Compare commits

..

1305 Commits

Author SHA1 Message Date
nekral-guest 499c6f7938 Tag release 4.1.4.2 2009-07-24 16:22:16 +00:00
nekral-guest e568b9e435 * NEWS, configure.in: Prepare for the next release 4.1.4.2.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
	* po/*.po, man/po/*.po: Updated PO files.
2009-07-24 01:13:21 +00:00
nekral-guest 36ef489fe1 * configure.in: Fixed definition of the SHELL configuration. 2009-07-23 21:02:03 +00:00
nekral-guest 65741533ca * etc/login.defs: SYS_GID_MIN /SYS_UID_MIN changed from 100 to
101. GID 100 seems to be used statically.
2009-07-23 20:41:35 +00:00
nekral-guest 93ce5304fe Added a TODO item for /etc/defautl/useradd 2009-07-23 19:40:53 +00:00
nekral-guest 355e31d19d Added one todo item. 2009-07-23 19:40:00 +00:00
nekral-guest 24cfe44b07 * libmisc/shell.c, src/su.c: Execute the scripts with "sh -"
rather than "sh".
2009-07-22 13:35:57 +00:00
nekral-guest db38a728d1 * configure.in, libmisc/shell.c, libmisc/setupenv.c, src/newgrp.c,
src/su.c: Let the system shell be configurable.
2009-07-22 13:30:06 +00:00
nekral-guest 4ad827768e * NEWS, src/su.c, libmisc/shell.c: Added support for shells being a
shell script without a shebang.
2009-07-20 14:00:50 +00:00
bubulle b04c2d7e99 And fix a typo in French..:) 2009-07-19 11:54:44 +00:00
bubulle cb550dae17 Fix obvious mistake in Dutch translation 2009-07-19 11:53:49 +00:00
nekral-guest 56c7096000 2009-07-18 Peter Vrabec <pvrabec@redhat.com>
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Since
	system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
	reverse order, accounts are packed close to SYS_?ID_MAX if
	SYS_?ID_MIN is already used but there are still dome gaps.
2009-07-18 00:35:35 +00:00
nekral-guest b0bcb01888 * NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not use
getpwent / getgrent for system accounts. Trying the low-IDs with
	getpwuid / getgrgid should be more efficient on LDAP configured
	systems with many accounts.
2009-07-17 22:54:23 +00:00
nekral-guest f7257fafe1 * po/eu.po: Updated Basque translation. 2009-07-05 20:13:41 +00:00
nekral-guest 616ed68b48 * man/fi/Makefile.am: Stop distributing the Finnish translation of
passwd.1 (outdated).
2009-06-22 19:23:42 +00:00
nekral-guest 7e96d749e4 * man/pwck.8.xml: The shadow file is optional.
* man/pwck.8.xml: Updated description of the checks. Added
	description of the shadow checks.
	* man/pwck.8.xml: Updated description of the checks.
2009-06-20 13:02:33 +00:00
nekral-guest 885692e3c5 * man/po/fr.po: Fixed typo (forunis) 2009-06-14 12:47:41 +00:00
nekral-guest bbb2a1522f * lib/fputsx.c: Compare the result of fgets() with the provided
buffer instead of NULL.
2009-06-12 20:20:45 +00:00
nekral-guest ae00a3579c * lib/gshadow.c: Removed limitation on the length of the gshadow
lines.
	* lib/gshadow.c: Compare the result of fgetsx() with the provided
	buffer instead of NULL.
2009-06-12 17:50:24 +00:00
nekral-guest fa69d08d13 * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c,
libmisc/xgetpwuid.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Do
	not limit the size of the buffer to hold the group or user
	structure. It used to be limited to 16k, which caused issues with
	groups having many users.
2009-06-11 21:33:00 +00:00
nekral-guest 7d5d9c1841 * src/su.c, man/su.1.xml: The default behavior (without -p or
--login) is to copy most of the environment variables. Revert a
	previous change and update the documentation.
2009-06-11 20:01:21 +00:00
nekral-guest 80907f451b * man/passwd.5.xml, man/shadow.5.xml: Document the passwd- and
shadow- files.
2009-06-06 11:21:15 +00:00
nekral-guest f4f6300499 * NEWS, src/su.c: Preserve the DISPLAY and XAUTHORITY environment
variables, even with --login. This was not the case before in the
	PAM version.
2009-06-05 22:19:38 +00:00
nekral-guest d6f18c207e * src/useradd.c, src/groupmod.c, src/groupadd.c, src/faillog.c:
Fix typos. Take this opportunity to split the usage messages into
	smaller messages (one per option).
	* src/pwck.c: Fix typo.
2009-06-05 22:16:56 +00:00
nekral-guest 35c0b2cb47 * man/passwd.1.xml: The short option for --mindays is -n, not -m. 2009-06-05 21:14:12 +00:00
nekral-guest d07e4b8e32 Updated previous documentation of the environment variables handling. 2009-06-04 20:47:50 +00:00
nekral-guest 0762426c4d * .gitignore, man/.gitignore, src/.gitignore: Added .gitignore
files.
2009-06-04 20:08:11 +00:00
nekral-guest 5cd975acbf * man/su.1.xml: Use <option> for the login.defs options.
* man/su.1.xml: Improve the documentation of the su behavior
	regarding environment variables.
	* man/su.1.xml: Document that the login.defs file is used.
2009-06-04 17:28:09 +00:00
nekral-guest ae69e6da5a * man/login.1.xml: Document that the login.defs file is used. 2009-06-04 17:25:18 +00:00
nekral-guest 647c22c85a * man/login.defs.d/ENVIRON_FILE.xml: Document the format for
comments.
2009-06-04 17:23:08 +00:00
nekral-guest 1edc2153bb * man/gpasswd.1.xml: Ease the translation of the refpurpose.
* man/gpasswd.1.xml: Fix typo, shorten sentences.
2009-05-26 19:23:40 +00:00
nekral-guest bf56a7097e * man/pwck.8.xml, man/grpck.8.xml: Move the SEE ALSO section at
the end.
2009-05-26 17:00:58 +00:00
nekral-guest a6418fb0df * src/vipw.c: Make sure opened files are closed. 2009-05-25 19:51:23 +00:00
nekral-guest 401d72d609 * man/chpasswd.8.xml, man/grpck.8.xml, man/newgrp.1.xml,
man/passwd.1.xml, man/sg.1.xml: Avoid a spurious comma.
2009-05-25 19:41:43 +00:00
nekral-guest a1352582df * man/passwd.1.xml: Avoid a spurious comma. 2009-05-25 19:29:19 +00:00
nekral-guest 2e239f44cf * NEWS: New placeholder for the next release. 2009-05-25 19:26:31 +00:00
nekral-guest 5b22b11454 * po/fr.po: Updated French translation. 2009-05-22 13:53:18 +00:00
nekral-guest 91d5c24f58 * NEWS: Prepare the next release.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
	* po/*.po, man/po/*.po: Updated PO files.
	* man/passwd.1.xml: passwd -u does not reset the expiry field.
2009-05-22 13:50:45 +00:00
nekral-guest e9a8ffbb51 re-indent. 2009-05-22 13:32:26 +00:00
nekral-guest 1b9b5ec306 * man/po/fr.po: Updated some strings. 2009-05-22 13:31:18 +00:00
nekral-guest f596cd113c * NEWS, src/newgrp.c: Return the exit status of the child. Thanks
to Lionel Elie Mamane.
2009-05-22 11:10:02 +00:00
nekral-guest 2e075ad91b * NEWS, src/newgrp.c: Return the exit status of the child. Thanks
to Lionel Elie Mamane.
2009-05-22 11:08:46 +00:00
nekral-guest fd55bd5d4a * src/usermod.c: Added warnings for absolute symlinks which could
be broken by rename().
2009-05-22 10:42:51 +00:00
nekral-guest 604c7d72d9 * NEWS, src/userdel.c: Report errors to remove the user's mailbox.
* NEWS, src/userdel.c: When USERGROUPS_ENAB is enabled, remove the
	user's group when the user was the only member. This is still not
	complete, as the user could have been specified twice in the
	members.
	* NEWS, src/userdel.c: Do not fail when -r is used and the home
	directory does not exist.
2009-05-22 10:41:10 +00:00
nekral-guest 738ebc04b9 * libmisc/copydir.c: Added warning for relative symlinks.
* libmisc/copydir.c (remove_tree): There is no need to check if
	the root argument exist. opendir() will report this.
2009-05-22 10:16:12 +00:00
nekral-guest 8dfd253b9c * man/faillog.8.xml: Minor updates. 2009-05-21 14:04:53 +00:00
nekral-guest 2a08642cdc * man/faillog.5.xml: Split a long paragraph. Typo fixes. 2009-05-21 14:01:16 +00:00
nekral-guest 3aa2765d59 * man/gpasswd.1.xml: Minor updates. 2009-05-21 13:54:45 +00:00
nekral-guest 12235612b5 * man/gshadow.5.xml: Updated documentation. 2009-05-21 13:53:56 +00:00
nekral-guest 39b17ee5d5 * man/usermod.8.xml, man/userdel.8.xml, man/useradd.8.xml:
Harmonize formatting of login.defs and default/useradd variables.
	Use an <option> tag.
	* man/usermod.8.xml: Added reference to gshadow(5).
	* man/login.defs.d/USERDEL_CMD.xml: Shorten the lines of the
	USERDEL_CMD example.
2009-05-21 12:02:12 +00:00
nekral-guest 37bda83dfc * src/su.c: Use a boolean instead of 0. 2009-05-21 11:58:59 +00:00
bubulle 16ea6678ef msgcat + leave Jean-Luc as translator 2009-05-20 05:40:31 +00:00
bubulle a7118480af French translation update 2009-05-20 05:39:40 +00:00
nekral-guest 41705d4532 * man/usermod.8.xml: Fixed typos. 2009-05-19 22:28:34 +00:00
nekral-guest b98658bd11 * configure.in: Next version will be 4.1.4.1. 2009-05-19 22:19:41 +00:00
nekral-guest 50916c195b * man/newusers.8.xml: Added notes regarding the ownership of
files.
2009-05-19 22:17:55 +00:00
nekral-guest a61ecc3177 Added FIXMEs. 2009-05-19 22:12:27 +00:00
nekral-guest 627ebe09ed * man/groupmod.8.xml: Split the -g option description into smaller
paragraphs.
2009-05-19 22:00:14 +00:00
nekral-guest 2adab29e61 * man/usermod.8.xml: Ownership of the mailbox is also changed with
the -u option.
2009-05-19 21:57:04 +00:00
nekral-guest fb41fb8c46 * man/useradd.8.xml: When no passwords are provided, the password
is disabled, not the account.
2009-05-19 21:37:53 +00:00
nekral-guest 738eac8669 * man/newusers.8.xml, man/chpasswd.8.xml, man/useradd.8.xml,
man/groupadd.8.xml, man/usermod.8.xml, man/chgpasswd.8.xml,
	man/groupmod.8.xml: Added warning: passwords set with these tools
	may not respect the password policy.
2009-05-19 21:29:26 +00:00
nekral-guest 82afbc40ce * man/groupadd.8.xml: Fixed formatting issue. 2009-05-19 20:32:48 +00:00
nekral-guest 00694672cd * man/groupdel.8.xml: Move the warning on filesystems checks to
the CAVEAT section.
2009-05-19 20:31:45 +00:00
nekral-guest fa2afc96ac This was meant for the previous man/userdel.8.xml commit:
* man/userdel.8.xml: Added warning for files that could remain
	owner by the removed user.
2009-05-19 20:31:02 +00:00
nekral-guest 42cb56a3a0 * man/useradd.8.xml: Fix formatting typo. 2009-05-19 20:26:56 +00:00
nekral-guest b5e7ede8b7 * man/groupdel.8.xml: Move the warning on filesystems checks to
the CAVEAT section.
2009-05-19 20:26:28 +00:00
nekral-guest c859ad91c4 Added missing return value. 2009-05-18 22:46:13 +00:00
nekral-guest 5dead2b296 * man/login.defs.d/GID_MAX.xml: Fixed typo. useradd was specified
twice.
2009-05-18 22:45:39 +00:00
nekral-guest 6573e0175f * man/groupadd.8.xml, man/useradd.8.xml: names may also contain
digits.
2009-05-18 22:43:59 +00:00
nekral-guest 96816f495e * man/shadow.5.xml: What is important in shadow is not the
encryption, but that the file is not world readable.
2009-05-18 22:40:57 +00:00
nekral-guest 9f13b4fdaa * man/po/fr.po: Updated French translation. Thanks to ABBAS
Belkacem for the login.defs update.
2009-05-18 22:39:48 +00:00
nekral-guest 5f143879df * man/usermod.8.xml: Split the CAVEAT section in paragraphs.
Updated information on the user_busy check.
2009-05-18 19:18:29 +00:00
nekral-guest 785231657c * man/userdel.8.xml: Document that -f forces the deletion of a
busy user.
2009-05-18 18:53:23 +00:00
nekral-guest b9ecd1cf42 * NEWS, src/usermod.c: Check if the user is busy when the user's
UID, name or home directory is changed.
2009-05-18 18:37:16 +00:00
nekral-guest 4a4549c49b * src/userdel.c, libmisc/user_busy.c, libmisc/Makefile.am,
lib/prototypes.h: Move user_busy() to libmisc/user_busy.c.
	* NEWS, libmisc/user_busy.c: On Linux, do not check if an user is
	logged in with utmp, but check if the user is running some
	processes. If not on Linux, continue to search for an utmp record,
	but make sure the process recorded in the utmp entry is still
	running.
2009-05-18 18:32:17 +00:00
nekral-guest 3e85eafb4c * man/usermod.8.xml: Document the -m/--move-home option. 2009-05-18 18:28:06 +00:00
nekral-guest e3343c1d9b * src/userdel.c (user_busy): Check if the process registered in
utmp is still running. This avoids rejecting the removal of an
	user when UTMP was not updated and indicate that the user is still
	logged in.
2009-05-17 16:27:29 +00:00
nekral-guest 297141c6c4 re-indent. 2009-05-17 16:02:35 +00:00
nekral-guest 589a773f7e Document the changes in 4.1.4.1:
- login
  * Fix failures with empty usernames on non PAM versions.
  * Fix CONSOLE (securetty) support on non PAM versions.
2009-05-16 18:27:13 +00:00
nekral-guest f634cd3e2c * libmisc/console.c (console): Remove the leading /dev/ from the
tty before comparing with the lines specified by CONSOLE.
	* src/su.c: Do not remove the /dev/ prefix since it is done by
	console().
2009-05-16 18:19:24 +00:00
nekral-guest 8eaa6f8b4c * man/login.defs.d/CONSOLE.xml: Document the format of the CONSOLE
file.
2009-05-16 17:08:44 +00:00
nekral-guest 9ee294ba70 * src/login.c: Fix failure of non PAM enabled versions when an
empty username is entered after a first prompt.
2009-05-16 15:43:13 +00:00
nekral-guest d945d61e42 * src/passwd.c: Added missing end of line at the end of success
messages.
2009-05-16 15:39:01 +00:00
nekral-guest f8f0886248 * po/fr.po: Fixed typo in the vipw usage string. 2009-05-16 15:38:00 +00:00
nekral-guest 87bb724151 * libmisc/shell.c: Removed invalid code that executed the user's
shell as a shell script when the direct execution of the user's
	shell failed with ENOEXEC and the user's shell has a shebang. The
	interpreter might not be the right one.  Executing the user's
	shell with sh -c might be better, but I'm not sure we should try
	harder when there is a failure. Note: The removed code was only
	included #ifndef __linux__.
2009-05-12 20:01:41 +00:00
nekral-guest 205e8b5137 * man/userdel.8.xml: The USERGROUPS_ENAB group may not be removed
when the group is used by other users, not the user.
2009-05-12 19:25:26 +00:00
nekral-guest a9b8fdc3c9 * src/userdel.c, man/login.defs.d/USERDEL_CMD.xml: Move the
USERDEL_CMD script example from the source code to the
	documentation.
2009-05-12 19:23:46 +00:00
nekral-guest 321e3ed02c * man/newusers.8.xml: PAM enabled version: describe how passwords
are updated and how newusers behave in case of error.
2009-05-11 19:29:38 +00:00
nekral-guest 63e6dc6b11 * NEWS, configure.in: New release will be 4.1.4.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
	* po/*.po, man/po/*.po: Updated PO files.
2009-05-10 20:02:21 +00:00
nekral-guest a96a8861dd Fix compilation warnings. 2009-05-10 18:26:33 +00:00
nekral-guest 24875bb422 * libmisc/copydir.c: Added prototype of readlink_malloc(), and
readlink_malloc() changed to static.
2009-05-10 18:21:58 +00:00
nekral-guest 74073db5db * src/su.c: Avoid redeclaration of root_pw. 2009-05-10 18:20:41 +00:00
nekral-guest fe0a5b6ee3 Added Changelog and NEWS entry for the French and Japanese translations. 2009-05-10 17:10:44 +00:00
bubulle 12875d2687 French translation update 2009-05-10 16:42:43 +00:00
bubulle 489432d742 Japanese translation received directly from NAKANO Takeo 2009-05-10 16:42:17 +00:00
nekral-guest 750093a3ed * lib/commonio.c: Avoid PATH_MAX. On glibc, we can use realpath
with a NULL argument.
	* src/useradd.c: Replace PATH_MAX by a fixed constant. The buffer
	was not meant as a storage for a path.
	* src/useradd.c, src/newusers.c, src/chpasswd.c: Better detection
	of fgets errors. Lines shall end with a \n, unless we reached the
	end of file.
	* libmisc/copydir.c: Avoid PATH_MAX. Support file paths with any
	length. Added readlink_malloc().
2009-05-10 13:49:03 +00:00
nekral-guest a01499179f * src/pwck.c: Warn if an user has an entry in passwd and shadow,
and the password field in passwd is not 'x'.
	* src/grpck.c: Warn if a group has an entry in group and gshadow,
	and the password field in group is not 'x'.
2009-05-09 21:20:54 +00:00
nekral-guest 6ba7fd7d13 Fix typo. 2009-05-09 13:38:51 +00:00
nekral-guest 1737e6e0ec Added notes about updated translations. 2009-05-09 13:16:17 +00:00
nekral-guest 3f649c5504 * man/login.defs.d/ENCRYPT_METHOD.xml,
man/login.defs.d/MD5_CRYPT_ENAB.xml,
	man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM
	enabled versions. These variables are only used for group
	passwords in this case.
2009-05-09 13:16:10 +00:00
nekral-guest 9bdcf8fa15 * man/chpasswd.8.xml: Sorted options alphabetically. 2009-05-09 13:16:03 +00:00
nekral-guest 7f9e196903 * NEWS, src/newusers.c, src/Makefile.am: Added support for
changing the passwords with PAM.
	* src/newusers.c: Split the usage string in smaller parts to
	allow enabling single parts.
	* man/newusers.8.xml: Indicate the options and configuration
	variables valid for PAM and non-PAM versions.
	* man/newusers.8.xml: Added pointer to /etc/pam.d/chpasswd.
2009-05-09 13:15:57 +00:00
nekral-guest 8bcb2c1e71 Sort entries alphabetically. 2009-05-09 13:15:51 +00:00
nekral-guest 79db09da98 * src/userdel.c: Remove duplicate definitions of exit codes. 2009-05-09 13:15:44 +00:00
nekral-guest 8f64190223 Fix typos. 2009-05-09 13:15:38 +00:00
nekral-guest ce684e236c Fix typo. 2009-05-09 13:15:32 +00:00
nekral-guest d1534c53f7 * libmisc/non_interactive_pam_conv.c,
libmisc/pam_pass_non_interractive.c, libmisc/Makefile.am: Renamed.
	* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
	non_interactive_password and non_interactive_pam_conv do not need
	to be externally visible.
	* libmisc/pam_pass_non_interractive.c: Added declaration of
	ni_conv.
	* libmisc/pam_pass_non_interractive.c: Only compile ifdef USE_PAM.
	* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
	Added do_pam_passwd_non_interractive().
	* src/chpasswd.c: Use do_pam_passwd_non_interractive().
2009-05-09 13:15:25 +00:00
nekral-guest 19b672c3a4 * libmisc/pam_pass.c: Removed comment regarding pam_misc. This is
checked by configure.in.
2009-05-09 13:15:17 +00:00
nekral-guest a979e7d14d * man/login.defs.5.xml: PAM enabled chpasswd do not use any
configuration variable from login.defs.
2009-05-09 13:15:10 +00:00
nekral-guest 4654150518 * man/passwd.1.xml: Differentiate the files used for PAM and
non-PAM versions.
2009-05-09 13:15:03 +00:00
nekral-guest 0921785ca2 * man/chpasswd.8.xml: Describe how chpasswd in case of error.
* man/chpasswd.8.xml: Describe the PAM enabled chpasswd behavior.
	* man/chpasswd.8.xml: Differentiate the files and configurations
	needed for PAM and non PAM versions.
2009-05-09 13:14:56 +00:00
nekral-guest b60e8b6b45 * src/login.c: failcount does not need to be signed. 2009-05-09 13:14:50 +00:00
nekral-guest 538336a332 * src/Makefile.am: PAM enabled chpasswd now needs to be linked to
the PAM library, even if --enable-account-tools-setuid is not
	used.
2009-05-09 13:14:44 +00:00
nekral-guest 5c1279d803 * src/chpasswd.c: Added the line number when an error is reported
instead of only the username.
	* src/chpasswd.c: PAM enabled chpasswd do may change the password
	database (for the user where the password update succeeded) even
	if there were a failure for one user. Do not indicate that changes
	were ignored.
2009-05-09 13:14:37 +00:00
nekral-guest 61939960cc * src/passwd.c: Exit immediately when unlocking a password would
result in a passwordless account. This avoid printing a success
	message after the warning.
2009-05-09 13:14:31 +00:00
nekral-guest ee7af4d7e2 * src/nologin.c: Include <stdlib.h> to get EXIT_FAILURE. 2009-05-09 13:14:23 +00:00
bubulle b8355dba15 Russian completed 2009-05-09 05:57:18 +00:00
bubulle 5d661e366b Russian translation update 2009-05-08 17:22:15 +00:00
bubulle 787fbd3fab Completed German translation 2009-05-08 17:19:15 +00:00
bubulle c671c3a738 German translation update 2009-05-07 17:48:51 +00:00
nekral-guest 69fe59a632 * NEWS, configure.in: Fix build failure on non-PAM enabled system
when --without-pam is not specified.
2009-05-03 22:46:26 +00:00
nekral-guest ba65b06b4a * lib/commonio.c: Ignore teh return values of fclose() and
unlink() in case of failure of fopen_set_perms() or
	create_backup().
	* lib/commonio.c: Should the backup file be unlink'ed in case of
	failure of create_backup()?
2009-04-30 21:53:54 +00:00
nekral-guest 4da0573bf7 * lib/getulong.c: Added splint annotations. 2009-04-30 21:44:35 +00:00
nekral-guest 4e75bb57bb * src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
	src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
	src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
	src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
	src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
	* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
	src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
	src/sulogin.c, src/usermod.c: Use return instead of exit at the
	end of main().
	* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
	exit codes.
	* src/chpasswd.c: Added missing ||.
	* src/nologin.c: Do not include exitcodes.h.
	* src/nologin.c: Added brackets.
	* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
nekral-guest c527c0196b * libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c,
lib/get_uid.c: Added splint annotations.
2009-04-30 21:12:33 +00:00
nekral-guest a326ffa435 * lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs.
* libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c,
	src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c,
	src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c,
	libmisc/limits.c: Return EXIT_FAILURE instead of 1, and
	EXIT_SUCCESS instead of 0.
	* libmisc/audit_help.c: Replace an fprintf() by fputs().
	* libmisc/audit_help.c: Remove documentation of the audit_logger
	returned values. The function returns void.
	* libmisc/system.c: Only return status if waitpid succeeded.
	Return -1 otherwise.
2009-04-30 21:08:49 +00:00
nekral-guest 0f448edf19 Fix some splint warnings.
Rmove debug code.
2009-04-28 22:01:20 +00:00
nekral-guest 9b6b06cd03 Restore string. 2009-04-28 21:46:06 +00:00
nekral-guest d7d0b06a41 * NEWS, src/chpasswd.c: Added support for changing the passwords
with PAM.
	* src/chpasswd.c: Split the usage string in smaller parts to
	allows enabling single parts.
	* src/chpasswd.c: Do not set a global lock on the password files.
	This is done by PAM each time a password is updated.
2009-04-28 21:45:38 +00:00
nekral-guest 72fa8afa07 * lib/defines.h: Include <utmpx.h> and <utmp.h> to define
USER_NAME_MAX_LENGTH.
2009-04-28 21:01:20 +00:00
nekral-guest 1e75786616 * src/login.c: Change a snprintf() to strncpy(). There are no
format.
2009-04-28 20:59:31 +00:00
nekral-guest 1db4402dbb Re-indent, reformat #ifndef blocks. 2009-04-28 20:55:10 +00:00
nekral-guest 59e1947950 * src/passwd.c: Harmonize status report at the end of passwd.
Prefix the messages with "passwd: ", only indicate a password
	change if the password was actually changed, and password
	properties changed otherwise.
2009-04-28 20:46:35 +00:00
nekral-guest f8b8aaf5e4 * src/chgpasswd.c, src/newusers.c: There is no need to test for 0
after getopt_long. No options have flag != NULL.
2009-04-28 20:10:18 +00:00
nekral-guest 613dc54ac5 * src/newusers.c: There is no need to test for 0 after
getopt_long. No options have flag != NULL.
2009-04-28 20:08:30 +00:00
nekral-guest a1591f77e8 * libmisc/Makefile.am, lib/prototypes.h,
libmisc/non_interactive_pam_conv.c: Added
	non_interactive_pam_conv() and non_interactive_password.
2009-04-28 20:07:24 +00:00
nekral-guest 102253834a * lib/prototypes.h: Replace #if by #ifdef
* lib/prototypes.h, libmisc/non_interactive_pam_conv.c: Added
	non_interactive_pam_conv() and non_interactive_password.
2009-04-28 20:06:46 +00:00
nekral-guest dd85562fac * libmisc/utmp.c, src/userdel.c, src/logoutd.c: Replace #if by #ifdef 2009-04-28 20:03:23 +00:00
nekral-guest 90cc7f0f1d * src/vipw.c: Harmonize messages. 2009-04-28 19:26:27 +00:00
nekral-guest bb00d1630a * src/lastlog.c: Replace atoi() by getulong(). 2009-04-28 19:25:15 +00:00
nekral-guest a5188d2f05 * libmisc/failure.h: Replace HAVE_UTMPX_H by USE_UTMPX. 2009-04-28 19:19:33 +00:00
nekral-guest 6547cbda6f * libmisc/rlogin.c: Replace atoi() by getulong(). 2009-04-28 19:17:21 +00:00
nekral-guest 79919f184c * libmisc/failure.c: Replace HAVE_UTMPX_H by USE_UTMPX. 2009-04-28 19:14:50 +00:00
nekral-guest e6b23e1431 * libmisc/chkname.c: Do not include <utmp.h> and <utmpx.h>. There
are no more needed.
2009-04-28 19:14:05 +00:00
nekral-guest b0c0a94c66 * libmisc/limits.c: Replace strtol() by getlong().
* libmisc/limits.c: Replace HAVE_UTMPX_H by USE_UTMPX.
2009-04-28 19:12:48 +00:00
nekral-guest 76b51939aa * man/groupmod.8.xml, man/usermod.8.xml, man/groupadd.8.xml,
man/useradd.8.xml: Added note to warn about insecurity in using
	--password.
	* man/groupmod.8.xml: Removed not regarding default if --password
	is not used. This was a cut&paste from groupadd.8.xml.
	* man/passwd.1.xml: Split some paragraphs.
	* man/passwd.1.xml: Recommend other encryption methods than DES.
2009-04-27 20:29:43 +00:00
nekral-guest 91fc51387c * src/login.c: Move update_utmp() after the PID or session ID
changed in order to get more accurate data in UTMP. This also
	fixes "exec login" when login in installed setuid.
2009-04-27 20:25:23 +00:00
nekral-guest 009125484e * src/login.c: Reuse a string and avoid an untranslated message
"Login incorrect".
2009-04-27 20:21:48 +00:00
nekral-guest 8112a12521 * src/login.c: Replace HAVE_UTMPX_H by USE_UTMPX.
* src/login.c: Avoid name clash between global variables and the
	update_utmp() arguments.
2009-04-27 20:20:37 +00:00
nekral-guest 69307a1f2b * src/groupadd.c, lib/commonio.c, lib/groupio.c: Added missing
include of <assert.h>
2009-04-27 20:18:00 +00:00
nekral-guest e68e07d095 * src/groupadd.c: Added missing include of <assert.h> 2009-04-27 20:16:04 +00:00
nekral-guest 851245107d * lib/prototypes.h: Replace HAVE_UTMPX_H by USE_UTMPX.
* lib/prototypes.h, libmisc/log.c: Added splint annotations.
	* libmisc/log.c: Added SYSLOG warning when lseek fails (should not
	happen).
2009-04-27 20:15:09 +00:00
nekral-guest e88d1f5803 * libmisc/mail.c, libmisc/copydir.c: Added missing include of
<assert.h>
2009-04-27 20:09:18 +00:00
nekral-guest 988f7334ad * libmisc/env.c: Added assertions on the snprintf results. 2009-04-27 20:07:59 +00:00
nekral-guest 80fd2969c9 * libmisc/utmp.c: Replace HAVE_UTMPX_H by USE_UTMPX.
* libmisc/utmp.c: Removed old comment on HAVE_STRUCT_UTMP_UT_ID
	and UTMPX support.
2009-04-27 20:06:25 +00:00
nekral-guest 13b74243a6 * NEWS, configure.in: Added configure option --enable-utmpx,
disabled by default. This defines USE_UTMPX, which should be used
	instead of HAVE_UTMPX_H.
2009-04-27 20:03:48 +00:00
nekral-guest c7035dbe9c * man/po/fr.po: Fix typo. 2009-04-27 19:56:34 +00:00
nekral-guest 8f78169a52 * src/newgrp.c: Close the databases before changing the UDI and
GID.
2009-04-26 17:11:38 +00:00
nekral-guest 5766499b85 * libmisc/myname.c: Updated splint annotations. 2009-04-26 17:10:49 +00:00
nekral-guest 4fd672c5b9 * lib/commonio.c: Added splint annotations.
* lib/commonio.c: old_context should be local to commonio_close(),
	not global.
2009-04-26 16:48:51 +00:00
nekral-guest fca3b5cdc9 * src/passwd.c: Do not freecon strings duplicated with strdup.
Also avoid allocation of memory.
	* src/passwd.c: Use SYSLOG instead of syslog.
2009-04-26 16:44:54 +00:00
bubulle 8fa9bedcf7 Updated Czech translation 2009-04-26 12:26:10 +00:00
nekral-guest 44869516d3 Updated splint annotations. 2009-04-25 15:18:49 +00:00
nekral-guest 06d5369fdb Updated splint annotations. 2009-04-25 14:16:22 +00:00
nekral-guest 71f7f777ec * lib/commonio.c: Do not assumes eptr is always notnull.
Updated splint annotations.
2009-04-25 13:41:52 +00:00
nekral-guest 3a37388d43 Updated splint annotations. 2009-04-25 13:13:50 +00:00
nekral-guest 4c1d96e8e0 * lib/commonio.h, lib/commonio.c: Added splint annotations. 2009-04-25 12:43:27 +00:00
nekral-guest f9bd143012 * NEWS, po/pt.po: Updated Portuguese translation. 2009-04-25 11:06:35 +00:00
nekral-guest 98e42fa944 * libmisc/copydir.c: Added splint annotations.
* libmisc/copydir.c: Added assert to help splint.
	* libmisc/copydir.c: Free allocated structures in cas of failure.
	* libmisc/copydir.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/copydir.c: Use buffers of size PATH_MAX instead of 1024
	for filenames.
	* libmisc/copydir.c: Use fchmod and fchown to change the mode of
	the opened file.
	* libmisc/copydir.c: Indicate the mode to open(), even if we chmod
	later.
2009-04-24 23:41:28 +00:00
nekral-guest ab6c366668 * lib/prototypes.h: Added prototypes of getulong() and get_pid().
* lib/prototypes.h: Added splint annotations.
2009-04-24 23:35:57 +00:00
nekral-guest fc656ad7bd * lib/commonio.c: Use get_pid() instead of strtol.
* lib/commonio.c: Replace an int by a size_t.
2009-04-24 23:35:01 +00:00
nekral-guest 1353c71054 * lib/commonio.h: Added splint annotations. 2009-04-24 23:33:47 +00:00
nekral-guest 566fbac1ef * lib/sgroupio.c: Free allocated structures on failure.
* lib/sgroupio.c: Added splint annotations.
2009-04-24 23:32:52 +00:00
nekral-guest 496002abc9 * lib/Makefile.am, lib/get_pid.c, lib/getulong.c: Added get_pid()
and getulong().
2009-04-24 23:28:15 +00:00
nekral-guest e8dd48ac09 * lib/getlong.c: Do not check for NULL string but empty string. 2009-04-24 23:27:12 +00:00
nekral-guest 08b4253001 * lib/groupio.c: Updated splint annotations.
* lib/groupio.c: Added assert to help splint.
2009-04-24 23:26:31 +00:00
nekral-guest 1a87c69854 * src/useradd.c: Check assumptions on snprintf().
* src/useradd.c: Replace peror by an strerror and avoid an
	intermediate buffer.
	* src/useradd.c: Save errno between the failure and the report by
	perror/strerror.
	* src/useradd.c: Prefer xmalloc to malloc.
2009-04-24 23:23:51 +00:00
nekral-guest 861773bf77 * src/lastlog.c: Remove function calls from within assert(). 2009-04-24 23:05:29 +00:00
nekral-guest 01e88bda16 * libmisc/obscure.c: Change some int to size_t. 2009-04-24 23:04:27 +00:00
nekral-guest 5e45ac1688 * libmisc/console.c: Use a less disturbing construct for splint. 2009-04-24 23:03:14 +00:00
nekral-guest 10396f9536 * libmisc/limits.c: Parse the limits, umask, nice, maxlogin, file
limit with getlog() / getulong(). This also means, in case of
	non-PAM enabled systems, that the umask specified on the GECOS
	fields should start with a 0 if specified in octal. (it used to be
	force to octal). Do the appropriate cast and range checking.
2009-04-24 22:56:42 +00:00
nekral-guest 0c571784a3 * libmisc/salt.c: In case gettimeofday() fails, get some entropy
from the PID.
2009-04-24 22:49:20 +00:00
nekral-guest 7646230de2 * libmisc/setupenv.c: Prefer snprintf to sprintf, even if a small
context indicates no issues.
	* libmisc/setupenv.c: Avoid implicit conversion of pointers to
	booleans.
2009-04-24 22:46:06 +00:00
nekral-guest 42e72c418d * libmisc/loginprompt.c: Prefer snprintf to sprintf, even if a
small context indicates no issues.
2009-04-24 22:27:58 +00:00
nekral-guest 37eec13774 * src/faillog.c: Remove function calls from within assert(). 2009-04-24 22:27:09 +00:00
nekral-guest f28f5f3af4 * libmisc/mail.c: Ignore the return value of puts().
* libmisc/mail.c: Prefer snprintf to sprintf, even if a small
	context indicates no issues.
2009-04-24 22:22:57 +00:00
nekral-guest 6e357e14fc * lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h,
lib/pwio.c, lib/pwio.h, lib/shadowio.c, lib/shadowio.h: Added
	splint annotations. The *_locate() and *_next() functions
	currently return an observer. As the structure are often modified
	by the caller, it could maybe be changed to exposed later. (and
	non-const).
2009-04-23 21:19:02 +00:00
nekral-guest d0d01ffb00 * lib/pwauth.c: Use a boolean for wipe_clear_pass and use_skey.
* lib/pwauth.c: Added splint annotations.
	* lib/pwauth.c: Added brackets and parenthesis.
	* lib/pwauth.c: Avoid assignments in comparisons.
	* lib/pwauth.c: Avoid implicit conversion of pointers or
	characters to booleans.
2009-04-23 20:46:01 +00:00
nekral-guest 916977c5bb * src/groupmod.c: Cast ID to ulongs and use ulong formats for IDs. 2009-04-23 20:39:29 +00:00
nekral-guest af8ff8c1ca * src/newgrp.c: Added splint annotations.
* src/newgrp.c: audit_buf is only used in newgrp. Make it static.
	* src/newgrp.c: Ignore the return value of fputs().
	* src/newgrp.c: Use exit(EXIT_FAILURE) instead of exit(1).
2009-04-23 20:37:00 +00:00
nekral-guest 3d2f164dca * libmisc/pwdcheck.c (passwd_check): The progname is not used.
* libmisc/pwdcheck.c: Ignore the return value of sleep().
	* libmisc/pwdcheck.c: Use exit(EXIT_FAILURE) instead of exit(1).
2009-04-23 20:17:02 +00:00
nekral-guest c357e94283 * libmisc/setupenv.c: Avoid assignments in comparisons.
* libmisc/setupenv.c: Added brackets and parenthesis.
	* libmisc/setupenv.c: Ignore the return value of fclose (file
	opened read-only)
	* libmisc/setupenv.c: Ignore the return value of puts().
	* libmisc/setupenv.c:Avoid implicit conversion of pointers to
	booleans.
2009-04-23 17:45:42 +00:00
nekral-guest 7f165aab7f * libmisc/find_new_gid.c, libmisc/find_new_uid.c,
libmisc/isexpired.c, src/groupadd.c, lib/pwauth.h, lib/groupmem.c,
	lib/shadowmem.c, lib/pwmem.c, lib/prototypes.h: Added splint
	annotations.
2009-04-23 17:43:27 +00:00
nekral-guest 956d68c870 * libmisc/loginprompt.c: Use exit(EXIT_FAILURE) instead of
exit(1).
	* libmisc/loginprompt.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/loginprompt.c: Ignore return value of putc().
2009-04-23 17:34:46 +00:00
nekral-guest 61ebff6d97 * libmisc/env.c, libmisc/age.c: Added splint annotations.
* libmisc/age.c: Added brackets and parenthesis.
	* libmisc/age.c: Ignore the return value of fclose (file opened
	read-only)
	* libmisc/age.c: Ignore puts() return value.
	* libmisc/age.c: Use exit(EXIT_FAILURE) instead of exit(1).
	* libmisc/age.c: Avoid assignments in comparisons.
2009-04-23 17:33:21 +00:00
nekral-guest 0b1397b33b * lib/fputsx.c, lib/gshadow.c, lib/commonio.h: Added splint
annotations.
2009-04-23 11:54:30 +00:00
nekral-guest a121b9b659 * lib/gshadow.c, lib/commonio.h: Added splint annotations. 2009-04-23 11:53:55 +00:00
nekral-guest 43033b65ad * lib/getdef.c: Added splint annotations.
* lib/getdef.c: Ignore fputs() return value.
	* lib/getdef.c: Use EXIT_FAILURE / EXIT_SUCCESS for exit()
2009-04-23 11:46:46 +00:00
nekral-guest 0c6159650d * lib/get_gid.c: gidstr should not be NULL, but the check was
meant to make sure it is not empty.
	* lib/get_uid.c: Likewise.
2009-04-23 11:46:06 +00:00
nekral-guest 7b562d96b3 * src/faillog.c: Added splint annotations.
* src/faillog.c: Cast ID to ulongs and use ulong formats for IDs.
	* src/faillog.c: Ignore fflush() return value.
	* src/faillog.c: Added parenthesis.
2009-04-23 11:23:53 +00:00
nekral-guest 988ec76cf8 * src/grpck.c: Ignore puts return value.
* src/grpck.c: Avoid variable format string.
2009-04-23 11:21:57 +00:00
nekral-guest 87e15d7b82 * src/lastlog.c: Use EXIT_FAILURE / EXIT_SUCCESS for exit()
* src/lastlog.c: Added splint annotations.
	* src/lastlog.c: Avoid global pwent.
	* src/lastlog.c: Cast ID to ulongs and use ulong formats for IDs.
	* src/lastlog.c: Avoid assignment in comparisons.
	* src/lastlog.c: Ignore fclose() return value since the file is
	only opened for reading.
2009-04-23 11:21:01 +00:00
nekral-guest 77c1b2a369 * src/newgrp.c: Added assertion to guide splint (and me). 2009-04-23 11:17:22 +00:00
nekral-guest b0db85bc04 * libmisc/find_new_gid.c: Use booleans instead of char fo
used_gids.
	* libmisc/find_new_gid.c: Use getdef_ulong and cast to git_t to
	get GID values.
	* libmisc/find_new_gid.c: Use UL as a prefix for ulong values.
	* libmisc/find_new_uid.c: Likewise.
2009-04-23 11:16:38 +00:00
nekral-guest cbd90eed74 * libmisc/yesno.c: Ignore the return value of puts. 2009-04-23 11:14:56 +00:00
nekral-guest 35f0a2e951 * libmisc/age.c: Use exit(EXIT_FAILURE) instead of exit(1).
* libmisc/age.c: The return value of execl() is not used.
2009-04-23 11:14:18 +00:00
nekral-guest 614c79defc * libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
	lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
	lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
	lib/fputsx.c, lib/prototypes.h: Added splint annotations.
	* lib/groupio.c: Avoid implicit conversion of pointers to
	booleans.
	* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
nekral-guest fef6f9379a Fix typo. 2009-04-22 21:33:09 +00:00
nekral-guest fe29344b33 * lib/defines.h: Added splint definitions to replace <locale.h> 2009-04-22 21:22:32 +00:00
nekral-guest 2c0f3ef707 * libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
	lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
	lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
nekral-guest aebddca35d * libmisc/utmp.c: Added splint annotations. 2009-04-22 21:07:33 +00:00
nekral-guest 620ee81b7e * libmisc/utmp.c: Only set ut_time and ut_tv if gettimeofday()
succeeds.
2009-04-22 21:06:13 +00:00
nekral-guest e76a5df932 * libmisc/utmp.c: Fix the check for empty host in prepare_utmp()
and prepare_utmpx().
2009-04-22 21:04:16 +00:00
nekral-guest 7fb1063ccd * libmisc/utmp.c: The ut argument of prepare_utmp() might be NULL.
ut_id needs to be forged in that case.
2009-04-22 21:02:46 +00:00
nekral-guest 811288df64 * libmisc/utmp.c: Removed old documentation of setutmp(). 2009-04-22 21:00:18 +00:00
nekral-guest 31906409c8 * libmisc/utmp.c: Use xmalloc() rather than malloc(). 2009-04-22 20:59:23 +00:00
nekral-guest b05783da32 * libmisc/utmp.c: The name returned by ttyame() needs to be copied
locally.
2009-04-22 20:57:29 +00:00
nekral-guest 54302f6006 * src/login.c: Added splint annotations. 2009-04-22 20:53:15 +00:00
nekral-guest 2a32262725 * src/login.c: Added assert()s for NULL (or ! NULL) username, and
pwd. This helps splint.
2009-04-22 20:51:13 +00:00
nekral-guest e35a7fbd89 Re-indent. 2009-04-22 20:48:42 +00:00
nekral-guest c55311aa6d * src/login.c: After login_prompt(), do not check for unset
username, but for empty username.
2009-04-22 20:46:49 +00:00
nekral-guest 3704745289 * lib/defines.h: Define USER_NAME_MAX_LENGTH, based on utmp and
default to 32.
	* libmisc/chkname.c: Use USER_NAME_MAX_LENGTH.
	* src/login.c: Use USER_NAME_MAX_LENGTH instead of the default 32.
	username also needs to be bigger than USER_NAME_MAX_LENGTH because
	it has to be nul-terminated.
2009-04-22 20:42:48 +00:00
nekral-guest eae8b63d4f * src/login.c: Use xmalloc() instead of malloc(). 2009-04-22 20:21:17 +00:00
nekral-guest 349efcb0a6 * src/login.c: Ignore the return value of puts(), fputs(),
strftime().
2009-04-22 20:17:11 +00:00
nekral-guest 46d697cded * src/login.c: timeout, delay, and retries should be unsigned.
* src/login.c: Ignore the return value of alarm() and sleep().
2009-04-22 20:15:21 +00:00
nekral-guest 53e0ff91d3 * src/login.c: If we cannot get the terminal configuration, do not
change the terminal configuration. setup_tty() is just a best
	effort configuration of the terminal.
	* src/login.c: Ignore failures when setting the terminal
	configuration.
	* src/login.c: Fail if the ERASECHAR or KILLCHAR configurations
	are not compatible with a cc_t type.
2009-04-22 20:12:06 +00:00
nekral-guest a362a68f53 * src/login.c: utent might be NULL after get_current_utmp(). 2009-04-22 20:07:34 +00:00
nekral-guest 332a50c273 * src/login.c: Removed temp_shell. No more used.
* src/login.c: lastlog is only used #ifndef USE_PAM
	* src/login.c: Rename lastlog to ll to avoid name clash with the
	lastlog type.
2009-04-22 20:03:26 +00:00
nekral-guest 790dbb07fc * src/login.c: Added update_utmp() to group the prepare_utmp and
setutmp (and the utmpx versions).
2009-04-22 19:58:39 +00:00
nekral-guest f59a69f4b6 * src/login.c: Do not include netdb.h. gethostbyname() is no more
called from within login.c. Also UT_ADDR does not exist anymore.
2009-04-22 19:54:28 +00:00
nekral-guest efcbbc3d74 * src/login.c: Check if login is run with effective root
privileges. This should be more helpful to users than a failure to
	find an utmp entry or failure to access a file.
2009-04-21 22:46:01 +00:00
nekral-guest a0503bc3a1 Added previous commit changelog. 2009-04-21 22:39:52 +00:00
nekral-guest 82c1a583f8 * libmisc/utmp.c: Reworked. Get rid of Linux specific stuff. Get rid
of global utent/utxent variables. Only reuse the ut_id and maybe
	the ut_host fields from utmp.
	* lib/prototypes.h, libmisc/utmp.c: Removed checkutmp(),
	setutmp(), setutmpx().
	* lib/prototypes.h, libmisc/utmp.c: Added get_current_utmp(),
	prepare_utmp(), prepare_utmpx(), setutmp(), setutmpx().
	* libmisc/utmp.c (is_my_tty): Only compare the name of the utmp
	line with ttyname(). (No stat of the two terminals to compare the
	devices).
	* libmisc/utmp.c: Use getaddrinfo() to get the address of the
	host.
	* configure.in: Check for getaddrinfo().
	* configure.in: Use AC_CHECK_MEMBERS to check for the existence of
	fields in the utmp/utmpx structures.
	* configure.in: Reject systems with utmpx support but no ut_id
	field in utmp. This could be fixed later if needed.
	* src/login.c: Use the new utmp functions. This also simplifies
	the failtmp() handling.
	* src/login.c: passwd_free() renamed to pw_free() and
	shadow_free() renamed to spw_free()
2009-04-21 22:39:14 +00:00
nekral-guest fcfa81283e * NEWS, configure.in: Enable --enable-account-tools-setuid by
default for PAM builds, as it used to be before the introduction
	of this option.
2009-04-21 22:22:08 +00:00
nekral-guest fba5cad820 * etc/pam.d/Makefile.am: Distribute all pam.d files, even if
ACCT_TOOLS_SETUID is not enabled.
2009-04-21 22:16:17 +00:00
nekral-guest 5bdf239a66 * lib/shadowmem.c: Added spw_free().
* lib/shadowio.c: Use spw_free() for shadow_free().
	* lib/groupmem.c: Added gr_free().
	* lib/groupio.c: Use gr_free() for group_free().
	* lib/pwmem.c: Include define.h before prototypes.h
	* lib/pwmem.c: Added pw_free().
	* lib/pwio.c: Use pw_free() for passwd_free().
	* lib/sgroupio.c: Added sgr_free().
	* lib/sgroupio.c: Use sgr_free() for gshadow_free().
	* lib/prototypes.h: Added gr_free(), pw_free(), sgr_free(),
	spw_free().
2009-04-21 22:14:10 +00:00
nekral-guest 408a30f0ba * libmisc/shell.c: Add brackets and parenthesis.
* libmisc/shell.c: Avoid assignments in comparisons.
	* libmisc/shell.c: Re-indent.
2009-04-21 22:07:35 +00:00
nekral-guest c8f45eda53 * lib/defines.h: Added MIN and MAX macros.
* libmisc/salt.c: Removed MIN and MAX macros.
2009-04-21 22:06:09 +00:00
nekral-guest 2ba18ea4a9 Fix typo (&nbsp;) and fix a compilation warning (wrong const). 2009-04-21 22:03:33 +00:00
nekral-guest a45b272a2f Fix typo. 2009-04-21 22:02:37 +00:00
nekral-guest 5ad0d896f1 Added more comments to the changelog entry. 2009-04-20 14:06:06 +00:00
nekral-guest 9efd6a53d2 * NEWS, src/lastlog.c: Fix regression causing empty reports. 2009-04-20 14:04:48 +00:00
nekral-guest 18fdfee274 * src/login.c: Get rid of pwent. pwd is sufficient as long as it
is always coming from xgetpwnam. There is no need to copy pwd to
	pwent, this was not a good idea anyway as the strings from pwd
	were not duplicated.
	* src/login.c: Always free the pwd and spwd structure when we
	retrieve a new one. This will clear the password of the previous
	user from the memory.
	* src/login.c: user_passwd is used to keep point to the password
	of the user being authenticated.
	* src/login.c: (non PAM) Fail if the user's entry cannot be found
	after the user updated her password (if expire() requested an
	update).
	* src/login.c: If the user does not exist on the system, there is
	no need to build a pwd structure (with shell).
2009-04-20 13:29:15 +00:00
nekral-guest a6ac4dda75 * src/login.c: ttytype already checks for TTYTYPE_FILE and TERM.
Just call ttytype.
2009-04-20 13:12:09 +00:00
nekral-guest 29c3763f9c Re-indent. 2009-04-20 13:10:20 +00:00
nekral-guest c694843da5 * src/login.c: Open the PAM session before pam_setcred and before
initgroups. This is more consistent with rfc86.0.
2009-04-20 12:54:17 +00:00
nekral-guest 432faba3e1 * src/login.c: Added helper functions get_pam_user() and
get_failent_user().
2009-04-20 12:47:04 +00:00
nekral-guest 70e1a5c9b6 * src/login.c: Added parameter to check_nologin. This will help
getting rid of the global pwent variable.
2009-04-20 12:33:01 +00:00
nekral-guest 61c1d100dc * src/login.c: Added comments.
* src/login.c: Close the user and group files before dropping root
	privileges.
2009-04-20 12:27:27 +00:00
nekral-guest 3508f7dccc * src/login.c: We do not need to keep the old umask. Discard the
umask() return value.
2009-04-20 12:17:38 +00:00
nekral-guest d4158bdf77 * src/login.c: We do not need to keep the old umask. Discard the
umask() return value.
2009-04-20 12:16:07 +00:00
nekral-guest 1bcf2ffb59 * libmisc/hushed.c, lib/prototypes.h, src/login.c: Change the
hushed() prototype to take a username instead of a passwd
	structure in argument. The passwd entry is retrieved withing
	hushed().
2009-04-20 11:48:59 +00:00
nekral-guest 87ac185752 * libmisc/setugid.c: Updated comments. 2009-04-20 11:43:36 +00:00
nekral-guest 22fbd774dc * libmisc/failure.h, libmisc/failure.c, src/login.c: Added
username as first parameter of failtmp to avoid issues with
	non-null terminated ut_user, unavailability of ut_user, incomplete
	username (that should not happen currently).
2009-04-20 11:39:16 +00:00
nekral-guest a87e747049 * libmisc/failure.h, libmisc/failure.c, src/login.c: Added
username as first parameter of failtmp to avoid issues with
	non-null terminated ut_user, unavailability of ut_user, incomplete
	username (that should not happen currently).
2009-04-20 11:37:41 +00:00
nekral-guest f3bea401e9 * libmisc/ttytype.c: Add brackets and parenthesis.
* libmisc/ttytype.c: Avoid assignments in comparisons.
2009-04-20 11:31:05 +00:00
nekral-guest 2ce68e8aec * lib/pwio.c, lib/shadowio.c, lib/groupio.c, lib/sgroupio.c: Fill
the password fields with zeros before they are freed.
2009-04-20 11:29:17 +00:00
nekral-guest bf66861e3f * po/ko.po: Updated Korean translation. 2009-04-19 16:26:17 +00:00
nekral-guest 131e95ffaf * NEWS, src/login.c: Also check if the authentication token of the
user has to be updated in case the user was already authenticated.
2009-04-19 16:22:17 +00:00
nekral-guest ca10b825c7 * src/login.c: fflg is already restricted to root. Move
pam_acct_mgmt(), in case of fflg, earlier. This is equivalent and
	simplifies the code.
2009-04-19 16:09:00 +00:00
nekral-guest 2ed05e548b * libmisc/utmp.c: Always call endutent or endutxent when setutent
or setutxent were used.
2009-04-19 15:28:38 +00:00
nekral-guest 8156c3b0be * src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do
not get set to unsanitized values.
2009-04-19 13:33:24 +00:00
nekral-guest d2a822fe39 * libmisc/utmp.c: Do not trust the current utmp entry's ut_line.
Always set ut_line based on ttyname(0).
2009-04-17 21:25:30 +00:00
nekral-guest 5298ac3dd9 * NEWS, src/login.c: Do not trust the current utmp entry's ut_line
to set PAM_TTY.
2009-04-17 20:40:26 +00:00
nekral-guest c49371e423 * configure.in: Updated version number. 2009-04-15 21:46:42 +00:00
nekral-guest 76f7ae8d7d * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2009-04-15 21:46:06 +00:00
nekral-guest e312f007b8 Fix NEWS entry. 2009-04-15 21:31:09 +00:00
nekral-guest 239bb04b18 Fixed nb.po format and added info about the update. 2009-04-15 21:29:00 +00:00
nekral-guest 4d2bee2e23 * NEWS, src/userdel.c: Fixed SE Linux support. semanage should be
called at the end.
	* src/useradd.c: Always call selinux_update_mapping() (i.e.
	semanage), not only when -Z is used.
2009-04-15 21:14:08 +00:00
nekral-guest a24058d660 * NEWS, srclib/getlong.c: Fix parsing of octal numbers.
* NEWS, src/login.c: Fix segfault when no user is provided on the
	command line.
2009-04-15 17:50:17 +00:00
nekral-guest 70d9bc6233 libmisc/system.c was contributed by Dan Walsh. 2009-04-15 17:42:34 +00:00
nekral-guest 5fa86c2b42 * NEW, src/vipw.c: SE Linux: Set the default context to the
context of the file being edited. This ensures that the backup
	file inherit from the file's context.
2009-04-15 17:42:27 +00:00
nekral-guest a8586cbce7 Added one TODO item for usermod. 2009-04-14 22:19:17 +00:00
nekral-guest acc3423c96 * man/usermod.8.xml: There are no default values for --inactive
and --gid. If the options are no provided, the original values are
	not changed.
2009-04-14 22:19:11 +00:00
nekral-guest ceddfa340d Removed TODO entries
* groupmems has a testsuite now
 * long user names are tested for gpasswd
 * groups and id arenot receiving updates
 * tests with UID/GID sets to (*id_t)-1 already exist.
2009-04-14 22:19:05 +00:00
bubulle 8675b74bf4 Norwegian Bokmål translation update 2009-04-12 17:43:31 +00:00
nekral-guest b4a3ab4082 Added release date. 2009-04-12 02:45:11 +00:00
nekral-guest 0b4b3d63da * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2009-04-12 01:24:45 +00:00
nekral-guest 774f8a073a Added TODO entry. 2009-04-12 00:38:41 +00:00
nekral-guest 6b46161f2d * src/su.c: If there are no root account, or if the root account
has an UID != 0, default to the first UID 0 account.
2009-04-12 00:28:32 +00:00
nekral-guest 08a212ccae * src/login.c: Restore the echoctl, echoke, onclr flags to the
terminal termio flags. Reset echoprt, noflsh, tostop. This
	behavior seems to have change by mistake in earlier releases
	(4.0.8, for no obvious reason).
2009-04-12 00:17:36 +00:00
nekral-guest 64a9f33ffa * src/login.c: Fix the count of failures before login exits in
case of PAM enabled configurations.
2009-04-12 00:08:26 +00:00
nekral-guest bc0f4fa509 * man/passwd.1.xml: Document that passwd uses PAM to authenticate
and change passwords on PAM-enabled builds.
2009-04-11 23:32:00 +00:00
nekral-guest 681c1d12b5 * src/newusers.c: Add more information to the mkdir and chown
failure messages.
2009-04-11 23:30:44 +00:00
nekral-guest ce156b578f * man/po/fr.po: Updated some login.defs entries. Thanks to
Belkacem Abbas.
2009-04-11 22:41:00 +00:00
nekral-guest 4e32b9fea9 * man/login.defs.d/MAX_MEMBERS_PER_GROUP.xml,
man/login.defs.d/CONSOLE_GROUPS.xml: Fix typos.
2009-04-11 22:36:11 +00:00
nekral-guest fb631fa4eb Add the POT files to the repository. 2009-04-11 19:19:21 +00:00
nekral-guest ac305b82a4 Fix typo. 2009-04-11 19:18:38 +00:00
nekral-guest 5a56996eef * man/es/Makefile.am: Disable the distribution of Spanish
manpages. They are outdated. Please contact
	pkg-shadow-devel@lists.alioth.debian.org if you wish to provide
	updates.
2009-04-11 18:57:14 +00:00
nekral-guest af7b9b8b62 Fix typo. 2009-04-11 18:44:15 +00:00
nekral-guest 554d4f6b95 * src/usermod.c, src/useraddd.c: Fix the usage string so that it
does not change depending on the configure option. Use a format.
2009-04-11 18:39:56 +00:00
nekral-guest 80a30dfe6f * src/gpasswd.c: Fix the usage of the unused macro. 2009-04-11 18:37:59 +00:00
nekral-guest cab74eddef * lib/prototypes.h, libmisc/age.c, src/expiry.c, src/login.c: A
shadow entry is now sufficient for agecheck. Remove the first
	passwd entry parameter.
2009-04-11 18:37:08 +00:00
nekral-guest 42590e062f * src/userdel.c: Rename argv to args to avoid nameclash with the
main() parameters.
2009-04-11 16:52:45 +00:00
nekral-guest 3fdefd3e40 * src/useradd.c, src/usermod.c: Only call selinux_update_mapping()
if Zflg is set.
2009-04-11 16:47:32 +00:00
nekral-guest 192fa18195 Added TODO item. 2009-04-11 16:24:06 +00:00
nekral-guest 60a7cc9d7c * libmisc/getgr_nam_gid.c: Added support for NULL argument.
* libmisc/chowntty.c: Reuse getgr_nam_gid(), and get rid of atol().
2009-04-11 16:23:21 +00:00
nekral-guest e27f4a91b9 Tag one of the remaining strtol. 2009-04-11 16:08:00 +00:00
nekral-guest ca1bb50c24 * libmisc/find_new_gid.c, libmisc/find_new_uid.c: For system
accounts, return the first unused ID, starting from the max value.
	This could be useful later to increase the static IDs range.
2009-04-11 16:00:45 +00:00
nekral-guest 8d136297c4 * NEWS, src/useradd.c, man/useradd.8.xml: add -Z option to map
SELinux user for user's login.
	* NEWS, src/usermod.c, man/usermod.8.xml: Likewise.
	* libmisc/system.c, libmisc/Makefile.am, lib/prototypes.h: Added
	safe_system(). Used to run semanage.
	* lib/prototypes.h, libmisc/copydir.c: Make a
	selinux_file_context() an extern function.
	* libmisc/copydir.c: Reset SELinux to create files with default
	contexts at the end of copy_tree().
	* NEWS, src/userdel.c: Delete the SELinux user mapping for user's
	login.
2009-04-11 15:34:10 +00:00
nekral-guest 2c400eff94 * src/useradd.c (get_defaults): Close the default file after the
default values were read.
2009-04-11 14:55:49 +00:00
bubulle 5d9c298e9d Slovak translation updated 2009-04-11 13:53:41 +00:00
nekral-guest 689a7197a0 Re-indent. 2009-04-11 13:00:32 +00:00
nekral-guest 413bb19543 * lib/Makefile.am, lib/prototypes.h: Added sgetspent.c. 2009-04-10 22:35:43 +00:00
nekral-guest db337babbc * po/POTFILES.in: Added missing files. Sorted. 2009-04-10 22:35:37 +00:00
nekral-guest 46861e6bd8 Removed declaration of ep. No more used.
Re-indent.
2009-04-10 22:35:32 +00:00
nekral-guest 84f5ca951c * lib/getdef.c: Use getlong instead of strtol/strtoul.
* libmisc/getlong, lib/getlong.c, libmisc/Makefile.am,
	lib/Makefile.am: getlong.c moved from libmisc/ to lib/.
2009-04-10 22:35:26 +00:00
nekral-guest 1c97cf5c83 Removed DONE entry. 2009-04-10 22:35:19 +00:00
nekral-guest 9a7f5c6b16 * lib/shadow.c: Replace strtol() by getlong(). Also detect more
issues in a numerical shadow entry field.
2009-04-10 22:35:14 +00:00
nekral-guest b5200cf753 * lib/sgetspent.c: Only compile ifndef HAVE_SGETSPENT 2009-04-10 22:35:07 +00:00
nekral-guest 686ac847aa Revert " * lib/sgetspent.c: Removed (is not used / compiled) anymore."
This reverts commit dbeb402f0b0befd8c48b68d53277e1bd1b5f751b.
2009-04-10 22:35:01 +00:00
nekral-guest e075442345 * lib/sgetspent.c: Removed (is not used / compiled) anymore. 2009-04-10 22:34:55 +00:00
nekral-guest c7258f22d8 * lib/sgetspent.c: Replace strtol() by getlong(). Also detect more
issues in a numerical shadow entry field.
2009-04-10 22:34:49 +00:00
nekral-guest 304b0ec202 * src/chage.c: expdays renamed to expdate. It is a date, even if
expressed in a number of days since Jan 1, 1970.
	* src/chage.c: Likewise: lastday renamed to lstchgdate. Also fix
	the --lastday documentation.
2009-04-10 22:34:42 +00:00
nekral-guest 52238dd6a7 * src/chage.c: More strtol() replaced by getlong(). 2009-04-10 22:34:36 +00:00
nekral-guest 66e39884e2 * lib/prototypes.h: pwd_to_spwd() should be declared if USE_PAM is
NOT defined.
2009-04-10 22:34:29 +00:00
nekral-guest d548bf4742 * src/passwd.c: Replace getnumber() by getlong(). This permits to
get rid of another strtol().
2009-04-10 22:34:23 +00:00
nekral-guest 1675ca3378 * libmisc/getlong.c: Include both <stdlib.h> and <errno.h> needed
for strtol and errno, and do not include "defines.h" (not needed).
2009-04-10 22:34:17 +00:00
nekral-guest 77459dc27d * src/useradd.c, src/usermod.c, libmisc/getgr_nam_gid.c,
libmisc/Makefile.am, lib/prototypes.h: Moved getgr_nam_gid() from
	src/useradd.c and src/usermod.c to libmisc/getgr_nam_gid.c.
2009-04-10 22:34:10 +00:00
nekral-guest ffd3e43ad8 * src/useradd.c: Get rid of strtol.
* src/useradd.c: Provide better warning in case a default GROUP or
	INACTIVE value is not valid in /etc/default/useradd.
2009-04-10 22:34:04 +00:00
nekral-guest 95bc6eb7b2 * src/useradd.c: Re-indent. 2009-04-10 22:33:57 +00:00
nekral-guest 06c81b67c2 * src/useradd.c: Use getlong instead of get_number. 2009-04-10 22:33:50 +00:00
nekral-guest c3f109556a * src/usermod.c: Re-indent.
* src/usermod.c: Specifying a inactivity value < -1 is not valid.
2009-04-10 22:33:43 +00:00
nekral-guest f481938cc5 * po/*.po, man/po/*.po: Updated PO files. 2009-04-05 23:52:46 +00:00
nekral-guest 4b15eefd3c Added todo items. 2009-04-05 23:50:58 +00:00
nekral-guest b9df8b5817 * configure.in: Prepare the next 4.1.3 release. 2009-04-05 22:35:12 +00:00
nekral-guest ac52639b77 * libmisc/setugid.c libmisc/age.c (setup_uid_gid): is_console is
never set ifndef USE_PAM. Change the prototype of setup_uid_gid()
	when USE_PAM is not defined. This permits to remove add_groups
	from PAM builds.  setup_uid_gid is already subject to
	HAVE_INITGROUPS.
2009-04-05 22:33:00 +00:00
nekral-guest a51954203e * lib/prototypes.h, libmisc/addgrps.c: restrict add_groups() to
ifndef USE_PAM.
	* lib/prototypes.h: Remove the declaration of add_cons_grps(). The
	function does not exist.
	* libmisc/age.c (setup_uid_gid): is_console is never set ifndef
	USE_PAM. Change the prototype of setup_uid_gid() when USE_PAM is
	not defined. This permits to remove add_groups from PAM builds.
	setup_uid_gid is already subject to HAVE_INITGROUPS.
	* libmisc/pwd2spwd.c (pwd_to_spwd): pwd_to_spwd() is not used in
	PAM builds.
2009-04-05 22:29:42 +00:00
nekral-guest 021066a980 * src/passwd.c: do_update_age is only used ifndef USE_PAM. Make it
more explicit.
2009-04-05 22:04:31 +00:00
nekral-guest a1cac18ac3 * src/useradd.c: Set errno to 0 before calling strtol. 2009-04-05 22:02:50 +00:00
nekral-guest 2a3b84b888 * libmisc/isexpired.c: If there are no shadow entry, there is no
need to convert the password entry to a shadow entry. The password
	is valid.
2009-04-05 22:02:00 +00:00
nekral-guest f703b686da Fix typo. 2009-04-05 21:56:37 +00:00
nekral-guest 682eedb167 * man/usermod.8.xml: Split some paragraphs into smaller units. 2009-04-05 21:23:55 +00:00
nekral-guest 3511b1de80 Updated copyright dates. 2009-04-05 21:23:42 +00:00
nekral-guest 2f85113366 * man/shadow.5.xml: Rewrote to mention the meaning of special
values.
2009-04-05 21:23:35 +00:00
nekral-guest b23443630c * libmisc/pwd2spwd.c, src/chpasswd.c, src/newusers.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/useradd.c,
	src/usermod.c: On Jan 01, 1970, do not set the sp_lstchg field to
	0 (which means that the password shall be changed during the next
	login), but use -1 (password aging disabled).
	* src/passwd.c: Do not check sp_min if sp_lstchg is null or -1.
2009-04-05 21:23:27 +00:00
nekral-guest 7585fa0fe9 * src/chage.c: When no shadow entry exist, thedefault sp_lstchg
value should be -1 (no aging) rather than 0 (password must be
	changed).
	* src/chage.c: For password expiration and inactivity, indicate
	that the password must be changed when sp_lstchg is null rather
	than indicating that expiration and inactivity are not enabled.
2009-04-05 21:23:17 +00:00
nekral-guest 1ba2139d5c * libmisc/isexpired.c: Document the isexpired return value. 2009-04-05 21:23:06 +00:00
nekral-guest f67403ba01 * libmisc/age.c: Return a specific message when sp_lstchg is null. 2009-04-05 21:22:53 +00:00
nekral-guest 996e842149 Added missing space at the end of the question. 2009-03-22 12:32:40 +00:00
nekral-guest c2bb947c14 Remove unused variable. 2009-03-21 20:45:35 +00:00
nekral-guest d4fc74e43c * lib/sgetpwent.c, lib/sgetgrent.c: Use get_uid and get_gid to
validate the UIDs or GIDs instead of atoi/strtol.
2009-03-21 20:29:58 +00:00
nekral-guest a1dd26d2d6 * libmisc/get_gid.c, libmisc/get_uid.c, libmisc/Makefile.am,
lib/get_gid.c, lib/get_uid.c, lib/Makefile.am: get_uid.c and
	get_gid.c moved from libmisc/ to lib/.
2009-03-21 20:24:37 +00:00
nekral-guest 503976fc6a * src/grpck.c (check_members): When a member is removed, do not
increase the index.
	* src/grpck.c: Fix typo in messages and comments.
2009-03-21 19:42:48 +00:00
nekral-guest dab1523df5 * libmisc/sulog.c: Likewise for the su log. 2009-03-21 19:32:14 +00:00
nekral-guest a65c2c9b18 * src/vipw.c: Likewise for the backup file. 2009-03-21 19:28:02 +00:00
nekral-guest 5331930716 * src/usermod.c: Likewise for the faillog and lastlog file. 2009-03-21 19:25:02 +00:00
nekral-guest 96c7b12bc4 * src/useradd.c: Likewise for the default file, faillog, lastlog,
and mail spool.
2009-03-21 19:18:06 +00:00
nekral-guest 5dd5f51700 * lib/commonio.c: Call fsync before closing the backup file. This
ensures that the backup file is flushed to the storage medium.
2009-03-21 19:12:00 +00:00
nekral-guest df7abc5447 Fixed TODO item. 2009-03-15 21:43:24 +00:00
nekral-guest db7370d242 Added TODO items. 2009-03-15 21:38:46 +00:00
nekral-guest a8e9fc86eb * src/groupmod.c: Embed gshadow related cleanup in #ifdef
SHADOWGRP.
2009-03-15 21:38:08 +00:00
nekral-guest a402c4db3b * src/usermod.c: get_number() replaced by getlong().
* src/usermod.c: When the user is renamed, make sure we do not
	override an user with the same name (in passwd or shadow).
2009-03-15 21:34:20 +00:00
nekral-guest 780af2653a * src/gpasswd.c: log_gpasswd_success_gshadow is in the cleanup
stack only when the shadow group file is present.
2009-03-15 21:32:26 +00:00
nekral-guest 9372111aaa * NEWS, src/userdel.c: Make sure the user exists in the shadow
database before calling spw_remove().
	* NEWS, src/userdel.c: When the user's group is removed, make sure
	the group is in the gshadow database before calling sgr_remove().
	* src/userdel.c: Improve warning's wording.
2009-03-15 21:29:16 +00:00
nekral-guest 9fda9f5c28 * libmisc/cleanup.c: Fix del_cleanup. The arguments were not
desynchronized with the cleanup functions.
	* libmisc/cleanup.c: cleanup_function_args is an array of void
	pointer, not strings.
2009-03-15 21:15:48 +00:00
nekral-guest 80135cdc17 * libmisc/find_new_gid.c: Fix find_new_gid() the current group
database was not taken into account.
2009-03-15 21:12:57 +00:00
nekral-guest 6aa874a0a0 * libmisc/addgrps.c: Fix compilation warnings. 2009-03-15 21:10:35 +00:00
nekral-guest d1dac25379 * man/po/Makefile.in.in: xml2po cannot exclude one entity for
expansion. Make sure config.xml does not exist when the POT file
	is created in order to keep the configurations in the POT file
	* man/generate_translations.mak: make sure config.xml does not
	exist neither when the translated XML is generated. Add the
	missing %config; (strip out by xml2po). and make sure config.xml
	is present when the translated manpage is generated.
	* man/generate_mans.mak: config.xml is needed for the generation
	of manpages (already in the .deps for the English manpages, but
	needed for the translations).
	* man/Makefile.am: Added missing CREATE_HOME.xml.
2009-03-14 16:18:06 +00:00
nekral-guest 526e7ac972 * man/generate_mans.deps: Added Makefile dependency rules. 2009-03-14 13:29:55 +00:00
nekral-guest fa7bae1210 Updated TODO list. 2009-03-14 13:21:15 +00:00
nekral-guest d60f0a1a10 * etc/login.defs: Added note for PAM enabled configurations. 2009-03-14 13:20:25 +00:00
nekral-guest 78230efd01 Added config.xml to the list of ignored files. 2009-03-14 13:18:28 +00:00
nekral-guest 8411a8e8b4 * man/Makefile.am: Compute the dependencies for building the
manpages.
2009-03-14 13:16:55 +00:00
nekral-guest 295106b6a8 * libmisc/addgrps.c: Fix warnings. 2009-03-14 13:13:47 +00:00
nekral-guest 29381bf9d6 * man/po/fr.po: Added missing space. 2009-03-14 13:08:49 +00:00
nekral-guest 5a5cf15430 * man/lastlog.8.xml: Document that there might be entries, for
deleted users, that are not displayed.
2009-03-14 11:11:04 +00:00
nekral-guest 884a2de437 * man/chgpasswd.8.xml, man/chpasswd.8.xml: Fix the man page in
case SHA crypt is not supported.
2009-03-14 11:09:57 +00:00
nekral-guest 5349c79d12 * man/vipw.8.xml: MAX_MEMBERS_PER_GROUP is not used by vipw and
vigr.
2009-03-14 11:08:39 +00:00
nekral-guest 9ee627fe02 * man/login.defs.5.xml: Indicate that sg uses the same variables
as newgrp.
	* man/login.defs.5.xml: vipw does not use any variable.
	* man/login.defs.5.xml: In PAM enabled configurations, login still
	uses some login.defs variables.
2009-03-13 23:17:43 +00:00
nekral-guest 1def19ecea * man/usermod.8.xml: use a <replaceable> instead of a
<emphasis remap='I'>.
2009-03-13 23:14:18 +00:00
nekral-guest dc857372ed * man/newusers.8.xml: Document the behavior of newusers for each
field.
	* man/newusers.8.xml: Do not add the note on PAM on non-PAM
	enabled configurations.
2009-03-13 23:12:06 +00:00
nekral-guest 730fc8fc33 * src/faillog.c: Added support for the specification of a range of
users with -u.
	* src/faillog.c: Do not call print_one() for users which do not
	exist.
	* src/faillog.c: Make sure the user's entry is not outside the
	faillog file and initialize the faillog structure in that case.
	* src/faillog.c: Move print_one() closer to print().
	* src/faillog.c: reset(), setmax(), set_locktime() can also change
	entries of user which do not exist.
	* src/faillog.c: reset(), setmax() and set_locktime() shall not
	create entries for users which have no entries if the value has to
	be set to 0.
	* src/faillog.c: reset(), setmax() and set_locktime(): better
	handling of users whose entry is outside the faillog file.
	* src/faillog.c: Improved option handling. Options can now be
	specified in any order.
	* src/faillog.c: Improved warnings when options are not
	compatible or when the faillog cannot be open with the right mode.
	* src/faillog.c: Only fstat the faillog file once.
	* man/faillog.8.xml: Improved documentation.
2009-03-13 22:49:20 +00:00
nekral-guest fafe281d31 * src/useradd.c, man/useradd.8.xml: Added long name for the -l
option: --no-log-init.
2009-03-13 22:30:38 +00:00
nekral-guest f98b47eb55 * src/chpasswd.c: Make sure the SHA related variables is not
compiled when disabled at configuration time.
	* src/chgpasswd.c: Make sure the SHA related variables is not
	compiled when disabled at configuration time.
	* src/chgpasswd.c: Fix the test for getlong() failure.
2009-03-13 22:28:27 +00:00
nekral-guest e3e64317e8 * src/newusers.c: Make sure the SHA related variables are not
compiled when disabled at configuration time.
	* src/newusers.c: Added FIXME
2009-03-13 22:26:35 +00:00
nekral-guest f2c8017df4 * src/gpasswd.c: Remove the documentation of options from the
main() documentation. It will always be outdated here.
2009-03-13 22:21:26 +00:00
nekral-guest bf9036d27a * src/lastlog.c: lastlog variable renamed to ll to avoid name
clash with the structure.
	* src/lastlog.c: check the offset in print_one() so that it is
	used for the display of one entry or a set of entries.
	* src/lastlog.c: Do not loop over the whole user database when -u
	is used with a single user.
	* src/lastlog.c: Check the size of the lastlog file so that we
	can identify failures to read.
2009-03-13 22:20:20 +00:00
nekral-guest 87da822c7f * libmisc/salt.c: Removed l64a prototype. The libc declaration is
non static, but the internal definition is static.
2009-03-13 19:17:24 +00:00
nekral-guest 47a57bced1 Add TODO item for the testsuite. 2009-03-08 23:30:56 +00:00
nekral-guest 1dc04372df Compile fixes. Fixes warnings. 2009-03-08 23:30:25 +00:00
nekral-guest 27153ae92b * src/gpasswd.c: log_gpasswd_success_gshadow only exists ifdef
SHADOWGRP.
2009-03-08 23:29:46 +00:00
nekral-guest 28d7f83c87 * NEWS, src/newusers.c, src/usermod.c, src/useradd.c,
src/groupmod.c, src/groupadd.c: Make sure no user or group are
	created with an ID set to -1.
2009-03-08 20:43:15 +00:00
nekral-guest c1052e2df2 * NEWS, src/grpck.c, src/pwck.c: Issue a warning if an ID is set
to -1.
2009-03-08 20:29:22 +00:00
nekral-guest c9121d025f * NEWS, src/grpck.c, src/pwck.c: Issue a warning if an ID is set
to -1.
2009-03-08 20:28:55 +00:00
nekral-guest 0e2a3979f4 * libmisc/get_gid.c, libmisc/get_uid.c, libmisc/Makefile.am,
lib/prototypes.h: Added get_uid() and get_gid() to parse user and
	group IDs.
2009-03-08 20:26:56 +00:00
nekral-guest 186ea0e203 * libmisc/getlong.c: Make sure the getlong argument is not empty. 2009-03-08 20:21:24 +00:00
nekral-guest f47d9eba94 * contrib/adduser-old.c, contrib/adduser.c: Do not use the target
of snprintf in one of the format's parameters.
2009-03-07 16:32:11 +00:00
nekral-guest 7368452e49 * man/groupmems.8.xml: groupmems does not create new user. 2009-03-07 16:30:49 +00:00
nekral-guest 635ef3bbf8 Added TODO items. 2009-03-07 16:29:28 +00:00
nekral-guest b46fd9a2b4 * NEWS, po/LINGUAS, po/kk.po: Added Kazakh translation. Thanks to
Timur Birsh <taem@linukz.org>.
2009-03-03 20:53:20 +00:00
nekral-guest a62e781248 * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Avoid calling
getgrent()/getpwent() after they return NULL. This caused LDAP to
	return at the beginning of the group/user entries.
2009-02-22 23:23:15 +00:00
nekral-guest 32ef9c2135 * man/nologin.8.xml: Fix typo (HYSTORY -> HISTORY). 2009-01-27 18:17:54 +00:00
nekral-guest f2d6449374 * NEWS, src/gpasswd.c: Only report success to audit and syslog
when the changes are committed to the system. Do not log failure
	for on-memory changes to audit or syslog. Make sure failures and
	inconsistencies will be reported in case of unexpected failures
	(e.g. malloc failures). Only specify an audit message if it is not
	implicitly implied by the type argument. Removed fail_exit
	(replaced by atexit(do_cleanups)). Log failures in case of
	permission denied.
2009-01-26 22:03:37 +00:00
nekral-guest 7b532f0b44 - newusers should use the CREATE_HOME variable (and new options are needed)
- usermod
  - the mode of new home directories should be set according to the
    original mode. Does copy_tree does this?
2009-01-21 14:49:42 +00:00
nekral-guest af96cba0cc * etc/login.defs: Improve the documentation of UMASK. 2009-01-19 10:21:50 +00:00
nekral-guest a684cadbb6 * man/useradd.8.xml, man/login.defs.d/CREATE_HOME.xml,
man/login.defs.5.xml: Document the CREATE_HOME variable.
2009-01-19 10:00:53 +00:00
nekral-guest 6c85ca9661 * man/limits.5.xml: Remove space before an end of tag. 2009-01-19 09:51:53 +00:00
nekral-guest de60b7b2de * man/login.defs.d/UMASK.xml: Indicate how UMASK is used and
limitations.
2009-01-19 09:51:00 +00:00
nekral-guest d8c9236a18 * NEWS, src/su.c: Preserve COLORTERM in addition to TERM when su
is called with the -l option.
2009-01-06 20:13:31 +00:00
nekral-guest 2bb7007fcb * libmisc/chkname.c: Use a bool when possible instead of integers.
* libmisc/chkname.c: Add brackets and parenthesis.
2008-12-23 22:42:22 +00:00
nekral-guest 4c7d798307 * man/groupadd.8.xml, configure.in, man/config.xml.in: Use the
real group name length limit in the documentation.
2008-12-23 22:36:44 +00:00
nekral-guest 3cb730bcfe * src/Makefile.am: Only link with the needed library. When
compiled with PAM support, chfn, chsh, login, newgrp, passwd, and
	su do not need the libcrypt library.
2008-12-23 00:44:29 +00:00
nekral-guest 1b0a32d71c * libmisc/cleanup_group.c: Fix compilation when compiled without
shadow group support.
2008-12-23 00:39:54 +00:00
nekral-guest 915ec6531a * src/groupdel.c: Remove the fail_exit () declaration. 2008-12-22 23:23:14 +00:00
nekral-guest 1df7433e44 Fix typo. 2008-12-22 22:13:50 +00:00
nekral-guest 0bd396011a * src/gpasswd.c: Fix the support for usernames with arbitrary
length.
2008-12-22 22:13:23 +00:00
nekral-guest 6405b58a98 * libmisc/chkname.c: Remove outdated comments. 2008-12-22 22:08:13 +00:00
nekral-guest 9d977dba8e * src/groupdel.c: Re-indent. 2008-12-22 22:07:12 +00:00
nekral-guest ad7a108d60 * src/groupmod.c: Re-indent.
* src/groupmod.c: Do not add the command synopsis to the main ()
	documentation. This avoids outdated information.
2008-12-22 22:06:27 +00:00
nekral-guest fca6aeeea2 * src/groupadd.c: Re-indent. 2008-12-22 22:03:34 +00:00
nekral-guest 5b8ff14caf * libmisc/audit_help.c: Added audit_logger_message() to log
messages not related to an account.
	* lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c,
	libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of
	cleanup functions to be executed on exit.
	* NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only
	report success to audit and syslog when the changes are committed
	to the system. Do not log failure for on-memory changes to audit
	or syslog. Make sure failures and inconsistencies will be reported
	in case of unexpected failures (e.g. malloc failures). Only
	specify an audit message if it is not implicitly implied by the
	type argument. Removed fail_exit (replaced by atexit(do_cleanups)).
2008-12-22 21:52:43 +00:00
nekral-guest a438c2f184 * NEWS, src/gpasswd.c: Added support usernames with arbitrary
length.
2008-12-15 21:54:53 +00:00
nekral-guest 66cb5b33ad * configure.in: Fix the "$enable_acct_tools_setuid" = "yes" test. 2008-11-30 01:32:38 +00:00
nekral-guest c28c443d8f * NEWS, configure.in, libmisc/chkname.c: make group max length a
configure option.  The configure behavior encoded is:
	<no option> -> default of 16 (like today);
	--with-group-name-max-length -> default of 16;
	--without-group-name-max-length -> no max length;
	--with-group-name-max-length=n > max is set to n.
2008-11-30 01:29:40 +00:00
nekral-guest 93358ac3de * src/su.c: (!USE_PAM) Provide visible information indicating that
su was denied.
2008-11-23 12:10:21 +00:00
nekral-guest 0667aee3cc * man/ja/login.1: Fix the path of the utmp and wtmp files. 2008-11-23 00:16:53 +00:00
nekral-guest 2297508f13 * man/su.1.xml: Fix the su synopsis. username is referenced in the
manpage, not LOGIN.
2008-11-23 00:16:10 +00:00
nekral-guest 1a04bbb044 * libmisc/chowntty.c: Only closelog() when failure cause an exit. 2008-11-23 00:06:56 +00:00
nekral-guest cf31f05cfb * libmisc/chowntty.c: Improve the logs for fchown and fchmod
failures.
2008-11-23 00:05:39 +00:00
nekral-guest 2b290e7abb * libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
2008-11-22 23:56:51 +00:00
nekral-guest a324a7f13f * NEWS, libmisc/chowntty.c, libmisc/utmp.c: is_my_tty() moved from
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
	entry if the pid matches and ut_line matches with the current tty.
	This fixes a possible DOS when entries can be forged in the utmp
	file.
	* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
	tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
2008-11-22 23:56:11 +00:00
nekral-guest eb4097180b * NEWS, libmisc/chowntty.c: Fix a race condition that could lead to
gaining ownership or changing mode of arbitrary files.
2008-11-22 23:22:16 +00:00
nekral-guest 8d7e1faebf Added todo items for pwck. 2008-10-11 13:15:29 +00:00
nekral-guest c0311206c8 * man/gshadow.5.xml, man/shadow.5.xml, man/passwd.5.xml,
man/grpck.8.xml: Sorted SEE ALSO references.
	* man/gshadow.5.xml: Added reference to grpck(8) and grpconv(8).
	* man/pwck.8.xml: Added reference to grpck(8).
	* man/shadow.5.xml: Added reference to pwck(8).
	* man/passwd.5.xml: Added reference to pwck(8).
	* man/grpck.8.xml: Added reference to pwck(8).
2008-10-11 12:59:02 +00:00
nekral-guest 4b2f537795 * man/*.xml, man/login.defs.d/*.xml: Added copyright and licence
header.
2008-10-11 11:44:43 +00:00
nekral-guest 4d49f543dd * src/login.c: Always check the return value of the pam_* APIs. 2008-09-20 21:17:26 +00:00
nekral-guest d400af51fa * src/login.c, man/login.1.xml: the username is not an optional
parameter of -f. Fix the getopt optstring, remove the parsing of
	username in the -f processing block, and remove unnecessary checks
	(username cannot be parsed twice anymore), better documentation of
	the synopsis.
2008-09-20 20:20:19 +00:00
nekral-guest c8d2175981 * src/login.c: Erase the username later since it it used for the
fake password check (in case of empty password).
2008-09-20 20:05:22 +00:00
nekral-guest 11c7543c76 * src/login.c: Explicitly tag the end of the #ifdef RLOGIN
sections.
2008-09-20 20:03:04 +00:00
nekral-guest 29d4533047 * src/login.c: Check that no username is specified with -r.
* src/login.c: Make sure a username is specified with -f.
2008-09-20 20:00:51 +00:00
nekral-guest c813e692a2 * src/login.c: Copy the name of the user authenticated by PAM to
username. This simplify later logging (avoid USE_PAM
	conditional).
2008-09-20 19:54:35 +00:00
nekral-guest 65e32d850c * src/login.c: Use a dynamic buffer for usernames. 2008-09-20 19:44:12 +00:00
nekral-guest 9f2ce12b28 * src/login.c: Existence of pam_user was already checked. pwd was
already copied to pwent. Remove duplicated code.
2008-09-20 16:23:04 +00:00
nekral-guest f4860274be * src/login.c: check_flags() renamed process_flags(). All flag
processing blocs moved to process_flags().
2008-09-20 16:21:46 +00:00
nekral-guest 6b17118e72 * src/logoutd.c, src/userdel.c: Re-indent. This helps pmccabe. 2008-09-20 14:56:10 +00:00
nekral-guest 54a0762bbb * src/login.c: Re-indent. 2008-09-20 14:39:09 +00:00
nekral-guest 1e3f19ad89 * src/login.c: Add missing closing }. This was probably never
noticed because UT_ADDR is never defined.
2008-09-20 14:21:51 +00:00
nekral-guest 5b73a0492d * src/login.c: Do not mix USE_PAM and !USE_PAM code. 2008-09-20 14:17:20 +00:00
nekral-guest 9fa519c983 * src/login.c: Use failent_user to log to audit. username is the
caller, not the user login tries to authenticate.
	* src/login.c: Use pwd->pw_name instead of pwd->pw_uid. This might
	be more precise (name must be unique, uid might not be).
2008-09-20 13:20:31 +00:00
nekral-guest c71e7861ed * man/passwd.1.xml: passwd cannot change the full name of the
user, the user's login shell; but it can change the account or
	password validity period. Thanks to Reuben Thomas.
2008-09-20 10:53:00 +00:00
nekral-guest f3df48ab4f * src/useradd.c: Added missing declaration of Mflg.
* src/pwck.c: Only unlock files if they were locked before (e.g.
	not in read-only mode).
	* src/pwck.c: Quote the username in error messages (harmonization
	with other messages).
	* libmisc/find_new_gid.c: Fixed typo (s/grp->gr_gid/group_id/).
	* libmisc/find_new_gid.c: Likewise.
2008-09-14 13:42:10 +00:00
nekral-guest 5df1f2f683 * libmisc/setugid.c, src/login_nopam.c, src/suauth.c,
lib/getdef.c: Replace the %m format string by strerror(). This
	avoids errno to be reset between the system call error and the
	report function.
2008-09-13 18:03:50 +00:00
nekral-guest 0833bc3cc0 * lib/commonio.c: Ignore the return value of umask() when the mask
is set to the old value.
2008-09-13 11:55:50 +00:00
nekral-guest b18d46e68d * NEWS, etc/login.defs: New CREATE_HOME variable to tell useradd
to create a home directory for new users.
	* src/useradd.c, man/useradd.8.xml: New -M/--no-create-home option
	and CREATE_HOME usage. System accounts are not impacted by
	CREATE_HOME.
	* man/useradd.8.xml: Indicate that a new group is created by
	default.
	* src/useradd.c: Removed TODO item (moved to the TODO file).
2008-09-13 11:55:41 +00:00
nekral-guest d1f92a2225 * po/cs.po: Updated Czech translation.
Thanks to Miroslav Kuře
2008-09-13 11:55:30 +00:00
nekral-guest a279244709 * man/login.defs.d/USERGROUPS_ENAB.xml: Fix typo: new <para> tag
before the previous one is closed. This caused a missng
	explanation for USERGROUPS_ENAB.
2008-09-13 11:55:20 +00:00
nekral-guest b12db09e31 * man/groupadd.8.xml: Remove the list of (short) options from the
SYNOPSIS. Replaced with [options] for consistency with other tools
	and maintainability.
2008-09-13 11:55:08 +00:00
nekral-guest 4d6385633f New TODO item.
useradd:
  - Add support for -K in -D mode
2008-09-13 11:54:58 +00:00
nekral-guest 8c060833c8 From RedHat's patch shadow-4.1.2-sysAccountDownhill.patch
Thanks to Peter Vrabec.
	* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Build an
	index of used IDs to avoid a database request for each id in the
	allowed range (when the highest allowed ID is already used).
	This speedups the addition of users or groups when the highest
	allowed ID is already used. The additional memory usage of the
	tools should be acceptable when UID_MAX/SYS_UID_MAX are set to a
	reasonable number.
2008-09-13 11:54:49 +00:00
nekral-guest 70c9eeff05 * configure.in: Fix the dependency of ACCT_TOOLS_SETUID on
USE_PAM. Build failed with --without-libpam.
2008-09-07 20:40:41 +00:00
nekral-guest f91b828708 * libmisc/copydir.c: Call utimes() after closing the file. 2008-09-07 00:51:17 +00:00
nekral-guest 828e9d095e * libmisc/copydir.c, configure.in: Check for the presence of
st_mtim and st_mtimensec, as for st_atim and st_atimensec.
2008-09-07 00:05:38 +00:00
nekral-guest bab84a13ff Additional PAM cleanup:
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
	src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
	src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
	src/chsh.c: If the username cannot be determined, report it as
	such (not a PAM authentication failure).
2008-09-06 23:46:44 +00:00
nekral-guest 49f0d8b680 Support for blowfish was requested twice.
Add link to a patch for libxcrypt.
2008-09-06 22:52:35 +00:00
nekral-guest 4976708c00 * src/gpasswd.c: Document the long options in the usage. 2008-09-06 22:20:19 +00:00
nekral-guest 761cdf5dfc Remove done item:
- groupmems: 
  - need some work on add PAM and i18n support.
- userdel:
  - add lookop and remove per user group.
2008-09-06 21:53:12 +00:00
nekral-guest 2fb1dbfcd1 Remove done item:
PAM: add support for customization of the PAM support (i.e.
	support the Debian PAM configuration)
2008-09-06 21:50:15 +00:00
nekral-guest 8b3029e430 * NEWS: Added configure --enable-account-tools-setuid (default) /
--disable-account-tools-setuid options. This permits to disable
	the PAM authentication of the caller for chage, chgpasswd,
	chpasswd, groupadd, groupdel, groupmod, newusers, useradd,
	userdel, and usermod.  This authentication is not necessary when
	these tools are not installed setuid root.
2008-09-06 21:42:26 +00:00
nekral-guest f8aef607ae * configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
	account management tools: chage, chgpasswd, chpasswd, groupadd,
	groupdel, groupmod, useradd, userdel, usermod.
	* src/Makefile.am: Do not link the above tools with libpam if
	account-tools-setuid is disabled.
	* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
	src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
	src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
	(--enable-account-tools-setuid).
	* etc/pam.d/Makefile.am: Install the pam service file for the
	above tools only when needed.
	* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
	needed to initialize retval to PAM_SUCCESS.
2008-09-06 21:35:37 +00:00
nekral-guest bbae92e76f * libmisc/tz.c: tz() is only used when USE_PAM is not defined.
* lib/prototypes.h: Indicate functions whose presence depends on
	the USE_PAM flag.
2008-09-06 16:43:21 +00:00
nekral-guest c89eb6d7eb * libmisc/tz.c: tz() is only used when USE_PAM is not defined.
* lib/prototypes.h: Indicate functions whose presence depends on
	the USE_PAM flag.
2008-09-06 16:42:41 +00:00
nekral-guest 70cf08329b * src/groupmems.c: Call open_files() and close_files().
* src/groupmems.c: Always call check_perms(), which takes care of
	checking if --list is used.
2008-09-06 16:27:21 +00:00
nekral-guest a7b3bcb43c Fix typo. s/Prog/%s/ in the format string. 2008-09-06 16:00:00 +00:00
nekral-guest 18b7c8d188 * libmisc/obscure.c: Compare characters to '\0', not NULL. 2008-09-06 15:59:28 +00:00
nekral-guest f34a638b38 * lib/defines.h: Do not include <config.h>. This complicate
undefining some configuration macros when the file is included
	multiple times.
	* libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
	libmisc/xgetgrgid.c, libmisc/xgetgrnam.c, libmisc/xgetspnam.c:
	Include <config.h> from teh compiled C file, not the included
	getXXbyYY.c.
2008-09-06 15:58:23 +00:00
nekral-guest e48fb58753 Remove DONE item. 2008-09-06 14:00:11 +00:00
nekral-guest 18fc4505d3 * src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
	src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
	src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
	handle, but terminate the PAM transaction as soon as possible if
	there are no PAM session opened.
2008-09-06 13:28:02 +00:00
nekral-guest ee4e367ea8 * src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
	src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
	src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
	src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
	src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
	src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
	static to the file) so that it can be used by the helper functions
	of libmisc.
	* lib/prototypes.h: Added extern char *Prog.
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
	program name with the warning.
2008-09-06 12:51:53 +00:00
nekral-guest 7034a913fd * configure.in: Check if AUDIT_ADD_USER, AUDIT_DEL_USER,
AUDIT_ADD_GROUP, and AUDIT_DEL_GROUP are defined in <libaudit.h>.
2008-09-04 22:34:20 +00:00
nekral-guest e3ebd2c736 * src/useradd.c: Fix comment of lflg: it is also used for faillog. 2008-09-04 20:46:00 +00:00
nekral-guest 25d67da1da Updated TODO list. 2008-09-04 20:41:18 +00:00
nekral-guest 7e17182e4c * NEWS, src/groupmems.c, man/groupmems.8.xml: Document the long
options.
2008-09-04 20:20:20 +00:00
nekral-guest 7e0008a2d7 * lib/prototypes.h, libmisc/audit_help.c: Define new type
shadow_audit_result for the result argument of audit_logger().
	This permits stronger type checking and a better readability of
	the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
	* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
	Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
	of 0 or 1 in audit_logger().
2008-09-04 19:36:27 +00:00
nekral-guest a21809cdae * lib/prototypes.h, libmisc/audit_help.c: Define new type
shadow_audit_result for the result argument of audit_logger().
	This permits stronger type checking and a better readability of
	the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
	* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
	Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
	of 0 or 1 in audit_logger().
2008-09-04 19:35:48 +00:00
nekral-guest 3dcaaf87e7 * src/userdel.c: Log failures to remove the mailbox to syslog and
audit.
	* src/userdel.c: Log successful removal of home directory to audit
	only in case of success.
	* src/userdel.c: Move the audit log of failure to remove the home
	directory before the call to function that may exit.
	* src/userdel.c: Document that errors is only used to count errors
	during the removal of the home directory.
2008-09-03 21:22:04 +00:00
nekral-guest f3c7ca59c5 * src/useradd.c: Log errors to syslog in grp_update() since
changes have started to be reported to syslog.
	* src/userdel.c: Fix some result parameters sent to
	audit_logger().

