17:14:29 +0000 (18:14 +0100)] 
lib/addgrps.c: add_groups(): Remove useless cast

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Use LFIND() instead of open-coded search loops
Alejandro Colomar [Thu, 14 Nov 2024 14:27:16 +0000 (15:27 +0100)] 
lib/, src/: Use LFIND() instead of open-coded search loops

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/search/l/: LFIND(): Add macro
Alejandro Colomar [Thu, 14 Nov 2024 14:21:00 +0000 (15:21 +0100)] 
lib/search/l/: LFIND(): Add macro

The use of typeof() for the function pointer argument was suggested by
Jorenar.  This improves readability of these complex types.

Co-authored-by: Martin Uecker <uecker@tugraz.at>
Cc: Jorenar <dev@jorenar.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/search/cmp/, lib/, tests/: CMP(), cmp_*(): Add macro and functions
Alejandro Colomar [Thu, 14 Nov 2024 14:07:25 +0000 (15:07 +0100)] 
lib/search/cmp/, lib/, tests/: CMP(), cmp_*(): Add macro and functions

These macros are for use with bsearch(3),lfind(3),qsort(3).

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Simplify allocation of buffer
Alejandro Colomar [Thu, 14 Nov 2024 13:39:23 +0000 (14:39 +0100)] 
lib/, src/: Simplify allocation of buffer

getgroups(0, NULL) returns the number of groups, so that we can allocate
at once.  This might fail if there's a race and the number of users
grows while we're allocating, but if that happens, failing is probably a
good thing to do.

There was some comment saying it doesn't work on some systems, but
according to gnulib, that's only NeXTstep 3.2, which we don't support.

Link: <https://www.gnu.org/software/gnulib/manual/html_node/getgroups.html>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Un-spageticize code
Alejandro Colomar [Thu, 14 Nov 2024 12:52:31 +0000 (13:52 +0100)] 
lib/, src/: Un-spageticize code

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Reduce scope of variables
Alejandro Colomar [Thu, 14 Nov 2024 12:47:12 +0000 (13:47 +0100)] 
lib/, src/: Reduce scope of variables

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/gshadow_.h: Fix compatibility with libc's struct sgrp
Alejandro Colomar [Wed, 6 Nov 2024 13:51:06 +0000 (14:51 +0100)] 
lib/gshadow_.h: Fix compatibility with libc's struct sgrp

The name of the first field was different.  Rename for compatiblity with
libc.

$ diff -wU10 \
<(grepc sgrp . | sed_rm_ccomments) \
<(grepc sgrp /usr/include/ | sed_rm_ccomments);
--- /dev/fd/63 2024-11-06 14:49:03.287204461 +0100
+++ /dev/fd/62 2024-11-06 14:49:03.287204461 +0100
@@ -1,6 +1,7 @@
-./lib/gshadow_.h:struct sgrp {
- char *sg_name;
+/usr/include/gshadow.h:struct sgrp
+  {
+    char *sg_namp;
char *sg_passwd;
char **sg_adm;
char **sg_mem;
 };

This originates from a typo in this project, which was later copied by
glibc, and so the typo was set in stone.  The typo was eventually fixed
in shadow, but glibc had already set the name in stone, so we should
just learn to live with it.

$ grep -rn -C3 sg_name ChangeLog
1607-
1608-2011-07-30  Nicolas François  <nicolas.francois@centraliens.net>
1609-
1610: * src/chgpasswd.c: Fix typo sp -> sg. sg_namp -> sg_name
1611- * src/chgpasswd.c: Always update the group file when SHADOWGRP is
1612- not enabled.
1613-

This is a scripted change:

$ find lib* src -type f \
| xargs sed -i 's/\<sg_name\>/sg_namp/g';

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agoconfigure.ac, lib/gshadow.c: Presume working shadow group support in libc
Alejandro Colomar [Wed, 6 Nov 2024 12:07:29 +0000 (13:07 +0100)] 
configure.ac, lib/gshadow.c: Presume working shadow group support in libc

This check was testing a specific bug in a prehistoric libc version.
Red Hat 3 is long dead, and it doesn't make sense to test for that
specific bug.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/: Include <gshadow.h> if it's available
Alejandro Colomar [Wed, 6 Nov 2024 13:19:12 +0000 (14:19 +0100)] 
lib/: Include <gshadow.h> if it's available

The existing code was assuming that libc's <shadow.h> includes
<gshadow.h>.  That's not true.

alx@debian:~$ find /usr/include/shadow.h
/usr/include/shadow.h
alx@debian:~$ find /usr/include/gshadow.h
/usr/include/gshadow.h
alx@debian:~$ grep include.*gshadow /usr/include/shadow.h
alx@debian:~$

As a result, we were unconditionally including our own "gshadow_.h".

