]> git.ipfire.org Git - thirdparty/shadow.git/log
thirdparty/shadow.git
5 years agoremove unused and misleading 'owner' argument from find_new_sub* 245/head
Serge Hallyn [Fri, 17 Apr 2020 21:31:56 +0000 (16:31 -0500)] 
remove unused and misleading 'owner' argument from find_new_sub*

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoMerge pull request #242 from topimiettinen/login-defs-modernize
Christian Brauner [Fri, 10 Apr 2020 14:58:29 +0000 (16:58 +0200)] 
Merge pull request #242 from topimiettinen/login-defs-modernize

login.defs: warn about weak choices

5 years agologin.defs: warn about weak choices 242/head
Topi Miettinen [Fri, 10 Apr 2020 11:09:55 +0000 (14:09 +0300)] 
login.defs: warn about weak choices

According to crypt(5), MD5 and DES should not be used for new
hashes. Also the default number of SHA rounds chosen by libc is orders
of magnitude too low for modern hardware. Let's warn the users about
weak choices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
5 years agoMerge pull request #236 from jsoref/with-an
Serge Hallyn [Sat, 21 Mar 2020 03:30:16 +0000 (22:30 -0500)] 
Merge pull request #236 from jsoref/with-an

spelling: with-an

5 years agoMerge pull request #232 from eagleoflqj/master
Serge Hallyn [Sat, 21 Mar 2020 03:29:55 +0000 (22:29 -0500)] 
Merge pull request #232 from eagleoflqj/master

fix typo 登陆->登录

5 years agoMerge pull request #226 from ikerexxe/dev1
Serge Hallyn [Fri, 20 Mar 2020 22:45:37 +0000 (17:45 -0500)] 
Merge pull request #226 from ikerexxe/dev1

useradd: clarify the useradd -d parameter behavior in man page

5 years agouseradd: clarify the useradd -d parameter behavior in man page 226/head
ikerexxe [Wed, 4 Mar 2020 13:50:04 +0000 (14:50 +0100)] 
useradd: clarify the useradd -d parameter behavior in man page

Explanation: clarify the useradd -d parameter as it does create directory HOME_DIR if it doesn't exit.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1677005

Changelog: [serge] minor tweak to the text

5 years agospelling: with-an 236/head
Josh Soref [Tue, 17 Mar 2020 21:09:26 +0000 (17:09 -0400)] 
spelling: with-an

5 years agofix typo 登陆->登录 232/head
eagleoflqj [Wed, 11 Mar 2020 22:51:02 +0000 (18:51 -0400)] 
fix typo 登陆->登录

5 years agoMerge pull request #229 from edneville/130_segfaults_on_strftime
Serge Hallyn [Mon, 9 Mar 2020 18:17:11 +0000 (13:17 -0500)] 
Merge pull request #229 from edneville/130_segfaults_on_strftime

Fix segfault on strftime

5 years agoReplacing exit with return 229/head
ed [Mon, 9 Mar 2020 18:01:32 +0000 (18:01 +0000)] 
Replacing exit with return

5 years agoMerge pull request #228 from blueskycs2c/br1
Serge Hallyn [Mon, 9 Mar 2020 16:05:27 +0000 (11:05 -0500)] 
Merge pull request #228 from blueskycs2c/br1

fix #223comment at #endif does not match condition of #if

5 years agoMerge pull request #230 from Frans-Spiesschaert/new_dutch_po_branch
Serge Hallyn [Mon, 9 Mar 2020 16:00:45 +0000 (11:00 -0500)] 
Merge pull request #230 from Frans-Spiesschaert/new_dutch_po_branch

updated Dutch translation

5 years agoupdated Dutch translation 230/head
Frans Spiesschaert [Sat, 7 Mar 2020 20:55:53 +0000 (21:55 +0100)] 
updated Dutch translation

5 years agoFix segfault when time is unreadable
ed@s5h.net [Sat, 7 Mar 2020 16:49:17 +0000 (16:49 +0000)] 
Fix segfault when time is unreadable

