Add a signed wrapper around mock() which returns a signed integer.
This makes it possible to compare the return value with literal -1.
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
It is usually a sign of deep errors. We really want to avoid them.
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Consistently using a signed type allows us to avoid sign-mismatch
diagnostics, while keeping the code simple. It feels weird to
accept a ssize_t instead of a size_t, but it's a matter of getting
used to it.
Another way to achieve this with a single 'len' variable and no casts
would be to compare against SIZE_MAX, but that's less readable than -1.
Or one could write a SIZE_C() macro a la UINT64_C(), and compare the
size_t against SIZE_C(-1), but that's still suboptimal (regarding
readability) compared to consistently using signed size types.
Fixes: b9d00b64a19f (2024-12-09; "lib/fs/readlink/readlinknul.h: readlinknul(): Silence warning")
Acked-by: Serge Hallyn <serge@hallyn.com>
Cc: Martin Uecker <uecker@tugraz.at>
Cc: "Robert C. Seacord" <rcseacord@gmail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Since c8e8557803f3 (2025-01-21; "ci: add openSUSE Tumbleweed") we also
run openSUSE in CI. Since the set may grow let's not list each of them
in the documentation.
Auditing has been broken for a long time upstream and Fedora had some
downstream patches that fixed it, upstreaming that content to fix the
problem for everybody.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Auditing has been broken for a long time upstream and Fedora had some
downstream patches that fixed it, upstreaming that content to fix the
problem for everybody.
The audit of a user is performed through the AUDIT_USER_* macros.
Similarly, the audit of a group is performed through the AUDIT_GRP_*
macros. Part of the audit performed for groups was incorrectly labeled
as a user, and therefore some changes needed to be made to label them
correctly.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
This partially reverts commit 16cb664865541162c504a6f5ef5ca4b38b5e0c9a.
I'll try to reintroduce this change more carefully.
For now, let's revert to a known-good state.
The problem was due to accidentally ignoring the effects of the 'break'
on the 'cp' variable.
Fixes: 16cb66486554 (2024-07-01; "lib/, src/: Use strsep(3) instead of its pattern")
Closes: <https://github.com/shadow-maint/shadow/issues/1210>
Link: <https://github.com/shadow-maint/shadow/pull/1213>
Link: <https://github.com/shadow-maint/shadow/pull/1212>
Reported-by: Chris Hofstaedtler <zeha@debian.org>
Suggested-by: Chris Hofstaedtler <zeha@debian.org>
Tested-by: Chris Hofstaedtler <zeha@debian.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Statically set PASSWD_PROGRAM depending on exec_prefix, and not by where
the passwd program was at configure time.
Depending on the specific build situation before, this may or may not
change the embedded passwd program path. Also configure.ac sets
exec_prefix=/ for prefix=/usr, so this might be a bit confusing, but
at least deterministic.
Closes: #1224
Signed-off-by: Chris Hofstaedtler <zeha@debian.org>
There is exactly one caller of this function, and it wants a date, not a
time. It is useless to be able to parse local dates, because we
ultimately store a UTC date. To avoid confusion, unconditionally use
UTC. Since this code had important bugs regarding offset, we can safely
assume that no existing users rely on being able to use their local
date (this never worked correctly).
Also, the code parsing time zones is quite bad, for today's standards.
Link: <https://github.com/shadow-maint/shadow/issues/1202>
Link: <https://github.com/shadow-maint/shadow/issues/1209>
Reported-by: Chris Hofstaedtler <zeha@debian.org>
Reported-by: Tim Parenti <tim@timtimeonline.com>
Reported-by: Lee Garrett <lgarrett@rocketjump.eu>
Cc: Gus Kenion <https://github.com/kenion>
Cc: Michael Vetter <jubalh@iodoru.org>
Cc: Paul Eggert <eggert@cs.ucla.edu>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Brian Inglis <Brian.Inglis@SystematicSW.ab.ca>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Note that the old code in
(1) lib/strtoday.c:strtoday()
(2) lib/subordinateio.c:append_uids()
was considering an empty string as if it were a number.
strisdigit() does not consider an empty string to be numeric.
I think it will not affect the behavior in either case, as they should
sooner or later result in an error somewhere. And it seems (IMO)
surprising to treat empty strings as numeric strings, so let's not do
it.
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This provides a safer and more consistent API.
We had the strrspn(3) function as it was for compatibility with Oracle
Solaris, but let's not repeat their mistake. Nevertheless, name our
function strrspn_() with a trailing underscore, to differentiate it from
the one in Solaris, since it's slightly different.
Signed-off-by: Alejandro Colomar <alx@kernel.org>
These APIs are to strrspn(), like strcspn() is to strspn().
They are like strcspn(3), but search from the end of the string.
The function is meant for internal use, and consistency with libc.
The macro is meant for normal use, since it returns a pointer,
which is what algorithms using this need.
See also strspn(3) and strcspn(3).
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Wrappers like adduser(8) want to do their own stuff if the login name is
bad. For that, they need to be able to differentiate such an error.
Closes: <https://github.com/shadow-maint/shadow/issues/1103>
Suggested-by: Chris Hofstaedtler <zeha@debian.org>
Cc: Marc 'Zugschlus' Haber <mh+githubvisible@zugschlus.de>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
We don't read the parameter at all. Remove it.
As a consequence, all the PW_* constants are also removed (as they are
now unused).
Signed-off-by: Alejandro Colomar <alx@kernel.org>
pw_auth()'s $4 was always being specified as NULL. Remove the
parameter. Instead, set a local variable to NULL at function entry, and
remove code that never runs (conditional on $4 != NULL).
Reviewed-by: Sam James <sam@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This fixes a problem when the shell is not in monitor mode (job control
enabled) which resulted in the terminal pgrp being set to an invalid
value once vipw exited.
Fixes: 7eca1112fbd7 (2019-11-11; "Fix vipw not resuming correctly when suspended")
Closes: <https://github.com/shadow-maint/shadow/issues/1194>
Reported-by: <https://github.com/yonecle>
Tested-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