Fix that incorrect assumption, and do the following instead:

-  Include unconditionally our own "gshadow_.h".
-  Make our "gshadow_.h" include <gshadow.h> if it exists,
   and only provide the declarations otherwise.

While at it, fix the include guard to be consistent with the project.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agoconfigure.ac, lib/: Assume initgroups(3) exists
Alejandro Colomar [Sat, 16 Nov 2024 13:02:08 +0000 (14:02 +0100)] 
configure.ac, lib/: Assume initgroups(3) exists

It's available in every system I checked: glibc,musl,{Free,Net,Open}BSD.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agoconfigure.ac, lib/, src/: Assume setgroups(2) exists
Alejandro Colomar [Sat, 16 Nov 2024 12:23:54 +0000 (13:23 +0100)] 
configure.ac, lib/, src/: Assume setgroups(2) exists

It's available in every system I checked: glibc,musl,{Free,Net,Open}BSD.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/, src/: Turn error counters into flags
Tobias Stoeckmann [Mon, 20 Jan 2025 18:39:12 +0000 (19:39 +0100)] 
lib/, src/: Turn error counters into flags

If we are not interested in the amount of errors but only if errors
exist, use a flag instead of a counter. This eliminates the chance of
signed integer overflows and better reflects the meaning of variable.

Keeping variable name and basically copied from src/faillog.c.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agodoc: fix typo
Michael Vetter [Tue, 21 Jan 2025 14:38:47 +0000 (15:38 +0100)] 
doc: fix typo

9 months agosrc/gpasswd: Use correct preprocessor definition
Tobias Stoeckmann [Sun, 19 Jan 2025 20:28:25 +0000 (21:28 +0100)] 
src/gpasswd: Use correct preprocessor definition

Use PASS_MAX + 1 instead of BUFSIZ to clarify where this size comes
from. Technically, PASS_MAX is BUFSIZ - 1 so this is a no-op change.

Just make sure that the size of pass stays in sync with agetpass.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agosrc/gpasswd: Clear password in more cases
Tobias Stoeckmann [Sun, 19 Jan 2025 20:27:50 +0000 (21:27 +0100)] 
src/gpasswd: Clear password in more cases

If encryption of password fails, clear the memory before exiting.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agolib/encrypt.c: Do not exit in error case
Tobias Stoeckmann [Sun, 19 Jan 2025 20:23:54 +0000 (21:23 +0100)] 
lib/encrypt.c: Do not exit in error case

If crypt fails, pw_encrypt calls exit. This has the consequence that the
plaintext password is not cleared.

A valid password can fail if the underlying library does not support it.
One such example is SHA512, for which the password must not be longer
than 256 characters on musl. A password longer than this with glibc
works, so it is actually possible that a user, running passwd, tries to
enter the old password but the musl-based passwd binary simply exits.
Let passwd clear the password before exiting.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agoci: add openSUSE Tumbleweed
Michael Vetter [Mon, 20 Jan 2025 10:13:54 +0000 (11:13 +0100)] 
ci: add openSUSE Tumbleweed

Add an ansible task for openSUSE which will use the
configure options used by the official openSUSE package.

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
9 months agoman/useradd.8.xml: wfix
Markus Hiereth [Wed, 8 Jan 2025 21:43:45 +0000 (22:43 +0100)] 
man/useradd.8.xml: wfix

Closes: Debian Bug <https://bugs.debian.org/1005253>
Cc: Chris Hofstaedtler <zeha@debian.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agosrc/login_nopam.c: list_match(): Use iteration instead of recursion
Tobias Stoeckmann [Thu, 16 Jan 2025 20:09:54 +0000 (21:09 +0100)] 
src/login_nopam.c: list_match(): Use iteration instead of recursion

The recursive nature of list_match() triggered regression during
refactoring.  In Linux-PAM, the same code exists which could lead to
stack overflow because <access.conf> could be arbitrarily long.