Adding myself to contributors

Closes #130

5 years agomodify #endif does not match condition of #if in passwd.c 228/head
blueskycs2c [Thu, 5 Mar 2020 02:51:39 +0000 (10:51 +0800)] 
modify #endif does not match condition of #if in passwd.c

5 years agoman/Makefile.am: add HOME_MODE.xml
Serge Hallyn [Thu, 27 Feb 2020 01:41:54 +0000 (19:41 -0600)] 
man/Makefile.am:  add HOME_MODE.xml

Closes #217

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoMerge pull request #219 from infinnovation-dev/master
Serge Hallyn [Thu, 27 Feb 2020 01:34:13 +0000 (19:34 -0600)] 
Merge pull request #219 from infinnovation-dev/master

libmisc: Accept --root=path and --prefix=path option syntax

5 years agoMerge pull request #215 from imba-tjd/patch-1
Serge Hallyn [Thu, 27 Feb 2020 00:13:54 +0000 (18:13 -0600)] 
Merge pull request #215 from imba-tjd/patch-1

man(zh_CN): fix typo 现实 -> 显示

5 years agoMerge pull request #216 from ikerexxe/master
Serge Hallyn [Mon, 24 Feb 2020 00:00:23 +0000 (18:00 -0600)] 
Merge pull request #216 from ikerexxe/master

useradd: doesn't generate /var/spool/mail/$USER with the proper SELinux user identity

5 years agouseradd: generate /var/spool/mail/$USER with the proper SELinux user identity 216/head
ikerexxe [Wed, 5 Feb 2020 14:04:39 +0000 (15:04 +0100)] 
useradd: generate /var/spool/mail/$USER with the proper SELinux user identity

Explanation: use set_selinux_file_context() and reset_selinux_file_context() for create_mail() just as is done for create_home()

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690527

5 years agolibmisc: Accept --root=path and --prefix=path option syntax 219/head
Colin Hogben [Fri, 7 Feb 2020 21:57:12 +0000 (21:57 +0000)] 
libmisc: Accept --root=path and --prefix=path option syntax

Recognise --root=path in addition to --root path (and similarly for
--prefix) to match the syntax accepted by getopt_long.

Fixes #218

5 years agoman(zh_CN): fix typo 现实 -> 显示 215/head
谭九鼎 [Mon, 3 Feb 2020 14:02:16 +0000 (22:02 +0800)] 
man(zh_CN): fix typo 现实 -> 显示

5 years agoconfigure.ac: release 4.8.1 4.8.1
Serge Hallyn [Thu, 23 Jan 2020 20:38:22 +0000 (14:38 -0600)] 
configure.ac: release 4.8.1

This is mainly to revert the --sbindir/--bindir commit which broke some
distros

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoupdate changelog
Serge Hallyn [Thu, 23 Jan 2020 20:37:42 +0000 (14:37 -0600)] 
update changelog

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoMerge pull request #212 from t8m/in-subuid-mapping
Serge Hallyn [Thu, 23 Jan 2020 15:15:04 +0000 (09:15 -0600)] 
Merge pull request #212 from t8m/in-subuid-mapping

Do not mistake a regular user process for a namespaced one

5 years agoDo not mistake a regular user process for a namespaced one 212/head
Tomas Mraz [Mon, 20 Jan 2020 12:58:07 +0000 (13:58 +0100)] 
Do not mistake a regular user process for a namespaced one

In case there is a regular user with a process running on a system
with uid falling into a namespaced uid range of another user.
The user with the colliding namespaced uid range will not be
allowed to be deleted without forcing the action with -f.

The user_busy() is adjusted to check whether the suspected process
is really a namespaced process in a different namespace.

5 years agoMerge pull request #210 from t8m/shell-check
Serge Hallyn [Mon, 20 Jan 2020 15:04:51 +0000 (07:04 -0800)] 
Merge pull request #210 from t8m/shell-check

Make the check for non-executable shell only a warning.

