Compare commits

..

1879 Commits

Author SHA1 Message Date
Serge Hallyn ef45bb2496 configure.ac: release 4.3
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-16 17:11:36 -07:00
Serge Hallyn edec2d057d Merge pull request #13 from t8m/master
Add ability to clear or set lastlog record for user via lastlog command
2016-03-05 00:07:24 -08:00
Tomas Mraz 66897b6f6d Add ability to clear or set lastlog record for user via lastlog command
This functionality is useful because there is now a feature
of Linux-PAM's pam_lastlog module to block expired users (users
which did not login recently enough) from login. This commit
complements it so the sysadmin is able to unblock such expired user.

Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org>
2016-03-03 15:37:01 +01:00
Serge Hallyn af064545bf useradd: respect -r flag when allocating subuids
We intend to not create subuids for system users. However we are
checking for command line flags after we check whether -r flag
was set, so it was never found to be true.  Fix that.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-02-18 09:20:43 -08:00
Serge Hallyn 9ab9e6f331 Merge pull request #12 from stgraber/master
Tweak uid/gid map default configuration
2016-02-15 15:27:20 -08:00
Stéphane Graber 65c2617140 Tweak uid/gid map default configuration
- Use an allocation of 65536 uids and gids to allow for POSIX-compliant
   user owned namespaces.
 - Don't allocate a uid/gid map to system users.
   Unfortunately checking for --system isn't quite enough as some
   distribution wrappers always call useradd without --system and take care
   of choosing a uid and gid themselves, so also check whether the
   requested uid/gid is in the user range.

This is taken from a patch I wrote for Ubuntu a couple years ago and
which somehow didn't make it upstream.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2016-02-15 18:11:10 -05:00
Serge Hallyn 24468e4525 Merge pull request #11 from taizo/typo_in_japanese_usage_desc
typo in japanese usage description of useradd.
2016-01-11 17:20:57 -08:00
Taizo Ito df11d701e1 typo in japanese usage description of useradd. 2016-01-04 13:27:31 +09:00
Bastian Blank d2fa8c5d4b Fix user busy errors at userdel
From: Bastian Blank <bastian.blank@credativ.de>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-11-17 10:53:55 -06:00
Serge Hallyn e01bad7d3c Merge pull request #4 from xnox/master
Make shadow more robust in hostile environments
2015-11-12 23:07:29 -06:00
Serge Hallyn 4c4896f0d5 Merge pull request #9 from shadow-maint/idmapleak
Idmapleak
2015-11-12 23:03:09 -06:00
Serge Hallyn 5fadb341c3 Merge pull request #8 from shadow-maint/newgrpleak
Fix a resource leak in syslog_sg
2015-11-12 23:02:13 -06:00
Serge Hallyn 29ee91ae7d Merge pull request #6 from stoeckmann/master
Clear passwords on __gr_dup/__pw_dup errors and fix memory leak
2015-08-09 19:57:38 -05:00
Serge Hallyn 5533eb40d1 Merge pull request #5 from vapier/master
misc autoool fixes
2015-08-09 19:51:54 -05:00
Serge Hallyn 533d2bab3d get_map_ranges: initialize argidx to 0 at top of loop
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-08-06 00:34:25 -05:00
Serge Hallyn f68f813073 Fix a resource leak in syslog_sg
Reported at https://alioth.debian.org/tracker/?func=detail&atid=411478&aid=315135&group_id=30580
by Alejandro Joya (afjoyacr-guest)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-08-06 00:25:01 -05:00
Serge Hallyn 7edb32e75f Fix a resource leak in libmis/idmapping.c
Reported at https://alioth.debian.org/tracker/?func=detail&atid=411478&aid=315136&group_id=30580
by Alejandro Joya.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-08-06 00:10:13 -05:00
Serge Hallyn acf11efe54 Merge pull request #7 from shadow-maint/2015-07-20/vflg
Don't limit subuid/subgid support to local users
2015-07-23 10:11:46 -05:00
Serge Hallyn a887847ca2 Don't limit subuid/subgid support to local users
The current implementation of subuid/subgid support in usermod requires the
user to be a local user present in /etc/passwd.  There doesn't seem to be a
good reason for this; subuids should work equally well for users whose
records are in other NSS databases.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1475749

Author: Steve Langasek <steve.langasek@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-07-20 12:14:26 -05:00
Tobias Stoeckmann c17f5ec460 Free memory on error path
When multiple entries with the same name are encountered, nentry is
not properly freed, which results in a memory leak.
2015-07-12 14:30:32 +02:00
Tobias Stoeckmann df5dafe049 Clear passwords on __gr_dup/__pw_dup errors.
The functions __gr_dup and __pw_dup do not explicitly zero the
memory which hold the passwords after free. The gr_free and pw_free
functions do this explicitly.

To guarantee same behaviour, it's possible to call these *_free
functions directly from __*_dup, because the memory is initialized
with zeros at the beginning. Calling free(NULL) has no negative
effect and can be considered safe these days.
2015-07-11 13:00:13 +02:00
Jesse W. Hathaway 3c32fd4a29 Allow deleting the group even if it is the primary group of a user
This is helpful when using configuration management tools such as
Puppet, where you are managing the groups in a central location and you
don't need this safeguard.

Signed-off-by: "Jesse W. Hathaway" <jesse@mbuki-mvuki.org>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-06-16 14:18:44 -05:00
Serge Hallyn ecb6f0c3e3 newgidmap manpage: remove wrongly added extra pid arg
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-06-04 23:45:58 -05:00
Mike Frysinger 169e14c7ac ignore the compile file
Newer autotools installs this file.
2015-04-30 02:46:08 -04:00
Mike Frysinger 316fa38dbc rename configure.in
Newer autotools complains when the file is named configure.in.
2015-04-30 02:43:30 -04:00
Hank Leininger 884895ae25 Expand the error message when newuidmap / newgidmap do not like the user/group ownership of their target process.
Currently the error is just:

newuidmap: Target [pid] is owned by a different user

With this patch it will be like:

newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99

Why is this useful?  Well, in my case...

The grsecurity kernel-hardening patch includes an option to make parts
of /proc unreadable, such as /proc/pid/ dirs for processes not owned by
the current uid.  This comes with an option to make /proc/pid/
directories readable by a specific gid; sysadmins and the like are then
put into that group so they can see a full 'ps'.

This means that the check in new[ug]idmap fails, as in the above quoted
error - /proc/[targetpid] is owned by root, but the group is 99 so that
users in group 99 can see the process.

Some Googling finds dozens of people hitting this problem, but not
*knowing* that they have hit this problem, because the errors and
circumstances are non-obvious.

Some graceful way of handling this and not failing, will be next ;)  But
in the meantime it'd be nice to have new[ug]idmap emit a more useful
error, so that it's easier to troubleshoot.

Thanks!

Signed-off-by: Hank Leininger <hlein@korelogic.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-04-06 08:23:36 -05:00
Serge Hallyn 464456fa31 Merge pull request #3 from vapier/master
man: useradd(8): fix typo in German translation
2015-03-16 17:08:55 +00:00
Dimitri John Ledkov bab349b46e Create dbs with correct permissions. 2015-02-27 17:01:31 +00:00
Dimitri John Ledkov 46a72bc342 Force use shadow, even if missing. 2015-02-27 17:01:30 +00:00
Dimitri John Ledkov ee43f47f45 Do not fail on missing files in /etc/, create them instead.
passwd, shadow, group, gshadow etc. can be managed via nss -
e.g. system default accounts can be specified using nss_altfiles,
rather than in /etc/. Thus despite having default accounts, these
files can be missing on disk and thus should be opened with O_CREATE
whenever they are attempted to be opened in O_RDWR modes.
2015-02-27 17:01:29 +00:00
Dimitri John Ledkov 71c6165dcd Do not report unknown settings, when compiled with PAM.
When compiled with PAM certain settings are not used, however they are
still defined in the stock login.defs file. Thus every command reports
them as "unknown setting contact administrator".

Alternative would be to parse stock login.defs and comment out/remove
settings that are not applied, when compiled with PAM.
2015-02-27 17:01:28 +00:00
Dimitri John Ledkov 51c1fc93e3 Do not bail out on missing login.defs.
For most operations tools have compiled-in defaults, and thus can
operate without login.defs present.
2015-02-27 17:01:27 +00:00
Duncan Eastoe 17887b216d Suppress pwconv passwd- chmod failure message
Prevent chmod failure message from displaying if the failure
was due to the backup file not existing.

If there is no backup file present and if no changes have been
made, then this error would always appear since the backup
file isn't created in this situation.

Signed-off-by: Duncan Eastoe <deastoe@Brocade.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2015-02-17 10:15:02 -06:00
Mike Frysinger 01eab0c3b9 man: useradd(8): fix typo in German translation
When referring to USERGROUPS_ENAB, the German mentions /etc/default/useradd
when it should be /etc/login.defs (like the original English does).

Reported-by: Stefan Kiesler <heavymetal@gmx.de>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2015-02-14 00:21:14 -05:00
Nicolas François 6b65c6aeae Test userdel/usermod when homedir is a symlink 2014-09-21 00:36:24 +02:00
Nicolas François 3fb292f3c7 Extend checks for changing U/GID in home directory
Add files with user or group owner different from the user.
2014-09-21 00:36:23 +02:00
Nicolas François a8bf8af5aa Extend checks for moving home directory
Add hard link to files inside or outside the home directory)
Add files with user or group owner different from the user.
2014-09-21 00:36:16 +02:00
Nicolas François d8c8e8b4b6 subids options added to usermod's usage 2014-09-21 00:17:30 +02:00
Nicolas François 930e76ad0d Provides coverage with traceability to test cases 2014-09-21 00:17:29 +02:00
Nicolas François 83b5a746d9 Add missing configuration files 2014-09-21 00:17:27 +02:00
Nicolas François a7f8176be6 useradd now uses link rather than rename 2014-09-21 00:17:26 +02:00
Nicolas François 1b4db814ea Add support for syscall failure tests 2014-09-21 00:17:25 +02:00
Nicolas François 9ae9ca833a Add cleanup script 2014-09-21 00:17:24 +02:00
Nicolas François 66f87b8caf Add config to disable execution of failure tests 2014-09-21 00:17:23 +02:00
Nicolas François bba85fcae3 Add tests for subids handling 2014-09-21 00:16:57 +02:00
Nicolas François a0104a9ed8 Use build_path from common/config.sh 2014-09-20 15:46:14 +02:00
Nicolas François 112e015f05 Force removal of files when restoring system config 2014-09-20 15:40:46 +02:00
Nicolas François e6246599eb Update list of files in login and passwd packages 2014-09-20 15:39:32 +02:00
Bostjan Skufca 1d049b6aed sub[ug]id: compare range before comparing username/UID, to avoid unnecessary syscalls
Change suggested by Nicolas François as performance optimization.
Performance penalty would be really noticeable when usernames are
stored in remote databases (ldap).

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:24 -05:00
Bostjan Skufca 37e2a687e3 sub[ug]id manpages: add note about performance when using login names versus UIDs
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:17 -05:00
Bostjan Skufca a113b87c45 newuidmap/newgidmap: added support for user matching by UID in /etc/sub[ug]id
Until now only exact username specification in /etc/sub[ug]id file allowed the
mapping. This prevented normal use for those users who use multiple usernames
with the same UID, as it rejected mapping even though it was allowed for
another username with the same UID.

This patch initially retains the old behaviour, for performance's sake. In the
first pass, new[ug]idmap only searches for exact username match.
If that yields no valid results, it continues into another loop, which does UID
resolution and comparison. If either definition (numeric UID mapping
specification or mapping specification for another username with the same UID as
current username) is found, it is used.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:10 -05:00
Serge Hallyn b999d48941 Add tests from the old svn tree
We're losing the svn history (which we could probably keep if we tried
hard enough) but don't consider that worthwhile.

Note these tests are destructive, so run them only in a throwaway
environment like a chroot, container, or vm.

The tests/run.all script should be the one which launches all the tests.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 14:42:55 -05:00
James Le Cuirot 2cb54158b8 Check size of uid_t and gid_t using AC_CHECK_SIZEOF
This built-in check is simpler than the previous method and, most
importantly, works when cross-compiling.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-04 17:29:27 -05:00
James Le Cuirot 420943657c Fix building without subordinate IDs support
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-04 17:29:23 -05:00
Serge Hallyn 4911773b77 From: Svante Signell <svante.signell@gmail.com>
Currently shadow fails to build from source and is flagged as
out-of-date. This is due to a usage of PATH_MAX, which is not defined
on GNU/Hurd. The attached patch solves this problem by allocating a
fixed number of 32 bytes for the string proc_dir_name in files
src/procuidmap.c and src/procgidmap.c. (In fact only 18 bytes are
needed)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-06-26 16:48:56 -05:00
Serge Hallyn 980c804153 man: newuid and newgid: point out that root must be allocated subuids
Users may otherwise be confused and think that because the kernel
does not restrict uid mappings to the root user (within his
current uid mappings), newuidmap will ignore /etc/subuid for the
root user.  It will not.

Reported-by: Philippe Grégoire <gregoirep@hotmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2014-06-13 09:41:09 -05:00
Eric W. Biederman 578947e661 newuidmap,newgidmap: Correct the range size sanity check in get_map_ranges
The number of ranges should be the ceiling of the number of arguments divided
by three.

Without this fix newuidmap and newgidmap always report and error and fail,
which is very much not what we want.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-09-10 17:51:40 -05:00
Nicolas François 5e87ff0615 Improve vipw error report when editor fails
* src/vipw.c: After waitpid(), use errno only if waitpid returned
	-1. Debian#688260
	* src/vipw.c: Likewise for system().
2013-08-25 16:27:58 +02:00
Serge Hallyn d409947e9a Document the subuid related functions in subordinateio.c
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-23 16:00:36 -05:00
victory ba527c728e Updated Japanese translation to 558t
* po/ja.po: Updated to 558t
2013-08-23 22:31:00 +02:00
Serge Hallyn 50bb452dd1 newuidmap.1 and newgidmap.1: note limitation
Note that they may be used only once for a given process.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-23 15:16:43 -05:00
Nicolas François 90ac3a3207 Update translation files.
* man/po/shadow-man-pages.pot: Regenerated.
	* man/po/*.po: Updated PO files.
2013-08-23 20:29:43 +02:00
Nicolas François 684de2abff Fix encoding.
* man/newgrp.1.xml: Fix encoding.
	* man/sg.1.xml: Likewise.
2013-08-23 20:29:42 +02:00
Nicolas François 44faa3b796 Unfuzzy according to previous change.
* man/po/da.po: Unfuzzy according to previous change.
	* man/po/de.po: Likewise.
	* man/po/fr.po: Likewise.
	* man/po/it.po: Likewise.
	* man/po/pl.po: Likewise.
	* man/po/ru.po: Likewise.
	* man/po/sv.po: Likewise.
	* man/po/zh_CN.po: Likewise.
2013-08-23 20:29:41 +02:00
Nicolas François 138682fd30 Avoid spaces between <option> and <replaceable>
* man/chage.1.xml: Add a non breaking space between options and
	their parameter because xml2po removes those spaces. Alioth#314401
	* man/chfn.1.xml: Likewise.
	* man/chgpasswd.8.xml: Likewise.
	* man/chpasswd.8.xml: Likewise.
	* man/chsh.1.xml: Likewise.
	* man/faillog.8.xml: Likewise.
	* man/gpasswd.1.xml: Likewise.
	* man/groupadd.8.xml: Likewise.
	* man/groupdel.8.xml: Likewise.
	* man/groupmems.8.xml: Likewise.
	* man/groupmod.8.xml: Likewise.
	* man/grpck.8.xml: Likewise.
	* man/lastlog.8.xml: Likewise.
	* man/newusers.8.xml: Likewise.
	* man/passwd.1.xml: Likewise.
	* man/pwck.8.xml: Likewise.
	* man/pwconv.8.xml: Likewise.
	* man/su.1.xml: Likewise.
	* man/useradd.8.xml: Likewise.
	* man/userdel.8.xml: Likewise.
	* man/usermod.8.xml: Likewise.
	* man/vipw.8.xml: Likewise.
2013-08-23 20:29:40 +02:00
Nicolas François 373dd2dc3d Create baseline for changing manpage options.
* man/po/shadow-man-pages.pot: Regenerated.
	* man/po/*.po: Updated PO files.
2013-08-23 20:29:39 +02:00
Nicolas François 3ea09ae998 Fix encoding.
* man/po/de.po: Fix encoding.
2013-08-23 20:29:33 +02:00
Nicolas François 115aeef1c4 Fix subordinate_next() return value.
* lib/subordinateio.c (subordinate_next): Fix return value.
2013-08-19 21:32:27 +02:00
Nicolas François 2883ff6ad5 Include <stdio.h>
* libmisc/idmapping.c: Include <stdio.h> needed for fprintf() and
	stderr.
2013-08-16 01:13:20 +02:00
Nicolas François c3b6417226 Remove debug info. 2013-08-16 01:11:50 +02:00
Nicolas François eceedf43cf Improve documentation.
* man/login.defs.d/SUB_GID_COUNT.xml: Document newusers behavior
	when the user already have subordinate group IDs.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo (MAX<->MIN).
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
2013-08-15 17:30:20 +02:00
Nicolas François 6f8dd000f6 Improve diagnostic.
* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
	when option -v/-V (-w/-W) are provided.
2013-08-15 17:30:19 +02:00
Nicolas François 2e46882a9b Fix parse of ranges.
* src/usermod.c: Fix parse of ranges. The hyphen might be followed
	by a negative integer.
2013-08-15 17:30:19 +02:00
Nicolas François 5917347c6f Fix boundary conditions.
* lib/subordinateio.c (find_free_range): max is allowed for new
	ranges.
2013-08-15 17:30:19 +02:00
Nicolas François 7d5732cb49 Remove dead code.
* libmisc/find_new_sub_gids.c: Remove dead code.
	find_new_sub_gids() is always called with *range_count set to 0.
	It's more difficult to keep the subordinate GIDs and UIDs
	synchronized, than for the user's UID/GId because the count of
	subordinate IDs may differ.
	* libmisc/find_new_sub_uids.c: Likewise.
	* lib/subordinateio.h, lib/subordinateio.c: Remove APIs that are
	no more needed: is_sub_uid_range_free(), is_sub_gid_range_free(),
	is_range_free().
2013-08-15 17:30:19 +02:00
Nicolas François 1a8d386288 Subordinate IDs require 32bit uid_t/gid_t
* configure.in: Check if sizeof uid_t and gid_t is larger than 32
	bit to support subordinate IDs.
2013-08-14 20:22:15 +02:00
Nicolas François 0f26591422 Align coding style.
* lib/subordinateio.c: Avoid implicit conversion of pointers and
	integers to booleans.
	* lib/subordinateio.c: Added brackets.
2013-08-14 00:19:19 +02:00
Nicolas François cd1bd8bf4c Add schematics with ranges to help reviews.
* lib/subordinateio.c: Add schematics with ranges to help reviews.
2013-08-14 00:19:19 +02:00
Nicolas François b84b918464 Avoid dead branches.
* lib/subordinateio.c: Avoid dead branches.

Note: code is equivalent.
2013-08-14 00:19:19 +02:00
Nicolas François 00f573fce2 Fix copyright dates. 2013-08-13 23:13:26 +02:00
Nicolas François 9951b1f569 Fail in case arguments are provided after options.
* src/vipw.c: Fail in case arguments are provided after options.
	Debian#677812
2013-08-13 23:13:09 +02:00
Nicolas François 0094abea6e Fix count for ranges truncated in remove_range().
* lib/subordinateio.c: Fix count for ranges truncated in
	remove_range().
2013-08-13 22:29:16 +02:00
Nicolas François 8781aff637 Terminate the child before closing the PAM session.
* src/su.c: Terminate the child (if needed) before closing the PAM
	session. This is probably more correct, and avoid reporting
	termination from signals possibly sent by PAM modules (e.g. former
	versions of pam_systemd). Debian#670132
2013-08-13 19:48:53 +02:00
Nicolas François a5e3dbb0e3 Reset caught variable when signal is handled by su.
* src/su.c: When a SIGTSTP is caught, reset caught to 0. There is
	no need to kill the child in such case after su is resumed. This
	remove the "Session terminated, terminating shell...
	...terminated." messages in such case.
2013-08-13 19:42:50 +02:00
Nicolas François 29bd7e1929 Document checks performed by newgidmap/newuidmap
* man/newgidmap.1.xml: Document the checks performed before
	setting the mapping in /proc.
	* man/newuidmap.1.xml: Likewise.
2013-08-13 19:38:41 +02:00
Nicolas François e1a4b6e57b Document the semantic of ranges.
* libmisc/idmapping.h: Document what the upper and lower fields
	are in struct map_range.
	* man/newgidmap.1.xml: Document when the gid, gidlower and count
	argument are.
	* man/newuidmap.1.xml: Likewise for uid, uidlower and count.
2013-08-13 19:28:07 +02:00
Nicolas François 5884ba907c (shadow_random): Use long instead of size_t.
* libmisc/salt.c (shadow_random): Use long instead of size_t.
	Compatibility with size_t is easier to check since it's used for
	smaller numbers (salt size).
2013-08-13 19:16:24 +02:00
Nicolas François 64fe2f7db6 Add splint annotations.
* lib/groupmem.c: Add splint annotations. The added memset makes
	splint think data was allocated.
	* lib/pwmem.c: Likewise.
	* lib/sgroupio.c: Likewise.
	* lib/shadowmem.c: Likewise.
2013-08-13 19:13:45 +02:00
Nicolas François 3bdf723bab Improve documentation.
* man/login.defs.d/SUB_GID_COUNT.xml: Document that the behavior
	of useradd and newusers depends on the existence of /etc/subgid.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise for /etc/subuid.
2013-08-13 00:21:02 +02:00
Nicolas François 9126425a21 Improve error reporting.
* src/useradd.c: Change message in case of find_new_sub_uids /
	find_new_sub_gids failure. This complements the messages already
	provided by these APIs.
2013-08-13 00:13:12 +02:00
Nicolas François bfbd83239e Fix handling of boundaries.
* lib/subordinateio.c: Fix handling of boundaries.
	* libmisc/find_new_sub_uids.c: Likewise.
	* libmisc/find_new_sub_gids.c: Likewise.
2013-08-13 00:11:24 +02:00
Nicolas François d9d1bb4acb Fix removal of ranges.
* lib/subordinateio.c: Fix removal of ranges. The database needs
	to be marked as changed or commonio_close will discard any change.
2013-08-12 23:57:32 +02:00
Nicolas François 5d3a785c55 Manpages improvement for subordinate IDs.
* man/newusers.8.xml: Include documentation of SUB_GID_MIN,
	SUB_GID_MAX, SUB_GID_COUNT, SUB_UID_MIN, SUB_UID_MAX,
	SUB_UID_COUNT.
	* man/useradd.8.xml: Likewise.
	* man/usermod.8.xml: Likewise.
	* man/newusers.8.xml: Document usage of /etc/subgid /etc/subuid.
	* man/useradd.8.xml: Likewise.
	* man/userdel.8.xml: Likewise.
	* man/usermod.8.xml: Likewise.
	* man/newusers.8.xml: Add references to subgid(5) and subuid(5).
	* man/useradd.8.xml: Likewise.
	* man/userdel.8.xml: Likewise.
	* man/subgid.5.xml: Sort references alphabetically.
	* man/subuid.5.xml: Likewise.
	* man/subgid.5.xml: Add references to newusers(8), useradd(8),
	userdel(8), usermod(8), user_namespaces(7).
	* man/subuid.5.xml: Likewise.
2013-08-11 16:09:59 +02:00
Nicolas François eeab0bebfa Sort references alphabetically.
* man/newgidmap.1.xml: Sort references alphabetically.
	* man/newuidmap.1.xml: Likewise.
2013-08-11 15:48:57 +02:00
Nicolas François d611d54ed4 Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
	--disable-subordinate-ids. Enabled by default.
	* lib/prototypes.h: Include <config.h> before using its macros.
	* lib/commonio.h, lib/commonio.c: Define commonio_append only when
	ENABLE_SUBIDS is defined.
	* lib/prototypes.h, libmisc/find_new_sub_gids.c,
	libmisc/find_new_sub_uids.c: Likewise.
	* lib/subordinateio.h, lib/subordinateio.c: Likewise.
	* libmisc/user_busy.c: Only check if subordinate IDs are in use if
	ENABLE_SUBIDS is defined.
	* src/Makefile.am: Create newgidmap and newuidmap only if
	ENABLE_SUBIDS is defined.
	* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
	subordinate IDs.
	* src/useradd.c: Likewise.
	* src/userdel.c: Likewise.
	* src/usermod.c: Likewise.
	* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
	* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 (not translated yet).
	* man/generate_mans.mak: Add xsltproc conditionals
	subids/no_subids.
	* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
	condition.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/usermod.8.xml: Document options for subordinate IDs and
	reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 15:46:59 +02:00
Nicolas François 1fb1486c8a Ignore generated newgidmap and newuidmap 2013-08-11 14:48:39 +02:00
Nicolas François d83866d006 Fix typo. 2013-08-11 00:53:50 +02:00
Nicolas François 14ebc92d8c Remove unused variable.
* libmisc/salt.c: Remove unused variable.
2013-08-10 00:11:52 +02:00
Nicolas François 45986f8dc8 Fix for Alioth#314271 (musl libc)
* libmisc/utmp.c: Add include files needed for getaddrinfo().
	See Alioth#314271
2013-08-07 02:18:43 +02:00
Mike Frysinger 561ba96ec7 check for ruserok existence
rlogin support is old school code, so newer C libraries drop support for
ruserok (like uClibc, optionally).  But shadow doesn't build with that,
so have it check for ruserok to optionally enable rlogin.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2013-08-07 01:44:24 +02:00
Nicolas François cfad7327a5 Editorial changes to usermod(8)
* man/usermod.8.xml: Fix typos and wording.
	* man/usermod.8.xml: Add references to subgid(5) and subuid(5).
2013-08-07 01:36:10 +02:00
Nicolas François 316bc6b3f4 Fix wording: secondary -> subordinate.
* libmisc/find_new_sub_gids.c: Fix wording: secondary ->
	subordinate.
	* libmisc/find_new_sub_uids.c: Likewise.
2013-08-07 01:01:33 +02:00
Nicolas François ac53650da5 Remove duplicate check.
* libmisc/find_new_sub_gids.c: Remove duplicate check (duplicate
	at least in its intent).
2013-08-06 23:59:09 +02:00
Nicolas François 94c52130be Fix typos.
* src/usermod.c: Fix typos.
2013-08-06 22:29:40 +02:00
Nicolas François ee2b88b7b1 I find it clearer with the words in that order.
* man/subgid.5.xml: Reorder words.
	* man/subuid.5.xml: Likewise.
2013-08-06 22:25:08 +02:00
Nicolas François 1955170a14 Fix typos.
* man/subgid.5.xml: Fix typos.
	* man/subuid.5.xml: Likewise.
	* man/subgid.5.xml: Fix copy-paste errors from subuid.5.xml.
2013-08-06 22:22:57 +02:00
Nicolas François 9fdd176e45 Remove copy-pasted NOTE.
* man/newgidmap.1.xml: Remove copy-pasted NOTE.
	* man/newuidmap.1.xml: Likewise.
2013-08-06 21:01:53 +02:00
Nicolas François bae65562ef Remove unused variables.
* lib/subordinateio.c: Remove unused variables.
2013-08-06 20:59:52 +02:00
Nicolas François 95d1e146b2 Fix typos.
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/login.defs.d/SUB_UID_COUNT.xml: Fix copy-paste issue from
	SUB_GID_COUNT.
	* man/newgidmap.1.xml: Fix Typo.
	* src/useradd.c: Fix typos.
	* lib/subordinateio.c: Fix typos.
2013-08-06 20:59:13 +02:00
Nicolas François fcb7222b1a Fix Debian bug #675824
* lib/groupmem.c (__gr_dup): Support libc which define other
	fields in struct group.
	* lib/pwmem.c: Likewise for struct passwd.
	* lib/shadowmem.c: Likewise for struct spwd.
	* lib/sgroupio.c: Apply same logic, even if this structure is
	defined internally.
2013-08-06 16:33:27 +02:00
Nicolas François 5d491ef9da Revert b10cba0e0a
The length of the concatenated 2 lines was correct.
2013-08-05 23:16:00 +02:00
Serge Hallyn c0ce911b5e userns: add argument sanity checking
In find_new_sub_{u,g}ids, check for min, count and max values.

In idmapping.c:get_map_ranges(), make sure that the value passed
in for ranges did not overflow.  Couldn't happen with the current
code, but this is a sanity check for any future potential mis-uses.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:46 -05:00
Eric W. Biederman 673c2a6f9a newuidmap,newgidmap: New suid helpers for using subordinate uids and gids
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:46 -05:00
Serge Hallyn 2cffa14105 fix typo in subxid.5
login.defs, not logindefs.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Serge Hallyn c485cfabd8 usermod: add v:w:V:W: to getopt
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Serge Hallyn 3b3c8001fe subordinateio: Fix subordinate_parse to have an internal static buffer
subordinate_parse is supposed to return a static structure that
represents one line in /etc/subuid or /etc/subgid.  I goofed and
failed to make the variable rangebuf that holds the username of
in the returned structure static.

Add this missing static specification.

Author: <Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Serge Hallyn 5f2e4b18f8 Add LIBSELINUX to newuidmap and newgidmap LDADD
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman 2cc8c2c0dc newusers: Add support for assiging subordinate uids and gids.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman d5b3092331 usermod: Add support for subordinate uids and gids.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman 89f7b0868c Add support for detecting busy subordinate user ids
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman 87253ca906 useradd: Add support for subordinate user identifiers
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman 7296cbdbfe userdel: Add support for removing subordinate user and group ids.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman a8f26262cf Implement find_new_sub_uids find_new_sub_gids
Functions for finding new subordinate uid and gids ranges for use
with useradd.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman f28ad4b251 Add backend support for suboridnate uids and gids
These files list the set of subordinate uids and gids that users are allowed
to use.   The expect use case is with the user namespace but other uses are
allowed.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman 5620c5ab5d Implement commonio_append.
To support files that do not have a simple unique key implement
commonio_append to allow new entries to be added.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman 23fd6cb1da login.defs.5: Document the new variables in login.defs
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman a881a2c8d4 Documentation for /etc/subuid and /etc/subgid
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Nicolas François 60fc4bbf57 Debian bug 677275 - random() max value
* libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX
	on GNU). As it is not clear whether on some systems the max value
	can exceed this number and whether some systems have max values
	which would be lower, we take this into account when defining the
	salt size and number of rounds for SHA encrypted passwords. Higher
	values are favored.
2013-08-05 14:19:23 +02:00
Nicolas François 7903a1b767 Fix su/1 documentation of -
* man/su.1.xml: With getopt, '-' does not need to be the last
	option, but it is recommended for portability.
	Closes https://bugs.launchpad.net/bugs/1100775
2013-08-04 23:45:31 +02:00
Nicolas François 4dbca60435 Add NEWS entries. 2013-08-04 23:29:06 +02:00
Nicolas François a168d046f3 Fix typo in comment. 2013-08-04 15:56:32 +02:00
Nicolas François 08489a4e22 Fix translations (--home became --home-dir)
* man/po/da.po: Fix translation (--home became --home-dir).
	* man/po/de.po: Likewise.
	* man/po/fr.po: Likewise.
	* man/po/pl.po: Likewise.
	* man/po/ru.po: Likewise.
	* man/po/sv.po: Likewise.
2013-08-04 15:52:00 +02:00
Nicolas François 0d66002c95 Do not allocate more than necessary
Review b10cba0e0a and 7a16f4582d:
	* lib/groupio.c (merge_group_entries): Do not allocate more than
	necessary (sizeof char* instead of char).
	Thanks for Tomáš Mráz (alioth#313962)
	* lib/groupio.c (merge_group_entries): Document that new_members
	is correctly NULL terminated. (alioth:#313940)

Align previous ChangeLog entries.
2013-08-04 15:36:13 +02:00
Nicolas François e8ab31d009 Review 52a38d5509
* Changelog: Update documentation of 2013-07-28  mancha entry.
	* lib/prototypes.h, lib/encrypt.c: Update splint marker,
	pw_encrypt can return NULL.
	* lib/encrypt.c: Fix outdated statement on GNU crypt.
	* src/chgpasswd.c: Improve diagnostic to user when pw_encrypt
	fails and use fail_exit() instead of exit().
	* src/chpasswd.c: Likewise.
	* src/newusers.c: Likewise.
	* src/passwd.c: Likewise when new password is encrypted.
	* src/newgrp.c: Improve diagnostic to user and syslog when
	pw_encrypt fails.  Do not apply 1s penalty as this is not an
	invalid password issue.
	* src/passwd.c: Likewise when password is checked.
2013-08-04 00:27:53 +02:00
Nicolas François ee1952424d Fix memory leak.
* libmisc/setupenv.c: Free pw_dir and pw_shell before reallocating
	them.
2013-08-02 20:28:24 +02:00
Nicolas François b6c1a8579e Fix segfaults
* libmisc/setupenv.c: xstrdup the static char* temp_pw_dir /
	temp_pw_shell. That way we can continue to use pw_free() without
	segving. Thanks to Serge Hallyn for the patch.
2013-08-02 20:24:20 +02:00
Yuri Kozlov 64ddc26bbf Completed Russian translation 2013-08-01 21:24:46 +02:00
Michael Scherer 4e65be1211 use chdir() before calling chroot() 2013-07-29 11:05:16 +02:00
bubulle 9be164101d Replace "--home" by "--home-dir" in useradd(8) manpage (and
translations)
2013-07-29 10:58:50 +02:00
Ville Skyttä 48b2c4bff4 Syntax fix in Japanese manpage 2013-07-29 10:18:41 +02:00
Brad Hubbard 7a16f4582d fix uninitialised memory in merge_group_entries causes segfault in useradd by
changing a call to malloc to a call to calloc
2013-07-29 10:13:12 +02:00
Brad Hubbard b10cba0e0a add newline char when two lines are concatenated 2013-07-29 10:05:52 +02:00
bubulle d3b95d1d26 Mention Alioth bug fixes 2013-07-29 10:01:23 +02:00
Guido Trentalancia 04b950b824 fix typographic errors and use a better format 2013-07-28 19:04:50 +02:00
Simon Brandmair 4145b98314 German manpages translation update 2013-07-28 18:57:18 +02:00
mancha 52a38d5509 crypt() in glibc/eglibc 2.17 now fails if passed
a salt that violates specs. On Linux, crypt() also fails with
DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
we send them back to the caller for appropriate handling.
2013-07-28 18:41:11 +02:00
bubulle a6769c050b FIx date in changelog 2013-07-28 18:39:10 +02:00
Colin Watson d172cccd07 Kill the child process group, rather than just the immediate child;
this is needed now that su no longer starts a controlling terminal
when not running an interactive shell (closes: Debian#713979)
2013-07-28 14:38:12 +02:00
bubulle 945eb8f50b if using the static char* for pw_dir, strdup it so pw_free() can be used. (Closes: Debian#691459) 2013-07-28 14:16:09 +02:00
bubulle c11132a3a1 Prepare for next point release 4.2 2013-07-28 12:27:15 +02:00
nekral-guest 32726af23a 2012-04-15 Robert Luberda <robert@debian.org>
* man/po/pl.po: Complete translation of logoutd(8) in Polish.
2012-05-25 14:05:30 +00:00
nekral-guest 1c78e3f3b8 * man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2012-05-25 13:40:31 +00:00
nekral-guest 9151e673e4 * NEWS: Set release date. 2012-05-25 11:51:53 +00:00
nekral-guest 042d6c48b3 * man/*.xml: Add author based on copyright statement.
* man/<ll>/*.[1358], man/<ll>/man[1358]/*.[1358],
	man/<ll>/Makefile.am: Sort manpages per section as the generated
	manpages.
2012-05-25 11:45:21 +00:00
nekral-guest cdd3ebfcf1 * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-05-20 21:03:11 +00:00
nekral-guest faaa8daffb * man/Makefile.am, man/generate_mans.mak: Update clean targets,
due to the generation in separate sub folders.
2012-05-20 21:01:24 +00:00
nekral-guest e108f473ec * man/su.1.xml: Document author to avoid warnings during
generation. This needs to be rolled out to other manpages.
	* man/generate_mans.mak: Do not add a AUTHOR section in the man
	pages.
2012-05-20 17:40:23 +00:00
nekral-guest f100b5ea7e * src/su.c: non PAM enabled versions: do not fail if su is called
without a controlling terminal. Ignore ENXIO errors when opening
	/dev/tty.
2012-05-20 16:15:14 +00:00
nekral-guest 8690c74d6a * src/useradd.c: Cleanup, return code 13 no more used.
* man/useradd.8.xml: Document return code 14, and remove return
	code 13.
2012-05-20 12:26:54 +00:00
nekral-guest 788374bd8c * NEWS, man/generate_mans.mak: Generate manpages in man1, man3,
man5, man8 subdirectories. This fix the generation of .so links
	which did not point to a path relative to the top-level manual
	hierarchy.
	* man/generate_mans.mak: Update man paths accordingly.
	* man/Makefile.am: Likewise.
	* man/da/Makefile.am: Likewise.
	* man/de/Makefile.am: Likewise.
	* man/fr/Makefile.am: Likewise.
	* man/it/Makefile.am: Likewise.
	* man/pl/Makefile.am: Likewise.
	* man/ru/Makefile.am: Likewise.
	* man/sv/Makefile.am: Likewise.
	* man/zh_CN/Makefile.am: Likewise.
2012-05-20 10:18:33 +00:00
nekral-guest d755279fad * configure.in: Prepare for next point release 4.1.5.1. 2012-05-20 10:07:55 +00:00
nekral-guest fb7906760e * configure.in: Remove deprecated AM_C_PROTOTYPES (no more
supported in automake 1.12).
2012-05-19 08:27:42 +00:00
nekral-guest 1a7960421e * src/useradd.c: Keep the default file as much as possible to
avoid issue in case of crash. Use link instead of rename.
2012-05-18 20:28:16 +00:00
nekral-guest 56845ad1c1 * lib/commonio.c: Fix labeling of /etc/{passwd,shadow,group,gshadow}.
It will basically label them with same context as
	/etc/{passwd+,shadow+,group+,gshadow+}
2012-05-18 19:44:53 +00:00
nekral-guest 1e0450dfb1 * src/pwunconv.c: Do not check spw_close() return value (file is
opened readonly).
	* src/grpunconv.c: Do not check sgr_close() return value (file is
	opened readonly).
2012-05-18 19:32:32 +00:00
nekral-guest 46f6d77c55 Cleanup. 2012-05-18 19:27:02 +00:00
nekral-guest 17deaa39f5 * NEWS, src/userdel.c: Fix segfault when userdel removes the
user's group.
2012-05-18 18:56:24 +00:00
nekral-guest f243d4077d * NEWS, src/login.c: Log in utmp / utmpx / wtmp also when PAM is
enabled. This is not done by pam_lastlog. This was broken on
	2011-07-23.
	* NEWS, libmisc/utmp.c: Do not log in wtmp when PAM is enabled.
	This is done by pam_lastlog.
2012-05-18 17:57:52 +00:00
bubulle f741583f1a French translation of manpages completed 2012-05-17 09:17:53 +00:00
bubulle 1586a91909 Add Debian bug closure to avoid forgetting in debian/changelog when uploading a new upstream in Debian 2012-05-17 09:14:42 +00:00
bubulle de8a22a2f4 German translation of manpages updated 2012-05-17 09:13:09 +00:00
bubulle 19d5ec6921 Complete translation of logoutd(8) in Polish. Patch by Robert Luberda 2012-04-15 10:54:03 +00:00
nekral-guest 9f34a68dba * NEWS: New placeholder for the next release (4.1.5.1 expected) 2012-02-13 20:33:28 +00:00
nekral-guest 0c1cbaede8 2012-02-13 Mike Frysinger <vapier@gentoo.org>
* src/passwd.c: (non PAM flavour) Report permission denied when
	access to /etc/shadow fails with EACCES.
2012-02-13 20:32:00 +00:00
nekral-guest e363962dd2 2012-02-13 Mike Frysinger <vapier@gentoo.org>
* lib/nscd.c: Add missing newline to error message.
	* lib/nscd.c: If nscd is installed but not in use, then running
	`nscd -i` will exit(1). We shouldn't warn in this case since this
	is not abnormal behavior.
2012-02-13 20:09:59 +00:00
nekral-guest 659684836d 2012-02-13 Mike Frysinger <vapier@gentoo.org>
* man/.gitignore: Add generate_mans.deps
2012-02-13 20:04:40 +00:00
nekral-guest 19699033bf 2012-02-13 Mike Frysinger <vapier@gentoo.org>
* man/grpck.8.xml: Relocate space.
2012-02-13 20:00:34 +00:00
nekral-guest 011c5155fa 2012-02-13 Mike Frysinger <vapier@gentoo.org>
* libmisc/copydir.c: Add missing #include <stdarg.h>
2012-02-13 19:16:29 +00:00
nekral-guest c18ec76e85 * NEWS: Set release date. 2012-02-12 21:29:41 +00:00
nekral-guest b261fbd7bb * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-02-12 15:02:45 +00:00
nekral-guest c0a22d7b56 Ignore generated files. 2012-02-11 18:30:42 +00:00
nekral-guest 4f275ec75b * man/it/Makefile.am: Activate all manpages. 2012-02-11 18:29:17 +00:00
nekral-guest 1528ae16a0 * man/po/it.po: Updated after review. 2012-02-11 18:28:04 +00:00
nekral-guest d069726634 * man/po/it.po: Updated to 1173t. 2012-02-11 09:31:17 +00:00
nekral-guest 2aa73f7823 * man/useradd.8.xml, man/su.1.xml, man/po/da.po, man/po/ru.po,
man/po/fr.po, man/po/de.po, man/po/sv.po, man/po/pl.po,
	man/po/it.po, man/po/shadow-man-pages.pot, man/po/zh_CN.po: Fix
	two typos. Thanks to Giuseppe Sacco. Unfuzzy translations
	* po/kk.po, po/nb.po, po/el.po, po/ca.po, po/ja.po: Re-generate.
	* man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml:
	Fix typo.
2012-02-02 19:05:34 +00:00
nekral-guest c71d787454 2012-01-28 Innocent De Marchi <tangram.peces@gmail.com>
* po/ca.po: Updated to 557t.
2012-01-28 19:13:08 +00:00
nekral-guest c1eecc94ec * NEWS, configure.in, man/da/Makefile.am, man/Makefile.am: Build
manpages with more than 50% translated messages.
	* man/fr/Makefile.am: Add missing manpages: chgpasswd.8,
	groupmems.8, nologin.8, sulogin.8.
	* man/de/Makefile.am: Add missing manpages: chage.1, chgpasswd.8,
	chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3, gpasswd.1,
	groupadd.8, groupdel.8, groupmems.8, groupmod.8, grpck.8,
	grpconv.8, grpunconv.8, gshadow.5, lastlog.8, login.defs.5,
	logoutd.8, newusers.8, nologin.8, pwck.8, pwconv.8, pwunconv.8,
	sg.1, shadow.3, shadow.5, suauth.5, useradd.8, userdel.8,
	usermod.8, limits.5, login.access.5, porttime.5, id.1, sulogin.8
	* man/zh_CN/Makefile.am: Add missing manpages: chgpasswd.8,
	groupmems.8, nologin.8, sulogin.8
	* man/pl/Makefile.am, man/sv/Makefile.am, man/it/Makefile.am:
	Translate only manpages with more than 50% translated messages.
	* man/po/da.po: Do not translate names of manpages (newusers,
	limits, groups)
2012-01-28 16:53:23 +00:00
bubulle 917e9af67b Russian manpages translation update 2012-01-28 13:29:13 +00:00
bubulle 6e6ef6fd57 French translation updates 2012-01-27 18:45:49 +00:00
bubulle 6e26b9a42c Danish translation added 2012-01-26 18:58:20 +00:00
bubulle 85c27fd775 Danish translation update 2012-01-26 18:54:44 +00:00
nekral-guest 4efcee14e4 2012-01-23 Thomas Vasileiou <thomas-v@wildmail.com>
* po/el.po: Updated to 553t.
2012-01-23 22:29:33 +00:00
nekral-guest e4a5d4de87 2012-01-22 Baurzhan Muftakhidinov <baurthefirst@gmail.com>
* po/kk.po: Updated to 557t.
2012-01-22 17:32:49 +00:00
bubulle 4502d89d87 Portuguese translation update 2012-01-21 07:17:05 +00:00
bubulle b2b259a985 German translation update 2012-01-19 19:37:36 +00:00
nekral-guest 1640d73997 2012-01-18 Bjørn Steensrud <bjornst@skogkatt.homelinux.org>
* po/nb.po: Updated to 557t. Thanks also to Hans Fredrik Nordhaug.
2012-01-18 21:08:28 +00:00
nekral-guest 1b4d4b6708 2012-01-16 NAKANO Takeo <nakano@webmasters.gr.jp>
* po/ja.po: Updated to 557t
2012-01-16  Simon Brandmair  <sbrandmair@gmx.net>
	* man/po/de.po: Updated to 1173t.
2012-01-18 21:01:50 +00:00
nekral-guest 22591a77b2 New entry for vipw. 2012-01-15 21:26:56 +00:00
nekral-guest 1161388b2b Indicate the CVE number. 2012-01-15 21:22:05 +00:00
nekral-guest 4fb8cf2f6b Document last translation updates. 2012-01-15 21:21:01 +00:00
bubulle db0d48471e Simplified Chinese translation update 2012-01-14 13:28:36 +00:00
bubulle b949241d12 Russian translation update 2012-01-09 18:56:42 +00:00
nekral-guest 4dfd1519ac * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-01-08 23:36:18 +00:00
nekral-guest 59e64f8b82 * lib/selinux.c, lib/semanage.c: prototypes.h was not included. 2012-01-08 16:06:57 +00:00
nekral-guest 7ac5cc7dd0 * lib/prototypes.h: Cleanup. 2012-01-08 16:04:27 +00:00
nekral-guest 2c24c012bd * lib/prototypes.h, lib/Makefile.am, po/POTFILES.in,
libmisc/copydir.c, lib/selinux.c: Move set_selinux_file_context()
	and reset_selinux_file_context() from libmisc/copydir.c to
	lib/selinux.c.
	* lib/commonio.c: Use set_selinux_file_context() and
	reset_selinux_file_context() instead of using the existing
	database SELinux context to set the context for the newly created
	files.
2011-12-09 22:13:02 +00:00
nekral-guest cc8be680ca * src/vipw.c: Do not use a hardcoded program name in the usage
message.
2011-12-09 21:35:57 +00:00
nekral-guest 3084e71acb * po/ca.po, po/cs.po, po/da.po, po/de.po, po/es.po, po/eu.po,
po/fr.po, po/ja.po, po/kk.po, po/pt.po, po/pt_BR.po, po/ru.po,
	po/sk.po, po/sv.po, po/vi.po, po/zh_CN.po: Quick unfuzzy.
2011-12-09 21:35:47 +00:00
nekral-guest a92f55b609 * src/newusers.c, src/chpasswd.c, src/chgpasswd.c: Harmonize
usage messages.
2011-12-09 21:31:39 +00:00
nekral-guest daa8d1141e * lib/Makefile.am, lib/prototypes.h, lib/selinux.c,
lib/semanage.c, po/POTFILES.in: Move lib/selinux.c to
	lib/semanage.c.
2011-12-09 21:30:19 +00:00
nekral-guest 360f12cd44 * src/usermod.c, man/usermod.8.xml: usermod -Z "" removes the
SELinux user mapping for the modified user.
	* src/useradd.c: Zflg is #defined as user_selinux non empty.
2011-11-21 22:02:15 +00:00
nekral-guest e570b8ded4 * libmisc/copydir.c: Ignore errors to copy ACLs if the operation
is not supported.
2011-11-21 19:34:22 +00:00
nekral-guest bd4a6c9966 * src/passwd.c: Add missing cast.
* lib/commonio.c: Avoid multiple statements per line.
	* lib/commonio.c: Ignore fclose return value when the file was
	open read only or was not changed, or if an error is already
	reported.
2011-11-19 22:00:00 +00:00
nekral-guest 4049c0e69e * src/chage.c: Cast 3rd date_to_str parameter to a time_t 2011-11-19 21:56:10 +00:00
nekral-guest 05823ad867 * lib/selinux.c: vasprintf requires _GNU_SOURCE to be defined
before including stdio.h.
2011-11-19 21:55:00 +00:00
nekral-guest 82d767d121 * libmisc/root_flag.c, src/gpasswd.c, src/chsh.c: Add splint
annotations.
	* src/pwconv.c, src/pwunconv.c, src/grpconv.c, src/grpunconv.c:
	Ignore return value of spw_rewind, pw_rewind, sgr_rewind, and
	gr_rewind.
	* lib/commonio.h: Both head and tail cannot be owned. Set tail as
	dependent.
	* src/expiry.c: Ignore return value of expire ().
	* src/expiry.c: The catch_signals function does not use its sig
	parameter.
	* src/userdel.c: Last audit_logger parameter is a
	shadow_audit_result, use SHADOW_AUDIT_FAILURE instead of 0.
2011-11-19 21:51:52 +00:00
nekral-guest 6e2c6ffdf7 * src/faillog.c: The fail_max field is a short, use a short also
for the max argument of setmax / setmax_one.
	* src/faillog.c: Fail with an error message when faillog fails to
	write to the faillog database.
2011-11-19 21:44:34 +00:00
nekral-guest 5762d08f4f * man/gpasswd.1.xml: Document the difference between the -r and -R
options.
2011-11-19 14:34:59 +00:00
nekral-guest 61bb0aa943 * man/useradd.8.xml, man/groupadd.8.xml, man/usermod.8.xml,
man/groupmod.8.xml: Avoid hardcoded values, and reference instead
	the configuration options (e.g. UID_MIN)
	* man/groupmod.8.xml, man/usermod.8.xml: Add missing reference to
	login.defs
	* man/login.defs.d/UID_MAX.xml, man/login.defs.d/SYS_UID_MAX.xml,
	man/login.defs.d/GID_MAX.xml, man/login.defs.d/SYS_GID_MAX.xml:
	Document the default values.
2011-11-19 14:33:53 +00:00
nekral-guest 2f1e13ff7a Ignore the generated POTFILES file. 2011-11-19 14:29:20 +00:00
nekral-guest 653d22c3e9 * src/gpasswd.c: Change of group password enforces gshadow
password. Set /etc/group password to "x".
2011-11-19 14:27:48 +00:00
nekral-guest 8f008f8319 Fix typos. 2011-11-19 14:20:52 +00:00
nekral-guest e538a4e2a3 Add missing NEWS documentation.
* NEWS, README, src/useradd.c, src/usermod.c, src/userdel.c,
	configure.in: Use libsemanage instead of semanage.
2011-11-17 21:52:49 +00:00
nekral-guest 29050eadb5 * NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
	safe_system().
	* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
	lib/Makefile.am: Added helper functions for semanage.
	* README, src/useradd.c, src/usermod.c, src/userdel.c,
	configure.in: Use libsemanage instead of semanage.
2011-11-17 21:51:07 +00:00
nekral-guest f3ef11056f Re-indent. 2011-11-17 21:32:26 +00:00
nekral-guest ae0229549d 2011-11-16 Peter Vrabec <pvrabec@redhat.com>
* src/Makefile.am: useradd may need the LIBATTR library.
2011-11-16 21:17:43 +00:00
nekral-guest 2e1652fdec 2011-11-16 Peter Vrabec <pvrabec@redhat.com>
* libmisc/copydir.c: Ignore perm_copy_file() errors with errno set
	to ENOTSUP.
2011-11-16 21:00:43 +00:00
nekral-guest 72ba5c4de7 * libmisc/root_flag.c: Add missing #include <stdio.h> 2011-11-16 19:34:39 +00:00
nekral-guest d2a516a75d * src/useradd.c: Compil fix when SHADOWGRP is not enabled. 2011-11-16 19:33:51 +00:00
nekral-guest 725e83ac21 Unfuzzy. 2011-11-14 23:37:31 +00:00
nekral-guest 3f84cb3699 * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2011-11-13 18:21:43 +00:00
nekral-guest d65129f3c8 Ignore generated file generate_mans.deps 2011-11-13 17:42:05 +00:00
nekral-guest 57f9d5ae9c * src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
	src/groupmod.c, src/newusers.c, src/useradd.c, src/userdel.c,
	src/usermod.c: Provide the PAM error
	message instead of our own, and log error to syslog.
	* src/groupmems.c: Exit with exit rather than fail_exit in usage().
	* src/newusers.c: Check the number of arguments.
	* src/newusers.c: Do not create the home directory when it is not
	changed.
	* src/useradd.c: Set the group password to "!" rather "x" if there
	are no gshadow file.
2011-11-13 16:24:57 +00:00
nekral-guest 2ecea675ee Fix cut&paste issue from yesterday. 2011-11-13 16:24:49 +00:00
nekral-guest f64c88d629 * src/pwck.c: Removed pw_opened.
* src/pwck.c: optind cannot be greater than argc.
	* src/pwck.c: If spw_opened, then is_shadow is implicitly set.
	* src/pwck.c: Do not report passwd entry without x password and a
	shadow entry in --quiet mode (no interaction with the caller)
	* src/pwck.c: Do not check if the last password change is in the
	future if the time is set to 0.
2011-11-13 16:24:39 +00:00
nekral-guest 3c608e56f6 * libmisc/root_flag.c: Drop privileges before changing root. The
--root option should not be used by regular users for suid utils.
	* libmisc/root_flag.c: Improve error messages.
2011-11-11 12:09:58 +00:00
nekral-guest f54a68ac76 * src/pwck.c: Compile fix for TCB. 2011-11-11 12:00:05 +00:00
nekral-guest 3bb7c43694 * libmisc/copydir.c: Avoid conflict with glibc. Rename error to
error_acl.
2011-11-11 11:59:21 +00:00
nekral-guest 61ba4bf46e * man/newusers.8.xml: Document the optional file argument.
* man/newusers.8.xml: Fix the documentation of the inputs' format.
2011-11-11 11:35:56 +00:00
nekral-guest 184f9d40e6 * man/groupmod.8.xml: Document that the primary group of users may
be changed by groupmod -g.
2011-11-06 19:01:54 +00:00
nekral-guest f3afeb9c04 * NEWS, src/newusers.c, man/newusers.8.xml: Add --root option. 2011-11-06 18:40:22 +00:00
nekral-guest 2a2c8190ec * src/vipw.c: Remove unused variable a. 2011-11-06 18:40:17 +00:00
nekral-guest 45154f1d68 * man/generate_mans.mak: The xml-config files do not depend on the
Makefile.
2011-11-06 18:40:11 +00:00
nekral-guest 7861eaa5ec Re-indent. 2011-11-06 18:40:06 +00:00
nekral-guest f0a63185c9 * src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/faillog.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
	src/groupmems.c, src/groupmod.c, src/grpconv.c, src/grpunconv.c,
	src/lastlog.c, src/newusers.c, src/passwd.c, src/pwconv.c,
	src/pwunconv.c, src/su.c, src/useradd.c, src/userdel.c,
	src/usermod.c, src/vipw.c: Align and sort options.
2011-11-06 18:39:59 +00:00
nekral-guest 7d8ca29bea * NEWS, src/pwck.c, man/pwck.8.xm, src/grpck.c, man/grpck.8.xml:
Add --root option.
2011-11-06 18:39:53 +00:00
nekral-guest e4fbf98b18 * man/limits.5.xml, libmisc/limits.c: Sort limit identifiers.
* libmisc/limits.c: Fix support for the K limit identifier.
	* libmisc/limits.c: Add missing default limit for L and U.
2011-11-06 18:39:47 +00:00
nekral-guest f4d95eecc0 Re-indent. 2011-11-06 18:39:42 +00:00
nekral-guest 900943192f * src/pwck.c, man/pwck.8.xml: Add support for long options.
* src/pwck.c, man/pwck.8.xml: Add -h/--help option
	* src/grpck.c, man/grpck.8.xml: Add support for long options.
	* src/grpck.c, man/grpck.8.xml: Add -h/--help option
2011-11-06 18:39:36 +00:00
nekral-guest b9163f6348 * src/expiry.c, man/expiry.1.xml: Add support for long options.
* src/expiry.c, man/expiry.1.xml: Add -h/--help option
2011-11-06 18:39:30 +00:00
nekral-guest 0530588266 * NEWS, src/chfn.c, man/chfn.1.xml: Add --root option. 2011-11-06 18:39:24 +00:00
nekral-guest b26f73f427 * src/chfn.c, man/chfn.1.xml: Add support for long options.
* src/chfn.c, man/chfn.1.xml: Add -u/--help option
2011-11-06 18:39:19 +00:00
nekral-guest e2068416c9 * NEWS, src/vipw.c, man/vipw.8.xml: Add --root option. 2011-11-06 18:39:09 +00:00
nekral-guest a2d23700e4 * NEWS, src/faillog.c, man/faillog.8.xml: Add --root option.
* NEWS, src/lastlog.c, man/lastlog.8.xml: Likewise.
	* src/faillog.c: Add Prog variable, and prefix error messages with
	Prog rather than "faillog".
	* src/lastlog.c: Likewise.
	* src/lastlog.c: Split usage in smaller messages.
2011-11-06 18:39:03 +00:00
nekral-guest 0857837e64 * NEWS, src/chage.c, man/chage.1.xml: Add --root option. Open
audit and syslog after the potential chroot. chage's usage split
	in smaller messages.
2011-11-06 18:38:57 +00:00
nekral-guest d15f2c6214 * src/login.c: re-indent.
* src/login.c: Fix support for sub-logins.
2011-11-06 18:38:51 +00:00
nekral-guest 6eb0500d3d * src/faillog.c, src/chage.c, src/newusers.c, src/su.c: The getopt
index of long options is not used.
2011-11-06 18:38:45 +00:00
nekral-guest 7b8c4952a8 * NEWS, src/gpasswd.c, man/gpasswd.1.xml: Add --root option.
* src/gpasswd.c: The getopt index of long options is not used.
2011-11-06 18:38:39 +00:00
nekral-guest 4beca611fb * NEWS, src/chsh.c, man/chsh.1.xml: Add --root option.
chsh's usage split in smaller messages.
	* src/chsh.c: The getopt index of long options is not used.
2011-11-06 18:38:32 +00:00
nekral-guest 1aa30ba551 * NEWS, src/groupmems.c, man/groupmems.8.xml: Add --root option.
Open syslog after the potential chroot.
	* src/groupmems.c: The getopt index of long options is not used.
2011-11-06 18:38:26 +00:00
nekral-guest fc5cd8840e sort per util. 2011-11-06 18:38:21 +00:00
nekral-guest ec2b9f59f7 * NEWS, src/passwd.c, man/passwd.1.xml: Add --root option.
passwd's usage split in smaller messages.
	* src/passwd.c: Call sanitize_env() before setting the locales.
2011-11-06 18:38:16 +00:00
nekral-guest 799f30b08d * NEWS, src/chpasswd.c, man/chpasswd.8.xml, src/chgpasswd.c,
man/chgpasswd.8.xml: Add --root option.
	* src/chpasswd.c, src/chgpasswd.c: The getopt index of long
	options is not used.
2011-11-06 18:38:10 +00:00
nekral-guest bf90350fe7 * NEWS, src/pwconv.c, src/pwunconv.c, src/grpconv.c,
src/grpunconv.c, man/pwconv.8.xml: Add --root option.
	* src/pwconv.c, src/pwunconv.c, src/grpconv.c, src/grpunconv.c:
	Add --help option.
	* src/pwconv.c, src/pwunconv.c, src/grpconv.c, src/grpunconv.c:
	Add process_flags() and usage().
2011-11-06 18:38:04 +00:00
nekral-guest c017dd73aa * src/groupdel.c: Add process_flags().
* src/groupdel.c, man/groupdel.8.xml: Add --help option.
	* NEWS, src/groupdel.c, man/groupdel.8.xml: Add --root option. Open
	audit and syslog after the potential chroot.
	* src/groupdel.c: Check atexit failures.
2011-11-06 18:37:57 +00:00
nekral-guest 9195f6085d * NEWS, src/groupadd.c, man/groupadd.8.xml: Add --root option. Open
audit and syslog after the potential chroot.
	* src/groupmod.c: The index of long options is not used.
2011-11-06 18:37:51 +00:00
nekral-guest 057cbaa4ae * NEWS, src/groupadd.c, man/groupadd.8.xml: Add --root option. Open
audit after the potential chroot.
	* src/groupadd.c: Check atexit failures.
	* src/groupadd.c: Return E_SUCCESS instead of exit'ing at the end
	of main().
2011-11-06 18:37:45 +00:00
nekral-guest aa2957e62a * NEWS, src/usermod.c, man/usermod.8.xml: Add --root option. Open
audit and syslog after the potential chroot. userdel's usage split
	in smaller messages.
2011-11-06 18:37:39 +00:00
nekral-guest 50eafd769b * NEWS, src/userdel.c, man/userdel.8.xml: Add --root option. Open
audit and syslog after the potential chroot. userdel's usage split
	in smaller messages.
2011-11-06 18:37:32 +00:00
nekral-guest cecae46ccf * NEWS, src/useradd.c, man/useradd.8.xml: Add --root option. Open
audit after the potential chroot.
2011-11-06 18:37:25 +00:00
nekral-guest 0b5574c28a * lib/prototypes.h, libmisc/Makefile.am, libmisc/root_flag.c,
po/POTFILES.in: Add process_root_flag() to process the --root
	option and chroot so that the chroot config is used and changes
	are applied to the chroot.
2011-11-06 18:37:19 +00:00
nekral-guest c237be820b * man/ja/Makefile.am, man/fr/Makefile.am, man/ru/Makefile.am,
man/sv/Makefile.am, man/pl/Makefile.am, man/zh_CN/Makefile.am,
	man/it/Makefile.am, man/Makefile.am: Include man_nopam in
	EXTRA_DIST only when USE_PAM (they are already in man_MANS
	otherwise).
2011-10-22 08:59:08 +00:00
nekral-guest eee4152981 * man/su.1.xml: Document that su -c does not providea controlling
terminal.
2011-10-22 08:56:51 +00:00
nekral-guest 2afa955401 * src/sulogin.c (main): env is only used when USE_PAM is not set. 2011-10-18 20:28:01 +00:00
nekral-guest 704f28df98 * lib/prototypes.h, libmisc/cleanup.c, lib/spawn.c, src/chage.c:
Add splint annotations.
2011-10-18 20:23:33 +00:00
nekral-guest edbdb4bf03 * lib/nscd.c: Remove unused variable. 2011-10-18 20:16:00 +00:00
nekral-guest d3195c6b5f * src/newusers.c: Fix typo.
* src/useradd.c: Likewise.
2011-10-18 20:13:37 +00:00
nekral-guest 8fcb361fb8 * man/login.defs.d/LOGIN_STRING.xml: Fix typo. 2011-10-15 16:01:07 +00:00
nekral-guest f870cc7eab Miscellaneous:
* lib/prototypes, libmisc/basename.c (Basename): Input is a
	constant string.
	* lib/prototypes.h, lib/spawn.h, lib/spawn.c, src/userdel.c,
	lib/nscd.c, lib/Makefile.am: Delete spawn.h. Move from spawn.h to
	prototypes.h.
	* src/userdel.c: Remove unused variables.
	* lib/nscd.c: Remove unused header files.
	* lib/nscd.c: Add the program name to error messages.
	* lib/nscd.c: Indicate when nscd does not terminate normally (signal).
	* lib/spawn.c: Updated header.
	* lib/spawn.c: Flush stdout and stderr to avoid inheriting from
	ongoing buffers.
	* lib/spawn.c: Avoid implicit conversion of pointer to boolean.
	* lib/spawn.c: Replace perror by a complete message.
	* lib/spawn.c: Continue to wait for the child if another child
	terminates.
	* lib/prototypes.h: The name field from cleanup_info_mod is a
	constant string. (username).
2011-09-18 21:02:43 +00:00
nekral-guest 03e5751102 Re-indent. 2011-09-18 20:44:09 +00:00
nekral-guest 05b55446da * libmisc/cleanup.c: Spawn children should no trigger cleanup
actions. Make sure only the parent (initial caller) perform the
	cleanup actions.
2011-09-18 20:43:28 +00:00
nekral-guest f1db2383fc * libmisc/salt.c (SHA_salt_rounds): It is statically ensured that
the format fits in rounds_prefix.
	* libmisc/loginprompt.c: Likewise.
2011-09-18 20:41:38 +00:00
nekral-guest cd10be6c91 * libmisc/salt.c (SHA_salt_rounds): It is statically ensured that
the format fits in rounds_prefix.
2011-09-18 20:40:50 +00:00
nekral-guest 2b5ba27ff8 * src/grpconv.c: Fail if not called correctly.
* src/grpconv.c: At the end of main, the passwd and shadow files
	are locked. No need to check before unlocking. No need to set the
	lock as false neither since there cannot be anymore failures.
2011-09-18 20:26:27 +00:00
nekral-guest fa96d1bb78 * src/chage.c: EPOCH is not needed, it's converted to -1 by
strtoday(). But we need to support "-1" specifically.
	* src/chage.c: Fix usage: LOGIN is mandatory.
	* src/chage.c: Display disabled expiry or last change as "-1"
	instead of 1969-12-31. 1969-12-31 is still supported as input from
	the user.
	* src/chage.c: Exit cleanly with fail_exit() (lock files were not
	removed).
2011-09-18 20:24:36 +00:00
nekral-guest 23afb3fd07 * src/useradd.c: Remove def_file. It was always set to
USER_DEFAULTS_FILE.
	* src/useradd.c: Fix cut&paste issue causing bad warning when
	the useradd.default file contains an invalid INACTIVE= value.
	* src/useradd.c: Added missing end of line for rename errors.
	* src/useradd.c: Added -D synopsis to the usage message.
	* src/useradd.c: Do not scale_age(-1), just use -1.
	* src/useradd.c: Added FIXME to be fixed later.
	* src/useradd.c: Allow -e -1 when there is no shadow file.
	* src/useradd.c: Fail, but do not print the usage message when the
	-e argument is not valid.
	* src/useradd.c: No need to check for oflg since uflg is
	already checked.
2011-09-18 18:00:06 +00:00
nekral-guest 6f05b866bc * src/su.c: Too much const were added on 2011-08-15. pw in
save_caller_context() is allocated and freed.
	* src/su.c: Added missing #endif indication
	* src/su.c save_caller_context(): password only needed if
	SU_ACCESS and !USE_PAM.
2011-09-18 17:47:03 +00:00
nekral-guest 603d949ed5 * src/usermod.c: date_to_str() is always called with negativ set
to "never", remove this argument.
	* src/usermod.c: Added missing cast for gr_free argument.
2011-09-18 17:34:21 +00:00
nekral-guest 4ce849a5ed * src/pwconv.c: Fail if not called correctly.
* src/pwconv.c: At the end of main, the passwd and shadow files
	are locked. No need to check before unlocking.
2011-09-18 17:32:04 +00:00
nekral-guest 7b0116c5b4 * src/newusers.c: Initially set the passwd's password to '*'
instead of 'x'. Only when it is confirmed that a shadow entry is
	(will be) added, set the passwd's password to 'x'.
	* src/newusers.c: An invalid line is an error. A failure needs to
	be reported.
2011-09-18 17:29:52 +00:00
nekral-guest a52a8d8a5d * src/gpasswd.c: Remove log_gpasswd_success_gshadow(). Writing in
gshadowis the last sub-task.
2011-09-18 17:27:18 +00:00
nekral-guest 75936bf9f7 * src/chsh.c: No needto remove lines tarting with '#' from
/etc/shells. This is already done by getusershell() and these
	shell would fail the access(X_OK) test.
2011-09-18 17:24:15 +00:00
nekral-guest 0d00d3eecf * man/generate_mans.mak: Fix the generation of translated man
pages. xml2po removed the comment from empty headers and the
	config was no more inserted.
2011-09-18 17:02:10 +00:00
nekral-guest 93ee4927bc * man/login.defs.d/QUOTAS_ENAB.xml: Document the dependency
between /etc/limits and QUOTAS_ENAB.
2011-09-18 17:00:28 +00:00
nekral-guest 5570ec21b4 * man/chage.1.xml: The LOGIN argument is not optional. 2011-09-18 16:59:16 +00:00
nekral-guest 5530a47d76 * po/POTFILES.in: Added lib/spawn.c. 2011-09-18 16:58:12 +00:00
nekral-guest fc0057ff35 2011-08-20 Jonathan Nieder <jrnieder@gmail.com>
* lib/Makefile.am: Added lib/spawn.c and lib/spawn.h.
	* lib/nscd.c, lib/spawn.c, lib/spawn.h: It is not possible to
	differentiate between an nscd failure, and a failure to execute
	due to no nscd with posix_spawn. Use our own run_command routine.
	* src/userdel.c: Use run_command()
2011-08-20 13:33:38 +00:00
nekral-guest ec309dcac8 re-indent. 2011-08-15 14:40:42 +00:00
nekral-guest ee0e0f9943 * src/groupmod.c: Check atexit failures. 2011-08-15 14:38:49 +00:00
nekral-guest 7f842bdf4f * src/groupmod.c: Ignore return value from snprintf.
* src/groupmod.c: Add static qualifier to the cleanup structures.
2011-08-15 14:22:33 +00:00
nekral-guest 7c96d6cbcc * src/usermod.c: Do not assign static to NULL.
* src/usermod.c (date_to_str): buf needs to be unique (e.g.
	independent from negativ), and is an out buffer.
	* src/usermod.c: Ignore return value from snprintf, and force
	nul-termination of buffer.
	* src/usermod.c: Improve memory management.
	* src/usermod.c: An audit bloc was not reachable, moved above on
	success to move the home directory.
	* src/usermod.c: Ignore close() return value for the mailbox
	(opened read only).
2011-08-15 09:56:43 +00:00
nekral-guest 5eb9ed0aaf * src/su.c: Added const modifiers.
* lib/prototypes: Synchronize splint annotations.
2011-08-15 09:25:58 +00:00
nekral-guest 94c1763f71 * src/su.c: Add splint annotations.
* src/su.c: Set caller_on_console as boolean.
	* src/su.c: Ignore retunr value from fputs (usage) / puts (prompt).
	* src/su.c: Improved memory management.
2011-08-14 21:44:46 +00:00
nekral-guest 1304a3106b * src/chgpasswd.c, src/chpasswd.c, src/newusers.c: Replace cflg by
a test on crypt_method.
2011-08-14 14:44:35 +00:00
nekral-guest a9c38f4902 * src/chgpasswd.c: Add splint annotations.
* src/chpasswd.c: Likewise.
	* src/newusers.c: Likewise.
	* libmisc/salt.c, lib/prototypes.h (crypt_make_salt): Likewise.
2011-08-14 14:37:17 +00:00
nekral-guest e2bdb4ff83 * libmisc/chowndir.c: Add splint annotations. 2011-08-14 14:00:14 +00:00
nekral-guest 41accaf963 * lib/gshadow_.h: Fix typo in comment. 2011-08-14 13:16:54 +00:00
nekral-guest 5f37d13405 * lib/prototypes.h, libmisc/getgr_nam_gid.c: getgr_nam_gid()
returns an allocated structure.
2011-08-14 13:16:26 +00:00
nekral-guest 745bcb5406 * src/su.c: Add annotations to indicate that su_failure() does
not return.
2011-08-14 13:15:20 +00:00
nekral-guest 1f4f00acad * lib/commonio.c: Display PID as unsigned long. 2011-07-30 01:48:42 +00:00
nekral-guest 905e14ee83 * src/useradd.c: Remove unused Zflg. 2011-07-30 01:47:52 +00:00
nekral-guest f8d47df43b * src/chgpasswd.c: Fix typo sp -> sg. sg_namp -> sg_name
* src/chgpasswd.c: Always update the group file when SHADOWGRP is
	not enabled.
2011-07-30 01:46:23 +00:00
nekral-guest 934bfa5969 * src/newgrp.c: Fix typo in notreached annotation. 2011-07-30 01:41:56 +00:00
nekral-guest 00d1ab6454 * src/usermod.c: Add annotations to indicate that fail_exit() does
not return.
	* src/usermod.c: Fix typo in notreached annotation.
2011-07-30 01:41:03 +00:00
nekral-guest 019048c555 * libmisc/find_new_uid.c: free (used_uids) on return.
* libmisc/find_new_gid.c: free (used_gids) on return.
2011-07-30 01:38:07 +00:00
nekral-guest 6223c40c2d * lib/commonio.c: Fix NIS commit from 2011-07-14. 2011-07-28 15:19:40 +00:00
nekral-guest e7c09ab3df * NEWS, src/chpasswd.c: Create a shadow entry if the password is
set to 'x' in passwd and there are no entry in shadow for the
	user.
	* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is 
	set to 'x' in group and there are no entry in gshadow for the 
	group.
2011-07-28 15:18:39 +00:00
nekral-guest 75fa697526 * NEWS, src/chpasswd.c: Create a shadow entry if the password is
set to 'x' in passwd and there are no entry in shadow for the
	user.
	* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is 
	set to 'x' in group and there are no entry in gshadow for the 
	group.
2011-07-28 15:17:28 +00:00
nekral-guest 771a3624f5 * src/pwunconv.c: Exit after printing usage when arguments or
options are provided.
	* src/pwunconv.c: Re-indent.
	* src/pwunconv.c: Open the shadow file read only.
	* src/grpunconv.c: Exit after printing usage when arguments or
	options are provided.
	* src/grpunconv.c: Open the gshadow file read only.
2011-07-28 14:40:56 +00:00
nekral-guest 7fed07f1e9 * src/chgpasswd.c: Fix typo. 2011-07-28 14:36:24 +00:00
nekral-guest 7180f03376 Add more info on the change of behavior. 2011-07-23 11:05:59 +00:00
nekral-guest 2aefca0f2e * NEWS, src/login.c: Do not log in utmp / utmpx / wtmp when PAM is
enabled. This is already done by pam_lastlog.
2011-07-23 11:03:50 +00:00
nekral-guest 7e8aa5429a * src/chpasswd.c: Add annotations to indicate that usage() does
not return.
	* src/chpasswd.c: Reindent.
	* src/chpasswd.c: Remove dead code. No need to set crypt_method
	to NULL when it is already NULL. sflg is only set if crypt_method
	is not NULL.
2011-07-23 08:14:15 +00:00
nekral-guest 2be8650d2c * src/lastlog.c: Add annotations to indicate that usage() does not
return.
2011-07-23 08:10:27 +00:00
nekral-guest 495125415b * src/faillog.c: Add annotations to indicate that usage() does not
return.
	* src/faillog.c: Fix message: this is faillog, not lastlog.
	* src/faillog.c: Check that there are no extra arguments after
	parsing the options.
2011-07-22 23:59:57 +00:00
nekral-guest 1def4ef49d * src/chgpasswd.c: Add annotations to indicate that usage() does
not return.
	* src/chgpasswd.c: Split usage in smaller parts. Those parts are
	already translated for chpasswd. Usage is now closer to
	chpasswd's.
	* src/chgpasswd.c: Remove dead code. No need to set crypt_method
	to NULL when it is already NULL. sflg is only set if crypt_method
	is not NULL.
2011-07-22 23:52:08 +00:00
nekral-guest bb67476209 * src/expiry.c: Remove dead code.
* src/expiry.c: Improve comments.
2011-07-22 22:39:30 +00:00
nekral-guest e8373305b4 * src/grpck.c: Added comments.
* src/grpck.c: Avoid implicit conversion of pointer to boolean.
	* src/grpck.c: Remove dead code. argc cannot be lower than optind.
	Avoid checking twice in a row for NULL != list[i].
2011-07-22 22:07:23 +00:00
nekral-guest 275ffe2e01 * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of
invalid configuration. 
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
	comments.
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
	on the loop stop conditions. Stop if we passed the limit, even if
	the limit itself was never noticed.
2011-07-22 21:53:01 +00:00
nekral-guest a210d898b6 * man/po/fr.po: Fix some spacing issues due to configuration
variants.
2011-07-14 14:14:36 +00:00
nekral-guest 8bce7fc016 * src/passwd.c: Overflow when computing the number of days based
on the scaling. Use of long long needed.
2011-07-14 14:03:19 +00:00
nekral-guest 39cecdab06 * NEWS, lib/commonio.h, lib/commonio.c: Additional messages to
indicate why locking failed.
	* NEWS, lib/commonio.c: Fix the sort algorithm in case of NIS. NIS
	entries were dropped.
	* lib/commonio.c: NIS entries can start by '+' or '-'.
2011-07-14 13:58:17 +00:00
nekral-guest a7fee9db00 * NEWS, src/groupmod.c: When the gshadow file exists but there are
no gshadow entries, an entry is created if the password is changed
	and group requires a shadow entry.
2011-07-14 13:30:05 +00:00
nekral-guest d4e630b8cc * src/usermod.c (process_flags): Indicate that the user name is
invalid, instead of just a 'field'.
2011-07-14 13:29:59 +00:00
nekral-guest 82b92af086 * src/usermod.c (process_flags): Do not display the usage in case
of an invalid -f value (similar to -e).
2011-07-14 13:29:54 +00:00
nekral-guest c23e851074 * src/usermod.c (new_pwent): Document that pw_locate will not fail
because getpwnam returned successfully.
2011-07-14 13:29:48 +00:00
nekral-guest c2333946c0 * man/usermod.8.xml: Document behavior of an empty EXPIRE_DATE.
* man/usermod.8.xml: Document that the mail spool might have to be
	renamed (as for the homedir)
2011-07-14 13:29:43 +00:00
nekral-guest 2c6782b501 * NEWS, src/usermod.c; man/usermod.8.xml: When the shadow file
exists but there are no shadow entries, an entry has to be created
	if the password is changed and passwd requires a shadow entry, or
	if aging features are used (-e or -f). Document this and also that
	-e and -f require a shadow file.
2011-07-14 13:29:37 +00:00
nekral-guest c2f5088067 * src/usermod.c (update_group, update_gshadow): Reduce complexity
and document checks. Some checks were always true/false within
	their call context.
2011-07-14 13:29:32 +00:00
nekral-guest 8195a2b5d8 * src/usermod.c (update_gshadow): is_member was computed twice. 2011-07-14 13:29:27 +00:00
nekral-guest 2798e35d86 * src/usermod.c: usage() does not return. Add annotations. 2011-07-14 13:29:22 +00:00
nekral-guest d1753cc25d * src/usermod.c (process_flags): Check for oflg is not needed to
check if changes are needed.
2011-07-14 13:29:16 +00:00
nekral-guest a5ded26850 * src/usermod.c (process_flags): Report usage if no options are
provided. Update the error message.
	* src/usermod.c (process_flags): Check option compatibility and
	dependency before options are discarded when no changes are
	requested.
2011-07-14 13:29:10 +00:00
nekral-guest d51420bb01 * src/usermod.c (move_home): It is always an error to use -m if
the new home directory already exist (independently from the
	existence of the old home directory did not exist)
2011-07-14 13:29:05 +00:00
nekral-guest aec025dbf6 * src/usermod.c: Fix typo in comment. 2011-07-14 13:28:59 +00:00
nekral-guest 95257d63a1 * src/groupmod.c: Avoid implicit conversion of pointer to boolean.
* src/groupmod.c: osgrp can be set only if pflg || nflg. No need
	to check for pflg || nflg again
2011-07-08 19:58:40 +00:00
nekral-guest 9cfc91a935 * configure.in: Fix typo. libcrack default is 'no'. 2011-07-08 19:57:08 +00:00
nekral-guest 13873a8799 * lib/fields.c: Fixed typo from 2010-02-15. field insteadof cp
ought to be checked.
	* src/vipw.c: Use Prog instead of progname. This is needed since
	Prog is used in the library.
2011-07-08 19:56:18 +00:00
nekral-guest cc6eaf9584 Fix typo in comment. 2011-07-08 19:51:32 +00:00
nekral-guest 1a164919f1 Fixed typo. user_home -> mailfile. 2011-07-08 19:50:42 +00:00
nekral-guest 3bdad35e9f * man/*.xml, man/config.xml.in: Add source and version
information. This reduce the amount of warnings during the
	manpages generation.
2011-07-08 19:49:09 +00:00
nekral-guest 275ac4c5e0 * man/po/ru.po: Add space between option and argument. 2011-06-25 09:13:14 +00:00
nekral-guest 504a89d25b * man/passwd.1.xml: Added reference to chpasswd(8). 2011-06-25 09:03:05 +00:00
bubulle 42666a6b03 Spanish translation update 2011-06-18 05:33:27 +00:00
nekral-guest c786f4887f Ignore generated files. 2011-06-16 21:26:35 +00:00
nekral-guest 75f4b049a6 * libmisc/isexpired.c: Added parenthesis.
* libmisc/env.c: Added comments.
	* libmisc/env.c: Avoid implicit conversion of pointer to boolean.
2011-06-16 21:25:36 +00:00
nekral-guest 907025eb40 * src/su.c: environ is provided by <unistd.h>.
* src/su.c: Added function prototypes.
	* src/su.c: Rename shellstr parameter to shellname to avoid
	collision with static variable.
	* NEWS, src/su.c: Added support for PAM modules which change
	PAM_USER.
2011-06-16 21:21:29 +00:00
nekral-guest 66d71aafb7 Cleanup. 2011-06-13 18:27:51 +00:00
nekral-guest 317939e821 * src/su.c: After prepare_pam_close_session() there is no need to
close the session in the child. Added pam_setcred to
	prepare_pam_close_session().
2011-06-13 18:27:46 +00:00
nekral-guest 1340beed16 * src/su.c: Also drop the controlling terminal when PAM is not
used.
	* src/su.c: Remove run_shell().
2011-06-13 18:27:40 +00:00
nekral-guest e9045e9f55 * src/su.c (prepare_pam_close_session): Extract the creation of a
child and listening for signal in the parent from run_shell().
	prepare_pam_close_session() is now executed before the creation of
	the pam session and before the UID is changed. This allows to
	close the session as root.
2011-06-13 18:27:34 +00:00
nekral-guest 69371ba2c2 * src/su.c: Extract export of environment from main(). 2011-06-13 18:27:28 +00:00
nekral-guest dbe0b96404 * src/su.c: Extract command line processing from main(). 2011-06-13 18:27:23 +00:00
nekral-guest 43e65fdd46 * src/su.c: Close the password databases together with syslog. 2011-06-13 18:27:17 +00:00
nekral-guest 5d6f4f8ea4 * src/su.c: Merge environment setting blocks after the creation of
the session.
2011-06-13 18:27:12 +00:00
nekral-guest b63c830547 * src/su.c: Cleanup check_perms_nopam(). 2011-06-13 18:27:06 +00:00
nekral-guest 927c2f06a3 * src/su.c: Split check_perms() in to a PAM (check_perms_pam) and
a non-PAM (check_perms_nopam) version.
2011-06-13 18:26:58 +00:00
nekral-guest 40a16a1b04 Compile fixes & cleanups. 2011-06-13 18:26:52 +00:00
nekral-guest 6be3ac560b * src/su.c (save_caller_context): Extract from main() the code
used to save the caller's context.
2011-06-13 18:26:47 +00:00
nekral-guest b661b913b5 * src/su.c: Cleanup local variables. 2011-06-13 18:26:36 +00:00
nekral-guest b273c4d19f Cleanup comments. 2011-06-13 18:26:31 +00:00
nekral-guest 7ebfb5c90f * lib/prototypes.h, src/suauth.c, src/su.c (check_su_auth): Do not
use the pwent global variable to communicate between APIs of
	different files. Added boolean parameter su_to_root to
	check_su_auth().
	* src/su.c (check_perms): Return the passwd entry of the finally
	authenticated user. Remove usage of the pwent variable.
	* src/su.c: The password of the caller is the one from the
	spwd structure only if the passwd's password is 'x'.
2011-06-13 18:26:26 +00:00
nekral-guest 3abd71c526 * src/su.c: Extract the authentication from the main function. 2011-06-13 18:26:16 +00:00
nekral-guest dc90c77285 * src/su.c: Define shellstr before the environment so that
restricted_shell is called only once. This will allow moving the
	environment definition after the switch to the new user.
2011-06-13 18:26:10 +00:00
nekral-guest 2f71935616 * src/su.c: Move definition of change_environment and shellstr
after the switch to the final subsystem. The previous architecture
	forced to always change the environment (the shell starts with a
	'*' and was thus restricted, and change_environment could not be
	reset to false).
2011-06-13 18:25:57 +00:00
nekral-guest 941e94f1d2 * src/su.c: No need to change the user's shell in case of
subsystem root. Update the comments.
2011-06-13 18:25:51 +00:00
nekral-guest 4be8077a56 * src/su.c: Group some of the environment processing blocks. The
definition of shellstr, PATH and IFS is not influenced (getenv,
	getdef, restricted_shell) by and does not influence (addenv does
	not change environ) the authentication. And the authentication
	does not overwrite those definitions. This will ease an extraction
	from the big main() function.
2011-06-13 18:25:45 +00:00
nekral-guest aef33a89c2 * src/su.c: No need to call expire() if there are no shadow entry.
No need to convert a passwd entry into an spwd entry in that case.
2011-06-13 18:25:40 +00:00
nekral-guest 1ddde00b1d * src/su.c: Updating pwent after expire() is not useful. Only the
password information may have changed and they are not used
	anymore afterwards.
2011-06-13 18:25:34 +00:00
bubulle f66bd259cf French manpages translation 2011-06-12 19:55:58 +00:00
nekral-guest ea34d36d62 Document the updated translations. 2011-06-05 14:56:11 +00:00
nekral-guest b5403415f7 * NEWS, src/su.c: Do not forward the controlling terminal to
commands executed with -c. This prevents tty hijacking which could
	lead to execution with the caller's privileges. This required to
	forward signals from the terminal (SIGINT, SIGQUIT, SIGTSTP) to
	the executed command.
2011-06-05 14:41:15 +00:00
nekral-guest a8ca723277 * NEWS, src/userdel.c: Do not remove a group with the same name as
the user (usergroup) if this group isn't the user's primary group.
2011-06-05 12:23:59 +00:00
nekral-guest 14f44bd9c9 * NEWS, src/userdel.c: Check the existence of the user's mail
spool before trying to remove it. If it does not exist, a warning
	is issued, but no failure.
2011-06-04 22:38:57 +00:00
nekral-guest c9281b5bb9 Harmonize message. 2011-06-03 21:09:27 +00:00
nekral-guest ce737cf543 * src/sulogin.c: Added Prog, needed because of the last xmalloc()
change.
2011-06-03 21:08:56 +00:00
nekral-guest e8723c375f * man/zh_CN/, man/zh_CN/Makefile.am: Added directory, and zh_CN
Makefile.
	* man/Makefile.am: Build zh_CN pages.
	* man/generate_translations.mak: Add config.xml to CLEANFILES.
	* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
	translated (command name, file name), also this broke the build
	system as they are used to derive manpage names.
2011-06-03 21:07:58 +00:00
nekral-guest 6b14946d81 * man/zh_CN/, man/zh_CN/Makefile.am: Added directory, and zh_CN
Makefile.
	* man/Makefile.am: Build zh_CN pages.
	* man/generate_translations.mak: Add config.xml to CLEANFILES.
	* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
	translated (command name, file name), also this broke the build
	system as they are used to derive manpage names.
2011-06-03 21:06:23 +00:00
nekral-guest 597bb764f1 * src/lastlog.c, src/faillog.c: Fix underflows causing wrong entry
to be displayed.
2011-06-02 20:26:30 +00:00
nekral-guest f406d16b7b * libmisc/xmalloc.c: Harmonize message. 2011-06-02 18:41:05 +00:00
nekral-guest 58baa7aa61 * libmisc/find_new_uid.c, libmisc/find_new_gid.c: Add missing
memory allocation check.
2011-06-02 18:40:06 +00:00
nekral-guest f140c3a0e5 * NEWS, libmisc/addgrps.c: Fix allocator loop. Continue to
getgroups() when getgroups fails (-1) with errno==EINVAL.
2011-06-02 15:36:29 +00:00
bubulle 99d0164837 German translation of manpages completed 2011-06-01 12:19:25 +00:00
bubulle 143f479869 Fix typos in manpages
Catalan translation updated
2011-06-01 11:58:04 +00:00
bubulle 7864e1edf5 French and Portuguese translation updates 2011-04-25 10:06:23 +00:00
bubulle ed6107c8c5 German translation completed 2011-04-16 07:31:49 +00:00
bubulle d4d8ab87ac Brazilian Portuguese translation completed 2011-04-15 06:21:10 +00:00
bubulle af89454645 Russian translation completed 2011-04-10 15:50:13 +00:00
bubulle e10346124f Updated Swedish and Danish translations 2011-04-07 17:45:33 +00:00
bubulle 0d3d7722c1 Fixed file 2011-04-06 04:14:12 +00:00
bubulle 72ba55b056 Kazakh and Japanese translation updates 2011-04-05 18:06:32 +00:00
bubulle 82cfc819a8 Simplified Chinese translation completed 2011-03-30 17:51:50 +00:00
bubulle 699edaab3b Convert zh_CN translation of manpages to gettext 2011-03-30 17:50:19 +00:00
nekral-guest a342b207b2 * man/ru/Makefile.am: Remove double inclusion of $(man_nopam) 2011-02-19 16:17:26 +00:00
nekral-guest ee163bed33 * libmisc/user_busy.c, src/userdel.c, src/usermod.c: Warn in
user_busy() rather than in src/userdel.c or src/usermod.c to
	provide more accurate failure cause (user is logged in or user
	still executes processes).
2011-02-16 20:46:27 +00:00
nekral-guest f4b544786c Added missing Changelog entry for lib/fields.c:
* lib/fields.c: Fail if input pointer is NULL.
2011-02-16 20:33:16 +00:00
nekral-guest d7fa77f03b * lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check
entry validity before commits to databases.
	* libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
	lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
	lib.
2011-02-16 20:32:16 +00:00
nekral-guest a9b8e7aaa3 Adapt ignore list to previous commits. 2011-02-16 20:27:25 +00:00
nekral-guest 0419fc4f5f * NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in
gecos or shell.
2011-02-16 00:18:45 +00:00
nekral-guest 7de49dec7b Cleanup previous commit. 2011-02-13 11:51:39 +00:00
nekral-guest 0398323a60 * autogen.sh: Restore original autoreconf (see 2010-08-29's change
for autogen.sh)
	* configure.in, man/po/Makefile.in.in, man/po/Makefile.in:
	Makefile.in.in replaced by Makefile.in to avoid config.status
	issues when there are multiple po directories.
	* man/po/LINGUAS: Adapted to above change.
	* man/po/POTFILES.in, man/po/XMLFILES: POTFILES.in replaced by
	XMLFILES.
	* man/Makefile.am: generate_mans.deps shall be included by make,
	not automake.
2011-02-12 14:57:37 +00:00
nekral-guest 8b4f07692e * NEWS, libmisc/console.c: Fix CONSOLE parser. This caused login
to hang when CONSOLE was configured with a colon separated list of
	TTYs.  See http://bugs.gentoo.org/show_bug.cgi?id=324419
2010-11-19 21:54:41 +00:00
nekral-guest dffc624b37 Integrate review comments from Julien Cristau
* libmisc/copydir.c: Missing parenthesis in comment.
	* libmisc/chowndir.c: Fixed memory leak on failed realloc().
	* libmisc/chowndir.c: Make sure the buffer for the path is large
	enough.
	* libmisc/remove_tree.c: Remove check for NULL before free().
2010-09-05 15:34:42 +00:00
nekral-guest d1bad25f40 * man/po/fr.po: Fix 2 fuzzy strings. 2010-08-29 19:11:40 +00:00
nekral-guest 229f243ca0 * NEWS, src/usermod.c: Accept options in any order (username not
necessarily at the end)
2010-08-29 19:02:41 +00:00
nekral-guest 91f972bb59 * autogen.sh: Expand autoreconf to avoid running autopoint. 2010-08-29 16:42:25 +00:00
nekral-guest 493009ac91 * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2010-08-29 16:13:47 +00:00
nekral-guest 0355e4e930 * man/chsh.1.xml: Fix comma splice. 2010-08-28 20:16:18 +00:00
nekral-guest 8184041c7e * NEWS, po/kk.po: Updated Kazakh translation. 2010-08-28 20:02:25 +00:00
nekral-guest 1d336d3a1e * lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
selinux_file_context renamed set_selinux_file_context.
	* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
	Added reset_selinux_file_context.
	* src/useradd.c: Check the return value of
	set_selinux_file_context and reset_selinux_file_context.
	* libmisc/copydir.c: Check the return value of
	reset_selinux_file_context.
2010-08-28 19:58:00 +00:00
nekral-guest 991ce97170 * src/su.c: Fix handling of environment variables when
the environment is not changed. In particular, this makes su
	behave as documented regarding PATH and IFS (i.e. they are reset)
	when -p is provided.
2010-08-28 19:55:31 +00:00
nekral-guest bf480028f5 * man/su.1.xml: Fix typo. 2010-08-28 19:48:17 +00:00
nekral-guest ab9427420e * src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
	src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
	src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
	src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/chage.c,
	src/groupadd.c, src/login.c, src/grpconv.c, src/groups.c,
	src/grpunconv.c, src/chsh.c: Prog changed to a constant string.
2010-08-22 19:36:09 +00:00
nekral-guest 07e462f01f * libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
	* libmisc/basename.c: Avoid implicit conversion of pointer to
	boolean.
	* libmisc/basename.c, lib/prototypes.h (Basename): Return a
	constant string.
	* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
	libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
	libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
	splint annotations.
	* libmisc/chowndir.c: Avoid memory leak.
	* libmisc/chowndir.c: Do not check *printf/*puts return value.
	* libmisc/chowntty.c: Avoid implicit conversion between integer
	types.
	* libmisc/obscure.c: Return a bool when possible instead of int.
	* libmisc/shell.c: Do not check *printf/*puts return value.
	* libmisc/shell.c: Do not check execle return value.
	* libmisc/setupenv.c: Avoid implicit conversion between integer
	types.
	* libmisc/xmalloc.c: size should not be zero to avoid returning
	NULL pointers.
	* libmisc/hushed.c: Do not check *printf/*puts return value.
	* libmisc/system.c: Avoid implicit conversion of integer to
	boolean. safe_system last argument is a boolean.
	* libmisc/system.c: Check return value of dup2.
	* libmisc/system.c: Do not check *printf/*puts return value.
	* libmisc/system.c: Do not check execve return value. 
	* libmisc/salt.c: Do not check *printf/*puts return value.
	* libmisc/loginprompt.c: Do not check gethostname return value.
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
	gr_rewind/pw_rewind return value.
	* libmisc/ttytype.c: Limit the number of parsed characters in the
	sscanf format.
	* libmisc/ttytype.c: Test if a type was really read.
	* libmisc/sub.c: Do not check *printf/*puts return value.
	* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
	* src/userdel.c: Fix typo in comment.
	* src/userdel.c: Avoid implicit conversion of boolean to integer.
	* src/userdel.c: safe_system last argument is a boolean.
	* src/newusers.c: Avoid implicit conversion of boolean to integer.
	* src/newusers.c: Avoid implicit conversion of integer to boolean.
	* src/usermod.c: Add brackets.
	* src/usermod.c: Avoid implicit conversion of characters or
	integers to booleans.
	* src/vipw.c: Avoid implicit conversion of integer to boolean.
	* src/su.c: Avoid implicit conversion of integer to boolean.
	* src/su.c: Add brackets.
	* src/useradd.c: Avoid implicit conversion of characters or
	integers to booleans.
2010-08-22 19:13:53 +00:00
nekral-guest 7eb6a4b3a4 Updated copyrights. 2010-08-22 13:04:54 +00:00
nekral-guest 471a2df3a6 * libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool
instead of an int.
	* libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c,
	libmisc/copydir.c, lib/prototypes.h: Add splint annotations.
	* libmisc/tz.c: Fix some const issues.
	* libmisc/tz.c: Avoid multi-statements lines.
	* libmisc/tz.c: Add brackets.
	* libmisc/copydir.c: Do not check *printf/*puts return value.
	* libmisc/copydir.c: Fail if we cannot set or reset the SELinux
	fscreate context.
	* libmisc/copydir.c: Use xmalloc instead of malloc.
	* libmisc/copydir.c: Do not check lutimes return value
	* src/vipw.c: Avoid implicit conversion of integer to boolean.
	* src/su.c (iswheel): Return a bool instead of an int.
	* src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead.
	* src/passwd.c: Return constant strings when sufficient.
	* src/passwd.c: Do not check *printf/*puts return value.
	* src/passwd.c: Avoid implicit conversion of character to boolean.
	* src/passwd.c: Do not check sleep return value.
	* src/sulogin.c: Do not check *printf/*puts return value.
	* lib/encrypt.c: Do not check fprintf return value.
2010-08-22 12:49:07 +00:00
nekral-guest 7e398a169b * src/sulogin.c: Fix a const issue. 2010-08-21 20:37:23 +00:00
nekral-guest 7bb81f6c3e * src/passwd.c: Fix a const issue.
* src/passwd.c: Avoid multi-statements lines.
2010-08-21 19:55:46 +00:00
nekral-guest c56d59c90b Fix additional const issues. 2010-08-21 19:22:32 +00:00
nekral-guest 791ebc58dd * libmisc/copydir.c, lib/prototypes.h: Caller can choose not to
copy the extended attributes (the SELinux context is hence reset)
	* src/usermod.c: Copy the extended attributes.
	* src/useradd.c: Only reset the SELinux context.
2010-08-21 17:31:45 +00:00
nekral-guest 3f63005e91 * configure.in: Fixed typo.
Thanks to Peter Vrabec.
2010-08-21 16:51:53 +00:00
nekral-guest f7a00a2334 * libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c,
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
	libmisc/loginprompt.c, libmisc/ttytype.c,
	libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
	lib/commonio.c, lib/commonio.h: Fix some const issues.
	* libmisc/motd.c: Avoid multi-statements lines.
	* libmisc/motd.c: Support long MOTD_FILE.
	* libmisc/list.c, lib/prototypes.h: Revert previous change.
	dup_list and is_on_list are used with members as defined for the
	group structure, and thus even if the list is not modified, the
	list elements cannot be constant strings.
	* libmisc/system.c: Avoid C++ comments.
	* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
	string. Split the Usage string.
	* lib/commonio.h: Re-indent.
2010-08-21 15:32:53 +00:00
nekral-guest 6a2f349ec5 * libmisc/audit_help.c (audit_logger):pgname is not used. We let
audit find out the name of the program.
	* libmisc/audit_help.c: Re-indent.
2010-08-21 15:22:39 +00:00
nekral-guest 4f667bb442 * lib/groupio.c: Avoid implicit conversion from signed to unsigned. 2010-08-20 20:35:52 +00:00
nekral-guest 22294bfac8 * lib/commonio.c: Make sure there are no NULL pointer dereference. 2010-08-20 20:34:44 +00:00
nekral-guest 07e67e1350 * libmisc/remove_tree.c: Ignore snprintf return value. 2010-08-20 20:27:34 +00:00
nekral-guest 660ed49daf * lib/prototypes.h, libmisc/list.c: dup_list() and is_on_list() do
not change the members of the list they receive. Added const
	qualifiers.
2010-08-20 20:26:32 +00:00
nekral-guest fad23b25a1 * src/usermod.c: Re-indent. 2010-08-20 18:24:33 +00:00
nekral-guest 6b74294844 * lib/commonio.c: Avoid multi-statements lines. 2010-08-20 18:09:14 +00:00
nekral-guest 11a564b6bd * man/po/fr.po: Fix a typo. 2010-08-20 17:57:33 +00:00
bubulle 939386aabb Kazakh translation update 2010-06-24 18:43:04 +00:00
nekral-guest 01ed010aed * man/po/fr.po: Fix some typos. Minor updates. 2010-04-12 21:49:09 +00:00
nekral-guest 52ec0ba938 * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2010-04-12 21:05:33 +00:00
nekral-guest 4f8310dfde * man/newusers.8.xml, man/useradd.8.xml, man/groupadd.8.xml,
man/login.defs.d/UMASK.xml, man/login.defs.d/CREATE_HOME.xml,
	man/login.defs.d/LOGIN_RETRIES.xml: Fix typos: choosen, overriden,
	bahavior.
2010-04-04 23:17:11 +00:00
nekral-guest 263f37a69b * man/usermod.8.xml: Document changes of ownerships. 2010-04-04 21:23:02 +00:00
nekral-guest 56483122b6 * man/vipw.8.xml: Fix formatting typo.
* man/vipw.8.xml: Document the login.defs parameters only when tcb
	is enabled.
2010-04-04 20:57:54 +00:00
nekral-guest 16362e289b 2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* src/useradd.c: spool is a constant string.
	* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false 