	* NEWS: Following changes from a patch contributed by Steve Grubb
	<sgrubb@redhat.com>
	* src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead
	of AUDIT_USER_CHAUTHTOK.
	* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead 
	of AUDIT_USER_CHAUTHTOK.
	* src/useradd.c: Log to audit with type AUDIT_ADD_USER /
	AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of
	AUDIT_USER_CHAUTHTOK.
	* src/useradd.c: Add missing logs to audit.
	* src/userdel.c: Log to audit with type AUDIT_DEL_USER /
	AUDIT_DEL_GROUP instead of AUDIT_USER_CHAUTHTOK.
	* src/userdel.c: Add missing logs to audit.
2008-09-03 21:02:32 +00:00
nekral-guest ba98ffe152 Add Tobias' name. 2008-09-02 18:49:56 +00:00
nekral-guest abddd42aa0 * src/groupmems.c: Remove duplicated gr_open(). 2008-08-31 17:41:03 +00:00
nekral-guest 118303b9da * man/useradd.8.xml: Document that -o is only valid with -u 2008-08-31 17:31:08 +00:00
nekral-guest f74d7a9fd0 * man/useradd.8.xml: Document the /etc/default/useradd variables.
* man/useradd.8.xml: Fix the documentation of the GROUP variable
	(and -g/--gid option).
2008-08-31 17:31:00 +00:00
nekral-guest 12a9942732 Added TODO items for useradd. 2008-08-31 17:30:52 +00:00
nekral-guest a109ff1d85 * shadow.spec.in: Fix the source (new FTP). 2008-08-31 17:30:45 +00:00
nekral-guest 3766b78eba Added TODO items.
Removed done items.
2008-08-31 17:30:37 +00:00
nekral-guest 614e95af39 * src/su.c: Add brackets and parenthesis.
* src/su.c: Avoid implicit conversion of pointers to booleans.
2008-08-31 17:30:30 +00:00
nekral-guest 05e4cf9aae * libmisc/list.c: Added assertions for non NULL parameters. 2008-08-31 17:30:21 +00:00
nekral-guest d2c11f8bee * libmisc/list.c: Remove historical comment. 2008-08-31 17:30:12 +00:00
nekral-guest c04189bfb6 * src/pwconv.c, src/pwunconv.c: Fail if unexpected parameters are
provided.
2008-08-31 17:30:00 +00:00
nekral-guest 6c5e97e745 * src/passwd.c: Add brackets and parenthesis.
* src/passwd.c: Avoid implicit conversion of pointers to booleans.
	* src/passwd.c: Avoid assignments in comparisons.
2008-08-31 17:29:51 +00:00
nekral-guest 687ae4f4a8 Finish the support for shadow groups. 2008-08-31 17:29:41 +00:00
nekral-guest 87b56b19fb * NEWS, src/groupmems.c, man/groupmems.8.xml: Added support for
shadow groups.
	* src/groupmems.c: Use fail_exit() instead of exit().
2008-08-31 17:29:34 +00:00
nekral-guest 190a6e7687 re-indent. 2008-08-31 17:29:24 +00:00
nekral-guest 046fe0cfe0 * src/groupmems.c: Avoid mixed declarations and code. 2008-08-31 17:29:17 +00:00
nekral-guest 81e1dbc90e * src/groupmems.c: The grp structure returned by gr_locate is a
const. Duplicate this structure before working on it.
	* src/groupmems.c: Do not fail and do not display warnings if a
	close failure happens with the --list option. (Files are opened
	read-only).
2008-08-31 17:29:08 +00:00
nekral-guest 281721cd15 * src/gpasswd.c: Replace the 'valid' variable by is_valid to avoid
clashes with the valid() function.
2008-08-31 17:28:59 +00:00
nekral-guest 0fcae007a0 * libmisc/obscure.c: Add brackets and parenthesis.
* libmisc/obscure.c: Avoid implicit conversion of pointers / chars to
	booleans.
	* libmisc/obscure.c: Simplify the list of if.
2008-08-31 17:28:49 +00:00
nekral-guest 6b3266f228 * src/passwd.c: Fix a typo in the Usage string. 2008-08-31 17:28:39 +00:00
nekral-guest ce4152c817 * src/logoutd.c: Fail if
unexpected parameters are provided.
2008-08-31 17:28:30 +00:00
nekral-guest 73877b22c4 * src/grpunconv.c: Fail if unexpected parameters
are provided.
	* src/grpunconv.c: Indicate that argc is not used
	in the no SHADOWGRP version.
2008-08-31 17:28:21 +00:00
nekral-guest bf3e8f290c * src/grpconv.c, src/groups.c: Name the parameters in the
prototypes of the static functions.
	* src/grpconv.c: Fail if unexpected parameters are provided.
	* src/grpconv.c: Indicate that argc is not used in the no
	SHADOWGRP version.
2008-08-31 17:28:12 +00:00
nekral-guest 81a4edb776 Name the parameters in the prototypes of the static functions. 2008-08-31 17:28:03 +00:00
nekral-guest 399f453b4d * src/chgpasswd.c, src/chpasswd.c: Removed variable ok, which is
no more used.
2008-08-31 17:27:56 +00:00
nekral-guest 8e6c4b2e07 * src/chage.c: Fix the format for long integers (from %ul to %lu). 2008-08-31 17:27:47 +00:00
nekral-guest 4507bd32af * libmisc/utmp.c: Mark the line and host arguments of setutmp() as
not used in the __linux__ version.
2008-08-31 17:27:37 +00:00
nekral-guest e9a14b2409 * lib/nscd.c: Avoid redefinition of _GNU_SOURCE. 2008-08-31 17:27:26 +00:00
nekral-guest cd6a300222 * configure.in, src/login.c: Do not use HAVE_PAM_FAIL_DELAY, but
HAS_PAM_FAIL_DELAY, to avoid a redefinition with Linux PAM.
2008-08-31 17:27:16 +00:00
nekral-guest 978b3ef881 * configure.in: Indentation fix. 2008-08-31 17:27:06 +00:00
nekral-guest da693710f6 Revert " * src/groupmems.c: Added function open_°files and close_files to"
This reverts commit eb3860eb3647d1b092ffe9baa1eb2f73a27a0d87.
2008-08-31 17:26:55 +00:00
nekral-guest 71656e3cba * src/groupmems.c: Added function open_°files and close_files to
ease the support of gshadow.
	* src/groupmems.c: Always call check_perms(). This function now
	succeed when the requested action is to list the members.
2008-08-30 18:34:43 +00:00
nekral-guest 72d75d50d9 * src/groupmems.c: Added functions add_user(), remove_user(), and
purge_members() to ease the support of gshadow.
2008-08-30 18:34:24 +00:00
nekral-guest cdf963b2b3 * src/expiry.c: Use Basename for Prog.
* src/expiry.c: Added missing OPENLOG.
2008-08-30 18:34:04 +00:00
nekral-guest 6598f82111 Added brackets. 2008-08-30 18:33:37 +00:00
nekral-guest de11907053 * lib/nscd.c: Make sure the file is not empty when configured
without nscd support.
2008-08-30 18:33:13 +00:00
nekral-guest 8075d27e32 * configure.in: Remove the USE_NSCD AM_CONDITIONAL (USE_NSCD is
not used in any Makefile.am).
	* configure.in: Make sure posix_spawn is present when configured
	with nscd support.
2008-08-30 18:32:43 +00:00
nekral-guest 7109072b8f * lib/groupmem.c, lib/pwmem.c, lib/shadowmem.c: Added brackets and
parenthesis.
	* lib/groupmem.c, lib/pwmem.c, lib/shadowmem.c: Avoid assignments
	in comparisons.
2008-08-30 18:32:19 +00:00
nekral-guest cf4aea18b4 * libmisc/mail.c: Added brackets and parenthesis.
* libmisc/mail.c: Avoid assignments in comparisons.
2008-08-30 18:31:56 +00:00
nekral-guest 7bbaec8fed Added missing changes from last commit. 2008-08-30 18:31:35 +00:00
nekral-guest 68b7aad535 * configure.in: Check if the stat structure has a st_atim or
st_atimensec field.
	* libmisc/copydir.c: Conditionally use the stat's st_atim and
	st_atimensec fields.
2008-08-30 18:31:21 +00:00
nekral-guest f86b2704d5 * lib/groupio.h, lib/prototypes.h, lib/pwio.h, lib/sgetgrent.c:
Include <sys/types.h> before <pwd.h> and <grp.h>. It is necessary
	for the definition of uid_t and gid_t.
	* lib/pwmem.c: do not include <pwd.h>, "pwio.h" is sufficient
	here.
2008-08-30 18:30:58 +00:00
nekral-guest c59126a817 * configure.in, lib/nscd.h, lib/nscd.c: Added --with-nscd flag to
support systems without nscd.
2008-08-30 18:30:36 +00:00
nekral-guest b4899946ef Added missing include file (assert.h). 2008-08-30 18:30:15 +00:00
nekral-guest 76ea48bb64 * NEWS: Added support for uclibc.
* configure.in, libmisc/copydir.c: futimes() and lutimes() are not
	standard. Check if they are implemented before using them. Do not
	set the time of links if lutimes() does not exist, and use
	utimes() as a replacement for futimes().
2008-08-30 18:29:55 +00:00
nekral-guest 0802405344 * src/groupmems.c: Handle the options alphabetically. 2008-08-30 18:29:31 +00:00
nekral-guest 0c7df2f9a0 * src/groupmems.c: When removing an user, check if deluser is on
the list, not adduser. This fixes a segmentation fault for every
	call of groupmems -d.
	* libmisc/list.c: Add assertions to help identifying these issues.
	* libmisc/list.c: Avoid implicit conversion of pointers to
	booleans.
2008-08-30 18:29:08 +00:00
nekral-guest 77f81fa0b6 * NEWS, src/groupmems.c: Use the "groupmems" PAM service name
instead of "groupmod".
2008-08-30 18:28:45 +00:00
nekral-guest 8851893412 * src/chfn.c: Merge some translated messages.
* src/groupmems.c, src/groupadd.c, src/gpasswd.c, src/chsh.c,
	src/chfn.c: Harmonize *_update() failure messages.
	* src/groupmems.c: Harmonize gr_close() failure messages.
	* src/newgrp.c: Harmonize "unknown GID" messages.
	* src/newusers.c: Move the pwd declaration to a inner block scope.
2008-08-30 18:28:24 +00:00
nekral-guest aa2fee4969 * src/useradd.c: Harmonize some error messages.
* src/userdel.c: Add log to syslog when the mail file could not be
	removed.
	* src/userdel.c: Give more context an error message (merge with
	perror()).
	* src/usermod.c: Harmonize some error messages.
2008-08-30 18:27:59 +00:00
nekral-guest d7b55ce2bb * src/groupmems.c: Check the return value of gr_update().
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
	src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupmems.c,
	src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
	src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c,
	src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the error
	message sent to stderr in case of *_update () failure.
	* src/chage.c, src/chsh.c, src/groupadd.c, src/passwd.c: Do not
	log to syslog when pw_update() or spw_update() fail.
	* src/newusers.c: Do not log specific error message to stderr when
	sgr_update() fails.
	* src/pwconv.c: Remove duplicated definition of Prog.
2008-08-30 18:27:34 +00:00
nekral-guest 38a50366bc * src/chfn.c, src/chsh.c, src/expiry.c, src/gpasswd.c,
src/newgrp.c, src/passwd.c, src/su.c: Use the same stderr and
	syslog warnings when the username cannot be determined.
	* src/newgrp.c: Reuse the same stderr message for groups which do
	not exist in the system.
2008-08-30 18:27:07 +00:00
nekral-guest 307f703b99 * src/usermod.c: Log errors while *_close to syslog.
* src/usermod.c: Added missing }
2008-08-22 02:34:04 +00:00
nekral-guest 306f19b805 * src/grpconv.c: Use Basename for the definition of Prog. Prog
needs a file visibility.
	* src/grpunconv.c: Likewise.
2008-08-22 02:33:08 +00:00
nekral-guest 421085672b Fix typos. 2008-08-22 02:31:55 +00:00
nekral-guest b6dc6082ab Fix a typo (sgr_dbmane -> sgr_dbname) 2008-08-22 02:31:15 +00:00
nekral-guest a3be8ff055 * src/chfn.c: Do not exit on pw_unlock failures.
* src/grpconv.c, src/grpunconv.c, src/pwconv.c, src/pwunconv.c,
	src/vipw.c: Open syslog with the right identification name.
	* src/vipw.c: Log unlock errors to syslog.
	* src/vipw.c: Log edits to syslog.
	* src/chage.c, src/chfn.c, src/chsh.c, src/gpasswd.c,
	src/groupadd.c, src/groupdel.c, src/groupmod.c, src/grpconv.c,
	src/grpunconv.c, src/passwd.c, src/pwck.c, src/pwunconv.c,
	src/useradd.c, src/usermod.c: Harmonize the syslog levels. Failure
	to close or unlock are errors. Failure to open files are warnings.
2008-08-22 02:30:33 +00:00
nekral-guest c9119dc6bb * src/newusers.c: Open syslog with the right identification name.
* src/newusers.c: Mark the files as locked only if they are really
	locked (i.e. if shadow is not enabled, the files are not locked).
2008-08-22 02:29:31 +00:00
nekral-guest cfeacc4d67 * NEWS, src/gpasswd.c: Use getopt_long instead of getopt. Added
support for long options --add (-a), --delete (-d),
	--remove-password (-r), --restrict (-R), --administrators (-A),
	and --members (-M)
	* man/gpasswd.1.xml: Document the new long options.
	* src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is
	defined.
2008-08-22 02:28:15 +00:00
nekral-guest 7cc0389757 Remove done items. 2008-08-22 02:27:26 +00:00
nekral-guest 2bdcb9c33d * src/grpck.c: Added function fail_exit(). Check failure to unlock
files. Report errors to stderr and syslog, but continue.
	* src/grpconv.c: Check failure to unlock files. Report errors to
	stderr and syslog, but continue.
2008-08-22 02:26:46 +00:00
nekral-guest 7ae6b8fc34 * src/passwd.c: Check failure to unlock files. Report errors to
stderr and syslog, but continue.
2008-08-22 02:24:29 +00:00
nekral-guest 82779cd336 * src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
	src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
	src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
	of the variables keeping the lock status, to match the shadow
	library prefixes.
2008-08-22 02:22:34 +00:00
nekral-guest 82ed690817 * src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
	src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
	src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
	src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
	case of a lock failure, indicate to the user that she can try
	again later. Do not log to syslog.
2008-08-22 02:20:53 +00:00
nekral-guest 130553a578 Sort the NEWS entry alphabetically (per program name). 2008-08-22 02:18:48 +00:00
nekral-guest 1355d5d3eb * NEWS, src/passwd.c: For compatibility with other passwd version,
the --lock an --unlock options do not lock or unlock the user
	account anymore.  They only lock or unlock the user's password.
	* man/passwd.1.xml: Document above change. Document how an account
	can be locked and what a password lock means.
2008-08-22 02:16:21 +00:00
nekral-guest fa33bb9d0e * man/groupadd.8.xml: Fix the regular expression for group policy.
The final $ character is optional.
	* man/groupadd.8.xml: Likewise.
	* man/groupadd.8.xml: Indicate the maximum size of usernames.
2008-08-15 15:25:53 +00:00
nekral-guest 0ebc407246 * man/po/pl.po: Fix typo in the Polish translation (see
http://bugs.debian.org/491460)
2008-08-15 15:25:23 +00:00
nekral-guest 2c950c5cb5 * man/pl/Makefile.am: Do not build the Polish translation of
login.1 and su.1 (not enough translated). See
	http://bugs.debian.org/491460
2008-08-13 06:55:55 +00:00
nekral-guest 2722e6bb68 * man/shadow.5.xml: Fix typo. The password must be changed before
the maximum number of days, not after.
2008-08-13 06:55:37 +00:00
nekral-guest ce4e0b78bc Updated TODO file.
Added entries:
  * all: report nscd_flush_cache failures?
  * groupmems: Add support for gshadow
Removed entries:
  * groupmems: check reason for isgroup (function already removed)
2008-08-09 23:34:04 +00:00
nekral-guest 5d1795062f * src/groupmems.c: Harmonize the unlock failure messages. 2008-08-09 23:33:46 +00:00
nekral-guest b6cc69cd8f * src/pwck.c: Added fail_exit().
* src/pwck.c: Report failure to unlock files to stderr and
	syslog.
	* src/pwck.c: Report failure to sort to stderr, and exit with
	E_CANTSORT.
	* man/pwck.8.xml: Document return code 6 (E_CANTSORT).
2008-08-09 23:33:26 +00:00
nekral-guest 10e78fbd8e * src/vipw.c: Report failures to remove files to stderr.
* src/vipw.c: Report failures to unlock files to stderr.
2008-08-09 23:31:36 +00:00
nekral-guest e3e99974f8 * NEWS, src/groupmems.c: Added syslog support.
* src/groupmems.c: members() renamed display_members() to
	avoid name clash with its members argument.
	* src/groupmems.c: Report failure to unlock to syslog.
	* src/groupmems.c: Harmonize error messages.
	* src/groupmems.c: Report failures to write the new group file to
	syslog (gr_close() failure).
	* src/groupmems.c: Don't use fail_exit for non-failure exit.
2008-08-09 23:28:30 +00:00
nekral-guest e069125a2c * src/chsh.c: Added fail_exit().
* src/chsh.c: Use fail_exit() instead of exit(), this avoid
	calling closelog() every times.
	* src/chsh.c: Ignore the return value or pam_end().
	* src/chsh.c: Simplify the PAM error handling.
	* src/chsh.c: Report failure to unlock files to stderr and
	syslog.
2008-08-09 23:27:50 +00:00
nekral-guest 0528803da6 Include missing exitcodes.h 2008-08-09 23:27:05 +00:00
nekral-guest e5e00ce9d6 Improve commonalities between chgpasswd and chpasswd. 2008-08-09 23:25:49 +00:00
nekral-guest 69b276a712 * src/chpasswd.c: Added fail_exit().
* src/chpasswd.c: Added support for syslog.
	* src/chpasswd.c: Report failure to unlock files to stderr and
	syslog.
	* src/chpasswd.c: Simplify the PAM error handling.
	* src/chpasswd.c: Report failure during *_close() to syslog.
	* src/chpasswd.c: Ignore the return value or pam_end().
2008-08-09 23:25:18 +00:00
nekral-guest 5c04fe9b61 Added missing Prog. 2008-08-09 23:24:15 +00:00
nekral-guest 9c050c54ef Added missing Prog. 2008-08-09 23:23:44 +00:00
nekral-guest 3a07026740 Fix typo: missing O_RDWR parameter to *_open(). 2008-08-09 23:23:12 +00:00
nekral-guest 538db04950 * src/chgpasswd.c: Added fail_exit().
* src/chgpasswd.c: Added support for syslog.
	* src/chgpasswd.c: Report failure to unlock files to stderr and
	syslog.
	* src/chgpasswd.c: Simplify the PAM error handling.
	* src/chgpasswd.c: Report failure during *_close() to syslog.
	* src/chgpasswd.c: Ignore the return value or pam_end().
2008-08-09 23:22:00 +00:00
nekral-guest e2b778a38e * src/userdel.c: Report failure to remove entries from group or
gshadow to stderr.
	* src/userdel.c: Fail in case of failure during the write of a
	user or group database. Report errors to syslog.
	* src/userdel.c: Do not unlock non locked files.
	* src/userdel.c: Report failure to unlock the passwd or shadow
	file to stderr and syslog.
2008-08-07 08:44:06 +00:00
nekral-guest 85bc9c1d1a * src/pwunconv.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
2008-08-07 08:03:55 +00:00
nekral-guest 501ae11f51 * src/usermod.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
2008-08-07 08:03:38 +00:00
nekral-guest eb6cb5311b * src/newusers.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
	* src/newusers.c: In case of error when files are open or closed,
	indicate the failing file.
	* src/newusers.c: Do not try to unlock the files manually since
	this is done in fail_exit.
2008-08-07 08:03:13 +00:00
nekral-guest e3a5f66059 * src/chage.c: Report failure to unlock the passwd or shadow file
to stderr and syslog.
2008-08-07 08:02:52 +00:00
nekral-guest fd4b6cc52a * src/pwconv.c: Report failure to unlock the passwd or shadow file
to stderr and syslog.
	* src/pwconv.c: Report failure to chmod the backup file.
2008-08-07 08:02:34 +00:00
nekral-guest 93ccc35ff0 * src/grpunconv.c: Report failure to unlock the group or gshadow
files to stderr and syslog.
2008-08-07 08:02:13 +00:00
nekral-guest ccc49e8841 * src/chfn.c: Added fail_exit(). Check if the passwd file is
locked. Report failures to unlock to stderr and syslog.
	* src/chfn.c: Is case of failure, use fail_exit() rather than
	exit().
	* src/chfn.c: Ignore the return value of pam_end().
2008-08-07 08:01:44 +00:00
nekral-guest 7fc596fb8a * lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
	Added *_dbname() functions to retrieve the name of the databases.
	* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
	lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
	*_name() functions renamed *setname().
	* src/grpck.c, src/pwck.c: Likewise.
	* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
	the name of the arguments to the prototypes.
	* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
	src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
	src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
	src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
	src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
	Harmonize the erro & syslog messages in case of failure of the
	*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
	* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
	capitalized messages.
	* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
	in case of inexistent entries.
	* src/usermod.c:  Harmonize messages in case of already existing
	entries.
	* src/newusers.c, src/useradd.c: Simplify PAM error handling.
	* src/useradd.c: Report failures to unlock files (stderr, syslog,
	and audit). But do not fail (continue).
	* src/useradd.c (open_files): Do not report to syslog & audit
	failures to lock or open the databases. This might be harmless,
	and the logs were not already informed that a change was
	requested.
	* src/usermod.c: It's not the account which is unlocked, but its
	password.
2008-08-06 15:57:31 +00:00
nekral-guest b0fe7d3a0b * src/groupadd.c: Only call gr_unlock() and sgr_unlock() in the
group or gshadow files were previously locked.
	* src/groupadd.c: Make sure failures are reported to syslog/audit
	after the change is mentioned.
	* src/groupmod.c: Add logging to syslog & audit on lock/unlock
	failures.
	* src/groupmod.c: Make sure issues are reported to syslog or audit
	after the change is mentioned.
	* src/groupdel.c: Only call gr_unlock() and sgr_unlock() in the
	group or gshadow files were previously locked.
	* src/groupdel.c: Simplify the handling of PAM errors.
2008-08-06 15:56:51 +00:00
nekral-guest 6461841ccd * Merge two is_shadowgrp blocks.
* Indicate that we continue when *_unlock fail
2008-08-06 15:55:57 +00:00
nekral-guest 75e65f72c2 Re-indent. 2008-08-06 15:55:16 +00:00
nekral-guest 2cba7fdfcd * src/groupdel.c: Add logging to syslog & audit on lock/unlock
failures.
2008-08-06 15:54:49 +00:00
nekral-guest 9ddc88dd9d * src/groupdel.c: Harmonize error & syslog messages. 2008-08-06 15:54:16 +00:00
nekral-guest bc8456425d * src/groupmod.c: Harmonize error & syslog messages. 2008-08-06 15:53:50 +00:00
nekral-guest 7eab6d9958 * src/groupadd.c: Harmonize error & syslog messages.
* src/groupadd.c: Add logging to syslog in some error cases.
2008-08-06 15:53:30 +00:00
nekral-guest 2bf3f0c03c * src/gpasswd.c: Warn and log to syslog and audit when group or
gshadow cannot be unlocked, but do not fail.
2008-08-06 15:52:42 +00:00
nekral-guest 9eea2344fc * src/gpasswd.c: Harmonize error & syslog messages. 2008-08-06 15:52:21 +00:00
nekral-guest 538600ef48 * src/chfn.c, src/chsh.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/login.c, src/logoutd.c,
	src/newgrp.c, src/newusers.c, src/passwd.c, src/pwck.c,
	src/suauth.c, src/useradd.c, src/userdel.c, src/usermod.c,
	src/vipw.c: Complete the switch from the `' quotation style to ''.
	Do it also in SYSLOG messages. Quote some parameters. All this
	permits to merge some messages.
2008-08-06 15:51:52 +00:00
nekral-guest 2ebd2a08ff Added Lukáš Kuklínek. 2008-07-31 16:50:59 +00:00
nekral-guest 6713942f83 * src/groupmems.c: Only check if the adduser user exists when an
user is specified with -a.
2008-07-30 14:11:09 +00:00
nekral-guest c6f5ce280f * src/groupmems.c: Fix the groupmems' usage message. The -D option
is in fact -p.
2008-07-30 00:27:55 +00:00
nekral-guest 9aad7a3783 * src/groupmems.c: Replace an if test by an else. 2008-07-27 22:30:47 +00:00
nekral-guest a22551d56b * src/groupmems.c: Ignore the return value of fputs(). 2008-07-27 22:30:39 +00:00
nekral-guest d6f96fa07e * src/groupmems.c (whoami): Make sure usr and grp are not NULL
before dereferencing them.
2008-07-27 22:30:31 +00:00
nekral-guest 5a0715fd6c * src/groupmems.c: Use xstrdup() rather than strdup(). 2008-07-27 22:30:22 +00:00
nekral-guest 717110d355 * src/groupmems.c: Add parenthesis.
* src/groupmems.c: Avoid implicit conversion of pointers / chars to
	booleans.
2008-07-27 22:30:12 +00:00
nekral-guest d5c6257ac2 * NEWS, src/groupmems.c: Allow everybody to list the users of a group.
This information is publicly available in /etc/group.
	* NEWS, src/groupmems.c: Open /etc/group read only for the -l option.
2008-07-27 02:33:37 +00:00
nekral-guest 88fce52fbf * man/groupmems.8.xml: Sort options alphabetically. 2008-07-27 02:11:32 +00:00
nekral-guest 8f3ee46325 Harmonize error messages and add the prototypes for whoami(), members(), and usage(). 2008-07-27 01:47:56 +00:00
nekral-guest aa035f9853 * src/groupmems.c (check_perms): Simplify. Always call pam_end()
at the end of the authentication.
2008-07-27 01:41:07 +00:00
nekral-guest b2f5629de8 * src/groupmems.c: Add fail_exit() to remove the group lock file
in case of failure. Replace the calls to exit() by fail_exit().
2008-07-27 01:35:08 +00:00
nekral-guest db98798134 * src/groupmems.c: Reduce the number of checks. Isolate the
parameters setting and permissions checking.
2008-07-27 01:16:13 +00:00
nekral-guest d4227e75cd * src/groupmems.c: Add functions process_flags() and check_perms()
from code of main().
	* src/groupmems.c: Harmonize the failure message in case of PAM
	failure with the other programs.
2008-07-27 00:59:42 +00:00
nekral-guest e6c015e0d0 * src/groupmems.c: Remove isgroup(), which always returns TRUE. 2008-07-27 00:35:04 +00:00
nekral-guest 44db9db053 * src/groupmems.c: Reuse the functions from libmisc/list.c to deal
with user lists. addtogroup() was broken when realloc() move the
	memory area.
	* src/groupmems.c: Report failures with the name of the program.
2008-07-27 00:21:42 +00:00
nekral-guest 4c2ed7b52e * src/groupmems.c: EXIT_READ_GROUP changed to EXIT_INVALID_GROUP.
* src/groupmems.c: EXIT_INVALID_USERNAME changed to EXIT_INVALID_USER.
	* src/groupmems.c: Fix typos.
2008-07-27 00:11:25 +00:00
nekral-guest 6f571dbfc6 * src/groupmems.c: Really use booleans.
* src/groupmems.c: Change isroot() to a macro that returns a
	boolean.
2008-07-26 16:24:27 +00:00
nekral-guest a363e1c51f * lib/defines.h: Make sure the booleans are defined before using
them.
2008-07-26 16:13:29 +00:00
nekral-guest b684ea837d 2008-07-26 Nicolas François <nicolas.francois@centraliens.net>
* src/groupmems.c: Added Prog global variable to indicate the name
	of the program in error messages.

