| Commit message (Collapse) | Author | Age | Lines |
|
|
|
|
|
|
|
|
|
| |
Users may otherwise be confused and think that because the kernel
does not restrict uid mappings to the root user (within his
current uid mappings), newuidmap will ignore /etc/subuid for the
root user. It will not.
Reported-by: Philippe Grégoire <gregoirep@hotmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The number of ranges should be the ceiling of the number of arguments divided
by three.
Without this fix newuidmap and newgidmap always report and error and fail,
which is very much not what we want.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
|
|
|
|
|
| |
* src/vipw.c: After waitpid(), use errno only if waitpid returned
-1. Debian#688260
* src/vipw.c: Likewise for system().
|
|
|
|
| |
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
|
|
|
| |
* po/ja.po: Updated to 558t
|
|
|
|
|
|
| |
Note that they may be used only once for a given process.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
|
|
|
|
| |
* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
|
|
|
|
|
| |
* man/newgrp.1.xml: Fix encoding.
* man/sg.1.xml: Likewise.
|
|
|
|
|
|
|
|
|
|
|
| |
* man/po/da.po: Unfuzzy according to previous change.
* man/po/de.po: Likewise.
* man/po/fr.po: Likewise.
* man/po/it.po: Likewise.
* man/po/pl.po: Likewise.
* man/po/ru.po: Likewise.
* man/po/sv.po: Likewise.
* man/po/zh_CN.po: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* man/chage.1.xml: Add a non breaking space between options and
their parameter because xml2po removes those spaces. Alioth#314401
* man/chfn.1.xml: Likewise.
* man/chgpasswd.8.xml: Likewise.
* man/chpasswd.8.xml: Likewise.
* man/chsh.1.xml: Likewise.
* man/faillog.8.xml: Likewise.
* man/gpasswd.1.xml: Likewise.
* man/groupadd.8.xml: Likewise.
* man/groupdel.8.xml: Likewise.
* man/groupmems.8.xml: Likewise.
* man/groupmod.8.xml: Likewise.
* man/grpck.8.xml: Likewise.
* man/lastlog.8.xml: Likewise.
* man/newusers.8.xml: Likewise.
* man/passwd.1.xml: Likewise.
* man/pwck.8.xml: Likewise.
* man/pwconv.8.xml: Likewise.
* man/su.1.xml: Likewise.
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/vipw.8.xml: Likewise.
|
|
|
|
|
| |
* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
|
|
|
|
| |
* man/po/de.po: Fix encoding.
|
|
|
|
| |
* lib/subordinateio.c (subordinate_next): Fix return value.
|
|
|
|
|
| |
* libmisc/idmapping.c: Include <stdio.h> needed for fprintf() and
stderr.
|
| |
|
|
|
|
|
|
|
|
| |
* man/login.defs.d/SUB_GID_COUNT.xml: Document newusers behavior
when the user already have subordinate group IDs.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo (MAX<->MIN).
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
|
|
|
|
|
| |
* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
when option -v/-V (-w/-W) are provided.
|
|
|
|
|
| |
* src/usermod.c: Fix parse of ranges. The hyphen might be followed
by a negative integer.
|
|
|
|
|
| |
* lib/subordinateio.c (find_free_range): max is allowed for new
ranges.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libmisc/find_new_sub_gids.c: Remove dead code.
find_new_sub_gids() is always called with *range_count set to 0.
It's more difficult to keep the subordinate GIDs and UIDs
synchronized, than for the user's UID/GId because the count of
subordinate IDs may differ.
* libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Remove APIs that are
no more needed: is_sub_uid_range_free(), is_sub_gid_range_free(),
is_range_free().
|
|
|
|
|
| |
* configure.in: Check if sizeof uid_t and gid_t is larger than 32
bit to support subordinate IDs.
|
|
|
|
|
|
| |
* lib/subordinateio.c: Avoid implicit conversion of pointers and
integers to booleans.
* lib/subordinateio.c: Added brackets.
|
|
|
|
| |
* lib/subordinateio.c: Add schematics with ranges to help reviews.
|
|
|
|
|
|
| |
* lib/subordinateio.c: Avoid dead branches.
Note: code is equivalent.
|
| |
|
|
|
|
|
| |
* src/vipw.c: Fail in case arguments are provided after options.