2010-04-04  Nicolas François  <nicolas.francois@centraliens.net>

	* src/usermod.c: move_home() is only called if mflg is set.
	* src/usermod.c: Fail is -m is provided but the old home directory
	is not a directory.
	* src/usermod.c: Use the previous improvement of copy_tree to
	provide better error diagnosis.
	* src/usermod.c: When rename() is used, also change the ownership.
	* src/usermod.c: Do not change the ownership of the root directory
	twice.
	* src/usermod.c: When -u is provided, only change the ownership of
	the home directory if it is a directory.
	* src/usermod.c: Also change ownerships when -g is used.

2010-04-04  Nicolas François  <nicolas.francois@centraliens.net>

	* lib/prototypes.h, libmisc/copydir.c: Add the old UID and GID to
	copy_tree to detect when ownership shall be changed.
	* libmisc/copydir.c: Document the behavior when the IDs are set to
	-1.
	* lib/prototypes.h, libmisc/copydir.c (copy_tree): Add parameter
	copy_root.
	* libmisc/copydir.c: error() and ctx can be static.
	* libmisc/copydir.c (copy_hardlink): Remove parameter src.

2010-04-04  Nicolas François  <nicolas.francois@centraliens.net>

	* libmisc/chowndir.c: Dynamically allocate memory to support
	path longer than 1024 characters.
	* libmisc/chowndir.c: Fix typos in documentation.
	* libmisc/chowndir.c: Support and document the behavior when a old
	or new ID is set to -1.
	* libmisc/chowndir.c: Improved error detection when chown fails.
	* libmisc/chowndir.c: Harmonize error handling strategy when an
	error occurs: stop changing ownership as soon as an error was
	detected.
2010-04-04 20:55:46 +00:00
nekral-guest 586a8f9e9e * man/hu/passwd.5: Fix formatting typo.
* man/id/login.1: Likewise.
2010-04-04 20:48:29 +00:00
nekral-guest a9249dbb0a * man/vipw.8.xml: When TCB is enabled, vipw uses login.defs. 2010-03-31 19:52:30 +00:00
nekral-guest 47733f1a0f Fix typos. 2010-03-31 12:24:03 +00:00
nekral-guest bb02ec3261 Fix typo. 2010-03-31 09:27:11 +00:00
nekral-guest c3689fa60b * NEWS, libmisc/copydir.c: When a hardlink is detected, the
original hardlink should not be removed.
2010-03-30 23:14:04 +00:00
nekral-guest dc0947da78 * po/POTFILES.in, libmisc/Makefile.am, lib/prototypes.h,
libmisc/remove_tree.c, libmisc/copydir.c: Split remove_tree()
	outside of copydir.c to avoid linking against libacl or libattr.
2010-03-30 21:54:29 +00:00
nekral-guest 427b60f288 * src/su.c: shell's name must be -su when a su fakes a login. 2010-03-30 21:32:36 +00:00
nekral-guest 902aad57af * NEWS, configure.in, libmisc/copydir.c, man/useradd.8.xml,
man/usermod.8.xml, src/Makefile.am: Added support for ACLs and
	Extended Attributes.
2010-03-30 21:01:27 +00:00
nekral-guest 6afd7859f8 * libmisc/copydir.c: Document the sections closed by #endif 2010-03-30 21:00:43 +00:00
nekral-guest cfce9890fb * etc/login.defs: Updated description of UMASK to indicate its
usage by pam_umask.
	* man/login.defs.d/UMASK.xml: Likewise.
2010-03-27 20:11:21 +00:00
nekral-guest 4b98379ce1 * man/vipw.8.xml: Add section ENVIRONMENT. 2010-03-27 20:09:49 +00:00
nekral-guest ee3d411024 * etc/login.defs: Updated description of UMASK to indicate its
usage by pam_umask.
2010-03-26 11:53:06 +00:00
nekral-guest 40d1598165 * man/login.1.xml: login does not check for new mails in PAM
enabled versions. This is done by pam_mail.
2010-03-25 20:38:31 +00:00
nekral-guest 97961b8bee * NEWS, src/chpasswd.c, man/chpasswd.8.xml, man/login.defs.5.xml:
PAM enabled versions: restore the -e option to allow restoring
	passwords without knowing those passwords. Restore together the -m
	and -c options.
2010-03-25 20:35:59 +00:00
nekral-guest fcd5b38caf * src/su.c, src/vipw.c, src/newgrp.c: When the child is
interrupted, stop ourself with a SIGSTOP signal.
2010-03-23 13:05:06 +00:00
nekral-guest 052e9105f7 * src/newgrp.c: Limit the scope of variable pid.
* src/login_nopam.c: Limit the scope of variables end, lineno, i,
	str_len.
	* src/logoutd.c: Limit the scope of variable c.
	* src/vipw.c: Re-indent.
	* src/vipw.c: Close the file after the creation of the backup.
	* src/useradd.c (set_default): Close input file on failure.
	* src/useradd.c: Limit the scope of variables spool, file, fd, gr,
	gid, mode.
	* src/passwd.c: Limit the scope of variables last and ok.
	* src/chage.c: Fix typo (non breaking space).
	* src/login.c: Limit the scope of variables erasechar killchar, c,
	failed.
	* src/groups.c: Limit the scope of variable ngroups, pri_grp, i.
	* src/id.c: Limit the scope of variable i.
2010-03-23 11:26:34 +00:00
nekral-guest 4375be4642 * lib/utent.c (getutline): Remove getutline(). This function is
no more used.
	* lib/groupmem.c: Limit the scope of variable i.
	* lib/shadow.c: Avoid implicit conversion of pointers and integers
	to booleans.
	* lib/shadow.c: Added brackets.
	* libmisc/limits.c: Limit the scope of variable tmpmask.
	* libmisc/copydir.c: Close opened file on failure.
	* libmisc/loginprompt.c: Limit the scope of variable envc.
	* libmisc/find_new_uid.c, libmisc/find_new_gid.c: Limit the scope
	of variable id.
2010-03-23 08:56:52 +00:00
nekral-guest 5ebb35654b * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Detect some
misconfigurations of UID_MIN, UID_MAX, SYS_UID_MIN, SYS_UID_MAX (and
	the GID equivalents)
2010-03-21 01:20:50 +00:00
nekral-guest a83124dade * NEWS, configure.in: Next version will be 4.1.5. 2010-03-20 10:31:36 +00:00
nekral-guest f729486b33 * libmisc/limits.c: Re-indent to make pmccabe happy. 2010-03-20 10:29:27 +00:00
nekral-guest d1eae4c7e3 * man/generate_translations.mak, man/generate_mans.mak: Fix
distcheck. All manpages generation code shall be enclosed in
	ENABLE_REGENERATE_MAN conditions.
2010-03-20 10:25:34 +00:00
nekral-guest 9b6beb496a * man/useradd.8.xml: Do not document the features which are not
working.
	* man/useradd.8.xml: Fix typo: -u was meant instead of -o.
	* man/useradd.8.xml: Document that the default behavior depends on
	CREATE_HOME.
2010-03-20 10:23:57 +00:00
nekral-guest 6e0fa02fd0 * lib/groupio.c: Fix memory management insplit_groups(). 2010-03-20 10:21:40 +00:00
nekral-guest f19f67c39c * libmisc/strtoday.c: Empty dates indicate a disabled date, this is
not an error.
2010-03-20 10:19:50 +00:00
nekral-guest 823735750a * libmisc/limits.c: Removed unused variable. 2010-03-19 11:25:56 +00:00
nekral-guest 68b6e6d2be * src/useradd.c, lib/commonio.c, po/POTFILES.in: Fix typos. 2010-03-19 11:01:32 +00:00
nekral-guest e19c7200eb * lib/commonio.c: Stop sorting entries when we reach the first
NIS line.
2010-03-18 23:21:21 +00:00
nekral-guest be3a05eab2 Add Alioth feature request reference. 2010-03-18 23:21:10 +00:00
nekral-guest 5e38d92a95 * src/chsh.c: Even for root, warn if an invalid shell is
specified.
2010-03-18 23:21:00 +00:00
nekral-guest 5204a15f95 * man/limits.5.xml: Document the selection of the limits when
multiple lines match the user.
2010-03-18 23:20:41 +00:00
nekral-guest 680a4985ea * man/limits.5.xml: Document the selection of the limits when
multiple lines match the user.
2010-03-18 23:20:30 +00:00
nekral-guest dfce564026 * libmisc/limits.c: Re-indent.
* libmisc/limits.c: Reformat the documentation. Avoid personal
	comments.
	* man/limits.5.xml: Document the new features.
2010-03-18 23:20:24 +00:00
nekral-guest 52c2bb51fb * NEWS, libmisc/limits.c: Fix parsing of limits.
* NEWS, libmisc/limits.c, man/limits.5.xml: Add support for
	infinite limits.
	* NEWS, libmisc/limits.c, man/limits.5.xml: Add support for @group
	syntax.
2010-03-18 23:20:15 +00:00
nekral-guest 6b14a0d08c * lib/tcbfuncs.h: Re-indent.
* lib/tcbfuncs.h: Explicitly indicate functiontakinga void
	parameter.
2010-03-18 19:23:00 +00:00
nekral-guest 395914c162 Reverse comparison for consistency. 2010-03-18 18:58:52 +00:00
nekral-guest 8e2010a26c * src/useradd.c: When exiting because of a failure, warn if an
home directory created, but cannot be removed.
2010-03-18 18:57:03 +00:00
nekral-guest 86498400da * libmisc/chowndir.c: Re-indent.
* libmisc/chowndir.c: Avoid assignment in comparisons.
	* libmisc/chowndir.c: Added brackets and parenthesis.
2010-03-18 18:52:53 +00:00
nekral-guest abffa73776 - add options -g / -G to specify alternative group / gshadow files 2010-03-18 12:28:25 +00:00
nekral-guest 0cbbdb32c4 * libmisc/strtoday.c: Add support for numerical dates, assuming
they are already specified in number of days since Epoch. Return
	-2 in case of errors to support the specification of -1.
	* src/usermod.c, src/useradd.c: Adapt to the new error value of
	strtoday().
	* src/chage.c:  Remove isnum(). Adapt to the new error value of
	strtoday(). Support for numerical dates is moved to strtoday().
2010-03-18 11:53:49 +00:00
nekral-guest 79fa4f3343 * man/po/fr.po: Harmonize name of parameters. 2010-03-18 10:54:32 +00:00
nekral-guest ab50cd2bd8 * NEWS: Indicate which tools support TCB. 2010-03-18 10:53:56 +00:00
nekral-guest 27f67dcad0 * src/pwck.c: Unlock the password and shadow files when there is a
failure to prepare the update in memory.
2010-03-18 10:52:52 +00:00
nekral-guest 6a1dea6602 * src/pwck.c: Only log to SYSLOG when acting on system files. 2010-03-18 10:35:11 +00:00
nekral-guest 657271eb04 * src/pwck.c: Remove the -s option from the usage when USE_TCB is
enabled. The option is still supported, but has no effect, as
	documented in the manpage.
2010-03-18 10:25:08 +00:00
nekral-guest 2db82460b1 * src/pwck.c: Document the sections closed by #endif
* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be
	given when USE_TCB is enabled.
2010-03-18 10:23:51 +00:00
nekral-guest 07c6e99725 * src/pwck.c: Do not use pwd_file and spw_file. Always use the
dbname() functions.
2010-03-18 09:46:15 +00:00
nekral-guest f77e9d0d80 * src/pwck.c: Re-indent. 2010-03-18 09:33:55 +00:00
nekral-guest a996fac57b * src/userdel.c, src/usermod.c, src/vipw.c, src/useradd.c,
src/pwck.c, src/chage.c, lib/shadowio.c: Explicitly use the
	SHADOWTCB_FAILURE return code instead of 0 or implicit conversion
	to booleans.
2010-03-18 09:21:27 +00:00
nekral-guest 8228f99c36 2010-03-18 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* src/pwck.c: Add support for TCB.
	* src/pwck.c: Use spw_dbname() instead of spw_file since TCB
	changes from a file to another depending on the user. Also use
	pw_dbname() for consistency.
2010-03-18 09:01:04 +00:00
nekral-guest 41b5cc2d20 * src/faillog.c: Re-indent. 2010-03-18 00:07:00 +00:00
nekral-guest d1f5c949a9 * lib/tcbfuncs.c: Re-indent. 2010-03-18 00:06:33 +00:00
nekral-guest 29025e40f4 * lib/tcbfuncs.c: Added brackets and parenthesis. 2010-03-18 00:06:21 +00:00
nekral-guest 1d6673a166 * lib/tcbfuncs.c: Avoid implicit int to mode_t conversion. 2010-03-18 00:05:57 +00:00
nekral-guest fba0a83c03 * lib/tcbfuncs.c: move_dir() and shadowtcb_move() need a non NULL
stored_tcb_user.
2010-03-18 00:05:35 +00:00
nekral-guest 7195eb991d * lib/tcbfuncs.c: Removed dead return. 2010-03-18 00:05:11 +00:00
nekral-guest 9f4653b0df * lib/tcbfuncs.c: Include prototypes.h for the definition of Prog. 2010-03-18 00:04:54 +00:00
nekral-guest 99fbf50fa2 Added splint annotations. 2010-03-18 00:04:33 +00:00
nekral-guest ee15c8717f * lib/tcbfuncs.c: Avoid integer to char conversions. 2010-03-18 00:04:05 +00:00
nekral-guest 37b4c8737f * lib/tcbfuncs.c: Avoid implicit signed to unsigned conversions. 2010-03-18 00:03:48 +00:00
nekral-guest 1d969818fd * lib/tcbfuncs.c: Ignore fflush() return value. 2010-03-18 00:03:29 +00:00
nekral-guest 4ca259adaa * lib/tcbfuncs.c: Include shadowio.h, needed for the
spw_setdbname's prototype.
2010-03-18 00:03:06 +00:00
nekral-guest 11e132c8eb Fix typos. 2010-03-18 00:02:45 +00:00
nekral-guest 8402479e16 * lib/tcbfuncs.c: Do not free path before its last use. 2010-03-18 00:02:17 +00:00
nekral-guest aa35a8e46e Avoid implicit conversion of pointers . 2010-03-18 00:02:02 +00:00
nekral-guest 51d181ca58 * lib/tcbfuncs.c: Avoid implicit conversion of pointers or
integers to booleans.
2010-03-18 00:01:30 +00:00
nekral-guest 1bc0a303dc * lib/tcbfuncs.c: Only FreeBSD specify that the returned buffer is
NULL in case of failure. The return value of asprintf shall be
	checked.
2010-03-18 00:01:00 +00:00
nekral-guest 43211abb65 * lib/commonio.c: Ignore the return value of close when a
failure is reported.
2010-03-18 00:00:05 +00:00
nekral-guest 8acf9cd11d * lib/tcbfuncs.h: Added type shadowtcb_status.
* lib/tcbfuncs.h, lib/tcbfuncs.c: Return a shadowtcb_status
	instead of an int.
	* lib/tcbfuncs.c: Do not return in OUT_OF_MEMORY.
2010-03-17 23:59:55 +00:00
nekral-guest fe71812b1d * lib/commonio.c: Avoid implicit conversion of pointers to
booleans.
	* lib/commonio.c: Ignore the return value of close when a
	failure is reported.
2010-03-17 23:59:47 +00:00
nekral-guest a013f8519b Updated copyright dates. 2010-03-16 19:15:34 +00:00
nekral-guest c0e7dcd2fd * man/faillog.8.xml: Document the behavior in display mode of the
-a option.
	* NEWS, man/faillog.8.xml, src/faillog.c: Extend the -a option to
	the non-display mode. This changes the default behavior of the -l,
	-m, -r, -t options when -a is not specified (restrict to existing
	users).
2010-03-16 19:15:22 +00:00
nekral-guest 5d6c314304 * man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml,
man/pwconv.8.xml, man/useradd.8.xml, man/userdel.8.xml,
	man/usermod.8.xml, man/vipw.8.xml: Document the usage of the
	TCB_AUTH_GROUP, TCB_SYMLINKS, and USE_TCB configuration
	parameters.
	* man/pwconv.8.xml, man/pwck.8.xml: Document the behavior when
	USE_TCB is enabled.
2010-03-16 19:15:05 +00:00
nekral-guest c5fc8dd75d * po/POTFILES.in, lib/tcbfuncs.c: Add more strings for
translation.
	* lib/tcbfuncs.c: Indicate the name of the program in error
	messages. Avoid perror.
	* src/useradd.c: Re-indent.
	* src/useradd.c: Add more strings for translation. Indicate the
	name of the program in error messages.
	* src/userdel.c: Re-indent.
	* src/userdel.c: Add more strings for translation. Indicate the
	name of the program in error messages.
2010-03-16 19:14:54 +00:00
nekral-guest ad694905be * src/usermod.c: user_newname and user_newid cannot be used to
test if the username or ID is changed. lflg and uflg should be
	used instead.
2010-03-16 19:14:37 +00:00
nekral-guest 6c4e2931ef * src/userdel.c: Avoid perror. Give more verbose warnings. 2010-03-16 19:13:53 +00:00
nekral-guest fd39a24b34 Remove generated file. 2010-03-11 22:07:50 +00:00
nekral-guest ccc65bfde7 * man/Makefile.am: Indicate that man/generate_mans.deps is
generated.
2010-03-11 22:04:22 +00:00
nekral-guest f13f60504a * lib/commonio.c: Re-indent.
* lib/commonio.c: Document the sections closed by #endif
	* lib/commonio.c: Added brackets.
	* lib/commonio.c: Avoid implicit conversion of integer to
	booleans.
2010-03-11 22:04:14 +00:00
nekral-guest 33d3e28a7f * src/userdel.c: Re-indent.
* src/userdel.c: Added brackets.
	* src/userdel.c: Avoid implicit conversion of pointers to
	booleans.
2010-03-11 22:04:06 +00:00
nekral-guest 69798dde65 * lib/shadowio.c: Re-indent.
* lib/shadowio.c: Added brackets and parenthesis.
	* lib/shadowio.c: Document the sections closed by #endif
	* lib/shadowio.c: Avoid negation of comparisons.
	* lib/shadowio.c: Avoid implicit conversion of integer to booleans
	and booleans to integers.
2010-03-11 22:03:57 +00:00
nekral-guest ad6730687f * src/useradd.c: Re-indent.
* src/useradd.c: Added brackets.
	* src/useradd.c: Avoid implicit conversion of integers to
	booleans.
	* src/useradd.c: Harmonize error messages.
2010-03-11 22:03:45 +00:00
nekral-guest e7d57e1a77 * src/vipw.c: Document the sections closed by #endif
* src/vipw.c: Avoid implicit conversion of pointers or integers to
	booleans.
	* src/vipw.c: Added brackets and parenthesis.
	* src/vipw.c: Limit the definition of some variables and macros to
	the WITH_TCB scope.
	* src/vipw.c: Avoid assignment in comparisons.
	* src/vipw.c: Replace PASSWD_FILE (resp. GROUP_FILE and
	SGROUP_FILE) by pw_dbname () (resp. gr_dbname () and sgr_dbname ()).
	This is more consistent with the shadow file handling and may be
	useful to allow edition of another partition's files.
2010-03-11 22:03:37 +00:00
nekral-guest f9b8a95b92 * src/usermod.c: Re-indent.
* src/usermod.c: Avoid implicit conversion of pointers to
	booleans.
	* src/usermod.c: Added parenthesis.
2010-03-11 22:03:11 +00:00
nekral-guest 5cd1d6e287 * src/pwunconv.c: Only check USE_TCB if configured WITH_TCB. 2010-03-11 22:02:54 +00:00
nekral-guest 59910c45d5 * src/userdel.c: Re-indent.
* src/userdel.c: Avoid implicit conversion of pointers to
	booleans.
	* src/userdel.c: Document the sections closed by #endif
2010-03-11 22:01:59 +00:00
nekral-guest a8b11f5c18 * src/pwconv.c: Only check USE_TCB if configured WITH_TCB. 2010-03-11 22:01:15 +00:00
nekral-guest d562701538 * libmisc/copydir.c: Added parenthesis. 2010-03-11 22:00:41 +00:00
nekral-guest 9866af3777 2010-02-14 Michael Bunk <mb@computer-leipzig.com>
* NEWS, lib/gshadow.c: Fix parsing of gshadow entries.
2010-03-10 22:30:03 +00:00
nekral-guest 391a384715 2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
	* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
	support TCB.
	* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
	parameter remove_root.
	* configure.in: Add conditional WITH_TCB.
	* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
	remove_tree().
	* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
	* src/vipw.c: Add support for TCB. Update call to remove_tree().
	* src/useradd.c: Add support for TCB. Open the shadow file outside
	of open_files().
	* src/chage.c: Add support for TCB.
	* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
	* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
	man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
	man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
	man/generate_mans.deps, man/Makefile.am: New configuration
	parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
	* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 18:11:13 +00:00
nekral-guest 5ba95d4c53 * libmisc/env.c: Fix sanitize_env() noslash support. This fixes
Alioth#311740. Thanks to Jason Cassell.
2010-01-24 17:23:42 +00:00
nekral-guest 291b28ac52 * src/su.c: Do not sanitize the environment. This breaks
--preserve-environment. This sanitation was disabled on Debian
	since quite some time with no reported issues, and sanitize_env()
	documentation agrees that it should be useless as all modern
	Unixes will handle setuid executables properly. This Fixes
	Alioth#312287.
2010-01-24 17:13:40 +00:00
nekral-guest 0fce70b091 * libmisc/setupenv.c: Fix typo from 2009-11-01. 2010-01-24 17:05:37 +00:00
nekral-guest c5c94a1d2c * configure.in: Add support for TCB in configure.in. Actual TCB
support will follow.
2010-01-24 16:53:15 +00:00
nekral-guest 289913e5ff * NEWS, src/groupmod.c: Fixed groupmod when configured with
--enable-account-tools-setuid.
2009-11-05 22:03:36 +00:00
nekral-guest e770e87035 * NEWS, man/login.defs.d/ENV_SUPATH.xml, libmisc/setupenv.c:
Harmonize other paths and documentation with previous
	change.
2009-11-01 16:59:48 +00:00
nekral-guest 248d5fd870 2009-11-01 Michel Hermier <michel.hermier@gmail.com>
* src/su.c: Set the default ENV_SUPATH to
	/sbin:/bin:/usr/sbin:/usr/bin (i.e. PATH when no ENV_SUPATH is
	specified).
2009-11-01 16:57:59 +00:00
nekral-guest 7fa666b909 2009-10-15 Thorsten Kukuk <kukuk@suse.de>
* src/faillog.c, man/faillog.8.xml: Harmonize long option in code
	and documentation. Use --lock-secs instead of --lock-time.
2009-10-17 20:40:53 +00:00
nekral-guest 27db71370a Indicate new translations. 2009-10-17 20:40:00 +00:00
nekral-guest a632c4047e Changelog police. 2009-10-15 16:50:43 +00:00
bubulle cc873b51c3 Completed Czech translation 2009-10-05 06:11:17 +00:00
bubulle 5c46f26505 Vietnamese translation compelted 2009-09-29 18:11:31 +00:00
bubulle b70e0a466f Czech translation update 2009-09-27 06:23:23 +00:00
bubulle d7ac25f813 French translation update 2009-09-24 20:20:47 +00:00
bubulle 1af98ea784 Vietnamese translation update 2009-09-24 20:18:50 +00:00
nekral-guest 2be243c143 pid_child and kill_child are only used when USE_PAM. 2009-09-08 21:33:14 +00:00
nekral-guest 1e51ab0b23 * lib/commonio.c: Avoid pre-decrement operator (--n). Add some
comments.
	* libmisc/cleanup.c: Fix off by one in an assertion.
2009-09-08 21:00:12 +00:00
nekral-guest a845c67c60 * src/su.c: Fix indentation.
* src/su.c: Add more messages for translation.
	* src/su.c: Ignore kill() return value when sending the TERM
	signal. If it fails, a KILL should be sent anyway.
2009-09-08 20:46:43 +00:00
nekral-guest 756700ddf3 * NEWS, src/su.c: When su receives a signal, wait for the child to
terminate (after sending a SIGTERM), and kill it only if it did
	not terminate by itself. No delay will be enforced if the child
	cooperates. See http://bugs.gentoo.org/282094
	* NEWS, man/su.1.xml: Document su's exit values.
2009-09-08 20:39:15 +00:00
nekral-guest da18e77e9a * src/useradd.c: The default value for the CREATE_MAIL_SPOOL
variable (i.e. if CREATE_MAIL_SPOOL= is specified without any
	values) is "no", not DCREATE_MAIL_SPOOL ("CREATE_MAIL_SPOOL=").
2009-09-08 13:16:58 +00:00
nekral-guest 38e7ec3316 * src/useradd.c: Avoid redefinition of SHELL. Use DSHELL instead.
For consistency, change HOME, INACT, EXPIRE, SKEL, and
	CREATE_MAIL_SPOOL to DHOME, DINACT, DEXPIRE, DSKEL, and
	DCREATE_MAIL_SPOOL.
2009-09-08 13:11:03 +00:00
nekral-guest ee792a8fa1 * src/newusers.c: Prefer #ifdef over #if. 2009-09-08 13:06:57 +00:00
nekral-guest 1f8e2dcda2 * configure.in: We do not use SETPGRP_VOID, and already assume
that setpgrp has a void argument. Remove AC_FUNC_SETPGRP to ease
	cross compiling.
2009-09-08 13:05:59 +00:00
nekral-guest f103e6263d * man/generate_translations.mak, man/generate_mans.mak,
po/Makefile.in.in: Removing and restoring the config.xml file
	broke parallel builds. Build the manpages based on *.xml-config
	files instead of *.xml files.  The *.xml do not include config.xml
	anymore, which permits to run xml2po without needing to remove
	config.xml. The config.xml is restored in the *.xml-config files.
	* man/groupadd.8.xml: Implementation of the above.
	* man/generate_mans.deps: Updated dependencies
2009-09-07 21:49:29 +00:00
nekral-guest 031279dfb2 * libmisc/limits.c: Fix the format to match the unsigned long
variable in argument.
	* libmisc/utmp.c: Fix tests. tmptty is a variable stack. ut_host
	is an array of the ut structure. None of them can be NULL.
2009-09-07 19:50:00 +00:00
nekral-guest 2a58111fc1 Fix typo in the version numbers. 2009-09-07 19:25:07 +00:00
nekral-guest d346c7c6a7 * lib/shadowmem.c: Only copy the required fields of the struct
spwd. (start with the primitive types)
	* lib/shadowmem.c: Avoid memzero() on a possibly NULL pointer.
	* lib/groupmem.c: Only copy the required fields of the struct
	group. (start with the primitive types)
	* lib/groupmem.c: Avoid memzero() on a possibly NULL pointer.
	* lib/groupmem.c: Free gr_mem in addition to its elements.
	* lib/sgroupio.c: The struct sgrp has no primitive types to be
	copied initially.
	* lib/sgroupio.c: Avoid memzero() on a possibly NULL pointer.
	* lib/sgroupio.c: Free sg_mem and sg_add in addition to their
	elements.
	* lib/pwmem.c: Only copy the required fields of the struct
	passwd. (start with the primitive types)
2009-09-07 19:08:10 +00:00
nekral-guest 1a86dc913f * lib/sgroupio.h: Harmonize splint annotations of sgr_locate()
prototype with the one used in its definition.
2009-09-07 18:59:03 +00:00
nekral-guest 1e6b107d99 2009-09-07 Steve Grubb <sgrubb@redhat.com>
* libmisc/copydir.c, lib/shadowmem.c, lib/groupmem.c, lib/pwmem.c:
	Fix some memory leaks.
2009-09-07 18:53:47 +00:00
nekral-guest 8806b07bd2 * src/userdel.c, src/lastlog.c, src/gpasswd.c, src/newusers.c,
src/chpasswd.c, src/groupmems.c, src/usermod.c, src/chgpasswd.c,
	src/vipw.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c,
	src/groupadd.c, src/chage.c, src/faillog.c, src/chsh.c: Use
	booleans for tests.
	* src/userdel.c, src/gpasswd.c, src/groupmems.c, src/usermod.c,
	src/groupmod.c, src/passwd.c: Use a break even after usage().
2009-09-05 22:31:29 +00:00
nekral-guest ff60398b1c Added new TODO item. 2009-09-05 20:26:09 +00:00
nekral-guest 32e2ef34a3 * src/gpasswd.c, src/groupmems.c: Split the groupmems and gpasswd
Usage string. It was changed anyway to add the --help option.
2009-09-05 20:25:40 +00:00
nekral-guest 91b60a955c * NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
	src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
	src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
	src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
	the usage should not go to stderr nor should the utility exit with
	non-zero status. All of the shadow utils do just this
	unfortunately, so convert them over to sanity.
	* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-04 23:02:33 +00:00
nekral-guest 3d10e75117 * src/useradd.c: Fixed wrong format string.
* lib/gshadow.c: Removed declaration of unused variable.
2009-09-04 22:09:58 +00:00
nekral-guest 915e78ee2d * man/generate_mans.mak, man/generate_translations.mak: Provide an
useful error message when --enable-man is not enabled and the
	translated manpages are not generated.
2009-08-30 19:46:54 +00:00
nekral-guest 9031103c24 * man/login.defs.d/ENCRYPT_METHOD.xml: Avoid using sub-lists. They
break the groff formatting.
2009-08-21 15:02:32 +00:00
nekral-guest 3db03960be * po/fr.po: Fix typos, based on reviews by the Debian French
translation team.
2009-08-14 21:12:15 +00:00
bubulle afa1c65d32 Complete French translation 2009-07-27 22:35:13 +00:00
bubulle 41aa36a0a3 French translation update 2009-07-25 17:23:19 +00:00
nekral-guest e568b9e435 * NEWS, configure.in: Prepare for the next release 4.1.4.2.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
	* po/*.po, man/po/*.po: Updated PO files.
2009-07-24 01:13:21 +00:00
nekral-guest 36ef489fe1 * configure.in: Fixed definition of the SHELL configuration. 2009-07-23 21:02:03 +00:00
nekral-guest 65741533ca * etc/login.defs: SYS_GID_MIN /SYS_UID_MIN changed from 100 to
101. GID 100 seems to be used statically.
2009-07-23 20:41:35 +00:00
nekral-guest 93ce5304fe Added a TODO item for /etc/defautl/useradd 2009-07-23 19:40:53 +00:00
nekral-guest 355e31d19d Added one todo item. 2009-07-23 19:40:00 +00:00
nekral-guest 24cfe44b07 * libmisc/shell.c, src/su.c: Execute the scripts with "sh -"
rather than "sh".
2009-07-22 13:35:57 +00:00
nekral-guest db38a728d1 * configure.in, libmisc/shell.c, libmisc/setupenv.c, src/newgrp.c,
src/su.c: Let the system shell be configurable.
2009-07-22 13:30:06 +00:00
nekral-guest 4ad827768e * NEWS, src/su.c, libmisc/shell.c: Added support for shells being a
shell script without a shebang.
2009-07-20 14:00:50 +00:00
bubulle b04c2d7e99 And fix a typo in French..:) 2009-07-19 11:54:44 +00:00
bubulle cb550dae17 Fix obvious mistake in Dutch translation 2009-07-19 11:53:49 +00:00
nekral-guest 56c7096000 2009-07-18 Peter Vrabec <pvrabec@redhat.com>
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Since
	system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
	reverse order, accounts are packed close to SYS_?ID_MAX if
	SYS_?ID_MIN is already used but there are still dome gaps.
2009-07-18 00:35:35 +00:00
nekral-guest b0bcb01888 * NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not use
getpwent / getgrent for system accounts. Trying the low-IDs with
	getpwuid / getgrgid should be more efficient on LDAP configured
	systems with many accounts.
2009-07-17 22:54:23 +00:00
nekral-guest f7257fafe1 * po/eu.po: Updated Basque translation. 2009-07-05 20:13:41 +00:00
nekral-guest 616ed68b48 * man/fi/Makefile.am: Stop distributing the Finnish translation of
passwd.1 (outdated).
2009-06-22 19:23:42 +00:00
nekral-guest 7e96d749e4 * man/pwck.8.xml: The shadow file is optional.
* man/pwck.8.xml: Updated description of the checks. Added
	description of the shadow checks.
	* man/pwck.8.xml: Updated description of the checks.
2009-06-20 13:02:33 +00:00
nekral-guest 885692e3c5 * man/po/fr.po: Fixed typo (forunis) 2009-06-14 12:47:41 +00:00
nekral-guest bbb2a1522f * lib/fputsx.c: Compare the result of fgets() with the provided
buffer instead of NULL.
2009-06-12 20:20:45 +00:00
nekral-guest ae00a3579c * lib/gshadow.c: Removed limitation on the length of the gshadow
lines.
	* lib/gshadow.c: Compare the result of fgetsx() with the provided
	buffer instead of NULL.
2009-06-12 17:50:24 +00:00
nekral-guest fa69d08d13 * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c,
libmisc/xgetpwuid.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Do
	not limit the size of the buffer to hold the group or user
	structure. It used to be limited to 16k, which caused issues with
	groups having many users.
2009-06-11 21:33:00 +00:00
nekral-guest 7d5d9c1841 * src/su.c, man/su.1.xml: The default behavior (without -p or
--login) is to copy most of the environment variables. Revert a
	previous change and update the documentation.
2009-06-11 20:01:21 +00:00
nekral-guest 80907f451b * man/passwd.5.xml, man/shadow.5.xml: Document the passwd- and
shadow- files.
2009-06-06 11:21:15 +00:00
nekral-guest f4f6300499 * NEWS, src/su.c: Preserve the DISPLAY and XAUTHORITY environment
variables, even with --login. This was not the case before in the
	PAM version.
2009-06-05 22:19:38 +00:00
nekral-guest d6f18c207e * src/useradd.c, src/groupmod.c, src/groupadd.c, src/faillog.c:
Fix typos. Take this opportunity to split the usage messages into
	smaller messages (one per option).
	* src/pwck.c: Fix typo.
2009-06-05 22:16:56 +00:00
nekral-guest 35c0b2cb47 * man/passwd.1.xml: The short option for --mindays is -n, not -m. 2009-06-05 21:14:12 +00:00
nekral-guest d07e4b8e32 Updated previous documentation of the environment variables handling. 2009-06-04 20:47:50 +00:00
nekral-guest 0762426c4d * .gitignore, man/.gitignore, src/.gitignore: Added .gitignore
files.
2009-06-04 20:08:11 +00:00
nekral-guest 5cd975acbf * man/su.1.xml: Use <option> for the login.defs options.
* man/su.1.xml: Improve the documentation of the su behavior
	regarding environment variables.
	* man/su.1.xml: Document that the login.defs file is used.
2009-06-04 17:28:09 +00:00
nekral-guest ae69e6da5a * man/login.1.xml: Document that the login.defs file is used. 2009-06-04 17:25:18 +00:00
nekral-guest 647c22c85a * man/login.defs.d/ENVIRON_FILE.xml: Document the format for
comments.
2009-06-04 17:23:08 +00:00
nekral-guest 1edc2153bb * man/gpasswd.1.xml: Ease the translation of the refpurpose.
* man/gpasswd.1.xml: Fix typo, shorten sentences.
2009-05-26 19:23:40 +00:00
nekral-guest bf56a7097e * man/pwck.8.xml, man/grpck.8.xml: Move the SEE ALSO section at
the end.
2009-05-26 17:00:58 +00:00
nekral-guest a6418fb0df * src/vipw.c: Make sure opened files are closed. 2009-05-25 19:51:23 +00:00
nekral-guest 401d72d609 * man/chpasswd.8.xml, man/grpck.8.xml, man/newgrp.1.xml,
man/passwd.1.xml, man/sg.1.xml: Avoid a spurious comma.
2009-05-25 19:41:43 +00:00
nekral-guest a1352582df * man/passwd.1.xml: Avoid a spurious comma. 2009-05-25 19:29:19 +00:00
nekral-guest 2e239f44cf * NEWS: New placeholder for the next release. 2009-05-25 19:26:31 +00:00
nekral-guest 5b22b11454 * po/fr.po: Updated French translation. 2009-05-22 13:53:18 +00:00
nekral-guest 91d5c24f58 * NEWS: Prepare the next release.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
	* po/*.po, man/po/*.po: Updated PO files.
	* man/passwd.1.xml: passwd -u does not reset the expiry field.
2009-05-22 13:50:45 +00:00
nekral-guest e9a8ffbb51 re-indent. 2009-05-22 13:32:26 +00:00
nekral-guest 1b9b5ec306 * man/po/fr.po: Updated some strings. 2009-05-22 13:31:18 +00:00
nekral-guest f596cd113c * NEWS, src/newgrp.c: Return the exit status of the child. Thanks
to Lionel Elie Mamane.
2009-05-22 11:10:02 +00:00
nekral-guest 2e075ad91b * NEWS, src/newgrp.c: Return the exit status of the child. Thanks
to Lionel Elie Mamane.
2009-05-22 11:08:46 +00:00
nekral-guest fd55bd5d4a * src/usermod.c: Added warnings for absolute symlinks which could
be broken by rename().
2009-05-22 10:42:51 +00:00
nekral-guest 604c7d72d9 * NEWS, src/userdel.c: Report errors to remove the user's mailbox.
* NEWS, src/userdel.c: When USERGROUPS_ENAB is enabled, remove the
	user's group when the user was the only member. This is still not
	complete, as the user could have been specified twice in the
	members.
	* NEWS, src/userdel.c: Do not fail when -r is used and the home
	directory does not exist.
2009-05-22 10:41:10 +00:00
nekral-guest 738ebc04b9 * libmisc/copydir.c: Added warning for relative symlinks.
* libmisc/copydir.c (remove_tree): There is no need to check if
	the root argument exist. opendir() will report this.
2009-05-22 10:16:12 +00:00
nekral-guest 8dfd253b9c * man/faillog.8.xml: Minor updates. 2009-05-21 14:04:53 +00:00
nekral-guest 2a08642cdc * man/faillog.5.xml: Split a long paragraph. Typo fixes. 2009-05-21 14:01:16 +00:00
nekral-guest 3aa2765d59 * man/gpasswd.1.xml: Minor updates. 2009-05-21 13:54:45 +00:00
nekral-guest 12235612b5 * man/gshadow.5.xml: Updated documentation. 2009-05-21 13:53:56 +00:00
nekral-guest 39b17ee5d5 * man/usermod.8.xml, man/userdel.8.xml, man/useradd.8.xml:
Harmonize formatting of login.defs and default/useradd variables.
	Use an <option> tag.
	* man/usermod.8.xml: Added reference to gshadow(5).
	* man/login.defs.d/USERDEL_CMD.xml: Shorten the lines of the
	USERDEL_CMD example.
2009-05-21 12:02:12 +00:00
nekral-guest 37bda83dfc * src/su.c: Use a boolean instead of 0. 2009-05-21 11:58:59 +00:00
bubulle 16ea6678ef msgcat + leave Jean-Luc as translator 2009-05-20 05:40:31 +00:00
bubulle a7118480af French translation update 2009-05-20 05:39:40 +00:00
nekral-guest 41705d4532 * man/usermod.8.xml: Fixed typos. 2009-05-19 22:28:34 +00:00
nekral-guest b98658bd11 * configure.in: Next version will be 4.1.4.1. 2009-05-19 22:19:41 +00:00
nekral-guest 50916c195b * man/newusers.8.xml: Added notes regarding the ownership of
files.
2009-05-19 22:17:55 +00:00
nekral-guest a61ecc3177 Added FIXMEs. 2009-05-19 22:12:27 +00:00
nekral-guest 627ebe09ed * man/groupmod.8.xml: Split the -g option description into smaller
paragraphs.
2009-05-19 22:00:14 +00:00
nekral-guest 2adab29e61 * man/usermod.8.xml: Ownership of the mailbox is also changed with
the -u option.
2009-05-19 21:57:04 +00:00
nekral-guest fb41fb8c46 * man/useradd.8.xml: When no passwords are provided, the password
is disabled, not the account.
2009-05-19 21:37:53 +00:00
nekral-guest 738eac8669 * man/newusers.8.xml, man/chpasswd.8.xml, man/useradd.8.xml,
man/groupadd.8.xml, man/usermod.8.xml, man/chgpasswd.8.xml,
	man/groupmod.8.xml: Added warning: passwords set with these tools
	may not respect the password policy.
2009-05-19 21:29:26 +00:00
nekral-guest 82afbc40ce * man/groupadd.8.xml: Fixed formatting issue. 2009-05-19 20:32:48 +00:00
nekral-guest 00694672cd * man/groupdel.8.xml: Move the warning on filesystems checks to
the CAVEAT section.
2009-05-19 20:31:45 +00:00
nekral-guest fa2afc96ac This was meant for the previous man/userdel.8.xml commit:
* man/userdel.8.xml: Added warning for files that could remain
	owner by the removed user.
2009-05-19 20:31:02 +00:00
nekral-guest 42cb56a3a0 * man/useradd.8.xml: Fix formatting typo. 2009-05-19 20:26:56 +00:00
nekral-guest b5e7ede8b7 * man/groupdel.8.xml: Move the warning on filesystems checks to
the CAVEAT section.
2009-05-19 20:26:28 +00:00
nekral-guest c859ad91c4 Added missing return value. 2009-05-18 22:46:13 +00:00
nekral-guest 5dead2b296 * man/login.defs.d/GID_MAX.xml: Fixed typo. useradd was specified
twice.
2009-05-18 22:45:39 +00:00
nekral-guest 6573e0175f * man/groupadd.8.xml, man/useradd.8.xml: names may also contain
digits.
2009-05-18 22:43:59 +00:00
nekral-guest 96816f495e * man/shadow.5.xml: What is important in shadow is not the
encryption, but that the file is not world readable.
2009-05-18 22:40:57 +00:00
nekral-guest 9f13b4fdaa * man/po/fr.po: Updated French translation. Thanks to ABBAS
Belkacem for the login.defs update.
2009-05-18 22:39:48 +00:00
nekral-guest 5f143879df * man/usermod.8.xml: Split the CAVEAT section in paragraphs.
Updated information on the user_busy check.
2009-05-18 19:18:29 +00:00
nekral-guest 785231657c * man/userdel.8.xml: Document that -f forces the deletion of a
busy user.
2009-05-18 18:53:23 +00:00
nekral-guest b9ecd1cf42 * NEWS, src/usermod.c: Check if the user is busy when the user's
UID, name or home directory is changed.
2009-05-18 18:37:16 +00:00
nekral-guest 4a4549c49b * src/userdel.c, libmisc/user_busy.c, libmisc/Makefile.am,
lib/prototypes.h: Move user_busy() to libmisc/user_busy.c.
	* NEWS, libmisc/user_busy.c: On Linux, do not check if an user is
	logged in with utmp, but check if the user is running some
	processes. If not on Linux, continue to search for an utmp record,
	but make sure the process recorded in the utmp entry is still
	running.
2009-05-18 18:32:17 +00:00
nekral-guest 3e85eafb4c * man/usermod.8.xml: Document the -m/--move-home option. 2009-05-18 18:28:06 +00:00
nekral-guest e3343c1d9b * src/userdel.c (user_busy): Check if the process registered in
utmp is still running. This avoids rejecting the removal of an
	user when UTMP was not updated and indicate that the user is still
	logged in.
2009-05-17 16:27:29 +00:00
nekral-guest 297141c6c4 re-indent. 2009-05-17 16:02:35 +00:00
nekral-guest 589a773f7e Document the changes in 4.1.4.1:
- login
  * Fix failures with empty usernames on non PAM versions.
  * Fix CONSOLE (securetty) support on non PAM versions.
2009-05-16 18:27:13 +00:00
nekral-guest f634cd3e2c * libmisc/console.c (console): Remove the leading /dev/ from the
tty before comparing with the lines specified by CONSOLE.
	* src/su.c: Do not remove the /dev/ prefix since it is done by
	console().
2009-05-16 18:19:24 +00:00
nekral-guest 8eaa6f8b4c * man/login.defs.d/CONSOLE.xml: Document the format of the CONSOLE
file.
2009-05-16 17:08:44 +00:00
nekral-guest 9ee294ba70 * src/login.c: Fix failure of non PAM enabled versions when an
empty username is entered after a first prompt.
2009-05-16 15:43:13 +00:00
nekral-guest d945d61e42 * src/passwd.c: Added missing end of line at the end of success
messages.
2009-05-16 15:39:01 +00:00
nekral-guest f8f0886248 * po/fr.po: Fixed typo in the vipw usage string. 2009-05-16 15:38:00 +00:00
nekral-guest 87bb724151 * libmisc/shell.c: Removed invalid code that executed the user's
shell as a shell script when the direct execution of the user's
	shell failed with ENOEXEC and the user's shell has a shebang. The
	interpreter might not be the right one.  Executing the user's
	shell with sh -c might be better, but I'm not sure we should try
	harder when there is a failure. Note: The removed code was only
	included #ifndef __linux__.
2009-05-12 20:01:41 +00:00
nekral-guest 205e8b5137 * man/userdel.8.xml: The USERGROUPS_ENAB group may not be removed
when the group is used by other users, not the user.
2009-05-12 19:25:26 +00:00
nekral-guest a9b8fdc3c9 * src/userdel.c, man/login.defs.d/USERDEL_CMD.xml: Move the
USERDEL_CMD script example from the source code to the
	documentation.
2009-05-12 19:23:46 +00:00
nekral-guest 321e3ed02c * man/newusers.8.xml: PAM enabled version: describe how passwords
are updated and how newusers behave in case of error.
2009-05-11 19:29:38 +00:00
nekral-guest 63e6dc6b11 * NEWS, configure.in: New release will be 4.1.4.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
	* po/*.po, man/po/*.po: Updated PO files.
2009-05-10 20:02:21 +00:00
nekral-guest a96a8861dd Fix compilation warnings. 2009-05-10 18:26:33 +00:00
nekral-guest 24875bb422 * libmisc/copydir.c: Added prototype of readlink_malloc(), and
readlink_malloc() changed to static.
2009-05-10 18:21:58 +00:00
nekral-guest 74073db5db * src/su.c: Avoid redeclaration of root_pw. 2009-05-10 18:20:41 +00:00
nekral-guest fe0a5b6ee3 Added Changelog and NEWS entry for the French and Japanese translations. 2009-05-10 17:10:44 +00:00
bubulle 12875d2687 French translation update 2009-05-10 16:42:43 +00:00
bubulle 489432d742 Japanese translation received directly from NAKANO Takeo 2009-05-10 16:42:17 +00:00
nekral-guest 750093a3ed * lib/commonio.c: Avoid PATH_MAX. On glibc, we can use realpath
with a NULL argument.
	* src/useradd.c: Replace PATH_MAX by a fixed constant. The buffer
	was not meant as a storage for a path.
	* src/useradd.c, src/newusers.c, src/chpasswd.c: Better detection
	of fgets errors. Lines shall end with a \n, unless we reached the
	end of file.
	* libmisc/copydir.c: Avoid PATH_MAX. Support file paths with any
	length. Added readlink_malloc().
2009-05-10 13:49:03 +00:00
nekral-guest a01499179f * src/pwck.c: Warn if an user has an entry in passwd and shadow,
and the password field in passwd is not 'x'.
	* src/grpck.c: Warn if a group has an entry in group and gshadow,
	and the password field in group is not 'x'.
2009-05-09 21:20:54 +00:00
nekral-guest 6ba7fd7d13 Fix typo. 2009-05-09 13:38:51 +00:00
nekral-guest 1737e6e0ec Added notes about updated translations. 2009-05-09 13:16:17 +00:00
nekral-guest 3f649c5504 * man/login.defs.d/ENCRYPT_METHOD.xml,
man/login.defs.d/MD5_CRYPT_ENAB.xml,
	man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM
	enabled versions. These variables are only used for group
	passwords in this case.
2009-05-09 13:16:10 +00:00
nekral-guest 9bdcf8fa15 * man/chpasswd.8.xml: Sorted options alphabetically. 2009-05-09 13:16:03 +00:00
nekral-guest 7f9e196903 * NEWS, src/newusers.c, src/Makefile.am: Added support for
changing the passwords with PAM.
	* src/newusers.c: Split the usage string in smaller parts to
	allow enabling single parts.
	* man/newusers.8.xml: Indicate the options and configuration
	variables valid for PAM and non-PAM versions.
	* man/newusers.8.xml: Added pointer to /etc/pam.d/chpasswd.
2009-05-09 13:15:57 +00:00
nekral-guest 8bcb2c1e71 Sort entries alphabetically. 2009-05-09 13:15:51 +00:00
nekral-guest 79db09da98 * src/userdel.c: Remove duplicate definitions of exit codes. 2009-05-09 13:15:44 +00:00
nekral-guest 8f64190223 Fix typos. 2009-05-09 13:15:38 +00:00
nekral-guest ce684e236c Fix typo. 2009-05-09 13:15:32 +00:00
nekral-guest d1534c53f7 * libmisc/non_interactive_pam_conv.c,
libmisc/pam_pass_non_interractive.c, libmisc/Makefile.am: Renamed.
	* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
	non_interactive_password and non_interactive_pam_conv do not need
	to be externally visible.
	* libmisc/pam_pass_non_interractive.c: Added declaration of
	ni_conv.
	* libmisc/pam_pass_non_interractive.c: Only compile ifdef USE_PAM.
	* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
	Added do_pam_passwd_non_interractive().
	* src/chpasswd.c: Use do_pam_passwd_non_interractive().
2009-05-09 13:15:25 +00:00
nekral-guest 19b672c3a4 * libmisc/pam_pass.c: Removed comment regarding pam_misc. This is
checked by configure.in.
2009-05-09 13:15:17 +00:00
nekral-guest a979e7d14d * man/login.defs.5.xml: PAM enabled chpasswd do not use any
configuration variable from login.defs.
2009-05-09 13:15:10 +00:00
nekral-guest 4654150518 * man/passwd.1.xml: Differentiate the files used for PAM and
non-PAM versions.
2009-05-09 13:15:03 +00:00
nekral-guest 0921785ca2 * man/chpasswd.8.xml: Describe how chpasswd in case of error.
* man/chpasswd.8.xml: Describe the PAM enabled chpasswd behavior.
	* man/chpasswd.8.xml: Differentiate the files and configurations
	needed for PAM and non PAM versions.
2009-05-09 13:14:56 +00:00
nekral-guest b60e8b6b45 * src/login.c: failcount does not need to be signed. 2009-05-09 13:14:50 +00:00
nekral-guest 538336a332 * src/Makefile.am: PAM enabled chpasswd now needs to be linked to
the PAM library, even if --enable-account-tools-setuid is not
	used.
2009-05-09 13:14:44 +00:00
nekral-guest 5c1279d803 * src/chpasswd.c: Added the line number when an error is reported
instead of only the username.
	* src/chpasswd.c: PAM enabled chpasswd do may change the password
	database (for the user where the password update succeeded) even
	if there were a failure for one user. Do not indicate that changes
	were ignored.
2009-05-09 13:14:37 +00:00
nekral-guest 61939960cc * src/passwd.c: Exit immediately when unlocking a password would
result in a passwordless account. This avoid printing a success
	message after the warning.
2009-05-09 13:14:31 +00:00
nekral-guest ee7af4d7e2 * src/nologin.c: Include <stdlib.h> to get EXIT_FAILURE. 2009-05-09 13:14:23 +00:00
bubulle b8355dba15 Russian completed 2009-05-09 05:57:18 +00:00
bubulle 5d661e366b Russian translation update 2009-05-08 17:22:15 +00:00
bubulle 787fbd3fab Completed German translation 2009-05-08 17:19:15 +00:00
bubulle c671c3a738 German translation update 2009-05-07 17:48:51 +00:00
nekral-guest 69fe59a632 * NEWS, configure.in: Fix build failure on non-PAM enabled system
when --without-pam is not specified.
2009-05-03 22:46:26 +00:00
nekral-guest ba65b06b4a * lib/commonio.c: Ignore teh return values of fclose() and
unlink() in case of failure of fopen_set_perms() or
	create_backup().
	* lib/commonio.c: Should the backup file be unlink'ed in case of
	failure of create_backup()?
2009-04-30 21:53:54 +00:00
nekral-guest 4da0573bf7 * lib/getulong.c: Added splint annotations. 2009-04-30 21:44:35 +00:00
nekral-guest 4e75bb57bb * src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
	src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
	src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
	src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
	src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
	* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
	src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
	src/sulogin.c, src/usermod.c: Use return instead of exit at the
	end of main().
	* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
	exit codes.
	* src/chpasswd.c: Added missing ||.
	* src/nologin.c: Do not include exitcodes.h.
	* src/nologin.c: Added brackets.
	* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 21:39:38 +00:00
nekral-guest c527c0196b * libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c,
lib/get_uid.c: Added splint annotations.
2009-04-30 21:12:33 +00:00
nekral-guest a326ffa435 * lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs.
* libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c,
	src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c,
	src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c,
	libmisc/limits.c: Return EXIT_FAILURE instead of 1, and
	EXIT_SUCCESS instead of 0.
	* libmisc/audit_help.c: Replace an fprintf() by fputs().
	* libmisc/audit_help.c: Remove documentation of the audit_logger
	returned values. The function returns void.
	* libmisc/system.c: Only return status if waitpid succeeded.
	Return -1 otherwise.
2009-04-30 21:08:49 +00:00
nekral-guest 0f448edf19 Fix some splint warnings.
Rmove debug code.
2009-04-28 22:01:20 +00:00
nekral-guest 9b6b06cd03 Restore string. 2009-04-28 21:46:06 +00:00
nekral-guest d7d0b06a41 * NEWS, src/chpasswd.c: Added support for changing the passwords
with PAM.
	* src/chpasswd.c: Split the usage string in smaller parts to
	allows enabling single parts.
	* src/chpasswd.c: Do not set a global lock on the password files.
	This is done by PAM each time a password is updated.
2009-04-28 21:45:38 +00:00
nekral-guest 72fa8afa07 * lib/defines.h: Include <utmpx.h> and <utmp.h> to define
USER_NAME_MAX_LENGTH.
2009-04-28 21:01:20 +00:00
nekral-guest 1e75786616 * src/login.c: Change a snprintf() to strncpy(). There are no
format.
2009-04-28 20:59:31 +00:00
nekral-guest 1db4402dbb Re-indent, reformat #ifndef blocks. 2009-04-28 20:55:10 +00:00
nekral-guest 59e1947950 * src/passwd.c: Harmonize status report at the end of passwd.
Prefix the messages with "passwd: ", only indicate a password
	change if the password was actually changed, and password
	properties changed otherwise.
2009-04-28 20:46:35 +00:00
nekral-guest f8b8aaf5e4 * src/chgpasswd.c, src/newusers.c: There is no need to test for 0
after getopt_long. No options have flag != NULL.
2009-04-28 20:10:18 +00:00
nekral-guest 613dc54ac5 * src/newusers.c: There is no need to test for 0 after
getopt_long. No options have flag != NULL.
2009-04-28 20:08:30 +00:00
nekral-guest a1591f77e8 * libmisc/Makefile.am, lib/prototypes.h,
libmisc/non_interactive_pam_conv.c: Added
	non_interactive_pam_conv() and non_interactive_password.
2009-04-28 20:07:24 +00:00
nekral-guest 102253834a * lib/prototypes.h: Replace #if by #ifdef
* lib/prototypes.h, libmisc/non_interactive_pam_conv.c: Added
	non_interactive_pam_conv() and non_interactive_password.
2009-04-28 20:06:46 +00:00
nekral-guest dd85562fac * libmisc/utmp.c, src/userdel.c, src/logoutd.c: Replace #if by #ifdef 2009-04-28 20:03:23 +00:00
nekral-guest 90cc7f0f1d * src/vipw.c: Harmonize messages. 2009-04-28 19:26:27 +00:00
nekral-guest bb00d1630a * src/lastlog.c: Replace atoi() by getulong(). 2009-04-28 19:25:15 +00:00
nekral-guest a5188d2f05 * libmisc/failure.h: Replace HAVE_UTMPX_H by USE_UTMPX. 2009-04-28 19:19:33 +00:00
nekral-guest 6547cbda6f * libmisc/rlogin.c: Replace atoi() by getulong(). 2009-04-28 19:17:21 +00:00
nekral-guest 79919f184c * libmisc/failure.c: Replace HAVE_UTMPX_H by USE_UTMPX. 2009-04-28 19:14:50 +00:00
nekral-guest e6b23e1431 * libmisc/chkname.c: Do not include <utmp.h> and <utmpx.h>. There
are no more needed.
2009-04-28 19:14:05 +00:00
nekral-guest b0c0a94c66 * libmisc/limits.c: Replace strtol() by getlong().
* libmisc/limits.c: Replace HAVE_UTMPX_H by USE_UTMPX.
2009-04-28 19:12:48 +00:00
nekral-guest 76b51939aa * man/groupmod.8.xml, man/usermod.8.xml, man/groupadd.8.xml,
man/useradd.8.xml: Added note to warn about insecurity in using
	--password.
	* man/groupmod.8.xml: Removed not regarding default if --password
	is not used. This was a cut&paste from groupadd.8.xml.
	* man/passwd.1.xml: Split some paragraphs.
	* man/passwd.1.xml: Recommend other encryption methods than DES.
2009-04-27 20:29:43 +00:00
nekral-guest 91fc51387c * src/login.c: Move update_utmp() after the PID or session ID
changed in order to get more accurate data in UTMP. This also
	fixes "exec login" when login in installed setuid.
2009-04-27 20:25:23 +00:00
nekral-guest 009125484e * src/login.c: Reuse a string and avoid an untranslated message
"Login incorrect".
2009-04-27 20:21:48 +00:00
nekral-guest 8112a12521 * src/login.c: Replace HAVE_UTMPX_H by USE_UTMPX.
* src/login.c: Avoid name clash between global variables and the
	update_utmp() arguments.
2009-04-27 20:20:37 +00:00
nekral-guest 69307a1f2b * src/groupadd.c, lib/commonio.c, lib/groupio.c: Added missing
include of <assert.h>
2009-04-27 20:18:00 +00:00
nekral-guest e68e07d095 * src/groupadd.c: Added missing include of <assert.h> 2009-04-27 20:16:04 +00:00
nekral-guest 851245107d * lib/prototypes.h: Replace HAVE_UTMPX_H by USE_UTMPX.
* lib/prototypes.h, libmisc/log.c: Added splint annotations.
	* libmisc/log.c: Added SYSLOG warning when lseek fails (should not
	happen).
2009-04-27 20:15:09 +00:00
nekral-guest e88d1f5803 * libmisc/mail.c, libmisc/copydir.c: Added missing include of
<assert.h>
2009-04-27 20:09:18 +00:00
nekral-guest 988f7334ad * libmisc/env.c: Added assertions on the snprintf results. 2009-04-27 20:07:59 +00:00
nekral-guest 80fd2969c9 * libmisc/utmp.c: Replace HAVE_UTMPX_H by USE_UTMPX.
* libmisc/utmp.c: Removed old comment on HAVE_STRUCT_UTMP_UT_ID
	and UTMPX support.
2009-04-27 20:06:25 +00:00
nekral-guest 13b74243a6 * NEWS, configure.in: Added configure option --enable-utmpx,
disabled by default. This defines USE_UTMPX, which should be used
	instead of HAVE_UTMPX_H.
2009-04-27 20:03:48 +00:00
nekral-guest c7035dbe9c * man/po/fr.po: Fix typo. 2009-04-27 19:56:34 +00:00
nekral-guest 8f78169a52 * src/newgrp.c: Close the databases before changing the UDI and
GID.
2009-04-26 17:11:38 +00:00
nekral-guest 5766499b85 * libmisc/myname.c: Updated splint annotations. 2009-04-26 17:10:49 +00:00
nekral-guest 4fd672c5b9 * lib/commonio.c: Added splint annotations.
* lib/commonio.c: old_context should be local to commonio_close(),
	not global.
2009-04-26 16:48:51 +00:00
nekral-guest fca3b5cdc9 * src/passwd.c: Do not freecon strings duplicated with strdup.
Also avoid allocation of memory.
	* src/passwd.c: Use SYSLOG instead of syslog.
2009-04-26 16:44:54 +00:00
bubulle 8fa9bedcf7 Updated Czech translation 2009-04-26 12:26:10 +00:00
nekral-guest 44869516d3 Updated splint annotations. 2009-04-25 15:18:49 +00:00
nekral-guest 06d5369fdb Updated splint annotations. 2009-04-25 14:16:22 +00:00
nekral-guest 71f7f777ec * lib/commonio.c: Do not assumes eptr is always notnull.
Updated splint annotations.
2009-04-25 13:41:52 +00:00
nekral-guest 3a37388d43 Updated splint annotations. 2009-04-25 13:13:50 +00:00
nekral-guest 4c1d96e8e0 * lib/commonio.h, lib/commonio.c: Added splint annotations. 2009-04-25 12:43:27 +00:00
nekral-guest f9bd143012 * NEWS, po/pt.po: Updated Portuguese translation. 2009-04-25 11:06:35 +00:00
nekral-guest 98e42fa944 * libmisc/copydir.c: Added splint annotations.
* libmisc/copydir.c: Added assert to help splint.
	* libmisc/copydir.c: Free allocated structures in cas of failure.
	* libmisc/copydir.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/copydir.c: Use buffers of size PATH_MAX instead of 1024
	for filenames.
	* libmisc/copydir.c: Use fchmod and fchown to change the mode of
	the opened file.
	* libmisc/copydir.c: Indicate the mode to open(), even if we chmod
	later.
2009-04-24 23:41:28 +00:00
nekral-guest ab6c366668 * lib/prototypes.h: Added prototypes of getulong() and get_pid().
* lib/prototypes.h: Added splint annotations.
2009-04-24 23:35:57 +00:00
nekral-guest fc656ad7bd * lib/commonio.c: Use get_pid() instead of strtol.
* lib/commonio.c: Replace an int by a size_t.
2009-04-24 23:35:01 +00:00
nekral-guest 1353c71054 * lib/commonio.h: Added splint annotations. 2009-04-24 23:33:47 +00:00
nekral-guest 566fbac1ef * lib/sgroupio.c: Free allocated structures on failure.
* lib/sgroupio.c: Added splint annotations.
2009-04-24 23:32:52 +00:00
nekral-guest 496002abc9 * lib/Makefile.am, lib/get_pid.c, lib/getulong.c: Added get_pid()
and getulong().
2009-04-24 23:28:15 +00:00
nekral-guest e8dd48ac09 * lib/getlong.c: Do not check for NULL string but empty string. 2009-04-24 23:27:12 +00:00
nekral-guest 08b4253001 * lib/groupio.c: Updated splint annotations.
* lib/groupio.c: Added assert to help splint.
2009-04-24 23:26:31 +00:00
nekral-guest 1a87c69854 * src/useradd.c: Check assumptions on snprintf().
* src/useradd.c: Replace peror by an strerror and avoid an
	intermediate buffer.
	* src/useradd.c: Save errno between the failure and the report by
	perror/strerror.
	* src/useradd.c: Prefer xmalloc to malloc.
2009-04-24 23:23:51 +00:00
nekral-guest 861773bf77 * src/lastlog.c: Remove function calls from within assert(). 2009-04-24 23:05:29 +00:00
nekral-guest 01e88bda16 * libmisc/obscure.c: Change some int to size_t. 2009-04-24 23:04:27 +00:00
nekral-guest 5e45ac1688 * libmisc/console.c: Use a less disturbing construct for splint. 2009-04-24 23:03:14 +00:00
nekral-guest 10396f9536 * libmisc/limits.c: Parse the limits, umask, nice, maxlogin, file
limit with getlog() / getulong(). This also means, in case of
	non-PAM enabled systems, that the umask specified on the GECOS
	fields should start with a 0 if specified in octal. (it used to be
	force to octal). Do the appropriate cast and range checking.
2009-04-24 22:56:42 +00:00
nekral-guest 0c571784a3 * libmisc/salt.c: In case gettimeofday() fails, get some entropy
from the PID.
2009-04-24 22:49:20 +00:00