2008-07-22  Lukáš Kuklínek  <lkukline@redhat.com>

	* NEWS, src/groupmems.c: Check if the user added to group actually
	exist. RedHat bug #455603
	* NEWS, src/groupmems.c: Check if the group exists in the group
	local database (/etc/group). RedHat bug #456088
2008-07-26 16:11:49 +00:00
nekral-guest d4eced9b84 * lib/prototypes.h: Fix getrange prototype. 2008-07-21 22:45:49 +00:00
nekral-guest a674a2e6fd Re-indent. 2008-07-21 22:45:08 +00:00
nekral-guest 276e406c0f * README, NEWS, configure.in, lib/pam_defs.h, src/login.c: Add
support for OpenPAM.
2008-07-21 21:14:06 +00:00
nekral-guest 7ac0323c7b * src/chage.c: Ignore the return value of pam_end() before exiting.
* src/chage.c: Ignore return values of strftime(), snprintf(),
	puts(), printf(), and fputs().
	* src/chage.c: Check the return value of asctime().
2008-07-11 22:31:43 +00:00
nekral-guest 95c78ce92b * lib/gshadow.c: Avoid assignments in comparison. 2008-07-11 22:23:42 +00:00
nekral-guest 21c692d23f Re-inject the changes from 4.1.2.1. 2008-07-11 22:20:43 +00:00
nekral-guest 5b194e290c Fix typo. 2008-07-11 22:04:02 +00:00
nekral-guest 22fb4fe019 * src/usermod.c: Do not call usr_update() if it will have no
effects. This avoid checking if the user exists in the local passwd
	file if not necessary, and thus allow to add LDAP users to local
	groups. (The user is already checked against the system
	configuration with getpwnam()). Thanks to Dan Kopecek.
2008-07-11 21:50:05 +00:00
nekral-guest 62c8e79676 * src/usermod.c: Split update_files() into update_lastlog() and
update_faillog(). Report errors (but don't fail) if the file
	exist, but open(), lseek(), read(), write(), or close() fails.
	* src/usermod.c: Add brackets and parenthesis.
	* src/usermod.c: Ignore the return value of pam_end() before
	exiting.
	* src/usermod.c: Ignore the return value of strftime(),
	snprintf(), and puts().
	* src/usermod.c: Check the return value of gmtime() and asctime(),
	and output the raw time_t on failures.
2008-07-11 20:52:44 +00:00
nekral-guest e4e3bd5175 * libmisc/setugid.c: Add brackets. 2008-07-11 20:23:07 +00:00
nekral-guest eb18ee624f Re-indent. 2008-06-17 22:00:36 +00:00
nekral-guest 6298ca94cb * libmisc/env.c: Avoid implicit conversion of pointers / chars to
booleans.
	* libmisc/env.c: Add brackets and parenthesis.
	* libmisc/env.c: Ignore the return value of puts() and fputs().
	* libmisc/env.c: Avoid multi-statements lines.
2008-06-17 21:58:46 +00:00
nekral-guest 7c9270d7a5 Re-indent. 2008-06-17 21:17:45 +00:00
nekral-guest 5f9226b14b * libmisc/utmp.c: Avoid implicit conversion of pointers / chars to
booleans.
	* libmisc/utmp.c: Add brackets and parenthesis.
	* libmisc/utmp.c: Exit with the EXIT_FAILURE status code in case
	of failure.
	* libmisc/utmp.c: Avoid assignments in comparisons.
	* lib/prototypes.h, libmisc/utmp.c: Change setutmp()'s prototype
	to return an int because pututline() and pututxline() may fail.
2008-06-17 21:13:30 +00:00
nekral-guest 9320075030 * libmisc/audit_help.c: Added one string for translation.
* po/POTFILES.in: Added libmisc/audit_help.c,
	libmisc/find_new_gid.c, libmisc/find_new_uid.c, libmisc/getlong.c,
	libmisc/getrange.c, libmisc/xgetXXbyYY.c, and libmisc/yesno.c.
	Removed libmisc/find_new_ids.c
2008-06-17 20:52:19 +00:00
nekral-guest ca032792bd * src/useradd.c: If the faillog file exist, warn in case of
failure when open(), lssek(), write() or close() fails when the
	new user's faillog entry is reset.
	* src/useradd.c: Ditto for the lastlog entry.
2008-06-15 22:25:51 +00:00
nekral-guest abb95d5aab * libmisc/limits.c: Add brackets and parenthesis.
* libmisc/limits.c: Avoid implicit conversion of pointers /
	integers to booleans.
	* libmisc/limits.c: Ignore the return value of umask(). We will
	never return to the original umask.
	* libmisc/limits.c: Avoid multi-statements lines.
	* libmisc/limits.c: Added default to a switch(). Report invalid
	limit strings to syslog.
	* libmisc/limits.c: Ignore the return value of fclose().
	/etc/limits is open read-only.
	* libmisc/limits.c: Ignore the return value of fputs() and
	sleep().
	* libmisc/limits.c: Check the return value of nice() and
	set_filesize_limit(), and report errors to syslog.

	* libmisc/ulimit.c, lib/prototypes.h: Return failures of
	set_filesize_limit(). Change the prototype to return an int
	instead of void.
2008-06-15 21:59:41 +00:00
nekral-guest dcd480ffd9 * libmisc/failure.c: Try to close the open file if a failure
occured during lseek(), read() or write().
2008-06-15 19:16:34 +00:00
nekral-guest 68cdac68cb * libmisc/log.c: Check return values. If lseek() failed, avoid
reading or writing at an unspecified location. Log to syslog in
	case of failure.
	* libmisc/log.c: Use the right casts.
2008-06-15 19:15:15 +00:00
nekral-guest e1307ea789 * libmisc/find_new_ids.c, libmisc/find_new_gid.c,
libmisc/find_new_uid.c, libmisc/Makefile.am, lib/prototypes.h:
	Split find_new_ids.c into find_new_gid.c and find_new_uid.c to
	ease the description of login.defs variables in the different
	tools.
2008-06-15 18:33:52 +00:00
nekral-guest 52fe9f62f6 * libmisc/failure.c: Ignore the return value of strftime() and
printf().
	* libmisc/failure.c: Fix syslog call. The UID is not available.
	User the username specified in the utmp/utmpx entry.
2008-06-15 00:01:46 +00:00
nekral-guest f42160862a * lib/defines.h: Avoid implicit conversion of pointers to
booleans.
	* lib/defines.h: Ignore return values of setlocale() except the
	first call.
	* lib/defines.h: Fix a splint observer warning by using an
	intermediate variable (old_locale).
2008-06-14 23:41:38 +00:00
nekral-guest 1b631c42ef * libmisc/failure.c: Check return values. If lseek() failed, avoid
reading or writing at an unspecified location. Log to syslog in
	case of failure when reading a faillog entry or writing in
	faillog or btmp.
	* libmisc/failure.c: Check if the file exist before opening it.
	* libmisc/failure.c: Log failures of open() and close() when
	necessary.
2008-06-14 23:38:43 +00:00
nekral-guest 0afd6a8312 * lib/prototypes.h: Add the getrange() prototype.
* lib/prototypes.h: Fix the valid_field() prototype (does not
	return an bool).
	* lib/prototypes.h: Fix the valid() prototype (it does return a
	bool).
2008-06-14 21:11:19 +00:00
nekral-guest 4ac21ca652 * lib/getdef.c: Fix the getdef_ulong() prototype.
* lib/getdef.h: Fix the getdef_ulong() prototype.
2008-06-14 21:09:33 +00:00
nekral-guest dbbae8dcd3 * src/lastlog.c: Use getrange to parse the range of users.
* src/lastlog.c: umin and umax do not need to be signed long. Use
	an unsigned long which might be needed to parse a GID or UID. Add
	the has_umin and has_umax to replace the -1 values.
	* src/lastlog.c: Cast dates to time_t.
	* src/lastlog.c: Prefix lastlog errors with "lastlog: ".
2008-06-14 21:06:53 +00:00
nekral-guest eed5fc7179 * libmisc/getlong.c: Reset errno before calling strtol().
Otherwise, errno could be already set to ERANGE.
2008-06-14 21:02:52 +00:00
nekral-guest b8c5483b85 * libmisc/Makefile.am, libmisc/getrange.c: Added function to parse
a range (useful for lastlog).
2008-06-14 21:01:11 +00:00
nekral-guest 4f12c31e3b * src/chsh.c: <signal.h> is not needed. 2008-06-14 15:03:58 +00:00
nekral-guest 53543b9b6a * lib/prototypes.h: Define AUDIT_NO_ID to (unsigned int) -1. This
value should be used when the ID should not be considered.
	* lib/prototypes.h: Fix the prototype of do_rlogin() according to
	earlier changes.
2008-06-13 21:57:47 +00:00
nekral-guest afafd0f683 * lib/shadow.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spwd.sp_flag.
	* lib/shadow.c: Add brackets.
	* lib/shadow.c: Avoid implicit conversion of pointers to
	booleans.
	* lib/shadow.c: The size argument of fgets is an int, not a
	size_t.
2008-06-13 21:55:51 +00:00
nekral-guest d65354efcf * lib/commonio.c: len should be typed ssize_t as it is the return
of read(), and is compared to 0. Cast to size_t when necessary.
2008-06-13 21:53:41 +00:00
nekral-guest d3abd86df5 * libmisc/find_new_ids.c: Use getdef_ulong to retrieve UIDs/GIDs
from login.defs. Type constants to long integers.
2008-06-13 21:49:57 +00:00
nekral-guest 838f39d0fd * lib/gshadow.c: Use a bool when possible instead of int integers.
* lib/gshadow.c: Remove __setsgNIS() -never used).
	* lib/gshadow.c: Avoid multi-statements lines.
	* lib/gshadow.c: Avoid assignments in comparisons.
	* lib/gshadow.c: ptr[nelem] is a string. Initialize it to NULL
	instead of '\0'.
	* lib/gshadow.c: Add brackets and parenthesis.
	* lib/gshadow.c: The size argument of strncpy is a size_t and the
	size argument of fgets is an int.
2008-06-13 21:45:47 +00:00
nekral-guest 4589ba350f * lib/groupio.c: Add brackets.
* lib/groupio.c: Make sure malloc receives a size_t.
	* lib/groupio.c: Avoid multi-statements lines.
2008-06-13 21:39:24 +00:00
nekral-guest 92143eb7b9 * lib/sgetspent.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spwd.sp_flag.
2008-06-13 21:36:41 +00:00
nekral-guest c9679b7954 * lib/getdef.h, lib/getdef.c: Add getdef_ulong().
* lib/getdef.c: Added TODOs because of lack of error checking.
	* lib/getdef.c: The size argument of fgets is an int, not a
	size_t.
	* lib/getdef.c: Avoid multi-statements lines.
2008-06-13 21:35:22 +00:00
nekral-guest 5fc99a117b * src/id.c: Make sure malloc receives a size_t.
* src/id.c: Use a %lu format and cast group and user IDs to
	unsigned long integers.
2008-06-13 21:31:23 +00:00
nekral-guest 87ba782106 * src/sulogin.c: Ignore the return value of signal(). 2008-06-13 21:30:09 +00:00
nekral-guest dd8a09ce8d * src/groups.c: sys_ngroups is only used when HAVE_GETGROUPS is
defined.
2008-06-13 21:29:13 +00:00
nekral-guest ba7dde0168 * src/faillog.c: Ignore return value of time() when use with a
non NULL argument.
	* src/faillog.c: Use a %lu format and cast number of days to
	unsigned long integers.
	* src/faillog.c: Cast dates to time_t.
2008-06-13 21:28:11 +00:00
nekral-guest 3a03794bb6 * src/login.c: Ignore the return value of signal().
* src/login.c: Use a %lu format and cast group and user IDs to
	unsigned long integers.
	* src/login.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-13 21:25:15 +00:00
nekral-guest fe753e24a3 * src/chage.c: Add the arguments' names in the functions
prototypes.
	* src/chage.c: The ID argument of audit_logger is an unsigned
	int. Use AUDIT_NO_ID instead of -1.
	* src/chage.c: print_date() received a time_t.
	* src/chage.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of spwent.sp_flag.
2008-06-13 21:23:09 +00:00
nekral-guest 42a4604461 * src/groupadd.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
	* src/groupadd.c: Cast the parsed GID/UID to a gid_t/uid_t.
2008-06-13 21:19:07 +00:00
nekral-guest a70898fc28 * src/pwck.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
	* src/pwck.c: Cast number of days to a long integer.
	* src/pwck.c: Use the SCALE macro instead of (24L * 3600L)
	for the values to be set in /etc/shadow.
	* src/pwck.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of spent.sp_flag.
2008-06-13 21:16:01 +00:00
nekral-guest 186eef69dc * src/passwd.c: Ignore return value of time() when use with a
non NULL argument.
	* src/passwd.c: Cast number of days to a long integer.
2008-06-13 21:09:14 +00:00
nekral-guest c3a380ade8 * src/groupmod.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
	* src/groupmod.c:  Use a %lu format and cast group and user IDs to
	unsigned long integers.
	* src/groupmod.c: Cast the parsed GID/UID to a gid_t/uid_t.
2008-06-13 21:08:06 +00:00
nekral-guest 936bd6a191 * src/useradd.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
	* src/useradd.c: Cast the parsed GID/UID to a gid_t/uid_t.
	* src/useradd.c: The size argument of fgets is an int, not a
	size_t.
	* src/useradd.c: Cast number of days to a long integer.
	* src/useradd.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of spent.sp_flag.
	* src/useradd.c: Use a %lu format and cast group and user IDs to
	unsigned long integers.
2008-06-13 21:06:04 +00:00
nekral-guest 73d36f5ece Fix typo. 2008-06-13 21:02:26 +00:00
nekral-guest 00431d772e * src/su.c: fork() and waitpid() return a pid_t, not an int.
* src/su.c: Add brackets and parenthesis.
	* src/su.c: Ignore the return value of signal().
2008-06-13 21:02:07 +00:00
nekral-guest a22c7e731a * src/groupdel.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
2008-06-13 20:59:04 +00:00
nekral-guest 398cf8ee6f * src/expiry.c: Ignore the return value of signal(). 2008-06-13 20:57:20 +00:00
nekral-guest e50ff5c7b5 * src/newusers.c: Fix the check for GID/UID validity.
* src/newusers.c: Comment why we use both getgrgid() and
	gr_locate_gid().
	* src/newusers.c: Cast the parsed GID/UID to a gid_t/uid_t.
	* src/newusers.c: Cast the number of days to a long integer.
	* src/newusers.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of spent.sp_flag.
	* src/newusers.c: The size argument of fgets is an int, not a
	size_t.
2008-06-13 20:56:44 +00:00
nekral-guest 906e8c0001 * src/usermod.c: Cast dates to time_t, and number of days to a
long integer.
	* src/usermod.c: Cast UIDs and GIDs to uid_t and gid_t after
	checking the ranges.
	* src/usermod.c: The ID argument of audit_logger is an unsigned
	int.
	* src/usermod.c: read() returns a ssize_t.
	* src/usermod.c: Cast the return value of malloc and make sure it
	receives a size_t.
2008-06-13 20:40:04 +00:00
nekral-guest 2fa4cedb1e * src/logoutd.c: Ignore return value of time() when use with a
non NULL argument.
2008-06-13 20:34:46 +00:00
nekral-guest 47210d9a1a * src/pwconv.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of sp.sp_flag.
	* src/pwconv.c: Cast number of days to a long integer.
2008-06-13 20:33:38 +00:00
nekral-guest d1881d1b56 * src/gpasswd.c: The ID argument of audit_logger is an unsigned
int.
	* src/gpasswd.c: Ignore the return value of signal(). The signal
	handlers are only changed for the last steps of gpasswd, and there
	is no need to restore them.
2008-06-13 20:29:58 +00:00
nekral-guest 6713a2ce67 * src/userdel.c: The ID argument of audit_logger is an unsigned
int.
	* src/userdel.c: fork() and wait() return a pid_t, not an int.
2008-06-13 20:23:26 +00:00
nekral-guest f626317e90 * src/newgrp.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
	* src/newgrp.c: The ID argument of audit_logger is an unsigned
	int.
	* src/newgrp.c: Ignore the return value of signal() (the signal
	handlers are assumed to be the default one and are restored
	later).
	* src/newgrp.c: Do not checl if a pid_t is < 0, check if equal
	to (pid_t)-1.
2008-06-13 20:21:24 +00:00
nekral-guest 56327f6298 * libmisc/isexpired.c: Cast number of days to a long integer.
* libmisc/isexpired.c: Add brackets and parenthesis.
2008-06-13 20:12:03 +00:00
nekral-guest 7d05c4a2b0 * libmisc/copydir.c: Do not specify a size of arrays in the
prototypes.
	* libmisc/copydir.c: Use a size_t for the length of strings.
	* libmisc/copydir.c: Cast the return value of malloc().
	* libmisc/copydir.c: The size argument of write() is a size_t.
2008-06-13 20:10:53 +00:00
nekral-guest 232bcafd7c * libmisc/pwd2spwd.c: Cast number of days to a long integer.
* libmisc/pwd2spwd.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of sp.sp_flag.
2008-06-13 20:08:33 +00:00
nekral-guest c82cfebd5e * lib/defines.h: Include <config.h> since it uses the macro that
might be defined in this header file.
	* lib/defines.h: Prefer checking if HAVE_LOCALE_H or ENABLE_NLS
	are defined (rather than set to non 0).
	* lib/defines.h: The dummy implementations of bindtextdomain() and
	textdomain() should return a pointer. Return NULL instead of
	/* empty */
	* lib/defines.h: Define SHADOW_SP_FLAG_UNSET, to be used for the
	initialization of sp_flag field of the shadow structures.
	* lib/defines.h: Define LC_ALL, needed even if HAVE_LOCALE_H is
	not defined.
2008-06-13 20:05:51 +00:00
nekral-guest 07a6bcaa77 * libmisc/sulog.c: Ignore the return value of umask() when the
mask is restored.
	* libmisc/sulog.c: Add brackets.
	* libmisc/sulog.c: Ignore return value of time() when use with a
	non NULL argument.
2008-06-13 19:52:58 +00:00
nekral-guest fe0e4f635e * libmisc/log.c: Avoid assignments in comparisons.
* libmisc/log.c: Add brackets and parenthesis.
	* libmisc/log.c: read() returns a ssize_t (note size_t).
	* libmisc/log.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/log.c: Ignore return value of time() when use with a
	non NULL argument.
2008-06-13 19:50:49 +00:00
nekral-guest 815ffb7d3e * libmisc/strtoday.c: Avoid implicit conversion of pointers to
booleans.
	* libmisc/strtoday.c: Add brackets and parenthesis.
2008-06-13 19:48:11 +00:00
nekral-guest 7f8c48834f * libmisc/salt.c: Use a size_t for the size of strings instead of
unsigned int.
	* libmisc/salt.c: Add brackets and parenthesis.
	* libmisc/salt.c: Avoid assignments in comparisons.
2008-06-13 19:37:15 +00:00
nekral-guest 0a6ce91369 * libmisc/age.c: fork() and wait return a pid_t, not an int.
* libmisc/age.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/age.c: Avoid assignments in comparisons.
	* libmisc/age.c: Ignore the return value of printf(), puts(),
	fputs() and fflush().
	* libmisc/age.c: Add brackets and parenthesis.
	* libmisc/age.c: Cast the return value of time() to long and
	converted to a date.
2008-06-13 19:24:27 +00:00
nekral-guest 71dda8b648 * libmisc/rlogin.c: The size argument of read() is a size_t.
Propagate this time to the callers (the get_remote_string() and
	do_rlogin() functions).
	* libmisc/rlogin.c: Add brackets and parenthesis.
	* libmisc/rlogin.c: Avoid multi-statements lines.
	* libmisc/rlogin.c: Avoid assignments in comparisons.
	* libmisc/rlogin.c: Avoid implicit conversion of pointers to
	booleans.
2008-06-13 18:34:27 +00:00
nekral-guest 2296db3db6 * libmisc/failure.c: Avoid assignments in comparisons.
* libmisc/failure.c: read() returns a ssize_t.
	* libmisc/failure.c: Add brackets and parenthesis.
	* libmisc/failure.c: Ignore return value of time() when use with a
	non NULL argument.
2008-06-13 18:31:13 +00:00
nekral-guest 1e798b640d * libmisc/chowntty.c: Avoid assignments in comparisons.
* libmisc/chowntty.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/chowntty.c: Add brackets and parenthesis.
2008-06-13 18:29:02 +00:00
nekral-guest e91899c0da * libmisc/audit_help.c: Add brackets. 2008-06-13 18:24:37 +00:00
nekral-guest 6099bda088 * libmisc/addgrps.c: Avoid implicit conversion of pointers to
booleans.
	* libmisc/addgrps.c: Add brackets.
2008-06-13 18:19:34 +00:00
nekral-guest 43e4d608ae * libmisc/utmp.c: Avoid implicit conversion of pointers to
booleans
+ add missing changelog from last commit.
2008-06-13 18:17:10 +00:00
nekral-guest ef32209fd7 * libmisc/console.c, libmisc/hushed.c, libmisc/yesno.c,
libmisc/loginprompt.c, libmisc/ttytype.c, libmisc/tz.c,
	src/login_nopam.c, src/chpasswd.c, src/chgpasswd.c, lib/port.c:
	The size argument of fgets is an int, not a size_t.
	* libmisc/loginprompt.c: Ignore the return value from signal()
	when the signal handlers are restored.
	* src/chpasswd.c: Cast the return value of time() to a long
	integer.
	* src/chpasswd.c: Use the SCALE macro instead of (24L * 3600L)
	for the values to be set in /etc/shadow.
2008-06-13 18:11:09 +00:00
nekral-guest 55b2e44814 Avoid implicit conversion of pointers to booleans. 2008-06-10 22:10:47 +00:00
nekral-guest 6bb86709ee Add brackets. 2008-06-10 22:10:21 +00:00
nekral-guest ce6dca81bc * src/pwck.c: Use a bool when possible instead of int integers.
* src/pwck.c: Avoid implicit conversion of integers to booleans.
2008-06-10 22:09:12 +00:00
nekral-guest d7ffaf94b1 * src/su.c: Use a bool when possible instead of int integers.
* src/su.c: Add brackets and parenthesis.
	* src/su.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/su.c: Ignore the return value of pam_end() before
	exiting.
	* src/su.c: Avoid assignments in comparisons.
	* src/su.c: Avoid multi-statements lines.
2008-06-10 22:07:51 +00:00
nekral-guest c573f432fe * lib/prototypes.h, libmisc/valid.c: Change the prototype of
valid() to return a bool.
	* libmisc/valid.c: Add parenthesis.
2008-06-10 21:52:34 +00:00
nekral-guest 7cb33ba636 Avoid implicit conversion of integer to boolean. 2008-06-10 20:34:25 +00:00
nekral-guest 182731d6eb * lib/commonio.c: Add brackets and parenthesis.
* lib/commonio.c: Check the result of fgets().
	* lib/commonio.c: Avoid implicit conversion of pointers to
	booleans.
2008-06-10 20:27:16 +00:00
nekral-guest f79fd32208 * lib/prototypes.h: Fix the prototypes to match earlier changes. 2008-06-10 20:02:47 +00:00
nekral-guest b3c68f1692 Fix typo. Compil fix. 2008-06-10 20:02:12 +00:00
nekral-guest ef1a2a82dd * lib/nscd.c: Include defines.h.
* lib/nscd.c: Always warn when the nscd cache cannot be flushed.
	* lib/nscd.c: Avoid assignments in comparisons.
	* lib/nscd.c: Ignore the return value of fputs() when printing
	errors.
2008-06-10 20:01:55 +00:00
nekral-guest 269d4c55dd * lib/port.c: Add brackets and parenthesis.
* lib/port.c: Change isttytime() prototype to return a bool.
	* lib/port.c: Ignore the return value of fclose () (file open
	read-only).
	* lib/port.c: Avoid multi-statements lines.
2008-06-10 19:59:26 +00:00
nekral-guest 91c8e1bf0d * src/id.c: Ignore the return value of fputs(), puts(), putchar(),
and printf().
	* src/id.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/id.c: Add brackets and parenthesis.
	* src/id.c: Avoid implicit conversion of pointers / integers
	to booleans.
2008-06-10 19:45:06 +00:00
nekral-guest c8626c09af * src/chsh.c: Use a bool when possible instead of int integers.
* src/chsh.c: restricted_shell() renamed is_restricted_shell().
	check_shell() renamed shell_is_listed().
	* src/chsh.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/chsh.c: Avoid implicit conversion of pointers / integers
	to booleans.
	* src/chsh.c: Ignore the return value of pam_end() before
	exiting.
2008-06-10 19:42:22 +00:00
nekral-guest cac7d1a495 * src/grpunconv.c: Use a bool when possible instead of int
integers.
	* src/grpunconv.c: Add brackets and parenthesis.
	* src/grpunconv.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/grpunconv.c: Avoid implicit conversion of pointers / integers
	to booleans.
2008-06-10 19:39:18 +00:00
nekral-guest 3cbda4157b * src/sulogin.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
	* src/sulogin.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/sulogin.c: Avoid assignments in comparisons.
	* src/sulogin.c: Ignore the return value of alarm().
2008-06-10 19:36:05 +00:00
nekral-guest 46ce06791a * src/groups.c: Use a bool when possible instead of int integers.
* src/groups.c: Add brackets and parenthesis.
	* src/groups.c: Avoid implicit conversion of pointers / integers
	to booleans.
	* src/groups.c: Avoid assignments in comparisons.
	* src/groups.c: Ignore the return value of putchar(), printf()
	* src/groups.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 19:29:54 +00:00
nekral-guest 462e8a3d90 re-indent. 2008-06-10 19:18:44 +00:00
nekral-guest cd9e4d1b2b * src/grpconv.c: Use a bool when possible instead of int integers.
* src/grpconv.c: Add brackets and parenthesis.
	* src/grpconv.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/grpconv.c: Avoid implicit conversion of pointers / integers
	to booleans.
2008-06-10 19:18:34 +00:00
nekral-guest e31af5f255 * src/faillog.c: Use a bool when possible instead of int integers.
* src/faillog.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/faillog.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/faillog.c: Add brackets and parenthesis.
2008-06-10 19:16:02 +00:00
nekral-guest a0dae7557c * src/login.c: Avoid multi-statements lines.
* src/login.c: Ignore the return value of pam_end() before
	exiting.
	* src/login.c: Use a bool when possible instead of int integers.
	* src/login.c: Add brackets and parenthesis.
	* src/login.c: Ignore the return values of fflush(), putchar(), puts().
	* src/login.c: Ignore the return value of fclose() for read-only
	files.
	* src/login.c: Avoid assignments in comparisons.
	* src/login.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 18:56:23 +00:00
nekral-guest 836bf643b0 * src/chage.c: Use a bool when possible instead of int integers.
* src/chage.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 17:56:53 +00:00
nekral-guest f9e4c7ca02 * src/groupadd.c: Use a bool when possible instead of int
integers.
	* src/groupadd.c: Add brackets and parenthesis.
	* src/groupadd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/groupadd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/groupadd.c: Ignore the return value of pam_end() before
	exiting.
2008-06-10 17:53:35 +00:00
nekral-guest a31782497c * src/pwck.c: Use a bool when possible instead of int integers.
* src/pwck.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 17:51:30 +00:00
nekral-guest 47f937ac13 * src/passwd.c: Use a bool when possible instead of int integers.
* src/passwd.c: Avoid assignments in comparisons.
	* src/passwd.c: Add brackets and parenthesis.
	* src/passwd.c: Avoid implicit conversion of pointers / integers /
	chars to booleans.
	* src/passwd.c: Move the "context_t c" declaration at the
	beginning check_selinux_access.
	* src/passwd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 17:50:21 +00:00
nekral-guest be8d08fda6 * src/groupmod.c: Use a bool when possible instead of int
integers.
	* src/groupmod.c: Avoid assignments in comparisons.
	* src/groupmod.c: Add brackets and parenthesis.
	* src/groupmod.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/groupmod.c: Use a %lu format to print GIDs, and cast the GID
	to (unsigned long int).
	* src/groupmod.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/groupmod.c: Ignore the return value of pam_end() before
	exiting.
2008-06-10 17:45:08 +00:00
nekral-guest 7dea133b55 * src/su.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
2008-06-09 22:28:16 +00:00
nekral-guest 63f0e5e2c0 * src/useradd.c: Use a bool when possible instead of int integers.
* src/useradd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/useradd.c: Add brackets and parenthesis.
	* src/useradd.c: Avoid assignments in comparisons.
	* src/useradd.c: Ignore the return value of fclose() for read-only
	files.
	* src/useradd.c: Ignore the return value of fflush() before
	closing the files.
	* src/useradd.c: Avoid multi-statements lines.
	* src/useradd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/useradd.c: Ignore the return value of pam_end() before
	exiting.
2008-06-09 22:08:08 +00:00
nekral-guest fdb577e0a0 * src/vipw.c: Use a bool when possible instead of int integers.
* src/vipw.c: Ignore the return value of umask(), when the mask is
	set again to the old value.
	* src/vipw.c: Avoid implicit conversion of pointers / integers to
	booleans.
	* src/vipw.c: Add brackets and parenthesis.
	* src/vipw.c: Avoid assignments in comparisons.
	* src/vipw.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/vipw.c: Add missing termination of the longopts parameter
	for getopt_long().
2008-06-09 21:18:28 +00:00
nekral-guest 45544f42b9 * src/chgpasswd.c: Use a bool when possible instead of int
integers.
	* src/chgpasswd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/chgpasswd.c: Avoid implicit conversion of integers to
	booleans.
2008-06-09 20:56:03 +00:00
nekral-guest 0452fa2458 * src/groupdel.c: Use a bool when possible instead of int
integers.
	* src/groupdel.c: Avoid implicit conversion of pointers / integers to
	booleans.
	* src/groupdel.c: Avoid assignments in comparisons.
	* src/groupdel.c: Ignore the return value of pam_end() before
	exiting.
	* src/groupdel.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 20:54:04 +00:00
nekral-guest 2b92b0f305 * src/expiry.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
	* src/expiry.c: Add brackets and parenthesis.
	* src/expiry.c: Avoid assignments in comparisons.
	* src/expiry.c: Avoid implicit conversion of pointers to booleans.
2008-06-09 20:36:24 +00:00
nekral-guest e43c3aed67 Add brackets and parenthesis. 2008-06-09 20:32:17 +00:00
nekral-guest 6aa98c17bd * src/pwunconv.c: Use a bool when possible instead of int
integers.
	* src/pwunconv.c: Add brackets and parenthesis.
	* src/pwunconv.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/pwunconv.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/pwunconv.c: Avoid assignments in comparisons.
2008-06-09 20:30:34 +00:00
nekral-guest a9f1ce0db1 * src/usermod.c: Use a bool when possible instead of int integers.
* src/usermod.c: Add brackets and parenthesis.
	* src/usermod.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/usermod.c: Avoid assignments in comparisons.
	* src/usermod.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/usermod.c: Ignore the return value of pam_end() before
	exiting.
2008-06-09 20:17:48 +00:00
nekral-guest d48973bbc8 * src/groupmems.c: Move the declaration of option_index and
long_options before the blocks of code.
	* src/groupmems.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/groupmems.c: Ignore the return value of pam_end() before
	exiting.
2008-06-09 20:09:38 +00:00
nekral-guest 3879f07fa8 * src/chfn.c: Use a bool when possible instead of int integers.
* src/chfn.c: Avoid implicit conversion of integers / chars to
	booleans.
	* src/chfn.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 20:05:13 +00:00
nekral-guest 3ea7f76c17 * src/logoutd.c: Use a bool when possible instead of int integers.
* src/logoutd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/logoutd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/logoutd.c: Add brackets and parenthesis.
2008-06-09 20:02:46 +00:00
nekral-guest 827f8882bc * src/chpasswd.c: Use a bool when possible instead of int
integers.
	* src/chpasswd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/chpasswd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:46:11 +00:00
nekral-guest 24a7015f64 * src/pwconv.c: Use a bool when possible instead of int integers.
* src/pwconv.c: Add brackets and parenthesis.
	* src/pwconv.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/pwconv.c: Avoid implicit conversion of pointers / integers /
	chars to booleans.
2008-06-09 19:43:22 +00:00
nekral-guest 2a267ca05f * NEWS, src/newusers.c: Implement the -r, --system option.
* src/newusers.c: Use a bool when possible instead of int
	integers.
	* src/newusers.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/newusers.c: Ignore the return value of pam_end() before
	exiting.
	* src/newusers.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/newusers.c: Avoid multi-statements lines.
	* src/newusers.c: Add brackets and parenthesis.
2008-06-09 19:36:08 +00:00
nekral-guest e41460cae5 * src/gpasswd.c: Use a bool when possible instead of int integers.
* src/gpasswd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/gpasswd.c: Ignore the return value of putchar() and fflush()
	before exiting.
	* src/gpasswd.c: check_list() renamed is_valid_user_list(), and
	return a bool.
	* src/gpasswd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:26:19 +00:00
nekral-guest 5e2b49dad4 * src/grpck.c: Use a bool when possible instead of int integers.
* src/grpck.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:20:00 +00:00
nekral-guest 5038f6687b * src/lastlog.c: Use a bool when possible instead of int integers.
* src/lastlog.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/lastlog.c: Add brackets and parenthesis.
	* src/lastlog.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:15:27 +00:00
nekral-guest 8b98a2e829 * src/userdel.c: Use a bool for the is_shadow_pwd, is_shadow_grp,
deleted_user_group, was_member, was_admin, and the
	options' flags.
	* src/userdel.c: Change path_prefix() prototype to return a bool.
	* src/userdel.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/userdel.c: Ignore the return value from pam_end() since we
	are exiting anyway just afterwards.
	* src/userdel.c: Avoid implicit conversion of pointers /
	integers / chars to booleans.
	* src/userdel.c: Add brackets and parenthesis.
	* src/userdel.c: Avoid assignments in comparisons.
	* src/userdel.c: Do not ignore the return value of the *_unlock()
	functions.
2008-06-09 19:10:44 +00:00
nekral-guest 46466a8fcc * src/login_nopam.c: Do not use the YES and NO macros. Use the
booleans true and false instead. Change the prototypes of
	list_match(), user_match(), from_match(), and string_match()
	accordingly. Also use booleans internally.
	* src/login_nopam.c: Add brackets and parenthesis.
	* src/login_nopam.c: Avoid implicit conversion of pointers /
	integers / chars to booleans.
	* src/login_nopam.c: Avoid assignments in comparisons.
2008-06-09 18:35:32 +00:00
nekral-guest 4e0d734598 * src/newgrp.c: Use a bool for is_newgrp, notfound, needspasswd,
initflag, and cflag.
	* src/newgrp.c: Add brackets and parenthesis.
	* src/newgrp.c: Avoid implicit conversion of pointers / integers /
	chars to booleans.
	* src/newgrp.c: Avoid multi-statements lines.
	* src/newgrp.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/newgrp.c: Avoid assignments in comparisons.
2008-06-09 18:23:23 +00:00
nekral-guest 8cfe8db1fb * libmisc/list.c: Change is_on_list() prototype to return a bool. 2008-06-09 18:13:52 +00:00
nekral-guest 5ae74603da * libmisc/find_new_ids.c: Change find_new_uid() and find_new_gid()
prototypes to use a bool for their first argument (sys_user /
	sys_group).
2008-06-09 18:13:09 +00:00
nekral-guest 747664ad4f * libmisc/console.c: Change is_listed() prototype to return a bool.
The default parameter should also be a bool.
	* libmisc/console.c: Add brackets and parenthesis.
	* libmisc/console.c: Avoid assignments in comparisons.
	* libmisc/console.c: Change console() prototype to return a bool.
2008-06-09 18:11:20 +00:00
nekral-guest 9e31065b5e * lib/sgetspent.c: Add brackets and parenthesis.
* lib/sgetspent.c: Avoid assignments in comparisons.
	* lib/sgetspent.c: Avoid implicit conversion of pointers / chars to booleans.
	* lib/sgetspent.c: Avoid multi-statements lines.
2008-05-26 09:39:29 +00:00
nekral-guest 004fb5f9c2 Avoid assignments in comparisons.
Add note about possible bug.
2008-05-26 09:22:44 +00:00
nekral-guest da62edb4e0 Do not check twice if fields[2] and fields[3] are not empty. 2008-05-26 09:17:17 +00:00
nekral-guest adc4729ffa * lib/sgetpwent.c: Avoid implicit conversion of pointers / chars to booleans.
* lib/sgetpwent.c: Add brackets and parenthesis.
	* lib/sgetpwent.c: Return NULL instead of 0.
2008-05-26 09:15:02 +00:00
nekral-guest 64d0313c5b * Avoid implicit conversion of pointers to booleans.
* Add parenthesis.
2008-05-26 09:12:34 +00:00
nekral-guest 94b414861d * libmisc/getdate.y: abbrev is a bool.
* libmisc/getdate.y: Avoid implicit conversion of pointers / chars / integers to booleans.
2008-05-26 08:59:54 +00:00
nekral-guest 9305161183 * lib/prototypes.h: Fix prototypes according to earlier changes (usage of the bool type).
* lib/prototypes.h: Add the arguments' name to the prototypes.
2008-05-26 08:56:34 +00:00
nekral-guest 297fa24b90 Add protection against multiple inclusions. 2008-05-26 08:53:56 +00:00
nekral-guest 3ca3362283 Indicate that defines.h is included for the definition of the "bool" type. 2008-05-26 08:52:34 +00:00
nekral-guest 4f38c8d201 The changed, isopen, locked, and readonly fields of the db are booleans. 2008-05-26 08:51:45 +00:00
nekral-guest 964f68630a * lib/pwio.h: Add protection against multiple inclusions.
* lib/pwio.c: The changed, isopen, locked, and readonly fields of the db are booleans.
2008-05-26 08:49:44 +00:00
nekral-guest caed1add3a * lib/sgroupio.c: Avoid assignments in comparisons.
* lib/sgroupio.c: Add brackets.
	* lib/sgroupio.c: Avoid implicit conversion of pointers / integers to booleans.
	* lib/sgroupio.c: The changed, isopen, locked, and readonly fields of the db are booleans.
	* lib/sgroupio.h, lib/sgroupio.c: sgr_file_present returns a bool.
	* lib/sgroupio.h: Add protection against multiple inclusions.
2008-05-26 08:46:41 +00:00
nekral-guest 77020623ed * lib/shadowio.h, lib/shadowio.c: spw_file_present returns a bool.
* lib/shadowio.h: Add protection against multiple inclusions.
2008-05-26 08:45:34 +00:00
nekral-guest d264017684 * lib/sgroupio.c: Avoid assignments in comparisons.
* lib/sgroupio.c: Add brackets.
	* lib/sgroupio.c: Avoid implicit conversion of pointers / integers to booleans.
	* lib/sgroupio.c: The changed, isopen, locked, and readonly fields of the db are booleans.
	* lib/sgroupio.h, lib/sgroupio.c: sgr_file_present returns a bool.
	* lib/sgroupio.h: Add protection against multiple inclusions.
2008-05-26 08:43:50 +00:00
nekral-guest 383ea561f8 * lib/gshadow.c: nis_used and nis_bound are booleans.
* lib/gshadow.c: Avoid implicit conversion of pointers / integers to booleans.
	* lib/gshadow.c: Avoid assignments in comparisons.
	* lib/gshadow.c: Add brackets.
2008-05-26 08:40:04 +00:00
nekral-guest ef5e803875 Add protection against multiple inclusion 2008-05-26 08:35:13 +00:00
nekral-guest 22de221c21 The changed, isopen, locked, and readonly fields of the db are booleans. 2008-05-26 08:34:04 +00:00
nekral-guest 6f88bcf581 * lib/sgetgrent.c: implicit conversion of pointers / chars to booleans.
* lib/sgetgrent.c: Avoid assignments in comparisons.
	* lib/sgetgrent.c: Add brackets.
2008-05-26 08:31:14 +00:00
nekral-guest 6ce26e12f5 * lib/encrypt.c: Avoid implicit conversion of pointers to booleans.
* lib/encrypt.c: Add parenthesis.
2008-05-26 01:07:13 +00:00
nekral-guest 09869159f7 * lib/port.c: Avoid implicit conversion of pointers / integers / chars to booleans.
* lib/port.c: Avoid multiple statement on the same line.
	* lib/port.c: Add brackets and parenthesis.
	* lib/port.c: Avoid assignments in comparisons.
	* lib/port.c: Fix typo comparision -> comparison (in comment).
2008-05-26 01:05:04 +00:00
nekral-guest 14839257ac * lib/fputsx.c: Add brackets.
* lib/fputsx.c: Avoid assignments in comparisons.
	* lib/fputsx.c: Avoid implicit conversion of pointers / integers / chars to booleans.
2008-05-26 00:59:42 +00:00
nekral-guest f16c6bd7dd * lib/commonio.h: commonio_entry.changed, commonio_db.changed, commonio_db.isopen, commonio_db.locked, and commonio_db.readonly are no booleans.
* lib/commonio.h: Include defines.h to get the definition of bool.
	* lib/commonio.h: commonio_present returns a bool
	* lib/commonio.c: Implement above changes.
	* lib/commonio.c: add argument names in prototypes.
	* lib/commonio.c: name_is_nis returns a bool.
	* lib/commonio.c: nscd_need_reload is a bool.
	* lib/commonio.c: Improve types (use size_t / pid_t when needed instead of int).
	* lib/commonio.c: Avoid assignments in comparisons.
	* lib/commonio.c: Add brackets and parenthesis.
	* lib/commonio.c: Avoid implicit conversion of pointers / integers to booleans
	* lib/commonio.c: The return values of utime is not checked on purpose.
2008-05-26 00:46:25 +00:00
nekral-guest a24aff2148 checkutmp is implemented twice. I only changed the second one. Now fix the
first one.
2008-05-26 00:26:33 +00:00
nekral-guest fc6d8e933b * libmisc/isexpired.c: ARGSUSED is no more needed (shadow is always supported).
* libmisc/isexpired.c: Avoid implicit conversion of pointers to booleans.
	* libmisc/isexpired.c: Add brackets and parenthesis.
2008-05-26 00:14:10 +00:00
nekral-guest c6364944d4 * libmisc/sulog.c (sulog): The success argument is a bool.
* libmisc/sulog.c: The return values of fflush is not checked on purpose.
	* libmisc/sulog.c: Indicate that some return values should be checked.
2008-05-26 00:09:24 +00:00
nekral-guest 70ef747a56 Updated copyright dates. 2008-05-26 00:04:30 +00:00
nekral-guest 3d7aa44c8e * libmisc/ttytype.c: Avoid implicit conversion of pointers / integers to booleans.
* libmisc/ttytype.c: Avoid assignments in comparisons.
	* libmisc/ttytype.c: Add brackets and parenthesis.
	* libmisc/ttytype.c: The return values of fclose is not checked on purpose.
2008-05-26 00:02:15 +00:00
nekral-guest c249832df1 * libmisc/mail.c: Avoid implicit conversion of pointers to booleans.
* libmisc/mail.c: Avoid assignments in comparisons.
2008-05-25 23:59:05 +00:00
nekral-guest 3169455653 * libmisc/loginprompt.c: Avoid implicit conversion of pointers / chars to booleans.
* libmisc/loginprompt.c: Add brackets.
	* libmisc/loginprompt.c: Avoid assignments in comparisons.
	* libmisc/loginprompt.c: The return values of fclose and fflush are not checked on purpose.
2008-05-25 23:57:41 +00:00
nekral-guest f7122499a6 Avoid implicit conversion of chars to booleans. 2008-05-25 23:50:03 +00:00
nekral-guest cc7ac94641 selinux_checked, selinux_enabled, and set_orig are now booleans. 2008-05-25 23:45:21 +00:00
nekral-guest 7f9dfde0dc * libmisc/setugid.c (setup_uid_gid): The is_console argument is now a bool.
* libmisc/setugid.c: Avoid implicit conversion of integers / pointers to booleans.
	* libmisc/setugid.c: Add brackets.
2008-05-25 23:42:39 +00:00
nekral-guest 2533c87bd6 * libmisc/setugid.c (setup_uid_gid): The is_console argument is no a bool.
* libmisc/setugid.c: Avoid implicit conversion of integers / pointers to booleans.
	* libmisc/setugid.c: Add brackets.
2008-05-25 23:39:59 +00:00
nekral-guest 6fef9f5178 * libmisc/pam_pass.c (do_pam_passwd): The silent and
change_expired are no booleans instead of int.
	* libmisc/pam_pass.c: The return value of pam_end is not checked
	on purpose.
2008-05-25 23:38:05 +00:00
nekral-guest f9ac07f455 Updated copyright dates. 2008-05-25 23:32:41 +00:00
nekral-guest 175e361a4d Updated copyright dates. 2008-05-25 23:31:10 +00:00
nekral-guest 53bedaa4c1 * libmisc/getlong.c: Avoid implicit conversion of pointers / chars to booleans.
* libmisc/getlong.c: Add brackets.
2008-05-25 23:25:33 +00:00
nekral-guest 1ebf7842f5 * libmisc/valid.c: Avoid implicit conversion of pointers /chars to booleans.
* libmisc/valid.c: Add brackets.
2008-05-25 23:22:15 +00:00
nekral-guest f14452ec3c * libmisc/yesno.c: yes_or_no returns a bool instead of int.
* libmisc/yesno.c: Avoid implicit conversion of pointers to booleans.
	* libmisc/yesno.c: The return value of fflush is not checked on purpose.
2008-05-25 23:01:14 +00:00
nekral-guest 78c0edb7c1 (failcheck): The failed argument is a bool. 2008-05-25 22:54:20 +00:00
nekral-guest f2b4efff20 Avoid implicit conversion of integers to booleans. 2008-05-25 22:51:46 +00:00
nekral-guest 11003f5842 * libmisc/rlogin.c: Avoid assignments in comparisons.
* libmisc/rlogin.c: Avoid implicit conversion of integers to booleans.
	* libmisc/rlogin.c: Add brackets.
2008-05-25 22:49:41 +00:00
nekral-guest c638c3cc3d * libmisc/failure.c (failcheck): The failed argument is a bool.
* libmisc/failure.c (too_many_failures): too_many_failures returns
	a bool.
	* libmisc/failure.c: Add notes about unchecked return values.
	* libmisc/failure.c: Avoid assignments in comparisons.
	* libmisc/failure.c: Add brackets.
2008-05-25 22:44:44 +00:00
nekral-guest a2982f0d4e * libmisc/myname.c: Avoid assignments in comparisons.
* libmisc/myname.c: Avoid implicit conversion of pointers / chars
	to booleans.
	* libmisc/myname.c: Add brackets.
2008-05-25 22:15:28 +00:00
nekral-guest 639b2bd8e5 2008-05-25 22:14:19 +00:00
nekral-guest 7069324a20 * libmisc/utmp.c (checkutmp): Change picky argument's type to
bool.
	* libmisc/utmp.c: Use bool when possible (found_utmpx,
	found_utmp).
	* libmisc/utmp.c: Add note about unchecked return values.
2008-05-25 22:11:12 +00:00
nekral-guest 9d331bb32b * Change type of added to bool.
* Avoid implicit conversion of pointers to booleans.
2008-05-25 22:03:09 +00:00
nekral-guest bc0657d13c * hushed returns a bool instead of int.
* Avoid assignments in comparisons.
* (hushed) Change type of found to bool.
* Add brackets.
* Always check if the user or the shell is in
  the file. Do not check the first character of the line first. This
  is simpler and match better with the HUSHLOGIN_FILE documentation.
2008-05-25 21:52:14 +00:00
nekral-guest 712ed48a62 * lib/getdef.h, lib/getdef.c: getdef_bool returns a bool instead
of int.
	* lib/getdef.c: Change typo of def_loaded to bool.
	* lib/getdef.c: Add brackets.
	* lib/getdef.c: Avoid assignment in comparisons.
2008-05-25 21:43:05 +00:00
nekral-guest 66afec21d1 Allow usage of booleans in the source. 2008-05-25 21:34:38 +00:00
nekral-guest b94825bbad * is_my_tty returns a bool.
* Avoid implicit conversion of integers to booleans.
* Add brackets.
2008-05-25 21:33:38 +00:00
nekral-guest 06d2a32a3e * Avoid assignment in comparisons, implicit comparison of integers to booleans.
* The return value of closedir is not checked on purpose.
* Add brackets.
2008-05-25 21:23:28 +00:00
nekral-guest 623d9e2ab3 * libmisc/chkname.h, libmisc/chkname.c: check_group_name (resp.
check_user_name) renamed to is_valid_user_name (resp.
	is_valid_group_name). is_valid_user_name and is_valid_group_name
	return a bool.
	* src/grpck.c, src/newusers.c, src/usermod.c, src/useradd.c,
	src/groupmod.c, src/pwck.c, src/groupadd.c: Use is_valid_user_name
	and is_valid_group_name, following above change.
	* libmisc/chkname.c: Avoid implicit conversion of chars to
	booleans. Add brackets and parenthesis.
2008-05-25 20:58:16 +00:00
nekral-guest cb8d416b37 Avoid implicit conversion of integers / pointers to booleans. 2008-05-25 20:41:13 +00:00
nekral-guest de9bee0354 Avoid implicit conversion of integers / pointers to booleans. 2008-05-25 20:39:31 +00:00
nekral-guest ae75a8c0c1 Allow usage of booleans in the source. 2008-05-25 20:37:51 +00:00
nekral-guest 8098f63998 Allow --disable-man and --enable-man=no. 2008-05-25 20:30:45 +00:00
nekral-guest 2303ddd0de Set the version to 4.1.2. 2008-05-24 23:15:47 +00:00
nekral-guest b5b636b8b7 Prepare the 4.1.2 release
* NEWS: set the release date.
	* man/po/*.po, po/*.po: Updated PO files.
2008-05-24 23:03:24 +00:00
nekral-guest a665e829ae Run msgmerge with --previous. (This requires gettext >= 0.16) 2008-05-24 22:58:21 +00:00
nekral-guest 6124b59aff * libmisc/copydir.c (remove_tree): As we always use remove_tree
followed by rmdir to remove the directory itself, delete also the
	root directory in remove_tree.
	* src/userdel.c, src/usermod.c: Do not call rmdir after
	remove_tree.
2008-05-24 15:35:15 +00:00
nekral-guest 9c41a8ad38 * libmisc/fields.c: Avoid assignments in comparisons, assignments
with post increments (x++), use of integers as booleans, and
	explicitly mark blocks with brackets.
	* libmisc/copydir.c: Likewise.
	* libmisc/fields.c: Add comments.
	* libmisc/copydir.c: Mark function whose return value is not
	checked as such.