5 years agoMerge pull request #211 from Frans-Spiesschaert/master
Serge Hallyn [Mon, 20 Jan 2020 14:57:13 +0000 (06:57 -0800)] 
Merge pull request #211 from Frans-Spiesschaert/master

updated po file for Dutch

5 years agopo/nl.po 211/head
Frans-Spiesschaert [Thu, 16 Jan 2020 20:08:32 +0000 (21:08 +0100)] 
po/nl.po

updated Dutch translation for shadow version 4.8 (pot file from 2019-12-01).
I updated the translation for Debian
and on request of the Debian package maintainer Bálint Réczey I am creating this pull request

5 years agoMake the check for non-executable shell only a warning. 210/head
Tomas Mraz [Thu, 16 Jan 2020 11:55:30 +0000 (12:55 +0100)] 
Make the check for non-executable shell only a warning.

Although it is a good idea to check for an inadvertent typo
in the shell name it is possible that the shell might not be present
on the system yet when the user is added.

5 years agoMerge pull request #209 from Duncaen/home-mode
Serge Hallyn [Sun, 12 Jan 2020 15:39:13 +0000 (09:39 -0600)] 
Merge pull request #209 from Duncaen/home-mode

add new HOME_MODE login.defs(5) option

5 years agoadd new HOME_MODE login.defs(5) option 209/head
Duncan Overbruck [Sat, 11 Jan 2020 21:19:37 +0000 (22:19 +0100)] 
add new HOME_MODE login.defs(5) option

This option can be used to set a separate mode for useradd(8) and
newusers(8) to create the home directories with.
If this option is not set, the current behavior of using UMASK
or the default umask is preserved.

There are many distributions that set UMASK to 077 by default just
to create home directories not readable by others and use things like
/etc/profile, bashrc or sudo configuration files to set a less
restrictive
umask. This has always resulted in bug reports because it is hard
to follow as users tend to change files like bashrc and are not about
setting the umask to counteract the umask set in /etc/login.defs.

A recent change in sudo has also resulted in many bug reports about
this. sudo now tries to respect the umask set by pam modules and on
systems where pam does not set a umask, the login.defs UMASK value is
used.

5 years agosilence more compiler warnings
Serge Hallyn [Sun, 12 Jan 2020 14:20:50 +0000 (08:20 -0600)] 
silence more compiler warnings

And don't reuse the cp variable for two different purposes.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoRevert "add new HOME_MODE login.defs(5) option"
Serge Hallyn [Sun, 12 Jan 2020 13:56:19 +0000 (07:56 -0600)] 
Revert "add new HOME_MODE login.defs(5) option"

Missing file

This reverts commit a847899b521b0df0665e442845bcff23407d9ea0.

5 years agosilence compiler warnings
Serge Hallyn [Sun, 12 Jan 2020 13:31:26 +0000 (07:31 -0600)] 
silence compiler warnings

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoman: add missing author entries
Serge Hallyn [Sun, 12 Jan 2020 13:24:04 +0000 (07:24 -0600)] 
man: add missing author entries

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoMerge pull request #204 from edneville/198_user_add_tty_logging
Serge Hallyn [Sun, 12 Jan 2020 13:19:18 +0000 (07:19 -0600)] 
Merge pull request #204 from edneville/198_user_add_tty_logging

Adding tty logging to the useradd command

5 years agoAdding tty logging to the useradd command 204/head
ed [Wed, 18 Dec 2019 20:53:58 +0000 (20:53 +0000)] 
Adding tty logging to the useradd command

This commit adds a from= field to the end of the useradd log entry.
Casting user_name to tallylog_reset to silence a compiler warning.

Changelog: Fixing tabs
Changelog: Changing function prototype to const char* to match user_name declaration.

5 years agoMerge pull request #208 from Duncaen/umask-home
Serge Hallyn [Sat, 11 Jan 2020 22:20:13 +0000 (16:20 -0600)] 
Merge pull request #208 from Duncaen/umask-home

add new UMASK_HOME login.defs option

5 years agoadd new HOME_MODE login.defs(5) option 208/head
Duncan Overbruck [Sat, 11 Jan 2020 21:19:37 +0000 (22:19 +0100)] 
add new HOME_MODE login.defs(5) option

This option can be used to set a separate mode for useradd(8) and
newusers(8) to create the home directories with.
If this option is not set, the current behavior of using UMASK
or the default umask is preserved.