nekral-guest 7646230de2 * libmisc/setupenv.c: Prefer snprintf to sprintf, even if a small
context indicates no issues.
	* libmisc/setupenv.c: Avoid implicit conversion of pointers to
	booleans.
2009-04-24 22:46:06 +00:00
nekral-guest 42e72c418d * libmisc/loginprompt.c: Prefer snprintf to sprintf, even if a
small context indicates no issues.
2009-04-24 22:27:58 +00:00
nekral-guest 37eec13774 * src/faillog.c: Remove function calls from within assert(). 2009-04-24 22:27:09 +00:00
nekral-guest f28f5f3af4 * libmisc/mail.c: Ignore the return value of puts().
* libmisc/mail.c: Prefer snprintf to sprintf, even if a small
	context indicates no issues.
2009-04-24 22:22:57 +00:00
nekral-guest 6e357e14fc * lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h,
lib/pwio.c, lib/pwio.h, lib/shadowio.c, lib/shadowio.h: Added
	splint annotations. The *_locate() and *_next() functions
	currently return an observer. As the structure are often modified
	by the caller, it could maybe be changed to exposed later. (and
	non-const).
2009-04-23 21:19:02 +00:00
nekral-guest d0d01ffb00 * lib/pwauth.c: Use a boolean for wipe_clear_pass and use_skey.
* lib/pwauth.c: Added splint annotations.
	* lib/pwauth.c: Added brackets and parenthesis.
	* lib/pwauth.c: Avoid assignments in comparisons.
	* lib/pwauth.c: Avoid implicit conversion of pointers or
	characters to booleans.
2009-04-23 20:46:01 +00:00
nekral-guest 916977c5bb * src/groupmod.c: Cast ID to ulongs and use ulong formats for IDs. 2009-04-23 20:39:29 +00:00
nekral-guest af8ff8c1ca * src/newgrp.c: Added splint annotations.
* src/newgrp.c: audit_buf is only used in newgrp. Make it static.
	* src/newgrp.c: Ignore the return value of fputs().
	* src/newgrp.c: Use exit(EXIT_FAILURE) instead of exit(1).
2009-04-23 20:37:00 +00:00
nekral-guest 3d2f164dca * libmisc/pwdcheck.c (passwd_check): The progname is not used.
* libmisc/pwdcheck.c: Ignore the return value of sleep().
	* libmisc/pwdcheck.c: Use exit(EXIT_FAILURE) instead of exit(1).
2009-04-23 20:17:02 +00:00
nekral-guest c357e94283 * libmisc/setupenv.c: Avoid assignments in comparisons.
* libmisc/setupenv.c: Added brackets and parenthesis.
	* libmisc/setupenv.c: Ignore the return value of fclose (file
	opened read-only)
	* libmisc/setupenv.c: Ignore the return value of puts().
	* libmisc/setupenv.c:Avoid implicit conversion of pointers to
	booleans.
2009-04-23 17:45:42 +00:00
nekral-guest 7f165aab7f * libmisc/find_new_gid.c, libmisc/find_new_uid.c,
libmisc/isexpired.c, src/groupadd.c, lib/pwauth.h, lib/groupmem.c,
	lib/shadowmem.c, lib/pwmem.c, lib/prototypes.h: Added splint
	annotations.
2009-04-23 17:43:27 +00:00
nekral-guest 956d68c870 * libmisc/loginprompt.c: Use exit(EXIT_FAILURE) instead of
exit(1).
	* libmisc/loginprompt.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/loginprompt.c: Ignore return value of putc().
2009-04-23 17:34:46 +00:00
nekral-guest 61ebff6d97 * libmisc/env.c, libmisc/age.c: Added splint annotations.
* libmisc/age.c: Added brackets and parenthesis.
	* libmisc/age.c: Ignore the return value of fclose (file opened
	read-only)
	* libmisc/age.c: Ignore puts() return value.
	* libmisc/age.c: Use exit(EXIT_FAILURE) instead of exit(1).
	* libmisc/age.c: Avoid assignments in comparisons.
2009-04-23 17:33:21 +00:00
nekral-guest 0b1397b33b * lib/fputsx.c, lib/gshadow.c, lib/commonio.h: Added splint
annotations.
2009-04-23 11:54:30 +00:00
nekral-guest a121b9b659 * lib/gshadow.c, lib/commonio.h: Added splint annotations. 2009-04-23 11:53:55 +00:00
nekral-guest 43033b65ad * lib/getdef.c: Added splint annotations.
* lib/getdef.c: Ignore fputs() return value.
	* lib/getdef.c: Use EXIT_FAILURE / EXIT_SUCCESS for exit()
2009-04-23 11:46:46 +00:00
nekral-guest 0c6159650d * lib/get_gid.c: gidstr should not be NULL, but the check was
meant to make sure it is not empty.
	* lib/get_uid.c: Likewise.
2009-04-23 11:46:06 +00:00
nekral-guest 7b562d96b3 * src/faillog.c: Added splint annotations.
* src/faillog.c: Cast ID to ulongs and use ulong formats for IDs.
	* src/faillog.c: Ignore fflush() return value.
	* src/faillog.c: Added parenthesis.
2009-04-23 11:23:53 +00:00
nekral-guest 988ec76cf8 * src/grpck.c: Ignore puts return value.
* src/grpck.c: Avoid variable format string.
2009-04-23 11:21:57 +00:00
nekral-guest 87e15d7b82 * src/lastlog.c: Use EXIT_FAILURE / EXIT_SUCCESS for exit()
* src/lastlog.c: Added splint annotations.
	* src/lastlog.c: Avoid global pwent.
	* src/lastlog.c: Cast ID to ulongs and use ulong formats for IDs.
	* src/lastlog.c: Avoid assignment in comparisons.
	* src/lastlog.c: Ignore fclose() return value since the file is
	only opened for reading.
2009-04-23 11:21:01 +00:00
nekral-guest 77c1b2a369 * src/newgrp.c: Added assertion to guide splint (and me). 2009-04-23 11:17:22 +00:00
nekral-guest b0db85bc04 * libmisc/find_new_gid.c: Use booleans instead of char fo
used_gids.
	* libmisc/find_new_gid.c: Use getdef_ulong and cast to git_t to
	get GID values.
	* libmisc/find_new_gid.c: Use UL as a prefix for ulong values.
	* libmisc/find_new_uid.c: Likewise.
2009-04-23 11:16:38 +00:00
nekral-guest cbd90eed74 * libmisc/yesno.c: Ignore the return value of puts. 2009-04-23 11:14:56 +00:00
nekral-guest 35f0a2e951 * libmisc/age.c: Use exit(EXIT_FAILURE) instead of exit(1).
* libmisc/age.c: The return value of execl() is not used.
2009-04-23 11:14:18 +00:00
nekral-guest 614c79defc * libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c,
libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c,
	lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h,
	lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h,
	lib/fputsx.c, lib/prototypes.h: Added splint annotations.
	* lib/groupio.c: Avoid implicit conversion of pointers to
	booleans.
	* lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 09:57:03 +00:00
nekral-guest fef6f9379a Fix typo. 2009-04-22 21:33:09 +00:00
nekral-guest fe29344b33 * lib/defines.h: Added splint definitions to replace <locale.h> 2009-04-22 21:22:32 +00:00
nekral-guest 2c0f3ef707 * libmisc/utmp.c, libmisc/age.c, libmisc/shell.c, lib/groupio.c,
lib/groupio.h, lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c,
	lib/pwio.c, lib/commonio.c, lib/shadowio.h, lib/pwio.h,
	lib/commonio.h, lib/prototypes.h: Added splint annotations.
2009-04-22 21:21:14 +00:00
nekral-guest aebddca35d * libmisc/utmp.c: Added splint annotations. 2009-04-22 21:07:33 +00:00
nekral-guest 620ee81b7e * libmisc/utmp.c: Only set ut_time and ut_tv if gettimeofday()
succeeds.
2009-04-22 21:06:13 +00:00
nekral-guest e76a5df932 * libmisc/utmp.c: Fix the check for empty host in prepare_utmp()
and prepare_utmpx().
2009-04-22 21:04:16 +00:00
nekral-guest 7fb1063ccd * libmisc/utmp.c: The ut argument of prepare_utmp() might be NULL.
ut_id needs to be forged in that case.
2009-04-22 21:02:46 +00:00
nekral-guest 811288df64 * libmisc/utmp.c: Removed old documentation of setutmp(). 2009-04-22 21:00:18 +00:00
nekral-guest 31906409c8 * libmisc/utmp.c: Use xmalloc() rather than malloc(). 2009-04-22 20:59:23 +00:00
nekral-guest b05783da32 * libmisc/utmp.c: The name returned by ttyame() needs to be copied
locally.
2009-04-22 20:57:29 +00:00
nekral-guest 54302f6006 * src/login.c: Added splint annotations. 2009-04-22 20:53:15 +00:00
nekral-guest 2a32262725 * src/login.c: Added assert()s for NULL (or ! NULL) username, and
pwd. This helps splint.
2009-04-22 20:51:13 +00:00
nekral-guest e35a7fbd89 Re-indent. 2009-04-22 20:48:42 +00:00
nekral-guest c55311aa6d * src/login.c: After login_prompt(), do not check for unset
username, but for empty username.
2009-04-22 20:46:49 +00:00
nekral-guest 3704745289 * lib/defines.h: Define USER_NAME_MAX_LENGTH, based on utmp and
default to 32.
	* libmisc/chkname.c: Use USER_NAME_MAX_LENGTH.
	* src/login.c: Use USER_NAME_MAX_LENGTH instead of the default 32.
	username also needs to be bigger than USER_NAME_MAX_LENGTH because
	it has to be nul-terminated.
2009-04-22 20:42:48 +00:00
nekral-guest eae8b63d4f * src/login.c: Use xmalloc() instead of malloc(). 2009-04-22 20:21:17 +00:00
nekral-guest 349efcb0a6 * src/login.c: Ignore the return value of puts(), fputs(),
strftime().
2009-04-22 20:17:11 +00:00
nekral-guest 46d697cded * src/login.c: timeout, delay, and retries should be unsigned.
* src/login.c: Ignore the return value of alarm() and sleep().
2009-04-22 20:15:21 +00:00
nekral-guest 53e0ff91d3 * src/login.c: If we cannot get the terminal configuration, do not
change the terminal configuration. setup_tty() is just a best
	effort configuration of the terminal.
	* src/login.c: Ignore failures when setting the terminal
	configuration.
	* src/login.c: Fail if the ERASECHAR or KILLCHAR configurations
	are not compatible with a cc_t type.
2009-04-22 20:12:06 +00:00
nekral-guest a362a68f53 * src/login.c: utent might be NULL after get_current_utmp(). 2009-04-22 20:07:34 +00:00
nekral-guest 332a50c273 * src/login.c: Removed temp_shell. No more used.
* src/login.c: lastlog is only used #ifndef USE_PAM
	* src/login.c: Rename lastlog to ll to avoid name clash with the
	lastlog type.
2009-04-22 20:03:26 +00:00
nekral-guest 790dbb07fc * src/login.c: Added update_utmp() to group the prepare_utmp and
setutmp (and the utmpx versions).
2009-04-22 19:58:39 +00:00
nekral-guest f59a69f4b6 * src/login.c: Do not include netdb.h. gethostbyname() is no more
called from within login.c. Also UT_ADDR does not exist anymore.
2009-04-22 19:54:28 +00:00
nekral-guest efcbbc3d74 * src/login.c: Check if login is run with effective root
privileges. This should be more helpful to users than a failure to
	find an utmp entry or failure to access a file.
2009-04-21 22:46:01 +00:00
nekral-guest a0503bc3a1 Added previous commit changelog. 2009-04-21 22:39:52 +00:00
nekral-guest 82c1a583f8 * libmisc/utmp.c: Reworked. Get rid of Linux specific stuff. Get rid
of global utent/utxent variables. Only reuse the ut_id and maybe
	the ut_host fields from utmp.
	* lib/prototypes.h, libmisc/utmp.c: Removed checkutmp(),
	setutmp(), setutmpx().
	* lib/prototypes.h, libmisc/utmp.c: Added get_current_utmp(),
	prepare_utmp(), prepare_utmpx(), setutmp(), setutmpx().
	* libmisc/utmp.c (is_my_tty): Only compare the name of the utmp
	line with ttyname(). (No stat of the two terminals to compare the
	devices).
	* libmisc/utmp.c: Use getaddrinfo() to get the address of the
	host.
	* configure.in: Check for getaddrinfo().
	* configure.in: Use AC_CHECK_MEMBERS to check for the existence of
	fields in the utmp/utmpx structures.
	* configure.in: Reject systems with utmpx support but no ut_id
	field in utmp. This could be fixed later if needed.
	* src/login.c: Use the new utmp functions. This also simplifies
	the failtmp() handling.
	* src/login.c: passwd_free() renamed to pw_free() and
	shadow_free() renamed to spw_free()
2009-04-21 22:39:14 +00:00
nekral-guest fcfa81283e * NEWS, configure.in: Enable --enable-account-tools-setuid by
default for PAM builds, as it used to be before the introduction
	of this option.
2009-04-21 22:22:08 +00:00
nekral-guest fba5cad820 * etc/pam.d/Makefile.am: Distribute all pam.d files, even if
ACCT_TOOLS_SETUID is not enabled.
2009-04-21 22:16:17 +00:00
nekral-guest 5bdf239a66 * lib/shadowmem.c: Added spw_free().
* lib/shadowio.c: Use spw_free() for shadow_free().
	* lib/groupmem.c: Added gr_free().
	* lib/groupio.c: Use gr_free() for group_free().
	* lib/pwmem.c: Include define.h before prototypes.h
	* lib/pwmem.c: Added pw_free().
	* lib/pwio.c: Use pw_free() for passwd_free().
	* lib/sgroupio.c: Added sgr_free().
	* lib/sgroupio.c: Use sgr_free() for gshadow_free().
	* lib/prototypes.h: Added gr_free(), pw_free(), sgr_free(),
	spw_free().
2009-04-21 22:14:10 +00:00
nekral-guest 408a30f0ba * libmisc/shell.c: Add brackets and parenthesis.
* libmisc/shell.c: Avoid assignments in comparisons.
	* libmisc/shell.c: Re-indent.
2009-04-21 22:07:35 +00:00
nekral-guest c8f45eda53 * lib/defines.h: Added MIN and MAX macros.
* libmisc/salt.c: Removed MIN and MAX macros.
2009-04-21 22:06:09 +00:00
nekral-guest 2ba18ea4a9 Fix typo (&nbsp;) and fix a compilation warning (wrong const). 2009-04-21 22:03:33 +00:00
nekral-guest a45b272a2f Fix typo. 2009-04-21 22:02:37 +00:00
nekral-guest 5ad0d896f1 Added more comments to the changelog entry. 2009-04-20 14:06:06 +00:00
nekral-guest 9efd6a53d2 * NEWS, src/lastlog.c: Fix regression causing empty reports. 2009-04-20 14:04:48 +00:00
nekral-guest 18fdfee274 * src/login.c: Get rid of pwent. pwd is sufficient as long as it
is always coming from xgetpwnam. There is no need to copy pwd to
	pwent, this was not a good idea anyway as the strings from pwd
	were not duplicated.
	* src/login.c: Always free the pwd and spwd structure when we
	retrieve a new one. This will clear the password of the previous
	user from the memory.
	* src/login.c: user_passwd is used to keep point to the password
	of the user being authenticated.
	* src/login.c: (non PAM) Fail if the user's entry cannot be found
	after the user updated her password (if expire() requested an
	update).
	* src/login.c: If the user does not exist on the system, there is
	no need to build a pwd structure (with shell).
2009-04-20 13:29:15 +00:00
nekral-guest a6ac4dda75 * src/login.c: ttytype already checks for TTYTYPE_FILE and TERM.
Just call ttytype.
2009-04-20 13:12:09 +00:00
nekral-guest 29c3763f9c Re-indent. 2009-04-20 13:10:20 +00:00
nekral-guest c694843da5 * src/login.c: Open the PAM session before pam_setcred and before
initgroups. This is more consistent with rfc86.0.
2009-04-20 12:54:17 +00:00
nekral-guest 432faba3e1 * src/login.c: Added helper functions get_pam_user() and
get_failent_user().
2009-04-20 12:47:04 +00:00
nekral-guest 70e1a5c9b6 * src/login.c: Added parameter to check_nologin. This will help
getting rid of the global pwent variable.
2009-04-20 12:33:01 +00:00
nekral-guest 61c1d100dc * src/login.c: Added comments.
* src/login.c: Close the user and group files before dropping root
	privileges.
2009-04-20 12:27:27 +00:00
nekral-guest 3508f7dccc * src/login.c: We do not need to keep the old umask. Discard the
umask() return value.
2009-04-20 12:17:38 +00:00
nekral-guest d4158bdf77 * src/login.c: We do not need to keep the old umask. Discard the
umask() return value.
2009-04-20 12:16:07 +00:00
nekral-guest 1bcf2ffb59 * libmisc/hushed.c, lib/prototypes.h, src/login.c: Change the
hushed() prototype to take a username instead of a passwd
	structure in argument. The passwd entry is retrieved withing
	hushed().
2009-04-20 11:48:59 +00:00
nekral-guest 87ac185752 * libmisc/setugid.c: Updated comments. 2009-04-20 11:43:36 +00:00
nekral-guest 22fbd774dc * libmisc/failure.h, libmisc/failure.c, src/login.c: Added
username as first parameter of failtmp to avoid issues with
	non-null terminated ut_user, unavailability of ut_user, incomplete
	username (that should not happen currently).
2009-04-20 11:39:16 +00:00
nekral-guest a87e747049 * libmisc/failure.h, libmisc/failure.c, src/login.c: Added
username as first parameter of failtmp to avoid issues with
	non-null terminated ut_user, unavailability of ut_user, incomplete
	username (that should not happen currently).
2009-04-20 11:37:41 +00:00
nekral-guest f3bea401e9 * libmisc/ttytype.c: Add brackets and parenthesis.
* libmisc/ttytype.c: Avoid assignments in comparisons.
2009-04-20 11:31:05 +00:00
nekral-guest 2ce68e8aec * lib/pwio.c, lib/shadowio.c, lib/groupio.c, lib/sgroupio.c: Fill
the password fields with zeros before they are freed.
2009-04-20 11:29:17 +00:00
nekral-guest bf66861e3f * po/ko.po: Updated Korean translation. 2009-04-19 16:26:17 +00:00
nekral-guest 131e95ffaf * NEWS, src/login.c: Also check if the authentication token of the
user has to be updated in case the user was already authenticated.
2009-04-19 16:22:17 +00:00
nekral-guest ca10b825c7 * src/login.c: fflg is already restricted to root. Move
pam_acct_mgmt(), in case of fflg, earlier. This is equivalent and
	simplifies the code.
2009-04-19 16:09:00 +00:00
nekral-guest 2ed05e548b * libmisc/utmp.c: Always call endutent or endutxent when setutent
or setutxent were used.
2009-04-19 15:28:38 +00:00
nekral-guest 8156c3b0be * src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do
not get set to unsanitized values.
2009-04-19 13:33:24 +00:00
nekral-guest d2a822fe39 * libmisc/utmp.c: Do not trust the current utmp entry's ut_line.
Always set ut_line based on ttyname(0).
2009-04-17 21:25:30 +00:00
nekral-guest 5298ac3dd9 * NEWS, src/login.c: Do not trust the current utmp entry's ut_line
to set PAM_TTY.
2009-04-17 20:40:26 +00:00
nekral-guest c49371e423 * configure.in: Updated version number. 2009-04-15 21:46:42 +00:00
nekral-guest 76f7ae8d7d * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2009-04-15 21:46:06 +00:00
nekral-guest e312f007b8 Fix NEWS entry. 2009-04-15 21:31:09 +00:00
nekral-guest 239bb04b18 Fixed nb.po format and added info about the update. 2009-04-15 21:29:00 +00:00
nekral-guest 4d2bee2e23 * NEWS, src/userdel.c: Fixed SE Linux support. semanage should be
called at the end.
	* src/useradd.c: Always call selinux_update_mapping() (i.e.
	semanage), not only when -Z is used.
2009-04-15 21:14:08 +00:00
nekral-guest a24058d660 * NEWS, srclib/getlong.c: Fix parsing of octal numbers.
* NEWS, src/login.c: Fix segfault when no user is provided on the
	command line.
2009-04-15 17:50:17 +00:00
nekral-guest 70d9bc6233 libmisc/system.c was contributed by Dan Walsh. 2009-04-15 17:42:34 +00:00
nekral-guest 5fa86c2b42 * NEW, src/vipw.c: SE Linux: Set the default context to the
context of the file being edited. This ensures that the backup
	file inherit from the file's context.
2009-04-15 17:42:27 +00:00
nekral-guest a8586cbce7 Added one TODO item for usermod. 2009-04-14 22:19:17 +00:00
nekral-guest acc3423c96 * man/usermod.8.xml: There are no default values for --inactive
and --gid. If the options are no provided, the original values are
	not changed.
2009-04-14 22:19:11 +00:00
nekral-guest ceddfa340d Removed TODO entries
* groupmems has a testsuite now
 * long user names are tested for gpasswd
 * groups and id arenot receiving updates
 * tests with UID/GID sets to (*id_t)-1 already exist.
2009-04-14 22:19:05 +00:00
bubulle 8675b74bf4 Norwegian Bokmål translation update 2009-04-12 17:43:31 +00:00
nekral-guest b4a3ab4082 Added release date. 2009-04-12 02:45:11 +00:00
nekral-guest 0b4b3d63da * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2009-04-12 01:24:45 +00:00
nekral-guest 774f8a073a Added TODO entry. 2009-04-12 00:38:41 +00:00
nekral-guest 6b46161f2d * src/su.c: If there are no root account, or if the root account
has an UID != 0, default to the first UID 0 account.
2009-04-12 00:28:32 +00:00
nekral-guest 08a212ccae * src/login.c: Restore the echoctl, echoke, onclr flags to the
terminal termio flags. Reset echoprt, noflsh, tostop. This
	behavior seems to have change by mistake in earlier releases
	(4.0.8, for no obvious reason).
2009-04-12 00:17:36 +00:00
nekral-guest 64a9f33ffa * src/login.c: Fix the count of failures before login exits in
case of PAM enabled configurations.
2009-04-12 00:08:26 +00:00
nekral-guest bc0f4fa509 * man/passwd.1.xml: Document that passwd uses PAM to authenticate
and change passwords on PAM-enabled builds.
2009-04-11 23:32:00 +00:00
nekral-guest 681c1d12b5 * src/newusers.c: Add more information to the mkdir and chown
failure messages.
2009-04-11 23:30:44 +00:00
nekral-guest ce156b578f * man/po/fr.po: Updated some login.defs entries. Thanks to
Belkacem Abbas.
2009-04-11 22:41:00 +00:00
nekral-guest 4e32b9fea9 * man/login.defs.d/MAX_MEMBERS_PER_GROUP.xml,
man/login.defs.d/CONSOLE_GROUPS.xml: Fix typos.
2009-04-11 22:36:11 +00:00
nekral-guest fb631fa4eb Add the POT files to the repository. 2009-04-11 19:19:21 +00:00
nekral-guest ac305b82a4 Fix typo. 2009-04-11 19:18:38 +00:00
nekral-guest 5a56996eef * man/es/Makefile.am: Disable the distribution of Spanish
manpages. They are outdated. Please contact
	pkg-shadow-devel@lists.alioth.debian.org if you wish to provide
	updates.
2009-04-11 18:57:14 +00:00
nekral-guest af7b9b8b62 Fix typo. 2009-04-11 18:44:15 +00:00
nekral-guest 554d4f6b95 * src/usermod.c, src/useraddd.c: Fix the usage string so that it
does not change depending on the configure option. Use a format.
2009-04-11 18:39:56 +00:00
nekral-guest 80a30dfe6f * src/gpasswd.c: Fix the usage of the unused macro. 2009-04-11 18:37:59 +00:00
nekral-guest cab74eddef * lib/prototypes.h, libmisc/age.c, src/expiry.c, src/login.c: A
shadow entry is now sufficient for agecheck. Remove the first
	passwd entry parameter.
2009-04-11 18:37:08 +00:00
nekral-guest 42590e062f * src/userdel.c: Rename argv to args to avoid nameclash with the
main() parameters.
2009-04-11 16:52:45 +00:00
nekral-guest 3fdefd3e40 * src/useradd.c, src/usermod.c: Only call selinux_update_mapping()
if Zflg is set.
2009-04-11 16:47:32 +00:00
nekral-guest 192fa18195 Added TODO item. 2009-04-11 16:24:06 +00:00
nekral-guest 60a7cc9d7c * libmisc/getgr_nam_gid.c: Added support for NULL argument.
* libmisc/chowntty.c: Reuse getgr_nam_gid(), and get rid of atol().
2009-04-11 16:23:21 +00:00
nekral-guest e27f4a91b9 Tag one of the remaining strtol. 2009-04-11 16:08:00 +00:00
nekral-guest ca1bb50c24 * libmisc/find_new_gid.c, libmisc/find_new_uid.c: For system
accounts, return the first unused ID, starting from the max value.
	This could be useful later to increase the static IDs range.
2009-04-11 16:00:45 +00:00
nekral-guest 8d136297c4 * NEWS, src/useradd.c, man/useradd.8.xml: add -Z option to map
SELinux user for user's login.
	* NEWS, src/usermod.c, man/usermod.8.xml: Likewise.
	* libmisc/system.c, libmisc/Makefile.am, lib/prototypes.h: Added
	safe_system(). Used to run semanage.
	* lib/prototypes.h, libmisc/copydir.c: Make a
	selinux_file_context() an extern function.
	* libmisc/copydir.c: Reset SELinux to create files with default
	contexts at the end of copy_tree().
	* NEWS, src/userdel.c: Delete the SELinux user mapping for user's
	login.
2009-04-11 15:34:10 +00:00
nekral-guest 2c400eff94 * src/useradd.c (get_defaults): Close the default file after the
default values were read.
2009-04-11 14:55:49 +00:00
bubulle 5d9c298e9d Slovak translation updated 2009-04-11 13:53:41 +00:00
nekral-guest 689a7197a0 Re-indent. 2009-04-11 13:00:32 +00:00
nekral-guest 413bb19543 * lib/Makefile.am, lib/prototypes.h: Added sgetspent.c. 2009-04-10 22:35:43 +00:00
nekral-guest db337babbc * po/POTFILES.in: Added missing files. Sorted. 2009-04-10 22:35:37 +00:00
nekral-guest 46861e6bd8 Removed declaration of ep. No more used.
Re-indent.
2009-04-10 22:35:32 +00:00
nekral-guest 84f5ca951c * lib/getdef.c: Use getlong instead of strtol/strtoul.
* libmisc/getlong, lib/getlong.c, libmisc/Makefile.am,
	lib/Makefile.am: getlong.c moved from libmisc/ to lib/.
2009-04-10 22:35:26 +00:00
nekral-guest 1c97cf5c83 Removed DONE entry. 2009-04-10 22:35:19 +00:00
nekral-guest 9a7f5c6b16 * lib/shadow.c: Replace strtol() by getlong(). Also detect more
issues in a numerical shadow entry field.
2009-04-10 22:35:14 +00:00
nekral-guest b5200cf753 * lib/sgetspent.c: Only compile ifndef HAVE_SGETSPENT 2009-04-10 22:35:07 +00:00
nekral-guest 686ac847aa Revert " * lib/sgetspent.c: Removed (is not used / compiled) anymore."
This reverts commit dbeb402f0b0befd8c48b68d53277e1bd1b5f751b.
2009-04-10 22:35:01 +00:00
nekral-guest e075442345 * lib/sgetspent.c: Removed (is not used / compiled) anymore. 2009-04-10 22:34:55 +00:00
nekral-guest c7258f22d8 * lib/sgetspent.c: Replace strtol() by getlong(). Also detect more
issues in a numerical shadow entry field.
2009-04-10 22:34:49 +00:00
nekral-guest 304b0ec202 * src/chage.c: expdays renamed to expdate. It is a date, even if
expressed in a number of days since Jan 1, 1970.
	* src/chage.c: Likewise: lastday renamed to lstchgdate. Also fix
	the --lastday documentation.
2009-04-10 22:34:42 +00:00
nekral-guest 52238dd6a7 * src/chage.c: More strtol() replaced by getlong(). 2009-04-10 22:34:36 +00:00
nekral-guest 66e39884e2 * lib/prototypes.h: pwd_to_spwd() should be declared if USE_PAM is
NOT defined.
2009-04-10 22:34:29 +00:00
nekral-guest d548bf4742 * src/passwd.c: Replace getnumber() by getlong(). This permits to
get rid of another strtol().
2009-04-10 22:34:23 +00:00
nekral-guest 1675ca3378 * libmisc/getlong.c: Include both <stdlib.h> and <errno.h> needed
for strtol and errno, and do not include "defines.h" (not needed).
2009-04-10 22:34:17 +00:00
nekral-guest 77459dc27d * src/useradd.c, src/usermod.c, libmisc/getgr_nam_gid.c,
libmisc/Makefile.am, lib/prototypes.h: Moved getgr_nam_gid() from
	src/useradd.c and src/usermod.c to libmisc/getgr_nam_gid.c.
2009-04-10 22:34:10 +00:00
nekral-guest ffd3e43ad8 * src/useradd.c: Get rid of strtol.
* src/useradd.c: Provide better warning in case a default GROUP or
	INACTIVE value is not valid in /etc/default/useradd.
2009-04-10 22:34:04 +00:00
nekral-guest 95bc6eb7b2 * src/useradd.c: Re-indent. 2009-04-10 22:33:57 +00:00
nekral-guest 06c81b67c2 * src/useradd.c: Use getlong instead of get_number. 2009-04-10 22:33:50 +00:00
nekral-guest c3f109556a * src/usermod.c: Re-indent.
* src/usermod.c: Specifying a inactivity value < -1 is not valid.
2009-04-10 22:33:43 +00:00
nekral-guest f481938cc5 * po/*.po, man/po/*.po: Updated PO files. 2009-04-05 23:52:46 +00:00
nekral-guest 4b15eefd3c Added todo items. 2009-04-05 23:50:58 +00:00
nekral-guest b9df8b5817 * configure.in: Prepare the next 4.1.3 release. 2009-04-05 22:35:12 +00:00
nekral-guest ac52639b77 * libmisc/setugid.c libmisc/age.c (setup_uid_gid): is_console is
never set ifndef USE_PAM. Change the prototype of setup_uid_gid()
	when USE_PAM is not defined. This permits to remove add_groups
	from PAM builds.  setup_uid_gid is already subject to
	HAVE_INITGROUPS.
2009-04-05 22:33:00 +00:00
nekral-guest a51954203e * lib/prototypes.h, libmisc/addgrps.c: restrict add_groups() to
ifndef USE_PAM.
	* lib/prototypes.h: Remove the declaration of add_cons_grps(). The
	function does not exist.
	* libmisc/age.c (setup_uid_gid): is_console is never set ifndef
	USE_PAM. Change the prototype of setup_uid_gid() when USE_PAM is
	not defined. This permits to remove add_groups from PAM builds.
	setup_uid_gid is already subject to HAVE_INITGROUPS.
	* libmisc/pwd2spwd.c (pwd_to_spwd): pwd_to_spwd() is not used in
	PAM builds.
2009-04-05 22:29:42 +00:00
nekral-guest 021066a980 * src/passwd.c: do_update_age is only used ifndef USE_PAM. Make it
more explicit.
2009-04-05 22:04:31 +00:00
nekral-guest a1cac18ac3 * src/useradd.c: Set errno to 0 before calling strtol. 2009-04-05 22:02:50 +00:00
nekral-guest 2a3b84b888 * libmisc/isexpired.c: If there are no shadow entry, there is no
need to convert the password entry to a shadow entry. The password
	is valid.
2009-04-05 22:02:00 +00:00
nekral-guest f703b686da Fix typo. 2009-04-05 21:56:37 +00:00
nekral-guest 682eedb167 * man/usermod.8.xml: Split some paragraphs into smaller units. 2009-04-05 21:23:55 +00:00
nekral-guest 3511b1de80 Updated copyright dates. 2009-04-05 21:23:42 +00:00
nekral-guest 2f85113366 * man/shadow.5.xml: Rewrote to mention the meaning of special
values.
2009-04-05 21:23:35 +00:00
nekral-guest b23443630c * libmisc/pwd2spwd.c, src/chpasswd.c, src/newusers.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/useradd.c,
	src/usermod.c: On Jan 01, 1970, do not set the sp_lstchg field to
	0 (which means that the password shall be changed during the next
	login), but use -1 (password aging disabled).
	* src/passwd.c: Do not check sp_min if sp_lstchg is null or -1.
2009-04-05 21:23:27 +00:00
nekral-guest 7585fa0fe9 * src/chage.c: When no shadow entry exist, thedefault sp_lstchg
value should be -1 (no aging) rather than 0 (password must be
	changed).
	* src/chage.c: For password expiration and inactivity, indicate
	that the password must be changed when sp_lstchg is null rather
	than indicating that expiration and inactivity are not enabled.
2009-04-05 21:23:17 +00:00
nekral-guest 1ba2139d5c * libmisc/isexpired.c: Document the isexpired return value. 2009-04-05 21:23:06 +00:00
nekral-guest f67403ba01 * libmisc/age.c: Return a specific message when sp_lstchg is null. 2009-04-05 21:22:53 +00:00
nekral-guest 996e842149 Added missing space at the end of the question. 2009-03-22 12:32:40 +00:00
nekral-guest c2bb947c14 Remove unused variable. 2009-03-21 20:45:35 +00:00
nekral-guest d4fc74e43c * lib/sgetpwent.c, lib/sgetgrent.c: Use get_uid and get_gid to
validate the UIDs or GIDs instead of atoi/strtol.
2009-03-21 20:29:58 +00:00
nekral-guest a1dd26d2d6 * libmisc/get_gid.c, libmisc/get_uid.c, libmisc/Makefile.am,
lib/get_gid.c, lib/get_uid.c, lib/Makefile.am: get_uid.c and
	get_gid.c moved from libmisc/ to lib/.
2009-03-21 20:24:37 +00:00
nekral-guest 503976fc6a * src/grpck.c (check_members): When a member is removed, do not
increase the index.
	* src/grpck.c: Fix typo in messages and comments.
2009-03-21 19:42:48 +00:00
nekral-guest dab1523df5 * libmisc/sulog.c: Likewise for the su log. 2009-03-21 19:32:14 +00:00
nekral-guest a65c2c9b18 * src/vipw.c: Likewise for the backup file. 2009-03-21 19:28:02 +00:00
nekral-guest 5331930716 * src/usermod.c: Likewise for the faillog and lastlog file. 2009-03-21 19:25:02 +00:00
nekral-guest 96c7b12bc4 * src/useradd.c: Likewise for the default file, faillog, lastlog,
and mail spool.
2009-03-21 19:18:06 +00:00
nekral-guest 5dd5f51700 * lib/commonio.c: Call fsync before closing the backup file. This
ensures that the backup file is flushed to the storage medium.
2009-03-21 19:12:00 +00:00
nekral-guest df7abc5447 Fixed TODO item. 2009-03-15 21:43:24 +00:00
nekral-guest db7370d242 Added TODO items. 2009-03-15 21:38:46 +00:00
nekral-guest a8e9fc86eb * src/groupmod.c: Embed gshadow related cleanup in #ifdef
SHADOWGRP.
2009-03-15 21:38:08 +00:00
nekral-guest a402c4db3b * src/usermod.c: get_number() replaced by getlong().
* src/usermod.c: When the user is renamed, make sure we do not
	override an user with the same name (in passwd or shadow).
2009-03-15 21:34:20 +00:00
nekral-guest 780af2653a * src/gpasswd.c: log_gpasswd_success_gshadow is in the cleanup
stack only when the shadow group file is present.
2009-03-15 21:32:26 +00:00
nekral-guest 9372111aaa * NEWS, src/userdel.c: Make sure the user exists in the shadow
database before calling spw_remove().
	* NEWS, src/userdel.c: When the user's group is removed, make sure
	the group is in the gshadow database before calling sgr_remove().
	* src/userdel.c: Improve warning's wording.
2009-03-15 21:29:16 +00:00
nekral-guest 9fda9f5c28 * libmisc/cleanup.c: Fix del_cleanup. The arguments were not
desynchronized with the cleanup functions.
	* libmisc/cleanup.c: cleanup_function_args is an array of void
	pointer, not strings.
2009-03-15 21:15:48 +00:00
nekral-guest 80135cdc17 * libmisc/find_new_gid.c: Fix find_new_gid() the current group
database was not taken into account.
2009-03-15 21:12:57 +00:00
nekral-guest 6aa874a0a0 * libmisc/addgrps.c: Fix compilation warnings. 2009-03-15 21:10:35 +00:00
nekral-guest d1dac25379 * man/po/Makefile.in.in: xml2po cannot exclude one entity for
expansion. Make sure config.xml does not exist when the POT file
	is created in order to keep the configurations in the POT file
	* man/generate_translations.mak: make sure config.xml does not
	exist neither when the translated XML is generated. Add the
	missing %config; (strip out by xml2po). and make sure config.xml
	is present when the translated manpage is generated.
	* man/generate_mans.mak: config.xml is needed for the generation
	of manpages (already in the .deps for the English manpages, but
	needed for the translations).
	* man/Makefile.am: Added missing CREATE_HOME.xml.
2009-03-14 16:18:06 +00:00
nekral-guest 526e7ac972 * man/generate_mans.deps: Added Makefile dependency rules. 2009-03-14 13:29:55 +00:00
nekral-guest fa7bae1210 Updated TODO list. 2009-03-14 13:21:15 +00:00
nekral-guest d60f0a1a10 * etc/login.defs: Added note for PAM enabled configurations. 2009-03-14 13:20:25 +00:00
nekral-guest 78230efd01 Added config.xml to the list of ignored files. 2009-03-14 13:18:28 +00:00
nekral-guest 8411a8e8b4 * man/Makefile.am: Compute the dependencies for building the
manpages.
2009-03-14 13:16:55 +00:00
nekral-guest 295106b6a8 * libmisc/addgrps.c: Fix warnings. 2009-03-14 13:13:47 +00:00
nekral-guest 29381bf9d6 * man/po/fr.po: Added missing space. 2009-03-14 13:08:49 +00:00
nekral-guest 5a5cf15430 * man/lastlog.8.xml: Document that there might be entries, for
deleted users, that are not displayed.
2009-03-14 11:11:04 +00:00
nekral-guest 884a2de437 * man/chgpasswd.8.xml, man/chpasswd.8.xml: Fix the man page in
case SHA crypt is not supported.
2009-03-14 11:09:57 +00:00
nekral-guest 5349c79d12 * man/vipw.8.xml: MAX_MEMBERS_PER_GROUP is not used by vipw and
vigr.
2009-03-14 11:08:39 +00:00
nekral-guest 9ee627fe02 * man/login.defs.5.xml: Indicate that sg uses the same variables
as newgrp.
	* man/login.defs.5.xml: vipw does not use any variable.
	* man/login.defs.5.xml: In PAM enabled configurations, login still
	uses some login.defs variables.
2009-03-13 23:17:43 +00:00
nekral-guest 1def19ecea * man/usermod.8.xml: use a <replaceable> instead of a
<emphasis remap='I'>.
2009-03-13 23:14:18 +00:00
nekral-guest dc857372ed * man/newusers.8.xml: Document the behavior of newusers for each
field.
	* man/newusers.8.xml: Do not add the note on PAM on non-PAM
	enabled configurations.
2009-03-13 23:12:06 +00:00
nekral-guest 730fc8fc33 * src/faillog.c: Added support for the specification of a range of
users with -u.
	* src/faillog.c: Do not call print_one() for users which do not
	exist.
	* src/faillog.c: Make sure the user's entry is not outside the
	faillog file and initialize the faillog structure in that case.
	* src/faillog.c: Move print_one() closer to print().
	* src/faillog.c: reset(), setmax(), set_locktime() can also change
	entries of user which do not exist.
	* src/faillog.c: reset(), setmax() and set_locktime() shall not
	create entries for users which have no entries if the value has to
	be set to 0.
	* src/faillog.c: reset(), setmax() and set_locktime(): better
	handling of users whose entry is outside the faillog file.
	* src/faillog.c: Improved option handling. Options can now be
	specified in any order.
	* src/faillog.c: Improved warnings when options are not
	compatible or when the faillog cannot be open with the right mode.
	* src/faillog.c: Only fstat the faillog file once.
	* man/faillog.8.xml: Improved documentation.
2009-03-13 22:49:20 +00:00
nekral-guest fafe281d31 * src/useradd.c, man/useradd.8.xml: Added long name for the -l
option: --no-log-init.
2009-03-13 22:30:38 +00:00
nekral-guest f98b47eb55 * src/chpasswd.c: Make sure the SHA related variables is not
compiled when disabled at configuration time.
	* src/chgpasswd.c: Make sure the SHA related variables is not
	compiled when disabled at configuration time.
	* src/chgpasswd.c: Fix the test for getlong() failure.
2009-03-13 22:28:27 +00:00
nekral-guest e3e64317e8 * src/newusers.c: Make sure the SHA related variables are not
compiled when disabled at configuration time.
	* src/newusers.c: Added FIXME
2009-03-13 22:26:35 +00:00
nekral-guest f2c8017df4 * src/gpasswd.c: Remove the documentation of options from the
main() documentation. It will always be outdated here.
2009-03-13 22:21:26 +00:00
nekral-guest bf9036d27a * src/lastlog.c: lastlog variable renamed to ll to avoid name
clash with the structure.
	* src/lastlog.c: check the offset in print_one() so that it is
	used for the display of one entry or a set of entries.
	* src/lastlog.c: Do not loop over the whole user database when -u
	is used with a single user.
	* src/lastlog.c: Check the size of the lastlog file so that we
	can identify failures to read.
2009-03-13 22:20:20 +00:00
nekral-guest 87da822c7f * libmisc/salt.c: Removed l64a prototype. The libc declaration is
non static, but the internal definition is static.
2009-03-13 19:17:24 +00:00
nekral-guest 47a57bced1 Add TODO item for the testsuite. 2009-03-08 23:30:56 +00:00
nekral-guest 1dc04372df Compile fixes. Fixes warnings. 2009-03-08 23:30:25 +00:00
nekral-guest 27153ae92b * src/gpasswd.c: log_gpasswd_success_gshadow only exists ifdef
SHADOWGRP.
2009-03-08 23:29:46 +00:00
nekral-guest 28d7f83c87 * NEWS, src/newusers.c, src/usermod.c, src/useradd.c,
src/groupmod.c, src/groupadd.c: Make sure no user or group are
	created with an ID set to -1.
2009-03-08 20:43:15 +00:00
nekral-guest c1052e2df2 * NEWS, src/grpck.c, src/pwck.c: Issue a warning if an ID is set
to -1.
2009-03-08 20:29:22 +00:00
nekral-guest c9121d025f * NEWS, src/grpck.c, src/pwck.c: Issue a warning if an ID is set
to -1.
2009-03-08 20:28:55 +00:00
nekral-guest 0e2a3979f4 * libmisc/get_gid.c, libmisc/get_uid.c, libmisc/Makefile.am,
lib/prototypes.h: Added get_uid() and get_gid() to parse user and
	group IDs.
2009-03-08 20:26:56 +00:00
nekral-guest 186ea0e203 * libmisc/getlong.c: Make sure the getlong argument is not empty. 2009-03-08 20:21:24 +00:00
nekral-guest f47d9eba94 * contrib/adduser-old.c, contrib/adduser.c: Do not use the target
of snprintf in one of the format's parameters.
2009-03-07 16:32:11 +00:00
nekral-guest 7368452e49 * man/groupmems.8.xml: groupmems does not create new user. 2009-03-07 16:30:49 +00:00
nekral-guest 635ef3bbf8 Added TODO items. 2009-03-07 16:29:28 +00:00
nekral-guest b46fd9a2b4 * NEWS, po/LINGUAS, po/kk.po: Added Kazakh translation. Thanks to
Timur Birsh <taem@linukz.org>.
2009-03-03 20:53:20 +00:00
nekral-guest a62e781248 * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Avoid calling
getgrent()/getpwent() after they return NULL. This caused LDAP to
	return at the beginning of the group/user entries.
2009-02-22 23:23:15 +00:00
nekral-guest 32ef9c2135 * man/nologin.8.xml: Fix typo (HYSTORY -> HISTORY). 2009-01-27 18:17:54 +00:00
nekral-guest f2d6449374 * NEWS, src/gpasswd.c: Only report success to audit and syslog
when the changes are committed to the system. Do not log failure
	for on-memory changes to audit or syslog. Make sure failures and
	inconsistencies will be reported in case of unexpected failures
	(e.g. malloc failures). Only specify an audit message if it is not
	implicitly implied by the type argument. Removed fail_exit
	(replaced by atexit(do_cleanups)). Log failures in case of
	permission denied.
2009-01-26 22:03:37 +00:00
nekral-guest 7b532f0b44 - newusers should use the CREATE_HOME variable (and new options are needed)
- usermod
  - the mode of new home directories should be set according to the
    original mode. Does copy_tree does this?
2009-01-21 14:49:42 +00:00
nekral-guest af96cba0cc * etc/login.defs: Improve the documentation of UMASK. 2009-01-19 10:21:50 +00:00
nekral-guest a684cadbb6 * man/useradd.8.xml, man/login.defs.d/CREATE_HOME.xml,
man/login.defs.5.xml: Document the CREATE_HOME variable.
2009-01-19 10:00:53 +00:00
nekral-guest 6c85ca9661 * man/limits.5.xml: Remove space before an end of tag. 2009-01-19 09:51:53 +00:00
nekral-guest de60b7b2de * man/login.defs.d/UMASK.xml: Indicate how UMASK is used and
limitations.
2009-01-19 09:51:00 +00:00
nekral-guest d8c9236a18 * NEWS, src/su.c: Preserve COLORTERM in addition to TERM when su
is called with the -l option.
2009-01-06 20:13:31 +00:00
nekral-guest 2bb7007fcb * libmisc/chkname.c: Use a bool when possible instead of integers.
* libmisc/chkname.c: Add brackets and parenthesis.
2008-12-23 22:42:22 +00:00
nekral-guest 4c7d798307 * man/groupadd.8.xml, configure.in, man/config.xml.in: Use the
real group name length limit in the documentation.
2008-12-23 22:36:44 +00:00
nekral-guest 3cb730bcfe * src/Makefile.am: Only link with the needed library. When
compiled with PAM support, chfn, chsh, login, newgrp, passwd, and
	su do not need the libcrypt library.
2008-12-23 00:44:29 +00:00
nekral-guest 1b0a32d71c * libmisc/cleanup_group.c: Fix compilation when compiled without
shadow group support.
2008-12-23 00:39:54 +00:00
nekral-guest 915ec6531a * src/groupdel.c: Remove the fail_exit () declaration. 2008-12-22 23:23:14 +00:00
nekral-guest 1df7433e44 Fix typo. 2008-12-22 22:13:50 +00:00
nekral-guest 0bd396011a * src/gpasswd.c: Fix the support for usernames with arbitrary
length.
2008-12-22 22:13:23 +00:00
nekral-guest 6405b58a98 * libmisc/chkname.c: Remove outdated comments. 2008-12-22 22:08:13 +00:00
nekral-guest 9d977dba8e * src/groupdel.c: Re-indent. 2008-12-22 22:07:12 +00:00
nekral-guest ad7a108d60 * src/groupmod.c: Re-indent.
* src/groupmod.c: Do not add the command synopsis to the main ()
	documentation. This avoids outdated information.
2008-12-22 22:06:27 +00:00
nekral-guest fca6aeeea2 * src/groupadd.c: Re-indent. 2008-12-22 22:03:34 +00:00
nekral-guest 5b8ff14caf * libmisc/audit_help.c: Added audit_logger_message() to log
messages not related to an account.
	* lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c,
	libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of
	cleanup functions to be executed on exit.
	* NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only
	report success to audit and syslog when the changes are committed
	to the system. Do not log failure for on-memory changes to audit
	or syslog. Make sure failures and inconsistencies will be reported
	in case of unexpected failures (e.g. malloc failures). Only
	specify an audit message if it is not implicitly implied by the
	type argument. Removed fail_exit (replaced by atexit(do_cleanups)).
2008-12-22 21:52:43 +00:00
nekral-guest a438c2f184 * NEWS, src/gpasswd.c: Added support usernames with arbitrary
length.
2008-12-15 21:54:53 +00:00
nekral-guest 66cb5b33ad * configure.in: Fix the "$enable_acct_tools_setuid" = "yes" test. 2008-11-30 01:32:38 +00:00
nekral-guest c28c443d8f * NEWS, configure.in, libmisc/chkname.c: make group max length a
configure option.  The configure behavior encoded is:
	<no option> -> default of 16 (like today);
	--with-group-name-max-length -> default of 16;
	--without-group-name-max-length -> no max length;
	--with-group-name-max-length=n > max is set to n.
2008-11-30 01:29:40 +00:00
nekral-guest 93358ac3de * src/su.c: (!USE_PAM) Provide visible information indicating that
su was denied.
2008-11-23 12:10:21 +00:00
nekral-guest 0667aee3cc * man/ja/login.1: Fix the path of the utmp and wtmp files. 2008-11-23 00:16:53 +00:00
nekral-guest 2297508f13 * man/su.1.xml: Fix the su synopsis. username is referenced in the
manpage, not LOGIN.
2008-11-23 00:16:10 +00:00
nekral-guest 1a04bbb044 * libmisc/chowntty.c: Only closelog() when failure cause an exit. 2008-11-23 00:06:56 +00:00
nekral-guest cf31f05cfb * libmisc/chowntty.c: Improve the logs for fchown and fchmod
failures.
2008-11-23 00:05:39 +00:00
nekral-guest 2b290e7abb * libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
2008-11-22 23:56:51 +00:00
nekral-guest a324a7f13f * NEWS, libmisc/chowntty.c, libmisc/utmp.c: is_my_tty() moved from
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
	entry if the pid matches and ut_line matches with the current tty.
	This fixes a possible DOS when entries can be forged in the utmp
	file.
	* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
	tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
2008-11-22 23:56:11 +00:00
nekral-guest eb4097180b * NEWS, libmisc/chowntty.c: Fix a race condition that could lead to
gaining ownership or changing mode of arbitrary files.
2008-11-22 23:22:16 +00:00
nekral-guest 8d7e1faebf Added todo items for pwck. 2008-10-11 13:15:29 +00:00
nekral-guest c0311206c8 * man/gshadow.5.xml, man/shadow.5.xml, man/passwd.5.xml,
man/grpck.8.xml: Sorted SEE ALSO references.
	* man/gshadow.5.xml: Added reference to grpck(8) and grpconv(8).
	* man/pwck.8.xml: Added reference to grpck(8).
	* man/shadow.5.xml: Added reference to pwck(8).
	* man/passwd.5.xml: Added reference to pwck(8).
	* man/grpck.8.xml: Added reference to pwck(8).
2008-10-11 12:59:02 +00:00
nekral-guest 4b2f537795 * man/*.xml, man/login.defs.d/*.xml: Added copyright and licence
header.
2008-10-11 11:44:43 +00:00
nekral-guest 4d49f543dd * src/login.c: Always check the return value of the pam_* APIs. 2008-09-20 21:17:26 +00:00
nekral-guest d400af51fa * src/login.c, man/login.1.xml: the username is not an optional
parameter of -f. Fix the getopt optstring, remove the parsing of
	username in the -f processing block, and remove unnecessary checks
	(username cannot be parsed twice anymore), better documentation of
	the synopsis.
2008-09-20 20:20:19 +00:00
nekral-guest c8d2175981 * src/login.c: Erase the username later since it it used for the
fake password check (in case of empty password).
2008-09-20 20:05:22 +00:00
nekral-guest 11c7543c76 * src/login.c: Explicitly tag the end of the #ifdef RLOGIN
sections.
2008-09-20 20:03:04 +00:00
nekral-guest 29d4533047 * src/login.c: Check that no username is specified with -r.
* src/login.c: Make sure a username is specified with -f.
2008-09-20 20:00:51 +00:00
nekral-guest c813e692a2 * src/login.c: Copy the name of the user authenticated by PAM to
username. This simplify later logging (avoid USE_PAM
	conditional).
2008-09-20 19:54:35 +00:00
nekral-guest 65e32d850c * src/login.c: Use a dynamic buffer for usernames. 2008-09-20 19:44:12 +00:00
nekral-guest 9f2ce12b28 * src/login.c: Existence of pam_user was already checked. pwd was
already copied to pwent. Remove duplicated code.
2008-09-20 16:23:04 +00:00
nekral-guest f4860274be * src/login.c: check_flags() renamed process_flags(). All flag
processing blocs moved to process_flags().
2008-09-20 16:21:46 +00:00
nekral-guest 6b17118e72 * src/logoutd.c, src/userdel.c: Re-indent. This helps pmccabe. 2008-09-20 14:56:10 +00:00
nekral-guest 54a0762bbb * src/login.c: Re-indent. 2008-09-20 14:39:09 +00:00
nekral-guest 1e3f19ad89 * src/login.c: Add missing closing }. This was probably never
noticed because UT_ADDR is never defined.
2008-09-20 14:21:51 +00:00
nekral-guest 5b73a0492d * src/login.c: Do not mix USE_PAM and !USE_PAM code. 2008-09-20 14:17:20 +00:00
nekral-guest 9fa519c983 * src/login.c: Use failent_user to log to audit. username is the
caller, not the user login tries to authenticate.
	* src/login.c: Use pwd->pw_name instead of pwd->pw_uid. This might
	be more precise (name must be unique, uid might not be).
2008-09-20 13:20:31 +00:00
nekral-guest c71e7861ed * man/passwd.1.xml: passwd cannot change the full name of the
user, the user's login shell; but it can change the account or
	password validity period. Thanks to Reuben Thomas.
2008-09-20 10:53:00 +00:00
nekral-guest f3df48ab4f * src/useradd.c: Added missing declaration of Mflg.
* src/pwck.c: Only unlock files if they were locked before (e.g.
	not in read-only mode).
	* src/pwck.c: Quote the username in error messages (harmonization
	with other messages).
	* libmisc/find_new_gid.c: Fixed typo (s/grp->gr_gid/group_id/).
	* libmisc/find_new_gid.c: Likewise.
2008-09-14 13:42:10 +00:00
nekral-guest 5df1f2f683 * libmisc/setugid.c, src/login_nopam.c, src/suauth.c,
lib/getdef.c: Replace the %m format string by strerror(). This
	avoids errno to be reset between the system call error and the
	report function.
2008-09-13 18:03:50 +00:00
nekral-guest 0833bc3cc0 * lib/commonio.c: Ignore the return value of umask() when the mask
is set to the old value.
2008-09-13 11:55:50 +00:00
nekral-guest b18d46e68d * NEWS, etc/login.defs: New CREATE_HOME variable to tell useradd
to create a home directory for new users.
	* src/useradd.c, man/useradd.8.xml: New -M/--no-create-home option
	and CREATE_HOME usage. System accounts are not impacted by
	CREATE_HOME.
	* man/useradd.8.xml: Indicate that a new group is created by
	default.
	* src/useradd.c: Removed TODO item (moved to the TODO file).
2008-09-13 11:55:41 +00:00
nekral-guest d1f92a2225 * po/cs.po: Updated Czech translation.
Thanks to Miroslav Kuře
2008-09-13 11:55:30 +00:00
nekral-guest a279244709 * man/login.defs.d/USERGROUPS_ENAB.xml: Fix typo: new <para> tag
before the previous one is closed. This caused a missng
	explanation for USERGROUPS_ENAB.
2008-09-13 11:55:20 +00:00
nekral-guest b12db09e31 * man/groupadd.8.xml: Remove the list of (short) options from the
SYNOPSIS. Replaced with [options] for consistency with other tools
	and maintainability.
2008-09-13 11:55:08 +00:00
nekral-guest 4d6385633f New TODO item.
useradd:
  - Add support for -K in -D mode
2008-09-13 11:54:58 +00:00
nekral-guest 8c060833c8 From RedHat's patch shadow-4.1.2-sysAccountDownhill.patch
Thanks to Peter Vrabec.
	* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Build an
	index of used IDs to avoid a database request for each id in the
	allowed range (when the highest allowed ID is already used).
	This speedups the addition of users or groups when the highest
	allowed ID is already used. The additional memory usage of the
	tools should be acceptable when UID_MAX/SYS_UID_MAX are set to a
	reasonable number.
2008-09-13 11:54:49 +00:00
nekral-guest 70c9eeff05 * configure.in: Fix the dependency of ACCT_TOOLS_SETUID on
USE_PAM. Build failed with --without-libpam.
2008-09-07 20:40:41 +00:00
nekral-guest f91b828708 * libmisc/copydir.c: Call utimes() after closing the file. 2008-09-07 00:51:17 +00:00
nekral-guest 828e9d095e * libmisc/copydir.c, configure.in: Check for the presence of
st_mtim and st_mtimensec, as for st_atim and st_atimensec.
2008-09-07 00:05:38 +00:00
nekral-guest bab84a13ff Additional PAM cleanup:
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
	src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
	src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
	src/chsh.c: If the username cannot be determined, report it as
	such (not a PAM authentication failure).
2008-09-06 23:46:44 +00:00
nekral-guest 49f0d8b680 Support for blowfish was requested twice.
Add link to a patch for libxcrypt.
2008-09-06 22:52:35 +00:00
nekral-guest 4976708c00 * src/gpasswd.c: Document the long options in the usage. 2008-09-06 22:20:19 +00:00
nekral-guest 761cdf5dfc Remove done item:
- groupmems: 
  - need some work on add PAM and i18n support.
- userdel:
  - add lookop and remove per user group.
2008-09-06 21:53:12 +00:00
nekral-guest 2fb1dbfcd1 Remove done item:
PAM: add support for customization of the PAM support (i.e.
	support the Debian PAM configuration)
2008-09-06 21:50:15 +00:00
nekral-guest 8b3029e430 * NEWS: Added configure --enable-account-tools-setuid (default) /
--disable-account-tools-setuid options. This permits to disable
	the PAM authentication of the caller for chage, chgpasswd,
	chpasswd, groupadd, groupdel, groupmod, newusers, useradd,
	userdel, and usermod.  This authentication is not necessary when
	these tools are not installed setuid root.
2008-09-06 21:42:26 +00:00
nekral-guest f8aef607ae * configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
	account management tools: chage, chgpasswd, chpasswd, groupadd,
	groupdel, groupmod, useradd, userdel, usermod.
	* src/Makefile.am: Do not link the above tools with libpam if
	account-tools-setuid is disabled.
	* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
	src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
	src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
	(--enable-account-tools-setuid).
	* etc/pam.d/Makefile.am: Install the pam service file for the
	above tools only when needed.
	* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
	needed to initialize retval to PAM_SUCCESS.
2008-09-06 21:35:37 +00:00
nekral-guest bbae92e76f * libmisc/tz.c: tz() is only used when USE_PAM is not defined.
* lib/prototypes.h: Indicate functions whose presence depends on
	the USE_PAM flag.
2008-09-06 16:43:21 +00:00
nekral-guest c89eb6d7eb * libmisc/tz.c: tz() is only used when USE_PAM is not defined.
* lib/prototypes.h: Indicate functions whose presence depends on
	the USE_PAM flag.
2008-09-06 16:42:41 +00:00
nekral-guest 70cf08329b * src/groupmems.c: Call open_files() and close_files().
* src/groupmems.c: Always call check_perms(), which takes care of
	checking if --list is used.
2008-09-06 16:27:21 +00:00
nekral-guest a7b3bcb43c Fix typo. s/Prog/%s/ in the format string. 2008-09-06 16:00:00 +00:00
nekral-guest 18b7c8d188 * libmisc/obscure.c: Compare characters to '\0', not NULL. 2008-09-06 15:59:28 +00:00
nekral-guest f34a638b38 * lib/defines.h: Do not include <config.h>. This complicate
undefining some configuration macros when the file is included
	multiple times.
	* libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
	libmisc/xgetgrgid.c, libmisc/xgetgrnam.c, libmisc/xgetspnam.c:
	Include <config.h> from teh compiled C file, not the included
	getXXbyYY.c.
2008-09-06 15:58:23 +00:00
nekral-guest e48fb58753 Remove DONE item. 2008-09-06 14:00:11 +00:00
nekral-guest 18fc4505d3 * src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
	src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
	src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
	handle, but terminate the PAM transaction as soon as possible if
	there are no PAM session opened.
2008-09-06 13:28:02 +00:00
nekral-guest ee4e367ea8 * src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
	src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
	src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
	src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
	src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
	src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
	static to the file) so that it can be used by the helper functions
	of libmisc.
	* lib/prototypes.h: Added extern char *Prog.
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
	program name with the warning.
2008-09-06 12:51:53 +00:00
nekral-guest 7034a913fd * configure.in: Check if AUDIT_ADD_USER, AUDIT_DEL_USER,
AUDIT_ADD_GROUP, and AUDIT_DEL_GROUP are defined in <libaudit.h>.
2008-09-04 22:34:20 +00:00
nekral-guest e3ebd2c736 * src/useradd.c: Fix comment of lflg: it is also used for faillog. 2008-09-04 20:46:00 +00:00
nekral-guest 25d67da1da Updated TODO list. 2008-09-04 20:41:18 +00:00
nekral-guest 7e17182e4c * NEWS, src/groupmems.c, man/groupmems.8.xml: Document the long
options.
2008-09-04 20:20:20 +00:00
nekral-guest 7e0008a2d7 * lib/prototypes.h, libmisc/audit_help.c: Define new type
shadow_audit_result for the result argument of audit_logger().
	This permits stronger type checking and a better readability of
	the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
	* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
	Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
	of 0 or 1 in audit_logger().
2008-09-04 19:36:27 +00:00
nekral-guest a21809cdae * lib/prototypes.h, libmisc/audit_help.c: Define new type
shadow_audit_result for the result argument of audit_logger().
	This permits stronger type checking and a better readability of
	the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
	* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
	Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
	of 0 or 1 in audit_logger().
2008-09-04 19:35:48 +00:00
nekral-guest 3dcaaf87e7 * src/userdel.c: Log failures to remove the mailbox to syslog and
audit.
	* src/userdel.c: Log successful removal of home directory to audit
	only in case of success.
	* src/userdel.c: Move the audit log of failure to remove the home
	directory before the call to function that may exit.
	* src/userdel.c: Document that errors is only used to count errors
	during the removal of the home directory.
2008-09-03 21:22:04 +00:00
nekral-guest f3c7ca59c5 * src/useradd.c: Log errors to syslog in grp_update() since
changes have started to be reported to syslog.
	* src/userdel.c: Fix some result parameters sent to
	audit_logger().