Use an iterative approach for easier refactoring, to support long
lines in the future and to stay in sync with Linux-PAM.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agosrc/login_nopam.c: list_match(): Remove local variable
Alejandro Colomar [Sat, 18 Jan 2025 18:30:12 +0000 (19:30 +0100)] 
src/login_nopam.c: list_match(): Remove local variable

Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agosrc/login_nopam.c: list_match(): Move code around
Alejandro Colomar [Thu, 16 Jan 2025 21:30:56 +0000 (22:30 +0100)] 
src/login_nopam.c: list_match(): Move code around

This is just a no-op refactor in preparation for the following commits.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agosrc/login_nopam.c: list_match(): '(match)' is always true here
Alejandro Colomar [Thu, 16 Jan 2025 23:14:54 +0000 (00:14 +0100)] 
src/login_nopam.c: list_match(): '(match)' is always true here

Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agosrc/login_nopam.c: list_match(): Add superfluous else
Alejandro Colomar [Thu, 16 Jan 2025 21:25:31 +0000 (22:25 +0100)] 
src/login_nopam.c: list_match(): Add superfluous else

This is just a no-op refactor in preparation for the following commits.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agosrc/login_nopam.c: list_match(): Refactor conditional
Alejandro Colomar [Sat, 18 Jan 2025 19:16:24 +0000 (20:16 +0100)] 
src/login_nopam.c: list_match(): Refactor conditional

This is just a no-op refactor in preparation for the following commits.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agoman/passwd.1.xml: -P disables PAM support
Tobias Stoeckmann [Tue, 14 Jan 2025 20:57:09 +0000 (21:57 +0100)] 
man/passwd.1.xml: -P disables PAM support

If passwd is called with -P, then PAM handling is disabled
(src/passwd.c line 749). The manual page claims that host files would
be used, which is not true.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agochage: Drop PAM support
Tobias Stoeckmann [Tue, 14 Jan 2025 16:42:21 +0000 (17:42 +0100)] 
chage: Drop PAM support

The PAM support was only enabled with configure option
--enable-account-tools-setuid. The other account tools would use PAM
then to verify that the user is granted elevated permissions for
actions which normally only root can do.

In chage, however, any non-root user who does not specify the -l
command line option is denied access in check_perms. The check for
being root or not is done with getuid, so non-root users cannot
change user account's aging information in any possible way since
more than 18 years by now.

It's safe to say that nobody misses this non-existing feature. Biggest
benefit is to get chage out of the ACCT_TOOLS_SETUID group of tools.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agosrc/newusers.c: Turn nusers into size_t
Tobias Stoeckmann [Sun, 12 Jan 2025 18:21:09 +0000 (19:21 +0100)] 
src/newusers.c: Turn nusers into size_t

The nusers variable could, in theory, overflow and trigger an out of
boundary access if a huge amount of entries is added. Realistically,
this is not possible with current systems because way too much data
would be involved.

But let's better be safe than sorry and use correct data types.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agosrc/: Make line number overflows less likely
Tobias Stoeckmann [Sun, 12 Jan 2025 18:19:39 +0000 (19:19 +0100)] 
src/: Make line number overflows less likely

Huge files could trigger signed integer overflows if enough lines are
within the file. Use intmax_t which is at least 64 bit to move this
event far into the future.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agoman/: Install suauth.5 only if feature exists
Tobias Stoeckmann [Sun, 12 Jan 2025 17:45:13 +0000 (18:45 +0100)] 
man/: Install suauth.5 only if feature exists

Support for /etc/suauth only exists if su is installed without
PAM support. If su is not installed (--without-su) or if PAM
support is enabled (default), do not install suauth.5 manual
page.

The SU_ACCESS preprocessor definition is used to decide if
feature exists or not. See links for more details.

Link: https://github.com/shadow-maint/shadow/blob/65723c3c4704fde4cc8c94299123d3eeca81aadf/src/su.c#L558-L581
Link: https://github.com/shadow-maint/shadow/blob/65723c3c4704fde4cc8c94299123d3eeca81aadf/configure.ac#L628-L654
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agoadd and use a login.defs.test with CREATE_HOME set
Serge Hallyn [Sat, 11 Jan 2025 21:35:01 +0000 (15:35 -0600)] 
add and use a login.defs.test with CREATE_HOME set

I suspect this is not a big deal, and most distributions just ship their own
version verbatim like debian/login.defs. But if there is a distro - or even a
person - using this as is from upstream, then we dont' want to break them. So
let's undo this and use an etc/login.defs.test for the testing if needed.