	* libmisc/copydir.c (remove_tree): Make sure unlink is successful
	when removing files.
2008-05-24 15:19:02 +00:00
nekral-guest cda1f9a23d Simply passwd_check since it's never used when configured with PAM support. 2008-05-24 14:11:31 +00:00
nekral-guest 0219d72f48 * libmisc/list.c: Avoid assignments in comparisons, assignments
with post increments (x++), use of integers as booleans, and
	explicitly mark blocks with brackets.
2008-05-24 14:09:35 +00:00
nekral-guest d99423405c Fix compiler warnings:
* libmisc/audit_help.c: Include prototypes.h to get the prototype
	of audit_help_open.
	* libmisc/salt.c: Use booleans instead of negating integers.
	* src/passwd.c: Declare the check_selinux_access prototype and
	avoid name clashes (change_user -> changed_user; change_uid ->
	changed_uid; access -> requested_access)
2008-05-24 13:08:58 +00:00
nekral-guest eeb9592ded Use fputs rather than fprintf for constant strings. 2008-05-23 20:55:11 +00:00
nekral-guest 0120fc10e1 Added TODO items. 2008-05-23 20:47:45 +00:00
nekral-guest b9ac46305f Indicate that login should be executed with "exec login" if called from a shell. 2008-05-21 18:58:06 +00:00
nekral-guest ec9e63b7de Remove the advices for the choice of a good password (they are debatable). Point to http://en.wikipedia.org/wiki/Password_strength instead. 2008-05-21 18:25:48 +00:00
nekral-guest a917ba4fb9 *** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
  chgpasswd; and also passwd if configured without PAM support).
  The number of rounds and number of salt bytes was fixed to their lower
  allowed values (resp. configurable and 8), hence voiding some of the
  advantages of this encryption method. Dictionary attacks with
  precomputed tables were easier than expected, but still harder than with
  the MD5 (or DES) methods.

	* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
	overflow. These caused the SHA salt size to always be 8 bytes,
	instead of being in the 8-16 range. Thanks to Peter Vrabec
	pvrabec@redhat.com for noticing.
	* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
	seedRNG instead of srand, and fix the same overflow. This caused
	the number of rounds to always be the smallest one.
2008-05-20 13:34:06 +00:00
nekral-guest 9c69fe73b1 Tag the section which require --enable-shadowgrp or --with-sha-crypt
accordingly.
2008-05-19 22:18:14 +00:00
nekral-guest 63228ac1c6 SHA_CRYPT_MAX_ROUNDS and SHA_CRYPT_MIN_ROUNDS can only exist if configured with --with-sha-crypt. 2008-05-19 21:57:48 +00:00
nekral-guest a071d72e48 Document the -k, --skel option, and update the -m, --create-home documentation. 2008-05-19 21:32:19 +00:00
nekral-guest 7ab3a97dfe Sort options. 2008-05-19 21:04:34 +00:00
nekral-guest ae7aeda621 SHA_CRYPT_MAX_ROUNDS and SHA_CRYPT_MIN_ROUNDS can
only exist if configured with --with-sha-crypt.
2008-05-19 20:59:51 +00:00
nekral-guest 0d6b2221ab SHA_CRYPT_MAX_ROUNDS and SHA_CRYPT_MIN_ROUNDS can
only exist if configured with --with-sha-crypt.
2008-05-19 20:58:59 +00:00
nekral-guest 337a97ceab Document the sections closed by #endif 2008-05-19 20:56:48 +00:00
nekral-guest 461d69522f * NEWS, man/groupadd.8.xml: Document the -r, --system option.
* NEWS, man/newusers.8.xml: Document the -r, --system option.
	* NEWS, man/newusers.8.xml: Document the -c, --crypt-method and
	-s, --sha-rounds options.
2008-05-19 20:53:12 +00:00
nekral-guest 537496c019 Fix formatting. 2008-05-19 20:31:48 +00:00
nekral-guest 300f7416c4 Document the -r, --system option. 2008-05-19 19:43:24 +00:00
nekral-guest 243809af3a Fix typo. 2008-05-18 16:38:13 +00:00
nekral-guest 3fed00196c Import Debian patch 487_passwd_chauthtok_failed_message
* libmisc/pam_pass.c: Be more verbose and indicate that the
	password was not changed when pam_chauthtok fails (in addition to
	the PAM error, which may not be comprehensible for the users).
2008-05-18 15:06:51 +00:00
nekral-guest fb4271bdf9 Import Debian patch 434_login_stop_checking_args_after--
* NEWS, src/login.c (check_flags): Stop checking the arguments
	after --. The later options will be sent to the shell, and do not
	need to be checked.
2008-05-18 14:54:35 +00:00
nekral-guest 6a17c2b27f * src/vipw.c, src/su.c, src/newgrp.c: Harmonize the children's
SIGSTOP handling. Raise the signal which stopped the child instead
	of always SIGSTOP.

	Import Debian patch 406_vipw_resume_properly.
	Thanks to Dean Gaudet.
	* NEWS, src/vipw.c: Resume properly after ^Z.
2008-05-18 13:41:56 +00:00
nekral-guest c7302b61ef Make sure every source files are distributed with a copyright and license.
Files with no license use the default 3-clauses BSD license. The copyright
were mostly not recorded; they were updated according to the Changelog.
"Julianne Frances Haugh and contributors" changed to "copyright holders
and contributors".
2008-04-27 00:40:09 +00:00
nekral-guest 8a8072a563 If the SULOG_FILE does not exist when an su session is logged, make sure
the file is created with group root, instead of using the group of the
caller.
2008-04-27 00:27:59 +00:00
nekral-guest 4196525702 Allow non-US-ASCII characters in the GECOS fields ("name", "room number",
and "other info" fields).
2008-04-27 00:24:49 +00:00
nekral-guest 4d7d6a1a9f Fix build failure when configured with audit support. Thanks to Mike
Frysinger for reporting it.
2008-04-16 22:04:46 +00:00
nekral-guest 2542732a0c Fix ident. 2008-04-16 22:03:43 +00:00
nekral-guest 7baffa5e74 Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
  getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
  group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
  is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
  src/groups.c: Make sure to close
  the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
  called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
2008-04-16 21:52:46 +00:00
nekral-guest 10ebb14481 Fix typo. 2008-04-16 21:24:14 +00:00
nekral-guest 8e82ae234e Also fix the detection of the pam and selinux features:
Fail if the feature is requested but the library (or
header file) could not be found. If nothing is specified, enable
the feature only if we can find the library (or header file).
2008-04-16 21:18:20 +00:00
nekral-guest 17cb7c754e Document --with-selinux as "yes if found" rather than "autodetected" for consistency with other options. 2008-04-16 20:16:43 +00:00
nekral-guest 70bf7cca33 Fix the detection of the audit library and header file. 2008-04-16 20:09:03 +00:00
nekral-guest f89cf0cf20 * NEWS, etc/pam.d/Makefile.am: Add chfn, chsh, and userdel to
$(pamd_files). Remove the duplicate useradd. And sort
  alphabetically. Thanks to Mark Rosenstand  <mark@borkware.net>.
* NEWS: Prepare next release, 4.1.2.
2008-04-04 18:50:22 +00:00
nekral-guest 1dd0a7e836 Commit the PO and POTs released with 4.1.1. 2008-04-03 20:27:37 +00:00
nekral-guest 1de80f9457 * NEWS, configure.in: Prepare release 4.1.1
* NEWS: Fix the release date of 4.1.0. Was in 2007, not 2008.
2008-04-02 21:55:27 +00:00
nekral-guest b345316e49 Update according to the file under review. Thanks to Jean-Luc Coulon. 2008-04-02 21:54:23 +00:00
nekral-guest e8a2633984 Add TODO items for SELINUX. 2008-04-02 21:42:04 +00:00
bubulle 5c9143c432 German translation update 2008-04-01 19:01:16 +00:00
bubulle 9dda0ada5f Basque translation update 2008-03-31 17:54:52 +00:00
nekral-guest 57144e2820 updated to 360t71f. Thanks to Leandro Azevedo <leorock182@gmail.com>. 2008-03-30 12:52:57 +00:00
bubulle d7a926d69a Turkish translation update 2008-03-30 12:18:40 +00:00
nekral-guest 0a5fad05a8 updated to 431t. Thanks to Clytie Siddall 2008-03-30 12:06:33 +00:00
nekral-guest ad135f478a Updated Swedish translation. Thanks to Daniel Nylander. 2008-03-30 11:54:19 +00:00
nekral-guest f2b518a31f Updated to 431t. Thanks to helix84 <helix84@centrum.sk>. 2008-03-28 23:23:41 +00:00
bubulle 231bb00904 Italian translation update 2008-03-27 18:54:34 +00:00
nekral-guest f7a256fc19 * src/passwd.c, NEWS: Make SE Linux tests more strict, when the
real UID is 0 SE Linux checks will be performed. Thanks to
 Russell Coker  <russell@coker.com.au>
* TODO: Added entries regarding SE Linux.
2008-03-26 22:00:50 +00:00
nekral-guest eca5208c20 Added TODO entries. 2008-03-26 21:44:50 +00:00
bubulle 9a6f0d3969 Russian translation update 2008-03-24 18:34:04 +00:00
bubulle fed294e11e Updated Korean and Portuguese translations 2008-03-23 08:39:58 +00:00
nekral-guest 04af9cb9f8 Fix manpages generation. The SYS_GID_MAX and SYS_UID_MAX entities were not defined. 2008-03-17 23:07:04 +00:00
nekral-guest 32b424e507 Fix minor compilation warning (assignment used as a comparison). 2008-03-17 23:05:59 +00:00
nekral-guest d94602add8 login_access() is used in src/login.c, and defined in src/login_nopam.c
(which lacks a prototype). Move its prototype from src/login.c to
lib/prototypes.h.
2008-03-17 23:04:46 +00:00
nekral-guest e33e2b7d79 Compilation fix. gshadow_locked should only be used if SHADOWGRP is defined. 2008-03-17 23:02:23 +00:00
nekral-guest 78c59b7261 Fix some warnings. compare_members_lists() is only used if SHADOWGRP is defined. 2008-03-17 23:00:49 +00:00
nekral-guest 8377303981 Remove unused global variable. 2008-03-08 23:52:50 +00:00
nekral-guest a8a614c515 * NEWS, src/groupmod.c: Make sure the passwd, group, and gshadow
files are unlocked on exit. Unlock locked files in fail_exit().
  Prefer fail_exit() over exit().
* NEWS, src/groupmod.c: When the GID of a group is changed, update
  also the GID of the passwd entries of the users whose primary
  group is the group being modified.
2008-03-08 23:01:49 +00:00
nekral-guest b1a0769d3d * lib/commonio.c (commonio_remove): Fail when the name to be
removed is used by different entries (like commonio_update does).
* NEWS: This fix the behavior of groupdel when the system is not
  configured to support split group but different group entries
  have the name of the group to be deleted.
2008-03-08 22:52:44 +00:00
nekral-guest 1b808e62df Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Unlock locked files in fail_exit(). Prefer fail_exit() over exit().
2008-03-08 22:44:53 +00:00
nekral-guest 5af8a5d74d * NEWS, src/groupdel.c: Make sure the group, and gshadow files are
unlocked on exit. Add function fail_exit(). Use fail_exit()
	instead of exit().
	* src/groupdel.c: Fail immediately instead of increasing errors.
	Better handling of error cases, like locked group or gshadow file.
2008-03-08 21:13:54 +00:00
nekral-guest d1290c0d5d Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Add function fail_exit(). Use fail_exit() instead of exit().
2008-03-08 21:04:31 +00:00
nekral-guest bded00fd11 Make sure the group and gshadow files are unlocked on exit. Add function fail_exit(). 2008-03-08 20:54:54 +00:00
nekral-guest a2242f6f1b Do not rewrite the group and gshadow file in case of error. 2008-03-08 16:23:22 +00:00
nekral-guest 9e07fec6ba Do not log that the group was deleted if an error occurred. 2008-03-08 16:20:55 +00:00
nekral-guest d44f1dfeca Do not raise an error if the group does not exist in the gshadow file. 2008-03-08 16:17:07 +00:00
nekral-guest 987d853aa9 Document MAX_MEMBERS_PER_GROUP. 2008-03-08 16:05:30 +00:00
nekral-guest e0579449d8 Fix typo 2008-03-07 20:46:47 +00:00
nekral-guest 1b2618d688 * src/newgrp.c: Add missing end of line in message.
* src/newgrp.c: Add audit events for the authentication
  (AUDIT_GRP_AUTH). Thansk to Peter Vrabec.
2008-03-07 20:21:15 +00:00
nekral-guest 6ea65c8992 Only reset the entries of existing users with faillog -r (not all numeric
IDs starting from 0). Thanks to Peter Vrabec.
2008-03-05 00:10:25 +00:00
nekral-guest 52cfc3372b Fix typo. One "can't open" message is a "can't lock". 2008-03-04 23:53:00 +00:00
nekral-guest 528346cb3b When a password is moved to the gshadow file, use "x" instead of "x"
to indicate that the password is shadowed (consistency with grpconv).
2008-02-26 20:09:56 +00:00
nekral-guest f43a4659c6 Re-indent. 2008-02-26 19:17:20 +00:00
nekral-guest 2a2b2b3aa4 * NEWS: Fix failures when the gshadow file is not present. Thanks
to Christian Henz (http://bugs.debian.org/467488)
 * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
   the group file and set the grent structure
 * src/gpasswd.c (check_perms): The permissions should be checked
   using both the gshadow and group file. Add a <struct group *>
   parameter, and check if the gshadow file exists (is_shadowgrp).
 * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
   the gshadow file is not present (sgent is not initialized in that
   case). The fields of sgent can be set, but not used.
2008-02-26 19:09:10 +00:00
nekral-guest db479122f3 * Fix typo in comment.
* Move comment regarding FIRST_MEMBER_IS_ADMIN to
   where it belongs.
 * Indicate the end of the #ifdef FIRST_MEMBER_IS_ADMIN
   section.
2008-02-26 18:59:28 +00:00
nekral-guest 4160d8c1fb Add the new XML documentation files to EXTRA_DIST. 2008-02-25 21:46:27 +00:00
nekral-guest dead78e4d9 Use --previous when merging PO files of the manpages.
(I need to find a way to do it for the PO files of the binaries)
2008-02-25 21:27:31 +00:00
nekral-guest 7ce94164c7 * man/login.defs.d/SYS_UID_MAX.xml, man/login.defs.d/SYS_GID_MAX.xml:
Document new variables.
* man/newusers.8.xml, man/login.defs.5.xml,
  man/login.defs.d/GID_MAX.xml, man/login.defs.d/UID_MAX.xml:
  newusers uses now the GID_MAX, GID_MIN, UID_MAX, UID_MIN,
  SYS_GID_MAX, SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN variables.
* man/groupadd.8.xml, man/login.defs.5.xml: groupadd uses now the
  SYS_GID_MAX, and SYS_GID_MIN variables.
* man/login.defs.5.xml: useradd uses now the SYS_GID_MAX,
  SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN variables.
2008-02-25 21:17:18 +00:00
nekral-guest 77f722ae9d Added missing SYS_GID_MAX, SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN. 2008-02-25 21:06:30 +00:00
nekral-guest 93e2f66a60 * NEWS, src/useradd.c, man/useradd.8.xml: Added options
-user-group (-U, Uflg) and --no-user-group (-N, Nflg) to replace
  nflg.
* man/login.defs.d/USERGROUPS_ENAB.xml: useradd now also uses
  USERGROUPS_ENAB.
2008-02-25 21:03:46 +00:00
nekral-guest 2a5c015cd1 Add missing 'p' to the getopt_long's optstring. 2008-02-19 21:26:04 +00:00
nekral-guest dc641054a1 Add missing -p, --password description to the Usage message. 2008-02-19 21:21:52 +00:00
nekral-guest 23ac189d48 Add missing space in comment. 2008-02-19 21:18:04 +00:00
nekral-guest 29e71bf1b3 Fix --non-unique's has_arg field to no_argument instead of required_argument. 2008-02-19 21:16:28 +00:00
nekral-guest 7ec4a64cdb Add missing 'p' to the getopt_long's optstring. 2008-02-19 21:10:17 +00:00
nekral-guest c81db0b178 Fix alphabetical order. 2008-02-19 21:05:44 +00:00
nekral-guest bb824221a4 This entry was for login, not su:
* If started as init, start a new session.
2008-02-19 21:04:55 +00:00
nekral-guest ca2636f08a Re-indent. 2008-02-19 21:02:24 +00:00
nekral-guest 18c914f086 Added new option -r, --system for system accounts in useradd, groupadd,
and newusers.
2008-02-19 21:01:38 +00:00
nekral-guest ed52b88b92 Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec. 2008-02-18 21:36:03 +00:00
nekral-guest 280fcebae8 Change the default HOME directory in /etc/default/useradd according FHS
(/home instead of /home/users).  This fixes Alioth's bug #310559.
Thanks to Dale E. Edmons.
2008-02-17 15:29:41 +00:00
nekral-guest 80ef1db3b3 One AUDIT_USER_START remained. Replace it with AUDIT_CHGRP_ID also. 2008-02-14 18:51:37 +00:00
nekral-guest a8bc585e33 Use the correct AUDIT_CHGRP_ID event instead of
AUDIT_USER_START, when changing the user space group ID with
newgrp or sg. Thanks to sgrubb@redhat.com for the patch.
2008-02-14 18:35:51 +00:00
nekral-guest 1599d3d128 * Reset oflg with uflg if the new UID is equal to
the old one.
* Reset mflg with dflg if the new home directory is
  the same as the old one.
2008-02-10 21:35:17 +00:00
nekral-guest a5f949165a Fix the handling of -a when a user is being renamed (with -l). The new
name of the user was used for the new supplementary groups, but not in the
existing ones.
2008-02-10 20:25:39 +00:00
nekral-guest ead95673a5 Set the shadow's password instead of the passwd's password.
Fix wrong cut&paste.
2008-02-10 19:14:20 +00:00
nekral-guest 132eb55983 Fix typo. 2008-02-03 21:53:30 +00:00
nekral-guest f08833fba2 Fix typo. 2008-02-03 21:42:08 +00:00
nekral-guest f8679b385a No need to check audit_fd, audit_logger() will take care of this. 2008-02-03 21:40:01 +00:00
nekral-guest ae5db5d36b Really log the expiration date change as human readable strings instead of
integers.
2008-02-03 21:37:45 +00:00
nekral-guest fdae41eb63 Use a function to convert the dates from /etc/shadow to human readable dates. 2008-02-03 21:30:47 +00:00
nekral-guest 25433a17e7 TODO cleanup
- newusers: i = 100; not a nice initial value, use login.defs
	This is done. newusers now uses (UID|GID)_(MIN|MAX)
- remove the entries regarding outdated translation of documentation.
	The manpages translation should use the PO.
- the manpages should mention when the options were added.
	This should help user to choose option for portable scripts
2008-02-03 18:51:11 +00:00
nekral-guest 737806a53a Add ideas for new tests in the testsuite. 2008-02-03 17:58:16 +00:00
nekral-guest feb2e41181 Do not translate the fromhost variable. It is always used for syslog messages. 2008-02-03 17:57:43 +00:00
nekral-guest 6e9078f16c Switch to the C locale before sending messages to syslog. The messages
sent by shadow were not translated, but error messages from PAM returned
by pam_strerror() were translated in the users's locale.
2008-02-03 17:53:21 +00:00
nekral-guest 4e01ea6c33 * NEWS: newusers will behave more like useradd.
* src/newusers.c: The user's ID must be found before the group ID
	to mimic useradd's behavior choices of UID and GID.
	* src/newusers.c: Reuse the generic find_new_uid() and
	find_new_gid() functions. This permits to respect the
	UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should 
	* src/newusers.c: Check if the user or group exist using the
	external databases (with the libc getpwnam/getgrnam functions).
	Refuse to update an user which exist in an external database but
	does not exist in the local database.
	* src/newusers.c: Check the usernames and groupnames with
	check_user_name() and check_group_name()
	* src/newusers.c: Use isdigit() for readability.
	* src/newusers.c: Check if numerical IDs are valid (no remaining
	chars).

	* NEWS, src/newusers.c: Fix the support for the NONE crypt method.

	* src/newusers.c: Fix shadow group support (the list of admins was
	not defined; it is now set to an empty list).
2008-02-03 17:45:58 +00:00
nekral-guest 65ed10d75c Do not seed the random number generator each time, and use the time in
microseconds to avoid having the same salt for different passwords
generated in the same second.  This permits to avoid using the same salt
for different passwords in newusers.
2008-02-03 17:23:58 +00:00
nekral-guest aed929ae90 Add libmisc/find_new_ids.c to the sources of the libmisc library. 2008-02-03 16:57:21 +00:00
nekral-guest 04190741e7 Use the find_new_uid() and find_new_gid() from the library instead of the
local functions.
2008-02-03 16:56:23 +00:00
nekral-guest 72cfa974d8 Add libmisc/find_new_ids.c to the sources of the libmisc library. 2008-02-03 16:55:37 +00:00
nekral-guest a1ae1c4fba The new libmisc/find_new_ids.c file contains translatable strings. 2008-02-03 16:53:53 +00:00
nekral-guest e21f90fd68 Add new generic functions to find the next user or group ID available:
find_new_uid() and find_new_gid(). They work the same way as the functions
with the same name of useradd or groupadd, except that they check in the
local database to make sure an ID was not reserved in an uncommitted
change (this is needed to be used in newusers), they report a status
instead of calling exit(), and they can receive a preferred ID. They
should later support system IDs. This should be a little bit slower, but
not too much (if the database is not open the checks against the local
database will exit immediately, and if it is already open, all the checks
will be done regarding the data in memory).
2008-02-03 16:53:07 +00:00
nekral-guest be7c51d27a New function to find a group by its GID on the local database. 2008-02-03 16:51:08 +00:00
nekral-guest 7344e055be New function to find an user by its UID on the local database. 2008-02-03 16:50:14 +00:00
nekral-guest 57f713e426 * libmisc/age.c, libmisc/yesno.c, src/lastlog.c, src/grpck.c,
src/chfn.c, src/passwd.c, src/chage.c, src/login.c, src/sulogin.c,
   src/chsh.c: Fix call to puts (remove end of line, or use fputs).
 * po/*.po: Unfuzzy PO files according to above change.
2008-02-03 16:28:03 +00:00
bubulle 5672b53263 French translation update (obvious things only) 2008-02-03 06:20:06 +00:00
nekral-guest e899b34160 Updated PO files. 2008-02-02 17:20:42 +00:00
nekral-guest 3755086645 Fix comment. find_new_fid is no more called is the user specified a group
ID.
2008-01-27 14:31:23 +00:00
nekral-guest ae99674e9b Fix build failures with --disable-shadowgrp. Thanks to Jürgen
Daubert for the patch.
* libmisc/salt.c: Include <stdio.h>, needed for stderr and printf
  functions.
* lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and
  printf functions
* src/usermod.c: sgr_locked exists only if SHADOWGRP is defined.
* src/chgpasswd.c: Only check is the gshadow file exists if
  SHADOWGRP is defined.
2008-01-26 17:41:20 +00:00
nekral-guest 28a9441f4f Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 21:07:14 +00:00
nekral-guest 8c229ea473 Re-indent. 2008-01-24 20:54:42 +00:00
nekral-guest 3dd5866244 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 20:42:12 +00:00
nekral-guest 96f7a7588f Re-indent. 2008-01-24 19:50:09 +00:00
nekral-guest 01f9705dd5 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 19:38:06 +00:00
nekral-guest 1b246725c5 Re-indent. 2008-01-24 19:24:03 +00:00
nekral-guest de239d9b01 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 18:39:05 +00:00
nekral-guest f4b9f1b2e0 adduser was a typo. Move the adduser entries to the useradd section. 2008-01-23 23:48:39 +00:00
nekral-guest 926aeec06a Apply Christian's recommendation:
s/can't get unique/no more available/
2008-01-23 22:31:38 +00:00
nekral-guest 934ac07b06 Check that the new fields set with -u, -s, -l, -g, -f, -e, -d, and -c
differ from the old ones. If a requested new value is equal to the old
one, no changes will be performed for that field. If no fields are
changed, usermod will exist successfully with a warning. This avoids
logging changes to syslog when there are actually no changes.
2008-01-23 21:50:27 +00:00
nekral-guest 0d1be15e0f Always define user_newcomment, user_newshell, user_newexpire, and
user_newinactive. It is more simple to always have user_<x> as the old
field, and user_new<x> as the new field (even if the field did not change)
instead of changing the algorithm depending on WITH_AUDIT.
2008-01-23 21:19:08 +00:00
nekral-guest 294e3a632e user_newname can only be used in WITH_AUDIT code or when lflg is set. This
issue was introduced in the code refactoring of usermod.
2008-01-23 20:08:16 +00:00
nekral-guest 229e6cbdd8 Fix typo in comment: s/find_new_uid/find_new_gid/ 2008-01-22 22:59:06 +00:00
nekral-guest 53561134a9 * s/gid/GID/ in message string.
* Set this string for translation.
2008-01-22 22:57:55 +00:00
nekral-guest 7535467358 * man/grpck.8.xml: Conditionally include the parts mentioning the
gshadow file (based on SHADOWGRP).
* man/grpck.8.xml: Add reference to the gshadow(5) manpage
 (conditionally included).
2008-01-22 21:42:48 +00:00
nekral-guest 20153121be Fix typo. Remove "the" from "All entries in the <filename></filename> are
checked [...]"
2008-01-22 21:15:58 +00:00
nekral-guest caf3f2603e Indicate that the shadow parameter is optional (i.e. a passwd file can be
specified without a shadow file, and the group file can be specified
without the gshadow file).
2008-01-22 21:13:43 +00:00
nekral-guest 03e5a3a181 Document the options with a list of options, as in the pwck(8) manpage. 2008-01-22 20:56:13 +00:00
nekral-guest ae8cbbc34d * NEWS, src/newgrp.c: Fix segfault when an user returns to an
unknown GID (either the user was deleted during the user's newgrp
  session or the user's passwd entry referenced an invalid group).
  Add a syslog warning in that case.
* src/newgrp.c: Add an end of line when reporting an invalid
  password.
2008-01-21 23:33:43 +00:00
nekral-guest b082ebead2 * NEWS, src/useradd.c: Fix the handling of the --defaults option
(it required an argument, but should behave as -D)
* NEWS, man/useradd.8.xml: Document the --defaults option, which
  was already described in the useradd's Usage information.
2008-01-12 21:09:46 +00:00
nekral-guest 85febc5729 Avoid setting the password to a const empty string, but set the first char to \0. This avoids a warning. 2008-01-06 19:26:58 +00:00
nekral-guest e663f6c0b4 * libmisc/salt.c: Add prototype for l64a(), gensalt(),
SHA_salt_size(), and SHA_salt_rounds().
* libmisc/salt.c: l64a() and gensalt() are static.
* libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a
  const. (ditto for the method variable).
* libmisc/salt.c: SHA_salt_rounds returns a const string.
* libmisc/salt.c: Avoid warnings with cast of random() to double.
* libmisc/salt.c: Replace rand() by random().
2008-01-06 14:50:26 +00:00
nekral-guest 8a1abbe80b * lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
  required. skey and md are required for the binaries with
  authentication of the user (chfn, chsh, login, passwd, su). intl
  is required for all. mcrypt is required for user (chfn, chsh,
  login, passwd, su, sulogin) and group (newgrp, gpasswd)
  authentication and for the creation of passwords (chpasswd,
  chgpasswd, gpasswd, newusers, passwd).
2008-01-06 14:19:32 +00:00
nekral-guest 39c9007f67 * lib/nscd.c, lib/nscd.h: Set the service parameter of
nscd_flush_cache() to const. This avoids a lot of warnings.
* lib/nscd.c: Include "nscd.h" to avoid inconsistent prototypes.
2008-01-06 13:57:17 +00:00
nekral-guest ee268550d9 Remove prototypes for __gr_dup() and __gr_set_changed(). 2008-01-06 13:52:21 +00:00
nekral-guest e5b7987764 Set the method string as a constant string. 2008-01-06 13:49:00 +00:00
nekral-guest 06691758e8 Assume <errno.h> declares errno. 2008-01-06 13:42:47 +00:00
nekral-guest 1d63dfd1d4 * Remove prototype for sgetgrent().
* Add the name of the parameters for merge_group_entries() and split_groups().
2008-01-06 13:38:16 +00:00
nekral-guest 9d6d2de4d3 Fix typo: s/rend compte indiqué/rend le compte indiqué/ 2008-01-06 13:32:25 +00:00
nekral-guest 9104a7a4a4 * Remove prototype of check_su_auth(). It is redundant with prototypes.h.
* isgrp() is static.
2008-01-06 13:30:18 +00:00
nekral-guest 1520a0ae3e * libmisc/obscure.c: Tag the `old' parameter of palindrome(),
similar(), and simple() as unused.
* libmisc/loginprompt.c: Tag the `sig' parameter of login_exit()
  as unused.
* src/expiry.c: Tag the `sig' parameter of catch_signals() as
  unused.
* src/su.c: Tag the `sig' parameter of catch_signals() as unused.
* src/su.c: Add int parameter to the prototype of oldsig().
* src/login.c: Tag the `sig' parameter of alarm_handler() as
  unused.
* src/sulogin.c: Tag the `sig' parameter of catch_signals() as
  unused.
* libmisc/getdate.y: Tag the `string' parameter of yyerror() as
  unused.
* libmisc/getdate.y: The string provided to yyerror() is const.
* libmisc/getdate.y: Fix the prototypes of yylex() and yyerror().
2008-01-06 13:20:25 +00:00
nekral-guest 7b22265d4e * Remove teh macro definition of SETXXENT_TYPE,
SETXXENT_RET, and SETXXENT_TEST. They were used by the now
  removed pwent.c and grent.c.
* Remove the definition of PASSWD_PAG_FILE,
  GROUP_PAG_FILE, SHADOW_PAG_FILE, and SGROUP_PAG_FILE. They are
  never used.
* Don't include "snprintf.h". The file does not
  exist in shadow.
* Add new macro unused to tag unused parameters.
2008-01-06 13:12:09 +00:00
nekral-guest 116a76e528 Remove prototypes for __pw_del_entry(), __pw_get_head(), __spw_del_entry(), and __spw_get_head(). 2008-01-06 13:00:17 +00:00
nekral-guest 93177a5615 Assume optarg and optind are declared in <getopt.h>. 2008-01-06 12:52:23 +00:00
nekral-guest 0c867d23ad Remove the pw_name argument of new_pw_passwd. Use the user_newname global
variable instead. This avoid using a parameter with the same name as a function.
2008-01-06 12:50:22 +00:00
nekral-guest 5c6f68cd8f * Removed unused gid parameter of syslog_sg().
* The loginname and tty buffers are never changed. Add the const qualifier.
2008-01-06 12:31:06 +00:00
nekral-guest d85b926a14 The crypt_method string always points to a constant string. Add the const qualifier. 2008-01-06 12:26:20 +00:00
nekral-guest 8289eabc55 Remove prototype of l64a() (not used in pwunconv). 2008-01-06 12:12:30 +00:00
nekral-guest 58176a821d Remove prototypes for __gr_del_entry(), __gr_get_head(),
__sgr_del_entry(), and __sgr_get_head().
2008-01-06 12:09:38 +00:00
nekral-guest 4cdbd1fa1d * src/login_nopam.c: Use an ANSI prototype for resolve_hostname()
instead of K&R prototype.
* src/login_nopam.c: Fix the prototypes of list_match(),
  user_match(), from_match(), string_match(). There were no
  parameters in the prototypes.
* src/login_nopam.c: Fix the prototypes of the function parameter
  match_fn of list_match().
2008-01-06 12:07:42 +00:00
nekral-guest 0e07f3e48d Remove the src parameter of copy_special().
The entry's information are taken from the stat structure.
2008-01-06 12:02:24 +00:00
nekral-guest 569a3b8e59 * libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
  sure the exported prototypes are the ones used for the definition
  of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
  __gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
  __pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
  sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
  __sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
  __spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
  __gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
  and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
  __sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
  __spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
  __pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
  __xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
nekral-guest 747e174bec Add documentation for the new --password options. 2008-01-05 17:25:00 +00:00
nekral-guest ff49a02023 Fix find_new_gid() prototype. Add a void parameter. 2008-01-05 17:23:46 +00:00
nekral-guest 9c7ddf94c9 Remove old comments in the header. 2008-01-05 17:22:38 +00:00
nekral-guest 050364aba2 Include <lastlog.h> for the declaration of struct lastlog. 2008-01-05 17:20:45 +00:00
nekral-guest 23e8564812 Fix typos. 2008-01-05 16:44:51 +00:00
nekral-guest 462be08456 * lib/prototypes.h: Add the dolastlog() prototype.
* lib/prototypes.h: Typo: login.c -> loginprompt.c
* src/login.c: Remove declaration of dolastlog().
* libmisc/log.c: dolastlog() should not have been changed to static.
  Include prototypes.h instead.
2008-01-05 16:44:28 +00:00
nekral-guest db0dddc6e9 * libmisc/pwdcheck.c: Do not include <pwd.h>. Include <shadow.h>
and "pwauth.h" only when compiled without PAM support.
* src/chfn.c, src/chsh.c: Do not include <shadow.h>
* lib/commonio.c: Do not include <shadow.h>. Do not include
  <pwd.h>. Include "nscd.h" instead of <nscd.h>.
* configure.in: Do not check if shadow.h exist, but make sure it
  exists.
* libmisc/pwdcheck.c, src/chfn.c, src/chsh.c, lib/defines.h,
  lib/shadowmem.c, lib/shadowio.c, lib/commonio.c:
  HAVE_SHADOW_H is no more needed (shadow.h should always exist).
2008-01-05 16:33:43 +00:00
nekral-guest cea5c823a1 Fix the do_pam_passwd() prototype (it returns void). 2008-01-05 15:43:33 +00:00
nekral-guest 5a4848c8cc do_pam_passwd should not have been defined static, prototypes.h needed
to be included instead.
2008-01-05 15:41:58 +00:00
nekral-guest 6cf5b05493 Remove prototype of putgrent(), add parameter's name of sgetgrent(). 2008-01-05 14:35:13 +00:00
nekral-guest f8a95f7ca1 Add option --password to groupadd and groupmod (similar to useradd and usermod). 2008-01-05 14:17:43 +00:00
nekral-guest e94d2da45e Remove the declaration of getutent(), getutline(), setutent(), and
endutent() which are declared in <utmp.h>
2008-01-05 14:09:56 +00:00
nekral-guest 8d440a2a52 stat shadows another stat variable. Remove this
variable, and directly check the result of getfscreatecon().
2008-01-05 14:01:34 +00:00
nekral-guest 616ad5252d Changelog entry forgotten in previous src/gshadow.c commit:
* list() is an external function. DO not shadow it
   with a static function. The internal list() was renamed
   build_list().
2008-01-05 13:58:56 +00:00
nekral-guest 8d9c39789b The prototypes of fgetsx() and fputsx() are already defined in
prototypes.h. Remove the declaration of these functions.
2008-01-05 13:56:21 +00:00
nekral-guest bbb9470661 loginsh is a global variable, use newshell for the update_shell()'s parameter. 2008-01-05 13:54:39 +00:00
nekral-guest f11bbd3b70 login_prompt is the name of a function, use loginprompt for the internal variable. 2008-01-05 13:53:14 +00:00
nekral-guest 239b2d7bee Make a proper prototype for the main() function declaration. (add void) 2008-01-05 13:51:43 +00:00
nekral-guest 2040826791 Add changelog entry for previous commit. 2008-01-05 13:49:32 +00:00
nekral-guest 83b7153b40 Add missing include "shadowio.h". (This was OK as long as prototypes.h included this file.) 2008-01-05 13:40:49 +00:00
nekral-guest 53b075a760 * libmisc/pam_pass.c: Define do_pam_passwd() as static and add its prototype.
* libmisc/log.c: Define dolastlog() as static and add its prototype.
* src/chage.c: Define isnum() as static and add its prototype.
2008-01-05 13:37:32 +00:00
nekral-guest b8ce324a66 Include config.h as a system include, as recommended by the autoconf documentation. 2008-01-05 13:32:32 +00:00
nekral-guest 99dc2b1abf Define is_listed() as static and add its prototype. 2008-01-05 13:29:24 +00:00
nekral-guest 96bca84ca4 Include "prototypes.h" to make sure the exported prototypes are
the ones used for the definition of functions.
2008-01-05 13:23:22 +00:00
nekral-guest b7d372d8e3 "shadowio.h" was included for the definition of the spwd structure.
Replace this include by <shadow.h>
2008-01-05 13:07:54 +00:00
nekral-guest 867034e3ba grent.c does not exist anymore. Remove the putgrent prototype. 2008-01-05 13:05:21 +00:00
nekral-guest 3c800f5880 Add the syslog_sg prototype. 2008-01-01 23:56:03 +00:00
nekral-guest 11864d22b4 Also split syslog_sg() out of main(). 2008-01-01 23:54:51 +00:00
nekral-guest 1ff4e28748 Remove duplicate logging to syslog. 2008-01-01 23:45:44 +00:00
nekral-guest d590d0ccee Split check_perms() out of main(). 2008-01-01 23:35:55 +00:00
nekral-guest 94b3b98196 Avoid assignments in conditionals. 2008-01-01 23:07:55 +00:00
nekral-guest 1d76eb6ef7 Avoid assignments in conditionals. 2008-01-01 22:21:55 +00:00
nekral-guest 631fa3b4f3 (split_groups): Test the pointer returned by malloc. 2008-01-01 20:47:31 +00:00
nekral-guest 6f45325d6e Document add_one_entry_nis(), write_all(), commonio_remove(),
commonio_locate(), and commonio_rewind().
2008-01-01 20:34:47 +00:00
nekral-guest e700196c17 Fix typo s/groupadd/chpasswd/ 2008-01-01 19:56:29 +00:00
nekral-guest 53ecd8e0c0 New TODO item:
- newusers: add logging to SYSLOG & AUDIT
2008-01-01 19:54:37 +00:00
nekral-guest 97d7df1ef4 Fix typo s/groupadd/chage/ 2008-01-01 19:53:33 +00:00
nekral-guest 376d990101 Fix typo s/groupadd/chgpasswd/. 2008-01-01 19:53:02 +00:00
nekral-guest 4c2f65d7d0 Avoid implicit conversions to booleans. 2008-01-01 18:27:40 +00:00
nekral-guest 92d8cbb26c Avoid implicit brackets. 2008-01-01 18:04:46 +00:00
nekral-guest 7080370042 Re-indent. 2008-01-01 17:56:33 +00:00
nekral-guest a9ae2a8710 Avoid implicit conversions to booleans. 2008-01-01 17:51:54 +00:00
nekral-guest 94266e1360 use_system_pw_file and use_system_spw_file were not reset. 2008-01-01 17:43:18 +00:00
nekral-guest f6e79f59be Re-indent. 2008-01-01 16:58:13 +00:00
nekral-guest 27ed5ec8b9 Avoid implicit brackets. 2008-01-01 16:54:18 +00:00
nekral-guest f9f420b107 ignore libmisc.a 2008-01-01 16:40:50 +00:00
nekral-guest 1c2f4f0428 No functional changes were introduced by the previous pwck and grpck
changes, except for the following bug fix: no syslog logging if a passwd
or group file was specified on the command line without a shadowed
database file, even if the system shadowed database was changed).
2008-01-01 16:36:06 +00:00
nekral-guest 42a5b75c5a * Fix open_files prototype (void argument).
* close_file documentation (s:password/shadow:group/gshadow:)
2008-01-01 16:28:01 +00:00
nekral-guest 6ac97a708c Fix typos in comments (gshadow/shadow). 2008-01-01 16:25:57 +00:00
nekral-guest d022527b71 Simplify pwck's main(). Remove gotos. 2008-01-01 15:52:07 +00:00
nekral-guest 3ad9a439d5 Split also check_pw_file() and check_spw_file() out of main(). 2008-01-01 15:49:33 +00:00
nekral-guest ef2c12e560 Also split open_files and close_files out of main().
New global variables use_system_pw_file and use_system_spw_file
2008-01-01 15:29:47 +00:00
nekral-guest 6912ac253a Split process_flags() out of main(). New global variables is_shadow,
sort_mode.
2008-01-01 15:07:41 +00:00
nekral-guest a3501dfd95 De-comment code (duplicate the entry when the _R function is not present on the system). 2008-01-01 14:48:04 +00:00
nekral-guest 09a95ed70a * src/lastlog.c: Remove statbuf, not used.
* src/lastlog.c: Fix types, cast umin and umax to uid_t.
* src/lastlog.c: (option -u) user needs to be a signed long, not
  uid_t (to accept rangees like -<uid>
2008-01-01 14:38:47 +00:00
nekral-guest d0de685c7a Avoid ?: construct without the middle term. 2008-01-01 14:34:07 +00:00
nekral-guest 72713d0b73 Forgot to commit that one.
Avoid empty file when USE_PAM is set.
2008-01-01 14:32:41 +00:00
nekral-guest b681e50ff2 * libmisc/copydir.c, src/usermod.c, lib/prototypes.h: The uid and
gid parameters can be set to -1 to indicate that the original
  owners must be kept. Change the types from uid_t/gid_t to a
  long int (signed).
* libmisc/copydir.c: Change the copy_entry(), copy_dir(),
  copy_symlink(), copy_special(), and copy_file() prototypes
  accordingly.
* lib/prototypes.h: Add the parameters' name for the
  libmisc/copydir.c functions.
2008-01-01 14:31:00 +00:00
nekral-guest bb8af02978 Avoid empty file when WITH_AUDIT is not set. 2008-01-01 14:20:36 +00:00
nekral-guest bca732693b * libmisc/limits.c, libmisc/obscure.c, src/login_nopam.c,
lib/pwauth.c: Avoid empty file when USE_PAM is set.
* src/login_nopam.c: Fix warnings: resolve_hostname takes and
  returns a constant string.
2008-01-01 14:18:55 +00:00
nekral-guest 0dccafcd23 Remove inaccurate documentation.
The password file is no more opened in read only mode.
2008-01-01 14:12:34 +00:00
nekral-guest b25feca14c Add missing prototype declarations.
Document the new functions.
2008-01-01 14:10:21 +00:00
nekral-guest 0aaddfaf29 I forgot to mention compare_members_lists(). 2008-01-01 14:09:47 +00:00
nekral-guest 3d82d5e452 Split check_members() out of check_grp_file() and check_sgr_file(). 2008-01-01 13:50:06 +00:00
nekral-guest 612820cb9a Split check_grp_file() and check_sgr_file() out of main(). 2008-01-01 13:48:49 +00:00
nekral-guest f6f6eeda8e Split process_flags(), open_files(), and close_files() out of main(). New
global variables is_shadow, sort_mode, use_system_grp_file, and
use_system_sgr_file.
2008-01-01 13:13:47 +00:00
nekral-guest 83b9a376a2 If remove-potcdate.sin does not exist, use the one from teh po directory
(it is not installed automatically by autopoint.
2007-12-31 20:16:46 +00:00
nekral-guest ca9fbc0d8e Compilation fix. pamh needs to be global since the split of check_perms(). 2007-12-31 20:15:15 +00:00
nekral-guest 1ec694eae7 Compilation fix. user was removed from the list of global variables. 2007-12-31 20:14:31 +00:00
nekral-guest b9a00ea0ee Fix the type of the bitfields in the commonio_entry and commonio_db
structures to unsigned int (instead of int).
2007-12-31 20:12:48 +00:00
nekral-guest 0cc661a2cf Re-indent. 2007-12-31 15:34:29 +00:00
nekral-guest d6cabcde78 Re-indent. 2007-12-31 15:32:15 +00:00
nekral-guest 4c9686df0c Avoid assignments in comparisons. 2007-12-31 15:30:29 +00:00
nekral-guest ce4e74c1b9 Avoid implicit brackets. 2007-12-31 15:27:23 +00:00
nekral-guest 3709183127 (compil fix) Use pw->pw_name instead of user. 2007-12-31 15:13:39 +00:00
nekral-guest 9a67b445b1 sflg needs to be global. 2007-12-31 15:07:59 +00:00
nekral-guest ca035a53a0 Also split update_shell() out of main(). 2007-12-31 15:06:22 +00:00
nekral-guest f031095d9f * Split also check_perms() out of main().
* Before pam_end(), the return value of the previous
  pam API was already checked. No need to validate it again.
2007-12-31 14:54:46 +00:00
nekral-guest 7ed7e14dee Split process_flags() out of main(). 2007-12-31 14:52:52 +00:00
nekral-guest 4af02cb083 Avoid assignments in comparisons. 2007-12-31 14:37:24 +00:00
nekral-guest ce3c44b0f7 Avoid assignments in comparisons. 2007-12-31 14:25:06 +00:00
nekral-guest c086f6c931 Avoid implicit conversions to booleans. 2007-12-31 14:15:29 +00:00
nekral-guest ca468cb988 Document may_change_field(). 2007-12-31 14:03:14 +00:00
nekral-guest 3d04ff4037 Avoid implicit brackets. 2007-12-31 13:48:48 +00:00
nekral-guest 7279ff37f3 * New function: process_flags() split out of main().
The flags variables are now global.
* New functions: check_perms(), update_gecos(),
  get_old_fields(), and check_fields() split out of main().
* Before pam_end(), the return value of the previous
  pam API was already checked. No need to validate it again.
2007-12-31 13:43:04 +00:00
nekral-guest d0b984528a * src/newusers.c: Compilation fix for PAM support (pamh needs to be
global since the function split).
* src/chpasswd.c: Likewise.
* src/chgpasswd.c: Likewise.
* src/chpasswd.c: Avoid implicit conversions to booleans.
2007-12-31 04:57:54 +00:00
nekral-guest e448d1acb1 Sort the tools in the NEWS entries of 4.1.1. 2007-12-31 04:34:10 +00:00
nekral-guest f09b1404eb Rewrote to match the previous commit message. 2007-12-31 04:31:28 +00:00
nekral-guest db38d0b104 * src/chage.c: Fix typo: s/maximim/maximum/
* src/chage.c: New function: fail_exit(). Change most of the exit()
	to a fail_exit, which makes sure the files are unlocked (new global
	variables: pw_locked, spw_locked), the PAM transaction is ended, and
	the failure is logged to libaudit (use a global user_name and user_uid
	for logging).
	* src/chage.c: Compilation fix for PAM support (pamh needs to be
	global since the function split).
	* src/chage.c: Document process_flags(), check_flags(), check_perms(),
	open_files(), and close_files().
	* src/chage.c: Split update_age() and get_defaults() out of main()
	* src/chage.c: Drop the privileges just after opening the files.
	* src/chage.c: Do not log to audit only if the user has an entry in
	the shadow file.
	* NEWS, src/chage.c (open_files): Also open the password file for
	writing. This fix chage when the user only has a password entry (and
	no shadow entries).
	* src/chage.c (get_defaults): Use default values that don't change the
	behavior of the account for the fields that are not specified when the
	user has no shadow entry.
2007-12-31 04:29:30 +00:00
nekral-guest 3b7497b063 * Compilation fix for PAM support (pamh needs to be
global since the function split).
* End the PAM transaction in fail_exit().
* Document check_flags().
2007-12-30 21:48:55 +00:00
nekral-guest d1bee8b593 Compilation fix for non-gshadow support. 2007-12-30 21:39:57 +00:00
nekral-guest 99230a30ad I forgot to open and close gshadow. 2007-12-29 17:34:02 +00:00
nekral-guest 623010396c Added support for gshadow. 2007-12-29 17:26:28 +00:00
nekral-guest 098173e1df Do not add the new user to the group's members, because the group is already
the primary group of the new user.
2007-12-29 17:05:13 +00:00
nekral-guest 67b9c423fe Avoid variables with the name of a type. 2007-12-29 14:52:35 +00:00
nekral-guest b040f047fd Avoid assignments in comparisons. 2007-12-29 14:48:33 +00:00
nekral-guest 8c4efbb8ce Avoid implicit brackets and re-indent. 2007-12-29 14:34:39 +00:00
nekral-guest 9923513271 Before pam_end(), the return value of the previous
pam API was already checked. No need to validate it again.
2007-12-29 14:17:06 +00:00
nekral-guest 60a422b284 newusers cleanups
main() split in new functions: process_flags(), check_flags(), check_perms(),
open_files(), and close_files().
2007-12-29 14:11:54 +00:00
nekral-guest 3c890a55d8 Avoid assignments in comparisons. 2007-12-29 11:34:31 +00:00
nekral-guest 37ccc0a3d4 Re-indent. 2007-12-29 11:19:39 +00:00
nekral-guest a7cbfedc85 * Avoid implicit brackets.
* Avoid implicit conversion to booleans.
2007-12-29 11:06:35 +00:00
nekral-guest 2d771a97b7 Remove dead code. It was probably put here to add more
information to the audit_logger.
2007-12-29 10:50:03 +00:00
nekral-guest 6ca79a36b0 Avoid using a variable with the same name as a type. 2007-12-29 10:47:04 +00:00
nekral-guest 388dcee3e4 chage cleanups
* src/chage.c: Before pam_end(), the return value of the previous
	pam API was already checked. No need to validate it again.
	* src/chage.c: main() split in new functions: process_flags(),
	check_flags(), check_perms(), open_files(), and close_files().
2007-12-29 10:42:25 +00:00
nekral-guest 8563319b8b * src/chgpasswd.c: Avoid assignments in comparisons.
* src/chgpasswd.c: Avoid implicit brackets.
	* src/chgpasswd.c: Fix comments to match chgpasswd (group instead of
	user's passwords are changed).