Debian#677812
|
|
|
|
|
| |
* lib/subordinateio.c: Fix count for ranges truncated in
remove_range().
|
|
|
|
|
|
|
| |
* src/su.c: Terminate the child (if needed) before closing the PAM
session. This is probably more correct, and avoid reporting
termination from signals possibly sent by PAM modules (e.g. former
versions of pam_systemd). Debian#670132
|
|
|
|
|
|
|
| |
* src/su.c: When a SIGTSTP is caught, reset caught to 0. There is
no need to kill the child in such case after su is resumed. This
remove the "Session terminated, terminating shell...
...terminated." messages in such case.
|
|
|
|
|
|
| |
* man/newgidmap.1.xml: Document the checks performed before
setting the mapping in /proc.
* man/newuidmap.1.xml: Likewise.
|
|
|
|
|
|
|
|
| |
* libmisc/idmapping.h: Document what the upper and lower fields
are in struct map_range.
* man/newgidmap.1.xml: Document when the gid, gidlower and count
argument are.
* man/newuidmap.1.xml: Likewise for uid, uidlower and count.
|
|
|
|
|
|
| |
* libmisc/salt.c (shadow_random): Use long instead of size_t.
Compatibility with size_t is easier to check since it's used for
smaller numbers (salt size).
|
|
|
|
|
|
|
|
| |
* lib/groupmem.c: Add splint annotations. The added memset makes
splint think data was allocated.
* lib/pwmem.c: Likewise.
* lib/sgroupio.c: Likewise.
* lib/shadowmem.c: Likewise.
|
|
|
|
|
|
| |
* man/login.defs.d/SUB_GID_COUNT.xml: Document that the behavior
of useradd and newusers depends on the existence of /etc/subgid.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise for /etc/subuid.
|
|
|
|
|
|
| |
* src/useradd.c: Change message in case of find_new_sub_uids /
find_new_sub_gids failure. This complements the messages already
provided by these APIs.
|
|
|
|
|
|
| |
* lib/subordinateio.c: Fix handling of boundaries.
* libmisc/find_new_sub_uids.c: Likewise.
* libmisc/find_new_sub_gids.c: Likewise.
|
|
|
|
|
| |
* lib/subordinateio.c: Fix removal of ranges. The database needs
to be marked as changed or commonio_close will discard any change.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* man/newusers.8.xml: Include documentation of SUB_GID_MIN,
SUB_GID_MAX, SUB_GID_COUNT, SUB_UID_MIN, SUB_UID_MAX,
SUB_UID_COUNT.
* man/useradd.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/newusers.8.xml: Document usage of /etc/subgid /etc/subuid.
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/newusers.8.xml: Add references to subgid(5) and subuid(5).
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/subgid.5.xml: Sort references alphabetically.
* man/subuid.5.xml: Likewise.
* man/subgid.5.xml: Add references to newusers(8), useradd(8),
userdel(8), usermod(8), user_namespaces(7).
* man/subuid.5.xml: Likewise.
|
|
|
|
|
| |
* man/newgidmap.1.xml: Sort references alphabetically.
* man/newuidmap.1.xml: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
|
| |
|
| |
|
|
|
|
| |
* libmisc/salt.c: Remove unused variable.
|
|
|
|
|
| |
* libmisc/utmp.c: Add include files needed for getaddrinfo().
See Alioth#314271
|
|
|
|
|
|
|
|
| |
rlogin support is old school code, so newer C libraries drop support for
ruserok (like uClibc, optionally). But shadow doesn't build with that,
so have it check for ruserok to optionally enable rlogin.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
| |
* man/usermod.8.xml: Fix typos and wording.
* man/usermod.8.xml: Add references to subgid(5) and subuid(5).
|
|
|
|
|
|
| |
* libmisc/find_new_sub_gids.c: Fix wording: secondary ->
subordinate.
* libmisc/find_new_sub_uids.c: Likewise.
|
|
|
|
|
| |
* libmisc/find_new_sub_gids.c: Remove duplicate check (duplicate
at least in its intent).
|
|
|
|
| |
* src/usermod.c: Fix typos.
|
|
|
|
|
| |
* man/subgid.5.xml: Reorder words.
* man/subuid.5.xml: Likewise.
|