Changelog: 01/13: move etc/login.defs.test to tests/system/etc/login.defs per
                  suggestion.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
9 months agoRevert "etc/login.defs: enable CREATE_HOME"
Serge Hallyn [Sat, 11 Jan 2025 21:22:59 +0000 (15:22 -0600)] 
Revert "etc/login.defs: enable CREATE_HOME"

This reverts commit dcb6b0f4152c1507a137640fea42401a91f22e2c.

Reported-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
9 months agoCI: run system tests
Iker Pedrosa [Thu, 21 Nov 2024 15:19:18 +0000 (16:19 +0100)] 
CI: run system tests

Run the newly created system tests in CI and collect artifacts.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agoetc/login.defs: enable CREATE_HOME
Iker Pedrosa [Fri, 22 Nov 2024 09:28:48 +0000 (10:28 +0100)] 
etc/login.defs: enable CREATE_HOME

In order to have consistent behaviour among all distributions, the same
configuration needs to be shared. That is why we are going to use the
`etc/login.defs` file and enable CREATE_HOME so that the home dir is
created automatically. This is not the default configuration used in all
distributions, but it is the most common one.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agotests: basic group deletion
Iker Pedrosa [Wed, 20 Nov 2024 09:41:10 +0000 (10:41 +0100)] 
tests: basic group deletion

This is the transformation to Python of the test located in
`tests/grouptools/groupdel/01_groupdel_delete_group/groupdel.test`,
which checks that `groupdel` is able to delete a group.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agotests: change GID of a group
Iker Pedrosa [Wed, 20 Nov 2024 09:13:33 +0000 (10:13 +0100)] 
tests: change GID of a group

This is the transformation to Python of the test located in
`tests/grouptools/groupmod/01_groupmod_change_gid/groupmod.test`, which
checks that `groupmod` is able to change the GID of a group.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agotests: basic group creation
Iker Pedrosa [Tue, 19 Nov 2024 15:18:45 +0000 (16:18 +0100)] 
tests: basic group creation

This is the transformation to Python of the test located in
`tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test`,
which checks that `groupadd` is able to create a new group.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agotests: delete user and homedir
Iker Pedrosa [Tue, 19 Nov 2024 09:19:09 +0000 (10:19 +0100)] 
tests: delete user and homedir

This is the transformation to Python of the test located in
`tests/usertools/01/18_userdel_remove_homedir.test`, which checks that
`userdel` is able to delete a user and its homedir. The test checks that
the user, the group and the home folder don't exist.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agotests: rename user
Iker Pedrosa [Wed, 13 Nov 2024 15:24:55 +0000 (16:24 +0100)] 
tests: rename user

This is the transformation to Python of the test located in
`tests/usertools/01/10_usermod_rename_user.test`, which checks that
`usermod` is able to rename a user. The test checks that the new user,
the group and home folder exists.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agotests: recreate deleted user
Iker Pedrosa [Wed, 20 Nov 2024 13:58:54 +0000 (14:58 +0100)] 
tests: recreate deleted user

This is the transformation to Python of the test located in
`tests/usertools/01/02_useradd_recreate_deleted_user.test`, which checks
that `useradd` is able to create again a removed user.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agotests: basic user creation
Iker Pedrosa [Fri, 8 Nov 2024 11:15:52 +0000 (12:15 +0100)] 
tests: basic user creation

This is the transformation to Python of the test located in
`tests/usertools/01/01_useradd_add_user.test`, which checks that
`useradd` is able to create a new user and its corresponding group and
home folder.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agotests: basic configuration
Iker Pedrosa [Fri, 8 Nov 2024 12:46:51 +0000 (13:46 +0100)] 
tests: basic configuration

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agoTests: implement system test framework
Iker Pedrosa [Mon, 7 Oct 2024 13:44:17 +0000 (15:44 +0200)] 
Tests: implement system test framework

As discussed at length, this is the implementation of the new system
tests framework for shadow. This is a proof of concept that contains the
key elements to be able to run basic user (i.e. useradd, usermod) and
group (i.e. usermod) tests. If you like the framework the rest of the
functionality will be added in the future.