There are many distributions that set UMASK to 077 by default just
to create home directories not readable by others and use things like
/etc/profile, bashrc or sudo configuration files to set a less
restrictive
umask. This has always resulted in bug reports because it is hard
to follow as users tend to change files like bashrc and are not about
setting the umask to counteract the umask set in /etc/login.defs.

A recent change in sudo has also resulted in many bug reports about
this. sudo now tries to respect the umask set by pam modules and on
systems where pam does not set a umask, the login.defs UMASK value is
used.

5 years agoUpdate README to point to new alioth list urls
Serge Hallyn [Sat, 11 Jan 2020 20:50:55 +0000 (14:50 -0600)] 
Update README to point to new alioth list urls

Closes #195.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoMerge pull request #206 from edneville/123_log_ssh_original_command_in_nologin
Serge Hallyn [Sat, 11 Jan 2020 20:47:57 +0000 (14:47 -0600)] 
Merge pull request #206 from edneville/123_log_ssh_original_command_in_nologin

Adding logging of SSH_ORIGINAL_COMMAND to nologin.

5 years agoAdding logging of SSH_ORIGINAL_COMMAND to nologin. 206/head
ed [Thu, 26 Dec 2019 13:17:11 +0000 (13:17 +0000)] 
Adding logging of SSH_ORIGINAL_COMMAND to nologin.

If SSH_ORIGINAL_COMMAND is set, it will be added to the syslog entry.

Closes #123.

Changelog: (SEH squashed commit): Fixing indentation
Changelog: (SEH) break up long line

5 years agoadd changelog entry about account-tools-setuid
Serge Hallyn [Fri, 20 Dec 2019 06:14:13 +0000 (00:14 -0600)] 
add changelog entry about account-tools-setuid

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoMerge pull request #205 from Blub/2019-12-19/bail-on-error-in-for-loops
Serge Hallyn [Fri, 20 Dec 2019 06:08:32 +0000 (00:08 -0600)] 
Merge pull request #205 from Blub/2019-12-19/bail-on-error-in-for-loops

Makefile: bail out on error in for-loops

5 years agoMerge pull request #199 from falconindy/master
Serge Hallyn [Fri, 20 Dec 2019 06:07:23 +0000 (00:07 -0600)] 
Merge pull request #199 from falconindy/master

Don't auto-enable ACCT_TOOLS_SETUID if PAM is detected

5 years agoMerge pull request #201 from michaelweiser/groupmems-man
Serge Hallyn [Thu, 19 Dec 2019 20:49:45 +0000 (14:49 -0600)] 
Merge pull request #201 from michaelweiser/groupmems-man

man: Don't suggest making groupmems user-writeable

5 years agoMakefile: bail out on error in for-loops 205/head
Wolfgang Bumiller [Thu, 19 Dec 2019 17:54:30 +0000 (18:54 +0100)] 
Makefile: bail out on error in for-loops

`make` runs each line in a shell and bails out on error,
however, the shell is not started with `-e`, so commands in
`for` loops can fail without the error actually causing
`make` to bail out with a failure status.

For instance, the following make snippet will end
successfully, printing 'SUCCESS', despite the first `chmod`
failing:

    all:
        touch a b
        for i in a-missing-file a b; do \
            chmod 666 $$i; \
        done
        @echo SUCCESS

To prevent wrong paths in install scripts from remaining
unnoticed, let's activate `set -e` in the `for` loop
subshells.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 years agoMerge pull request #203 from Rushi98/master
Christian Brauner [Wed, 18 Dec 2019 10:46:20 +0000 (11:46 +0100)] 
Merge pull request #203 from Rushi98/master

Deduplicate usermod manual (fixes #202)

5 years agoDeduplicate usermod manual (fixes #202) 203/head
Rushikesh Jogdand [Wed, 18 Dec 2019 05:50:40 +0000 (11:20 +0530)] 
Deduplicate usermod manual (fixes #202)

Changelog:
1) modified:   man/usermod.8.xml
   Removed duplicate "badnames" options entry.