	Fix the previous ChangeLog entries regarding chgpasswd.
2007-12-28 23:14:59 +00:00
nekral-guest 9fe450e216 Same changes as for chpasswd:
* src/chpasswd.c: main() split in process_flags(), check_flags(),
	check_perms(), open_files(), and close_files().
2007-12-28 22:59:17 +00:00
nekral-guest 28cd038c35 Same changes as for chpasswd:
* src/chpasswd.c: main() split in process_flags(), check_flags(),
	check_perms(), open_files(), and close_files().
2007-12-28 22:54:35 +00:00
nekral-guest 8dc959ea1f Avoid implicit brackets. 2007-12-28 22:34:14 +00:00
nekral-guest f54464bcf6 Re-indent. 2007-12-28 22:31:45 +00:00
nekral-guest 05651a338e Re-indent. 2007-12-28 22:30:02 +00:00
nekral-guest 908e2cbcc7 Avoid assignments in comparisons. 2007-12-28 22:24:02 +00:00
nekral-guest b9eec1ea49 Other new functions: open_files(), close_files().
This force flushing the password database after the password file is unlocked.
2007-12-28 22:18:55 +00:00
nekral-guest 566b357f99 New functions: process_flags(), check_flags(),
check_perms(). Split out of main().
2007-12-28 22:05:51 +00:00
nekral-guest dc1dccd9e2 Before pam_end(), the return value of the previous
pam API was already checked. No need to validate it again.
2007-12-28 21:29:06 +00:00
nekral-guest 8dc4ca297c New function check_flags(). Split the validation of
options and arguments out of process_flags.
2007-12-28 21:04:04 +00:00
nekral-guest 605a338216 (main, check_perms): New function check_perms().
Split the validation of the user's permissions out of main()
2007-12-28 20:46:24 +00:00
nekral-guest 6d09b4ce4d (main): Before pam_end(), the return value of the previous pam API was already
checked. No need to validate it again.
2007-12-28 20:40:59 +00:00
nekral-guest 147c37789a Re-indent. 2007-12-28 20:35:05 +00:00
nekral-guest ffa34c5afd (process_flags): prefer fail_exit to exit. This avoid
an explicit call to audit_logger().
2007-12-28 19:15:14 +00:00
nekral-guest da37da30e1 I forgot the initialization of group_id in find_new_gid(). 2007-12-28 19:08:33 +00:00
nekral-guest b4f6b853f8 * process_args renamed process_flags
* Add the options checks in process_flags (group_name, group ID uniqueness)
 * Add the parameters' names in the prototypes.
2007-12-28 11:22:27 +00:00
nekral-guest cc1f6c10be Split the processing of options out of main(). 2007-12-28 10:41:22 +00:00
nekral-guest 08e09354b2 find_new_gid is never called when an
GID is specified with -g. Simplify find_new_gid accordingly.
2007-12-28 10:30:39 +00:00
nekral-guest 0b6b9fe090 typo cleared/clearer 2007-12-28 10:20:02 +00:00
nekral-guest 83b546beef (find_new_gid): If oflg is set, gflg is also set.
Use (!gflg), which is cleared than (!gflg || !oflg).
2007-12-28 10:19:21 +00:00
nekral-guest b4071939e0 A group with the specified name cannot exist at that time in find_new_gid.
Remove the check.
2007-12-28 10:15:42 +00:00
nekral-guest 0a4424ef00 Avoid implict brackets. 2007-12-28 10:12:09 +00:00
nekral-guest 18a654d13b When compiled without AUDIT support, if the return code was E_SUCCESS,
fail_exit() wouldn't have exited. Fix the scope of #idef WITH_AUDIT.
2007-12-28 09:39:22 +00:00
nekral-guest b8650378c1 Document the new functions. 2007-12-28 00:35:41 +00:00
nekral-guest 9a9a9c0414 Other cleanups and documentation.
Do the checks, then build the filenames. Do not mix both.
2007-12-28 00:23:33 +00:00
nekral-guest 523392dc0b Stop at the first error. 2007-12-28 00:08:16 +00:00
nekral-guest ed1dd1bb99 Avoid assignement in comparison. 2007-12-28 00:04:46 +00:00
nekral-guest 6987e6f12a Avoid implicit conversions to booleans. 2007-12-28 00:03:26 +00:00
nekral-guest 9c79c77de4 Avoid implicit casts. 2007-12-27 23:41:36 +00:00
nekral-guest 7f5a4e15c6 Avoid implicit brackets. 2007-12-27 23:40:00 +00:00
nekral-guest 6bc43fea06 Document selinux_file_context. 2007-12-27 23:32:47 +00:00
nekral-guest cc4b37f65c Avoid assignment in comparisons. 2007-12-27 23:30:36 +00:00
nekral-guest dfb6416a5b libmisc/copydir.c cleanup
* libmisc/copydir.c: Split copy_tree() in more maintainable functions:
	copy_entry(), copy_dir(), copy_symlink(), copy_hardlink(),
	copy_special(), and copy_file().
	* libmisc/copydir.c: -1 is used to indicate an error, directly set err
	to -1, instead of incrementing it, and checking if not nul at the
	end.
2007-12-27 23:23:51 +00:00
nekral-guest bfa8ef3e75 Avoid implicit conversions to booleans. 2007-12-27 21:56:45 +00:00
nekral-guest b58df6280d Avoid assignment in comparisons. 2007-12-27 21:43:29 +00:00
nekral-guest 641d73ab83 Document check_list's return value. 2007-12-27 21:30:12 +00:00
nekral-guest a77eb6b49d Avoid implicit brackets. 2007-12-27 21:28:50 +00:00
nekral-guest c919701466 Simplify gpasswd's main():
Also split check_flags() out of main().
2007-12-27 21:19:57 +00:00
nekral-guest c81bf3e06f Simplify gpasswd's main():
Split also get_group() and change_passwd() out of main().
2007-12-27 21:04:22 +00:00
nekral-guest 586181bf71 Simplify gpasswd's main():
New function: check_perms(). Split out of main() to simplify main().
2007-12-27 19:08:31 +00:00
nekral-guest 55d581d041 Simplify gpasswd's main():
New functions: open_files(), close_files(), update_group(). Split out
	from main() to simplify this (too) big function.
2007-12-27 18:52:40 +00:00
nekral-guest f429f3e38d Simplify gpasswd's main():
New function: process_flags(). Split the processing of options out of main().
2007-12-27 18:27:57 +00:00
nekral-guest 7b05484494 gpasswd cleanup
* src/gpasswd.c: Add argument name to the internal function
	prototypes.
	* src/gpasswd.c: Document global variables.
2007-12-27 17:36:08 +00:00
nekral-guest 5714adb090 Recommend editing the shadowed (resp. regular) file if the regular (resp.
shadowed) file was edited.
2007-12-26 23:43:55 +00:00
nekral-guest ac7693ef7b End of the previous changelog entry... 2007-12-26 23:17:27 +00:00
nekral-guest 5cbc86b7d9 Merge Debian's patch 451_login_PATH
* NEWS, libmisc/setupenv.c: Export PATH according to ENV_PATH and
	ENV_SUPATH, as for su. This impacts login.
	* man/login.1.xml: PATH and SUPATH are now used both when PAM support
	is disabled and enabled.
2007-12-26 23:15:43 +00:00
nekral-guest b44a6c316d If started as init, login and sulogin need to start a new session. 2007-12-26 22:36:54 +00:00
nekral-guest f5461ff01e Merge Debian's patch 408_passwd_check_arguments
* NEWS, src/passwd.c: Make sure that no more than one username
	argument was provided.
2007-12-26 22:17:13 +00:00
nekral-guest b77cef01a9 Re-indent. 2007-12-26 21:56:47 +00:00
nekral-guest 3a48f0954c Merge Debian's patch 412_lastlog_-u_numerical_range
* NEWS, src/lastlog.c, man/lastlog.8.xml: Accept numerical user, or
  ranges with the -u option.
* TODO: The same change should be done on faillog.
2007-12-26 21:54:04 +00:00
nekral-guest fd970ab62c Merge Debian's patch 466_fflush-prompt
* libmisc/Makefile.am, lib/prototypes.h, libmisc/yesno.c, src/grpck.c,
	src/pwck.c: move yes_or_no() from grpck/pwck to a separate
	libmisc/yesno.c (with a read_only argument).
	* libmisc/fields.c, libmisc/yesno.c: Make sure stdout is flushed before
	reading the user's answer.
2007-12-26 16:50:38 +00:00
nekral-guest e663c696c2 su's arguments are now reordered. If needed, use -- to separate su's
options from the shell's options.
2007-12-26 15:10:48 +00:00
nekral-guest 65d0682647 Merge RedHat's patch shadow-4.0.18.1-mtime.patch:
* NEWS: Document that usermod will now preserve user's file modification
    and access time.
    * libmisc/copydir.c: Preserve the access and modification time of copied
    files. This is important for usermod. This will also impact useradd, for
    the skeleton files, but this is not important.
    * libmisc/copydir.c: Stop and return an error if a file could not be
    closed after during a copy.
2007-12-26 13:54:23 +00:00
nekral-guest 3935d32676 Mention RedHat's patches for previous commits.
Merge RedHat's patch shadow-4.0.18.1-findNewUidOnce.patch:
	* src/useradd.c (usr_update): Do not call find_new_uid(). The UID was
	already either specified or found by another call to find_new_uid().
	* src/useradd.c (find_new_uid): Always start with uid_min (find_new_uid()
	is never called when user_id was already specified).
	* src/useradd.c (find_new_uid): Fix the comments (find_new_uid() is not
	called when the UID is specified (uflg)).
	* src/useradd.c (main): Only call find_new_uid() if (!oflg) and (!uflg).
	If uflg is set (but not oflg), check the UID uniqueness.
	* src/useradd.c (find_new_uid): Don't check the uid and user name
	uniqueness in find_new_uid(). The user name uniqueness is already checked
	during the parameter validation. UID uniqueness is also checked (see
	above).
	* src/useradd.c (find_new_uid): Don't check uflg in find_new_uid().
	* src/useradd.c (find_new_uid): Make sure that find_new_uid() is not
	called when uflg is set (assert).

Cleanups in find_new_gid:
	* src/useradd.c (find_new_gid): Check that gflg is not set (assert).
	* src/useradd.c (find_new_gid): Do not check the group name uniqueness
	(already checked in main).
	* src/useradd.c (find_new_gid): Avoid a "continue" in the loop.
	* src/useradd.c (find_new_gid): Remove irrelevant comments.
	* src/useradd.c (find_new_gid): Fix the function definition's comment.
2007-12-26 13:18:27 +00:00
nekral-guest c57e8983ff Add option -l to avoid adding the user to the lastlog and faillog databases
Fix the release numbers for the current NEWS entries.
2007-12-26 10:15:20 +00:00
nekral-guest a840bc8c99 The manpages should indicate how common options are. 2007-12-26 10:13:57 +00:00
nekral-guest 20dfe6ba98 NO_GETPWENT is no more supported. Remove associated chunks of code. 2007-12-26 09:28:02 +00:00
nekral-guest 60c167838f Document the long options (--force, --gid, --key, --non-unique). 2007-12-26 09:22:49 +00:00
nekral-guest d6ee05ef93 Do not install the shadow library per default.
lib_LTLIBRARIES changed to noinst_LTLIBRARIES.
2007-12-26 09:18:45 +00:00
nekral-guest 34ed03d978 * NEWS, configure.in: Prepare the 4.1.0 release.
* NEWS, src/chgpasswd.c: Use chgpasswd PAM policy file instead of
  chpasswd's one.
* NEWS: The login.defs variables are documented.
2007-12-09 22:54:53 +00:00
nekral-guest 82ab505d1a Updated TODO list. 2007-12-09 22:51:47 +00:00
nekral-guest 8418f76979 New TODO. 2007-12-09 14:51:42 +00:00
nekral-guest 15989f16f7 * man/pwconv.8.xml: Fix typos.
* man/chpasswd.8.xml, man/chgpasswd.8.xml: Document the NONE crypt
  method.
* man/login.defs.d/MAIL_DIR.xml: Add comment regarding useradd not
  using MAIL_FILE.
* man/login.defs.d/ERASECHAR.xml, man/login.defs.d/KILLCHAR.xml,
  man/login.defs.d/CONSOLE_GROUPS.xml, man/login.defs.d/ENV_HZ.xml,
  man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml:
  These variables are also used by some tools when compiled with PAM
  support.
* man/login.defs.d/ENV_HZ.xml: Add note that it is only used by
  sulogin when compiled with PAM support.
* man/login.defs.d/ENV_SUPATH.xml: Typos: ENV_PATH -> ENV_SUPATH,
  and mention sbin in the path.
* man/login.defs.d/LOGIN_STRING.xml: Fix typo: confition ->
  condition.
* man/sg.1.xml: Add CONFIGURATION section (SYSLOG_SG_ENAB).
* man/su.1.xml: ENV_HZ, LOGIN_STRING, MAIL_DIR, USERGROUPS_ENAB
  are only used when su is compiled without PAM support.
* man/login.defs.5.xml: Added variables: OBSCURE_CHECKS_ENAB
  PASS_ALWAYS_WARN PASS_CHANGE_TRIES SULOG_FILE SU_NAME
  SU_WHEEL_ONLY SYSLOG_SG_ENAB SYSLOG_SU_ENAB.
* man/login.defs.5.xml: ENVIRON_FILE is only used when compiled
  without PAM support.
* man/login.defs.5.xml: sulogin uses variables even when compiled
  with PAM support.
* man/login.1.xml: ENV_HZ ENV_PATH ENV_SUPATH MAIL_DIR UMASK are
  only used when login is not compiled with PAM support.
2007-12-09 14:50:14 +00:00
nekral-guest 9ac8c65e37 Make sure is_console is only defined when USE_PAM is not defined. 2007-12-08 23:27:35 +00:00
nekral-guest 462794685f Fix time () prototype. 2007-12-08 23:25:52 +00:00
nekral-guest 8c4d98edc1 * man/login.defs.d/CONSOLE_GROUPS.xml,
man/login.defs.d/CONSOLE.xml, man/login.defs.d/DEFAULT_HOME.xml,
  man/login.defs.d/ENV_HZ.xml, man/login.defs.d/ENVIRON_FILE.xml,
  man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml,
  man/login.defs.d/ENV_TZ.xml, man/login.defs.d/ERASECHAR.xml,
  man/login.defs.d/FAIL_DELAY.xml,
  man/login.defs.d/FAILLOG_ENAB.xml,
  man/login.defs.d/FAKE_SHELL.xml, man/login.defs.d/FTMP_FILE.xml,
  man/login.defs.d/HUSHLOGIN_FILE.xml,
  man/login.defs.d/ISSUE_FILE.xml, man/login.defs.d/KILLCHAR.xml,
  man/login.defs.d/LASTLOG_ENAB.xml, man/login.defs.d/LOGIN_RETRIES.xml,
  man/login.defs.d/LOGIN_TIMEOUT.xml, man/login.defs.d/LOG_OK_LOGINS.xml,
  man/login.defs.d/LOG_UNKFAIL_ENAB.xml,
  man/login.defs.d/MAIL_CHECK_ENAB.xml, man/login.defs.d/MOTD_FILE.xml,
  man/login.defs.d/NOLOGINS_FILE.xml,
  man/login.defs.d/OBSCURE_CHECKS_ENAB.xml,
  man/login.defs.d/PASS_ALWAYS_WARN.xml,
  man/login.defs.d/PASS_CHANGE_TRIES.xml,
  man/login.defs.d/PASS_MAX_LEN.xml,
  man/login.defs.d/PORTTIME_CHECKS_ENAB.xml,
  man/login.defs.d/QUOTAS_ENAB.xml, man/login.defs.d/SULOG_FILE.xml,
  man/login.defs.d/SU_NAME.xml, man/login.defs.d/SU_WHEEL_ONLY.xml,
  man/login.defs.d/SYSLOG_SG_ENAB.xml,
  man/login.defs.d/SYSLOG_SU_ENAB.xml,
  man/login.defs.d/TTYGROUP.xml, man/login.defs.d/TTYTYPE_FILE.xml,
  man/login.defs.d/ULIMIT.xml, man/login.defs.d/USERGROUPS_ENAB.xml:
  New documentation of login.defs variables.
* man/login.defs.d/MAIL_DIR.xml: Updated. It now contains the
  MAIL_FILE documentation.
* man/login.defs.d/LOGIN_STRING.xml: Updated. Mentions %s.
* man/pwconv.8.xml, man/groupmems.8.xml, man/groupdel.8.xml,
  man/useradd.8.xml, man/pwck.8.xml, man/groupadd.8.xml,
  man/sulogin.8.xml, man/newgrp.1.xml, man/usermod.8.xml,
  man/su.1.xml, man/vipw.8.xml, man/passwd.1.xml,
  man/groupmod.8.xml, man/login.1.xml, man/userdel.8.xml,
  man/grpck.8.xml: Added CONFIGURATION section.
* man/generate_mans.mak: The generations of manpages depends on
  the variables from the Makefiles. Add the dependency on Makefile.
* man/login.defs.5.xml: New login.defs variable documented.
* man/Makefile.am: Added XML variable documentation to the
  distributed files.
2007-12-08 23:24:40 +00:00
nekral-guest 6c6a220b2e Fix the newgrp section in the gshadow.5 manpage.
Thanks to Andre Majorel <aym-naibed@teaser.fr>.
2007-12-05 21:31:21 +00:00
nekral-guest 50452e30fc Prepare the 4.1.0-rc1 release. 2007-11-27 20:08:16 +00:00
nekral-guest 713d777c61 New TODOs. 2007-11-27 19:45:36 +00:00
nekral-guest 5a00c2a03e Added the login.defs variables description to the man's EXTRA_DIST. 2007-11-27 19:42:23 +00:00
nekral-guest 0f7f0ea467 * man/chfn.1.xml: Uses CHFN_AUTH, CHFN_RESTRICT, LOGIN_STRING.
* man/chgpasswd.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chpasswd.8.xml: Switch to using entities for ENCRYPT_METHOD,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chsh.1.xml: Uses CHSH_AUTH, LOGIN_STRING.
* man/expiry.1.xml: Does not use any login.defs parameter.
* man/gpasswd.1.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS.
* man/login.defs.5.xml: Added CHSH_AUTH.
* man/login.defs.5.xml: Cross reference -> cross references.
* man/login.defs.5.xml: chfn only uses CHFN_AUTH when no_pam.
* man/login.defs.5.xml: chsh uses CHSH_AUTH, not CHFN_AUTH.
* man/login.defs.d/CHSH_AUTH.xml: Added.
* man/login.defs.5.xml: chsh uses parameters only when no_pam.
* man/login.defs.5.xml: expiry does not use CONSOLE_GROUPS, even
  if linked in the binary.
* man/newusers.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE,
  SHA_CRYPT_MIN_ROUNDS, UMASK.
2007-11-26 23:27:56 +00:00
nekral-guest 7fd329721a The previous commit to man/login.defs.5.xml also describeb the usage of
variables by each tools when compiled without PAM support.
2007-11-26 22:14:45 +00:00
nekral-guest 4183905c3a Add --expand-all-entities to the call to xml2po to avoid translating the
external entities separately.
2007-11-26 22:13:16 +00:00
nekral-guest b75fe4940b Put each variable description in an external entities. This will permit to
reference them in the various utils manpages.
2007-11-26 22:11:23 +00:00
nekral-guest cb041d775f Do not generate gmo files. 2007-11-26 22:04:20 +00:00
nekral-guest a428137884 End of the PO unfuzzyfication (after tabulation removal in Usage strings) 2007-11-26 22:00:57 +00:00
nekral-guest ece64e4195 Fix typo. 2007-11-25 22:05:08 +00:00
nekral-guest 8ed5ead77b * man/po/LINGUAS: Added missing LINGUAS.
* man/po/de.po, man/po/fr.po, man/po/it.po, man/po/pl.po,
  man/po/ru.po, man/po/sv.po: Updated.
2007-11-25 21:28:26 +00:00
nekral-guest 1683c26db3 Added POTFILES to the ignored files in man/po 2007-11-25 21:06:49 +00:00
nekral-guest 543b693547 * configure.in, man/po/Makefile.in.in, man/po/Makevars,
man/po/POTFILES.in, man/Makefile.am: Generate the PO files for the
  manpages in the man/po directory (instead of man/<lang>). Use a
  Makefile.in.in based on gettext's one. This ensure that the PO are
  generated before being used in the <lang> directories.
* man/generate_mans.mak, man/generate_translations.mak,
  man/Makefile.am: New makefile for the generation of manpages from
  XML (generate_mans.mak). This avoid duplicate chunks in
  generate_translations.mak and Makefile.am
* man/de/de.po, man/fr/fr.po, man/it/it.po, man/pl/pl.po,
  man/ru/ru.po, man/sv/sv.po: Moved to...
* man/po/de.po, man/po/fr.po, man/po/it.po, man/po/pl.po,
  man/po/ru.po, man/po/sv.po: ... here.
2007-11-25 21:02:32 +00:00
nekral-guest fabc69e9d8 One more fix to avoid a fuzzy string. 2007-11-25 20:27:25 +00:00
nekral-guest 971c43c0e5 Unfuzzy other Usage strings translations.
Note: km.po and ne.po contain translated options.
2007-11-25 20:21:53 +00:00
nekral-guest 6831c45533 Do not use tabulations in Usage strings. 2007-11-24 22:41:24 +00:00
nekral-guest 0e400eae56 Run "make update-po" in the po directory. 2007-11-24 14:02:10 +00:00
nekral-guest 4d606cc690 * configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
  to disable the references to the SHA256 and SHA512 password
  encryption algorithms from the usage help and manuals (in addition
  to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
  src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
  always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
  preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
  src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
  SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
  subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 13:08:08 +00:00
nekral-guest ee5c48d51c If we requested a non DES encryption, make sure crypt returned a encrypted
password longer than 13 chars. This protects against the GNU crypt() which
does not return NULL if the algorithm is not supported, and return a DES
encrypted password.
2007-11-24 00:37:37 +00:00
nekral-guest 6ffc0f820a Add missing #include "getdef.h" 2007-11-24 00:28:25 +00:00
nekral-guest afbf2094a8 * Provide the crypt method to all the
crypt_make_salt invocations.
* Tag the ENCRYPTMETHOD_SELECT dependent code
  accordingly.
2007-11-24 00:26:31 +00:00
nekral-guest 2e782e3d7d * libmisc/salt.c: Make sure method is not NULL, defaulting to DES.
Thanks to Dan Kopecek <dkopecek@redhat.com>.
* src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but
  the system default define in /Etc/login.defs. Thanks to Dan
  Kopecek <dkopecek@redhat.com>.
* NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention
  DES as the default algorithm.
* src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT
  dependent code accordingly.
2007-11-24 00:16:41 +00:00
nekral-guest e1e619074c Re-indent. 2007-11-24 00:00:12 +00:00
nekral-guest a99bec34a9 Make sure method is not NULL, defaulting to DES. Thanks to Dan Kopecek <dkopecek@redhat.com>. 2007-11-23 23:57:47 +00:00
nekral-guest 963bfaf521 * Move the srandom call to gensalt.
* Replace the test on salt_size by an assert.
2007-11-23 21:04:43 +00:00
nekral-guest 43b10b311a Applied patch shadow-utils-4.0.18.2-salt.patch. Thanks to Dan Kopecek <dkopecek@redhat.com> 2007-11-23 20:51:43 +00:00
nekral-guest 1cc6fd0d16 News options -c/--crypt-method -s/--sha-rounds to newusers.
Document also new login.defs variables.
2007-11-23 20:24:42 +00:00
nekral-guest acba134aae Added prototype for getlong. 2007-11-23 20:11:00 +00:00
nekral-guest add1c18b2e * src/chpasswd.c: Added crypt method: NONE.
* src/chpasswd.c: Added --sha-rounds to the usage().
* libmisc/Makefile.am, libmisc/getlong.c, src/chgpasswd.c,
  src/chpasswd.c: New getlong function. Replace chpasswd's and
  chgpasswd's getnumber.
2007-11-23 20:09:57 +00:00
nekral-guest d8d8f70b0e Removed unused variable 'member'. 2007-11-23 20:00:03 +00:00
nekral-guest f0ccf72107 Document the variables used by chpasswd. The definitions are copied from
login.defs. I should try to use a less error prone process for this.
2007-11-23 19:58:10 +00:00
nekral-guest d316ba1b87 * Use <replaceable> for the values set by
users. (was sometimes <emphasis remap='I'>)
* Use <option> vor the variable names. This
  makes the manpage much more readable.
* (ENCRYPT_METHOD, MD5_CRYPT_ENAB,
  SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS): Mention that command
  line option may supersede the system setting.
* Document the variables used by chpasswd
  and chgpasswd.
2007-11-23 19:55:47 +00:00
nekral-guest ba1e26e25f svn propset svn:keywords Id 2007-11-23 19:44:57 +00:00
nekral-guest e15fbb905c * NEWS, lib/getdef.c, man/login.defs.5.xml: New login.defs
variable: MAX_MEMBERS_PER_GROUP. Used for the split groups support.
* lib/commonio.c, lib/commonio.h: Add an open_hook and close_hook
  operation. They are called after the database is actually opened
  and parse, or before it is closed.
* lib/groupio.c: Add an open_hook to merge split groups, and an
  close group to split groups if MAX_MEMBERS_PER_GROUP is set.
  This fixes gpasswd and chgpasswd when split groups are used.
* lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: No open or close
  hooks for these databases. (unsure about what should be the gshadow
  behavior for split groups)
2007-11-23 00:07:59 +00:00
nekral-guest a0488ccac2 * NEWS, src/gpasswd.c: Read the group and shadow groups using
gr_locate and sgr_locate. gpasswd write in the file database. Thus
  it should read information from the file database, not using
  getgrnam. The change to sgr_locate is just for consistency. This
  requires opening the group databases (read only) using
  gr_open/sgr_open.
* NEWS: Indicate that manpages should be re-generated if configure
  option are changed, due to conditions.
2007-11-22 21:55:12 +00:00
nekral-guest b2c58c81ed * configure.in: SHADOWGRP added to AM_CONDITIONAL for the
generation of manpages.
* man/generate_translations.mak: Added pam/no_pam condition (like
  in man/Makefile.am).
* man/Makefile.am, man/generate_translations.mak: Added
  gshadow/no_gshadow condition.
* man/gpasswd.1.xml: Use the gshadow/no_gshadow condition to
  change the manpage depending on the shadow group support.
2007-11-22 21:36:38 +00:00
nekral-guest 905596ced5 Remove chunk that should not have been committed. 2007-11-22 09:27:51 +00:00
nekral-guest 3dbf1efbc3 Updated to 757t. Thanks to Yuri Kozlov <kozlov.y@gmail.com>. 2007-11-22 00:15:25 +00:00
nekral-guest 08dadcb2b7 Updated to 399t. Thanks to Yuri Kozlov <kozlov.y@gmail.com>. 2007-11-22 00:06:50 +00:00
nekral-guest f171d63b5b Add support for conditionally including paragraphs. (e.g. to support the
documentation of PAM and !PAM features).