	* NEWS: Following changes from a patch contributed by Steve Grubb
	<sgrubb@redhat.com>
	* src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead
	of AUDIT_USER_CHAUTHTOK.
	* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead 
	of AUDIT_USER_CHAUTHTOK.
	* src/useradd.c: Log to audit with type AUDIT_ADD_USER /
	AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of
	AUDIT_USER_CHAUTHTOK.
	* src/useradd.c: Add missing logs to audit.
	* src/userdel.c: Log to audit with type AUDIT_DEL_USER /
	AUDIT_DEL_GROUP instead of AUDIT_USER_CHAUTHTOK.
	* src/userdel.c: Add missing logs to audit.
2008-09-03 21:02:32 +00:00
nekral-guest ba98ffe152 Add Tobias' name. 2008-09-02 18:49:56 +00:00
nekral-guest abddd42aa0 * src/groupmems.c: Remove duplicated gr_open(). 2008-08-31 17:41:03 +00:00
nekral-guest 118303b9da * man/useradd.8.xml: Document that -o is only valid with -u 2008-08-31 17:31:08 +00:00
nekral-guest f74d7a9fd0 * man/useradd.8.xml: Document the /etc/default/useradd variables.
* man/useradd.8.xml: Fix the documentation of the GROUP variable
	(and -g/--gid option).
2008-08-31 17:31:00 +00:00
nekral-guest 12a9942732 Added TODO items for useradd. 2008-08-31 17:30:52 +00:00
nekral-guest a109ff1d85 * shadow.spec.in: Fix the source (new FTP). 2008-08-31 17:30:45 +00:00
nekral-guest 3766b78eba Added TODO items.
Removed done items.
2008-08-31 17:30:37 +00:00
nekral-guest 614e95af39 * src/su.c: Add brackets and parenthesis.
* src/su.c: Avoid implicit conversion of pointers to booleans.
2008-08-31 17:30:30 +00:00
nekral-guest 05e4cf9aae * libmisc/list.c: Added assertions for non NULL parameters. 2008-08-31 17:30:21 +00:00
nekral-guest d2c11f8bee * libmisc/list.c: Remove historical comment. 2008-08-31 17:30:12 +00:00
nekral-guest c04189bfb6 * src/pwconv.c, src/pwunconv.c: Fail if unexpected parameters are
provided.
2008-08-31 17:30:00 +00:00
nekral-guest 6c5e97e745 * src/passwd.c: Add brackets and parenthesis.
* src/passwd.c: Avoid implicit conversion of pointers to booleans.
	* src/passwd.c: Avoid assignments in comparisons.
2008-08-31 17:29:51 +00:00
nekral-guest 687ae4f4a8 Finish the support for shadow groups. 2008-08-31 17:29:41 +00:00
nekral-guest 87b56b19fb * NEWS, src/groupmems.c, man/groupmems.8.xml: Added support for
shadow groups.
	* src/groupmems.c: Use fail_exit() instead of exit().
2008-08-31 17:29:34 +00:00
nekral-guest 190a6e7687 re-indent. 2008-08-31 17:29:24 +00:00
nekral-guest 046fe0cfe0 * src/groupmems.c: Avoid mixed declarations and code. 2008-08-31 17:29:17 +00:00
nekral-guest 81e1dbc90e * src/groupmems.c: The grp structure returned by gr_locate is a
const. Duplicate this structure before working on it.
	* src/groupmems.c: Do not fail and do not display warnings if a
	close failure happens with the --list option. (Files are opened
	read-only).
2008-08-31 17:29:08 +00:00
nekral-guest 281721cd15 * src/gpasswd.c: Replace the 'valid' variable by is_valid to avoid
clashes with the valid() function.
2008-08-31 17:28:59 +00:00
nekral-guest 0fcae007a0 * libmisc/obscure.c: Add brackets and parenthesis.
* libmisc/obscure.c: Avoid implicit conversion of pointers / chars to
	booleans.
	* libmisc/obscure.c: Simplify the list of if.
2008-08-31 17:28:49 +00:00
nekral-guest 6b3266f228 * src/passwd.c: Fix a typo in the Usage string. 2008-08-31 17:28:39 +00:00
nekral-guest ce4152c817 * src/logoutd.c: Fail if
unexpected parameters are provided.
2008-08-31 17:28:30 +00:00
nekral-guest 73877b22c4 * src/grpunconv.c: Fail if unexpected parameters
are provided.
	* src/grpunconv.c: Indicate that argc is not used
	in the no SHADOWGRP version.
2008-08-31 17:28:21 +00:00
nekral-guest bf3e8f290c * src/grpconv.c, src/groups.c: Name the parameters in the
prototypes of the static functions.
	* src/grpconv.c: Fail if unexpected parameters are provided.
	* src/grpconv.c: Indicate that argc is not used in the no
	SHADOWGRP version.
2008-08-31 17:28:12 +00:00
nekral-guest 81a4edb776 Name the parameters in the prototypes of the static functions. 2008-08-31 17:28:03 +00:00
nekral-guest 399f453b4d * src/chgpasswd.c, src/chpasswd.c: Removed variable ok, which is
no more used.
2008-08-31 17:27:56 +00:00
nekral-guest 8e6c4b2e07 * src/chage.c: Fix the format for long integers (from %ul to %lu). 2008-08-31 17:27:47 +00:00
nekral-guest 4507bd32af * libmisc/utmp.c: Mark the line and host arguments of setutmp() as
not used in the __linux__ version.
2008-08-31 17:27:37 +00:00
nekral-guest e9a14b2409 * lib/nscd.c: Avoid redefinition of _GNU_SOURCE. 2008-08-31 17:27:26 +00:00
nekral-guest cd6a300222 * configure.in, src/login.c: Do not use HAVE_PAM_FAIL_DELAY, but
HAS_PAM_FAIL_DELAY, to avoid a redefinition with Linux PAM.
2008-08-31 17:27:16 +00:00
nekral-guest 978b3ef881 * configure.in: Indentation fix. 2008-08-31 17:27:06 +00:00
nekral-guest da693710f6 Revert " * src/groupmems.c: Added function open_°files and close_files to"
This reverts commit eb3860eb3647d1b092ffe9baa1eb2f73a27a0d87.
2008-08-31 17:26:55 +00:00
nekral-guest 71656e3cba * src/groupmems.c: Added function open_°files and close_files to
ease the support of gshadow.
	* src/groupmems.c: Always call check_perms(). This function now
	succeed when the requested action is to list the members.
2008-08-30 18:34:43 +00:00
nekral-guest 72d75d50d9 * src/groupmems.c: Added functions add_user(), remove_user(), and
purge_members() to ease the support of gshadow.
2008-08-30 18:34:24 +00:00
nekral-guest cdf963b2b3 * src/expiry.c: Use Basename for Prog.
* src/expiry.c: Added missing OPENLOG.
2008-08-30 18:34:04 +00:00
nekral-guest 6598f82111 Added brackets. 2008-08-30 18:33:37 +00:00
nekral-guest de11907053 * lib/nscd.c: Make sure the file is not empty when configured
without nscd support.
2008-08-30 18:33:13 +00:00
nekral-guest 8075d27e32 * configure.in: Remove the USE_NSCD AM_CONDITIONAL (USE_NSCD is
not used in any Makefile.am).
	* configure.in: Make sure posix_spawn is present when configured
	with nscd support.
2008-08-30 18:32:43 +00:00
nekral-guest 7109072b8f * lib/groupmem.c, lib/pwmem.c, lib/shadowmem.c: Added brackets and
parenthesis.
	* lib/groupmem.c, lib/pwmem.c, lib/shadowmem.c: Avoid assignments
	in comparisons.
2008-08-30 18:32:19 +00:00
nekral-guest cf4aea18b4 * libmisc/mail.c: Added brackets and parenthesis.
* libmisc/mail.c: Avoid assignments in comparisons.
2008-08-30 18:31:56 +00:00
nekral-guest 7bbaec8fed Added missing changes from last commit. 2008-08-30 18:31:35 +00:00
nekral-guest 68b7aad535 * configure.in: Check if the stat structure has a st_atim or
st_atimensec field.
	* libmisc/copydir.c: Conditionally use the stat's st_atim and
	st_atimensec fields.
2008-08-30 18:31:21 +00:00
nekral-guest f86b2704d5 * lib/groupio.h, lib/prototypes.h, lib/pwio.h, lib/sgetgrent.c:
Include <sys/types.h> before <pwd.h> and <grp.h>. It is necessary
	for the definition of uid_t and gid_t.
	* lib/pwmem.c: do not include <pwd.h>, "pwio.h" is sufficient
	here.
2008-08-30 18:30:58 +00:00
nekral-guest c59126a817 * configure.in, lib/nscd.h, lib/nscd.c: Added --with-nscd flag to
support systems without nscd.
2008-08-30 18:30:36 +00:00
nekral-guest b4899946ef Added missing include file (assert.h). 2008-08-30 18:30:15 +00:00
nekral-guest 76ea48bb64 * NEWS: Added support for uclibc.
* configure.in, libmisc/copydir.c: futimes() and lutimes() are not
	standard. Check if they are implemented before using them. Do not
	set the time of links if lutimes() does not exist, and use
	utimes() as a replacement for futimes().
2008-08-30 18:29:55 +00:00
nekral-guest 0802405344 * src/groupmems.c: Handle the options alphabetically. 2008-08-30 18:29:31 +00:00
nekral-guest 0c7df2f9a0 * src/groupmems.c: When removing an user, check if deluser is on
the list, not adduser. This fixes a segmentation fault for every
	call of groupmems -d.
	* libmisc/list.c: Add assertions to help identifying these issues.
	* libmisc/list.c: Avoid implicit conversion of pointers to
	booleans.
2008-08-30 18:29:08 +00:00
nekral-guest 77f81fa0b6 * NEWS, src/groupmems.c: Use the "groupmems" PAM service name
instead of "groupmod".
2008-08-30 18:28:45 +00:00
nekral-guest 8851893412 * src/chfn.c: Merge some translated messages.
* src/groupmems.c, src/groupadd.c, src/gpasswd.c, src/chsh.c,
	src/chfn.c: Harmonize *_update() failure messages.
	* src/groupmems.c: Harmonize gr_close() failure messages.
	* src/newgrp.c: Harmonize "unknown GID" messages.
	* src/newusers.c: Move the pwd declaration to a inner block scope.
2008-08-30 18:28:24 +00:00
nekral-guest aa2fee4969 * src/useradd.c: Harmonize some error messages.
* src/userdel.c: Add log to syslog when the mail file could not be
	removed.
	* src/userdel.c: Give more context an error message (merge with
	perror()).
	* src/usermod.c: Harmonize some error messages.
2008-08-30 18:27:59 +00:00
nekral-guest d7b55ce2bb * src/groupmems.c: Check the return value of gr_update().
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
	src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupmems.c,
	src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
	src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c,
	src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the error
	message sent to stderr in case of *_update () failure.
	* src/chage.c, src/chsh.c, src/groupadd.c, src/passwd.c: Do not
	log to syslog when pw_update() or spw_update() fail.
	* src/newusers.c: Do not log specific error message to stderr when
	sgr_update() fails.
	* src/pwconv.c: Remove duplicated definition of Prog.
2008-08-30 18:27:34 +00:00
nekral-guest 38a50366bc * src/chfn.c, src/chsh.c, src/expiry.c, src/gpasswd.c,
src/newgrp.c, src/passwd.c, src/su.c: Use the same stderr and
	syslog warnings when the username cannot be determined.
	* src/newgrp.c: Reuse the same stderr message for groups which do
	not exist in the system.
2008-08-30 18:27:07 +00:00
nekral-guest 307f703b99 * src/usermod.c: Log errors while *_close to syslog.
* src/usermod.c: Added missing }
2008-08-22 02:34:04 +00:00
nekral-guest 306f19b805 * src/grpconv.c: Use Basename for the definition of Prog. Prog
needs a file visibility.
	* src/grpunconv.c: Likewise.
2008-08-22 02:33:08 +00:00
nekral-guest 421085672b Fix typos. 2008-08-22 02:31:55 +00:00
nekral-guest b6dc6082ab Fix a typo (sgr_dbmane -> sgr_dbname) 2008-08-22 02:31:15 +00:00
nekral-guest a3be8ff055 * src/chfn.c: Do not exit on pw_unlock failures.
* src/grpconv.c, src/grpunconv.c, src/pwconv.c, src/pwunconv.c,
	src/vipw.c: Open syslog with the right identification name.
	* src/vipw.c: Log unlock errors to syslog.
	* src/vipw.c: Log edits to syslog.
	* src/chage.c, src/chfn.c, src/chsh.c, src/gpasswd.c,
	src/groupadd.c, src/groupdel.c, src/groupmod.c, src/grpconv.c,
	src/grpunconv.c, src/passwd.c, src/pwck.c, src/pwunconv.c,
	src/useradd.c, src/usermod.c: Harmonize the syslog levels. Failure
	to close or unlock are errors. Failure to open files are warnings.
2008-08-22 02:30:33 +00:00
nekral-guest c9119dc6bb * src/newusers.c: Open syslog with the right identification name.
* src/newusers.c: Mark the files as locked only if they are really
	locked (i.e. if shadow is not enabled, the files are not locked).
2008-08-22 02:29:31 +00:00
nekral-guest cfeacc4d67 * NEWS, src/gpasswd.c: Use getopt_long instead of getopt. Added
support for long options --add (-a), --delete (-d),
	--remove-password (-r), --restrict (-R), --administrators (-A),
	and --members (-M)
	* man/gpasswd.1.xml: Document the new long options.
	* src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is
	defined.
2008-08-22 02:28:15 +00:00
nekral-guest 7cc0389757 Remove done items. 2008-08-22 02:27:26 +00:00
nekral-guest 2bdcb9c33d * src/grpck.c: Added function fail_exit(). Check failure to unlock
files. Report errors to stderr and syslog, but continue.
	* src/grpconv.c: Check failure to unlock files. Report errors to
	stderr and syslog, but continue.
2008-08-22 02:26:46 +00:00
nekral-guest 7ae6b8fc34 * src/passwd.c: Check failure to unlock files. Report errors to
stderr and syslog, but continue.
2008-08-22 02:24:29 +00:00
nekral-guest 82779cd336 * src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
	src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
	src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
	of the variables keeping the lock status, to match the shadow
	library prefixes.
2008-08-22 02:22:34 +00:00
nekral-guest 82ed690817 * src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
	src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
	src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
	src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
	case of a lock failure, indicate to the user that she can try
	again later. Do not log to syslog.
2008-08-22 02:20:53 +00:00
nekral-guest 130553a578 Sort the NEWS entry alphabetically (per program name). 2008-08-22 02:18:48 +00:00
nekral-guest 1355d5d3eb * NEWS, src/passwd.c: For compatibility with other passwd version,
the --lock an --unlock options do not lock or unlock the user
	account anymore.  They only lock or unlock the user's password.
	* man/passwd.1.xml: Document above change. Document how an account
	can be locked and what a password lock means.
2008-08-22 02:16:21 +00:00
nekral-guest fa33bb9d0e * man/groupadd.8.xml: Fix the regular expression for group policy.
The final $ character is optional.
	* man/groupadd.8.xml: Likewise.
	* man/groupadd.8.xml: Indicate the maximum size of usernames.
2008-08-15 15:25:53 +00:00
nekral-guest 0ebc407246 * man/po/pl.po: Fix typo in the Polish translation (see
http://bugs.debian.org/491460)
2008-08-15 15:25:23 +00:00
nekral-guest 2c950c5cb5 * man/pl/Makefile.am: Do not build the Polish translation of
login.1 and su.1 (not enough translated). See
	http://bugs.debian.org/491460
2008-08-13 06:55:55 +00:00
nekral-guest 2722e6bb68 * man/shadow.5.xml: Fix typo. The password must be changed before
the maximum number of days, not after.
2008-08-13 06:55:37 +00:00
nekral-guest ce4e0b78bc Updated TODO file.
Added entries:
  * all: report nscd_flush_cache failures?
  * groupmems: Add support for gshadow
Removed entries:
  * groupmems: check reason for isgroup (function already removed)
2008-08-09 23:34:04 +00:00
nekral-guest 5d1795062f * src/groupmems.c: Harmonize the unlock failure messages. 2008-08-09 23:33:46 +00:00
nekral-guest b6cc69cd8f * src/pwck.c: Added fail_exit().
* src/pwck.c: Report failure to unlock files to stderr and
	syslog.
	* src/pwck.c: Report failure to sort to stderr, and exit with
	E_CANTSORT.
	* man/pwck.8.xml: Document return code 6 (E_CANTSORT).
2008-08-09 23:33:26 +00:00
nekral-guest 10e78fbd8e * src/vipw.c: Report failures to remove files to stderr.
* src/vipw.c: Report failures to unlock files to stderr.
2008-08-09 23:31:36 +00:00
nekral-guest e3e99974f8 * NEWS, src/groupmems.c: Added syslog support.
* src/groupmems.c: members() renamed display_members() to
	avoid name clash with its members argument.
	* src/groupmems.c: Report failure to unlock to syslog.
	* src/groupmems.c: Harmonize error messages.
	* src/groupmems.c: Report failures to write the new group file to
	syslog (gr_close() failure).
	* src/groupmems.c: Don't use fail_exit for non-failure exit.
2008-08-09 23:28:30 +00:00
nekral-guest e069125a2c * src/chsh.c: Added fail_exit().
* src/chsh.c: Use fail_exit() instead of exit(), this avoid
	calling closelog() every times.
	* src/chsh.c: Ignore the return value or pam_end().
	* src/chsh.c: Simplify the PAM error handling.
	* src/chsh.c: Report failure to unlock files to stderr and
	syslog.
2008-08-09 23:27:50 +00:00
nekral-guest 0528803da6 Include missing exitcodes.h 2008-08-09 23:27:05 +00:00
nekral-guest e5e00ce9d6 Improve commonalities between chgpasswd and chpasswd. 2008-08-09 23:25:49 +00:00
nekral-guest 69b276a712 * src/chpasswd.c: Added fail_exit().
* src/chpasswd.c: Added support for syslog.
	* src/chpasswd.c: Report failure to unlock files to stderr and
	syslog.
	* src/chpasswd.c: Simplify the PAM error handling.
	* src/chpasswd.c: Report failure during *_close() to syslog.
	* src/chpasswd.c: Ignore the return value or pam_end().
2008-08-09 23:25:18 +00:00
nekral-guest 5c04fe9b61 Added missing Prog. 2008-08-09 23:24:15 +00:00
nekral-guest 9c050c54ef Added missing Prog. 2008-08-09 23:23:44 +00:00
nekral-guest 3a07026740 Fix typo: missing O_RDWR parameter to *_open(). 2008-08-09 23:23:12 +00:00
nekral-guest 538db04950 * src/chgpasswd.c: Added fail_exit().
* src/chgpasswd.c: Added support for syslog.
	* src/chgpasswd.c: Report failure to unlock files to stderr and
	syslog.
	* src/chgpasswd.c: Simplify the PAM error handling.
	* src/chgpasswd.c: Report failure during *_close() to syslog.
	* src/chgpasswd.c: Ignore the return value or pam_end().
2008-08-09 23:22:00 +00:00
nekral-guest e2b778a38e * src/userdel.c: Report failure to remove entries from group or
gshadow to stderr.
	* src/userdel.c: Fail in case of failure during the write of a
	user or group database. Report errors to syslog.
	* src/userdel.c: Do not unlock non locked files.
	* src/userdel.c: Report failure to unlock the passwd or shadow
	file to stderr and syslog.
2008-08-07 08:44:06 +00:00
nekral-guest 85bc9c1d1a * src/pwunconv.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
2008-08-07 08:03:55 +00:00
nekral-guest 501ae11f51 * src/usermod.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
2008-08-07 08:03:38 +00:00
nekral-guest eb6cb5311b * src/newusers.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
	* src/newusers.c: In case of error when files are open or closed,
	indicate the failing file.
	* src/newusers.c: Do not try to unlock the files manually since
	this is done in fail_exit.
2008-08-07 08:03:13 +00:00
nekral-guest e3a5f66059 * src/chage.c: Report failure to unlock the passwd or shadow file
to stderr and syslog.
2008-08-07 08:02:52 +00:00
nekral-guest fd4b6cc52a * src/pwconv.c: Report failure to unlock the passwd or shadow file
to stderr and syslog.
	* src/pwconv.c: Report failure to chmod the backup file.
2008-08-07 08:02:34 +00:00
nekral-guest 93ccc35ff0 * src/grpunconv.c: Report failure to unlock the group or gshadow
files to stderr and syslog.
2008-08-07 08:02:13 +00:00
nekral-guest ccc49e8841 * src/chfn.c: Added fail_exit(). Check if the passwd file is
locked. Report failures to unlock to stderr and syslog.
	* src/chfn.c: Is case of failure, use fail_exit() rather than
	exit().
	* src/chfn.c: Ignore the return value of pam_end().
2008-08-07 08:01:44 +00:00
nekral-guest 7fc596fb8a * lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
	Added *_dbname() functions to retrieve the name of the databases.
	* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
	lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
	*_name() functions renamed *setname().
	* src/grpck.c, src/pwck.c: Likewise.
	* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
	the name of the arguments to the prototypes.
	* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
	src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
	src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
	src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
	src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
	Harmonize the erro & syslog messages in case of failure of the
	*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
	* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
	capitalized messages.
	* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
	in case of inexistent entries.
	* src/usermod.c:  Harmonize messages in case of already existing
	entries.
	* src/newusers.c, src/useradd.c: Simplify PAM error handling.
	* src/useradd.c: Report failures to unlock files (stderr, syslog,
	and audit). But do not fail (continue).
	* src/useradd.c (open_files): Do not report to syslog & audit
	failures to lock or open the databases. This might be harmless,
	and the logs were not already informed that a change was
	requested.
	* src/usermod.c: It's not the account which is unlocked, but its
	password.
2008-08-06 15:57:31 +00:00
nekral-guest b0fe7d3a0b * src/groupadd.c: Only call gr_unlock() and sgr_unlock() in the
group or gshadow files were previously locked.
	* src/groupadd.c: Make sure failures are reported to syslog/audit
	after the change is mentioned.
	* src/groupmod.c: Add logging to syslog & audit on lock/unlock
	failures.
	* src/groupmod.c: Make sure issues are reported to syslog or audit
	after the change is mentioned.
	* src/groupdel.c: Only call gr_unlock() and sgr_unlock() in the
	group or gshadow files were previously locked.
	* src/groupdel.c: Simplify the handling of PAM errors.
2008-08-06 15:56:51 +00:00
nekral-guest 6461841ccd * Merge two is_shadowgrp blocks.
* Indicate that we continue when *_unlock fail
2008-08-06 15:55:57 +00:00
nekral-guest 75e65f72c2 Re-indent. 2008-08-06 15:55:16 +00:00
nekral-guest 2cba7fdfcd * src/groupdel.c: Add logging to syslog & audit on lock/unlock
failures.
2008-08-06 15:54:49 +00:00
nekral-guest 9ddc88dd9d * src/groupdel.c: Harmonize error & syslog messages. 2008-08-06 15:54:16 +00:00
nekral-guest bc8456425d * src/groupmod.c: Harmonize error & syslog messages. 2008-08-06 15:53:50 +00:00
nekral-guest 7eab6d9958 * src/groupadd.c: Harmonize error & syslog messages.
* src/groupadd.c: Add logging to syslog in some error cases.
2008-08-06 15:53:30 +00:00
nekral-guest 2bf3f0c03c * src/gpasswd.c: Warn and log to syslog and audit when group or
gshadow cannot be unlocked, but do not fail.
2008-08-06 15:52:42 +00:00
nekral-guest 9eea2344fc * src/gpasswd.c: Harmonize error & syslog messages. 2008-08-06 15:52:21 +00:00
nekral-guest 538600ef48 * src/chfn.c, src/chsh.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/login.c, src/logoutd.c,
	src/newgrp.c, src/newusers.c, src/passwd.c, src/pwck.c,
	src/suauth.c, src/useradd.c, src/userdel.c, src/usermod.c,
	src/vipw.c: Complete the switch from the `' quotation style to ''.
	Do it also in SYSLOG messages. Quote some parameters. All this
	permits to merge some messages.
2008-08-06 15:51:52 +00:00
nekral-guest 2ebd2a08ff Added Lukáš Kuklínek. 2008-07-31 16:50:59 +00:00
nekral-guest 6713942f83 * src/groupmems.c: Only check if the adduser user exists when an
user is specified with -a.
2008-07-30 14:11:09 +00:00
nekral-guest c6f5ce280f * src/groupmems.c: Fix the groupmems' usage message. The -D option
is in fact -p.
2008-07-30 00:27:55 +00:00
nekral-guest 9aad7a3783 * src/groupmems.c: Replace an if test by an else. 2008-07-27 22:30:47 +00:00
nekral-guest a22551d56b * src/groupmems.c: Ignore the return value of fputs(). 2008-07-27 22:30:39 +00:00
nekral-guest d6f96fa07e * src/groupmems.c (whoami): Make sure usr and grp are not NULL
before dereferencing them.
2008-07-27 22:30:31 +00:00
nekral-guest 5a0715fd6c * src/groupmems.c: Use xstrdup() rather than strdup(). 2008-07-27 22:30:22 +00:00
nekral-guest 717110d355 * src/groupmems.c: Add parenthesis.
* src/groupmems.c: Avoid implicit conversion of pointers / chars to
	booleans.
2008-07-27 22:30:12 +00:00
nekral-guest d5c6257ac2 * NEWS, src/groupmems.c: Allow everybody to list the users of a group.
This information is publicly available in /etc/group.
	* NEWS, src/groupmems.c: Open /etc/group read only for the -l option.
2008-07-27 02:33:37 +00:00
nekral-guest 88fce52fbf * man/groupmems.8.xml: Sort options alphabetically. 2008-07-27 02:11:32 +00:00
nekral-guest 8f3ee46325 Harmonize error messages and add the prototypes for whoami(), members(), and usage(). 2008-07-27 01:47:56 +00:00
nekral-guest aa035f9853 * src/groupmems.c (check_perms): Simplify. Always call pam_end()
at the end of the authentication.
2008-07-27 01:41:07 +00:00
nekral-guest b2f5629de8 * src/groupmems.c: Add fail_exit() to remove the group lock file
in case of failure. Replace the calls to exit() by fail_exit().
2008-07-27 01:35:08 +00:00
nekral-guest db98798134 * src/groupmems.c: Reduce the number of checks. Isolate the
parameters setting and permissions checking.
2008-07-27 01:16:13 +00:00
nekral-guest d4227e75cd * src/groupmems.c: Add functions process_flags() and check_perms()
from code of main().
	* src/groupmems.c: Harmonize the failure message in case of PAM
	failure with the other programs.
2008-07-27 00:59:42 +00:00
nekral-guest e6c015e0d0 * src/groupmems.c: Remove isgroup(), which always returns TRUE. 2008-07-27 00:35:04 +00:00
nekral-guest 44db9db053 * src/groupmems.c: Reuse the functions from libmisc/list.c to deal
with user lists. addtogroup() was broken when realloc() move the
	memory area.
	* src/groupmems.c: Report failures with the name of the program.
2008-07-27 00:21:42 +00:00
nekral-guest 4c2ed7b52e * src/groupmems.c: EXIT_READ_GROUP changed to EXIT_INVALID_GROUP.
* src/groupmems.c: EXIT_INVALID_USERNAME changed to EXIT_INVALID_USER.
	* src/groupmems.c: Fix typos.
2008-07-27 00:11:25 +00:00
nekral-guest 6f571dbfc6 * src/groupmems.c: Really use booleans.
* src/groupmems.c: Change isroot() to a macro that returns a
	boolean.
2008-07-26 16:24:27 +00:00
nekral-guest a363e1c51f * lib/defines.h: Make sure the booleans are defined before using
them.
2008-07-26 16:13:29 +00:00
nekral-guest b684ea837d 2008-07-26 Nicolas François <nicolas.francois@centraliens.net>
* src/groupmems.c: Added Prog global variable to indicate the name
	of the program in error messages.

2008-07-22  Lukáš Kuklínek  <lkukline@redhat.com>

	* NEWS, src/groupmems.c: Check if the user added to group actually
	exist. RedHat bug #455603
	* NEWS, src/groupmems.c: Check if the group exists in the group
	local database (/etc/group). RedHat bug #456088
2008-07-26 16:11:49 +00:00
nekral-guest d4eced9b84 * lib/prototypes.h: Fix getrange prototype. 2008-07-21 22:45:49 +00:00
nekral-guest a674a2e6fd Re-indent. 2008-07-21 22:45:08 +00:00
nekral-guest 276e406c0f * README, NEWS, configure.in, lib/pam_defs.h, src/login.c: Add
support for OpenPAM.
2008-07-21 21:14:06 +00:00
nekral-guest 7ac0323c7b * src/chage.c: Ignore the return value of pam_end() before exiting.
* src/chage.c: Ignore return values of strftime(), snprintf(),
	puts(), printf(), and fputs().
	* src/chage.c: Check the return value of asctime().
2008-07-11 22:31:43 +00:00
nekral-guest 95c78ce92b * lib/gshadow.c: Avoid assignments in comparison. 2008-07-11 22:23:42 +00:00
nekral-guest 21c692d23f Re-inject the changes from 4.1.2.1. 2008-07-11 22:20:43 +00:00
nekral-guest 5b194e290c Fix typo. 2008-07-11 22:04:02 +00:00
nekral-guest 22fb4fe019 * src/usermod.c: Do not call usr_update() if it will have no
effects. This avoid checking if the user exists in the local passwd
	file if not necessary, and thus allow to add LDAP users to local
	groups. (The user is already checked against the system
	configuration with getpwnam()). Thanks to Dan Kopecek.
2008-07-11 21:50:05 +00:00
nekral-guest 62c8e79676 * src/usermod.c: Split update_files() into update_lastlog() and
update_faillog(). Report errors (but don't fail) if the file
	exist, but open(), lseek(), read(), write(), or close() fails.
	* src/usermod.c: Add brackets and parenthesis.
	* src/usermod.c: Ignore the return value of pam_end() before
	exiting.
	* src/usermod.c: Ignore the return value of strftime(),
	snprintf(), and puts().
	* src/usermod.c: Check the return value of gmtime() and asctime(),
	and output the raw time_t on failures.
2008-07-11 20:52:44 +00:00
nekral-guest e4e3bd5175 * libmisc/setugid.c: Add brackets. 2008-07-11 20:23:07 +00:00
nekral-guest eb18ee624f Re-indent. 2008-06-17 22:00:36 +00:00
nekral-guest 6298ca94cb * libmisc/env.c: Avoid implicit conversion of pointers / chars to
booleans.
	* libmisc/env.c: Add brackets and parenthesis.
	* libmisc/env.c: Ignore the return value of puts() and fputs().
	* libmisc/env.c: Avoid multi-statements lines.
2008-06-17 21:58:46 +00:00
nekral-guest 7c9270d7a5 Re-indent. 2008-06-17 21:17:45 +00:00
nekral-guest 5f9226b14b * libmisc/utmp.c: Avoid implicit conversion of pointers / chars to
booleans.
	* libmisc/utmp.c: Add brackets and parenthesis.
	* libmisc/utmp.c: Exit with the EXIT_FAILURE status code in case
	of failure.
	* libmisc/utmp.c: Avoid assignments in comparisons.
	* lib/prototypes.h, libmisc/utmp.c: Change setutmp()'s prototype
	to return an int because pututline() and pututxline() may fail.
2008-06-17 21:13:30 +00:00
nekral-guest 9320075030 * libmisc/audit_help.c: Added one string for translation.
* po/POTFILES.in: Added libmisc/audit_help.c,
	libmisc/find_new_gid.c, libmisc/find_new_uid.c, libmisc/getlong.c,
	libmisc/getrange.c, libmisc/xgetXXbyYY.c, and libmisc/yesno.c.
	Removed libmisc/find_new_ids.c
2008-06-17 20:52:19 +00:00
nekral-guest ca032792bd * src/useradd.c: If the faillog file exist, warn in case of
failure when open(), lssek(), write() or close() fails when the
	new user's faillog entry is reset.
	* src/useradd.c: Ditto for the lastlog entry.
2008-06-15 22:25:51 +00:00
nekral-guest abb95d5aab * libmisc/limits.c: Add brackets and parenthesis.
* libmisc/limits.c: Avoid implicit conversion of pointers /
	integers to booleans.
	* libmisc/limits.c: Ignore the return value of umask(). We will
	never return to the original umask.
	* libmisc/limits.c: Avoid multi-statements lines.
	* libmisc/limits.c: Added default to a switch(). Report invalid
	limit strings to syslog.
	* libmisc/limits.c: Ignore the return value of fclose().
	/etc/limits is open read-only.
	* libmisc/limits.c: Ignore the return value of fputs() and
	sleep().
	* libmisc/limits.c: Check the return value of nice() and
	set_filesize_limit(), and report errors to syslog.