5 years agoman: Don't suggest making groupmems user-writeable 201/head
Michael Weiser [Tue, 17 Dec 2019 20:13:07 +0000 (21:13 +0100)] 
man: Don't suggest making groupmems user-writeable

Suggesting mode 2770 is dangerous because it makes the binary writeable
by all members of the owning group which is supposed to be normal
end-users. Suggest 2710 instead as is usual for s[ug]id binaries,
allowing execution but neither reading nor writing.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
5 years agoMerge pull request #200 from jubalh/sel1
Christian Brauner [Tue, 17 Dec 2019 12:43:56 +0000 (13:43 +0100)] 
Merge pull request #200 from jubalh/sel1

selinux: include stdio

5 years agoselinux: include stdio 200/head
Michael Vetter [Tue, 17 Dec 2019 12:40:47 +0000 (13:40 +0100)] 
selinux: include stdio

We use fprintf(), stderr etc, so we should include stdio.h.

5 years agoDon't auto-enable ACCT_TOOLS_SETUID if PAM is detected 199/head
Dave Reisner [Mon, 16 Dec 2019 19:11:23 +0000 (14:11 -0500)] 
Don't auto-enable ACCT_TOOLS_SETUID if PAM is detected

Here's a sad story:

70971457 is merged into shadow, allowing newgidmap/newuidmap to be
installed with file caps rather than setuid.
* https://bugs.archlinux.org/task/63248 is filed to take advantage of
this.
* The arch maintainer of the 'shadow' package notices that this doesn't
work, and submits a pull request to fix this in shadow.
edf7547ad5 is merged, fixing the post install hooks.

The problem here is that distros have been building shadow with PAM for
O(years), but the install hooks have silently failed due to the
combination of the directory mismatch (suidubins vs suidsbins) and later
success with setuid'ing newgidmap/newuidmap.

With the install hooks fixed, those of us (Arch[1] and Gentoo[2] so far)
who never built shadow explicitly with --enable-account-tools-setuid are
now getting setuid account tools, and don't have PAM configuration
suitable for use with setuid account management tools.

It's entirely unclear to me why you'd want this, but I assume there's
some reason out there for it existing. Regardless, setuid binaries are
dangerous and shouldn't be enabled by default without good reason.

[1] https://bugs.archlinux.org/task/64836
[2] https://bugs.gentoo.org/702252

5 years agoMerge pull request #197 from chutz/revert-bindir-sbindir-change
Serge Hallyn [Mon, 2 Dec 2019 02:28:21 +0000 (20:28 -0600)] 
Merge pull request #197 from chutz/revert-bindir-sbindir-change

Revert "Honor --sbindir and --bindir for binary installation"

5 years agoRevert "Honor --sbindir and --bindir for binary installation" 197/head
Patrick McLean [Sun, 1 Dec 2019 21:59:52 +0000 (13:59 -0800)] 
Revert "Honor --sbindir and --bindir for binary installation"

This reverts commit e293aa9cfca0619a63616af75532637dab60d49d.

See https://github.com/shadow-maint/shadow/issues/196

Some distros still care about `/bin` vs `/usr/bin`. This commit makes
it so all binaries are always installed to `/bin`/`/sbin`. The only way to
restore the previous behaviour of installing some binaries to
`/usr/bin`/`/usr/sbin` is to revert the patch.

5 years agoMerge pull request #194 from jubalh/contr
Serge Hallyn [Sun, 1 Dec 2019 17:46:13 +0000 (11:46 -0600)] 
Merge pull request #194 from jubalh/contr

Add myself to contributors

5 years agoAdd myself to contributors 194/head
Michael Vetter [Sun, 1 Dec 2019 17:37:38 +0000 (18:37 +0100)] 
Add myself to contributors

5 years agoRelease 4.8 4.8
Serge Hallyn [Sun, 1 Dec 2019 17:28:50 +0000 (11:28 -0600)] 
Release 4.8

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agofix type in po/POTFILES.in
Serge Hallyn [Sun, 1 Dec 2019 17:34:02 +0000 (11:34 -0600)] 
fix type in po/POTFILES.in

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoMerge pull request #179 from seitokaichou/master
Serge Hallyn [Sun, 1 Dec 2019 17:02:23 +0000 (11:02 -0600)] 
Merge pull request #179 from seitokaichou/master