I hate docbook!
2007-11-22 00:01:58 +00:00
nekral-guest a34110320f * man/newusers.8.xml: Added /etc/gshadow, /etc/group, /etc/shadow,
and /etc/passwd to section FILES.
* man/newusers.8.xml: Mentions that PAM is not used to set the
  passwords.
* man/chpasswd.8.xml: Added section FILES (/etc/passwd,
  /etc/shadow, /etc/login.defs).
* man/chpasswd.8.xml: Use the same paragraph as in newusers.8.xml
  to indicate that PAM is not used.
* man/chgpasswd.8.xml: Added section FILES (/etc/group,
  /etc/gshadow, /etc/login.defs).
2007-11-21 22:12:14 +00:00
nekral-guest 46ae2113b6 * Try harder to get the GID equal to the UID.
This was not the case when the GID is not specified, and a GID
  exist with an ID higher than the all the UIDs.
* Typo in comment: contrained -> constrained.
2007-11-21 21:27:44 +00:00
nekral-guest 6f7ed628e2 Compile fix (related to last commit on src/chgpasswd.c). 2007-11-21 20:28:13 +00:00
nekral-guest fd0b22cb55 If the shadow group file is not present, do not try to locate the group
entry from /etc/gshadow, and set the password in /etc/group.
2007-11-20 20:59:42 +00:00
nekral-guest 9aa40bb96d * libmisc/obscure.c, libmisc/salt.c, src/passwd.c: Match DES, MD5,
SHA256, and SHA512 exactly (not only the first 3/6 chars).
* libmisc/salt.c (SHA_salt_rounds): Set rounds to the specified
  prefered_rounds value, if specified.
* src/gpasswd.c, libmisc/salt.c: Fix compilation warnings (use
  size_t for lengths).
* src/chpasswd.c, src/chgpasswd.c: Add missing parenthesis.
2007-11-20 20:00:16 +00:00
nekral-guest 1d4b67c773 Ignore the generated manpages. Add *.[1358] to the svn:ignore property. 2007-11-20 19:15:34 +00:00
nekral-guest cda805ff4e New TODOs. 2007-11-20 13:42:18 +00:00
nekral-guest a30c0a8192 The -c, -e, and -m options are exclusives. 2007-11-20 13:09:55 +00:00
nekral-guest 6e3ad7a275 * man/chpasswd.8.xml, man/chgpasswd.8.xml: Document how the
encryption algorithm is chosen for the passwords. Document the new
  -c and -s options. Add a reference to login.defs(5).
* man/login.defs.5.xml: Document the ENCRYPT_METHOD,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS, and SHA_CRYPT_MAX_ROUNDS
  variables.
* etc/login.defs: Indicate that MD5_CRYPT_ENAB is deprecated.
  Document the relationship with PAM for MD5_CRYPT_ENAB and
  ENCRYPT_METHOD.
2007-11-20 12:59:20 +00:00
nekral-guest 5cb462d767 Increase the size of crypt_passwd from 128 to 256 to avoid overflow in
case of SHA512 (161 should be sufficient).
2007-11-20 12:18:36 +00:00
nekral-guest 63a4e65ca1 Fix typo s/method/crypt_method/ 2007-11-20 12:10:55 +00:00
nekral-guest 90de228897 passwd also use crypt_make_salt(). 2007-11-20 09:51:36 +00:00
nekral-guest 0b695f5a76 * lib/prototypes.h, libmisc/salt.c: Add parameters to
crypt_make_salt to force the crypt method and number of rounds.
* libmisc/salt.c: Add parameter to SHA_salt_rounds to force the
  number of rounds.
* libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB
  are needed also when USE_PAM (e.g. for chpasswd).
* src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype.
* src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method
  and -s, --sha-rounds to specify the crypt method and number of
  rounds in case of one of the SHA methods. The new prototype of
  crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 09:33:52 +00:00
nekral-guest eb23bbfd98 Hopefully, I review my commits in the morning... 2007-11-20 09:20:34 +00:00
nekral-guest e406b7fe4a * libmisc/salt.c: The salt has a random size (between 8 and 16
bytes).
* lib/getdef.c, etc/login.defs: Add definitions for
  SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS.
* libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS
  to add a random number of rounds if needed.
2007-11-20 00:05:54 +00:00
nekral-guest c214b26ee6 * libmisc/salt.c (MAGNUM): Terminate the array with nul (the array
is then used with strcat).
* libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at
  the beginning (was not initialized when USE_PAM).
* libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a
  valid crypt method.
2007-11-19 22:34:48 +00:00
nekral-guest 65f536165d Fix typo introduced while merging RedHat patch shadow-4.0.18.1-sha256.patch. 2007-11-19 22:16:50 +00:00
nekral-guest b8d8d0de00 Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch
shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes
except re-indent and changes related to recent modifications (max_salt_len
in crypt_make_salt). Changes in lib/defines.h not applied (definition of
ENCRYPTMETHOD_SELECT). I will add a configure check or flag.
2007-11-19 22:14:19 +00:00
nekral-guest cfc3378a0b All the manpages in de, fr, it, pl are auto-generated. 2007-11-19 20:33:39 +00:00
nekral-guest 39e5c0a1ab Fix some compilation warnings:
* src/login.c: "dereferencing type-punned pointer will break
   strict-aliasing rules", add a variable indirection: ptr_pam_user.
 * lib/commonio.c: do not initialize the sb stat structure.
 * lib/pwio.c, lib/shadowio.c, lib/sgroupio.c, lib/groupio.c:
   initialize the security context if WITH_SELINUX.
 * lib/nscd.c: The service argument is not const (used in the exec*
   parameters). This matches with the prototype definition.
 * src/groupmems.c: Avoid ++i when i is also used in the same line.
 * src/newusers.c: i is positive every time it is compared. Add
   cast to unsigned int.
 * src/nologin.c: Use a main() prototype with no arguments.
 * libmisc/getdate.y: Initialize the type and value fields of the
   terminating entry for each TABLE.
 * libmisc/tz.c: Use "TZ=CST6CDT" as the default timezone.
2007-11-19 20:25:36 +00:00
nekral-guest d16cc1ea89 Add a NEWS entry to indicate the review of the usage of getpwnam(),
getpwuid(), getgrnam(), getgrgid(), and getspnam().
2007-11-19 01:19:45 +00:00
nekral-guest 6a0a7171d2 * man/pl/Makefile.am: Add getspnam.3 to EXTRA_DIST since it is
generated with shadow.3.
* man/generate_translations.mak: Clean all the manpages, based on
  $(EXTRA_DIST), not $(man_MANS).
2007-11-19 01:16:42 +00:00
nekral-guest 398c993e67 Additional removed translated manpages: man/pl/shadow.3 man/pl/sulogin.8 man/pl/id.1 man/ru/sulogin.8 man/ru/id.1 man/it/id.1 2007-11-19 01:13:44 +00:00
nekral-guest 221856ccc2 Remove generated translated manpages. They are still distributed with the shadow tarballs. 2007-11-18 23:58:27 +00:00
nekral-guest 9cf3af04f7 Remove chgpassw.8 since the real manpage should be named chgpasswd.8. 2007-11-18 23:43:58 +00:00
nekral-guest 03047a3980 Why does chgpasswd uses chpasswd's pam config file? 2007-11-18 23:24:44 +00:00
nekral-guest ecc11d5542 Really delete man/vigr.8.xml. 2007-11-18 23:22:28 +00:00
nekral-guest 03118ffb9b Remove file. The vigr man page is generated from the vipw XML file. 2007-11-18 23:21:49 +00:00
nekral-guest dcedc12f36 Add forgotten files in the previous ChangeLog entry. 2007-11-18 23:20:02 +00:00
nekral-guest 9adfc136b6 * lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
  libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
  Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
  xgetgrgid(), and xgetspnam(). They allocate memory for the
  returned structure and are more robust to successive calls. They
  are implemented with the libc's getxxyyy_r() functions if
  available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
  libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
  libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
  src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
  src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
  src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
  src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
  src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
  src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
  usage of one of the getpwnam(), getpwuid(), getgrnam(),
  getgrgid(), and getspnam() functions. It was noticed on
  http://bugs.debian.org/341230 that chfn and chsh use a passwd
  structure after calling a pam function, which result in using
  information from the passwd structure requested by pam, not the
  original one. It is much easier to use the new xget... functions
  to avoid these issues. I've checked which call to the original
  get... functions could be left (reducing the scope of the
  structure if possible), and I've left comments to ease future
  reviews (e.g. /* local, no need for xgetpwnam */).
  Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
  lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
  functions (used by the xget... functions) from the <xx>io.c files
  to the new <xx>mem.c files. This avoid linking some utils against
  the SELinux library.
2007-11-18 23:15:26 +00:00
nekral-guest ea63711c2c Some fixes for the manpages:
* man/pl/pl.po: Fix typo: chgpassw -> chgpasswd.
 * man/pl/Makefile.am: Fix typo: chgpassw -> chgpasswd.
 * man/de/de.po: groups shall not be translated (for command,
   refname, or refentrytitle).
2007-11-18 22:58:31 +00:00
nekral-guest 69525890db Fix typo introduced while fixing http://bugs.debian.org/451521 (compile fix). 2007-11-18 22:52:56 +00:00
nekral-guest 0b13ea5676 * Why isgroup always return TRUE in groupmems?
* why is there a USE_PAM section?
2007-11-18 17:08:42 +00:00
nekral-guest ce579ac6d2 Fix typo: EXTRA_DOST -> EXTRA_DIST. 2007-11-18 01:21:43 +00:00
nekral-guest cd1089e6f0 Fix a typo in a comment. 2007-11-18 01:20:10 +00:00
nekral-guest 311f4baa27 Do not document the behavior compared to old versions. 2007-11-17 23:11:02 +00:00
nekral-guest 7b50ff67f9 Do not mention the patch names in the NEWS entries. They are mentioned in
the ChangeLog.
2007-11-17 22:21:50 +00:00
nekral-guest a8aa7028f4 Add NEWS entries for the previous changes. 2007-11-17 22:17:42 +00:00
nekral-guest 722941eae1 Document the differences between locking an account and locking a password. 2007-11-17 22:07:47 +00:00
nekral-guest 0743a7236d Same fixes as applied to usermod: refuse to unlock an account when it
would result in a passwordless account.
2007-11-17 22:05:31 +00:00
nekral-guest 85463e754d Refuse to unlock an account when it would result in a passwordless
account.  Based on Openwall's patch shadow-4.0.4.1-owl-usermod-unlock.diff
2007-11-17 22:02:22 +00:00
nekral-guest 5e438aa46c Make sure that the prefix is the name of a directory (not only the
beginning of a directory).
Openwall patch shadow-4.0.4.1-owl-userdel-path_prefix.diff.
2007-11-17 21:24:06 +00:00
nekral-guest 1f4488f963 * src/newgrp.c: Do not give an indication that the group has no
password.
* src/newgrp.c: Do not only bail on syslog if the password is not
  valid. Also give an indication to the user on stderr.
2007-11-17 21:03:33 +00:00
nekral-guest 225b096838 Remove a comment which states that an user shall provide a password to
switch to her group.
2007-11-17 20:41:49 +00:00
nekral-guest 8e568ef697 Last parts of the Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
* src/chage.c: Make chage -l also drop the saved GID.
 * src/chage.c: Prefer setregid/setreuid to setgid/setuid.
2007-11-17 20:28:32 +00:00
nekral-guest 24cfb1c158 * src/chage.c: Remove cleanup(). pw_lock is never called. Replace
cleanup(2) by spw_unlock and remove the calls to cleanup(1).
* src/chage.c: Remove variable pwrw. It is always set to 0. The
  password database is always read only.
2007-11-17 20:09:54 +00:00
nekral-guest cbb2911b7f * man/generate_translations.mak: Generic rules for all the
generated translated manpages (if ENABLE_REGENERATE_MAN).
* man/Makefile.am: Removed rules for all the generated translated
  manpages.
* man/sv/Makefile.am, man/de/Makefile.am, man/fr/Makefile.am,
  man/pl/Makefile.am, man/ru/Makefile.am, man/it/Makefile.am:
  Include generate_translations.mak to handle the generated
  translations (XML and roff files).
* man/Makefile.am: Translated XML files moved from the CLEANFILES
  variable of man/Makefile.am to the various languages Makefiles.
2007-11-17 18:45:22 +00:00
nekral-guest a9f2f60c68 Fixes from Openwall patch shadow-4.0.4.1-alt-man.diff:
* man/useradd.8.xml: Indicate that the NIS caveats is also valid
   for any external database as LDAP.
 * man/groupadd.8.xml: Likewise.
 * man/groupadd.8.xml: Reorder and reformat the caveats bullets.
2007-11-17 18:13:17 +00:00
nekral-guest 1bcf56c8b2 Start applying Debian patch 409_man_generate_from_PO:
* NEWS: Applied Debian patch 409_man_generate_from_PO to
   automatically generate the translated manpages from the POs.
 * man/Makefile.am: Replace the individual rules for the generation
   of the manpages (from XML) by a generic Makefile rule an
   dependencies for the linked manpages.
2007-11-17 17:47:02 +00:00
nekral-guest 77bfba3017 Document that chpasswd does not use PAM to update the passwords. This fixes
http://bugs.debian.org/396726.  Debian patch 411_chpasswd_document_no_pam.
2007-11-17 17:31:54 +00:00
nekral-guest 7eed43550c Provide URLs for the Debian bugs. 2007-11-17 17:24:23 +00:00
nekral-guest 0fd1ed4517 Avoid terminating the PAM library in the forked child. This is done later
in the parent after closing the PAM session.
This fixes http://bugs.debian.org/412061.
Debian patch 405_su_no_pam_end_before_exec.
2007-11-17 17:19:44 +00:00
nekral-guest 7503c8a029 Mention sg in the newgrp manpage. Debian patch 410_newgrp_man_mention_sg. 2007-11-17 17:03:01 +00:00
nekral-guest be972d7db3 Fix typo: the warndays option was called warning. This is now warndays,
as documented in the manpage and usage.  Debian patch 417_passwd_warndays.
2007-11-17 16:57:37 +00:00
nekral-guest fb6cb07a60 Remove the preprocessor check SHADOWPWD. The variable is no more defined
(and always assumed).  Debian patch 493_pwck_no_SHADOWPWD.
2007-11-17 16:50:26 +00:00
nekral-guest 5bcc89ffe7 Add NEWS entries for the last 2 changes. 2007-11-17 16:43:00 +00:00
nekral-guest e47ee90033 -l/-u options: edit the shadow account expiry field *in addition* to
editing the password field.  Debian patch 494_passwd_lock.
2007-11-17 16:40:39 +00:00
nekral-guest f16a859ff8 Fix typos. 2007-11-17 16:33:33 +00:00
nekral-guest ae5f08b1cb New TODO for later. 2007-11-17 16:27:30 +00:00
nekral-guest 5d2ca8b240 Do not request a password when a user uses newgrp to switch to her primary
group.  Debian patch 497_newgrp_primary_group.
2007-11-17 16:19:00 +00:00
nekral-guest 90ef765c2e Log an error if the password entry could not be
found (respect LOG_UNKFAIL_ENAB to avoid logging a password). This
fixes the Debian bug http://bugs.debian.org/451521
2007-11-17 16:05:54 +00:00
nekral-guest ca875647b9 -b documenation: Use the same notation for the -d argument as in the -d documentation. 2007-11-17 15:27:12 +00:00
nekral-guest e39a941413 Allow the -b option even without the -D option. 2007-11-17 15:07:59 +00:00
nekral-guest 87b5ce3036 Use the same error message for the below errors.
(option working ONLY if another is specified).
2007-11-17 14:49:39 +00:00
nekral-guest af045a0733 Make usermod -o and -u work independently of the argument order. 2007-11-17 14:40:54 +00:00
nekral-guest 488184394e Validate that two of the -L, -p, and -U options are not used at the same
time after the parsing of options. -U used to be allowed after -p or -L,
but not before.
2007-11-17 14:33:26 +00:00
nekral-guest 71392cdc8f Make usermod -d and -m work independant of the argument order. Thanks to
Justin Pryzby <jpryzby+d@quoininc.com> for the patch. This fixes Debian's
bug #451518.
2007-11-17 14:21:05 +00:00
nekral-guest 4aafb131ca * NEWS, lib/nscd.c: Execute nscd -i instead of using the private
glibc socket to flush the nscd tables. This comes from the RedHat
  patch shadow-4.0.16-nscd.c.
* lib/commonio.c: Forbid inheritance of the passwd and group files
  to the spawed processes (like nscd). This comes from the RedHat
  patch shadow-4.0.17-notInheritFd.patch.
* lib/nscd.h: Update header.
2007-11-17 14:04:05 +00:00
nekral-guest 6c2e7c124f Remove remaining return value in update_group. 2007-11-17 13:48:56 +00:00
nekral-guest 24e742d202 * src/usermod.c (fail_exit): Add static variables pw_locked,
spw_locked, gr_locked, and sgr_locked to indicate which files must
  be unlocked.
* src/usermod.c (open_files, close_files): Open and close the
  group files as well as the passwd files. This permit to check if
  the group files modification are allowed before writing the passwd
  files.
* src/usermod.c (grp_update, update_gshadow, update_group): Do not
  return a status code, but call fail_exit() in case of error. The
  group files are no more opened and closed in update_gshadow() and
  update_group().
* src/usermod.c (main): move the call to grp_update between
  open_files and close_files.
* src/usermod.c: Differentiate failure to add a group entry and
  failure to add a shadow group entry.
2007-11-17 11:42:47 +00:00
nekral-guest 326074388c Differentiate failure to update a group entry and failure to update a shadow group entry. 2007-11-17 11:31:06 +00:00
nekral-guest 9afe59af3e Inform the user if out of memory while updating a group database. 2007-11-16 23:39:42 +00:00
nekral-guest 7ecdf9b71f Update the group database before flushing the nscd caches. 2007-11-16 23:29:41 +00:00
nekral-guest 0325483ee4 Abort if an error is found while updating the user or group database. No
changes will be written in the databases.
2007-11-16 23:26:56 +00:00
nekral-guest b370e1502e It is no more needed to check that the user's groups are specified only
once in the group file. This is checked by gr_update().
2007-11-16 23:05:24 +00:00
nekral-guest 07c2610170 * lib/commonio.c (next_entry_by_name): New function.
* NEWS, lib/commonio.c (commonio_update): When an entry is updated, make
   sure that there are no other entry with the same name. This fixes
   an infinite loop in userdel and usermod when an (erroneous) group 
   file contains two entries with the same name.
   (https://bugzilla.redhat.com/show_bug.cgi?id=240915)
2007-11-16 22:59:14 +00:00
nekral-guest c2ebdc4b5d Fix date entry. 2007-11-16 22:33:59 +00:00
nekral-guest 449f17385a * libmisc/salt.c: Make sure the salt string is terminated at the
right place (either 8th, or 11th position).
 * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does
   not need 15 chars. No need for a temporary buffer.
   This change the fix committed on 2007-11-10. The salt provided to
   pw_encrypt could have been too long.
2007-11-16 19:02:00 +00:00
nekral-guest e163c5fe9c Fix typo: missing / in <placeholder-1/>. This caused the gpasswd title to be incomplete in the French manpage. 2007-11-16 14:10:29 +00:00
nekral-guest f55e00dc4e Add support for uClibc with no l64a(). 2007-11-16 12:36:21 +00:00
nekral-guest e0edb7db17 Add support for systems with no innetgr(). On those systems, username
with an @ will be treated like any other username (i.e. lookup in the
local database for an user with an @). Thanks to Mike Frysinger for the
patch.
2007-11-16 11:32:42 +00:00
nekral-guest 690f7aee2e Indentation fix. 2007-11-16 10:50:38 +00:00
nekral-guest 8d527f156d Declare the child and pid variable at the beginning of a block. This
fixes a compilation issue with gcc 2.95. The intent is the same as
Gentoo's patch shadow-4.0.12-gcc2.patch.
2007-11-14 13:46:15 +00:00
nekral-guest 15f43716c1 Add a variable to set the suid permissions. This should simplify Gentoo's
patch shadow-4.0.11.1-perms.patch.
2007-11-14 13:32:25 +00:00
nekral-guest b2120265fd Added the subversion svn:keywords property (Id) for proper identification. 2007-11-10 23:46:11 +00:00
nekral-guest fb3b2ddbff Restore the ignore patterns from the previous repository. 2007-11-10 23:34:37 +00:00
nekral-guest 0f09d5378a Update the PO files. 2007-11-10 22:36:37 +00:00
nekral-guest f9de15fdcf Don't ask for a password if there are no group passwords. Just directly
give up. This comes from the Fedora's patch shadow-4.0.13-newgrpPwd.patch,
and seems to be the only part with an effect.
2007-11-10 18:54:40 +00:00
nekral-guest 1bdb92706e Fix chpasswd and chgpasswd stack overflow. Based on Fedora's shadow-4.0.18.1-overflow.patch. 2007-11-10 18:48:23 +00:00
nekral-guest 6a051e1544 Allow non numerical group identifier to be specified with useradd's -g
option. Applied Debian patch 397_non_numerical_identifier. Thanks also to
Greg Schafer <gschafer@zip.com.au>.
2007-11-10 15:51:38 +00:00
nekral-guest 6a73df0b18 Update the release date. 2007-10-28 15:36:14 +00:00
nekral-guest 8609e24880 Update the version number to 4.0.18.2 and the gettext version to 0.16. 2007-10-27 23:22:11 +00:00
nekral-guest 4bb174fa8c Remove the generate_translations.mak inclusion. This file does not exist
and will be introduced later when the Debian patch
409_man_generate_from_PO will be included.
2007-10-27 23:19:32 +00:00
nekral-guest a8856cbfbd Remove a plural form. nplurals=1 for japanese. Moreover, msgstr[0] was identical to msgstr[1]. 2007-10-27 23:18:08 +00:00
nekral-guest afbacaaba4 Make autogen.sh executable. 2007-10-27 23:15:42 +00:00
nekral-guest 16285e6768 Add support for 2 new resource limits. Thanks to Justin Bronder for the
patch. This was reported in the Debian bug #442334.
This only impact shadow when it is not compiled with PAM support.
2007-10-27 19:45:21 +00:00
nekral-guest 93acdeb8ff Document all gpasswd.1 options separately. This clarify the gpasswd.1
manpages (reported in debian bug #445480).
2007-10-27 14:00:31 +00:00
bubulle 3ada732dc0 Mention the GNU origin of some parts from su. Debian patch 438 2007-10-27 13:50:40 +00:00
bubulle e942010304 Fix spelling error. Debian patch 433 2007-10-27 13:45:14 +00:00
bubulle 4e796db54f Merge Debian patch 416_man-fr_newgrp (yet another French fry^W fix) 2007-10-27 13:13:24 +00:00
nekral-guest 5e8dbee79a Update contact information. 2007-10-27 13:11:28 +00:00
nekral-guest 600347a7e8 Update contact informations. 2007-10-27 13:08:46 +00:00
bubulle 84b79dd20d Merge Debian patch 402: clarify usermod "-a" help 2007-10-27 13:01:19 +00:00
bubulle 4750ec187b Merged in Debian patch 203 (german man pages translation) 2007-10-27 12:57:25 +00:00
bubulle c8933a922b Merge in Debian patch 202: switch Italian man pages to gettext 2007-10-27 12:53:06 +00:00
bubulle 6487e675b2 Mention 102 in the "fix sorry" changelog entry 2007-10-27 12:49:56 +00:00
bubulle 30d15b861f Merged patch 201: fix translation error in French man pages 2007-10-27 12:49:12 +00:00
bubulle d059ef6780 No longer apologize to users 2007-10-27 12:46:30 +00:00
bubulle d254707b96 Apply patch 102 from Debian. No mention in Changelog as we will immediately
fuzzy the strings with "sorry"
2007-10-27 12:42:21 +00:00
nekral-guest f0a3e8b09e Updated Chinese translation (zh_CN: 385t11f4t). 2007-10-27 12:35:57 +00:00
nekral-guest 3d67951f15 Updated Finish translation.
Thanks to Tommi Vainikainen <thv+debian@iki.fi>.
2007-10-27 12:08:44 +00:00
nekral-guest e3f303fdb5 If compiled without PAM support, enforce the limits from /etc/limits when
one of the -, -l, or --login options is set, even if called by root.
Thanks to Justin Bronder.
2007-10-12 22:36:26 +00:00
nekral-guest 756b6812a6 Convert the Changelog and NEWS to UTF-8. 2007-10-07 14:57:03 +00:00
nekral-guest 9873619e22 Fix the NEWS entries. The shadow-4.0.18.1 header was missing and
shadow-4.0.18.1/shadow-4.0.18.2 entries were mixed.
2007-10-07 14:52:16 +00:00
nekral-guest 79bf2081fe Commit the last version from the PLD CVS repository.
(last changelog entry: 2007-02-01)
This also adds the files which were present in the CVS repository, but not
present in the shadow archives.
2007-10-07 14:36:51 +00:00
nekral-guest 0d93a36930 Remove generated files present in the shadow archives but not in the CVS
repository.
2007-10-07 13:59:23 +00:00
nekral-guest c187b2be78 [svn-upgrade] Integrating new upstream version, shadow (4.0.18.1) 2007-10-07 11:48:07 +00:00
nekral-guest 5e20c4359f [svn-upgrade] Integrating new upstream version, shadow (4.0.18) 2007-10-07 11:47:57 +00:00
nekral-guest 8a78a8d68c [svn-upgrade] Integrating new upstream version, shadow (4.0.17) 2007-10-07 11:47:45 +00:00
nekral-guest 0fa9083026 [svn-upgrade] Integrating new upstream version, shadow (4.0.16) 2007-10-07 11:47:33 +00:00
nekral-guest 591830e43b [svn-upgrade] Integrating new upstream version, shadow (4.0.15) 2007-10-07 11:47:22 +00:00
nekral-guest 24178ad677 [svn-upgrade] Integrating new upstream version, shadow (4.0.14) 2007-10-07 11:47:11 +00:00
nekral-guest 8451bed8b0 [svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 11:47:01 +00:00
nekral-guest e89f3546f2 [svn-upgrade] Integrating new upstream version, shadow (4.0.12) 2007-10-07 11:46:52 +00:00
nekral-guest 1de90a599c [svn-upgrade] Integrating new upstream version, shadow (4.0.11.1) 2007-10-07 11:46:43 +00:00
nekral-guest b48129fcbb [svn-upgrade] Integrating new upstream version, shadow (4.0.11) 2007-10-07 11:46:34 +00:00
nekral-guest 8c50e06102 [svn-upgrade] Integrating new upstream version, shadow (4.0.10) 2007-10-07 11:46:25 +00:00
nekral-guest 7c47e0fde3 [svn-upgrade] Integrating new upstream version, shadow (4.0.9) 2007-10-07 11:46:16 +00:00
nekral-guest 8e167d28af [svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 11:46:07 +00:00
nekral-guest 0ee095abd8 [svn-upgrade] Integrating new upstream version, shadow (4.0.7) 2007-10-07 11:45:58 +00:00
nekral-guest 164b557066 [svn-upgrade] Integrating new upstream version, shadow (4.0.6) 2007-10-07 11:45:49 +00:00
nekral-guest b0e078d9c8 [svn-upgrade] Integrating new upstream version, shadow (4.0.5) 2007-10-07 11:45:40 +00:00
nekral-guest e637799f9b [svn-upgrade] Integrating new upstream version, shadow (4.0.4.1) 2007-10-07 11:45:31 +00:00
nekral-guest effd479bff [svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 11:45:23 +00:00
nekral-guest 4903ce068e [svn-upgrade] Integrating new upstream version, shadow (4.0.3) 2007-10-07 11:45:14 +00:00
nekral-guest 37dc61340b [svn-upgrade] Integrating new upstream version, shadow (4.0.2) 2007-10-07 11:45:07 +00:00
nekral-guest 9db6abfa42 [svn-upgrade] Integrating new upstream version, shadow (4.0.1) 2007-10-07 11:44:59 +00:00
nekral-guest 3bc4996775 [svn-upgrade] Integrating new upstream version, shadow (4.0.0) 2007-10-07 11:44:51 +00:00
nekral-guest 8fee8c57ae [svn-upgrade] Integrating new upstream version, shadow (20001016) 2007-10-07 11:44:44 +00:00
nekral-guest 4e3fe42600 [svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 11:44:38 +00:00
nekral-guest d6e9891ad7 [svn-upgrade] Integrating new upstream version, shadow (20000902) 2007-10-07 11:44:32 +00:00
nekral-guest be1f391d2a [svn-upgrade] Integrating new upstream version, shadow (20000826) 2007-10-07 11:44:26 +00:00
nekral-guest 5cd76a407a [svn-upgrade] Integrating new upstream version, shadow (20000902) 2007-10-07 11:44:20 +00:00
nekral-guest efd7efa9f1 [svn-upgrade] Integrating new upstream version, shadow (20000826) 2007-10-07 11:44:14 +00:00
nekral-guest 446e664caa [svn-upgrade] Integrating new upstream version, shadow (19990827) 2007-10-07 11:44:08 +00:00
nekral-guest 45c6603cc8 [svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 11:44:02 +00:00
nekral-guest 9c72ed9062 Create a svn-buildpackage like repository layout 2007-10-07 11:43:59 +00:00
10509 changed files with 45893 additions and 522823 deletions
-1
View File
@@ -17,7 +17,6 @@ Makefile.in
/ABOUT-NLS
/aclocal.m4
/autom4te.cache
/compile
/config.guess
/config.h
/config.h.in
+4 -2597
View File
File diff suppressed because it is too large Load Diff
+2 -203
View File
@@ -1,207 +1,6 @@
$Id$
shadow-4.1.5.1 -> shadow-4.2 UNRELEASED
*** general
* Handle libc whose crypt() returns NULL when passed a salt that
violates specs or system requirements (e.g. FIPS140). This is needed
with glibc/eglibc 2.17 for tools checking passwords (passwd (non PAM
enabled) or newgrp), and for tools generating encrypted passwords
(chgpasswd, chpasswd, or gpasswd when non PAM enabled or when a fixed
crypt method is requested on the command line, and newusers, or passwd
in their non PAM enabled versions)
* Fix segfault when reading groups split on multiple lines. This impacts
most user/group management tools when MAX_MEMBERS_PER_GROUP is set.
- su
* When su receives a signal (SIGTERM, or SIGINT/SIGQUIT in non
interactive mode), kill the child process group, rather than just the
immediate child.
* Fix segmentation faults for users without a proper home or shell in
their passwd entries.
- login
* Fix segmentation faults for users without a proper home or shell in
their passwd entries.
*** documentation
* Fixed useradd man page (--home-dir option, instead of --home).
*** translation
* Updated Russian translation.
* Updated German man pages translation.
* Fixed gshadow Japanese man page translation.
shadow-4.1.5 -> shadow-4.1.5.1 2012-05-25
- login
* Log into utmp(x) when PAM is enabled, but do not log into wtmp.
This complete pam_lastlog which logs into wtmp and in into utmp(x).
- su
* non PAM enabled versions: do not fail if su is called without a
controlling terminal.
- userdel
* Fix segfault when userdel removes the user's group.
*** documentation
* .so links now point to paths relative to the top-level manual hierarchy
*** translation
* Updated French man pages translation.
* Updated German man pages translation.
* Updated Polish man pages translation. (logoutd.8)
shadow-4.1.4.3 -> shadow-4.1.5 2012-02-12
*** security
* su -c could be abused by the executed command to invoke commands with
the caller privileges. See below. (CVE-2005-4890)
*** general
* report usage error to stderr, but report usage help to stdout (and return
zero) when explicitly requested (e.g. with --help).
* initial support for tcb (http://openwall.com/tcb/) for useradd,
userdel, usermod, chage, pwck, vipw.
* Added support for ACLs and Extended Attributes in useradd and usermod.
Support shall be enabled with the new --with-acl or --with-attr
configure options.
* Added diagnosis for lock failures.
* use libsemanage instead of the semanage tool.
- chage
* Add --root option.
- chfn
* Add --root option.
- chgpasswd
* When the gshadow file exists but there are no gshadow entries, an entry
is created if the password is changed and group requires a
shadow entry.
* Add --root option.
- chpasswd
* PAM enabled versions: restore the -e option to allow restoring
passwords without knowing those passwords. Restore together the -m
and -c options. (These options were removed in shadow-4.1.4 on PAM
enabled versions)
* When the shadow file exists but there are no shadow entries, an entry
is created if the password is changed and passwd requires a
shadow entry.
* Add --root option.
- chsh
* Add --root option.
- faillog
* The -l, -m, -r, -t options only act on the existing users, unless -a is
specified.
* Add --root option.
- gpasswd
* Add --root option.
- groupadd
* Add --root option.
- groupdel
* Add --root option.
- groupmems
* Fix parsing of gshadow entries.
* Add --root option.
- groupmod
* Fixed groupmod when configured with --enable-account-tools-setuid.
* When the gshadow file exists but there are no gshadow entries, an entry
is created if the password is changed and group requires a
shadow entry.
* Add --root option.
- grpck
* Add --root option.
* NIS entries were dropped by -s (sort).
- grpconv
* Add --root option.
- grpunconv
* Add --root option.
- lastlog
* Add --root option.
- login
* Fixed limits support (non PAM enabled versions only)
* Added support for infinite limits and group based limits (non PAM
enabled versions only)
* Fixed infinite loop when CONSOLE is configured with a colon-separated
list of TTYs.
* Fixed warning and support for CONSOLE_GROUPS for users member of more
than 16 groups.
* Do not log into utmp(x) or wtmp when PAM is enabled. This is done by
pam_lastlog.
- newgrp, sg
* Fix parsing of gshadow entries.
- newusers
* Add --root option.
- passwd
* Add --root option.
- pwpck
* NIS entries were dropped by -s (sort).
* Add --root option.
- pwconv
* Add --root option.
- pwunconv
* Add --root option.
- useradd
* If the skeleton directory contained hardlinked files, copies of the
hardlink were removed from the skeleton directory.
* Add --root option.
- userdel
* Check the existence of the user's mail spool before trying to remove
it. If it does not exist, a warning is issued, but no failure.
* Do not remove a group with the same name as the user (usergroup) if
this group isn't the user's primary group.
* Add --root option.
* Add --selinux-user option.
- usermod
* Accept options in any order (username not necessarily at the end)
* When the shadow file exists but there are no shadow entries, an entry
is created if the password is changed and passwd requires a
shadow entry, or if aging features are used (-e or -f).
* Add --root option.
- su
* Document the su exit values.
* When su receives a signal, wait for the child to terminate (after
sending a SIGTERM), and kill it only if it did not terminate by itself.
No delay will be enforced if the child cooperates.
* Default ENV_SUPATH is /sbin:/bin:/usr/sbin:/usr/bin
* Fixed infinite loop when CONSOLE is configured with a colon-separated
list of TTYs.
* Fixed warning and support for CONSOLE_GROUPS for users member of more
than 16 groups.
* Do not forward the controlling terminal to commands executed with -c.
This prevents tty hijacking which could lead to execution with the
caller's privileges.
* Close PAM sessions as root. This will be more friendly to PAM modules
like pam_mount or pam_systemd.
* Added support for PAM modules which change PAM_USER.
*** translation
* Updated Brazilian Portuguese translation.
* Updated Catalan translation.
* Updated Czech translation.
* Updated Danish translation.
* New Danish man pages translation.
* Updated French translation.
* Updated French man pages translation.
* Updated German translation.
* Updated German man pages translation.
* Updated Greek translation.
* Updated Italian man pages translation.
* Updated Japanese translation.
* Updated Kazakh translation.
* Updated Norwegian Bokmål translation.
* Updated Portuguese translation.
* Updated Russian translation.
* Updated Simplified Chinese translation.
* Updated Simplified Chinese man pages translation.
* Updated Swedish translation.
* Updated Vietnamese translation.
shadow-4.1.4.2 -> shadow-4.1.4.3 2011-02-15
*** security
- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
to create users or groups in a NIS environment.
shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24
shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24
- general
* Improved support for large groups (impacts most user/group management
@@ -511,7 +310,7 @@ shadow-4.1.0 -> shadow-4.1.1 02-04-2008
faillog faster.
- gpasswd
* Fix failures when the gshadow file is not present.
* When a password is moved to the gshadow file, use "x" instead of "!"
* When a password is moved to the gshadow file, use "x" instead of "x"
to indicate that the password is shadowed (consistency with grpconv).
* Make sure the group and gshadow files are unlocked on exit.
- groupadd
+1 -5
View File
@@ -37,7 +37,7 @@ S/Key support:
Authors and contributors
========================
Thanks to at least the following people for sending patches, bug
Thanks to at least the following people for sending me patches, bug
reports and various comments. This list may be incomplete, I received
a lot of mail...
@@ -69,7 +69,6 @@ Greg Mortensen <loki@world.std.com>
Guido van Rooij
Guy Maor <maor@debian.org>
Hrvoje Dogan <hdogan@bjesomar.srce.hr>
Jakub Hrozek <jhrozek@redhat.com>
Janos Farkas <chexum@bankinf.banki.hu>
Jay Soffian <jay@lw.net>
Jesse Thilo <Jesse.Thilo@pobox.com>
@@ -81,7 +80,6 @@ Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
Judd Bourgeois <shagboy@bluesky.net>
Juergen Heinzl <unicorn@noris.net>
Juha Virtanen <jiivee@iki.fi>
Julian Pidancet <julian.pidancet@gmail.com>
Julianne Frances Haugh <jockgrrl@ix.netcom.com>
Leonard N. Zubkoff <lnz@dandelion.com>
Luca Berra <bluca@www.polimi.it>
@@ -97,12 +95,10 @@ Mike Pakovic <mpakovic@users.southeast.net>
Nicolas François <nicolas.francois@centraliens.net>
Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
Pavel Machek <pavel@bug.ucw.cz>
Peter Vrabec <pvrabec@redhat.com>
Phillip Street
Rafał Maszkowski <rzm@icm.edu.pl>
Rani Chouha <ranibey@smartec.com>
Sami Kerola <kerolasa@rocketmail.com>
Scott Garman <scott.a.garman@intel.com>
Sebastian Rick Rijkers <srrijkers@gmail.com>
Seraphim Mellos <mellos@ceid.upatras.gr>
Shane Watts <shane@nexus.mlckew.edu.au>
+1 -14
View File
@@ -1,10 +1,3 @@
* Create a common usage function that'd take the array of
long options and an array of descriptions and output that so things would
be standardized across the utils.
Usage strings should be normalized and split first.
Investigate optparse.
/etc/default/useradd
* GROUP=1000 should accept a group name.
@@ -115,13 +108,7 @@ ALL:
entry (with a password).
- Add check to move passwd passwords to shadow if there is a shadow
file.
- Support an alternative /etc/tcb directory as second parameter.
- add options -g / -G to specify alternative group / gshadow files
- su
- add a login.defs configuration parameter to add variables to keep in
the environment with "su -l" (TERM/TERMCOLOR/...)
- vipw
- set ACLs and XATTRs on the temporary file (and backups?)
- vipw + selinux -> use lib/selinux.c
the environment with "su -l" (TERM/TERMCOLOR/...
-2
View File
@@ -1,7 +1,5 @@
#! /bin/sh
autoreconf -v -f --install || exit 1
./configure \
CFLAGS="-O2 -Wall" \
--enable-man \
+15 -146
View File
@@ -1,6 +1,6 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT
AM_INIT_AUTOMAKE(shadow, 4.4)
AM_INIT_AUTOMAKE(shadow, 4.1.4.2)
AC_CONFIG_HEADERS([config.h])
dnl Some hacks...
@@ -19,6 +19,7 @@ AC_PROG_CC
AC_ISC_POSIX
AC_PROG_LN_S
AC_PROG_YACC
AM_C_PROTOTYPES
AM_PROG_LIBTOOL
dnl Checks for libraries.
@@ -32,8 +33,7 @@ AC_HEADER_STDBOOL
AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
attr/error_context.h)
locale.h rpc/key_prot.h netdb.h)
dnl shadow now uses the libc's shadow implementation
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
@@ -41,8 +41,7 @@ AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
AC_CHECK_FUNCS(l64a fchmod fchown fsync futimes getgroups gethostname getspnam \
gettimeofday getusershell getutent initgroups lchown lckpwdf lstat \
lutimes memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo \
ruserok)
getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo)
AC_SYS_LARGEFILE
dnl Checks for typedefs, structures, and compiler characteristics.
@@ -113,6 +112,7 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
AC_CHECK_FUNC(setpgrp)
AC_FUNC_SETPGRP
if test "$ac_cv_header_shadow_h" = "yes"; then
AC_CACHE_CHECK(for working shadow group support,
@@ -195,10 +195,8 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
dnl XXX - quick hack, should disappear before anyone notices :).
AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
if test "$ac_cv_func_ruserok" = "yes"; then
AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
fi
AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
AC_ARG_ENABLE(shadowgrp,
[AC_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
@@ -240,13 +238,6 @@ AC_ARG_ENABLE(utmpx,
[enable_utmpx="no"]
)
AC_ARG_ENABLE(subordinate-ids,
[AC_HELP_STRING([--enable-subordinate-ids],
[support subordinate ids @<:@default=yes@:>@])],
[enable_subids="${enableval}"],
[enable_subids="maybe"]
)
AC_ARG_WITH(audit,
[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
[with_audit=$withval], [with_audit=maybe])
@@ -256,20 +247,11 @@ AC_ARG_WITH(libpam,
AC_ARG_WITH(selinux,
[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
[with_selinux=$withval], [with_selinux=maybe])
AC_ARG_WITH(acl,
[AC_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
[with_acl=$withval], [with_acl=maybe])
AC_ARG_WITH(attr,
[AC_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
[with_attr=$withval], [with_attr=maybe])
AC_ARG_WITH(skey,
[AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
[with_skey=$withval], [with_skey=no])
AC_ARG_WITH(tcb,
[AC_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
[with_tcb=$withval], [with_tcb=maybe])
AC_ARG_WITH(libcrack,
[AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
[AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=yes if found and if PAM not enabled@:>@])],
[with_libcrack=$withval], [with_libcrack=no])
AC_ARG_WITH(sha-crypt,
[AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
@@ -331,81 +313,10 @@ if test "$enable_man" = "yes"; then
fi
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test "x$enable_man" != "xno")
if test "$enable_subids" != "no"; then
dnl
dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
dnl
AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
enable_subids="yes"
else
if test "x$enable_subids" = "xyes"; then
AC_MSG_ERROR([Cannot enable support the subordinate IDs on systems where gid_t or uid_t has less than 32 bits])
fi
enable_subids="no"
fi
fi
AM_CONDITIONAL(ENABLE_SUBIDS, test "x$enable_subids" != "xno")
AC_SUBST(LIBCRYPT)
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
[AC_MSG_ERROR([crypt() not found])])
AC_SUBST(LIBACL)
if test "$with_acl" != "no"; then
AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
if test "$acl_header$with_acl" = "noyes" ; then
AC_MSG_ERROR([acl/libacl.h or attr/error_context.h is missing])
elif test "$acl_header" = "yes" ; then
AC_CHECK_LIB(acl, perm_copy_file,
[AC_CHECK_LIB(acl, perm_copy_fd,
[acl_lib="yes"],
[acl_lib="no"])],
[acl_lib="no"])
if test "$acl_lib$with_acl" = "noyes" ; then
AC_MSG_ERROR([libacl not found])
elif test "$acl_lib" = "no" ; then
with_acl="no"
else
AC_DEFINE(WITH_ACL, 1,
[Build shadow with ACL support])
LIBACL="-lacl"
with_acl="yes"
fi
else
with_acl="no"
fi
fi
AC_SUBST(LIBATTR)
if test "$with_attr" != "no"; then
AC_CHECK_HEADERS(attr/libattr.h attr/error_context.h, [attr_header="yes"], [attr_header="no"])
if test "$attr_header$with_attr" = "noyes" ; then
AC_MSG_ERROR([attr/libattr.h or attr/error_context.h is missing])
elif test "$attr_header" = "yes" ; then
AC_CHECK_LIB(attr, attr_copy_file,
[AC_CHECK_LIB(attr, attr_copy_fd,
[attr_lib="yes"],
[attr_lib="no"])],
[attr_lib="no"])
if test "$attr_lib$with_attr" = "noyes" ; then
AC_MSG_ERROR([libattr not found])
elif test "$attr_lib" = "no" ; then
with_attr="no"
else
AC_DEFINE(WITH_ATTR, 1,
[Build shadow with Extended Attributes support])
LIBATTR="-lattr"
with_attr="yes"
fi
else
with_attr="no"
fi
fi
AC_SUBST(LIBAUDIT)
if test "$with_audit" != "no"; then
AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
@@ -450,65 +361,28 @@ if test "$with_libcrack" = "yes"; then
fi
AC_SUBST(LIBSELINUX)
AC_SUBST(LIBSEMANAGE)
if test "$with_selinux" != "no"; then
AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
if test "$selinux_header$with_selinux" = "noyes" ; then
AC_MSG_ERROR([selinux/selinux.h is missing])
fi
AC_CHECK_HEADERS(semanage/semanage.h, [semanage_header="yes"], [semanage_header="no"])
if test "$semanage_header$with_selinux" = "noyes" ; then
AC_MSG_ERROR([semanage/semanage.h is missing])
fi
if test "$selinux_header$semanage_header" = "yesyes" ; then
AC_CHECK_LIB(selinux, is_selinux_enabled, [selinux_lib="yes"], [selinux_lib="no"])
elif test "$selinux_header" = "yes" ; then
AC_CHECK_LIB(selinux, is_selinux_enabled,
[selinux_lib="yes"], [selinux_lib="no"])
if test "$selinux_lib$with_selinux" = "noyes" ; then
AC_MSG_ERROR([libselinux not found])
fi
AC_CHECK_LIB(semanage, semanage_connect, [semanage_lib="yes"], [semanage_lib="no"])
if test "$semanage_lib$with_selinux" = "noyes" ; then
AC_MSG_ERROR([libsemanage not found])
fi
if test "$selinux_lib$semanage_lib" == "yesyes" ; then
elif test "$selinux_lib" = "no" ; then
with_selinux="no"
else
AC_DEFINE(WITH_SELINUX, 1,
[Build shadow with SELinux support])
LIBSELINUX="-lselinux"
LIBSEMANAGE="-lsemanage"
with_selinux="yes"
else
with_selinux="no"
fi
else
with_selinux="no"
fi
fi
AC_SUBST(LIBTCB)
if test "$with_tcb" != "no"; then
AC_CHECK_HEADERS(tcb.h, [tcb_header="yes"], [tcb_header="no"])
if test "$tcb_header$with_tcb" = "noyes" ; then
AC_MSG_ERROR([tcb.h is missing])
elif test "$tcb_header" = "yes" ; then
AC_CHECK_LIB(tcb, tcb_is_suspect, [tcb_lib="yes"], [tcb_lib="no"])
if test "$tcb_lib$with_tcb" = "noyes" ; then
AC_MSG_ERROR([libtcb not found])
elif test "$tcb_lib" = "no" ; then
with_tcb="no"
else
AC_DEFINE(WITH_TCB, 1, [Build shadow with tcb support (incomplete)])
LIBTCB="-ltcb"
with_tcb="yes"
fi
else
with_tcb="no"
fi
fi
AM_CONDITIONAL(WITH_TCB, test x$with_tcb = xyes)
AC_SUBST(LIBPAM)
if test "$with_libpam" != "no"; then
AC_CHECK_LIB(pam, pam_start,
@@ -629,9 +503,8 @@ AC_CONFIG_FILES([
doc/Makefile
man/Makefile
man/config.xml
man/po/Makefile
man/po/Makefile.in
man/cs/Makefile
man/da/Makefile
man/de/Makefile
man/es/Makefile
man/fi/Makefile
@@ -668,12 +541,8 @@ if test "$with_libpam" = "yes"; then
echo " suid account management tools: $enable_acct_tools_setuid"
fi
echo " SELinux support: $with_selinux"
echo " ACL support: $with_acl"
echo " Extended Attributes support: $with_attr"
echo " tcb support (incomplete): $with_tcb"
echo " shadow group support: $enable_shadowgrp"
echo " S/Key support: $with_skey"
echo " SHA passwords encryption: $with_sha_crypt"
echo " nscd support: $with_nscd"
echo " subordinate IDs support: $enable_subids"
echo
-16
View File
@@ -1,16 +0,0 @@
PKG=shadow
SITE=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
deb:: check_cheese
include /usr/share/quilt/quilt.debbuild.mk
check_cheese:
@dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
echo ""; \
echo " ** **"; \
echo " ** Warning: not a cheesy release! **"; \
echo " ** **"; \
echo ""; \
exit 1; \
}
Vendored
-36
View File
@@ -1,36 +0,0 @@
shadow (1:4.0.15-5) unstable; urgency=low
* commands passed in argument to su must use su's -c option and must quote
the command if it contains a space, as in:
su - root -c "ls -l /"
The following commands won't work anymore:
su - root -c ls -l /
su - root "ls -l /"
su - root ls -l /
-- Christian Perrier <bubulle@debian.org> Sat, 8 Apr 2006 20:11:38 +0200
shadow (1:4.0.14-1) unstable; urgency=low
* passwd does not support the -f, -s, and -g options anymore. You should use
the chfn, chsh and gpasswd utilities instead.
* login now distributes the nologin utility, which can be used as a shell
to politely refuse a login
-- Christian Perrier <bubulle@debian.org> Thu, 5 Jan 2006 08:47:44 +0100
shadow (1:4.0.12-1) unstable; urgency=low
CLOSE_SESSIONS and other variables are not used anymore in
/etc/login/defs.
As shadow utilities which use this file now warn about unknown
entries there, administrators should remove such unknown entries.
The supplied login.defs file does not include them anymore.
dpasswd is no more distributed by upstream. Login do not support
dialup password anymore. Re-introducing this functionality in
upstream is not trivial.
-- Christian Perrier <bubulle@debian.org> Thu, 25 Aug 2005 08:38:47 +0200
-62
View File
@@ -1,62 +0,0 @@
Read this file first for a brief overview of the new versions of login
and passwd.
---Shadow passwords
The command `shadowconfig on' will turn on shadow password support.
`shadowconfig off' will turn it back off. If you turn on shadow
password support, you'll gain the ability to set password ages and
expirations with chage(1).
NOTE: If you use the nscd package, you may have problems with a
slight delay in updating the password information. You may notice
this during upgrades of certain packages that try to add a system
user and then access the users information immediately afterwards.
To avoid this, it is suggested that you stop the nscd daemon before
upgrades, then restart it again.
---General configuration
Most of the configuration for the shadow utilities is in
/etc/login.defs. See login.defs(5). The defaults are quite
reasonable.
Also see the /etc/pam.d/* files for each program to configure the PAM
support. PAM documentation is available in several formats in the
libpam-doc package.
---MD5 Encryption
This is enabled now using the /etc/pam.d/* files. Examples are given.
---Adding users and groups
Though you may add users and groups with the SysV type commands,
useradd and groupadd, I recommend you add them with Debian adduser
version 3+. adduser gives you more configuration and conforms to the
Debian UID and GID allocation.
Editing user and group parameters can be done with usermod and
groupmod. Removing users and groups can be done with userdel and
groupdel.
--- Group administration
Local group allocation is much easier. With gpasswd(1) you can
designate users to administer groups. They can then securely add or
remove users from the group.
--- What to read next?
Read the manpages, the other files in this directory, and the Shadow
Password HOWTO (included in the doc-linux package). A large portion
of these files deals with getting shadow installed. You can, of
course, ignore those parts.
Also, the libpam-doc package will go a long way to allowing you to take
full advantage of the PAM authentication scheme.
-17
View File
@@ -1,17 +0,0 @@
This package uses quilt to patch the upstream source.
You can find some info on how to generate the patched source, add a new
modification, and remove an existing modification on:
/usr/share/doc/quilt/README.source
================================================================================
To package a new upstream release, you can use the Makefile:
svn://svn.debian.org/svn/pkg-shadow/debian/trunk/Makefile
================================================================================
A testsuite is also available. Instruction on how to run this testsuite
are available on:
svn://svn.debian.org/svn/pkg-shadow/debian/trunk/tests/README
Vendored
-19
View File
@@ -1,19 +0,0 @@
Things that should be done:
* Verify the files left in debian/tmp
+ e.g. /etc/default/adduser should be installed
* Check the build system: rebuilding the package twoce in the same tree
doubles the size of the diff.gz file
Other points (not related to the release of a syncronized shadow):
* compare the source with the usages and man pages
+ probably add a sentence to chsh/chfn's manpages about authentication
required for ordinary users
* do something (a tool) for the variables in login.defs
In Debian, some tools are not compiled with the PAM support, so upstream
getdef.c won't be OK.
It should be nice to see in each man page the set of variables used.
The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug')
with the debugging informations. This may be used to extract the set of
variables used in Debian/for each tools.
* verify all the patches around (I've found patches for at least RedHat,
OWL, LFS, Mandriva, Gentoo; are they already applied?)
-25
View File
@@ -1,25 +0,0 @@
This described the usertags used by the team.
For usertags documentation, see
http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html
All bugs tagged by team members must be tagged with
"user pkg-shadow-devel@lists.alioth.debian.org"
Tags list
---------
toclose: This bug has been announced to be closed in case no more news
or information is received from the bug submitter or someone
else until the delay specified in the limits_YYYYMMDD tag
limits-YYYYMMDD: combine it with "toclose". Specifies the date after which
bugs can be closed without other action in case no news
is received
manpages-replace A bug reported angainst a manpages-xx package to indicate
conflicting man pages. This tag can be used to tune the
Replaces fields.
su-transition: This bug is related to the su transition (#276419)
-3828
View File
File diff suppressed because it is too large Load Diff
-1
View File
@@ -1 +0,0 @@
10
-77
View File
@@ -1,77 +0,0 @@
Source: shadow
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Uploaders: Christian Perrier <bubulle@debian.org>,
Balint Reczey <balint@balintreczey.hu>,
Serge Hallyn <serge@hallyn.com>
Section: admin
Priority: required
Build-Depends: dh-autoreconf,
gettext,
libpam0g-dev,
debhelper (>= 10~),
quilt,
xsltproc,
docbook-xsl,
docbook-xml,
libxml2-utils,
cdbs,
libselinux1-dev [linux-any],
libsemanage1-dev [linux-any],
gnome-doc-utils,
bison,
libaudit-dev [linux-any]
Standards-Version: 3.9.5
Vcs-Browser: https://anonscm.debian.org/git/pkg-shadow/shadow.git
Vcs-Git: https://anonscm.debian.org/git/pkg-shadow/shadow.git
Homepage: https://github.com/shadow-maint/shadow
Package: passwd
Architecture: any
Multi-Arch: foreign
Depends: ${shlibs:Depends},
${misc:Depends},
libpam-modules
Replaces: manpages-tr (<< 1.0.5),
manpages-zh (<< 1.5.1-1)
Description: change and administer password and group data
This package includes passwd, chsh, chfn, and many other programs to
maintain password and group data.
.
Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian
Package: login
Architecture: any
Essential: yes
Pre-Depends: ${shlibs:Depends},
${misc:Depends},
libpam-runtime,
libpam-modules (>= 1.1.8-1)
Breaks: coreutils (<< 8.21~) [hurd-any],
passwd (<< 1:4.1.5.1-2~) [hurd-any],
hurd (<< 20140206~) [hurd-any]
Conflicts: gnunet (<< 0.7.0c-2),
amavisd-new (<< 2.3.3-8),
python-4suite (<< 0.99cvs20060405-1),
backupninja (<< 0.9.3-5),
echolot (<< 2.1.8-4)
Replaces: manpages-de (<< 0.5-3),
manpages-tr (<< 1.0.5),
manpages-zh (<< 1.5.1-1),
passwd (<< 1:4.1.5.1-2~) [hurd-any],
coreutils (<< 8.21~) [hurd-any],
hurd (<< 20140206~) [hurd-any]
Description: system login tools
These tools are required to be able to login and use your system. The
login program invokes your user shell and enables command execution. The
newgrp program is used to change your effective group ID (useful for
workgroup type situations). The su program allows changing your effective
user ID (useful being able to execute commands as another user).
Package: uidmap
Architecture: any
Priority: optional
Depends: ${shlibs:Depends},
${misc:Depends}
Description: programs to help use subuids
These programs help unprivileged users to create uid and gid mappings in
user namespaces.
-103
View File
@@ -1,103 +0,0 @@
This is Debian GNU/Linux's prepackaged version of the shadow utilities.
It was downloaded from: <ftp://ftp.pld.org.pl/software/shadow/>.
As of May 2007, this site is no longer available.
Copyright:
Parts of this software are copyright 1988 - 1994, Julianne Frances Haugh.
All rights reserved.
Parts of this software are copyright 1997 - 2001, Marek Michałkiewicz.
All rights reserved.
Parts of this software are copyright 2001 - 2004, Andrzej Krzysztofowicz
All rights reserved.
Parts of this software are copyright 2000 - 2007, Tomasz Kłoczko.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of Julianne F. Haugh nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
This source code is currently archived on ftp.uu.net in the
comp.sources.misc portion of the USENET archives. You may also contact
the author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have
any questions regarding this package.
THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL
LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE
FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO
OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS
ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
LOSS OF INFORMATION OR MACHINE RESOURCES.
Special thanks are due to Chip Rosenthal for his fine testing efforts;
to Steve Simmons for his work in porting this code to BSD; and to Bill
Kennedy for his contributions of LaserJet printer time and energies.
Also, thanks for Dennis L. Mumaugh for the initial shadow password
information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
V Release 4 changes. Effort in porting to SunOS has been contributed
by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release
4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).
Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
for taking over the Linux port of this software.
Source files: login_access.c, login_desrpc.c, login_krb.c are derived
from the logdaemon-5.0 package, which is under the following license:
/************************************************************************
* Copyright 1995 by Wietse Venema. All rights reserved. Individual files
* may be covered by other copyrights (as noted in the file itself.)
*
* This material was originally written and compiled by Wietse Venema at
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
* 1992, 1993, 1994 and 1995.
*
* Redistribution and use in source and binary forms are permitted
* provided that this entire copyright notice is duplicated in all such
* copies.
*
* This software is provided "as is" and without any expressed or implied
* warranties, including, without limitation, the implied warranties of
* merchantibility and fitness for any particular purpose.
************************************************************************/
Some parts substantially in src/su.c derived from an ancestor of
su for GNU. Run a shell with substitute user and group IDs.
Copyright (C) 1992-2003 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
On Debian GNU/Linux systems, the complete text of the GNU General Public
License can be found in '/usr/share/common-licenses/GPL-2'
-1
View File
@@ -1 +0,0 @@
.so man8/cppw.8
-27
View File
@@ -1,27 +0,0 @@
.TH CPPW 8 "7 Apr 2005"
.SH NAME
cppw, cpgr \- copy with locking the given file to the password or group file
