| Commit message (Collapse) | Author | Age | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
strftime(3) makes no guarantees about the contents of the buffer if the
formatted string wouldn't fit in the buffer. It simply returns 0, and
it's the programmer's responsibility to do the right thing after that.
Let's write the string "future" if there's an error, similar to what we
do with gmtime(3)'s errors.
Also, `buf[size - 1] = '\0';` didn't make sense. If the copy fits,
strftime(3) guarantees to terminate with NUL. If it doesn't, the entire
contents of buf are undefined, so adding a NUL at the end of the buffer
would be dangerous: the string could contain anything, such as
"gimme root access now". Remove that, now that we set the string to
"future", as with gmtime(3) errors. This setting to '\0' comes from the
times when we used strncpy(3) in the implementation, and should have
been removed when I changed it to use strlcpy(3); however, I didn't
check we didn't need it anymore.
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
| |
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
| |
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
| |
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
| |
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
| |
It is a wrapper around STRTCPY(), so use a proper name.
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's been a very long and interesting discussion in linux-man@ and
libc-alpha@, where we've discussed all the string-copying functions,
their pros and cons, when should each be used and avoided, etc.
Paul Eggert pointed out an important problem of strlcpy(3): it is
vulnerable to DoS attacks if an attacker controls the length of the
source string. And even if it doesn't control it, the function is dead
slow (because its API forces it to calculate strlen(src)).
We've agreed that the general solution for a truncating string-copying
function is to write a wrapper over strnlen(3)+memcpy(3), which is
limited to strnlen(src, sizeof(dst)). This is not vulnerable to DoS,
and is very fast for all buffer sizes. string_copying(7) has been
updated to reflect this, and provides a reference implementation for
this wrapper function.
This strtcpy(3) (t for truncation) wrapper happens to have the same API
that our strlcpy_() function had, so replace it with the better
implementation. We don't need to update callers nor tests, since the
API is the same.
A future commit will rename STRLCPY() to STRTCPY(), and replace
remaining calls to strlcpy(3) by calls to this strtcpy(3).
Link: <https://lore.kernel.org/linux-man/ZU4SDh-Se5gjPny5@debian/T/#mfb5a3fdeb35487dec6f8d9e3d8548bd0d92c4975/>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
| |
To return an error code, we need ssize_t.
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
|
|
| |
This test fails now, due to a bug: the return type of strlcpy_() is
size_t, but it should be ssize_t. The next commit will pass the test,
by fixing the bug.
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
| |
These where hard coded, make them definable like SHADOW_FILE
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libbsd is unwanted in Fedora and RHEL, and the recently released Fedora
39 doesn't contain this dependency in the base image.
shadow removed libbsd from its dependencies for Fedora 39, so let's
build without it to avoid compilation errors.
Resolves: https://github.com/shadow-maint/shadow/issues/839
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
|
| |
free(NULL) is valid; there's no need to check for NULL. Simplify.
Fixes: 5178f8c5afb6 ("utmp: call prepare_utmp() even if utent is NULL")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
| |
These can be used to verify releases.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
|
| |
|
|
|
|
|
|
| |
Support for `--prefix` was added in
https://github.com/shadow-maint/shadow/pull/714 and is available since
shadow 4.14.0.
Close https://github.com/shadow-maint/shadow/issues/822
|
| |
|
|
|
|
|
|
| |
copydir.c:429:4: warning: Value stored to 'err' is never read [deadcode.DeadStores]
Also reduce indentation by bailing out early.
(cherry picked from commit d89f2fb06d1b81b56299f9d0bfe7a927a2282f19)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Closes #746
Only print the 'unknown item' message to syslog if we are
actually parsing a login.defs. Prefix it with "shadow:" to make
it clear in syslog where it came from.
Also add the source filename to the console message. I'm not
quite clear on the econf API, so not sure whether in that path we
will end up actually having the path, or printing ''.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
|
| |
|
|
|
| |
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
| |
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is not just a style issue. This should be a hard error, and never
compile. ISO C89 already had this feature as deprecated. ISO C99
removed this deprecated feature, for good reasons. If we compile
ignoring this warning, shadow is not going to behave well.