WIP: Initial bcrypt support

5 years agoInitial bcrypt support 179/head
prez [Mon, 16 Sep 2019 18:54:56 +0000 (20:54 +0200)] 
Initial bcrypt support

5 years agoMerge pull request #192 from Polynomial-C/optional_su
Serge Hallyn [Sun, 1 Dec 2019 16:51:21 +0000 (10:51 -0600)] 
Merge pull request #192 from Polynomial-C/optional_su

build: Make build/installation of su and its support files optional

5 years agobuild: Make build/installation of su and its support files optional 192/head
Lars Wendler [Tue, 19 Nov 2019 09:57:06 +0000 (10:57 +0100)] 
build: Make build/installation of su and its support files optional

Enabled by default
This is necessary because coreutils and util-linux can also provide su

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
5 years agoMerge pull request #191 from topimiettinen/sync-passwd-5-and-shadow-5
Christian Brauner [Sat, 16 Nov 2019 14:06:03 +0000 (15:06 +0100)] 
Merge pull request #191 from topimiettinen/sync-passwd-5-and-shadow-5

man: sync and reorder password field descriptions

5 years agoman: sync and reorder password field descriptions 191/head
Topi Miettinen [Sat, 16 Nov 2019 13:35:08 +0000 (15:35 +0200)] 
man: sync and reorder password field descriptions

Synchronize how passwd(5) and shadow(5) describe the password field.
Reorder the descriptions more logically.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
5 years agoMerge pull request #190 from jubalh/fixtypo
Serge Hallyn [Tue, 12 Nov 2019 13:12:06 +0000 (07:12 -0600)] 
Merge pull request #190 from jubalh/fixtypo

Fix typo in access of shell command

5 years agoFix typo in access of shell command 190/head
Michael Vetter [Tue, 12 Nov 2019 07:38:08 +0000 (08:38 +0100)] 
Fix typo in access of shell command

Fix typo in 88fa0651bfa4be0c819da0027456f5046a3b4967.
For some reason my git push -f seems not to have worked.

5 years agoMerge pull request #189 from hallyn/2019-11-11/vpiw
Serge Hallyn [Tue, 12 Nov 2019 02:22:49 +0000 (20:22 -0600)] 
Merge pull request #189 from hallyn/2019-11-11/vpiw

Fix vipw not resuming correctly when suspended

5 years agoFix vipw not resuming correctly when suspended 189/head
Todd C. Miller [Tue, 12 Nov 2019 02:08:10 +0000 (20:08 -0600)] 
Fix vipw not resuming correctly when suspended

Closes #185

If vipw is suspended (e.g. via control-Z) and then resumed, it often gets
immediately suspended. This is easier to reproduce on a multi-core system.

root@buster:~# /usr/sbin/vipw

[1]+  Stopped                 /usr/sbin/vipw
root@buster:~# fg
/usr/sbin/vipw

[1]+  Stopped                 /usr/sbin/vipw

root@buster:~# fg
[vipw resumes on the second fg]

The problem is that vipw forks a child process and calls waitpid() with the
WUNTRACED flag. When the child process (running the editor) is suspended, the
parent sends itself SIGSTOP to suspend the main vipw process. However, because
the main vipw is in the same process group as the editor which received the ^Z,
the kernel already sent the main vipw SIGTSTP.

If the main vipw receives SIGTSTP before the child, it will be suspended and
then, once resumed, will proceed to suspend itself again.

To fix this, run the child process in its own process group as the foreground
process group. That way, control-Z will only affect the child process and the
parent can use the existing logic to suspend the parent.