.SH SYNOPSIS
\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file
.br
\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file
.SH DESCRIPTION
.BR cppw " and " cpgr
will copy, with locking, the given file to
.IR /etc/passwd " and " /etc/group ", respectively."
With the \fB\-s\fR flag, they will copy the shadow versions of those files,
.IR /etc/shadow " and " /etc/gshadow ", respectively."
With the \fB\-h\fR flag, the commands display a short help message and exit
silently.
.SH "SEE ALSO"
.BR vipw (8),
.BR vigr (8),
.BR group (5),
.BR passwd (5),
.BR shadow (5),
.BR gshadow (5)
.SH AUTHOR
\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on
\fBvipw\fR and \fBvigr\fR written by Guy Maor.
-94
View File
@@ -1,94 +0,0 @@
Build-Depends:
==============
* autoconf
* automake1.9
works with 1.7 or 1.9 (at least)
* libtool
* gettext
POT, PO, GMO regenerated?
* libpam0g-dev
OK
* debhelper (>= 4.1.16)
* po-debconf
OK
* quilt
patch system
* dpkg-dev (>= 1.13.5)
* xsltproc
used to generate the manpages
* docbook-xsl
needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
* docbook-xml
manpages/docbook.xsl includes html/docbook.xsl
(But it is not strictly needed. The generated manpages are identical.
Without it, a warning is generated.)
Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no)
* libxml2-utils
needed by the JH_CHECK_XML_CATALOG macros
* cdbs
used in debian/rules
* libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
* gnome-doc-utils (>= 0.4.3-1)
xml2po, 0.4.3-1 needed for the -l switch.
passwd Depends:
===============
* ${shlibs:Depends}
OK
* ${loginpam}
- hurd
login
libpam-modules (>= 0.72-5)
- other archs
+ login (>= 970502-1)
login is needed because some passwd utils need /etc/login.defs
login is Essential, so this is just to enforce the version
+ libpam-modules (>= 0.72-5)
* debianutils (>= 2.15.2)
After 1:4.0.12-6, {add,remove}-shell are distributed in debianutils (2.15)
/etc/shell was forgotten and introduced in debianutils in 2.15.2
passwd Conflicts:
=================
passwd Replaces:
================
Some of the passwd man pages are also distributed in some manpages* packages.
Look at the debian/02/run test to optimize these dependencies.
NOTE: Not all maintainers have been notified.
* manpages-de (<< 0.4-9), manpages-fi (<< 0.2-4), manpages-fr (<<1.64.0-1), manpages-hu (<< 20010119-5), manpages-it (<< 0.3.4-3), manpages-ja (<< 0.5.0.0.20050915-1), manpages-ko (<< 20050219-2), manpages-es (<< 1.55-4), manpages-es-extra (<< 0.8a-15), manpages-ru (<< 0.98-3)
All those packages have been updated during sarge->etch. So these Replaces
should be removed after lenny release
* manpages-tr, manpages-zh
Those packages are still in etch, so the Replaces should be kept even
after lenny release
login Pre-Depends:
==================
* ${shlibs:Depends}
* libpam-runtime (>= 0.76-14)
sarge contained 0.76-22
Why Pre-Depends? (because it's an essential package?)
login Depends:
==============
* libpam-modules (>= 0.72-5)
libpam-modules is needed.
potato contained 0.72-9
login Conflicts:
================
login Replaces:
===============
* Some of the login man pages are also distributed in some manpages* packages.
Look at the debian/02/run test to optimize these dependencies.
NOTE: Not all maintainers have been notified.
- manpages-fi, manpages-fr (<<1.64.0-1), manpages-hu, manpages-it, manpages-ko, manpages-ja (<< 0.5.0.0.20050915-1), manpages-de (<< 0.4-10), manpages-es-extra (<<0.8a-15)
Those are packages that have been updated during sarge->etch. These
Replaces should be removed after lenny
- manpages-tr, manpages-zh
Those packages are still in etch, so the Replaces should be kept even
after lenny release
-340
View File
@@ -1,340 +0,0 @@
#
# /etc/login.defs - Configuration control definitions for the login package.
#
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
# If unspecified, some arbitrary (and possibly incorrect) value will
# be assumed. All other items are optional - if not specified then
# the described action or option will be inhibited.
#
# Comment lines (lines beginning with "#") and blank lines are ignored.
#
# Modified for Linux. --marekm
# REQUIRED for useradd/userdel/usermod
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
# MAIL_DIR takes precedence.
#
# Essentially:
# - MAIL_DIR defines the location of users mail spool files
# (for mbox use) by appending the username to MAIL_DIR as defined
# below.
# - MAIL_FILE defines the location of the users mail spool files as the
# fully-qualified filename obtained by prepending the user home
# directory before $MAIL_FILE
#
# NOTE: This is no more used for setting up users MAIL environment variable
# which is, starting from shadow 4.0.12-1 in Debian, entirely the
# job of the pam_mail PAM modules
# See default PAM configuration files provided for
# login, su, etc.
#
# This is a temporary situation: setting these variables will soon
# move to /etc/default/useradd and the variables will then be
# no more supported
MAIL_DIR /var/mail
#MAIL_FILE .mail
#
# Enable logging and display of /var/log/faillog login failure info.
# This option conflicts with the pam_tally PAM module.
#
FAILLOG_ENAB yes
#
# Enable display of unknown usernames when login failures are recorded.
#
# WARNING: Unknown usernames may become world readable.
# See #290803 and #298773 for details about how this could become a security
# concern
LOG_UNKFAIL_ENAB no
#
# Enable logging of successful logins
#
LOG_OK_LOGINS no
#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
#
# If defined, all su activity is logged to this file.
#
#SULOG_FILE /var/log/sulog
#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01".
#
#TTYTYPE_FILE /etc/ttytype
#
# If defined, login failures will be logged here in a utmp format
# last, when invoked as lastb, will read /var/log/btmp, so...
#
FTMP_FILE /var/log/btmp
#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
SU_NAME su
#
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
#
# Terminal permissions
#
# TTYGROUP Login tty will be assigned this group ownership.
# TTYPERM Login tty will be set to this permission.
#
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
# In Debian /usr/bin/bsd-write or similar programs are setgid tty
# However, the default and recommended value for TTYPERM is still 0600
# to not allow anyone to write to anyone else console or terminal
# Users can still allow other people to write them by issuing
# the "mesg y" command.
TTYGROUP tty
TTYPERM 0600
#
# Login configuration initializations:
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
# UMASK Default "umask" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
#
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
# for private user groups, i. e. the uid is the same as gid, and username is
# the same as the primary group name: for these, the user permissions will be
# used as group permissions, e. g. 022 will become 002.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
UMASK 022
#
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
#SYS_UID_MIN 100
#SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
#SYS_GID_MIN 100
#SYS_GID_MAX 999
#
# Max number of login retries if password is bad. This will most likely be
# overriden by PAM, since the default pam_unix module has it's own built
# in of 3 retries. However, this is a safe fallback in case you are using
# an authentication module that does not enforce PAM_MAXTRIES.
#
LOGIN_RETRIES 5
#
# Max time in seconds for login
#
LOGIN_TIMEOUT 60
#
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
#
CHFN_RESTRICT rwh
#
# Should login be allowed if we can't cd to the home directory?
# Default in no.
#
DEFAULT_HOME yes
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#
# If set to yes, userdel will remove the user's group if it contains no
# more members, and useradd will create by default a group with the name
# of the user.
#
# Other former uses of this variable such as setting the umask when
# user==primary group are not used in PAM environments, such as Debian
#
USERGROUPS_ENAB yes
#
# Instead of the real user shell, the program specified by this parameter
# will be launched, although its visible name (argv[0]) will be the shell's.
# The program may do whatever it wants (logging, additional authentification,
# banner, ...) before running the actual shell.
#
# FAKE_SHELL /bin/fakeshell
#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names. Root logins will be allowed only
# upon these devices.
#
# This variable is used by login and su.
#
#CONSOLE /etc/consoles
#CONSOLE console:tty01:tty02:tty03:tty04
#
# List of groups to add to the user's supplementary group set
# when logging in on the console (as determined by the CONSOLE
# setting). Default is none.
#
# Use with caution - it is possible for users to gain permanent
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
# This variable is used by login and su.
#
#CONSOLE_GROUPS floppy:audio:cdrom
#
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm. Default is "no".
#
# This variable is deprecated. You should use ENCRYPT_METHOD.
#
#MD5_CRYPT_ENAB no
#
# If set to MD5 , MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
# Overrides the MD5_CRYPT_ENAB option
#
# Note: It is recommended to use a value consistent with
# the PAM modules configuration.
#
ENCRYPT_METHOD SHA512
#
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
#
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
# SHA_CRYPT_MIN_ROUNDS 5000
# SHA_CRYPT_MAX_ROUNDS 5000
################# OBSOLETED BY PAM ##############
# #
# These options are now handled by PAM. Please #
# edit the appropriate file in /etc/pam.d/ to #
# enable the equivelants of them.
#
###############
#MOTD_FILE
#DIALUPS_CHECK_ENAB
#LASTLOG_ENAB
#MAIL_CHECK_ENAB
#OBSCURE_CHECKS_ENAB
#PORTTIME_CHECKS_ENAB
#SU_WHEEL_ONLY
#CRACKLIB_DICTPATH
#PASS_CHANGE_TRIES
#PASS_ALWAYS_WARN
#ENVIRON_FILE
#NOLOGINS_FILE
#ISSUE_FILE
#PASS_MIN_LEN
#PASS_MAX_LEN
#ULIMIT
#ENV_HZ
#CHFN_AUTH
#CHSH_AUTH
#FAIL_DELAY
################# OBSOLETED #######################
# #
# These options are no more handled by shadow. #
# #
# Shadow utilities will display a warning if they #
# still appear. #
# #
###################################################
# CLOSE_SESSIONS
# LOGIN_STRING
# NO_PASSWORD_CONSOLE
# QMAIL_DIR
-1
View File
@@ -1 +0,0 @@
usr/share/lintian/overrides
-25
View File
@@ -1,25 +0,0 @@
usr/share/locale/*/LC_MESSAGES/shadow.mo
usr/share/man/*/man1/login.1
usr/share/man/*/man1/newgrp.1
usr/share/man/*/man1/sg.1
usr/share/man/*/man1/su.1
usr/share/man/*/man5/faillog.5
usr/share/man/*/man5/login.defs.5
usr/share/man/*/man8/faillog.8
usr/share/man/*/man8/lastlog.8
usr/share/man/*/man8/nologin.8
usr/share/man/man1/login.1
usr/share/man/man1/newgrp.1
usr/share/man/man1/sg.1
usr/share/man/man1/su.1
usr/share/man/man5/faillog.5
usr/share/man/man5/login.defs.5
usr/share/man/man8/faillog.8
usr/share/man/man8/lastlog.8
usr/share/man/man8/nologin.8
usr/sbin/nologin
usr/bin/faillog
usr/bin/lastlog
usr/bin/newgrp
bin/login
bin/su
-1
View File
@@ -1 +0,0 @@
usr/bin/newgrp usr/bin/sg
-3
View File
@@ -1,3 +0,0 @@
login: setuid-binary usr/bin/newgrp 4755 root/root
login: setuid-binary bin/su 4755 root/root
login: possible-missing-colon-in-closes l667:closes bug 336321
-116
View File
@@ -1,116 +0,0 @@
#
# The PAM configuration file for the Shadow `login' service
#
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
#
# With the default control of this module:
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
# root will not be prompted for a password on insecure lines.
# if an invalid username is entered, a password is prompted (but login
# will eventually be rejected)
#
# You can change it to a "requisite" module if you think root may mis-type
# her login and should not be prompted for a password in that case. But
# this will leave the system as vulnerable to user enumeration attacks.
#
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root on insecure lines), but root passwords may be
# communicated over insecure lines.
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# Sets the loginuid process attribute
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restraint on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# Prints the last login info upon successful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the message of the day upon successful login.
# (Replaces the `MOTD_FILE' option in login.defs)
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
# Prints the status of the user's mailbox upon successful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session optional pam_mail.so standard
# Create a new session keyring.
session optional pam_keyinit.so force revoke
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
-56
View File
@@ -1,56 +0,0 @@
#!/bin/sh
set -e
if test "$1" = configure
then
if test -f /etc/init.d/logoutd
then
if test "$(md5sum /etc/init.d/logoutd)" = "9080f92783dd53f6f2108e698c06bd53 /etc/init.d/logoutd"
then
echo "removing logoutd cruft"
rm /etc/init.d/logoutd
update-rc.d logoutd remove
fi
fi
fi
rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null
if [ "$1" = "configure" ]; then
# Install faillog during initial installs only
if [ "$2" = "" ] && [ ! -f /var/log/faillog ] ; then
touch /var/log/faillog
chown root:root /var/log/faillog
chmod 644 /var/log/faillog
fi
# Create subuid/subgid if missing
if [ ! -e /etc/subuid ]; then
touch /etc/subuid
chown root:root /etc/subuid
chmod 644 /etc/subuid
fi
if [ ! -e /etc/subgid ]; then
touch /etc/subgid
chown root:root /etc/subgid
chmod 644 /etc/subgid
fi
fi
# Create subuid/subgid if missing
if [ ! -e /etc/subuid ]; then
touch /etc/subuid
chown root:root /etc/subuid
chmod 644 /etc/subuid
fi
if [ ! -e /etc/subgid ]; then
touch /etc/subgid
chown root:root /etc/subgid
chmod 644 /etc/subgid
fi
#DEBHELPER#
exit 0
-52
View File
@@ -1,52 +0,0 @@
#! /bin/sh
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <new-preinst> `install'
# * <new-preinst> `install' <old-version>
# * <new-preinst> `upgrade' <old-version>
# * <old-preinst> `abort-upgrade' <new-version>
#
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
remove_md5() {
if md5sum $1 2>/dev/null |grep -q $2; then
cp $1 $1.pre-upgrade
sed -e '/^[^#][ \t]*assword[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
&& mv $1.post-upgrade $1
fi
}
case "$1" in
install|upgrade)
if [ "x$2" != "x" ] ; then
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
remove_md5 /etc/pam.d/login 5e61c3334e25625fe1fa4d79cf9123ff
fi
fi
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
-61
View File
@@ -1,61 +0,0 @@
#
# The PAM configuration file for the Shadow `su' service
#
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth required pam_wheel.so
# Uncomment this if you want wheel members to be able to
# su without a password.
# auth sufficient pam_wheel.so trust
# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth required pam_wheel.so deny group=nosu
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
#
# "nopen" stands to avoid reporting new mail when su'ing to another user
session optional pam_mail.so nopen
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'chage' service
#
# This allows root to change password aging being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-16
View File
@@ -1,16 +0,0 @@
#
# The PAM configuration file for the Shadow `chfn' service
#
# This allows root to change user infomation without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session
-5
View File
@@ -1,5 +0,0 @@
# The PAM configuration file for the Shadow 'chpasswd' service
#
@include common-password
-20
View File
@@ -1,20 +0,0 @@
#
# The PAM configuration file for the Shadow `chsh' service
#
# This will not allow a user to change their shell unless
# their current one is listed in /etc/shells. This keeps
# accounts with special shells from changing them.
auth required pam_shells.so
# This allows root to change user shell without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session
-9
View File
@@ -1,9 +0,0 @@
#!/bin/sh
cd /var/backups || exit 0
for FILE in passwd group shadow gshadow; do
test -f /etc/$FILE || continue
cmp -s $FILE.bak /etc/$FILE && continue
cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak
done
-2
View File
@@ -1,2 +0,0 @@
usr/share/lintian/overrides
etc/default
-1
View File
@@ -1 +0,0 @@
debian/passwd.expire.cron
-57
View File
@@ -1,57 +0,0 @@
#!/usr/bin/perl
#
# passwd.expire.cron: sample expiry notification script for use as a cronjob
#
# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted
# for use, distribution, modification, etc.
#
# Usage:
# edit the listed options, including the actual email, then rename to
# /etc/cron.daily/passwd
#
# If your users don't have a valid login shell (ie. they are ftp or mail
# users only), they will need some other way to change their password
# (telnet will work since login will handle password aging, or a poppasswd
# program, if they are mail users).
# <CONFIG> #
# should be same as /etc/adduser.conf
$LOW_UID=1000;
$HIGH_UID=29999;
# this let's the MTA handle the domain,
# set it manually if you want. Make sure
# you also add the @ like "\@domain.com"
$MAIL_DOM="";
# </CONFIG> #
# Set the current day reference
$curdays = int(time() / (60 * 60 * 24));
# Now go through the list
open(SH, "< /etc/shadow");
while (<SH>) {
@shent = split(':', $_);
@userent = getpwnam($shent[0]);
if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) {
if ($curdays > $shent[2] + $shent[4] - $shent[5] &&
$shent[4] != -1 && $shent[4] != 0 &&
$shent[5] != -1 && $shent[5] != 0) {
$daysleft = ($shent[2] + $shent[4]) - $curdays;
if ($daysleft == 1) { $days = "day"; } else {$days = "days"; }
if ($daysleft < 0) { next; }
open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}");
print MAIL <<EOF;
Your account will expire in $daysleft $days. Please change your password before
then or your account will expire
EOF
close (MAIL);
# This makes sure we also get a list of almost expired users
print "$shent[0]'s account will expire in $daysleft days\n";
}
}
@userent = getpwent();
}
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'groupadd' service
#
# This allows root to add groups without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'groupdel' service
#
# This allows root to remove groups without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'groupmod' service
#
# This allows root to modify groups without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-80
View File
@@ -1,80 +0,0 @@
usr/bin/chage
usr/bin/chfn
usr/bin/chsh
usr/bin/expiry
usr/bin/gpasswd
usr/bin/passwd
usr/sbin/chpasswd
usr/sbin/chgpasswd
usr/sbin/cppw
usr/sbin/groupadd
usr/sbin/groupdel
usr/sbin/groupmod
usr/sbin/groupmems
usr/sbin/grpck
usr/sbin/grpconv
usr/sbin/grpunconv
usr/sbin/newusers
usr/sbin/pwck
usr/sbin/pwconv
usr/sbin/pwunconv
usr/sbin/useradd
usr/sbin/userdel
usr/sbin/usermod
usr/sbin/vipw
usr/share/man/*/man1/chage.1
usr/share/man/*/man1/chfn.1
usr/share/man/*/man1/chsh.1
usr/share/man/*/man1/expiry.1
usr/share/man/*/man1/gpasswd.1
usr/share/man/*/man1/passwd.1
usr/share/man/*/man5/passwd.5
usr/share/man/*/man5/shadow.5
usr/share/man/*/man5/gshadow.5
usr/share/man/*/man8/chpasswd.8
usr/share/man/*/man8/groupadd.8
usr/share/man/*/man8/groupdel.8
usr/share/man/*/man8/groupmod.8
usr/share/man/*/man8/groupmems.8
usr/share/man/*/man8/grpck.8
usr/share/man/*/man8/grpconv.8
usr/share/man/*/man8/grpunconv.8
usr/share/man/*/man8/newusers.8
usr/share/man/*/man8/pwck.8
usr/share/man/*/man8/pwconv.8
usr/share/man/*/man8/pwunconv.8
usr/share/man/*/man8/useradd.8
usr/share/man/*/man8/userdel.8
usr/share/man/*/man8/usermod.8
usr/share/man/*/man8/vigr.8
usr/share/man/*/man8/vipw.8
usr/share/man/man1/chage.1
usr/share/man/man1/chfn.1
usr/share/man/man1/chsh.1
usr/share/man/man1/expiry.1
usr/share/man/man1/gpasswd.1
usr/share/man/man1/passwd.1
usr/share/man/man5/passwd.5
usr/share/man/man5/shadow.5
usr/share/man/man5/gshadow.5
usr/share/man/man5/subuid.5
usr/share/man/man5/subgid.5
usr/share/man/man5/subgid.5
usr/share/man/man5/subuid.5
usr/share/man/man8/chgpasswd.8
usr/share/man/man8/chpasswd.8
usr/share/man/man8/groupadd.8
usr/share/man/man8/groupdel.8
usr/share/man/man8/groupmod.8
usr/share/man/man8/grpck.8
usr/share/man/man8/grpconv.8
usr/share/man/man8/grpunconv.8
usr/share/man/man8/newusers.8
usr/share/man/man8/pwck.8
usr/share/man/man8/pwconv.8
usr/share/man/man8/pwunconv.8
usr/share/man/man8/useradd.8
usr/share/man/man8/userdel.8
usr/share/man/man8/usermod.8
usr/share/man/man8/vigr.8
usr/share/man/man8/vipw.8
-2
View File
@@ -1,2 +0,0 @@
usr/sbin/vipw usr/sbin/vigr
usr/sbin/cppw usr/sbin/cpgr
-6
View File
@@ -1,6 +0,0 @@
passwd: setgid-binary usr/bin/chage 2755 root/shadow
passwd: setuid-binary usr/bin/chfn 4755 root/root
passwd: setuid-binary usr/bin/chsh 4755 root/root
passwd: setgid-binary usr/bin/expiry 2755 root/shadow
passwd: setuid-binary usr/bin/gpasswd 4755 root/root
passwd: setuid-binary usr/bin/passwd 4755 root/root
-5
View File
@@ -1,5 +0,0 @@
# The PAM configuration file for the Shadow 'newusers' service
#
@include common-password
-6
View File
@@ -1,6 +0,0 @@
#
# The PAM configuration file for the Shadow `passwd' service
#
@include common-password
-44
View File
@@ -1,44 +0,0 @@
#!/bin/sh
set -e
case "$1" in
configure)
# Fix permissions on various log files from old versions of the debian
# installer, some unrelated to passwd but we decided to put the fix
# here since there was no better place. This can safely be removed
# after etch is released.
if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then
for log in /var/log/base-config* \
$(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
if [ -e "$log" ]; then
chmod 600 "$log"
fi
done
fi
rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
if ! getent group shadow | grep -q '^shadow:[^:]*:42'
then
groupadd -g 42 shadow || (
cat <<EOF
Group ID 42 has been allocated for the shadow group. You have either
used 42 yourself or created a shadow group with a different ID.
Please correct this problem and reconfigure with ``dpkg --configure passwd''.
Note that both user and group IDs in the range 0-99 are globally
allocated by the Debian project and must be the same on every Debian
system.
EOF
exit 1
)
fi
;;
esac
# Run shadowconfig only on new installs
[ -z "$2" ] && shadowconfig on
#DEBHELPER#
exit 0
-51
View File
@@ -1,51 +0,0 @@
#! /bin/sh
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <new-preinst> `install'
# * <new-preinst> `install' <old-version>
# * <new-preinst> `upgrade' <old-version>
# * <old-preinst> `abort-upgrade' <new-version>
#
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
remove_md5() {
if md5sum $1 2>/dev/null |grep -q $2; then
cp $1 $1.pre-upgrade
sed -e '/^[^#]*[ \t]*password[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
&& mv $1.post-upgrade $1
fi
}
case "$1" in
install|upgrade)
if [ "x$2" != "x" ] ; then
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
remove_md5 /etc/pam.d/passwd 23a5d1465bbc1e39ca6e0c32f22a75c9
fi
fi
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
-8
View File
@@ -1,8 +0,0 @@
# If a password operation is in progress and we lose power, stale lockfiles
# can be left behind. Clear them on boot.
r! /etc/gshadow.lock
r! /etc/shadow.lock
r! /etc/passwd.lock
r! /etc/group.lock
r! /etc/subuid.lock
r! /etc/subgid.lock
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'useradd' service
#
# This allows root to add users without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'userdel' service
#
# This allows root to remove users without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'groupdel' service
#
# This allows root to remove groups without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
@@ -1,44 +0,0 @@
From bdd68116b7c5f3cbb29ea4fe3bb81e338e9544f7 Mon Sep 17 00:00:00 2001
From: Simon Kainz <simon@familiekainz.at>
Date: Wed, 18 Jan 2017 17:24:04 +0100
Subject: [PATCH 1/2] Typos fix in german translation of man pages
Reported to Debian BTS in #734609
---
man/po/de.po | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/po/de.po b/man/po/de.po
index b4d7218..340e15d 100644
--- a/man/po/de.po
+++ b/man/po/de.po
@@ -3087,7 +3087,7 @@ msgstr "5"
#: limits.5.xml:61(refmiscinfo) gshadow.5.xml:48(refmiscinfo)
#: faillog.5.xml:59(refmiscinfo)
msgid "File Formats and Conversions"
-msgstr "Dateiformate und -konvertierung"
+msgstr "Dateiformate und konvertierung"
#: suauth.5.xml:65(refpurpose)
msgid "detailed su control file"
@@ -4370,7 +4370,7 @@ msgstr ""
#: shadow.5.xml:235(para)
msgid "An empty field means that the account will never expire."
-msgstr "Ein leeren Feld bedeutet, dass das Konto nicht verfallen wird."
+msgstr "Ein leeres Feld bedeutet, dass das Konto nicht verfallen wird."
#: shadow.5.xml:238(para)
msgid ""
@@ -6961,7 +6961,7 @@ msgid ""
"contents of this file should be a message indicating why logins are "
"inhibited."
msgstr ""
-"Falls angegeben, der Name einer Datei, dessen Existenz Anmeldungen außer von "
+"Falls angegeben, der Name einer Datei, deren Existenz Anmeldungen außer von "
"Root verhindert. Der Inhalt der Datei sollte die Gründe enthalten, weshalb "
"Anmeldungen untersagt sind."
--
2.1.4
-29
View File
@@ -1,29 +0,0 @@
From 578d495f91af8dc5dd774d4310ca06f7013712e7 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Wed, 18 Jan 2017 18:06:05 +0100
Subject: [PATCH 2/2] Last bits of enabling subuids
This patch has been carried by Debian, originally
submitted to BTS in #739981
---
src/newusers.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/newusers.c b/src/newusers.c
index 724cbb4..0c0cfe4 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -988,8 +988,8 @@ int main (int argc, char **argv)
is_shadow_grp = sgr_file_present ();
#endif
#ifdef ENABLE_SUBIDS
- is_sub_uid = sub_uid_file_present ();
- is_sub_gid = sub_gid_file_present ();
+ is_sub_uid = sub_uid_file_present () && !rflg;
+ is_sub_gid = sub_gid_file_present () && !rflg;
#endif /* ENABLE_SUBIDS */
open_files ();
--
2.1.4
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
@@ -1,98 +0,0 @@
From 8a122a90fa2afe39f2b1e56c5d45ea20f486bf0b Mon Sep 17 00:00:00 2001
From: Lars Bahner <bahner@debian.org>
Date: Thu, 19 Jan 2017 17:50:24 +0100
Subject: [PATCH 7/7] Fix some spelling issues in the Norwegian translation
---
po/nb.po | 13 +++++++------
po/nl.po | 8 ++++----
2 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/po/nb.po b/po/nb.po
index d42a864..7ad1ecb 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -7,12 +7,13 @@
# Bjørn Steensrud <bjornst@powertech.no>, 2006.
# Bjørn Steensrud <bjornst@skogkatt.homelinux.org>, 2009, 2012.
# Hans Fredrik Nordhaug <hans@nordhaug.priv.no>, 2012.
+# Lars Bahner <bahner@debian.org>, 2015
msgid ""
msgstr ""
"Project-Id-Version: shadow 4.0.17\n"
"Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
"POT-Creation-Date: 2016-09-18 14:03-0500\n"
-"PO-Revision-Date: 2012-01-18 17:19+0100\n"
+"PO-Revision-Date: 2015-09-30 18:15+0100\n"
"Last-Translator: Bjørn Steensrud <bjornst@skogkatt.homelinux.org>\n"
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
"Language: nb\n"
@@ -20,7 +21,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Lokalize 1.2\n"
+"X-Generator: Poedit 1.7.5\n"
#, c-format
msgid ""
@@ -48,10 +49,9 @@ msgstr "feil med oppsettet - ukjent element «%s» (kontakt administrator)\n"
msgid "%s: nscd did not terminate normally (signal %d)\n"
msgstr "%s: nscd avsluttet ikke normallt (signal %d)\n"
-#, fuzzy, c-format
-#| msgid "%s: nscd exited with status %d"
+#, c-format
msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd avsluttet med status %d"
+msgstr "%s: nscd avsluttet med status %d\n"
msgid "Password: "
msgstr "Passord: "
@@ -415,8 +415,9 @@ msgstr "passwd: %s\n"
msgid "passwd: password unchanged\n"
msgstr "passwd: passordet er uendret\n"
+#, fuzzy
msgid "passwd: password updated successfully\n"
-msgstr "passwd: passorder ble oppdatert\n"
+msgstr "passwd: passordet ble oppdatert\n"
#, c-format
msgid "Incorrect password for %s.\n"
diff --git a/po/nl.po b/po/nl.po
index 923c1d1..6cbabdd 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -745,7 +745,7 @@ msgstr "%s: ongeldige naam: '%s'\n"
#, c-format
msgid "%s: room number with non-ASCII characters: '%s'\n"
-msgstr "%s: kamernummer bevat niet-ASCII tekens: '%s'"
+msgstr "%s: kamernummer bevat niet-ASCII tekens: '%s'\n"
#, c-format
msgid "%s: invalid room number: '%s'\n"
@@ -1571,7 +1571,7 @@ msgstr "Ongeldig wachtwoord.\n"
#, c-format
msgid "%s: failure forking: %s\n"
-msgstr "%s: nieuw proces beginnen is mislukt: %s"
+msgstr "%s: nieuw proces beginnen is mislukt: %s\n"
#, c-format
msgid "%s: GID '%lu' does not exist\n"
@@ -2633,8 +2633,8 @@ msgstr "Kon bestand niet vergrendelen"
msgid "Couldn't make backup"
msgstr "Kon geen reservekopie maken"
-#| msgid "Unable to open group file\n"
-msgid "failed to open scratch file"
+#| msgid "Unable to open group file"
+msgid "failed to open scratch file\n"
msgstr "initieel bestand openen is mislukt\n"
#| msgid "%s: fields too long\n"
--
2.1.4
-60
View File
@@ -1,60 +0,0 @@
From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 23 Feb 2017 09:47:29 -0600
Subject: [PATCH] su: properly clear child PID
If su is compiled with PAM support, it is possible for any local user
to send SIGKILL to other processes with root privileges. There are
only two conditions. First, the user must be able to perform su with
a successful login. This does NOT have to be the root user, even using
su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
can only be sent to processes which were executed after the su process.
It is not possible to send SIGKILL to processes which were already
running. I consider this as a security vulnerability, because I was
able to write a proof of concept which unlocked a screen saver of
another user this way.
---
src/su.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
--- a/src/su.c
+++ b/src/su.c
@@ -363,11 +363,13 @@
/* wake child when resumed */
kill (pid, SIGCONT);
stop = false;
+ } else {
+ pid_child = 0;
}
} while (!stop);
}
- if (0 != caught) {
+ if (0 != caught && 0 != pid_child) {
(void) fputs ("\n", stderr);
(void) fputs (_("Session terminated, terminating shell..."),
stderr);
@@ -377,9 +379,22 @@
snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
(void) signal (SIGALRM, kill_child);
+ (void) signal (SIGCHLD, catch_signals);
(void) alarm (2);
- (void) wait (&status);
+ sigemptyset (&ourset);
+ if ((sigaddset (&ourset, SIGALRM) != 0)
+ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
+ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
+ kill_child (0);
+ } else {
+ while (0 == waitpid (pid_child, &status, WNOHANG)) {
+ sigsuspend (&ourset);
+ }
+ pid_child = 0;
+ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
+ }
+
(void) fputs (_(" ...terminated.\n"), stderr);
}
-55
View File
@@ -1,55 +0,0 @@
Goal: Log login failures to the btmp file
Notes:
* I'm not sure login should add an entry in the FTMP file when PAM is used.
(but nothing in /etc/login.defs indicates that the failure is not logged)
Index: shadow-4.4/src/login.c
===================================================================
--- shadow-4.4.orig/src/login.c
+++ shadow-4.4/src/login.c
@@ -834,6 +834,24 @@ int main (int argc, char **argv)
(void) puts ("");
(void) puts (_("Login incorrect"));
+ if (getdef_str("FTMP_FILE") != NULL) {
+#ifdef USE_UTMPX
+ struct utmpx *failent =
+ prepare_utmpx (failent_user,
+ tty,
+ /* FIXME: or fromhost? */hostname,
+ utent);
+#else /* !USE_UTMPX */
+ struct utmp *failent =
+ prepare_utmp (failent_user,
+ tty,
+ hostname,
+ utent);
+#endif /* !USE_UTMPX */
+ failtmp (failent_user, failent);
+ free (failent);
+ }
+
if (failcount >= retries) {
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
Index: shadow-4.4/lib/getdef.c
===================================================================
--- shadow-4.4.orig/lib/getdef.c
+++ shadow-4.4/lib/getdef.c
@@ -57,7 +57,6 @@ struct itemdef {
{"ENVIRON_FILE", NULL}, \
{"ENV_TZ", NULL}, \
{"FAILLOG_ENAB", NULL}, \
- {"FTMP_FILE", NULL}, \
{"ISSUE_FILE", NULL}, \
{"LASTLOG_ENAB", NULL}, \
{"LOGIN_STRING", NULL}, \
@@ -88,6 +87,7 @@ static struct itemdef def_table[] = {
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
{"FAKE_SHELL", NULL},
+ {"FTMP_FILE", NULL},
{"GID_MAX", NULL},
{"GID_MIN", NULL},
{"HUSHLOGIN_FILE", NULL},
File diff suppressed because it is too large Load Diff
@@ -1,29 +0,0 @@
From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 14 May 2017 17:58:10 +0200
Subject: [PATCH] Reset pid_child only if waitpid was successful.
Do not reset the pid_child to 0 if the child process is still
running. This else-condition can be reached with pid being -1,
therefore explicitly test this condition.
This is a regression fix for CVE-2017-2616. If su receives a
signal like SIGTERM, it is not propagated to the child.
Reported-by: Radu Duta <raduduta@gmail.com>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
src/su.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/su.c
+++ b/src/su.c
@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
/* wake child when resumed */
kill (pid, SIGCONT);
stop = false;
- } else {
+ } else if ( (pid_t)-1 != pid) {
pid_child = 0;
}
} while (!stop);
-282
View File
@@ -1,282 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Add cppw / cpgr
@DPATCH@
Index: shadow-4.4/src/cppw.c
===================================================================
--- /dev/null
+++ shadow-4.4/src/cppw.c
@@ -0,0 +1,238 @@
+/*
+ cppw, cpgr copy with locking given file over the password or group file
+ with -s will copy with locking given file over shadow or gshadow file
+
+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net>
+
+ Based on vipw, vigr by:
+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ */
+
+#include <config.h>
+#include "defines.h"
+
+#include <errno.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <signal.h>
+#include <utime.h>
+#include "exitcodes.h"
+#include "prototypes.h"
+#include "pwio.h"
+#include "shadowio.h"
+#include "groupio.h"
+#include "sgroupio.h"
+
+
+const char *Prog;
+
+const char *filename, *filenewname;
+static bool filelocked = false;
+static int (*unlock) (void);
+
+/* local function prototypes */
+static int create_copy (FILE *fp, const char *dest, struct stat *sb);
+static void cppwexit (const char *msg, int syserr, int ret);
+static void cppwcopy (const char *file,
+ const char *in_file,
+ int (*file_lock) (void),
+ int (*file_unlock) (void));
+
+static int create_copy (FILE *fp, const char *dest, struct stat *sb)
+{
+ struct utimbuf ub;
+ FILE *bkfp;
+ int c;
+ mode_t mask;
+
+ mask = umask (077);
+ bkfp = fopen (dest, "w");
+ (void) umask (mask);
+ if (NULL == bkfp) {
+ return -1;
+ }
+
+ rewind (fp);
+ while ((c = getc (fp)) != EOF) {
+ if (putc (c, bkfp) == EOF) {
+ break;
+ }
+ }
+
+ if ( (c != EOF)
+ || (fflush (bkfp) != 0)) {
+ (void) fclose (bkfp);
+ (void) unlink (dest);
+ return -1;
+ }
+ if ( (fsync (fileno (bkfp)) != 0)
+ || (fclose (bkfp) != 0)) {
+ (void) unlink (dest);
+ return -1;
+ }
+
+ ub.actime = sb->st_atime;
+ ub.modtime = sb->st_mtime;
+ if ( (utime (dest, &ub) != 0)
+ || (chmod (dest, sb->st_mode) != 0)
+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) {
+ (void) unlink (dest);
+ return -1;
+ }
+ return 0;
+}
+
+static void cppwexit (const char *msg, int syserr, int ret)
+{
+ int err = errno;
+ if (filelocked) {
+ (*unlock) ();
+ }
+ if (NULL != msg) {
+ fprintf (stderr, "%s: %s", Prog, msg);
+ if (0 != syserr) {
+ fprintf (stderr, ": %s", strerror (err));
+ }
+ (void) fputs ("\n", stderr);
+ }
+ if (NULL != filename) {
+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename);
+ } else {
+ fprintf (stderr, _("%s: no changes\n"), Prog);
+ }
+
+ exit (ret);
+}
+
+static void cppwcopy (const char *file,
+ const char *in_file,
+ int (*file_lock) (void),
+ int (*file_unlock) (void))
+{
+ struct stat st1;
+ FILE *f;
+ char filenew[1024];
+
+ snprintf (filenew, sizeof filenew, "%s.new", file);
+ unlock = file_unlock;
+ filename = file;
+ filenewname = filenew;
+
+ if (access (file, F_OK) != 0) {
+ cppwexit (file, 1, 1);
+ }
+ if (file_lock () == 0) {
+ cppwexit (_("Couldn't lock file"), 0, 5);
+ }
+ filelocked = true;
+
+ /* file to copy has same owners, perm */
+ if (stat (file, &st1) != 0) {
+ cppwexit (file, 1, 1);
+ }
+ f = fopen (in_file, "r");
+ if (NULL == f) {
+ cppwexit (in_file, 1, 1);
+ }
+ if (create_copy (f, filenew, &st1) != 0) {
+ cppwexit (_("Couldn't make copy"), errno, 1);
+ }
+
+ /* XXX - here we should check filenew for errors; if there are any,
+ * fail w/ an appropriate error code and let the user manually fix
+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly
+ * stolen from '--marekm's comment) */
+
+ if (rename (filenew, file) != 0) {
+ fprintf (stderr, _("%s: can't copy %s: %s)\n"),
+ Prog, filenew, strerror (errno));
+ cppwexit (NULL,0,1);
+ }
+
+ (*file_unlock) ();
+}
+
+int main (int argc, char **argv)
+{
+ int flag;
+ bool cpshadow = false;
+ char *in_file;
+ int e = E_USAGE;
+ bool do_cppw = true;
+
+ (void) setlocale (LC_ALL, "");
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
+ (void) textdomain (PACKAGE);
+
+ Prog = Basename (argv[0]);
+ if (strcmp (Prog, "cpgr") == 0) {
+ do_cppw = false;
+ }
+
+ while ((flag = getopt (argc, argv, "ghps")) != EOF) {
+ switch (flag) {
+ case 'p':
+ do_cppw = true;
+ break;
+ case 'g':
+ do_cppw = false;
+ break;
+ case 's':
+ cpshadow = true;
+ break;
+ case 'h':
+ e = E_SUCCESS;
+ /*pass through*/
+ default:
+ (void) fputs (_("Usage:\n\
+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\
+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\
+"), (E_SUCCESS != e) ? stderr : stdout);
+ exit (e);
+ }
+ }
+
+ if (argc != optind + 1) {
+ cppwexit (_("wrong number of arguments, -h for usage"),0,1);
+ }
+
+ in_file = argv[optind];
+
+ if (do_cppw) {
+ if (cpshadow) {
+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock);
+ } else {
+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock);
+ }
+ } else {
+#ifdef SHADOWGRP
+ if (cpshadow) {
+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock);
+ } else
+#endif /* SHADOWGRP */
+ {
+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock);
+ }
+ }
+
+ return 0;
+}
+
Index: shadow-4.4/src/Makefile.am
===================================================================
--- shadow-4.4.orig/src/Makefile.am
+++ shadow-4.4/src/Makefile.am
@@ -29,6 +29,7 @@ if ENABLE_SUBIDS
ubin_PROGRAMS += newgidmap newuidmap
endif
usbin_PROGRAMS = \
+ cppw \
chgpasswd \
chpasswd \
groupadd \
@@ -90,6 +91,7 @@ chfn_LDADD = $(LDADD) $(LIBPAM) $(LI
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+cppw_LDADD = $(LDADD) $(LIBSELINUX)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
Index: shadow-4.4/po/POTFILES.in
===================================================================
--- shadow-4.4.orig/po/POTFILES.in
+++ shadow-4.4/po/POTFILES.in
@@ -85,6 +85,7 @@ src/chfn.c
src/chgpasswd.c
src/chpasswd.c
src/chsh.c
+src/cppw.c
src/expiry.c
src/faillog.c
src/gpasswd.c
-64
View File
@@ -1,64 +0,0 @@
Goal: Add selinux support to cppw
Fix:
Status wrt upstream: cppw is not available upstream.
The patch was made based on the
302_vim_selinux_support patch. It needs to be
reviewed by an SE-Linux aware person.
Depends on 401_cppw_src.dpatch
Index: git/src/cppw.c
===================================================================
--- git.orig/src/cppw.c
+++ git/src/cppw.c
@@ -34,6 +34,9 @@
#include <sys/types.h>
#include <signal.h>
#include <utime.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /* WITH_SELINUX */
#include "exitcodes.h"
#include "prototypes.h"
#include "pwio.h"
@@ -139,6 +142,22 @@
if (access (file, F_OK) != 0) {
cppwexit (file, 1, 1);
}
+#ifdef WITH_SELINUX
+ /* if SE Linux is enabled then set the context of all new files
+ * to be the context of the file we are editing */
+ if (is_selinux_enabled () > 0) {
+ security_context_t passwd_context=NULL;
+ int ret = 0;
+ if (getfilecon (file, &passwd_context) < 0) {
+ cppwexit (_("Couldn't get file context"), errno, 1);
+ }
+ ret = setfscreatecon (passwd_context);
+ freecon (passwd_context);
+ if (0 != ret) {
+ cppwexit (_("setfscreatecon () failed"), errno, 1);
+ }
+ }
+#endif /* WITH_SELINUX */
if (file_lock () == 0) {
cppwexit (_("Couldn't lock file"), 0, 5);
}
@@ -167,6 +186,15 @@
cppwexit (NULL,0,1);
}
+#ifdef WITH_SELINUX
+ /* unset the fscreatecon */
+ if (is_selinux_enabled () > 0) {
+ if (setfscreatecon (NULL)) {
+ cppwexit (_("setfscreatecon() failed"), errno, 1);
+ }
+ }
+#endif /* WITH_SELINUX */
+
(*file_unlock) ();
}
-88
View File
@@ -1,88 +0,0 @@
Goal: Re-enable logging and displaying failures on login when login is
compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
faillog file if it does not exist on postinst (as on Woody).
Depends: 008_login_more_LOG_UNKFAIL_ENAB
Fixes: #192849
Note: It could be removed if pam_tally could report the number of failures
preceding a successful login.
Index: shadow-4.4/src/login.c
===================================================================
--- shadow-4.4.orig/src/login.c
+++ shadow-4.4/src/login.c
@@ -131,9 +131,9 @@ static void update_utmp (const char *use
const char *host,
/*@null@*/const struct utmp *utent);
-#ifndef USE_PAM
static struct faillog faillog;
+#ifndef USE_PAM
static void bad_time_notify (void);
static void check_nologin (bool login_to_root);
#else
@@ -794,6 +794,9 @@ int main (int argc, char **argv)
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
failcount, fromhost, failent_user));
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
+ failure (pwd->pw_uid, tty, &faillog);
+ }
fprintf (stderr,
_("Maximum number of tries exceeded (%u)\n"),
failcount);
@@ -811,6 +814,14 @@ int main (int argc, char **argv)
pam_strerror (pamh, retcode)));
failed = true;
}
+ if ( (NULL != pwd)
+ && getdef_bool("FAILLOG_ENAB")
+ && ! failcheck (pwd->pw_uid, &faillog, failed)) {
+ SYSLOG((LOG_CRIT,
+ "exceeded failure limit for `%s' %s",
+ failent_user, fromhost));
+ failed = 1;
+ }
if (!failed) {
break;
@@ -834,6 +845,10 @@ int main (int argc, char **argv)
(void) puts ("");
(void) puts (_("Login incorrect"));
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
+ failure (pwd->pw_uid, tty, &faillog);
+ }
+
if (getdef_str("FTMP_FILE") != NULL) {
#ifdef USE_UTMPX
struct utmpx *failent =
@@ -1288,6 +1303,7 @@ int main (int argc, char **argv)
*/
#ifndef USE_PAM
motd (); /* print the message of the day */
+#endif
if ( getdef_bool ("FAILLOG_ENAB")
&& (0 != faillog.fail_cnt)) {
failprint (&faillog);
@@ -1300,6 +1316,7 @@ int main (int argc, char **argv)
username, (int) faillog.fail_cnt));
}
}
+#ifndef USE_PAM
if ( getdef_bool ("LASTLOG_ENAB")
&& (ll.ll_time != 0)) {
time_t ll_time = ll.ll_time;
Index: shadow-4.4/lib/getdef.c
===================================================================
--- shadow-4.4.orig/lib/getdef.c
+++ shadow-4.4/lib/getdef.c
@@ -86,6 +86,7 @@ static struct itemdef def_table[] = {
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
+ {"FAILLOG_ENAB", NULL},
{"FAKE_SHELL", NULL},
{"FTMP_FILE", NULL},
{"GID_MAX", NULL},
-101
View File
@@ -1,101 +0,0 @@
Goal: Do not hardcode pam_fail_delay and let pam_unix do its
job to set a delay...or not
Fixes: #87648
Status wrt upstream: Forwarded but not applied yet
Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
Index: shadow-4.4/src/login.c
===================================================================
--- shadow-4.4.orig/src/login.c
+++ shadow-4.4/src/login.c
@@ -525,7 +525,6 @@ int main (int argc, char **argv)
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
char ptime[80];
#endif
- unsigned int delay;
unsigned int retries;
bool subroot = false;
#ifndef USE_PAM
@@ -546,6 +545,7 @@ int main (int argc, char **argv)
pid_t child;
char *pam_user = NULL;
#else
+ unsigned int delay;
struct spwd *spwd = NULL;
#endif
/*
@@ -708,7 +708,6 @@ int main (int argc, char **argv)
}
environ = newenvp; /* make new environment active */
- delay = getdef_unum ("FAIL_DELAY", 1);
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM
@@ -724,8 +723,7 @@ int main (int argc, char **argv)
/*
* hostname & tty are either set to NULL or their correct values,
- * depending on how much we know. We also set PAM's fail delay to
- * ours.
+ * depending on how much we know.
*
* PAM_RHOST and PAM_TTY are used for authentication, only use
* information coming from login or from the caller (e.g. no utmp)
@@ -734,10 +732,6 @@ int main (int argc, char **argv)
PAM_FAIL_CHECK;
retcode = pam_set_item (pamh, PAM_TTY, tty);
PAM_FAIL_CHECK;
-#ifdef HAS_PAM_FAIL_DELAY
- retcode = pam_fail_delay (pamh, 1000000 * delay);
- PAM_FAIL_CHECK;
-#endif
/* if fflg, then the user has already been authenticated */
if (!fflg) {
unsigned int failcount = 0;
@@ -778,12 +772,6 @@ int main (int argc, char **argv)
bool failed = false;
failcount++;
-#ifdef HAS_PAM_FAIL_DELAY
- if (delay > 0) {
- retcode = pam_fail_delay(pamh, 1000000*delay);
- PAM_FAIL_CHECK;
- }
-#endif
retcode = pam_authenticate (pamh, 0);
@@ -1106,14 +1094,17 @@ int main (int argc, char **argv)
free (username);
username = NULL;
+#ifndef USE_PAM
/*
* Wait a while (a la SVR4 /usr/bin/login) before attempting
* to login the user again. If the earlier alarm occurs
* before the sleep() below completes, login will exit.
*/
+ delay = getdef_unum ("FAIL_DELAY", 1);
if (delay > 0) {
(void) sleep (delay);
}
+#endif
(void) puts (_("Login incorrect"));
Index: shadow-4.4/lib/getdef.c
===================================================================
--- shadow-4.4.orig/lib/getdef.c
+++ shadow-4.4/lib/getdef.c
@@ -85,7 +85,6 @@ static struct itemdef def_table[] = {
{"ENV_PATH", NULL},
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
- {"FAIL_DELAY", NULL},
{"FAILLOG_ENAB", NULL},
{"FAKE_SHELL", NULL},
{"FTMP_FILE", NULL},
-66
View File
@@ -1,66 +0,0 @@
Goal: save the [g]shadow files with the 'shadow' group and mode 0440
Fixes: #166793
Index: shadow-4.4/lib/commonio.c
===================================================================
--- shadow-4.4.orig/lib/commonio.c
+++ shadow-4.4/lib/commonio.c
@@ -44,6 +44,7 @@
#include <errno.h>
#include <stdio.h>
#include <signal.h>
+#include <grp.h>
#include "nscd.h"
#ifdef WITH_TCB
#include <tcb.h>
@@ -966,12 +967,23 @@ int commonio_close (struct commonio_db *
goto fail;
}
} else {
+ struct group *grp;
/*
* Default permissions for new [g]shadow files.
*/
sb.st_mode = db->st_mode;
sb.st_uid = db->st_uid;
sb.st_gid = db->st_gid;
+
+ /*
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
+ */
+ if (sb.st_gid == 0) {
+ if ((grp = getgrnam("shadow")) != NULL)
+ sb.st_gid = grp->gr_gid;
+ else
+ sb.st_gid = 0;
+ }
}
snprintf (buf, sizeof buf, "%s+", db->filename);
Index: shadow-4.4/lib/sgroupio.c
===================================================================
--- shadow-4.4.orig/lib/sgroupio.c
+++ shadow-4.4/lib/sgroupio.c
@@ -228,7 +228,7 @@ static struct commonio_db gshadow_db = {
#ifdef WITH_SELINUX
NULL, /* scontext */
#endif
- 0400, /* st_mode */
+ 0440, /* st_mode */
0, /* st_uid */
0, /* st_gid */
NULL, /* head */
Index: shadow-4.4/lib/shadowio.c
===================================================================
--- shadow-4.4.orig/lib/shadowio.c
+++ shadow-4.4/lib/shadowio.c
@@ -104,7 +104,7 @@ static struct commonio_db shadow_db = {
#ifdef WITH_SELINUX
NULL, /* scontext */
#endif /* WITH_SELINUX */
- 0400, /* st_mode */
+ 0440, /* st_mode */
0, /* st_uid */
0, /* st_gid */
NULL, /* head */
-201
View File
@@ -1,201 +0,0 @@
Goal: Document the shadowconfig utility
Status wrt upstream: The shadowconfig utility is debian specific.
Its man page also (but it used to be distributed)
Index: git/man/shadowconfig.8
===================================================================
--- /dev/null
+++ git/man/shadowconfig.8
@@ -0,0 +1,41 @@
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" ""
+.SH NAME
+shadowconfig \- toggle shadow passwords on and off
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+.HP 13
+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR
+.ad
+.hy
+
+.SH "DESCRIPTION"
+
+.PP
+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&.
+
+.PP
+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&.
+
+.PP
+Note that turning shadow passwords off and on again will lose all password aging information\&.
+
Index: git/man/shadowconfig.8.xml
===================================================================
--- /dev/null
+++ git/man/shadowconfig.8.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+<refentry id='shadowconfig.8'>
+ <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ -->
+ <refentryinfo>
+ <date>19 Apr 1997</date>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle>shadowconfig</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class='date'>19 Apr 1997</refmiscinfo>
+ <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo>
+ </refmeta>
+ <refnamediv id='name'>
+ <refname>shadowconfig</refname>
+ <refpurpose>toggle shadow passwords on and off</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>shadowconfig</command>
+ <group choice='plain'>
+ <arg choice='plain'><replaceable>on</replaceable></arg>
+ <arg choice='plain'><replaceable>off</replaceable></arg>
+ </group>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para><command>shadowconfig</command> on will turn shadow passwords on;
+ <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow
+ passwords off. <command>shadowconfig</command> will print an error
+ message and exit with a nonzero code if it finds anything awry. If
+ that happens, you should correct the error and run it again. Turning
+ shadow passwords on when they are already on, or off when they are
+ already off, is harmless.
+ </para>
+
+ <para>
+ Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a
+ brief introduction
+ to shadow passwords and related features.
+ </para>
+
+ <para>Note that turning shadow passwords off and on again will lose all
+ password
+ aging information.
+ </para>
+ </refsect1>
+</refentry>
Index: git/man/fr/shadowconfig.8
===================================================================
--- /dev/null
+++ git/man/fr/shadowconfig.8
@@ -0,0 +1,26 @@
+.\" This file was generated with po4a. Translate the source file.
+.\"
+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
+.SH NOM
+shadowconfig \- active ou désactive les mots de passe cachés
+.SH SYNOPSIS
+\fBshadowconfig\fP \fIon\fP | \fIoff\fP
+.SH DESCRIPTION
+.PP
+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
+de recommencer.
+
+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
+désactiver lorsqu'ils ne sont pas actifs est sans effet.
+
+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
+mots de passe cachés et à leurs fonctionnalités.
+
+Notez que désactiver puis réactiver les mots de passe cachés aura pour
+conséquence la perte des informations d'âge sur les mots de passe.
+.SH TRADUCTION
+Nicolas FRANÇOIS, 2004.
+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
Index: git/man/ja/shadowconfig.8
===================================================================
--- /dev/null
+++ git/man/ja/shadowconfig.8
@@ -0,0 +1,25 @@
+.\" all right reserved,
+.\" Translated Tue Oct 30 11:59:11 JST 2001
+.\" by Maki KURODA <mkuroda@aisys-jp.com>
+.\"
+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
+.SH 名前
+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える
+.SH 書式
+.B "shadowconfig"
+.IR on " | " off
+.SH 説明
+.PP
+.B shadowconfig on
+は shadow パスワードを有効にする。
+.B shadowconfig off
+は shadow パスワードを無効にする。
+.B shadowconfig
+は何らかの間違いがあると、エラーメッセージを表示し、
+ゼロではない返り値を返す。
+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。
+shadow パスワードの設定がすでにオンの場合にオンに設定したり、
+すでにオフの場合にオフに設定しても、何の影響もない。
+
+.I /usr/share/doc/passwd/README.debian.gz
+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。
Index: git/man/pl/shadowconfig.8
===================================================================
--- /dev/null
+++ git/man/pl/shadowconfig.8
@@ -0,0 +1,27 @@
+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
+.\" {PTM/WK/1999-09-14}
+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
+.SH NAZWA
+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
+.SH SKŁADNIA
+.B "shadowconfig"
+.IR on " | " off
+.SH OPIS
+.PP
+.B shadowconfig on
+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
+.B shadowconfig off
+wyłącza dodatkowe pliki haseł i grup.
+.B shadowconfig
+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
+.\" if it finds anything awry.
+i uruchomić program ponownie.
+
+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
+gdy jest wyłączona jest nieszkodliwe.
+
+Przeczytaj
+.IR /usr/share/doc/passwd/README.debian.gz ,
+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
+plików haseł przesłanianych (shadow passwords) i związanych tematów.
-40
View File
@@ -1,40 +0,0 @@
Goal: Recommend using adduser and deluser.
Fixes: #406046
Status wrt upstream: Debian specific patch.
Index: git/man/useradd.8.xml
===================================================================
--- git.orig/man/useradd.8.xml
+++ git/man/useradd.8.xml
@@ -105,6 +105,12 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
+ <command>useradd</command> is a low level utility for adding
+ users. On Debian, administrators should usually use
+ <citerefentry><refentrytitle>adduser</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> instead.
+ </para>
+ <para>
When invoked without the <option>-D</option> option, the
<command>useradd</command> command creates a new user account using
the values specified on the command line plus the default values from
Index: git/man/userdel.8.xml
===================================================================
--- git.orig/man/userdel.8.xml
+++ git/man/userdel.8.xml
@@ -83,6 +83,12 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
+ <command>userdel</command> is a low level utility for removing
+ users. On Debian, administrators should usually use
+ <citerefentry><refentrytitle>deluser</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> instead.
+ </para>
+ <para>
The <command>userdel</command> command modifies the system account
files, deleting all entries that refer to the user name <emphasis
remap='I'>LOGIN</emphasis>. The named user must exist.
-106
View File
@@ -1,106 +0,0 @@
Goal: Relaxed usernames/groupnames checking patch.
Status wrt upstream: Debian specific. Not to be used upstream
Details:
Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
characters and don't start with '-', '+', or '~'. This patch is more
restrictive than original Karl's version. closes: #264879
Also closes: #377844
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
I can't come up with a good justification as to why characters other
than ':'s and '\0's should be disallowed in group and usernames (other
than '-' as the leading character). Thus, the maintenance tools don't
anymore. closes: #79682, #166798, #171179
Index: git/libmisc/chkname.c
===================================================================
--- git.orig/libmisc/chkname.c
+++ git/libmisc/chkname.c
@@ -48,6 +48,7 @@
static bool is_valid_name (const char *name)
{
+#if 0
/*
* User/group names must match [a-z_][a-z0-9_-]*[$]
*/
@@ -66,6 +67,26 @@
return false;
}
}
+#endif
+ /*
+ * POSIX indicate that usernames are composed of characters from the
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
+ * should not be used as the first character of a portable user name.
+ *
+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
+ */
+ if ( ('\0' == *name)
+ || ('-' == *name)
+ || ('~' == *name)
+ || ('+' == *name)) {
+ return false;
+ }
+ do {
+ if ((':' == *name) || (',' == *name) || isspace(*name)) {
+ return false;
+ }
+ name++;
+ } while ('\0' != *name);
return true;
}
Index: git/man/useradd.8.xml
===================================================================
--- git.orig/man/useradd.8.xml
+++ git/man/useradd.8.xml
@@ -633,12 +633,20 @@
</para>
<para>
- Usernames must start with a lower case letter or an underscore,
+ It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
followed by lower case letters, digits, underscores, or dashes.
They can end with a dollar sign.
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
</para>
<para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
+ colon (':'), a comma (','), or a whitespace (space: ' ',
+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash
+ ('/') may break the default algorithm for the definition of the
+ user's home directory.
+ </para>
+ <para>
Usernames may only be up to 32 characters long.
</para>
</refsect1>
Index: git/man/groupadd.8.xml
===================================================================
--- git.orig/man/groupadd.8.xml
+++ git/man/groupadd.8.xml
@@ -256,12 +256,18 @@
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
- Groupnames must start with a lower case letter or an underscore,
+ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
followed by lower case letters, digits, underscores, or dashes.