Cc: Sam James <sam@gentoo.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
| |
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
asprintf(3) is non-standard, but is provided by GNU, the BSDs, and musl.
That makes it portable enough for us to use.
This function is much simpler than the burdensome code for allocating
the right size. Being simpler, it's thus safer.
I took the opportunity to fix the style to my preferred one in the
definitions of variables used in these calls, and also in the calls to
free(3) with these pointers. That isn't gratuituous, but has a reason:
it makes those appear in the diff for this patch, which helps review it.
Oh, well, I had an excuse :)
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
| |
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
|
|
| |
Link: <https://github.com/shadow-maint/shadow/pull/816>
Suggested-by: Iker Pedrosa <ipedrosa@redhat.com>
Acked-by: Andreas Schneider <https://github.com/cryptomilk>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
|
|
| |
As other x...() wrappers around functions that allocate, these wrappers
are like [v]asprintf(3), but exit on failure.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
| |
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
|
|
|
|
| |
Badnames still accepted, note that previously usage already stated
singular form, whilst manpage and real one was plural only.
Fixes: 45d6746219 ("src: correct "badname" option")
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
|
| |
|
|
| |
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
|
| |
|
|
|
|
|
| |
Sad to remove this file, but things are going on and it doesn't seem to
be up to date.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
| |
The file isn't up to date with the latest development, the last change
was made 15 years ago, so I'm removing it.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
| |
It isn't used anywhere so let's remove it.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
| |
Another file that I remove with sadness. We were unable to complete the
first item but we are working hard on it.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
| |
I remove this file with sadness, as it contains data from old times.
Unfortunately, this data is no longer relevant. The source code
management tool will keep it in memory.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
| |
Keeping a patch for a file no longer maintained is a bad idea, so I'm
removing it.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
| |
I guess we are keeping this for historical purposes more than anything
else. If so, anybody can check the git history to recover the
specification.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
| |
Having source code in a compressed file doesn't seem like a good idea. I
checked several distributions and they don't distribute this binary, so
let's remove it.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
| |
The patch is never applied upstream. If I were to take a gamble, I would
even say that it throws an error when trying to patch.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
| |
Not sure what this file is exactly, but there's already a groupmems.c
that should generate the binary responsible for managing the members of
a user's primary group.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
| |
AFAIK, it isn't included in any distribution and it isn't used
internally in the project, so let's remove it.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
| |
We stopped using the CI relying on this folder and moved to Github's, so
I'm removing these files.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
| |
Fixes: 74c17c716 ("Add support for skeleton files from /usr/etc/skel")
Signed-off-by: Johannes Segitz <jsegitz@suse.com>
|
| |
|
|
|
|
|
| |
Brief description of the unit testing framework and how to create test
cases with it.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
| |
Run `make check` after the project is built in every runner.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Simple test to check the recently implemented logind functionality. It
also contains the changes to the build infrastructure, and the
gitignore.
Resolves: https://github.com/shadow-maint/shadow/issues/790
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
| |
Prepare the ground for unit tests.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
|
|
| |
Check for arithmetic overflows when computing offsets to avoid file
corruptions for huge UIDs.
Refactor the file lookup into a separate function.
|
| |
|
|
|
|
|
|
|
|
| |
update_utmp() should also return 0 when success.
Fixes: 1f368e1c1838de9d476a36897d7c53394569de08 ("utmp: update
`update_utmp()")
Resolves: https://github.com/shadow-maint/shadow/issues/805
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
| |
|
|
|
| |
Both gr_open and sgr_open are using commonio_open function and when
there is a failure this function sets errno accordingly.
|
| |
|
|
|
|
|
| |
It is provided by glibc, musl, and FreeBSD.
Reported-by: Sam James <sam@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
|
| |
Closes: <https://github.com/shadow-maint/shadow/issues/797>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
| |
|
|
| |
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