5 years agoMerge pull request #188 from rbalint/pot
Serge Hallyn [Tue, 12 Nov 2019 00:12:36 +0000 (18:12 -0600)] 
Merge pull request #188 from rbalint/pot

Allow translation of new strings by adding new files to POTFILES.in

5 years agoMerge pull request #187 from jubalh/useradd-s
Serge Hallyn [Tue, 12 Nov 2019 00:10:56 +0000 (18:10 -0600)] 
Merge pull request #187 from jubalh/useradd-s

useradd: check for valid shell argument

5 years ago[i18n] Allow translation of new strings by adding new files to POTFILES.in 188/head
Miroslav Kure [Mon, 11 Nov 2019 15:43:44 +0000 (16:43 +0100)] 
[i18n] Allow translation of new strings by adding new files to POTFILES.in

5 years agouseradd: check for valid shell argument 187/head
Michael Vetter [Mon, 11 Nov 2019 12:10:51 +0000 (13:10 +0100)] 
useradd: check for valid shell argument

Check whether shell argument given with `-s` is actually present and executable.
And is not a directory.

Fix https://github.com/shadow-maint/shadow/issues/186

5 years agoMerge pull request #184 from FRidh/itstool
Serge Hallyn [Tue, 5 Nov 2019 14:58:13 +0000 (08:58 -0600)] 
Merge pull request #184 from FRidh/itstool

man: generate translations using itstool instead of xml2po

5 years agoman: generate translations using itstool instead of xml2po 184/head
Frederik Rietdijk [Sun, 3 Nov 2019 08:51:07 +0000 (09:51 +0100)] 
man: generate translations using itstool instead of xml2po

This patch was taken from Fedora Rawhide
https://src.fedoraproject.org/rpms/shadow-utils/raw/b41cff195605b29af23d2ad62a60ddc5a2d89786/f/shadow-4.6-use-itstool.patch

5 years agoMerge pull request #183 from cgzones/selinux
Serge Hallyn [Tue, 29 Oct 2019 04:40:06 +0000 (23:40 -0500)] 
Merge pull request #183 from cgzones/selinux

migrate to new SELinux api

5 years agomigrate to new SELinux api 183/head
Christian Göttsche [Tue, 15 Oct 2019 21:33:54 +0000 (23:33 +0200)] 
migrate to new SELinux api

Using hard-coded access vector ids is deprecated and can lead to issues with custom SELinux policies.
Switch to `selinux_check_access()`.

Also use the libselinux log callback and log if available to audit.
This makes it easier for users to catch SELinux denials.

Drop legacy shortcut logic for passwd, which avoided a SELinux check if uid 0 changes a password of a user which username equals the current SELinux user identifier.
Nowadays usernames rarely match SELinux user identifiers and the benefit of skipping a SELinux check is negligible.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
5 years agoremove unused fn commonio_next
Serge Hallyn [Sun, 13 Oct 2019 01:00:17 +0000 (20:00 -0500)] 
remove unused fn commonio_next

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agocompile warnings: Zflg unused when !selinux
Serge Hallyn [Sun, 13 Oct 2019 00:58:11 +0000 (19:58 -0500)] 
compile warnings: Zflg unused when !selinux

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoremove unused variables
Serge Hallyn [Sun, 13 Oct 2019 00:57:12 +0000 (19:57 -0500)] 
remove unused variables

parent, user_id, and group_id are unused.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
5 years agoMerge pull request #181 from pan93412/master
Serge Hallyn [Mon, 7 Oct 2019 14:00:19 +0000 (09:00 -0500)] 
Merge pull request #181 from pan93412/master

l10n(zh_TW): update translations

5 years agol10n(zh_TW): update translations 181/head
pan93412 [Mon, 7 Oct 2019 10:26:33 +0000 (18:26 +0800)] 
l10n(zh_TW): update translations

5 years agoMerge pull request #180 from thkukuk/libeconf
Serge Hallyn [Sun, 6 Oct 2019 03:34:29 +0000 (22:34 -0500)] 
Merge pull request #180 from thkukuk/libeconf

Add support for a vendor directory and libeconf

5 years agoAdd support for a vendor directory and libeconf 180/head
Thorsten Kukuk [Fri, 20 Sep 2019 08:27:31 +0000 (10:27 +0200)] 
Add support for a vendor directory and libeconf

With this, it is possible for Linux distributors to store their
supplied default configuration files somewhere below /usr, while
/etc only contains the changes made by the user. The new option
--enable-vendordir defines where the shadow suite should additional
look for login.defs if this file is not in /etc.
libeconf is a key/value configuration file reading library, which
handles the split of configuration files in different locations
and merges them transparently for the application.