	* libmisc/ulimit.c, lib/prototypes.h: Return failures of
	set_filesize_limit(). Change the prototype to return an int
	instead of void.
2008-06-15 21:59:41 +00:00
nekral-guest dcd480ffd9 * libmisc/failure.c: Try to close the open file if a failure
occured during lseek(), read() or write().
2008-06-15 19:16:34 +00:00
nekral-guest 68cdac68cb * libmisc/log.c: Check return values. If lseek() failed, avoid
reading or writing at an unspecified location. Log to syslog in
	case of failure.
	* libmisc/log.c: Use the right casts.
2008-06-15 19:15:15 +00:00
nekral-guest e1307ea789 * libmisc/find_new_ids.c, libmisc/find_new_gid.c,
libmisc/find_new_uid.c, libmisc/Makefile.am, lib/prototypes.h:
	Split find_new_ids.c into find_new_gid.c and find_new_uid.c to
	ease the description of login.defs variables in the different
	tools.
2008-06-15 18:33:52 +00:00
nekral-guest 52fe9f62f6 * libmisc/failure.c: Ignore the return value of strftime() and
printf().
	* libmisc/failure.c: Fix syslog call. The UID is not available.
	User the username specified in the utmp/utmpx entry.
2008-06-15 00:01:46 +00:00
nekral-guest f42160862a * lib/defines.h: Avoid implicit conversion of pointers to
booleans.
	* lib/defines.h: Ignore return values of setlocale() except the
	first call.
	* lib/defines.h: Fix a splint observer warning by using an
	intermediate variable (old_locale).
2008-06-14 23:41:38 +00:00
nekral-guest 1b631c42ef * libmisc/failure.c: Check return values. If lseek() failed, avoid
reading or writing at an unspecified location. Log to syslog in
	case of failure when reading a faillog entry or writing in
	faillog or btmp.
	* libmisc/failure.c: Check if the file exist before opening it.
	* libmisc/failure.c: Log failures of open() and close() when
	necessary.
2008-06-14 23:38:43 +00:00
nekral-guest 0afd6a8312 * lib/prototypes.h: Add the getrange() prototype.
* lib/prototypes.h: Fix the valid_field() prototype (does not
	return an bool).
	* lib/prototypes.h: Fix the valid() prototype (it does return a
	bool).
2008-06-14 21:11:19 +00:00
nekral-guest 4ac21ca652 * lib/getdef.c: Fix the getdef_ulong() prototype.
* lib/getdef.h: Fix the getdef_ulong() prototype.
2008-06-14 21:09:33 +00:00
nekral-guest dbbae8dcd3 * src/lastlog.c: Use getrange to parse the range of users.
* src/lastlog.c: umin and umax do not need to be signed long. Use
	an unsigned long which might be needed to parse a GID or UID. Add
	the has_umin and has_umax to replace the -1 values.
	* src/lastlog.c: Cast dates to time_t.
	* src/lastlog.c: Prefix lastlog errors with "lastlog: ".
2008-06-14 21:06:53 +00:00
nekral-guest eed5fc7179 * libmisc/getlong.c: Reset errno before calling strtol().
Otherwise, errno could be already set to ERANGE.
2008-06-14 21:02:52 +00:00
nekral-guest b8c5483b85 * libmisc/Makefile.am, libmisc/getrange.c: Added function to parse
a range (useful for lastlog).
2008-06-14 21:01:11 +00:00
nekral-guest 4f12c31e3b * src/chsh.c: <signal.h> is not needed. 2008-06-14 15:03:58 +00:00
nekral-guest 53543b9b6a * lib/prototypes.h: Define AUDIT_NO_ID to (unsigned int) -1. This
value should be used when the ID should not be considered.
	* lib/prototypes.h: Fix the prototype of do_rlogin() according to
	earlier changes.
2008-06-13 21:57:47 +00:00
nekral-guest afafd0f683 * lib/shadow.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spwd.sp_flag.
	* lib/shadow.c: Add brackets.
	* lib/shadow.c: Avoid implicit conversion of pointers to
	booleans.
	* lib/shadow.c: The size argument of fgets is an int, not a
	size_t.
2008-06-13 21:55:51 +00:00
nekral-guest d65354efcf * lib/commonio.c: len should be typed ssize_t as it is the return
of read(), and is compared to 0. Cast to size_t when necessary.
2008-06-13 21:53:41 +00:00
nekral-guest d3abd86df5 * libmisc/find_new_ids.c: Use getdef_ulong to retrieve UIDs/GIDs
from login.defs. Type constants to long integers.
2008-06-13 21:49:57 +00:00
nekral-guest 838f39d0fd * lib/gshadow.c: Use a bool when possible instead of int integers.
* lib/gshadow.c: Remove __setsgNIS() -never used).
	* lib/gshadow.c: Avoid multi-statements lines.
	* lib/gshadow.c: Avoid assignments in comparisons.
	* lib/gshadow.c: ptr[nelem] is a string. Initialize it to NULL
	instead of '\0'.
	* lib/gshadow.c: Add brackets and parenthesis.
	* lib/gshadow.c: The size argument of strncpy is a size_t and the
	size argument of fgets is an int.
2008-06-13 21:45:47 +00:00
nekral-guest 4589ba350f * lib/groupio.c: Add brackets.
* lib/groupio.c: Make sure malloc receives a size_t.
	* lib/groupio.c: Avoid multi-statements lines.
2008-06-13 21:39:24 +00:00
nekral-guest 92143eb7b9 * lib/sgetspent.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spwd.sp_flag.
2008-06-13 21:36:41 +00:00
nekral-guest c9679b7954 * lib/getdef.h, lib/getdef.c: Add getdef_ulong().
* lib/getdef.c: Added TODOs because of lack of error checking.
	* lib/getdef.c: The size argument of fgets is an int, not a
	size_t.
	* lib/getdef.c: Avoid multi-statements lines.
2008-06-13 21:35:22 +00:00
nekral-guest 5fc99a117b * src/id.c: Make sure malloc receives a size_t.
* src/id.c: Use a %lu format and cast group and user IDs to
	unsigned long integers.
2008-06-13 21:31:23 +00:00
nekral-guest 87ba782106 * src/sulogin.c: Ignore the return value of signal(). 2008-06-13 21:30:09 +00:00
nekral-guest dd8a09ce8d * src/groups.c: sys_ngroups is only used when HAVE_GETGROUPS is
defined.
2008-06-13 21:29:13 +00:00
nekral-guest ba7dde0168 * src/faillog.c: Ignore return value of time() when use with a
non NULL argument.
	* src/faillog.c: Use a %lu format and cast number of days to
	unsigned long integers.
	* src/faillog.c: Cast dates to time_t.
2008-06-13 21:28:11 +00:00
nekral-guest 3a03794bb6 * src/login.c: Ignore the return value of signal().
* src/login.c: Use a %lu format and cast group and user IDs to
	unsigned long integers.
	* src/login.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-13 21:25:15 +00:00
nekral-guest fe753e24a3 * src/chage.c: Add the arguments' names in the functions
prototypes.
	* src/chage.c: The ID argument of audit_logger is an unsigned
	int. Use AUDIT_NO_ID instead of -1.
	* src/chage.c: print_date() received a time_t.
	* src/chage.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of spwent.sp_flag.
2008-06-13 21:23:09 +00:00
nekral-guest 42a4604461 * src/groupadd.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
	* src/groupadd.c: Cast the parsed GID/UID to a gid_t/uid_t.
2008-06-13 21:19:07 +00:00
nekral-guest a70898fc28 * src/pwck.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
	* src/pwck.c: Cast number of days to a long integer.
	* src/pwck.c: Use the SCALE macro instead of (24L * 3600L)
	for the values to be set in /etc/shadow.
	* src/pwck.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of spent.sp_flag.
2008-06-13 21:16:01 +00:00
nekral-guest 186eef69dc * src/passwd.c: Ignore return value of time() when use with a
non NULL argument.
	* src/passwd.c: Cast number of days to a long integer.
2008-06-13 21:09:14 +00:00
nekral-guest c3a380ade8 * src/groupmod.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
	* src/groupmod.c:  Use a %lu format and cast group and user IDs to
	unsigned long integers.
	* src/groupmod.c: Cast the parsed GID/UID to a gid_t/uid_t.
2008-06-13 21:08:06 +00:00
nekral-guest 936bd6a191 * src/useradd.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
	* src/useradd.c: Cast the parsed GID/UID to a gid_t/uid_t.
	* src/useradd.c: The size argument of fgets is an int, not a
	size_t.
	* src/useradd.c: Cast number of days to a long integer.
	* src/useradd.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of spent.sp_flag.
	* src/useradd.c: Use a %lu format and cast group and user IDs to
	unsigned long integers.
2008-06-13 21:06:04 +00:00
nekral-guest 73d36f5ece Fix typo. 2008-06-13 21:02:26 +00:00
nekral-guest 00431d772e * src/su.c: fork() and waitpid() return a pid_t, not an int.
* src/su.c: Add brackets and parenthesis.
	* src/su.c: Ignore the return value of signal().
2008-06-13 21:02:07 +00:00
nekral-guest a22c7e731a * src/groupdel.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
2008-06-13 20:59:04 +00:00
nekral-guest 398cf8ee6f * src/expiry.c: Ignore the return value of signal(). 2008-06-13 20:57:20 +00:00
nekral-guest e50ff5c7b5 * src/newusers.c: Fix the check for GID/UID validity.
* src/newusers.c: Comment why we use both getgrgid() and
	gr_locate_gid().
	* src/newusers.c: Cast the parsed GID/UID to a gid_t/uid_t.
	* src/newusers.c: Cast the number of days to a long integer.
	* src/newusers.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of spent.sp_flag.
	* src/newusers.c: The size argument of fgets is an int, not a
	size_t.
2008-06-13 20:56:44 +00:00
nekral-guest 906e8c0001 * src/usermod.c: Cast dates to time_t, and number of days to a
long integer.
	* src/usermod.c: Cast UIDs and GIDs to uid_t and gid_t after
	checking the ranges.
	* src/usermod.c: The ID argument of audit_logger is an unsigned
	int.
	* src/usermod.c: read() returns a ssize_t.
	* src/usermod.c: Cast the return value of malloc and make sure it
	receives a size_t.
2008-06-13 20:40:04 +00:00
nekral-guest 2fa4cedb1e * src/logoutd.c: Ignore return value of time() when use with a
non NULL argument.
2008-06-13 20:34:46 +00:00
nekral-guest 47210d9a1a * src/pwconv.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of sp.sp_flag.
	* src/pwconv.c: Cast number of days to a long integer.
2008-06-13 20:33:38 +00:00
nekral-guest d1881d1b56 * src/gpasswd.c: The ID argument of audit_logger is an unsigned
int.
	* src/gpasswd.c: Ignore the return value of signal(). The signal
	handlers are only changed for the last steps of gpasswd, and there
	is no need to restore them.
2008-06-13 20:29:58 +00:00
nekral-guest 6713a2ce67 * src/userdel.c: The ID argument of audit_logger is an unsigned
int.
	* src/userdel.c: fork() and wait() return a pid_t, not an int.
2008-06-13 20:23:26 +00:00
nekral-guest f626317e90 * src/newgrp.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
	* src/newgrp.c: The ID argument of audit_logger is an unsigned
	int.
	* src/newgrp.c: Ignore the return value of signal() (the signal
	handlers are assumed to be the default one and are restored
	later).
	* src/newgrp.c: Do not checl if a pid_t is < 0, check if equal
	to (pid_t)-1.
2008-06-13 20:21:24 +00:00
nekral-guest 56327f6298 * libmisc/isexpired.c: Cast number of days to a long integer.
* libmisc/isexpired.c: Add brackets and parenthesis.
2008-06-13 20:12:03 +00:00
nekral-guest 7d05c4a2b0 * libmisc/copydir.c: Do not specify a size of arrays in the
prototypes.
	* libmisc/copydir.c: Use a size_t for the length of strings.
	* libmisc/copydir.c: Cast the return value of malloc().
	* libmisc/copydir.c: The size argument of write() is a size_t.
2008-06-13 20:10:53 +00:00
nekral-guest 232bcafd7c * libmisc/pwd2spwd.c: Cast number of days to a long integer.
* libmisc/pwd2spwd.c: Use SHADOW_SP_FLAG_UNSET for the initial
	value of sp.sp_flag.
2008-06-13 20:08:33 +00:00
nekral-guest c82cfebd5e * lib/defines.h: Include <config.h> since it uses the macro that
might be defined in this header file.
	* lib/defines.h: Prefer checking if HAVE_LOCALE_H or ENABLE_NLS
	are defined (rather than set to non 0).
	* lib/defines.h: The dummy implementations of bindtextdomain() and
	textdomain() should return a pointer. Return NULL instead of
	/* empty */
	* lib/defines.h: Define SHADOW_SP_FLAG_UNSET, to be used for the
	initialization of sp_flag field of the shadow structures.
	* lib/defines.h: Define LC_ALL, needed even if HAVE_LOCALE_H is
	not defined.
2008-06-13 20:05:51 +00:00
nekral-guest 07a6bcaa77 * libmisc/sulog.c: Ignore the return value of umask() when the
mask is restored.
	* libmisc/sulog.c: Add brackets.
	* libmisc/sulog.c: Ignore return value of time() when use with a
	non NULL argument.
2008-06-13 19:52:58 +00:00
nekral-guest fe0e4f635e * libmisc/log.c: Avoid assignments in comparisons.
* libmisc/log.c: Add brackets and parenthesis.
	* libmisc/log.c: read() returns a ssize_t (note size_t).
	* libmisc/log.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/log.c: Ignore return value of time() when use with a
	non NULL argument.
2008-06-13 19:50:49 +00:00
nekral-guest 815ffb7d3e * libmisc/strtoday.c: Avoid implicit conversion of pointers to
booleans.
	* libmisc/strtoday.c: Add brackets and parenthesis.
2008-06-13 19:48:11 +00:00
nekral-guest 7f8c48834f * libmisc/salt.c: Use a size_t for the size of strings instead of
unsigned int.
	* libmisc/salt.c: Add brackets and parenthesis.
	* libmisc/salt.c: Avoid assignments in comparisons.
2008-06-13 19:37:15 +00:00
nekral-guest 0a6ce91369 * libmisc/age.c: fork() and wait return a pid_t, not an int.
* libmisc/age.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/age.c: Avoid assignments in comparisons.
	* libmisc/age.c: Ignore the return value of printf(), puts(),
	fputs() and fflush().
	* libmisc/age.c: Add brackets and parenthesis.
	* libmisc/age.c: Cast the return value of time() to long and
	converted to a date.
2008-06-13 19:24:27 +00:00
nekral-guest 71dda8b648 * libmisc/rlogin.c: The size argument of read() is a size_t.
Propagate this time to the callers (the get_remote_string() and
	do_rlogin() functions).
	* libmisc/rlogin.c: Add brackets and parenthesis.
	* libmisc/rlogin.c: Avoid multi-statements lines.
	* libmisc/rlogin.c: Avoid assignments in comparisons.
	* libmisc/rlogin.c: Avoid implicit conversion of pointers to
	booleans.
2008-06-13 18:34:27 +00:00
nekral-guest 2296db3db6 * libmisc/failure.c: Avoid assignments in comparisons.
* libmisc/failure.c: read() returns a ssize_t.
	* libmisc/failure.c: Add brackets and parenthesis.
	* libmisc/failure.c: Ignore return value of time() when use with a
	non NULL argument.
2008-06-13 18:31:13 +00:00
nekral-guest 1e798b640d * libmisc/chowntty.c: Avoid assignments in comparisons.
* libmisc/chowntty.c: Avoid implicit conversion of pointers to
	booleans.
	* libmisc/chowntty.c: Add brackets and parenthesis.
2008-06-13 18:29:02 +00:00
nekral-guest e91899c0da * libmisc/audit_help.c: Add brackets. 2008-06-13 18:24:37 +00:00
nekral-guest 6099bda088 * libmisc/addgrps.c: Avoid implicit conversion of pointers to
booleans.
	* libmisc/addgrps.c: Add brackets.
2008-06-13 18:19:34 +00:00
nekral-guest 43e4d608ae * libmisc/utmp.c: Avoid implicit conversion of pointers to
booleans
+ add missing changelog from last commit.
2008-06-13 18:17:10 +00:00
nekral-guest ef32209fd7 * libmisc/console.c, libmisc/hushed.c, libmisc/yesno.c,
libmisc/loginprompt.c, libmisc/ttytype.c, libmisc/tz.c,
	src/login_nopam.c, src/chpasswd.c, src/chgpasswd.c, lib/port.c:
	The size argument of fgets is an int, not a size_t.
	* libmisc/loginprompt.c: Ignore the return value from signal()
	when the signal handlers are restored.
	* src/chpasswd.c: Cast the return value of time() to a long
	integer.
	* src/chpasswd.c: Use the SCALE macro instead of (24L * 3600L)
	for the values to be set in /etc/shadow.
2008-06-13 18:11:09 +00:00
nekral-guest 55b2e44814 Avoid implicit conversion of pointers to booleans. 2008-06-10 22:10:47 +00:00
nekral-guest 6bb86709ee Add brackets. 2008-06-10 22:10:21 +00:00
nekral-guest ce6dca81bc * src/pwck.c: Use a bool when possible instead of int integers.
* src/pwck.c: Avoid implicit conversion of integers to booleans.
2008-06-10 22:09:12 +00:00
nekral-guest d7ffaf94b1 * src/su.c: Use a bool when possible instead of int integers.
* src/su.c: Add brackets and parenthesis.
	* src/su.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/su.c: Ignore the return value of pam_end() before
	exiting.
	* src/su.c: Avoid assignments in comparisons.
	* src/su.c: Avoid multi-statements lines.
2008-06-10 22:07:51 +00:00
nekral-guest c573f432fe * lib/prototypes.h, libmisc/valid.c: Change the prototype of
valid() to return a bool.
	* libmisc/valid.c: Add parenthesis.
2008-06-10 21:52:34 +00:00
nekral-guest 7cb33ba636 Avoid implicit conversion of integer to boolean. 2008-06-10 20:34:25 +00:00
nekral-guest 182731d6eb * lib/commonio.c: Add brackets and parenthesis.
* lib/commonio.c: Check the result of fgets().
	* lib/commonio.c: Avoid implicit conversion of pointers to
	booleans.
2008-06-10 20:27:16 +00:00
nekral-guest f79fd32208 * lib/prototypes.h: Fix the prototypes to match earlier changes. 2008-06-10 20:02:47 +00:00
nekral-guest b3c68f1692 Fix typo. Compil fix. 2008-06-10 20:02:12 +00:00
nekral-guest ef1a2a82dd * lib/nscd.c: Include defines.h.
* lib/nscd.c: Always warn when the nscd cache cannot be flushed.
	* lib/nscd.c: Avoid assignments in comparisons.
	* lib/nscd.c: Ignore the return value of fputs() when printing
	errors.
2008-06-10 20:01:55 +00:00
nekral-guest 269d4c55dd * lib/port.c: Add brackets and parenthesis.
* lib/port.c: Change isttytime() prototype to return a bool.
	* lib/port.c: Ignore the return value of fclose () (file open
	read-only).
	* lib/port.c: Avoid multi-statements lines.
2008-06-10 19:59:26 +00:00
nekral-guest 91c8e1bf0d * src/id.c: Ignore the return value of fputs(), puts(), putchar(),
and printf().
	* src/id.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/id.c: Add brackets and parenthesis.
	* src/id.c: Avoid implicit conversion of pointers / integers
	to booleans.
2008-06-10 19:45:06 +00:00
nekral-guest c8626c09af * src/chsh.c: Use a bool when possible instead of int integers.
* src/chsh.c: restricted_shell() renamed is_restricted_shell().
	check_shell() renamed shell_is_listed().
	* src/chsh.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/chsh.c: Avoid implicit conversion of pointers / integers
	to booleans.
	* src/chsh.c: Ignore the return value of pam_end() before
	exiting.
2008-06-10 19:42:22 +00:00
nekral-guest cac7d1a495 * src/grpunconv.c: Use a bool when possible instead of int
integers.
	* src/grpunconv.c: Add brackets and parenthesis.
	* src/grpunconv.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/grpunconv.c: Avoid implicit conversion of pointers / integers
	to booleans.
2008-06-10 19:39:18 +00:00
nekral-guest 3cbda4157b * src/sulogin.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
	* src/sulogin.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/sulogin.c: Avoid assignments in comparisons.
	* src/sulogin.c: Ignore the return value of alarm().
2008-06-10 19:36:05 +00:00
nekral-guest 46ce06791a * src/groups.c: Use a bool when possible instead of int integers.
* src/groups.c: Add brackets and parenthesis.
	* src/groups.c: Avoid implicit conversion of pointers / integers
	to booleans.
	* src/groups.c: Avoid assignments in comparisons.
	* src/groups.c: Ignore the return value of putchar(), printf()
	* src/groups.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 19:29:54 +00:00
nekral-guest 462e8a3d90 re-indent. 2008-06-10 19:18:44 +00:00
nekral-guest cd9e4d1b2b * src/grpconv.c: Use a bool when possible instead of int integers.
* src/grpconv.c: Add brackets and parenthesis.
	* src/grpconv.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/grpconv.c: Avoid implicit conversion of pointers / integers
	to booleans.
2008-06-10 19:18:34 +00:00
nekral-guest e31af5f255 * src/faillog.c: Use a bool when possible instead of int integers.
* src/faillog.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/faillog.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/faillog.c: Add brackets and parenthesis.
2008-06-10 19:16:02 +00:00
nekral-guest a0dae7557c * src/login.c: Avoid multi-statements lines.
* src/login.c: Ignore the return value of pam_end() before
	exiting.
	* src/login.c: Use a bool when possible instead of int integers.
	* src/login.c: Add brackets and parenthesis.
	* src/login.c: Ignore the return values of fflush(), putchar(), puts().
	* src/login.c: Ignore the return value of fclose() for read-only
	files.
	* src/login.c: Avoid assignments in comparisons.
	* src/login.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 18:56:23 +00:00
nekral-guest 836bf643b0 * src/chage.c: Use a bool when possible instead of int integers.
* src/chage.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 17:56:53 +00:00
nekral-guest f9e4c7ca02 * src/groupadd.c: Use a bool when possible instead of int
integers.
	* src/groupadd.c: Add brackets and parenthesis.
	* src/groupadd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/groupadd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/groupadd.c: Ignore the return value of pam_end() before
	exiting.
2008-06-10 17:53:35 +00:00
nekral-guest a31782497c * src/pwck.c: Use a bool when possible instead of int integers.
* src/pwck.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 17:51:30 +00:00
nekral-guest 47f937ac13 * src/passwd.c: Use a bool when possible instead of int integers.
* src/passwd.c: Avoid assignments in comparisons.
	* src/passwd.c: Add brackets and parenthesis.
	* src/passwd.c: Avoid implicit conversion of pointers / integers /
	chars to booleans.
	* src/passwd.c: Move the "context_t c" declaration at the
	beginning check_selinux_access.
	* src/passwd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-10 17:50:21 +00:00
nekral-guest be8d08fda6 * src/groupmod.c: Use a bool when possible instead of int
integers.
	* src/groupmod.c: Avoid assignments in comparisons.
	* src/groupmod.c: Add brackets and parenthesis.
	* src/groupmod.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/groupmod.c: Use a %lu format to print GIDs, and cast the GID
	to (unsigned long int).
	* src/groupmod.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/groupmod.c: Ignore the return value of pam_end() before
	exiting.
2008-06-10 17:45:08 +00:00
nekral-guest 7dea133b55 * src/su.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
2008-06-09 22:28:16 +00:00
nekral-guest 63f0e5e2c0 * src/useradd.c: Use a bool when possible instead of int integers.
* src/useradd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/useradd.c: Add brackets and parenthesis.
	* src/useradd.c: Avoid assignments in comparisons.
	* src/useradd.c: Ignore the return value of fclose() for read-only
	files.
	* src/useradd.c: Ignore the return value of fflush() before
	closing the files.
	* src/useradd.c: Avoid multi-statements lines.
	* src/useradd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/useradd.c: Ignore the return value of pam_end() before
	exiting.
2008-06-09 22:08:08 +00:00
nekral-guest fdb577e0a0 * src/vipw.c: Use a bool when possible instead of int integers.
* src/vipw.c: Ignore the return value of umask(), when the mask is
	set again to the old value.
	* src/vipw.c: Avoid implicit conversion of pointers / integers to
	booleans.
	* src/vipw.c: Add brackets and parenthesis.
	* src/vipw.c: Avoid assignments in comparisons.
	* src/vipw.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/vipw.c: Add missing termination of the longopts parameter
	for getopt_long().
2008-06-09 21:18:28 +00:00
nekral-guest 45544f42b9 * src/chgpasswd.c: Use a bool when possible instead of int
integers.
	* src/chgpasswd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/chgpasswd.c: Avoid implicit conversion of integers to
	booleans.
2008-06-09 20:56:03 +00:00
nekral-guest 0452fa2458 * src/groupdel.c: Use a bool when possible instead of int
integers.
	* src/groupdel.c: Avoid implicit conversion of pointers / integers to
	booleans.
	* src/groupdel.c: Avoid assignments in comparisons.
	* src/groupdel.c: Ignore the return value of pam_end() before
	exiting.
	* src/groupdel.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 20:54:04 +00:00
nekral-guest 2b92b0f305 * src/expiry.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
	* src/expiry.c: Add brackets and parenthesis.
	* src/expiry.c: Avoid assignments in comparisons.
	* src/expiry.c: Avoid implicit conversion of pointers to booleans.
2008-06-09 20:36:24 +00:00
nekral-guest e43c3aed67 Add brackets and parenthesis. 2008-06-09 20:32:17 +00:00
nekral-guest 6aa98c17bd * src/pwunconv.c: Use a bool when possible instead of int
integers.
	* src/pwunconv.c: Add brackets and parenthesis.
	* src/pwunconv.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/pwunconv.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/pwunconv.c: Avoid assignments in comparisons.
2008-06-09 20:30:34 +00:00
nekral-guest a9f1ce0db1 * src/usermod.c: Use a bool when possible instead of int integers.
* src/usermod.c: Add brackets and parenthesis.
	* src/usermod.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/usermod.c: Avoid assignments in comparisons.
	* src/usermod.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/usermod.c: Ignore the return value of pam_end() before
	exiting.
2008-06-09 20:17:48 +00:00
nekral-guest d48973bbc8 * src/groupmems.c: Move the declaration of option_index and
long_options before the blocks of code.
	* src/groupmems.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/groupmems.c: Ignore the return value of pam_end() before
	exiting.
2008-06-09 20:09:38 +00:00
nekral-guest 3879f07fa8 * src/chfn.c: Use a bool when possible instead of int integers.
* src/chfn.c: Avoid implicit conversion of integers / chars to
	booleans.
	* src/chfn.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 20:05:13 +00:00
nekral-guest 3ea7f76c17 * src/logoutd.c: Use a bool when possible instead of int integers.
* src/logoutd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/logoutd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/logoutd.c: Add brackets and parenthesis.
2008-06-09 20:02:46 +00:00
nekral-guest 827f8882bc * src/chpasswd.c: Use a bool when possible instead of int
integers.
	* src/chpasswd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/chpasswd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:46:11 +00:00
nekral-guest 24a7015f64 * src/pwconv.c: Use a bool when possible instead of int integers.
* src/pwconv.c: Add brackets and parenthesis.
	* src/pwconv.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/pwconv.c: Avoid implicit conversion of pointers / integers /
	chars to booleans.
2008-06-09 19:43:22 +00:00
nekral-guest 2a267ca05f * NEWS, src/newusers.c: Implement the -r, --system option.
* src/newusers.c: Use a bool when possible instead of int
	integers.
	* src/newusers.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/newusers.c: Ignore the return value of pam_end() before
	exiting.
	* src/newusers.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/newusers.c: Avoid multi-statements lines.
	* src/newusers.c: Add brackets and parenthesis.
2008-06-09 19:36:08 +00:00
nekral-guest e41460cae5 * src/gpasswd.c: Use a bool when possible instead of int integers.
* src/gpasswd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/gpasswd.c: Ignore the return value of putchar() and fflush()
	before exiting.
	* src/gpasswd.c: check_list() renamed is_valid_user_list(), and
	return a bool.
	* src/gpasswd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:26:19 +00:00
nekral-guest 5e2b49dad4 * src/grpck.c: Use a bool when possible instead of int integers.
* src/grpck.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:20:00 +00:00
nekral-guest 5038f6687b * src/lastlog.c: Use a bool when possible instead of int integers.
* src/lastlog.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/lastlog.c: Add brackets and parenthesis.
	* src/lastlog.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:15:27 +00:00
nekral-guest 8b98a2e829 * src/userdel.c: Use a bool for the is_shadow_pwd, is_shadow_grp,
deleted_user_group, was_member, was_admin, and the
	options' flags.
	* src/userdel.c: Change path_prefix() prototype to return a bool.
	* src/userdel.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/userdel.c: Ignore the return value from pam_end() since we
	are exiting anyway just afterwards.
	* src/userdel.c: Avoid implicit conversion of pointers /
	integers / chars to booleans.
	* src/userdel.c: Add brackets and parenthesis.
	* src/userdel.c: Avoid assignments in comparisons.
	* src/userdel.c: Do not ignore the return value of the *_unlock()
	functions.
2008-06-09 19:10:44 +00:00
nekral-guest 46466a8fcc * src/login_nopam.c: Do not use the YES and NO macros. Use the
booleans true and false instead. Change the prototypes of
	list_match(), user_match(), from_match(), and string_match()
	accordingly. Also use booleans internally.
	* src/login_nopam.c: Add brackets and parenthesis.
	* src/login_nopam.c: Avoid implicit conversion of pointers /
	integers / chars to booleans.
	* src/login_nopam.c: Avoid assignments in comparisons.
2008-06-09 18:35:32 +00:00
nekral-guest 4e0d734598 * src/newgrp.c: Use a bool for is_newgrp, notfound, needspasswd,
initflag, and cflag.
	* src/newgrp.c: Add brackets and parenthesis.
	* src/newgrp.c: Avoid implicit conversion of pointers / integers /
	chars to booleans.
	* src/newgrp.c: Avoid multi-statements lines.
	* src/newgrp.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/newgrp.c: Avoid assignments in comparisons.
2008-06-09 18:23:23 +00:00
nekral-guest 8cfe8db1fb * libmisc/list.c: Change is_on_list() prototype to return a bool. 2008-06-09 18:13:52 +00:00
nekral-guest 5ae74603da * libmisc/find_new_ids.c: Change find_new_uid() and find_new_gid()
prototypes to use a bool for their first argument (sys_user /
	sys_group).
2008-06-09 18:13:09 +00:00
nekral-guest 747664ad4f * libmisc/console.c: Change is_listed() prototype to return a bool.
The default parameter should also be a bool.
	* libmisc/console.c: Add brackets and parenthesis.
	* libmisc/console.c: Avoid assignments in comparisons.
	* libmisc/console.c: Change console() prototype to return a bool.
2008-06-09 18:11:20 +00:00
nekral-guest 9e31065b5e * lib/sgetspent.c: Add brackets and parenthesis.
* lib/sgetspent.c: Avoid assignments in comparisons.
	* lib/sgetspent.c: Avoid implicit conversion of pointers / chars to booleans.
	* lib/sgetspent.c: Avoid multi-statements lines.
2008-05-26 09:39:29 +00:00
nekral-guest 004fb5f9c2 Avoid assignments in comparisons.
Add note about possible bug.
2008-05-26 09:22:44 +00:00
nekral-guest da62edb4e0 Do not check twice if fields[2] and fields[3] are not empty. 2008-05-26 09:17:17 +00:00
nekral-guest adc4729ffa * lib/sgetpwent.c: Avoid implicit conversion of pointers / chars to booleans.
* lib/sgetpwent.c: Add brackets and parenthesis.
	* lib/sgetpwent.c: Return NULL instead of 0.
2008-05-26 09:15:02 +00:00
nekral-guest 64d0313c5b * Avoid implicit conversion of pointers to booleans.
* Add parenthesis.
2008-05-26 09:12:34 +00:00
nekral-guest 94b414861d * libmisc/getdate.y: abbrev is a bool.
* libmisc/getdate.y: Avoid implicit conversion of pointers / chars / integers to booleans.
2008-05-26 08:59:54 +00:00
nekral-guest 9305161183 * lib/prototypes.h: Fix prototypes according to earlier changes (usage of the bool type).
* lib/prototypes.h: Add the arguments' name to the prototypes.
2008-05-26 08:56:34 +00:00
nekral-guest 297fa24b90 Add protection against multiple inclusions. 2008-05-26 08:53:56 +00:00
nekral-guest 3ca3362283 Indicate that defines.h is included for the definition of the "bool" type. 2008-05-26 08:52:34 +00:00
nekral-guest 4f38c8d201 The changed, isopen, locked, and readonly fields of the db are booleans. 2008-05-26 08:51:45 +00:00
nekral-guest 964f68630a * lib/pwio.h: Add protection against multiple inclusions.
* lib/pwio.c: The changed, isopen, locked, and readonly fields of the db are booleans.
2008-05-26 08:49:44 +00:00
nekral-guest caed1add3a * lib/sgroupio.c: Avoid assignments in comparisons.
* lib/sgroupio.c: Add brackets.
	* lib/sgroupio.c: Avoid implicit conversion of pointers / integers to booleans.
	* lib/sgroupio.c: The changed, isopen, locked, and readonly fields of the db are booleans.
	* lib/sgroupio.h, lib/sgroupio.c: sgr_file_present returns a bool.
	* lib/sgroupio.h: Add protection against multiple inclusions.
2008-05-26 08:46:41 +00:00
nekral-guest 77020623ed * lib/shadowio.h, lib/shadowio.c: spw_file_present returns a bool.
* lib/shadowio.h: Add protection against multiple inclusions.
2008-05-26 08:45:34 +00:00
nekral-guest d264017684 * lib/sgroupio.c: Avoid assignments in comparisons.
* lib/sgroupio.c: Add brackets.
	* lib/sgroupio.c: Avoid implicit conversion of pointers / integers to booleans.
	* lib/sgroupio.c: The changed, isopen, locked, and readonly fields of the db are booleans.
	* lib/sgroupio.h, lib/sgroupio.c: sgr_file_present returns a bool.
	* lib/sgroupio.h: Add protection against multiple inclusions.
2008-05-26 08:43:50 +00:00
nekral-guest 383ea561f8 * lib/gshadow.c: nis_used and nis_bound are booleans.
* lib/gshadow.c: Avoid implicit conversion of pointers / integers to booleans.
	* lib/gshadow.c: Avoid assignments in comparisons.
	* lib/gshadow.c: Add brackets.
2008-05-26 08:40:04 +00:00
nekral-guest ef5e803875 Add protection against multiple inclusion 2008-05-26 08:35:13 +00:00
nekral-guest 22de221c21 The changed, isopen, locked, and readonly fields of the db are booleans. 2008-05-26 08:34:04 +00:00
nekral-guest 6f88bcf581 * lib/sgetgrent.c: implicit conversion of pointers / chars to booleans.
* lib/sgetgrent.c: Avoid assignments in comparisons.
	* lib/sgetgrent.c: Add brackets.
2008-05-26 08:31:14 +00:00
nekral-guest 6ce26e12f5 * lib/encrypt.c: Avoid implicit conversion of pointers to booleans.
* lib/encrypt.c: Add parenthesis.
2008-05-26 01:07:13 +00:00
nekral-guest 09869159f7 * lib/port.c: Avoid implicit conversion of pointers / integers / chars to booleans.
* lib/port.c: Avoid multiple statement on the same line.
	* lib/port.c: Add brackets and parenthesis.
	* lib/port.c: Avoid assignments in comparisons.
	* lib/port.c: Fix typo comparision -> comparison (in comment).
2008-05-26 01:05:04 +00:00
nekral-guest 14839257ac * lib/fputsx.c: Add brackets.
* lib/fputsx.c: Avoid assignments in comparisons.
	* lib/fputsx.c: Avoid implicit conversion of pointers / integers / chars to booleans.
2008-05-26 00:59:42 +00:00
nekral-guest f16c6bd7dd * lib/commonio.h: commonio_entry.changed, commonio_db.changed, commonio_db.isopen, commonio_db.locked, and commonio_db.readonly are no booleans.
* lib/commonio.h: Include defines.h to get the definition of bool.
	* lib/commonio.h: commonio_present returns a bool
	* lib/commonio.c: Implement above changes.
	* lib/commonio.c: add argument names in prototypes.
	* lib/commonio.c: name_is_nis returns a bool.
	* lib/commonio.c: nscd_need_reload is a bool.
	* lib/commonio.c: Improve types (use size_t / pid_t when needed instead of int).
	* lib/commonio.c: Avoid assignments in comparisons.
	* lib/commonio.c: Add brackets and parenthesis.
	* lib/commonio.c: Avoid implicit conversion of pointers / integers to booleans
	* lib/commonio.c: The return values of utime is not checked on purpose.
2008-05-26 00:46:25 +00:00
nekral-guest a24aff2148 checkutmp is implemented twice. I only changed the second one. Now fix the
first one.
2008-05-26 00:26:33 +00:00
nekral-guest fc6d8e933b * libmisc/isexpired.c: ARGSUSED is no more needed (shadow is always supported).
* libmisc/isexpired.c: Avoid implicit conversion of pointers to booleans.
	* libmisc/isexpired.c: Add brackets and parenthesis.
2008-05-26 00:14:10 +00:00
nekral-guest c6364944d4 * libmisc/sulog.c (sulog): The success argument is a bool.
* libmisc/sulog.c: The return values of fflush is not checked on purpose.
	* libmisc/sulog.c: Indicate that some return values should be checked.
2008-05-26 00:09:24 +00:00
nekral-guest 70ef747a56 Updated copyright dates. 2008-05-26 00:04:30 +00:00
nekral-guest 3d7aa44c8e * libmisc/ttytype.c: Avoid implicit conversion of pointers / integers to booleans.
* libmisc/ttytype.c: Avoid assignments in comparisons.
	* libmisc/ttytype.c: Add brackets and parenthesis.
	* libmisc/ttytype.c: The return values of fclose is not checked on purpose.
2008-05-26 00:02:15 +00:00
nekral-guest c249832df1 * libmisc/mail.c: Avoid implicit conversion of pointers to booleans.
* libmisc/mail.c: Avoid assignments in comparisons.
2008-05-25 23:59:05 +00:00
nekral-guest 3169455653 * libmisc/loginprompt.c: Avoid implicit conversion of pointers / chars to booleans.
* libmisc/loginprompt.c: Add brackets.
	* libmisc/loginprompt.c: Avoid assignments in comparisons.
	* libmisc/loginprompt.c: The return values of fclose and fflush are not checked on purpose.
2008-05-25 23:57:41 +00:00
nekral-guest f7122499a6 Avoid implicit conversion of chars to booleans. 2008-05-25 23:50:03 +00:00
nekral-guest cc7ac94641 selinux_checked, selinux_enabled, and set_orig are now booleans. 2008-05-25 23:45:21 +00:00
nekral-guest 7f9dfde0dc * libmisc/setugid.c (setup_uid_gid): The is_console argument is now a bool.
* libmisc/setugid.c: Avoid implicit conversion of integers / pointers to booleans.
	* libmisc/setugid.c: Add brackets.
2008-05-25 23:42:39 +00:00
nekral-guest 2533c87bd6 * libmisc/setugid.c (setup_uid_gid): The is_console argument is no a bool.
* libmisc/setugid.c: Avoid implicit conversion of integers / pointers to booleans.
	* libmisc/setugid.c: Add brackets.
2008-05-25 23:39:59 +00:00
nekral-guest 6fef9f5178 * libmisc/pam_pass.c (do_pam_passwd): The silent and
change_expired are no booleans instead of int.
	* libmisc/pam_pass.c: The return value of pam_end is not checked
	on purpose.
2008-05-25 23:38:05 +00:00
nekral-guest f9ac07f455 Updated copyright dates. 2008-05-25 23:32:41 +00:00
nekral-guest 175e361a4d Updated copyright dates. 2008-05-25 23:31:10 +00:00
nekral-guest 53bedaa4c1 * libmisc/getlong.c: Avoid implicit conversion of pointers / chars to booleans.
* libmisc/getlong.c: Add brackets.
2008-05-25 23:25:33 +00:00
nekral-guest 1ebf7842f5 * libmisc/valid.c: Avoid implicit conversion of pointers /chars to booleans.
* libmisc/valid.c: Add brackets.
2008-05-25 23:22:15 +00:00
nekral-guest f14452ec3c * libmisc/yesno.c: yes_or_no returns a bool instead of int.
* libmisc/yesno.c: Avoid implicit conversion of pointers to booleans.
	* libmisc/yesno.c: The return value of fflush is not checked on purpose.
2008-05-25 23:01:14 +00:00
nekral-guest 78c0edb7c1 (failcheck): The failed argument is a bool. 2008-05-25 22:54:20 +00:00
nekral-guest f2b4efff20 Avoid implicit conversion of integers to booleans. 2008-05-25 22:51:46 +00:00
nekral-guest 11003f5842 * libmisc/rlogin.c: Avoid assignments in comparisons.
* libmisc/rlogin.c: Avoid implicit conversion of integers to booleans.
	* libmisc/rlogin.c: Add brackets.
2008-05-25 22:49:41 +00:00
nekral-guest c638c3cc3d * libmisc/failure.c (failcheck): The failed argument is a bool.
* libmisc/failure.c (too_many_failures): too_many_failures returns
	a bool.
	* libmisc/failure.c: Add notes about unchecked return values.
	* libmisc/failure.c: Avoid assignments in comparisons.
	* libmisc/failure.c: Add brackets.
2008-05-25 22:44:44 +00:00
nekral-guest a2982f0d4e * libmisc/myname.c: Avoid assignments in comparisons.
* libmisc/myname.c: Avoid implicit conversion of pointers / chars
	to booleans.
	* libmisc/myname.c: Add brackets.
2008-05-25 22:15:28 +00:00
nekral-guest 639b2bd8e5 2008-05-25 22:14:19 +00:00
nekral-guest 7069324a20 * libmisc/utmp.c (checkutmp): Change picky argument's type to
bool.
	* libmisc/utmp.c: Use bool when possible (found_utmpx,
	found_utmp).
	* libmisc/utmp.c: Add note about unchecked return values.
2008-05-25 22:11:12 +00:00
nekral-guest 9d331bb32b * Change type of added to bool.
* Avoid implicit conversion of pointers to booleans.
2008-05-25 22:03:09 +00:00
nekral-guest bc0657d13c * hushed returns a bool instead of int.
* Avoid assignments in comparisons.
* (hushed) Change type of found to bool.
* Add brackets.
* Always check if the user or the shell is in
  the file. Do not check the first character of the line first. This
  is simpler and match better with the HUSHLOGIN_FILE documentation.
2008-05-25 21:52:14 +00:00
nekral-guest 712ed48a62 * lib/getdef.h, lib/getdef.c: getdef_bool returns a bool instead
of int.
	* lib/getdef.c: Change typo of def_loaded to bool.
	* lib/getdef.c: Add brackets.
	* lib/getdef.c: Avoid assignment in comparisons.
2008-05-25 21:43:05 +00:00
nekral-guest 66afec21d1 Allow usage of booleans in the source. 2008-05-25 21:34:38 +00:00
nekral-guest b94825bbad * is_my_tty returns a bool.
* Avoid implicit conversion of integers to booleans.
* Add brackets.
2008-05-25 21:33:38 +00:00
nekral-guest 06d2a32a3e * Avoid assignment in comparisons, implicit comparison of integers to booleans.
* The return value of closedir is not checked on purpose.
* Add brackets.
2008-05-25 21:23:28 +00:00
nekral-guest 623d9e2ab3 * libmisc/chkname.h, libmisc/chkname.c: check_group_name (resp.
check_user_name) renamed to is_valid_user_name (resp.
	is_valid_group_name). is_valid_user_name and is_valid_group_name
	return a bool.
	* src/grpck.c, src/newusers.c, src/usermod.c, src/useradd.c,
	src/groupmod.c, src/pwck.c, src/groupadd.c: Use is_valid_user_name
	and is_valid_group_name, following above change.
	* libmisc/chkname.c: Avoid implicit conversion of chars to
	booleans. Add brackets and parenthesis.
2008-05-25 20:58:16 +00:00
nekral-guest cb8d416b37 Avoid implicit conversion of integers / pointers to booleans. 2008-05-25 20:41:13 +00:00
nekral-guest de9bee0354 Avoid implicit conversion of integers / pointers to booleans. 2008-05-25 20:39:31 +00:00
nekral-guest ae75a8c0c1 Allow usage of booleans in the source. 2008-05-25 20:37:51 +00:00
nekral-guest 8098f63998 Allow --disable-man and --enable-man=no. 2008-05-25 20:30:45 +00:00
nekral-guest 2303ddd0de Set the version to 4.1.2. 2008-05-24 23:15:47 +00:00
nekral-guest b5b636b8b7 Prepare the 4.1.2 release
* NEWS: set the release date.
	* man/po/*.po, po/*.po: Updated PO files.
2008-05-24 23:03:24 +00:00
nekral-guest a665e829ae Run msgmerge with --previous. (This requires gettext >= 0.16) 2008-05-24 22:58:21 +00:00
nekral-guest 6124b59aff * libmisc/copydir.c (remove_tree): As we always use remove_tree
followed by rmdir to remove the directory itself, delete also the
	root directory in remove_tree.
	* src/userdel.c, src/usermod.c: Do not call rmdir after
	remove_tree.
2008-05-24 15:35:15 +00:00
nekral-guest 9c41a8ad38 * libmisc/fields.c: Avoid assignments in comparisons, assignments
with post increments (x++), use of integers as booleans, and
	explicitly mark blocks with brackets.
	* libmisc/copydir.c: Likewise.
	* libmisc/fields.c: Add comments.
	* libmisc/copydir.c: Mark function whose return value is not
	checked as such.

	* libmisc/copydir.c (remove_tree): Make sure unlink is successful
	when removing files.
2008-05-24 15:19:02 +00:00
nekral-guest cda1f9a23d Simply passwd_check since it's never used when configured with PAM support. 2008-05-24 14:11:31 +00:00
nekral-guest 0219d72f48 * libmisc/list.c: Avoid assignments in comparisons, assignments
with post increments (x++), use of integers as booleans, and
	explicitly mark blocks with brackets.
2008-05-24 14:09:35 +00:00
nekral-guest d99423405c Fix compiler warnings:
* libmisc/audit_help.c: Include prototypes.h to get the prototype
	of audit_help_open.
	* libmisc/salt.c: Use booleans instead of negating integers.
	* src/passwd.c: Declare the check_selinux_access prototype and
	avoid name clashes (change_user -> changed_user; change_uid ->
	changed_uid; access -> requested_access)
2008-05-24 13:08:58 +00:00
nekral-guest eeb9592ded Use fputs rather than fprintf for constant strings. 2008-05-23 20:55:11 +00:00
nekral-guest 0120fc10e1 Added TODO items. 2008-05-23 20:47:45 +00:00
nekral-guest b9ac46305f Indicate that login should be executed with "exec login" if called from a shell. 2008-05-21 18:58:06 +00:00
nekral-guest ec9e63b7de Remove the advices for the choice of a good password (they are debatable). Point to http://en.wikipedia.org/wiki/Password_strength instead. 2008-05-21 18:25:48 +00:00
nekral-guest a917ba4fb9 *** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
  chgpasswd; and also passwd if configured without PAM support).
  The number of rounds and number of salt bytes was fixed to their lower
  allowed values (resp. configurable and 8), hence voiding some of the
  advantages of this encryption method. Dictionary attacks with
  precomputed tables were easier than expected, but still harder than with
  the MD5 (or DES) methods.

	* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
	overflow. These caused the SHA salt size to always be 8 bytes,
	instead of being in the 8-16 range. Thanks to Peter Vrabec
	pvrabec@redhat.com for noticing.
	* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
	seedRNG instead of srand, and fix the same overflow. This caused
	the number of rounds to always be the smallest one.
2008-05-20 13:34:06 +00:00
nekral-guest 9c69fe73b1 Tag the section which require --enable-shadowgrp or --with-sha-crypt
accordingly.
2008-05-19 22:18:14 +00:00
nekral-guest 63228ac1c6 SHA_CRYPT_MAX_ROUNDS and SHA_CRYPT_MIN_ROUNDS can only exist if configured with --with-sha-crypt. 2008-05-19 21:57:48 +00:00
nekral-guest a071d72e48 Document the -k, --skel option, and update the -m, --create-home documentation. 2008-05-19 21:32:19 +00:00
nekral-guest 7ab3a97dfe Sort options. 2008-05-19 21:04:34 +00:00
nekral-guest ae7aeda621 SHA_CRYPT_MAX_ROUNDS and SHA_CRYPT_MIN_ROUNDS can
only exist if configured with --with-sha-crypt.
2008-05-19 20:59:51 +00:00
nekral-guest 0d6b2221ab SHA_CRYPT_MAX_ROUNDS and SHA_CRYPT_MIN_ROUNDS can
only exist if configured with --with-sha-crypt.
2008-05-19 20:58:59 +00:00
nekral-guest 337a97ceab Document the sections closed by #endif 2008-05-19 20:56:48 +00:00
nekral-guest 461d69522f * NEWS, man/groupadd.8.xml: Document the -r, --system option.
* NEWS, man/newusers.8.xml: Document the -r, --system option.
	* NEWS, man/newusers.8.xml: Document the -c, --crypt-method and
	-s, --sha-rounds options.
2008-05-19 20:53:12 +00:00
nekral-guest 537496c019 Fix formatting. 2008-05-19 20:31:48 +00:00
nekral-guest 300f7416c4 Document the -r, --system option. 2008-05-19 19:43:24 +00:00
nekral-guest 243809af3a Fix typo. 2008-05-18 16:38:13 +00:00
nekral-guest 3fed00196c Import Debian patch 487_passwd_chauthtok_failed_message
* libmisc/pam_pass.c: Be more verbose and indicate that the
	password was not changed when pam_chauthtok fails (in addition to
	the PAM error, which may not be comprehensible for the users).
2008-05-18 15:06:51 +00:00
nekral-guest fb4271bdf9 Import Debian patch 434_login_stop_checking_args_after--
* NEWS, src/login.c (check_flags): Stop checking the arguments
	after --. The later options will be sent to the shell, and do not
	need to be checked.
2008-05-18 14:54:35 +00:00
nekral-guest 6a17c2b27f * src/vipw.c, src/su.c, src/newgrp.c: Harmonize the children's
SIGSTOP handling. Raise the signal which stopped the child instead
	of always SIGSTOP.

	Import Debian patch 406_vipw_resume_properly.
	Thanks to Dean Gaudet.
	* NEWS, src/vipw.c: Resume properly after ^Z.
2008-05-18 13:41:56 +00:00
nekral-guest c7302b61ef Make sure every source files are distributed with a copyright and license.
Files with no license use the default 3-clauses BSD license. The copyright
were mostly not recorded; they were updated according to the Changelog.
"Julianne Frances Haugh and contributors" changed to "copyright holders
and contributors".
2008-04-27 00:40:09 +00:00
nekral-guest 8a8072a563 If the SULOG_FILE does not exist when an su session is logged, make sure
the file is created with group root, instead of using the group of the
caller.
2008-04-27 00:27:59 +00:00
nekral-guest 4196525702 Allow non-US-ASCII characters in the GECOS fields ("name", "room number",
and "other info" fields).
2008-04-27 00:24:49 +00:00
nekral-guest 4d7d6a1a9f Fix build failure when configured with audit support. Thanks to Mike
Frysinger for reporting it.
2008-04-16 22:04:46 +00:00
nekral-guest 2542732a0c Fix ident. 2008-04-16 22:03:43 +00:00
nekral-guest 7baffa5e74 Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
  getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
  group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
  is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
  src/groups.c: Make sure to close
  the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
  called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
2008-04-16 21:52:46 +00:00
nekral-guest 10ebb14481 Fix typo. 2008-04-16 21:24:14 +00:00
nekral-guest 8e82ae234e Also fix the detection of the pam and selinux features:
Fail if the feature is requested but the library (or
header file) could not be found. If nothing is specified, enable
the feature only if we can find the library (or header file).
2008-04-16 21:18:20 +00:00
nekral-guest 17cb7c754e Document --with-selinux as "yes if found" rather than "autodetected" for consistency with other options. 2008-04-16 20:16:43 +00:00
nekral-guest 70bf7cca33 Fix the detection of the audit library and header file. 2008-04-16 20:09:03 +00:00
nekral-guest f89cf0cf20 * NEWS, etc/pam.d/Makefile.am: Add chfn, chsh, and userdel to
$(pamd_files). Remove the duplicate useradd. And sort
  alphabetically. Thanks to Mark Rosenstand  <mark@borkware.net>.
* NEWS: Prepare next release, 4.1.2.
2008-04-04 18:50:22 +00:00
nekral-guest 1dd0a7e836 Commit the PO and POTs released with 4.1.1. 2008-04-03 20:27:37 +00:00
nekral-guest 1de80f9457 * NEWS, configure.in: Prepare release 4.1.1
* NEWS: Fix the release date of 4.1.0. Was in 2007, not 2008.
2008-04-02 21:55:27 +00:00
nekral-guest b345316e49 Update according to the file under review. Thanks to Jean-Luc Coulon. 2008-04-02 21:54:23 +00:00
nekral-guest e8a2633984 Add TODO items for SELINUX. 2008-04-02 21:42:04 +00:00
bubulle 5c9143c432 German translation update 2008-04-01 19:01:16 +00:00
bubulle 9dda0ada5f Basque translation update 2008-03-31 17:54:52 +00:00
nekral-guest 57144e2820 updated to 360t71f. Thanks to Leandro Azevedo <leorock182@gmail.com>. 2008-03-30 12:52:57 +00:00
bubulle d7a926d69a Turkish translation update 2008-03-30 12:18:40 +00:00
nekral-guest 0a5fad05a8 updated to 431t. Thanks to Clytie Siddall 2008-03-30 12:06:33 +00:00
nekral-guest ad135f478a Updated Swedish translation. Thanks to Daniel Nylander. 2008-03-30 11:54:19 +00:00
nekral-guest f2b518a31f Updated to 431t. Thanks to helix84 <helix84@centrum.sk>. 2008-03-28 23:23:41 +00:00
bubulle 231bb00904 Italian translation update 2008-03-27 18:54:34 +00:00
nekral-guest f7a256fc19 * src/passwd.c, NEWS: Make SE Linux tests more strict, when the
real UID is 0 SE Linux checks will be performed. Thanks to
 Russell Coker  <russell@coker.com.au>
* TODO: Added entries regarding SE Linux.
2008-03-26 22:00:50 +00:00
nekral-guest eca5208c20 Added TODO entries. 2008-03-26 21:44:50 +00:00
bubulle 9a6f0d3969 Russian translation update 2008-03-24 18:34:04 +00:00
bubulle fed294e11e Updated Korean and Portuguese translations 2008-03-23 08:39:58 +00:00
nekral-guest 04af9cb9f8 Fix manpages generation. The SYS_GID_MAX and SYS_UID_MAX entities were not defined. 2008-03-17 23:07:04 +00:00
nekral-guest 32b424e507 Fix minor compilation warning (assignment used as a comparison). 2008-03-17 23:05:59 +00:00
nekral-guest d94602add8 login_access() is used in src/login.c, and defined in src/login_nopam.c
(which lacks a prototype). Move its prototype from src/login.c to
lib/prototypes.h.
2008-03-17 23:04:46 +00:00
nekral-guest e33e2b7d79 Compilation fix. gshadow_locked should only be used if SHADOWGRP is defined. 2008-03-17 23:02:23 +00:00
nekral-guest 78c59b7261 Fix some warnings. compare_members_lists() is only used if SHADOWGRP is defined. 2008-03-17 23:00:49 +00:00
nekral-guest 8377303981 Remove unused global variable. 2008-03-08 23:52:50 +00:00
nekral-guest a8a614c515 * NEWS, src/groupmod.c: Make sure the passwd, group, and gshadow
files are unlocked on exit. Unlock locked files in fail_exit().
  Prefer fail_exit() over exit().
* NEWS, src/groupmod.c: When the GID of a group is changed, update
  also the GID of the passwd entries of the users whose primary
  group is the group being modified.
2008-03-08 23:01:49 +00:00
nekral-guest b1a0769d3d * lib/commonio.c (commonio_remove): Fail when the name to be
removed is used by different entries (like commonio_update does).
* NEWS: This fix the behavior of groupdel when the system is not
  configured to support split group but different group entries
  have the name of the group to be deleted.
2008-03-08 22:52:44 +00:00
nekral-guest 1b808e62df Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Unlock locked files in fail_exit(). Prefer fail_exit() over exit().
2008-03-08 22:44:53 +00:00
nekral-guest 5af8a5d74d * NEWS, src/groupdel.c: Make sure the group, and gshadow files are
unlocked on exit. Add function fail_exit(). Use fail_exit()
	instead of exit().
	* src/groupdel.c: Fail immediately instead of increasing errors.
	Better handling of error cases, like locked group or gshadow file.
2008-03-08 21:13:54 +00:00
nekral-guest d1290c0d5d Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Add function fail_exit(). Use fail_exit() instead of exit().
2008-03-08 21:04:31 +00:00
nekral-guest bded00fd11 Make sure the group and gshadow files are unlocked on exit. Add function fail_exit(). 2008-03-08 20:54:54 +00:00
nekral-guest a2242f6f1b Do not rewrite the group and gshadow file in case of error. 2008-03-08 16:23:22 +00:00
nekral-guest 9e07fec6ba Do not log that the group was deleted if an error occurred. 2008-03-08 16:20:55 +00:00
nekral-guest d44f1dfeca Do not raise an error if the group does not exist in the gshadow file. 2008-03-08 16:17:07 +00:00
nekral-guest 987d853aa9 Document MAX_MEMBERS_PER_GROUP. 2008-03-08 16:05:30 +00:00
nekral-guest e0579449d8 Fix typo 2008-03-07 20:46:47 +00:00
nekral-guest 1b2618d688 * src/newgrp.c: Add missing end of line in message.
* src/newgrp.c: Add audit events for the authentication
  (AUDIT_GRP_AUTH). Thansk to Peter Vrabec.
2008-03-07 20:21:15 +00:00
nekral-guest 6ea65c8992 Only reset the entries of existing users with faillog -r (not all numeric
IDs starting from 0). Thanks to Peter Vrabec.
2008-03-05 00:10:25 +00:00
nekral-guest 52cfc3372b Fix typo. One "can't open" message is a "can't lock". 2008-03-04 23:53:00 +00:00
nekral-guest 528346cb3b When a password is moved to the gshadow file, use "x" instead of "x"
to indicate that the password is shadowed (consistency with grpconv).
2008-02-26 20:09:56 +00:00
nekral-guest f43a4659c6 Re-indent. 2008-02-26 19:17:20 +00:00
nekral-guest 2a2b2b3aa4 * NEWS: Fix failures when the gshadow file is not present. Thanks
to Christian Henz (http://bugs.debian.org/467488)
 * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
   the group file and set the grent structure
 * src/gpasswd.c (check_perms): The permissions should be checked
   using both the gshadow and group file. Add a <struct group *>
   parameter, and check if the gshadow file exists (is_shadowgrp).
 * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
   the gshadow file is not present (sgent is not initialized in that
   case). The fields of sgent can be set, but not used.
2008-02-26 19:09:10 +00:00
nekral-guest db479122f3 * Fix typo in comment.
* Move comment regarding FIRST_MEMBER_IS_ADMIN to
   where it belongs.
 * Indicate the end of the #ifdef FIRST_MEMBER_IS_ADMIN
   section.
2008-02-26 18:59:28 +00:00
nekral-guest 4160d8c1fb Add the new XML documentation files to EXTRA_DIST. 2008-02-25 21:46:27 +00:00
nekral-guest dead78e4d9 Use --previous when merging PO files of the manpages.
(I need to find a way to do it for the PO files of the binaries)
2008-02-25 21:27:31 +00:00
nekral-guest 7ce94164c7 * man/login.defs.d/SYS_UID_MAX.xml, man/login.defs.d/SYS_GID_MAX.xml:
Document new variables.
* man/newusers.8.xml, man/login.defs.5.xml,
  man/login.defs.d/GID_MAX.xml, man/login.defs.d/UID_MAX.xml:
  newusers uses now the GID_MAX, GID_MIN, UID_MAX, UID_MIN,
  SYS_GID_MAX, SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN variables.
* man/groupadd.8.xml, man/login.defs.5.xml: groupadd uses now the
  SYS_GID_MAX, and SYS_GID_MIN variables.
* man/login.defs.5.xml: useradd uses now the SYS_GID_MAX,
  SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN variables.
2008-02-25 21:17:18 +00:00
nekral-guest 77f722ae9d Added missing SYS_GID_MAX, SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN. 2008-02-25 21:06:30 +00:00
nekral-guest 93e2f66a60 * NEWS, src/useradd.c, man/useradd.8.xml: Added options
-user-group (-U, Uflg) and --no-user-group (-N, Nflg) to replace
  nflg.
* man/login.defs.d/USERGROUPS_ENAB.xml: useradd now also uses
  USERGROUPS_ENAB.
2008-02-25 21:03:46 +00:00
nekral-guest 2a5c015cd1 Add missing 'p' to the getopt_long's optstring. 2008-02-19 21:26:04 +00:00
nekral-guest dc641054a1 Add missing -p, --password description to the Usage message. 2008-02-19 21:21:52 +00:00
nekral-guest 23ac189d48 Add missing space in comment. 2008-02-19 21:18:04 +00:00
nekral-guest 29e71bf1b3 Fix --non-unique's has_arg field to no_argument instead of required_argument. 2008-02-19 21:16:28 +00:00
nekral-guest 7ec4a64cdb Add missing 'p' to the getopt_long's optstring. 2008-02-19 21:10:17 +00:00
nekral-guest c81db0b178 Fix alphabetical order. 2008-02-19 21:05:44 +00:00
nekral-guest bb824221a4 This entry was for login, not su:
* If started as init, start a new session.
2008-02-19 21:04:55 +00:00
nekral-guest ca2636f08a Re-indent. 2008-02-19 21:02:24 +00:00
nekral-guest 18c914f086 Added new option -r, --system for system accounts in useradd, groupadd,
and newusers.
2008-02-19 21:01:38 +00:00
nekral-guest ed52b88b92 Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec. 2008-02-18 21:36:03 +00:00
nekral-guest 280fcebae8 Change the default HOME directory in /etc/default/useradd according FHS
(/home instead of /home/users).  This fixes Alioth's bug #310559.
Thanks to Dale E. Edmons.
2008-02-17 15:29:41 +00:00
nekral-guest 80ef1db3b3 One AUDIT_USER_START remained. Replace it with AUDIT_CHGRP_ID also. 2008-02-14 18:51:37 +00:00
nekral-guest a8bc585e33 Use the correct AUDIT_CHGRP_ID event instead of
AUDIT_USER_START, when changing the user space group ID with
newgrp or sg. Thanks to sgrubb@redhat.com for the patch.
2008-02-14 18:35:51 +00:00
nekral-guest 1599d3d128 * Reset oflg with uflg if the new UID is equal to
the old one.
* Reset mflg with dflg if the new home directory is
  the same as the old one.
2008-02-10 21:35:17 +00:00
nekral-guest a5f949165a Fix the handling of -a when a user is being renamed (with -l). The new
name of the user was used for the new supplementary groups, but not in the
existing ones.
2008-02-10 20:25:39 +00:00
nekral-guest ead95673a5 Set the shadow's password instead of the passwd's password.
Fix wrong cut&paste.
2008-02-10 19:14:20 +00:00
nekral-guest 132eb55983 Fix typo. 2008-02-03 21:53:30 +00:00
nekral-guest f08833fba2 Fix typo. 2008-02-03 21:42:08 +00:00
nekral-guest f8679b385a No need to check audit_fd, audit_logger() will take care of this. 2008-02-03 21:40:01 +00:00
nekral-guest ae5db5d36b Really log the expiration date change as human readable strings instead of
integers.
2008-02-03 21:37:45 +00:00
nekral-guest fdae41eb63 Use a function to convert the dates from /etc/shadow to human readable dates. 2008-02-03 21:30:47 +00:00
nekral-guest 25433a17e7 TODO cleanup
- newusers: i = 100; not a nice initial value, use login.defs
	This is done. newusers now uses (UID|GID)_(MIN|MAX)
- remove the entries regarding outdated translation of documentation.
	The manpages translation should use the PO.
- the manpages should mention when the options were added.
	This should help user to choose option for portable scripts
2008-02-03 18:51:11 +00:00
nekral-guest 737806a53a Add ideas for new tests in the testsuite. 2008-02-03 17:58:16 +00:00
nekral-guest feb2e41181 Do not translate the fromhost variable. It is always used for syslog messages. 2008-02-03 17:57:43 +00:00
nekral-guest 6e9078f16c Switch to the C locale before sending messages to syslog. The messages
sent by shadow were not translated, but error messages from PAM returned
by pam_strerror() were translated in the users's locale.
2008-02-03 17:53:21 +00:00
nekral-guest 4e01ea6c33 * NEWS: newusers will behave more like useradd.
* src/newusers.c: The user's ID must be found before the group ID
	to mimic useradd's behavior choices of UID and GID.
	* src/newusers.c: Reuse the generic find_new_uid() and
	find_new_gid() functions. This permits to respect the
	UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should 
	* src/newusers.c: Check if the user or group exist using the
	external databases (with the libc getpwnam/getgrnam functions).
	Refuse to update an user which exist in an external database but
	does not exist in the local database.
	* src/newusers.c: Check the usernames and groupnames with
	check_user_name() and check_group_name()
	* src/newusers.c: Use isdigit() for readability.
	* src/newusers.c: Check if numerical IDs are valid (no remaining
	chars).

	* NEWS, src/newusers.c: Fix the support for the NONE crypt method.

	* src/newusers.c: Fix shadow group support (the list of admins was
	not defined; it is now set to an empty list).
2008-02-03 17:45:58 +00:00
nekral-guest 65ed10d75c Do not seed the random number generator each time, and use the time in
microseconds to avoid having the same salt for different passwords
generated in the same second.  This permits to avoid using the same salt
for different passwords in newusers.
2008-02-03 17:23:58 +00:00
nekral-guest aed929ae90 Add libmisc/find_new_ids.c to the sources of the libmisc library. 2008-02-03 16:57:21 +00:00
nekral-guest 04190741e7 Use the find_new_uid() and find_new_gid() from the library instead of the
local functions.
2008-02-03 16:56:23 +00:00
nekral-guest 72cfa974d8 Add libmisc/find_new_ids.c to the sources of the libmisc library. 2008-02-03 16:55:37 +00:00
nekral-guest a1ae1c4fba The new libmisc/find_new_ids.c file contains translatable strings. 2008-02-03 16:53:53 +00:00
nekral-guest e21f90fd68 Add new generic functions to find the next user or group ID available:
find_new_uid() and find_new_gid(). They work the same way as the functions
with the same name of useradd or groupadd, except that they check in the
local database to make sure an ID was not reserved in an uncommitted
change (this is needed to be used in newusers), they report a status
instead of calling exit(), and they can receive a preferred ID. They
should later support system IDs. This should be a little bit slower, but
not too much (if the database is not open the checks against the local
database will exit immediately, and if it is already open, all the checks
will be done regarding the data in memory).
2008-02-03 16:53:07 +00:00
nekral-guest be7c51d27a New function to find a group by its GID on the local database. 2008-02-03 16:51:08 +00:00
nekral-guest 7344e055be New function to find an user by its UID on the local database. 2008-02-03 16:50:14 +00:00
nekral-guest 57f713e426 * libmisc/age.c, libmisc/yesno.c, src/lastlog.c, src/grpck.c,
src/chfn.c, src/passwd.c, src/chage.c, src/login.c, src/sulogin.c,
   src/chsh.c: Fix call to puts (remove end of line, or use fputs).
 * po/*.po: Unfuzzy PO files according to above change.
2008-02-03 16:28:03 +00:00
bubulle 5672b53263 French translation update (obvious things only) 2008-02-03 06:20:06 +00:00
nekral-guest e899b34160 Updated PO files. 2008-02-02 17:20:42 +00:00
nekral-guest 3755086645 Fix comment. find_new_fid is no more called is the user specified a group
ID.
2008-01-27 14:31:23 +00:00
nekral-guest ae99674e9b Fix build failures with --disable-shadowgrp. Thanks to Jürgen
Daubert for the patch.
* libmisc/salt.c: Include <stdio.h>, needed for stderr and printf
  functions.
* lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and
  printf functions
* src/usermod.c: sgr_locked exists only if SHADOWGRP is defined.
* src/chgpasswd.c: Only check is the gshadow file exists if
  SHADOWGRP is defined.
2008-01-26 17:41:20 +00:00
nekral-guest 28a9441f4f Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 21:07:14 +00:00
nekral-guest 8c229ea473 Re-indent. 2008-01-24 20:54:42 +00:00
nekral-guest 3dd5866244 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 20:42:12 +00:00
nekral-guest 96f7a7588f Re-indent. 2008-01-24 19:50:09 +00:00
nekral-guest 01f9705dd5 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 19:38:06 +00:00
nekral-guest 1b246725c5 Re-indent. 2008-01-24 19:24:03 +00:00
nekral-guest de239d9b01 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 18:39:05 +00:00
nekral-guest f4b9f1b2e0 adduser was a typo. Move the adduser entries to the useradd section. 2008-01-23 23:48:39 +00:00
nekral-guest 926aeec06a Apply Christian's recommendation:
s/can't get unique/no more available/
2008-01-23 22:31:38 +00:00
nekral-guest 934ac07b06 Check that the new fields set with -u, -s, -l, -g, -f, -e, -d, and -c
differ from the old ones. If a requested new value is equal to the old
one, no changes will be performed for that field. If no fields are
changed, usermod will exist successfully with a warning. This avoids
logging changes to syslog when there are actually no changes.
2008-01-23 21:50:27 +00:00
nekral-guest 0d1be15e0f Always define user_newcomment, user_newshell, user_newexpire, and
user_newinactive. It is more simple to always have user_<x> as the old
field, and user_new<x> as the new field (even if the field did not change)
instead of changing the algorithm depending on WITH_AUDIT.
2008-01-23 21:19:08 +00:00
nekral-guest 294e3a632e user_newname can only be used in WITH_AUDIT code or when lflg is set. This
issue was introduced in the code refactoring of usermod.
2008-01-23 20:08:16 +00:00
nekral-guest 229e6cbdd8 Fix typo in comment: s/find_new_uid/find_new_gid/ 2008-01-22 22:59:06 +00:00
nekral-guest 53561134a9 * s/gid/GID/ in message string.
* Set this string for translation.
2008-01-22 22:57:55 +00:00
nekral-guest 7535467358 * man/grpck.8.xml: Conditionally include the parts mentioning the
gshadow file (based on SHADOWGRP).
* man/grpck.8.xml: Add reference to the gshadow(5) manpage
 (conditionally included).
2008-01-22 21:42:48 +00:00
nekral-guest 20153121be Fix typo. Remove "the" from "All entries in the <filename></filename> are
checked [...]"
2008-01-22 21:15:58 +00:00
nekral-guest caf3f2603e Indicate that the shadow parameter is optional (i.e. a passwd file can be
specified without a shadow file, and the group file can be specified
without the gshadow file).
2008-01-22 21:13:43 +00:00
nekral-guest 03e5a3a181 Document the options with a list of options, as in the pwck(8) manpage. 2008-01-22 20:56:13 +00:00
nekral-guest ae8cbbc34d * NEWS, src/newgrp.c: Fix segfault when an user returns to an
unknown GID (either the user was deleted during the user's newgrp
  session or the user's passwd entry referenced an invalid group).
  Add a syslog warning in that case.
* src/newgrp.c: Add an end of line when reporting an invalid
  password.
2008-01-21 23:33:43 +00:00
nekral-guest b082ebead2 * NEWS, src/useradd.c: Fix the handling of the --defaults option
(it required an argument, but should behave as -D)
* NEWS, man/useradd.8.xml: Document the --defaults option, which
  was already described in the useradd's Usage information.
2008-01-12 21:09:46 +00:00
nekral-guest 85febc5729 Avoid setting the password to a const empty string, but set the first char to \0. This avoids a warning. 2008-01-06 19:26:58 +00:00
nekral-guest e663f6c0b4 * libmisc/salt.c: Add prototype for l64a(), gensalt(),
SHA_salt_size(), and SHA_salt_rounds().
* libmisc/salt.c: l64a() and gensalt() are static.
* libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a
  const. (ditto for the method variable).
* libmisc/salt.c: SHA_salt_rounds returns a const string.
* libmisc/salt.c: Avoid warnings with cast of random() to double.
* libmisc/salt.c: Replace rand() by random().
2008-01-06 14:50:26 +00:00
nekral-guest 8a1abbe80b * lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
  required. skey and md are required for the binaries with
  authentication of the user (chfn, chsh, login, passwd, su). intl
  is required for all. mcrypt is required for user (chfn, chsh,
  login, passwd, su, sulogin) and group (newgrp, gpasswd)
  authentication and for the creation of passwords (chpasswd,
  chgpasswd, gpasswd, newusers, passwd).
2008-01-06 14:19:32 +00:00
nekral-guest 39c9007f67 * lib/nscd.c, lib/nscd.h: Set the service parameter of
nscd_flush_cache() to const. This avoids a lot of warnings.
* lib/nscd.c: Include "nscd.h" to avoid inconsistent prototypes.
2008-01-06 13:57:17 +00:00
nekral-guest ee268550d9 Remove prototypes for __gr_dup() and __gr_set_changed(). 2008-01-06 13:52:21 +00:00
nekral-guest e5b7987764 Set the method string as a constant string. 2008-01-06 13:49:00 +00:00
nekral-guest 06691758e8 Assume <errno.h> declares errno. 2008-01-06 13:42:47 +00:00
nekral-guest 1d63dfd1d4 * Remove prototype for sgetgrent().
* Add the name of the parameters for merge_group_entries() and split_groups().
2008-01-06 13:38:16 +00:00
nekral-guest 9d6d2de4d3 Fix typo: s/rend compte indiqué/rend le compte indiqué/ 2008-01-06 13:32:25 +00:00
nekral-guest 9104a7a4a4 * Remove prototype of check_su_auth(). It is redundant with prototypes.h.
* isgrp() is static.
2008-01-06 13:30:18 +00:00
nekral-guest 1520a0ae3e * libmisc/obscure.c: Tag the `old' parameter of palindrome(),
similar(), and simple() as unused.
* libmisc/loginprompt.c: Tag the `sig' parameter of login_exit()
  as unused.
* src/expiry.c: Tag the `sig' parameter of catch_signals() as
  unused.
* src/su.c: Tag the `sig' parameter of catch_signals() as unused.
* src/su.c: Add int parameter to the prototype of oldsig().
* src/login.c: Tag the `sig' parameter of alarm_handler() as
  unused.
* src/sulogin.c: Tag the `sig' parameter of catch_signals() as
  unused.
* libmisc/getdate.y: Tag the `string' parameter of yyerror() as
  unused.
* libmisc/getdate.y: The string provided to yyerror() is const.
* libmisc/getdate.y: Fix the prototypes of yylex() and yyerror().
2008-01-06 13:20:25 +00:00
nekral-guest 7b22265d4e * Remove teh macro definition of SETXXENT_TYPE,
SETXXENT_RET, and SETXXENT_TEST. They were used by the now
  removed pwent.c and grent.c.
* Remove the definition of PASSWD_PAG_FILE,
  GROUP_PAG_FILE, SHADOW_PAG_FILE, and SGROUP_PAG_FILE. They are
  never used.
* Don't include "snprintf.h". The file does not
  exist in shadow.
* Add new macro unused to tag unused parameters.
2008-01-06 13:12:09 +00:00
nekral-guest 116a76e528 Remove prototypes for __pw_del_entry(), __pw_get_head(), __spw_del_entry(), and __spw_get_head(). 2008-01-06 13:00:17 +00:00
nekral-guest 93177a5615 Assume optarg and optind are declared in <getopt.h>. 2008-01-06 12:52:23 +00:00
nekral-guest 0c867d23ad Remove the pw_name argument of new_pw_passwd. Use the user_newname global
variable instead. This avoid using a parameter with the same name as a function.
2008-01-06 12:50:22 +00:00
nekral-guest 5c6f68cd8f * Removed unused gid parameter of syslog_sg().
* The loginname and tty buffers are never changed. Add the const qualifier.
2008-01-06 12:31:06 +00:00
nekral-guest d85b926a14 The crypt_method string always points to a constant string. Add the const qualifier. 2008-01-06 12:26:20 +00:00
nekral-guest 8289eabc55 Remove prototype of l64a() (not used in pwunconv). 2008-01-06 12:12:30 +00:00
nekral-guest 58176a821d Remove prototypes for __gr_del_entry(), __gr_get_head(),
__sgr_del_entry(), and __sgr_get_head().
2008-01-06 12:09:38 +00:00
nekral-guest 4cdbd1fa1d * src/login_nopam.c: Use an ANSI prototype for resolve_hostname()
instead of K&R prototype.
* src/login_nopam.c: Fix the prototypes of list_match(),
  user_match(), from_match(), string_match(). There were no
  parameters in the prototypes.
* src/login_nopam.c: Fix the prototypes of the function parameter
  match_fn of list_match().
2008-01-06 12:07:42 +00:00
nekral-guest 0e07f3e48d Remove the src parameter of copy_special().
The entry's information are taken from the stat structure.
2008-01-06 12:02:24 +00:00
nekral-guest 569a3b8e59 * libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
  sure the exported prototypes are the ones used for the definition
  of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
  __gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
  __pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
  sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
  __sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
  __spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
  __gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
  and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
  __sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
  __spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
  __pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
  __xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
nekral-guest 747e174bec Add documentation for the new --password options. 2008-01-05 17:25:00 +00:00
nekral-guest ff49a02023 Fix find_new_gid() prototype. Add a void parameter. 2008-01-05 17:23:46 +00:00
nekral-guest 9c7ddf94c9 Remove old comments in the header. 2008-01-05 17:22:38 +00:00
nekral-guest 050364aba2 Include <lastlog.h> for the declaration of struct lastlog. 2008-01-05 17:20:45 +00:00
nekral-guest 23e8564812 Fix typos. 2008-01-05 16:44:51 +00:00
nekral-guest 462be08456 * lib/prototypes.h: Add the dolastlog() prototype.
* lib/prototypes.h: Typo: login.c -> loginprompt.c
* src/login.c: Remove declaration of dolastlog().
* libmisc/log.c: dolastlog() should not have been changed to static.
  Include prototypes.h instead.
2008-01-05 16:44:28 +00:00
nekral-guest db0dddc6e9 * libmisc/pwdcheck.c: Do not include <pwd.h>. Include <shadow.h>
and "pwauth.h" only when compiled without PAM support.
* src/chfn.c, src/chsh.c: Do not include <shadow.h>
* lib/commonio.c: Do not include <shadow.h>. Do not include
  <pwd.h>. Include "nscd.h" instead of <nscd.h>.
* configure.in: Do not check if shadow.h exist, but make sure it
  exists.
* libmisc/pwdcheck.c, src/chfn.c, src/chsh.c, lib/defines.h,
  lib/shadowmem.c, lib/shadowio.c, lib/commonio.c:
  HAVE_SHADOW_H is no more needed (shadow.h should always exist).
2008-01-05 16:33:43 +00:00
nekral-guest cea5c823a1 Fix the do_pam_passwd() prototype (it returns void). 2008-01-05 15:43:33 +00:00
nekral-guest 5a4848c8cc do_pam_passwd should not have been defined static, prototypes.h needed
to be included instead.
2008-01-05 15:41:58 +00:00
nekral-guest 6cf5b05493 Remove prototype of putgrent(), add parameter's name of sgetgrent(). 2008-01-05 14:35:13 +00:00
nekral-guest f8a95f7ca1 Add option --password to groupadd and groupmod (similar to useradd and usermod). 2008-01-05 14:17:43 +00:00
nekral-guest e94d2da45e Remove the declaration of getutent(), getutline(), setutent(), and
endutent() which are declared in <utmp.h>
2008-01-05 14:09:56 +00:00
nekral-guest 8d440a2a52 stat shadows another stat variable. Remove this
variable, and directly check the result of getfscreatecon().
2008-01-05 14:01:34 +00:00
nekral-guest 616ad5252d Changelog entry forgotten in previous src/gshadow.c commit:
* list() is an external function. DO not shadow it
   with a static function. The internal list() was renamed
   build_list().
2008-01-05 13:58:56 +00:00
nekral-guest 8d9c39789b The prototypes of fgetsx() and fputsx() are already defined in
prototypes.h. Remove the declaration of these functions.
2008-01-05 13:56:21 +00:00
nekral-guest bbb9470661 loginsh is a global variable, use newshell for the update_shell()'s parameter. 2008-01-05 13:54:39 +00:00
nekral-guest f11bbd3b70 login_prompt is the name of a function, use loginprompt for the internal variable. 2008-01-05 13:53:14 +00:00
nekral-guest 239b2d7bee Make a proper prototype for the main() function declaration. (add void) 2008-01-05 13:51:43 +00:00
nekral-guest 2040826791 Add changelog entry for previous commit. 2008-01-05 13:49:32 +00:00
nekral-guest 83b7153b40 Add missing include "shadowio.h". (This was OK as long as prototypes.h included this file.) 2008-01-05 13:40:49 +00:00
nekral-guest 53b075a760 * libmisc/pam_pass.c: Define do_pam_passwd() as static and add its prototype.
* libmisc/log.c: Define dolastlog() as static and add its prototype.
* src/chage.c: Define isnum() as static and add its prototype.
2008-01-05 13:37:32 +00:00
nekral-guest b8ce324a66 Include config.h as a system include, as recommended by the autoconf documentation. 2008-01-05 13:32:32 +00:00
nekral-guest 99dc2b1abf Define is_listed() as static and add its prototype. 2008-01-05 13:29:24 +00:00
nekral-guest 96bca84ca4 Include "prototypes.h" to make sure the exported prototypes are
the ones used for the definition of functions.
2008-01-05 13:23:22 +00:00
nekral-guest b7d372d8e3 "shadowio.h" was included for the definition of the spwd structure.
Replace this include by <shadow.h>
2008-01-05 13:07:54 +00:00
nekral-guest 867034e3ba grent.c does not exist anymore. Remove the putgrent prototype. 2008-01-05 13:05:21 +00:00
nekral-guest 3c800f5880 Add the syslog_sg prototype. 2008-01-01 23:56:03 +00:00
nekral-guest 11864d22b4 Also split syslog_sg() out of main(). 2008-01-01 23:54:51 +00:00
nekral-guest 1ff4e28748 Remove duplicate logging to syslog. 2008-01-01 23:45:44 +00:00
nekral-guest d590d0ccee Split check_perms() out of main(). 2008-01-01 23:35:55 +00:00
nekral-guest 94b3b98196 Avoid assignments in conditionals. 2008-01-01 23:07:55 +00:00
nekral-guest 1d76eb6ef7 Avoid assignments in conditionals. 2008-01-01 22:21:55 +00:00
nekral-guest 631fa3b4f3 (split_groups): Test the pointer returned by malloc. 2008-01-01 20:47:31 +00:00
nekral-guest 6f45325d6e Document add_one_entry_nis(), write_all(), commonio_remove(),
commonio_locate(), and commonio_rewind().
2008-01-01 20:34:47 +00:00
nekral-guest e700196c17 Fix typo s/groupadd/chpasswd/ 2008-01-01 19:56:29 +00:00
nekral-guest 53ecd8e0c0 New TODO item:
- newusers: add logging to SYSLOG & AUDIT
2008-01-01 19:54:37 +00:00
nekral-guest 97d7df1ef4 Fix typo s/groupadd/chage/ 2008-01-01 19:53:33 +00:00
nekral-guest 376d990101 Fix typo s/groupadd/chgpasswd/. 2008-01-01 19:53:02 +00:00
nekral-guest 4c2f65d7d0 Avoid implicit conversions to booleans. 2008-01-01 18:27:40 +00:00
nekral-guest 92d8cbb26c Avoid implicit brackets. 2008-01-01 18:04:46 +00:00
nekral-guest 7080370042 Re-indent. 2008-01-01 17:56:33 +00:00
nekral-guest a9ae2a8710 Avoid implicit conversions to booleans. 2008-01-01 17:51:54 +00:00
nekral-guest 94266e1360 use_system_pw_file and use_system_spw_file were not reset. 2008-01-01 17:43:18 +00:00
nekral-guest f6e79f59be Re-indent. 2008-01-01 16:58:13 +00:00
nekral-guest 27ed5ec8b9 Avoid implicit brackets. 2008-01-01 16:54:18 +00:00
nekral-guest f9f420b107 ignore libmisc.a 2008-01-01 16:40:50 +00:00
nekral-guest 1c2f4f0428 No functional changes were introduced by the previous pwck and grpck
changes, except for the following bug fix: no syslog logging if a passwd
or group file was specified on the command line without a shadowed
database file, even if the system shadowed database was changed).
2008-01-01 16:36:06 +00:00
nekral-guest 42a5b75c5a * Fix open_files prototype (void argument).
* close_file documentation (s:password/shadow:group/gshadow:)
2008-01-01 16:28:01 +00:00
nekral-guest 6ac97a708c Fix typos in comments (gshadow/shadow). 2008-01-01 16:25:57 +00:00
nekral-guest d022527b71 Simplify pwck's main(). Remove gotos. 2008-01-01 15:52:07 +00:00
nekral-guest 3ad9a439d5 Split also check_pw_file() and check_spw_file() out of main(). 2008-01-01 15:49:33 +00:00
nekral-guest ef2c12e560 Also split open_files and close_files out of main().
New global variables use_system_pw_file and use_system_spw_file
2008-01-01 15:29:47 +00:00
nekral-guest 6912ac253a Split process_flags() out of main(). New global variables is_shadow,
sort_mode.
2008-01-01 15:07:41 +00:00
nekral-guest a3501dfd95 De-comment code (duplicate the entry when the _R function is not present on the system). 2008-01-01 14:48:04 +00:00
nekral-guest 09a95ed70a * src/lastlog.c: Remove statbuf, not used.
* src/lastlog.c: Fix types, cast umin and umax to uid_t.
* src/lastlog.c: (option -u) user needs to be a signed long, not
  uid_t (to accept rangees like -<uid>
2008-01-01 14:38:47 +00:00
nekral-guest d0de685c7a Avoid ?: construct without the middle term. 2008-01-01 14:34:07 +00:00
nekral-guest 72713d0b73 Forgot to commit that one.
Avoid empty file when USE_PAM is set.
2008-01-01 14:32:41 +00:00
nekral-guest b681e50ff2 * libmisc/copydir.c, src/usermod.c, lib/prototypes.h: The uid and
gid parameters can be set to -1 to indicate that the original
  owners must be kept. Change the types from uid_t/gid_t to a
  long int (signed).
* libmisc/copydir.c: Change the copy_entry(), copy_dir(),
  copy_symlink(), copy_special(), and copy_file() prototypes
  accordingly.
* lib/prototypes.h: Add the parameters' name for the
  libmisc/copydir.c functions.
2008-01-01 14:31:00 +00:00
nekral-guest bb8af02978 Avoid empty file when WITH_AUDIT is not set. 2008-01-01 14:20:36 +00:00
nekral-guest bca732693b * libmisc/limits.c, libmisc/obscure.c, src/login_nopam.c,
lib/pwauth.c: Avoid empty file when USE_PAM is set.
* src/login_nopam.c: Fix warnings: resolve_hostname takes and
  returns a constant string.
2008-01-01 14:18:55 +00:00
nekral-guest 0dccafcd23 Remove inaccurate documentation.
The password file is no more opened in read only mode.
2008-01-01 14:12:34 +00:00
nekral-guest b25feca14c Add missing prototype declarations.
Document the new functions.
2008-01-01 14:10:21 +00:00
nekral-guest 0aaddfaf29 I forgot to mention compare_members_lists(). 2008-01-01 14:09:47 +00:00
nekral-guest 3d82d5e452 Split check_members() out of check_grp_file() and check_sgr_file(). 2008-01-01 13:50:06 +00:00
nekral-guest 612820cb9a Split check_grp_file() and check_sgr_file() out of main(). 2008-01-01 13:48:49 +00:00
nekral-guest f6f6eeda8e Split process_flags(), open_files(), and close_files() out of main(). New
global variables is_shadow, sort_mode, use_system_grp_file, and
use_system_sgr_file.
2008-01-01 13:13:47 +00:00
nekral-guest 83b9a376a2 If remove-potcdate.sin does not exist, use the one from teh po directory
(it is not installed automatically by autopoint.
2007-12-31 20:16:46 +00:00
nekral-guest ca9fbc0d8e Compilation fix. pamh needs to be global since the split of check_perms(). 2007-12-31 20:15:15 +00:00
nekral-guest 1ec694eae7 Compilation fix. user was removed from the list of global variables. 2007-12-31 20:14:31 +00:00
nekral-guest b9a00ea0ee Fix the type of the bitfields in the commonio_entry and commonio_db
structures to unsigned int (instead of int).
2007-12-31 20:12:48 +00:00
nekral-guest 0cc661a2cf Re-indent. 2007-12-31 15:34:29 +00:00
nekral-guest d6cabcde78 Re-indent. 2007-12-31 15:32:15 +00:00
nekral-guest 4c9686df0c Avoid assignments in comparisons. 2007-12-31 15:30:29 +00:00
nekral-guest ce4e74c1b9 Avoid implicit brackets. 2007-12-31 15:27:23 +00:00
nekral-guest 3709183127 (compil fix) Use pw->pw_name instead of user. 2007-12-31 15:13:39 +00:00
nekral-guest 9a67b445b1 sflg needs to be global. 2007-12-31 15:07:59 +00:00
nekral-guest ca035a53a0 Also split update_shell() out of main(). 2007-12-31 15:06:22 +00:00
nekral-guest f031095d9f * Split also check_perms() out of main().
* Before pam_end(), the return value of the previous
  pam API was already checked. No need to validate it again.
2007-12-31 14:54:46 +00:00
nekral-guest 7ed7e14dee Split process_flags() out of main(). 2007-12-31 14:52:52 +00:00
nekral-guest 4af02cb083 Avoid assignments in comparisons. 2007-12-31 14:37:24 +00:00
nekral-guest ce3c44b0f7 Avoid assignments in comparisons. 2007-12-31 14:25:06 +00:00
nekral-guest c086f6c931 Avoid implicit conversions to booleans. 2007-12-31 14:15:29 +00:00
nekral-guest ca468cb988 Document may_change_field(). 2007-12-31 14:03:14 +00:00
nekral-guest 3d04ff4037 Avoid implicit brackets. 2007-12-31 13:48:48 +00:00
nekral-guest 7279ff37f3 * New function: process_flags() split out of main().
The flags variables are now global.
* New functions: check_perms(), update_gecos(),
  get_old_fields(), and check_fields() split out of main().
* Before pam_end(), the return value of the previous
  pam API was already checked. No need to validate it again.
2007-12-31 13:43:04 +00:00
nekral-guest d0b984528a * src/newusers.c: Compilation fix for PAM support (pamh needs to be
global since the function split).
* src/chpasswd.c: Likewise.
* src/chgpasswd.c: Likewise.
* src/chpasswd.c: Avoid implicit conversions to booleans.
2007-12-31 04:57:54 +00:00
nekral-guest e448d1acb1 Sort the tools in the NEWS entries of 4.1.1. 2007-12-31 04:34:10 +00:00
nekral-guest f09b1404eb Rewrote to match the previous commit message. 2007-12-31 04:31:28 +00:00
nekral-guest db38d0b104 * src/chage.c: Fix typo: s/maximim/maximum/
* src/chage.c: New function: fail_exit(). Change most of the exit()
	to a fail_exit, which makes sure the files are unlocked (new global
	variables: pw_locked, spw_locked), the PAM transaction is ended, and
	the failure is logged to libaudit (use a global user_name and user_uid
	for logging).
	* src/chage.c: Compilation fix for PAM support (pamh needs to be
	global since the function split).
	* src/chage.c: Document process_flags(), check_flags(), check_perms(),
	open_files(), and close_files().
	* src/chage.c: Split update_age() and get_defaults() out of main()
	* src/chage.c: Drop the privileges just after opening the files.
	* src/chage.c: Do not log to audit only if the user has an entry in
	the shadow file.
	* NEWS, src/chage.c (open_files): Also open the password file for
	writing. This fix chage when the user only has a password entry (and
	no shadow entries).
	* src/chage.c (get_defaults): Use default values that don't change the
	behavior of the account for the fields that are not specified when the
	user has no shadow entry.
2007-12-31 04:29:30 +00:00
nekral-guest 3b7497b063 * Compilation fix for PAM support (pamh needs to be
global since the function split).
* End the PAM transaction in fail_exit().
* Document check_flags().
2007-12-30 21:48:55 +00:00
nekral-guest d1bee8b593 Compilation fix for non-gshadow support. 2007-12-30 21:39:57 +00:00
nekral-guest 99230a30ad I forgot to open and close gshadow. 2007-12-29 17:34:02 +00:00
nekral-guest 623010396c Added support for gshadow. 2007-12-29 17:26:28 +00:00
nekral-guest 098173e1df Do not add the new user to the group's members, because the group is already
the primary group of the new user.
2007-12-29 17:05:13 +00:00
nekral-guest 67b9c423fe Avoid variables with the name of a type. 2007-12-29 14:52:35 +00:00
nekral-guest b040f047fd Avoid assignments in comparisons. 2007-12-29 14:48:33 +00:00
nekral-guest 8c4efbb8ce Avoid implicit brackets and re-indent. 2007-12-29 14:34:39 +00:00
nekral-guest 9923513271 Before pam_end(), the return value of the previous
pam API was already checked. No need to validate it again.
2007-12-29 14:17:06 +00:00
nekral-guest 60a422b284 newusers cleanups
main() split in new functions: process_flags(), check_flags(), check_perms(),
open_files(), and close_files().
2007-12-29 14:11:54 +00:00
nekral-guest 3c890a55d8 Avoid assignments in comparisons. 2007-12-29 11:34:31 +00:00
nekral-guest 37ccc0a3d4 Re-indent. 2007-12-29 11:19:39 +00:00
nekral-guest a7cbfedc85 * Avoid implicit brackets.
* Avoid implicit conversion to booleans.
2007-12-29 11:06:35 +00:00
nekral-guest 2d771a97b7 Remove dead code. It was probably put here to add more
information to the audit_logger.
2007-12-29 10:50:03 +00:00
nekral-guest 6ca79a36b0 Avoid using a variable with the same name as a type. 2007-12-29 10:47:04 +00:00
nekral-guest 388dcee3e4 chage cleanups
* src/chage.c: Before pam_end(), the return value of the previous
	pam API was already checked. No need to validate it again.
	* src/chage.c: main() split in new functions: process_flags(),
	check_flags(), check_perms(), open_files(), and close_files().
2007-12-29 10:42:25 +00:00
nekral-guest 8563319b8b * src/chgpasswd.c: Avoid assignments in comparisons.
* src/chgpasswd.c: Avoid implicit brackets.
	* src/chgpasswd.c: Fix comments to match chgpasswd (group instead of
	user's passwords are changed).