Some useful facts:
* It is implemented in python
* It is based on pytest and pytest-mh
* It works on all the distributions that are part of our CI
* It can be run in the cloud (VM or container) as well as on-premises
* After the execution of each test the environment is cleaned up
* Logs and other artifacts for failed tests are collected
* It has a rich API that can be extended and extended to cover new
  functionalities

Closes: https://github.com/shadow-maint/shadow/issues/835
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
9 months agoRelease 4.17.2 4.17.2
Alejandro Colomar [Fri, 10 Jan 2025 13:57:55 +0000 (14:57 +0100)] 
Release 4.17.2

Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agoman/, po/: Update Romanian translation
Remus-Gabriel Chelu [Wed, 8 Jan 2025 21:51:56 +0000 (22:51 +0100)] 
man/, po/: Update Romanian translation

Add translation of manual pages, and update the translation of strings.

Bug-Debian: https://bugs.debian.org/1080487
[alx: fix typo: po => ro]
Reviewed-by: Alejandro Colomar <alx@kernel.org>
9 months agolib/: Set O_CLOEXEC for static FILE handles
Tobias Stoeckmann [Mon, 6 Jan 2025 16:24:13 +0000 (17:24 +0100)] 
lib/: Set O_CLOEXEC for static FILE handles

With glibc we can use "e" in mode argument to set O_CLOEXEC on
opened files. The /etc/shadow and /etc/gshadow file handles should
be protected to make sure that they are never passed to child
processes by accident.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agolib/: Use _exit in case of execv errors
Tobias Stoeckmann [Mon, 6 Jan 2025 16:18:43 +0000 (17:18 +0100)] 
lib/: Use _exit in case of execv errors

Calling exit might trigger cleanup functions registered through
atexit. Since some programs use this mechanism, be extra cautious to
never release passwd/group locks too early.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agoUpdate French translation
bubu [Wed, 8 Jan 2025 21:56:35 +0000 (22:56 +0100)] 
Update French translation

Bug-Debian: https://bugs.debian.org/1076260

9 months agoman: Add Portuguese translation
Américo Monteiro [Wed, 8 Jan 2025 21:59:50 +0000 (22:59 +0100)] 
man: Add Portuguese translation

Bug-Debian: https://bugs.debian.org/968304

9 months agologin: Fix no-pam authorization regression
Tobias Stoeckmann [Wed, 8 Jan 2025 16:04:07 +0000 (17:04 +0100)] 
login: Fix no-pam authorization regression

The list_match function handles EXCEPT entries through recursive
calls. It calls itself with NULL, which was then passed to strtok so
parsing continued at current position.

Replacing strtok with strsep, this means that EXCEPT entries never
match, because strsep(NULL, ...) always returns NULL, i.e. the
code treats everything after EXCEPT as non-existing.

Fix this by passing current list pointer to recursive call.

Fixes: 90afe61003ef (2024-07-04; "lib/, src/: Use strsep(3) instead of strtok(3)")
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agolib/attr.h: use C23 attributes only with gcc >= 10
Alexander Kanavin [Tue, 7 Jan 2025 16:03:32 +0000 (17:03 +0100)] 
lib/attr.h: use C23 attributes only with gcc >= 10

These are not available on earlier versions and builds break there.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
9 months agoman/: Update link to Wikipedia to use HTTPS
Scott Martin [Tue, 31 Dec 2024 13:21:04 +0000 (13:21 +0000)] 
man/: Update link to Wikipedia to use HTTPS

The link to Wikipedia's article "Password strength" was added here in
2008 and Wikipedia went HTTPS-only 7 years later.

Link: <https://diff.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/>

9 months agolib/chkname.c: login_name_max_size(): Put limits for LOGIN_NAME_MAX and sysconf(_SC_L...
Alejandro Colomar [Sat, 4 Jan 2025 12:10:48 +0000 (13:10 +0100)] 
lib/chkname.c: login_name_max_size(): Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX)

GNU Hurd doesn't define LOGIN_NAME_MAX.  GNU Hurd recommends having no
system limits.  When a program needs a limit, because it needs to
validate user input, it is recommended that each program defines its own
limit macros.  The rationale is that this avoids hard-coded limits in
ABIs, which cannot be modified ever.

However, that doesn't mean that programs should have no limits at all.
We use this limit for validating user input, and so we shouldn't allow
anything just because the system doesn't want to set a limit.