5 years agoMerge pull request #177 from edneville/conflicts_between_system_users_useradd_and_pwck
Serge Hallyn [Sun, 6 Oct 2019 03:08:08 +0000 (22:08 -0500)] 
Merge pull request #177 from edneville/conflicts_between_system_users_useradd_and_pwck

pwck.c: only check home dirs if set and not a system user

5 years agopwck.c: only check home dirs if set and not a system user 177/head
ed [Sun, 25 Aug 2019 19:11:24 +0000 (20:11 +0100)] 
pwck.c: only check home dirs if set and not a system user

Closes #126

Changelog: pwck, better to look at array than to use strnlen.

5 years agoMerge pull request #176 from edneville/force_bad_name
Serge Hallyn [Fri, 4 Oct 2019 23:41:39 +0000 (16:41 -0700)] 
Merge pull request #176 from edneville/force_bad_name

chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that…

5 years agochkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that do not conform... 176/head
ed [Fri, 23 Aug 2019 20:42:37 +0000 (21:42 +0100)] 
chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that do not conform to standards

Closes #121.

Changelog: squashed commits fixing tab style
Changelog: update 'return true' to match file's style (no parens).

5 years agolib/sgetgrent.c: change to warn when data remains
ed@s5h.net [Thu, 22 Aug 2019 17:18:31 +0000 (18:18 +0100)] 
lib/sgetgrent.c: change to warn when data remains

5 years agosgetpwent.c/sgetgrent.c: check for additional data at end of line
ed@s5h.net [Wed, 21 Aug 2019 19:47:11 +0000 (20:47 +0100)] 
sgetpwent.c/sgetgrent.c: check for additional data at end of line

5 years agoMerge branch 'master' of git+ssh://github.com/shadow-maint/shadow
Serge Hallyn [Fri, 4 Oct 2019 23:28:34 +0000 (18:28 -0500)] 
Merge branch 'master' of git+ssh://github.com/shadow-maint/shadow

5 years agoMerge pull request #173 from edneville/issue_105_106
Serge Hallyn [Thu, 8 Aug 2019 03:44:51 +0000 (22:44 -0500)] 
Merge pull request #173 from edneville/issue_105_106

useradd.c: including directory name in directory existence error message

5 years agoMerge pull request #172 from edneville/master
Serge Hallyn [Thu, 8 Aug 2019 03:42:03 +0000 (22:42 -0500)] 
Merge pull request #172 from edneville/master

chage.c: add support for YYYY-MM-DD date printing

5 years agoMerge pull request #171 from falconindy/master
Serge Hallyn [Thu, 8 Aug 2019 03:39:08 +0000 (22:39 -0500)] 
Merge pull request #171 from falconindy/master

Honor --sbindir and --bindir for binary installation

5 years agosrc/useradd.c: including directory name in dir existence error. Prefixing output... 173/head
ed [Wed, 7 Aug 2019 18:41:12 +0000 (19:41 +0100)] 
src/useradd.c: including directory name in dir existence error. Prefixing output lines with program name.

5 years agochage.c: add support for YYYY-MM-DD date printing 172/head
ed [Tue, 6 Aug 2019 18:36:42 +0000 (19:36 +0100)] 
chage.c: add support for YYYY-MM-DD date printing

5 years agoHonor --sbindir and --bindir for binary installation 171/head
Dave Reisner [Fri, 2 Aug 2019 22:45:19 +0000 (18:45 -0400)] 
Honor --sbindir and --bindir for binary installation

Some distros don't care about the split between /bin, /sbin, /usr/bin,
and /usr/sbin, so let them easily stuff binaries wherever they want.

5 years agoFix failing chmod calls on installation for suidubins
Dave Reisner [Wed, 31 Jul 2019 17:09:36 +0000 (13:09 -0400)] 
Fix failing chmod calls on installation for suidubins

suidubins should be suidusbins, since these binaries are installed
${prefix}/sbin. This historically hasn't broken the build because
chmod of newgidmap/newuidmap succeeds, causing make to think the command
succeeded. Configuring shadow with --with-fcaps removes these final two
entries and exposes the chmod failure to make.