	Fix the previous ChangeLog entries regarding chgpasswd.
2007-12-28 23:14:59 +00:00
nekral-guest 9fe450e216 Same changes as for chpasswd:
* src/chpasswd.c: main() split in process_flags(), check_flags(),
	check_perms(), open_files(), and close_files().
2007-12-28 22:59:17 +00:00
nekral-guest 28cd038c35 Same changes as for chpasswd:
* src/chpasswd.c: main() split in process_flags(), check_flags(),
	check_perms(), open_files(), and close_files().
2007-12-28 22:54:35 +00:00
nekral-guest 8dc959ea1f Avoid implicit brackets. 2007-12-28 22:34:14 +00:00
nekral-guest f54464bcf6 Re-indent. 2007-12-28 22:31:45 +00:00
nekral-guest 05651a338e Re-indent. 2007-12-28 22:30:02 +00:00
nekral-guest 908e2cbcc7 Avoid assignments in comparisons. 2007-12-28 22:24:02 +00:00
nekral-guest b9eec1ea49 Other new functions: open_files(), close_files().
This force flushing the password database after the password file is unlocked.
2007-12-28 22:18:55 +00:00
nekral-guest 566b357f99 New functions: process_flags(), check_flags(),
check_perms(). Split out of main().
2007-12-28 22:05:51 +00:00
nekral-guest dc1dccd9e2 Before pam_end(), the return value of the previous
pam API was already checked. No need to validate it again.
2007-12-28 21:29:06 +00:00
nekral-guest 8dc4ca297c New function check_flags(). Split the validation of
options and arguments out of process_flags.
2007-12-28 21:04:04 +00:00
nekral-guest 605a338216 (main, check_perms): New function check_perms().
Split the validation of the user's permissions out of main()
2007-12-28 20:46:24 +00:00
nekral-guest 6d09b4ce4d (main): Before pam_end(), the return value of the previous pam API was already
checked. No need to validate it again.
2007-12-28 20:40:59 +00:00
nekral-guest 147c37789a Re-indent. 2007-12-28 20:35:05 +00:00
nekral-guest ffa34c5afd (process_flags): prefer fail_exit to exit. This avoid
an explicit call to audit_logger().
2007-12-28 19:15:14 +00:00
nekral-guest da37da30e1 I forgot the initialization of group_id in find_new_gid(). 2007-12-28 19:08:33 +00:00
nekral-guest b4f6b853f8 * process_args renamed process_flags
* Add the options checks in process_flags (group_name, group ID uniqueness)
 * Add the parameters' names in the prototypes.
2007-12-28 11:22:27 +00:00
nekral-guest cc1f6c10be Split the processing of options out of main(). 2007-12-28 10:41:22 +00:00
nekral-guest 08e09354b2 find_new_gid is never called when an
GID is specified with -g. Simplify find_new_gid accordingly.
2007-12-28 10:30:39 +00:00
nekral-guest 0b6b9fe090 typo cleared/clearer 2007-12-28 10:20:02 +00:00
nekral-guest 83b546beef (find_new_gid): If oflg is set, gflg is also set.
Use (!gflg), which is cleared than (!gflg || !oflg).
2007-12-28 10:19:21 +00:00
nekral-guest b4071939e0 A group with the specified name cannot exist at that time in find_new_gid.
Remove the check.
2007-12-28 10:15:42 +00:00
nekral-guest 0a4424ef00 Avoid implict brackets. 2007-12-28 10:12:09 +00:00
nekral-guest 18a654d13b When compiled without AUDIT support, if the return code was E_SUCCESS,
fail_exit() wouldn't have exited. Fix the scope of #idef WITH_AUDIT.
2007-12-28 09:39:22 +00:00
nekral-guest b8650378c1 Document the new functions. 2007-12-28 00:35:41 +00:00
nekral-guest 9a9a9c0414 Other cleanups and documentation.
Do the checks, then build the filenames. Do not mix both.
2007-12-28 00:23:33 +00:00
nekral-guest 523392dc0b Stop at the first error. 2007-12-28 00:08:16 +00:00
nekral-guest ed1dd1bb99 Avoid assignement in comparison. 2007-12-28 00:04:46 +00:00
nekral-guest 6987e6f12a Avoid implicit conversions to booleans. 2007-12-28 00:03:26 +00:00
nekral-guest 9c79c77de4 Avoid implicit casts. 2007-12-27 23:41:36 +00:00
nekral-guest 7f5a4e15c6 Avoid implicit brackets. 2007-12-27 23:40:00 +00:00
nekral-guest 6bc43fea06 Document selinux_file_context. 2007-12-27 23:32:47 +00:00
nekral-guest cc4b37f65c Avoid assignment in comparisons. 2007-12-27 23:30:36 +00:00
nekral-guest dfb6416a5b libmisc/copydir.c cleanup
* libmisc/copydir.c: Split copy_tree() in more maintainable functions:
	copy_entry(), copy_dir(), copy_symlink(), copy_hardlink(),
	copy_special(), and copy_file().
	* libmisc/copydir.c: -1 is used to indicate an error, directly set err
	to -1, instead of incrementing it, and checking if not nul at the
	end.
2007-12-27 23:23:51 +00:00
nekral-guest bfa8ef3e75 Avoid implicit conversions to booleans. 2007-12-27 21:56:45 +00:00
nekral-guest b58df6280d Avoid assignment in comparisons. 2007-12-27 21:43:29 +00:00
nekral-guest 641d73ab83 Document check_list's return value. 2007-12-27 21:30:12 +00:00
nekral-guest a77eb6b49d Avoid implicit brackets. 2007-12-27 21:28:50 +00:00
nekral-guest c919701466 Simplify gpasswd's main():
Also split check_flags() out of main().
2007-12-27 21:19:57 +00:00
nekral-guest c81bf3e06f Simplify gpasswd's main():
Split also get_group() and change_passwd() out of main().
2007-12-27 21:04:22 +00:00
nekral-guest 586181bf71 Simplify gpasswd's main():
New function: check_perms(). Split out of main() to simplify main().
2007-12-27 19:08:31 +00:00
nekral-guest 55d581d041 Simplify gpasswd's main():
New functions: open_files(), close_files(), update_group(). Split out
	from main() to simplify this (too) big function.
2007-12-27 18:52:40 +00:00
nekral-guest f429f3e38d Simplify gpasswd's main():
New function: process_flags(). Split the processing of options out of main().
2007-12-27 18:27:57 +00:00
nekral-guest 7b05484494 gpasswd cleanup
* src/gpasswd.c: Add argument name to the internal function
	prototypes.
	* src/gpasswd.c: Document global variables.
2007-12-27 17:36:08 +00:00
nekral-guest 5714adb090 Recommend editing the shadowed (resp. regular) file if the regular (resp.
shadowed) file was edited.
2007-12-26 23:43:55 +00:00
nekral-guest ac7693ef7b End of the previous changelog entry... 2007-12-26 23:17:27 +00:00
nekral-guest 5cbc86b7d9 Merge Debian's patch 451_login_PATH
* NEWS, libmisc/setupenv.c: Export PATH according to ENV_PATH and
	ENV_SUPATH, as for su. This impacts login.
	* man/login.1.xml: PATH and SUPATH are now used both when PAM support
	is disabled and enabled.
2007-12-26 23:15:43 +00:00
nekral-guest b44a6c316d If started as init, login and sulogin need to start a new session. 2007-12-26 22:36:54 +00:00
nekral-guest f5461ff01e Merge Debian's patch 408_passwd_check_arguments
* NEWS, src/passwd.c: Make sure that no more than one username
	argument was provided.
2007-12-26 22:17:13 +00:00
nekral-guest b77cef01a9 Re-indent. 2007-12-26 21:56:47 +00:00
nekral-guest 3a48f0954c Merge Debian's patch 412_lastlog_-u_numerical_range
* NEWS, src/lastlog.c, man/lastlog.8.xml: Accept numerical user, or
  ranges with the -u option.
* TODO: The same change should be done on faillog.
2007-12-26 21:54:04 +00:00
nekral-guest fd970ab62c Merge Debian's patch 466_fflush-prompt
* libmisc/Makefile.am, lib/prototypes.h, libmisc/yesno.c, src/grpck.c,
	src/pwck.c: move yes_or_no() from grpck/pwck to a separate
	libmisc/yesno.c (with a read_only argument).
	* libmisc/fields.c, libmisc/yesno.c: Make sure stdout is flushed before
	reading the user's answer.
2007-12-26 16:50:38 +00:00
nekral-guest e663c696c2 su's arguments are now reordered. If needed, use -- to separate su's
options from the shell's options.
2007-12-26 15:10:48 +00:00
nekral-guest 65d0682647 Merge RedHat's patch shadow-4.0.18.1-mtime.patch:
* NEWS: Document that usermod will now preserve user's file modification
    and access time.
    * libmisc/copydir.c: Preserve the access and modification time of copied
    files. This is important for usermod. This will also impact useradd, for
    the skeleton files, but this is not important.
    * libmisc/copydir.c: Stop and return an error if a file could not be
    closed after during a copy.
2007-12-26 13:54:23 +00:00
nekral-guest 3935d32676 Mention RedHat's patches for previous commits.
Merge RedHat's patch shadow-4.0.18.1-findNewUidOnce.patch:
	* src/useradd.c (usr_update): Do not call find_new_uid(). The UID was
	already either specified or found by another call to find_new_uid().
	* src/useradd.c (find_new_uid): Always start with uid_min (find_new_uid()
	is never called when user_id was already specified).
	* src/useradd.c (find_new_uid): Fix the comments (find_new_uid() is not
	called when the UID is specified (uflg)).
	* src/useradd.c (main): Only call find_new_uid() if (!oflg) and (!uflg).
	If uflg is set (but not oflg), check the UID uniqueness.
	* src/useradd.c (find_new_uid): Don't check the uid and user name
	uniqueness in find_new_uid(). The user name uniqueness is already checked
	during the parameter validation. UID uniqueness is also checked (see
	above).
	* src/useradd.c (find_new_uid): Don't check uflg in find_new_uid().
	* src/useradd.c (find_new_uid): Make sure that find_new_uid() is not
	called when uflg is set (assert).

Cleanups in find_new_gid:
	* src/useradd.c (find_new_gid): Check that gflg is not set (assert).
	* src/useradd.c (find_new_gid): Do not check the group name uniqueness
	(already checked in main).
	* src/useradd.c (find_new_gid): Avoid a "continue" in the loop.
	* src/useradd.c (find_new_gid): Remove irrelevant comments.
	* src/useradd.c (find_new_gid): Fix the function definition's comment.
2007-12-26 13:18:27 +00:00
nekral-guest c57e8983ff Add option -l to avoid adding the user to the lastlog and faillog databases
Fix the release numbers for the current NEWS entries.
2007-12-26 10:15:20 +00:00
nekral-guest a840bc8c99 The manpages should indicate how common options are. 2007-12-26 10:13:57 +00:00
nekral-guest 20dfe6ba98 NO_GETPWENT is no more supported. Remove associated chunks of code. 2007-12-26 09:28:02 +00:00
nekral-guest 60c167838f Document the long options (--force, --gid, --key, --non-unique). 2007-12-26 09:22:49 +00:00
nekral-guest d6ee05ef93 Do not install the shadow library per default.
lib_LTLIBRARIES changed to noinst_LTLIBRARIES.
2007-12-26 09:18:45 +00:00
nekral-guest 34ed03d978 * NEWS, configure.in: Prepare the 4.1.0 release.
* NEWS, src/chgpasswd.c: Use chgpasswd PAM policy file instead of
  chpasswd's one.
* NEWS: The login.defs variables are documented.
2007-12-09 22:54:53 +00:00
nekral-guest 82ab505d1a Updated TODO list. 2007-12-09 22:51:47 +00:00
nekral-guest 8418f76979 New TODO. 2007-12-09 14:51:42 +00:00
nekral-guest 15989f16f7 * man/pwconv.8.xml: Fix typos.
* man/chpasswd.8.xml, man/chgpasswd.8.xml: Document the NONE crypt
  method.
* man/login.defs.d/MAIL_DIR.xml: Add comment regarding useradd not
  using MAIL_FILE.
* man/login.defs.d/ERASECHAR.xml, man/login.defs.d/KILLCHAR.xml,
  man/login.defs.d/CONSOLE_GROUPS.xml, man/login.defs.d/ENV_HZ.xml,
  man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml:
  These variables are also used by some tools when compiled with PAM
  support.
* man/login.defs.d/ENV_HZ.xml: Add note that it is only used by
  sulogin when compiled with PAM support.
* man/login.defs.d/ENV_SUPATH.xml: Typos: ENV_PATH -> ENV_SUPATH,
  and mention sbin in the path.
* man/login.defs.d/LOGIN_STRING.xml: Fix typo: confition ->
  condition.
* man/sg.1.xml: Add CONFIGURATION section (SYSLOG_SG_ENAB).
* man/su.1.xml: ENV_HZ, LOGIN_STRING, MAIL_DIR, USERGROUPS_ENAB
  are only used when su is compiled without PAM support.
* man/login.defs.5.xml: Added variables: OBSCURE_CHECKS_ENAB
  PASS_ALWAYS_WARN PASS_CHANGE_TRIES SULOG_FILE SU_NAME
  SU_WHEEL_ONLY SYSLOG_SG_ENAB SYSLOG_SU_ENAB.
* man/login.defs.5.xml: ENVIRON_FILE is only used when compiled
  without PAM support.
* man/login.defs.5.xml: sulogin uses variables even when compiled
  with PAM support.
* man/login.1.xml: ENV_HZ ENV_PATH ENV_SUPATH MAIL_DIR UMASK are
  only used when login is not compiled with PAM support.
2007-12-09 14:50:14 +00:00
nekral-guest 9ac8c65e37 Make sure is_console is only defined when USE_PAM is not defined. 2007-12-08 23:27:35 +00:00
nekral-guest 462794685f Fix time () prototype. 2007-12-08 23:25:52 +00:00
nekral-guest 8c4d98edc1 * man/login.defs.d/CONSOLE_GROUPS.xml,
man/login.defs.d/CONSOLE.xml, man/login.defs.d/DEFAULT_HOME.xml,
  man/login.defs.d/ENV_HZ.xml, man/login.defs.d/ENVIRON_FILE.xml,
  man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml,
  man/login.defs.d/ENV_TZ.xml, man/login.defs.d/ERASECHAR.xml,
  man/login.defs.d/FAIL_DELAY.xml,
  man/login.defs.d/FAILLOG_ENAB.xml,
  man/login.defs.d/FAKE_SHELL.xml, man/login.defs.d/FTMP_FILE.xml,
  man/login.defs.d/HUSHLOGIN_FILE.xml,
  man/login.defs.d/ISSUE_FILE.xml, man/login.defs.d/KILLCHAR.xml,
  man/login.defs.d/LASTLOG_ENAB.xml, man/login.defs.d/LOGIN_RETRIES.xml,
  man/login.defs.d/LOGIN_TIMEOUT.xml, man/login.defs.d/LOG_OK_LOGINS.xml,
  man/login.defs.d/LOG_UNKFAIL_ENAB.xml,
  man/login.defs.d/MAIL_CHECK_ENAB.xml, man/login.defs.d/MOTD_FILE.xml,
  man/login.defs.d/NOLOGINS_FILE.xml,
  man/login.defs.d/OBSCURE_CHECKS_ENAB.xml,
  man/login.defs.d/PASS_ALWAYS_WARN.xml,
  man/login.defs.d/PASS_CHANGE_TRIES.xml,
  man/login.defs.d/PASS_MAX_LEN.xml,
  man/login.defs.d/PORTTIME_CHECKS_ENAB.xml,
  man/login.defs.d/QUOTAS_ENAB.xml, man/login.defs.d/SULOG_FILE.xml,
  man/login.defs.d/SU_NAME.xml, man/login.defs.d/SU_WHEEL_ONLY.xml,
  man/login.defs.d/SYSLOG_SG_ENAB.xml,
  man/login.defs.d/SYSLOG_SU_ENAB.xml,
  man/login.defs.d/TTYGROUP.xml, man/login.defs.d/TTYTYPE_FILE.xml,
  man/login.defs.d/ULIMIT.xml, man/login.defs.d/USERGROUPS_ENAB.xml:
  New documentation of login.defs variables.
* man/login.defs.d/MAIL_DIR.xml: Updated. It now contains the
  MAIL_FILE documentation.
* man/login.defs.d/LOGIN_STRING.xml: Updated. Mentions %s.
* man/pwconv.8.xml, man/groupmems.8.xml, man/groupdel.8.xml,
  man/useradd.8.xml, man/pwck.8.xml, man/groupadd.8.xml,
  man/sulogin.8.xml, man/newgrp.1.xml, man/usermod.8.xml,
  man/su.1.xml, man/vipw.8.xml, man/passwd.1.xml,
  man/groupmod.8.xml, man/login.1.xml, man/userdel.8.xml,
  man/grpck.8.xml: Added CONFIGURATION section.
* man/generate_mans.mak: The generations of manpages depends on
  the variables from the Makefiles. Add the dependency on Makefile.
* man/login.defs.5.xml: New login.defs variable documented.
* man/Makefile.am: Added XML variable documentation to the
  distributed files.
2007-12-08 23:24:40 +00:00
nekral-guest 6c6a220b2e Fix the newgrp section in the gshadow.5 manpage.
Thanks to Andre Majorel <aym-naibed@teaser.fr>.
2007-12-05 21:31:21 +00:00
nekral-guest 50452e30fc Prepare the 4.1.0-rc1 release. 2007-11-27 20:08:16 +00:00
nekral-guest 713d777c61 New TODOs. 2007-11-27 19:45:36 +00:00
nekral-guest 5a00c2a03e Added the login.defs variables description to the man's EXTRA_DIST. 2007-11-27 19:42:23 +00:00
nekral-guest 0f7f0ea467 * man/chfn.1.xml: Uses CHFN_AUTH, CHFN_RESTRICT, LOGIN_STRING.
* man/chgpasswd.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chpasswd.8.xml: Switch to using entities for ENCRYPT_METHOD,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chsh.1.xml: Uses CHSH_AUTH, LOGIN_STRING.
* man/expiry.1.xml: Does not use any login.defs parameter.
* man/gpasswd.1.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS.
* man/login.defs.5.xml: Added CHSH_AUTH.
* man/login.defs.5.xml: Cross reference -> cross references.
* man/login.defs.5.xml: chfn only uses CHFN_AUTH when no_pam.
* man/login.defs.5.xml: chsh uses CHSH_AUTH, not CHFN_AUTH.
* man/login.defs.d/CHSH_AUTH.xml: Added.
* man/login.defs.5.xml: chsh uses parameters only when no_pam.
* man/login.defs.5.xml: expiry does not use CONSOLE_GROUPS, even
  if linked in the binary.
* man/newusers.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE,
  SHA_CRYPT_MIN_ROUNDS, UMASK.
2007-11-26 23:27:56 +00:00
nekral-guest 7fd329721a The previous commit to man/login.defs.5.xml also describeb the usage of
variables by each tools when compiled without PAM support.
2007-11-26 22:14:45 +00:00
nekral-guest 4183905c3a Add --expand-all-entities to the call to xml2po to avoid translating the
external entities separately.
2007-11-26 22:13:16 +00:00
nekral-guest b75fe4940b Put each variable description in an external entities. This will permit to
reference them in the various utils manpages.
2007-11-26 22:11:23 +00:00
nekral-guest cb041d775f Do not generate gmo files. 2007-11-26 22:04:20 +00:00
nekral-guest a428137884 End of the PO unfuzzyfication (after tabulation removal in Usage strings) 2007-11-26 22:00:57 +00:00
nekral-guest ece64e4195 Fix typo. 2007-11-25 22:05:08 +00:00
nekral-guest 8ed5ead77b * man/po/LINGUAS: Added missing LINGUAS.
* man/po/de.po, man/po/fr.po, man/po/it.po, man/po/pl.po,
  man/po/ru.po, man/po/sv.po: Updated.
2007-11-25 21:28:26 +00:00
nekral-guest 1683c26db3 Added POTFILES to the ignored files in man/po 2007-11-25 21:06:49 +00:00
nekral-guest 543b693547 * configure.in, man/po/Makefile.in.in, man/po/Makevars,
man/po/POTFILES.in, man/Makefile.am: Generate the PO files for the
  manpages in the man/po directory (instead of man/<lang>). Use a
  Makefile.in.in based on gettext's one. This ensure that the PO are
  generated before being used in the <lang> directories.
* man/generate_mans.mak, man/generate_translations.mak,
  man/Makefile.am: New makefile for the generation of manpages from
  XML (generate_mans.mak). This avoid duplicate chunks in
  generate_translations.mak and Makefile.am
* man/de/de.po, man/fr/fr.po, man/it/it.po, man/pl/pl.po,
  man/ru/ru.po, man/sv/sv.po: Moved to...
* man/po/de.po, man/po/fr.po, man/po/it.po, man/po/pl.po,
  man/po/ru.po, man/po/sv.po: ... here.
2007-11-25 21:02:32 +00:00
nekral-guest fabc69e9d8 One more fix to avoid a fuzzy string. 2007-11-25 20:27:25 +00:00
nekral-guest 971c43c0e5 Unfuzzy other Usage strings translations.
Note: km.po and ne.po contain translated options.
2007-11-25 20:21:53 +00:00
nekral-guest 6831c45533 Do not use tabulations in Usage strings. 2007-11-24 22:41:24 +00:00
nekral-guest 0e400eae56 Run "make update-po" in the po directory. 2007-11-24 14:02:10 +00:00
nekral-guest 4d606cc690 * configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
  to disable the references to the SHA256 and SHA512 password
  encryption algorithms from the usage help and manuals (in addition
  to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
  src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
  always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
  preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
  src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
  SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
  subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 13:08:08 +00:00
nekral-guest ee5c48d51c If we requested a non DES encryption, make sure crypt returned a encrypted
password longer than 13 chars. This protects against the GNU crypt() which
does not return NULL if the algorithm is not supported, and return a DES
encrypted password.
2007-11-24 00:37:37 +00:00
nekral-guest 6ffc0f820a Add missing #include "getdef.h" 2007-11-24 00:28:25 +00:00
nekral-guest afbf2094a8 * Provide the crypt method to all the
crypt_make_salt invocations.
* Tag the ENCRYPTMETHOD_SELECT dependent code
  accordingly.
2007-11-24 00:26:31 +00:00
nekral-guest 2e782e3d7d * libmisc/salt.c: Make sure method is not NULL, defaulting to DES.
Thanks to Dan Kopecek <dkopecek@redhat.com>.
* src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but
  the system default define in /Etc/login.defs. Thanks to Dan
  Kopecek <dkopecek@redhat.com>.
* NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention
  DES as the default algorithm.
* src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT
  dependent code accordingly.
2007-11-24 00:16:41 +00:00
nekral-guest e1e619074c Re-indent. 2007-11-24 00:00:12 +00:00
nekral-guest a99bec34a9 Make sure method is not NULL, defaulting to DES. Thanks to Dan Kopecek <dkopecek@redhat.com>. 2007-11-23 23:57:47 +00:00
nekral-guest 963bfaf521 * Move the srandom call to gensalt.
* Replace the test on salt_size by an assert.
2007-11-23 21:04:43 +00:00
nekral-guest 43b10b311a Applied patch shadow-utils-4.0.18.2-salt.patch. Thanks to Dan Kopecek <dkopecek@redhat.com> 2007-11-23 20:51:43 +00:00
nekral-guest 1cc6fd0d16 News options -c/--crypt-method -s/--sha-rounds to newusers.
Document also new login.defs variables.
2007-11-23 20:24:42 +00:00
nekral-guest acba134aae Added prototype for getlong. 2007-11-23 20:11:00 +00:00
nekral-guest add1c18b2e * src/chpasswd.c: Added crypt method: NONE.
* src/chpasswd.c: Added --sha-rounds to the usage().
* libmisc/Makefile.am, libmisc/getlong.c, src/chgpasswd.c,
  src/chpasswd.c: New getlong function. Replace chpasswd's and
  chgpasswd's getnumber.
2007-11-23 20:09:57 +00:00
nekral-guest d8d8f70b0e Removed unused variable 'member'. 2007-11-23 20:00:03 +00:00
nekral-guest f0ccf72107 Document the variables used by chpasswd. The definitions are copied from
login.defs. I should try to use a less error prone process for this.
2007-11-23 19:58:10 +00:00
nekral-guest d316ba1b87 * Use <replaceable> for the values set by
users. (was sometimes <emphasis remap='I'>)
* Use <option> vor the variable names. This
  makes the manpage much more readable.
* (ENCRYPT_METHOD, MD5_CRYPT_ENAB,
  SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS): Mention that command
  line option may supersede the system setting.
* Document the variables used by chpasswd
  and chgpasswd.
2007-11-23 19:55:47 +00:00
nekral-guest ba1e26e25f svn propset svn:keywords Id 2007-11-23 19:44:57 +00:00
nekral-guest e15fbb905c * NEWS, lib/getdef.c, man/login.defs.5.xml: New login.defs
variable: MAX_MEMBERS_PER_GROUP. Used for the split groups support.
* lib/commonio.c, lib/commonio.h: Add an open_hook and close_hook
  operation. They are called after the database is actually opened
  and parse, or before it is closed.
* lib/groupio.c: Add an open_hook to merge split groups, and an
  close group to split groups if MAX_MEMBERS_PER_GROUP is set.
  This fixes gpasswd and chgpasswd when split groups are used.
* lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: No open or close
  hooks for these databases. (unsure about what should be the gshadow
  behavior for split groups)
2007-11-23 00:07:59 +00:00
nekral-guest a0488ccac2 * NEWS, src/gpasswd.c: Read the group and shadow groups using
gr_locate and sgr_locate. gpasswd write in the file database. Thus
  it should read information from the file database, not using
  getgrnam. The change to sgr_locate is just for consistency. This
  requires opening the group databases (read only) using
  gr_open/sgr_open.
* NEWS: Indicate that manpages should be re-generated if configure
  option are changed, due to conditions.
2007-11-22 21:55:12 +00:00
nekral-guest b2c58c81ed * configure.in: SHADOWGRP added to AM_CONDITIONAL for the
generation of manpages.
* man/generate_translations.mak: Added pam/no_pam condition (like
  in man/Makefile.am).
* man/Makefile.am, man/generate_translations.mak: Added
  gshadow/no_gshadow condition.
* man/gpasswd.1.xml: Use the gshadow/no_gshadow condition to
  change the manpage depending on the shadow group support.
2007-11-22 21:36:38 +00:00
nekral-guest 905596ced5 Remove chunk that should not have been committed. 2007-11-22 09:27:51 +00:00
nekral-guest 3dbf1efbc3 Updated to 757t. Thanks to Yuri Kozlov <kozlov.y@gmail.com>. 2007-11-22 00:15:25 +00:00
nekral-guest 08dadcb2b7 Updated to 399t. Thanks to Yuri Kozlov <kozlov.y@gmail.com>. 2007-11-22 00:06:50 +00:00
nekral-guest f171d63b5b Add support for conditionally including paragraphs. (e.g. to support the
documentation of PAM and !PAM features).

