| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Add conditional -lutil to runuser when needed to avoid linking error.
login-utils/su-common.o: In function `pty_create':
login-utils/su-common.c:269: undefined reference to `openpty'
login-utils/su-common.c:273: undefined reference to `openpty'
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
|
| |
* add --disable-makeinstall-chown to travis non-root mode
* use "if MAKEINSTALL_DO_SETUID" for chown root:root
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
| |
Make sure SUIDs are really owned by root.
Reported-by: L A Walsh <lkml@tlinx.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
| |
The readline offers editing capabilities while the user is entering the
line, unlike fgets(3) and getline(3) that were used earlier.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
| |
This reverts commit 8e4925016875c6a4f2ab4f833ba66f0fc57396a2.
Stupid hack...
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch add libseccomp based syscalls filter to disable TIOCSTI
ioctl in su/runuser children.
IMHO it is not elegant solution due to dependence on libseccomp
(--without-seccomp if hate it)... but there is nothing better for now.
Addresses: CVE-2016-2779
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Newer 'struct utmp' is using 'struct timeval' to represent login and logout
times, so include the maximum accuracy to textual utmp format. Notice that
this change does not remove support of converting earlier textual formats
back to binary. But conversions from binary to former format will no longer
be available.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
|
|
| |
We were missing our nice compliler warnings for many programs
and libs. See next commits how many trivial and non-trival
warnings have to be fixed.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
|
| |
|
|
|
|
|
|
| |
This was a major showstopper when building on a system where
LTLIBINTL libs are needed (e.g. OSX). Maybe there are a few test
programs which wouldn't need LDADD ... never mind.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
|
| |
|
|
|
|
|
|
|
| |
The last/lastb(1) from sysvinit has been around for about two years,
and the better implementation is already part of releases 2.24 to 2.26.
It should be safe to remove the unused last code from the source tree.
Reference: ce60272039ea11952b15fefb653892dd0da02217
Signed-off-by: Sami Kerola <sami.kerola@lastminute.com>
|
| |
|
|
|
|
|
|
| |
* check for timer_create()
* define dependence on timer_create() for flock
* rename CLOCKGETTIME_LIBS to REALTIME_LIBS
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
| |
Reference: http://man7.org/linux/man-pages/man5/login.defs.5.html
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=138519
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
OpenPAM is compatible with util-linux, with a few changes, namely
using OpenPAM's conversation function, openpam_ttyconv.
We check for Linux-PAM by querying for security/pam_misc.h, and OpenPAM
by querying for security/openpam.h.
Signed-off-by: Will Johansson <will.johansson@gmail.com>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
| |
Co-Author: Ondrej Oprala <ooprala@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Ondrej Oprala <ooprala@redhat.com>
|
| |
|
|
| |
Signed-off-by: Ondrej Oprala <ooprala@redhat.com>
|
| |
|
|
|
|
|
|
| |
clock_gettime() needs -lrt, so let's keep this stuff
outside libcommon.la
Reported-by: Ruediger Meier <sweet_f_a@gmx.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
| |
Currently it's maintained as distro specific (or people use impolite
/bin/false way).
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
|
|
|
| |
This commit also changes the line count to use unsigned integers, as
negative numbers in this context does not make sense.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Ondrej Oprala <ooprala@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* rename --disable-require-password to --disable-chsh-chfn-password
* is_local() is really unnecessary when linked with libuser
* fix set_value_libuser() returns codes
* fix chfn.c, there is no 'pw', but oldf.pw
* don't link with PAM when--disable-chsh-chfn-password
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is based directly on lchsh which is a part of libuser. libuser.{c,h}
exist because exactly the same code is needed for both chsh and chfn.
[kzak@redhat.com: cleanup err() usage]
Signed-off-by: Cody Maloney <cmaloney@theoreticalchaos.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
| |
This makes it easier to add support for libuser, which needs the same PAM
authentication. Also removes duplicate code between chsh and chfn.
Signed-off-by: Cody Maloney <cmaloney@theoreticalchaos.com>
|
| |
|
|
| |
Signed-off-by: Cody Maloney <cmaloney@theoreticalchaos.com>
|
| |
|
|
|
|
|
|
| |
- move struct chardata to include/ttyutils.h
- move console.{h,c} to login-utils/sulogin-* (it's sulogin specific)
- fix sulogin and agetty includes
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
| |
login(1) uses tty name (!= path) in the syslog messages.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This command is based on su(1), the differences:
- based on Fedora runuser su(1) patch
- not installed with suid rights
- allowed for root users only
- don't ask for password
- uses PAM session, for example:
$ cat /etc/pam.d/runuser
auth sufficient pam_rootok.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session required pam_unix.so
$ cat /etc/pam.d/runuser-l
auth include runuser
session optional pam_keyinit.so force revoke
session include runuser
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
| |
Thanks to Mike Frysinger.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
|
|
| |
The global variable $(LDADD) is always used if program_LDADD is
not specified. Let's use $LDADD everywhere to avoid exceptions for
people who need to specify global $LDADD.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