They can end with a dollar sign.
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
</para>
<para>
+ On Debian, the only constraints are that groupnames must neither start
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
+ colon (':'), a comma (','), or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
+ </para>
+ <para>
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
</para>
<para>
-20
View File
@@ -1,20 +0,0 @@
Index: git/src/Makefile.am
===================================================================
--- git.orig/src/Makefile.am
+++ git/src/Makefile.am
@@ -23,7 +23,6 @@
# $prefix/bin and $prefix/sbin, no install-data hacks...)
bin_PROGRAMS = groups login su
-sbin_PROGRAMS = nologin
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
if ENABLE_SUBIDS
ubin_PROGRAMS += newgidmap newuidmap
@@ -41,6 +40,7 @@
grpunconv \
logoutd \
newusers \
+ nologin \
pwck \
pwconv \
pwunconv \
-50
View File
@@ -1,50 +0,0 @@
Goal: Concatenate the non-su arguments and provide them to the shell with
the -c option
Fixes: #317264
see also #276419
Status wrt upstream: This is a Debian specific patch.
Note: the fix of the man page is still missing.
(to be taken from the trunk)
Index: shadow-4.4/src/su.c
===================================================================
--- shadow-4.4.orig/src/su.c
+++ shadow-4.4/src/su.c
@@ -1155,6 +1155,35 @@ int main (int argc, char **argv)
argv[0] = "-c";
argv[1] = command;
}
+ /* On Debian, the arguments are concatenated and the
+ * resulting string is always given to the shell with its
+ * -c option.
+ */
+ {
+ char **parg;
+ unsigned int cmd_len = 0;
+ char *cmd = NULL;
+ if (strcmp(argv[0], "-c") != 0) {
+ argv--;
+ argv[0] = "-c";
+ }
+ /* Now argv[0] is always -c, and other arguments
+ * can be concatenated
+ */
+ cmd_len = 1; /* finale '\0' */
+ for (parg = &argv[1]; *parg; parg++) {
+ cmd_len += strlen (*parg) + 1;
+ }
+ cmd = (char *) xmalloc (sizeof (char) * cmd_len);
+ cmd[0] = '\0';
+ for (parg = &argv[1]; *parg; parg++) {
+ strcat (cmd, " ");
+ strcat (cmd, *parg);
+ }
+ cmd[cmd_len - 1] = '\0';
+ argv[1] = &cmd[1]; /* do not take first space */
+ argv[2] = NULL;
+ }
/*
* Use the shell and create an argv
* with the rest of the command line included.
@@ -1,52 +0,0 @@
Goal: Do not concatenate the additional arguments, and support an
environment variable to revert to the old Debian's su behavior.
This patch needs the su_arguments_are_concatenated patch.
This patch, and su_arguments_are_concatenated should be dropped after
Etch.
Status wrt upstream: This patch is Debian specific.
Index: shadow-4.4/src/su.c
===================================================================
--- shadow-4.4.orig/src/su.c
+++ shadow-4.4/src/su.c
@@ -104,6 +104,19 @@ static char caller_name[BUFSIZ];
/* If nonzero, change some environment vars to indicate the user su'd to. */
static bool change_environment = true;
+/*
+ * If nonzero, keep the old Debian behavior:
+ * * concatenate all the arguments and provide them to the -c option of
+ * the shell
+ * * If there are some additional arguments, but no -c, add a -c
+ * argument anyway
+ * Drawbacks:
+ * * you can't provide options to the shell (other than -c)
+ * * you can't rely on the argument count
+ * See http://bugs.debian.org/276419
+ */
+static int old_debian_behavior;
+
#ifdef USE_PAM
static char kill_msg[256];
static char wait_msg[256];
@@ -952,6 +965,8 @@ int main (int argc, char **argv)
int ret;
#endif /* USE_PAM */
+ old_debian_behavior = (getenv("SU_NO_SHELL_ARGS") != NULL);
+
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
@@ -1159,7 +1174,7 @@ int main (int argc, char **argv)
* resulting string is always given to the shell with its
* -c option.
*/
- {
+ if (old_debian_behavior) {
char **parg;
unsigned int cmd_len = 0;
char *cmd = NULL;
-47
View File
@@ -1,47 +0,0 @@
Goal: accepts the -O flag for backward compatibility. (was used by adduser?)
Note: useradd.8 needs to be regenerated.
Status wrt upstream: not included as this is just specific
backward compatibility for Debian
Index: shadow-4.4/man/useradd.8.xml
===================================================================
--- shadow-4.4.orig/man/useradd.8.xml
+++ shadow-4.4/man/useradd.8.xml
@@ -329,6 +329,11 @@
databases are reset to avoid reusing the entry from a previously
deleted user.
</para>
+ <para>
+ For the compatibility with previous Debian's
+ <command>useradd</command>, the <option>-O</option> option is
+ also supported.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
Index: shadow-4.4/src/useradd.c
===================================================================
--- shadow-4.4.orig/src/useradd.c
+++ shadow-4.4/src/useradd.c
@@ -1056,9 +1056,9 @@ static void process_flags (int argc, cha
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:",
#else /* !WITH_SELINUX */
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U",
#endif /* !WITH_SELINUX */
long_options, NULL)) != -1) {
switch (c) {
@@ -1181,6 +1181,7 @@ static void process_flags (int argc, cha
kflg = true;
break;
case 'K':
+ case 'O': /* compatibility with previous Debian useradd */
/*
* override login.defs defaults (-K name=value)
* example: -K UID_MIN=100 -K UID_MAX=499
-81
View File
@@ -1,81 +0,0 @@
--- a/debian/passwd.install
+++ b/debian/passwd.install
@@ -9,6 +9,7 @@
usr/sbin/cppw
usr/sbin/groupadd
usr/sbin/groupdel
+usr/sbin/groupmems
usr/sbin/groupmod
usr/sbin/grpck
usr/sbin/grpconv
@@ -33,6 +34,7 @@
usr/share/man/*/man8/chpasswd.8
usr/share/man/*/man8/groupadd.8
usr/share/man/*/man8/groupdel.8
+usr/share/man/*/man8/groupmems.8
usr/share/man/*/man8/groupmod.8
usr/share/man/*/man8/grpck.8
usr/share/man/*/man8/grpconv.8
@@ -59,6 +61,7 @@
usr/share/man/man8/chpasswd.8
usr/share/man/man8/groupadd.8
usr/share/man/man8/groupdel.8
+usr/share/man/man8/groupmems.8
usr/share/man/man8/groupmod.8
usr/share/man/man8/grpck.8
usr/share/man/man8/grpconv.8
--- a/debian/passwd.postinst
+++ b/debian/passwd.postinst
@@ -31,6 +31,24 @@
exit 1
)
fi
+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99'
+ then
+ groupadd -g 99 groupmems || (
+ cat <<EOF
+************************ TESTSUITE *****************************
+Group ID 99 has been allocated for the groupmems group. You have either
+used 99 yourself or created a groupmems group with a different ID.
+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
+
+Note that both user and group IDs in the range 0-99 are globally
+allocated by the Debian project and must be the same on every Debian
+system.
+EOF
+ exit 1
+ )
+# FIXME
+ chgrp groupmems /usr/sbin/groupmems
+ fi
;;
esac
--- a/debian/rules
+++ b/debian/rules
@@ -60,6 +60,7 @@
dh_installpam -p passwd --name=chsh
dh_installpam -p passwd --name=chpasswd
dh_installpam -p passwd --name=newusers
+ dh_installpam -p passwd --name=groupmems
ifeq ($(DEB_HOST_ARCH_OS),hurd)
# login is not built on The Hurd, but some utilities of passwd depends on
# /etc/login.defs.
@@ -87,3 +88,6 @@
chgrp shadow debian/passwd/usr/bin/expiry
chmod g+s debian/passwd/usr/bin/chage
chmod g+s debian/passwd/usr/bin/expiry
+ chgrp groupmems debian/passwd/usr/sbin/groupmems
+ chmod u+s debian/passwd/usr/sbin/groupmems
+ chmod o-x debian/passwd/usr/sbin/groupmems
--- /dev/null
+++ b/debian/passwd.groupmems.pam
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth sufficient pam_rootok.so
+
+@include common-auth
+@include common-account
-76
View File
@@ -1,76 +0,0 @@
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,6 +1,8 @@
AUTOMAKE_OPTIONS = 1.0 foreign
+CFLAGS += -fprofile-arcs -ftest-coverage
+
DEFS =
noinst_LTLIBRARIES = libshadow.la
--- a/libmisc/Makefile.am
+++ b/libmisc/Makefile.am
@@ -1,6 +1,8 @@
EXTRA_DIST = .indent.pro xgetXXbyYY.c
+CFLAGS += -fprofile-arcs -ftest-coverage
+
INCLUDES = -I$(top_srcdir)/lib
noinst_LIBRARIES = libmisc.a
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -7,6 +7,8 @@
suidperms = 4755
sgidperms = 2755
+CFLAGS += -fprofile-arcs -ftest-coverage
+
INCLUDES = \
-I${top_srcdir}/lib \
-I$(top_srcdir)/libmisc
--- a/debian/rules
+++ b/debian/rules
@@ -40,6 +40,12 @@
endif
export CFLAGS
+clean:: clean_gcov
+
+clean_gcov:
+ find . -name "*.gcda" -delete
+ find . -name "*.gcno" -delete
+
# Add extras to the install process:
binary-install/login::
dh_installpam -p login
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -174,23 +174,9 @@
trust the formatted time received from the unix domain (or worse,
UDP) socket. -MM */
/* Avoid translated PAM error messages: Set LC_ALL to "C".
+ * This is disabled for coverage testing
* --Nekral */
-#define SYSLOG(x) \
- do { \
- char *old_locale = setlocale (LC_ALL, NULL); \
- char *saved_locale = NULL; \
- if (NULL != old_locale) { \
- saved_locale = strdup (old_locale); \
- } \
- if (NULL != saved_locale) { \
- (void) setlocale (LC_ALL, "C"); \
- } \
- syslog x ; \
- if (NULL != saved_locale) { \
- (void) setlocale (LC_ALL, saved_locale); \
- free (saved_locale); \
- } \
- } while (false)
+#define SYSLOG(x) syslog x
#else /* !ENABLE_NLS */
#define SYSLOG(x) syslog x
#endif /* !ENABLE_NLS */
-43
View File
@@ -1,43 +0,0 @@
Origin: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2021-03-16
From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Fri, 31 Mar 2017 16:25:06 +0200
Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
---
lib/commonio.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Index: shadow-4.4/lib/commonio.c
===================================================================
--- shadow-4.4.orig/lib/commonio.c
+++ shadow-4.4/lib/commonio.c
@@ -755,16 +755,16 @@ commonio_sort (struct commonio_db *db, i
for (ptr = db->head;
(NULL != ptr)
#if KEEP_NIS_AT_END
- && (NULL != ptr->line)
- && ( ('+' != ptr->line[0])
- && ('-' != ptr->line[0]))
+ && ((NULL == ptr->line)
+ || (('+' != ptr->line[0])
+ && ('-' != ptr->line[0])))
#endif
;
ptr = ptr->next) {
n++;
}
#if KEEP_NIS_AT_END
- if ((NULL != ptr) && (NULL != ptr->line)) {
+ if (NULL != ptr) {
nis = ptr;
}
#endif
-73
View File
@@ -1,73 +0,0 @@
Small intro to the system for numbering the patches here...
-The 00xx-... patches are forwarded to upstream's git repository
-The 0xx_... series of patches are patches isolated from the latest
version of the shadow Debian package not using quilt in order to
separate upstream from Debian-specific stuff.
NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES
-The 1xx series are l10n patches to upstream 4.0.18.1. As upstream has
adopted Debian translations, it is very likely that these patches
will become useless when we will have synced with upstream
-The 2xx series are patches for manual pages translations to upstream
4.0.18.1.
-The 3xx series are patches which have been temporarily applied to
Debian's shadow while we *know* they have been applied upstream as well
These patches should NOT be kept when we will sync with upstream
-The 4xx series are patches which have been applied to Debian's shadow
and have NOT been accepted and/or applied upstream. These patches MUST be kept
even after resynced with upstream
-The 5xx series are patches which are applied to Debian's shadow
and will never be proposed upstream because they're too specific
This list SHOULD BE AS SHORT AS POSSIBLE
In short, while we are working towards synchronisation with upstream,
our goal is to make 0xx patches disappear by moving them either to 3xx
series (things already implemented upstream) or to 4xx series
(Debian-specific patches).
Short HOWTO for quilt
=====================
The quilt system can be assimilated to a Pile Of Patches management system.
Patches live in debian/patches, the working directory is "."
The basic commands are (abbreviation accepted):
quilt push (asks to apply the next patch in the pile)
quilt pop (removes the current patch and go up in the pile)
quilt refresh (take the current changes in tree onto the patch)
When a file is changed by a patch, quilt saves it somewhere under .pc on
application. This is how it can refresh it afterward (comparing the version
in .pc and the one you currently have in your working dir).
There are three common pitfalls with quilt:
- doing "quilt pop" without doing "quilt refresh". The version of current
dir is replaced with the version of the .pc dir. Your changes are lost.
Quilt wont let you do so, but you can force it with '-f' if you're fool.
- editing a file with is not in the patch yet. Quilt didn't do any previous
backup.
Use "quilt add" to add files to patches.
Set $EDITOR and use "quilt edit" to edit a file, and add it onto the
patch if needed.
- If you update your working directory, patches may not revert cleanly.
It is thus recommended to use "quilt pop -a" before updating with
"svn up".
If you forget (and run into trouble), you may want to remove the whole
shadow-?.?.? directory. If you use the makefile which is in the upper
directory (trunk/), shadow-?.?.?/debian/patches is a link to
debian/patches, so this dirctory does not contain any valuable info.
The documentation is quite well done, I think. "quilt -h" will list you the
commands. "quilt <cmd> -h" will give you some hints about it. "man quilt" is
a reference documentation. /usr/share/doc/quilt/quilt.pdf.gz is a complete
manual, with tutorial.
-32
View File
@@ -1,32 +0,0 @@
0001-Typos-fix-in-german-translation-of-man-pages.patch
0002-Last-bits-of-enabling-subuids.patch
0003-Dutch-translation-update.patch
0004-Updated-Czech-translation.patch
0005-Update-for-German-man-pages.patch
0006-French-manpage-translation.patch
0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
0008-su-properly-clear-child-PID.patch
301-Reset-pid_child-only-if-waitpid-was-successful.patch
# These patches are only for the testsuite:
#900_testsuite_groupmems
#901_testsuite_gcov
503_shadowconfig.8
008_login_log_failure_in_FTMP
429_login_FAILLOG_ENAB
401_cppw_src.dpatch
# 402 should be merged in 401, but should be reviewed by SE Linux experts first
402_cppw_selinux
506_relaxed_usernames
542_useradd-O_option
463_login_delay_obeys_to_PAM
523_su_arguments_are_concatenated
523_su_arguments_are_no_more_concatenated_by_default
508_nologin_in_usr_sbin
505_useradd_recommend_adduser
501_commonio_group_shadow
# does not apply cleanly, please merge at upstream
1010_vietnamese_translation
CVE-2017-12424.patch
-98
View File
@@ -1,98 +0,0 @@
#!/usr/bin/make -f
# -*- mode: makefile; coding: utf-8 -*-
DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
# Enable PIE, BINDNOW, and possible future flags.
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
# Call autoreconf since we need to regenerate all the autofoo files
include /usr/share/cdbs/1/rules/autoreconf.mk
include /usr/share/cdbs/1/rules/debhelper.mk
# Specify where dh_install will find the files that it needs to move:
DEB_DH_INSTALL_SOURCEDIR=debian/tmp
# Specify the destination of shadow's "make install"
# (This is only needed on The Hurd, where only one package is built. On
# the other arch, DEB_DESTDIR already points to debian/tmp)
DEB_DESTDIR=$(CURDIR)/debian/tmp
include /usr/share/cdbs/1/class/autotools.mk
# Adds extra options when calling the configure script:
DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared \
--without-libcrack \
--mandir=/usr/share/man \
--with-libpam \
--enable-shadowgrp \
--enable-man \
--disable-account-tools-setuid \
--with-group-name-max-length=32 \
--without-acl \
--without-attr \
--without-tcb \
SHELL=/bin/sh
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE)
endif
# Set the default editor for vipw/vigr
CFLAGS += -DDEFAULT_EDITOR=\\\"sensible-editor\\\"
# Add extras to the install process:
binary-install/login::
ifeq ($(DEB_HOST_ARCH_OS),hurd)
# /bin/login is provided by the hurd package.
rm -f debian/login/bin/login
endif
ifneq ($(DEB_HOST_ARCH_OS),linux)
sed -i 's/session optional pam_keyinit.so/# Linux only # session optional pam_keyinit.so/' debian/login.pam
endif
dh_installpam -p login
dh_installpam -p login --name=su
install -c -m 444 debian/login.defs debian/login/etc/login.defs
install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
dh_lintian -p login
binary-install/passwd::
install -c -m 444 man/shadowconfig.8 debian/passwd/usr/share/man/man8
install -c -m 444 man/ja/shadowconfig.8 debian/passwd/usr/share/man/ja/man8
install -c -m 444 man/pl/shadowconfig.8 debian/passwd/usr/share/man/pl/man8
install -c -m 444 man/fr/shadowconfig.8 debian/passwd/usr/share/man/fr/man8
# Distribute the pam.d files; unless for the commands with disabled PAM
# support
dh_installpam -p passwd --name=passwd
dh_installpam -p passwd --name=chfn
dh_installpam -p passwd --name=chsh
dh_installpam -p passwd --name=chpasswd
dh_installpam -p passwd --name=newusers
install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd
install -d debian/passwd/sbin
install -c -m 555 debian/shadowconfig.sh debian/passwd/sbin/shadowconfig
install -c -m 444 debian/cpgr.8 debian/passwd/usr/share/man/man8
install -c -m 444 debian/cppw.8 debian/passwd/usr/share/man/man8
dh_lintian -p passwd
binary-predeb/uidmap::
chmod u+s debian/uidmap/usr/bin/newuidmap
chmod u+s debian/uidmap/usr/bin/newgidmap
binary-predeb/login::
# No real need for login to be setuid root
# chmod u+s debian/login/bin/login
chmod u+s debian/login/bin/su
chmod u+s debian/login/usr/bin/newgrp
binary-predeb/passwd::
chmod u+s debian/passwd/usr/bin/chfn
chmod u+s debian/passwd/usr/bin/chsh
chmod u+s debian/passwd/usr/bin/gpasswd
chmod u+s debian/passwd/usr/bin/passwd
chgrp shadow debian/passwd/usr/bin/chage
chgrp shadow debian/passwd/usr/bin/expiry
chmod g+s debian/passwd/usr/bin/chage
chmod g+s debian/passwd/usr/bin/expiry
clean::
sed -i 's/# Linux only # //' debian/login.pam
-71
View File
@@ -1,71 +0,0 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# for people with serial port consoles
com0
# Standard consoles
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
tty13
tty14
tty15
tty16
tty17
tty18
tty19
tty20
tty21
tty22
tty23
tty24
tty25
tty26
tty27
tty28
tty29
tty30
tty31
tty32
tty33
tty34
tty35
tty36
tty37
tty38
tty39
tty40
tty41
tty42
tty43
tty44
tty45
tty46
tty47
tty48
tty49
tty50
tty51
tty52
tty53
tty54
tty55
tty56
tty57
tty58
tty59
tty60
tty61
tty62
tty63
-24
View File
@@ -1,24 +0,0 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# for people with serial port consoles
ttyd0
ttyd1
# Standard consoles
ttyv0
ttyv1
ttyv2
ttyv3
ttyv4
ttyv5
ttyv6
ttyv7
ttyva
ttyvb
ttyvc
ttyvd
ttyve
ttyvf
-12
View File
@@ -1,12 +0,0 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# for people with serial port consoles
tty00
# Standard consoles
ttyE0
ttyE1
ttyE2
ttyE3
-412
View File
@@ -1,412 +0,0 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# Local X displays (allows empty passwords with pam_unix's nullok_secure)
:0
:0.0
:0.1
:1
:1.0
:1.1
:2
:2.0
:2.1
:3
:3.0
:3.1
#...
# ==========================================================
#
# TTYs sorted by major number according to Documentation/devices.txt
#
# ==========================================================
# Virtual consoles
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
tty13
tty14
tty15
tty16
tty17
tty18
tty19
tty20
tty21
tty22
tty23
tty24
tty25
tty26
tty27
tty28
tty29
tty30
tty31
tty32
tty33
tty34
tty35
tty36
tty37
tty38
tty39
tty40
tty41
tty42
tty43
tty44
tty45
tty46
tty47
tty48
tty49
tty50
tty51
tty52
tty53
tty54
tty55
tty56
tty57
tty58
tty59
tty60
tty61
tty62
tty63
# UART serial ports
ttyS0
ttyS1
ttyS2
ttyS3
ttyS4
ttyS5
#...ttyS191
# Serial Mux devices (Linux/PA-RISC only)
ttyB0
ttyB1
#...
# Chase serial card
ttyH0
ttyH1
#...
# Cyclades serial cards
ttyC0
ttyC1
#...ttyC31
# Digiboard serial cards
ttyD0
ttyD1
#...
# Stallion serial cards
ttyE0
ttyE1
#...ttyE255
# Specialix serial cards
ttyX0
ttyX1
#...
# Comtrol Rocketport serial cards
ttyR0
ttyR1
#...
# SDL RISCom serial cards
ttyL0
ttyL1
#...
# Hayes ESP serial card
ttyP0
ttyP1
#...
# Computone IntelliPort II serial card
ttyF0
ttyF1
#...ttyF255
# Specialix IO8+ serial card
ttyW0
ttyW1
#...
# Comtrol VS-1000 serial controller
ttyV0
ttyV1
#...
# ISI serial card
ttyM0
ttyM1
#...
# Technology Concepts serial card
ttyT0
ttyT1
#...
# Specialix RIO serial card
ttySR0
ttySR1
#...ttySR511
# Chase Research AT/PCI-Fast serial card
ttyCH0
ttyCH1
#...ttyCH63
# Moxa Intellio serial card
ttyMX0
ttyMX1
#...ttyMX127
# SmartIO serial card
ttySI0
ttySI1
#...
# USB dongles
ttyUSB0
ttyUSB1
ttyUSB2
#...
# LinkUp Systems L72xx UARTs
ttyLU0
ttyLU1
ttyLU2
ttyLU3
# StrongARM builtin serial ports
ttySA0
ttySA1
ttySA2
# SCI serial port (SuperH) ports and SC26xx serial ports
ttySC0
ttySC1
ttySC2
ttySC3
ttySC4
ttySC5
ttySC6
ttySC7
ttySC8
ttySC9
# ARM "AMBA" serial ports
ttyAM0
ttyAM1
ttyAM2
ttyAM3
ttyAM4
ttyAM5
ttyAM6
ttyAM7
ttyAM8
ttyAM9
ttyAM10
ttyAM11
ttyAM12
ttyAM13
ttyAM14
ttyAM15
# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU)
ttyAMA0
ttyAMA1
ttyAMA2
ttyAMA3
# DataBooster serial ports
ttyDB0
ttyDB1
ttyDB2
ttyDB3
ttyDB4
ttyDB5
ttyDB6
ttyDB7
# SGI Altix console ports
ttySG0
# Motorola i.MX ports
ttySMX0
ttySMX1
ttySMX2
# Marvell MPSC ports
ttyMM0
ttyMM1
# PPC CPM (SCC or SMC) ports
ttyCPM0
ttyCPM1
ttyCPM2
ttyCPM3
ttyCPM4
ttyCPM5
# Altix serial cards
ttyIOC0
ttyIOC1
#...ttyIOC31
# NEC VR4100 series SIU
ttyVR0
# NEC VR4100 series SSIU
ttyVR1
# Altix ioc4 serial cards
ttyIOC84
ttyIOC85
#...ttyIOC115
# Altix ioc3 serial cards
ttySIOC0
ttySIOC1
#...ttySIOC31
# PPC PSC ports
ttyPSC0
ttyPSC1
ttyPSC2
ttyPSC3
ttyPSC4
ttyPSC5
# ATMEL serial ports
ttyAT0
ttyAT1
#...ttyAT15
# Hilscher netX serial port
ttyNX0
ttyNX1
#...ttyNX15
# Xilinx uartlite - port
ttyUL0
ttyUL1
ttyUL2
ttyUL3
# Xen virtual console - port 0
xvc0
# pmac_zilog - port
ttyPZ0
ttyPZ1
ttyPZ2
ttyPZ3
# TX39/49 serial port
ttyTX0
ttyTX1
ttyTX2
ttyTX3
ttyTX4
ttyTX5
ttyTX6
ttyTX7
# SC26xx serial ports (see SCI serial ports (SuperH))
# MAX3100 serial ports
ttyMAX0
ttyMAX1
ttyMAX2
ttyMAX3
# OMAP serial ports
ttyO0
ttyO1
ttyO2
ttyO3
# User space serial ports
ttyU0
ttyU1
# A2232 serial card
ttyY0
ttyY1
# IBM 3270 terminal Unix tty access
3270/tty1
3270/tty2
#...
# IBM iSeries/pSeries virtual console
hvc0
hvc1
#...
#IBM pSeries console ports
hvsi0
hvsi1
hvsi2
# Equinox SST multi-port serial boards
ttyEQ0
ttyEQ1
#...ttyEQ1027
# ==========================================================
#
# Not in Documentation/Devices.txt
#
# ==========================================================
# Embedded Freescale i.MX ports
ttymxc0
ttymxc1
ttymxc2
ttymxc3
ttymxc4
ttymxc5
# LXC (Linux Containers)
lxc/console
lxc/tty1
lxc/tty2
lxc/tty3
lxc/tty4
# Serial Console for MIPS Swarm
duart0
duart1
# s390 and s390x ports in LPAR mode
ttysclp0
# ODROID XU4 serial console
ttySAC0
ttySAC1
ttySAC2
ttySAC3
-49
View File
@@ -1,49 +0,0 @@
#!/bin/sh
# turn shadow passwords on or off on a Debian system
set -e
shadowon () {
set -e
pwck -q -r
grpck -r
pwconv
grpconv
chown root:root /etc/passwd /etc/group
chmod 644 /etc/passwd /etc/group
chown root:shadow /etc/shadow /etc/gshadow
chmod 640 /etc/shadow /etc/gshadow
}
shadowoff () {
set -e
pwck -q -r
grpck -r
pwunconv
grpunconv
# sometimes the passwd perms get munged
chown root:root /etc/passwd /etc/group
chmod 644 /etc/passwd /etc/group
}
case "$1" in
"on")
if shadowon ; then
echo Shadow passwords are now on.
else
echo Please correct the error and rerun \`$0 on\'
exit 1
fi
;;
"off")
if shadowoff ; then
echo Shadow passwords are now off.
else
echo Please correct the error and rerun \`$0 off\'
exit 1
fi
;;
*)
echo Usage: $0 on \| off
;;
esac
-1
View File
@@ -1 +0,0 @@
3.0 (quilt)
-4
View File
@@ -1,4 +0,0 @@
usr/bin/newuidmap
usr/bin/newgidmap
usr/share/man/man1/newuidmap.1
usr/share/man/man1/newgidmap.1
-2
View File
@@ -1,2 +0,0 @@
uidmap: setuid-binary usr/bin/newgidmap 4755 root/root
uidmap: setuid-binary usr/bin/newuidmap 4755 root/root
-8196
View File
File diff suppressed because it is too large Load Diff
-37
View File
@@ -1,37 +0,0 @@
# Default values for useradd(8)
#
# The SHELL variable specifies the default login shell on your
# system.
# Similar to DHSELL in adduser. However, we use "sh" here because
# useradd is a low level utility and should be as general
# as possible
SHELL=/bin/sh
#
# The default group for users
# 100=users on Debian systems
# Same as USERS_GID in adduser
# This argument is used when the -n flag is specified.
# The default behavior (when -n and -g are not specified) is to create a
# primary user group with the same name as the user being added to the
# system.
# GROUP=100
#
# The default home directory. Same as DHOME for adduser
# HOME=/home
#
# The number of days after a password expires until the account
# is permanently disabled
# INACTIVE=-1
#
# The default expire date
# EXPIRE=
#
# The SKEL variable specifies the directory containing "skeletal" user
# files; in other words, files such as a sample .profile that will be
# copied to the new user's home directory when it is created.
# SKEL=/etc/skel
#
# Defines whether the mail spool should be created while
# creating the account
# CREATE_MAIL_SPOOL=yes
-4
View File
@@ -1,4 +0,0 @@
version=4
opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%shadow-$1.tar.gz%" \
https://github.com/shadow-maint/shadow/tags \
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
+50 -64
View File
@@ -6,18 +6,18 @@
#
# Delay in seconds before being allowed another attempt after a login failure
# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
# pam_unix(8) enforces a 2s delay)
# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
# pam_unix enforces a 2s delay)
#
FAIL_DELAY 3
#
# Enable logging and display of /var/log/faillog login(1) failure info.
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB yes
#
# Enable display of unknown usernames when login(1) failures are recorded.
# Enable display of unknown usernames when login failures are recorded.
#
LOG_UNKFAIL_ENAB no
@@ -27,7 +27,7 @@ LOG_UNKFAIL_ENAB no
LOG_OK_LOGINS no
#
# Enable logging and display of /var/log/lastlog login(1) time info.
# Enable logging and display of /var/log/lastlog login time info.
#
LASTLOG_ENAB yes
@@ -50,13 +50,13 @@ OBSCURE_CHECKS_ENAB yes
PORTTIME_CHECKS_ENAB yes
#
# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
# Enable setting of ulimit, umask, and niceness from passwd gecos field.
#
QUOTAS_ENAB yes
#
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
@@ -64,13 +64,13 @@ SYSLOG_SG_ENAB yes
#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names. Root logins will be allowed only
# from these devices.
# upon these devices.
#
CONSOLE /etc/securetty
#CONSOLE console:tty01:tty02:tty03:tty04
#
# If defined, all su(1) activity is logged to this file.
# If defined, all su activity is logged to this file.
#
#SULOG_FILE /var/log/sulog
@@ -82,33 +82,33 @@ MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
#
# If defined, this file will be output before each login(1) prompt.
# If defined, this file will be output before each login prompt.
#
#ISSUE_FILE /etc/issue
#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format similar to "vt100 tty01".
# Each line of the file is in a format something like "vt100 tty01".
#
#TTYTYPE_FILE /etc/ttytype
#
# If defined, login(1) failures will be logged here in a utmp format.
# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
# If defined, login failures will be logged here in a utmp format.
# last, when invoked as lastb, will read /var/log/btmp, so...
#
FTMP_FILE /var/log/btmp
#
# If defined, name of file whose presence will inhibit non-root
# logins. The content of this file should be a message indicating
# If defined, name of file whose presence which will inhibit non-root
# logins. The contents of this file should be a message indicating
# why logins are inhibited.
#
NOLOGINS_FILE /etc/nologin
#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then ps(1) will display the
# command as "-su". If not defined, then ps(1) will display the
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
SU_NAME su
@@ -158,10 +158,10 @@ ENV_PATH PATH=/bin:/usr/bin
# TTYGROUP Login tty will be assigned this group ownership.
# TTYPERM Login tty will be set to this permission.
#
# If you have a write(1) program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP as the number of such group
# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
# set TTYPERM to either 622 or 600.
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
TTYGROUP tty
TTYPERM 0600
@@ -183,13 +183,12 @@ ERASECHAR 0177
KILLCHAR 025
#ULIMIT 2097152
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
# home directories.
# Default initial "umask" value for non-PAM enabled systems.
# UMASK is also used by useradd and newusers to set the mode of new home
# directories.
# 022 is the default value, but 027, or even 077, could be considered
# for increased privacy. There is no One True Answer here: each sysadmin
# must make up his/her mind.
# better for privacy. There is no One True Answer here: each sysadmin
# must make up her mind.
UMASK 022
#
@@ -214,43 +213,35 @@ PASS_WARN_AGE 7
SU_WHEEL_ONLY no
#
# If compiled with cracklib support, sets the path to the dictionaries
# If compiled with cracklib support, where are the dictionaries
#
CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
#
# Min/max values for automatic uid selection in useradd(8)
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 101
SYS_UID_MAX 999
# Extra per user uids
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
SUB_UID_COUNT 65536
#
# Min/max values for automatic gid selection in groupadd(8)
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 101
SYS_GID_MAX 999
# Extra per user group ids
SUB_GID_MIN 100000
SUB_GID_MAX 600100000
SUB_GID_COUNT 65536
#
# Max number of login(1) retries if password is bad
# Max number of login retries if password is bad
#
LOGIN_RETRIES 5
#
# Max time in seconds for login(1)
# Max time in seconds for login
#
LOGIN_TIMEOUT 60
@@ -272,12 +263,12 @@ PASS_ALWAYS_WARN yes
#PASS_MAX_LEN 8
#
# Require password before chfn(1)/chsh(1) can make any changes.
# Require password before chfn/chsh can make any changes.
#
CHFN_AUTH yes
#
# Which fields may be changed by regular users using chfn(1) - use
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
@@ -302,13 +293,13 @@ CHFN_RESTRICT rwh
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
# This variable is deprecated. You should use ENCRYPT_METHOD instead.
# This variable is deprecated. You should use ENCRYPT_METHOD.
#
#MD5_CRYPT_ENAB no
#
# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
# If set to MD5, MD5-based algorithm will be used for encrypting password
# If set to MD5 , MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
@@ -323,12 +314,12 @@ CHFN_RESTRICT rwh
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute-force the password.
# However, more CPU resources will be needed to authenticate users if
# this value is increased.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
#
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be within the 1000-999999999 range.
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
@@ -337,18 +328,18 @@ CHFN_RESTRICT rwh
#
# List of groups to add to the user's supplementary group set
# when logging in from the console (as determined by the CONSOLE
# when logging in on the console (as determined by the CONSOLE
# setting). Default is none.
#
# Use with caution - it is possible for users to gain permanent
# access to these groups, even when not logged in from the console.
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
#CONSOLE_GROUPS floppy:audio:cdrom
#
# Should login be allowed if we can't cd to the home directory?
# Default is no.
# Default in no.
#
DEFAULT_HOME yes
@@ -370,14 +361,14 @@ ENVIRON_FILE /etc/environment
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
# the same as gid, and username is the same as the primary group name.
#
# This also enables userdel(8) to remove user groups if no members exist.
# This also enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
#
# If set to a non-zero number, the shadow utilities will make sure that
# If set to a non-nul number, the shadow utilities will make sure that
# groups never have more than this number of users on one line.
# This permits to support split groups (groups split into multiple lines,
# This permit to support split groups (groups split into multiple lines,
# with the same group ID, to avoid limitation of the line length in the
# group file).
#
@@ -386,15 +377,10 @@ USERGROUPS_ENAB yes
#MAX_MEMBERS_PER_GROUP 0
#
# If useradd(8) should create home directories for users by default (non
# system users only).
# This option is overridden with the -M or -m flags on the useradd(8)
# command-line.
# If useradd should create home directories for users by default (non
# system users only)
# This option is overridden with the -M or -m flags on the useradd command
# line.
#
#CREATE_HOME yes
#
# Force use shadow, even if shadow passwd & shadow group files are
# missing.
#
#FORCE_SHADOW yes
-10
View File
@@ -14,7 +14,6 @@ libshadow_la_SOURCES = \
encrypt.c \
exitcodes.h \
faillog.h \
fields.c \
fputsx.c \
getdef.c \
getdef.h \
@@ -39,10 +38,6 @@ libshadow_la_SOURCES = \
pwio.c \
pwio.h \
pwmem.c \
subordinateio.h \
subordinateio.c \
selinux.c \
semanage.c \
sgetgrent.c \
sgetpwent.c \
sgetspent.c \
@@ -52,13 +47,8 @@ libshadow_la_SOURCES = \
shadowio.c \
shadowio.h \
shadowmem.c \
spawn.c \
utent.c
if WITH_TCB
libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
endif
# These files are unneeded for some reason, listed in
# order of appearance:
#
+84 -213
View File
@@ -2,7 +2,7 @@
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
* Copyright (c) 1996 - 2001, Marek Michałkiewicz
* Copyright (c) 2001 - 2006, Tomasz Kłoczko
* Copyright (c) 2007 - 2011, Nicolas François
* Copyright (c) 2007 - 2009, Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -45,16 +45,16 @@
#include <stdio.h>
#include <signal.h>
#include "nscd.h"
#ifdef WITH_TCB
#include <tcb.h>
#endif /* WITH_TCB */
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
#endif
#include "prototypes.h"
#include "commonio.h"
/* local function prototypes */
static int lrename (const char *, const char *);
static int check_link_count (const char *file);
static int do_lock_file (const char *file, const char *lock, bool log);
static int do_lock_file (const char *file, const char *lock);
static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
const char *name,
const char *mode,
@@ -132,7 +132,7 @@ static int check_link_count (const char *file)
}
static int do_lock_file (const char *file, const char *lock, bool log)
static int do_lock_file (const char *file, const char *lock)
{
int fd;
pid_t pid;
@@ -142,11 +142,6 @@ static int do_lock_file (const char *file, const char *lock, bool log)
fd = open (file, O_CREAT | O_EXCL | O_WRONLY, 0600);
if (-1 == fd) {
if (log) {
(void) fprintf (stderr,
"%s: %s: %s\n",
Prog, file, strerror (errno));
}
return 0;
}
@@ -154,11 +149,6 @@ static int do_lock_file (const char *file, const char *lock, bool log)
snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
len = (ssize_t) strlen (buf) + 1;
if (write (fd, buf, (size_t) len) != len) {
if (log) {
(void) fprintf (stderr,
"%s: %s: %s\n",
Prog, file, strerror (errno));
}
(void) close (fd);
unlink (file);
return 0;
@@ -167,22 +157,12 @@ static int do_lock_file (const char *file, const char *lock, bool log)
if (link (file, lock) == 0) {
retval = check_link_count (file);
if ((0==retval) && log) {
(void) fprintf (stderr,
"%s: %s: lock file already used\n",
Prog, file);
}
unlink (file);
return retval;
}
fd = open (lock, O_RDWR);
if (-1 == fd) {
if (log) {
(void) fprintf (stderr,
"%s: %s: %s\n",
Prog, lock, strerror (errno));
}
unlink (file);
errno = EINVAL;
return 0;
@@ -190,60 +170,29 @@ static int do_lock_file (const char *file, const char *lock, bool log)
len = read (fd, buf, sizeof (buf) - 1);
close (fd);
if (len <= 0) {
if (log) {
(void) fprintf (stderr,
"%s: existing lock file %s without a PID\n",
Prog, lock);
}
unlink (file);
errno = EINVAL;
return 0;
}
buf[len] = '\0';
if (get_pid (buf, &pid) == 0) {
if (log) {
(void) fprintf (stderr,
"%s: existing lock file %s with an invalid PID '%s'\n",
Prog, lock, buf);
}
unlink (file);
errno = EINVAL;
return 0;
}
if (kill (pid, 0) == 0) {
if (log) {
(void) fprintf (stderr,
"%s: lock %s already used by PID %lu\n",
Prog, lock, (unsigned long) pid);
}
unlink (file);
errno = EEXIST;
return 0;
}
if (unlink (lock) != 0) {
if (log) {
(void) fprintf (stderr,
"%s: cannot get lock %s: %s\n",
Prog, lock, strerror (errno));
}
unlink (file);
return 0;
}
retval = 0;
if (link (file, lock) == 0) {
retval = check_link_count (file);
if ((0==retval) && log) {
(void) fprintf (stderr,
"%s: %s: lock file already used\n",
Prog, file);
}
} else {
if (log) {
(void) fprintf (stderr,
"%s: cannot get lock %s: %s\n",
Prog, lock, strerror (errno));
}
if ((link (file, lock) == 0) && (check_link_count (file) != 0)) {
retval = 1;
}
unlink (file);
@@ -270,21 +219,21 @@ static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
if (fchown (fileno (fp), sb->st_uid, sb->st_gid) != 0) {
goto fail;
}
#else /* !HAVE_FCHOWN */
#else
if (chown (name, sb->st_mode) != 0) {
goto fail;
}
#endif /* !HAVE_FCHOWN */
#endif
#ifdef HAVE_FCHMOD
if (fchmod (fileno (fp), sb->st_mode & 0664) != 0) {
goto fail;
}
#else /* !HAVE_FCHMOD */
#else
if (chmod (name, sb->st_mode & 0664) != 0) {
goto fail;
}
#endif /* !HAVE_FCHMOD */
#endif
return fp;
fail:
@@ -376,7 +325,7 @@ bool commonio_present (const struct commonio_db *db)
}
int commonio_lock_nowait (struct commonio_db *db, bool log)
int commonio_lock_nowait (struct commonio_db *db)
{
char file[1024];
char lock[1024];
@@ -388,7 +337,7 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
snprintf (file, sizeof file, "%s.%lu",
db->filename, (unsigned long) getpid ());
snprintf (lock, sizeof lock, "%s.lock", db->filename);
if (do_lock_file (file, lock, log) != 0) {
if (do_lock_file (file, lock) != 0) {
db->locked = true;
lock_count++;
return 1;
@@ -412,22 +361,17 @@ int commonio_lock (struct commonio_db *db)
*/
if (0 == lock_count) {
if (lckpwdf () == -1) {
if (geteuid () != 0) {
(void) fprintf (stderr,
"%s: Permission denied.\n",
Prog);
}
return 0; /* failure */
}
}
if (commonio_lock_nowait (db, true) != 0) {
if (commonio_lock_nowait (db) != 0) {
return 1; /* success */
}
ulckpwdf ();
return 0; /* failure */
#else /* !HAVE_LCKPWDF */
#else
int i;
/*
@@ -444,18 +388,16 @@ int commonio_lock (struct commonio_db *db)
if (i > 0) {
sleep (LOCK_SLEEP); /* delay between retries */
}
if (commonio_lock_nowait (db, i==LOCK_TRIES-1) != 0) {
if (commonio_lock_nowait (db) != 0) {
return 1; /* success */
}
/* no unnecessary retries on "permission denied" errors */
if (geteuid () != 0) {
(void) fprintf (stderr, "%s: Permission denied.\n",
Prog);
return 0;
}
}
return 0; /* failure */
#endif /* !HAVE_LCKPWDF */
#endif
}
static void dec_lock_count (void)
@@ -472,7 +414,7 @@ static void dec_lock_count (void)
}
#ifdef HAVE_LCKPWDF
ulckpwdf ();
#endif /* HAVE_LCKPWDF */
#endif
}
}
}
@@ -591,7 +533,6 @@ int commonio_open (struct commonio_db *db, int mode)
void *eptr = NULL;
int flags = mode;
size_t buflen;
int fd;
int saved_errno;
mode &= ~O_CREAT;
@@ -608,31 +549,11 @@ int commonio_open (struct commonio_db *db, int mode)
return 0;
}
db->head = NULL;
db->tail = NULL;
db->head = db->tail = NULL;
db->cursor = NULL;
db->changed = false;
fd = open (db->filename,
(db->readonly ? O_RDONLY : O_RDWR)
| O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
saved_errno = errno;
db->fp = NULL;
if (fd >= 0) {
#ifdef WITH_TCB
if (tcb_is_suspect (fd) != 0) {
(void) close (fd);
errno = EINVAL;
return 0;
}
#endif /* WITH_TCB */
db->fp = fdopen (fd, db->readonly ? "r" : "r+");
saved_errno = errno;
if (NULL == db->fp) {
(void) close (fd);
}
}
errno = saved_errno;
db->fp = fopen (db->filename, db->readonly ? "r" : "r+");
/*
* If O_CREAT was specified and the file didn't exist, it will be
@@ -647,7 +568,16 @@ int commonio_open (struct commonio_db *db, int mode)
}
/* Do not inherit fd in spawned processes (e.g. nscd) */
fcntl (fileno (db->fp), F_SETFD, FD_CLOEXEC);
fcntl(fileno(db->fp), F_SETFD, FD_CLOEXEC);
#ifdef WITH_SELINUX
db->scontext = NULL;
if ((is_selinux_enabled () > 0) && (!db->readonly)) {
if (fgetfilecon (fileno (db->fp), &db->scontext) < 0) {
goto cleanup_errno;
}
}
#endif
buflen = BUFLEN;
buf = (char *) malloc (buflen);
@@ -733,6 +663,12 @@ int commonio_open (struct commonio_db *db, int mode)
cleanup_errno:
saved_errno = errno;
free_linked_list (db);
#ifdef WITH_SELINUX
if (db->scontext != NULL) {
freecon (db->scontext);
db->scontext = NULL;
}
#endif
fclose (db->fp);
db->fp = NULL;
errno = saved_errno;
@@ -747,26 +683,10 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
{
struct commonio_entry **entries, *ptr;
size_t n = 0, i;
#if KEEP_NIS_AT_END
struct commonio_entry *nis = NULL;
#endif
for (ptr = db->head;
(NULL != ptr)
#if KEEP_NIS_AT_END
&& (NULL != ptr->line)
&& ( ('+' != ptr->line[0])
&& ('-' != ptr->line[0]))
#endif
;
ptr = ptr->next) {
for (ptr = db->head; NULL != ptr; ptr = ptr->next) {
n++;
}
#if KEEP_NIS_AT_END
if ((NULL != ptr) && (NULL != ptr->line)) {
nis = ptr;
}
#endif
if (n <= 1) {
return 0;
@@ -778,40 +698,18 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
}
n = 0;
for (ptr = db->head;
#if KEEP_NIS_AT_END
nis != ptr;
#else
NULL != ptr;
#endif
/*@ -nullderef @*/
ptr = ptr->next
/*@ +nullderef @*/
) {
entries[n] = ptr;
n++;
for (ptr = db->head; NULL != ptr; ptr = ptr->next) {
entries[n++] = ptr;
}
qsort (entries, n, sizeof (struct commonio_entry *), cmp);
/* Take care of the head and tail separately */
db->head = entries[0];
n--;
#if KEEP_NIS_AT_END
if (NULL == nis)
#endif
{
db->tail = entries[n];
}
db->tail = entries[--n];
db->head->prev = NULL;
db->head->next = entries[1];
entries[n]->prev = entries[n - 1];
#if KEEP_NIS_AT_END
entries[n]->next = nis;
#else
entries[n]->next = NULL;
#endif
db->tail->prev = entries[n - 1];
db->tail->next = NULL;
/* Now other elements have prev and next entries */
for (i = 1; i < n; i++) {
entries[i]->prev = entries[i - 1];
entries[i]->next = entries[i + 1];
@@ -826,8 +724,7 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
/*
* Sort entries in db according to order in another.
*/
int commonio_sort_wrt (struct commonio_db *shadow,
const struct commonio_db *passwd)
int commonio_sort_wrt (struct commonio_db *shadow, struct commonio_db *passwd)
{
struct commonio_entry *head = NULL, *pw_ptr, *spw_ptr;
const char *name;
@@ -914,6 +811,10 @@ int commonio_close (struct commonio_db *db)
int errors = 0;
struct stat sb;
#ifdef WITH_SELINUX
/*@null@*/security_context_t old_context = NULL;
#endif
if (!db->isopen) {
errno = EINVAL;
return 0;
@@ -921,7 +822,7 @@ int commonio_close (struct commonio_db *db)
db->isopen = false;
if (!db->changed || db->readonly) {
(void) fclose (db->fp);
fclose (db->fp);
db->fp = NULL;
goto success;
}
@@ -933,21 +834,27 @@ int commonio_close (struct commonio_db *db)
memzero (&sb, sizeof sb);
if (NULL != db->fp) {
if (fstat (fileno (db->fp), &sb) != 0) {
(void) fclose (db->fp);
fclose (db->fp);
db->fp = NULL;
goto fail;
}
#ifdef WITH_SELINUX
if (db->scontext != NULL) {
if (getfscreatecon (&old_context) < 0) {
errors++;
goto fail;
}
if (setfscreatecon (db->scontext) < 0) {
errors++;
goto fail;
}
}
#endif
/*
* Create backup file.
*/
snprintf (buf, sizeof buf, "%s-", db->filename);
#ifdef WITH_SELINUX
if (set_selinux_file_context (buf) != 0) {
errors++;
}
#endif
if (create_backup (buf, db->fp) != 0) {
errors++;
}
@@ -956,11 +863,6 @@ int commonio_close (struct commonio_db *db)
errors++;
}
#ifdef WITH_SELINUX
if (reset_selinux_file_context () != 0) {
errors++;
}
#endif
if (errors != 0) {
db->fp = NULL;
goto fail;
@@ -968,20 +870,15 @@ int commonio_close (struct commonio_db *db)
} else {
/*
* Default permissions for new [g]shadow files.
* (passwd and group always exist...)
*/
sb.st_mode = db->st_mode;
sb.st_uid = db->st_uid;
sb.st_gid = db->st_gid;
sb.st_mode = 0400;
sb.st_uid = 0;
sb.st_gid = 0;
}
snprintf (buf, sizeof buf, "%s+", db->filename);
#ifdef WITH_SELINUX
if (set_selinux_file_context (buf) != 0) {
errors++;
}
#endif
db->fp = fopen_set_perms (buf, "w", &sb);
if (NULL == db->fp) {
goto fail;
@@ -998,9 +895,9 @@ int commonio_close (struct commonio_db *db)
if (fsync (fileno (db->fp)) != 0) {
errors++;
}
#else /* !HAVE_FSYNC */
#else
sync ();
#endif /* !HAVE_FSYNC */
#endif
if (fclose (db->fp) != 0) {
errors++;
}
@@ -1016,18 +913,25 @@ int commonio_close (struct commonio_db *db)
goto fail;
}
#ifdef WITH_SELINUX
if (reset_selinux_file_context () != 0) {
goto fail;
}
#endif
nscd_need_reload = true;
goto success;
fail:
errors++;
success:
#ifdef WITH_SELINUX
if (db->scontext != NULL) {
if (NULL != old_context) {
if (setfscreatecon (old_context) < 0) {
errors++;
}
freecon (old_context);
old_context = NULL;
}
freecon (db->scontext);
db->scontext = NULL;
}
#endif
free_linked_list (db);
return errors == 0;
}
@@ -1058,7 +962,7 @@ static /*@dependent@*/ /*@null@*/struct commonio_entry *find_entry_by_name (
struct commonio_db *db,
const char *name)
{
return next_entry_by_name (db, db->head, name);
return next_entry_by_name(db, db->head, name);
}
@@ -1080,7 +984,6 @@ int commonio_update (struct commonio_db *db, const void *eptr)
if (NULL != p) {
if (next_entry_by_name (db, p->next, db->ops->getname (eptr)) != NULL) {
fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
db->ops->free (nentry);
return 0;
}
db->ops->free (p->eptr);
@@ -1105,46 +1008,14 @@ int commonio_update (struct commonio_db *db, const void *eptr)
#if KEEP_NIS_AT_END
add_one_entry_nis (db, p);
#else /* !KEEP_NIS_AT_END */
#else
add_one_entry (db, p);
#endif /* !KEEP_NIS_AT_END */
#endif
db->changed = true;
return 1;
}
#ifdef ENABLE_SUBIDS
int commonio_append (struct commonio_db *db, const void *eptr)
{
struct commonio_entry *p;
void *nentry;
if (!db->isopen || db->readonly) {
errno = EINVAL;
return 0;
}
nentry = db->ops->dup (eptr);
if (NULL == nentry) {
errno = ENOMEM;
return 0;
}
/* new entry */
p = (struct commonio_entry *) malloc (sizeof *p);
if (NULL == p) {
db->ops->free (nentry);
errno = ENOMEM;
return 0;
}
p->eptr = nentry;
p->line = NULL;
p->changed = true;
add_one_entry (db, p);
db->changed = true;
return 1;
}
#endif /* ENABLE_SUBIDS */
void commonio_del_entry (struct commonio_db *db, const struct commonio_entry *p)
{
+6 -16
View File
@@ -2,7 +2,7 @@
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
* Copyright (c) 2001 - 2005, Tomasz Kłoczko
* Copyright (c) 2007 - 2010, Nicolas François
* Copyright (c) 2007 - 2008, Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -123,17 +123,10 @@ struct commonio_db {
#ifdef WITH_SELINUX
/*@null@*/security_context_t scontext;
#endif
/*
* Default permissions and owner for newly created data file.
*/
mode_t st_mode;
uid_t st_uid;
gid_t st_gid;
/*
* Head, tail, current position in linked list.
*/
/*@owned@*/ /*@null@*/struct commonio_entry *head;
/*@dependent@*/ /*@null@*/struct commonio_entry *tail;
/*@owned@*/ /*@null@*/struct commonio_entry *head, *tail;
/*@dependent@*/ /*@null@*/struct commonio_entry *cursor;
/*
@@ -148,23 +141,20 @@ struct commonio_db {
extern int commonio_setname (struct commonio_db *, const char *);
extern bool commonio_present (const struct commonio_db *db);
extern int commonio_lock (struct commonio_db *);
extern int commonio_lock_nowait (struct commonio_db *, bool log);
extern int commonio_lock_nowait (struct commonio_db *);
extern int commonio_open (struct commonio_db *, int);
extern /*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *, const char *);
extern int commonio_update (struct commonio_db *, const void *);
#ifdef ENABLE_SUBIDS
extern int commonio_append (struct commonio_db *, const void *);
#endif /* ENABLE_SUBIDS */
extern int commonio_remove (struct commonio_db *, const char *);
extern int commonio_rewind (struct commonio_db *);
extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *);
extern int commonio_close (struct commonio_db *);
extern int commonio_unlock (struct commonio_db *);
extern void commonio_del_entry (struct commonio_db *,
const struct commonio_entry *);
const struct commonio_entry *);
extern int commonio_sort_wrt (struct commonio_db *shadow,
const struct commonio_db *passwd);
struct commonio_db *passwd);
extern int commonio_sort (struct commonio_db *db,
int (*cmp) (const void *, const void *));
int (*cmp) (const void *, const void *));
#endif
+1 -1
View File
@@ -177,7 +177,7 @@ char *strchr (), *strrchr (), *strtok ();
* --Nekral */
#define SYSLOG(x) \
do { \
char *old_locale = setlocale (LC_ALL, NULL); \
char *old_locale = setlocale(LC_ALL, NULL); \
char *saved_locale = NULL; \
if (NULL != old_locale) { \
saved_locale = strdup (old_locale); \
+12 -11
View File
@@ -2,7 +2,7 @@
* Copyright (c) 1990 - 1993, Julianne Frances Haugh
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
* Copyright (c) 2005 , Tomasz Kłoczko
* Copyright (c) 2007 - 2010, Nicolas François
* Copyright (c) 2007 - 2008, Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -40,26 +40,27 @@
#include "prototypes.h"
#include "defines.h"
/*@exposed@*//*@null@*/char *pw_encrypt (const char *clear, const char *salt)
char *pw_encrypt (const char *clear, const char *salt)
{
static char cipher[128];
char *cp;
cp = crypt (clear, salt);
if (NULL == cp) {
if (!cp) {
/*
* Single Unix Spec: crypt() may return a null pointer,
* and set errno to indicate an error. In this case return
* the NULL so the caller can handle appropriately.
* and set errno to indicate an error. The caller doesn't
* expect us to return NULL, so...
*/
return NULL;
perror ("crypt");
exit (EXIT_FAILURE);
}
/* Some crypt() do not return NULL if the algorithm is not
/* The GNU crypt does not return NULL if the algorithm is not
* supported, and return a DES encrypted password. */
if ((NULL != salt) && (salt[0] == '$') && (strlen (cp) <= 13))
{
/*@observer@*/const char *method;
const char *method;
switch (salt[1])
{
case '1':
@@ -78,9 +79,9 @@
method = &nummethod[0];
}
}
(void) fprintf (stderr,
_("crypt method not supported by libcrypt? (%s)\n"),
method);
fprintf (stderr,
_("crypt method not supported by libcrypt? (%s)\n"),
method);
exit (EXIT_FAILURE);
}
+29 -62
View File
@@ -49,32 +49,6 @@ struct itemdef {
/*@null@*/char *value; /* value given, or NULL if no value */
};
#define PAMDEFS \
{"CHFN_AUTH", NULL}, \
{"CHSH_AUTH", NULL}, \
{"CRACKLIB_DICTPATH", NULL}, \
{"ENV_HZ", NULL}, \
{"ENVIRON_FILE", NULL}, \
{"ENV_TZ", NULL}, \
{"FAILLOG_ENAB", NULL}, \
{"FTMP_FILE", NULL}, \
{"ISSUE_FILE", NULL}, \
{"LASTLOG_ENAB", NULL}, \
{"LOGIN_STRING", NULL}, \
{"MAIL_CHECK_ENAB", NULL}, \
{"MOTD_FILE", NULL}, \
{"NOLOGINS_FILE", NULL}, \
{"OBSCURE_CHECKS_ENAB", NULL}, \
{"PASS_ALWAYS_WARN", NULL}, \
{"PASS_CHANGE_TRIES", NULL}, \
{"PASS_MAX_LEN", NULL}, \
{"PASS_MIN_LEN", NULL}, \
{"PORTTIME_CHECKS_ENAB", NULL}, \
{"QUOTAS_ENAB", NULL}, \
{"SU_WHEEL_ONLY", NULL}, \
{"ULIMIT", NULL},
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
{"CHFN_RESTRICT", NULL},
@@ -107,12 +81,6 @@ static struct itemdef def_table[] = {
{"SHA_CRYPT_MAX_ROUNDS", NULL},
{"SHA_CRYPT_MIN_ROUNDS", NULL},
#endif
{"SUB_GID_COUNT", NULL},
{"SUB_GID_MAX", NULL},
{"SUB_GID_MIN", NULL},
{"SUB_UID_COUNT", NULL},
{"SUB_UID_MAX", NULL},
{"SUB_UID_MIN", NULL},
{"SULOG_FILE", NULL},
{"SU_NAME", NULL},
{"SYS_GID_MAX", NULL},
@@ -128,28 +96,37 @@ static struct itemdef def_table[] = {
{"USERDEL_CMD", NULL},
{"USERGROUPS_ENAB", NULL},
#ifndef USE_PAM
PAMDEFS
{"CHFN_AUTH", NULL},
{"CHSH_AUTH", NULL},
{"CRACKLIB_DICTPATH", NULL},
{"ENV_HZ", NULL},
{"ENVIRON_FILE", NULL},
{"ENV_TZ", NULL},
{"FAILLOG_ENAB", NULL},
{"FTMP_FILE", NULL},
{"ISSUE_FILE", NULL},
{"LASTLOG_ENAB", NULL},
{"LOGIN_STRING", NULL},
{"MAIL_CHECK_ENAB", NULL},
{"MOTD_FILE", NULL},
{"NOLOGINS_FILE", NULL},
{"OBSCURE_CHECKS_ENAB", NULL},
{"PASS_ALWAYS_WARN", NULL},
{"PASS_CHANGE_TRIES", NULL},
{"PASS_MAX_LEN", NULL},
{"PASS_MIN_LEN", NULL},
{"PORTTIME_CHECKS_ENAB", NULL},
{"QUOTAS_ENAB", NULL},
{"SU_WHEEL_ONLY", NULL},
{"ULIMIT", NULL},
#endif
#ifdef USE_SYSLOG
{"SYSLOG_SG_ENAB", NULL},
{"SYSLOG_SU_ENAB", NULL},
#endif
#ifdef WITH_TCB
{"TCB_AUTH_GROUP", NULL},
{"TCB_SYMLINKS", NULL},
{"USE_TCB", NULL},
#endif
{"FORCE_SHADOW", NULL},
{NULL, NULL}
};
#define NUMKNOWNDEFS (sizeof(knowndef_table)/sizeof(knowndef_table[0]))
static struct itemdef knowndef_table[] = {
#ifdef USE_PAM
PAMDEFS
#endif
};
#ifndef LOGINDEFS
#define LOGINDEFS "/etc/login.defs"
#endif
@@ -409,17 +386,10 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
* Item was never found.
*/
for (ptr = knowndef_table; NULL != ptr->name; ptr++) {
if (strcmp (ptr->name, name) == 0) {
goto out;
}
}
fprintf (stderr,
_("configuration error - unknown item '%s' (notify administrator)\n"),
name);
SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
out:
return (struct itemdef *) NULL;
}
@@ -435,26 +405,23 @@ static void def_load (void)
FILE *fp;
char buf[1024], *name, *value, *s;
/*
* Set the initialized flag.
* (do it early to prevent recursion in putdef_str())
*/
def_loaded = true;
/*
* Open the configuration definitions file.
*/
fp = fopen (def_fname, "r");
if (NULL == fp) {
if (errno == ENOENT)
return;
int err = errno;
SYSLOG ((LOG_CRIT, "cannot open login definitions %s [%s]",
def_fname, strerror (err)));
exit (EXIT_FAILURE);
}
/*
* Set the initialized flag.
* (do it early to prevent recursion in putdef_str())
*/
def_loaded = true;
/*
* Go through all of the lines in the file.
*/
+6 -3
View File
@@ -44,19 +44,22 @@
*/
int getulong (const char *numstr, /*@out@*/unsigned long int *result)
{
unsigned long int val;
long long int val;
char *endptr;
errno = 0;
val = strtoul (numstr, &endptr, 0);
val = strtoll (numstr, &endptr, 0);
if ( ('\0' == *numstr)
|| ('\0' != *endptr)
|| (ERANGE == errno)
/*@+ignoresigns@*/
|| (val != (unsigned long int)val)
/*@=ignoresigns@*/
) {
return 0;
}
*result = val;
*result = (unsigned long int)val;
return 1;
}
+8 -48
View File
@@ -3,7 +3,7 @@
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
* Copyright (c) 2001 , Michał Moskal
* Copyright (c) 2005 , Tomasz Kłoczko
* Copyright (c) 2007 - 2010, Nicolas François
* Copyright (c) 2007 - 2009, Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -80,23 +80,6 @@ static int group_put (const void *ent, FILE * file)
{
const struct group *gr = ent;
if ( (NULL == gr)
|| (valid_field (gr->gr_name, ":\n") == -1)
|| (valid_field (gr->gr_passwd, ":\n") == -1)
|| (gr->gr_gid == (gid_t)-1)) {
return -1;
}
/* FIXME: fail also if gr->gr_mem == NULL ?*/
if (NULL != gr->gr_mem) {
size_t i;
for (i = 0; NULL != gr->gr_mem[i]; i++) {
if (valid_field (gr->gr_mem[i], ",:\n") == -1) {
return -1;
}
}
}
return (putgrent (gr, file) == -1) ? -1 : 0;
}
@@ -130,9 +113,6 @@ static /*@owned@*/struct commonio_db group_db = {
#ifdef WITH_SELINUX
NULL, /* scontext */
#endif
0644, /* st_mode */
0, /* st_uid */
0, /* st_gid */
NULL, /* head */
NULL, /* tail */
NULL, /* cursor */
@@ -333,7 +313,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
/* Concatenate the 2 lines */
new_line_len = strlen (gr1->line) + strlen (gr2->line) +1;
new_line = (char *)malloc (new_line_len + 1);
new_line = (char *)malloc ((new_line_len + 1) * sizeof(char*));
if (NULL == new_line) {
errno = ENOMEM;
return NULL;
@@ -356,7 +336,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
members++;
}
}
new_members = (char **)calloc ( (members+1), sizeof(char*) );
new_members = (char **)malloc ( (members+1) * sizeof(char*) );
if (NULL == new_members) {
free (new_line);
errno = ENOMEM;
@@ -365,8 +345,6 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
for (i=0; NULL != gptr1->gr_mem[i]; i++) {
new_members[i] = gptr1->gr_mem[i];
}
/* NULL termination enforced by above calloc */
members = i;
for (i=0; NULL != gptr2->gr_mem[i]; i++) {
char **pmember = new_members;
@@ -404,19 +382,15 @@ static int split_groups (unsigned int max_members)
struct commonio_entry *new;
struct group *new_gptr;
unsigned int members = 0;
unsigned int i;
/* Check if this group must be split */
if (!gr->changed) {
if (!gr->changed)
continue;
}
if (NULL == gptr) {
if (NULL == gptr)
continue;
}
for (members = 0; NULL != gptr->gr_mem[members]; members++);
if (members <= max_members) {
if (members <= max_members)
continue;
}
new = (struct commonio_entry *) malloc (sizeof *new);
if (NULL == new) {
@@ -434,23 +408,9 @@ static int split_groups (unsigned int max_members)
new->changed = true;
/* Enforce the maximum number of members on gptr */
for (i = max_members; NULL != gptr->gr_mem[i]; i++) {
free (gptr->gr_mem[i]);
gptr->gr_mem[i] = NULL;
}
/* Shift all the members */
gptr->gr_mem[max_members] = NULL;
/* The number of members in new_gptr will be check later */
for (i = 0; NULL != new_gptr->gr_mem[i + max_members]; i++) {
if (NULL != new_gptr->gr_mem[i]) {
free (new_gptr->gr_mem[i]);
}
new_gptr->gr_mem[i] = new_gptr->gr_mem[i + max_members];
new_gptr->gr_mem[i + max_members] = NULL;
}
for (; NULL != new_gptr->gr_mem[i]; i++) {
free (new_gptr->gr_mem[i]);
new_gptr->gr_mem[i] = NULL;
}
new_gptr->gr_mem = &new_gptr->gr_mem[max_members];
/* insert the new entry in the list */
new->prev = gr;

Some files were not shown because too many files have changed in this diff Show More