I hate docbook!
2007-11-22 00:01:58 +00:00
nekral-guest a34110320f * man/newusers.8.xml: Added /etc/gshadow, /etc/group, /etc/shadow,
and /etc/passwd to section FILES.
* man/newusers.8.xml: Mentions that PAM is not used to set the
  passwords.
* man/chpasswd.8.xml: Added section FILES (/etc/passwd,
  /etc/shadow, /etc/login.defs).
* man/chpasswd.8.xml: Use the same paragraph as in newusers.8.xml
  to indicate that PAM is not used.
* man/chgpasswd.8.xml: Added section FILES (/etc/group,
  /etc/gshadow, /etc/login.defs).
2007-11-21 22:12:14 +00:00
nekral-guest 46ae2113b6 * Try harder to get the GID equal to the UID.
This was not the case when the GID is not specified, and a GID
  exist with an ID higher than the all the UIDs.
* Typo in comment: contrained -> constrained.
2007-11-21 21:27:44 +00:00
nekral-guest 6f7ed628e2 Compile fix (related to last commit on src/chgpasswd.c). 2007-11-21 20:28:13 +00:00
nekral-guest fd0b22cb55 If the shadow group file is not present, do not try to locate the group
entry from /etc/gshadow, and set the password in /etc/group.
2007-11-20 20:59:42 +00:00
nekral-guest 9aa40bb96d * libmisc/obscure.c, libmisc/salt.c, src/passwd.c: Match DES, MD5,
SHA256, and SHA512 exactly (not only the first 3/6 chars).
* libmisc/salt.c (SHA_salt_rounds): Set rounds to the specified
  prefered_rounds value, if specified.
* src/gpasswd.c, libmisc/salt.c: Fix compilation warnings (use
  size_t for lengths).
* src/chpasswd.c, src/chgpasswd.c: Add missing parenthesis.
2007-11-20 20:00:16 +00:00
nekral-guest 1d4b67c773 Ignore the generated manpages. Add *.[1358] to the svn:ignore property. 2007-11-20 19:15:34 +00:00
nekral-guest cda805ff4e New TODOs. 2007-11-20 13:42:18 +00:00
nekral-guest a30c0a8192 The -c, -e, and -m options are exclusives. 2007-11-20 13:09:55 +00:00
nekral-guest 6e3ad7a275 * man/chpasswd.8.xml, man/chgpasswd.8.xml: Document how the
encryption algorithm is chosen for the passwords. Document the new
  -c and -s options. Add a reference to login.defs(5).
* man/login.defs.5.xml: Document the ENCRYPT_METHOD,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS, and SHA_CRYPT_MAX_ROUNDS
  variables.
* etc/login.defs: Indicate that MD5_CRYPT_ENAB is deprecated.
  Document the relationship with PAM for MD5_CRYPT_ENAB and
  ENCRYPT_METHOD.
2007-11-20 12:59:20 +00:00
nekral-guest 5cb462d767 Increase the size of crypt_passwd from 128 to 256 to avoid overflow in
case of SHA512 (161 should be sufficient).
2007-11-20 12:18:36 +00:00
nekral-guest 63a4e65ca1 Fix typo s/method/crypt_method/ 2007-11-20 12:10:55 +00:00
nekral-guest 90de228897 passwd also use crypt_make_salt(). 2007-11-20 09:51:36 +00:00
nekral-guest 0b695f5a76 * lib/prototypes.h, libmisc/salt.c: Add parameters to
crypt_make_salt to force the crypt method and number of rounds.
* libmisc/salt.c: Add parameter to SHA_salt_rounds to force the
  number of rounds.
* libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB
  are needed also when USE_PAM (e.g. for chpasswd).
* src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype.
* src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method
  and -s, --sha-rounds to specify the crypt method and number of
  rounds in case of one of the SHA methods. The new prototype of
  crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 09:33:52 +00:00
nekral-guest eb23bbfd98 Hopefully, I review my commits in the morning... 2007-11-20 09:20:34 +00:00
nekral-guest e406b7fe4a * libmisc/salt.c: The salt has a random size (between 8 and 16
bytes).
* lib/getdef.c, etc/login.defs: Add definitions for
  SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS.
* libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS
  to add a random number of rounds if needed.
2007-11-20 00:05:54 +00:00
nekral-guest c214b26ee6 * libmisc/salt.c (MAGNUM): Terminate the array with nul (the array
is then used with strcat).
* libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at
  the beginning (was not initialized when USE_PAM).
* libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a
  valid crypt method.
2007-11-19 22:34:48 +00:00
nekral-guest 65f536165d Fix typo introduced while merging RedHat patch shadow-4.0.18.1-sha256.patch. 2007-11-19 22:16:50 +00:00
nekral-guest b8d8d0de00 Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch
shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes
except re-indent and changes related to recent modifications (max_salt_len
in crypt_make_salt). Changes in lib/defines.h not applied (definition of
ENCRYPTMETHOD_SELECT). I will add a configure check or flag.
2007-11-19 22:14:19 +00:00
nekral-guest cfc3378a0b All the manpages in de, fr, it, pl are auto-generated. 2007-11-19 20:33:39 +00:00
nekral-guest 39e5c0a1ab Fix some compilation warnings:
* src/login.c: "dereferencing type-punned pointer will break
   strict-aliasing rules", add a variable indirection: ptr_pam_user.
 * lib/commonio.c: do not initialize the sb stat structure.
 * lib/pwio.c, lib/shadowio.c, lib/sgroupio.c, lib/groupio.c:
   initialize the security context if WITH_SELINUX.
 * lib/nscd.c: The service argument is not const (used in the exec*
   parameters). This matches with the prototype definition.
 * src/groupmems.c: Avoid ++i when i is also used in the same line.
 * src/newusers.c: i is positive every time it is compared. Add
   cast to unsigned int.
 * src/nologin.c: Use a main() prototype with no arguments.
 * libmisc/getdate.y: Initialize the type and value fields of the
   terminating entry for each TABLE.
 * libmisc/tz.c: Use "TZ=CST6CDT" as the default timezone.
2007-11-19 20:25:36 +00:00
nekral-guest d16cc1ea89 Add a NEWS entry to indicate the review of the usage of getpwnam(),
getpwuid(), getgrnam(), getgrgid(), and getspnam().
2007-11-19 01:19:45 +00:00
nekral-guest 6a0a7171d2 * man/pl/Makefile.am: Add getspnam.3 to EXTRA_DIST since it is
generated with shadow.3.
* man/generate_translations.mak: Clean all the manpages, based on
  $(EXTRA_DIST), not $(man_MANS).
2007-11-19 01:16:42 +00:00
nekral-guest 398c993e67 Additional removed translated manpages: man/pl/shadow.3 man/pl/sulogin.8 man/pl/id.1 man/ru/sulogin.8 man/ru/id.1 man/it/id.1 2007-11-19 01:13:44 +00:00
nekral-guest 221856ccc2 Remove generated translated manpages. They are still distributed with the shadow tarballs. 2007-11-18 23:58:27 +00:00
nekral-guest 9cf3af04f7 Remove chgpassw.8 since the real manpage should be named chgpasswd.8. 2007-11-18 23:43:58 +00:00
nekral-guest 03047a3980 Why does chgpasswd uses chpasswd's pam config file? 2007-11-18 23:24:44 +00:00
nekral-guest ecc11d5542 Really delete man/vigr.8.xml. 2007-11-18 23:22:28 +00:00
nekral-guest 03118ffb9b Remove file. The vigr man page is generated from the vipw XML file. 2007-11-18 23:21:49 +00:00
nekral-guest dcedc12f36 Add forgotten files in the previous ChangeLog entry. 2007-11-18 23:20:02 +00:00
nekral-guest 9adfc136b6 * lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
  libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
  Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
  xgetgrgid(), and xgetspnam(). They allocate memory for the
  returned structure and are more robust to successive calls. They
  are implemented with the libc's getxxyyy_r() functions if
  available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
  libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
  libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
  src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
  src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
  src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
  src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
  src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
  src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
  usage of one of the getpwnam(), getpwuid(), getgrnam(),
  getgrgid(), and getspnam() functions. It was noticed on
  http://bugs.debian.org/341230 that chfn and chsh use a passwd
  structure after calling a pam function, which result in using
  information from the passwd structure requested by pam, not the
  original one. It is much easier to use the new xget... functions
  to avoid these issues. I've checked which call to the original
  get... functions could be left (reducing the scope of the
  structure if possible), and I've left comments to ease future
  reviews (e.g. /* local, no need for xgetpwnam */).
  Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
  lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
  functions (used by the xget... functions) from the <xx>io.c files
  to the new <xx>mem.c files. This avoid linking some utils against
  the SELinux library.
2007-11-18 23:15:26 +00:00
nekral-guest ea63711c2c Some fixes for the manpages:
* man/pl/pl.po: Fix typo: chgpassw -> chgpasswd.
 * man/pl/Makefile.am: Fix typo: chgpassw -> chgpasswd.
 * man/de/de.po: groups shall not be translated (for command,
   refname, or refentrytitle).
2007-11-18 22:58:31 +00:00
nekral-guest 69525890db Fix typo introduced while fixing http://bugs.debian.org/451521 (compile fix). 2007-11-18 22:52:56 +00:00
nekral-guest 0b13ea5676 * Why isgroup always return TRUE in groupmems?
* why is there a USE_PAM section?
2007-11-18 17:08:42 +00:00
nekral-guest ce579ac6d2 Fix typo: EXTRA_DOST -> EXTRA_DIST. 2007-11-18 01:21:43 +00:00
nekral-guest cd1089e6f0 Fix a typo in a comment. 2007-11-18 01:20:10 +00:00
nekral-guest 311f4baa27 Do not document the behavior compared to old versions. 2007-11-17 23:11:02 +00:00
nekral-guest 7b50ff67f9 Do not mention the patch names in the NEWS entries. They are mentioned in
the ChangeLog.
2007-11-17 22:21:50 +00:00
nekral-guest a8aa7028f4 Add NEWS entries for the previous changes. 2007-11-17 22:17:42 +00:00
nekral-guest 722941eae1 Document the differences between locking an account and locking a password. 2007-11-17 22:07:47 +00:00
nekral-guest 0743a7236d Same fixes as applied to usermod: refuse to unlock an account when it
would result in a passwordless account.
2007-11-17 22:05:31 +00:00
nekral-guest 85463e754d Refuse to unlock an account when it would result in a passwordless
account.  Based on Openwall's patch shadow-4.0.4.1-owl-usermod-unlock.diff
2007-11-17 22:02:22 +00:00
nekral-guest 5e438aa46c Make sure that the prefix is the name of a directory (not only the
beginning of a directory).
Openwall patch shadow-4.0.4.1-owl-userdel-path_prefix.diff.
2007-11-17 21:24:06 +00:00
nekral-guest 1f4488f963 * src/newgrp.c: Do not give an indication that the group has no
password.
* src/newgrp.c: Do not only bail on syslog if the password is not
  valid. Also give an indication to the user on stderr.
2007-11-17 21:03:33 +00:00
nekral-guest 225b096838 Remove a comment which states that an user shall provide a password to
switch to her group.
2007-11-17 20:41:49 +00:00
nekral-guest 8e568ef697 Last parts of the Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
* src/chage.c: Make chage -l also drop the saved GID.
 * src/chage.c: Prefer setregid/setreuid to setgid/setuid.
2007-11-17 20:28:32 +00:00
nekral-guest 24cfb1c158 * src/chage.c: Remove cleanup(). pw_lock is never called. Replace
cleanup(2) by spw_unlock and remove the calls to cleanup(1).
* src/chage.c: Remove variable pwrw. It is always set to 0. The
  password database is always read only.
2007-11-17 20:09:54 +00:00
nekral-guest cbb2911b7f * man/generate_translations.mak: Generic rules for all the
generated translated manpages (if ENABLE_REGENERATE_MAN).
* man/Makefile.am: Removed rules for all the generated translated
  manpages.
* man/sv/Makefile.am, man/de/Makefile.am, man/fr/Makefile.am,
  man/pl/Makefile.am, man/ru/Makefile.am, man/it/Makefile.am:
  Include generate_translations.mak to handle the generated
  translations (XML and roff files).
* man/Makefile.am: Translated XML files moved from the CLEANFILES
  variable of man/Makefile.am to the various languages Makefiles.
2007-11-17 18:45:22 +00:00
nekral-guest a9f2f60c68 Fixes from Openwall patch shadow-4.0.4.1-alt-man.diff:
* man/useradd.8.xml: Indicate that the NIS caveats is also valid
   for any external database as LDAP.
 * man/groupadd.8.xml: Likewise.
 * man/groupadd.8.xml: Reorder and reformat the caveats bullets.
2007-11-17 18:13:17 +00:00
nekral-guest 1bcf56c8b2 Start applying Debian patch 409_man_generate_from_PO:
* NEWS: Applied Debian patch 409_man_generate_from_PO to
   automatically generate the translated manpages from the POs.
 * man/Makefile.am: Replace the individual rules for the generation
   of the manpages (from XML) by a generic Makefile rule an
   dependencies for the linked manpages.
2007-11-17 17:47:02 +00:00
nekral-guest 77bfba3017 Document that chpasswd does not use PAM to update the passwords. This fixes
http://bugs.debian.org/396726.  Debian patch 411_chpasswd_document_no_pam.
2007-11-17 17:31:54 +00:00
nekral-guest 7eed43550c Provide URLs for the Debian bugs. 2007-11-17 17:24:23 +00:00
nekral-guest 0fd1ed4517 Avoid terminating the PAM library in the forked child. This is done later
in the parent after closing the PAM session.
This fixes http://bugs.debian.org/412061.
Debian patch 405_su_no_pam_end_before_exec.
2007-11-17 17:19:44 +00:00
nekral-guest 7503c8a029 Mention sg in the newgrp manpage. Debian patch 410_newgrp_man_mention_sg. 2007-11-17 17:03:01 +00:00
nekral-guest be972d7db3 Fix typo: the warndays option was called warning. This is now warndays,
as documented in the manpage and usage.  Debian patch 417_passwd_warndays.
2007-11-17 16:57:37 +00:00
nekral-guest fb6cb07a60 Remove the preprocessor check SHADOWPWD. The variable is no more defined
(and always assumed).  Debian patch 493_pwck_no_SHADOWPWD.
2007-11-17 16:50:26 +00:00
nekral-guest 5bcc89ffe7 Add NEWS entries for the last 2 changes. 2007-11-17 16:43:00 +00:00
nekral-guest e47ee90033 -l/-u options: edit the shadow account expiry field *in addition* to
editing the password field.  Debian patch 494_passwd_lock.
2007-11-17 16:40:39 +00:00
nekral-guest f16a859ff8 Fix typos. 2007-11-17 16:33:33 +00:00
nekral-guest ae5f08b1cb New TODO for later. 2007-11-17 16:27:30 +00:00
nekral-guest 5d2ca8b240 Do not request a password when a user uses newgrp to switch to her primary
group.  Debian patch 497_newgrp_primary_group.
2007-11-17 16:19:00 +00:00
nekral-guest 90ef765c2e Log an error if the password entry could not be
found (respect LOG_UNKFAIL_ENAB to avoid logging a password). This
fixes the Debian bug http://bugs.debian.org/451521
2007-11-17 16:05:54 +00:00
nekral-guest ca875647b9 -b documenation: Use the same notation for the -d argument as in the -d documentation. 2007-11-17 15:27:12 +00:00
nekral-guest e39a941413 Allow the -b option even without the -D option. 2007-11-17 15:07:59 +00:00
nekral-guest 87b5ce3036 Use the same error message for the below errors.
(option working ONLY if another is specified).
2007-11-17 14:49:39 +00:00
nekral-guest af045a0733 Make usermod -o and -u work independently of the argument order. 2007-11-17 14:40:54 +00:00
nekral-guest 488184394e Validate that two of the -L, -p, and -U options are not used at the same
time after the parsing of options. -U used to be allowed after -p or -L,
but not before.
2007-11-17 14:33:26 +00:00
nekral-guest 71392cdc8f Make usermod -d and -m work independant of the argument order. Thanks to
Justin Pryzby <jpryzby+d@quoininc.com> for the patch. This fixes Debian's
bug #451518.
2007-11-17 14:21:05 +00:00
nekral-guest 4aafb131ca * NEWS, lib/nscd.c: Execute nscd -i instead of using the private
glibc socket to flush the nscd tables. This comes from the RedHat
  patch shadow-4.0.16-nscd.c.
* lib/commonio.c: Forbid inheritance of the passwd and group files
  to the spawed processes (like nscd). This comes from the RedHat
  patch shadow-4.0.17-notInheritFd.patch.
* lib/nscd.h: Update header.
2007-11-17 14:04:05 +00:00
nekral-guest 6c2e7c124f Remove remaining return value in update_group. 2007-11-17 13:48:56 +00:00
nekral-guest 24e742d202 * src/usermod.c (fail_exit): Add static variables pw_locked,
spw_locked, gr_locked, and sgr_locked to indicate which files must
  be unlocked.
* src/usermod.c (open_files, close_files): Open and close the
  group files as well as the passwd files. This permit to check if
  the group files modification are allowed before writing the passwd
  files.
* src/usermod.c (grp_update, update_gshadow, update_group): Do not
  return a status code, but call fail_exit() in case of error. The
  group files are no more opened and closed in update_gshadow() and
  update_group().
* src/usermod.c (main): move the call to grp_update between
  open_files and close_files.
* src/usermod.c: Differentiate failure to add a group entry and
  failure to add a shadow group entry.
2007-11-17 11:42:47 +00:00
nekral-guest 326074388c Differentiate failure to update a group entry and failure to update a shadow group entry. 2007-11-17 11:31:06 +00:00
nekral-guest 9afe59af3e Inform the user if out of memory while updating a group database. 2007-11-16 23:39:42 +00:00
nekral-guest 7ecdf9b71f Update the group database before flushing the nscd caches. 2007-11-16 23:29:41 +00:00
nekral-guest 0325483ee4 Abort if an error is found while updating the user or group database. No
changes will be written in the databases.
2007-11-16 23:26:56 +00:00
nekral-guest b370e1502e It is no more needed to check that the user's groups are specified only
once in the group file. This is checked by gr_update().
2007-11-16 23:05:24 +00:00
nekral-guest 07c2610170 * lib/commonio.c (next_entry_by_name): New function.
* NEWS, lib/commonio.c (commonio_update): When an entry is updated, make
   sure that there are no other entry with the same name. This fixes
   an infinite loop in userdel and usermod when an (erroneous) group 
   file contains two entries with the same name.
   (https://bugzilla.redhat.com/show_bug.cgi?id=240915)
2007-11-16 22:59:14 +00:00
nekral-guest c2ebdc4b5d Fix date entry. 2007-11-16 22:33:59 +00:00
nekral-guest 449f17385a * libmisc/salt.c: Make sure the salt string is terminated at the
right place (either 8th, or 11th position).
 * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does
   not need 15 chars. No need for a temporary buffer.
   This change the fix committed on 2007-11-10. The salt provided to
   pw_encrypt could have been too long.
2007-11-16 19:02:00 +00:00
nekral-guest e163c5fe9c Fix typo: missing / in <placeholder-1/>. This caused the gpasswd title to be incomplete in the French manpage. 2007-11-16 14:10:29 +00:00
nekral-guest f55e00dc4e Add support for uClibc with no l64a(). 2007-11-16 12:36:21 +00:00
nekral-guest e0edb7db17 Add support for systems with no innetgr(). On those systems, username
with an @ will be treated like any other username (i.e. lookup in the
local database for an user with an @). Thanks to Mike Frysinger for the
patch.
2007-11-16 11:32:42 +00:00
nekral-guest 690f7aee2e Indentation fix. 2007-11-16 10:50:38 +00:00
nekral-guest 8d527f156d Declare the child and pid variable at the beginning of a block. This
fixes a compilation issue with gcc 2.95. The intent is the same as
Gentoo's patch shadow-4.0.12-gcc2.patch.
2007-11-14 13:46:15 +00:00
nekral-guest 15f43716c1 Add a variable to set the suid permissions. This should simplify Gentoo's
patch shadow-4.0.11.1-perms.patch.
2007-11-14 13:32:25 +00:00
nekral-guest b2120265fd Added the subversion svn:keywords property (Id) for proper identification. 2007-11-10 23:46:11 +00:00
nekral-guest fb3b2ddbff Restore the ignore patterns from the previous repository. 2007-11-10 23:34:37 +00:00
nekral-guest 0f09d5378a Update the PO files. 2007-11-10 22:36:37 +00:00
nekral-guest f9de15fdcf Don't ask for a password if there are no group passwords. Just directly
give up. This comes from the Fedora's patch shadow-4.0.13-newgrpPwd.patch,
and seems to be the only part with an effect.
2007-11-10 18:54:40 +00:00
nekral-guest 1bdb92706e Fix chpasswd and chgpasswd stack overflow. Based on Fedora's shadow-4.0.18.1-overflow.patch. 2007-11-10 18:48:23 +00:00
nekral-guest 6a051e1544 Allow non numerical group identifier to be specified with useradd's -g
option. Applied Debian patch 397_non_numerical_identifier. Thanks also to
Greg Schafer <gschafer@zip.com.au>.
2007-11-10 15:51:38 +00:00
nekral-guest 6a73df0b18 Update the release date. 2007-10-28 15:36:14 +00:00
nekral-guest 8609e24880 Update the version number to 4.0.18.2 and the gettext version to 0.16. 2007-10-27 23:22:11 +00:00
nekral-guest 4bb174fa8c Remove the generate_translations.mak inclusion. This file does not exist
and will be introduced later when the Debian patch
409_man_generate_from_PO will be included.
2007-10-27 23:19:32 +00:00
nekral-guest a8856cbfbd Remove a plural form. nplurals=1 for japanese. Moreover, msgstr[0] was identical to msgstr[1]. 2007-10-27 23:18:08 +00:00
nekral-guest afbacaaba4 Make autogen.sh executable. 2007-10-27 23:15:42 +00:00
nekral-guest 16285e6768 Add support for 2 new resource limits. Thanks to Justin Bronder for the
patch. This was reported in the Debian bug #442334.
This only impact shadow when it is not compiled with PAM support.
2007-10-27 19:45:21 +00:00
nekral-guest 93acdeb8ff Document all gpasswd.1 options separately. This clarify the gpasswd.1
manpages (reported in debian bug #445480).
2007-10-27 14:00:31 +00:00
bubulle 3ada732dc0 Mention the GNU origin of some parts from su. Debian patch 438 2007-10-27 13:50:40 +00:00
bubulle e942010304 Fix spelling error. Debian patch 433 2007-10-27 13:45:14 +00:00
bubulle 4e796db54f Merge Debian patch 416_man-fr_newgrp (yet another French fry^W fix) 2007-10-27 13:13:24 +00:00
nekral-guest 5e8dbee79a Update contact information. 2007-10-27 13:11:28 +00:00
nekral-guest 600347a7e8 Update contact informations. 2007-10-27 13:08:46 +00:00
bubulle 84b79dd20d Merge Debian patch 402: clarify usermod "-a" help 2007-10-27 13:01:19 +00:00
bubulle 4750ec187b Merged in Debian patch 203 (german man pages translation) 2007-10-27 12:57:25 +00:00
bubulle c8933a922b Merge in Debian patch 202: switch Italian man pages to gettext 2007-10-27 12:53:06 +00:00
bubulle 6487e675b2 Mention 102 in the "fix sorry" changelog entry 2007-10-27 12:49:56 +00:00
bubulle 30d15b861f Merged patch 201: fix translation error in French man pages 2007-10-27 12:49:12 +00:00
bubulle d059ef6780 No longer apologize to users 2007-10-27 12:46:30 +00:00
bubulle d254707b96 Apply patch 102 from Debian. No mention in Changelog as we will immediately
fuzzy the strings with "sorry"
2007-10-27 12:42:21 +00:00
nekral-guest f0a3e8b09e Updated Chinese translation (zh_CN: 385t11f4t). 2007-10-27 12:35:57 +00:00
nekral-guest 3d67951f15 Updated Finish translation.
Thanks to Tommi Vainikainen <thv+debian@iki.fi>.
2007-10-27 12:08:44 +00:00
nekral-guest e3f303fdb5 If compiled without PAM support, enforce the limits from /etc/limits when
one of the -, -l, or --login options is set, even if called by root.
Thanks to Justin Bronder.
2007-10-12 22:36:26 +00:00
nekral-guest 756b6812a6 Convert the Changelog and NEWS to UTF-8. 2007-10-07 14:57:03 +00:00
nekral-guest 9873619e22 Fix the NEWS entries. The shadow-4.0.18.1 header was missing and
shadow-4.0.18.1/shadow-4.0.18.2 entries were mixed.
2007-10-07 14:52:16 +00:00
nekral-guest 79bf2081fe Commit the last version from the PLD CVS repository.
(last changelog entry: 2007-02-01)
This also adds the files which were present in the CVS repository, but not
present in the shadow archives.
2007-10-07 14:36:51 +00:00
nekral-guest 0d93a36930 Remove generated files present in the shadow archives but not in the CVS
repository.
2007-10-07 13:59:23 +00:00
nekral-guest c187b2be78 [svn-upgrade] Integrating new upstream version, shadow (4.0.18.1) 2007-10-07 11:48:07 +00:00
nekral-guest 5e20c4359f [svn-upgrade] Integrating new upstream version, shadow (4.0.18) 2007-10-07 11:47:57 +00:00
nekral-guest 8a78a8d68c [svn-upgrade] Integrating new upstream version, shadow (4.0.17) 2007-10-07 11:47:45 +00:00
nekral-guest 0fa9083026 [svn-upgrade] Integrating new upstream version, shadow (4.0.16) 2007-10-07 11:47:33 +00:00
nekral-guest 591830e43b [svn-upgrade] Integrating new upstream version, shadow (4.0.15) 2007-10-07 11:47:22 +00:00
nekral-guest 24178ad677 [svn-upgrade] Integrating new upstream version, shadow (4.0.14) 2007-10-07 11:47:11 +00:00
nekral-guest 8451bed8b0 [svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 11:47:01 +00:00
nekral-guest e89f3546f2 [svn-upgrade] Integrating new upstream version, shadow (4.0.12) 2007-10-07 11:46:52 +00:00
nekral-guest 1de90a599c [svn-upgrade] Integrating new upstream version, shadow (4.0.11.1) 2007-10-07 11:46:43 +00:00
nekral-guest b48129fcbb [svn-upgrade] Integrating new upstream version, shadow (4.0.11) 2007-10-07 11:46:34 +00:00
nekral-guest 8c50e06102 [svn-upgrade] Integrating new upstream version, shadow (4.0.10) 2007-10-07 11:46:25 +00:00
nekral-guest 7c47e0fde3 [svn-upgrade] Integrating new upstream version, shadow (4.0.9) 2007-10-07 11:46:16 +00:00
nekral-guest 8e167d28af [svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 11:46:07 +00:00
nekral-guest 0ee095abd8 [svn-upgrade] Integrating new upstream version, shadow (4.0.7) 2007-10-07 11:45:58 +00:00
nekral-guest 164b557066 [svn-upgrade] Integrating new upstream version, shadow (4.0.6) 2007-10-07 11:45:49 +00:00
nekral-guest b0e078d9c8 [svn-upgrade] Integrating new upstream version, shadow (4.0.5) 2007-10-07 11:45:40 +00:00
nekral-guest e637799f9b [svn-upgrade] Integrating new upstream version, shadow (4.0.4.1) 2007-10-07 11:45:31 +00:00
nekral-guest effd479bff [svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 11:45:23 +00:00
nekral-guest 4903ce068e [svn-upgrade] Integrating new upstream version, shadow (4.0.3) 2007-10-07 11:45:14 +00:00
nekral-guest 37dc61340b [svn-upgrade] Integrating new upstream version, shadow (4.0.2) 2007-10-07 11:45:07 +00:00
nekral-guest 9db6abfa42 [svn-upgrade] Integrating new upstream version, shadow (4.0.1) 2007-10-07 11:44:59 +00:00
nekral-guest 3bc4996775 [svn-upgrade] Integrating new upstream version, shadow (4.0.0) 2007-10-07 11:44:51 +00:00
nekral-guest 8fee8c57ae [svn-upgrade] Integrating new upstream version, shadow (20001016) 2007-10-07 11:44:44 +00:00
nekral-guest 4e3fe42600 [svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 11:44:38 +00:00
nekral-guest d6e9891ad7 [svn-upgrade] Integrating new upstream version, shadow (20000902) 2007-10-07 11:44:32 +00:00
nekral-guest be1f391d2a [svn-upgrade] Integrating new upstream version, shadow (20000826) 2007-10-07 11:44:26 +00:00
nekral-guest 5cd76a407a [svn-upgrade] Integrating new upstream version, shadow (20000902) 2007-10-07 11:44:20 +00:00
nekral-guest efd7efa9f1 [svn-upgrade] Integrating new upstream version, shadow (20000826) 2007-10-07 11:44:14 +00:00
nekral-guest 446e664caa [svn-upgrade] Integrating new upstream version, shadow (19990827) 2007-10-07 11:44:08 +00:00
nekral-guest 45c6603cc8 [svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 11:44:02 +00:00
nekral-guest 9c72ed9062 Create a svn-buildpackage like repository layout 2007-10-07 11:43:59 +00:00
221 changed files with 7653 additions and 37417 deletions
-2
View File
@@ -18,7 +18,6 @@ Makefile.in
/aclocal.m4
/autom4te.cache
/compile
/config.cache
/config.guess
/config.h
/config.h.in
@@ -46,5 +45,4 @@ Makefile.in
/po/stamp-po
/shadow.spec
/shadow-*.tar.*
/libmisc/getdate.c
-20
View File
@@ -1,20 +0,0 @@
sudo: false
language: c
compiler:
- gcc
- clang
addons:
apt:
packages:
- autopoint
- xsltproc
script:
- ./autogen.sh --without-selinux --disable-man
- grep ENABLE_ config.status
- make
# vim:et:ts=2:sw=2
-81
View File
@@ -1,84 +1,3 @@
2016-05-17 Serge Hallyn <serge@hallyn.com>
* Release 4.5
2016-05-17 Serge Hallyn <serge@hallyn.com>
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
preventing SIGTERM to su from being propagated to the job.
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
* Merge Russian translation updates from Yuri Kozlov
* Fix missing close of subuid file on error
2016-02-23 Serge Hallyn <serge@hallyn.com>
* Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
the equivalent of util-linux CVE-2017-2616.
2016-02-08 Serge Hallyn <serge@hallyn.com>
* Update Kazakh translations
* Consult configuration before calculating subuids
* Remove misplaced semicolon
2016-01-29 Serge Hallyn <serge@hallyn.com>
* Patch from Fedora to improve performance with SSSD, Winbind,
or nss_ldap. (Tomas Mraz)
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
2016-12-21 Serge Hallyn <serge@hallyn.com>
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
* Fix readability in usermod error messages.
* Reset user in tallylog
* Add audit support to su
2016-12-02 Serge Hallyn <serge@hallyn.com>
* changes since 4.4
- Use sizeof rather than hardcoding snprintf args
- Fix useradd improper default loading
- Update Vietnamese translations
- Update Polish translations
- Remove non-POSIX chmod option in Makefile
- Fix suidubins assignments
- Fix --add-subuids etc spelling in manpages
- Audit homedir ownership change.
- Print error on selinux file context update failure
- Keep original file perms when creating a backup
* (henceforth we'll update Changelog with each commit
and proper credit)
2016-12-02 Serge Hallyn <serge@hallyn.com>
* Changes since 4.2.1:
- Documentation, error report and translations updates
- Replace path_max with 32
- User namespace support fixes/updates including:
- Correct sanity checks in newXidmap
- Fix building without subuid support
- Add /etc/subuid support for UID matching
- Support subuid for nonlocal users
- Default to 65536 subuid allocations
- Respect -r
- Check for range overflows
- Add tests from svn tree
- Use AC_CHECK_SIZEOF for uid_t size checks
- Accomodate missing /etc and login.defs
- Support FORCE_SHADOW
- Be more robust in hostile environment
- Allow removing a primary group
- Clear passwords on __pw_dup errors
- Memory leak fix in commonio_update and get_map_ranges
- Fix resource leak in syslog_sg
- Fix user busy error at userdel
- Support set/clear lastlog record via lastlog command
- Add --no-create-home as longopt for -M
- Fix signal races
- Reduce syslog priority of common usage events
2013-08-25 Nicolas François <nicolas.francois@centraliens.net>
* src/vipw.c: After waitpid(), use errno only if waitpid returned
+2
View File
@@ -2,5 +2,7 @@
EXTRA_DIST = NEWS README TODO shadow.spec.in
AUTOMAKE_OPTIONS = 1.5 dist-bzip2 foreign
SUBDIRS = po man libmisc lib src \
contrib doc etc
+1 -2
View File
@@ -117,6 +117,5 @@ Maintainers
===========
Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
Serge E. Hallyn <serge@hallyn.com> (2014-now)
Nicolas François <nicolas.francois@centraliens.net> (2007-now)
+2 -5
View File
@@ -1,9 +1,6 @@
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ([2.64])
AC_INIT([shadow], [4.5], [pkg-shadow-devel@lists.alioth.debian.org], [],
[https://github.com/shadow-maint/shadow])
AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
AM_SILENT_RULES([yes])
AC_INIT
AM_INIT_AUTOMAKE(shadow, 4.3)
AC_CONFIG_HEADERS([config.h])
dnl Some hacks...
-16
View File
@@ -1,16 +0,0 @@
PKG=shadow
SITE=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
deb:: check_cheese
include /usr/share/quilt/quilt.debbuild.mk
check_cheese:
@dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
echo ""; \
echo " ** **"; \
echo " ** Warning: not a cheesy release! **"; \
echo " ** **"; \
echo ""; \
exit 1; \
}
Vendored
-36
View File
@@ -1,36 +0,0 @@
shadow (1:4.0.15-5) unstable; urgency=low
* commands passed in argument to su must use su's -c option and must quote
the command if it contains a space, as in:
su - root -c "ls -l /"
The following commands won't work anymore:
su - root -c ls -l /
su - root "ls -l /"
su - root ls -l /
-- Christian Perrier <bubulle@debian.org> Sat, 8 Apr 2006 20:11:38 +0200
shadow (1:4.0.14-1) unstable; urgency=low
* passwd does not support the -f, -s, and -g options anymore. You should use
the chfn, chsh and gpasswd utilities instead.
* login now distributes the nologin utility, which can be used as a shell
to politely refuse a login
-- Christian Perrier <bubulle@debian.org> Thu, 5 Jan 2006 08:47:44 +0100
shadow (1:4.0.12-1) unstable; urgency=low
CLOSE_SESSIONS and other variables are not used anymore in
/etc/login/defs.
As shadow utilities which use this file now warn about unknown
entries there, administrators should remove such unknown entries.
The supplied login.defs file does not include them anymore.
dpasswd is no more distributed by upstream. Login do not support
dialup password anymore. Re-introducing this functionality in
upstream is not trivial.
-- Christian Perrier <bubulle@debian.org> Thu, 25 Aug 2005 08:38:47 +0200
-62
View File
@@ -1,62 +0,0 @@
Read this file first for a brief overview of the new versions of login
and passwd.
---Shadow passwords
The command `shadowconfig on' will turn on shadow password support.
`shadowconfig off' will turn it back off. If you turn on shadow
password support, you'll gain the ability to set password ages and
expirations with chage(1).
NOTE: If you use the nscd package, you may have problems with a
slight delay in updating the password information. You may notice
this during upgrades of certain packages that try to add a system
user and then access the users information immediately afterwards.
To avoid this, it is suggested that you stop the nscd daemon before
upgrades, then restart it again.
---General configuration
Most of the configuration for the shadow utilities is in
/etc/login.defs. See login.defs(5). The defaults are quite
reasonable.
Also see the /etc/pam.d/* files for each program to configure the PAM
support. PAM documentation is available in several formats in the
libpam-doc package.
---MD5 Encryption
This is enabled now using the /etc/pam.d/* files. Examples are given.
---Adding users and groups
Though you may add users and groups with the SysV type commands,
useradd and groupadd, I recommend you add them with Debian adduser
version 3+. adduser gives you more configuration and conforms to the
Debian UID and GID allocation.
Editing user and group parameters can be done with usermod and
groupmod. Removing users and groups can be done with userdel and
groupdel.
--- Group administration
Local group allocation is much easier. With gpasswd(1) you can
designate users to administer groups. They can then securely add or
remove users from the group.
--- What to read next?
Read the manpages, the other files in this directory, and the Shadow
Password HOWTO (included in the doc-linux package). A large portion
of these files deals with getting shadow installed. You can, of
course, ignore those parts.
Also, the libpam-doc package will go a long way to allowing you to take
full advantage of the PAM authentication scheme.
-4
View File
@@ -1,4 +0,0 @@
A testsuite is also available. Instruction on how to run this testsuite
are available in tests/README
-- Balint Reczey <rbalint@ubuntu.com>, Sat, 12 Aug 2017 18:46:44 -0400
Vendored
-19
View File
@@ -1,19 +0,0 @@
Things that should be done:
* Verify the files left in debian/tmp
+ e.g. /etc/default/adduser should be installed
* Check the build system: rebuilding the package twoce in the same tree
doubles the size of the diff.gz file
Other points (not related to the release of a syncronized shadow):
* compare the source with the usages and man pages
+ probably add a sentence to chsh/chfn's manpages about authentication
required for ordinary users
* do something (a tool) for the variables in login.defs
In Debian, some tools are not compiled with the PAM support, so upstream
getdef.c won't be OK.
It should be nice to see in each man page the set of variables used.
The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug')
with the debugging informations. This may be used to extract the set of
variables used in Debian/for each tools.
* verify all the patches around (I've found patches for at least RedHat,
OWL, LFS, Mandriva, Gentoo; are they already applied?)
-25
View File
@@ -1,25 +0,0 @@
This described the usertags used by the team.
For usertags documentation, see
http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html
All bugs tagged by team members must be tagged with
"user pkg-shadow-devel@lists.alioth.debian.org"
Tags list
---------
toclose: This bug has been announced to be closed in case no more news
or information is received from the bug submitter or someone
else until the delay specified in the limits_YYYYMMDD tag
limits-YYYYMMDD: combine it with "toclose". Specifies the date after which
bugs can be closed without other action in case no news
is received
manpages-replace A bug reported angainst a manpages-xx package to indicate
conflicting man pages. This tag can be used to tune the
Replaces fields.
su-transition: This bug is related to the su transition (#276419)
-3849
View File
File diff suppressed because it is too large Load Diff
-1
View File
@@ -1 +0,0 @@
10
-78
View File
@@ -1,78 +0,0 @@
Source: shadow
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Uploaders: Christian Perrier <bubulle@debian.org>,
Balint Reczey <rbalint@ubuntu.com>,
Serge Hallyn <serge@hallyn.com>
Section: admin
Priority: required
Build-Depends: dh-autoreconf,
gettext,
libpam0g-dev,
debhelper (>= 10~),
quilt,
xsltproc,
docbook-xsl,
docbook-xml,
libxml2-utils,
cdbs,
libselinux1-dev [linux-any],
libsemanage1-dev [linux-any],
gnome-doc-utils,
bison,
libaudit-dev [linux-any]
Standards-Version: 3.9.5
Vcs-Browser: https://anonscm.debian.org/git/pkg-shadow/shadow.git
Vcs-Git: https://anonscm.debian.org/git/pkg-shadow/shadow.git
Homepage: https://github.com/shadow-maint/shadow
Package: passwd
Architecture: any
Multi-Arch: foreign
Depends: ${shlibs:Depends},
${misc:Depends},
libpam-modules
Replaces: manpages-tr (<< 1.0.5),
manpages-zh (<< 1.5.1-1)
Description: change and administer password and group data
This package includes passwd, chsh, chfn, and many other programs to
maintain password and group data.
.
Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian
Package: login
Architecture: any
Essential: yes
Pre-Depends: ${shlibs:Depends},
${misc:Depends},
libpam-runtime,
libpam-modules (>= 1.1.8-1)
Breaks: coreutils (<< 8.21~) [hurd-any],
passwd (<< 1:4.1.5.1-2~) [hurd-any],
hurd (<< 20140206~) [hurd-any],
util-linux (<< 2.32-0.2~)
Conflicts: gnunet (<< 0.7.0c-2),
amavisd-new (<< 2.3.3-8),
python-4suite (<< 0.99cvs20060405-1),
backupninja (<< 0.9.3-5),
echolot (<< 2.1.8-4)
Replaces: manpages-de (<< 0.5-3),
manpages-tr (<< 1.0.5),
manpages-zh (<< 1.5.1-1),
passwd (<< 1:4.1.5.1-2~) [hurd-any],
coreutils (<< 8.21~) [hurd-any],
hurd (<< 20140206~) [hurd-any]
Description: system login tools
These tools are required to be able to login and use your system. The
login program invokes your user shell and enables command execution. The
newgrp program is used to change your effective group ID (useful for
workgroup type situations). The su program allows changing your effective
user ID (useful being able to execute commands as another user).
Package: uidmap
Architecture: any
Priority: optional
Depends: ${shlibs:Depends},
${misc:Depends}
Description: programs to help use subuids
These programs help unprivileged users to create uid and gid mappings in
user namespaces.
-103
View File
@@ -1,103 +0,0 @@
This is Debian GNU/Linux's prepackaged version of the shadow utilities.
It was downloaded from: <ftp://ftp.pld.org.pl/software/shadow/>.
As of May 2007, this site is no longer available.
Copyright:
Parts of this software are copyright 1988 - 1994, Julianne Frances Haugh.
All rights reserved.
Parts of this software are copyright 1997 - 2001, Marek Michałkiewicz.
All rights reserved.
Parts of this software are copyright 2001 - 2004, Andrzej Krzysztofowicz
All rights reserved.
Parts of this software are copyright 2000 - 2007, Tomasz Kłoczko.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of Julianne F. Haugh nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
This source code is currently archived on ftp.uu.net in the
comp.sources.misc portion of the USENET archives. You may also contact
the author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have
any questions regarding this package.
THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL
LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE
FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO
OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS
ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
LOSS OF INFORMATION OR MACHINE RESOURCES.
Special thanks are due to Chip Rosenthal for his fine testing efforts;
to Steve Simmons for his work in porting this code to BSD; and to Bill
Kennedy for his contributions of LaserJet printer time and energies.
Also, thanks for Dennis L. Mumaugh for the initial shadow password
information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
V Release 4 changes. Effort in porting to SunOS has been contributed
by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release
4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).
Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
for taking over the Linux port of this software.
Source files: login_access.c, login_desrpc.c, login_krb.c are derived
from the logdaemon-5.0 package, which is under the following license:
/************************************************************************
* Copyright 1995 by Wietse Venema. All rights reserved. Individual files
* may be covered by other copyrights (as noted in the file itself.)
*
* This material was originally written and compiled by Wietse Venema at
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
* 1992, 1993, 1994 and 1995.
*
* Redistribution and use in source and binary forms are permitted
* provided that this entire copyright notice is duplicated in all such
* copies.
*
* This software is provided "as is" and without any expressed or implied
* warranties, including, without limitation, the implied warranties of
* merchantibility and fitness for any particular purpose.
************************************************************************/
Some parts substantially in src/su.c derived from an ancestor of
su for GNU. Run a shell with substitute user and group IDs.
Copyright (C) 1992-2003 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
On Debian GNU/Linux systems, the complete text of the GNU General Public
License can be found in '/usr/share/common-licenses/GPL-2'
-1
View File
@@ -1 +0,0 @@
.so man8/cppw.8
-27
View File
@@ -1,27 +0,0 @@
.TH CPPW 8 "7 Apr 2005"
.SH NAME
cppw, cpgr \- copy with locking the given file to the password or group file
.SH SYNOPSIS
\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file
.br
\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file
.SH DESCRIPTION
.BR cppw " and " cpgr
will copy, with locking, the given file to
.IR /etc/passwd " and " /etc/group ", respectively."
With the \fB\-s\fR flag, they will copy the shadow versions of those files,
.IR /etc/shadow " and " /etc/gshadow ", respectively."
With the \fB\-h\fR flag, the commands display a short help message and exit
silently.
.SH "SEE ALSO"
.BR vipw (8),
.BR vigr (8),
.BR group (5),
.BR passwd (5),
.BR shadow (5),
.BR gshadow (5)
.SH AUTHOR
\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on
\fBvipw\fR and \fBvigr\fR written by Guy Maor.
-94
View File
@@ -1,94 +0,0 @@
Build-Depends:
==============
* autoconf
* automake1.9
works with 1.7 or 1.9 (at least)
* libtool
* gettext
POT, PO, GMO regenerated?
* libpam0g-dev
OK
* debhelper (>= 4.1.16)
* po-debconf
OK
* quilt
patch system
* dpkg-dev (>= 1.13.5)
* xsltproc
used to generate the manpages
* docbook-xsl
needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
* docbook-xml
manpages/docbook.xsl includes html/docbook.xsl
(But it is not strictly needed. The generated manpages are identical.
Without it, a warning is generated.)
Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no)
* libxml2-utils
needed by the JH_CHECK_XML_CATALOG macros
* cdbs
used in debian/rules
* libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
* gnome-doc-utils (>= 0.4.3-1)
xml2po, 0.4.3-1 needed for the -l switch.
passwd Depends:
===============
* ${shlibs:Depends}
OK
* ${loginpam}
- hurd
login
libpam-modules (>= 0.72-5)
- other archs
+ login (>= 970502-1)
login is needed because some passwd utils need /etc/login.defs
login is Essential, so this is just to enforce the version
+ libpam-modules (>= 0.72-5)
* debianutils (>= 2.15.2)
After 1:4.0.12-6, {add,remove}-shell are distributed in debianutils (2.15)
/etc/shell was forgotten and introduced in debianutils in 2.15.2
passwd Conflicts:
=================
passwd Replaces:
================
Some of the passwd man pages are also distributed in some manpages* packages.
Look at the debian/02/run test to optimize these dependencies.
NOTE: Not all maintainers have been notified.
* manpages-de (<< 0.4-9), manpages-fi (<< 0.2-4), manpages-fr (<<1.64.0-1), manpages-hu (<< 20010119-5), manpages-it (<< 0.3.4-3), manpages-ja (<< 0.5.0.0.20050915-1), manpages-ko (<< 20050219-2), manpages-es (<< 1.55-4), manpages-es-extra (<< 0.8a-15), manpages-ru (<< 0.98-3)
All those packages have been updated during sarge->etch. So these Replaces
should be removed after lenny release
* manpages-tr, manpages-zh
Those packages are still in etch, so the Replaces should be kept even
after lenny release
login Pre-Depends:
==================
* ${shlibs:Depends}
* libpam-runtime (>= 0.76-14)
sarge contained 0.76-22
Why Pre-Depends? (because it's an essential package?)
login Depends:
==============
* libpam-modules (>= 0.72-5)
libpam-modules is needed.
potato contained 0.72-9
login Conflicts:
================
login Replaces:
===============
* Some of the login man pages are also distributed in some manpages* packages.
Look at the debian/02/run test to optimize these dependencies.
NOTE: Not all maintainers have been notified.
- manpages-fi, manpages-fr (<<1.64.0-1), manpages-hu, manpages-it, manpages-ko, manpages-ja (<< 0.5.0.0.20050915-1), manpages-de (<< 0.4-10), manpages-es-extra (<<0.8a-15)
Those are packages that have been updated during sarge->etch. These
Replaces should be removed after lenny
- manpages-tr, manpages-zh
Those packages are still in etch, so the Replaces should be kept even
after lenny release
-340
View File
@@ -1,340 +0,0 @@
#
# /etc/login.defs - Configuration control definitions for the login package.
#
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
# If unspecified, some arbitrary (and possibly incorrect) value will
# be assumed. All other items are optional - if not specified then
# the described action or option will be inhibited.
#
# Comment lines (lines beginning with "#") and blank lines are ignored.
#
# Modified for Linux. --marekm
# REQUIRED for useradd/userdel/usermod
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
# MAIL_DIR takes precedence.
#
# Essentially:
# - MAIL_DIR defines the location of users mail spool files
# (for mbox use) by appending the username to MAIL_DIR as defined
# below.
# - MAIL_FILE defines the location of the users mail spool files as the
# fully-qualified filename obtained by prepending the user home
# directory before $MAIL_FILE
#
# NOTE: This is no more used for setting up users MAIL environment variable
# which is, starting from shadow 4.0.12-1 in Debian, entirely the
# job of the pam_mail PAM modules
# See default PAM configuration files provided for
# login, su, etc.
#
# This is a temporary situation: setting these variables will soon
# move to /etc/default/useradd and the variables will then be
# no more supported
MAIL_DIR /var/mail
#MAIL_FILE .mail
#
# Enable logging and display of /var/log/faillog login failure info.
# This option conflicts with the pam_tally PAM module.
#
FAILLOG_ENAB yes
#
# Enable display of unknown usernames when login failures are recorded.
#
# WARNING: Unknown usernames may become world readable.
# See #290803 and #298773 for details about how this could become a security
# concern
LOG_UNKFAIL_ENAB no
#
# Enable logging of successful logins
#
LOG_OK_LOGINS no
#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
#
# If defined, all su activity is logged to this file.
#
#SULOG_FILE /var/log/sulog
#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01".
#
#TTYTYPE_FILE /etc/ttytype
#
# If defined, login failures will be logged here in a utmp format
# last, when invoked as lastb, will read /var/log/btmp, so...
#
FTMP_FILE /var/log/btmp
#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
SU_NAME su
#
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
#
# Terminal permissions
#
# TTYGROUP Login tty will be assigned this group ownership.
# TTYPERM Login tty will be set to this permission.
#
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
# In Debian /usr/bin/bsd-write or similar programs are setgid tty
# However, the default and recommended value for TTYPERM is still 0600
# to not allow anyone to write to anyone else console or terminal
# Users can still allow other people to write them by issuing
# the "mesg y" command.
TTYGROUP tty
TTYPERM 0600
#
# Login configuration initializations:
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
# UMASK Default "umask" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
#
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
# for private user groups, i. e. the uid is the same as gid, and username is
# the same as the primary group name: for these, the user permissions will be
# used as group permissions, e. g. 022 will become 002.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
UMASK 022
#
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
#SYS_UID_MIN 100
#SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
#SYS_GID_MIN 100
#SYS_GID_MAX 999
#
# Max number of login retries if password is bad. This will most likely be
# overriden by PAM, since the default pam_unix module has it's own built
# in of 3 retries. However, this is a safe fallback in case you are using
# an authentication module that does not enforce PAM_MAXTRIES.
#
LOGIN_RETRIES 5
#
# Max time in seconds for login
#
LOGIN_TIMEOUT 60
#
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
#
CHFN_RESTRICT rwh
#
# Should login be allowed if we can't cd to the home directory?
# Default in no.
#
DEFAULT_HOME yes
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#
# If set to yes, userdel will remove the user's group if it contains no
# more members, and useradd will create by default a group with the name
# of the user.
#
# Other former uses of this variable such as setting the umask when
# user==primary group are not used in PAM environments, such as Debian
#
USERGROUPS_ENAB yes
#
# Instead of the real user shell, the program specified by this parameter
# will be launched, although its visible name (argv[0]) will be the shell's.
# The program may do whatever it wants (logging, additional authentification,
# banner, ...) before running the actual shell.
#
# FAKE_SHELL /bin/fakeshell
#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names. Root logins will be allowed only
# upon these devices.
#
# This variable is used by login and su.
#
#CONSOLE /etc/consoles
#CONSOLE console:tty01:tty02:tty03:tty04
#
# List of groups to add to the user's supplementary group set
# when logging in on the console (as determined by the CONSOLE
# setting). Default is none.
#
# Use with caution - it is possible for users to gain permanent
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
# This variable is used by login and su.
#
#CONSOLE_GROUPS floppy:audio:cdrom
#
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm. Default is "no".
#
# This variable is deprecated. You should use ENCRYPT_METHOD.
#
#MD5_CRYPT_ENAB no
#
# If set to MD5 , MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
# Overrides the MD5_CRYPT_ENAB option
#
# Note: It is recommended to use a value consistent with
# the PAM modules configuration.
#
ENCRYPT_METHOD SHA512
#
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
#
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
# SHA_CRYPT_MIN_ROUNDS 5000
# SHA_CRYPT_MAX_ROUNDS 5000
################# OBSOLETED BY PAM ##############
# #
# These options are now handled by PAM. Please #
# edit the appropriate file in /etc/pam.d/ to #
# enable the equivelants of them.
#
###############
#MOTD_FILE
#DIALUPS_CHECK_ENAB
#LASTLOG_ENAB
#MAIL_CHECK_ENAB
#OBSCURE_CHECKS_ENAB
#PORTTIME_CHECKS_ENAB
#SU_WHEEL_ONLY
#CRACKLIB_DICTPATH
#PASS_CHANGE_TRIES
#PASS_ALWAYS_WARN
#ENVIRON_FILE
#NOLOGINS_FILE
#ISSUE_FILE
#PASS_MIN_LEN
#PASS_MAX_LEN
#ULIMIT
#ENV_HZ
#CHFN_AUTH
#CHSH_AUTH
#FAIL_DELAY
################# OBSOLETED #######################
# #
# These options are no more handled by shadow. #
# #
# Shadow utilities will display a warning if they #
# still appear. #
# #
###################################################
# CLOSE_SESSIONS
# LOGIN_STRING
# NO_PASSWORD_CONSOLE
# QMAIL_DIR
-1
View File
@@ -1 +0,0 @@
usr/share/lintian/overrides
-22
View File
@@ -1,22 +0,0 @@
usr/share/locale/*/LC_MESSAGES/shadow.mo
usr/share/man/*/man1/login.1
usr/share/man/*/man1/newgrp.1
usr/share/man/*/man1/sg.1
usr/share/man/*/man5/faillog.5
usr/share/man/*/man5/login.defs.5
usr/share/man/*/man8/faillog.8
usr/share/man/*/man8/lastlog.8
usr/share/man/*/man8/nologin.8
usr/share/man/man1/login.1
usr/share/man/man1/newgrp.1
usr/share/man/man1/sg.1
usr/share/man/man5/faillog.5
usr/share/man/man5/login.defs.5
usr/share/man/man8/faillog.8
usr/share/man/man8/lastlog.8
usr/share/man/man8/nologin.8
usr/sbin/nologin
usr/bin/faillog
usr/bin/lastlog
usr/bin/newgrp
bin/login
-1
View File
@@ -1 +0,0 @@
usr/bin/newgrp usr/bin/sg
-3
View File
@@ -1,3 +0,0 @@
login: setuid-binary usr/bin/newgrp 4755 root/root
login: setuid-binary bin/su 4755 root/root
login: possible-missing-colon-in-closes l667:closes bug 336321
-116
View File
@@ -1,116 +0,0 @@
#
# The PAM configuration file for the Shadow `login' service
#
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
#
# With the default control of this module:
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
# root will not be prompted for a password on insecure lines.
# if an invalid username is entered, a password is prompted (but login
# will eventually be rejected)
#
# You can change it to a "requisite" module if you think root may mis-type
# her login and should not be prompted for a password in that case. But
# this will leave the system as vulnerable to user enumeration attacks.
#
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root on insecure lines), but root passwords may be
# communicated over insecure lines.
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# Sets the loginuid process attribute
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restraint on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# Prints the last login info upon successful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the message of the day upon successful login.
# (Replaces the `MOTD_FILE' option in login.defs)
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
# Prints the status of the user's mailbox upon successful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session optional pam_mail.so standard
# Create a new session keyring.
session optional pam_keyinit.so force revoke
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
-56
View File
@@ -1,56 +0,0 @@
#!/bin/sh
set -e
if test "$1" = configure
then
if test -f /etc/init.d/logoutd
then
if test "$(md5sum /etc/init.d/logoutd)" = "9080f92783dd53f6f2108e698c06bd53 /etc/init.d/logoutd"
then
echo "removing logoutd cruft"
rm /etc/init.d/logoutd
update-rc.d logoutd remove
fi
fi
fi
rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null
if [ "$1" = "configure" ]; then
# Install faillog during initial installs only
if [ "$2" = "" ] && [ ! -f /var/log/faillog ] ; then
touch /var/log/faillog
chown root:root /var/log/faillog
chmod 644 /var/log/faillog
fi
# Create subuid/subgid if missing
if [ ! -e /etc/subuid ]; then
touch /etc/subuid
chown root:root /etc/subuid
chmod 644 /etc/subuid
fi
if [ ! -e /etc/subgid ]; then
touch /etc/subgid
chown root:root /etc/subgid
chmod 644 /etc/subgid
fi
fi
# Create subuid/subgid if missing
if [ ! -e /etc/subuid ]; then
touch /etc/subuid
chown root:root /etc/subuid
chmod 644 /etc/subuid
fi
if [ ! -e /etc/subgid ]; then
touch /etc/subgid
chown root:root /etc/subgid
chmod 644 /etc/subgid
fi
#DEBHELPER#
exit 0
-52
View File
@@ -1,52 +0,0 @@
#! /bin/sh
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <new-preinst> `install'
# * <new-preinst> `install' <old-version>
# * <new-preinst> `upgrade' <old-version>
# * <old-preinst> `abort-upgrade' <new-version>
#
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
remove_md5() {
if md5sum $1 2>/dev/null |grep -q $2; then
cp $1 $1.pre-upgrade
sed -e '/^[^#][ \t]*assword[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
&& mv $1.post-upgrade $1
fi
}
case "$1" in
install|upgrade)
if [ "x$2" != "x" ] ; then
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
remove_md5 /etc/pam.d/login 5e61c3334e25625fe1fa4d79cf9123ff
fi
fi
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
-61
View File
@@ -1,61 +0,0 @@
#
# The PAM configuration file for the Shadow `su' service
#
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth required pam_wheel.so
# Uncomment this if you want wheel members to be able to
# su without a password.
# auth sufficient pam_wheel.so trust
# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth required pam_wheel.so deny group=nosu
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
#
# "nopen" stands to avoid reporting new mail when su'ing to another user
session optional pam_mail.so nopen
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'chage' service
#
# This allows root to change password aging being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-16
View File
@@ -1,16 +0,0 @@
#
# The PAM configuration file for the Shadow `chfn' service
#
# This allows root to change user infomation without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session
-5
View File
@@ -1,5 +0,0 @@
# The PAM configuration file for the Shadow 'chpasswd' service
#
@include common-password
-20
View File
@@ -1,20 +0,0 @@
#
# The PAM configuration file for the Shadow `chsh' service
#
# This will not allow a user to change their shell unless
# their current one is listed in /etc/shells. This keeps
# accounts with special shells from changing them.
auth required pam_shells.so
# This allows root to change user shell without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session
-9
View File
@@ -1,9 +0,0 @@
#!/bin/sh
cd /var/backups || exit 0
for FILE in passwd group shadow gshadow; do
test -f /etc/$FILE || continue
cmp -s $FILE.bak /etc/$FILE && continue
cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak
done
-2
View File
@@ -1,2 +0,0 @@
usr/share/lintian/overrides
etc/default
-1
View File
@@ -1 +0,0 @@
debian/passwd.expire.cron
-57
View File
@@ -1,57 +0,0 @@
#!/usr/bin/perl
#
# passwd.expire.cron: sample expiry notification script for use as a cronjob
#
# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted
# for use, distribution, modification, etc.
#
# Usage:
# edit the listed options, including the actual email, then rename to
# /etc/cron.daily/passwd
#
# If your users don't have a valid login shell (ie. they are ftp or mail
# users only), they will need some other way to change their password
# (telnet will work since login will handle password aging, or a poppasswd
# program, if they are mail users).
# <CONFIG> #
# should be same as /etc/adduser.conf
$LOW_UID=1000;
$HIGH_UID=29999;
# this let's the MTA handle the domain,
# set it manually if you want. Make sure
# you also add the @ like "\@domain.com"
$MAIL_DOM="";
# </CONFIG> #
# Set the current day reference
$curdays = int(time() / (60 * 60 * 24));
# Now go through the list
open(SH, "< /etc/shadow");
while (<SH>) {
@shent = split(':', $_);
@userent = getpwnam($shent[0]);
if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) {
if ($curdays > $shent[2] + $shent[4] - $shent[5] &&
$shent[4] != -1 && $shent[4] != 0 &&
$shent[5] != -1 && $shent[5] != 0) {
$daysleft = ($shent[2] + $shent[4]) - $curdays;
if ($daysleft == 1) { $days = "day"; } else {$days = "days"; }
if ($daysleft < 0) { next; }
open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}");
print MAIL <<EOF;
Your account will expire in $daysleft $days. Please change your password before
then or your account will expire
EOF
close (MAIL);
# This makes sure we also get a list of almost expired users
print "$shent[0]'s account will expire in $daysleft days\n";
}
}
@userent = getpwent();
}
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'groupadd' service
#
# This allows root to add groups without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'groupdel' service
#
# This allows root to remove groups without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'groupmod' service
#
# This allows root to modify groups without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-80
View File
@@ -1,80 +0,0 @@
usr/bin/chage
usr/bin/chfn
usr/bin/chsh
usr/bin/expiry
usr/bin/gpasswd
usr/bin/passwd
usr/sbin/chpasswd
usr/sbin/chgpasswd
usr/sbin/cppw
usr/sbin/groupadd
usr/sbin/groupdel
usr/sbin/groupmod
usr/sbin/groupmems
usr/sbin/grpck
usr/sbin/grpconv
usr/sbin/grpunconv
usr/sbin/newusers
usr/sbin/pwck
usr/sbin/pwconv
usr/sbin/pwunconv
usr/sbin/useradd
usr/sbin/userdel
usr/sbin/usermod
usr/sbin/vipw
usr/share/man/*/man1/chage.1
usr/share/man/*/man1/chfn.1
usr/share/man/*/man1/chsh.1
usr/share/man/*/man1/expiry.1
usr/share/man/*/man1/gpasswd.1
usr/share/man/*/man1/passwd.1
usr/share/man/*/man5/passwd.5
usr/share/man/*/man5/shadow.5
usr/share/man/*/man5/gshadow.5
usr/share/man/*/man8/chpasswd.8
usr/share/man/*/man8/groupadd.8
usr/share/man/*/man8/groupdel.8
usr/share/man/*/man8/groupmod.8
usr/share/man/*/man8/groupmems.8
usr/share/man/*/man8/grpck.8
usr/share/man/*/man8/grpconv.8
usr/share/man/*/man8/grpunconv.8
usr/share/man/*/man8/newusers.8
usr/share/man/*/man8/pwck.8
usr/share/man/*/man8/pwconv.8
usr/share/man/*/man8/pwunconv.8
usr/share/man/*/man8/useradd.8
usr/share/man/*/man8/userdel.8
usr/share/man/*/man8/usermod.8
usr/share/man/*/man8/vigr.8
usr/share/man/*/man8/vipw.8
usr/share/man/man1/chage.1
usr/share/man/man1/chfn.1
usr/share/man/man1/chsh.1
usr/share/man/man1/expiry.1
usr/share/man/man1/gpasswd.1
usr/share/man/man1/passwd.1
usr/share/man/man5/passwd.5
usr/share/man/man5/shadow.5
usr/share/man/man5/gshadow.5
usr/share/man/man5/subuid.5
usr/share/man/man5/subgid.5
usr/share/man/man5/subgid.5
usr/share/man/man5/subuid.5
usr/share/man/man8/chgpasswd.8
usr/share/man/man8/chpasswd.8
usr/share/man/man8/groupadd.8
usr/share/man/man8/groupdel.8
usr/share/man/man8/groupmod.8
usr/share/man/man8/grpck.8
usr/share/man/man8/grpconv.8
usr/share/man/man8/grpunconv.8
usr/share/man/man8/newusers.8
usr/share/man/man8/pwck.8
usr/share/man/man8/pwconv.8
usr/share/man/man8/pwunconv.8
usr/share/man/man8/useradd.8
usr/share/man/man8/userdel.8
usr/share/man/man8/usermod.8
usr/share/man/man8/vigr.8
usr/share/man/man8/vipw.8
-2
View File
@@ -1,2 +0,0 @@
usr/sbin/vipw usr/sbin/vigr
usr/sbin/cppw usr/sbin/cpgr
-6
View File
@@ -1,6 +0,0 @@
passwd: setgid-binary usr/bin/chage 2755 root/shadow
passwd: setuid-binary usr/bin/chfn 4755 root/root
passwd: setuid-binary usr/bin/chsh 4755 root/root
passwd: setgid-binary usr/bin/expiry 2755 root/shadow
passwd: setuid-binary usr/bin/gpasswd 4755 root/root
passwd: setuid-binary usr/bin/passwd 4755 root/root
-5
View File
@@ -1,5 +0,0 @@
# The PAM configuration file for the Shadow 'newusers' service
#
@include common-password
-6
View File
@@ -1,6 +0,0 @@
#
# The PAM configuration file for the Shadow `passwd' service
#
@include common-password
-44
View File
@@ -1,44 +0,0 @@
#!/bin/sh
set -e
case "$1" in
configure)
# Fix permissions on various log files from old versions of the debian
# installer, some unrelated to passwd but we decided to put the fix
# here since there was no better place. This can safely be removed
# after etch is released.
if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then
for log in /var/log/base-config* \
$(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
if [ -e "$log" ]; then
chmod 600 "$log"
fi
done
fi
rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
if ! getent group shadow | grep -q '^shadow:[^:]*:42'
then
groupadd -g 42 shadow || (
cat <<EOF
Group ID 42 has been allocated for the shadow group. You have either
used 42 yourself or created a shadow group with a different ID.
Please correct this problem and reconfigure with ``dpkg --configure passwd''.
Note that both user and group IDs in the range 0-99 are globally
allocated by the Debian project and must be the same on every Debian
system.
EOF
exit 1
)
fi
;;
esac
# Run shadowconfig only on new installs
[ -z "$2" ] && shadowconfig on
#DEBHELPER#
exit 0
-51
View File
@@ -1,51 +0,0 @@
#! /bin/sh
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <new-preinst> `install'
# * <new-preinst> `install' <old-version>
# * <new-preinst> `upgrade' <old-version>
# * <old-preinst> `abort-upgrade' <new-version>
#
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
remove_md5() {
if md5sum $1 2>/dev/null |grep -q $2; then
cp $1 $1.pre-upgrade
sed -e '/^[^#]*[ \t]*password[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
&& mv $1.post-upgrade $1
fi
}
case "$1" in
install|upgrade)
if [ "x$2" != "x" ] ; then
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
remove_md5 /etc/pam.d/passwd 23a5d1465bbc1e39ca6e0c32f22a75c9
fi
fi
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
-8
View File
@@ -1,8 +0,0 @@
# If a password operation is in progress and we lose power, stale lockfiles
# can be left behind. Clear them on boot.
r! /etc/gshadow.lock
r! /etc/shadow.lock
r! /etc/passwd.lock
r! /etc/group.lock
r! /etc/subuid.lock
r! /etc/subgid.lock
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'useradd' service
#
# This allows root to add users without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'userdel' service
#
# This allows root to remove users without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
-8
View File
@@ -1,8 +0,0 @@
# The PAM configuration file for the Shadow 'groupdel' service
#
# This allows root to remove groups without being prompted for a password
auth sufficient pam_rootok.so
# checks for account validity
account required pam_permit.so
@@ -1,183 +0,0 @@
From 11fc74ffc7172c587bbd2a6399defbd53eab97c6 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 15 Feb 2018 23:49:40 +1100
Subject: newgidmap: enforce setgroups=deny if self-mapping a group
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by dropping supplementary groups that were "blacklisted" from
certain paths.
This is the simplest fix for the underlying issue, and effectively makes
it so that unless a user has a valid mapping set in /etc/subgid (which
only administrators can modify) -- and they are currently trying to use
that mapping -- then /proc/$pid/setgroups will be set to deny. This
workaround is only partial, because ideally it should be possible to set
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
administrators to further restrict newgidmap(1).
We also don't write anything in the "allow" case because "allow" is the
default, and users may have already written "deny" even if they
technically are allowed to use setgroups. And we don't write anything if
the setgroups policy is already "deny".
Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
Fixes: CVE-2018-7169
Reported-by: Craig Furman <craig.furman89@gmail.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
src/newgidmap.c | 89 ++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 80 insertions(+), 9 deletions(-)
diff --git a/src/newgidmap.c b/src/newgidmap.c
index b1e33513..59a2e75c 100644
--- a/src/newgidmap.c
+++ b/src/newgidmap.c
@@ -46,32 +46,37 @@
*/
const char *Prog;
-static bool verify_range(struct passwd *pw, struct map_range *range)
+
+static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
{
/* An empty range is invalid */
if (range->count == 0)
return false;
- /* Test /etc/subgid */
- if (have_sub_gids(pw->pw_name, range->lower, range->count))
+ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */
+ if (have_sub_gids(pw->pw_name, range->lower, range->count)) {
+ *allow_setgroups = true;
return true;
+ }
- /* Allow a process to map its own gid */
- if ((range->count == 1) && (pw->pw_gid == range->lower))
+ /* Allow a process to map its own gid. */
+ if ((range->count == 1) && (pw->pw_gid == range->lower)) {
+ /* noop -- if setgroups is enabled already we won't disable it. */
return true;
+ }
return false;
}
static void verify_ranges(struct passwd *pw, int ranges,
- struct map_range *mappings)
+ struct map_range *mappings, bool *allow_setgroups)
{
struct map_range *mapping;
int idx;
mapping = mappings;
for (idx = 0; idx < ranges; idx++, mapping++) {
- if (!verify_range(pw, mapping)) {
+ if (!verify_range(pw, mapping, allow_setgroups)) {
fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"),
Prog,
mapping->upper,
@@ -89,6 +94,70 @@ static void usage(void)
exit(EXIT_FAILURE);
}
+void write_setgroups(int proc_dir_fd, bool allow_setgroups)
+{
+ int setgroups_fd;
+ char *policy, policy_buffer[4096];
+
+ /*
+ * Default is "deny", and any "allow" will out-rank a "deny". We don't
+ * forcefully write an "allow" here because the process we are writing
+ * mappings for may have already set themselves to "deny" (and "allow"
+ * is the default anyway). So allow_setgroups == true is a noop.
+ */
+ policy = "deny\n";
+ if (allow_setgroups)
+ return;
+
+ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC);
+ if (setgroups_fd < 0) {
+ /*
+ * If it's an ENOENT then we are on too old a kernel for the setgroups
+ * code to exist. Emit a warning and bail on this.
+ */
+ if (ENOENT == errno) {
+ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog);
+ goto out;
+ }
+ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"),
+ Prog,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
+ /*
+ * Check whether the policy is already what we want. /proc/self/setgroups
+ * is write-once, so attempting to write after it's already written to will
+ * fail.
+ */
+ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) {
+ fprintf(stderr, _("%s: failed to read setgroups: %s\n"),
+ Prog,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ if (!strncmp(policy_buffer, policy, strlen(policy)))
+ goto out;
+
+ /* Write the policy. */
+ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) {
+ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"),
+ Prog,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ if (dprintf(setgroups_fd, "%s", policy) < 0) {
+ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"),
+ Prog,
+ policy,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
+out:
+ close(setgroups_fd);
+}
+
/*
* newgidmap - Set the gid_map for the specified process
*/
@@ -103,6 +172,7 @@ int main(int argc, char **argv)
struct stat st;
struct passwd *pw;
int written;
+ bool allow_setgroups = false;
Prog = Basename (argv[0]);
@@ -145,7 +215,7 @@ int main(int argc, char **argv)
(unsigned long) getuid ()));
return EXIT_FAILURE;
}
-
+
/* Get the effective uid and effective gid of the target process */
if (fstat(proc_dir_fd, &st) < 0) {
fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
@@ -177,8 +247,9 @@ int main(int argc, char **argv)
if (!mappings)
usage();
- verify_ranges(pw, ranges, mappings);
+ verify_ranges(pw, ranges, mappings, &allow_setgroups);
+ write_setgroups(proc_dir_fd, allow_setgroups);
write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
sub_gid_close();
--
2.30.2
-142
View File
@@ -1,142 +0,0 @@
From cbfa2ff40ce629f55ddd67e3490c311dfcaa4462 Mon Sep 17 00:00:00 2001
From: Alejandro Colomar <alx@kernel.org>
Date: Sat, 10 Jun 2023 16:20:05 +0200
Subject: gpasswd(1): Fix password leak
How to trigger this password leak?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When gpasswd(1) asks for the new password, it asks twice (as is usual
for confirming the new password). Each of those 2 password prompts
uses agetpass() to get the password. If the second agetpass() fails,
the first password, which has been copied into the 'static' buffer
'pass' via STRFCPY(), wasn't being zeroed.
agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
can fail for any of the following reasons:
- malloc(3) or readpassphrase(3) failure.
These are going to be difficult to trigger. Maybe getting the system
to the limits of memory utilization at that exact point, so that the
next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
About readpassphrase(3), ENFILE and EINTR seem the only plausible
ones, and EINTR probably requires privilege or being the same user;
but I wouldn't discard ENFILE so easily, if a process starts opening
files.
- The password is longer than PASS_MAX.
The is plausible with physical access. However, at that point, a
keylogger will be a much simpler attack.
And, the attacker must be able to know when the second password is being
introduced, which is not going to be easy.
How to read the password after the leak?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Provoking the leak yourself at the right point by entering a very long
password is easy, and inspecting the process stack at that point should
be doable. Try to find some consistent patterns.
Then, search for those patterns in free memory, right after the victim
leaks their password.
Once you get the leak, a program should read all the free memory
searching for patterns that gpasswd(1) leaves nearby the leaked
password.
On 6/10/23 03:14, Seth Arnold wrote:
> An attacker process wouldn't be able to use malloc(3) for this task.
> There's a handful of tools available for userspace to allocate memory:
>
> - brk / sbrk
> - mmap MAP_ANONYMOUS
> - mmap /dev/zero
> - mmap some other file
> - shm_open
> - shmget
>
> Most of these return only pages of zeros to a process. Using mmap of an
> existing file, you can get some of the contents of the file demand-loaded
> into the memory space on the first use.
>
> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare.
>
> malloc(3) doesn't zero memory, to our collective frustration, but all the
> garbage in the allocations is from previous allocations in the current
> process. It isn't leftover from other processes.
>
> The avenues available for reading the memory:
> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
> - ptrace (requires ptrace privileges, mediated by YAMA)
> - causing memory to be swapped to disk, and then inspecting the swap
>
> These all require a certain amount of privileges.
How to fix it?
~~~~~~~~~~~~~~
memzero(), which internally calls explicit_bzero(3), or whatever
alternative the system provides with a slightly different name, will
make sure that the buffer is zeroed in memory, and optimizations are not
allowed to impede this zeroing.
This is not really 100% effective, since compilers may place copies of
the string somewhere hidden in the stack. Those copies won't get zeroed
by explicit_bzero(3). However, that's arguably a compiler bug, since
compilers should make everything possible to avoid optimizing strings
that are later passed to explicit_bzero(3). But we all know that
sometimes it's impossible to have perfect knowledge in the compiler, so
this is plausible. Nevertheless, there's nothing we can do against such
issues, except minimizing the time such passwords are stored in plain
text.
Security concerns
~~~~~~~~~~~~~~~~~
We believe this isn't easy to exploit. Nevertheless, and since the fix
is trivial, this fix should probably be applied soon, and backported to
all supported distributions, to prevent someone else having more
imagination than us to find a way.
Affected versions
~~~~~~~~~~~~~~~~~
All. Bug introduced in shadow 19990709. That's the second commit in
the git history.
Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
Reported-by: Alejandro Colomar <alx@kernel.org>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Seth Arnold <seth.arnold@canonical.com>
Cc: Christian Brauner <christian@brauner.io>
Cc: Balint Reczey <rbalint@debian.org>
Cc: Sam James <sam@gentoo.org>
Cc: David Runge <dvzrv@archlinux.org>
Cc: Andreas Jaeger <aj@suse.de>
Cc: <~hallyn/shadow@lists.sr.ht>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
src/gpasswd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/gpasswd.c b/src/gpasswd.c
index c4a492b1..cbbd8068 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -917,6 +917,7 @@ static void change_passwd (struct group *gr)
strzero (cp);
cp = getpass (_("Re-enter new password: "));
if (NULL == cp) {
+ memzero (pass, sizeof pass);
exit (1);
}
--
2.30.2
-45
View File
@@ -1,45 +0,0 @@
From b42c60bc8f026b250810a75bafe865338d734ec3 Mon Sep 17 00:00:00 2001
From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
Date: Thu, 23 Mar 2023 23:39:38 +0000
Subject: Added control character check
Added control character check, returning -1 (to "err") if control characters are present.
---
lib/fields.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/fields.c b/lib/fields.c
index 649fae17..b8f13ba7 100644
--- a/lib/fields.c
+++ b/lib/fields.c
@@ -44,9 +44,9 @@
*
* The supplied field is scanned for non-printable and other illegal
* characters.
- * + -1 is returned if an illegal character is present.
- * + 1 is returned if no illegal characters are present, but the field
- * contains a non-printable character.
+ * + -1 is returned if an illegal or control character is present.
+ * + 1 is returned if no illegal or control characters are present,
+ * but the field contains a non-printable character.
* + 0 is returned otherwise.
*/
int valid_field (const char *field, const char *illegal)
@@ -68,10 +68,13 @@ int valid_field (const char *field, const char *illegal)
}
if (0 == err) {
- /* Search if there are some non-printable characters */
+ /* Search if there are non-printable or control characters */
for (cp = field; '\0' != *cp; cp++) {
if (!isprint (*cp)) {
err = 1;
+ }
+ if (!iscntrl (*cp)) {
+ err = -1;
break;
}
}
--
2.30.2
-61
View File
@@ -1,61 +0,0 @@
From 261c9cd274f07361c304d3993e325fe29d4bad14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 31 Mar 2023 14:46:50 +0200
Subject: Overhaul valid_field()
e5905c4b ("Added control character check") introduced checking for
control characters but had the logic inverted, so it rejects all
characters that are not control ones.
Cast the character to `unsigned char` before passing to the character
checking functions to avoid UB.
Use strpbrk(3) for the illegal character test and return early.
---
lib/fields.c | 24 ++++++++++--------------
1 file changed, 10 insertions(+), 14 deletions(-)
diff --git a/lib/fields.c b/lib/fields.c
index b8f13ba7..191257e8 100644
--- a/lib/fields.c
+++ b/lib/fields.c
@@ -60,26 +60,22 @@ int valid_field (const char *field, const char *illegal)
/* For each character of field, search if it appears in the list
* of illegal characters. */
+ if (illegal && NULL != strpbrk (field, illegal)) {
+ return -1;
+ }
+
+ /* Search if there are non-printable or control characters */
for (cp = field; '\0' != *cp; cp++) {
- if (strchr (illegal, *cp) != NULL) {
+ unsigned char c = *cp;
+ if (!isprint (c)) {
+ err = 1;
+ }
+ if (iscntrl (c)) {
err = -1;
break;
}
}
- if (0 == err) {
- /* Search if there are non-printable or control characters */
- for (cp = field; '\0' != *cp; cp++) {
- if (!isprint (*cp)) {
- err = 1;
- }
- if (!iscntrl (*cp)) {
- err = -1;
- break;
- }
- }
- }
-
return err;
}
--
2.30.2
-55
View File
@@ -1,55 +0,0 @@