So, when sysconf(2) returns -1, either due to an error or due to a claim
for no limits, we must fall back to the LOGIN_NAME_MAX value.  And if
the system doesn't define that value, we must define it ourselves (we're
more or less free to choose any value, so let's pick the one that glibc
provides nowadays).

Fixes: 6a1f45d932c8 (2024-02-04; "lib/chkname.c: Support unlimited user name lengths")
Closes: <https://github.com/shadow-maint/shadow/issues/1166>
Cc: Chris Hofstaedtler <zeha@debian.org>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
9 months agosrc/login_nopam.c: Fix compiler warnings
Tobias Stoeckmann [Mon, 6 Jan 2025 16:15:51 +0000 (17:15 +0100)] 
src/login_nopam.c: Fix compiler warnings

The function user_match actually modifies the string passed as its
first argument, so use char * instead of const char *.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
9 months agoRelease 4.17.1 4.17.1
Serge Hallyn [Tue, 31 Dec 2024 19:06:01 +0000 (13:06 -0600)] 
Release 4.17.1

Signed-off-by: Serge Hallyn <serge@hallyn.com>
9 months agosu: Fix su - regression
Tobias Stoeckmann [Mon, 30 Dec 2024 14:12:32 +0000 (15:12 +0100)] 
su: Fix su - regression

Launch a login shell again if requested through "su -" or "su -l".

Fixes: d9923431eb38 ("src/: Use xasprintf() instead of its pattern")
Closes: <https://github.com/shadow-maint/shadow/issues/1160>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
10 months agoRelease 4.17.0 4.17.0
Serge Hallyn [Wed, 25 Dec 2024 14:47:03 +0000 (08:47 -0600)] 
Release 4.17.0

Signed-off-by: Serge Hallyn <serge@hallyn.com>
10 months agoAdded information in lastlog man page for new option '-a'
Pranav Lawate [Thu, 12 Dec 2024 05:50:36 +0000 (11:20 +0530)] 
Added information in lastlog man page for new option '-a'

Signed-off-by: Pranav Lawate <pran.lawate@gmail.com>
10 months agolib/fs/readlink/: readlinknul(): Fix return type
Alejandro Colomar [Mon, 2 Dec 2024 10:05:05 +0000 (11:05 +0100)] 
lib/fs/readlink/: readlinknul(): Fix return type

Fixes: 419ce14b6f72 (2024-11-01, "lib/fs/readlink/: readlinknul(): Add function")
Cc: Serge Halyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/fs/readlink/readlinknul.h: readlinknul(): Silence warning
Alejandro Colomar [Sat, 2 Nov 2024 11:28:44 +0000 (12:28 +0100)] 
lib/fs/readlink/readlinknul.h: readlinknul(): Silence warning

Use a temporary variable to silence a sign-mismatch diagnostic.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agoAdded option -a for listing active users only, optimized using if aflg,return
Pranav Lawate [Tue, 29 Oct 2024 09:57:51 +0000 (15:27 +0530)] 
Added option -a for listing active users only, optimized using if aflg,return

Signed-off-by: Pranav Lawate <pran.lawate@gmail.com>
10 months agolib/, src/: Use !streq() instead of its pattern
Alejandro Colomar [Fri, 6 Dec 2024 00:59:23 +0000 (01:59 +0100)] 
lib/, src/: Use !streq() instead of its pattern

Except for the added (and sorted) includes, the removal of redundant
parentheses, and a few non-string cases that I've left out of the
change, this patch can be approximated with the following semantic
patch:

$ cat ~/tmp/spatch/strneq.sp
@@
expression s;
@@

- '\0' != *s
+ !streq(s, "")

@@
expression s;
@@

- '\0' != s[0]
+ !streq(s, "")

@@
expression s;
@@

- *s != '\0'
+ !streq(s, "")

@@
expression s;
@@

- s[0] != '\0'
+ !streq(s, "")

$ find contrib/ lib* src/ -type f \
| xargs spatch --in-place --sp-file ~/tmp/spatch/strneq.sp;

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/, src/: Use streq() instead of its pattern
Alejandro Colomar [Mon, 2 Dec 2024 12:16:56 +0000 (13:16 +0100)] 
lib/, src/: Use streq() instead of its pattern

Except for the added (and sorted) includes, the removal of redundant
parentheses, a few cases that have been refactored for readability, and
a couple of non-string cases that I've left out of the change, this
patch can be approximated with the following semantic patch:

$ cat ~/tmp/spatch/streq.sp
@@
expression s;
@@

- '\0' == *s
+ streq(s, "")

@@
expression s;
@@

- '\0' == s[0]
+ streq(s, "")

@@
expression s;
@@

- *s == '\0'
+ streq(s, "")

@@
expression s;
@@

- s[0] == '\0'
+ streq(s, "")

$ find contrib/ lib* src/ -type f \
| xargs spatch --in-place --sp-file ~/tmp/spatch/streq.sp;

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/sgetgrent.c: sgetgrent(): Fix use-after-free bug
Alejandro Colomar [Fri, 6 Dec 2024 23:07:27 +0000 (00:07 +0100)] 
lib/sgetgrent.c: sgetgrent(): Fix use-after-free bug

We were reusing a leftover from parsing a previous line if
(i == NFIELDS-1).  A few lines below this check, we use read the element
in [3] (that is, [NFIELDS-1]), without having written it in this call.

Be stricter, and require that all NFIELDS fields are found.

Fixes: 45c6603cc86c (2007-10-07, "[svn-upgrade] Integrating new upstream version, shadow (19990709)")
Closes: <https://github.com/shadow-maint/shadow/issues/1144>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agoRelease 4.17.0-rc1
Serge Hallyn [Fri, 6 Dec 2024 05:39:32 +0000 (23:39 -0600)] 
Release 4.17.0-rc1

Signed-off-by: Serge Hallyn <serge@hallyn.com>
10 months agolib/gshadow.c: build_list(): Transform while loop into for loop
Alejandro Colomar [Wed, 6 Nov 2024 00:22:42 +0000 (01:22 +0100)] 
lib/gshadow.c: build_list(): Transform while loop into for loop

And 'n' is now an iterator.  Rename it to 'i' as usual.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/gshadow.c: build_list(): Allocate at once
Alejandro Colomar [Wed, 6 Nov 2024 00:20:17 +0000 (01:20 +0100)] 
lib/gshadow.c: build_list(): Allocate at once

Instead of reallocating 1 more meber per iteration, calculate the total
amount that we want by counting the number of commas (delimiters) in the
string, plus one for the last element, plus one for the terminating
NULL.

This might result in overallocation of one element if the string is an
empty string, or if there's a trailing comma; however, that's not an
issue.  We can afford overallocating one element in certain cases, and
we get in exchange a much simpler function.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/gshadow.c: Remove redundant variables
Alejandro Colomar [Tue, 5 Nov 2024 14:30:41 +0000 (15:30 +0100)] 
lib/gshadow.c: Remove redundant variables

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/gshadow.c: build_list(): Remove second parameter
Alejandro Colomar [Tue, 5 Nov 2024 14:13:35 +0000 (15:13 +0100)] 
lib/gshadow.c: build_list(): Remove second parameter

We've simplified the function so much in the previous commits, that now
$2 is rather useless.  It only sets the output parameter to the same
value that the function returns.  It's simpler if the caller just sets
it itself after the call.

This removes the only 3-star pointer in the entire project.  :)

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/gshadow.c: sgetsgent(): Be consistent using NULL
Alejandro Colomar [Tue, 5 Nov 2024 13:10:23 +0000 (14:10 +0100)] 
lib/gshadow.c: sgetsgent(): Be consistent using NULL

0 is a horrible null-pointer constant.  Don't use it.
Especially, when just a few lines above, in the same function,
we've used NULL for the same thing.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/gshadow.c: build_list(): Compact ++ into previous statement
Alejandro Colomar [Mon, 4 Nov 2024 20:59:27 +0000 (21:59 +0100)] 
lib/gshadow.c: build_list(): Compact ++ into previous statement

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/gshadow.c: build_list(): Minimize use of pointer parameters
Alejandro Colomar [Mon, 4 Nov 2024 20:57:06 +0000 (21:57 +0100)] 
lib/gshadow.c: build_list(): Minimize use of pointer parameters

Use instead automatic variables as much as possible.
This reduces the number of dereferences, enhancing readability.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
10 months agolib/gshadow.c: Remove dead code
Alejandro Colomar [Mon, 4 Nov 2024 21:09:46 +0000 (22:09 +0100)] 
lib/gshadow.c: Remove dead code

Nothing is using that value outside of build_list().
Keep it as an local variable.

Signed-off-by: Alejandro Colomar <alx@kernel.org>