Goal: Log login failures to the btmp file
Notes:
* I'm not sure login should add an entry in the FTMP file when PAM is used.
(but nothing in /etc/login.defs indicates that the failure is not logged)
Index: shadow-4.4/src/login.c
===================================================================
--- shadow-4.4.orig/src/login.c
+++ shadow-4.4/src/login.c
@@ -834,6 +834,24 @@ int main (int argc, char **argv)
(void) puts ("");
(void) puts (_("Login incorrect"));
+ if (getdef_str("FTMP_FILE") != NULL) {
+#ifdef USE_UTMPX
+ struct utmpx *failent =
+ prepare_utmpx (failent_user,
+ tty,
+ /* FIXME: or fromhost? */hostname,
+ utent);
+#else /* !USE_UTMPX */
+ struct utmp *failent =
+ prepare_utmp (failent_user,
+ tty,
+ hostname,
+ utent);
+#endif /* !USE_UTMPX */
+ failtmp (failent_user, failent);
+ free (failent);
+ }
+
if (failcount >= retries) {
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
Index: shadow-4.4/lib/getdef.c
===================================================================
--- shadow-4.4.orig/lib/getdef.c
+++ shadow-4.4/lib/getdef.c
@@ -57,7 +57,6 @@ struct itemdef {
{"ENVIRON_FILE", NULL}, \
{"ENV_TZ", NULL}, \
{"FAILLOG_ENAB", NULL}, \
- {"FTMP_FILE", NULL}, \
{"ISSUE_FILE", NULL}, \
{"LASTLOG_ENAB", NULL}, \
{"LOGIN_STRING", NULL}, \
@@ -88,6 +87,7 @@ static struct itemdef def_table[] = {
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
{"FAKE_SHELL", NULL},
+ {"FTMP_FILE", NULL},
{"GID_MAX", NULL},
{"GID_MIN", NULL},
{"HUSHLOGIN_FILE", NULL},
-276
View File
@@ -1,276 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Add cppw / cpgr
@DPATCH@
--- /dev/null
+++ b/src/cppw.c
@@ -0,0 +1,238 @@
+/*
+ cppw, cpgr copy with locking given file over the password or group file
+ with -s will copy with locking given file over shadow or gshadow file
+
+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net>
+
+ Based on vipw, vigr by:
+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ */
+
+#include <config.h>
+#include "defines.h"
+
+#include <errno.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <signal.h>
+#include <utime.h>
+#include "exitcodes.h"
+#include "prototypes.h"
+#include "pwio.h"
+#include "shadowio.h"
+#include "groupio.h"
+#include "sgroupio.h"
+
+
+const char *Prog;
+
+const char *filename, *filenewname;
+static bool filelocked = false;
+static int (*unlock) (void);
+
+/* local function prototypes */
+static int create_copy (FILE *fp, const char *dest, struct stat *sb);
+static void cppwexit (const char *msg, int syserr, int ret);
+static void cppwcopy (const char *file,
+ const char *in_file,
+ int (*file_lock) (void),
+ int (*file_unlock) (void));
+
+static int create_copy (FILE *fp, const char *dest, struct stat *sb)
+{
+ struct utimbuf ub;
+ FILE *bkfp;
+ int c;
+ mode_t mask;
+
+ mask = umask (077);
+ bkfp = fopen (dest, "w");
+ (void) umask (mask);
+ if (NULL == bkfp) {
+ return -1;
+ }
+
+ rewind (fp);
+ while ((c = getc (fp)) != EOF) {
+ if (putc (c, bkfp) == EOF) {
+ break;
+ }
+ }
+
+ if ( (c != EOF)
+ || (fflush (bkfp) != 0)) {
+ (void) fclose (bkfp);
+ (void) unlink (dest);
+ return -1;
+ }
+ if ( (fsync (fileno (bkfp)) != 0)
+ || (fclose (bkfp) != 0)) {
+ (void) unlink (dest);
+ return -1;
+ }
+
+ ub.actime = sb->st_atime;
+ ub.modtime = sb->st_mtime;
+ if ( (utime (dest, &ub) != 0)
+ || (chmod (dest, sb->st_mode) != 0)
+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) {
+ (void) unlink (dest);
+ return -1;
+ }
+ return 0;
+}
+
+static void cppwexit (const char *msg, int syserr, int ret)
+{
+ int err = errno;
+ if (filelocked) {
+ (*unlock) ();
+ }
+ if (NULL != msg) {
+ fprintf (stderr, "%s: %s", Prog, msg);
+ if (0 != syserr) {
+ fprintf (stderr, ": %s", strerror (err));
+ }
+ (void) fputs ("\n", stderr);
+ }
+ if (NULL != filename) {
+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename);
+ } else {
+ fprintf (stderr, _("%s: no changes\n"), Prog);
+ }
+
+ exit (ret);
+}
+
+static void cppwcopy (const char *file,
+ const char *in_file,
+ int (*file_lock) (void),
+ int (*file_unlock) (void))
+{
+ struct stat st1;
+ FILE *f;
+ char filenew[1024];
+
+ snprintf (filenew, sizeof filenew, "%s.new", file);
+ unlock = file_unlock;
+ filename = file;
+ filenewname = filenew;
+
+ if (access (file, F_OK) != 0) {
+ cppwexit (file, 1, 1);
+ }
+ if (file_lock () == 0) {
+ cppwexit (_("Couldn't lock file"), 0, 5);
+ }
+ filelocked = true;
+
+ /* file to copy has same owners, perm */
+ if (stat (file, &st1) != 0) {
+ cppwexit (file, 1, 1);
+ }
+ f = fopen (in_file, "r");
+ if (NULL == f) {
+ cppwexit (in_file, 1, 1);
+ }
+ if (create_copy (f, filenew, &st1) != 0) {
+ cppwexit (_("Couldn't make copy"), errno, 1);
+ }
+
+ /* XXX - here we should check filenew for errors; if there are any,
+ * fail w/ an appropriate error code and let the user manually fix
+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly
+ * stolen from '--marekm's comment) */
+
+ if (rename (filenew, file) != 0) {
+ fprintf (stderr, _("%s: can't copy %s: %s)\n"),
+ Prog, filenew, strerror (errno));
+ cppwexit (NULL,0,1);
+ }
+
+ (*file_unlock) ();
+}
+
+int main (int argc, char **argv)
+{
+ int flag;
+ bool cpshadow = false;
+ char *in_file;
+ int e = E_USAGE;
+ bool do_cppw = true;
+
+ (void) setlocale (LC_ALL, "");
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
+ (void) textdomain (PACKAGE);
+
+ Prog = Basename (argv[0]);
+ if (strcmp (Prog, "cpgr") == 0) {
+ do_cppw = false;
+ }
+
+ while ((flag = getopt (argc, argv, "ghps")) != EOF) {
+ switch (flag) {
+ case 'p':
+ do_cppw = true;
+ break;
+ case 'g':
+ do_cppw = false;
+ break;
+ case 's':
+ cpshadow = true;
+ break;
+ case 'h':
+ e = E_SUCCESS;
+ /*pass through*/
+ default:
+ (void) fputs (_("Usage:\n\
+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\
+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\
+"), (E_SUCCESS != e) ? stderr : stdout);
+ exit (e);
+ }
+ }
+
+ if (argc != optind + 1) {
+ cppwexit (_("wrong number of arguments, -h for usage"),0,1);
+ }
+
+ in_file = argv[optind];
+
+ if (do_cppw) {
+ if (cpshadow) {
+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock);
+ } else {
+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock);
+ }
+ } else {
+#ifdef SHADOWGRP
+ if (cpshadow) {
+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock);
+ } else
+#endif /* SHADOWGRP */
+ {
+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock);
+ }
+ }
+
+ return 0;
+}
+
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -30,6 +30,7 @@
ubin_PROGRAMS += newgidmap newuidmap
endif
usbin_PROGRAMS = \
+ cppw \
chgpasswd \
chpasswd \
groupadd \
@@ -90,6 +91,7 @@
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+cppw_LDADD = $(LDADD) $(LIBSELINUX)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -85,6 +85,7 @@
src/chgpasswd.c
src/chpasswd.c
src/chsh.c
+src/cppw.c
src/expiry.c
src/faillog.c
src/gpasswd.c
-64
View File
@@ -1,64 +0,0 @@
Goal: Add selinux support to cppw
Fix:
Status wrt upstream: cppw is not available upstream.
The patch was made based on the
302_vim_selinux_support patch. It needs to be
reviewed by an SE-Linux aware person.
Depends on 401_cppw_src.dpatch
Index: git/src/cppw.c
===================================================================
--- git.orig/src/cppw.c
+++ git/src/cppw.c
@@ -34,6 +34,9 @@
#include <sys/types.h>
#include <signal.h>
#include <utime.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /* WITH_SELINUX */
#include "exitcodes.h"
#include "prototypes.h"
#include "pwio.h"
@@ -139,6 +142,22 @@
if (access (file, F_OK) != 0) {
cppwexit (file, 1, 1);
}
+#ifdef WITH_SELINUX
+ /* if SE Linux is enabled then set the context of all new files
+ * to be the context of the file we are editing */
+ if (is_selinux_enabled () > 0) {
+ security_context_t passwd_context=NULL;
+ int ret = 0;
+ if (getfilecon (file, &passwd_context) < 0) {
+ cppwexit (_("Couldn't get file context"), errno, 1);
+ }
+ ret = setfscreatecon (passwd_context);
+ freecon (passwd_context);
+ if (0 != ret) {
+ cppwexit (_("setfscreatecon () failed"), errno, 1);
+ }
+ }
+#endif /* WITH_SELINUX */
if (file_lock () == 0) {
cppwexit (_("Couldn't lock file"), 0, 5);
}
@@ -167,6 +186,15 @@
cppwexit (NULL,0,1);
}
+#ifdef WITH_SELINUX
+ /* unset the fscreatecon */
+ if (is_selinux_enabled () > 0) {
+ if (setfscreatecon (NULL)) {
+ cppwexit (_("setfscreatecon() failed"), errno, 1);
+ }
+ }
+#endif /* WITH_SELINUX */
+
(*file_unlock) ();
}
-88
View File
@@ -1,88 +0,0 @@
Goal: Re-enable logging and displaying failures on login when login is
compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
faillog file if it does not exist on postinst (as on Woody).
Depends: 008_login_more_LOG_UNKFAIL_ENAB
Fixes: #192849
Note: It could be removed if pam_tally could report the number of failures
preceding a successful login.
Index: shadow-4.4/src/login.c
===================================================================
--- shadow-4.4.orig/src/login.c
+++ shadow-4.4/src/login.c
@@ -131,9 +131,9 @@ static void update_utmp (const char *use
const char *host,
/*@null@*/const struct utmp *utent);
-#ifndef USE_PAM
static struct faillog faillog;
+#ifndef USE_PAM
static void bad_time_notify (void);
static void check_nologin (bool login_to_root);
#else
@@ -794,6 +794,9 @@ int main (int argc, char **argv)
SYSLOG ((LOG_NOTICE,
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
failcount, fromhost, failent_user));
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
+ failure (pwd->pw_uid, tty, &faillog);
+ }
fprintf (stderr,
_("Maximum number of tries exceeded (%u)\n"),
failcount);
@@ -811,6 +814,14 @@ int main (int argc, char **argv)
pam_strerror (pamh, retcode)));
failed = true;
}
+ if ( (NULL != pwd)
+ && getdef_bool("FAILLOG_ENAB")
+ && ! failcheck (pwd->pw_uid, &faillog, failed)) {
+ SYSLOG((LOG_CRIT,
+ "exceeded failure limit for `%s' %s",
+ failent_user, fromhost));
+ failed = 1;
+ }
if (!failed) {
break;
@@ -834,6 +845,10 @@ int main (int argc, char **argv)
(void) puts ("");
(void) puts (_("Login incorrect"));
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
+ failure (pwd->pw_uid, tty, &faillog);
+ }
+
if (getdef_str("FTMP_FILE") != NULL) {
#ifdef USE_UTMPX
struct utmpx *failent =
@@ -1288,6 +1303,7 @@ int main (int argc, char **argv)
*/
#ifndef USE_PAM
motd (); /* print the message of the day */
+#endif
if ( getdef_bool ("FAILLOG_ENAB")
&& (0 != faillog.fail_cnt)) {
failprint (&faillog);
@@ -1300,6 +1316,7 @@ int main (int argc, char **argv)
username, (int) faillog.fail_cnt));
}
}
+#ifndef USE_PAM
if ( getdef_bool ("LASTLOG_ENAB")
&& (ll.ll_time != 0)) {
time_t ll_time = ll.ll_time;
Index: shadow-4.4/lib/getdef.c
===================================================================
--- shadow-4.4.orig/lib/getdef.c
+++ shadow-4.4/lib/getdef.c
@@ -86,6 +86,7 @@ static struct itemdef def_table[] = {
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
+ {"FAILLOG_ENAB", NULL},
{"FAKE_SHELL", NULL},
{"FTMP_FILE", NULL},
{"GID_MAX", NULL},
-101
View File
@@ -1,101 +0,0 @@
Goal: Do not hardcode pam_fail_delay and let pam_unix do its
job to set a delay...or not
Fixes: #87648
Status wrt upstream: Forwarded but not applied yet
Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
Index: shadow-4.4/src/login.c
===================================================================
--- shadow-4.4.orig/src/login.c
+++ shadow-4.4/src/login.c
@@ -525,7 +525,6 @@ int main (int argc, char **argv)
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
char ptime[80];
#endif
- unsigned int delay;
unsigned int retries;
bool subroot = false;
#ifndef USE_PAM
@@ -546,6 +545,7 @@ int main (int argc, char **argv)
pid_t child;
char *pam_user = NULL;
#else
+ unsigned int delay;
struct spwd *spwd = NULL;
#endif
/*
@@ -708,7 +708,6 @@ int main (int argc, char **argv)
}
environ = newenvp; /* make new environment active */
- delay = getdef_unum ("FAIL_DELAY", 1);
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
#ifdef USE_PAM
@@ -724,8 +723,7 @@ int main (int argc, char **argv)
/*
* hostname & tty are either set to NULL or their correct values,
- * depending on how much we know. We also set PAM's fail delay to
- * ours.
+ * depending on how much we know.
*
* PAM_RHOST and PAM_TTY are used for authentication, only use
* information coming from login or from the caller (e.g. no utmp)
@@ -734,10 +732,6 @@ int main (int argc, char **argv)
PAM_FAIL_CHECK;
retcode = pam_set_item (pamh, PAM_TTY, tty);
PAM_FAIL_CHECK;
-#ifdef HAS_PAM_FAIL_DELAY
- retcode = pam_fail_delay (pamh, 1000000 * delay);
- PAM_FAIL_CHECK;
-#endif
/* if fflg, then the user has already been authenticated */
if (!fflg) {
unsigned int failcount = 0;
@@ -778,12 +772,6 @@ int main (int argc, char **argv)
bool failed = false;
failcount++;
-#ifdef HAS_PAM_FAIL_DELAY
- if (delay > 0) {
- retcode = pam_fail_delay(pamh, 1000000*delay);
- PAM_FAIL_CHECK;
- }
-#endif
retcode = pam_authenticate (pamh, 0);
@@ -1106,14 +1094,17 @@ int main (int argc, char **argv)
free (username);
username = NULL;
+#ifndef USE_PAM
/*
* Wait a while (a la SVR4 /usr/bin/login) before attempting
* to login the user again. If the earlier alarm occurs
* before the sleep() below completes, login will exit.
*/
+ delay = getdef_unum ("FAIL_DELAY", 1);
if (delay > 0) {
(void) sleep (delay);
}
+#endif
(void) puts (_("Login incorrect"));
Index: shadow-4.4/lib/getdef.c
===================================================================
--- shadow-4.4.orig/lib/getdef.c
+++ shadow-4.4/lib/getdef.c
@@ -85,7 +85,6 @@ static struct itemdef def_table[] = {
{"ENV_PATH", NULL},
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
- {"FAIL_DELAY", NULL},
{"FAILLOG_ENAB", NULL},
{"FAKE_SHELL", NULL},
{"FTMP_FILE", NULL},
-60
View File
@@ -1,60 +0,0 @@
Goal: save the [g]shadow files with the 'shadow' group and mode 0440
Fixes: #166793
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -44,6 +44,7 @@
#include <errno.h>
#include <stdio.h>
#include <signal.h>
+#include <grp.h>
#include "nscd.h"
#ifdef WITH_TCB
#include <tcb.h>
@@ -963,12 +964,23 @@
goto fail;
}
} else {
+ struct group *grp;
/*
* Default permissions for new [g]shadow files.
*/
sb.st_mode = db->st_mode;
sb.st_uid = db->st_uid;
sb.st_gid = db->st_gid;
+
+ /*
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
+ */
+ if (sb.st_gid == 0) {
+ if ((grp = getgrnam("shadow")) != NULL)
+ sb.st_gid = grp->gr_gid;
+ else
+ sb.st_gid = 0;
+ }
}
snprintf (buf, sizeof buf, "%s+", db->filename);
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -229,7 +229,7 @@
#ifdef WITH_SELINUX
NULL, /* scontext */
#endif
- 0400, /* st_mode */
+ 0440, /* st_mode */
0, /* st_uid */
0, /* st_gid */
NULL, /* head */
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -105,7 +105,7 @@
#ifdef WITH_SELINUX
NULL, /* scontext */
#endif /* WITH_SELINUX */
- 0400, /* st_mode */
+ 0440, /* st_mode */
0, /* st_uid */
0, /* st_gid */
NULL, /* head */
-201
View File
@@ -1,201 +0,0 @@
Goal: Document the shadowconfig utility
Status wrt upstream: The shadowconfig utility is debian specific.
Its man page also (but it used to be distributed)
Index: git/man/shadowconfig.8
===================================================================
--- /dev/null
+++ git/man/shadowconfig.8
@@ -0,0 +1,41 @@
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" ""
+.SH NAME
+shadowconfig \- toggle shadow passwords on and off
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+.HP 13
+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR
+.ad
+.hy
+
+.SH "DESCRIPTION"
+
+.PP
+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&.
+
+.PP
+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&.
+
+.PP
+Note that turning shadow passwords off and on again will lose all password aging information\&.
+
Index: git/man/shadowconfig.8.xml
===================================================================
--- /dev/null
+++ git/man/shadowconfig.8.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+<refentry id='shadowconfig.8'>
+ <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ -->
+ <refentryinfo>
+ <date>19 Apr 1997</date>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle>shadowconfig</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class='date'>19 Apr 1997</refmiscinfo>
+ <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo>
+ </refmeta>
+ <refnamediv id='name'>
+ <refname>shadowconfig</refname>
+ <refpurpose>toggle shadow passwords on and off</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>shadowconfig</command>
+ <group choice='plain'>
+ <arg choice='plain'><replaceable>on</replaceable></arg>
+ <arg choice='plain'><replaceable>off</replaceable></arg>
+ </group>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para><command>shadowconfig</command> on will turn shadow passwords on;
+ <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow
+ passwords off. <command>shadowconfig</command> will print an error
+ message and exit with a nonzero code if it finds anything awry. If
+ that happens, you should correct the error and run it again. Turning
+ shadow passwords on when they are already on, or off when they are
+ already off, is harmless.
+ </para>
+
+ <para>
+ Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a
+ brief introduction
+ to shadow passwords and related features.
+ </para>
+
+ <para>Note that turning shadow passwords off and on again will lose all
+ password
+ aging information.
+ </para>
+ </refsect1>
+</refentry>
Index: git/man/fr/shadowconfig.8
===================================================================
--- /dev/null
+++ git/man/fr/shadowconfig.8
@@ -0,0 +1,26 @@
+.\" This file was generated with po4a. Translate the source file.
+.\"
+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
+.SH NOM
+shadowconfig \- active ou désactive les mots de passe cachés
+.SH SYNOPSIS
+\fBshadowconfig\fP \fIon\fP | \fIoff\fP
+.SH DESCRIPTION
+.PP
+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
+de recommencer.
+
+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
+désactiver lorsqu'ils ne sont pas actifs est sans effet.
+
+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
+mots de passe cachés et à leurs fonctionnalités.
+
+Notez que désactiver puis réactiver les mots de passe cachés aura pour
+conséquence la perte des informations d'âge sur les mots de passe.
+.SH TRADUCTION
+Nicolas FRANÇOIS, 2004.
+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
Index: git/man/ja/shadowconfig.8
===================================================================
--- /dev/null
+++ git/man/ja/shadowconfig.8
@@ -0,0 +1,25 @@
+.\" all right reserved,
+.\" Translated Tue Oct 30 11:59:11 JST 2001
+.\" by Maki KURODA <mkuroda@aisys-jp.com>
+.\"
+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
+.SH 名前
+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える
+.SH 書式
+.B "shadowconfig"
+.IR on " | " off
+.SH 説明
+.PP
+.B shadowconfig on
+は shadow パスワードを有効にする。
+.B shadowconfig off
+は shadow パスワードを無効にする。
+.B shadowconfig
+は何らかの間違いがあると、エラーメッセージを表示し、
+ゼロではない返り値を返す。
+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。
+shadow パスワードの設定がすでにオンの場合にオンに設定したり、
+すでにオフの場合にオフに設定しても、何の影響もない。
+
+.I /usr/share/doc/passwd/README.debian.gz
+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。
Index: git/man/pl/shadowconfig.8
===================================================================
--- /dev/null
+++ git/man/pl/shadowconfig.8
@@ -0,0 +1,27 @@
+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
+.\" {PTM/WK/1999-09-14}
+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
+.SH NAZWA
+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
+.SH SKŁADNIA
+.B "shadowconfig"
+.IR on " | " off
+.SH OPIS
+.PP
+.B shadowconfig on
+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
+.B shadowconfig off
+wyłącza dodatkowe pliki haseł i grup.
+.B shadowconfig
+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
+.\" if it finds anything awry.
+i uruchomić program ponownie.
+
+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
+gdy jest wyłączona jest nieszkodliwe.
+
+Przeczytaj
+.IR /usr/share/doc/passwd/README.debian.gz ,
+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
+plików haseł przesłanianych (shadow passwords) i związanych tematów.
-40
View File
@@ -1,40 +0,0 @@
Goal: Recommend using adduser and deluser.
Fixes: #406046
Status wrt upstream: Debian specific patch.
Index: git/man/useradd.8.xml
===================================================================
--- git.orig/man/useradd.8.xml
+++ git/man/useradd.8.xml
@@ -105,6 +105,12 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
+ <command>useradd</command> is a low level utility for adding
+ users. On Debian, administrators should usually use
+ <citerefentry><refentrytitle>adduser</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> instead.
+ </para>
+ <para>
When invoked without the <option>-D</option> option, the
<command>useradd</command> command creates a new user account using
the values specified on the command line plus the default values from
Index: git/man/userdel.8.xml
===================================================================
--- git.orig/man/userdel.8.xml
+++ git/man/userdel.8.xml
@@ -83,6 +83,12 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
+ <command>userdel</command> is a low level utility for removing
+ users. On Debian, administrators should usually use
+ <citerefentry><refentrytitle>deluser</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> instead.
+ </para>
+ <para>
The <command>userdel</command> command modifies the system account
files, deleting all entries that refer to the user name <emphasis
remap='I'>LOGIN</emphasis>. The named user must exist.
-106
View File
@@ -1,106 +0,0 @@
Goal: Relaxed usernames/groupnames checking patch.
Status wrt upstream: Debian specific. Not to be used upstream
Details:
Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
characters and don't start with '-', '+', or '~'. This patch is more
restrictive than original Karl's version. closes: #264879
Also closes: #377844
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
I can't come up with a good justification as to why characters other
than ':'s and '\0's should be disallowed in group and usernames (other
than '-' as the leading character). Thus, the maintenance tools don't
anymore. closes: #79682, #166798, #171179
Index: git/libmisc/chkname.c
===================================================================
--- git.orig/libmisc/chkname.c
+++ git/libmisc/chkname.c
@@ -48,6 +48,7 @@
static bool is_valid_name (const char *name)
{
+#if 0
/*
* User/group names must match [a-z_][a-z0-9_-]*[$]
*/
@@ -66,6 +67,26 @@
return false;
}
}
+#endif
+ /*
+ * POSIX indicate that usernames are composed of characters from the
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
+ * should not be used as the first character of a portable user name.
+ *
+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
+ */
+ if ( ('\0' == *name)
+ || ('-' == *name)
+ || ('~' == *name)
+ || ('+' == *name)) {
+ return false;
+ }
+ do {
+ if ((':' == *name) || (',' == *name) || isspace(*name)) {
+ return false;
+ }
+ name++;
+ } while ('\0' != *name);
return true;
}
Index: git/man/useradd.8.xml
===================================================================
--- git.orig/man/useradd.8.xml
+++ git/man/useradd.8.xml
@@ -633,12 +633,20 @@
</para>
<para>
- Usernames must start with a lower case letter or an underscore,
+ It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
followed by lower case letters, digits, underscores, or dashes.
They can end with a dollar sign.
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
</para>
<para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
+ colon (':'), a comma (','), or a whitespace (space: ' ',
+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash
+ ('/') may break the default algorithm for the definition of the
+ user's home directory.
+ </para>
+ <para>
Usernames may only be up to 32 characters long.
</para>
</refsect1>
Index: git/man/groupadd.8.xml
===================================================================
--- git.orig/man/groupadd.8.xml
+++ git/man/groupadd.8.xml
@@ -256,12 +256,18 @@
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
- Groupnames must start with a lower case letter or an underscore,
+ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
followed by lower case letters, digits, underscores, or dashes.
They can end with a dollar sign.
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
</para>
<para>
+ On Debian, the only constraints are that groupnames must neither start
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
+ colon (':'), a comma (','), or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
+ </para>
+ <para>
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
</para>
<para>
-18
View File
@@ -1,18 +0,0 @@
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -24,7 +24,6 @@
# $prefix/bin and $prefix/sbin, no install-data hacks...)
bin_PROGRAMS = groups login su
-sbin_PROGRAMS = nologin
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
if ENABLE_SUBIDS
ubin_PROGRAMS += newgidmap newuidmap
@@ -42,6 +41,7 @@
grpunconv \
logoutd \
newusers \
+ nologin \
pwck \
pwconv \
pwunconv \
-43
View File
@@ -1,43 +0,0 @@
Goal: accepts the -O flag for backward compatibility. (was used by adduser?)
Note: useradd.8 needs to be regenerated.
Status wrt upstream: not included as this is just specific
backward compatibility for Debian
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -329,6 +329,11 @@
databases are reset to avoid reusing the entry from a previously
deleted user.
</para>
+ <para>
+ For the compatibility with previous Debian's
+ <command>useradd</command>, the <option>-O</option> option is
+ also supported.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1059,9 +1059,9 @@
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:",
#else /* !WITH_SELINUX */
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U",
#endif /* !WITH_SELINUX */
long_options, NULL)) != -1) {
switch (c) {
@@ -1184,6 +1184,7 @@
kflg = true;
break;
case 'K':
+ case 'O': /* compatibility with previous Debian useradd */
/*
* override login.defs defaults (-K name=value)
* example: -K UID_MIN=100 -K UID_MAX=499
-81
View File
@@ -1,81 +0,0 @@
--- a/debian/passwd.install
+++ b/debian/passwd.install
@@ -9,6 +9,7 @@
usr/sbin/cppw
usr/sbin/groupadd
usr/sbin/groupdel
+usr/sbin/groupmems
usr/sbin/groupmod
usr/sbin/grpck
usr/sbin/grpconv
@@ -33,6 +34,7 @@
usr/share/man/*/man8/chpasswd.8
usr/share/man/*/man8/groupadd.8
usr/share/man/*/man8/groupdel.8
+usr/share/man/*/man8/groupmems.8
usr/share/man/*/man8/groupmod.8
usr/share/man/*/man8/grpck.8
usr/share/man/*/man8/grpconv.8
@@ -59,6 +61,7 @@
usr/share/man/man8/chpasswd.8
usr/share/man/man8/groupadd.8
usr/share/man/man8/groupdel.8
+usr/share/man/man8/groupmems.8
usr/share/man/man8/groupmod.8
usr/share/man/man8/grpck.8
usr/share/man/man8/grpconv.8
--- a/debian/passwd.postinst
+++ b/debian/passwd.postinst
@@ -31,6 +31,24 @@
exit 1
)
fi
+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99'
+ then
+ groupadd -g 99 groupmems || (
+ cat <<EOF
+************************ TESTSUITE *****************************
+Group ID 99 has been allocated for the groupmems group. You have either
+used 99 yourself or created a groupmems group with a different ID.
+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
+
+Note that both user and group IDs in the range 0-99 are globally
+allocated by the Debian project and must be the same on every Debian
+system.
+EOF
+ exit 1
+ )
+# FIXME
+ chgrp groupmems /usr/sbin/groupmems
+ fi
;;
esac
--- a/debian/rules
+++ b/debian/rules
@@ -60,6 +60,7 @@
dh_installpam -p passwd --name=chsh
dh_installpam -p passwd --name=chpasswd
dh_installpam -p passwd --name=newusers
+ dh_installpam -p passwd --name=groupmems
ifeq ($(DEB_HOST_ARCH_OS),hurd)
# login is not built on The Hurd, but some utilities of passwd depends on
# /etc/login.defs.
@@ -87,3 +88,6 @@
chgrp shadow debian/passwd/usr/bin/expiry
chmod g+s debian/passwd/usr/bin/chage
chmod g+s debian/passwd/usr/bin/expiry
+ chgrp groupmems debian/passwd/usr/sbin/groupmems
+ chmod u+s debian/passwd/usr/sbin/groupmems
+ chmod o-x debian/passwd/usr/sbin/groupmems
--- /dev/null
+++ b/debian/passwd.groupmems.pam
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth sufficient pam_rootok.so
+
+@include common-auth
+@include common-account
-76
View File
@@ -1,76 +0,0 @@
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,6 +1,8 @@
AUTOMAKE_OPTIONS = 1.0 foreign
+CFLAGS += -fprofile-arcs -ftest-coverage
+
DEFS =
noinst_LTLIBRARIES = libshadow.la
--- a/libmisc/Makefile.am
+++ b/libmisc/Makefile.am
@@ -1,6 +1,8 @@
EXTRA_DIST = .indent.pro xgetXXbyYY.c
+CFLAGS += -fprofile-arcs -ftest-coverage
+
INCLUDES = -I$(top_srcdir)/lib
noinst_LIBRARIES = libmisc.a
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -7,6 +7,8 @@
suidperms = 4755
sgidperms = 2755
+CFLAGS += -fprofile-arcs -ftest-coverage
+
INCLUDES = \
-I${top_srcdir}/lib \
-I$(top_srcdir)/libmisc
--- a/debian/rules
+++ b/debian/rules
@@ -40,6 +40,12 @@
endif
export CFLAGS
+clean:: clean_gcov
+
+clean_gcov:
+ find . -name "*.gcda" -delete
+ find . -name "*.gcno" -delete
+
# Add extras to the install process:
binary-install/login::
dh_installpam -p login
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -174,23 +174,9 @@
trust the formatted time received from the unix domain (or worse,
UDP) socket. -MM */
/* Avoid translated PAM error messages: Set LC_ALL to "C".
+ * This is disabled for coverage testing
* --Nekral */
-#define SYSLOG(x) \
- do { \
- char *old_locale = setlocale (LC_ALL, NULL); \
- char *saved_locale = NULL; \
- if (NULL != old_locale) { \
- saved_locale = strdup (old_locale); \
- } \
- if (NULL != saved_locale) { \
- (void) setlocale (LC_ALL, "C"); \
- } \
- syslog x ; \
- if (NULL != saved_locale) { \
- (void) setlocale (LC_ALL, saved_locale); \
- free (saved_locale); \
- } \
- } while (false)
+#define SYSLOG(x) syslog x
#else /* !ENABLE_NLS */
#define SYSLOG(x) syslog x
#endif /* !ENABLE_NLS */
-22
View File
@@ -1,22 +0,0 @@
Small intro to the system for numbering the patches here...
-The 00xx-... patches are forwarded to upstream's git repository
-The 0xx_... series of patches are patches isolated from the latest
version of the shadow Debian package not using quilt in order to
separate upstream from Debian-specific stuff.
NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES
-The 4xx series are patches which have been applied to Debian's shadow
and have NOT been accepted and/or applied upstream. These patches MUST be kept
even after resynced with upstream
-The 5xx series are patches which are applied to Debian's shadow
and will never be proposed upstream because they're too specific
This list SHOULD BE AS SHORT AS POSSIBLE
In short, while we are working towards synchronisation with upstream,
our goal is to make 0xx patches disappear by moving them either to 3xx
series (things already implemented upstream) or to 4xx series
(Debian-specific patches).
-20
View File
@@ -1,20 +0,0 @@
# These patches are only for the testsuite:
#900_testsuite_groupmems
#901_testsuite_gcov
503_shadowconfig.8
008_login_log_failure_in_FTMP
429_login_FAILLOG_ENAB
401_cppw_src.dpatch
# 402 should be merged in 401, but should be reviewed by SE Linux experts first
402_cppw_selinux
506_relaxed_usernames
542_useradd-O_option
463_login_delay_obeys_to_PAM
508_nologin_in_usr_sbin
505_useradd_recommend_adduser
501_commonio_group_shadow
0001-newgidmap-enforce-setgroups-deny-if-self-mapping-a-g.patch
0002-gpasswd-1-Fix-password-leak.patch
0003-Added-control-character-check.patch
0004-Overhaul-valid_field.patch
-96
View File
@@ -1,96 +0,0 @@
#!/usr/bin/make -f
# -*- mode: makefile; coding: utf-8 -*-
DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
# Enable PIE, BINDNOW, and possible future flags.
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
# Call autoreconf since we need to regenerate all the autofoo files
include /usr/share/cdbs/1/rules/autoreconf.mk
include /usr/share/cdbs/1/rules/debhelper.mk
# Specify where dh_install will find the files that it needs to move:
DEB_DH_INSTALL_SOURCEDIR=debian/tmp
# Specify the destination of shadow's "make install"
# (This is only needed on The Hurd, where only one package is built. On
# the other arch, DEB_DESTDIR already points to debian/tmp)
DEB_DESTDIR=$(CURDIR)/debian/tmp
include /usr/share/cdbs/1/class/autotools.mk
# Adds extra options when calling the configure script:
DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared \
--without-libcrack \
--mandir=/usr/share/man \
--with-libpam \
--enable-shadowgrp \
--enable-man \
--disable-account-tools-setuid \
--with-group-name-max-length=32 \
--without-acl \
--without-attr \
--without-tcb \
SHELL=/bin/sh
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE)
endif
# Set the default editor for vipw/vigr
CFLAGS += -DDEFAULT_EDITOR=\\\"sensible-editor\\\"
# Add extras to the install process:
binary-install/login::
ifeq ($(DEB_HOST_ARCH_OS),hurd)
# /bin/login is provided by the hurd package.
rm -f debian/login/bin/login
endif
ifneq ($(DEB_HOST_ARCH_OS),linux)
sed -i 's/session optional pam_keyinit.so/# Linux only # session optional pam_keyinit.so/' debian/login.pam
endif
dh_installpam -p login
install -c -m 444 debian/login.defs debian/login/etc/login.defs
install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
dh_lintian -p login
binary-install/passwd::
install -c -m 444 man/shadowconfig.8 debian/passwd/usr/share/man/man8
install -c -m 444 man/ja/shadowconfig.8 debian/passwd/usr/share/man/ja/man8
install -c -m 444 man/pl/shadowconfig.8 debian/passwd/usr/share/man/pl/man8
install -c -m 444 man/fr/shadowconfig.8 debian/passwd/usr/share/man/fr/man8
# Distribute the pam.d files; unless for the commands with disabled PAM
# support
dh_installpam -p passwd --name=passwd
dh_installpam -p passwd --name=chfn
dh_installpam -p passwd --name=chsh
dh_installpam -p passwd --name=chpasswd
dh_installpam -p passwd --name=newusers
install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd
install -d debian/passwd/sbin
install -c -m 555 debian/shadowconfig.sh debian/passwd/sbin/shadowconfig
install -c -m 444 debian/cpgr.8 debian/passwd/usr/share/man/man8
install -c -m 444 debian/cppw.8 debian/passwd/usr/share/man/man8
dh_lintian -p passwd
binary-predeb/uidmap::
chmod u+s debian/uidmap/usr/bin/newuidmap
chmod u+s debian/uidmap/usr/bin/newgidmap
binary-predeb/login::
# No real need for login to be setuid root
# chmod u+s debian/login/bin/login
chmod u+s debian/login/usr/bin/newgrp
binary-predeb/passwd::
chmod u+s debian/passwd/usr/bin/chfn
chmod u+s debian/passwd/usr/bin/chsh
chmod u+s debian/passwd/usr/bin/gpasswd
chmod u+s debian/passwd/usr/bin/passwd
chgrp shadow debian/passwd/usr/bin/chage
chgrp shadow debian/passwd/usr/bin/expiry
chmod g+s debian/passwd/usr/bin/chage
chmod g+s debian/passwd/usr/bin/expiry
clean::
sed -i 's/# Linux only # //' debian/login.pam
-71
View File
@@ -1,71 +0,0 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# for people with serial port consoles
com0
# Standard consoles
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
tty13
tty14
tty15
tty16
tty17
tty18
tty19
tty20
tty21
tty22
tty23
tty24
tty25
tty26
tty27
tty28
tty29
tty30
tty31
tty32
tty33
tty34
tty35
tty36
tty37
tty38
tty39
tty40
tty41
tty42
tty43
tty44
tty45
tty46
tty47
tty48
tty49
tty50
tty51
tty52
tty53
tty54
tty55
tty56
tty57
tty58
tty59
tty60
tty61
tty62
tty63
-24
View File
@@ -1,24 +0,0 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# for people with serial port consoles
ttyd0
ttyd1
# Standard consoles
ttyv0
ttyv1
ttyv2
ttyv3
ttyv4
ttyv5
ttyv6
ttyv7
ttyva
ttyvb
ttyvc
ttyvd
ttyve
ttyvf
-12
View File
@@ -1,12 +0,0 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# for people with serial port consoles
tty00
# Standard consoles
ttyE0
ttyE1
ttyE2
ttyE3
-412
View File
@@ -1,412 +0,0 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# Local X displays (allows empty passwords with pam_unix's nullok_secure)
:0
:0.0
:0.1
:1
:1.0
:1.1
:2
:2.0
:2.1
:3
:3.0
:3.1
#...
# ==========================================================
#
# TTYs sorted by major number according to Documentation/devices.txt
#
# ==========================================================
# Virtual consoles
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
tty13
tty14
tty15
tty16
tty17
tty18
tty19
tty20
tty21
tty22
tty23
tty24
tty25
tty26
tty27
tty28
tty29
tty30
tty31
tty32
tty33
tty34
tty35
tty36
tty37
tty38
tty39
tty40
tty41
tty42
tty43
tty44
tty45
tty46
tty47
tty48
tty49
tty50
tty51
tty52
tty53
tty54
tty55
tty56
tty57
tty58
tty59
tty60
tty61
tty62
tty63
# UART serial ports
ttyS0
ttyS1
ttyS2
ttyS3
ttyS4
ttyS5
#...ttyS191
# Serial Mux devices (Linux/PA-RISC only)
ttyB0
ttyB1
#...
# Chase serial card
ttyH0
ttyH1
#...
# Cyclades serial cards
ttyC0
ttyC1
#...ttyC31
# Digiboard serial cards
ttyD0
ttyD1
#...
# Stallion serial cards
ttyE0
ttyE1
#...ttyE255
# Specialix serial cards
ttyX0
ttyX1
#...
# Comtrol Rocketport serial cards
ttyR0
ttyR1
#...
# SDL RISCom serial cards
ttyL0
ttyL1
#...
# Hayes ESP serial card
ttyP0
ttyP1
#...
# Computone IntelliPort II serial card
ttyF0
ttyF1
#...ttyF255
# Specialix IO8+ serial card
ttyW0
ttyW1
#...
# Comtrol VS-1000 serial controller
ttyV0
ttyV1
#...
# ISI serial card
ttyM0
ttyM1
#...
# Technology Concepts serial card
ttyT0
ttyT1
#...
# Specialix RIO serial card
ttySR0
ttySR1
#...ttySR511
# Chase Research AT/PCI-Fast serial card
ttyCH0
ttyCH1
#...ttyCH63
# Moxa Intellio serial card
ttyMX0
ttyMX1
#...ttyMX127
# SmartIO serial card
ttySI0
ttySI1
#...
# USB dongles
ttyUSB0
ttyUSB1
ttyUSB2
#...
# LinkUp Systems L72xx UARTs
ttyLU0
ttyLU1
ttyLU2
ttyLU3
# StrongARM builtin serial ports
ttySA0
ttySA1
ttySA2
# SCI serial port (SuperH) ports and SC26xx serial ports
ttySC0
ttySC1
ttySC2
ttySC3
ttySC4
ttySC5
ttySC6
ttySC7
ttySC8
ttySC9
# ARM "AMBA" serial ports
ttyAM0
ttyAM1
ttyAM2
ttyAM3
ttyAM4
ttyAM5
ttyAM6
ttyAM7
ttyAM8
ttyAM9
ttyAM10
ttyAM11
ttyAM12
ttyAM13
ttyAM14
ttyAM15
# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU)
ttyAMA0
ttyAMA1
ttyAMA2
ttyAMA3
# DataBooster serial ports
ttyDB0
ttyDB1
ttyDB2
ttyDB3
ttyDB4
ttyDB5
ttyDB6
ttyDB7
# SGI Altix console ports
ttySG0
# Motorola i.MX ports
ttySMX0
ttySMX1
ttySMX2
# Marvell MPSC ports
ttyMM0
ttyMM1
# PPC CPM (SCC or SMC) ports
ttyCPM0
ttyCPM1
ttyCPM2
ttyCPM3
ttyCPM4
ttyCPM5
# Altix serial cards
ttyIOC0
ttyIOC1
#...ttyIOC31
# NEC VR4100 series SIU
ttyVR0
# NEC VR4100 series SSIU
ttyVR1
# Altix ioc4 serial cards
ttyIOC84
ttyIOC85
#...ttyIOC115
# Altix ioc3 serial cards
ttySIOC0
ttySIOC1
#...ttySIOC31
# PPC PSC ports
ttyPSC0
ttyPSC1
ttyPSC2
ttyPSC3
ttyPSC4
ttyPSC5
# ATMEL serial ports
ttyAT0
ttyAT1
#...ttyAT15
# Hilscher netX serial port
ttyNX0
ttyNX1
#...ttyNX15
# Xilinx uartlite - port
ttyUL0
ttyUL1
ttyUL2
ttyUL3
# Xen virtual console - port 0
xvc0
# pmac_zilog - port
ttyPZ0
ttyPZ1
ttyPZ2
ttyPZ3
# TX39/49 serial port
ttyTX0
ttyTX1
ttyTX2
ttyTX3
ttyTX4
ttyTX5
ttyTX6
ttyTX7
# SC26xx serial ports (see SCI serial ports (SuperH))
# MAX3100 serial ports
ttyMAX0
ttyMAX1
ttyMAX2
ttyMAX3
# OMAP serial ports
ttyO0
ttyO1
ttyO2
ttyO3
# User space serial ports
ttyU0
ttyU1
# A2232 serial card
ttyY0
ttyY1
# IBM 3270 terminal Unix tty access
3270/tty1
3270/tty2
#...
# IBM iSeries/pSeries virtual console
hvc0
hvc1
#...
#IBM pSeries console ports
hvsi0
hvsi1
hvsi2
# Equinox SST multi-port serial boards
ttyEQ0
ttyEQ1
#...ttyEQ1027
# ==========================================================
#
# Not in Documentation/Devices.txt
#
# ==========================================================
# Embedded Freescale i.MX ports
ttymxc0
ttymxc1
ttymxc2
ttymxc3
ttymxc4
ttymxc5
# LXC (Linux Containers)
lxc/console
lxc/tty1
lxc/tty2
lxc/tty3
lxc/tty4
# Serial Console for MIPS Swarm
duart0
duart1
# s390 and s390x ports in LPAR mode
ttysclp0
# ODROID XU4 serial console
ttySAC0
ttySAC1
ttySAC2
ttySAC3
-49
View File
@@ -1,49 +0,0 @@
#!/bin/sh
# turn shadow passwords on or off on a Debian system
set -e
shadowon () {
set -e
pwck -q -r
grpck -r
pwconv
grpconv
chown root:root /etc/passwd /etc/group
chmod 644 /etc/passwd /etc/group
chown root:shadow /etc/shadow /etc/gshadow
chmod 640 /etc/shadow /etc/gshadow
}
shadowoff () {
set -e
pwck -q -r
grpck -r
pwunconv
grpunconv
# sometimes the passwd perms get munged
chown root:root /etc/passwd /etc/group
chmod 644 /etc/passwd /etc/group
}
case "$1" in
"on")
if shadowon ; then
echo Shadow passwords are now on.
else
echo Please correct the error and rerun \`$0 on\'
exit 1
fi
;;
"off")
if shadowoff ; then
echo Shadow passwords are now off.
else
echo Please correct the error and rerun \`$0 off\'
exit 1
fi
;;
*)
echo Usage: $0 on \| off
;;
esac
-1
View File
@@ -1 +0,0 @@
3.0 (quilt)
-4
View File
@@ -1,4 +0,0 @@
usr/bin/newuidmap
usr/bin/newgidmap
usr/share/man/man1/newuidmap.1
usr/share/man/man1/newgidmap.1
-2
View File
@@ -1,2 +0,0 @@
uidmap: setuid-binary usr/bin/newgidmap 4755 root/root
uidmap: setuid-binary usr/bin/newuidmap 4755 root/root
-8196
View File
File diff suppressed because it is too large Load Diff
-37
View File
@@ -1,37 +0,0 @@
# Default values for useradd(8)
#
# The SHELL variable specifies the default login shell on your
# system.
# Similar to DHSELL in adduser. However, we use "sh" here because
# useradd is a low level utility and should be as general
# as possible
SHELL=/bin/sh
#
# The default group for users
# 100=users on Debian systems
# Same as USERS_GID in adduser
# This argument is used when the -n flag is specified.
# The default behavior (when -n and -g are not specified) is to create a
# primary user group with the same name as the user being added to the
# system.
# GROUP=100
#
# The default home directory. Same as DHOME for adduser
# HOME=/home
#
# The number of days after a password expires until the account
# is permanently disabled
# INACTIVE=-1
#
# The default expire date
# EXPIRE=
#
# The SKEL variable specifies the directory containing "skeletal" user
# files; in other words, files such as a sample .profile that will be
# copied to the new user's home directory when it is created.
# SKEL=/etc/skel
#
# Defines whether the mail spool should be created while
# creating the account
# CREATE_MAIL_SPOOL=yes
-4
View File
@@ -1,4 +0,0 @@
version=4
opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%shadow-$1.tar.gz%" \
https://github.com/shadow-maint/shadow/tags \
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
+8 -5
View File
@@ -301,12 +301,15 @@ static int create_backup (const char *backup, FILE * fp)
struct utimbuf ub;
FILE *bkfp;
int c;
mode_t mask;
if (fstat (fileno (fp), &sb) != 0) {
return -1;
}
bkfp = fopen_set_perms (backup, "w", &sb);
mask = umask (077);
bkfp = fopen (backup, "w");
(void) umask (mask);
if (NULL == bkfp) {
return -1;
}
@@ -751,16 +754,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
for (ptr = db->head;
(NULL != ptr)
#if KEEP_NIS_AT_END
&& ((NULL == ptr->line)
|| (('+' != ptr->line[0])
&& ('-' != ptr->line[0])))
&& (NULL != ptr->line)
&& ( ('+' != ptr->line[0])
&& ('-' != ptr->line[0]))
#endif
;
ptr = ptr->next) {
n++;
}
#if KEEP_NIS_AT_END
if (NULL != ptr) {
if ((NULL != ptr) && (NULL != ptr->line)) {
nis = ptr;
}
#endif
+2 -2
View File
@@ -31,8 +31,8 @@
*/
/* $Id$ */
#ifndef COMMONIO_H
#define COMMONIO_H
#ifndef _COMMONIO_H
#define _COMMONIO_H
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
-1
View File
@@ -148,7 +148,6 @@ static struct itemdef knowndef_table[] = {
#ifdef USE_PAM
PAMDEFS
#endif
{NULL, NULL}
};
#ifndef LOGINDEFS
+6 -3
View File
@@ -44,19 +44,22 @@
*/
int getulong (const char *numstr, /*@out@*/unsigned long int *result)
{
unsigned long int val;
long long int val;
char *endptr;
errno = 0;
val = strtoul (numstr, &endptr, 0);
val = strtoll (numstr, &endptr, 0);
if ( ('\0' == *numstr)
|| ('\0' != *endptr)
|| (ERANGE == errno)
/*@+ignoresigns@*/
|| (val != (unsigned long int)val)
/*@=ignoresigns@*/
) {
return 0;
}
*result = val;
*result = (unsigned long int)val;
return 1;
}
+2 -1
View File
@@ -338,7 +338,8 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
errno = ENOMEM;
return NULL;
}
snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
new_line[new_line_len] = '\0';
/* Concatenate the 2 list of members */
for (i=0; NULL != gptr1->gr_mem[i]; i++);
-3
View File
@@ -179,9 +179,6 @@ extern int getrange (char *range,
unsigned long *min, bool *has_min,
unsigned long *max, bool *has_max);
/* gettime.c */
extern time_t gettime ();
/* get_uid.c */
extern int get_uid (const char *uidstr, uid_t *uid);
-1
View File
@@ -40,7 +40,6 @@
#include "prototypes.h"
#include "defines.h"
#include "commonio.h"
#include "getdef.h"
#include "sgroupio.h"
/*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent)
-1
View File
@@ -40,7 +40,6 @@
#include <shadow.h>
#include <stdio.h>
#include "commonio.h"
#include "getdef.h"
#include "shadowio.h"
#ifdef WITH_TCB
#include <tcb.h>
+2 -2
View File
@@ -31,8 +31,8 @@
*/
/* $Id$ */
#ifndef SHADOWIO_H
#define SHADOWIO_H
#ifndef _SHADOWIO_H
#define _SHADOWIO_H
#include "defines.h"
+1 -2
View File
@@ -1,7 +1,7 @@
EXTRA_DIST = .indent.pro xgetXXbyYY.c
AM_CPPFLAGS = -I$(top_srcdir)/lib
INCLUDES = -I$(top_srcdir)/lib
noinst_LIBRARIES = libmisc.a
@@ -31,7 +31,6 @@ libmisc_a_SOURCES = \
getdate.y \
getgr_nam_gid.c \
getrange.c \
gettime.c \
hushed.c \
idmapping.h \
idmapping.c \
+125 -414
View File
@@ -1,7 +1,6 @@
/*
* Copyright (c) 1991 - 1994, Julianne Frances Haugh
* Copyright (c) 2008 - 2011, Nicolas François
* Copyright (c) 2014, Red Hat, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -39,117 +38,6 @@
#include "groupio.h"
#include "getdef.h"
/*
* get_ranges - Get the minimum and maximum ID ranges for the search
*
* This function will return the minimum and maximum ranges for IDs
*
* 0: The function completed successfully
* EINVAL: The provided ranges are impossible (such as maximum < minimum)
*
* preferred_min: The special-case minimum value for a specifically-
* requested ID, which may be lower than the standard min_id
*/
static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
gid_t *preferred_min)
{
gid_t gid_def_max = 0;
if (sys_group) {
/* System groups */
/* A requested ID is allowed to be below the autoselect range */
*preferred_min = (gid_t) 1;
/* Get the minimum ID range from login.defs or default to 101 */
*min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
/*
* If SYS_GID_MAX is unspecified, we should assume it to be one
* less than the GID_MIN (which is reserved for non-system accounts)
*/
gid_def_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
*max_id = (gid_t) getdef_ulong ("SYS_GID_MAX",
(unsigned long) gid_def_max);
/* Check that the ranges make sense */
if (*max_id < *min_id) {
(void) fprintf (stderr,
_("%s: Invalid configuration: SYS_GID_MIN (%lu), "
"GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
Prog, (unsigned long) *min_id,
getdef_ulong ("GID_MIN", 1000UL),
(unsigned long) *max_id);
return EINVAL;
}
} else {
/* Non-system groups */
/* Get the values from login.defs or use reasonable defaults */
*min_id = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
*max_id = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
/*
* The preferred minimum should match the standard ID minimum
* for non-system groups.
*/
*preferred_min = *min_id;
/* Check that the ranges make sense */
if (*max_id < *min_id) {
(void) fprintf (stderr,
_("%s: Invalid configuration: GID_MIN (%lu), "
"GID_MAX (%lu)\n"),
Prog, (unsigned long) *min_id,
(unsigned long) *max_id);
return EINVAL;
}
}
return 0;
}
/*
* check_gid - See if the requested GID is available
*
* On success, return 0
* If the ID is in use, return EEXIST
* If the ID is outside the range, return ERANGE
* In other cases, return errno from getgrgid()
*/
static int check_gid (const gid_t gid,
const gid_t gid_min,
const gid_t gid_max,
bool *used_gids)
{
/* First test that the preferred ID is in the range */
if (gid < gid_min || gid > gid_max) {
return ERANGE;
}
/*
* Check whether we already detected this GID
* using the gr_next() loop
*/
if (used_gids != NULL && used_gids[gid]) {
return EEXIST;
}
/* Check if the GID exists according to NSS */
errno = 0;
if (getgrgid (gid) != NULL) {
return EEXIST;
} else {
/* getgrgid() was NULL
* we have to ignore errors as temporary
* failures of remote user identity services
* would completely block user/group creation
*/
}
/* If we've made it here, the GID must be available */
return 0;
}
/*
* find_new_gid - Find a new unused GID.
*
@@ -161,338 +49,161 @@ static int check_gid (const gid_t gid,
* Return 0 on success, -1 if no unused GIDs are available.
*/
int find_new_gid (bool sys_group,
gid_t *gid,
/*@null@*/gid_t const *preferred_gid)
gid_t *gid,
/*@null@*/gid_t const *preferred_gid)
{
bool *used_gids;
const struct group *grp;
gid_t gid_min, gid_max, preferred_min;
gid_t group_id, id;
gid_t lowest_found, highest_found;
int result;
int nospam = 0;
gid_t gid_min, gid_max, group_id;
bool *used_gids;
assert(gid != NULL);
assert (gid != NULL);
/*
* First, figure out what ID range is appropriate for
* automatic assignment
*/
result = get_ranges (sys_group, &gid_min, &gid_max, &preferred_min);
if (result == EINVAL) {
return -1;
}
/* Check if the preferred GID is available */
if (preferred_gid) {
result = check_gid (*preferred_gid, preferred_min, gid_max, NULL);
if (result == 0) {
/*
* Make sure the GID isn't queued for use already
*/
if (gr_locate_gid (*preferred_gid) == NULL) {
*gid = *preferred_gid;
return 0;
}
/*
* gr_locate_gid() found the GID in an as-yet uncommitted
* entry. We'll proceed below and auto-set a GID.
*/
} else if (result == EEXIST || result == ERANGE) {
/*
* Continue on below. At this time, we won't
* treat these two cases differently.
*/
} else {
/*
* An unexpected error occurred. We should report
* this and fail the group creation.
* This differs from the automatic creation
* behavior below, since if a specific GID was
* requested and generated an error, the user is
* more likely to want to stop and address the
* issue.
*/
fprintf (stderr,
_("%s: Encountered error attempting to use "
"preferred GID: %s\n"),
Prog, strerror (result));
if (!sys_group) {
gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
if (gid_max < gid_min) {
(void) fprintf (stderr,
_("%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"),
Prog, (unsigned long) gid_min, (unsigned long) gid_max);
return -1;
}
} else {
gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
if (gid_max < gid_min) {
(void) fprintf (stderr,
_("%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
Prog, (unsigned long) gid_min, getdef_ulong ("GID_MIN", 1000UL), (unsigned long) gid_max);
return -1;
}
}
/*
* Search the entire group file,
* looking for the next unused value.
*
* We first check the local database with gr_rewind/gr_next to find
* all local values that are in use.
*
* We then compare the next free value to all databases (local and
* remote) and iterate until we find a free one. If there are free
* values beyond the lowest (system groups) or highest (non-system
* groups), we will prefer those and avoid potentially reclaiming a
* deleted group (which can be a security issue, since it may grant
* access to files belonging to that former group).
*
* If there are no GIDs available at the end of the search, we will
* have no choice but to iterate through the range looking for gaps.
*
*/
/* Create an array to hold all of the discovered GIDs */
used_gids = malloc (sizeof (bool) * (gid_max +1));
if (NULL == used_gids) {
fprintf (stderr,
_("%s: failed to allocate memory: %s\n"),
Prog, strerror (errno));
_("%s: failed to allocate memory: %s\n"),
Prog, strerror (errno));
return -1;
}
memset (used_gids, false, sizeof (bool) * (gid_max + 1));
/* First look for the lowest and highest value in the local database */
(void) gr_rewind ();
highest_found = gid_min;
lowest_found = gid_max;
while ((grp = gr_next ()) != NULL) {
/*
* Does this entry have a lower GID than the lowest we've found
* so far?
*/
if ((grp->gr_gid <= lowest_found) && (grp->gr_gid >= gid_min)) {
lowest_found = grp->gr_gid - 1;
}
/*
* Does this entry have a higher GID than the highest we've found
* so far?
*/
if ((grp->gr_gid >= highest_found) && (grp->gr_gid <= gid_max)) {
highest_found = grp->gr_gid + 1;
}
/* create index of used GIDs */
if (grp->gr_gid >= gid_min
&& grp->gr_gid <= gid_max) {
used_gids[grp->gr_gid] = true;
}
if ( (NULL != preferred_gid)
&& (*preferred_gid >= gid_min)
&& (*preferred_gid <= gid_max)
/* Check if the user exists according to NSS */
&& (getgrgid (*preferred_gid) == NULL)
/* Check also the local database in case of uncommitted
* changes */
&& (gr_locate_gid (*preferred_gid) == NULL)) {
*gid = *preferred_gid;
free (used_gids);
return 0;
}
/*
* Search the entire group file,
* looking for the largest unused value.
*
* We check the list of groups according to NSS (setgrent/getgrent),
* but we also check the local database (gr_rewind/gr_next) in case
* some groups were created but the changes were not committed yet.
*/
if (sys_group) {
/*
* For system groups, we want to start from the
* top of the range and work downwards.
gid_t id;
/* setgrent / getgrent / endgrent can be very slow with
* LDAP configurations (and many accounts).
* Since there is a limited amount of IDs to be tested
* for system accounts, we just check the existence
* of IDs with getgrgid.
*/
/*
* At the conclusion of the gr_next() search, we will either
* have a presumed-free GID or we will be at GID_MIN - 1.
*/
if (lowest_found < gid_min) {
/*
* In this case, a GID is in use at GID_MIN.
*
* We will reset the search to GID_MAX and proceed down
* through all the GIDs (skipping those we detected with
* used_gids) for a free one. It is a known issue that
* this may result in reusing a previously-deleted GID,
* so administrators should be instructed to use this
* auto-detection with care (and prefer to assign GIDs
* explicitly).
*/
lowest_found = gid_max;
}
/* Search through all of the IDs in the range */
for (id = lowest_found; id >= gid_min; id--) {
result = check_gid (id, gid_min, gid_max, used_gids);
if (result == 0) {
/* This GID is available. Return it. */
*gid = id;
free (used_gids);
return 0;
} else if (result == EEXIST) {
/* This GID is in use, we'll continue to the next */
} else {
/*
* An unexpected error occurred.
*
* Only report it the first time to avoid spamming
* the logs
*
*/
if (!nospam) {
fprintf (stderr,
_("%s: Can't get unique system GID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available GIDs: %s",
strerror (result)));
nospam = 1;
}
/*
* We will continue anyway. Hopefully a later GID
* will work properly.
*/
group_id = gid_max;
for (id = gid_max; id >= gid_min; id--) {
if (getgrgid (id) != NULL) {
group_id = id - 1;
used_gids[id] = true;
}
}
/*
* If we get all the way through the loop, try again from GID_MAX,
* unless that was where we previously started. (NOTE: the worst-case
* scenario here is that we will run through (GID_MAX - GID_MIN - 1)
* cycles *again* if we fall into this case with lowest_found as
* GID_MAX - 1, all groups in the range in use and maintained by
* network services such as LDAP.)
*/
if (lowest_found != gid_max) {
for (id = gid_max; id >= gid_min; id--) {
result = check_gid (id, gid_min, gid_max, used_gids);
if (result == 0) {
/* This GID is available. Return it. */
*gid = id;
free (used_gids);
return 0;
} else if (result == EEXIST) {
/* This GID is in use, we'll continue to the next */
} else {
/*
* An unexpected error occurred.
*
* Only report it the first time to avoid spamming
* the logs
*
*/
if (!nospam) {
fprintf (stderr,
_("%s: Can't get unique system GID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available GIDs: %s",
strerror (result)));
nospam = 1;
}
/*
* We will continue anyway. Hopefully a later GID
* will work properly.
*/
}
(void) gr_rewind ();
while ((grp = gr_next ()) != NULL) {
if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
group_id = grp->gr_gid - 1;
}
/* create index of used GIDs */
if (grp->gr_gid <= gid_max) {
used_gids[grp->gr_gid] = true;
}
}
} else { /* !sys_group */
/*
* For non-system groups, we want to start from the
* bottom of the range and work upwards.
*/
/*
* At the conclusion of the gr_next() search, we will either
* have a presumed-free GID or we will be at GID_MAX + 1.
*/
if (highest_found > gid_max) {
/*
* In this case, a GID is in use at GID_MAX.
*
* We will reset the search to GID_MIN and proceed up
* through all the GIDs (skipping those we detected with
* used_gids) for a free one. It is a known issue that
* this may result in reusing a previously-deleted GID,
* so administrators should be instructed to use this
* auto-detection with care (and prefer to assign GIDs
* explicitly).
*/
highest_found = gid_min;
}
/* Search through all of the IDs in the range */
for (id = highest_found; id <= gid_max; id++) {
result = check_gid (id, gid_min, gid_max, used_gids);
if (result == 0) {
/* This GID is available. Return it. */
*gid = id;
free (used_gids);
return 0;
} else if (result == EEXIST) {
/* This GID is in use, we'll continue to the next */
} else {
/*
* An unexpected error occurred.
*
* Only report it the first time to avoid spamming
* the logs
*
*/
if (!nospam) {
fprintf (stderr,
_("%s: Can't get unique GID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available GIDs: %s",
strerror (result)));
nospam = 1;
}
/*
* We will continue anyway. Hopefully a later GID
* will work properly.
*/
} else {
group_id = gid_min;
setgrent ();
while ((grp = getgrent ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
group_id = grp->gr_gid + 1;
}
/* create index of used GIDs */
if (grp->gr_gid <= gid_max) {
used_gids[grp->gr_gid] = true;
}
}
endgrent ();
/*
* If we get all the way through the loop, try again from GID_MIN,
* unless that was where we previously started. (NOTE: the worst-case
* scenario here is that we will run through (GID_MAX - GID_MIN - 1)
* cycles *again* if we fall into this case with highest_found as
* GID_MIN + 1, all groups in the range in use and maintained by
* network services such as LDAP.)
*/
if (highest_found != gid_min) {
for (id = gid_min; id <= gid_max; id++) {
result = check_gid (id, gid_min, gid_max, used_gids);
if (result == 0) {
/* This GID is available. Return it. */
*gid = id;
free (used_gids);
return 0;
} else if (result == EEXIST) {
/* This GID is in use, we'll continue to the next */
} else {
/*
* An unexpected error occurred.
*
* Only report it the first time to avoid spamming
* the logs
*
*/
if (!nospam) {
fprintf (stderr,
_("%s: Can't get unique GID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available GIDs: %s",
strerror (result)));
nospam = 1;
}
/*
* We will continue anyway. Hopefully a later GID
* will work properly.
*/
}
(void) gr_rewind ();
while ((grp = gr_next ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
group_id = grp->gr_gid + 1;
}
/* create index of used GIDs */
if (grp->gr_gid <= gid_max) {
used_gids[grp->gr_gid] = true;
}
}
}
/*
* If a group (resp. system group) with GID equal to GID_MAX (resp.
* GID_MIN) exists, the above algorithm will give us GID_MAX+1
* (resp. GID_MIN-1) even if not unique. Search for the first free
* GID starting with GID_MIN (resp. GID_MAX).
*/
if (sys_group) {
if (group_id < gid_min) {
for (group_id = gid_max; group_id >= gid_min; group_id--) {
if (false == used_gids[group_id]) {
break;
}
}
if (group_id < gid_min) {
fprintf (stderr,
_("%s: Can't get unique system GID (no more available GIDs)\n"),
Prog);
SYSLOG ((LOG_WARN,
"no more available GID on the system"));
free (used_gids);
return -1;
}
}
} else {
if (group_id > gid_max) {
for (group_id = gid_min; group_id <= gid_max; group_id++) {
if (false == used_gids[group_id]) {
break;
}
}
if (group_id > gid_max) {
fprintf (stderr,
_("%s: Can't get unique GID (no more available GIDs)\n"),
Prog);
SYSLOG ((LOG_WARN, "no more available GID on the system"));
free (used_gids);
return -1;
}
}
}
/* The code reached here and found no available IDs in the range */
fprintf (stderr,
_("%s: Can't get unique GID (no more available GIDs)\n"),
Prog);
SYSLOG ((LOG_WARN, "no more available GIDs on the system"));
free (used_gids);
return -1;
*gid = group_id;
return 0;
}
+125 -414
View File
@@ -1,7 +1,6 @@
/*
* Copyright (c) 1991 - 1994, Julianne Frances Haugh
* Copyright (c) 2008 - 2011, Nicolas François
* Copyright (c) 2014, Red Hat, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -39,117 +38,6 @@
#include "pwio.h"
#include "getdef.h"
/*
* get_ranges - Get the minimum and maximum ID ranges for the search
*
* This function will return the minimum and maximum ranges for IDs
*
* 0: The function completed successfully
* EINVAL: The provided ranges are impossible (such as maximum < minimum)
*
* preferred_min: The special-case minimum value for a specifically-
* requested ID, which may be lower than the standard min_id
*/
static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
uid_t *preferred_min)
{
uid_t uid_def_max = 0;
if (sys_user) {
/* System users */
/* A requested ID is allowed to be below the autoselect range */
*preferred_min = (uid_t) 1;
/* Get the minimum ID range from login.defs or default to 101 */
*min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
/*
* If SYS_UID_MAX is unspecified, we should assume it to be one
* less than the UID_MIN (which is reserved for non-system accounts)
*/
uid_def_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
*max_id = (uid_t) getdef_ulong ("SYS_UID_MAX",
(unsigned long) uid_def_max);
/* Check that the ranges make sense */
if (*max_id < *min_id) {
(void) fprintf (stderr,
_("%s: Invalid configuration: SYS_UID_MIN (%lu), "
"UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
Prog, (unsigned long) *min_id,
getdef_ulong ("UID_MIN", 1000UL),
(unsigned long) *max_id);
return EINVAL;
}
} else {
/* Non-system users */
/* Get the values from login.defs or use reasonable defaults */
*min_id = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
*max_id = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
/*
* The preferred minimum should match the standard ID minimum
* for non-system users.
*/
*preferred_min = *min_id;
/* Check that the ranges make sense */
if (*max_id < *min_id) {
(void) fprintf (stderr,
_("%s: Invalid configuration: UID_MIN (%lu), "
"UID_MAX (%lu)\n"),
Prog, (unsigned long) *min_id,
(unsigned long) *max_id);
return EINVAL;
}
}
return 0;
}
/*
* check_uid - See if the requested UID is available
*
* On success, return 0
* If the ID is in use, return EEXIST
* If the ID is outside the range, return ERANGE
* In other cases, return errno from getpwuid()
*/
static int check_uid(const uid_t uid,
const uid_t uid_min,
const uid_t uid_max,
bool *used_uids)
{
/* First test that the preferred ID is in the range */
if (uid < uid_min || uid > uid_max) {
return ERANGE;
}
/*
* Check whether we already detected this UID
* using the pw_next() loop
*/
if (used_uids != NULL && used_uids[uid]) {
return EEXIST;
}
/* Check if the UID exists according to NSS */
errno = 0;
if (getpwuid(uid) != NULL) {
return EEXIST;
} else {
/* getpwuid() was NULL
* we have to ignore errors as temporary
* failures of remote user identity services
* would completely block user/group creation
*/
}
/* If we've made it here, the UID must be available */
return 0;
}
/*
* find_new_uid - Find a new unused UID.
*
@@ -160,339 +48,162 @@ static int check_uid(const uid_t uid,
*
* Return 0 on success, -1 if no unused UIDs are available.
*/
int find_new_uid(bool sys_user,
uid_t *uid,
/*@null@*/uid_t const *preferred_uid)
int find_new_uid (bool sys_user,
uid_t *uid,
/*@null@*/uid_t const *preferred_uid)
{
bool *used_uids;
const struct passwd *pwd;
uid_t uid_min, uid_max, preferred_min;
uid_t user_id, id;
uid_t lowest_found, highest_found;
int result;
int nospam = 0;
uid_t uid_min, uid_max, user_id;
bool *used_uids;
assert (uid != NULL);
/*
* First, figure out what ID range is appropriate for
* automatic assignment
*/
result = get_ranges (sys_user, &uid_min, &uid_max, &preferred_min);
if (result == EINVAL) {
return -1;
}
/* Check if the preferred UID is available */
if (preferred_uid) {
result = check_uid (*preferred_uid, preferred_min, uid_max, NULL);
if (result == 0) {
/*
* Make sure the UID isn't queued for use already
*/
if (pw_locate_uid (*preferred_uid) == NULL) {
*uid = *preferred_uid;
return 0;
}
/*
* pw_locate_uid() found the UID in an as-yet uncommitted
* entry. We'll proceed below and auto-set an UID.
*/
} else if (result == EEXIST || result == ERANGE) {
/*
* Continue on below. At this time, we won't
* treat these two cases differently.
*/
} else {
/*
* An unexpected error occurred. We should report
* this and fail the user creation.
* This differs from the automatic creation
* behavior below, since if a specific UID was
* requested and generated an error, the user is
* more likely to want to stop and address the
* issue.
*/
fprintf (stderr,
_("%s: Encountered error attempting to use "
"preferred UID: %s\n"),
Prog, strerror (result));
if (!sys_user) {
uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
if (uid_max < uid_min) {
(void) fprintf (stderr,
_("%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"),
Prog, (unsigned long) uid_min, (unsigned long) uid_max);
return -1;
}
} else {
uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
if (uid_max < uid_min) {
(void) fprintf (stderr,
_("%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
Prog, (unsigned long) uid_min, getdef_ulong ("UID_MIN", 1000UL), (unsigned long) uid_max);
return -1;
}
}
/*
* Search the entire passwd file,
* looking for the next unused value.
*
* We first check the local database with pw_rewind/pw_next to find
* all local values that are in use.
*
* We then compare the next free value to all databases (local and
* remote) and iterate until we find a free one. If there are free
* values beyond the lowest (system users) or highest (non-system
* users), we will prefer those and avoid potentially reclaiming a
* deleted user (which can be a security issue, since it may grant
* access to files belonging to that former user).
*
* If there are no UIDs available at the end of the search, we will
* have no choice but to iterate through the range looking for gaps.
*
*/
/* Create an array to hold all of the discovered UIDs */
used_uids = malloc (sizeof (bool) * (uid_max +1));
if (NULL == used_uids) {
fprintf (stderr,
_("%s: failed to allocate memory: %s\n"),
Prog, strerror (errno));
_("%s: failed to allocate memory: %s\n"),
Prog, strerror (errno));
return -1;
}
memset (used_uids, false, sizeof (bool) * (uid_max + 1));
/* First look for the lowest and highest value in the local database */
(void) pw_rewind ();
highest_found = uid_min;
lowest_found = uid_max;
while ((pwd = pw_next ()) != NULL) {
/*
* Does this entry have a lower UID than the lowest we've found
* so far?
*/
if ((pwd->pw_uid <= lowest_found) && (pwd->pw_uid >= uid_min)) {
lowest_found = pwd->pw_uid - 1;
}
/*
* Does this entry have a higher UID than the highest we've found
* so far?
*/
if ((pwd->pw_uid >= highest_found) && (pwd->pw_uid <= uid_max)) {
highest_found = pwd->pw_uid + 1;
}
/* create index of used UIDs */
if (pwd->pw_uid >= uid_min
&& pwd->pw_uid <= uid_max) {
used_uids[pwd->pw_uid] = true;
}
if ( (NULL != preferred_uid)
&& (*preferred_uid >= uid_min)
&& (*preferred_uid <= uid_max)
/* Check if the user exists according to NSS */
&& (getpwuid (*preferred_uid) == NULL)
/* Check also the local database in case of uncommitted
* changes */
&& (pw_locate_uid (*preferred_uid) == NULL)) {
*uid = *preferred_uid;
free (used_uids);
return 0;
}
/*
* Search the entire password file,
* looking for the largest unused value.
*
* We check the list of users according to NSS (setpwent/getpwent),
* but we also check the local database (pw_rewind/pw_next) in case
* some users were created but the changes were not committed yet.
*/
if (sys_user) {
/*
* For system users, we want to start from the
* top of the range and work downwards.
uid_t id;
/* setpwent / getpwent / endpwent can be very slow with
* LDAP configurations (and many accounts).
* Since there is a limited amount of IDs to be tested
* for system accounts, we just check the existence
* of IDs with getpwuid.
*/
/*
* At the conclusion of the pw_next() search, we will either
* have a presumed-free UID or we will be at UID_MIN - 1.
*/
if (lowest_found < uid_min) {
/*
* In this case, an UID is in use at UID_MIN.
*
* We will reset the search to UID_MAX and proceed down
* through all the UIDs (skipping those we detected with
* used_uids) for a free one. It is a known issue that
* this may result in reusing a previously-deleted UID,
* so administrators should be instructed to use this
* auto-detection with care (and prefer to assign UIDs
* explicitly).
*/
lowest_found = uid_max;
}
/* Search through all of the IDs in the range */
for (id = lowest_found; id >= uid_min; id--) {
result = check_uid (id, uid_min, uid_max, used_uids);
if (result == 0) {
/* This UID is available. Return it. */
*uid = id;
free (used_uids);
return 0;
} else if (result == EEXIST) {
/* This UID is in use, we'll continue to the next */
} else {
/*
* An unexpected error occurred.
*
* Only report it the first time to avoid spamming
* the logs
*
*/
if (!nospam) {
fprintf (stderr,
_("%s: Can't get unique system UID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available UIDs: %s",
strerror (result)));
nospam = 1;
}
/*
* We will continue anyway. Hopefully a later UID
* will work properly.
*/
user_id = uid_max;
for (id = uid_max; id >= uid_min; id--) {
if (getpwuid (id) != NULL) {
user_id = id - 1;
used_uids[id] = true;
}
}
/*
* If we get all the way through the loop, try again from UID_MAX,
* unless that was where we previously started. (NOTE: the worst-case
* scenario here is that we will run through (UID_MAX - UID_MIN - 1)
* cycles *again* if we fall into this case with lowest_found as
* UID_MAX - 1, all users in the range in use and maintained by
* network services such as LDAP.)
*/
if (lowest_found != uid_max) {
for (id = uid_max; id >= uid_min; id--) {
result = check_uid (id, uid_min, uid_max, used_uids);
if (result == 0) {
/* This UID is available. Return it. */
*uid = id;
free (used_uids);
return 0;
} else if (result == EEXIST) {
/* This UID is in use, we'll continue to the next */
} else {
/*
* An unexpected error occurred.
*
* Only report it the first time to avoid spamming
* the logs
*
*/
if (!nospam) {
fprintf (stderr,
_("%s: Can't get unique system UID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
SYSLOG((LOG_ERR,
"Error checking available UIDs: %s",
strerror (result)));
nospam = 1;
}
/*
* We will continue anyway. Hopefully a later UID
* will work properly.
*/
}
(void) pw_rewind ();
while ((pwd = pw_next ()) != NULL) {
if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
user_id = pwd->pw_uid - 1;
}
/* create index of used UIDs */
if (pwd->pw_uid <= uid_max) {
used_uids[pwd->pw_uid] = true;
}
}
} else { /* !sys_user */
/*
* For non-system users, we want to start from the
* bottom of the range and work upwards.
*/
/*
* At the conclusion of the pw_next() search, we will either
* have a presumed-free UID or we will be at UID_MAX + 1.
*/
if (highest_found > uid_max) {
/*
* In this case, a UID is in use at UID_MAX.
*
* We will reset the search to UID_MIN and proceed up
* through all the UIDs (skipping those we detected with
* used_uids) for a free one. It is a known issue that
* this may result in reusing a previously-deleted UID,
* so administrators should be instructed to use this
* auto-detection with care (and prefer to assign UIDs
* explicitly).
*/
highest_found = uid_min;
}
/* Search through all of the IDs in the range */
for (id = highest_found; id <= uid_max; id++) {
result = check_uid (id, uid_min, uid_max, used_uids);
if (result == 0) {
/* This UID is available. Return it. */
*uid = id;
free (used_uids);
return 0;
} else if (result == EEXIST) {
/* This UID is in use, we'll continue to the next */
} else {
/*
* An unexpected error occurred.
*
* Only report it the first time to avoid spamming
* the logs
*
*/
if (!nospam) {
fprintf (stderr,
_("%s: Can't get unique UID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available UIDs: %s",
strerror (result)));
nospam = 1;
}
/*
* We will continue anyway. Hopefully a later UID
* will work properly.
*/
} else {
user_id = uid_min;
setpwent ();
while ((pwd = getpwent ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
user_id = pwd->pw_uid + 1;
}
/* create index of used UIDs */
if (pwd->pw_uid <= uid_max) {
used_uids[pwd->pw_uid] = true;
}
}
endpwent ();
/*
* If we get all the way through the loop, try again from UID_MIN,
* unless that was where we previously started. (NOTE: the worst-case
* scenario here is that we will run through (UID_MAX - UID_MIN - 1)
* cycles *again* if we fall into this case with highest_found as
* UID_MIN + 1, all users in the range in use and maintained by
* network services such as LDAP.)
*/
if (highest_found != uid_min) {
for (id = uid_min; id <= uid_max; id++) {
result = check_uid (id, uid_min, uid_max, used_uids);
if (result == 0) {
/* This UID is available. Return it. */
*uid = id;
free (used_uids);
return 0;
} else if (result == EEXIST) {
/* This UID is in use, we'll continue to the next */
} else {
/*
* An unexpected error occurred.
*
* Only report it the first time to avoid spamming
* the logs
*
*/
if (!nospam) {
fprintf (stderr,
_("%s: Can't get unique UID (%s). "
"Suppressing additional messages.\n"),
Prog, strerror (result));
SYSLOG ((LOG_ERR,
"Error checking available UIDs: %s",
strerror (result)));
nospam = 1;
}
/*
* We will continue anyway. Hopefully a later UID
* will work properly.
*/
}
(void) pw_rewind ();
while ((pwd = pw_next ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
user_id = pwd->pw_uid + 1;
}
/* create index of used UIDs */
if (pwd->pw_uid <= uid_max) {
used_uids[pwd->pw_uid] = true;
}
}
}
/*
* If a user (resp. system user) with UID equal to UID_MAX (resp.
* UID_MIN) exists, the above algorithm will give us UID_MAX+1
* (resp. UID_MIN-1) even if not unique. Search for the first free
* UID starting with UID_MIN (resp. UID_MAX).
*/
if (sys_user) {
if (user_id < uid_min) {
for (user_id = uid_max; user_id >= uid_min; user_id--) {
if (false == used_uids[user_id]) {
break;
}
}
if (user_id < uid_min ) {
fprintf (stderr,
_("%s: Can't get unique system UID (no more available UIDs)\n"),
Prog);
SYSLOG ((LOG_WARN,
"no more available UID on the system"));
free (used_uids);
return -1;
}
}
} else {
if (user_id > uid_max) {
for (user_id = uid_min; user_id <= uid_max; user_id++) {
if (false == used_uids[user_id]) {
break;
}
}
if (user_id > uid_max) {
fprintf (stderr,
_("%s: Can't get unique UID (no more available UIDs)\n"),
Prog);
SYSLOG ((LOG_WARN, "no more available UID on the system"));
free (used_uids);
return -1;
}
}
}
/* The code reached here and found no available IDs in the range */
fprintf (stderr,
_("%s: Can't get unique UID (no more available UIDs)\n"),
Prog);
SYSLOG ((LOG_WARN, "no more available UIDs on the system"));
free (used_uids);
return -1;
*uid = user_id;
return 0;
}
-89
View File
@@ -1,89 +0,0 @@
/*
* Copyright (c) 2017, Chris Lamb
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the copyright holders or contributors may not be used to
* endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <config.h>
#ident "$Id$"
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include "defines.h"
#include "prototypes.h"
/*
* gettime() returns the time as the number of seconds since the Epoch
*
* Like time(), gettime() returns the time as the number of seconds since the
* Epoch, 1970-01-01 00:00:00 +0000 (UTC), except that if the SOURCE_DATE_EPOCH
* environment variable is exported it will use that instead.
*/
/*@observer@*/time_t gettime ()
{
char *endptr;
char *source_date_epoch;
time_t fallback;
unsigned long long epoch;
fallback = time (NULL);
source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
if (!source_date_epoch)
return fallback;
errno = 0;
epoch = strtoull (source_date_epoch, &endptr, 10);
if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0))
|| (errno != 0 && epoch == 0)) {
fprintf (stderr,
_("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),
strerror(errno));
} else if (endptr == source_date_epoch) {
fprintf (stderr,
_("Environment variable $SOURCE_DATE_EPOCH: No digits were found: %s\n"),
endptr);
} else if (*endptr != '\0') {
fprintf (stderr,
_("Environment variable $SOURCE_DATE_EPOCH: Trailing garbage: %s\n"),
endptr);
} else if (epoch > ULONG_MAX) {
fprintf (stderr,
_("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to %lu but was found to be: %llu\n"),
ULONG_MAX, epoch);
} else if (epoch > fallback) {
fprintf (stderr,
_("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to the current time (%lu) but was found to be: %llu\n"),
fallback, epoch);
} else {
/* Valid */
return (time_t)epoch;
}
return fallback;
}
-21
View File
@@ -83,27 +83,6 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
free(mappings);
return NULL;
}
if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
if (mapping->upper > UINT_MAX ||
mapping->lower > UINT_MAX ||
mapping->count > UINT_MAX) {
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
if (mapping->lower + mapping->count > UINT_MAX ||
mapping->upper + mapping->count > UINT_MAX) {
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
if (mapping->lower + mapping->count < mapping->lower ||
mapping->upper + mapping->count < mapping->upper) {
/* this one really shouldn't be possible given previous checks */
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
}
return mappings;
}
-3
View File
@@ -170,9 +170,6 @@ static int user_busy_processes (const char *name, uid_t uid)
proc = opendir ("/proc");
if (proc == NULL) {
perror ("opendir /proc");
#ifdef ENABLE_SUBIDS
sub_uid_close();
#endif
return 0;
}
if (stat ("/", &sbroot) != 0) {
+1
View File
@@ -215,4 +215,5 @@ $(man_MANS):
@echo "Error: you need to run configure with '--enable-man'"
@echo " in order to regenerate man pages."
@echo ""
@false
endif
+1 -1
View File
@@ -92,7 +92,7 @@
<para>
The default encryption algorithm can be defined for the system with
the <option>ENCRYPT_METHOD</option> variable of <filename>/etc/login.defs</filename>,
and can be overwritten with the <option>-e</option>,
and can be overwiten with the <option>-e</option>,
<option>-m</option>, or <option>-c</option> options.
</para>
<para>
+2 -2
View File
@@ -98,7 +98,7 @@
The default encryption algorithm can be defined for the system with
the <option>ENCRYPT_METHOD</option> or
<option>MD5_CRYPT_ENAB</option> variables of
<filename>/etc/login.defs</filename>, and can be overwritten with the
<filename>/etc/login.defs</filename>, and can be overwitten with the
<option>-e</option>, <option>-m</option>, or <option>-c</option>
options.
</para>
@@ -112,7 +112,7 @@
<phrase condition="pam">Except when PAM is used to encrypt the
passwords,</phrase> <command>chpasswd</command> first updates all the
passwords in memory, and then commits all the changes to disk if no
errors occurred for any user.
errors occured for any user.
</para>
<para condition="pam">
When PAM is used to encrypt the passwords (and update the passwords in
+2 -1
View File
@@ -42,11 +42,12 @@ man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
clean-local:
rm -rf man1 man3 man5 man8
for d in man1 man3 man5 man8; do [ -d $$d ] && rmdir $$d; done
else
$(man_MANS):
@echo you need to run configure with --enable-man to generate man pages
@false
endif
man8/grpconv.8 man8/grpunconv.8 man8/pwunconv.8: man8/pwconv.8

Some files were not shown because too many files have changed in this diff Show More